Re: pipeline buffering

[Guy Harris <guy () alum mit edu>]

On Mar 10, 2012, at 6:18 AM, jedge wrote:

> When using the (-w) option in conjunction with the (-l) option,

Use it with the -U option instead:

$ man tcpdump

        ...

       -U     Make  output  saved via the -w option ``packet-buffered''; i.e.,
              as each packet is saved, it will be written to the output  file,
              rather than being written only when the output buffer fills.

              The  -U  flag will not be supported if tcpdump was built with an
              older version of libpcap that lacks the pcap_dump_flush()  func-
              tion.


> I modified tcpdump.c near lines 822 (-i) and 956 (-w) to detect the need to flush stdout when utilizing the pipeline 
> by adding
> setvbuf(stdout, NULL, _IONBF, 0);

Non-buffered I/O is overkill - depending on how _IONBF is implemented, it could result in multiple write() calls being 
done per packet (one write call per byte in the worst case).-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.