78 lines
2.7 KiB
Plaintext
78 lines
2.7 KiB
Plaintext
|
||
=head1 NAME
|
||
|
||
extcap - Extcap grammar elements
|
||
|
||
=head1 SYNOPSIS
|
||
|
||
Suggested config grammar elements:
|
||
arg (options) argument for CLI calling
|
||
number Reference # of argument for other values, display order
|
||
call Literal argument to call (--call=...)
|
||
display Displayed name
|
||
default Default value, in proper form for type
|
||
range Range of valid values for UI checking (min,max) in proper form
|
||
type Argument type for UI filtering for raw, or UI type for selector:
|
||
integer
|
||
unsigned
|
||
long (may include scientific / special notation)
|
||
float
|
||
menu (display popup menu in UI)
|
||
selector (display selector table, all values as strings)
|
||
boolean (display checkbox)
|
||
radio (display group of radio buttons with provided values, all values as strings)
|
||
|
||
value (options) Values for argument selection
|
||
arg Argument # this value applies to
|
||
value Passed value
|
||
display Displayed value
|
||
default Boolean (true if default, all others ignored, ie default=true)
|
||
|
||
flag (options) external-capture level flags
|
||
dedicated Bypass dumpcap & mux for high speed
|
||
failure Failure message
|
||
|
||
|
||
Possible grammar example:
|
||
|
||
arg {number=0}{call=channel}{display=Wi-Fi Channel}{type=integer}
|
||
arg {number=1}{call=chanflags}{display=Channel Flags}{type=radio}
|
||
arg {number=2}{call=interface}{display=Interface}{type=selector}
|
||
value {arg=0}{range=1,11}
|
||
value {arg=1}{value=ht40p}{display=HT40+}
|
||
value {arg=1}{value=ht40m}{display=HT40-}
|
||
value {arg=1}{value=ht20}{display=HT20}
|
||
value {arg=2}{value=wlan0}{display=wlan0}
|
||
|
||
Example 2
|
||
arg {number=0}{call=usbdevice}{USB Device}{type=selector}
|
||
value {arg=0}{call=/dev/sysfs/usb/foo/123}{display=Ubertooth One sn 1234}
|
||
value {arg=0}{call=”/dev/sysfs/usb/foo/456}{display=Ubertooth One sn 8901}
|
||
|
||
Example 3
|
||
arg {number=0}{call=usbdevice}{USB Device}{type=selector}
|
||
flag {failure=Permission denied opening Ubertooth device}
|
||
|
||
|
||
Security awareness:
|
||
|
||
- Users running wireshark as root, we can’t save you
|
||
- Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only
|
||
- Third-party capture programs run w/ whatever privs they’re installed with
|
||
- If an attacker can write to a system binary directory, we’re game over anyhow
|
||
- Don’t let wireshark be told to look for capture binaries somewhere else?
|
||
|
||
Notes:
|
||
- daemonized dumpcap?
|
||
- multiuser?
|
||
- sync_pipe.h commands
|
||
- expand pipe commands to have status notifications, etc?
|
||
- Wireshark->dumpcap options for channel control, etc?
|
||
|
||
TODO
|
||
define grammar
|
||
write grammar to HTML mockup
|
||
sketch interface with dumpcap
|
||
launch external-pcap from wireshark, bypass dumpcap
|
||
launch external-pcap from wireshark, hand fd to dumpcap
|
||
extract netif capture as first cap source |