At 11:20 AM -0800 3/27/98, Henry B. Hotz wrote:
[...]
>I could use a "tcpdump atalk", but I'm not sure how to interpret the rest
>of this message.
>
>Is libcap a NetBSD/Netatalk thing or a CAP thing?  If the latter would it
>still work with Netatalk traffic?  I'm running NetATalk and have some
>performance/reliability problems I'd like to trace down.  The standard
>NetBSD tcpdump says it doesn't handle EtherTalk packets and the traffic I
>want to dump is being routed by my NetBSD box.

libpcap is a standard NetBSD library that provides an interface to
the packet filtering devices (/dev/bpf*).  Among other things, it 
contains the code to compile packet matching expressions (such as those 
used by tcpdump, the 'active-filter' and 'pass-filter' options in pppd, 
etc.) into 'bpf-filter' programs that are then installed in the kernel 
with ioctl().  As I understand it, this reduces the processing time taken 
by packet filtering by only copying the relevant packets across the 
kernel/user space boundary.  

The changes I made to libpcap don't affect tcpdump's ability to _display_
AppleTalk packets, they only affect its ability to _select_ which packets 
will be dumped.  (I've also modified my local tcpdump to be smarter about
displaying AppleTalk packets, but I need to clean up that code before I
let anyone see it.  One thing at a time...)

-- monroe