On Jul 12, 2011, at 8:26 PM, Flavio Truzzi wrote:
> Program received signal SIGABRT, Aborted.
> 0x75c57795 in raise () from /lib/libc.so.6
> (gdb) backtrace
> #0 0x75c57795 in raise () from /lib/libc.so.6
> #1 0x75c58c0b in abort () from /lib/libc.so.6
> #2 0x75
=== Backtrace: =
/lib/libc.so.6(+0x7366a)[0x75c9666a]
/lib/libc.so.6(cfree+0x6c)[0x75c9a54c]
/usr/lib/libpcap.so.1(+0x1837a)[0x77bbd37a]
/usr/lib/libpcap.so.1(icode_to_fcode+0x7e)[0x77bbf7be]
/usr/lib/libpcap.so.1(pcap_compile+0x236)[0x77bb4576]
/home/ftruzzi/devel/m
Sam Roberts wrote:
> Since you are contemplating writing BPF filters by hand, you probably
> already have considered this,
> but I think you could modify tcpdump to create a bpf_program from your
> input, bypassing its call to pcap_compile(). Maybe use -F to provide
> the raw instructions.
That
On Tue, Jul 12, 2011 at 1:57 PM, Geoffrey Sisson wrote:
> extension to libpcap's filter language, though. My initial query was
> whether there's a way to supply tcpdump with a BPF filter expression,
> bypassing the libpcap filter language altogether. This is useful for
> cases where a filter can
Darren Reed wrote:
> Geoffrey Sisson wrote:
>
> > I was disappointed that you can't loop, but I totally understand
> > why they did that.
> >
> > A domain name can have at most 128 labels. At five instructions per
> > iteration, that works out to 640 instructions to handle the iteration
> > (pl
On Sun, Jul 10, 2011 at 8:38 AM, Luis MartinGarcia.
wrote:
> On 07/10/2011 05:10 PM, Alokat wrote:
>> On 07/10/11 00:53, Guy Harris wrote:
>>> On Jul 9, 2011, at 7:50 PM, Alokat wrote:
>>>
Just for sure:
*Ethernet packet*
means a layer 2 (OSI / ISO model) packet right?
>>>
Steve McCanne spoke about the origins and architecture of libpcap and
BPF at Sharkfest this year. The presentation and video are now online at
http://sharkfest.wireshark.org/sharkfest.11/
under the "Keynote Video and Presentation" section.
-
This is the tcpdump-workers list.
Visit https://cod.s
Geoffrey Sisson wrote:
Guy Harris wrote:
On Jul 10, 2011, at 6:57 PM, Geoffrey Sisson wrote:
The catch is that domain names comprise a variable number of
variable-length fields.
...and include pointers back to other labels, for compression.
It's unlikely this would be
