On Sat, May 22, 2021 at 3:51 AM Guy Harris <ghar...@sonic.net> wrote:
> On May 21, 2021, at 8:03 PM, Vincent Randal <vtran...@gmail.com> wrote: > > > I've plans to use Lua to control tshark behavior in scripts, IF ... I > can get Wireshark to build with support for Lua in Ubuntu 20.4, ... But so > far I am not having any luck. I found this piece of documentation that says > ... > > "Wireshark contains an embedded Lua 5.2 interpreter ..." > > I believe that's true for Windows but not Linux. > > On an Ubuntu 20.04 system (virtual machine): > > ubu20-04$ apt list | egrep wireshark > > WARNING: apt does not have a stable CLI interface. Use with caution in > scripts. > > libndpi-wireshark/focal 2.6-5 amd64 > libvirt-wireshark/focal-updates 6.0.0-0ubuntu8.9 amd64 > libwireshark-data/focal,focal,now 3.2.3-1 all [installed,automatic] > libwireshark-dev/focal 3.2.3-1 amd64 > libwireshark13/focal,now 3.2.3-1 amd64 [installed,automatic] > wireshark-common/focal,now 3.2.3-1 amd64 [installed,automatic] > wireshark-dev/focal 3.2.3-1 amd64 > wireshark-doc/focal,focal 3.2.3-1 all > wireshark-gtk/focal 3.2.3-1 amd64 > wireshark-qt/focal,now 3.2.3-1 amd64 [installed] > wireshark/focal,now 3.2.3-1 amd64 [installed,automatic] > > so it has Wireshark installed from an Ubuntu package. > > ubu20-04$ which tshark > /bin/tshark > > so if I just run "tshark" from the command line, it runs the version > installed from the standard Ubuntu package. > > ubu20-04$ tshark --version > TShark (Wireshark) 3.2.3 (Git v3.2.3 packaged as 3.2.3-1) > > Copyright 1998-2020 Gerald Combs <ger...@wireshark.org> and contributors. > License GPLv2+: GNU GPL version 2 or later < > https://www.gnu.org/licenses/gpl-2.0.html> > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > > Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with > libnl 3, > with GLib 2.64.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, > with Lua > 5.2.4, with GnuTLS 3.6.13 and PKCS #11 support, with Gcrypt 1.8.5, with MIT > Kerberos, with MaxMind DB resolver, with nghttp2 1.40.0, with brotli, with > LZ4, > with Zstandard, with Snappy, with libxml2 2.9.10. > > Running on Linux 5.8.0-53-generic, with Intel(R) Core(TM) i9-9980HK CPU @ > 2.40GHz (with SSE4.2), with 7932 MB of physical memory, with locale > en_US.UTF-8, > with libpcap version 1.9.1 (with TPACKET_V3), with GnuTLS 3.6.13, with > Gcrypt > 1.8.5, with brotli 1.0.7, with zlib 1.2.11, binary plugins supported (0 > loaded). > > Built using gcc 9.3.0. > > so it *is* built with Lua support ("with Lua 5.2.4" in the "Compiled ... > with" string). > > So it is certainly possible to build Lua support into Wireshark if you're > building it for Linux - the Ubuntu maintainers have done so. > > If, however, you want to build your *own* version of Wireshark from > source, and have it include feature XXX, you must make sure that all the > *developer* packages needed for feature XXX are installed - having the > end-user packages is *not* enough, as that provides only enough files to > allow programs *already compiled* with those packages to run, it's *not* > enough to compile programs using them, as it doesn't, for example, include > header files. > > On Debian, and on Debian-based distributions such as Ubuntu, the easiest > way to do that is to run > > tools/debian-setup.sh --install-optional > > which will attempt to install all packages needed to build Wireshark *and* > all packages not required to build Wireshark, but required to add certain > features to the Wireshark you're building, such as Lua support. > > Once you have done that. > > > I have lots of questions: > > 1. Before running cmake how can I tell the appropriate "with-lua" sort > of switch is enabled? > > By making sure that the appropriate package for Lua is installed. That's > liblua5.2-dev. > > The easiest way to make sure it's installed is to run > > tools/debian-setup.sh --install-optional > Thank you. Graham had the same suggestion. This helped tremendously. I was doing it the hard way trying to manage dependencies myself. > > before running CMake. > > > 2. After running cmake how can I tell I got what I wanted i.e. that it > found Lua and make will build with support for Lua? > > Check the output of CMake to see if it says, in the list shown after "-- > The following OPTIONAL packages have been found:": > > * LUA (required version >= 5.1) > Thank you. After running [tools/debian-detup.sh --install-optional] then I did indeed see LUA in the OPTIONAL packages that were found. > > > 3. If it does not find Lua how do I fix that? > > Make sure liblua5.2-dev is installed. (If you've already run CMake before > running tools/debian-setup.sh --install-optional, you *might* have to > remove the directory in which you ran it, create a new directory in which > to do the build, and re-run CMake, so that there isn't any cached "sorry, I > didn't find Lua" indication left around.) > Thank you. I did have to remove the build directory and re-run cmake in a fresh new (empty) directory. > > > 4. When the build succeeds how do I compensate for the difference sudo > and non-sudo seem to have on tshark? Non-sudo invokation runs my lua > scripts. Sudo invocations don't. > > Don't run with sudo. You should *NEVER* run TShark or Wireshark under > sudo. To quote section 3.11.1 "Packaging Guidelines": > > > https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBinary.html#ChSrcVersioning > > of the Wireshark Developer's Guide: > > Privileges > All function calls that require elevated privileges are in dumpcap. > > WIRESHARK CONTAINS OVER THREE MILLION LINES OF SOURCE CODE. DO NOT > RUN THEM AS ROOT. <== Got it Thanks! > > Instead, run CMake with the option -DDUMPCAP_INSTALL_OPTION=capabilities. > Then, if you install Wireshark with "sudo cmake install", it will install > the dumpcap program with sufficient Linux capabilities to do capturing on > network interfaces. > Thank you. That works. And -DDUMPCAP_INSTALL_OPTION=suid also seems to work. Now, I've got tshark running Lua scripts and dissecting packets. > > Unfortunately, if you want to do captures by running Wireshark or TShark > from the *build* directory, just giving the dumpcap binary in the build > directory may not work; I suspect the problem is that the run-time linker > determines that dumpcap is being run with elevated privileges and refuses > to look in arbitrary places - including the build directory - for shared > libraries, so dumpcap doesn't start up. > > > 5. And assuming (with some help) I get past the above issues, how much > control can lua scripts expert over tshark and Wireshark? > > To see what Lua scripts can do, see Chapter 10 "Lua Support in Wireshark": > > https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm.html > > and Chapter 11 "Wiresharkâs Lua API Reference Manual": > > > https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm_modules.html > > of the Wireshark developer's guide. > > If what you want to do is *not* there, then a Lua script probably *can't* > do it. > Exactly. I should set my expectations accordingly. Thank you. > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
