New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deliver pcap-int.h#457
Comments
OpenBSD's pflogd use it to reach inside a OpenBSD's tcpdump uses it only to compile a filter expression into BPF code. The comments say
and even explicitly acknowledge that they're doing a Bad Thing:
What they need is pypcap uses it to
What are you using |
Thanks for the clarification. I'm doing the same what pflogd does - fiddling with the pcap struct. Now that I know your reasons for leaving it out of user's reach, I agree with you. |
Some of what pflogd does can already be done with existing APIs - it can fetch the snapshot length with Getting the tzoff value can't, but that value isn't actually used by anybody (because it can't be fetched). Recording time zone information in a capture file requires a bit more thought - arguably what it should record is something like an IANA tzdb zone identifier, so that the program reading it can determine what the offset from UTC and daylight savings time rules are. I'm not sure why it's setting the snaplen, but there might be a better way of accomplishing what it's trying to do there. I'll need to look at that some more. It's also getting |
For posterity, there is now a FAQ entry about this. |
It would be helpful if you deliver pcap-int.h when the library is installed. I noticed I'm not the only one who includes it, it is consumed e.g. by pypcap (see the note in its README [1]) or OpenBSD's pflogd and tcpdump. It would be nice not to have to build against the libpcap build directory.
[1] https://github.com/dugsong/pypcap
The text was updated successfully, but these errors were encountered: