Guy Harris
changed
bug 9710
| What |
Removed |
Added |
| Resolution |
NOTABUG
|
WORKSFORME
|
Comment # 12
on bug 9710
from Guy Harris
WORKSFORME, as per my test.
It obviously won't ever work for *Wireshark*, or for TShark with the -2 flag,
unless they detects that they're reading from a pipe and store every byte they
read in a file, with all subsequent reads being done from the file.
It also obviously won't ever work for file formats that can't be read purely
sequentially, such as Network Monitor format (where, in order to find where
packets are located, you need to read the frame table, which is at the *end* of
the file) or the NetXRay/Windows Sniffer format, where the first packet could
be in the *middle* of the file and the file reader has to seek backwards when
it hits the end of the file (circular buffer dumped to a file, in effect).
However, as there's some amount of buffering in memory in the new file-reading
code introduced by Jakub Zawadzki, there's a limited ability to seek backwards
and reread part of the file, and it's at least sufficient to handle
libwiretap's "try to read the file as if it's type XXX and, if that says it's
not, seek backwards to the beginning and try to read it as if it's type YYY
and, if that says it's not, lather, rinse, and repeat with other types"
strategy for determining file types, at least in many cases. (The buffer size
could probably be increased to handle at least some cases where it fails.)
You are receiving this mail because:
- You are watching all bug changes.
