Add a flag (-R) to terminate capture after specified time #684
Conversation
Works by adding a check to the callback function passed to pcap; saves the time of the first packet seen and then compares later packets to that time. Time interval is specified with units of microseconds, milliseconds, seconds, minutes, or hours. Internally, this gets converted to an integer number of microseconds. Updated the generated manpage and the printed usage. Haven't added any tests; I didn't see any for other command line flags like -c, but can add a couple if desired.
steinbrecher
changed the title
|
This seems to implement the request made in #338. |
|
Needs a quick cleanup & rebase if the feature is of interest -- @infrastation how is that determined? |
|
As another user points it out, there is the |
|
Can you use a long option? |
| @@ -688,6 +754,7 @@ static const struct option longopts[] = { | |||
| #ifdef HAVE_PCAP_SETDIRECTION | |||
| { "direction", required_argument, NULL, 'Q' }, | |||
| #endif | |||
| { "max-runtime", required_argument, NULL, 'R', }, | |||
There was a problem hiding this comment.
Please use the same indentation as other code.
Note: tab stops are set every eight spaces, not every four spaces, this having originally been written on UN*X. :-) If you're reading it with a program with tab stops set every four spaces, it won't display correctly.
There was a problem hiding this comment.
Will clean up when I rebase :)
|
Note that without an interval timer ( |
Yeah, very true. Thoughts on adding an interval timer equal to the selected time +1 second (or something equally "long" relative to a short time selection)? |
|
|
Any chance of finishing this feature? I was looking for it today. |
Context/Background: I needed this feature to be able to capture short bursts
(single ms to tens of ms) on high-rate interfaces without packet loss. Searching
produced some results of people trying to do timed captures using timeout(1) or
other coarser-grained checks. OS-level checks rely on the running time of
the program, not the time interval of packets captured, making it hard to capture
short bursts. Alternatively, for multiple second captures, some people use the log
rotation time + restriction of number of log files to take a timed capture, but this
is both hacky and only provides resolution in seconds, not milliseconds or
microseconds
Adding this check seems more reliable, easier to use, and provides finer-grained
control than any of the above methods.
The check works by adding a function call to each of the callback functions
passed to pcap; it saves the time of the first packet seen and then compares
later packets to that time. Time interval is specified at as an argument to -R
with units of microseconds, milliseconds, seconds, minutes, or hours. Internally,
this gets converted to an integer number of microseconds.
Updated the generated manpage and the printed usage. Haven't added any
tests; I didn't see any for other command line flags like -c, but can
add a couple if desired.
-R was chosen as the flag as shorthand for "runtime"; the longopt is set to
--max-runtime.