Re: problem with relay server using pcap

[Guy Harris <guy () alum mit edu>]

On Oct 11, 2006, at 11:03 AM, Brocha Strous wrote:

> I have 2 different implementations. The problem is only with a very
> small number of users so its not server-wide. Possibly related to a
> specific firm-ware version of a Zyxel router - are there any known
> in-compatibility between pcap and this router?

Libpcap would have difficulty even being aware that a such a router  
exists on the network.

1) What sort of problems do you see with the libpcap-based  
implementation of your relay server?

2) What sort of problems are there with the non-libpcap-based relay  
server that would cause you to even bother writing a libpcap-based  
one?  As Michael noted, libpcap is *NOT* appropriate for applications  
that insert themselves into the path a packet takes through a  
networking stack, as it doesn't insert itself into that path so that  
you can modify packets before some other part of the networking stack  
sees them, it attaches itself to the network stack as a passive tap.   
(This is by design of libpcap and the mechanisms it uses.  At least  
some OSes might have mechanisms for doing that sort of insertion, and  
it might be useful, if it's possible, to have a library that provides  
a portable API for those mechanisms, but libpcap wouldn't be that  
library.)

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.