Richard van der Hoff wrote:
Hi all,
First: massive thanks to Ulf for all the work he's been doing on
privilege separation. It's definitely a really important feature that's
been missing for ever.
Ulf Lamping wrote:
Just as Wireshark is doing it already for some time, tshark now also use
dumpcap to capture stuff (to seperate the "potential dangerous"
dissection from the "root required" capturing). tshark calls dumpcap
with a set of command line options (capture interface, capture file
name, ...) and establishes a pipe to dumpcap. Now dumpcap captures
packets into a temporary file, a named file or some ringbuffer files and
notices tshark events through a pipe, e.g. a new file was opened, some
packets rushed in, ...
Ok, first question: when being used by {wire,t}shark, is a temporary
file really the best way for dumpcap to write its captured data? The
unix way to do this would be to write it down a separarate pipe (so
wireshark/tshark would run dumpcap with a magic option saying "write
your captured data to fd X); however I don't know enough about windows
to know how portable that would be. A temporary file works fine anyway,
I guess.
Well, except that the temporary file mechanism leads us to ugliness like
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1650 . I think to
fix that generically will require some kind of *shark<->dumpcap
synchronization and what better way to do it than via a pipe?
