On 09/06/2017 14:07, Ray Bellis wrote:
> My modified libpcap is at: > > <https://github.com/raybellis/libpcap/tree/raybellis-gzip> > > This so far only supports file reading. I don't expect file writing to > be difficult. I've now added file writing support too. One complication is that many lipcap applications don't explicitly close the dump with pcap_dump_close() (c.f. this *very* old posting from 2003 - <https://www.mail-archive.com/tcpdump-workers@sandelman.ottawa.on.ca/msg01656.html>) and instead rely on the operating system's implicit close-file-on-exit semantics. I therefore had to extend the plugin architecture to add an atexit() handler that closes any virtual FILE* that's still open since they're not backed by real file handles. (Now that I think about that further, though, I wonder whether it would be better for the core libpcap to take care of that for _any_ dump file that's still open for writing on exit) I do still have an open issue on how to handle pcap_dump_open_append() since some compression libraries may not support opening files in "+" update mode (zlib doesn't, for example). Ray _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
