On lun, jui 17, 2000 at 02:23:30 -0700, Guy Harris wrote:
> > Yes. One major issue is that the routines wiretap uses do lseeks on the
> > input file (someone please feel free to correct me if I'm wrong). On
> > linux, at least, this causes an error of ESPIPE ("Invalid seek"). The
> > same appears to be true for named pipes a/k/a FIFOs.
>
> True...
>
> ...but that merely means that one can't run Ethereal with a "-r" flag
> redirected to a pipe (e.g., with "/dev/stdin").
>
> I suspect what Olivier is talking about is replacing the *capture* code,
> e.g. the "pcap_dispatch()" call in "capture()" in "capture.c", with code
> to read from the pipe.
Exactly.
> "pcap_dispatch()" is reading from a device or socket, and doesn't
> support seeks; what Ethereal does is write the packets it gets from
> "pcap_dispatch()" to a file, and that file *can* be read randomly.
>
> I presume Olivier will do something such as replacing the
> "pcap_dispatch()" call with something that calls "pcap_dispatch()" if
> capturing using libpcap, or reads from the pipe if capturing from a
> pipe, so that the packets read from the pipe will still be written to a
> file, and the dissection-and-display code in Ethereal will read from
> that file.
That's what I just started doing.
Olivier
--
Doubt is not a pleasant condition, but certainty is absurd.
-- Voltaire
