tcpdump mailing list archives
Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal?
From: David Laight <David.Laight () ACULAB COM>
Date: Wed, 11 Feb 2015 10:44:59 +0000
From: Guy Harris
On Jan 9, 2015, at 8:30 AM, Michael Richardson <mcr () sandelman ca> wrote:Guy Harris <guy () alum mit edu> wrote:The longer timeout can reduce capturing overhead, and if you're capturing a high volume of traffic to a file, it's probably the right timeout to have.
If you are capturing a high volume of traffic even a short (10ms) timeout won't expire.
If, however, you're printing packets to the console, you're probably doomed if it's a high volume of traffic, and may want less of a delay if it's a low volume of traffic.Should we reduce the timeout if -w isn't specified - or do so if -w isn't specified *and* if we're outputting to a terminal (isatty(1) returns a non-zero value)? Should we use immediate mode if libpcapYes, I think that -w not specified, and isatty()==1.
What about piping through 'tee', 'grep' or into a pager? In all those cases you want immediate output (as if directly writing the tty). This also means you need an fflush(stdout) before waiting for more data. Even with -w you can have problems - it is silly to have to wait a significant time between running a test that generates a small number of packets and typing ^C to stop tcpdump.
OK, I've implemented that for immediate mode, i.e. immediate mode if -w isn't specified and isatty(1) is true, and added a --immediate-mode flag so the nerds in the audience have a knob to tweak. :-) If pcap_set_immediate_mode() isn't available, should it set the timeout to a lower value instead, in those cases? Should we reduce the default timeout? Should we have a command-line flag to set the timeout?
I don't see any point in delaying more than 100ms. Returning to user every 50ms shouldn't be a problem either. David _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Libpcap timeout settings in tcpdump - too long when printing to a terminal? Guy Harris (Jan 08)
- Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal? Michal Sekletar (Jan 09)
- Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal? Guy Harris (Jan 09)
- Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal? David Laight (Jan 12)
- Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal? vipul Kumar (Jan 13)
- Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal? Guy Harris (Jan 09)
- Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal? Michal Sekletar (Jan 09)
- Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal? Michael Richardson (Jan 09)
- Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal? Guy Harris (Feb 10)
- Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal? David Laight (Feb 11)
- Re: Libpcap timeout settings in tcpdump - too long when printing to a terminal? Guy Harris (Feb 10)