Wireshark mailing list archives
Re: How to properly finalize capture in a Wireshark extcap plugin?
From: Dario Lombardo <lomato () gmail com>
Date: Mon, 23 Nov 2020 14:30:39 +0100
Indeed the used signal to terminate the extcap is SIGTERM. Is your signal handler called? Did you run a debugger to see which signal is interrupting your code? Did you try your code on unix? On Mon, Nov 23, 2020 at 10:31 AM Timmy Brolin <tib () hms se> wrote:
I am writing a extcap plugin for Wireshark (Windows version). The
documentation on how Wireshark stops a extcap capture is a bit sketchy, but
it seems it simply terminates the extcap plugin.
If I run the extcap binary standalone, and stops it with Ctrl+C,
everything works as expected. The written pcapng file contains all blocks.
But when Wireshark runs the extcap binary, the last block, the "interface
statistics block", never shows up in the Wireshark capture.
Is this a bug in Wireshark? Does Wireshark ignore any additional blocks in
the pcapng fifo after it has sent the signal to kill the extcap binary?
The essential parts of the extcap plugin looks like this:
static volatile int keepRunning = 1;
void intHandler(int dummy) {
keepRunning = 0;
}
int main(int argc, char *argv[])
{
... Parse arguments ...
fp = fopen (pcOutputFilename, "wb");
fwrite( &sSHB, sizeof(sSHB), 1, fp ); // write section header block to pcapng file.
fwrite( &sIDB, sizeof(sIDB), 1, fp ); // write interface description block to pcapng file.
signal(SIGINT, intHandler);
signal(SIGTERM, intHandler);
do{
... Capture frames and write to fp ...
}
while( keepRunning );
fwrite( &sISB, sizeof(sISB), 1, fp ); // write interface statistics block to pcapng file.
fclose(fp);
}
Regards,
Timmy Brolin
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe
-- Naima is online.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Dario Lombardo (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Guy Harris (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 24)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Graham Bloice (Nov 24)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 24)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Timmy Brolin (Nov 23)
- Re: How to properly finalize capture in a Wireshark extcap plugin? Dario Lombardo (Nov 23)