How to allow Wireshark to stop extcap on Windows?

[Jirka Novak <j.novak () netsystem cz>]

Hi,

  I'm working on ciscodump extcap tool. I'm touching issue with allow
the tool to cleanup when Wireshark stops the capture.

  When a extcap tool is started, Wireshark just creates a pipe, starts
the application and reads the pipe. The application feeds packets and
when it decides, it stops (e.g. expected count of packets reached) and
exits. Wireshark notice it and that is done.
  When Wireshark needs to stop the capture, it closes the pipe and
terminates the application.

  On a Unix like systems, application receives SIGPIPE (if it tries to
write to closed pipe) and then SIGTERM so can detect it and can cleanup.
  On Windows, pipe is closed and application is terminated and there is
no way how application can detect it. See extcap.c, extcap_if_cleanup()
and wsutil/ws_pipe.c, ws_pipe_close() and Win32 API TerminateProcess()
documentation.

  There is prepared way to communicate with extcap with additional
pipes, but is used just in specific situation.

  So I learn that there is no way how to stop extcap on Windows gracefully.

  I got idea:
  There is pipe for sending data from extcap to Wireshark. It is used
unidirectional nowadays. What about to use it bidirectional?
  Extcap can read it and e.g. if there is any data, it stops. Or we can
implement more advanced method/more commands.
  BTW there is similar solution between wireshark and dumpcap I found.

  It is clear that this idea requires reader on extcap side which
probably mean second thread.
  It is obvious too, that many extcaps do not need this and will never
try to read from pipe. So Wireshark can write to pipe, but should be
aware it may fail and application must be terminated as nowadays.
  Therefore my idea is to use some kind of timer - send message to stop,
wait some fixed time and terminate application as nowadays. If the
application will finish sooner, timer will be canceled.

  My idea is to:
- update wsutil/ws_pipe.c or extcap.c to write to the pipe
- update extcap/extcap_base.c to read from pipe (start thread?)
- update extcap/extcap_base.c to provide simple API to register callback
when pipe read happened
  - if no API used, no read from pipe will be started so it is "legacy"
procedure for simple extcaps

  Any comments and ideas welcomed.

                                        Best regards,

                                                Jirka Novak
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe