extcap: new interface, wifidump, to capture Wi-Fi frames using a remote SSH host

CMakeLists.txt

@@ -1167,7 +1167,7 @@ if (NOT WIN32)
 	find_package(M REQUIRED)
 endif()
 
-if(BUILD_sshdump OR BUILD_ciscodump)
+if(BUILD_sshdump OR BUILD_ciscodump OR BUILD_wifidump)
 	set(ENABLE_LIBSSH ON)
 else()
 	set(ENABLE_LIBSSH OFF)
@@ -1752,7 +1752,7 @@ set_package_properties(LIBXML2 PROPERTIES
 set_package_properties(LIBSSH PROPERTIES
 	DESCRIPTION "Library for implementing SSH clients"
 	URL "https://www.libssh.org/"
-	PURPOSE "extcap remote SSH interfaces (sshdump, ciscodump)"
+	PURPOSE "extcap remote SSH interfaces (sshdump, ciscodump, wifidump)"
 )
 set_package_properties(LZ4 PROPERTIES
 	DESCRIPTION "LZ4 is a fast lossless compression algorithm"
@@ -1949,6 +1949,7 @@ if (ASCIIDOCTOR_FOUND)
 		${CMAKE_BINARY_DIR}/doc/rawshark.html
 		${CMAKE_BINARY_DIR}/doc/reordercap.html
 		${CMAKE_BINARY_DIR}/doc/sshdump.html
+		${CMAKE_BINARY_DIR}/doc/wifidump.html
 		${CMAKE_BINARY_DIR}/doc/text2pcap.html
 		${CMAKE_BINARY_DIR}/doc/tshark.html
 		${CMAKE_BINARY_DIR}/doc/wireshark.html

CMakeOptions.txt

@@ -25,6 +25,7 @@ option(BUILD_sshdump       "Build sshdump" ON)
 option(BUILD_ciscodump     "Build ciscodump" ON)
 option(BUILD_dpauxmon      "Build dpauxmon" ON)
 option(BUILD_randpktdump   "Build randpktdump" ON)
+option(BUILD_wifidump      "BUild wifidump" ON)
 if(WIN32 AND NOT MINGW)
 	# XXX - I don't think building etwdump is possible with MinGW-w64 as of
 	# version 9.0 but I would like to be 100% certain.

doc/CMakeLists.txt

@@ -60,6 +60,7 @@ ADD_MAN_PAGE(sshdump     1)
 ADD_MAN_PAGE(text2pcap   1)
 ADD_MAN_PAGE(tshark      1)
 ADD_MAN_PAGE(udpdump     1)
+ADD_MAN_PAGE(wifidump    1)
 
 ADD_MAN_PAGE(extcap           4)
 ADD_MAN_PAGE(wireshark-filter 4)

doc/wifidump.adoc

@@ -0,0 +1,280 @@
+include::../docbook/attributes.adoc[]
+= wifidump(1)
+:doctype: manpage
+:stylesheet: ws.css
+:linkcss:
+:copycss: ../docbook/{stylesheet}
+
+== NAME
+
+wifidump - Provides an interface to capture Wi-Fi frames from a remote host through SSH.
+
+== SYNOPSIS
+
+[manarg]
+*wifidump*
+[ *--help* ]
+[ *--version* ]
+[ *--extcap-interfaces* ]
+[ *--extcap-dlts* ]
+[ *--extcap-interface*=<interface> ]
+[ *--extcap-config* ]
+[ *--extcap-capture-filter*=<capture filter> ]
+[ *--capture* ]
+[ *--fifo*=<path to file or pipe> ]
+[ *--remote-host*=<IP address> ]
+[ *--remote-port*=<TCP port> ]
+[ *--remote-username*=<username> ]
+[ *--remote-password*=<password> ]
+[ *--sshkey*=<public key path> ]
+[ *--remote-interface*=<interface> ]
+[ *--remote-channel-frequency*=<channel frequency> ]
+[ *--remote-channel-width*=<channel width> ]
+
+[manarg]
+*wifidump*
+*--extcap-interfaces*
+
+[manarg]
+*wifidump*
+*--extcap-interface*=<interface>
+*--extcap-dlts*
+
+[manarg]
+*wifidump*
+*--extcap-interface*=<interface>
+*--extcap-config*
+
+[manarg]
+*wifidump*
+*--extcap-interface*=<interface>
+*--fifo*=<path to file or pipe>
+*--capture*
+*--remote-host=myremotehost*
+*--remote-port=22*
+*--remote-username=user*
+*--remote-interface=eth2*
+*--remote-channel-frequency=5180*
+*--remote-channel-width=40*
+
+== DESCRIPTION
+
+*Wifidump* is an extcap tool that allows you to capture Wi-Fi traffic from a
+remote host over an SSH connection using *tcpdump*. The requirement to capture Wi-Fi
+frames is that the remote host must have the necessary binaries to manage and put
+the wanted interface into monitor mode. Such binaries include: *ip*, *iw*, and
+*iwconfig*. Also, because using monitor mode and managing the Wi-Fi interface requires
+root privileges, the system must be configured to allow the wanted user to run
+these binaries using sudo without entering a password.
+
+Typically wifidump is not invoked directly. Instead it can be configured through
+the Wireshark graphical user interface or its command line. The following will
+start Wireshark and start capturing from host *remotehost*:
+
+    $ wireshark '-oextcap.wifidump.remotehost:remotehost' -i wifidump -k
+
+To explicitly control the remote capture command:
+
+    $ wireshark '-oextcap.wifidump.remotehost:remotehost' \
+                '-oextcap.wifidump.remotechannelfrequency:5180' \
+                '-oextcap.wifidump.remotechannelwidth:40' \
+                -i wifidump -k
+
+Supported interfaces:
+
+1. wifidump
+
+== OPTIONS
+
+--help::
++
+--
+Print program arguments.
+--
+
+--version::
++
+--
+Print program version.
+--
+
+--extcap-interfaces::
++
+--
+List available interfaces.
+--
+
+--extcap-interface=<interface>::
++
+--
+Use specified interfaces.
+--
+
+--extcap-dlts::
++
+--
+List DLTs of specified interface.
+--
+
+--extcap-config::
++
+--
+List configuration options of specified interface.
+--
+
+--capture::
++
+--
+Start capturing from specified interface and write raw packet data to the location specified by --fifo.
+--
+
+--fifo=<path to file or pipe>::
++
+--
+Save captured packet to file or send it through pipe.
+--
+
+--remote-host=<remote host>::
++
+--
+The address of the remote host for capture.
+--
+
+--remote-port=<remote port>::
++
+--
+The SSH port of the remote host.
+--
+
+--remote-username=<username>::
++
+--
+The username for ssh authentication.
+--
+
+--remote-password=<password>::
++
+--
+The password to use (if not ssh-agent and pubkey are used). WARNING: the
+passwords are stored in plaintext and visible to all users on this system. It is
+recommended to use keyfiles with a SSH agent.
+--
+
+--sshkey=<SSH private key path>::
++
+--
+The path to a private key for authentication.
+--
+
+--remote-interface=<remote interface>::
++
+--
+The remote network interface to capture from.
+--
+
+--remote-channel-frequency=<channel frequency>::
++
+--
+The remote channel frequency in MHz.
+--
+
+--remote-channel-width=<channel width>::
++
+--
+The remote channel width in MHz.
+--
+
+--extcap-capture-filter=<capture filter>::
++
+--
+The capture filter. It corresponds to the value provided via the *tshark -f*
+option, and the Capture Filter field next to the interfaces list in the
+Wireshark interface.
+--
+
+== EXAMPLES
+
+To see program arguments:
+
+    wifidump --help
+
+To see program version:
+
+    wifidump --version
+
+To see interfaces:
+
+    wifidump --extcap-interfaces
+
+Only one interface (wifidump) is supported.
+
+.Example output
+    interface {value=wifidump}{display=Wi-Fi remote capture}
+
+To see interface DLTs:
+
+    wifidump --extcap-interface=wifidump --extcap-dlts
+
+.Example output
+    dlt {number=147}{name=wifidump}{display=Remote capture dependent DLT}
+
+To see interface configuration options:
+
+    wifidump --extcap-interface=wifidump --extcap-config
+
+.Example output
+    arg {number=0}{call=--remote-host}{display=Remote SSH server address}{type=string}
+        {tooltip=The remote SSH host. It can be both an IP address or a hostname}{required=true}{group=Server}
+    arg {number=1}{call=--remote-port}{display=Remote SSH server port}{type=unsigned}
+        {tooltip=The remote SSH host port (1-65535)}{range=1,65535}{group=Server}
+    arg {number=2}{call=--remote-username}{display=Remote SSH server username}{type=string}
+        {tooltip=The remote SSH username. If not provided, the current user will be used}{group=Authentication}
+    arg {number=3}{call=--remote-password}{display=Remote SSH server password}{type=password}
+        {tooltip=The SSH password, used when other methods (SSH agent or key files) are unavailable.}{group=Authentication}
+    arg {number=4}{call=--sshkey}{display=Path to SSH private key}{type=fileselect}
+        {tooltip=The path on the local filesystem of the private ssh key}{mustexist=true}{group=Authentication}
+    arg {number=5}{call=--sshkey-passphrase}{display=SSH key passphrase}{type=password}
+        {tooltip=Passphrase to unlock the SSH private key}{group=Authentication}
+    arg {number=6}{call=--remote-interface}{display=Remote interface}{type=string}
+        {tooltip=The remote network interface used to capture}{default=auto}{group=Capture}
+    arg {number=7}{call=--remote-channel-frequency}{display=Remote channel}{type=selector}
+        {tooltip=The remote channel used to capture}{group=Capture}
+    arg {number=8}{call=--remote-channel-width}{display=Remote channel width}{type=selector}
+        {tooltip=The remote channel width used to capture}{group=Capture}
+    arg {number=9}{call=--remote-filter}{display=Remote capture filter}{type=string}
+        {tooltip=The remote capture filter}{group=Capture}
+    arg {number=10}{call=--remote-count}{display=Packets to capture}{type=unsigned}
+        {tooltip=The number of remote packets to capture.}{group=Capture}
+    arg {number=11}{call=--log-level}{display=Set the log level}{type=selector}
+        {tooltip=Set the log level}{required=false}{group=Debug}
+    arg {number=12}{call=--log-file}{display=Use a file for logging}{type=fileselect}
+        {tooltip=Set a file where log messages are written}{required=false}{group=Debug}
+
+To capture:
+
+    wifidump --extcap-interface=wifidump --fifo=/tmp/wifidump.pcap --capture --remote-host 192.168.1.10 --remote-username user --remote-channel-frequency 5180 --remote-channel-width 40
+
+NOTE: To stop capturing CTRL+C/kill/terminate application.
+
+The wifidump binary can be renamed to support multiple instances. For instance if we want wifidump
+to show up twice in wireshark (for instance to handle multiple profiles), we can copy wifidump to
+wifidump-host1 and wifidump-host2. Each binary will show up an interface name same as the executable
+name. Those executables not being "wifidump" will show up as "custom version" in the interface description.
+
+== SEE ALSO
+
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1)
+
+== NOTES
+
+*Wifidump* is part of the *Wireshark* distribution.  The latest version
+of *Wireshark* can be found at https://www.wireshark.org.
+
+HTML versions of the Wireshark project man pages are available at
+https://www.wireshark.org/docs/man-pages.
+
+== AUTHORS
+
+.Original Author
+[%hardbreaks]
+Adrian Granados <adrian[AT]intuitibits.com>

extcap/.editorconfig

@@ -4,6 +4,6 @@
 # https://editorconfig.org
 #
 
-[{ciscodump,randpktdump,ssh-base,sshdump,udpdump}.[ch]]
+[{ciscodump,randpktdump,ssh-base,sshdump,udpdump,wifidump}.[ch]]
 indent_style = tab
 indent_size = tab

extcap/CMakeLists.txt

@@ -180,6 +180,32 @@ elseif (BUILD_ciscodump)
 	#message( WARNING "Cannot find libssh, cannot build ciscodump" )
 endif()
 
+if(BUILD_wifidump AND LIBSSH_FOUND)
+	set(wifidump_LIBS
+		writecap
+		wsutil
+		${CMAKE_DL_LIBS}
+		${WIN_WS2_32_LIBRARY}
+		${LIBSSH_LIBRARIES}
+	)
+	set(wifidump_FILES
+		$<TARGET_OBJECTS:cli_main>
+		$<TARGET_OBJECTS:extcap-base>
+		$<TARGET_OBJECTS:ssh-base>
+		wifidump.c
+	)
+
+	set_executable_resources(wifidump "Wifidump")
+	add_executable(wifidump ${wifidump_FILES})
+	set_extcap_executable_properties(wifidump)
+	target_link_libraries(wifidump ${wifidump_LIBS})
+	target_include_directories(wifidump SYSTEM PRIVATE ${LIBSSH_INCLUDE_DIRS})
+	install(TARGETS wifidump RUNTIME DESTINATION ${EXTCAP_INSTALL_LIBDIR})
+	add_dependencies(extcaps wifidump)
+elseif (BUILD_wifidump)
+	#message( WARNING "Cannot find libssh, cannot build wifidump" )
+endif()
+
 if(BUILD_dpauxmon AND HAVE_LIBNL3)
 	set(dpauxmon_LIBS
 		wsutil

extcap/wifidump.c

@@ -0,0 +1,745 @@
+/* wifidump.c
+ * wifidump is an extcap tool used to capture Wi-Fi frames using a remote ssh host
+ *
+ * Adapted from sshdump.
+ *
+ * Copyright 2022, Adrian Granados <adrian@intuitibits.com>
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+#define WS_LOG_DOMAIN "wifidump"
+
+#include <extcap/extcap-base.h>
+#include <extcap/ssh-base.h>
+#include <wsutil/interface.h>
+#include <wsutil/file_util.h>
+#include <wsutil/strtoi.h>
+#include <wsutil/filesystem.h>
+#include <wsutil/privileges.h>
+#include <wsutil/please_report_bug.h>
+#include <wsutil/wslog.h>
+
+#include <errno.h>
+#include <string.h>
+#include <fcntl.h>
+
+#include <cli_main.h>
+
+static gchar* wifidump_extcap_interface;
+#ifdef _WIN32
+#define DEFAULT_WIFIDUMP_EXTCAP_INTERFACE "wifidump.exe"
+#else
+#define DEFAULT_WIFIDUMP_EXTCAP_INTERFACE "wifidump"
+#endif
+
+#define WIFIDUMP_VERSION_MAJOR "1"
+#define WIFIDUMP_VERSION_MINOR "0"
+#define WIFIDUMP_VERSION_RELEASE "0"
+
+#define SSH_READ_BLOCK_SIZE 256
+
+enum {
+	EXTCAP_BASE_OPTIONS_ENUM,
+	OPT_HELP,
+	OPT_VERSION,
+	OPT_REMOTE_HOST,
+	OPT_REMOTE_PORT,
+	OPT_REMOTE_USERNAME,
+	OPT_REMOTE_PASSWORD,
+	OPT_REMOTE_INTERFACE,
+	OPT_REMOTE_CHANNEL_FREQUENCY,
+	OPT_REMOTE_CHANNEL_WIDTH,
+	OPT_REMOTE_FILTER,
+	OPT_SSHKEY,
+	OPT_SSHKEY_PASSPHRASE,
+	OPT_PROXYCOMMAND,
+	OPT_REMOTE_COUNT
+};
+
+static struct ws_option longopts[] = {
+	EXTCAP_BASE_OPTIONS,
+	{ "help", ws_no_argument, NULL, OPT_HELP},
+	{ "version", ws_no_argument, NULL, OPT_VERSION},
+	SSH_BASE_OPTIONS,
+	{ "remote-channel-frequency", ws_required_argument, NULL, OPT_REMOTE_CHANNEL_FREQUENCY},
+	{ "remote-channel-width", ws_required_argument, NULL, OPT_REMOTE_CHANNEL_WIDTH},
+	{ 0, 0, 0, 0}
+};
+
+static const char * remote_capture_functions =
+"\n"
+"function iface_down {\n"
+"  local iface=$1\n"
+"  sudo ip link set $iface down > /dev/null 2>&1\n"
+"}\n"
+"\n"
+"function iface_up {\n"
+"  local iface=$1\n"
+"  sudo ip link set $iface up > /dev/null 2>&1\n"
+"}\n"
+"\n"
+"function iface_monitor {\n"
+"  local iface=$1\n"
+"  sudo iw dev $iface set monitor none > /dev/null 2>&1 ||\n"
+"  sudo iw dev $iface set type monitor > /dev/null 2>&1\n"
+"}\n"
+"\n"
+"function iface_scan {\n"
+"  local iface=$1\n"
+"  iface_down $iface &&\n"
+"  sudo iw dev $iface set type managed > /dev/null 2>&1 &&\n"
+"  iface_up $iface &&\n"
+"  sudo iw dev $iface scan > /dev/null 2>&1\n"
+"}\n"
+"\n"
+"function iface_config {\n"
+"  local iface=$1\n"
+"  local freq=$2\n"
+"  local ch_width=$3\n"
+"  local center_freq=$4\n"
+"  if [ $freq -eq $center_freq ]; then\n"
+"    sudo iw dev $1 set freq $freq $ch_width 2>&1\n"
+"  else\n"
+"    sudo iw dev $1 set freq $freq $ch_width $center_freq 2>&1\n"
+"  fi\n"
+"}\n"
+"\n"
+"function iface_start {\n"
+"  local iface=$1\n"
+"  local count=$2\n"
+"  local filter=\"${@:3}\"\n"
+"  if [ $count -gt 0 ]; then\n"
+"    sudo tcpdump -i $iface -U -w - -c $count $filter\n"
+"  else\n"
+"    sudo tcpdump -i $iface -U -w - $filter\n"
+"  fi\n"
+"}\n"
+"\n"
+"function capture_generic {\n"
+"  local iface=$1\n"
+"  local freq=$2\n"
+"  local ch_width=$3\n"
+"  local center_freq=$4\n"
+"  local count=$5\n"
+"  local filter=\"${@:6}\"\n"
+"  if ! { iwconfig $iface | grep Monitor > /dev/null 2>&1; }; then\n"
+"    iface_down    $iface &&\n"
+"    iface_monitor $iface &&\n"
+"    iface_up      $iface\n"
+"  fi\n"
+"  iface_config  $iface $freq $ch_width $center_freq &&\n"
+"  iface_start   $iface $count $filter\n"
+"}\n"
+"\n"
+"function capture_iwlwifi {\n"
+"  local iface=$1\n"
+"  local freq=$2\n"
+"  local ch_width=$3\n"
+"  local center_freq=$4\n"
+"  local count=$5\n"
+"  local filter=\"${@:6}\"\n"
+"  INDEX=`sudo iw dev $iface info | grep wiphy | grep -Eo '[0-9]+'`\n"
+"  sudo iw phy phy${INDEX} channels | grep $freq | grep -i disabled > /dev/null 2>&1 &&\n"
+"  iface_scan $iface\n"
+"  MON=${iface}mon\n"
+"  sudo iw $iface interface add $MON type monitor flags none > /dev/null 2>&1\n"
+"  iface_up $MON &&\n"
+"  iface_down $iface &&\n"
+"  iface_config $MON $freq $ch_width $center_freq &&\n"
+"  iface_start $MON $count $filter\n"
+"}\n"
+"\n"
+"function capture {\n"
+"  local iface=$1\n"
+"  local freq=$2\n"
+"  local ch_width=$3\n"
+"  local center_freq=$4\n"
+"  local count=$5\n"
+"  local filter=\"${@:6}\"\n"
+"  if [ \"$iface\" == \"auto\" ]; then\n"
+"    iface=`sudo iw dev | grep -i interface | awk '{ print $2 }' | sort | head -n 1`\n"
+"  fi\n"
+"  local driver=`/usr/sbin/ethtool -i $iface | grep driver | awk '{ print $2 }'`\n"
+"  if [ $driver = \"iwlwifi\" ]; then\n"
+"    capture_iwlwifi $iface $freq $ch_width $center_freq $count $filter\n"
+"  else\n"
+"    capture_generic $iface $freq $ch_width $center_freq $count $filter\n"
+"  fi\n"
+"}\n"
+"\n";
+
+static unsigned int wifi_freqs_2dot4_5ghz[] = {
+	2412, 2417, 2422, 2427, 2432, 2437, 2442, 2447, 2452, 2457, 2462,
+	2467, 2472, 2484,
+	5180, 5200, 5220, 5240, 5260, 5280, 5300, 5320, 5500, 5520, 5540, 5560, 5580,
+  5600, 5620, 5640, 5660, 5680, 5700, 5720, 5745, 5765, 5785, 5805, 5825,
+	0
+};
+
+static unsigned int freq_to_channel(unsigned int freq_mhz) {
+	if (freq_mhz == 2484)
+		return 14;
+	else if (freq_mhz >= 2412 && freq_mhz <= 2484)
+		return ((freq_mhz - 2412) / 5) + 1;
+	else if (freq_mhz >= 5160 && freq_mhz <= 5885)
+		return ((freq_mhz - 5180) / 5) + 36;
+	else if (freq_mhz >= 5955 && freq_mhz <= 7115)
+		return ((freq_mhz - 5955) / 5) + 1;
+	else
+		return 0;
+}
+
+static const char *freq_to_band(unsigned int freq_mhz)
+{
+	if (freq_mhz >= 2412 && freq_mhz <= 2484)
+		return "2.4 GHz";
+	else if (freq_mhz >= 5160 && freq_mhz <= 5885)
+		return "5 GHz";
+	else if (freq_mhz >= 5955 && freq_mhz <= 7115)
+		return "6 GHz";
+	else
+	 return NULL;
+}
+
+static unsigned int center_freq(unsigned int freq_mhz, unsigned int ch_width_mhz) {
+
+	unsigned int start_freq;
+
+	if (ch_width_mhz == 20) {
+		return freq_mhz;
+	}
+  else if (ch_width_mhz == 40) {
+    if (freq_mhz >= 5180 && freq_mhz <= 5720) {
+			for (start_freq = 5180; start_freq <= 5700; start_freq += ch_width_mhz) {
+      	if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 20))
+        	return ((start_freq * 2) + 20) / 2;
+			}
+		}
+    else if (freq_mhz >= 5745 && freq_mhz <= 5765)
+      return 5755;
+    else if (freq_mhz >= 5785 && freq_mhz <= 5805)
+      return 5795;
+    else if (freq_mhz >= 5955 && freq_mhz <= 7095) {
+			for (start_freq = 5955; start_freq <= 7075; start_freq += ch_width_mhz) {
+        if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 20))
+          return ((start_freq * 2) + 20) / 2;
+			}
+		}
+	}
+  else if (ch_width_mhz == 80) {
+    if (freq_mhz >= 5180 && freq_mhz <= 5660) {
+			for (start_freq = 5180; start_freq <= 5660; start_freq += ch_width_mhz) {
+      	if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 60))
+        	return ((start_freq * 2) + 60) / 2;
+			}
+		}
+    else if (freq_mhz >= 5745 && freq_mhz <= 5805)
+      return 5775;
+    else if (freq_mhz >= 5955 && freq_mhz <= 7055) {
+			for (start_freq = 5955; start_freq <= 6995; start_freq += ch_width_mhz) {
+        if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 60))
+        	return ((start_freq * 2) + 60) / 2;
+			}
+		}
+	}
+  else if (ch_width_mhz == 160) {
+    if (freq_mhz >= 5180 && freq_mhz <= 5640) {
+			for (start_freq = 5180; start_freq <= 5500; start_freq += ch_width_mhz) {
+        if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 140))
+          return ((start_freq * 2) + 140) / 2;
+			}
+		}
+    else if (freq_mhz >= 5955 && freq_mhz <= 7055) {
+			for (start_freq = 5955; start_freq <= 6915; start_freq += ch_width_mhz) {
+      	if (freq_mhz >= start_freq && freq_mhz <= (start_freq + 140))
+        	return ((start_freq * 2) + 140) / 2;
+			}
+		}
+	}
+
+  return -1;
+}
+
+static int ssh_loop_read(ssh_channel channel, FILE* fp)
+{
+	int nbytes;
+	int ret = EXIT_SUCCESS;
+	char buffer[SSH_READ_BLOCK_SIZE];
+
+	/* read from stdin until data are available */
+	while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) {
+		nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE, 0);
+		if (nbytes < 0) {
+			ws_warning("Error reading from channel");
+			goto end;
+		}
+		if (nbytes == 0) {
+			break;
+		}
+		if (fwrite(buffer, 1, nbytes, fp) != (guint)nbytes) {
+			ws_warning("Error writing to fifo");
+			ret = EXIT_FAILURE;
+			goto end;
+		}
+		fflush(fp);
+	}
+
+	/* read loop finished... maybe something wrong happened. Read from stderr */
+	while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) {
+		nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE, 1);
+		if (nbytes < 0) {
+			ws_warning("Error reading from channel");
+			goto end;
+		}
+		if (fwrite(buffer, 1, nbytes, stderr) != (guint)nbytes) {
+			ws_warning("Error writing to stderr");
+			break;
+		}
+	}
+
+end:
+	if (ssh_channel_send_eof(channel) != SSH_OK) {
+		ws_warning("Error sending EOF in ssh channel");
+		ret = EXIT_FAILURE;
+	}
+	return ret;
+}
+
+static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_functions,
+	const char* iface, const guint16 channel_frequency, const guint16 channel_width,
+	const guint16 center_frequency, const char* cfilter, const guint32 count)
+{
+	gchar* cmdline;
+	ssh_channel channel;
+	char* quoted_iface = NULL;
+	char* quoted_filter = NULL;
+	char* count_str = NULL;
+	unsigned int remote_port = 22;
+
+	channel = ssh_channel_new(sshs);
+	if (!channel) {
+		ws_warning("Can't create channel");
+		return NULL;
+	}
+
+	if (ssh_channel_open_session(channel) != SSH_OK) {
+		ws_warning("Can't open session");
+		ssh_channel_free(channel);
+		return NULL;
+	}
+
+	ssh_options_get_port(sshs, &remote_port);
+
+	quoted_iface = iface ? g_shell_quote(iface) : NULL;
+	quoted_filter = g_shell_quote(cfilter ? cfilter : "");
+	cmdline = ws_strdup_printf("%s capture %s %u %u %u %u %s",
+		capture_functions,
+		quoted_iface ? quoted_iface : "auto",
+		channel_frequency,
+		channel_width,
+		center_frequency,
+		count,
+		quoted_filter);
+
+	ws_debug("Running: %s", cmdline);
+	if (ssh_channel_request_exec(channel, cmdline) != SSH_OK) {
+		ws_warning("Can't request exec");
+		ssh_channel_close(channel);
+		ssh_channel_free(channel);
+		channel = NULL;
+	}
+
+	g_free(quoted_iface);
+	g_free(quoted_filter);
+	g_free(cmdline);
+	g_free(count_str);
+
+	return channel;
+}
+
+static int ssh_open_remote_connection(const ssh_params_t* params, const char* capture_functions,
+	const char* iface, const guint16 channel_frequency, const guint16 channel_width,
+	const guint16 center_frequency, const char* cfilter, const guint32 count, const char* fifo)
+{
+	ssh_session sshs = NULL;
+	ssh_channel channel = NULL;
+	FILE* fp = stdout;
+	int ret = EXIT_FAILURE;
+	char* err_info = NULL;
+
+	if (g_strcmp0(fifo, "-")) {
+		/* Open or create the output file */
+		fp = fopen(fifo, "wb");
+		if (fp == NULL) {
+			ws_warning("Error creating output file: %s (%s)", fifo, g_strerror(errno));
+			return EXIT_FAILURE;
+		}
+	}
+
+	sshs = create_ssh_connection(params, &err_info);
+
+	if (!sshs) {
+		ws_warning("Error creating connection.");
+		goto cleanup;
+	}
+
+	channel = run_ssh_command(sshs, capture_functions, iface, channel_frequency,
+		channel_width, center_frequency, cfilter, count);
+
+	if (!channel) {
+		ws_warning("Can't run ssh command.");
+		goto cleanup;
+	}
+
+	/* read from channel and write into fp */
+	if (ssh_loop_read(channel, fp) != EXIT_SUCCESS) {
+		ws_warning("Error in read loop.");
+		ret = EXIT_FAILURE;
+		goto cleanup;
+	}
+
+	ret = EXIT_SUCCESS;
+cleanup:
+	if (err_info)
+		ws_warning("%s", err_info);
+	g_free(err_info);
+
+	/* clean up and exit */
+	ssh_cleanup(&sshs, &channel);
+
+	if (g_strcmp0(fifo, "-"))
+		fclose(fp);
+	return ret;
+}
+
+static int list_config(char *interface)
+{
+	unsigned inc = 0;
+	int i, psc;
+
+	if (!interface) {
+		ws_warning("ERROR: No interface specified.");
+		return EXIT_FAILURE;
+	}
+
+	if (g_strcmp0(interface, wifidump_extcap_interface)) {
+		ws_warning("ERROR: interface must be %s", wifidump_extcap_interface);
+		return EXIT_FAILURE;
+	}
+
+	// Server tab
+	printf("arg {number=%u}{call=--remote-host}{display=Remote SSH server address}"
+		"{type=string}{tooltip=The remote SSH host. It can be both "
+		"an IP address or a hostname}{required=true}{group=Server}\n", inc++);
+	printf("arg {number=%u}{call=--remote-port}{display=Remote SSH server port}"
+		"{type=unsigned}{tooltip=The remote SSH host port (1-65535)}"
+		"{range=1,65535}{group=Server}\n", inc++);
+
+	// Authentication tab
+	printf("arg {number=%u}{call=--remote-username}{display=Remote SSH server username}"
+		"{type=string}{tooltip=The remote SSH username. If not provided, "
+		"the current user will be used}{group=Authentication}\n", inc++);
+	printf("arg {number=%u}{call=--remote-password}{display=Remote SSH server password}"
+		"{type=password}{tooltip=The SSH password, used when other methods (SSH agent "
+		"or key files) are unavailable.}{group=Authentication}\n", inc++);
+	printf("arg {number=%u}{call=--sshkey}{display=Path to SSH private key}"
+		"{type=fileselect}{tooltip=The path on the local filesystem of the private ssh key}"
+		"{mustexist=true}{group=Authentication}\n", inc++);
+	printf("arg {number=%u}{call=--sshkey-passphrase}{display=SSH key passphrase}"
+		"{type=password}{tooltip=Passphrase to unlock the SSH private key}{group=Authentication}\n",
+		inc++);
+
+	// Capture tab
+	printf("arg {number=%u}{call=--remote-interface}{display=Remote interface}"
+		"{type=string}{tooltip=The remote network interface used to capture"
+		"}{default=auto}{group=Capture}\n", inc++);
+	printf("arg {number=%u}{call=--remote-channel-frequency}{display=Remote channel}"
+		"{type=selector}{tooltip=The remote channel used to capture}{group=Capture}\n", inc);
+
+	unsigned int freq = 0;
+	for (i = 0; (freq = wifi_freqs_2dot4_5ghz[i]); i++) {
+		printf("value {arg=%u}{value=%u}{display=%s, Channel %u}\n", inc, freq, freq_to_band(freq), freq_to_channel(freq));
+	}
+
+	for (freq = 5955, psc = 3; freq <= 7115; freq += 20, psc++) {
+		printf("value {arg=%u}{value=%u}{display=%s, Channel %u%s}\n", inc, freq,
+			freq_to_band(freq), freq_to_channel(freq), (psc % 4 == 0) ? " (PSC)" : "");
+	}
+	inc++;
+
+	printf("arg {number=%u}{call=--remote-channel-width}{display=Remote channel width}"
+		"{type=selector}{tooltip=The remote channel width used to capture}"
+		"{group=Capture}\n", inc);
+	printf("value {arg=%u}{value=20}{display=20 MHz}\n", inc);
+	printf("value {arg=%u}{value=40}{display=40 MHz}\n", inc);
+	printf("value {arg=%u}{value=80}{display=80 MHz}\n", inc);
+	printf("value {arg=%u}{value=160}{display=160 MHz}\n", inc);
+	inc++;
+
+	printf("arg {number=%u}{call=--remote-filter}{display=Remote capture filter}{type=string}"
+		"{tooltip=The remote capture filter}{group=Capture}\n", inc++);
+	printf("arg {number=%u}{call=--remote-count}{display=Frames to capture}"
+		"{type=unsigned}{tooltip=The number of remote frames to capture.}"
+		"{group=Capture}\n", inc++);
+
+	extcap_config_debug(&inc);
+
+	return EXIT_SUCCESS;
+}
+
+static char* concat_filters(const char* extcap_filter, const char* remote_filter)
+{
+	if (!extcap_filter && remote_filter)
+		return g_strdup(remote_filter);
+
+	if (!remote_filter && extcap_filter)
+		return g_strdup(extcap_filter);
+
+	if (!remote_filter && !extcap_filter)
+		return NULL;
+
+	return ws_strdup_printf("(%s) and (%s)", extcap_filter, remote_filter);
+}
+
+int main(int argc, char *argv[])
+{
+	char* err_msg;
+	int result;
+	int option_idx = 0;
+	ssh_params_t* ssh_params = ssh_params_new();
+	char* remote_interface = NULL;
+	guint16 remote_channel_frequency = 0;
+	guint16 remote_channel_width = 0;
+	guint16 remote_center_frequency = 0;
+	char* remote_filter = NULL;
+	guint32 count = 0;
+	int ret = EXIT_FAILURE;
+	extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1);
+	char* help_url;
+	char* help_header = NULL;
+	gchar* interface_description = g_strdup("Wi-Fi remote capture");
+
+	/* Initialize log handler early so we can have proper logging during startup. */
+	extcap_log_init("wifidump");
+
+	wifidump_extcap_interface = g_path_get_basename(argv[0]);
+
+	/*
+	 * Get credential information for later use.
+	 */
+	init_process_policies();
+
+	/*
+	 * Attempt to get the pathname of the directory containing the
+	 * executable file.
+	 */
+	err_msg = init_progfile_dir(argv[0]);
+	if (err_msg != NULL) {
+		ws_warning("Can't get pathname of directory containing the extcap program: %s.",
+			err_msg);
+		g_free(err_msg);
+	}
+
+	help_url = data_file_url("wifidump.html");
+	extcap_base_set_util_info(extcap_conf, argv[0], WIFIDUMP_VERSION_MAJOR, WIFIDUMP_VERSION_MINOR,
+		WIFIDUMP_VERSION_RELEASE, help_url);
+	g_free(help_url);
+	add_libssh_info(extcap_conf);
+	if (g_strcmp0(wifidump_extcap_interface, DEFAULT_WIFIDUMP_EXTCAP_INTERFACE)) {
+		gchar* temp = interface_description;
+		interface_description = ws_strdup_printf("%s, custom version", interface_description);
+		g_free(temp);
+	}
+	extcap_base_register_interface(extcap_conf, wifidump_extcap_interface, interface_description, 147, "Remote capture dependent DLT");
+	g_free(interface_description);
+
+	help_header = ws_strdup_printf(
+		" %s --extcap-interfaces\n"
+		" %s --extcap-interface=%s --extcap-dlts\n"
+		" %s --extcap-interface=%s --extcap-config\n"
+		" %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
+		"--remote-username myuser --remote-interface wlan0 --remote-channel-frequency 5180 "
+		"--remote-channel-width 40 --fifo=FILENAME --capture\n", argv[0], argv[0], wifidump_extcap_interface, argv[0],
+		wifidump_extcap_interface, argv[0], wifidump_extcap_interface);
+	extcap_help_add_header(extcap_conf, help_header);
+	g_free(help_header);
+	extcap_help_add_option(extcap_conf, "--help", "print this help");
+	extcap_help_add_option(extcap_conf, "--version", "print the version");
+	extcap_help_add_option(extcap_conf, "--remote-host <host>", "the remote SSH host");
+	extcap_help_add_option(extcap_conf, "--remote-port <port>", "the remote SSH port");
+	extcap_help_add_option(extcap_conf, "--remote-username <username>", "the remote SSH username");
+	extcap_help_add_option(extcap_conf, "--remote-password <password>", "the remote SSH password. If not specified, ssh-agent and ssh-key are used");
+	extcap_help_add_option(extcap_conf, "--sshkey <public key path>", "the path of the ssh key");
+	extcap_help_add_option(extcap_conf, "--sshkey-passphrase <public key passphrase>", "the passphrase to unlock public ssh");
+	extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface");
+	extcap_help_add_option(extcap_conf, "--remote-channel-frequency <channel_frequency>", "the remote channel frequency in MHz");
+	extcap_help_add_option(extcap_conf, "--remote-channel-width <channel_width>", "the remote channel width in MHz");
+	extcap_help_add_option(extcap_conf, "--remote-filter <filter>", "a filter for remote capture");
+	extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of frames to capture");
+
+	ws_opterr = 0;
+	ws_optind = 0;
+
+	if (argc == 1) {
+		extcap_help_print(extcap_conf);
+		goto end;
+	}
+
+	while ((result = ws_getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) {
+
+		switch (result) {
+
+		case OPT_HELP:
+			extcap_help_print(extcap_conf);
+			ret = EXIT_SUCCESS;
+			goto end;
+
+		case OPT_VERSION:
+			extcap_version_print(extcap_conf);
+			ret = EXIT_SUCCESS;
+			goto end;
+
+		case OPT_REMOTE_HOST:
+			g_free(ssh_params->host);
+			ssh_params->host = g_strdup(ws_optarg);
+			break;
+
+		case OPT_REMOTE_PORT:
+			if (!ws_strtou16(ws_optarg, NULL, &ssh_params->port) || ssh_params->port == 0) {
+				ws_warning("Invalid port: %s", ws_optarg);
+				goto end;
+			}
+			break;
+
+		case OPT_REMOTE_USERNAME:
+			g_free(ssh_params->username);
+			ssh_params->username = g_strdup(ws_optarg);
+			break;
+
+		case OPT_REMOTE_PASSWORD:
+			g_free(ssh_params->password);
+			ssh_params->password = g_strdup(ws_optarg);
+			memset(ws_optarg, 'X', strlen(ws_optarg));
+			break;
+
+		case OPT_SSHKEY:
+			g_free(ssh_params->sshkey_path);
+			ssh_params->sshkey_path = g_strdup(ws_optarg);
+			break;
+
+		case OPT_SSHKEY_PASSPHRASE:
+			g_free(ssh_params->sshkey_passphrase);
+			ssh_params->sshkey_passphrase = g_strdup(ws_optarg);
+			memset(ws_optarg, 'X', strlen(ws_optarg));
+			break;
+
+		case OPT_REMOTE_INTERFACE:
+			g_free(remote_interface);
+			remote_interface = g_strdup(ws_optarg);
+			break;
+
+		case OPT_REMOTE_CHANNEL_FREQUENCY:
+			if (!ws_strtou16(ws_optarg, NULL, &remote_channel_frequency)) {
+				ws_warning("Invalid channel frequency: %s", ws_optarg);
+				goto end;
+			}
+			break;
+
+		case OPT_REMOTE_CHANNEL_WIDTH:
+			if (!ws_strtou16(ws_optarg, NULL, &remote_channel_width)) {
+				ws_warning("Invalid channel width: %s", ws_optarg);
+				goto end;
+			}
+			break;
+
+		case OPT_REMOTE_FILTER:
+			g_free(remote_filter);
+			remote_filter = g_strdup(ws_optarg);
+			break;
+
+		case OPT_REMOTE_COUNT:
+			if (!ws_strtou32(ws_optarg, NULL, &count)) {
+				ws_warning("Invalid value for count: %s", ws_optarg);
+				goto end;
+			}
+			break;
+
+		case ':':
+			/* missing option argument */
+			ws_warning("Option '%s' requires an argument", argv[ws_optind - 1]);
+			break;
+
+		default:
+			if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, ws_optarg)) {
+				ws_warning("Invalid option: %s", argv[ws_optind - 1]);
+				goto end;
+			}
+		}
+	}
+
+	extcap_cmdline_debug(argv, argc);
+
+	if (extcap_base_handle_interface(extcap_conf)) {
+		ret = EXIT_SUCCESS;
+		goto end;
+	}
+
+	if (extcap_conf->show_config) {
+		ret = list_config(extcap_conf->interface);
+		goto end;
+	}
+
+	err_msg = ws_init_sockets();
+	if (err_msg != NULL) {
+		ws_warning("ERROR: %s", err_msg);
+		g_free(err_msg);
+		ws_warning("%s", please_report_bug());
+		goto end;
+	}
+
+	if (extcap_conf->capture) {
+		char* filter;
+
+		if (!ssh_params->host) {
+			ws_warning("Missing parameter: --remote-host");
+			goto end;
+		}
+		remote_center_frequency = center_freq(remote_channel_frequency, remote_channel_width);
+		filter = concat_filters(extcap_conf->capture_filter, remote_filter);
+		ssh_params->debug = extcap_conf->debug;
+		ret = ssh_open_remote_connection(ssh_params, remote_capture_functions,
+			remote_interface, remote_channel_frequency, remote_channel_width, remote_center_frequency,
+			filter, count, extcap_conf->fifo);
+		g_free(filter);
+	} else {
+		ws_debug("You should not come here... maybe some parameter missing?");
+		ret = EXIT_FAILURE;
+	}
+
+end:
+	/* clean up stuff */
+	ssh_params_free(ssh_params);
+	g_free(remote_interface);
+	g_free(remote_filter);
+	extcap_base_cleanup(&extcap_conf);
+	return ret;
+}
+
+/*
+ * Editor modelines  -  https://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 noexpandtab:
+ * :indentSize=8:tabSize=8:noTabs=false:
+ */

packaging/debian/wireshark-common.manpages

@@ -13,5 +13,6 @@ obj-*/doc/ciscodump.1
 obj-*/doc/randpktdump.1
 obj-*/doc/udpdump.1
 obj-*/doc/sshdump.1
+obj-*/doc/wifidump.1
 obj-*/doc/extcap.4
 obj-*/doc/wireshark-filter.4

packaging/nsis/uninstall.nsi

@@ -143,6 +143,7 @@ Push "sshdump"
 Push "text2pcap"
 Push "tshark"
 Push "udpdump"
+Push "wifidump"
 
 !ifdef MMDBRESOLVE_EXE
 Push "mmdbresolve"
@@ -192,6 +193,7 @@ Delete "$INSTDIR\extcap\randpktdump.*"
 Delete "$INSTDIR\extcap\sshdump.*"
 Delete "$INSTDIR\extcap\ciscodump.*"
 Delete "$INSTDIR\extcap\udpdump.*"
+Delete "$INSTDIR\extcap\wifidump.*"
 Delete "$INSTDIR\help\*.*"
 Delete "$INSTDIR\iconengines\*.*"
 Delete "$INSTDIR\imageformats\*.*"

packaging/nsis/wireshark.nsi

@@ -1182,13 +1182,15 @@ Section /o "Androiddump" SecAndroiddump
 SectionEnd
 !insertmacro CheckExtrasFlag "androiddump"
 
-Section /o "Sshdump and Ciscodump" SecSshdump
+Section /o "Sshdump, Ciscodump, and Wifidump" SecSshdump
 ;-------------------------------------------
   !insertmacro InstallExtcap "sshdump"
   !insertmacro InstallExtcap "ciscodump"
+  !insertmacro InstallExtcap "wifidump"
 SectionEnd
 !insertmacro CheckExtrasFlag "sshdump"
 !insertmacro CheckExtrasFlag "ciscodump"
+!insertmacro CheckExtrasFlag "wifidump"
 
 Section /o "UDPdump" SecUDPdump
 ;-------------------------------------------

packaging/wix/ComponentGroups.wxi

@@ -563,6 +563,26 @@
     </ComponentGroup>
   </Fragment>
 
+  <!-- Wifidump -->
+  <Fragment>
+    <DirectoryRef Id="dirExtcap">
+      <Component Id="cmpWifidump_exe" Guid="*">
+        <File Id="filWifidump_exe" KeyPath="yes" Source="$(var.Extcap.Dir)\wifidump.exe" />
+      </Component>
+    </DirectoryRef>
+    <DirectoryRef Id="INSTALLFOLDER">
+      <Component Id="cmpWifidump_html" Guid="*">
+        <File Id="filWifidump_html" KeyPath="yes" Source="$(var.Staging.Dir)\wifidump.html" />
+      </Component>
+    </DirectoryRef>
+  </Fragment>
+  <Fragment>
+    <ComponentGroup Id="CG.Tools.Wifidump">
+      <ComponentRef Id="cmpWifidump_exe" />
+      <ComponentRef Id="cmpWifidump_html" />
+    </ComponentGroup>
+  </Fragment>
+
   <!-- Udpdump -->
   <Fragment>
     <DirectoryRef Id="dirExtcap">

packaging/wix/Features.wxi

@@ -105,6 +105,9 @@
       <Feature Id="Fe.Tools.Udpdump" Title="Udpdump" Level="1" AllowAdvertise="yes" Display="expand" Description="Provide capture interface that gets UDP packets from network devices.">
         <ComponentGroupRef Id="CG.Tools.Udpdump" />
       </Feature>
+      <Feature Id="Fe.Tools.Wifidump" Title="Wifidump" Level="1" AllowAdvertise="yes" Display="expand" Description="Provide remote capture of Wi-Fi frames through SSH.">
+        <ComponentGroupRef Id="CG.Tools.Wifidump" />
+      </Feature>
     </Feature>
     <?ifdef DOCBOOK_DIR?>
       <Feature Id="Fe.Documentation" Title="Documentation" Level="1" AllowAdvertise="yes" Display="expand" Description="Install an offline copy of the User's Guide and FAQ.">

test/suite_extcaps.py

@@ -83,6 +83,10 @@ class case_extcaps(subprocesstest.SubprocessTestCase):
         ''' extcap interface tests for sshdump '''
         check_extcap_execution("sshdump")
 
+    def test_wifidump(self, check_extcap_execution):
+        ''' extcap interface tests for wifidump '''
+        check_extcap_execution("wifidump")
+
     def test_udpdump(self, check_extcap_execution):
         ''' extcap interface tests for udpdump '''
         check_extcap_execution("udpdump")

tools/wireshark_words.txt

@@ -1592,6 +1592,7 @@ webkit
 websocket
 whoami
 wideband
+wifidump
 wikipedia
 wikis
 wimax