FYI.
------- Forwarded Message
Date: Fri, 23 Oct 1998 15:52:51 -0700
From: "Stephen P. Berry" <[EMAIL PROTECTED]>
Subject: Re: Recording slow scans
To: Vern Paxson <[EMAIL PROTECTED]>
In-Reply-To: Your message of "Fri, 23 Oct 1998 15:11:39 PDT."
<[EMAIL PROTECTED]>
- -----BEGIN PGP SIGNED MESSAGE-----
On firewall-wizards you wrote:
>We get unsolicited changes fairly often. Whether they're incorporated
>depends on how well IOHO they fit into the general design. I've been
>meaning to write something similar to what you describe, but as a
>separate libpcap tool rather than folding it into tcpdump. Our general
>approach is to encourage separate libpcap utilities when possible, and
>this one seems to fit into that.
Most of my changes are in libpcap---the changed bits in tcpdump are
basically just tweaks to the command line to support the new
multiple filter functionality.
When libpcap is built from the modified source, it is still (as far
as I can tell) completely compatable with the old version. Instead of
trying to roll the old behaviour into new or modified routines, I
just added a new routine where ever I needed to tweak things to add
the multiple filter functionality. So, for example, I added a pcap_read_m
routine instead of tweaking the existing pcap_read, u.s.w. The
new routines are: pcap_read_m, pcap_offline_read_m, pcap_loop_m and
pcap_setfilter_m .
The functionality of the changes can be summarised by an example
usage:
tcpdump -F "filter1 filter2 filter3" -P /tmp/dump -E foo
...which would use the filter expressions found in the files filter1,
filter2 and filter3 and output the results as /tmp/dump/filter1.foo,
/tmp/dump/filter2.foo and /tmp/dump/filter3.foo (respectively).
If that sounds like something that you'd been interested in reviewing,
I'd be happy to send the diffs.
- - -Steve
- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNjEImyrw2ePTkM9BAQGbgQP/QEg/7i35ml6seXC6ExNqepYUbYyFx67C
A95l+TNvdD0fPUfeilRusQokcNmfB5BfqCooTVu8WwSE0d9GAZJBXvopauPUBR6g
NNXXmyYRue3pjuxr4ae4tck2aQKgoM1XSLulbY+pV+M17K2WCKXouXgovFPnJ7Sg
gAsmDGbRE5o=
=eDrX
- -----END PGP SIGNATURE-----
------- End of Forwarded Message
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
