On Sat, Mar 16, 2002 at 06:18:32PM -0800, Aaron Cheek wrote:
> In the Linux world, I can make tcpdump et al listen to
> the "any" interface, thanks (as far as I know) to the
> patches developed by S. Krahmer to libpcap.
>
> Does any OpenBSD-compatible version of libpcap support
> this behaviour?
Not that I know of.
> If not, is there any patch available?
Not that I know of. I don't know of any BPF implementation that
supports running without having done a BIOCSETIF to bind the BPF device
to a particular interface, so I don't know of any system using BPF (such
as the BSDs) that lets you capture, using a single BPF device, on all
interfaces at once.
Such a BPF variant would either require
1) a mechanism by which the link-layer type of each packet could
be supplied in the per-packet header
or
2) a mechanism by which a "fake" link-layer header could be
supplied, along the lines of what a PF_PACKET/SOCK_DGRAM
socket lets libpcap do on Linux.
I.e., the reason why this exists on Linux but not BSD is that the Linux
packet capture mechanism (PF_PACKET sockets) has the facilities to
support it but the BSD packet capture mechanism (BPF) doesn't.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
