Re: my purpose [for building with support for Lua in Linux (Ubuntu 20.04)]

[Vincent Randal <vtrandal () gmail com>]

On Sat, May 22, 2021 at 3:51 AM Guy Harris <gharris () sonic net> wrote:

> On May 21, 2021, at 8:03 PM, Vincent Randal <vtrandal () gmail com> wrote:
>
> > I've plans to use Lua to control tshark behavior in scripts, IF ... I
> can get Wireshark to build with support for Lua in Ubuntu 20.4, ... But so
> far I am not having any luck. I found this piece of documentation that says
> ...
> > "Wireshark contains an embedded Lua 5.2 interpreter ..."
> > I believe that's true for Windows but not Linux.
>
> On an Ubuntu 20.04 system (virtual machine):
>
> ubu20-04$ apt list | egrep wireshark
>
> WARNING: apt does not have a stable CLI interface. Use with caution in
> scripts.
>
> libndpi-wireshark/focal 2.6-5 amd64
> libvirt-wireshark/focal-updates 6.0.0-0ubuntu8.9 amd64
> libwireshark-data/focal,focal,now 3.2.3-1 all [installed,automatic]
> libwireshark-dev/focal 3.2.3-1 amd64
> libwireshark13/focal,now 3.2.3-1 amd64 [installed,automatic]
> wireshark-common/focal,now 3.2.3-1 amd64 [installed,automatic]
> wireshark-dev/focal 3.2.3-1 amd64
> wireshark-doc/focal,focal 3.2.3-1 all
> wireshark-gtk/focal 3.2.3-1 amd64
> wireshark-qt/focal,now 3.2.3-1 amd64 [installed]
> wireshark/focal,now 3.2.3-1 amd64 [installed,automatic]
>
> so it has Wireshark installed from an Ubuntu package.
>
> ubu20-04$ which tshark
> /bin/tshark
>
> so if I just run "tshark" from the command line, it runs the version
> installed from the standard Ubuntu package.
>
> ubu20-04$ tshark --version
> TShark (Wireshark) 3.2.3 (Git v3.2.3 packaged as 3.2.3-1)
>
> Copyright 1998-2020 Gerald Combs <gerald () wireshark org> and contributors.
> License GPLv2+: GNU GPL version 2 or later <
> https://www.gnu.org/licenses/gpl-2.0.html>
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>
> Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with
> libnl 3,
> with GLib 2.64.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0,
> with Lua
> 5.2.4, with GnuTLS 3.6.13 and PKCS #11 support, with Gcrypt 1.8.5, with MIT
> Kerberos, with MaxMind DB resolver, with nghttp2 1.40.0, with brotli, with
> LZ4,
> with Zstandard, with Snappy, with libxml2 2.9.10.
>
> Running on Linux 5.8.0-53-generic, with Intel(R) Core(TM) i9-9980HK CPU @
> 2.40GHz (with SSE4.2), with 7932 MB of physical memory, with locale
> en_US.UTF-8,
> with libpcap version 1.9.1 (with TPACKET_V3), with GnuTLS 3.6.13, with
> Gcrypt
> 1.8.5, with brotli 1.0.7, with zlib 1.2.11, binary plugins supported (0
> loaded).
>
> Built using gcc 9.3.0.
>
> so it *is* built with Lua support ("with Lua 5.2.4" in the "Compiled ...
> with" string).
>
> So it is certainly possible to build Lua support into Wireshark if you're
> building it for Linux - the Ubuntu maintainers have done so.
>
> If, however, you want to build your *own* version of Wireshark from
> source, and have it include feature XXX, you must make sure that all the
> *developer* packages needed for feature XXX are installed - having the
> end-user packages is *not* enough, as that provides only enough files to
> allow programs *already compiled* with those packages to run, it's *not*
> enough to compile programs using them, as it doesn't, for example, include
> header files.
>
> On Debian, and on Debian-based distributions such as Ubuntu, the easiest
> way to do that is to run
>
>         tools/debian-setup.sh --install-optional
>
> which will attempt to install all packages needed to build Wireshark *and*
> all packages not required to build Wireshark, but required to add certain
> features to the Wireshark you're building, such as Lua support.
>
> Once you have done that.
>
> > I have lots of questions:
> > 1. Before running cmake how can I tell the appropriate "with-lua" sort
> of switch is enabled?
>
> By making sure that the appropriate package for Lua is installed.  That's
> liblua5.2-dev.
>
> The easiest way to make sure it's installed is to run
>
>         tools/debian-setup.sh --install-optional
Thank you. Graham had the same suggestion. This helped tremendously. I was
doing it the hard way trying to manage dependencies myself.

> before running CMake.
>
> > 2. After running cmake how can I tell I got what I wanted i.e. that it
> found Lua and make will build with support for Lua?
>
> Check the output of CMake to see if it says, in the list shown after "--
> The following OPTIONAL packages have been found:":
>
>         * LUA (required version >= 5.1)
Thank you. After running [tools/debian-detup.sh --install-optional] then I
did indeed see LUA in the OPTIONAL packages that were found.

> > 3. If it does not find Lua how do I fix that?
>
> Make sure liblua5.2-dev is installed.  (If you've already run CMake before
> running tools/debian-setup.sh --install-optional, you *might* have to
> remove the directory in which you ran it, create a new directory in which
> to do the build, and re-run CMake, so that there isn't any cached "sorry, I
> didn't find Lua" indication left around.)
Thank you. I did have to remove the build directory and re-run cmake in a
fresh new (empty) directory.

> > 4. When the build succeeds how do I compensate for the difference sudo
> and non-sudo seem to have on tshark? Non-sudo invokation runs my lua
> scripts. Sudo invocations don't.
>
> Don't run with sudo.  You should *NEVER* run TShark or Wireshark under
> sudo.  To quote section 3.11.1 "Packaging Guidelines":
>
>
> https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBinary.html#ChSrcVersioning
>
> of the Wireshark Developer's Guide:
>
>         Privileges
>         All function calls that require elevated privileges are in dumpcap.
>
>         WIRESHARK CONTAINS OVER THREE MILLION LINES OF SOURCE CODE. DO NOT
> RUN THEM AS ROOT. <== Got it Thanks!
>
> Instead, run CMake with the option -DDUMPCAP_INSTALL_OPTION=capabilities.
> Then, if you install Wireshark with "sudo cmake install", it will install
> the dumpcap program with sufficient Linux capabilities to do capturing on
> network interfaces.
Thank you. That works. And -DDUMPCAP_INSTALL_OPTION=suid also seems to
work. Now, I've got tshark running Lua scripts and dissecting packets.

> Unfortunately, if you want to do captures by running Wireshark or TShark
> from the *build* directory, just giving the dumpcap binary in the build
> directory may not work; I suspect the problem is that the run-time linker
> determines that dumpcap is being run with elevated privileges and refuses
> to look in arbitrary places - including the build directory - for shared
> libraries, so dumpcap doesn't start up.
>
> > 5. And assuming (with some help) I get past the above issues, how much
> control can lua scripts expert over tshark and Wireshark?
>
> To see what Lua scripts can do, see Chapter 10 "Lua Support in Wireshark":
>
>         https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm.html
>
> and Chapter 11 "Wireshark’s Lua API Reference Manual":
>
>
> https://www.wireshark.org/docs/wsdg_html_chunked/wsluarm_modules.html
>
> of the Wireshark developer's guide.
>
> If what you want to do is *not* there, then a Lua script probably *can't*
> do it.
Exactly. I should set my expectations accordingly. Thank you.

> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe