tcpdump mailing list archives
Re: pipeline buffering
From: Guy Harris <guy () alum mit edu>
Date: Sat, 10 Mar 2012 11:26:14 -0800
On Mar 10, 2012, at 6:18 AM, jedge wrote:
When using the (-w) option in conjunction with the (-l) option,
Use it with the -U option instead: $ man tcpdump ... -U Make output saved via the -w option ``packet-buffered''; i.e., as each packet is saved, it will be written to the output file, rather than being written only when the output buffer fills. The -U flag will not be supported if tcpdump was built with an older version of libpcap that lacks the pcap_dump_flush() func- tion.
I modified tcpdump.c near lines 822 (-i) and 956 (-w) to detect the need to flush stdout when utilizing the pipeline by adding setvbuf(stdout, NULL, _IONBF, 0);
Non-buffered I/O is overkill - depending on how _IONBF is implemented, it could result in multiple write() calls being done per packet (one write call per byte in the worst case).- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- pipeline buffering jedge (Mar 10)
- Re: pipeline buffering Guy Harris (Mar 10)
- Re: pipeline buffering jedge (Mar 10)
- Re: pipeline buffering Guy Harris (Mar 10)