> 1) tcpdump works with /dev/lpiN instead of /dev/lanN but it reports
> a warning before listening:
>
> $> tcpdump -i /dev/dlpi0
> tcpdump: WARNING: SIOCGIFADDR: /dev/dlpi0: Invalid argument
> tcpdump: listening on /dev/dlpi0
>
> (The warning is generated after a pcap_lookupnet-call)
Great - more differences between the capture mechanisms in various
flavors of UNIX, and more cr*p that "libpcap" has to be aware of.
> 2) ethereal seems to ignore the -i Option.
Ignores when?
It sets "cf.iface" to that argument, and that's what it passes to
"pcap_open_live()", which is what it opens. It should also set the name
in the capture dialog box to "cf.iface".
> Therefore I hardcoded
> the interface dlpi0 in "capture_dlg.c" in
> user_data.name = ifr->ifr_name;
That's just the code to build the list for the combo box in the capture
dialog box; perhaps the GTK+ combo box is rejecting a setting of "dlpi0"
because it's not finding "dlpi0" in the list of interfaces it gets with
the SIOCGIFCONF in "get_interface_list()".
I.e., yet one *MORE* difference between the capture mechanisms in
different versions of UNIX - you have to specify a "dlpiN" device,
rather than a device with the name of the interface.
What names show up in the combo box in question?
Perhaps this means that "pcap-dlpi.c" in "libpcap" needs to handle HP-UX
differently, and find (if possible) the PPA of the interface whose name
it was handed, and act as if you'd specified "dlpiN" rather than the
name. If so, then the two differences may be the same - "/dev/dlpi0"
isn't a network interface, so you can't do an SIOCGIFADDR on it, and it
doesn't show up in the list from SIOCGIFCONF.
This delightful diversity is why the "libpcap" source contains a pile of
"pcap-XXX.c" files, many of them peppered with #ifdefs and "if ()"s to
try to hide that diversity from users of "libpcap".
