org.jnetstream.filter.bpf
Class BPFFilter<T extends FilterTarget>
java.lang.Object
org.jnetstream.filter.bpf.BPFFilter<T>
- All Implemented Interfaces:
- Filter<T>
- Direct Known Subclasses:
- BPFFilter.BPFProtocolFilter, PcapFilter
public class BPFFilter<T extends FilterTarget>
- extends java.lang.Object
- implements Filter<T>
Berkley Packet Filter (BFP) filter program. The BPF filter is natively
supported in the kernel by most unix implementations and is executed as a
special byte-code interpreted program with a small virtaul machine on byte
buffers. The jNetPCAP framework also provides two additional BPF filter
interpreters, native "userland" BPF interpreter from tcpdump library and java
based "userland" BPF provided as a fall back if none of the other
interpreters are available. The library chooses the interpreters in the
following order:
- For live captures - kernel level BPF
- For filtering capture files - tcpdump level BPF if native jNetPCAP
package (based on C version of libpcap) is detected
- For filtering capture files - if native jNetPCAP package is not
available the supplied java interpreter is invoked to process the filter.
- Author:
- Mark Bednarczyk, Sly Technologies, Inc.
| Fields inherited from interface org.jnetstream.filter.Filter |
TRUE |
|
Constructor Summary |
protected |
BPFFilter()
Only used when subclassed. |
|
BPFFilter(BPFProgram program,
T target)
Initializes the filter for a very specific target only with the provided
program. |
|
BPFFilter(FilterExpression<BPFProgram> expression)
Initializes the BPF filter with the specified filter expression in what
ever syntax the user chooses. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
BPFFilter
public BPFFilter(BPFProgram program,
T target)
- Initializes the filter for a very specific target only with the provided
program.
- Parameters:
program - program to run for only this targettarget - the target for which the program was built
BPFFilter
public BPFFilter(FilterExpression<BPFProgram> expression)
throws FilterSyntaxError,
FilterNotFoundException
- Initializes the BPF filter with the specified filter expression in what
ever syntax the user chooses. The expression is compiled and applied
appropriately for each target.
- Parameters:
expression - expression to be compiled to binary BPF program
- Throws:
FilterSyntaxError
FilterNotFoundException
BPFFilter
protected BPFFilter()
- Only used when subclassed. The subclass must override compile
compile
public BPFProgram compile(FilterTarget target)
throws FilterSyntaxError,
FilterNotFoundException
- Throws:
FilterSyntaxError
FilterNotFoundException
accept
public boolean accept(java.nio.ByteBuffer buffer,
FilterTarget target)
throws FilterException
- Specified by:
accept in interface Filter<T extends FilterTarget>
- Throws:
FilterException
execute
public long execute(java.nio.ByteBuffer buffer,
FilterTarget target)
throws FilterException
- Description copied from interface:
Filter
- Executes the given filter and returns the result of the evaluation against
the buffer. True means the filter matched, false means it failed.
- Specified by:
execute in interface Filter<T extends FilterTarget>
- Parameters:
buffer - buffer to execute the filter againsttarget - Filter target of this filter. This is typically the DLT (Data Link
Type) of the first structure in the buffer.
- Returns:
- true filter succeeded, false failed
- Throws:
FilterNotFoundException - if a program could not be generated or found for the specified
target
FilterException - TODO- See Also:
com.slytechs.capture.filter.Filter#execute(java.nio.ByteBuffer)