freebsd-dev/contrib/libpcap/INSTALL

269 lines
11 KiB
Plaintext
Raw Normal View History

@(#) $Header: INSTALL,v 1.27 96/07/23 14:36:02 leres Exp $ (LBL)
To build libpcap, first customize any paths in Makefile.in, then run
"./configure" (a shell script). The configure script will determine
your system attributes and generate an appropriate Makefile from
Makefile.in. Next run "make". If everything goes well you can su to
root and run "make install", "make install-incl" and "make
install-man". However, you need not install libpcap if you just want to
build tcpdump; just make sure the tcpdump and libpcap directory trees
have the same parent directory.
If configure says:
configure: warning: cannot determine packet capture interface
configure: warning: (see INSTALL for more info)
then your system either does not support packet capture or your system
does support packet capture but libpcap does not support that
particular type. (If you have HP-UX, see below.) If your system uses a
packet capture not supported by libpcap, please send us patches; don't
forget to include an autoconf fragment suitable for use in
configure.in.
You will need an ANSI C compiler to build libpcap. The configure script
will abort if your compiler is not ANSI compliant. If this happens, use
the GNU C compiler, available via anonymous ftp:
ftp://prep.ai.mit.edu/pub/gnu/gcc-*.tar.gz
Note well: If you use gcc, you may need to run its "fixincludes"
script. Running fixincludes is not required with later versions of gcc
and in some cases (e.g. Solaris 2.5) causes problems when run. The
configure script will abort if it detects if the fixincludes needs to
be run. If the fixincludes test in configure passes, you're probably
ok.
If you use flex, you must use version 2.4.6 or higher. The configure
script automatically detects the version of flex and will not use it
unless it is new enough. You can use "flex -V" to see what version you
have (unless it's really old). The current version of flex is available
via anonymous ftp:
ftp://ftp.ee.lbl.gov/flex-*.tar.Z
As of this writing, the current version is 2.5.3.
If you use bison, you must use flex (and visa versa). The configure
script automatically falls back to lex and yacc if both flex and bison
are not found.
If your system only has AT&T lex, that also works okay unless your
libpcap program uses other lex/yacc generated code. (Although it's
possible to map the yy* identifiers with a script, we use flex and
bison so we don't feel this is necessary.)
Some systems support the Berkeley Packet Filter natively; for example
out of the box OSF and BSD/OS have bpf. If your system does not support
bpf, you will need to pick up:
ftp://ftp.ee.lbl.gov/bpf-*.tar.Z
Note well: you MUST have kernel source for your operating system in
order to install bpf. An exception is SunOS 4; the bpf distribution
includes replacement kernel objects for some of the standard SunOS 4
network device drivers. See the bpf INSTALL document for more
information.
If you use Solaris, there is a bug with bufmod(7) that is fixed in
5.3.2. Setting a snapshot length with the broken bufmod(7) results in
data be truncated from the FRONT of the packet instead of the end. The
work around is to not set a snapshot length but this results in
performance problems since the entire packet is copied to user space.
If you must run an older version of Solaris, there is a patch available
from Sun; ask for bugid 1149065. After installing the patch, use
"setenv BUFMOD_FIXED" to enable use of bufmod(7). However, we recommend
you run a more current release of Solaris.
Under OSF, packet capture must be enabled before it can be used. For
instructions on how to enable packet filter support, see:
ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX
Once you enable packet filter support, your OSF system will support bpf
natively.
Under Ultrix, packet capture must be enabled before it can be used. For
instructions on how to enable packet filter support, see:
ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix
If you use HP-UX, have at least version 9 and either have the version
of cc that supports ANSI C (cc -Aa) or else get the GNU C compiler. In
addition, you must buy the optional streams package. If you don't have:
/usr/include/sys/dlpi.h
/usr/include/sys/dlpi_ext.h
then you don't have the streams package. It's also possible that the
streams package is standard starting with a particular subrelease of
HP-UX 10.
The HP implementation of DLPI is a little bit eccentric. Unlike
Solaris, you must attach /dev/dlpi instead of the specific /dev/*
network pseudo device entry in order to capture packets. The ppa is
based on the ifnet "index" number. Under HP-UX 9, it is necessary to
read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10,
dlpi can provide information for determining the ppa. It does not seem
to be possible to trace the loopback interface. Unlike other DLPI
implementations, PHYS implies MULTI and SAP and you get an error if you
try to enable more than one promiscous more than one promiscuous mode
at a time. This results in error messages:
WARNING: DL_PROMISC_MULTI failed (recv_ack: promisc_multi: Invalid argument)
WARNING: DL_PROMISC_SAP failed (recv_ack: promisc_sap: Invalid argument)
which may be safely ignored. Finally, testing shows that there can't be
more than one simultaneous dlpi user per network interface.
If you use Linux, you will not be able to build libpcap from this
release. We have a Linux system up and hope to support Linux at some
point after the next even version of the Linux kernel source is
released. Meanwhile, you can try picking up:
ftp://sunsite.unc.edu/pub/Linux/system/Network/management/tcpdump-3.0.2-linux.tar.gz
This appears to be libpcap 0.0.6 and tcpdump 3.0.2 hacked for Linux.
(It includes 20000 lines of linux-specific include files, almost twice
the source in the official libpcap distribution. It also contains a
linux specific libpcap module that is essentially a hacked copy of the
snoop module; one of the hacks is to replace the Regents of the
University of California copyright with a vague reference to the GNU
license.)
Note well: there is rumoured to be a version of tcpdump floating around
called 3.0.3 that includes libpcap and is supposed to support Linux.
You should be advised that the Network Research Group at LBNL never
generated a release with this version number. You should also know that
a standard trick crackers use to get people to install trojans is to
distribute bogus packages that have a version number higher than the
current release.
If you use AIX, you will not be able to build libpcap from this
release. We have a set of contributed patches that we hope to integrate
in some future release of libpcap.
If you use NeXTSTEP, you will not be able to build libpcap from this
release. We hope to support this operating system in some future
release of libpcap.
If you use SINIX, you should be able to build libpcap from this
release. We are told you must have the C-DS V1.1A00 compiler. If you
have problems, please send details to libpcap@ee.lbl.gov.
If you use SCO, you might have trouble building libpcap from this
release. We do not have a machine running SCO and have not had reports
of anyone successfully building on it. Since SCO apparently supports
dlpi, it's possible libpcap 0.2 works. Meanwhile, sco provides a
tcpdump binary as part of their "Network/Security Tools" package:
http://www.sco.com/technology/internet/goodies/#SECURITY
There is also a README that explains how to enable packet capture.
If you use UnixWare, you will not be able to build libpcap from this
release. We hope to support this operating system in some future
release of libpcap. Meanwhile, there appears to be an UnixWare port of
libpcap 0.0 (and tcpdump 3.0) in:
ftp://ftp1.freebird.org/pub/mirror/freebird/internet/systools/
UnixWare appears to use a hacked version of DLPI.
If you use flex and bison and not gcc but the linker cannot find
alloca(), you need to either use gcc or not use flex and bison.
If linking tcpdump fails with "Undefined: _alloca" when using bison on
a Sun4, your version of bison is broken. In any case version 1.16 or
higher is recommended (1.14 is known to cause problems 1.16 is known to
work). Either pick up a current version from:
ftp://prep.ai.mit.edu/pub/gnu/bison.tar.gz
or hack around it by inserting the lines:
#ifdef __GNUC__
#define alloca __builtin_alloca
#else
#ifdef sparc
#include <alloca.h>
#else
char *alloca ();
#endif
#endif
right after the (100 line!) GNU license comment in bison.simple, remove
grammar.[co] and fire up make again.
If you use SunOS 4, your kernel must support streams NIT. If you run a
libpcap program and it dies with:
/dev/nit: No such device
You must add streams NIT support to your kernel configuration, run
config and boot the new kernel.
If you are running a version of SunOS earlier than 4.1, you will need
to replace the Sun supplied /sys/sun{3,4,4c}/OBJ/nit_if.o with the
appropriate version from this distribution's SUNOS4 subdirectory and
build a new kernel:
nit_if.o.sun3-sunos4 (any flavor of sun3)
nit_if.o.sun4c-sunos4.0.3c (SS1, SS1+, IPC, SLC, etc.)
nit_if.o.sun4-sunos4 (Sun4's not covered by
nit_if.o.sun4c-sunos4.0.3c)
These nit replacements fix a bug that makes nit essentially unusable in
pre-SunOS 4.1. In addition, our sun4c-sunos4.0.3c nit gives you
timestamps to the resolution of the SS-1 clock (1 us) rather than the
lousy 20ms timestamps Sun gives you (tcpdump will print out the full
timestamp resolution if it finds it's running on a SS-1).
FILES
-----
CHANGES - description of differences between releases
FILES - list of files exported as part of the distribution
INSTALL - this file
Makefile.in - compilation rules (input to the configure script)
README - description of distribution
SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules
VERSION - version of this release
aclocal.m4 - autoconf macros
bpf/net - copies of bpf_filter.c and bpf.h
bpf_filter.c - symlink to bpf/net/bpf_filter.c
bpf_image.c - bpf disassembly routine
config.guess - autoconf support
config.sub - autoconf support
configure - configure script (run this first)
configure.in - configure script source
etherent.c - /etc/ethers support routines
ethertype.h - ethernet protocol types and names definitions
gencode.c - bpf code generation routines
gencode.h - bpf code generation definitions
grammar.y - filter string grammar
inet.c - network routines
install-sh - BSD style install script
lbl/gnuc.h - gcc macros and defines
lbl/os-*.h - os dependent defines and prototypes
mkdep - construct Makefile dependency list
nametoaddr.c - hostname to address routines
net - symlink to bpf/net
optimize.c - bpf optimization routines
pcap-bpf.c - BSD Packet Filter support
pcap-dlpi.c - Data Link Provider Interface support
pcap-enet.c - enet support
pcap-int.h - internal libpcap definitions
pcap-namedb.h - public libpcap name database definitions
pcap-nit.c - Network Interface Tap support
pcap-nit.h - Network Interface Tap definitions
pcap-null.c - dummy monitor support (allows offline use of libpcap)
pcap-pf.c - Packet Filter support
pcap-pf.h - Packet Filter definitions
pcap-snit.c - Streams based Network Interface Tap support
pcap-snoop.c - Snoop network monitoring support
pcap.3 - manual entry
pcap.c - pcap utility routines
pcap.h - public libpcap definitions
savefile.c - offline support
scanner.l - filter string scanner