> As I have to deal with asymm. paths and perform flow analysis, I must
> ensure that the packets of a flow are analyzed in temporal order, no
> matter from which interface they came through.
You'll probably only manage that if the underlying low level
device driver (or preferably the hardware itself - because
of interrupt mitigation) adds a rx timestamp to the frame
AND that value is made available through the pcap library.
That might mean a very recent linux kernel (there are
current discussions on netdev about timestamps).
David
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
