Blame view

Network/libpcap-1.9.0/INSTALL.md 15.5 KB
fee2cbd6   amoreau   ajout des librairies
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
  To build libpcap, run "./configure" (a shell script). The configure
  script will determine your system attributes and generate an
  appropriate Makefile from Makefile.in. Next run "make". If everything
  goes well you can su to root and run "make install". However, you need
  not install libpcap if you just want to build tcpdump; just make sure
  the tcpdump and libpcap directory trees have the same parent
  directory.
  
  If configure says:
  
      configure: warning: cannot determine packet capture interface
      configure: warning: (see INSTALL for more info)
  
  then your system either does not support packet capture or your system
  does support packet capture but libpcap does not support that
  particular type. (If you have HP-UX, see below.) If your system uses a
  packet capture not supported by libpcap, please send us patches; don't
  forget to include an autoconf fragment suitable for use in
  configure.ac.
  
  It is possible to override the default packet capture type, although
  the circumstance where this works are limited. For example if you have
  installed bpf under SunOS 4 and wish to build a snit libpcap:
  
      ./configure --with-pcap=snit
  
  Another example is to force a supported packet capture type in the case
  where the configure scripts fails to detect it.
  
  You will need an ANSI C compiler to build libpcap. The configure script
  will abort if your compiler is not ANSI compliant. If this happens, use
  the generally available GNU C compiler (GCC).
  
  You will need either Flex 2.5.31 or later, or a version of Lex
  compatible with it (if any exist), to build libpcap.  The configure
  script will abort if there isn't any such program.  If you have an older
  version of Flex, or don't have a compatible version of Lex, the current
  version of flex is available at flex.sourceforge.net.
  
  You will need either Bison, Berkeley YACC, or a version of YACC
  compatible with them (if any exist), to build libpcap.  The configure
  script will abort if there isn't any such program.  If you don't have
  any such program, the current version of Bison can be found at
  http://ftp.gnu.org/gnu/bison/ and the current version of Berkeley YACC
  can be found at http://invisible-island.net/byacc/.
  
  Sometimes the stock C compiler does not interact well with Flex and
  Bison. The list of problems includes undefined references for alloca.
  You can get around this by installing GCC.
  
  If you use Solaris, there is a bug with bufmod(7) that is fixed in
  Solaris 2.3.2 (aka SunOS 5.3.2). Setting a snapshot length with the
  broken bufmod(7) results in data be truncated from the FRONT of the
  packet instead of the end.  The work around is to not set a snapshot
  length but this results in performance problems since the entire packet
  is copied to user space. If you must run an older version of Solaris,
  there is a patch available from Sun; ask for bugid 1149065. After
  installing the patch, use "setenv BUFMOD_FIXED" to enable use of
  bufmod(7). However, we recommend you run a more current release of
  Solaris.
  
  If you use the SPARCompiler, you must be careful to not use the
  /usr/ucb/cc interface. If you do, you will get bogus warnings and
  perhaps errors. Either make sure your path has /opt/SUNWspro/bin
  before /usr/ucb or else:
  
      setenv CC /opt/SUNWspro/bin/cc
  
  before running configure. (You might have to do a "make distclean"
  if you already ran configure once).
  
  If you are trying to do packet capture with a FORE ATM card, you may or
  may not be able to. They usually only release their driver in object
  code so unless their driver supports packet capture, there's not much
  libpcap can do.
  
  If you get an error like:
  
      tcpdump: recv_ack: bind error 0x???
  
  when using DLPI, look for the DL_ERROR_ACK error return values, usually
  in /usr/include/sys/dlpi.h, and find the corresponding value.
  
  Under {DEC OSF/1, Digital UNIX, Tru64 UNIX}, packet capture must be
  enabled before it can be used.  For instructions on how to enable packet
  filter support, see:
  
  	ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX
  
  Look for the "How do I configure the Berkeley Packet Filter and capture
  tcpdump traces?" item.
  
  Once you enable packet filter support, your OSF system will support bpf
  natively.
  
  Under Ultrix, packet capture must be enabled before it can be used. For
  instructions on how to enable packet filter support, see:
  
  	ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix
  
  If you use HP-UX, you must have at least version 9 and either the
  version of cc that supports ANSI C (cc -Aa) or else use the GNU C
  compiler. You must also buy the optional streams package. If you don't
  have:
  
      /usr/include/sys/dlpi.h
      /usr/include/sys/dlpi_ext.h
  
  then you don't have the streams package. In addition, we believe you
  need to install the "9.X LAN and DLPI drivers cumulative" patch
  (PHNE_6855) to make the version 9 DLPI work with libpcap.
  
  The DLPI streams package is standard starting with HP-UX 10.
  
  The HP implementation of DLPI is a little bit eccentric. Unlike
  Solaris, you must attach /dev/dlpi instead of the specific /dev/*
  network pseudo device entry in order to capture packets. The PPA is
  based on the ifnet "index" number. Under HP-UX 9, it is necessary to
  read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10,
  DLPI can provide information for determining the PPA. It does not seem
  to be possible to trace the loopback interface. Unlike other DLPI
  implementations, PHYS implies MULTI and SAP and you get an error if you
  try to enable more than one promiscuous mode at a time.
  
  It is impossible to capture outbound packets on HP-UX 9.  To do so on
  HP-UX 10, you will, apparently, need a late "LAN products cumulative
  patch" (at one point, it was claimed that this would be PHNE_18173 for
  s700/10.20; at another point, it was claimed that the required patches
  were PHNE_20892, PHNE_20725 and PHCO_10947, or newer patches), and to do
  so on HP-UX 11 you will, apparently, need the latest lancommon/DLPI
  patches and the latest driver patch for the interface(s) in use on HP-UX
  11 (at one point, it was claimed that patches PHNE_19766, PHNE_19826,
  PHNE_20008, and PHNE_20735 did the trick).
  
  Furthermore, on HP-UX 10, you will need to turn on a kernel switch by
  doing
  
  	echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem
  
  You would have to arrange that this happen on reboots; the right way to
  do that would probably be to put it into an executable script file
  "/sbin/init.d/outbound_promisc" and making
  "/sbin/rc2.d/S350outbound_promisc" a symbolic link to that script.
  
  Finally, testing shows that there can't be more than one simultaneous
  DLPI user per network interface.
  
  If you use Linux, this version of libpcap is known to compile and run
  under Red Hat 4.0 with the 2.0.25 kernel.  It may work with earlier 2.X
  versions but is guaranteed not to work with 1.X kernels.  Running more
  than one libpcap program at a time, on a system with a 2.0.X kernel, can
  cause problems since promiscuous mode is implemented by twiddling the
  interface flags from the libpcap application; the packet capture
  mechanism in the 2.2 and later kernels doesn't have this problem.  Also,
  packet timestamps aren't very good.  This appears to be due to haphazard
  handling of the timestamp in the kernel.
  
  Note well: there is rumoured to be a version of tcpdump floating around
  called 3.0.3 that includes libpcap and is supposed to support Linux.
  You should be advised that neither the Network Research Group at LBNL
  nor the Tcpdump Group ever generated a release with this version number.
  The LBNL Network Research Group notes with interest that a standard
  cracker trick to get people to install trojans is to distribute bogus
  packages that have a version number higher than the current release.
  They also noted with annoyance that 90% of the Linux related bug reports
  they got are due to changes made to unofficial versions of their page.
  If you are having trouble but aren't using a version that came from
  tcpdump.org, please try that before submitting a bug report!
  
  On Linux, libpcap will not work if the kernel does not have the packet
  socket option enabled; see the README.linux file for information about
  this.
  
  If you use AIX, you may not be able to build libpcap from this release.
  We do not have an AIX system in house so it's impossible for us to test
  AIX patches submitted to us.  We are told that you must link against
  /lib/pse.exp, that you must use AIX cc or a GNU C compiler newer than
  2.7.2, and that you may need to run strload before running a libpcap
  application.
  
  Read the README.aix file for information on installing libpcap and
  configuring your system to be able to support libpcap.
  
  If you use NeXTSTEP, you will not be able to build libpcap from this
  release.
  
  If you use SINIX, you should be able to build libpcap from this
  release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS
  V1.0 or V1.1 compiler. But note that in some releases of SINIX, yacc
  emits incorrect code; if grammar.y fails to compile, change every
  occurence of:
  
  	#ifdef YYDEBUG
  
  to:
  	#if YYDEBUG
  
  Another workaround is to use flex and bison.
  
  If you use SCO, you might have trouble building libpcap from this
  release. We do not have a machine running SCO and have not had reports
  of anyone successfully building on it; the current release of libpcap
  does not compile on SCO OpenServer 5.  Although SCO apparently supports
  DLPI to some extent, the DLPI in OpenServer 5 is very non-standard, and
  it appears that completely new code would need to be written to capture
  network traffic.  SCO do not appear to provide tcpdump binaries for
  OpenServer 5 or OpenServer 6 as part of SCO Skunkware:
  
  	http://www.sco.com/skunkware/
  
  If you use UnixWare, you might be able to build libpcap from this
  release, or you might not.  We do not have a machine running UnixWare,
  so we have not tested it; however, SCO provide packages for libpcap
  0.6.2 and tcpdump 3.7.1 in the UnixWare 7/Open UNIX 8 part of SCO
  Skunkware, and the source package for libpcap 0.6.2 is not changed from
  the libpcap 0.6.2 source release, so this release of libpcap might also
  build without changes on UnixWare 7.
  
  If linking tcpdump fails with "Undefined: _alloca" when using bison on
  a Sun4, your version of Bison is broken. In any case version 1.16 or
  higher is recommended (1.14 is known to cause problems 1.16 is known to
  work). Either pick up a current version from:
  
  	http://ftp.gnu.org/gnu/bison/
  
  or hack around it by inserting the lines:
  
  	#ifdef __GNUC__
  	#define alloca __builtin_alloca
  	#else
  	#ifdef sparc
  	#include <alloca.h>
  	#else
  	char *alloca ();
  	#endif
  	#endif
  
  right after the (100 line!) GNU license comment in bison.simple, remove
  grammar.[co] and fire up make again.
  
  If you use SunOS 4, your kernel must support streams NIT. If you run a
  libpcap program and it dies with:
  
      /dev/nit: No such device
  
  You must add streams NIT support to your kernel configuration, run
  config and boot the new kernel.
  
  FILES
  -----
  CHANGES		- description of differences between releases
  ChmodBPF/*	- macOS startup item to set ownership and permissions
  		  on /dev/bpf*
  CMakeLists.txt	- CMake file
  CONTRIBUTING	- guidelines for contributing
  CREDITS		- people that have helped libpcap along
  INSTALL.md	- this file
  LICENSE		- the license under which tcpdump is distributed
  Makefile.in	- compilation rules (input to the configure script)
  README.md	- description of distribution
  doc/README.aix	- notes on using libpcap on AIX
  doc/README.dag	- notes on using libpcap to capture on Endace DAG devices
  doc/README.hpux	- notes on using libpcap on HP-UX
  doc/README.linux.md - notes on using libpcap on Linux
  doc/README.macos	- notes on using libpcap on macOS
  doc/README.septel   - notes on using libpcap to capture on Intel/Septel devices
  doc/README.sita	- notes on using libpcap to capture on SITA devices
  doc/README.tru64	- notes on using libpcap on Digital/Tru64 UNIX
  doc/README.Win32	- notes on using libpcap on Win32 systems (with WinPcap)
  VERSION		- version of this release
  acconfig.h	- support for post-2.13 autoconf
  aclocal.m4	- autoconf macros
  arcnet.h	- ARCNET definitions
  atmuni31.h	- ATM Q.2931 definitions
  bpf/net		- copy of bpf_filter.c
  bpf_dump.c	- BPF program printing routines
  bpf_filter.c	- symlink to bpf/net/bpf_filter.c
  bpf_image.c	- BPF disassembly routine
  config.guess	- autoconf support
  config.h.in	- autoconf input
  config.sub	- autoconf support
  configure	- configure script (run this first)
  configure.ac	- configure script source
  dlpisubs.c	- DLPI-related functions for pcap-dlpi.c and pcap-libdlpi.c
  dlpisubs.h	- DLPI-related function declarations
  etherent.c	- /etc/ethers support routines
  ethertype.h	- Ethernet protocol types and names definitions
  fad-getad.c	- pcap_findalldevs() for systems with getifaddrs()
  fad-gifc.c	- pcap_findalldevs() for systems with only SIOCGIFLIST
  fad-glifc.c	- pcap_findalldevs() for systems with SIOCGLIFCONF
  filtertest.c	- test program for BPF compiler
  findalldevstest.c - test program for pcap_findalldevs()
  gencode.c	- BPF code generation routines
  gencode.h	- BPF code generation definitions
  grammar.y	- filter string grammar
  ieee80211.h	- 802.11 definitions
  install-sh	- BSD style install script
  lbl/os-*.h	- OS-dependent defines and prototypes
  llc.h		- 802.2 LLC SAP definitions
  missing/*	- replacements for missing library functions
  mkdep		- construct Makefile dependency list
  msdos/*		- drivers for MS-DOS capture support
  nametoaddr.c	- hostname to address routines
  nlpid.h		- OSI network layer protocol identifier definitions
  net		- symlink to bpf/net
  optimize.c	- BPF optimization routines
  pcap/bluetooth.h - public definition of DLT_BLUETOOTH_HCI_H4_WITH_PHDR header
  pcap/bpf.h	- BPF definitions
  pcap/namedb.h	- public libpcap name database definitions
  pcap/pcap.h	- public libpcap definitions
  pcap/sll.h	- public definition of DLT_LINUX_SLL header
  pcap/usb.h	- public definition of DLT_USB header
  pcap-bpf.c	- BSD Packet Filter support
  pcap-bpf.h	- header for backwards compatibility
  pcap-bt-linux.c	- Bluetooth capture support for Linux
  pcap-bt-linux.h	- Bluetooth capture support for Linux
  pcap-dag.c	- Endace DAG device capture support
  pcap-dag.h	- Endace DAG device capture support
  pcap-dlpi.c	- Data Link Provider Interface support
  pcap-dos.c	- MS-DOS capture support
  pcap-dos.h	- headers for MS-DOS capture support
  pcap-enet.c	- enet support
  pcap-int.h	- internal libpcap definitions
  pcap-libdlpi.c	- Data Link Provider Interface support for systems with libdlpi
  pcap-linux.c	- Linux packet socket support
  pcap-namedb.h	- header for backwards compatibility
  pcap-nit.c	- SunOS Network Interface Tap support
  pcap-nit.h	- SunOS Network Interface Tap definitions
  pcap-npf.c	- WinPcap capture support
  pcap-null.c	- dummy monitor support (allows offline use of libpcap)
  pcap-pf.c	- Ultrix and Digital/Tru64 UNIX Packet Filter support
  pcap-pf.h	- Ultrix and Digital/Tru64 UNIX Packet Filter definitions
  pcap-septel.c   - Intel/Septel device capture support
  pcap-septel.h   - Intel/Septel device capture support
  pcap-sita.c	- SITA device capture support
  pcap-sita.h	- SITA device capture support
  pcap-sita.html	- SITA device capture documentation
  pcap-stdinc.h	- includes and #defines for compiling on Win32 systems
  pcap-snit.c	- SunOS 4.x STREAMS-based Network Interface Tap support
  pcap-snoop.c	- IRIX Snoop network monitoring support
  pcap-usb-linux.c - USB capture support for Linux
  pcap-usb-linux.h - USB capture support for Linux
  pcap.3pcap	- manual entry for the library
  pcap.c		- pcap utility routines
  pcap.h		- header for backwards compatibility
  pcap_*.3pcap	- manual entries for library functions
  pcap-filter.4	- manual entry for filter syntax
  pcap-linktype.4	- manual entry for link-layer header types
  ppp.h		- Point to Point Protocol definitions
  savefile.c	- offline support
  scanner.l	- filter string scanner
  sunatmpos.h	- definitions for SunATM capturing
  Win32		- headers and routines for building on Win32 systems