Re: rpcap support?

[Michael Richardson <mcr () sandelman ca>]

> > > > > "Joerg" == Joerg Mayer <jmayer () loplof de> writes:
    Joerg> for the equipment to come back to do a real test...  The
    Joerg> patch can be downloaded from:
    Joerg> http://www-agrw.informatik.uni-kl.de/home/jmayer/rpcap.v2.patch

    Joerg> I'd really like to receive some feedback on this.

Up until somewhat recently, pcap methods were basically decided at
compile time based upon the OS that one was on.  There was little in the
way of decisions in the code as to what was going to go on.

We now have half-dozen methods on Linux (if you include pfring, etc.),
I think two or three on Solaris, and now every system will grow the
"remote" method.

Can we make it a bit more oop-ish with a few more pointer to functions
in pcap_t rather than if(p->rmt_clientside) everywhere?

It's also time for pcapng, which is supposed to be file format only.
It would be nice if the wire protocol for remote pcap was in fact remote
pcapng.  

The question is now:
  is reading remote pcapng a job of *PCAP* (the library that acquires
  packets from the network interface) 

  or a job of pcapng (the library that reads/writes files to "storage")?

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition. 
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.