Wireshark mailing list archives
Re: How to properly finalize capture in a Wireshark extcap plugin?
From: Timmy Brolin <tib () hms se>
Date: Mon, 23 Nov 2020 15:09:09 +0000
The signal handler is called when extcap is executed stand-alone, and killed with Ctrl+C (SIGINT). But the signal handler is not called when Wireshark executes the extcap. I have not tried the code in unix. I have no unix machine around. Reading up on it a bit, turns out there is no such thing as SIGTERM in Windows. Sources: https://maruel.ca/post/python_windows_signal/ https://stackoverflow.com/questions/38300117/why-doesnt-sigterm-works-on-windows There seems to exist several alternative ways of doing it in Windows. Such as sending WM_QUIT or WM_CLOSE on the message queue, or CTRL_BREAK_EVENT via SetConsoleCtrlHandler(). Or using SIGINT instead. I guess Wireshark is in fact not using SIGTERM on windows, since that seems to be impossible. So the question is, which of the other methods does Wireshark use to stop the extcap on Windows? From: Wireshark-dev <wireshark-dev-bounces () wireshark org> On Behalf Of Dario Lombardo Sent: den 23 november 2020 14:31 To: Developer support list for Wireshark <wireshark-dev () wireshark org> Subject: Re: [Wireshark-dev] How to properly finalize capture in a Wireshark extcap plugin? Indeed the used signal to terminate the extcap is SIGTERM. Is your signal handler called? Did you run a debugger to see which signal is interrupting your code? Did you try your code on unix? On Mon, Nov 23, 2020 at 10:31 AM Timmy Brolin <tib () hms se<mailto:tib () hms se>> wrote: I am writing a extcap plugin for Wireshark (Windows version). The documentation on how Wireshark stops a extcap capture is a bit sketchy, but it seems it simply terminates the extcap plugin. If I run the extcap binary standalone, and stops it with Ctrl+C, everything works as expected. The written pcapng file contains all blocks. But when Wireshark runs the extcap binary, the last block, the "interface statistics block", never shows up in the Wireshark capture. Is this a bug in Wireshark? Does Wireshark ignore any additional blocks in the pcapng fifo after it has sent the signal to kill the extcap binary? The essential parts of the extcap plugin looks like this: static volatile int keepRunning = 1; void intHandler(int dummy) { keepRunning = 0; } int main(int argc, char *argv[]) { ... Parse arguments ... fp = fopen (pcOutputFilename, "wb"); fwrite( &sSHB, sizeof(sSHB), 1, fp ); // write section header block to pcapng file. fwrite( &sIDB, sizeof(sIDB), 1, fp ); // write interface description block to pcapng file. signal(SIGINT, intHandler); signal(SIGTERM, intHandler); do{ ... Capture frames and write to fp ... } while( keepRunning ); fwrite( &sISB, sizeof(sISB), 1, fp ); // write interface statistics block to pcapng file. fclose(fp); } Regards, Timmy Brolin ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe -- Naima is online.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Dario Lombardo (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Guy Harris (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 24)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Graham Bloice (Nov 24)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 24)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Dario Lombardo (Nov 23)