tcpdump mailing list archives
Re: Raw USB capturing with libpcap 1.1?
From: Guy Harris <guy () alum mit edu>
Date: Fri, 4 Jun 2010 10:57:14 -0700
On May 6, 2010, at 9:43 AM, Chris Maynard wrote:
I had to put this aside for awhile, but revisited it today. While I did change
the filter to one of the form "{expr} {relop} {expr}" and was able to
successfully capture packets, the capture filter itself doesn't really seem to
do much of anything. Basically what I've found is that as long as you have a
valid filter specified, ALL packets are captured regardless of what the filter
is. However, if I apply the same exact filter when reading a previously saved
capture file, then the filter works as expected.
The Linux USB - and Linux Bluetooth - capture code was ignoring any filter that was set. There's no kernel filtering for them, so the filtering has to be done in userland; the capture code didn't do that. I've checked into the main and 1.1 branches changes that should fix that.- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Raw USB capturing with libpcap 1.1? Chris Maynard (Apr 01)
- Re: Raw USB capturing with libpcap 1.1? Guy Harris (Apr 01)
- Re: Raw USB capturing with libpcap 1.1? Chris Maynard (Apr 02)
- Re: Raw USB capturing with libpcap 1.1? Chris Maynard (May 06)
- Re: Raw USB capturing with libpcap 1.1? Guy Harris (Jun 04)
- Re: Raw USB capturing with libpcap 1.1? Chris Maynard (Jun 09)
- Re: Raw USB capturing with libpcap 1.1? Chris Maynard (Apr 02)
- Re: Raw USB capturing with libpcap 1.1? Guy Harris (Apr 01)