> Yes, it is still obsolete. See packet (7). SOCK_PACKET is evil because
> it requires libpcap to know about every possible link layer, with
> (PF_PACKET,SOCK_DGRAM) the kernel handles this abstraction. Alexey
> Kuznetsov's libpcap/tcpdump patches (ftp.inr.ac.ru:/ip-routing/lbl-tools)
> fix it.
Thanks. I found that address when searching linux-kernel but my connection
was too slow to find out what's in there :) I know RedHat uses them also.
It seems tcpdump is maintained upstream again according to www.tcpdump.org.
I will check upstream and Alexey's patches.
> They are e.g. used in the newest version of the SuSE tcpdump.
Hmm, so this is the reason for being able to dump from isdn interfaces?
Is it still possible to analyze ethernet frames for example?
> In the long run applying them (modulo the small nits like reversing the
> meaning of -p) will b ea good idea, because it'll save you a
> lot of work as tcpdump maintainer.
Sure. Thank you very much for this info. Hmm, this will require 2.2.x as
kernel, doesn't it? I would like to retain support for 2.0. I guess I
have to delve into this :)
Thanks
Torsten
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/