ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: [Wireshark-dev] Falco Bridge plugin and libsinsp+libscap license compatibility

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Wed, 16 Mar 2022 14:52:38 -0700
Hi all,

I recently opened MR 6406, which adds a Falco Bridge dissector plugin which links to libsinsp+libscap[2] and provides dissection of log messages via Falco plugins[3]. It's currently marked as a draft because there are a couple of issues that potentially affect the project as a whole. The first is that libsinsp and libscap are available under the Apache 2.0 license. They additionally use the following libraries which have varying licenses:

- b64: MIT
- c-ares: MIT
- curl: MIT
- GRPC: Apache 2.0
- jq: MIT
- JsonCpp: MIT
- LuaJIT: MIT
- OpenSSL: SSLeay for versions < 3.0, Apache 2.0 for versions >= 3.0
- Protobuf: BSD-3-Clause
- oneTBB: Apache 2.0
- zlib: zlib

The FSF considers an application and its libraries a larger, combined work, and that while the Apache 2.0 license is compatible with the GPLv3, it is not with the GPLv2[4]. The ASF disagrees; the Apache 2.0 license has a "Derivative Works" clause which says that linking *doesn't* create a combined work[5].

We ran into this issue in the past when MaxMind switched the license of their C library to Apache 2.0. My solution at the time was to split GeoIP resolution into a separate process (mmdbresolve) and assign a compatible license (MIT) to mmdbresolve.c. Unfortunately I don't think that will work for a dissector due to performance requirements and the dissection API's surface area.

I spoke with a licensing attorney about this, and he didn't see an issue with shipping an Apache 2.0-licensed plugin. Since Wireshark itself is licensed under the GPL-2.0-or-later, any license compatibility issues should be taken care of by its "any later version" provision. This seems to be supported by the FSF[6].


My current plan is to merge 6406 and leave our current license text intact. However, I wanted to get everyone's opinion before doing so. I'm open to switching our license to GPL-3.0-or-later, but that warrants a separate discussion.


The second issue is that it would be our first hybrid C/C++ plugin. This is almost trivial compared to the licensing issue, but should at least be noted.


[1]https://gitlab.com/wireshark/wireshark/-/merge_requests/6406
[2]https://github.com/falcosecurity/libs/
[3]https://github.com/falcosecurity/plugins/
[4]https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses
[5]https://www.apache.org/licenses/LICENSE-2.0
[5]https://opensource.stackexchange.com/questions/1357/can-i-link-a-apache-2-0-library-into-software-under-gplv2
[6]http://www.gnu.org/licenses/gpl-faq.html#v2v3Compatibility
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube