[EMAIL PROTECTED] wrote:
when given a rule consisting of a set of sub rules to pcap, if a packet
matches the rule, how do I know which sub rule it matches?
libpcap will not tell you that. As far as it's concerned - and as far
as the kernel is concerned, on those platforms where the packet
hi,
when given a rule consisting of a set of sub rules to pcap, if a packet
matches the rule, how do I know which sub rule it matches?
thanks
hui
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Recent versions of libpcap have a pcap_breakloop() function that does what you
are specifically asking for (called inside a packet loop handler, it causes an
immediate return from the loop with a -2 error code), although I suspect that
using the "any" interface, or pcap_next_ex(), might be bette
