Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 3186] New: dumpcap does not honor capture termination if e

Date: Sat, 10 Jan 2009 10:30:02 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3186

           Summary: dumpcap does not honor capture termination if exactly "-
                    c <capture packet count>" packets have been captured
           Product: Wireshark
           Version: 1.0.5
          Platform: All
               URL: http://www.networksecuritytoolkit.org
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: rwhalb@xxxxxxxxxxxx


Build Information:
[root@probe-eth0 ~]# tshark -v
TShark 1.0.5

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.14.6, with libpcap 0.9.7, with libz 1.2.3, with POSIX
capabilities (Linux), with libpcre 7.3, with SMI 0.4.5, with ADNS, with Lua
5.1,
with GnuTLS 1.6.3, with Gcrypt 1.2.4, with MIT Kerberos.

Running on Linux 2.6.26.8-57.fc8, with libpcap version 0.9.7.

Built using gcc 4.1.2 20070925 (Red Hat 4.1.2-33).

--
dumpcap should terminate if exactly the maximum number of packets have been
captured (or greater) as specified by the user: "-c <capture packet count>".
The current behavior waits until an additional packet is captured until this
threshold check occurs.

The fix should be to make an additional check in function:
capture_loop_packet_cb(u_char *user, const struct pcap_pkthdr *phdr,const
u_char *pd) after incrementing the packet counter.

  if (ld->pdh) {
    /* We're supposed to write the packet to a file; do so.
       If this fails, set "ld->go" to FALSE, to stop the capture, and set
       "ld->err" to the error. */
    if (!libpcap_write_packet(ld->pdh, phdr, pd, &ld->bytes_written, &err)) {
      ld->go = FALSE;
      ld->err = err;
    } else
      ld->packet_count++;
  }

becomes

  if (ld->pdh) {
    /* We're supposed to write the packet to a file; do so.
       If this fails, set "ld->go" to FALSE, to stop the capture, and set
       "ld->err" to the error. */
    if (!libpcap_write_packet(ld->pdh, phdr, pd, &ld->bytes_written, &err)) {
      ld->go = FALSE;
      ld->err = err;
    } else
      ld->packet_count++;
  /* See if the maximum packet count threshold set by the user
     has been reached */
      if ((ld->packet_max > 0) && (ld->packet_count >= ld->packet_max)) {
        ld->go = FALSE;
        return;
      }
  }


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.