Update Wireshark Demo #314
Conversation
|
Current image size is around 900 MB, and I'm aiming to reduce it further. Would you recommend stripping debug symbols, or are there other techniques you’d suggest? Any advice would be appreciated. |
wireshark/generate_qsc_header.py
Outdated
| @@ -0,0 +1,86 @@ | |||
| import os | |||
There was a problem hiding this comment.
Yikes -- this is complicated. Is there no other way to generate a suitable qsc,h file? E.g. by configuring oqs-provider in the intermediate image and throwing all else away?
There was a problem hiding this comment.
Yikes -- this is complicated. Is there no other way to generate a suitable qsc,h file? E.g. by configuring oqs-provider in the intermediate image and throwing all else away?
I wasn’t aware of this method, so I initially tried parsing the algorithms.md file from oqs-provider, which was difficult. Could you share more on setting up an intermediate Docker image to generate and isolate the qsc.h file?
There was a problem hiding this comment.
I have to apologize: I mistook "qsc.h" for "oqs.h". Indeed, recreating the contents of the old "qsc.h" would need to be done by way of a jinja2 script (and then running it in a checked-out version of oqsprovider in the intermediate image). But that also requires additional code --- and in that case, your solution above is just an alternative approach and I'd be fine with it if/for as long as it works: It's fragile in the face of possible future changes to the file ALGORITHMS.md, though.
There was a problem hiding this comment.
I agree that the current solution lacks robustness; I'll work on a more sustainable approach, as you suggested.
Well, what elements are largest? The chose baseline image (ubuntu) isn't exactly small to begin with. Any chance to use alpine? |
I initially started with Alpine to keep the image small, but ran into numerous issues with Wireshark and its complex dependencies, which made it the largest component. That’s why I switched to Ubuntu. However, I’ll give Alpine another shot after automating the generation of qsc.h as you suggested. |
- Upgrade Ubuntu to version 24.04. - Upgrade Wireshark to version 4.4.1. - Integrate OpenSSL 3 with liboqs and the OQS provider. - Automate the generation of `qsc.h` using `generate_qsc_header.py`. - Organize the build with dedicated directories for sources, builds, and installations. - Migrate from Qt5 to Qt6 for improved compatibility. - Update `README.md` and remove `USAGE.md`. Signed-off-by: Khalid <[email protected]> Update README Signed-off-by: Khalid <[email protected]> Refactor qsc.h generation using Jinja2 template Signed-off-by: Khalid <[email protected]>
|
I apologize for the mistake. I unintentionally pushed a commit to the main branch of my fork, and although I have removed it and force-pushed, the commit still appears in this pull request. I will close this pull request and open a new one with the correct changes. I appreciate your understanding. |
Summary
This update enhances the Wireshark demo in the
oqs-demosrepository by integrating OpenSSL 3 with the OQS provider for quantum-safe cryptography support. Key improvements include:Updated Dockerfile:
Wireshark 4.4.1(latest version) with OpenSSL 3 with the OQS provider.Automated Header Generation:
generate_qsc_header.py, a Python script that automates the generation ofqsc.h, defining post-quantum cryptographic algorithms for Wireshark.ALGORITHMS.mdfile in the OQS provider repository to ensure support for the latest algorithms.Project Cleanup and Expanded Documentation:
README.mdwith comprehensive setup instructions, configuration options, and cross-platform usage guidelines.USAGE.md,build.sh, andwolfssl-qsc.h) to streamline the project structure.Cross-Platform Notes:
Guidance for Linux and macOS display setup was drawn from documentation. Further testing on these platforms is recommended to ensure full functionality and compatibility.
Testing Summary
The updated Wireshark demo has been verified on Windows 11 with Docker 4.35.1 (latest version). Testing confirmed a successful build and functionality of Wireshark with post-quantum cryptography support.
Test Screenshots
The following screenshots show the successful integration of post-quantum cryptography in Wireshark. The tests capture traffic using the Kyber1024 and Frodo640aes algorithms.