tcpdump mailing list archives

Re: [libpcap][patch] appending to a capture

From: Mark <markjdb () gmail com>
Date: Fri, 3 Jun 2011 22:49:01 -0400

On Fri, Jun 3, 2011 at 9:49 PM, Darren Reed <darren.reed () oracle com> wrote:

On  3/06/11 05:24 PM, Guy Harris wrote:


On Jun 3, 2011, at 3:13 PM, Darren Reed wrote:


Because for every packet that is appended you need to do:
1. open(2)
2. read(2)
3. seek(2)
4. write(2)
5. close(2)


Really?

Why can't you do

       open(2)
       read(2)
       seek(2)
       write(2)

in pcap_dump_append(), and then just keep writing packets to the
pcap_dumper_t you got back from pcap_dump_append()?


Presumably because the way I read his description of it,
it sounded like the verification (matching of file header)
was done for each new packet added.


I see; sorry if that was misleading. I agree that pcap_dump_reopen()
is probably a better name for the function, but yes, the idea is that this
function is only called once when one wants to append to a capture file.

-Mark
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Re: [libpcap][patch] appending to a capture, (continued)
- - - Re: [libpcap][patch] appending to a capture Michael Richardson (Jun 01)
    - Re: [libpcap][patch] appending to a capture Sam Roberts (Jun 01)
    - Re: [libpcap][patch] appending to a capture Michael Richardson (Jun 01)
    - Re: [libpcap][patch] appending to a capture Darren Reed (Jun 03)
    - Re: [libpcap][patch] appending to a capture Guy Harris (Jun 03)
    - Re: [libpcap][patch] appending to a capture Michael Richardson (Jun 04)
    - Re: [libpcap][patch] appending to a capture Aaron Turner (Jun 02)
    - Re: [libpcap][patch] appending to a capture Darren Reed (Jun 03)
    - Re: [libpcap][patch] appending to a capture Guy Harris (Jun 03)
    - Re: [libpcap][patch] appending to a capture Darren Reed (Jun 03)
    - Re: [libpcap][patch] appending to a capture Mark (Jun 04)