Re: Small patch to support pcap_setdirection - change option from -P to -Q?

[Guy Harris <guy () alum mit edu>]

On Aug 25, 2009, at 12:59 PM, Thomas Jacob <jacob () internet24 de> wrote:

> Tested only on Debian GNU/Linux 5.0 and kernel 2.6.27.31,
> with the latest GIT libcap. Patch is against current GIT master.
> Feel free to use it under any license you like.

Well, that's been picked up in the trunk (4 years later - sorry about that).

However, I'd prefer to pick a different command-line flag, as tcpdump, in OS X Mountain Lion and later, uses -P to 
specify that pcap-ng files should be written, and:

        eventually tcpdump should be able to write those files, not just read them;

        I'd like not to have Apple's tcpdump not have to differ from the standard in that regard.

Unfortunately, there aren't many options left; we really need to switch to getopt_long() (and provide our own version 
for platforms that don't support it - the main one is Windows for WinDump, and we have to supply our own getopt() for 
it already; most UN*Xes support it by now).

-P doesn't particularly say "direction" to me, so switching to -g, -o, or -Q doesn't sound less mnemonic to me.

Apple's also used -g to "not insert line break after IP header in verbose mode for easier parsing." That might not be a 
bad option for us to pick up if we currently do insert that line break.

OpenBSD use -o to "Print a guess of the possible operating system(s) of hosts that sent TCP SYN packets.", so I'd 
rather not use that, either.

That leaves -Q.

What do people think?
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers