https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5892
--- Comment #5 from liaodh10@xxxxxxxxx 2011-05-12 09:21:56 PDT ---
(In reply to comment #4)
> The pipe doesn't contain packets, it contains messages saying "there are N more
> packets to be read from the file"; the actual packets are written to a file by
> dumpcap and read from the file by Wireshark (or TShark).
You are right, I dumped the string received from the pipe and it tells how many
more packets that needs to be read from the file. When traffic rate is high,
the wireshark processes the msgs from the pipe and reads the file much slower
than what is being sent/written by dumpcap. When the user clicks 'stop', it
still continues to process the remaining msg and read from the file until it
finishes, so it delays for a long time. My current fix is to set a flag and
turn it to true in sync_pipe_stop() after it sends SIGINT to dumpcap. The
capture_input_new_packets() (in capture.c) will return when it sees the flag is
true; and cf_finish_tail() (in file.c) will also skip the wtap_read() when the
flag is true. This can stop the 'capture' successfully. Since I don't normally
deal with wireshark source code. Please let me know if you see problem with the
fix. Thanks.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
