osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Reset state when cycling ring-buffer files in tshark. 

This has several implications:
 - we match user expectations that a ring-buffered tshark capture will run
   forever without running out of resources (except where we still have leaks)
 - we lose reassembly and request/response matching when the relevant packets
   are split across files, but this actually makes our output more consistent
   with dissecting those files after-the-fact

I have not made it configurable in this change because I'm not really sure
there's a use case for the old behaviour - if you're running a ring-buffer
capture in the first place it's because you're willing to discard old data to
limit resource usage. If you want the full dissection without breaks, just don't
use a ring buffer at all and take the resource hit in both disk and memory.

Change-Id: I7d8f84b2e6040b430b7112a45538041f2c30f489
Reviewed-on: https://code.wireshark.org/review/2669
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
This commit is contained in:
Evan Huus 2014-06-26 10:59:33 -04:00
parent 286c191846
commit 42b537ea49
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
tshark.c
View File

@ -2614,6 +2614,7 @@ gboolean
capture_input_new_file(capture_session *cap_session, gchar *new_file)
{
capture_options *capture_opts = cap_session->capture_opts;
capture_file *cf = (capture_file *) cap_session->cf;
gboolean is_tempfile;
int err;
@ -2628,16 +2629,19 @@ capture_input_new_file(capture_session *cap_session, gchar *new_file)
if (capture_opts->save_file != NULL) {
/* we start a new capture file, close the old one (if we had one before) */
if ( ((capture_file *) cap_session->cf)->state != FILE_CLOSED) {
if ( ((capture_file *) cap_session->cf)->wth != NULL) {
wtap_close(((capture_file *) cap_session->cf)->wth);
((capture_file *) cap_session->cf)->wth = NULL;
if (cf->state != FILE_CLOSED) {
if (cf->wth != NULL) {
wtap_close(cf->wth);
cf->wth = NULL;
}
((capture_file *) cap_session->cf)->state = FILE_CLOSED;
cf->state = FILE_CLOSED;
}
g_free(capture_opts->save_file);
is_tempfile = FALSE;
epan_free(cf->epan);
cf->epan = tshark_epan_new(cf);
} else {
/* we didn't had a save_file before, must be a tempfile */
is_tempfile = TRUE;