extcap: add sshdump.

sshdump is an extcap module that allows dumping from a remote host using an ssh connection.
It goes with the existing extcap plugin interface.

Change-Id: I8987614fdd817b8173a50130812bc643a4833bca
Reviewed-on: https://code.wireshark.org/review/11402
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

4 files changed, 240 insertions, 5 deletions

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 8f00fdfd49..1c4381ec23 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -71,7 +71,8 @@ man1_MANS = \
 	@rawshark_man@		\
 	@dftest_man@		\
 	@randpkt_man@		\
-	@androiddump_man@
+	@androiddump_man@	\
+	@sshdump_man@
 man4_MANS = @wiresharkfilter_man@
 man_MANS =
 
@@ -83,7 +84,7 @@ noinst_DATA = asn2deb.1 asn2deb.html idl2deb.1 idl2deb.html idl2wrs.1 idl2wrs.ht
 pkgdata_DATA = AUTHORS-SHORT $(top_srcdir)/docbook/ws.css wireshark.html \
 	tshark.html wireshark-filter.html capinfos.html editcap.html \
 	mergecap.html reordercap.html text2pcap.html dumpcap.html androiddump.html \
-	rawshark.html dftest.html randpkt.html
+	sshdump.html rawshark.html dftest.html randpkt.html
 
 #
 # Build the short version of the authors file for the about dialog
@@ -212,6 +213,13 @@ androiddump.html: androiddump.pod ../config.h $(top_srcdir)/docbook/ws.css
 	--noindex							\
 	$(srcdir)/androiddump.pod > androiddump.html
 
+sshdump.html: sshdump.pod ../config.h $(top_srcdir)/docbook/ws.css
+	$(AM_V_POD2HTML)$(POD2HTML)                     \
+	--title="sshdump - The Wireshark Network Analyzer $(VERSION)"	\
+	--css=$(POD_CSS_URL)						\
+	--noindex							\
+	$(srcdir)/sshdump.pod > sshdump.html
+
 rawshark.html: rawshark.pod ../config.h $(top_srcdir)/docbook/ws.css
 	$(AM_V_POD2HTML)$(POD2HTML)                     \
 	--title="rawshark - The Wireshark Network Analyzer $(VERSION)"	\
@@ -293,6 +301,7 @@ EXTRA_DIST =				\
 	rawshark.pod			\
 	reordercap.pod			\
 	sgml.doc.template		\
+	sshdump.pod				\
 	text2pcap.pod			\
 	tshark.pod			\
 	wireshark-filter.pod    	\
diff --git a/doc/Makefile.nmake b/doc/Makefile.nmake
index dfe2710cf4..35e114b37c 100644
--- a/doc/Makefile.nmake
+++ b/doc/Makefile.nmake
@@ -26,12 +26,13 @@ include ../config.nmake
 
 doc: wireshark.html tshark.html wireshark-filter.html capinfos.html \
 	editcap.html idl2wrs.html mergecap.html reordercap.html \
-	text2pcap.html dumpcap.html androiddump.html rawshark.html dftest.html randpkt.html \
+	text2pcap.html dumpcap.html androiddump.html sshdump.html rawshark.html \
+	dftest.html randpkt.html \
 	idl2deb.html asn2deb.html extcap.html
 
 man: wireshark.1 tshark.1 wireshark-filter.4 capinfos.1 \
 	editcap.1 idl2wrs.1 mergecap.1 reordercap.1 \
-	text2pcap.1 dumpcap.1 androiddump.1 rawshark.1 dftest.1 randpkt.1 \
+	text2pcap.1 dumpcap.1 androiddump.1 sshdump.1 rawshark.1 dftest.1 randpkt.1 \
 	idl2deb.1 asn2deb.1 extcap.4
 
 wireshark.pod: wireshark.pod.template AUTHORS-SHORT-FORMAT
@@ -235,6 +236,19 @@ androiddump.html: androiddump.pod ../config.h ws.css
 	--noindex                                 \
 	androiddump.pod > androiddump.html
 
+sshdump.1: sshdump.pod ../config.h
+	$(POD2MAN)                      \
+	--center="The Wireshark Network Analyzer" \
+	--release=$(VERSION)			 \
+	sshdump.pod > sshdump.1
+
+sshdump.html: sshdump.pod ../config.h ws.css
+	$(POD2HTML)                     \
+	--title="sshdump - The Wireshark Network Analyzer $(VERSION)" \
+	--css=ws.css \
+	--noindex                                 \
+	sshdump.pod > sshdump.html
+
 rawshark.1: rawshark.pod ../config.h
 	$(POD2MAN)                      \
 	--center="The Wireshark Network Analyzer" \
diff --git a/doc/extcap.pod b/doc/extcap.pod
index 9795beb256..d267ec28c7 100644
--- a/doc/extcap.pod
+++ b/doc/extcap.pod
@@ -96,7 +96,7 @@ Example 3:
 
 =head1 SEE ALSO
 
-wireshark(1), tshark(1), dumpcap(1), androiddump(1)
+wireshark(1), tshark(1), dumpcap(1), androiddump(1), sshdump(1)
 
 =head1 NOTES
 
diff --git a/doc/sshdump.pod b/doc/sshdump.pod
new file mode 100644
index 0000000000..6defdf1d74
--- /dev/null
+++ b/doc/sshdump.pod
@@ -0,0 +1,212 @@
+
+=head1 NAME
+
+sshdump - Provide interfaces to capture from a remote host through SSH using a remote capture binary.
+
+=head1 SYNOPSIS
+
+B<sshdump>
+S<[ B<--help> ]>
+S<[ B<--version> ]>
+S<[ B<--extcap-interfaces> ]>
+S<[ B<--extcap-dlts> ]>
+S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
+S<[ B<--extcap-config> ]>
+S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
+S<[ B<--capture> ]>
+S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
+S<[ B<--remote-host>=E<lt>IP addressE<gt> ]>
+S<[ B<--remote-port>=E<lt>TCP portE<gt> ]>
+S<[ B<--remote-username>=E<lt>usernameE<gt> ]>
+S<[ B<--remote-password>=E<lt>passwordE<gt> ]>
+S<[ B<--sshkey>=E<lt>public key path<gt> ]>
+S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]>
+S<[ B<--remote-capture-bin>=E<lt>capture binaryE<gt> ]>
+
+B<sshdump>
+S< B<--extcap-interfaces> >
+
+B<sshdump>
+S< B<--extcap-interface>=E<lt>interfaceE<gt> >
+S<[ B<--extcap-dlts> ]>
+
+B<sshdump>
+S< B<--extcap-interface>=E<lt>interfaceE<gt> >
+S<[ B<--extcap-config> ]>
+
+B<sshdump>
+S< B<--extcap-interface>=E<lt>interfaceE<gt> >
+S< B<--fifo>=E<lt>path to file or pipeE<gt> >
+S< B<--capture> >
+S< B<--remote-host=myremotehost> >
+S< B<--remote-port=22> >
+S< B<--remote-username=user> >
+S< B<--remote-interface=eth2> >
+S< B<--remote-capture-bin=/usr/sbin/dumpcap> >
+
+=head1 DESCRIPTION
+
+B<Sshdump> is a extcap tool that allows to run a remote capture
+tool in a SSH connection. The requirement is that the capture
+executable must have the capabilities to capture from the wanted
+interface.
+
+The feature is functionally equivalent to run commands like
+
+$ ssh remoteuser@remotehost -p 22222 'dumpcap -i IFACE -P -w -' > FILE &
+$ wireshark FILE
+
+$ ssh remoteuser@remotehost '/sbin/dumpcap -i IFACE -P -w - -f "not port 22"' > FILE &
+$ wireshark FILE
+
+Supported interfaces:
+
+=over 4
+
+=item 1. ssh
+
+=back
+
+=head1 OPTIONS
+
+=over 4
+
+=item --help
+
+Print program arguments.
+
+=item --version
+
+Print program version.
+
+=item --extcap-interfaces
+
+List available interfaces.
+
+=item --extcap-interface=E<lt>interfaceE<gt>
+
+Use specified interfaces.
+
+=item --extcap-dlts
+
+List DLTs of specified interface.
+
+=item --extcap-config
+
+List configuration options of specified interface.
+
+=item --capture
+
+Start capturing from specified interface save saved it in place specified by --fifo.
+
+=item --fifo=E<lt>path to file or pipeE<gt>
+
+Save captured packet to file or send it through pipe.
+
+=item --remote-host=E<lt>remote hostE<gt>
+
+The address of the remote host for capture.
+
+=item --remote-port=E<lt>remote portE<gt>
+
+The SSH port of the remote host.
+
+=item --remote-username=E<lt>usernameE<gt>
+
+The username for ssh authentication.
+
+=item --remote-password=E<lt>passwordE<gt>
+
+The password to use (if not ssh-agent and pubkey are used). WARNING: the
+passwords are stored in plaintext and visible to all users on this system. It is
+recommended to use keyfiles with a SSH agent.
+
+=item --sshkey=E<lt>SSH private key pathE<gt>
+
+The path to a private key for authentication.
+
+=item --remote-interface=E<lt>remote interfaceE<gt>
+
+The remote network interface to capture from.
+
+=item --remote-capture-bin=E<lt>capture binaryE<gt>
+
+The remote capture binary.
+
+=item --extcap-capture-filter=E<lt>capture filterE<gt>
+
+The capture filter
+
+=back
+
+=head1 EXAMPLES
+
+To see program arguments:
+
+    sshdump --help
+
+To see program version:
+
+    sshdump --version
+
+To see interfaces:
+
+    sshdump --extcap-interfaces
+
+Only one interface (ssh) is supported.
+
+  Output:
+    interface {value=ssh}{display=SSH remote capture}
+
+To see interface DLTs:
+
+    sshdump --extcap-interface=ssh --extcap-dlts
+
+  Output:
+    dlt {number=147}{name=ssh}{display=Remote capture dependant DLT}
+
+To see interface configuration options:
+
+    sshdump --extcap-interface=ssh --extcap-config
+
+  Output:
+    arg {number=0}{call=--remote-host}{display=Remote SSH server address}{type=string}{default=127.0.0.1}
+    {tooltip=The remote SSH host. It can be both an IP address or an hostname}
+    arg {number=1}{call=--remote-port}{display=Remote SSH server port}{type=unsigned}{default=22}
+    {tooltip=The remote SSH host port}
+    arg {number=2}{call=--remote-username}{display=Remote SSH server username}{type=string}{default=dario}
+    {tooltip=The remote SSH username. If not provided, the current user will be used}
+    arg {number=3}{call=--remote-password}{display=Remote SSH server password}{type=string}
+    {tooltip=The SSH password. SSH agent and certificate are used before it.If they fail, password will
+    be used, and, if it fails, the connection is not established.}
+    arg {number=4}{call=--remote-interface}{display=Remote SSH server interface}{type=string}{default=eth0}
+    {tooltip=The remote network interface used for capture}
+    arg {number=5}{call=--remote-capture-bin}{display=Remote SSH capture bin}{type=string}{default=dumpcap}
+    {tooltip=The remote dumcap binary used for capture.}
+    arg {number=6}{call=--extcap-capture-filter}{display=Capture filter}{type=string}{default=not host hardcore}
+    {tooltip=The capture filter}
+
+To capture:
+
+    sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcapng --capture --remote-host 192.168.1.10
+    --remote-username user --extcap-capture-filter "not port 22"
+
+NOTE: To stop capturing CTRL+C/kill/terminate application.
+
+=head1 SEE ALSO
+
+wireshark(1), tshark(1), dumpcap(1), extcap(4)
+
+=head1 NOTES
+
+B<Sshdump> is part of the B<Wireshark> distribution.  The latest version
+of B<Wireshark> can be found at L<https://www.wireshark.org>.
+
+HTML versions of the Wireshark project man pages are available at:
+L<https://www.wireshark.org/docs/man-pages>.
+
+=head1 AUTHORS
+
+  Original Author
+  -------- ------
+  Dario Lombardo             <lomato[AT]gmail.com>