> > There seems to exist several alternative ways of doing it in Windows. > > > > Such as sending WM_QUIT or WM_CLOSE on the message queue, > > This assumes that the program you're trying to tell to terminate *has* a > message queue to which it pays attention. > > Extcap programs are character-mode (console) programs, not windows programs; > unless there's some hidden thread that's listening to a Windows message queue > in those programs, they won't see that message.
Well, since I am writing the extcap, I can certainly add a Windows message queue, if that is what it takes to make it work properly with Wireshark. I have made some tests with this, but so far I have not seen a WM_CLOSE or WM_QUIT message on the queue. > > or CTRL_BREAK_EVENT via SetConsoleCtrlHandler(). > > According to a comment in sig_pipe_kill() in capchild/capture_sync.c: > > so that might not work either. So is there no way for an extcap to gracefully end a capture? And thereby no way to for an extcap to send a Interface Statistics Block to Wireshark? I would like for the extcap to be able to report number of dropped packets to wireshark. According to the pcapng specification, this can be done either via the "epb_dropcount" option in the Enhanced Packet Block or via the "isb_ifdrop" or " isb_osdrop" options in the Interface Statistics block. Out of these three options, Wireshark only seems to support the "isb_ifdrop" option, so the Interface Statistics Block is the only way to report dropped packets. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
