 | 1 | initial version |
I assume the idea behind extcap was to make it possible to have a relatively simple extcap program, without, for example, a pipe from dumpcap or Wireshark to the extcap program to send it messages such as a "stop capturing" message. It supports a control pipe to, for example, support changing capture parameters in the middle of the capture, but it doesn't require one.
On UN*X, you can send a signal that the program captures and treats as a "stop capturing" indication. I guess the idea was that TerminateProcess() is the Windows equivalent of kill() - but it isn't, because UN*X signals other than SIGKILL can be caught, but TerminateProcess() just kills the process, SIGKILL-style, rather than SIGTERM-style.
This needs some cleanup work. Please file an issue on this on the Wireshark issue tracker.
