> I need to add this into a custom build of tcpdump 3.6.2, because I also
> need VLAN support. Does anyone know of an easier way than
> hand-stitching bits of code from the patched source into the 3.6.2
> source?
You might try applying the patches to the 0.6.2/3.6.2 source.
> In other words, are there equivalent patches for libpcap 0.6
> and tcpdump 3.6.2? I'm also wondering why this code has not yet been
> absorbed into the current version of libpcap and tcpdump.
Because they're doing it the wrong way; they're shoving a Linux-specific
hack into the capture file format...
...and a hack that doesn't always work right even on Linux.
Tcpdump can print the device name for each packet *ONLY* if the machine
on which the capture is being done, and the machine on which the capture
is being printed, have the same interface configuration, i.e. the same
interface indices correspond to the same interface names.
That isn't necessarily the case; you might capture packets on one
machine, and look at them on another, for example.
There has been some discussion on the list of coming up with a new
capture file format to support that - and to support other stuff as
well. For example, a number of packet capture mechanisms support
supplying information similar to what the "pkt_type" field supplies, and
it'd be nice to come up with a *platform-independent* way of expressing
that, and have libpcap translate the Linux/Tru64 UNIX/IRIX/whatever
packet type information into that platform-independent form. (And, in
"print-fddi.c", there's a comment that says
* Steve McCanne & I have also talked about adding the
* 'direction' byte to all bpf headers (e.g., in the two
* bytes of padding on an ethernet header). It's not clear
* we could do this in a backwards compatible way & we hate
* the idea of an incompatible bpf change. Discussions are
* proceeding.
...
* - vj
and if the BSDs ever do that we'd want to translate its direction/etc.
information into that platform-independent format as well - or just have
the BSDs supply it in that format.)
For the interface index, we'd want to put into the capture file a list
of interface indices and names, so that the interface name can be
printed even on platforms that don't have the same interface
configuration - or that aren't even running Linux - and so that if any
program were to support capturing from multiple interface on other
platforms, e.g. with a big "select()" loop, they could support that in
libpcap capture files as well.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
