Wireshark mailing list archives
How to allow Wireshark to stop extcap on Windows?
From: Jirka Novak <j.novak () netsystem cz>
Date: Wed, 1 Dec 2021 15:18:14 +0100
Hi, I'm working on ciscodump extcap tool. I'm touching issue with allow the tool to cleanup when Wireshark stops the capture. When a extcap tool is started, Wireshark just creates a pipe, starts the application and reads the pipe. The application feeds packets and when it decides, it stops (e.g. expected count of packets reached) and exits. Wireshark notice it and that is done. When Wireshark needs to stop the capture, it closes the pipe and terminates the application. On a Unix like systems, application receives SIGPIPE (if it tries to write to closed pipe) and then SIGTERM so can detect it and can cleanup. On Windows, pipe is closed and application is terminated and there is no way how application can detect it. See extcap.c, extcap_if_cleanup() and wsutil/ws_pipe.c, ws_pipe_close() and Win32 API TerminateProcess() documentation. There is prepared way to communicate with extcap with additional pipes, but is used just in specific situation. So I learn that there is no way how to stop extcap on Windows gracefully. I got idea: There is pipe for sending data from extcap to Wireshark. It is used unidirectional nowadays. What about to use it bidirectional? Extcap can read it and e.g. if there is any data, it stops. Or we can implement more advanced method/more commands. BTW there is similar solution between wireshark and dumpcap I found. It is clear that this idea requires reader on extcap side which probably mean second thread. It is obvious too, that many extcaps do not need this and will never try to read from pipe. So Wireshark can write to pipe, but should be aware it may fail and application must be terminated as nowadays. Therefore my idea is to use some kind of timer - send message to stop, wait some fixed time and terminate application as nowadays. If the application will finish sooner, timer will be canceled. My idea is to: - update wsutil/ws_pipe.c or extcap.c to write to the pipe - update extcap/extcap_base.c to read from pipe (start thread?) - update extcap/extcap_base.c to provide simple API to register callback when pipe read happened - if no API used, no read from pipe will be started so it is "legacy" procedure for simple extcaps Any comments and ideas welcomed. Best regards, Jirka Novak ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How to allow Wireshark to stop extcap on Windows? Jirka Novak (Dec 01)