bamartin125
commented
4 years ago Keying @guyharris into this issue directly.
Closed bamartin125 closed 4 years ago
bamartin125
commented
4 years ago Keying @guyharris into this issue directly.
crass
commented
4 years ago I think unmerged #858 would be a good half-measure that would resolve a majority of users facing this issue. I suspect most users run in to this when re-initializing the interface, not when a device disappears.
guyharris
commented
4 years ago Should be fixed by a973128a85d7dd75c7ea6fdcf746fc143a987d03.
guyharris
commented
4 years ago Note to anyone who wishes to argue that the interface being configured down should cause the capture to stop:
See this bug.
See Wireshark bug 2653, in which it's noted that this "[allows] debugging DHCP client problems", presumably because the interface may go down and up during the process.
Frankly, PF_PACKET sockets should allow you to bind to a non-up interface for the same reason. *BSD/macOS 1) have no problem with binding a BPF device to such an interface, 2) don't return an error for a read if the interface goes down, and 3) do return an error if the interface goes away.
Time permitting, I'll look at changing the PF_PACKET code to be more BSD-like (although though it should return an error if the interface goes down, but permit further reads, and return a different error if the interface goes away; that would let existing pcap APIs ignore "interface goes down" and more easily provide an error for "interface goes away", and let other code, possibly including future PCAP APIs, provide a warning for "interface went down" in case some program wants to note that).
When an interface is brought down, it would be expected that the capture continue in the case that the interface is brought back up again.
This does not include cases where the interface is "gone for good" (eg. the interface was unplugged).
See issue #402 for the Windows counterpart to this issue.