pcap.rb dump function is async ?

Question

pcap.rb dump function is async ?

yanzou opened this issue 9 years ago · comments

hi, I was using this gem for parsing and filtering pcap, then I came across a problem:

header = ::Pcap::Capture.open_dead(parser.datalink, parser.snaplen)
dumper = ::Pcap::Dumper.open(header, new_file)
  #do some thing

#dump to new file
dumper.dump(pkt) if dumper

file_size = get_file_size(new_file) #  file_size ----------> got 12kb

but, after this when I look at the file in the file system, it became 16 kb

So , my question is the dumper.dump() function is async ? If it is async, can I got complete event ?

Andrew Hobson · Answer 1 · Fri Jul 03 2015 20:29:14 GMT+0800 (China Standard Time)

Sorry for the late reply. I suspect that you need to close the dumper to ensure that the data is flushed to disk.

yanzou · Answer 2 · Tue Jul 07 2015 10:03:19 GMT+0800 (China Standard Time)

@ahobson no, I DO close the dumper, I will post my code later

yanzou · Answer 3 · Tue Aug 25 2015 15:42:05 GMT+0800 (China Standard Time)

 begin
         # some  codes...

          parser = ::Pcap::Capture.open_offline(origin_file)
          parser.setfilter(filter)        

          header = ::Pcap::Capture.open_dead(parser.datalink, parser.snaplen)
          dumper = ::Pcap::Dumper.open(header, new_file)
          dumper.dump(pkt) if dumper.present?        

          # some other codes....

 rescue ::Pcap::PcapError => ex
        p ex.backtrace
        throw "PcapError: Parsing pcap file failed. Please check pcap file."
 rescue Exception => ex
        p ex.backtrace
        throw ex
 ensure
        begin
          parser.close if parser
          dumper.close if dumper
          header.close if header
        rescue Exception => ex
          p ex.message, ex.backtrace
        end
 end