tcpdump mailing list archives
Re: [libpcap][patch] appending to a capture
From: Aaron Turner <synfinatic () gmail com>
Date: Thu, 2 Jun 2011 16:44:05 -0700
On Wed, Jun 1, 2011 at 9:24 AM, Gerald Combs <gerald () wireshark org> wrote:
On 6/1/11 8:10 AM, Mark Johnston wrote:Hi Darren, On Tue, May 31, 2011 at 03:53:22PM -0700, Darren Reed wrote:You might be better off spending some time working on additions to editcap that include concatenating two or more pcap files.Shouldn't a function that manipulates capture files go into libpcap? I'm not trying to solve a problem I'm having at the moment; rather, this function has been in our tree for a long time, and I'd like to contribute it upstream based on some interest that I saw. I'm happy to modify it if that's what I need to do, but I think this functionality should be in a library, not in a program.N.B. this functionality shouldn't be added to editcap either. It's already present in mergecap.
I'm going to have to disagree with this general idea. I get a fair number of tcpreplay users complaining that my tools have bugs, only to find out the problem is that they have a pcap file which violates basic rules that libpcap enforces (usually the packet caplen > file snaplen, although just today I got a pcap with the packet caplen > packet len). Whenever this happens, I've usually found that someone decided they would re-invent the wheel and write their own libpcap-like library because of some perceived or real limitation in the real libpcap library. Of course, the user almost always points out "Well it looks just fine in Wireshark!" Long story short, adding features like this to libpcap IMHO is likely to reduce the need for others to reinvent the wheel and the inevitable creation of bogus pcaps. -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: [libpcap][patch] appending to a capture, (continued)
- Re: [libpcap][patch] appending to a capture Darren Reed (May 31)
- Re: [libpcap][patch] appending to a capture rixed (Jun 01)
- Re: [libpcap][patch] appending to a capture Mark Johnston (Jun 01)
- Re: [libpcap][patch] appending to a capture Gerald Combs (Jun 01)
- Re: [libpcap][patch] appending to a capture Michael Richardson (Jun 01)
- Re: [libpcap][patch] appending to a capture Sam Roberts (Jun 01)
- Re: [libpcap][patch] appending to a capture Michael Richardson (Jun 01)
- Re: [libpcap][patch] appending to a capture Darren Reed (Jun 03)
- Re: [libpcap][patch] appending to a capture Guy Harris (Jun 03)
- Re: [libpcap][patch] appending to a capture Michael Richardson (Jun 04)
- Re: [libpcap][patch] appending to a capture Darren Reed (May 31)
- Re: [libpcap][patch] appending to a capture Aaron Turner (Jun 02)
- Re: [libpcap][patch] appending to a capture Darren Reed (Jun 03)
- Re: [libpcap][patch] appending to a capture Guy Harris (Jun 03)
- Re: [libpcap][patch] appending to a capture Darren Reed (Jun 03)
- Re: [libpcap][patch] appending to a capture Mark (Jun 04)