tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: proposed new pcap format

From: Hannes Gredler <hannes () juniper net>
Date: Thu, 25 Mar 2004 00:29:37 +0100
On Wed, Mar 24, 2004 at 10:08:30AM -0500, Michael Richardson wrote:
| -----BEGIN PGP SIGNED MESSAGE-----
| 
| 
| >>>>> "Hannes" == Hannes Gredler <hannes () juniper net> writes:
|     Hannes> | ...with that list presumably being expandable over time.
| 
|     Hannes> like for example with PCAP_DIRECTION ....
| 
| okay, but there is more than just in/out. 
| 
| enum pcap1_probe {
|       INBOUND  =1,
|       OUTBOUND =2,
|       FORWARD  =3,
|       PREENCAP =4,          /* IPsec ? */
|       POSTDECAP=5,
| };

a question to PREENCAP and POSTDECAP is ENCAP/DECAP related
to link-layer or network-layer

rason that i am asking is that
for hardware based routers where the kernel receives just IP
payload b/c the link layer was stripped off by the fabric
PREDECAP_L2 would make a lot of sense ...

/hannes 
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: