tcpdump mailing list archives

Re: Multifile patch

From: Wesley Shields <wxs () FreeBSD org>
Date: Tue, 21 Aug 2012 21:25:34 -0400

On Tue, Aug 21, 2012 at 08:36:12PM -0400, Michael Richardson wrote:


Wesley, it seems like a good idea.
I can't look at your patch from the cottage, since I squirt out bits
only once a day by walking down the road to where there is some wifi.


No worries, I'm in no rush on this. Enjoy your time away from the
internet.

Since pcap files have no end of file marker, and each file
has a header on it, do you look at the beginning of each packet, and see
if there is a pcap magic number?


I'm not sure I'm parsing this right but...

I am using pcap_open_offline() on each file, which should be validating
that I'm operating on a pcap file. I also check to ensure that the DLT
of every subsequent file matches the DLT of the first file when using
this option in conjunction with -w, since we don't want to generate one
output file with multiple input DLTs.

-- WXS
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Multifile patch Wesley Shields (Aug 19)
- Re: Multifile patch Michael Richardson (Aug 21)
  - Re: Multifile patch Wesley Shields (Aug 21)
    - Re: Multifile patch Michael Richardson (Aug 23)
    - Re: Multifile patch Wesley Shields (Aug 23)
- Re: Multifile patch Michael Richardson (Sep 03)
  - Re: Multifile patch Guy Harris (Sep 04)
    - Re: Multifile patch David Laight (Sep 04)
    - Re: Multifile patch Guy Harris (Sep 04)
    - Re: Multifile patch David Laight (Sep 05)
  - Re: Multifile patch Gert Doering (Sep 04)
  - Re: Multifile patch Wesley Shields (Sep 06)
    - Re: Multifile patch Wesley Shields (Sep 13)