This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how does ringbuffer work in dumpcap ?

0

Hi all,

I found here http://code.metager.de/source/xref/wireshark/dumpcap.c the implementation of dumpcap. 1) is it the right code / algorithm ? 2) if 1) is true then which part of the code shows us the old file deletion when the file number limit is reached ? is there really old file deletion or the old file is truncated ?

Thanks for your help.

asked 07 May '14, 06:54

ikuzar's gravatar image

ikuzar
11435
accept rate: 0%

One Answer:

2

Odd place to be looking at Wireshark code, why not use the actual Wireshark repository?

I think you want function ringbuf_switch_file() in ringbuffer.c which then calls ringbuf_open_file() for the new filename, and if that exists then it calls ws_unlink() on it (in wsutil/file_util.c). Depending on your platform, ws_unlink() then calls the appropriate unlink function.

answered 07 May '14, 07:30

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%