03-18-2020, 01:55 AM
> But now BPFC is restricted to 65535 code blocks.
Wow, that is significant. Right now I am generating filter lists that cuts off at 256 entries after adding the "user defined" set of addresses to ignore. I also add the interfaces of the raspi (wlan0 and wlan1) just to be sure it doesn't attack itself.
I'm wondering about the length of the command being sent to tcpdump.
Let's pretend we have roughly 10% of the maximum number of mac addresses to filter, that's about 6550 mac addresses. Assuming we has to pass "and not wlan addr1 00:11:22:33:44:55" for each mac address to include, that's 37 characters per mac address, equating to more than 242,350 characters on the command line. Can you actually do that?
A cursory web search says the limit is around 5,200 characters, so at 37 characters per mac address, out upper limit is actually around 140 mac addresses. Which is a lot worse than using the mac filter list switches...
Am I misunderstanding how this works?
Wow, that is significant. Right now I am generating filter lists that cuts off at 256 entries after adding the "user defined" set of addresses to ignore. I also add the interfaces of the raspi (wlan0 and wlan1) just to be sure it doesn't attack itself.
I'm wondering about the length of the command being sent to tcpdump.
Let's pretend we have roughly 10% of the maximum number of mac addresses to filter, that's about 6550 mac addresses. Assuming we has to pass "and not wlan addr1 00:11:22:33:44:55" for each mac address to include, that's 37 characters per mac address, equating to more than 242,350 characters on the command line. Can you actually do that?
A cursory web search says the limit is around 5,200 characters, so at 37 characters per mac address, out upper limit is actually around 140 mac addresses. Which is a lot worse than using the mac filter list switches...
Am I misunderstanding how this works?