tcpdump mailing list archives

Re: tcpdump patches...

From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Sun, 09 Dec 2007 17:53:26 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Peter" == Peter Losher <Peter_Losher () isc org> writes:

    Peter> Sorry it took so long to get back to you on this, but here is
    Peter> the patch we are using for rotating tcpdump files for F-Root.
    Peter> It works against tcpdump 3.8.3.  We (ISC) would *REALLY* like
    Peter> to see this functionality in 3.9.x so we have to no longer
    Peter> have to maintain a private branch. 

  I can't promise to put it in 3.9.x, but we've been trying to get a
4.01 release out soonish.
 
  Peter's patches are used by ISC and many of the root zone operators to
collect statistics on root zone requests.

  They have added two flags:
       int Pflag=0;      /* rotate through ring files every -P minutes */
       int Zflag=-1;     /* Minutes past the hour at which to force closure */

  (note: we'll likely not want to call it "ring files", as that might be
  confusing with when pcap uses a memory mapped ring buffer interface. 
  Is there another term we could use?  Maybe something from another
  language which means the same thing)

  I'm posting because we are pretty much out of flags.
  I want to do two things in the 4.xx release:

  a) get rid of all old/compatibility flags that we have around.
  b) provide a second "driver" program called "netdissect" which would
     use primarily long options.

  In the meantime, I want to verify that -P and -Z aren't going to
horribly clash with some unpublished (i.e. "distro") patches.

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr () xelerance com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [



        
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBR1xx5ICLcPvd0N1lAQIn+wf/eoKtjw3vs8PRjp8kDLs8OoROyIHr0ON1
F/Ifq163AByjAaesmVlP5p6CLmy168av7Up0nKKR7vGkkEw3Uswyj8wqLTk4d6/G
G0sUy0GcAY5ysxaeVezXvyYIqlowiJJTmFdV5LfrYfpHgnHQZm37UE9goeVuk+Mm
7xcCj4zQOdy8xdn/BmZDSmc8wndkYE9HcJ4La8vuhp3gOnqhGU1I3vviNgigSg8k
uS2xLekYSIw1+RPo0DaQMMSvtdP8E6qCtIKw668Fnj1fmp3d7MzSgJuHv3tkyiSb
u8b44fVUKHQazQd4XO7qeKyXylu+0TN3rNsEWVEb+sGq4WCH+0DDsg==
=ph1F
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Re: tcpdump patches... Michael Richardson (Dec 09)
- Re: tcpdump patches... Gianluca Varenni (Dec 10)