this is a cool idea... a couple comments:
- it would be cool if this were available to other libpcap users...
perhaps as a new verb "ssh_client" so we could use "not ssh_client"
and/or "(blahblah) and not ssh_client". more typing than just -H
though.
- the values returned by getenv are actually still in the environment...
and technically should be "const char *" but there are various reasons
the prototype hasn't ever been changed. for example try this:
#include <stdlib.h>
#include <stdio.h>
int main(int argc, char **argv)
{
char *e1, *e2;
e1 = getenv("SSH_CLIENT");
e2 = getenv("SSH_CLIENT");
printf("%p %p\n", e1, e2);
return 0;
}
you should find it prints the same pointer location for both.
so if you modify the string with strtok it'll affect anything else
which might use SSH_CLIENT in this process... strdup() first.
- i have an allergic reaction to strtok because it's not thread-safe. if
you were to redo this as part of libpcap you would need to get rid of
the strtok...
-dean
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
