-----BEGIN PGP SIGNED MESSAGE-----
I added the -P flag, which takes a positive number, and has tcpdump
exit after capturing that many packets.
It can be combined with the -C flag, but it doesn't cause it to cycle
after that many packets, rather the two work independantly. I found I
wanted this to help me with some automated tests.
Index: netdissect.h
===================================================================
RCS file: /tcpdump/master/tcpdump/netdissect.h,v
retrieving revision 1.16
diff -u -r1.16 netdissect.h
- --- netdissect.h 7 Apr 2005 00:28:17 -0000 1.16
+++ netdissect.h 4 Jun 2005 16:52:01 -0000
@@ -106,6 +106,7 @@
int ndo_Cflag; /* rotate dump files after this many bytes */
int ndo_Cflag_count; /* Keep track of which file number we're writing */
+ unsigned int ndo_Pflag; /* exit after capturing this many packets */
int ndo_Wflag; /* recycle output files after this number of files */
int ndo_WflagChars;
const char *ndo_dltname;
Index: tcpdump.1
===================================================================
RCS file: /tcpdump/master/tcpdump/tcpdump.1,v
retrieving revision 1.167
diff -u -r1.167 tcpdump.1
- --- tcpdump.1 28 Dec 2004 22:31:25 -0000 1.167
+++ tcpdump.1 4 Jun 2005 16:52:01 -0000
@@ -40,6 +40,9 @@
.B \-C
.I file_size
] [
+.B \-P
+.I packet_limit
+] [
.B \-F
.I file
]
@@ -256,6 +259,10 @@
currently larger than \fIfile_size\fP and, if so, close the current
savefile and open a new one. Savefiles after the first savefile will
have the name specified with the
+.TP
+.B \-P
+exit tcpdump after \fIpacket_limit\fP packets have been captured.
+.TP
.B \-w
flag, with a number after it, starting at 1 and continuing upward.
The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
@@ -416,6 +423,9 @@
mode for some other reason; hence, `-p' cannot be used as an abbreviation for
`ether host {local-hw-addr} or ether broadcast'.
.TP
+.B \-P
+exit tcpdump after \fIpacket_limit\fP packets have been captured.
+.TP
.B \-q
Quick (quiet?) output.
Print less protocol information so output
Index: tcpdump.c
===================================================================
RCS file: /tcpdump/master/tcpdump/tcpdump.c,v
retrieving revision 1.253
diff -u -r1.253 tcpdump.c
- --- tcpdump.c 27 Jan 2005 18:30:36 -0000 1.253
+++ tcpdump.c 4 Jun 2005 16:52:01 -0000
@@ -496,6 +496,16 @@
error("invalid file size %s", optarg);
break;
+ case 'P':
+ {
+ int packet_limit = atoi(optarg);
+ if(packet_limit <= 0)
+ error("invalid packet count %s", optarg);
+
+ gndo->ndo_Pflag = packet_limit;
+ break;
+ }
+
case 'd':
++dflag;
break;
@@ -1041,8 +1051,12 @@
*/
info(1);
}
+ if (status == -2 && gndo->ndo_Pflag>0) {
+ (void)fprintf(stderr, "%s: terminated with fewer than %d
packets: %s\n",
+ program_name, gndo->ndo_Pflag, pcap_geterr(pd));
+ }
pcap_close(pd);
- - exit(status == -1 ? 1 : 0);
+ exit(status < 0 ? 1 : 0);
}
/* make a clean exit on interrupts */
@@ -1162,11 +1176,18 @@
--infodelay;
if (infoprint)
info(0);
+
+ if(gndo->ndo_Pflag > 0 && packets_captured > gndo->ndo_Pflag) {
+ pcap_breakloop(dump_info->pd);
+ }
}
static void
dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
{
+ struct dump_info *dump_info;
+ dump_info = (struct dump_info *)user;
+
++packets_captured;
++infodelay;
@@ -1180,6 +1201,10 @@
--infodelay;
if (infoprint)
info(0);
+
+ if(gndo->ndo_Pflag > 0 && packets_captured > gndo->ndo_Pflag) {
+ pcap_breakloop(dump_info->pd);
+ }
}
static void
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQqHZ/YqHRg3pndX9AQEIyAQArNajMP2mMiytc45I4g3Do3D5qtd3kHuB
al97Hng4+uifV7GLnfwJqfDdKvU1GdhHaMFUFFtu+xCAFjKOMx2cVJp0CEC78pm9
SjFosP1N69NPbWkDUPjmb2cnf/K2DbeeFNSfNBis0b++LnJwetCPxDijgsM2g+r6
tct/5xH2eTc=
=mAQZ
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
