Re: [tcpdump-workers] DLT type requested for OpenSolaris IPNET header

2009-07-27 Thread Darren Reed
On 27/07/09 12:03 PM, Guy Harris wrote: On Jul 14, 2009, at 5:53 PM, Darren Reed wrote: I'd like to request that the assigned name is DLT_IPNET. I've assigned 226 to DLT_IPNET. Thanks, Darren - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] DLT type requested for OpenSolaris IPNET header

2009-07-27 Thread Darren Reed
On 27/07/09 11:47 AM, Guy Harris wrote: On Jul 26, 2009, at 6:48 PM, Darren Reed wrote: On 21/07/09 01:35 PM, Guy Harris wrote: dli_htype - hook type (in, out, local) Presumably there are specific values for those (0, 1, and 2, or whatever). Yes, 0 for inbound, 1 for outbound, 2 for

Re: [tcpdump-workers] Dealing with pcap-linux.c

2009-07-27 Thread Darren Reed
On 27/07/09 12:48 PM, Guy Harris wrote: On Jul 27, 2009, at 11:40 AM, Guy Harris wrote: The code to use PF_PACKET and PF_INET/SOCK_PACKET sockets *does* have to translate the ARPHRD_ values Linux returns to DLT_ values; that's not a lot of code, and is only minimally involved with Linux's ARP

Re: [tcpdump-workers] Dealing with pcap-linux.c

2009-07-27 Thread Guy Harris
On Jul 27, 2009, at 11:40 AM, Guy Harris wrote: The code to use PF_PACKET and PF_INET/SOCK_PACKET sockets *does* have to translate the ARPHRD_ values Linux returns to DLT_ values; that's not a lot of code, and is only minimally involved with Linux's ARP implementation - many of the ARPHRD_

Re: [tcpdump-workers] DLT type requested for OpenSolaris IPNET header

2009-07-27 Thread Guy Harris
On Jul 14, 2009, at 5:53 PM, Darren Reed wrote: I'd like to request that the assigned name is DLT_IPNET. I've assigned 226 to DLT_IPNET. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] DLT type requested for OpenSolaris IPNET header

2009-07-27 Thread Guy Harris
On Jul 26, 2009, at 6:48 PM, Darren Reed wrote: On 21/07/09 01:35 PM, Guy Harris wrote: dli_htype - hook type (in, out, local) Presumably there are specific values for those (0, 1, and 2, or whatever). Yes, 0 for inbound, 1 for outbound, 2 for local. So "inbound" means that the pa

Re: [tcpdump-workers] Dealing with pcap-linux.c

2009-07-27 Thread Guy Harris
On Jul 26, 2009, at 6:52 PM, Darren Reed wrote: As well as porting BPF to Solaris, I've been working on developing an implementation of PF_PACKET. I went to try this out with libpcap and it failed badly. pcap-linux.c is a combination of PF_PACKET bits plus all of the code required to deal with

[tcpdump-workers] Endace DAG w/ tcpdump and libpcap

2009-07-27 Thread rh
Platform, Configuration, and Input Rates: 8 core Xeon 16 GB RAM CentOS 5.2 DAG 4.5G2 DAG ring buffer size: 256MB (x2, for 512MB, receive only [i.e., transmit = 0 MB]) tcpdump version is 4.0.0, libpcap 1.0.0 Incoming frame rates (output cleaned up a little -- these increment ~1x second, and here