diff options
| author | Evan Huus <eapache@gmail.com> | 2014-06-26 10:59:33 -0400 |
|---|---|---|
| committer | Evan Huus <eapache@gmail.com> | 2014-07-05 22:08:59 +0000 |
| commit | 42b537ea49f1a54dff1528343a37aca35c590c62 (patch) | |
| tree | 5d83fa08346ec22c86ac3b88d16fd49a59eb97fc /tshark.c | |
| parent | 286c191846c4fff65e9855363521a6975b8c5a19 (diff) | |
| download | wireshark-42b537ea49f1a54dff1528343a37aca35c590c62.tar.gz wireshark-42b537ea49f1a54dff1528343a37aca35c590c62.tar.bz2 wireshark-42b537ea49f1a54dff1528343a37aca35c590c62.zip | |
Reset state when cycling ring-buffer files in tshark.
This has several implications:
- we match user expectations that a ring-buffered tshark capture will run
forever without running out of resources (except where we still have leaks)
- we lose reassembly and request/response matching when the relevant packets
are split across files, but this actually makes our output more consistent
with dissecting those files after-the-fact
I have not made it configurable in this change because I'm not really sure
there's a use case for the old behaviour - if you're running a ring-buffer
capture in the first place it's because you're willing to discard old data to
limit resource usage. If you want the full dissection without breaks, just don't
use a ring buffer at all and take the resource hit in both disk and memory.
Change-Id: I7d8f84b2e6040b430b7112a45538041f2c30f489
Reviewed-on: https://code.wireshark.org/review/2669
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'tshark.c')
| -rw-r--r-- | tshark.c | 14 |
1 files changed, 9 insertions, 5 deletions
@@ -2614,6 +2614,7 @@ gboolean capture_input_new_file(capture_session *cap_session, gchar *new_file) { capture_options *capture_opts = cap_session->capture_opts; + capture_file *cf = (capture_file *) cap_session->cf; gboolean is_tempfile; int err; @@ -2628,16 +2629,19 @@ capture_input_new_file(capture_session *cap_session, gchar *new_file) if (capture_opts->save_file != NULL) { /* we start a new capture file, close the old one (if we had one before) */ - if ( ((capture_file *) cap_session->cf)->state != FILE_CLOSED) { - if ( ((capture_file *) cap_session->cf)->wth != NULL) { - wtap_close(((capture_file *) cap_session->cf)->wth); - ((capture_file *) cap_session->cf)->wth = NULL; + if (cf->state != FILE_CLOSED) { + if (cf->wth != NULL) { + wtap_close(cf->wth); + cf->wth = NULL; } - ((capture_file *) cap_session->cf)->state = FILE_CLOSED; + cf->state = FILE_CLOSED; } g_free(capture_opts->save_file); is_tempfile = FALSE; + + epan_free(cf->epan); + cf->epan = tshark_epan_new(cf); } else { /* we didn't had a save_file before, must be a tempfile */ is_tempfile = TRUE; |