Luigi Rizzo <ri...@iet.unipi.it> wrote:
> Also, when a port is in netmap mode is temporarily disconnected from
> the host stack, so you want to be careful on where you use it.
> The monitoring folks (bro, suricata...) will probably love this
> feature but for others it might be more problematic.
yes, many people have wanted monitor ports that the host can't interact with
at all, and so far it has been hard to do.... the worst is IPv6 RAs that the
kernel sees and configures, or ARP requests for IP addresses on other
interfaces that the kernel might respond to...
> but removed it because it can only return a partial list of ports
> and i thought it would not be very useful.
The GUI (wireshark) people would really like it... if it has a bug that
limits what it can return, it's probably still better than nothing,and
perhaps someone else will fix the bug.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
