I recently added gzip write support to the DNS-OARC "dnscap" utility because I found that performing gzip compression during post-processing was very inefficient for I/O.
There's a blog article about this at: <https://www.isc.org/blogs/efficient-compression-of-packet-captures/> However, this adds the gzip library calls directly into the dnscap code, and adds a compile-time dependency. Following on from this, I'm now working on creating a plugin feature for libpcap that would allow libpcap-based application to use any file compression library (assuming suitable hook functions exist) to be supported at run-time, without creating any install-time dependencies for the main libpcap package. My modified libpcap is at: <https://github.com/raybellis/libpcap/tree/raybellis-gzip> This so far only supports file reading. I don't expect file writing to be difficult. The gzip plugin (which works for reading, and should already support writing, once the libpcap hooks for the latter are added) is at: <https://github.com/raybellis/libpcap-gzip/> I'd welcome feedback, suggestions, etc, and hope that the changes to libpcap to support plugins might get merged into the mainline code for all to use. Ray Bellis ISC Research Fellow _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
