Re: AIX BPF driver load

[Guy Harris <gharris () sonic net>]

On Fri, Feb 07, 2003 at 02:36:16PM +1100, Shaun wrote:
> AIX 4.33 doesn't ship with a libpcap but the version compiled into
> tcpdump does indeed load the driver and construct the necessary /dev
> entries. The AIX 5.1 version of libpcap automatically loads the driver and
> constructs the /dev entries as necessary when bpf_open is called.

"bpf_open()", or "pcap_open_live()"?

> >     the BSDs I know of, Digital UNIX, and AIX 4.3 have "struct
> >     bpf_program" and "struct bpf_insn" structures that are the same
> >     as they are in libpcap (I suspect the same is true of 5.x -
> >     Shaun, is that the case?);
>
> Yep, at least for 32 bit userland programs

What does it do for 64-bit userland programs?  As I remember from
diffing the libpcap bpf.h and the AIX 4.3 bpf.h, it looks as if they use
the same types in "bpf_program" and "bpf_insn", i.e.  they use u_int for
"bf_len" in "bpf_program", and use a combination of "u_short", "u_char",
and "bpf_int32" in "bpf_insn" - and "bpf_int32" is typedeffed to "int". 
Are "u_char" 8 bits, "u_short 16 bits", and "int" and "u_int" 32 bits
for 64-bit programs?
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe