3ed80ea71c
NETLINK is going to replace rtsock and a number of other ioctl/sysctl interfaces. In-base utilies such as route(8), netstat(8) and soon ifconfig(8) are being converted to use netlink sockets as a transport between kernel and userland. In the current configuration, it still possible have the kernel without NETLINK (`nooptions NETLINK`) and use the aforementioned utilies by buidling the world with `WITHOUT_NETLINK` src.conf knob. However, this approach does not cover the cases when person unintentionally builds a custom kernel without netlink and tries to use the standard userland. This change adds `option NETLINK` to the default options for each architecture, fixing the custom kernel issue. For arm, this change uses `std.armv6` and `std.armv7` (netlink already in) instead of DEFAULTS. Reviewed By: imp Differential Revision: https://reviews.freebsd.org/D39339
LIBPCAP 1.x.y by The Tcpdump Group
To report a security issue please send an e-mail to security@tcpdump.org.
To report bugs and other problems, contribute patches, request a feature, provide generic feedback etc please see the guidelines for contributing.
The documentation directory has README files about specific operating systems and options.
Anonymous Git is available via:
https://github.com/the-tcpdump-group/libpcap.git
From version 0.4, library versioning will use a semantic versioning format (per http://semver.org) of the form Major.minor.patch (M.m.p).
formerly from Lawrence Berkeley National Laboratory
Network Research Group <libpcap@ee.lbl.gov>
ftp://ftp.ee.lbl.gov/old/libpcap-0.4a7.tar.Z
Support for particular platforms and BPF
For some platforms there are README.{system} files that discuss issues
with the OS's interface for packet capture on those platforms, such as
how to enable support for that interface in the OS, if it's not built in
by default.
The libpcap interface supports a filtering mechanism based on the architecture in the BSD packet filter. BPF is described in the 1993 Winter Usenix paper ``The BSD Packet Filter: A New Architecture for User-level Packet Capture'' (compressed PostScript, gzipped PostScript, PDF).
- ITM software trace - packet processing and decode.
- ETMv3 data trace - packet decode.
- ETMv4 data trace - packet processing and decode.
BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, OpenBSD, DragonFly BSD, macOS, and Solaris 11; an older, modified and undocumented version is standard in AIX. {DEC OSF/1, Digital UNIX, Tru64 UNIX} uses the packetfilter interface but has been extended to accept BPF filters (which libpcap utilizes).
Linux has a number of BPF based systems, and libpcap does not support any of the eBPF mechanisms as yet, although it supports many of the memory mapped receive mechanisms. See the Linux-specific README for more information.
Note to Linux distributions and *BSD systems that include libpcap:
CoreSight kernel drivers and perf suport for CoreSight trace is maintained in the latest upstream kernel versions.
It sets the soname of the library to libpcap.so.1; this is what it
should be, NOT libpcap.so.1.x or libpcap.so.1.x.y or something such as
that.
We've been maintaining binary compatibility between libpcap releases for quite a while; there's no reason to tie a binary linked with libpcap to a particular release of libpcap.