Re: Flush OS buffer before termination

[Guy Harris <gharris () sonic net>]

On Oct 19, 2024, at 5:01 PM, Garri Djavadyan <g.djavadyan () gmail com> wrote:

> I am looking for a way to force tcpdump flush Linux OS buffer before
> terminating. I have checked the man page and the mailing list archives
> but did not manage to find anything related.
>
> When I terminate tcpdump process with SIGINT or SIGTERM, the process
> quits immediately, leaving packets in the buffer. I know that the
> signal USR2 forces the buffer to be flushed, but it does stop filling
> the buffer and the process remains active.
>
> I have to use a very big buffer with a very slow storage, much slower
> than the rate of coming packets received by the filter, and it is
> preferred not to lose a single packet after initiating termination the
> process.

OK, so is the buffer to which you're referring the buffer that holds captured packets for tcpdump to read, i.e. the 
*input* buffer for tcpdump, rather than, for example, the standard I/O buffer containing packet dissection text to be 
printed or the I/O buffer containing packets to be written to the file specified by -w, i.e. an *output* buffer for 
tcpdump?
_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s