about summary refs log tree commit diff
path: root/nixpkgs/pkgs/applications/networking/sniffers/wireshark
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/sniffers/wireshark')
-rw-r--r--nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix108
-rw-r--r--nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch63
2 files changed, 171 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix
new file mode 100644
index 000000000000..230bb2d4fe41
--- /dev/null
+++ b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix
@@ -0,0 +1,108 @@
+{ lib, stdenv, fetchurl, pkg-config, pcre, perl, flex, bison, gettext, libpcap, libnl, c-ares
+, gnutls, libgcrypt, libgpgerror, geoip, openssl, lua5, python3, libcap, glib
+, libssh, nghttp2, zlib, cmake, makeWrapper
+, withQt ? true, qt5 ? null
+, ApplicationServices, SystemConfiguration, gmp
+}:
+
+assert withQt  -> qt5  != null;
+
+with lib;
+
+let
+  version = "3.4.5";
+  variant = if withQt then "qt" else "cli";
+
+in stdenv.mkDerivation {
+  pname = "wireshark-${variant}";
+  inherit version;
+  outputs = [ "out" "dev" ];
+
+  src = fetchurl {
+    url = "https://www.wireshark.org/download/src/all-versions/wireshark-${version}.tar.xz";
+    sha256 = "sha256-3hqv0QCh4SB8hQ0YDpfdkauNoPXra+7FRfclzbFF0zM=";
+  };
+
+  cmakeFlags = [
+    "-DBUILD_wireshark=${if withQt then "ON" else "OFF"}"
+    "-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}"
+    # Fix `extcap` and `plugins` paths. See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16444
+    "-DCMAKE_INSTALL_LIBDIR=lib"
+  ];
+
+  # Avoid referencing -dev paths because of debug assertions.
+  NIX_CFLAGS_COMPILE = [ "-DQT_NO_DEBUG" ];
+
+  nativeBuildInputs = [ bison cmake flex makeWrapper pkg-config ] ++ optional withQt qt5.wrapQtAppsHook;
+
+  buildInputs = [
+    gettext pcre perl libpcap lua5 libssh nghttp2 openssl libgcrypt
+    libgpgerror gnutls geoip c-ares python3 glib zlib
+  ] ++ optionals withQt  (with qt5; [ qtbase qtmultimedia qtsvg qttools ])
+    ++ optionals stdenv.isLinux  [ libcap libnl ]
+    ++ optionals stdenv.isDarwin [ SystemConfiguration ApplicationServices gmp ]
+    ++ optionals (withQt && stdenv.isDarwin) (with qt5; [ qtmacextras ]);
+
+  patches = [ ./wireshark-lookup-dumpcap-in-path.patch ];
+
+  postPatch = ''
+    sed -i -e '1i cmake_policy(SET CMP0025 NEW)' CMakeLists.txt
+  '';
+
+  preBuild = ''
+    export LD_LIBRARY_PATH="$PWD/run"
+  '';
+
+  postInstall = ''
+    # to remove "cycle detected in the references"
+    mkdir -p $dev/lib/wireshark
+    mv $out/lib/wireshark/cmake $dev/lib/wireshark
+  '' + (if stdenv.isDarwin && withQt then ''
+    mkdir -p $out/Applications
+    mv $out/bin/Wireshark.app $out/Applications/Wireshark.app
+
+    for f in $(find $out/Applications/Wireshark.app/Contents/PlugIns -name "*.so"); do
+        for dylib in $(otool -L $f | awk '/^\t*lib/ {print $1}'); do
+            install_name_tool -change "$dylib" "$out/lib/$dylib" "$f"
+        done
+    done
+
+    wrapQtApp $out/Applications/Wireshark.app/Contents/MacOS/Wireshark
+  '' else optionalString withQt ''
+    install -Dm644 -t $out/share/applications ../wireshark.desktop
+
+    install -Dm644 ../image/wsicon.svg $out/share/icons/wireshark.svg
+    mkdir $dev/include/{epan/{wmem,ftypes,dfilter},wsutil,wiretap} -pv
+
+    cp config.h $dev/include/wireshark/
+    cp ../ws_*.h $dev/include
+    cp ../epan/*.h $dev/include/epan/
+    cp ../epan/wmem/*.h $dev/include/epan/wmem/
+    cp ../epan/ftypes/*.h $dev/include/epan/ftypes/
+    cp ../epan/dfilter/*.h $dev/include/epan/dfilter/
+    cp ../wsutil/*.h $dev/include/wsutil/
+    cp ../wiretap/*.h $dev/include/wiretap
+  '');
+
+  dontFixCmake = true;
+
+  shellHook = ''
+    # to be able to run the resulting binary
+    export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1
+  '';
+
+  meta = with lib; {
+    homepage = "https://www.wireshark.org/";
+    description = "Powerful network protocol analyzer";
+    license = licenses.gpl2Plus;
+
+    longDescription = ''
+      Wireshark (formerly known as "Ethereal") is a powerful network
+      protocol analyzer developed by an international team of networking
+      experts. It runs on UNIX, macOS and Windows.
+    '';
+
+    platforms = platforms.linux ++ platforms.darwin;
+    maintainers = with maintainers; [ bjornfor fpletz ];
+  };
+}
diff --git a/nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch
new file mode 100644
index 000000000000..549da5436e60
--- /dev/null
+++ b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch
@@ -0,0 +1,63 @@
+From 5bef9deeff8a2e4401de0f45c9701cd6f98f29d8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
+Date: Thu, 26 Nov 2015 21:03:35 +0100
+Subject: [PATCH] Lookup dumpcap in PATH
+
+NixOS patch: Look for dumpcap in PATH first, because there may be a
+dumpcap wrapper that we want to use instead of the default
+non-setuid dumpcap binary.
+
+Also change execv() to execvp() because we've set argv[0] to "dumpcap"
+and have to enable PATH lookup. Wireshark is not a setuid program, so
+looking in PATH is not a security issue.
+
+Signed-off-by: Franz Pletz <fpletz@fnordicwalking.de>
+---
+ capchild/capture_sync.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/capchild/capture_sync.c b/capchild/capture_sync.c
+index 970688e..49914d5 100644
+--- a/capchild/capture_sync.c
++++ b/capchild/capture_sync.c
+@@ -332,7 +332,18 @@ init_pipe_args(int *argc) {
+ #ifdef _WIN32
+     exename = g_strdup_printf("%s\\dumpcap.exe", progfile_dir);
+ #else
+-    exename = g_strdup_printf("%s/dumpcap", progfile_dir);
++    /*
++     * NixOS patch: Look for dumpcap in PATH first, because there may be a
++     * dumpcap wrapper that we want to use instead of the default
++     * non-setuid dumpcap binary.
++     */
++    if (system("command -v dumpcap >/dev/null") == 0) {
++        /* Found working dumpcap */
++        exename = g_strdup_printf("dumpcap");
++    } else {
++        /* take Wireshark's absolute program path and replace "Wireshark" with "dumpcap" */
++        exename = g_strdup_printf("%s/dumpcap", progfile_dir);
++    }
+ #endif
+ 
+     /* Make that the first argument in the argument list (argv[0]). */
+@@ -729,7 +740,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi
+          */
+         dup2(sync_pipe[PIPE_WRITE], 2);
+         ws_close(sync_pipe[PIPE_READ]);
+-        execv(argv[0], argv);
++        execvp(argv[0], argv);
+         g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
+                    argv[0], g_strerror(errno));
+         sync_pipe_errmsg_to_parent(2, errmsg, "");
+@@ -997,7 +1008,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
+         dup2(sync_pipe[PIPE_WRITE], 2);
+         ws_close(sync_pipe[PIPE_READ]);
+         ws_close(sync_pipe[PIPE_WRITE]);
+-        execv(argv[0], argv);
++        execvp(argv[0], argv);
+         g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
+                    argv[0], g_strerror(errno));
+         sync_pipe_errmsg_to_parent(2, errmsg, "");
+-- 
+2.6.3
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-01 11:05:41 +0000