175039128a
Change-Id: I9bfc57cb6b6ab6962b80ff58d98eb351d6f69829 Reviewed-on: https://code.wireshark.org/review/4140 Reviewed-by: Gerald Combs <gerald@wireshark.org>
112 lines
3.8 KiB
Text
112 lines
3.8 KiB
Text
The following guidelines should be followed by anyone distributing a software
|
|
package containing Wireshark:
|
|
|
|
1. URLs.
|
|
|
|
1.1. Wireshark web site.
|
|
|
|
The Wireshark web site URL is https://www.wireshark.org/ .
|
|
|
|
1.2. Wireshark releases.
|
|
|
|
The canonical location for every Wireshark source release is
|
|
|
|
https://www.wireshark.org/download/src/all-versions/, e.g.
|
|
|
|
https://www.wireshark.org/download/src/all-versions/wireshark-0.99.55.tar.bz2
|
|
|
|
If your packaging system downloads a copy of the Wireshark sources, use
|
|
this location. Don't use https://www.wireshark.org/download/src.
|
|
|
|
1.3. Artwork.
|
|
|
|
Logo and icon artwork can be found in the "image" directory in the
|
|
distribution. This is available online at
|
|
|
|
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=tree;f=image;hb=HEAD
|
|
|
|
2. Licensing.
|
|
|
|
Wireshark is released under the GNU General Public License version 2 or
|
|
newer. Make sure your package complies with this license.
|
|
|
|
3. Privileges.
|
|
|
|
In versions up to and including 0.99.6, it was necessary to run
|
|
Wireshark with elevated privileges in order to be able to capture
|
|
traffic. With version 0.99.7, all function calls that require elevated
|
|
privileges have been moved out of the GUI to dumpcap.
|
|
|
|
WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN
|
|
THEM AS ROOT.
|
|
|
|
Warnings are displayed when Wireshark and TShark are run as root.
|
|
|
|
There are several configure-time options on non-Windows systems that
|
|
affect the privileges a normal user needs to capture traffic and list
|
|
interfaces:
|
|
|
|
--enable-setcap-install Install dumpcap with cap_net_admin and
|
|
cap_net_raw capabilities. Linux only.
|
|
|
|
--enable-setuid-install Install dumpcap setuid root.
|
|
|
|
--with-libcap If running as root, try to grab
|
|
CAP_NET_ADMIN and CAP_NET_RAW, then drop
|
|
privileges. Linux only.
|
|
|
|
--with-dumpcap-group=... Restricts dumpcap execution to the
|
|
specified group.
|
|
|
|
These are necessary for non-root users to be able to capture on most
|
|
systems, e.g. on Linux or FreeBSD if the user doesn't have permissions
|
|
to access /dev/bpf*. Setcap installation is preferred over setuid on
|
|
Linux. If "--enable-setcap-install" is used it will override any setuid
|
|
settings.
|
|
|
|
The "--with-libcap" option is only useful when dumpcap is installed
|
|
setuid. If it is enabled dumpcap will try to drop any setuid privileges
|
|
it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
|
|
capabilities. It is enabled by default, if the Linux capabilities
|
|
library (on which it depends) is found.
|
|
|
|
Note that enabling setcap or setuid installation allows packet capture
|
|
for ALL users on your system. If this is not desired, you can restrict
|
|
dumpcap execution to a specific group or user. The following two examples
|
|
show how to restrict access using setcap and setuid respectively:
|
|
|
|
# groupadd -g packetcapture
|
|
# chmod 750 /usr/bin/dumpcap
|
|
# chgrp packetcapture /usr/bin/dumpcap
|
|
# setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap
|
|
|
|
# groupadd -g packetcapture
|
|
# chgrp packetcapture /usr/bin/dumpcap
|
|
# chmod 4750 /usr/bin/dumpcap
|
|
|
|
4. Customization.
|
|
|
|
Custom version information can be added by creating a file called
|
|
"version.conf" and running "make-version.pl -p". See make-version.pl for
|
|
details. If your package contains significant changes we recommend that
|
|
you use this to differentiate it from official Wireshark releases.
|
|
|
|
4.1. Source-level version detection.
|
|
|
|
The Git version corresponding to each release is in version.h. It's
|
|
defined as a string. If you need a numeric definition, let us know.
|
|
|
|
5. Trademarks.
|
|
|
|
Wireshark and the "fin" logo are registered trademarks of the Wireshark
|
|
Foundation.
|
|
|
|
6. Spelling.
|
|
|
|
Wireshark is spelled with a capital "W", and with everything else lower
|
|
case. E.g., "WireShark" is incorrect.
|
|
|
|
|
|
If you have a question not addressed here, send it to
|
|
wireshark-dev@wireshark.org.
|