I'm unclear if you want to run many rules (filter1 OR filter2 OR filter3) on
a single interface, or you want to run many pcap filters on different
interfaces.
> There's pcap_open_offline() for files. There's no
> interface which says "here's a packet, run the rule against it".
I think that Guy's answer suggesting that your pcap library was old should
satify, but you mention hardware, and the current interface is really about
either using the kernel interface ("live") or from a file ("dead"), while
I think you want an in-memory interface.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
