Darren Reed wrote:
> In some email I received from Volf, Frank, sie wrote:
> [There is text before PGP section.]
> [Charset iso-8859-1 unsupported, filtering to ASCII...]
> >
> > I once did a different approach, I made a patch to ipmon to write IP packets
> > to a file format that can be read by tcpdump. I even made to tcpdump so it
> > could read and print these files).
> >
> > It works as that tcpdump can indeed read the file and decode the packets. I
> > got stuck however trying to find out how the pcap compiler should be changed
> > so you can apply tcpdump packet filter expressions on such a file, so you
> > can currently only dump the entire file.
>
> You need to make it use DLT_NULL or something like that (0 length link layer
> header) when constructing the BPF.
The problem is I don't have 0 length link layer, but I invented a specific
IP Filter link layer header, which can contain for example the IP Filter
flags (fr_flags), the direction (IN/OUT) and the interface.
Frank
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
