tcpdump mailing list archives
Re: proposed new pcap format
From: Darren Reed <darrenr () reed wattle id au>
Date: Thu, 25 Mar 2004 08:58:14 +1100 (EST)
In some email I received from Guy Harris, sie wrote:
On Mar 24, 2004, at 7:08 AM, Michael Richardson wrote:okay, but there is more than just in/out. enum pcap1_probe { INBOUND =1, OUTBOUND =2, FORWARD =3, PREENCAP =4, /* IPsec ? */ POSTDECAP=5, };....and perhaps, on at least some systems, for inbound packets, supply "received unicast/received broadcast/received multicast/received promiscuously" indications (Digital UNIX has broadcast, multicast, and promiscuous bits - presumably if none are set it's received unicast or it's outbound), IRIX has a "received promiscuously" flag, and Linux supplies a unicast/broadcast/multicast/promiscuous/outgoing value. We might do that with "received unknown", "received unicast", "received broadcast", "received multicast", "received promiscuously", and "sent" flags (if none are set, the direction is unknown).
BSD also has M_BCAST and M_MCAST flags on mbufs. Do I feel some desire for bpf.c to change, as well ? Darren - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- proposed new pcap format Michael Richardson (Mar 23)
- Re: proposed new pcap format Guy Harris (Mar 23)
- Re: proposed new pcap format Hannes Gredler (Mar 24)
- Re: proposed new pcap format Michael Richardson (Mar 24)
- Re: proposed new pcap format Guy Harris (Mar 24)
- Re: proposed new pcap format Darren Reed (Mar 24)
- Re: proposed new pcap format Guy Harris (Mar 24)
- Re: proposed new pcap format Hannes Gredler (Mar 24)
- Re: proposed new pcap format Hannes Gredler (Mar 24)
- Re: proposed new pcap format Guy Harris (Mar 23)
- Re: proposed new pcap format Michael Richardson (Mar 24)
- Re: proposed new pcap format Darren Reed (Mar 24)
- Re: proposed new pcap format Michael Richardson (Mar 25)
- Re: proposed new pcap format Michael Richardson (Mar 24)
- Re: proposed new pcap format Darren Reed (Mar 24)