> > There seems to exist several alternative ways of doing it in Windows.
> >
> > Such as sending WM_QUIT or WM_CLOSE on the message queue,
>
> This assumes that the program you're trying to tell to terminate *has* a message queue to which it pays attention.
>
> Extcap programs are character-mode (console) programs, not windows programs; unless there's some hidden thread that's listening to a Windows message queue in those programs, they won't see that message.
Well, since I am writing the extcap, I can certainly add a Windows message queue, if that is what it takes to make it work properly with Wireshark.
I have made some tests with this, but so far I have not seen a WM_CLOSE or WM_QUIT message on the queue.
> > or CTRL_BREAK_EVENT via SetConsoleCtrlHandler().
>
> According to a comment in sig_pipe_kill() in capchild/capture_sync.c:
>
> so that might not work either.
So is there no way for an extcap to gracefully end a capture?
And thereby no way to for an extcap to send a Interface Statistics Block to Wireshark?
I would like for the extcap to be able to report number of dropped packets to wireshark.
According to the pcapng specification, this can be done either via the "epb_dropcount" option in the Enhanced Packet Block or via the "isb_ifdrop" or " isb_osdrop" options in the Interface Statistics block.
Out of these three options, Wireshark only seems to support the "isb_ifdrop" option, so the Interface Statistics Block is the only way to report dropped packets.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
