Wireshark-bugs: [Wireshark-bugs] [Bug 13119] extcap: stop/restart capture yields a zombie proces

Date: Fri, 11 Nov 2016 09:56:59 +0000

Comment # 4 on bug 13119 from
(In reply to Simone from comment #3)
> Thanks for answering.
> 
> Initially I tried with Wireshark 2.3.0 (v2.3.0rc0-1429-g1ae0c1e) built from
> sources (--with-gtk=yes --with-qt=no --with-extcap --enable-androiddump)
> but, as I was getting zombies, I decided to try with one old stable without
> luck.
> 

I'd suggest to
- use cmake (autotools are supported but I'd rather use cmake)
- discontinue using GTK and use QT. That's the default, so you don't have to do
anything in compilation setup. GTK is not developed anymore.
- don't rely on androiddump. It is a good software but is a bit complicate to
figure how extcaps work. Rather use randpktdump that is the simplest. All
extcaps are compiled by default, you don't need to force them to be built.

Then, to have a working wireshark from master I suggest you:

git clone ...
cd wireshark
mkdir build
cd build
cmake ..
make

Tip: use "cmake -GNinja .. && ninja" to boost compilation.

Everything you need is ready out-of-the-box.

> So my question is: is there a proper and/or documented way to handle
> wireshark signals in an extcap? I am not sure if I am not handling signals
> properly or if it is wireshark that somehow kills the extcap without waiting
> for it thus leaving it as a zombie.

Have a look at other extcaps, expecially randpktdump.
Moreover, you can share here your code (it should be public if I recall
correctly) so we can have a look at it.


You are receiving this mail because:
  • You are watching all bug changes.