Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [Patch] Re: capture from a fifo

From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Date: Mon, 25 Sep 2006 16:38:55 +0100
Ulf Lamping wrote:
Richard van der Hoff wrote:
Richard van der Hoff wrote:
[tshark from a fifo]
Ulf - I notice you made the relevant change here (r16787) - is there any reason why tshark shouldn't use capture_loop_dispatch to do its processing, rather than attempting to use cap_pipe_dispatch or pcap_dispatch directly?
well, there didn't seem to be, so I've made a patch which does exactly this, and which fixes the problem.

I've even gone so far as to add a unit test for it :).

Please could this be applied?

Hi Richard, sorry for the very late response!

Yes, there are reasons to use the same code for Wireshark and Tshark:

- having duplicated and slightly different code for the same task is a bad thing (unless there are *very* good reasons to do so)

Of course; however I rather felt that I was making the code closer to what was done in Wireshark, rather than the opposite! I appreciate there's a long way to go, but still - making both dumpcap and tshark use capture_loop_dispatch seemed an improvement.

- these were the first steps towards privilege seperation (which are mostly finished in Wireshark but needs to be finished in Tshark)

As in, the intention is to make tshark use dumpcap as well? Fair enough, but (a) I don't see how the change to cap_pipe_dispatch and pcap_dispatch is a helpful step along this path, and (b) I'd still like a fix to this problem in the short term!

Thanks,

Richard


--
Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Project Manager
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com