Wireshark-dev: Re: [Wireshark-dev] Conditional compiles
From: Joerg Mayer <[email protected]>
Date: Tue, 14 Feb 2017 17:41:53 +0100

On Tue, Feb 14, 2017 at 10:01:06AM +0100, Roland Knall wrote:
> HAVE_LIBPCAP not only serves as a check for having libpcap in the first
> place, but also for changing the UI if it is not there. Which would mean,
> that putting a small non-functional header-only satisfying version within
> the repository would lead to versions of Wireshark being build, acting very
> differently then they are supposed to. For instance, remote capture
> capabilities are only enabled, if the corresponding function actually
> exists. Which leads to reduced code and binaries if the function does not.
> Now putting a small reduced function which only serves to satisfy some
> header functionality within the repository would bloat up the general
> binary.

Actually I personally don't like to have a software to sometimes have an item
and sometimes not - an item being greyed out is OK, but missing is not nice,
especially for users trying to follow instructions they found on the internet.
But that is (mostly) a matter of taste.

Wrt the size bloat: I don't buy this argument, as we have many features that
are rarely used - and a stub libpcap wouldn't have to be big, the current
fullblown 64-bit libpcap on my system is 310k. And a version that basically
does not have any Interface access could be much smaller. In case we wanted
to we could stub out the bpf-compiler and other stuff as well, but personally
I think a version that doesn't provide any local capture code would be fine.

Wrt using a full libpcap wherever possible: Sure, but there seem to be some
environments where this isn't possible (e.g. iOS - OK, I'm not aware someone
built Wireshark for it anyway) although I'm not sure whether there exists a
libpcap for iOS or if it just wouldn't manage to enable capturing or whatever.
As far as "security" concerns in companies are concerned: Providing someone
with Admin/root permissions and then providing a crippled version of Wireshark
is corporate lawyer logic - something to be avoided by normal mortals ;->


Joerg Mayer                                           <[email protected]>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.