Making the filter language more expandable

[Darren Reed <darrenr () reed wattle id au>]

One of the big problems I have with tcpdump and libpcap, today,
is the limitations in the filter language.  As a quick example,
while it understands IP header bits and port numbers, I can't
do 'tcpdump gre_v 1' in the same way I can do 'tcpdump port 2',
etc.

Taking it out to what I'd like to see (define new protocols as
keywords and byte offsets in some text file) is unquestionably
not a simple task and is not something I'd like to see delay a
release labelled 1.0.

Has anyone else done any work on something like this or given
it any more, in depth, thought than I have to date ?

Cheers,
Darren

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.