1@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.29 2008-06-12 20:21:51 guy Exp $ (LBL) 2 3To build libpcap, run "./configure" (a shell script). The configure 4script will determine your system attributes and generate an 5appropriate Makefile from Makefile.in. Next run "make". If everything 6goes well you can su to root and run "make install". However, you need 7not install libpcap if you just want to build tcpdump; just make sure 8the tcpdump and libpcap directory trees have the same parent 9directory. 10 11If configure says: 12 13 configure: warning: cannot determine packet capture interface 14 configure: warning: (see INSTALL for more info) 15 16then your system either does not support packet capture or your system 17does support packet capture but libpcap does not support that 18particular type. (If you have HP-UX, see below.) If your system uses a 19packet capture not supported by libpcap, please send us patches; don't 20forget to include an autoconf fragment suitable for use in 21configure.in. 22 23It is possible to override the default packet capture type, although 24the circumstance where this works are limited. For example if you have 25installed bpf under SunOS 4 and wish to build a snit libpcap: 26 27 ./configure --with-pcap=snit 28 29Another example is to force a supported packet capture type in the case 30where the configure scripts fails to detect it. 31 32You will need an ANSI C compiler to build libpcap. The configure script 33will abort if your compiler is not ANSI compliant. If this happens, use 34the GNU C compiler, available via anonymous ftp: 35 36 ftp://ftp.gnu.org/pub/gnu/gcc/ 37 38If you use flex, you must use version 2.4.6 or higher. The configure 39script automatically detects the version of flex and will not use it 40unless it is new enough. You can use "flex -V" to see what version you 41have (unless it's really old). The current version of flex is available 42via anonymous ftp: 43 44 ftp://ftp.ee.lbl.gov/flex-*.tar.Z 45 46As of this writing, the current version is 2.5.4. 47 48If you use bison, you must use flex (and visa versa). The configure 49script automatically falls back to lex and yacc if both flex and bison 50are not found. 51 52Sometimes the stock C compiler does not interact well with flex and 53bison. The list of problems includes undefined references for alloca. 54You can get around this by installing gcc or manually disabling flex 55and bison with: 56 57 ./configure --without-flex --without-bison 58 59If your system only has AT&T lex, this is okay unless your libpcap 60program uses other lex/yacc generated code. (Although it's possible to 61map the yy* identifiers with a script, we use flex and bison so we 62don't feel this is necessary.) 63 64Some systems support the Berkeley Packet Filter natively; for example 65out of the box OSF and BSD/OS have bpf. If your system does not support 66bpf, you will need to pick up: 67 68 ftp://ftp.ee.lbl.gov/bpf-*.tar.Z 69 70Note well: you MUST have kernel source for your operating system in 71order to install bpf. An exception is SunOS 4; the bpf distribution 72includes replacement kernel objects for some of the standard SunOS 4 73network device drivers. See the bpf INSTALL document for more 74information. 75 76If you use Solaris, there is a bug with bufmod(7) that is fixed in 77Solaris 2.3.2 (aka SunOS 5.3.2). Setting a snapshot length with the 78broken bufmod(7) results in data be truncated from the FRONT of the 79packet instead of the end. The work around is to not set a snapshot 80length but this results in performance problems since the entire packet 81is copied to user space. If you must run an older version of Solaris, 82there is a patch available from Sun; ask for bugid 1149065. After 83installing the patch, use "setenv BUFMOD_FIXED" to enable use of 84bufmod(7). However, we recommend you run a more current release of 85Solaris. 86 87If you use the SPARCompiler, you must be careful to not use the 88/usr/ucb/cc interface. If you do, you will get bogus warnings and 89perhaps errors. Either make sure your path has /opt/SUNWspro/bin 90before /usr/ucb or else: 91 92 setenv CC /opt/SUNWspro/bin/cc 93 94before running configure. (You might have to do a "make distclean" 95if you already ran configure once). 96 97Also note that "make depend" won't work; while all of the known 98universe uses -M, the SPARCompiler uses -xM to generate makefile 99dependencies. 100 101If you are trying to do packet capture with a FORE ATM card, you may or 102may not be able to. They usually only release their driver in object 103code so unless their driver supports packet capture, there's not much 104libpcap can do. 105 106If you get an error like: 107 108 tcpdump: recv_ack: bind error 0x??? 109 110when using DLPI, look for the DL_ERROR_ACK error return values, usually 111in /usr/include/sys/dlpi.h, and find the corresponding value. 112 113Under {DEC OSF/1, Digital UNIX, Tru64 UNIX}, packet capture must be 114enabled before it can be used. For instructions on how to enable packet 115filter support, see: 116 117 ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX 118 119Look for the "How do I configure the Berkeley Packet Filter and capture 120tcpdump traces?" item. 121 122Once you enable packet filter support, your OSF system will support bpf 123natively. 124 125Under Ultrix, packet capture must be enabled before it can be used. For 126instructions on how to enable packet filter support, see: 127 128 ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix 129 130If you use HP-UX, you must have at least version 9 and either the 131version of cc that supports ANSI C (cc -Aa) or else use the GNU C 132compiler. You must also buy the optional streams package. If you don't 133have: 134 135 /usr/include/sys/dlpi.h 136 /usr/include/sys/dlpi_ext.h 137 138then you don't have the streams package. In addition, we believe you 139need to install the "9.X LAN and DLPI drivers cumulative" patch 140(PHNE_6855) to make the version 9 DLPI work with libpcap. 141 142The DLPI streams package is standard starting with HP-UX 10. 143 144The HP implementation of DLPI is a little bit eccentric. Unlike 145Solaris, you must attach /dev/dlpi instead of the specific /dev/* 146network pseudo device entry in order to capture packets. The PPA is 147based on the ifnet "index" number. Under HP-UX 9, it is necessary to 148read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10, 149DLPI can provide information for determining the PPA. It does not seem 150to be possible to trace the loopback interface. Unlike other DLPI 151implementations, PHYS implies MULTI and SAP and you get an error if you 152try to enable more than one promiscuous mode at a time. 153 154It is impossible to capture outbound packets on HP-UX 9. To do so on 155HP-UX 10, you will, apparently, need a late "LAN products cumulative 156patch" (at one point, it was claimed that this would be PHNE_18173 for 157s700/10.20; at another point, it was claimed that the required patches 158were PHNE_20892, PHNE_20725 and PHCO_10947, or newer patches), and to do 159so on HP-UX 11 you will, apparently, need the latest lancommon/DLPI 160patches and the latest driver patch for the interface(s) in use on HP-UX 16111 (at one point, it was claimed that patches PHNE_19766, PHNE_19826, 162PHNE_20008, and PHNE_20735 did the trick). 163 164Furthermore, on HP-UX 10, you will need to turn on a kernel switch by 165doing 166 167 echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem 168 169You would have to arrange that this happen on reboots; the right way to 170do that would probably be to put it into an executable script file 171"/sbin/init.d/outbound_promisc" and making 172"/sbin/rc2.d/S350outbound_promisc" a symbolic link to that script. 173 174Finally, testing shows that there can't be more than one simultaneous 175DLPI user per network interface. 176 177If you use Linux, this version of libpcap is known to compile and run 178under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X 179versions but is guaranteed not to work with 1.X kernels. Running more 180than one libpcap program at a time, on a system with a 2.0.X kernel, can 181cause problems since promiscuous mode is implemented by twiddling the 182interface flags from the libpcap application; the packet capture 183mechanism in the 2.2 and later kernels doesn't have this problem. Also, 184packet timestamps aren't very good. This appears to be due to haphazard 185handling of the timestamp in the kernel. 186 187Note well: there is rumoured to be a version of tcpdump floating around 188called 3.0.3 that includes libpcap and is supposed to support Linux. 189You should be advised that neither the Network Research Group at LBNL 190nor the Tcpdump Group ever generated a release with this version number. 191The LBNL Network Research Group notes with interest that a standard 192cracker trick to get people to install trojans is to distribute bogus 193packages that have a version number higher than the current release. 194They also noted with annoyance that 90% of the Linux related bug reports 195they got are due to changes made to unofficial versions of their page. 196If you are having trouble but aren't using a version that came from 197tcpdump.org, please try that before submitting a bug report! 198 199On Linux, libpcap will not work if the kernel does not have the packet 200socket option enabled; see the README.linux file for information about 201this. 202 203If you use AIX, you may not be able to build libpcap from this release. 204We do not have an AIX system in house so it's impossible for us to test 205AIX patches submitted to us. We are told that you must link against 206/lib/pse.exp, that you must use AIX cc or a GNU C compiler newer than 2072.7.2, and that you may need to run strload before running a libpcap 208application. 209 210Read the README.aix file for information on installing libpcap and 211configuring your system to be able to support libpcap. 212 213If you use NeXTSTEP, you will not be able to build libpcap from this 214release. 215 216If you use SINIX, you should be able to build libpcap from this 217release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS 218V1.0 or V1.1 compiler. But note that in some releases of SINIX, yacc 219emits incorrect code; if grammar.y fails to compile, change every 220occurence of: 221 222 #ifdef YYDEBUG 223 224to: 225 #if YYDEBUG 226 227Another workaround is to use flex and bison. 228 229If you use SCO, you might have trouble building libpcap from this 230release. We do not have a machine running SCO and have not had reports 231of anyone successfully building on it; the current release of libpcap 232does not compile on SCO OpenServer 5. Although SCO apparently supports 233DLPI to some extent, the DLPI in OpenServer 5 is very non-standard, and 234it appears that completely new code would need to be written to capture 235network traffic. SCO do not appear to provide tcpdump binaries for 236OpenServer 5 or OpenServer 6 as part of SCO Skunkware: 237 238 http://www.sco.com/skunkware/ 239 240If you use UnixWare, you might be able to build libpcap from this 241release, or you might not. We do not have a machine running UnixWare, 242so we have not tested it; however, SCO provide packages for libpcap 2430.6.2 and tcpdump 3.7.1 in the UnixWare 7/Open UNIX 8 part of SCO 244Skunkware, and the source package for libpcap 0.6.2 is not changed from 245the libpcap 0.6.2 source release, so this release of libpcap might also 246build without changes on UnixWare 7. 247 248If linking tcpdump fails with "Undefined: _alloca" when using bison on 249a Sun4, your version of bison is broken. In any case version 1.16 or 250higher is recommended (1.14 is known to cause problems 1.16 is known to 251work). Either pick up a current version from: 252 253 ftp://ftp.gnu.org/pub/gnu/bison 254 255or hack around it by inserting the lines: 256 257 #ifdef __GNUC__ 258 #define alloca __builtin_alloca 259 #else 260 #ifdef sparc 261 #include <alloca.h> 262 #else 263 char *alloca (); 264 #endif 265 #endif 266 267right after the (100 line!) GNU license comment in bison.simple, remove 268grammar.[co] and fire up make again. 269 270If you use SunOS 4, your kernel must support streams NIT. If you run a 271libpcap program and it dies with: 272 273 /dev/nit: No such device 274 275You must add streams NIT support to your kernel configuration, run 276config and boot the new kernel. 277 278If you are running a version of SunOS earlier than 4.1, you will need 279to replace the Sun supplied /sys/sun{3,4,4c}/OBJ/nit_if.o with the 280appropriate version from this distribution's SUNOS4 subdirectory and 281build a new kernel: 282 283 nit_if.o.sun3-sunos4 (any flavor of sun3) 284 nit_if.o.sun4c-sunos4.0.3c (SS1, SS1+, IPC, SLC, etc.) 285 nit_if.o.sun4-sunos4 (Sun4's not covered by 286 nit_if.o.sun4c-sunos4.0.3c) 287 288These nit replacements fix a bug that makes nit essentially unusable in 289pre-SunOS 4.1. In addition, our sun4c-sunos4.0.3c nit gives you 290timestamps to the resolution of the SS-1 clock (1 us) rather than the 291lousy 20ms timestamps Sun gives you (tcpdump will print out the full 292timestamp resolution if it finds it's running on a SS-1). 293 294FILES 295----- 296CHANGES - description of differences between releases 297ChmodBPF/* - Mac OS X startup item to set ownership and permissions 298 on /dev/bpf* 299CREDITS - people that have helped libpcap along 300INSTALL.txt - this file 301LICENSE - the license under which tcpdump is distributed 302Makefile.in - compilation rules (input to the configure script) 303README - description of distribution 304README.aix - notes on using libpcap on AIX 305README.dag - notes on using libpcap to capture on Endace DAG devices 306README.hpux - notes on using libpcap on HP-UX 307README.linux - notes on using libpcap on Linux 308README.macosx - notes on using libpcap on Mac OS X 309README.septel - notes on using libpcap to capture on Intel/Septel devices 310README.sita - notes on using libpcap to capture on SITA devices 311README.tru64 - notes on using libpcap on Digital/Tru64 UNIX 312README.Win32 - notes on using libpcap on Win32 systems (with WinPcap) 313SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules 314VERSION - version of this release 315acconfig.h - support for post-2.13 autoconf 316aclocal.m4 - autoconf macros 317arcnet.h - ARCNET definitions 318atmuni31.h - ATM Q.2931 definitions 319bpf/net - copy of bpf_filter.c 320bpf_dump.c - BPF program printing routines 321bpf_filter.c - symlink to bpf/net/bpf_filter.c 322bpf_image.c - BPF disassembly routine 323config.guess - autoconf support 324config.h.in - autoconf input 325config.sub - autoconf support 326configure - configure script (run this first) 327configure.in - configure script source 328dlpisubs.c - DLPI-related functions for pcap-dlpi.c and pcap-libdlpi.c 329dlpisubs.h - DLPI-related function declarations 330etherent.c - /etc/ethers support routines 331ethertype.h - Ethernet protocol types and names definitions 332fad-getad.c - pcap_findalldevs() for systems with getifaddrs() 333fad-gifc.c - pcap_findalldevs() for systems with only SIOCGIFLIST 334fad-glifc.c - pcap_findalldevs() for systems with SIOCGLIFCONF 335fad-null.c - pcap_findalldevs() for systems without capture support 336fad-sita.c - pcap_findalldevs() for systems with SITA support 337fad-win32.c - pcap_findalldevs() for WinPcap 338filtertest.c - test program for BPF compiler 339findalldevstest.c - test program for pcap_findalldevs() 340gencode.c - BPF code generation routines 341gencode.h - BPF code generation definitions 342grammar.y - filter string grammar 343ieee80211.h - 802.11 definitions 344inet.c - network routines 345install-sh - BSD style install script 346lbl/os-*.h - OS-dependent defines and prototypes 347llc.h - 802.2 LLC SAP definitions 348missing/* - replacements for missing library functions 349mkdep - construct Makefile dependency list 350msdos/* - drivers for MS-DOS capture support 351nametoaddr.c - hostname to address routines 352nlpid.h - OSI network layer protocol identifier definitions 353net - symlink to bpf/net 354optimize.c - BPF optimization routines 355packaging - packaging information for building libpcap RPMs 356pcap/bluetooth.h - public definition of DLT_BLUETOOTH_HCI_H4_WITH_PHDR header 357pcap/bpf.h - BPF definitions 358pcap/namedb.h - public libpcap name database definitions 359pcap/pcap.h - public libpcap definitions 360pcap/sll.h - public definition of DLT_LINUX_SLL header 361pcap/usb.h - public definition of DLT_USB header 362pcap-bpf.c - BSD Packet Filter support 363pcap-bpf.h - header for backwards compatibility 364pcap-bt-linux.c - Bluetooth capture support for Linux 365pcap-bt-linux.h - Bluetooth capture support for Linux 366pcap-dag.c - Endace DAG device capture support 367pcap-dag.h - Endace DAG device capture support 368pcap-dlpi.c - Data Link Provider Interface support 369pcap-dos.c - MS-DOS capture support 370pcap-dos.h - headers for MS-DOS capture support 371pcap-enet.c - enet support 372pcap-int.h - internal libpcap definitions 373pcap-libdlpi.c - Data Link Provider Interface support for systems with libdlpi 374pcap-linux.c - Linux packet socket support 375pcap-namedb.h - header for backwards compatibility 376pcap-nit.c - SunOS Network Interface Tap support 377pcap-nit.h - SunOS Network Interface Tap definitions 378pcap-null.c - dummy monitor support (allows offline use of libpcap) 379pcap-pf.c - Ultrix and Digital/Tru64 UNIX Packet Filter support 380pcap-pf.h - Ultrix and Digital/Tru64 UNIX Packet Filter definitions 381pcap-septel.c - Intel/Septel device capture support 382pcap-septel.h - Intel/Septel device capture support 383pcap-sita.c - SITA device capture support 384pcap-sita.h - SITA device capture support 385pcap-sita.html - SITA device capture documentation 386pcap-stdinc.h - includes and #defines for compiling on Win32 systems 387pcap-snit.c - SunOS 4.x STREAMS-based Network Interface Tap support 388pcap-snoop.c - IRIX Snoop network monitoring support 389pcap-usb-linux.c - USB capture support for Linux 390pcap-usb-linux.h - USB capture support for Linux 391pcap-win32.c - WinPcap capture support 392pcap.3pcap - manual entry for the library 393pcap.c - pcap utility routines 394pcap.h - header for backwards compatibility 395pcap_*.3pcap - manual entries for library functions 396pcap-filter.4 - manual entry for filter syntax 397pcap-linktype.4 - manual entry for link-layer header types 398ppp.h - Point to Point Protocol definitions 399runlex.sh - wrapper for Lex/Flex 400savefile.c - offline support 401scanner.l - filter string scanner 402sunatmpos.h - definitions for SunATM capturing 403Win32 - headers and routines for building on Win32 systems 404