Guy Harris wrote:
> On Fri, Sep 07, 2001 at 03:07:42PM -0700, Guy Harris wrote:
> > If you do so, please use 116 as the value for that DLT_ name, and send
> > us the name you chose (e.g., DLT_IPFILTER). Otherwise, we can't
> > guarantee that the value won't later be assigned to some other DLT_
> > name.
> >
> > The way you add support to it in the pcap compiler is:
>
> I've attached a patch to the current CVS version of libpcap that uses
> 116 rather than 115 for DLT_IPFILTER and that should generate correct
> code for filter expressions (although I didn't add support for "inbound"
> and "outbound").
Thanks Guy,
With the help of your previous mail, I got as far as myself. However, there
are some issues that I need some help with:
1) I have no clue how to add support for filtering on the fields in my
IP filter header. The fields provide additional information on the
IP packet, such as:
1) was it an inbound or an outbound IP packet
2) what was the action on the IP packet (passed, blocked, logged)
3) on which filter rule was the packet matched
4) which interface was the packet captured on
etc... How can I add support to this to tcpdump, especially the compiler?
2) I would like to use struct pcap_sf_pkthdr and sf_write_header(), the
first one is defined in pcap-int.h, the second one is a static function.
However, I do not think that external applications should include
pcap-int.h? Should these definitions be moved to pcap.h, and would the
tpdump project agree on that?
3) How can I introduce a version number. I think it likely that sometime in
the future, IP filter will have new flags or new fields, that might be
interesting for filtering. How, can I make sure that future tcpdump
versions can distinguish between the different IP filter headers?
Frank
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
