Support for multiple packet capture types per platform

[Jesper Peterson <jesper () endace com>]

I posted this to the Feature Requests forum on SourceForge as well. Any 
thoughts?

------------

The structure of libpcap could be enhanced by allowing
for multiple packet capture types other than just the
current file or kernel stack mechanisms. This could
possibly be achieved by optionally using a URL style
device name for example 'dag:/dev/dag0'. This could
also potentially allow offline dumping from non-pcap
files. As far as I can tell the API could stay the same
and be entirely backward compatible by defaulting to
the normal packet source if no capture type was supplied.

Has this kind of support, using this mechanism or any
other, been contemplated?

Background:

I work for Endace Technology Ltd.
(http://www.endace.com) we produce a line of network
monitoring cards called DAGs that operate from 10Mbs to
10Gbs. These cards typically do not act as NICs but run
read only. In order to get packets off the network
efficiently we have a zero-copy API that bypasses the
normal kernel stack. I'm currently working on libpcap
realtime capture support for for this range of cards,
and making our API coexist with the BSD and Linux paths
through libpcap is becoming a bit awkward.

I'd like to submit patches for libpcap to support our
products but if the library internals aren't changed to
formally support multiple capture types the changes are
not going to be pretty. I'd be happy to assist with any
restucturing of libpcap, or indeed do the all work
if/when a mechanism is agreed upon.
--
Jesper Peterson, Senior Software Developer
http://www.endace.com, +64 7 839 0540


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe