Closed kbara closed 9 years ago
While the above example uses igmp, essentially the same comments hold for pim, igrp, and vrrp.
LGTM. I ran the property-based tester against this patch, specialized to only test packet accesses (on every meaningful protocol), and everything passed.
I had some concerns about the minimum payload for each protocol so I went through to http://www.networksorcery.com/enp/protocol/sctp.htm and similar to verify the payloads were correct (in some cases they were not).
I also added a parsing test for each protocol.
@kbara Could you ran the property-based tester again? Apparently, the new payloads didn't have any effect in the output code for the examples.
LGTM. A manual sanity check looked good, as did tens/hundreds of thousands of random test cases.
% ./pflua-match ../tests/data/wingolog.pcap "igmp[1] < 200"
Matched 0/19589 packets in 7360 iterations: ../tests/data/wingolog.pcap (144.158173 MPPS).
% ./pflua-match ../tests/data/wingolog.pcap "pim[1] < 200"
Matched 0/19589 packets in 7576 iterations: ../tests/data/wingolog.pcap (148.405374 MPPS).
% ./pflua-match ../tests/data/wingolog.pcap "igrp[1] < 200"
Matched 0/19589 packets in 7279 iterations: ../tests/data/wingolog.pcap (142.581487 MPPS).
% ./pflua-match ../tests/data/wingolog.pcap "vrrp[1] < 200"
Matched 0/19589 packets in 7602 iterations: ../tests/data/wingolog.pcap (148.886247 MPPS).
A filter of "igmp" compiles with pflua, but not a filter of "igmp[8] < 7" or anything else using the [] syntax, unlike tcpdump.