-i man "Ties are broken by choosing the earliest match."

[Doru Georgescu <headset001 () yahoo com>]

Please explain what this means, -i in manual: "Ties are broken by
choosing the earliest match." Ties between what and what? Match, I
suppose, is between the tcpdump expression and packets headers.

I answer here to guy_harris on
http://sourceforge.net/tracker/?func=detail&aid=2813234&group_id=53066&atid=469573,
because comments are disabled there, and I would not open a new
tracker.

Thanks a lot for the very clear answers.

> Actually, the list of primitives isn't strictly a list; it doesn't, for
> example, have an entry for "ip src host {host}", although that's a valid
> primitive (unlike "src host {host}", it doesn't check for {host}'s IPv6
> address).

So the manual does not clearly state when ip is an alias for ether
proto \\ip and when it is a modifier. This is the little hole I
slipped in.

Still, I hope that the "expression" chapter of man somehow completely
defines expressions.

> Something that works is tcpdump-workers () lists tcpdump org, which is what
> the current top-of-Git-tree (and libpcap 1.0.0/tcpdump 4.0.0) documentation
> use.

Fedora 11 is lagging behind, the man still shows
tcpdump-workers () tcpdump org. Now I'm using
http://www.tcpdump.org/tcpdump_man.html.


      
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.