JKH: tcpdump improvement
vchekan at rogers.com
Thu Jan 22 21:02:42 PST 2004
I want to try to implement portrange feature in tcpdump as described on your
JKH TODO list if it's still actual.
I have several thoughts about this task.
1. As soon as it is neccessary to implement port<N, port>N to implement this
task it is a good idea to extend syntax with these operators. Actually after
implementing "<" and ">" operators task is 80% done because it is possible to
implement range by "port > N1 and port < N2" expression.
2. About range operator. I'd prefer to add functionality to existing "port"
operator instead of introducing new keyword "portrange".
It seems easier to remember and use syntax like:
"port 40-400 and port 500"
What do you think?
More information about the freebsd-current