On Oct 27, 2016, at 11:28 AM, Roland Knall <rknall@xxxxxxxxx> wrote:
> Guy, is the version on github for libpcap already equipped with pcap_open on Mac?
The current version on github has pcap_open() in pcap-new.c; *however*:
1) it's not in Makefile.in, so it doesn't show up if you do autotools builds;
2) it's only in CMake builds if HAVE_REMOTE is defined, which is done by default only on Windows;
3) I have not tested whether it builds and is useful on any UN*X platform - it might not work.
> I'll change the title accordingly, but the interface changes should be ok so far, right?
So far, yes.
> Just a short question though, isn't "tcpdump over ssh" or "remote peek" covered by extcap?
Yes, there is an sshdump in extcap for tcpdump-over-ssh, but that's not a reason *not* to do it in libpcap; doing it in libpcap would mean *all* programs that use libpcap can use it (although the programs would need some changes to handle remote capture if the user has to be prompted for a user name or a password).
As far as I know, there is no extcap program for "remote peek".
> What would those section of the interfaces need to perform such tasks in a way of configuration?
There will probably be new pcap APIs that allow a pcap module to declare a set of additional per-module parameters, even for *local* interfaces (such as channels for radio-based networks), and the interface dialogs would have to handle that. I think extcap already has a mechanism for that.