tcpdump mailing list archives

Re: Query about running many, many, rules

From: Michael Richardson <mcr () sandelman ca>
Date: Tue, 02 Jul 2013 15:32:41 -0400


I'm unclear if you want to run many rules (filter1 OR filter2 OR filter3) on
a single interface, or you want to run many pcap filters on different
interfaces.

There's pcap_open_offline() for files.  There's no
interface which says "here's a packet, run the rule against it".


I think that Guy's answer suggesting that your pcap library was old should
satify, but you mention hardware, and the current interface is really about
either using the kernel interface ("live") or from a file ("dead"), while
I think you want an in-memory interface.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [


_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Re: Query about running many, many, rules Michael Richardson (Jul 02)
- Re: Query about running many, many, rules Alan DeKok (Jul 02)