[PATCH] compress savefiles after each rotation

[Sebastien Raveau <sebastien.raveau () epita fr>]

Hello everybody,


I am submitting this patch for tcpdump that adds the -z flag (to be used in 
conjunction with -C or -G) which can be used to specify a command tcpdump 
should execute on each savefile after it's been rotated.

For example, running:
tcpdump -G 3600 -z bzip2 -w "capture%Y%m%d%H%M%S.pcap"
will make tcpdump close its current savefile and open a new one every hour, 
continue dumping packets in the new savefile while bzip2 compresses (with 
minimum priority so that this does not disturb the capture) the previous 
savefile and renames it to something like capture20060312153936.pcap.bz2

This might sound like a crazy idea, but check it, sometimes the size of 
compressed savefiles is down to 30% of the size of original savefiles! :-)

It has been thoroughly tested on Linux and should work on all Unices as I 
always pay attention to writing code that is compliant with the Single UNIX 
Specification, but since I don't use Windows, I don't know if this patch 
might break Windows compatibility or not... Could somebody please check that 
for me?


Kind regards,

-- 
Sébastien Raveau
computer and network security student
head of the hawKeye network monitor project
http://hawkeye.sourceforge.net/

Attachment: compress_rotations.diff
Description:

Attachment: _bin
Description: