dumpcap: Increase packet count for all non-internal pcapng-blocks (!6356) · Merge requests · Wireshark Foundation / Wireshark

Oke Hargens requested to merge okectc/wireshark:dumpcap_pcapng_packet_count into master Mar 04, 2022

Wireshark will read as many blocks via pcapng_read(...) as calls to capture_loop_wrote_one_packet(...) are made by dumpcap.

Dumpcap currently does not call capture_loop_wrote_one_packet(...) for all packets that will be returned by pcapng_read(...), i.e. which are non-internal (see wtapng_block_s::internal).

Therefore wireshark will lag behind by the amount of packets that did not trigger a call to capture_loop_wrote_one_packet(...). With a very low packet rate, packets might be delayed for a long time.

This commit adds custom and sysdig event blocks to the condition that triggers a call to capture_loop_wrote_one_packet(...).

Note that not all blocks are defined to be 'internal' only by the block_type, as is assumed here (see pcapng_read_nflx_custom_block). For these few cases, pessimistically increasing the packet count, seems to be the easiest solution.

Edited Mar 04, 2022 by Oke Hargens

dumpcap: Increase packet count for all non-internal pcapng-blocks

Merge request reports