Date: Sat, 24 Jan 2004 09:54:26 +0100 From: Patrick MARIE <mycroft@virgaria.org> To: Vadim Chekan <vchekan@rogers.com> Cc: phk@FreeBSD.org Subject: Re: JKH: tcpdump improvement Message-ID: <20040124085426.GC2750@newborn.in.virgaria.org> In-Reply-To: <200401230002.18543.vchekan@rogers.com> References: <200401230002.18543.vchekan@rogers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 23, 2004 at 12:02:18AM +0000, Vadim Chekan wrote: > Hello Poul, > > I want to try to implement portrange feature in tcpdump as described on your > JKH TODO list if it's still actual. > > I have several thoughts about this task. > > 1. As soon as it is neccessary to implement port<N, port>N to implement this > task it is a good idea to extend syntax with these operators. Actually after > implementing "<" and ">" operators task is 80% done because it is possible to > implement range by "port > N1 and port < N2" expression. > > 2. About range operator. I'd prefer to add functionality to existing "port" > operator instead of introducing new keyword "portrange". > It seems easier to remember and use syntax like: > "port 40-400 and port 500" > > What do you think? Well, if you want, you can rely on the following patch: http://www.virgaria.org/~mycroft/libpcap-20040124.diff It was done a while ago, submitted to libpcap/tcpdump developers without any new from them since. Cheers, - patrick -- Patrick MARIE <mycroft@virgaria.org> pgp: http://www.minithins.net/~mycroft/key.txt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040124085426.GC2750>