> On Mon, Jul 14, 2003 at 12:13:53AM -0700, Ben Greear wrote: > > In the near future, I plan to make a kernel module that will throw pkts > > directly to disk from the kernel... > > WinPcap had such a mechanism at one point, although I think it might not > yet be working in WinPcap 3.0; if you implement such a mechanism and > provide libpcap extensions to use it, you might want to use whatever API > WinPcap used (I don't remember what it was, and it doesn't seem to be > documented in the current WinPcap documentation).
The kernel dump functionality works in the first alpha versions of winpcap 3.0, but is disabled in the current version since it's not updated to the new buffering system introduced to support SMP. Some documentation about how kernel dump works can be found at http://winpcap.polito.it/docs/man/html/index.html. The API for kernel dump is documented inside the WinPcap manual and is made of two functions: pcap_live_dump (http://winpcap.polito.it/docs/man/html/group__wpcap__fn.html#a42) and pcap_live_dump_ended (http://winpcap.polito.it/docs/man/html/group__wpcap__fn.html#a43). Loris - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
