forked from osmocom/wireshark
104 lines
3.4 KiB
Plaintext
104 lines
3.4 KiB
Plaintext
The following guidelines should be followed by anyone distributing a software
|
|
package containing Wireshark:
|
|
|
|
1. URLs.
|
|
|
|
1.1. Wireshark web site.
|
|
|
|
The Wireshark web site URL is https://www.wireshark.org/ .
|
|
|
|
1.2. Wireshark releases.
|
|
|
|
The canonical location for every Wireshark source release is
|
|
|
|
https://www.wireshark.org/download/src/all-versions/, e.g.
|
|
|
|
https://www.wireshark.org/download/src/all-versions/wireshark-2.6.5.tar.xz
|
|
|
|
If your packaging system downloads a copy of the Wireshark sources, use
|
|
this location. Don't use https://www.wireshark.org/download/src.
|
|
|
|
1.3. Artwork.
|
|
|
|
Logo and icon artwork can be found in the "image" directory in the
|
|
distribution. This is available online at
|
|
|
|
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=tree;f=image;hb=HEAD
|
|
|
|
2. Licensing.
|
|
|
|
Wireshark is released under the GNU General Public License version 2 or
|
|
newer. Make sure your package complies with this license.
|
|
|
|
3. Privileges.
|
|
|
|
All function calls that require elevated privileges are in dumpcap.
|
|
|
|
WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN
|
|
THEM AS ROOT.
|
|
|
|
Warnings are displayed when Wireshark and TShark are run as root.
|
|
|
|
There are several configure-time options on non-Windows systems that
|
|
affect the privileges a normal user needs to capture traffic and list
|
|
interfaces:
|
|
|
|
-DDUMPCAP_INSTALL_OPTION=capabilities
|
|
Install dumpcap with cap_net_admin and cap_net_raw capabilities.
|
|
Linux only.
|
|
|
|
-DDUMPCAP_INSTALL_OPTION=suid
|
|
Install dumpcap setuid root.
|
|
|
|
These are necessary for non-root users to be able to capture on most
|
|
systems, e.g. on Linux or FreeBSD if the user doesn't have permissions
|
|
to access /dev/bpf*. Setcap installation is preferred over setuid on
|
|
Linux. If "-DDUMPCAP_INSTALL_OPTION=capabilities" is used it will
|
|
override any setuid settings.
|
|
|
|
The "-DENABLE_CAP" option is only useful when dumpcap is installed
|
|
setuid. If it is enabled dumpcap will try to drop any setuid privileges
|
|
it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
|
|
capabilities. It is enabled by default, if the Linux capabilities
|
|
library (on which it depends) is found.
|
|
|
|
Note that enabling setcap or setuid installation allows packet capture
|
|
for ALL users on your system. If this is not desired, you can restrict
|
|
dumpcap execution to a specific group or user. The following two examples
|
|
show how to restrict access using setcap and setuid respectively:
|
|
|
|
# groupadd -g packetcapture
|
|
# chmod 750 /usr/bin/dumpcap
|
|
# chgrp packetcapture /usr/bin/dumpcap
|
|
# setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap
|
|
|
|
# groupadd -g packetcapture
|
|
# chgrp packetcapture /usr/bin/dumpcap
|
|
# chmod 4750 /usr/bin/dumpcap
|
|
|
|
4. Customization.
|
|
|
|
Custom version information can be added by creating a file called
|
|
"version.conf" and running "make-version.pl -p". See make-version.pl for
|
|
details. If your package contains significant changes we recommend that
|
|
you use this to differentiate it from official Wireshark releases.
|
|
|
|
4.1. Source-level version detection.
|
|
|
|
The Git version corresponding to each release is in version.h. It's
|
|
defined as a string. If you need a numeric definition, let us know.
|
|
|
|
5. Trademarks.
|
|
|
|
Wireshark and the "fin" logo are registered trademarks of the Wireshark
|
|
Foundation.
|
|
|
|
6. Spelling.
|
|
|
|
Wireshark is spelled with a capital "W", and with everything else lower
|
|
case. E.g., "WireShark" is incorrect.
|
|
|
|
|
|
If you have a question not addressed here, send it to
|
|
wireshark-dev@wireshark.org.
|