Ethereal-dev: Re: [ethereal-dev] capturing data from a pipe

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 17 Jul 2000 14:23:30 -0700 (PDT)
> Yes.  One major issue is that the routines wiretap uses do lseeks on the
> input file (someone please feel free to correct me if I'm wrong).  On
> linux, at least, this causes an error of ESPIPE ("Invalid seek").  The
> same appears to be true for named pipes a/k/a FIFOs.

True...

...but that merely means that one can't run Ethereal with a "-r" flag
redirected to a pipe (e.g., with "/dev/stdin").

I suspect what Olivier is talking about is replacing the *capture* code,
e.g. the "pcap_dispatch()" call in "capture()" in "capture.c", with code
to read from the pipe.

"pcap_dispatch()" is reading from a device or socket, and doesn't
support seeks; what Ethereal does is write the packets it gets from
"pcap_dispatch()" to a file, and that file *can* be read randomly.

I presume Olivier will do something such as replacing the
"pcap_dispatch()" call with something that calls "pcap_dispatch()" if
capturing using libpcap, or reads from the pipe if capturing from a
pipe, so that the packets read from the pipe will still be written to a
file, and the dissection-and-display code in Ethereal will read from
that file.