1libpcap for DOS
2---------------
3
4This file contains some notes on building and using libpcap for MS-DOS.
5Look in `README' and `pcap.man' for usage and details. These targets are
6supported:
7
8 - Borland C 4.0+ small or large model.
9 - Metaware HighC 3.1+ with PharLap DOS-extender
10 - GNU C 2.7+ with djgpp 2.01+ DOS extender
11 - Watcom C 11.x with DOS4GW extender
12
13Note: the files in the libpcap.zip contains short truncated filenames.
14  So for djgpp to work with these, disable the use of long file names by
15  setting "LFN=n" in the environment. On the other hand, if you get libpcap
16  from Github or the official libpcap.tar.gz, some filenames are beyond 8+3.
17  In this case set "LFN=y".
18
19Files specific to DOS are pcap-dos.[ch] and the assembly and C files in
20the MSDOS sub-directory. Remember to built the libpcap library from the top
21install directory. And not from the MSDOS sub-directory.
22
23Note for djgpp users:
24  If you got the libpcap from the official site www.tcpdump, then that
25  distribution does NOT contain any sources for building 32-bit drivers.
26  Instead get the full version at
27     http://www.watt-32.net/pcap/libpcap.zip
28
29  and set "USE_32BIT_DRIVERS = 1" in msdos\common.dj.
30
31
32
33Requirements
34------------
35
36DOS-libpcap currently only works reliably with a real-mode Ethernet packet-
37driver. This driver must be installed prior to using any program (e.g.
38tcpdump) compiled with libpcap. Work is underway to implement protected-
39mode drivers for 32-bit targets (djgpp only). The 3Com 3c509 driver is
40working almost perfectly. Due to lack of LAN-cards, I've not had the
41opportunity to test other drivers. These 32-bit drivers are modified
42Linux drivers.
43
44
45Required packages
46-----------------
47
48The following packages and tools must be present for all targets.
49
501. Watt-32 tcp/ip library. This library is *not* used to send or
51   receive network data. It's mostly used to access the 'hosts'
52   file and other <netdb.h> features. Get 'watt32s*.zip' at:
53
54     http://www.watt-32.net
55
562. Exception handler and disassember library (libexc.a) is needed if
57   "USE_EXCEPT = 1" in common.dj. Available at:
58
59     http://www.watt-32.net/misc/exc_dx07.zip
60
613. Flex & Bison is used to generate parser for the filter handler
62   pcap_compile:
63     ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/flx254b.zip
64     ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/bsn241b.zip
65
664. NASM assembler v 0.98 or later is required when building djgpp and
67   Watcom targets:
68     http://www.nasm.us/
69
705. sed (Stream Editor) is required for doing `make depend'.
71   It's available at:
72     ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/sed422b.zip
73
74   A touch tool to update the time-stamp of a file. E.g.:
75     ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/grep29b.zip
76
776. For djgpp rm.exe and cp.exe are required. These should already be
78   part of your djgpp installation. Also required (experimental at the
79   time) for djgpp is DLX 2.91 or later. This tool is for the generation
80   of dynamically loadable modules.
81
82
83Compiling libpcap
84-----------------
85
86Follow these steps in building libpcap:
87
881. Make sure you've installed Watt-32 properly (see it's `INSTALL' file).
89   During that installation a environment variable `WATT_ROOT' is set.
90   This variable is used for building libpcap also (`WATT_INC' is
91   deducted from `WATT_ROOT'). djgpp users should also define environment
92   variables `C_INCLUDE_PATH' and `LIBRARY_PATH' to point to the include
93   directory and library directory respectively.  E.g. put this in your
94   AUTOEXEC.BAT:
95     set C_INCLUDE_PATH=c:/net/watt/inc
96     set LIBRARY_PATH=c:/net/watt/lib
97
982. Revise the msdos/common.dj file for your djgpp/gcc installation;
99   - change the value of `GCCLIB' to match location of libgcc.a.
100   - set `USE_32BIT_DRIVERS = 1' to build 32-bit driver objects.
101
102
1033. Build pcap by using appropriate makefile. For djgpp, use:
104     `make -f msdos/makefile.dj'  (i.e. GNU `make')
105
106   For a Watcom target say:
107     `wmake -f msdos\makefile.wc'
108
109   For a Borland target say:
110     `maker -f msdos\Makefile pcap_bc.lib'  (Borland's `maker.exe')
111
112   And for a HighC/Pharlap target say:
113     `maker -f msdos\Makefile pcap_hc.lib'  (Borland's `maker.exe')
114
115   You might like to change some `CFLAGS' -- only `DEBUG' define currently
116   have any effect. It shows a rotating "fan" in upper right corner of
117   screen.  Remove `DEBUG' if you don't like it. You could add
118   `-fomit-frame-pointer' to `CFLAGS' to speed up the generated code.
119   But note, this makes debugging and crash-traceback difficult. Only
120   add it if you're fully confident your application is 100% stable.
121
122   Note: Code in `USE_NDIS2' does not work at the moment.
123
1244. The resulting library is put in current directory. There's some
125   test-program for `libpcap': `filtertest.exe', `findalldevstest.exe',
126     `nonblocktest.exe' and `opentest.exe'.
127
128   But linking the library with `tcpdump' is the ultimate test. DOS/djgpp
129   should now hopefully be a supported target. Get the sources at:
130     https://www.tcpdump.org/
131   or
132     https://github.com/the-tcpdump-group/tcpdump/
133
134   (click on the 'Download ZIP' on the right side of that page.)
135
136
137Extensions to libpcap
138---------------------
139
140I've included some extra functions to DOS-libpcap:
141
142  `pcap_config_hook (const char *keyword, const char *value)' :
143
144    Allows an application to set values of internal libpcap variables.
145    `keyword' and an associated `value' should be present in the `debug_tab[]'
146    array in pcap-dos.c (currently only used to set debug-levels and parameters
147    for the 32-bit network drivers.) Thus an application using DOS-libpcap can
148    override the default value during it's configure process (see tcpdump's
149    msdos/config.c file for an extended example).
150
151  `pcap_set_wait (pcap_t *, void (*)(void), int)' :
152
153    Only effective when reading offline traffic from dump-files.
154    Function `pcap_offline_read()' will wait (and optionally yield)
155    before printing next packet. This will simulate the pace the packets
156    where actually recorded.
157
158
159
160Happy sniffing !
161
162
163Gisle Vanem <gvanem@yahoo.no>
164
165October 1999, 2004, 2006, 2013
166
167