1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
=head1 NAME
extcap - Extcap grammar elements
=head1 SYNOPSIS
Suggested config grammar elements:
arg (options) argument for CLI calling
number Reference # of argument for other values, display order
call Literal argument to call (--call=...)
display Displayed name
default Default value, in proper form for type
range Range of valid values for UI checking (min,max) in proper form
type Argument type for UI filtering for raw, or UI type for selector:
integer
unsigned
long (may include scientific / special notation)
float
menu (display popup menu in UI)
selector (display selector table, all values as strings)
boolean (display checkbox)
radio (display group of radio buttons with provided values, all values as strings)
value (options) Values for argument selection
arg Argument # this value applies to
value Passed value
display Displayed value
default Boolean (true if default, all others ignored, ie default=true)
flag (options) external-capture level flags
dedicated Bypass dumpcap & mux for high speed
failure Failure message
Possible grammar example:
arg {number=0}{call=channel}{display=Wi-Fi Channel}{type=integer}
arg {number=1}{call=chanflags}{display=Channel Flags}{type=radio}
arg {number=2}{call=interface}{display=Interface}{type=selector}
value {arg=0}{range=1,11}
value {arg=1}{value=ht40p}{display=HT40+}
value {arg=1}{value=ht40m}{display=HT40-}
value {arg=1}{value=ht20}{display=HT20}
value {arg=2}{value=wlan0}{display=wlan0}
Example 2
arg {number=0}{call=usbdevice}{USB Device}{type=selector}
value {arg=0}{call=/dev/sysfs/usb/foo/123}{display=Ubertooth One sn 1234}
value {arg=0}{call=”/dev/sysfs/usb/foo/456}{display=Ubertooth One sn 8901}
Example 3
arg {number=0}{call=usbdevice}{USB Device}{type=selector}
flag {failure=Permission denied opening Ubertooth device}
Security awareness:
- Users running wireshark as root, we can’t save you
- Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only
- Third-party capture programs run w/ whatever privs they’re installed with
- If an attacker can write to a system binary directory, we’re game over anyhow
- Don’t let wireshark be told to look for capture binaries somewhere else?
Notes:
- daemonized dumpcap?
- multiuser?
- sync_pipe.h commands
- expand pipe commands to have status notifications, etc?
- Wireshark->dumpcap options for channel control, etc?
TODO
define grammar
write grammar to HTML mockup
sketch interface with dumpcap
launch external-pcap from wireshark, bypass dumpcap
launch external-pcap from wireshark, hand fd to dumpcap
extract netif capture as first cap source
|
