WebSVN – nexmon – Blame – Rev 1 – /utilities/libpcap/INSTALL.txt

1

office

1

To build libpcap, run "./configure" (a shell script). The configure

2

script will determine your system attributes and generate an

3

appropriate Makefile from Makefile.in. Next run "make". If everything

4

goes well you can su to root and run "make install". However, you need

5

not install libpcap if you just want to build tcpdump; just make sure

6

the tcpdump and libpcap directory trees have the same parent

directory.

If configure says:

configure: warning: cannot determine packet capture interface

12

configure: warning: (see INSTALL for more info)

13

14

then your system either does not support packet capture or your system

15

does support packet capture but libpcap does not support that

16

particular type. (If you have HP-UX, see below.) If your system uses a

17

packet capture not supported by libpcap, please send us patches; don't

18

forget to include an autoconf fragment suitable for use in

19

configure.in.

20

21

It is possible to override the default packet capture type, although

22

the circumstance where this works are limited. For example if you have

23

installed bpf under SunOS 4 and wish to build a snit libpcap:

24

25

./configure --with-pcap=snit

26

27

Another example is to force a supported packet capture type in the case

28

where the configure scripts fails to detect it.

29

30

You will need an ANSI C compiler to build libpcap. The configure script

31

will abort if your compiler is not ANSI compliant. If this happens, use

32

the generally available GNU C compiler (GCC).

33

34

If you use flex, you must use version 2.4.6 or higher. The configure

35

script automatically detects the version of flex and will not use it

36

unless it is new enough. You can use "flex -V" to see what version you

37

have (unless it's really old). The current version of flex is available

38

at flex.sourceforge.net and often comes packaged by means of the OS.

39

As of this writing, the current version is 2.5.37.

40

41

If you use bison, you must use flex (and visa versa). The configure

42

script automatically falls back to lex and yacc if both flex and bison

43

are not found.

44

45

Sometimes the stock C compiler does not interact well with flex and

46

bison. The list of problems includes undefined references for alloca.

47

You can get around this by installing gcc or manually disabling flex

48

and bison with:

49

50

./configure --without-flex --without-bison

51

52

If your system only has AT&T lex, this is okay unless your libpcap

53

program uses other lex/yacc generated code. (Although it's possible to

54

map the yy* identifiers with a script, we use flex and bison so we

55

don't feel this is necessary.)

56

57

Some systems support the Berkeley Packet Filter natively; for example

58

out of the box OSF and BSD/OS have bpf. If your system does not support

59

bpf, you will need to pick up:

60

61

ftp://ftp.ee.lbl.gov/bpf-*.tar.Z

62

63

Note well: you MUST have kernel source for your operating system in

64

order to install bpf. An exception is SunOS 4; the bpf distribution

65

includes replacement kernel objects for some of the standard SunOS 4

66

network device drivers. See the bpf INSTALL document for more

67

information.

68

69

If you use Solaris, there is a bug with bufmod(7) that is fixed in

70

Solaris 2.3.2 (aka SunOS 5.3.2). Setting a snapshot length with the

71

broken bufmod(7) results in data be truncated from the FRONT of the

72

packet instead of the end. The work around is to not set a snapshot

73

length but this results in performance problems since the entire packet

74

is copied to user space. If you must run an older version of Solaris,

75

there is a patch available from Sun; ask for bugid 1149065. After

76

installing the patch, use "setenv BUFMOD_FIXED" to enable use of

77

bufmod(7). However, we recommend you run a more current release of

78

Solaris.

79

80

If you use the SPARCompiler, you must be careful to not use the

81

/usr/ucb/cc interface. If you do, you will get bogus warnings and

82

perhaps errors. Either make sure your path has /opt/SUNWspro/bin

83

before /usr/ucb or else:

84

85

setenv CC /opt/SUNWspro/bin/cc

86

87

before running configure. (You might have to do a "make distclean"

88

if you already ran configure once).

89

90

Also note that "make depend" won't work; while all of the known

91

universe uses -M, the SPARCompiler uses -xM to generate makefile

92

dependencies.

93

94

If you are trying to do packet capture with a FORE ATM card, you may or

95

may not be able to. They usually only release their driver in object

96

code so unless their driver supports packet capture, there's not much

97

libpcap can do.

98

99

If you get an error like:

100

101

tcpdump: recv_ack: bind error 0x???

102

103

when using DLPI, look for the DL_ERROR_ACK error return values, usually

104

in /usr/include/sys/dlpi.h, and find the corresponding value.

105

106

Under {DEC OSF/1, Digital UNIX, Tru64 UNIX}, packet capture must be

107

enabled before it can be used. For instructions on how to enable packet

108

filter support, see:

109

110

ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX

111

112

Look for the "How do I configure the Berkeley Packet Filter and capture

113

tcpdump traces?" item.

114

115

Once you enable packet filter support, your OSF system will support bpf

116

natively.

117

118

Under Ultrix, packet capture must be enabled before it can be used. For

119

instructions on how to enable packet filter support, see:

120

121

ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix

122

123

If you use HP-UX, you must have at least version 9 and either the

124

version of cc that supports ANSI C (cc -Aa) or else use the GNU C

125

compiler. You must also buy the optional streams package. If you don't

126

have:

127

128

/usr/include/sys/dlpi.h

129

/usr/include/sys/dlpi_ext.h

130

131

then you don't have the streams package. In addition, we believe you

132

need to install the "9.X LAN and DLPI drivers cumulative" patch

133

(PHNE_6855) to make the version 9 DLPI work with libpcap.

134

135

The DLPI streams package is standard starting with HP-UX 10.

136

137

The HP implementation of DLPI is a little bit eccentric. Unlike

138

Solaris, you must attach /dev/dlpi instead of the specific /dev/*

139

network pseudo device entry in order to capture packets. The PPA is

140

based on the ifnet "index" number. Under HP-UX 9, it is necessary to

141

read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10,

142

DLPI can provide information for determining the PPA. It does not seem

143

to be possible to trace the loopback interface. Unlike other DLPI

144

implementations, PHYS implies MULTI and SAP and you get an error if you

145

try to enable more than one promiscuous mode at a time.

146

147

It is impossible to capture outbound packets on HP-UX 9. To do so on

148

HP-UX 10, you will, apparently, need a late "LAN products cumulative

149

patch" (at one point, it was claimed that this would be PHNE_18173 for

150

s700/10.20; at another point, it was claimed that the required patches

151

were PHNE_20892, PHNE_20725 and PHCO_10947, or newer patches), and to do

152

so on HP-UX 11 you will, apparently, need the latest lancommon/DLPI

153

patches and the latest driver patch for the interface(s) in use on HP-UX

154

11 (at one point, it was claimed that patches PHNE_19766, PHNE_19826,

155

PHNE_20008, and PHNE_20735 did the trick).

156

157

Furthermore, on HP-UX 10, you will need to turn on a kernel switch by

158

doing

159

160

echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem

161

162

You would have to arrange that this happen on reboots; the right way to

163

do that would probably be to put it into an executable script file

164

"/sbin/init.d/outbound_promisc" and making

165

"/sbin/rc2.d/S350outbound_promisc" a symbolic link to that script.

166

167

Finally, testing shows that there can't be more than one simultaneous

168

DLPI user per network interface.

169

170

If you use Linux, this version of libpcap is known to compile and run

171

under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X

172

versions but is guaranteed not to work with 1.X kernels. Running more

173

than one libpcap program at a time, on a system with a 2.0.X kernel, can

174

cause problems since promiscuous mode is implemented by twiddling the

175

interface flags from the libpcap application; the packet capture

176

mechanism in the 2.2 and later kernels doesn't have this problem. Also,

177

packet timestamps aren't very good. This appears to be due to haphazard

178

handling of the timestamp in the kernel.

179

180

Note well: there is rumoured to be a version of tcpdump floating around

181

called 3.0.3 that includes libpcap and is supposed to support Linux.

182

You should be advised that neither the Network Research Group at LBNL

183

nor the Tcpdump Group ever generated a release with this version number.

184

The LBNL Network Research Group notes with interest that a standard

185

cracker trick to get people to install trojans is to distribute bogus

186

packages that have a version number higher than the current release.

187

They also noted with annoyance that 90% of the Linux related bug reports

188

they got are due to changes made to unofficial versions of their page.

189

If you are having trouble but aren't using a version that came from

190

tcpdump.org, please try that before submitting a bug report!

191

192

On Linux, libpcap will not work if the kernel does not have the packet

193

socket option enabled; see the README.linux file for information about

194

this.

195

196

If you use AIX, you may not be able to build libpcap from this release.

197

We do not have an AIX system in house so it's impossible for us to test

198

AIX patches submitted to us. We are told that you must link against

199

/lib/pse.exp, that you must use AIX cc or a GNU C compiler newer than

200

2.7.2, and that you may need to run strload before running a libpcap

201

application.

202

203

Read the README.aix file for information on installing libpcap and

204

configuring your system to be able to support libpcap.

205

206

If you use NeXTSTEP, you will not be able to build libpcap from this

207

release.

208

209

If you use SINIX, you should be able to build libpcap from this

210

release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS

211

V1.0 or V1.1 compiler. But note that in some releases of SINIX, yacc

212

emits incorrect code; if grammar.y fails to compile, change every

occurence of:

#ifdef YYDEBUG

to:

#if YYDEBUG

Another workaround is to use flex and bison.

221

222

If you use SCO, you might have trouble building libpcap from this

223

release. We do not have a machine running SCO and have not had reports

224

of anyone successfully building on it; the current release of libpcap

225

does not compile on SCO OpenServer 5. Although SCO apparently supports

226

DLPI to some extent, the DLPI in OpenServer 5 is very non-standard, and

227

it appears that completely new code would need to be written to capture

228

network traffic. SCO do not appear to provide tcpdump binaries for

229

OpenServer 5 or OpenServer 6 as part of SCO Skunkware:

230

231

http://www.sco.com/skunkware/

232

233

If you use UnixWare, you might be able to build libpcap from this

234

release, or you might not. We do not have a machine running UnixWare,

235

so we have not tested it; however, SCO provide packages for libpcap

236

0.6.2 and tcpdump 3.7.1 in the UnixWare 7/Open UNIX 8 part of SCO

237

Skunkware, and the source package for libpcap 0.6.2 is not changed from

238

the libpcap 0.6.2 source release, so this release of libpcap might also

239

build without changes on UnixWare 7.

240

241

If linking tcpdump fails with "Undefined: _alloca" when using bison on

242

a Sun4, your version of bison is broken. In any case version 1.16 or

243

higher is recommended (1.14 is known to cause problems 1.16 is known to

244

work). Either pick up a current version from:

245

246

ftp://ftp.gnu.org/pub/gnu/bison

247

248

or hack around it by inserting the lines:

249

250

#ifdef __GNUC__

251

#define alloca __builtin_alloca

252

#else

253

#ifdef sparc

254

#include <alloca.h>

#else

char *alloca ();

#endif

#endif

right after the (100 line!) GNU license comment in bison.simple, remove

261

grammar.[co] and fire up make again.

262

263

If you use SunOS 4, your kernel must support streams NIT. If you run a

264

libpcap program and it dies with:

265

266

/dev/nit: No such device

267

268

You must add streams NIT support to your kernel configuration, run

269

config and boot the new kernel.

270

271

If you are running a version of SunOS earlier than 4.1, you will need

272

to replace the Sun supplied /sys/sun{3,4,4c}/OBJ/nit_if.o with the

273

appropriate version from this distribution's SUNOS4 subdirectory and

274

build a new kernel:

275

276

nit_if.o.sun3-sunos4 (any flavor of sun3)

277

nit_if.o.sun4c-sunos4.0.3c (SS1, SS1+, IPC, SLC, etc.)

278

nit_if.o.sun4-sunos4 (Sun4's not covered by

279

nit_if.o.sun4c-sunos4.0.3c)

280

281

These nit replacements fix a bug that makes nit essentially unusable in

282

pre-SunOS 4.1. In addition, our sun4c-sunos4.0.3c nit gives you

283

timestamps to the resolution of the SS-1 clock (1 us) rather than the

284

lousy 20ms timestamps Sun gives you (tcpdump will print out the full

285

timestamp resolution if it finds it's running on a SS-1).

FILES

-----

CHANGES - description of differences between releases

290

ChmodBPF/* - Mac OS X startup item to set ownership and permissions

291

on /dev/bpf*

292

CREDITS - people that have helped libpcap along

293

INSTALL.txt - this file

294

LICENSE - the license under which tcpdump is distributed

295

Makefile.in - compilation rules (input to the configure script)

296

README - description of distribution

297

README.aix - notes on using libpcap on AIX

298

README.dag - notes on using libpcap to capture on Endace DAG devices

299

README.hpux - notes on using libpcap on HP-UX

300

README.linux - notes on using libpcap on Linux

301

README.macosx - notes on using libpcap on Mac OS X

302

README.septel - notes on using libpcap to capture on Intel/Septel devices

303

README.sita - notes on using libpcap to capture on SITA devices

304

README.tru64 - notes on using libpcap on Digital/Tru64 UNIX

305

README.Win32 - notes on using libpcap on Win32 systems (with WinPcap)

306

SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules

307

VERSION - version of this release

308

acconfig.h - support for post-2.13 autoconf

309

aclocal.m4 - autoconf macros

310

arcnet.h - ARCNET definitions

311

atmuni31.h - ATM Q.2931 definitions

312

bpf/net - copy of bpf_filter.c

313

bpf_dump.c - BPF program printing routines

314

bpf_filter.c - symlink to bpf/net/bpf_filter.c

315

bpf_image.c - BPF disassembly routine

316

config.guess - autoconf support

317

config.h.in - autoconf input

318

config.sub - autoconf support

319

configure - configure script (run this first)

320

configure.in - configure script source

321

dlpisubs.c - DLPI-related functions for pcap-dlpi.c and pcap-libdlpi.c

322

dlpisubs.h - DLPI-related function declarations

323

etherent.c - /etc/ethers support routines

324

ethertype.h - Ethernet protocol types and names definitions

325

fad-getad.c - pcap_findalldevs() for systems with getifaddrs()

326

fad-gifc.c - pcap_findalldevs() for systems with only SIOCGIFLIST

327

fad-glifc.c - pcap_findalldevs() for systems with SIOCGLIFCONF

328

fad-null.c - pcap_findalldevs() for systems without capture support

329

fad-sita.c - pcap_findalldevs() for systems with SITA support

330

fad-win32.c - pcap_findalldevs() for WinPcap

331

filtertest.c - test program for BPF compiler

332

findalldevstest.c - test program for pcap_findalldevs()

333

gencode.c - BPF code generation routines

334

gencode.h - BPF code generation definitions

335

grammar.y - filter string grammar

336

ieee80211.h - 802.11 definitions

337

inet.c - network routines

338

install-sh - BSD style install script

339

lbl/os-*.h - OS-dependent defines and prototypes

340

llc.h - 802.2 LLC SAP definitions

341

missing/* - replacements for missing library functions

342

mkdep - construct Makefile dependency list

343

msdos/* - drivers for MS-DOS capture support

344

nametoaddr.c - hostname to address routines

345

nlpid.h - OSI network layer protocol identifier definitions

346

net - symlink to bpf/net

347

optimize.c - BPF optimization routines

348

pcap/bluetooth.h - public definition of DLT_BLUETOOTH_HCI_H4_WITH_PHDR header

349

pcap/bpf.h - BPF definitions

350

pcap/namedb.h - public libpcap name database definitions

351

pcap/pcap.h - public libpcap definitions

352

pcap/sll.h - public definition of DLT_LINUX_SLL header

353

pcap/usb.h - public definition of DLT_USB header

354

pcap-bpf.c - BSD Packet Filter support

355

pcap-bpf.h - header for backwards compatibility

356

pcap-bt-linux.c - Bluetooth capture support for Linux

357

pcap-bt-linux.h - Bluetooth capture support for Linux

358

pcap-dag.c - Endace DAG device capture support

359

pcap-dag.h - Endace DAG device capture support

360

pcap-dlpi.c - Data Link Provider Interface support

361

pcap-dos.c - MS-DOS capture support

362

pcap-dos.h - headers for MS-DOS capture support

363

pcap-enet.c - enet support

364

pcap-int.h - internal libpcap definitions

365

pcap-libdlpi.c - Data Link Provider Interface support for systems with libdlpi

366

pcap-linux.c - Linux packet socket support

367

pcap-namedb.h - header for backwards compatibility

368

pcap-nit.c - SunOS Network Interface Tap support

369

pcap-nit.h - SunOS Network Interface Tap definitions

370

pcap-null.c - dummy monitor support (allows offline use of libpcap)

371

pcap-pf.c - Ultrix and Digital/Tru64 UNIX Packet Filter support

372

pcap-pf.h - Ultrix and Digital/Tru64 UNIX Packet Filter definitions

373

pcap-septel.c - Intel/Septel device capture support

374

pcap-septel.h - Intel/Septel device capture support

375

pcap-sita.c - SITA device capture support

376

pcap-sita.h - SITA device capture support

377

pcap-sita.html - SITA device capture documentation

378

pcap-stdinc.h - includes and #defines for compiling on Win32 systems

379

pcap-snit.c - SunOS 4.x STREAMS-based Network Interface Tap support

380

pcap-snoop.c - IRIX Snoop network monitoring support

381

pcap-usb-linux.c - USB capture support for Linux

382

pcap-usb-linux.h - USB capture support for Linux

383

pcap-win32.c - WinPcap capture support

384

pcap.3pcap - manual entry for the library

385

pcap.c - pcap utility routines

386

pcap.h - header for backwards compatibility

387

pcap_*.3pcap - manual entries for library functions

388

pcap-filter.4 - manual entry for filter syntax

389

pcap-linktype.4 - manual entry for link-layer header types

390

ppp.h - Point to Point Protocol definitions

391

runlex.sh - wrapper for Lex/Flex

392

savefile.c - offline support

393

scanner.l - filter string scanner

394

sunatmpos.h - definitions for SunATM capturing

395

Win32 - headers and routines for building on Win32 systems

nexmon – Blame information for rev 1