tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: code available: netmap support for libpcap

From: Michael Richardson <mcr () sandelman ca>
Date: Sat, 15 Feb 2014 17:13:24 -0500

Luigi Rizzo <rizzo () iet unipi it> wrote:
    > Also, when a port is in netmap mode is temporarily disconnected from
    > the host stack, so you want to be careful on where you use it.
    > The monitoring folks (bro, suricata...) will probably love this
    > feature but for others it might be more problematic.

yes, many people have wanted monitor ports that the host can't interact with
at all, and so far it has been hard to do.... the worst is IPv6 RAs that the
kernel sees and configures, or ARP requests for IP addresses on other
interfaces that the kernel might respond to...

    > but removed it because it can only return a partial list of ports
    > and i thought it would not be very useful.

The GUI (wireshark) people would really like it... if it has a bug that
limits what it can return, it's probably still better than nothing,and
perhaps someone else will fix the bug.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [


_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: