Re: where to get libpcap-ng?

[Guy Harris <guy () alum mit edu>]

On Jan 9, 2006, at 9:12 AM, alexander medvedev wrote:

> As far as i understood NTAR is an implementation of the pcap-ng  
> standard,

At least as I understand it, it's an implementation of *part* of that  
standard - it handles the general structure of pcap-ng files (the  
"general block structure"), but doesn't interpret anything in the  
blocks that's not part of the general structure.

> which uses different from libpcap API, i.e. ntar_open(), ntar_close 
> (), etc.
>
> Are there any plans to implement this standard in libpcap?

At some point I plan to implement support for reading pcap-ng files  
in libpcap, using NTAR.  I probably won't check that code into the  
CVS tree until NTAR is an Officially Released Project, so that  
libpcap can rely on it (it would become a dependency of libpcap).

> And, if there are plans, will there be a separate libpcap-ng or the  
> same
> library will read/write two types of dumps?

I intend to have one library for both file types.

There will be new APIs; the current set can't support all pcap-ng  
files, and can't handle all types of blocks.  Applications using the  
existing APIs will support reading those pcap-ng files that, for  
example, have only one link-layer type, although not all of the  
information in those files will be available to those applications.

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.