blob: 86d443af64ce1608c59176a2bd90a7a3e66e6d8d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
The following guidelines should be followed by anyone distributing a software
package containing Wireshark:
1. URLs.
1.1. Wireshark web site.
The Wireshark web site URL is https://www.wireshark.org/ .
1.2. Wireshark releases.
The canonical location for every Wireshark source release is
https://www.wireshark.org/download/src/all-versions/, e.g.
https://www.wireshark.org/download/src/all-versions/wireshark-2.6.5.tar.xz
If your packaging system downloads a copy of the Wireshark sources, use
this location. Don't use https://www.wireshark.org/download/src.
1.3. Artwork.
Logo and icon artwork can be found in the "image" directory in the
distribution. This is available online at
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=tree;f=image;hb=HEAD
2. Licensing.
Wireshark is released under the GNU General Public License version 2 or
newer. Make sure your package complies with this license.
3. Privileges.
All function calls that require elevated privileges are in dumpcap.
WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN
THEM AS ROOT.
Warnings are displayed when Wireshark and TShark are run as root.
There are several configure-time options on non-Windows systems that
affect the privileges a normal user needs to capture traffic and list
interfaces:
-DDUMPCAP_INSTALL_OPTION=capabilities
Install dumpcap with cap_net_admin and cap_net_raw capabilities.
Linux only.
-DDUMPCAP_INSTALL_OPTION=suid
Install dumpcap setuid root.
These are necessary for non-root users to be able to capture on most
systems, e.g. on Linux or FreeBSD if the user doesn't have permissions
to access /dev/bpf*. Setcap installation is preferred over setuid on
Linux. If "-DDUMPCAP_INSTALL_OPTION=capabilities" is used it will
override any setuid settings.
The "-DENABLE_CAP" option is only useful when dumpcap is installed
setuid. If it is enabled dumpcap will try to drop any setuid privileges
it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
capabilities. It is enabled by default, if the Linux capabilities
library (on which it depends) is found.
Note that enabling setcap or setuid installation allows packet capture
for ALL users on your system. If this is not desired, you can restrict
dumpcap execution to a specific group or user. The following two examples
show how to restrict access using setcap and setuid respectively:
# groupadd -g packetcapture
# chmod 750 /usr/bin/dumpcap
# chgrp packetcapture /usr/bin/dumpcap
# setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap
# groupadd -g packetcapture
# chgrp packetcapture /usr/bin/dumpcap
# chmod 4750 /usr/bin/dumpcap
4. Customization.
Custom version information can be added by creating a file called
"version.conf" and running "make-version.pl -p". See make-version.pl for
details. If your package contains significant changes we recommend that
you use this to differentiate it from official Wireshark releases.
4.1. Source-level version detection.
The Git version corresponding to each release is in version.h. It's
defined as a string. If you need a numeric definition, let us know.
5. Trademarks.
Wireshark and the "fin" logo are registered trademarks of the Wireshark
Foundation.
6. Spelling.
Wireshark is spelled with a capital "W", and with everything else lower
case. E.g., "WireShark" is incorrect.
If you have a question not addressed here, send it to
wireshark-dev@wireshark.org.
|
