Wireshark-dev: Re: [Wireshark-dev] What Wireshark base version to use for customization

From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Wed, 10 Dec 2014 15:24:26 -0500
On 12/10/2014 3:13 PM, John Dill wrote:

Message: 3
Date: Wed, 10 Dec 2014 19:02:05 +0000
From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] What Wireshark base version to use for
	customization
Message-ID:
	<CALcKHKq5p0Mq_o+hbR3SdcX55522roiwUBb5ea5RFi+ysLN2Dg@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"

On 10 December 2014 at 18:53, John Dill <John.Dill@xxxxxxxxxxxxxxxxx> wrote:


Message: 3
Date: Wed, 10 Dec 2014 11:08:25 -0700
From: Stephen Fisher <sfisher@xxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] What Wireshark base version to use for
       customization
Message-ID: <20141210180825.GA29277@xxxxxxx>
Content-Type: text/plain; charset=us-ascii

On Wed, Dec 10, 2014 at 12:51:23PM -0500, John Dill wrote:

So what restrictions are there when you have a Wireshark plugin that
contains proprietary information (which can be of the do not export
variety) from the govt or customer and they do *not* want that
information released to the public, since Wireshark can be used as a
tool to visualize and analyze these private kinds of protocols?  If
some of that implementation leaks into the Wireshark application (like
hiding all of the unnecessary protocol cruft to make it simpler for
user to use), what are the implications?

Is the proprietary information short, such as encryption keys?  A
preference can be used for things like that and then only if the
user's preferences file is shared will it get out.  If that's a
high-risk, you could even have the dissector/plug-in do something
non-stndard like reading a file for the information (but we probably
wouldn't want that kind of dissector in the base source).

The entire packet stream generated is a proprietary system on top of
TCP and UDP that consists of avionics data, all of which is considered
proprietary.  There are several hundred different packet messages that
contain one to several hundred data elements.

I was curious how the license Wireshark uses applies to this scenario,
since I've created a DLL to process data that is also distributed to a
govt entity, but I'm using an open source project with a GPL license
to translate this data, but the source code that translates the content
they want to keep private.

Regardless, there's no way I would be allowed to submit this plugin to
the public Wireshark repository (not without serious legal/employment
consequences), so maybe its a moot point to discuss.

Best regards,
John D.


IMHO you're contravening the licence.  When distributing you must abide by
the licence that permits you to distribute and which requires you to make
the source code available.

Does the license only apply to those to whom the binary has been distributed
to?  If the plugin is never publicly released, does the license imply that
only the receivers of the plugin are required to be sent the source code?
If the plugin is never seen by the public eye, does that imply that the
source code may stay private as well?

I've never been in a situation like this, so I don't quite understand the
intent of Wireshark's license for this kind of scenario.

Best regards,
John D.

A Wireshark plugin links with the main body of the program and thus is
covered by the licence of the main program.

--

To be perfectly honest, I would suggest you consult a lawyer experienced in these matters.

Bill Meier