Re: [Wireshark-dev] How to properly finalize capture in a Wireshark extcap plugin?

Mon, 23 Nov 2020 05:31:47 -0800 

Indeed the used signal to terminate the extcap is SIGTERM.
Is your signal handler called? Did you run a debugger to see which signal
is interrupting your code?
Did you try your code on unix?

On Mon, Nov 23, 2020 at 10:31 AM Timmy Brolin <t...@hms.se> wrote:

> I am writing a extcap plugin for Wireshark (Windows version). The
> documentation on how Wireshark stops a extcap capture is a bit sketchy, but
> it seems it simply terminates the extcap plugin.
>
> If I run the extcap binary standalone, and stops it with Ctrl+C,
> everything works as expected. The written pcapng file contains all blocks.
> But when Wireshark runs the extcap binary, the last block, the "interface
> statistics block", never shows up in the Wireshark capture.
>
> Is this a bug in Wireshark? Does Wireshark ignore any additional blocks in
> the pcapng fifo after it has sent the signal to kill the extcap binary?
>
> The essential parts of the extcap plugin looks like this:
>
>
>
> static volatile int keepRunning = 1;
>
> void intHandler(int dummy) {
>
>     keepRunning = 0;
>
> }
>
>
>
> int main(int argc, char *argv[])
>
> {
>
>    ... Parse arguments ...
>
>
>
>    fp = fopen (pcOutputFilename, "wb");
>
>    fwrite( &sSHB, sizeof(sSHB), 1, fp ); // write section header block to 
> pcapng file.
>
>    fwrite( &sIDB, sizeof(sIDB), 1, fp ); // write interface description block 
> to pcapng file.
>
>
>
>    signal(SIGINT, intHandler);
>
>    signal(SIGTERM, intHandler);
>
>
>
>    do{
>
>       ... Capture frames and write to fp ...
>
>    }
>
>    while( keepRunning );
>
>
>
>    fwrite( &sISB, sizeof(sISB), 1, fp ); // write interface statistics block 
> to pcapng file.
>
>
>
>    fclose(fp);
>
> }
>
>
>
>
>
>
>
> Regards,
>
> Timmy Brolin
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe



-- 

Naima is online.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to