> oh no I wasn't referring to that at all. I understand
> that. Sorry I should have been more specific. I was
> referring to the point made that with a savefile, the
> BPF filters are used and print-linux.c is not used.
Eh?
Presumably you meant "pcap-linux.c"; yes, with a savefile, none of the
"pcap-{platform}.c" code is used, but:
1) on some platforms, the same BPF filter code is used, as not
all platforms support in-kernel packet filtering;
2) even on platforms that *do* support in-kernel packet
filtering, the in-kernel packet filtering that's supported is
BPF-compatible (i.e., it's an interpreter for the BPF machine
language, it just runs in the kernel, filtering out packets
even before copying them to userland, rather than being run
in userland after the packets are copied out of the kernel).
Please find, in the tcpdump-workers archives:
http://www.tcpdump.org/lists/workers/
the response to which you referred earlier, and either give us the URL
for the message or the precise text to which you're referring, so we can
figure out what you're asking about.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
