Hi Cedric,
> TCP reordering, IP fragmentation and buffering of stream is not present on > github > yet but is implemented and is being reviewed. I can push on github if you > want to > have a look. Concerning HTTP, for now we only fetch hostname and URL but > were > asked to capture the whole request including POST parameters so this is > going > to be done in a way or another. > Is there anything to say about a rough time-schedule? If we decide to use junkie, it would be nice to step in *after* the review. Then my experiences could serve to test the reviewed code, rather than pre-mature code. > > Though, in some of > > our side-projects we need to follow TCP streams with truncated packets > and > > libnids is not designed for this. > > Junkie tolerate a certain amount of truncation, but any complex parser will > certainly fail in this situation. > In some of our projects, we are only interested in the length of HTTP requests and responses therefor reassembling the whole requests would be overkill, as the segment lengths can be read from the TCP headers of packets in a TCP stream, obviously. In other projects, we definitely have to access the POST data need full-reassembly. Depending on the project, a different parsing-behavior is wanted. Will such behavior be configurable without having to write my own patches against junkie? > > > It would be nice to use one solution for > > all our projects, and maybe junkie could solve this. > > Honestly I can't recommend one over the other. Junkie has certainly more > bugs > since it's younger, but in other hand it's backed by a company so you have > at least 1 coder full time on it so the bugs can disapear pretty fast :-) > I do not mind a few bugs and get my hands in the mud :) One last concern is the licensing constraints. Suppose my company decides to use junkie and I will participate in bug fixes, real-life testing and who knows to what extend, then what are the constraints? Obviously we will be using junkie for our own sake, and the software build on top of junkie cannot be open-source, unfortunately. Moreover, I am not very familiar with licensing, but can we build our own software on top of junkie without financial obligations? Thank you, Andrej - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
