Olivier Abad wrote:
> I'm planning on implementing capturing from a pipe in ethereal because I
> need this feature for my work (it will also allow us to make remote
> captures).
>
> My first ideas :
> - the data in the pipe must be in pcap format ;
> - the user will be able to specify a filename (for the pipe) in the
> capture dialog (or on the command line);
> - rewrite the current capture functions to be able to read the pipe
> instead of using the pcap library if the interface name specified is a
> pipe (I'm not familiar with this part of ethereal, I'll look into it
> tonight).
>
> Any suggestions on this ? I hope to finish it this week.
Yes. One major issue is that the routines wiretap uses do lseeks on the
input file (someone please feel free to correct me if I'm wrong). On
linux, at least, this causes an error of ESPIPE ("Invalid seek"). The
same appears to be true for named pipes a/k/a FIFOs.
As we do use a pipe when doing simultaneous capture and display under
*nix, you might be able to format your data to match that format.
The basic way that works is to fork a child that writes data to a
capture file. We then basically do a tail on that file and
dissect/display the data. [See capture.c around line 208] There is also
a "sync pipe" which tells the reader when to read (and how much).
--john
>
--
John McDermott, Writer and Consultant
J-K International, Ltd.
V +1 505/377-6293 F +1 505/377-6313
jjm@xxxxxxxxxx
