Wireshark-bugs: [Wireshark-bugs] [Bug 4573] dumpcap ring buffer options do not assert
Date: Fri, 19 Mar 2010 14:21:30 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4573

--- Comment #3 from Guy Harris <guy@xxxxxxxxxxxx> 2010-03-19 14:21:28 PDT ---
The UN*X command line conventions, for better or worse, are that a command-line
flag that takes an option takes a single option, so that

    -b files:10 filesize:10

does *NOT* mean that the "-b" flag is given the two arguments "files:10" and
"filesize:10".  The command line arguments

    -i 2 -b files:10 filesize:10 -w filename.pcap

mean:

    the "-i" flag is supplied, with the argument "2";

    the "-b" flag is supplied, with the argument "files:10";

    three non-flag arguments are supplied, namely "filesize:10", "-w", and
"filename.pcap".

This can be confusing, but it's How Things Work On UN*X.  You have to say

   dumpcap -i 2 -b files:10 -b filesize:10 -w filename.pcap

and, in fact, as you indicate, you've already done that.

On Windows, there are multiple command line conventions:

    the old DOS convention, of single-letter options indicated by "/", and with
the argument to the option specified by ":" after the letter and the argument
following the ":", and the VMS^WWindows NT convention, with support for
multiple-letter options;

    the UN*X conventions, used mainly by programs that started out on UN*X
(e.g., the arp command).

Even if Wireshark etc. were to use the Windows conventions on Windows, it would
be something such as

    dumpcap /i:2 /b:files:10 /b:filesize:10 /w:filename.pcap

So:

    you *can* specify more than one ring buffer option, you just have to use a
separate "-b" with each option;

    filesize was *not* specified, according to the UN*X command-line
conventions, when you said

        dumpcap -i 2 -b files:10 filesize:10 -w filename.pcap

    which is why dumpcap complained that it wasn't specified - it *was*
specified when you said

        dumpcap -i 2 -b files:10 -b filesize:10 -w filename.pcap

    "files" *is* a valid option, you just have to specify a separate "-b
filesize:N" option along with it.

As for tcpdump, it doesn't have a "-b" option that takes multiple different
types of specification, it has separate flags equivalent to "-b files:N" and
"-b filesize:N", namely "-W" and "-C" - it doesn't, for example, support

    tcpdump -C 10 10 -w filename.pcap

or

    tcpdump -W 10 10 -w filename.pcap

for the same reason that dumpcap (and Wireshark and TShark) don't support

    dumpcap -b files:10 filesize:10 -w filename.pcap

Now, perhaps the "-b" flag should also support ",", so that you could say

    dumpcap -b files:10,filesize:10 -w filename.pcap

but it will never support

    dumpcap -b files:10 filesize:10 -w filename.pcap

And perhaps they should warn about being given incorrect non-option arguments,
so that

    dumpcap -b files:10 filesize:10 -w filename.pcap

would warn about that.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.