Ask Your Question

Revision history [back]

couldn't attach dumpcap to my own defined device

Hello out there, a while ago I defined my own device with a kernel module. Within libpcap I defined my own set of functions, for interrogation of data over mmap or read function. It works and already tested with tcpdump. But failed when I try to bind it with dumpcap. I downloaded the wireshark sources and build it with my version of libpcap (at least I hope I did it so). Then I enoked dumpcap from the build directory of wireshark run/dumpcap -i kpmode0. When I start it with just "run/dumpcap -D" it lists among other interfaces, also my own creation. So it recognizes it. But cannot handle it. My Dumpcap version does not know my pcap functions since I cannot set breakpoints on them with gdb. On the other side if I list up the libraries which are used by this dumcap version of mine (by ldd), it lists my very own libpcap library:

chris@rockpro64:~/wireshark_build$ ldd run/dumpcap 
    linux-vdso.so.1 (0x0000ffffaae4d000)
    libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0x0000ffffaad82000)
    libz.so.1 => /lib/aarch64-linux-gnu/libz.so.1 (0x0000ffffaad58000)
    libglib-2.0.so.0 => /lib/aarch64-linux-gnu/libglib-2.0.so.0 (0x0000ffffaac15000)
    libgmodule-2.0.so.0 => /lib/aarch64-linux-gnu/libgmodule-2.0.so.0 (0x0000ffffaac01000)
    libpcre2-8.so.0 => /lib/aarch64-linux-gnu/libpcre2-8.so.0 (0x0000ffffaab6f000)
    libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000ffffaa9fb000)
    libnl-genl-3.so.200 => /lib/aarch64-linux-gnu/libnl-genl-3.so.200 (0x0000ffffaa9e4000)
    libnl-3.so.200 => /lib/aarch64-linux-gnu/libnl-3.so.200 (0x0000ffffaa9b2000)
    /lib/ld-linux-aarch64.so.1 (0x0000ffffaae1d000)
    libpcre.so.3 => /lib/aarch64-linux-gnu/libpcre.so.3 (0x0000ffffaa940000)
    libpthread.so.0 => /lib/aarch64-linux-gnu/libpthread.so.0 (0x0000ffffaa90f000)
    libdl.so.2 => /lib/aarch64-linux-gnu/libdl.so.2 (0x0000ffffaa8fb000)

And within this /usr/local/lib/libpcap.so.1 I can see my kpmode functions:

chris@rockpro64:~/wireshark_build$ nm -a /usr/local/lib/libpcap.so.1 | grep kpmode

0000000000000000 a pcap-kpmode.c 000000000000a8f0 t kpmode_activate 000000000000ac40 t kpmode_create 000000000000aba0 t kpmode_findalldevs 000000000000a8b0 t kpmode_inject_linux 000000000000aa80 t kpmode_read_linux_bin 000000000000a8a0 t kpmode_setdirection_linux

So why I cannot bring them together?

Thank you in advance

BR /chris

click to hide/show revision 2
None

updated 2023-06-06 16:01:37 +0000

grahamb gravatar image

couldn't attach dumpcap to my own defined device

Hello out there, a while ago I defined my own device with a kernel module. Within libpcap I defined my own set of functions, for interrogation of data over mmap or read function. It works and already tested with tcpdump. But failed when I try to bind it with dumpcap. I downloaded the wireshark sources and build it with my version of libpcap (at least I hope I did it so). Then I enoked dumpcap from the build directory of wireshark run/dumpcap -i kpmode0. When I start it with just "run/dumpcap -D" it lists among other interfaces, also my own creation. So it recognizes it. But cannot handle it. My Dumpcap version does not know my pcap functions since I cannot set breakpoints on them with gdb. On the other side if I list up the libraries which are used by this dumcap version of mine (by ldd), it lists my very own libpcap library:

chris@rockpro64:~/wireshark_build$ ldd run/dumpcap 
    linux-vdso.so.1 (0x0000ffffaae4d000)
    libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0x0000ffffaad82000)
    libz.so.1 => /lib/aarch64-linux-gnu/libz.so.1 (0x0000ffffaad58000)
    libglib-2.0.so.0 => /lib/aarch64-linux-gnu/libglib-2.0.so.0 (0x0000ffffaac15000)
    libgmodule-2.0.so.0 => /lib/aarch64-linux-gnu/libgmodule-2.0.so.0 (0x0000ffffaac01000)
    libpcre2-8.so.0 => /lib/aarch64-linux-gnu/libpcre2-8.so.0 (0x0000ffffaab6f000)
    libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000ffffaa9fb000)
    libnl-genl-3.so.200 => /lib/aarch64-linux-gnu/libnl-genl-3.so.200 (0x0000ffffaa9e4000)
    libnl-3.so.200 => /lib/aarch64-linux-gnu/libnl-3.so.200 (0x0000ffffaa9b2000)
    /lib/ld-linux-aarch64.so.1 (0x0000ffffaae1d000)
    libpcre.so.3 => /lib/aarch64-linux-gnu/libpcre.so.3 (0x0000ffffaa940000)
    libpthread.so.0 => /lib/aarch64-linux-gnu/libpthread.so.0 (0x0000ffffaa90f000)
    libdl.so.2 => /lib/aarch64-linux-gnu/libdl.so.2 (0x0000ffffaa8fb000)

And within this /usr/local/lib/libpcap.so.1 I can see my kpmode functions:

chris@rockpro64:~/wireshark_build$ nm -a /usr/local/lib/libpcap.so.1 | grep kpmode

0000000000000000 a pcap-kpmode.c 000000000000a8f0 t kpmode_activate 000000000000ac40 t kpmode_create 000000000000aba0 t kpmode_findalldevs 000000000000a8b0 t kpmode_inject_linux 000000000000aa80 t kpmode_read_linux_bin 000000000000a8a0 t kpmode_setdirection_linux

kpmode_setdirection_linux

So why I cannot bring them together?

Thank you in advance

BR /chris

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2