Re: How to stop extcap gracefully

[Roland Knall <rknall () gmail com>]

In the case of ciscodump, there is no closing on the extcap side. Basically
it reads packets indefinitely in ssh_loop_read, until you either have a
read error on the channel, or you got the end packet.

You would need to add another exit condition to the do..while loop there.

extcap programs work a little differently than capture interfaces, as such
it was meant as a management system for piped input, where you have either
a finite number of packets to send to wireshark or you have total control
over what to send. When you have sent all the information you wanted to
send, you simply exit the program. If Wireshark closes the pipe before, we
"should" cleanly exit due to the fact that dumpcap closes the control
stream and terminates the program execution, as we are running in a
child-thread. We have seen in the past, that this might not always happen
100%

kind regards
Roland

Am Sa., 27. Nov. 2021 um 22:51 Uhr schrieb Jirka Novak <j.novak () netsystem cz
> :

> Hi Roland,
>
> > Due to the nature of extcaps, they are not explicitly closed. Instead,
> > you should monitor the created pipes. Dumpcap closes those pipes when
> > the capture has finished. We do send them a kill signal, but due to the
> > nature of the signal handling, this signal may be missed.
> >
> > The sure fire way is, if the pipe gets closed, end the extcap from the
> > extcap side.
>
> can you point me to place where pipes are controlled on extcap side? I
> see common framework there, but I'm not sure where the place is exactly...
>
> Thank you in advance,
>
>                                                         Jirka
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe