Ubuntu
wireshark package

dumpcap uses obsolete (PF_INET,SOCK_PACKET) at wireshark non-root start

Bug #809813 reported by Raul SA
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Wireshark
Won't Fix
Low
wireshark (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

To reproduce the problem

1- Go to Applications - Internet
2- Click on Wireshark
3- Wireshark starts on non-root mode (no capture interfaces)

dmesg shows : dumpcap uses obsolete (PF_INET,SOCK_PACKET)

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: wireshark 1.4.6-1
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic i686
Architecture: i386
Date: Wed Jul 13 13:36:04 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110426)
ProcEnviron:
 LANGUAGE=es_ES:en
 PATH=(custom, no user)
 LANG=es_ES.UTF-8
 SHELL=/bin/bash
SourcePackage: wireshark
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Raul SA (raulsiguenza) wrote :
Revision history for this message
Evan Huus (eapache) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately, we cannot work on this bug because your description didn't include enough information. Please answer these questions:

* Is this reproducible?
* If so, what specific steps should we take to recreate this bug?

This will help us to find and resolve the problem.

---
Ubuntu Bug Squad Volunteer
http://wiki.ubuntu.com/BugSquad

Changed in wireshark (Ubuntu):
status: New → Incomplete
Revision history for this message
In , Evan Huus (eapache) wrote :

Build Information:
wireshark 1.6.0 (SVN Rev Unknown from unknown)

Copyright 1998-2011 Gerald Combs <email address hidden> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.5, with GLib 2.29.10, with libpcap 1.1.1, with
libz 1.2.3.4, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8,
with c-ares 1.7.4, with Lua 5.1, without Python, with GnuTLS 2.10.5, with Gcrypt
1.5.0, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 12
2011 13:08:27), without AirPcap.

Running on Linux 3.0.0-5-generic, with libpcap version 1.1.1, with libz 1.2.3.4,
GnuTLS 2.10.5, Gcrypt 1.5.0.

Built using gcc 4.6.1.
--
Starting wireshark produces the following warning in dmesg:

dumpcap uses obsolete (PF_INET,SOCK_PACKET)

Revision history for this message
In , Evan Huus (eapache) wrote :

Originally reported to the Ubuntu project:

https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/809813

Revision history for this message
In , Gerald Combs (gerald.combs) wrote :

Wireshark doesn't open raw sockets directly. It relies on libpcap for that. If you're running Wireshark without capture privileges (which is the case according to the Launchpad bug) then this is most likely a byproduct of pcap_activate_linux() in libpcap, which first tries to open a socket using PF_PACKET and if that fails tries with PF_INET.

What happens if you run

  tcpdump -D ; dmesg | tail

on your system as a user without CAP_NET_ADMIN or CAP_NET_RAW capabilities (i.e. a normal user)? On a natty system here I get

[600414.835927] tcpdump uses obsolete (PF_INET,SOCK_PACKET)

Revision history for this message
In , Evan Huus (eapache) wrote :

You're absolutely right. Thanks for such a quick reply!

Revision history for this message
Raul SA (raulsiguenza) wrote :

To reproduce the problem

1- Go to Applications - Internet
2- Click on Wireshark
3- Wireshark starts on non-root mode (no capture interfaces)

description: updated
Revision history for this message
Evan Huus (eapache) wrote :

Thanks for the information. Setting status back to new, and will confirm when I next have access to a Natty box. Probably this evening.

Changed in wireshark (Ubuntu):
status: Incomplete → New
Evan Huus (eapache)
Changed in wireshark (Ubuntu):
status: New → Confirmed
Revision history for this message
Evan Huus (eapache) wrote :

Setting as invalid as per the discussion upstream. See the linked bug in the upstream Wireshark tracker for more details.

Changed in wireshark (Ubuntu):
status: Confirmed → Invalid
Bug Watch Updater (bug-watch-updater)
Changed in wireshark:
importance: Unknown → Low
status: Unknown → Invalid
Revision history for this message
Gerald Combs (gerald.combs) wrote :

This should be fixed in libpcap 1.2 as described at

https://sourceforge.net/tracker/?func=detail&atid=469579&aid=3368133&group_id=53067

Bug Watch Updater (bug-watch-updater)
Changed in wireshark:
status: Invalid → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.