Extcap - how to use Messages Control Protocol

asked 2022-11-06 17:15:50 +0000

ErkSponge gravatar image

Hello Wireshark folks,

I have created an ExtCap that capture 802.15.4 (ZigBee) packets and pipe them to DLT Link Type 283. The capture works great and packets are well displayed in Wireshark GUI.

I wish to display some extra information to the user (the channel being monitored) in the status bar. That way when multiple instances of Wireshark are capturing, it will be possible to identify what channel is being monitored by a particular instance. I have tried to use Messages via the Control Protocols but I just can't make it work.

So the questions are: - How to display status bar messages using extcap? - The documentation refers to a control pipe (8.2.3.2.1), is a control pipe needed?

Any clue would appreciated.

My extcap is written in C and compiled for Windows.

Thanks

edit retag flag offensive close merge delete

Comments

Have you looked at extcap_example.py?

    control_write(fn_out, CTRL_ARG_NONE, CTRL_CMD_STATUSBAR, "Verify changed")


There are steps to test in middle comments of 14532: extcap: InterfaceToolbar control pipe broken:

This works for me here in the current master (5a9d0caa11) on macOS. I did the following:

Copied doc/extcap_example.py to <build dir="">/run/Wireshark.app/Contents/MacOS/extcap/

Chmodded 755 <build dir="">/run/Wireshark.app/Contents/MacOS/extcap/extcap_example.py

Started Wireshark

Enabled "View -> Interface Toolbars -> Example extcap interface"

Double-clicked on the "Example interface 1 for extcap: example1" interface. A dialog popped up with a red "Message" field.

Entered "A message" in the "Message" field.

Pressed "Start". Packets started showing up with "if1|0009A message|True" in the payload.

Changed the "Message" field to "A message test" and applied. Packets started showing up with "if1|000EA message test|True" in the payload.

Unchecked and checked "Verify". "Verify changed ...

(more)
Chuckc gravatar imageChuckc ( 2022-11-07 04:17:00 +0000 )edit

I took a deeper look at the python example.

From trial and error using the python example, I was able to figure out that Wireshark will provide control pipes for control operation. The control pipes are provided with command line parameter "--extcap-control-out" and "--extcap-control-in".

These pipes are only provided if the extcap listed a "control" interface during Query For Available Interfaces ("--extcap-interfaces").

For example, responding to --extcap-interfaces with the following: interface {value=COM9}{display=Capture using COM9} control {number=0}{type=selector}{display=Channel}{tooltip=ZigBee Channel}

The presence of "control" interface indicate to "The Extcap Capture Process" to provide --extcap-control-out and --extcap-control-in at capture invocation. So the above example will result in capture started with the following arguments --capture --extcap-interface COM9 --fifo \.\pipe\wireshark_extcap_COM9_20221107203022 --extcap-control-out \.\pipe\wireshark_control_ext_to_ws_COM9_20221107203022 --extcap-control-in \.\pipe\wireshark_control_ws_to_ext_COM9_20221107203022

The named control pipes can then be used by the extcap.

Thanks

ErkSponge gravatar imageErkSponge ( 2022-11-08 02:40:24 +0000 )edit

Please report back if/when you get this working. :-)
The toolbar and status bar were added in Qt: Add interface toolbar support to support nRF Sniffers extcap interfaces which are written in Python.

None of the Wireshark extcap interface code written in C uses control so if you get a working example that would be great to close the loop that it is doable in C.

An extra paragraph in the WSDG with more info might save someone else heartburn down the road.

Chuckc gravatar imageChuckc ( 2022-11-08 03:19:02 +0000 )edit

Yes it works. I am able to display text in the status bar sent from the extcap.

Both control pipes are opened the same way as the data pipe. That is using CreateFile and ConnectNamedPipe. I spun a thread using _beginthread to handle the control input pipe, similar to the python example mentioned above.

I agree with your comments about an extra paragraph in Wireshark doc would have helped. Thanks for pointing me to the python example.

Cheers!

ErkSponge gravatar imageErkSponge ( 2022-11-11 02:58:36 +0000 )edit
add a comment