[PATCH] Add time-based dump file rotation (-G seconds)

[Will Drewry <drewry () gmail com>]

I've submitted a patch against the 2004.11.16 tarball to add
time-based dump file rotation. Currently, you can rotate based on size
with -C, but I would also like to have long running tcpdump processes
rotate based on time.

The patch has been submitted to the project patches:

https://sourceforge.net/tracker/?func=detail&aid=1066046&group_id=53066&atid=469575

This functionality is implemented on top of/parallel to the -C
feature. Basically, -G uses dump_and_trunc to decide on each write
whether to rotate to a new file or not.  Because time limits can be
exceeded when there are no packets to write, dump_and_trunc is called
from pcap_dispatch in non-blocking mode instead of pcap_loop.

This feature is compatible with -W and -C.  The -W interoperability is
somewhat kludgy and can be removed.  It changes the Gflag_count to a
constant which tells the non-blocking pcap_dispatch loop to bail.

This has only been tested on Linux, but the only external function
called is gettimeofday.  Hopefully, this will be acceptable.


Comments, suggestions, etc are desired.

Thanks!
will
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.