1LIBPCAP 1.x.y 2============= 3 4[](https://travis-ci.org/the-tcpdump-group/libpcap) 5 6[](https://ci.appveyor.com/project/guyharris/libpcap) 7 8Now maintained by "The Tcpdump Group" 9 10 https://www.tcpdump.org 11 12formerly from Lawrence Berkeley National Laboratory 13 Network Research Group <libpcap@ee.lbl.gov> 14 ftp://ftp.ee.lbl.gov/old/libpcap-0.4a7.tar.Z 15 16To report a security issue please send an e-mail to security@tcpdump.org. 17 18To report bugs and other problems, contribute patches, request a 19feature, provide generic feedback etc please see the file 20[CONTRIBUTING.md](CONTRIBUTING.md) in the libpcap source tree root. 21 22The directory doc/ has README files about specific operating systems and 23options. 24 25Anonymous Git is available via: 26 27 https://github.com/the-tcpdump-group/libpcap.git 28 29This directory contains source code for libpcap, a system-independent 30interface for user-level packet capture. libpcap provides a portable 31framework for low-level network monitoring. Applications include 32network statistics collection, security monitoring, network debugging, 33etc. Since almost every system vendor provides a different interface 34for packet capture, and since we've developed several tools that 35require this functionality, we've created this system-independent API 36to ease in porting and to alleviate the need for several 37system-dependent packet capture modules in each application. 38 39For some platforms there are README.{system} files that discuss issues 40with the OS's interface for packet capture on those platforms, such as 41how to enable support for that interface in the OS, if it's not built in 42by default. 43 44The libpcap interface supports a filtering mechanism based on the 45architecture in the BSD packet filter. BPF is described in the 1993 46Winter Usenix paper ``The BSD Packet Filter: A New Architecture for 47User-level Packet Capture''. A compressed PostScript version can be 48found at 49 50 https://www.tcpdump.org/papers/bpf-usenix93.ps.Z 51 52and a gzipped version can be found at 53 54 https://www.tcpdump.org/papers/bpf-usenix93.ps.gz 55 56A PDF version can be found at 57 58 https://www.tcpdump.org/papers/bpf-usenix93.pdf 59 60Although most packet capture interfaces support in-kernel filtering, 61libpcap utilizes in-kernel filtering only for the BPF interface. 62On systems that don't have BPF, all packets are read into user-space 63and the BPF filters are evaluated in the libpcap library, incurring 64added overhead (especially, for selective filters). Ideally, libpcap 65would translate BPF filters into a filter program that is compatible 66with the underlying kernel subsystem, but this is not yet implemented. 67 68BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, OpenBSD, DragonFly 69BSD, and macOS; an older, modified and undocumented version is standard 70in AIX. {DEC OSF/1, Digital UNIX, Tru64 UNIX} uses the packetfilter 71interface but has been extended to accept BPF filters (which libpcap 72utilizes). Also, you can add BPF filter support to Ultrix using the 73kernel source and/or object patches available in: 74 75 https://www.tcpdump.org/other/bpfext42.tar.Z 76 77Linux has a number of BPF based systems, and libpcap does not support 78any of the eBPF mechanisms as yet, although it supports many of the 79memory mapped receive mechanisms. 80See the [README.linux](doc/README.linux.md) file for more information. 81 82Note to Linux distributions and *BSD systems that include libpcap: 83 84There's now a rule to make a shared library, which should work on Linux 85and *BSD, among other platforms. 86 87It sets the soname of the library to "libpcap.so.1"; this is what it 88should be, *NOT* libpcap.so.1.x or libpcap.so.1.x.y or something such as 89that. 90 91We've been maintaining binary compatibility between libpcap releases for 92quite a while; there's no reason to tie a binary linked with libpcap to 93a particular release of libpcap. 94
){kind=link}