1@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.12.2.2 2007/09/12 19:17:24 guy Exp $ (LBL) 2 3To build libpcap, run "./configure" (a shell script). The configure 4script will determine your system attributes and generate an 5appropriate Makefile from Makefile.in. Next run "make". If everything 6goes well you can su to root and run "make install". However, you need 7not install libpcap if you just want to build tcpdump; just make sure 8the tcpdump and libpcap directory trees have the same parent 9directory. 10 11If configure says: 12 13 configure: warning: cannot determine packet capture interface 14 configure: warning: (see INSTALL for more info) 15 16then your system either does not support packet capture or your system 17does support packet capture but libpcap does not support that 18particular type. (If you have HP-UX, see below.) If your system uses a 19packet capture not supported by libpcap, please send us patches; don't 20forget to include an autoconf fragment suitable for use in 21configure.in. 22 23It is possible to override the default packet capture type, although 24the circumstance where this works are limited. For example if you have 25installed bpf under SunOS 4 and wish to build a snit libpcap: 26 27 ./configure --with-pcap=snit 28 29Another example is to force a supported packet capture type in the case 30where the configure scripts fails to detect it. 31 32You will need an ANSI C compiler to build libpcap. The configure script 33will abort if your compiler is not ANSI compliant. If this happens, use 34the GNU C compiler, available via anonymous ftp: 35 36 ftp://ftp.gnu.org/pub/gnu/gcc/ 37 38If you use flex, you must use version 2.4.6 or higher. The configure 39script automatically detects the version of flex and will not use it 40unless it is new enough. You can use "flex -V" to see what version you 41have (unless it's really old). The current version of flex is available 42via anonymous ftp: 43 44 ftp://ftp.ee.lbl.gov/flex-*.tar.Z 45 46As of this writing, the current version is 2.5.4. 47 48If you use bison, you must use flex (and visa versa). The configure 49script automatically falls back to lex and yacc if both flex and bison 50are not found. 51 52Sometimes the stock C compiler does not interact well with flex and 53bison. The list of problems includes undefined references for alloca. 54You can get around this by installing gcc or manually disabling flex 55and bison with: 56 57 ./configure --without-flex --without-bison 58 59If your system only has AT&T lex, this is okay unless your libpcap 60program uses other lex/yacc generated code. (Although it's possible to 61map the yy* identifiers with a script, we use flex and bison so we 62don't feel this is necessary.) 63 64Some systems support the Berkeley Packet Filter natively; for example 65out of the box OSF and BSD/OS have bpf. If your system does not support 66bpf, you will need to pick up: 67 68 ftp://ftp.ee.lbl.gov/bpf-*.tar.Z 69 70Note well: you MUST have kernel source for your operating system in 71order to install bpf. An exception is SunOS 4; the bpf distribution 72includes replacement kernel objects for some of the standard SunOS 4 73network device drivers. See the bpf INSTALL document for more 74information. 75 76If you use Solaris, there is a bug with bufmod(7) that is fixed in 77Solaris 2.3.2 (aka SunOS 5.3.2). Setting a snapshot length with the 78broken bufmod(7) results in data be truncated from the FRONT of the 79packet instead of the end. The work around is to not set a snapshot 80length but this results in performance problems since the entire packet 81is copied to user space. If you must run an older version of Solaris, 82there is a patch available from Sun; ask for bugid 1149065. After 83installing the patch, use "setenv BUFMOD_FIXED" to enable use of 84bufmod(7). However, we recommend you run a more current release of 85Solaris. 86 87If you use the SPARCompiler, you must be careful to not use the 88/usr/ucb/cc interface. If you do, you will get bogus warnings and 89perhaps errors. Either make sure your path has /opt/SUNWspro/bin 90before /usr/ucb or else: 91 92 setenv CC /opt/SUNWspro/bin/cc 93 94before running configure. (You might have to do a "make distclean" 95if you already ran configure once). 96 97Also note that "make depend" won't work; while all of the known 98universe uses -M, the SPARCompiler uses -xM to generate makefile 99dependencies. 100 101If you are trying to do packet capture with a FORE ATM card, you may or 102may not be able to. They usually only release their driver in object 103code so unless their driver supports packet capture, there's not much 104libpcap can do. 105 106If you get an error like: 107 108 tcpdump: recv_ack: bind error 0x??? 109 110when using DLPI, look for the DL_ERROR_ACK error return values, usually 111in /usr/include/sys/dlpi.h, and find the corresponding value. 112 113Under {DEC OSF/1, Digital UNIX, Tru64 UNIX}, packet capture must be 114enabled before it can be used. For instructions on how to enable packet 115filter support, see: 116 117 ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX 118 119Look for the "How do I configure the Berkeley Packet Filter and capture 120tcpdump traces?" item. 121 122Once you enable packet filter support, your OSF system will support bpf 123natively. 124 125Under Ultrix, packet capture must be enabled before it can be used. For 126instructions on how to enable packet filter support, see: 127 128 ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix 129 130If you use HP-UX, you must have at least version 9 and either the 131version of cc that supports ANSI C (cc -Aa) or else use the GNU C 132compiler. You must also buy the optional streams package. If you don't 133have: 134 135 /usr/include/sys/dlpi.h 136 /usr/include/sys/dlpi_ext.h 137 138then you don't have the streams package. In addition, we believe you 139need to install the "9.X LAN and DLPI drivers cumulative" patch 140(PHNE_6855) to make the version 9 DLPI work with libpcap. 141 142The DLPI streams package is standard starting with HP-UX 10. 143 144The HP implementation of DLPI is a little bit eccentric. Unlike 145Solaris, you must attach /dev/dlpi instead of the specific /dev/* 146network pseudo device entry in order to capture packets. The PPA is 147based on the ifnet "index" number. Under HP-UX 9, it is necessary to 148read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10, 149DLPI can provide information for determining the PPA. It does not seem 150to be possible to trace the loopback interface. Unlike other DLPI 151implementations, PHYS implies MULTI and SAP and you get an error if you 152try to enable more than one promiscuous mode at a time. 153 154It is impossible to capture outbound packets on HP-UX 9. To do so on 155HP-UX 10, you will, apparently, need a late "LAN products cumulative 156patch" (at one point, it was claimed that this would be PHNE_18173 for 157s700/10.20; at another point, it was claimed that the required patches 158were PHNE_20892, PHNE_20725 and PHCO_10947, or newer patches), and to do 159so on HP-UX 11 you will, apparently, need the latest lancommon/DLPI 160patches and the latest driver patch for the interface(s) in use on HP-UX 16111 (at one point, it was claimed that patches PHNE_19766, PHNE_19826, 162PHNE_20008, and PHNE_20735 did the trick). 163 164Furthermore, on HP-UX 10, you will need to turn on a kernel switch by 165doing 166 167 echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem 168 169You would have to arrange that this happen on reboots; the right way to 170do that would probably be to put it into an executable script file 171"/sbin/init.d/outbound_promisc" and making 172"/sbin/rc2.d/S350outbound_promisc" a symbolic link to that script. 173 174Finally, testing shows that there can't be more than one simultaneous 175DLPI user per network interface. 176 177If you use Linux, this version of libpcap is known to compile and run 178under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X 179versions but is guaranteed not to work with 1.X kernels. Running more 180than one libpcap program at a time, on a system with a 2.0.X kernel, can 181cause problems since promiscuous mode is implemented by twiddling the 182interface flags from the libpcap application; the packet capture 183mechanism in the 2.2 and later kernels doesn't have this problem. Also, 184packet timestamps aren't very good. This appears to be due to haphazard 185handling of the timestamp in the kernel. 186 187Note well: there is rumoured to be a version of tcpdump floating around 188called 3.0.3 that includes libpcap and is supposed to support Linux. 189You should be advised that neither the Network Research Group at LBNL 190nor the Tcpdump Group ever generated a release with this version number. 191The LBNL Network Research Group notes with interest that a standard 192cracker trick to get people to install trojans is to distribute bogus 193packages that have a version number higher than the current release. 194They also noted with annoyance that 90% of the Linux related bug reports 195they got are due to changes made to unofficial versions of their page. 196If you are having trouble but aren't using a version that came from 197tcpdump.org, please try that before submitting a bug report! 198 199On Linux, libpcap will not work if the kernel does not have the packet 200socket option enabled; see the README.linux file for information about 201this. 202 203If you use AIX, you may not be able to build libpcap from this release. 204We do not have an AIX system in house so it's impossible for us to test 205AIX patches submitted to us. We are told that you must link against 206/lib/pse.exp, that you must use AIX cc or a GNU C compiler newer than 2072.7.2, and that you may need to run strload before running a libpcap 208application. 209 210Read the README.aix file for information on installing libpcap and 211configuring your system to be able to support libpcap. 212 213If you use NeXTSTEP, you will not be able to build libpcap from this 214release. We hope to support this operating system in some future 215release of libpcap. 216 217If you use SINIX, you should be able to build libpcap from this 218release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS 219V1.0 or V1.1 compiler. But note that in some releases of SINIX, yacc 220emits incorrect code; if grammar.y fails to compile, change every 221occurence of: 222 223 #ifdef YYDEBUG 224 225to: 226 #if YYDEBUG 227 228Another workaround is to use flex and bison. 229 230If you use SCO, you might have trouble building libpcap from this 231release. We do not have a machine running SCO and have not had reports 232of anyone successfully building on it. Since SCO apparently supports 233DLPI, it's possible the current version works. Meanwhile, SCO provides 234a tcpdump binary as part of their "Network/Security Tools" package: 235 236 http://www.sco.com/technology/internet/goodies/#SECURITY 237 238There is also a README that explains how to enable packet capture. 239 240If you use UnixWare, you will not be able to build libpcap from this 241release. We hope to support this operating system in some future 242release of libpcap. Meanwhile, there appears to be an UnixWare port of 243libpcap 0.0 (and tcpdump 3.0) in: 244 245 ftp://ftp1.freebird.org/pub/mirror/freebird/internet/systools/ 246 247UnixWare appears to use a hacked version of DLPI. 248 249If linking tcpdump fails with "Undefined: _alloca" when using bison on 250a Sun4, your version of bison is broken. In any case version 1.16 or 251higher is recommended (1.14 is known to cause problems 1.16 is known to 252work). Either pick up a current version from: 253 254 ftp://ftp.gnu.org/pub/gnu/bison 255 256or hack around it by inserting the lines: 257 258 #ifdef __GNUC__ 259 #define alloca __builtin_alloca 260 #else 261 #ifdef sparc 262 #include <alloca.h> 263 #else 264 char *alloca (); 265 #endif 266 #endif 267 268right after the (100 line!) GNU license comment in bison.simple, remove 269grammar.[co] and fire up make again. 270 271If you use SunOS 4, your kernel must support streams NIT. If you run a 272libpcap program and it dies with: 273 274 /dev/nit: No such device 275 276You must add streams NIT support to your kernel configuration, run 277config and boot the new kernel. 278 279If you are running a version of SunOS earlier than 4.1, you will need 280to replace the Sun supplied /sys/sun{3,4,4c}/OBJ/nit_if.o with the 281appropriate version from this distribution's SUNOS4 subdirectory and 282build a new kernel: 283 284 nit_if.o.sun3-sunos4 (any flavor of sun3) 285 nit_if.o.sun4c-sunos4.0.3c (SS1, SS1+, IPC, SLC, etc.) 286 nit_if.o.sun4-sunos4 (Sun4's not covered by 287 nit_if.o.sun4c-sunos4.0.3c) 288 289These nit replacements fix a bug that makes nit essentially unusable in 290pre-SunOS 4.1. In addition, our sun4c-sunos4.0.3c nit gives you 291timestamps to the resolution of the SS-1 clock (1 us) rather than the 292lousy 20ms timestamps Sun gives you (tcpdump will print out the full 293timestamp resolution if it finds it's running on a SS-1). 294 295FILES 296----- 297CHANGES - description of differences between releases 298ChmodBPF/* - Mac OS X startup item to set ownership and permissions 299 on /dev/bpf* 300CREDITS - people that have helped libpcap along 301FILES - list of files exported as part of the distribution 302INSTALL.txt - this file 303LICENSE - the license under which tcpdump is distributed 304Makefile.in - compilation rules (input to the configure script) 305README - description of distribution 306README.aix - notes on using libpcap on AIX 307README.dag - notes on using libpcap to capture on Endace DAG devices 308README.hpux - notes on using libpcap on HP-UX 309README.linux - notes on using libpcap on Linux 310README.macosx - notes on using libpcap on Mac OS X 311README.septel - notes on using libpcap to capture on Intel/Septel devices 312README.tru64 - notes on using libpcap on Digital/Tru64 UNIX 313README.Win32 - notes on using libpcap on Win32 systems (with WinPcap) 314SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules 315VERSION - version of this release 316acconfig.h - support for post-2.13 autoconf 317aclocal.m4 - autoconf macros 318arcnet.h - ARCNET definitions 319atmuni31.h - ATM Q.2931 definitions 320bpf/net - copy of bpf_filter.c 321bpf_dump.c - BPF program printing routines 322bpf_filter.c - symlink to bpf/net/bpf_filter.c 323bpf_image.c - BPF disassembly routine 324config.guess - autoconf support 325config.h.in - autoconf input 326config.sub - autoconf support 327configure - configure script (run this first) 328configure.in - configure script source 329etherent.c - /etc/ethers support routines 330ethertype.h - Ethernet protocol types and names definitions 331fad-getad.c - pcap_findalldevs() for systems with getifaddrs() 332fad-gifc.c - pcap_findalldevs() for systems with only SIOCGIFLIST 333fad-glifc.c - pcap_findalldevs() for systems with SIOCGLIFCONF 334fad-null.c - pcap_findalldevs() for systems without capture support 335fad-win32.c - pcap_findalldevs() for WinPcap 336gencode.c - BPF code generation routines 337gencode.h - BPF code generation definitions 338grammar.y - filter string grammar 339inet.c - network routines 340install-sh - BSD style install script 341lbl/os-*.h - OS-dependent defines and prototypes 342llc.h - 802.2 LLC SAP definitions 343missing/* - replacements for missing library functions 344mkdep - construct Makefile dependency list 345msdos/* - drivers for MS-DOS capture support 346nametoaddr.c - hostname to address routines 347nlpid.h - OSI network layer protocol identifier definitions 348net - symlink to bpf/net 349optimize.c - BPF optimization routines 350packaging - packaging information for building libpcap RPMs 351pcap-bpf.c - BSD Packet Filter support 352pcap-bpf.h - BPF definitions 353pcap-dag.c - Endace DAG device capture support 354pcap-dag.h - Endace DAG device capture support 355pcap-dlpi.c - Data Link Provider Interface support 356pcap-dos.c - MS-DOS capture support 357pcap-dos.h - headers for MS-DOS capture support 358pcap-enet.c - enet support 359pcap-int.h - internal libpcap definitions 360pcap-linux.c - Linux packet socket support 361pcap-namedb.h - public libpcap name database definitions 362pcap-nit.c - SunOS Network Interface Tap support 363pcap-nit.h - SunOS Network Interface Tap definitions 364pcap-null.c - dummy monitor support (allows offline use of libpcap) 365pcap-pf.c - Ultrix and Digital/Tru64 UNIX Packet Filter support 366pcap-pf.h - Ultrix and Digital/Tru64 UNIX Packet Filter definitions 367pcap-septel.c - INTEL/Septel device capture support 368pcap-septel.h - INTEL/Septel device capture support 369pcap-stdinc.h - includes and #defines for compiling on Win32 systems 370pcap-snit.c - SunOS 4.x STREAMS-based Network Interface Tap support 371pcap-snoop.c - IRIX Snoop network monitoring support 372pcap-win32.c - WinPcap capture support 373pcap.3 - manual entry 374pcap.c - pcap utility routines 375pcap.h - public libpcap definitions 376ppp.h - Point to Point Protocol definitions 377rawss7.h - information on DLT_ types for SS7 378savefile.c - offline support 379scanner.l - filter string scanner 380sll.h - definitions for Linux cooked mode fake link-layer header 381sunatmpos.h - definitions for SunATM capturing 382Win32 - headers and routines for building on Win32 systems 383