Wireshark-bugs: [Wireshark-bugs] [Bug 13119] extcap: stop/restart capture yields a zombie proces
Date: Fri, 11 Nov 2016 09:59:20 +0000

Comment # 5 on bug 13119 from
(In reply to Simone from comment #3)
> Thanks for answering.
> 
> Initially I tried with Wireshark 2.3.0 (v2.3.0rc0-1429-g1ae0c1e) built from
> sources (--with-gtk=yes --with-qt=no --with-extcap --enable-androiddump)
> but, as I was getting zombies, I decided to try with one old stable without
> luck.
> 
> So my question is: is there a proper and/or documented way to handle
> wireshark signals in an extcap? I am not sure if I am not handling signals
> properly or if it is wireshark that somehow kills the extcap without waiting
> for it thus leaving it as a zombie.

On Linux, it makes a difference, which commands are being used to close the
socket. A simple call to close, often keeps the fifo hanging around, and not
stopping the utility, although it appears closed from WS point of view.

closepipe or fclose seem to do the trick, but I would take Dario's reply into
consideration, and take a deeper look at sshdump and udpdump for generic
examples.

Also, keep in mind, that even if you do not start a capture, because some
parameters have been invalid and you return with a usage, you still have to
close the socket if one has been provided.


You are receiving this mail because:
  • You are watching all bug changes.