Richard van der Hoff wrote:
> Hi all,
>
> First: massive thanks to Ulf for all the work he's been doing on
> privilege separation. It's definitely a really important feature that's
> been missing for ever.
>
> Ulf Lamping wrote:
>> Just as Wireshark is doing it already for some time, tshark now also use
>> dumpcap to capture stuff (to seperate the "potential dangerous"
>> dissection from the "root required" capturing). tshark calls dumpcap
>> with a set of command line options (capture interface, capture file
>> name, ...) and establishes a pipe to dumpcap. Now dumpcap captures
>> packets into a temporary file, a named file or some ringbuffer files and
>> notices tshark events through a pipe, e.g. a new file was opened, some
>> packets rushed in, ...
>
> Ok, first question: when being used by {wire,t}shark, is a temporary
> file really the best way for dumpcap to write its captured data? The
> unix way to do this would be to write it down a separarate pipe (so
> wireshark/tshark would run dumpcap with a magic option saying "write
> your captured data to fd X); however I don't know enough about windows
> to know how portable that would be. A temporary file works fine anyway,
> I guess.
Well, except that the temporary file mechanism leads us to ugliness like
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1650 . I think to
fix that generically will require some kind of *shark<->dumpcap
synchronization and what better way to do it than via a pipe?
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
