ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Future of extcap "API"

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Tomasz Moń <desowin@xxxxxxxxx>
Date: Wed, 10 Aug 2022 10:11:16 +0200
On Sat, Aug 6, 2022 at 1:09 PM Jirka Novak <j.novak@xxxxxxxxxxxx> wrote:
>    Extcap API:
> i)  When extcap is started, dumpcap pass name of pipe to it and where it
> expects captured data.
> ii)  STDOUT/STDERR is used to report messages/errors of extcap to
> wireshark, but it is shown/evaluated at the end of capture which
> triggers e.g. #17827. STDIN is closed/not used.

STDOUT/STDERR is now (!7673 [1]) read during capture. STDOUT is
ignored, like it always was. STDERR is collected for later use.

I would really like if STDOUT/STDERR information was somehow available
to the user during the capture. Easy access to STDOUT would greatly
simplify extcap development as there is nothing simpler than writing
to STDOUT.

> iii)  There is option that extcap can support control pipes -
> bidirectional channel between wireshark and extcap where extcap can
> show/control options shown in wireshark, can provide capture progress etc.
> iv) When wireshark wants to stop capture, extcap is terminated (kill or
> equal operation on other OSes).

Extcap is sent SIGTERM on UNIX, and forcefully terminated with
TerminateProcess() on Windows. SIGTERM is essentially the grateful
shutdown notification. I wouldn't worry too much about
TerminateProcess() replacement right now, as there are more important
issues that have to be addressed first.

The reason why handling SIGTERM is not enough, is the fact that
dumpcap finishes *before* extcaps are sent SIGTERM. Dumpcap is reading
the capture data and when it finishes, the extcap will receive SIGPIPE
when it tries to write something to the pipe (e.g. Interface
Statistics Block). While extcap can workaround the issue by handling
SIGPIPE, I don't think this is proper solution (as it puts more burden
on extcap and even if handled, the extcap still won't be able to write
Interface Statistics Block).

>    Now I want to implement graceful shutdown. I mean that wireshark
> notify extcap it should end, cleanup and terminates. If extcap do not
> finish graceful shutdown in time (timer), it is killed as before.

The shutdown timer is now there on UNIX (again !7673 [1]). If extcap
process does not finish 30 seconds after SIGTERM, Wireshark sends
SIGKILL. The missing part is to make dumpcap exit only after all
extcaps have finished (not before), so the extcaps have possibility to
cleanly exit if the graceful shutdown includes writing something to
the pipe.

[1] https://gitlab.com/wireshark/wireshark/-/merge_requests/7673
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube