On 07/13/14 16:50, Landry Breuil wrote: > Hi, > > so it's been a while this hasn't been debated, and i think the general > consensus is now 'why are we applying stronger stance against wireshark > compared to other monsters in the tree?' - right now, ppl are either > installing it themselves from source, not updating it, running it as > root, fiddling with perms on bpf, etc. > > The idea is to import it (and update it!), the binary doing the capture > and needing privileges is separated (but DOESNT do privdrop), so we > might aswell install it setuid root, group _wireshark and mode 4550. > > This way, only users in the _wireshark group (gid 735 to reserve) might > be able to do captures, and only the captures are done as root. Almost > works ootb, you just need to add yourself to _wireshark. Might warrant a > MESSAGE ? > > This is exactly > https://github.com/jasperla/openbsd-wip/tree/master/net/wireshark, > updated to 1.10.8, with all the flavor goos removed (python is broken, > why bother with a gtk2 version, etc). Python support might come back if > fixed in the devel version (which moved to qt) but atm the latter is > only at 1.12.0rc2, while 1.8/1.10 has been somewhat tested. > > oks to import/bikeshed ? > > Landry >
I seem to recall it might have been me that put this there or at least an older version. You don't capture with wireshark, you use it as a graphical display tool only. Using tcpdump to create a file. The other way is to pipe tcpdump output into wireshark, sudo tcpdump -w - | wireshark -k -i - I never run this wireshark thing as root, what others do that's their choice. The other idea was to replace the binary with a wrapper around tcpdump, can't recall at this time but many arguments are equivalent to tcpdump's, I think only the calls to return a list of interfaces where extra. Wireshark is fine as a graphic display tool for network traffic. The other issue was SSL, GPL v3 sometime since I looked. http://www.wireshark.org/lists/wireshark-dev/201205/msg00167.html https://wireshark.org/lists/wireshark-dev/201203/msg00171.html GNUTLS is now LGPL v2.1+, so the SSL might be working again. Looked wireshark is using old depreciated calls for GTK+3, at least in the Makefile. GTK2 did work, quite often GTK+3 version didn't build. The later versions are moved to QT this is QT5, but haven't looked recently, sure we don't have QT5 in the ports yet. QT5 might have an impact on the kde4 ports. WVER/VER is a hangover from development version, but since no QT5, never been started. WVER is used in the plist. VER should be replaced by WVER.
