On Mon, Mar 25, 2002 at 08:22:38PM -0500, Ashley Thomas wrote: > I wanted some kind of indication about how full the buffer is. > This is regarding the work i am doing with IDSs.
What would you use that information for? I.e., why do you need that information *before* processing the packets in the buffer (rather than computing it in the code that processes the packets)? > I am using openbsd .. so in the pcap_read() in pcap-bpf.c > there is no explicit setting of time. Is the time set by bpf ? > i mean is it already in the bpf header ? Yes, it is. A BPF "bpf_hdr" header looks surprisingly like a "pcap_pkthdr"; I'm sure this has nothing whatsoever to do with the fact that the BPF code and libpcap were originally done by the same people. :-) Therefore, libpcap just passes a pointer to that header to the callback routine. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
