Wireshark-dev: Re: [Wireshark-dev] Cannot get external capture (extcap) interface to work with

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: hdv <henri.de.veer@xxxxxxxxx>
Date: Sun, 30 Dec 2018 22:22:25 +0100

I actually found the issue(s), there were multiple issues stacked on top of each other:

1) When using parameters and you fill in the default value in the dialog before you start the capture, these parameters are not passed to the extcap plugin. My assumption was that the parameters would always be passed.

This resulted in my plugin in a null pointer for the hostname (one of the parameters called "host" in my case) that needed to be resolved. Unfortunately no program crash occurs or any trap was generated. So it was not seen. I fixed this by copying the default hostname/ip-number before parsing all the command line options in my final parameter structure.

So probably the program was just hanging in some loop/deadlock.

=> This was the main reason that tshark did work because I supplied the --host=192.168.2.51 argument so all went well.

2) The function gethostbyname() does not work on the W8.1 system I have for some strange reason. Even when I fixed the issue with the null hostname I still did not get any resolved hostname (gethostbyname returned an empty list: no error). I had to rewrite the code to use getaddrinfo(), that does the job.

PS: Roland, the flush is already present in the code.

This brings me to some other question: How can I trace my code flow from within the wireshark gui?
I would expect that it will end up in the window that I can open in the left lower corner of wireshark.

It is not clear to me how to do this. I tried some of the g_debug/g_message/g_info calls but it does not end up anywhere or displays a popup or crashes the program with a debugger trap call.

So it took me quite some time to figure out what went wrong because I could not "peek" into the system in a simple way.

Henri

On 30-12-2018 18:18, Roland Knall wrote:
Hi

Have you properly closed the pipe after sending the packets? It looks more like an issue in flushing the pipe, then a code error. tshark handles this a little bit different then wireshark, so that might be the reason, why it did work on the CLI. 

Try flushing the pipe immediately after every packet. Otherwise, without the code nothing much can be said.

kind regards
Roland

Am So., 30. Dez. 2018 um 17:39 Uhr schrieb hdv <henri.de.veer@xxxxxxxxx>:

Hello,

I'm developing a new extcap interface as described in chapter 8.2.1 of the developers guide. The goal is to implement a plugin so I can directly attach it to a CAN bus sniffing device called "AnaGate CAN" (see http://www.anagate.de/)

Until now all went well, I can see my new interface in the main wireshark window, select it, all choose all options etc.

I just implemented 2 dummy packets in my plugin before I continue to access the real target hardware (to avoid the hassle of setting up a working CAN network). The intention is to check if the interface is correct between my program and the main wireshark code.

When running my capture interface as follow:

extcap\anagate.exe  --host=192.168.2.51 --port=5001 --fifo=myfifo --capture

I nicely get a file (in libpcap format)  "myfifo" with a header and 2 CAN bus packets, which I can open in wireshark and show me the correct content.  (See attached file)

But when I start the capture from wireshark itself no packets are shown and no errors at all. The status bar says "Life capture in progress" and at the right "No Packets".

When running it via tshark with: tshark -i 4   It does return the 2 packets. So that is weird.

P.S. The random packet generator plugin does work, so the core wireshark code does not look broken.

So what is going on here? Any pointers on how to debug this in the core wireshark code.

Can anyone give me an advice how to proceed?

Thanks,

Henri


Wireshark version build:

Version 2.9.0 (v2.9.0rc0-990-g27a1906c)

Copyright 1998-2018 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.11.1, with WinPcap (4_1_3), with GLib 2.52.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with bcg729.

Running on 64-bit Windows 8.1, build 9600, with Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz (with SSE4.2), with 8084 MB of physical memory, with locale Dutch_Netherlands.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.4.11, with Gcrypt 1.7.6, with AirPcap 4.1.0 build 1622, binary plugins supported (14 loaded). Built using Microsoft Visual C++ 14.0 build 24215


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe