Wireshark halts in Capture Interfaces window when started using gksu (Hardy, Intrepid)

ditto on x86_64 hardy alpha5
hangs when wired interface capture is started

This bug applies to promiscuous mode only.
non promiscuous capture OK.

Recent hardy updates have resolved this bug,
promiscuous mode works.

Problem persists when trying wlan0 promiscuous capture via kismet.
Non promiscuous capture OK.
Wlan0 promiscuous capture via kismet OK in gutsy.

I also had te problem thet Wireshark froze up on selecting interface "Capture Interface" window.
I then removed Wireshark from packagemanager (ubuntu Hardy Alpha6), and reinstalled via Terminal with : "sudo apt-get install wireshark" .. then it worked without freezing up ...

Problem still exists for me in Hardy x86_64 Beta with version 0.99.7-1, the latest as of 2008-03-24.

I still have the same problem as well. I was a bit quick in serving "the workaround", but what I can tell is that for some reason Wireshark runs, lets say 5 out of 7 times without halting when I start it from terminal with "sudo wireshark" ... don't ask why .. puzzels me to. I'm as we speak up-to-date with ubuntu Hardy, Wireshark 0.99.7 (Running on Linux 2.6.24-12-generic, with libpcap version 0.9.8.)

Same problem with hardy and wireshark 0.99.7-1, also with not promiscuous mode.
Terminal output:
   capset(): Operation not permitted
several times.

I am attaching the strace output.

Could you verify whether this problem persists with the latest version (1.0.0-1) in the Hardy repos?

Problem presists with 1.0.0

From terminal :

gksudo wireshark -> wireshark freezes

sudo wireshark -> wireshark works

regards
Torstein

I can confirm this is still happening with hardy updated as of today. As Baltazar72 says, it freezes when run with gksudo and not when run from plain sudo - I tried 4 or 5 times each way as I thought it might be a fluke but this is what seems to be happening.

-Dan

I can confirm now that this is happening.
Calling wireshark in a terminal through sudo works fine, but with gksu (i.e. su-to-root) wireshark freezes when I try capturing packages.
Note that this renders wireshark absolutely useless for package capture!

Note that this might be a problem with gksu. Can anybody verify if this is happening in KDE (Kubuntu) as well?
If it's isolated to GNOME, gksu is most likely our problem. If it's not, it's either a common issue of gksu and kdesu or something with the su-to-root script.

When I started wireshark from the cli using gksudo I got a window popping up warning me about running applications as root. I needed to close that to use the application.

I've just captured packets on ppp0 no problem.

I note that I don't seem to have 2 wireshark menu entries anymore, just one for non-root.

After some digging with people from #ubuntu-bugs (Thanks to james_w and crimsun!) we've narrowed the issue down a bit:
First off, this only happens with gksu; kdesu is not affected.
The problem seems to be dumpcap, the utility which actually captures the packages. A child process is created once the 'Interfaces' window is opened. To close the window again, wireshark expects dumpcap to terminate.
But it does not quit, most likely due to problems with gaining capabilities (cf. dumpcap.c ~ line 501+). dumpcap may request something that gksu is not willing to give.

Related upstream bugs might be:
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2288 (fixed)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1740 (still open)

The strange thing is, that there are multiple reports from people who are using wireshark through gksu without any problems.

Using gksu, capture via Capture->Options does work. The hangup does only happen if you try to close the 'Interfaces' window. If you manually kill the dumpcap child process, wireshark will resume and start the capture.

I still see the issue with 1.0.0-1. Start it using gksudo, capture->options on an interface, and the application freezes.

To summarise on Ubuntu 8.04 the following freeze when choosing an interface:-

 gksudo wireshark
 gksu wireshark
 gksu -u root wireshark
 su-to-root -X -c /usr/bin/wireshark

(The last item required installation of 'menu' which the su-to-root script is part of and causes the "Wireshark (as root)" menu item to appear after login in again)

The following method works on Ubuntu 8.04:-

 sudo wireshark

The following methods all work on Ubuntu 7.10:-

 gksudo wireshark
 gksu wireshark
 gksu -u root wireshark
 sudo wireshark

exactly the same thing here as Daniel Ellis noted, it only works through sudo

it is working from KDE4 (as it used to on gutsy), seems to be something wrong with gksu or something like that

I have the same problem running the most up-to-date Hardy packages as of this posting. If I run as gksu Wireshark complains about running as user root group root and hangs when I click on the "Options" button for any of the capture interfaces. If I run from the command line via sudo, I don't get a complaint from Wireshark about running as root, nor does it hang. I have Hardy installed on several machines here where I work and they all show the same hanging problem.

I have the same problem running wireshark in Hardy Heron. A little workaround wireshark.
Change the command in the gnome main menu to:

gksu 'sudo gksu wireshark'

and wireshark works fine.

It worked me by sudo kdesu wireshark

Only works with sudo wireshark.

-- Wink

I marked bug #247728 and bug #182671 as duplicates of this one. Although the latter predates this one, this bug as received more attention.

Upgrading status to Triaged, hopefully a developer can fix this soon.

Downgrading importance to Medium (has a severe impact on a non-core application) - see https://wiki.ubuntu.com/Bugs/Importance

Will specifically nominate for Hardy. Thank you all for contributing to these bug reports.

Ah so it was already nominated for Hardy. It seems the problem also exists in Intrepid as well, so I will nominate for that.

connor@lappy686-testing:~$ uname -a
Linux lappy686-testing 2.6.26-2-generic #1 SMP Thu Jun 19 15:51:43 UTC 2008 i686 GNU/Linux
connor@lappy686-testing:~$ apt-cache policy wireshark
wireshark:
  Installed: 1.0.0-3
  Candidate: 1.0.0-3
  Version table:
 *** 1.0.0-3 0
        500 http://us.archive.ubuntu.com intrepid/universe Packages
        100 /var/lib/dpkg/status

It looks like this can be triggered with the "dumpcap" tool itself quite easily:
$ sudo dumpcap
works
$ gksu dumpcap
hangs.

If I strace it, it hangs in:
close(3) = 0
socket(PF_PACKET, SOCK_RAW, 768) = 3
ioctl(3, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
ioctl(3, SIOCGIFHWADDR, {ifr_name="eth1", ifr_hwaddr=xx:xx:xx:xx:xx:xx}) = 0
ioctl(3, SIOCGIFINDEX, {ifr_name="eth1", ifr_index=218}) = 0
bind(3, {sa_family=AF_PACKET, proto=0x03, if218, pkttype=PACKET_HOST, addr(0)={0, }, 20) = 0
getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
close(3) = 0
socket(PF_PACKET, SOCK_RAW, 768) = 3
ioctl(3, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
ioctl(3, SIOCGIFHWADDR, {ifr_name="eth0", ifr_hwaddr=00:xx:xx:xx:xx:xx}) = 0
ioctl(3, SIOCGIFINDEX, {ifr_name="eth0", ifr_index=219}) = 0
bind(3, {sa_family=AF_PACKET, proto=0x03, if219, pkttype=PACKET_HOST, addr(0)={0, }, 20) = 0
getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
close(3) = 0
socket(PF_PACKET, SOCK_DGRAM, 768) = 3
ioctl(3, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
close(3
...

and then nothing. I wonder if it might be something releated to the stdout, e.g. gksu playing with the buffering options or something similar.

> I wonder if it might be something releated to the stdout

I've been thinking that also. Or stderr.

When gksudo was used to start wireshark, and the dumpcap -S -M process is being sent a SIGPIPE (13, broken pipe), dumpcap does not exit. When sudo was used, dumpcap does. So I reckon it could also have something to do with signal handling.

Maybe someone knowing Gtk programming can have a look at it?

I also noticed that there have been upstream changes around hidden -Z
dumpcap option ('capture_child mode'). These changes were in Februari 2008. See the upstream ChangeLog file. It might be related but also it might not.

"gksu 'sudo gksu wireshark'" works.
What about replacing the "Wireshark as root" menu command with this one? Like, now?
So the Hardy users don't have to google this bug.

looking at the process: gksudo---wireshark---dumpcap
I've found that gksudo is ignoring SIGPIPE signal, (ps -eo pid,ignored), so all childs process too, unless they change with sigaction.

Enable default action of SIGPIPE before gksudo create the child process works for me. (libgksu.c line 2506).

I've looking for why is SIGPIPE ignored in gksu process, and I found that it's caused by communication with gconfd server.
When a application connect to the gconfd daemon to get properties, the underlaying communication with CORBA it's ignoring SIGPIPE signal to avoid that if server crash, the process receive the signal and terminate.

package: liborbit2 1:2.14.12-0.1
file: linc2/src/linc.c (line: 247 see comment why is signal ignored)..

this patch works for me.

This problem is still there in Intrepid.
As said, sudo wireshark works, whereas gksudo wireshark doesn't.

I can confirm that the patch posted by Sergio Barjola remedies this problem.

Hi,

Nice work Sergio, I just tried this fix for myself, thanks.

I've got a package on disk ready to upload, but I'm going to
wait a few days to see if there is any response to the patch
upstream. I forwarded it today.

Thanks,

James

Hi,

I'm also going to close the gksu part of the bug. If it's
determined that gksu shouldn't be doing this we can open another
bug report and point to this one.

Thanks,

James

This bug was fixed in the package wireshark - 1.0.3-1ubuntu2

---------------
wireshark (1.0.3-1ubuntu2) intrepid; urgency=low

  * Add debian/patches/20_sigpipe.dpatch, which restores the default sigpipe
    action, meaning that the app won't hang under gksu. (LP: #198884)
    Huge thanks to Sergio Barjola.

 -- James Westby <email address hidden> Thu, 09 Oct 2008 16:15:28 +0100

There are still some problems

wireshark (1.0.3-1ubuntu2) intrepid

gksu wireshark -k -i eth0 <-- doesn't start capture automatically
sudo wireshark -k -i eth0 <-- good

On Thu, 2008-10-16 at 12:17 +0000, liquidator87 wrote:
> There are still some problems
>
> wireshark (1.0.3-1ubuntu2) intrepid
>
> gksu wireshark -k -i eth0 <-- doesn't start capture automatically
> sudo wireshark -k -i eth0 <-- good
>

I can confirm this, please file a new bug.

Thanks,

James

Here it is
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/284573

I am running Ubuntu 8.04 Hardy Heron and Wireshark 1.0.0 (package version 1.0.0-1 - the latest version available in the reps). The problem is present. I run "sudo wireshark" - everythink is ok. I run "gksudo wireshark" and the "Wireshark: Capture Interfaces" window cannot be closed. Any plans for the 1.0.3-1ubuntu2 version of Wireshark for Hardy? Thanks. Mirek

Note:

##System: Ubuntu 8.04 Hardy Heron

##Wireshark 1.0.4

##ndiswrapper on Realtek Semiconductor Co., Ltd. RTL-8185 IEEE 802.11a/b/g Wireless LAN Controller

Had problems with wireshark freezing when I would go to select interface. My fix?? (very odd one to say)

do not use gksudo wireshark & at the console

use sudo wireshark &

(seems to work now).. Very odd.