Re: Remote capture capabilities

[Michael Richardson <mcr () sandelman ottawa on ca>]

-----BEGIN PGP SIGNED MESSAGE-----


> > > > > "Fulvio" == Fulvio Risso <fulvio.risso () polito it> writes:
    Fulvio> No, it can change.
    Fulvio> Currently we transmit bpf-compiled programs.

  Ugh. That's not ideal. But, I'll bet it works well.

    Fulvio> However, the filter has a "type" field, which can be used to send
    Fulvio> other 
    Fulvio> types of filters (e.g. literal strings like "ip and port 80").

  Excellent!

    >> As for divergence - it might be best if you guys went and experimented
    >> for 
    >> awhile and reported back to us.

    Fulvio> This is a better answer than what you said before.
    Fulvio> I totally agree now.

  The trick is to make sure that all non-dangerous stuff gets committed,
that way there isn't as much divergence.

  We (in the list) have talked a lot about needing a new pcap format. One
that can have space for all the meta data people want, and that 
can me merged with /bin/cat.  (No per-file header)
  Once things get transmitted across the wire, this is even more critical,
IMO.  

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPt+uPIqHRg3pndX9AQF54QP/eYkV4seJYVC98SGUVThszvpqL9mZr9HN
EzaavxOUctstuWy/NKqyCqCWRm1NXMKUvycILHrPzlSUmCDJHndXnyNfrSen6t8O
/BkySvwAZa0fGYXDhDxxqJpMAtJOLJkRGsTmYm9H6WqGfZ6JekDaao725F5xHZqE
Eblq6y4kcF4=
=8/+2
-----END PGP SIGNATURE-----
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe