Re: tshark option for reassembled fragment output

[Hadriel Kaplan <HKaplan () acmepacket com>]

On Mar 27, 2013, at 10:38 PM, Evan Huus <eapache () gmail com>
 wrote:

> > So why make it optional?
>
> Because -2 causes tshark to buffer, which we shouldn't be imposing on
> the user 'by accident'. Additionally, if we keep -2 a separate option
> then -d will be usable during a live capture, which fixes another
> long-standing issue in tshark.

You lost me... why would '-d'/'-Y' be usable during a live capture, but '-R' not?

I thought '-R' was only *unusable* with live capturing when the '-w' writing output file was also set, on purpose due 
to concerns of privilege separation (ie, bug 2234).  I put the same restriction in my patch for '-Y': it can't be used 
if both live-capture and writing to file are set.

-hadriel

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe