-
Notifications
You must be signed in to change notification settings - Fork 861
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Packet-buffered mode (-U) doesn't affect packet printing #1213
Comments
Please re-test using tcpdump 4.99.5. |
@infrastation, I have just tried both
|
The code in So, either the doc is wrong (i.e. |
That was a mistake made by the author of this commit:
The mistake is the "Note that -U does packet-buffering without -w." part; sadly, it doesn't. So:
is correct. However:
the "or" there is not correct; some form of packet-buffering should be provided, given that I'm not sure what, if anything, would break if
Presumably that was a patch provided by Andrew Brown, but I can't find it anywhere, so I don't know whether 1) it originally made writing to the capture file completely unbuffered, hence the This also raises the issue of, if you use But, for starters, the standard output should be flushed after printing packets if |
My suggestion was not to change the functioning of
That way, |
The problem the original filer wants to solve isn't " The TShark program in the Wireshark suite solved that problem by making I don't know what would break if we were to do the same for tcpdump. If nothing would break, or if the breakage is trivial, we might want to do that; with A separate problem is that I mistakenly changed the tcpdump man page to document that The first of those solutions provides packet buffering of dissected packet output without changing the behavior of The second of those solutions fixes the disparity between the documentation and the code, without changing the behavior of |
Thanks for the clarification. Yes, my proposal was to do what you outline in the last two paragraphs. From my (admittedly) limited view of the world it would work, but it would indeed break the case where a user wants stdout to be packet buffered, with pcap dump ( |
So, maybe it would be best to fix the man page first to document the currently implemented behaviour, and then when/if the behaviour changes, change the man page accordingly? |
And I see that the opposite would be true as well: lack of options to write raw packets in the packet-buffered way while keeping the standard output to non-tty destinations fully-buffered.
I also wanted to propose this as a first step.
I guess it can get too confusing if another flag is added for packet-buffered standard output only? |
In that case, I'd argue for an option with an argument: Or just, you know, fix the man page and live with |
I noticed that the packet-buffered mode (
-U
) has no effect when STDOUT is not a terminal and raw packets recording (-w
) is not used. If my STDOUT istee
, the terminal gets updated only whentcpdump
's output buffer is full. In the example below, 10 ICMP packets had already been captured but the output buffer was not full yet, so nothing was printed to the terminal:I understand that
-U
is primarily used in combination with-w
, but the manual says that it can also be used without-w
:It was tested against the latest stable
tcpdump
andlibpcap
versions:The text was updated successfully, but these errors were encountered: