On Wed, Oct 31, 2012 at 3:20 PM, Guy Harris <g...@alum.mit.edu> wrote: > > On Oct 31, 2012, at 2:50 PM, Ani Sinha <a...@aristanetworks.com> wrote: > >> pcap files that already have the tags reinsrted should work with >> current filter code. However for live traffic, one has to get the tags >> from CMSG() and then reinsert it back to the packet for the current >> filter to work. > > *Somebody* has to do that, at least to packets that pass the filter,
yes but if the packet is passed to the filter within libpcap (when we are not using the kernel filter) before the reinsertion, then the filter has to be taught to look into the metadata for tag information and not in the packet itself. before they're handed to a libpcap-based application, for programs that expect to see packets as they arrived from/were transmitted to the wire to work. > > I.e., the tags *should* be reinserted by libpcap, and, as I understand it, > that's what the > > #if defined(HAVE_PACKET_AUXDATA) && > defined(HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI) > ... > #endif > > blocks of code in pcap-linux.c in libpcap are doing. yes, I agree. _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
