Skip to end of metadata
Go to start of metadata

pflang Packet Filter Language introduced by tcpdump/libpcap

tcpdump uses a small domain-specific language (DSL) to specify which part of the traffic the user is interested in, in the form of a packet filter. In the decades since, many other tools have adopted that language, often extending it somewhat. This DSL is also known under the name Berkeley Packet Filter (BPF).

Implementations

  • tcpdump/libpcap
  • pflua, which generates high-performance packet filters by compiling pflang to Lua and then compiling that using the LuaJIT just-in-time compiler
  • NFDUMP/NfSen uses a variant of pflang to filter flows rather than packets
  • Wireshark (also has its own different filter language)
  • and many others...

– Main.SimonLeinen - 2015-07-18

  • No labels