>Just some other (hopefully the last ones) question/remark:
>On the "raw ip networking faq" located at
>http://www.whitefang.com/rin/rawfaq.html, it is clearly said that DLPI is
>the packet capturing facility for SCO open server.
I suppose SCO might have added DLPI support (they have yanked some SVR4
functionality back into SCO SVR3.2), but certainly when I was writing
applications to interface directly with network cards on the SCO and
Interactive SVR3.2 unixs some 6 years ago, they only supported LLI.
As I said, the interfaces are very similar - I used the same code to
interface to both LLI and DLPI drivers, without all that many #ifdefs
to select one or the other. (Note that SCO Unixware is DLPI, being SVR4,
but certainly in the era of Unixware 1, its DLPI interface was far
too broken to be usable.)
Quote:>Besides, they say that only BPF is optimal for filtering/buffering and that
>"libpcap will only use in-kernel packet filtering when using BPF".
>What do you think ?
I think this is true (it was last time I looked at libpcap anyway).
I'm surprised no one has made libpcap use pfmod and bufmod yet (at
least on Solaris - not sure if they exist on other SVR4 unixs). These
would improve libpcap's packet capture ability as used by tcpdump,
at least. If ever I get some spare time (ho ho:-), I might do it.
Quote:>Also, don't you think raw socket could be a sufficent for sniffing UDP/TCP
Sorry, raw socket interface is not my strong point.
I suspect it is not suitable if you are not intending to plumb the
network interface since IP won't know about that interface, but if
you are plumbing that network interface, it might work for you.
You don't say if you want any regular IP access over this interface,
or only IP through your relay software.
Consultant Software Engineer