Wireshark-bugs: [Wireshark-bugs] [Bug 13119] New: extcap: stop/restart capture yields a zombie p
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 10 Nov 2016 18:03:15 +0000
Bug ID 13119
Summary extcap: stop/restart capture yields a zombie process
Product Wireshark
Version unspecified
Hardware x86
OS Ubuntu
Status UNCONFIRMED
Severity Minor
Priority Low
Component Extras
Assignee bugzilla-admin@wireshark.org
Reporter mainardi@ntop.org 

Build Information:
Wireshark 2.0.2 (SVN Rev Unknown from unknown)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.5.1, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with libz 1.2.8, with GLib 2.48.0, with SMI 0.4.8, with c-ares
1.10.0, with Lua 5.2, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT Kerberos,
with GeoIP, with QtMultimedia, without AirPcap.

Running on Linux 4.4.0-45-generic, with locale C, with libpcap version 1.7.4,
with libz 1.2.8, with GnuTLS 3.4.10, with Gcrypt 1.6.5.
Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz (with SSE4.2)

Built using gcc 5.3.1 20160407.
--
The extcap process is left in the system as a zombie every an extcap capture is
stopped/restarted.

Extcap source code is available at
https://github.com/ntop/PF_RING/commit/dc596390faddb3899b353520495ed12c83ad0eda

SIGINT is intercepted and handled inside the extcap code.

This is the relevant part of the WS signal strace recorded when hitting the
stop button during a capture

kill(873, SIGINT)                       = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=873, si_uid=0,
si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn({mask=[]})                 = 22082896
rt_sigaction(SIGCHLD, {SIG_DFL, [], SA_RESTORER, 0x7fe3d2dcd3e0}, NULL, 8) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=871, si_uid=0,
si_status=SIGPIPE, si_utime=0, si_stime=0} ---

Is there a proper way to handle stop/restarts in the extcap?

I also tried with the udpdump extcap available in the wireshark master. In this
case, udpdump processes are created one after the other every time the capture
is stopped/restarted.

simone@devel:~/PF_RING/userland/wireshark/extcap$ ps aux | grep udpdump
root     28491  0.0  0.2 109440 48708 pts/4    S+   17:07   0:00
/usr/lib/x86_64-linux-gnu/wireshark/extcap/.libs/lt-udpdump --capture
--extcap-interface udpdump --fifo /tmp/wireshark_extcap_20161110170752_Ew7HWO
root     28615  0.0  0.2 109440 48820 pts/4    S+   17:08   0:00
/usr/lib/x86_64-linux-gnu/wireshark/extcap/.libs/lt-udpdump --capture
--extcap-interface udpdump --fifo /tmp/wireshark_extcap_20161110170801_BfGd3z
root     28888  0.0  0.2 109440 48752 pts/4    S+   17:08   0:00
/usr/lib/x86_64-linux-gnu/wireshark/extcap/.libs/lt-udpdump --capture
--extcap-interface udpdump --fifo /tmp/wireshark_extcap_20161110170827_aY9BzP
root     29157  0.0  0.2 109440 48708 pts/4    S+   17:08   0:00
/usr/lib/x86_64-linux-gnu/wireshark/extcap/.libs/lt-udpdump --capture
--extcap-interface udpdump --fifo /tmp/wireshark_extcap_20161110170841_2p5BUT

You are receiving this mail because:
  • You are watching all bug changes.