![]() |
Wireshark
4.3.0
The Wireshark network protocol analyzer
|
This plugin is a bridge between Falco plugins and Wireshark, so that Falco plugins can be used as dissectors. It requires libsinsp and libscap.
-DMINIMAL_BUILD=ON -DCREATE_TEST_TARGETS=OFF
to cmake.Falco plugins can mark individual fields with a conversation flag (EPF_CONVERSATION). The Falco Bridge dissector treats each of these as separate conversations, and for features such as navigation and packet list marking, the first conversation field is used for matching packets.
libsinsp and libscap are released under the Apache 2.0 license. They depend on the following libraries:
Wireshark is released under the GPL version 2 (GPL-2.0-or-later). It and the Apache-2.0 license are compatible via the "any later version" provision in the GPL version 2. As discussed at https://www.wireshark.org/lists/wireshark-dev/202203/msg00020.html, combining Wireshark and libsinsp+libscap should be OK, but that in effect invokes the GPLv2's "any later version" provision, making the Wireshark portion of the combined work GPLv3+.
Debian would appear to concur: https://lists.debian.org/debian-legal/2014/08/msg00102.html.
No version of the GPL is compatible with the SSLeay license; you must ensure that libsinsp+libscap is linked with OpenSSL 3.0 or later.