Bug 1013330 - Bluetooth adapters are not available for capture with wireshark
Bluetooth adapters are not available for capture with wireshark
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: libpcap (Show other bugs)
rawhide
Unspecified Linux
unspecified Severity high
: ---
: ---
Assigned To: Michal Sekletar
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-29 06:52 EDT by Mansour Behabadi
Modified: 2014-03-28 19:06 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-28 19:06:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix the bug (839 bytes, patch)
2013-09-29 06:56 EDT, Mansour Behabadi
no flags Details | Diff

  None (edit)
Description Mansour Behabadi 2013-09-29 06:52:35 EDT
Description of problem:

Bluetooth adapters are not available for capture

Version-Release number of selected component (if applicable): 1.4.0-2


How reproducible: always


Steps to Reproduce:
1. Make sure you have a bluetooth adapter installed and working correctly
2. Install wireshark
3. Get list of adapters available to capture on:
   $ su -c 'dumpcap -D'

Actual results: Bluetooth adapter(s) are not shown


Expected results: Bluetooth adapter(s) should be shown if they're available and the program has correct permissions


Additional info:

SELinux is disabled on my machine.
Comment 1 Mansour Behabadi 2013-09-29 06:56:33 EDT
Created attachment 804666 [details]
patch to fix the bug

The issue appears to be a bug in libpcap code. I have already provided patch for and reported it upstream https://github.com/the-tcpdump-group/libpcap/pull/322

/copied from the github pull request/

Trying to capture from my bluetooth with wireshark, I couldn't find my adapter. Here is what I got when running dumpcap -D under root user:

1. usbmon1
2. usbmon2
3. usbmon3
4. usbmon4
5. p5p1
6. p6p1
7. any
8. lo (Loopback)

Digged in and turns out that add_or_find_if() in inet.c adds my bluetooth adapter to top of the list based on its rules. But bt_findalldevs() in pcap-bt-linux.c doesn't update alldevsp so the caller cannot see the added item. The only way bt_findalldevs() would work is if the bluetooth adapters are added to the list somewhere below the first item. And I assume in tests, this has been the case to date (as the source code seem to have been the same for past 7 years).

I have done a smoke test of running dumpcap and the wireshark GUI with this patch to capture HCI packets and it works fine.
Comment 3 Michal Sekletar 2013-09-30 08:06:11 EDT
Thank you very much for digging into this and providing the patch. I will backport it to Fedora and release an update.
Comment 4 Mansour Behabadi 2013-09-30 08:15:40 EDT
(In reply to Michal Sekletar from comment #3)
> Thank you very much for digging into this and providing the patch. I will
> backport it to Fedora and release an update.

My pleasure.

Also, Guy Harris, the upstream maintainer of libpcap found two further counts of this bug elsewhere which when fixed, will cause more interfaces to show up for capture! I don't know if I need to open another bug report for that or just upload the patch here.

Please advise.
Comment 5 Michal Sekletar 2013-09-30 09:12:58 EDT
I'd be great if you could open bugs for those issues too. Having separate bugzilla entries helps us keep track of changes.
Comment 6 Ivo Sarak 2014-02-24 14:27:09 EST
I see the wireless and also LAN port unavailable for the capture as well.
wireshark-1.10.5-3.fc20.x86_64
Comment 7 Michal Sekletar 2014-03-28 19:05:39 EDT
(In reply to Ivo Sarak from comment #6)
> I see the wireless and also LAN port unavailable for the capture as well.
> wireshark-1.10.5-3.fc20.x86_64

Hmm..Are you running wireshark with sufficient privileges?
Comment 8 Michal Sekletar 2014-03-28 19:06:57 EDT
This should be fixed now in both rawhide and F20.

Note You need to log in before you can comment on or make changes to this bug.