diff options
Diffstat (limited to 'lib/libpcap/libpcap/INSTALL.md')
-rw-r--r-- | lib/libpcap/libpcap/INSTALL.md | 352 |
1 files changed, 352 insertions, 0 deletions
diff --git a/lib/libpcap/libpcap/INSTALL.md b/lib/libpcap/libpcap/INSTALL.md new file mode 100644 index 0000000..3a303fe --- /dev/null +++ b/lib/libpcap/libpcap/INSTALL.md @@ -0,0 +1,352 @@ +To build libpcap, run "./configure" (a shell script). The configure +script will determine your system attributes and generate an +appropriate Makefile from Makefile.in. Next run "make". If everything +goes well you can su to root and run "make install". However, you need +not install libpcap if you just want to build tcpdump; just make sure +the tcpdump and libpcap directory trees have the same parent +directory. + +If configure says: + + configure: warning: cannot determine packet capture interface + configure: warning: (see INSTALL for more info) + +then your system either does not support packet capture or your system +does support packet capture but libpcap does not support that +particular type. (If you have HP-UX, see below.) If your system uses a +packet capture not supported by libpcap, please send us patches; don't +forget to include an autoconf fragment suitable for use in +configure.ac. + +It is possible to override the default packet capture type, although +the circumstance where this works are limited. For example if you have +installed bpf under SunOS 4 and wish to build a snit libpcap: + + ./configure --with-pcap=snit + +Another example is to force a supported packet capture type in the case +where the configure scripts fails to detect it. + +You will need an ANSI C compiler to build libpcap. The configure script +will abort if your compiler is not ANSI compliant. If this happens, use +the generally available GNU C compiler (GCC). + +You will need either Flex 2.5.31 or later, or a version of Lex +compatible with it (if any exist), to build libpcap. The configure +script will abort if there isn't any such program. If you have an older +version of Flex, or don't have a compatible version of Lex, the current +version of flex is available at flex.sourceforge.net. + +You will need either Bison, Berkeley YACC, or a version of YACC +compatible with them (if any exist), to build libpcap. The configure +script will abort if there isn't any such program. If you don't have +any such program, the current version of Bison can be found at +http://ftp.gnu.org/gnu/bison/ and the current version of Berkeley YACC +can be found at http://invisible-island.net/byacc/. + +Sometimes the stock C compiler does not interact well with Flex and +Bison. The list of problems includes undefined references for alloca. +You can get around this by installing GCC. + +If you use Solaris, there is a bug with bufmod(7) that is fixed in +Solaris 2.3.2 (aka SunOS 5.3.2). Setting a snapshot length with the +broken bufmod(7) results in data be truncated from the FRONT of the +packet instead of the end. The work around is to not set a snapshot +length but this results in performance problems since the entire packet +is copied to user space. If you must run an older version of Solaris, +there is a patch available from Sun; ask for bugid 1149065. After +installing the patch, use "setenv BUFMOD_FIXED" to enable use of +bufmod(7). However, we recommend you run a more current release of +Solaris. + +If you use the SPARCompiler, you must be careful to not use the +/usr/ucb/cc interface. If you do, you will get bogus warnings and +perhaps errors. Either make sure your path has /opt/SUNWspro/bin +before /usr/ucb or else: + + setenv CC /opt/SUNWspro/bin/cc + +before running configure. (You might have to do a "make distclean" +if you already ran configure once). + +If you are trying to do packet capture with a FORE ATM card, you may or +may not be able to. They usually only release their driver in object +code so unless their driver supports packet capture, there's not much +libpcap can do. + +If you get an error like: + + tcpdump: recv_ack: bind error 0x??? + +when using DLPI, look for the DL_ERROR_ACK error return values, usually +in /usr/include/sys/dlpi.h, and find the corresponding value. + +Under {DEC OSF/1, Digital UNIX, Tru64 UNIX}, packet capture must be +enabled before it can be used. For instructions on how to enable packet +filter support, see: + + ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX + +Look for the "How do I configure the Berkeley Packet Filter and capture +tcpdump traces?" item. + +Once you enable packet filter support, your OSF system will support bpf +natively. + +Under Ultrix, packet capture must be enabled before it can be used. For +instructions on how to enable packet filter support, see: + + ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix + +If you use HP-UX, you must have at least version 9 and either the +version of cc that supports ANSI C (cc -Aa) or else use the GNU C +compiler. You must also buy the optional streams package. If you don't +have: + + /usr/include/sys/dlpi.h + /usr/include/sys/dlpi_ext.h + +then you don't have the streams package. In addition, we believe you +need to install the "9.X LAN and DLPI drivers cumulative" patch +(PHNE_6855) to make the version 9 DLPI work with libpcap. + +The DLPI streams package is standard starting with HP-UX 10. + +The HP implementation of DLPI is a little bit eccentric. Unlike +Solaris, you must attach /dev/dlpi instead of the specific /dev/* +network pseudo device entry in order to capture packets. The PPA is +based on the ifnet "index" number. Under HP-UX 9, it is necessary to +read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10, +DLPI can provide information for determining the PPA. It does not seem +to be possible to trace the loopback interface. Unlike other DLPI +implementations, PHYS implies MULTI and SAP and you get an error if you +try to enable more than one promiscuous mode at a time. + +It is impossible to capture outbound packets on HP-UX 9. To do so on +HP-UX 10, you will, apparently, need a late "LAN products cumulative +patch" (at one point, it was claimed that this would be PHNE_18173 for +s700/10.20; at another point, it was claimed that the required patches +were PHNE_20892, PHNE_20725 and PHCO_10947, or newer patches), and to do +so on HP-UX 11 you will, apparently, need the latest lancommon/DLPI +patches and the latest driver patch for the interface(s) in use on HP-UX +11 (at one point, it was claimed that patches PHNE_19766, PHNE_19826, +PHNE_20008, and PHNE_20735 did the trick). + +Furthermore, on HP-UX 10, you will need to turn on a kernel switch by +doing + + echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem + +You would have to arrange that this happen on reboots; the right way to +do that would probably be to put it into an executable script file +"/sbin/init.d/outbound_promisc" and making +"/sbin/rc2.d/S350outbound_promisc" a symbolic link to that script. + +Finally, testing shows that there can't be more than one simultaneous +DLPI user per network interface. + +If you use Linux, this version of libpcap is known to compile and run +under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X +versions but is guaranteed not to work with 1.X kernels. Running more +than one libpcap program at a time, on a system with a 2.0.X kernel, can +cause problems since promiscuous mode is implemented by twiddling the +interface flags from the libpcap application; the packet capture +mechanism in the 2.2 and later kernels doesn't have this problem. Also, +packet timestamps aren't very good. This appears to be due to haphazard +handling of the timestamp in the kernel. + +Note well: there is rumoured to be a version of tcpdump floating around +called 3.0.3 that includes libpcap and is supposed to support Linux. +You should be advised that neither the Network Research Group at LBNL +nor the Tcpdump Group ever generated a release with this version number. +The LBNL Network Research Group notes with interest that a standard +cracker trick to get people to install trojans is to distribute bogus +packages that have a version number higher than the current release. +They also noted with annoyance that 90% of the Linux related bug reports +they got are due to changes made to unofficial versions of their page. +If you are having trouble but aren't using a version that came from +tcpdump.org, please try that before submitting a bug report! + +On Linux, libpcap will not work if the kernel does not have the packet +socket option enabled; see the README.linux file for information about +this. + +If you use AIX, you may not be able to build libpcap from this release. +We do not have an AIX system in house so it's impossible for us to test +AIX patches submitted to us. We are told that you must link against +/lib/pse.exp, that you must use AIX cc or a GNU C compiler newer than +2.7.2, and that you may need to run strload before running a libpcap +application. + +Read the README.aix file for information on installing libpcap and +configuring your system to be able to support libpcap. + +If you use NeXTSTEP, you will not be able to build libpcap from this +release. + +If you use SINIX, you should be able to build libpcap from this +release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS +V1.0 or V1.1 compiler. But note that in some releases of SINIX, yacc +emits incorrect code; if grammar.y fails to compile, change every +occurence of: + + #ifdef YYDEBUG + +to: + #if YYDEBUG + +Another workaround is to use flex and bison. + +If you use SCO, you might have trouble building libpcap from this +release. We do not have a machine running SCO and have not had reports +of anyone successfully building on it; the current release of libpcap +does not compile on SCO OpenServer 5. Although SCO apparently supports +DLPI to some extent, the DLPI in OpenServer 5 is very non-standard, and +it appears that completely new code would need to be written to capture +network traffic. SCO do not appear to provide tcpdump binaries for +OpenServer 5 or OpenServer 6 as part of SCO Skunkware: + + http://www.sco.com/skunkware/ + +If you use UnixWare, you might be able to build libpcap from this +release, or you might not. We do not have a machine running UnixWare, +so we have not tested it; however, SCO provide packages for libpcap +0.6.2 and tcpdump 3.7.1 in the UnixWare 7/Open UNIX 8 part of SCO +Skunkware, and the source package for libpcap 0.6.2 is not changed from +the libpcap 0.6.2 source release, so this release of libpcap might also +build without changes on UnixWare 7. + +If linking tcpdump fails with "Undefined: _alloca" when using bison on +a Sun4, your version of Bison is broken. In any case version 1.16 or +higher is recommended (1.14 is known to cause problems 1.16 is known to +work). Either pick up a current version from: + + http://ftp.gnu.org/gnu/bison/ + +or hack around it by inserting the lines: + + #ifdef __GNUC__ + #define alloca __builtin_alloca + #else + #ifdef sparc + #include <alloca.h> + #else + char *alloca (); + #endif + #endif + +right after the (100 line!) GNU license comment in bison.simple, remove +grammar.[co] and fire up make again. + +If you use SunOS 4, your kernel must support streams NIT. If you run a +libpcap program and it dies with: + + /dev/nit: No such device + +You must add streams NIT support to your kernel configuration, run +config and boot the new kernel. + +FILES +----- +CHANGES - description of differences between releases +ChmodBPF/* - macOS startup item to set ownership and permissions + on /dev/bpf* +CMakeLists.txt - CMake file +CONTRIBUTING - guidelines for contributing +CREDITS - people that have helped libpcap along +INSTALL.md - this file +LICENSE - the license under which tcpdump is distributed +Makefile.in - compilation rules (input to the configure script) +README.md - description of distribution +doc/README.aix - notes on using libpcap on AIX +doc/README.dag - notes on using libpcap to capture on Endace DAG devices +doc/README.hpux - notes on using libpcap on HP-UX +doc/README.linux.md - notes on using libpcap on Linux +doc/README.macos - notes on using libpcap on macOS +doc/README.septel - notes on using libpcap to capture on Intel/Septel devices +doc/README.sita - notes on using libpcap to capture on SITA devices +doc/README.tru64 - notes on using libpcap on Digital/Tru64 UNIX +doc/README.Win32 - notes on using libpcap on Win32 systems (with Npcap) +VERSION - version of this release +acconfig.h - support for post-2.13 autoconf +aclocal.m4 - autoconf macros +arcnet.h - ARCNET definitions +atmuni31.h - ATM Q.2931 definitions +bpf_dump.c - BPF program printing routines +bpf_filter.c - BPF filtering routines +bpf_image.c - BPF disassembly routine +config.guess - autoconf support +config.h.in - autoconf input +config.sub - autoconf support +configure - configure script (run this first) +configure.ac - configure script source +dlpisubs.c - DLPI-related functions for pcap-dlpi.c and pcap-libdlpi.c +dlpisubs.h - DLPI-related function declarations +etherent.c - /etc/ethers support routines +ethertype.h - Ethernet protocol types and names definitions +fad-getad.c - pcap_findalldevs() for systems with getifaddrs() +fad-gifc.c - pcap_findalldevs() for systems with only SIOCGIFLIST +fad-glifc.c - pcap_findalldevs() for systems with SIOCGLIFCONF +filtertest.c - test program for BPF compiler +findalldevstest.c - test program for pcap_findalldevs() +gencode.c - BPF code generation routines +gencode.h - BPF code generation definitions +grammar.y - filter string grammar +ieee80211.h - 802.11 definitions +install-sh - BSD style install script +lbl/os-*.h - OS-dependent defines and prototypes +llc.h - 802.2 LLC SAP definitions +missing/* - replacements for missing library functions +mkdep - construct Makefile dependency list +msdos/* - drivers for MS-DOS capture support +nametoaddr.c - hostname to address routines +nlpid.h - OSI network layer protocol identifier definitions +net - symlink to bpf/net +optimize.c - BPF optimization routines +pcap/bluetooth.h - public definition of DLT_BLUETOOTH_HCI_H4_WITH_PHDR header +pcap/bpf.h - BPF definitions +pcap/namedb.h - public libpcap name database definitions +pcap/pcap.h - public libpcap definitions +pcap/sll.h - public definition of DLT_LINUX_SLL header +pcap/usb.h - public definition of DLT_USB header +pcap-bpf.c - BSD Packet Filter support +pcap-bpf.h - header for backwards compatibility +pcap-bt-linux.c - Bluetooth capture support for Linux +pcap-bt-linux.h - Bluetooth capture support for Linux +pcap-dag.c - Endace DAG device capture support +pcap-dag.h - Endace DAG device capture support +pcap-dlpi.c - Data Link Provider Interface support +pcap-dos.c - MS-DOS capture support +pcap-dos.h - headers for MS-DOS capture support +pcap-enet.c - enet support +pcap-int.h - internal libpcap definitions +pcap-libdlpi.c - Data Link Provider Interface support for systems with libdlpi +pcap-linux.c - Linux packet socket support +pcap-namedb.h - header for backwards compatibility +pcap-nit.c - SunOS Network Interface Tap support +pcap-nit.h - SunOS Network Interface Tap definitions +pcap-npf.c - WinPcap capture support +pcap-null.c - dummy monitor support (allows offline use of libpcap) +pcap-pf.c - Ultrix and Digital/Tru64 UNIX Packet Filter support +pcap-pf.h - Ultrix and Digital/Tru64 UNIX Packet Filter definitions +pcap-septel.c - Intel/Septel device capture support +pcap-septel.h - Intel/Septel device capture support +pcap-sita.c - SITA device capture support +pcap-sita.h - SITA device capture support +pcap-sita.html - SITA device capture documentation +pcap-stdinc.h - includes and #defines for compiling on Win32 systems +pcap-snit.c - SunOS 4.x STREAMS-based Network Interface Tap support +pcap-snoop.c - IRIX Snoop network monitoring support +pcap-usb-linux.c - USB capture support for Linux +pcap-usb-linux.h - USB capture support for Linux +pcap.3pcap - manual entry for the library +pcap.c - pcap utility routines +pcap.h - header for backwards compatibility +pcap_*.3pcap - manual entries for library functions +pcap-filter.4 - manual entry for filter syntax +pcap-linktype.4 - manual entry for link-layer header types +ppp.h - Point to Point Protocol definitions +savefile.c - offline support +scanner.l - filter string scanner +sunatmpos.h - definitions for SunATM capturing +Win32 - headers and routines for building on Win32 systems |