Dumpcap: print closed ring-buffer file names

This proposal adds a new option '-b printname:<filename>' to dumpcap. If
used, dumpcap will print the name of each ring buffer file it creates
after it is closed. Allows the use of '-'/'stdout' and 'stderr'.

Use case: Since the file name is printed after the file is closed for
writing, an automated capture process can do something like the
following with the guarantee that the file in question will not be
changed.

    dumpcap -i eth0 -b files:2 -b printname:stdout [-b ...] | \
    while read cap_file_name ; do
        # Do something with $cap_file_name
    done

This sort of scripting is difficult in dumpcap's current form. Dumpcap
prints the names of new files to stderr as it *opens* them, so a script
attempting to use this must sleep for "-b duration:value" seconds plus
some fudge time to be sure it's getting a closed, unchanging file.

Change-Id: Idb288cc7c8c30443256d35c8cd4460a2e3f0861c
Reviewed-on: https://code.wireshark.org/review/37994
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

1 files changed, 4 insertions, 0 deletions

diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod
index ff8ea76c67..4dbf25f786 100644
--- a/doc/dumpcap.pod
+++ b/doc/dumpcap.pod
@@ -129,6 +129,10 @@ every hour on the hour.
 B<packets>:I<value> switch to the next file after it contains I<value>
 packets.
 
+B<printname>:I<filename> print the name of the most recently written file
+to I<filename> after the file is closed. I<filename> can be C<stdout> or C<->
+for standard output, or C<stderr> for standard error.
+
 Example: B<-b filesize:1000 -b files:5> results in a ring buffer of five files
 of size one megabyte each.