Dumpcap+Qt: Add support for `-a packets:NUM` and `-b packets:NUM`.

Add the ability to rotate files after a specified number of packets (`-b packets:NUM`). Move some condition checks to capture_loop_write_packet_cb. Add `-a packets:NUM` in order to be consistent. It is functionally equivalent to the `-c` flag. Add a corresponding "packets" option to the Capture Interfaces dialog Output tab. Add initial tests for autostop and ringbuffer conditions. Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257 Reviewed-on: https://code.wireshark.org/review/30534 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Gerald Combs <gerald@wireshark.org> 2018-10-31 10:03:04 +0100
committer: Anders Broman <a.broman58@gmail.com> 2018-11-09 05:55:11 +0000
commit: 11a9a501fb004bd3259f457714670ffb6d3d21e9 (patch)
tree: cf1a39471dff0d4e9b8a8da493d243eb53588954 /doc
parent: 9b6b36beaeb2f58a209943d95c05486b72c6907f (diff)
3 files changed, 46 insertions, 27 deletions
diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod
index 87ec453ff8..ae2e024ff4 100644
--- a/doc/dumpcap.pod
+++ b/doc/dumpcap.pod
@@ -74,13 +74,16 @@ where I<test> is one of:
 B<duration>:I<value> Stop writing to a capture file after I<value> seconds have
 elapsed. Floating point values (e.g. 0.5) are allowed.
 
+B<files>:I<value> Stop writing to capture files after I<value> number of files
+were written.
+
 B<filesize>:I<value> Stop writing to a capture file after it reaches a size of
 I<value> kB. If this option is used together with the -b option, dumpcap will
 stop writing to the current capture file and switch to the next one if filesize
 is reached.  Note that the filesize is limited to a maximum value of 2 GiB.
 
-B<files>:I<value> Stop writing to capture files after I<value> number of files
-were written.
+B<packets>:I<value> Stop writing to a capture file after I<value> packets
+have been written. Same as B<-c> E<lt>capture packet countE<gt>.
 
 =item -b  E<lt>capture ring buffer optionE<gt>
 
@@ -106,12 +109,6 @@ B<duration>:I<value> switch to the next file after I<value> seconds have
 elapsed, even if the current file is not completely filled up. Floating
 point values (e.g. 0.5) are allowed.
 
-B<interval>:I<value> switch to the next file when the time is an exact
-multiple of I<value> seconds
-
-B<filesize>:I<value> switch to the next file after it reaches a size of
-I<value> kB.  Note that the filesize is limited to a maximum value of 2 GiB.
-
 B<files>:I<value> begin again with the first file after I<value> number of
 files were written (form a ring buffer).  This value must be less than 100000.
 Caution should be used when using large numbers of files: some filesystems do
@@ -121,6 +118,15 @@ control when to go to the next file.  It should be noted that each B<-b>
 parameter takes exactly one criterion; to specify two criterion, each must be
 preceded by the B<-b> option.
 
+B<filesize>:I<value> switch to the next file after it reaches a size of
+I<value> kB.  Note that the filesize is limited to a maximum value of 2 GiB.
+
+B<interval>:I<value> switch to the next file when the time is an exact
+multiple of I<value> seconds
+
+B<packets>:I<value> switch to the next file after it contains I<value>
+packets.
+
 Example: B<-b filesize:1000 -b files:5> results in a ring buffer of five files
 of size one megabyte each.
 
@@ -148,7 +154,7 @@ the default capture buffer size is used instead.
 =item -c  E<lt>capture packet countE<gt>
 
 Set the maximum number of packets to read when capturing live
-data.
+data. Same as B<-a packets:>E<lt>capture packet countE<gt>.
 
 =item -C  E<lt>byte limitE<gt>
 
diff --git a/doc/tshark.pod b/doc/tshark.pod
index 7fa123efaf..b3e0924b74 100644
--- a/doc/tshark.pod
+++ b/doc/tshark.pod
@@ -218,6 +218,9 @@ where I<test> is one of:
 B<duration>:I<value> Stop writing to a capture file after I<value> seconds
 have elapsed. Floating point values (e.g. 0.5) are allowed.
 
+B<files>:I<value> Stop writing to capture files after I<value> number of files
+were written.
+
 B<filesize>:I<value> Stop writing to a capture file after it reaches a size of
 I<value> kB.  If this option is used together with the -b option, B<TShark>
 will stop writing to the current capture file and switch to the next one if
@@ -226,8 +229,8 @@ the file after the number of bytes read exceeds this number (the complete
 packet  will be read, so more bytes than this number may be read).  Note that
 the filesize is limited to a maximum value of 2 GiB.
 
-B<files>:I<value> Stop writing to capture files after I<value> number of files
-were written.
+B<packets>:I<value> switch to the next file after it contains I<value>
+packets. Same as B<-c>E<lt>capture packet countE<gt>.
 
 =item -b  E<lt>capture ring buffer optionE<gt>
 
@@ -253,12 +256,6 @@ B<duration>:I<value> switch to the next file after I<value> seconds have
 elapsed, even if the current file is not completely filled up. Floating
 point values (e.g. 0.5) are allowed.
 
-B<interval>:I<value> switch to the next file when the time is an exact
-multiple of I<value> seconds
-
-B<filesize>:I<value> switch to the next file after it reaches a size of
-I<value> kB.  Note that the filesize is limited to a maximum value of 2 GiB.
-
 B<files>:I<value> begin again with the first file after I<value> number of
 files were written (form a ring buffer).  This value must be less than 100000.
 Caution should be used when using large numbers of files: some filesystems do
@@ -268,6 +265,15 @@ control when to go to the next file.  It should be noted that each B<-b>
 parameter takes exactly one criterion; to specify two criterion, each must be
 preceded by the B<-b> option.
 
+B<filesize>:I<value> switch to the next file after it reaches a size of
+I<value> kB.  Note that the filesize is limited to a maximum value of 2 GiB.
+
+B<interval>:I<value> switch to the next file when the time is an exact
+multiple of I<value> seconds
+
+B<packets>:I<value> switch to the next file after it contains I<value>
+packets.
+
 Example: B<tshark -b filesize:1000 -b files:5> results in a ring buffer of five files
 of size one megabyte each.
 
@@ -295,7 +301,8 @@ the default capture buffer size is used instead.
 =item -c  E<lt>capture packet countE<gt>
 
 Set the maximum number of packets to read when capturing live
-data.  If reading a capture file, set the maximum number of packets to read.
+data. Same as B<-a packets:>E<lt>capture packet countE<gt>.
+If reading a capture file, set the maximum number of packets to read.
 
 =item -C  E<lt>configuration profileE<gt>
 
diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template
index 77eaeda232..7cee21502f 100644
--- a/doc/wireshark.pod.template
+++ b/doc/wireshark.pod.template
@@ -242,14 +242,17 @@ where I<test> is one of:
 B<duration>:I<value> Stop writing to a capture file after I<value> seconds have
 elapsed. Floating point values (e.g. 0.5) are allowed.
 
+B<files>:I<value> Stop writing to capture files after I<value> number of files
+were written.
+
 B<filesize>:I<value> Stop writing to a capture file after it reaches a size of
 I<value> kB.  If this option is used together with the -b option, Wireshark
 will stop writing to the current capture file and switch to the next one if
 filesize is reached.  Note that the filesize is limited to a maximum value of
 2 GiB.
 
-B<files>:I<value> Stop writing to capture files after I<value> number of files
-were written.
+B<packets>:I<value> switch to the next file after it contains I<value>
+packets. Same as B<-c>E<lt>capture packet countE<gt>.
 
 =item -b  E<lt>capture ring buffer optionE<gt>
 
@@ -275,12 +278,6 @@ B<duration>:I<value> switch to the next file after I<value> seconds have
 elapsed, even if the current file is not completely filled up. Floating
 point values (e.g. 0.5) are allowed.
 
-B<interval>:I<value> switch to the next file when the time is an exact
-multiple of I<value> seconds
-
-B<filesize>:I<value> switch to the next file after it reaches a size of
-I<value> kB.  Note that the filesize is limited to a maximum value of 2 GiB.
-
 B<files>:I<value> begin again with the first file after I<value> number of
 files were written (form a ring buffer).  This value must be less than 100000.
 Caution should be used when using large numbers of files: some filesystems do
@@ -290,6 +287,15 @@ control when to go to the next file.  It should be noted that each B<-b>
 parameter takes exactly one criterion; to specify two criterion, each must be
 preceded by the B<-b> option.
 
+B<filesize>:I<value> switch to the next file after it reaches a size of
+I<value> kB.  Note that the filesize is limited to a maximum value of 2 GiB.
+
+B<interval>:I<value> switch to the next file when the time is an exact
+multiple of I<value> seconds
+
+B<packets>:I<value> switch to the next file after it contains I<value>
+packets.
+
 Example: B<-b filesize:1000 -b files:5> results in a ring buffer of five files
 of size one megabyte each.
 
@@ -317,7 +323,7 @@ the default capture buffer size is used instead.
 =item -c  E<lt>capture packet countE<gt>
 
 Set the maximum number of packets to read when capturing live
-data.
+data. Same as B<-a packets:>E<lt>capture packet countE<gt>.
 
 =item -C  E<lt>configuration profileE<gt>
author	Gerald Combs <gerald@wireshark.org>	2018-10-31 10:03:04 +0100
committer	Anders Broman <a.broman58@gmail.com>	2018-11-09 05:55:11 +0000
commit	11a9a501fb004bd3259f457714670ffb6d3d21e9 (patch)
tree	cf1a39471dff0d4e9b8a8da493d243eb53588954 /doc
parent	9b6b36beaeb2f58a209943d95c05486b72c6907f (diff)