On Sun, Sep 09, 2001 at 01:24:10PM +0200, Frank Volf wrote:
> 2) I would like to use struct pcap_sf_pkthdr and sf_write_header(),
Is there some reason why you're not just using "pcap_dump_open()" and
"pcap_dump()" to write out a file in tcpdump format? If it's important
to flush out the standard I/O stream after writing the header and after
writing each packet, this would require adding a "pcap_dump_file()"
routine:
FILE *
pcap_dump_file(pcap_dumper_t *p)
{
return ((FILE *)p);
}
(or cheating and just doing the cast yourself, but that means that if a
"pcap_dumper_t *" ever becomes something more than just a "FILE *", your
code ceases to work).
(Note, by the way, as per the comment
* Timezone offset is currently set to zero, until I figure
* out exactly how to change it
that nothing currently actually uses the time zone offset, or sets it to
anything other than 0.)
> 3) How can I introduce a version number. I think it likely that sometime in
> the future, IP filter will have new flags or new fields, that might be
> interesting for filtering. How, can I make sure that future tcpdump
> versions can distinguish between the different IP filter headers?
I'd be inclined to do it by renaming DLT_IPFILTER to DLT_IPFILTER_V1,
and add new DLT_ values for new versions. That way, the savefile header
indicates, in effect, which version is being used, so that, for example,
the code generator can generate the right code (or return an error if
you're trying to test a field that doesn't exist in that version of the
header).
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
