Wireshark-dev: Re: [Wireshark-dev] How code recognizes that processing of all packets with tap

From: Jirka Novak <j.novak@xxxxxxxxxxxx>
Date: Fri, 13 Jul 2018 11:20:53 +0200
Hello,

  I responding with delay...

> On Jun 21, 2018, at 12:26 PM, Jirka Novak <j.novak@xxxxxxxxxxxx> wrote:
> 
>>>> What is correct way to recognize that capture processing with tap was
>>>> finished?
>>>
>>> There isn't one, unfortunately.  We'd have to change the tap mechanism to introduce a "we're done processing packets" callback to provide that.

I'm thinking about it and I can't make clear decision about the topic,
see below.

My idea is that I will add "finish" callback. It will be called at the
end of capture file. Probably "draw" and "finish" sequence will be called.
Imagine that I want to write a code which will write some packets to a
file. File has header, body and footer. Therefore I will add header at
beginning, every "packet" callback will write data and idea is that
"finish" callback will write the footer.
Note: I will use no remove_tap_listener in example above.

What is not clear to me what should happen when live capture is running?
I'm afraid that if I will call "finish" at the end of current live
capture (and write footer), later received packet will be delivered to
"packet" callback and will be written to end of file behind footer.
On the other hand if I will not call "finish" on live capture ever (or
only when live capture is finished), it makes no sense too - application
will never close the file.

How to handle this case?

						Best regards,

							Jirka Novak