Compression support

[Ray Bellis <ray () bellis me uk>]

I recently added gzip write support to the DNS-OARC "dnscap" utility
because I found that performing gzip compression during post-processing
was very inefficient for I/O.

There's a blog article about this at:

<https://www.isc.org/blogs/efficient-compression-of-packet-captures/>

However, this adds the gzip library calls directly into the dnscap code,
and adds a compile-time dependency.

Following on from this, I'm now working on creating a plugin feature for
libpcap that would allow libpcap-based application to use any file
compression library (assuming suitable hook functions exist) to be
supported at run-time, without creating any install-time dependencies
for the main libpcap package.

My modified libpcap is at:

<https://github.com/raybellis/libpcap/tree/raybellis-gzip>

This so far only supports file reading. I don't expect file writing to
be difficult.

The gzip plugin (which works for reading, and should already support
writing, once the libpcap hooks for the latter are added) is at:

<https://github.com/raybellis/libpcap-gzip/>

I'd welcome feedback, suggestions, etc, and hope that the changes to
libpcap to support plugins might get merged into the mainline code for
all to use.

Ray Bellis
ISC Research Fellow
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers