Wireshark-dev: Re: [Wireshark-dev] tshark now using dumpcap - unix side currently don't work -
Jeff Morriss schrieb:
First, thanks for doing it! :-)
Thanks for helping me out :-)
Second: I don't know much about it but I just committed something that
works for me.
Seems others are satisfied as well :-)
It seems (based on my somewhat limited testing) that we don't need to
worry about blocking in tshark so the *NIX side is now just blocking
trying to read from the child. Could the Windows side not do the same?
Maybe - have to try. AFAIR, the only "event" that the Windows side has
to handle is Ctrl+C, which is done through a special handler (much like
signal() is working).
All other "events" (new capture file, new packets, ...) will come
exactly from the pipe we're blocking on.
So on both platforms simply blocking on the input pipe and stop the
capture through "signals" could work - and would be much easier than the
Wireshark implementation ;-))
Regards, ULFL
P.S: I thought to have the same implementation for Wireshark and tshark
would be desireable, but as the tshark implementation is *that* simple
and the Wireshark side has to do more, having two different
implementations of this is more than justified to me.
