> I have a simulation setup where one process acts as a network
> sniffer/spoofer and the clients connect to it via TCP connections. In
> order to debug it, I needed a client which would attach to the
> sniffer/spoofer, read the Ethernet traffic over TCP and write it out in
> the archive format suitable for `tcpdump -r'. As it is, libpcap accepts
> only two kinds of input: live captures and stored archive files. I
> needed to extend this with a third type of input where the caller
> supplies its own pcap_read() function which would get called by other
> pcap functions.
>
> I am enclosing a patch which extends pcap_open_dead() interface by
> allowing user to specify a input callback (reader) function.
This might be better done by adding another "pcap_open_XXX()" call
("pcap_open_foreign()"?), rather than overloading "pcap_open_dead()" and
giving it another argument, changing its API.
We already have "pcap_compile_nopcap()" having a different API in NetBSD
and in tcpdump.org's libpcap and libpcaps that picked it up but not the
NetBSD change, and I'd rather not have the one remaining
only-one-API-so-far routine for compiling a filter expression without a
capture device or file open go down that same path.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
