Re: [tcpdump-workers] [tcpdump] New feature to limit capture file size (#464)

On Jun 10, 2015, at 4:35 AM, Darren Reed wrote: > On 10/06/2015 5:42 AM, Michael Richardson wrote: >> re: https://github.com/the-tcpdump-group/tcpdump/pull/464 Guy writes: >>> We have the -C option, giving a file size in megabytes (real megabytes, >>> i.e. 1,000,000 bytes, not 1,048,576 bytes);

Re: [tcpdump-workers] BPF Extended: addressing BPF's shortcomings

On Jun 10, 2015, at 4:31 PM, Mindaugas Rasiukevicius wrote: > Darren Reed wrote: >> Extending BPF >> = >> >> Introduction >> >> BPF was originally designed to provide very fast packet matching >> capabilities for IPv4 but as a result of its generic nature, is >> capabl

Re: [tcpdump-workers] BPF Extended: addressing BPF's shortcomings

Darren Reed wrote: > Extending BPF > = > > Introduction > > BPF was originally designed to provide very fast packet matching > capabilities for IPv4 but as a result of its generic nature, is > capable of being used for just about any protocol. With IPv6 the > limitations

Re: [tcpdump-workers] BPF_COP support for libpcap

Darren Reed wrote: > > What is "vendor private"? It does not really matter how you label it. > > Yes, it does. > > By defining an instruction to be "something" there is an expectation that > it will be used for that "something." Your "something" is rather vague. BPF_COP is used by NetBSD, sta

Re: [tcpdump-workers] BPF Extended: addressing BPF's shortcomings

On Wed, 10 Jun 2015 23:17:20 +1000 Darren Reed wrote: > BPF & IPv6 > -- > The problem with IPv6 and BPF is that the transport header (TCP, > UDP, etc) can have a number of extension headers between it and > the network header that is present for IPv6. There's no hints in > the IPv6 header

Re: [tcpdump-workers] [tcpdump] New feature to limit capture file size (#464)

> On Jun 10, 2015, at 7:35 AM, Darren Reed wrote: > > On 10/06/2015 5:42 AM, Michael Richardson wrote: >> re: https://github.com/the-tcpdump-group/tcpdump/pull/464 Guy writes: >>> We have the -C option, giving a file size in megabytes (real megabytes, >>> i.e. 1,000,000 bytes, not 1,048,576 byt

[tcpdump-workers] BPF Extended: addressing BPF's shortcomings

Extending BPF = Introduction BPF was originally designed to provide very fast packet matching capabilities for IPv4 but as a result of its generic nature, is capable of being used for just about any protocol. With IPv6 the limitations of BPF became apparent. BPF & IPv6 -

Re: [tcpdump-workers] [tcpdump] New feature to limit capture file size (#464)

On 10/06/2015 5:42 AM, Michael Richardson wrote: re: https://github.com/the-tcpdump-group/tcpdump/pull/464 Guy writes: We have the -C option, giving a file size in megabytes (real megabytes, i.e. 1,000,000 bytes, not 1,048,576 bytes); once the file gets that big, tcpdump switches to a new file.