Guy Harris
Guy Harris
> I am looking for plain old text. Presumably meaning that no sniffer program will ever do anything with the data other than presenting it as raw uninterpreted text.
> They also have exceptional conditions including signal changes (DTR, RTS, CTS, DCD, break detected) which one might want to capture. I'd also want the baud rate logged. If the...
No, those *should* all be defined by *some* header on AIX, given that they still support BPF and the key BPF ioctls, but it'll take some poking around to see...
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARGH. Older versions of AIX "helpfully" defined their own values for `DLT_` entries, using RFC 1573 ifType values from SNMP rather than the "they started out as ARP hardware values,...
> Or, if IBM fixed it long enough ago, we could just drop support for AIX versions where BPF returns ifType values. I hope that, in the newer versions of...
Yeah, "or" is a problem with any of the tests that shift the offset; see also #158, for example. The filter compiler was written in an era without variable-length link-layer...
If you reinterpret `tcpflags` as `12:2` rather than `13:1`, it also includes the Data Offset (Header Length) field. Should `tcp[tcpflags]` instead be interpreted as `tcp[tcpflags] & 0x1FF`, so that it...
> The documentation would need to go to tcpdump.4.in for these 4 additional tokens. Presumably you meant "...would need to go to pcap-filter.manmisc.in ..."
> in the bpf module, bpf_read() uses cv_timedwait_sig() to wait for the configured timeout before it returns from read(). This is always interruppted by the alarm causing read() to return...
> It's still broken with setsignal() change. My goodness, Sun^WOracle certainly seem to have failed big time here; I'm not having that problem on, for example, OS X, and if...