Re: Flush OS buffer before termination

[Garri Djavadyan <g.djavadyan () gmail com>]

On Sat, 2024-10-19 at 23:58 -0700, Guy Harris wrote:
> On Oct 19, 2024, at 5:01 PM, Garri Djavadyan <g.djavadyan () gmail com>
> wrote:
>
> > I am looking for a way to force tcpdump flush Linux OS buffer
> > before
> > terminating. I have checked the man page and the mailing list
> > archives
> > but did not manage to find anything related.
> >
> > When I terminate tcpdump process with SIGINT or SIGTERM, the
> > process
> > quits immediately, leaving packets in the buffer. I know that the
> > signal USR2 forces the buffer to be flushed, but it does stop
> > filling
> > the buffer and the process remains active.
> >
> > I have to use a very big buffer with a very slow storage, much
> > slower
> > than the rate of coming packets received by the filter, and it is
> > preferred not to lose a single packet after initiating termination
> > the
> > process.
>
> OK, so is the buffer to which you're referring the buffer that holds
> captured packets for tcpdump to read, i.e. the *input* buffer for
> tcpdump, rather than, for example, the standard I/O buffer containing
> packet dissection text to be printed or the I/O buffer containing
> packets to be written to the file specified by -w, i.e. an *output*
> buffer for tcpdump?

Correct. I meant the input buffer, specified with the -B flag.

Regards,
Garri
_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s