Wireshark mailing list archives
Re: How to properly finalize capture in a Wireshark extcap plugin?
From: Timmy Brolin <tib () hms se>
Date: Tue, 24 Nov 2020 08:44:07 +0000
There seems to exist several alternative ways of doing it in Windows. Such as sending WM_QUIT or WM_CLOSE on the message queue,This assumes that the program you're trying to tell to terminate *has* a message queue to which it pays attention. Extcap programs are character-mode (console) programs, not windows programs; unless there's some hidden thread that's listening to a Windows message queue in those programs, they won't see that message.
Well, since I am writing the extcap, I can certainly add a Windows message queue, if that is what it takes to make it work properly with Wireshark. I have made some tests with this, but so far I have not seen a WM_CLOSE or WM_QUIT message on the queue.
or CTRL_BREAK_EVENT via SetConsoleCtrlHandler().According to a comment in sig_pipe_kill() in capchild/capture_sync.c: so that might not work either.
So is there no way for an extcap to gracefully end a capture? And thereby no way to for an extcap to send a Interface Statistics Block to Wireshark? I would like for the extcap to be able to report number of dropped packets to wireshark. According to the pcapng specification, this can be done either via the "epb_dropcount" option in the Enhanced Packet Block or via the "isb_ifdrop" or " isb_osdrop" options in the Interface Statistics block. Out of these three options, Wireshark only seems to support the "isb_ifdrop" option, so the Interface Statistics Block is the only way to report dropped packets. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Dario Lombardo (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Guy Harris (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 24)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Graham Bloice (Nov 24)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 24)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Dario Lombardo (Nov 23)