On Apr 28, 2005, at 8:21 PM, alexander medvedev wrote:
I would like to compile a list of AIX's bpf flaws and lacking features.
1. non-blocking read does not work; 2. <insert your favorite AIX bpf problem here>
2. It's not documented.
3. It appears that, sometimes, when you read from a BPF device, you get EFAULT for no good reason. (See the comment in pcap_read_bpf().)
4. It returns time stamps in seconds/nanoseconds rather than seconds/ microseconds; one could argue that seconds/nanoseconds is better, but
1) any version of libpcap that doesn't, by default, return seconds/microseconds is not source-compatible with libpcap everywhere else, so that feature can't be used by default, at least not without libpcap changes to allow applications to handle higher-resolution time stamps;
2) any version of tcpdump that puts seconds/nanoseconds into capture files without changing the mgic number - such as AIX's - should be hurled into the center of the Sun with great force.
5. They use SNMP ifType values rather than DLT_ values for link-layer type codes - and even do so in their capture files (see previous statement about hurling AIX's tcpdump into the Sun).
6. The timeout value set with BIOCSRTIMEOUT doesn't seem to have any effect.
Perhaps there are others I don't know about. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
