此文介绍在 Linux 上编译 Wireshark 的相关内容. 在 Windows/MacOS 上编译在 Wireshark 的二次开发中, 那文章写的比较全, 但是距离现在太久了. 后续文章基于新版本 Wireshark (3.x).

1 准备工作

  • 准备源码

可使用 Git: 

  1. $ git clone https://gitlab.com/wireshark/wireshark.git

或从 https://www.wireshark.org/index.html#download 下载源码包.

  • 安装 CMake, Ninja, Lua, flex, bison 等工具
  • 安装 glib, pcap, gcrypt, c-ares 等开发包

如果不知道需要安装哪些包, 可以直接跳到下面的步骤进行编译, 编译时缺少了什么包 CMake 会提示的. 如果是 Ubuntu 系统可以用 apt search 或到 https://packages.ubuntu.com/ 搜索.

2 设置编译选项

以下使用 <wireshark> 来指 Wireshark 源码主目录.

可以使用 cmake -LH <wireshark> 来查看可用的编译选项. 这里罗列一些.

选项 类型 说明
BUILD_tshark BOOL 是否编译tshark
BUILD_wireshark BOOL 是否编译wireshark, 不需要图形界面时可以关闭
CMAKE_BUILD_TYPE STRING 编译类型, 可取值Debug Release RelWithDebInfo MinSizeRel
ENABLE_PCAP BOOL 是否支持libpcap, 需要抓包时必须开启
ENABLE_CARES BOOL 是否支持c-ares, 默认开
ENABLE_LUA BOOL 是否支持Lua脚本解析器
ENABLE_PLUGINS BOOL 是否支持(二进制)插件
ENABLE_STATIC BOOL 是否编译为静态库, 默认关

:::warning 调用 cmake -LH 命令后源码目录会生成 CMake 相关文件, 如果不删除后续编译可能会失败, 如果报错请删除源码目录的 CMakeCache.txt 文件 和 CMakeFiles/ 目录 :::

3 编译(no GUI)

我选择编译 no GUI 的 wireshark, 并以 Debug 模式编译:

  1. $ makdir -p wireshark_build
  2. $ cd wirehark_build/
  3. $ cmake -G Ninja -DCMAKE_BUILD_TYPE=Debug -DBUILD_wireshark=off -DENABLE_LUA=on <wireshark>
  4. $ ninja

编译 ninja 等命令编译前, cmake 命令会显示当前配置信息, 如已经安装了哪些依赖库, 这经常会很有用, 如:

  1. zzq@vbox:~/dev/wireshark_build
  2. $cmake -G Ninja -DCMAKE_BUILD_TYPE=Debug -DBUILD_wireshark=off -DENABLE_LUA=on ../wireshark
  3. -- The C compiler identification is GNU 9.3.0
  4. -- The CXX compiler identification is GNU 9.3.0
  5. ...
  6. -- Found python module make-plugin-reg: /home/zzq/dev/wireshark/tools/make-plugin-reg.py
  7. -- C-Flags: -fvisibility=hidden  -fexcess-precision=fast -Wall -Wextra -Wendif-labels -Wpointer-arith -Wformat-security -fwrapv -fno-strict-overflow -Wvla -Waddress -Wattributes -Wdiv-by-zero -Wignored-qualifiers -Wpragmas -Wno-overlength-strings -Wno-long-long -Wframe-larger-than=32768 -Wc++-compat -Wunused-const-variable -Wshadow -Wold-style-definition -Wstrict-prototypes -Wlogical-op -Wjump-misses-init -Werror=implicit -Wno-pointer-sign -std=gnu99  -fmacro-prefix-map=/home/zzq/dev/wireshark/= -fmacro-prefix-map=/home/zzq/dev/wireshark_build/= -g
  8. -- CXX-Flags:  -fexcess-precision=fast -Wall -Wextra -Wendif-labels -Wpointer-arith -Wformat-security -fwrapv -fno-strict-overflow -Wvla -Waddress -Wattributes -Wdiv-by-zero -Wignored-qualifiers -Wpragmas -Wno-overlength-strings -Wno-long-long -Wframe-larger-than=32768 -Wextra-semi  -fmacro-prefix-map=/home/zzq/dev/wireshark/= -fmacro-prefix-map=/home/zzq/dev/wireshark_build/= -g
  9. -- Warnings as errors disabled
  10. -- The following OPTIONAL packages have been found:
  12.  * Git
  13.  * GMODULE2
  14.  * PCAP
  15.  * ZLIB
  16.  * LUA (required version >= 5.1)
  17.  * SETCAP
  19. -- The following REQUIRED packages have been found:
  21.  * GLIB2 (required version >= 2.32.0)
  22.  * GTHREAD2
  23.  * GCRYPT (required version >= 1.4.2)
  24.  * CARES (required version >= 1.5.0), Library for asynchronous DNS requests, <https://c-ares.haxx.se/>
  25.    DNS name resolution for captures
  26.  * LEX
  27.  * YACC
  28.  * Perl
  29.  * Python3 (required version >= 3.4)
  30.  * M
  31.  * POD
  33. -- The following OPTIONAL packages have not been found:
  35.  * Gettext
  36.  * LIBSSH (required version >= 0.6), Library for implementing SSH clients, <https://www.libssh.org/>
  37.    extcap remote SSH interfaces (sshdump, ciscodump)
  38.  * Systemd, System and Service Manager (libraries), <https://freedesktop.org/wiki/Software/systemd/>
  39.    Support for systemd journal extcap interface (sdjournal)
  40.  * MaxMindDB, C library for the MaxMind DB file format, <https://github.com/maxmind/libmaxminddb>
  41.    Support for GeoIP lookup
  42.  * SMI
  43.  * GNUTLS (required version >= 3.2.0)
  44.  * KERBEROS
  45.  * Minizip, C library for supporting zip/unzip functionality, <https://www.winimage.com/zLibDll/minizip.html>
  46.    Support for profiles import/export
  47.  * BROTLI
  48.  * LZ4, LZ4 is lossless compression algorithm used in some protocol (CQL...), <http://www.lz4.org>
  49.    LZ4 decompression in CQL and Kafka dissectors
  50.  * SNAPPY, A fast compressor/decompressor from Google, <https://google.github.io/snappy/>
  51.    Snappy decompression in CQL and Kafka dissectors
  52.  * ZSTD (required version >= 1.0.0), A compressor/decompressor from Facebook providing better compression than Snappy at a cost of speed, <https://facebook.github.io/zstd/>
  53.    Zstd decompression in Kafka dissector
  54.  * NGHTTP2, HTTP/2 C library and tools, <https://nghttp2.org>
  55.    Header decompression in HTTP2
  56.  * NL, Libraries for using the Netlink protocol on Linux, <https://www.infradead.org/~tgr/libnl/>
  57.    Support for managing wireless 802.11 interfaces
  58.  * SBC, Bluetooth low-complexity, subband codec (SBC) decoder, <https://git.kernel.org/pub/scm/bluetooth/sbc.git>
  59.    Support for playing SBC codec in RTP player
  60.  * SPANDSP, a library of many DSP functions for telephony, <https://www.soft-switch.org>
  61.    Support for G.722 and G.726 codecs in RTP player
  62.  * BCG729, G.729 decoder, <https://www.linphone.org/technical-corner/bcg729/overview>
  63.    Support for G.729 codec in RTP player
  64.  * ILBC, iLBC decoder, <https://github.com/TimothyGu/libilbc>
  65.    Support for iLBC codec in RTP player
  66.  * OPUS, opus decoder, <https://opus-codec.org/>
  67.    Support for opus codec in RTP player
  68.  * LibXml2
  69.  * CAP, The Libcap package implements the user-space interfaces to the POSIX 1003.1e capabilities available in Linux kernels, <https://sites.google.com/site/fullycapable/>
  70.    Allow packet captures without running as root
  71.  * DOXYGEN
  72.  * SpeexDSP, SpeexDSP is a patent-free, Open Source/Free Software DSP library, <https://www.speex.org/>
  73.    RTP audio resampling
  74.  * Asciidoctor (required version >= 1.5)
  75.  * XSLTPROC
  77. -- Configuring done
  78. -- Generating done
  79. -- Build files have been written to: /home/zzq/dev/wireshark_build

编译后, 可执行程序在 run 目录:

  1. $./tshark -v
  2. TShark (Wireshark) 3.4.5 (v3.4.5-2-gd4f6e13cae41)
  4. Copyright 1998-2021 Gerald Combs <gerald@wireshark.org> and contributors.
  5. License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
  6. This is free software; see the source for copying conditions. There is NO
  7. warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  9. Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
  10. GLib 2.64.6, with zlib 1.2.11, without SMI, with c-ares 1.15.0, with Lua 5.2.4,
  11. without GnuTLS, with Gcrypt 1.8.5, without Kerberos, without MaxMind DB
  12. resolver, without nghttp2, without brotli, without LZ4, without Zstandard,
  13. without Snappy, without libxml2.
  15. Running on Linux 5.4.0-73-generic, with Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz
  16. (with SSE4.2), with 1987 MB of physical memory, with locale en_US.UTF-8, with
  17. libpcap version 1.9.1 (with TPACKET_V3), with Gcrypt 1.8.5, with zlib 1.2.11,
  18. binary plugins supported (0 loaded).
  20. Built using gcc 9.3.0.

4 编译(Win10 + GUI)

// TODO

参考