If tcpdump is started with -i <specific_interace_name> exits if that is brought down. However, if it is started with "-i any" option, it doesn't stop if wlanX/ethX interfaces are removed because the other interfaces (like lo, dummy, rmnet) are present.
And on my Android device if I want to capture packets on the wlan0 interfaces for a longer period(which includes multiple WiFi restarts in between), with the current implementation, I wouldn't be able to do it because the tcpdump stops when the WiFi is turned OFF.
So how about we modify the sources of tcpdump and/or libpcap and implement something similar to "-i any". Many linux machines(at least arm64 based android devices) have dummy0 interface, so with a special option, we provide a functionality where we can capture packets on wlan0 interaface and dummy0 interface (although dummy0 interface doesn't produce any packets), so that when wlan0 interface is brought down as part of the WiFi OFF operation we will still have dummy0 interface and tcpdump doesn't exit.
If anyone had thought on similar lines, please comments your thoughts and suggestions.
I'm planning to modify the tcpdump and/or libpcap source code from the AOSP codebase to achieve this.
