Snort mailing list archives
Re: libpcap 0.7.1
From: Phil Wood <cpw () lanl gov>
Date: Tue, 29 Jan 2002 13:44:22 -0700
Looks correct. My netscape, shift key, reload just didn't hack it today. Cleared my cache and things started to work again. One caveat, the current snort.c incorrectly adds ps_drop to ps_recv to create a total packets received by the filter. This is actually MY fault, and I have notified Marty. It's actually worse than that. In particular, here is the skinny on how libpcap manages the "pcap_stat" structure: filter OS applied ps_recv ps_drop linux before all packets that passed packets that passed the filter the filter including but dropped due to lack of buffer those that were dropped. space. bsd after ALL packets that hit (Same as linux) the network interface before being filtered including packets that passed the filter and packets that were dropped. The above synopsis is based on my read of the two files pcap-linux.c and pcap-bpf.c. I would very much like to change the way pcap_stats works, but the old hands are tied due to the "api". -- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: libpcap 0.7.1 Phil Wood (Jan 29)