diff options
Diffstat (limited to 'contrib/libpcap/INSTALL')
-rw-r--r-- | contrib/libpcap/INSTALL | 268 |
1 files changed, 268 insertions, 0 deletions
diff --git a/contrib/libpcap/INSTALL b/contrib/libpcap/INSTALL new file mode 100644 index 0000000..3a36a1a --- /dev/null +++ b/contrib/libpcap/INSTALL @@ -0,0 +1,268 @@ +@(#) $Header: INSTALL,v 1.27 96/07/23 14:36:02 leres Exp $ (LBL) + +To build libpcap, first customize any paths in Makefile.in, then run +"./configure" (a shell script). The configure script will determine +your system attributes and generate an appropriate Makefile from +Makefile.in. Next run "make". If everything goes well you can su to +root and run "make install", "make install-incl" and "make +install-man". However, you need not install libpcap if you just want to +build tcpdump; just make sure the tcpdump and libpcap directory trees +have the same parent directory. + +If configure says: + + configure: warning: cannot determine packet capture interface + configure: warning: (see INSTALL for more info) + +then your system either does not support packet capture or your system +does support packet capture but libpcap does not support that +particular type. (If you have HP-UX, see below.) If your system uses a +packet capture not supported by libpcap, please send us patches; don't +forget to include an autoconf fragment suitable for use in +configure.in. + +You will need an ANSI C compiler to build libpcap. The configure script +will abort if your compiler is not ANSI compliant. If this happens, use +the GNU C compiler, available via anonymous ftp: + + ftp://prep.ai.mit.edu/pub/gnu/gcc-*.tar.gz + +Note well: If you use gcc, you may need to run its "fixincludes" +script. Running fixincludes is not required with later versions of gcc +and in some cases (e.g. Solaris 2.5) causes problems when run. The +configure script will abort if it detects if the fixincludes needs to +be run. If the fixincludes test in configure passes, you're probably +ok. + +If you use flex, you must use version 2.4.6 or higher. The configure +script automatically detects the version of flex and will not use it +unless it is new enough. You can use "flex -V" to see what version you +have (unless it's really old). The current version of flex is available +via anonymous ftp: + + ftp://ftp.ee.lbl.gov/flex-*.tar.Z + +As of this writing, the current version is 2.5.3. + +If you use bison, you must use flex (and visa versa). The configure +script automatically falls back to lex and yacc if both flex and bison +are not found. + +If your system only has AT&T lex, that also works okay unless your +libpcap program uses other lex/yacc generated code. (Although it's +possible to map the yy* identifiers with a script, we use flex and +bison so we don't feel this is necessary.) + +Some systems support the Berkeley Packet Filter natively; for example +out of the box OSF and BSD/OS have bpf. If your system does not support +bpf, you will need to pick up: + + ftp://ftp.ee.lbl.gov/bpf-*.tar.Z + +Note well: you MUST have kernel source for your operating system in +order to install bpf. An exception is SunOS 4; the bpf distribution +includes replacement kernel objects for some of the standard SunOS 4 +network device drivers. See the bpf INSTALL document for more +information. + +If you use Solaris, there is a bug with bufmod(7) that is fixed in +5.3.2. Setting a snapshot length with the broken bufmod(7) results in +data be truncated from the FRONT of the packet instead of the end. The +work around is to not set a snapshot length but this results in +performance problems since the entire packet is copied to user space. +If you must run an older version of Solaris, there is a patch available +from Sun; ask for bugid 1149065. After installing the patch, use +"setenv BUFMOD_FIXED" to enable use of bufmod(7). However, we recommend +you run a more current release of Solaris. + +Under OSF, packet capture must be enabled before it can be used. For +instructions on how to enable packet filter support, see: + + ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX + +Once you enable packet filter support, your OSF system will support bpf +natively. + +Under Ultrix, packet capture must be enabled before it can be used. For +instructions on how to enable packet filter support, see: + + ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix + +If you use HP-UX, have at least version 9 and either have the version +of cc that supports ANSI C (cc -Aa) or else get the GNU C compiler. In +addition, you must buy the optional streams package. If you don't have: + + /usr/include/sys/dlpi.h + /usr/include/sys/dlpi_ext.h + +then you don't have the streams package. It's also possible that the +streams package is standard starting with a particular subrelease of +HP-UX 10. + +The HP implementation of DLPI is a little bit eccentric. Unlike +Solaris, you must attach /dev/dlpi instead of the specific /dev/* +network pseudo device entry in order to capture packets. The ppa is +based on the ifnet "index" number. Under HP-UX 9, it is necessary to +read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10, +dlpi can provide information for determining the ppa. It does not seem +to be possible to trace the loopback interface. Unlike other DLPI +implementations, PHYS implies MULTI and SAP and you get an error if you +try to enable more than one promiscous more than one promiscuous mode +at a time. This results in error messages: + + WARNING: DL_PROMISC_MULTI failed (recv_ack: promisc_multi: Invalid argument) + WARNING: DL_PROMISC_SAP failed (recv_ack: promisc_sap: Invalid argument) + +which may be safely ignored. Finally, testing shows that there can't be +more than one simultaneous dlpi user per network interface. + +If you use Linux, you will not be able to build libpcap from this +release. We have a Linux system up and hope to support Linux at some +point after the next even version of the Linux kernel source is +released. Meanwhile, you can try picking up: + + ftp://sunsite.unc.edu/pub/Linux/system/Network/management/tcpdump-3.0.2-linux.tar.gz + +This appears to be libpcap 0.0.6 and tcpdump 3.0.2 hacked for Linux. +(It includes 20000 lines of linux-specific include files, almost twice +the source in the official libpcap distribution. It also contains a +linux specific libpcap module that is essentially a hacked copy of the +snoop module; one of the hacks is to replace the Regents of the +University of California copyright with a vague reference to the GNU +license.) + +Note well: there is rumoured to be a version of tcpdump floating around +called 3.0.3 that includes libpcap and is supposed to support Linux. +You should be advised that the Network Research Group at LBNL never +generated a release with this version number. You should also know that +a standard trick crackers use to get people to install trojans is to +distribute bogus packages that have a version number higher than the +current release. + +If you use AIX, you will not be able to build libpcap from this +release. We have a set of contributed patches that we hope to integrate +in some future release of libpcap. + +If you use NeXTSTEP, you will not be able to build libpcap from this +release. We hope to support this operating system in some future +release of libpcap. + +If you use SINIX, you should be able to build libpcap from this +release. We are told you must have the C-DS V1.1A00 compiler. If you +have problems, please send details to libpcap@ee.lbl.gov. + +If you use SCO, you might have trouble building libpcap from this +release. We do not have a machine running SCO and have not had reports +of anyone successfully building on it. Since SCO apparently supports +dlpi, it's possible libpcap 0.2 works. Meanwhile, sco provides a +tcpdump binary as part of their "Network/Security Tools" package: + + http://www.sco.com/technology/internet/goodies/#SECURITY + +There is also a README that explains how to enable packet capture. + +If you use UnixWare, you will not be able to build libpcap from this +release. We hope to support this operating system in some future +release of libpcap. Meanwhile, there appears to be an UnixWare port of +libpcap 0.0 (and tcpdump 3.0) in: + + ftp://ftp1.freebird.org/pub/mirror/freebird/internet/systools/ + +UnixWare appears to use a hacked version of DLPI. + +If you use flex and bison and not gcc but the linker cannot find +alloca(), you need to either use gcc or not use flex and bison. + +If linking tcpdump fails with "Undefined: _alloca" when using bison on +a Sun4, your version of bison is broken. In any case version 1.16 or +higher is recommended (1.14 is known to cause problems 1.16 is known to +work). Either pick up a current version from: + + ftp://prep.ai.mit.edu/pub/gnu/bison.tar.gz + +or hack around it by inserting the lines: + + #ifdef __GNUC__ + #define alloca __builtin_alloca + #else + #ifdef sparc + #include <alloca.h> + #else + char *alloca (); + #endif + #endif + +right after the (100 line!) GNU license comment in bison.simple, remove +grammar.[co] and fire up make again. + +If you use SunOS 4, your kernel must support streams NIT. If you run a +libpcap program and it dies with: + + /dev/nit: No such device + +You must add streams NIT support to your kernel configuration, run +config and boot the new kernel. + +If you are running a version of SunOS earlier than 4.1, you will need +to replace the Sun supplied /sys/sun{3,4,4c}/OBJ/nit_if.o with the +appropriate version from this distribution's SUNOS4 subdirectory and +build a new kernel: + + nit_if.o.sun3-sunos4 (any flavor of sun3) + nit_if.o.sun4c-sunos4.0.3c (SS1, SS1+, IPC, SLC, etc.) + nit_if.o.sun4-sunos4 (Sun4's not covered by + nit_if.o.sun4c-sunos4.0.3c) + +These nit replacements fix a bug that makes nit essentially unusable in +pre-SunOS 4.1. In addition, our sun4c-sunos4.0.3c nit gives you +timestamps to the resolution of the SS-1 clock (1 us) rather than the +lousy 20ms timestamps Sun gives you (tcpdump will print out the full +timestamp resolution if it finds it's running on a SS-1). + +FILES +----- +CHANGES - description of differences between releases +FILES - list of files exported as part of the distribution +INSTALL - this file +Makefile.in - compilation rules (input to the configure script) +README - description of distribution +SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules +VERSION - version of this release +aclocal.m4 - autoconf macros +bpf/net - copies of bpf_filter.c and bpf.h +bpf_filter.c - symlink to bpf/net/bpf_filter.c +bpf_image.c - bpf disassembly routine +config.guess - autoconf support +config.sub - autoconf support +configure - configure script (run this first) +configure.in - configure script source +etherent.c - /etc/ethers support routines +ethertype.h - ethernet protocol types and names definitions +gencode.c - bpf code generation routines +gencode.h - bpf code generation definitions +grammar.y - filter string grammar +inet.c - network routines +install-sh - BSD style install script +lbl/gnuc.h - gcc macros and defines +lbl/os-*.h - os dependent defines and prototypes +mkdep - construct Makefile dependency list +nametoaddr.c - hostname to address routines +net - symlink to bpf/net +optimize.c - bpf optimization routines +pcap-bpf.c - BSD Packet Filter support +pcap-dlpi.c - Data Link Provider Interface support +pcap-enet.c - enet support +pcap-int.h - internal libpcap definitions +pcap-namedb.h - public libpcap name database definitions +pcap-nit.c - Network Interface Tap support +pcap-nit.h - Network Interface Tap definitions +pcap-null.c - dummy monitor support (allows offline use of libpcap) +pcap-pf.c - Packet Filter support +pcap-pf.h - Packet Filter definitions +pcap-snit.c - Streams based Network Interface Tap support +pcap-snoop.c - Snoop network monitoring support +pcap.3 - manual entry +pcap.c - pcap utility routines +pcap.h - public libpcap definitions +savefile.c - offline support +scanner.l - filter string scanner |