I did not notice those replies to the bug.. Nice... I'll take a look...
I wasn't neither aware of pcap_get_selectable_fd() and that may be
because http://gd.tuwien.ac.at/infosys/security/tcpdump.org/pcap3_man.html
does not show it... (Guy?)
Windows does not implement it as does not even have selectable fds or
at least the one select() in winsock does not work on FDs so for
WinPcap another approach should be taken (Gianluca?)
I did not notice the load-peak while playing with it but I believe I
should have felt it in my very slow PPC mac... do pcap_dispatch works
differently in linux and bsds? (Guy?)
Thanks
Luis
On Thu, Apr 10, 2008 at 10:13 PM, Jason <wireshark@xxxxxxxxxxxxxx> wrote:
> Luis EG Ontanon wrote:
>
> > As far as triggers go a while ago I checked in trigcap.c.
> >
>
> Nice.
>
>
>
> > It's an experiment I wrote that works with capture filters as
> > start/stop triggers, I have not added it to the build process because
> > I do not know if it works on anything other than my mac.
> > it should not be difficult to mimic its mechanics in dumpcap.
> >
>
> It builds and runs on linux just fine.
>
>
>
> > it pcap_open_live()s a listener and a capturer (if a filter is given )
> > it then enters a loop pcap_dispatch()ing a listener_handler and a
> > capturer_handler
> >
>
> This monopolized the processor. See the patches I wrote against trigcap.c
> attached to bug 2039 [1].
>
> The main goal of the patches were to run a specified program or script (eg
> tshark with a read filter) at the start event and another program (eg
> killall tshark) at the stop event.
>
> The patches are just PoC, but seem to work for me. Let me know what you
> think...
>
> thx,
>
> Jason.
>
> [1] - http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2039
>
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan