> I've submitted an IETF draft (I-D) that describes a
> packet format for remote packet capture and I'd like to
> get comments from this group. There are a number
> of ideas in the draft, but the basic idea is to build
> remote packet taps, but without the problems of RMON
> packet capture or "port copy" schemes.
RMON supports a very limited sort of "packet filtering"; as I remember,
you can specify some number of offsets, masks, and values, so that only
packets where the data at the offset, when ANDed with the mask, equals
the value, will be captured.
It'd perhaps be niftier if you could, instead, send a BPF program to the
device, although if devices that do RMON do the packet filtering in
hardware, that could be tricky as they'd have to do BPF in software if
they didn't have hardware to do it.
You'd want to make it possible to query the device for which version of
BPF it supports, so that, for example, future extensions to the BPF
language (such as some additional instructions that the BSDI folk added,
or the new BPF+ instruction set), and a world of devices with different
versions of BPF, could be handled.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
