Wireshark mailing list archives

Re: Cannot get external capture (extcap) interface to work with my new plugin.

From: hdv <henri.de.veer () gmail com>
Date: Sun, 30 Dec 2018 22:22:25 +0100

I actually found the issue(s), there were multiple issues stacked on top
of each other:

1) When using parameters and you fill in the default value in the dialog
before you start the capture, these parameters are not passed to the
extcap plugin. My assumption was that the parameters would always be passed.

This resulted in my plugin in a null pointer for the hostname (one of
the parameters called "host" in my case) that needed to be resolved.
Unfortunately no program crash occurs or any trap was generated. So it
was not seen. I fixed this by copying the default hostname/ip-number
before parsing all the command line options in my final parameter
structure.

So probably the program was just hanging in some loop/deadlock.

=> This was the main reason that tshark did work because I supplied the
--host=192.168.2.51 argument so all went well.

2) The function gethostbyname() does not work on the W8.1 system I have
for some strange reason. Even when I fixed the issue with the null
hostname I still did not get any resolved hostname (gethostbyname
returned an empty list: no error). I had to rewrite the code to use
getaddrinfo(), that does the job.

PS: Roland, the flush is already present in the code.

This brings me to some other question: How can I trace my code flow from
within the wireshark gui?
I would expect that it will end up in the window that I can open in the
left lower corner of wireshark.

It is not clear to me how to do this. I tried some of the
g_debug/g_message/g_info calls but it does not end up anywhere or
displays a popup or crashes the program with a debugger trap call.

So it took me quite some time to figure out what went wrong because I
could not "peek" into the system in a simple way.

Henri

On 30-12-2018 18:18, Roland Knall wrote:

Hi

Have you properly closed the pipe after sending the packets? It looks
more like an issue in flushing the pipe, then a code error. tshark
handles this a little bit different then wireshark, so that might be
the reason, why it did work on the CLI.

Try flushing the pipe immediately after every packet. Otherwise,
without the code nothing much can be said.

kind regards
Roland

Am So., 30. Dez. 2018 um 17:39 Uhr schrieb hdv
<henri.de.veer () gmail com <mailto:henri.de.veer () gmail com>>:

    Hello,

    I'm developing a new extcap interface as described in chapter
    8.2.1 of the developers guide. The goal is to implement a plugin
    so I can directly attach it to a CAN bus sniffing device called
    "AnaGate CAN" (see http://www.anagate.de/)

    Until now all went well, I can see my new interface in the main
    wireshark window, select it, all choose all options etc.

    I just implemented 2 dummy packets in my plugin before I continue
    to access the real target hardware (to avoid the hassle of setting
    up a working CAN network). The intention is to check if the
    interface is correct between my program and the main wireshark code.

    When running my capture interface as follow:

    extcap\anagate.exe  --host=192.168.2.51 --port=5001 --fifo=myfifo
    --capture

    I nicely get a file (in libpcap format)  "myfifo" with a header
    and 2 CAN bus packets, which I can open in wireshark and show me
    the correct content.  (See attached file)

    But when I start the capture from wireshark itself no packets are
    shown and no errors at all. The status bar says "Life capture in
    progress" and at the right "No Packets".

    When running it via tshark with: tshark -i 4   It does return the
    2 packets. So that is weird.

    P.S. The random packet generator plugin does work, so the core
    wireshark code does not look broken.

    So what is going on here? Any pointers on how to debug this in the
    core wireshark code.

    Can anyone give me an advice how to proceed?

    Thanks,

    Henri


    Wireshark version build:

    Version 2.9.0 (v2.9.0rc0-990-g27a1906c)

    Copyright 1998-2018 Gerald Combs <gerald () wireshark org>
    <mailto:gerald () wireshark org> and contributors. License GPLv2+:
    GNU GPL version 2 or later
    <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
    <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is
    free software; see the source for copying conditions. There is NO
    warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
    PURPOSE.

    Compiled (64-bit) with Qt 5.11.1, with WinPcap (4_1_3), with GLib
    2.52.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with
    Lua 5.2.4, with GnuTLS 3.4.11, with Gcrypt 1.7.6, with MIT
    Kerberos, with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4,
    with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap,
    with SBC, with SpanDSP, with bcg729.

    Running on 64-bit Windows 8.1, build 9600, with Intel(R) Core(TM)
    i7-3632QM CPU @ 2.20GHz (with SSE4.2), with 8084 MB of physical
    memory, with locale Dutch_Netherlands.1252, with WinPcap version
    4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
    1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.4.11, with Gcrypt
    1.7.6, with AirPcap 4.1.0 build 1622, binary plugins supported (14
    loaded). Built using Microsoft Visual C++ 14.0 build 24215


    <#m_9187531828630989062_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
    ___________________________________________________________________________
    Sent via:    Wireshark-dev mailing list
    <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org>>
    Archives: https://www.wireshark.org/lists/wireshark-dev
    Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
                 mailto:wireshark-dev-request () wireshark org
    <mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request () wireshark org?subject=unsubscribe



---
Dit e-mailbericht is gecontroleerd op virussen met Avast antivirussoftware.
https://www.avast.com/antivirus

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Cannot get external capture (extcap) interface to work with my new plugin. hdv (Jan 02)
- Re: Cannot get external capture (extcap) interface to work with my new plugin. Dario Lombardo (Jan 02)
  - Re: Cannot get external capture (extcap) interface to work with my new plugin. hdv (Jan 03)
    - Re: Cannot get external capture (extcap) interface to work with my new plugin. Dario Lombardo (Jan 03)
    - Re: Cannot get external capture (extcap) interface to work with my new plugin. hdv (Jan 04)
    - Re: Cannot get external capture (extcap) interface to work with my new plugin. hdv (Jan 04)
    - Re: Cannot get external capture (extcap) interface to work with my new plugin. hdv (Jan 04)
    - Re: Cannot get external capture (extcap) interface to work with my new plugin. hdv (Jan 09)