osmocom/wireshark
14
0
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity
wireshark/doc/extcap.pod
Roland Knall bed29af46d Extcap Capture Interface 
Extcap is a plugin interface, which allows for the usage
 of external capture interfaces via pipes using a predefined
 configuration language which results in a graphical gui.

 This implementation seeks for a generic implementation,
 which results in a seamless integration with the current
 system, and does add all external interfaces as simple
 interfaces.

 Windows Note: Due to limitations with GTK and Windows,
 a gspawn-winXX-helper.exe, respective gspawn-winXX-helper-console.exe
 is needed, which is part of any GTK windows installation.

 The default installation directory from the build is an extcap
 subdirectory underneath the run directory. The folder used by
 extcap may be viewed in the folders tab of the about dialog.

 The default installation directory for extcap plugins with
 a pre-build or installer version of wireshark is the extcap
 subdirectory underneath the main wireshark directory.

 For more information see:

  http://youtu.be/Nn84T506SwU
  bug #9009

 Also take a look in doc/extcap_example.py for a Python-example
 and in extcap.pod for the arguments grammer.

 Todo:
   - Integrate with Qt - currently no GUI is generated, but
     the interfaces are still usable

Change-Id: I4f1239b2f1ebd8b2969f73af137915f5be1ce50f
Signed-off-by: Mike Ryan <mikeryan+wireshark@lacklustre.net>
Signed-off-by: Mike Kershaw <dragorn@kismetwireless.net>
Signed-off-by: Roland Knall <rknall@gmail.com>
Reviewed-on: https://code.wireshark.org/review/359
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-08-21 03:34:02 +00:00

78 lines
2.7 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

=head1 NAME
extcap - Extcap grammar elements
=head1 SYNOPSIS
Suggested config grammar elements:
arg (options) argument for CLI calling
number Reference # of argument for other values, display order
call Literal argument to call (--call=...)
display Displayed name
default Default value, in proper form for type
range Range of valid values for UI checking (min,max) in proper form
type Argument type for UI filtering for raw, or UI type for selector:
integer
unsigned
long (may include scientific / special notation)
float
menu (display popup menu in UI)
selector (display selector table, all values as strings)
boolean (display checkbox)
radio (display group of radio buttons with provided values, all values as strings)
value (options) Values for argument selection
arg Argument # this value applies to
value Passed value
display Displayed value
default Boolean (true if default, all others ignored, ie default=true)
flag (options) external-capture level flags
dedicated Bypass dumpcap & mux for high speed
failure Failure message
Possible grammar example:
arg {number=0}{call=channel}{display=Wi-Fi Channel}{type=integer}
arg {number=1}{call=chanflags}{display=Channel Flags}{type=radio}
arg {number=2}{call=interface}{display=Interface}{type=selector}
value {arg=0}{range=1,11}
value {arg=1}{value=ht40p}{display=HT40+}
value {arg=1}{value=ht40m}{display=HT40-}
value {arg=1}{value=ht20}{display=HT20}
value {arg=2}{value=wlan0}{display=wlan0}
Example 2
arg {number=0}{call=usbdevice}{USB Device}{type=selector}
value {arg=0}{call=/dev/sysfs/usb/foo/123}{display=Ubertooth One sn 1234}
value {arg=0}{call=”/dev/sysfs/usb/foo/456}{display=Ubertooth One sn 8901}
Example 3
arg {number=0}{call=usbdevice}{USB Device}{type=selector}
flag {failure=Permission denied opening Ubertooth device}
Security awareness:
- Users running wireshark as root, we cant save you
- Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only
- Third-party capture programs run w/ whatever privs theyre installed with
- If an attacker can write to a system binary directory, were game over anyhow
- Dont let wireshark be told to look for capture binaries somewhere else?
Notes:
- daemonized dumpcap?
- multiuser?
- sync_pipe.h commands
- expand pipe commands to have status notifications, etc?
- Wireshark->dumpcap options for channel control, etc?
TODO
define grammar
write grammar to HTML mockup
sketch interface with dumpcap
launch external-pcap from wireshark, bypass dumpcap
launch external-pcap from wireshark, hand fd to dumpcap
extract netif capture as first cap source
Reference in a new issue View git blame Copy permalink