Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!nrl-cmf!ames!ncar!husc6!rice!sun-spots-request
From: richard%aiai.edinburgh.ac.uk@nss.cs.ucl.ac.uk (Richard Tobin)
Newsgroups: comp.sys.sun
Subject: Problem with nit packet filtering
Keywords: Networks
Message-ID: <229.8903281803@aiai.ed.ac.uk>
Date: 7 Apr 89 09:07:03 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 35
Approved: Sun-Spots@rice.edu
Original-Date: Tue, 28 Mar 89 19:03:10 BST
X-Sun-Spots-Digest: Volume 7, Issue 228, message 3 of 10

I want a nit filter that gives me all non-ip packets and certain ip
packets.  As I read the manual [nit_pf(4m)], this code should give me all
the non-ip packets:

    *fwp++ = ENF_PUSHWORD + shorts(offsetof(struct ether_header, ether_type));
    *fwp++ = ENF_PUSHLIT | ENF_CNAND;
    *fwp++ = ETHERTYPE_IP;

    ... tests for the ip packets I want ...

but it appears to reject the non-ip packets instead.  If I replace it with
this (which should be equivalent) it works:

    *fwp++ = ENF_PUSHWORD + shorts(offsetof(struct ether_header, ether_type));
    *fwp++ = ENF_PUSHLIT | ENF_EQ;
    *fwp++ = ETHERTYPE_IP;
    *fwp++ = ENF_PUSHZERO | ENF_COR;

    ... tests for the ip packets I want ...

In the first case, CNAND shoud return true if ether_type and ETHERTYPE_IP
are not equal.

In the second case, COR should return true if
(ether_type == ETHERTYPE_IP) and zero are equal.

Is there a bug in the manual, the implementation, or my understanding?

[The macros shorts and offsetof are defined like this:

  #define offsetof(type, field) ((int)&((type *)0)->field)
  #define shorts(n) ((u_short)((n) / sizeof(u_short)))
]

-- Richard