1@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.29 2008-06-12 20:21:51 guy Exp $ (LBL)
2
3To build libpcap, run "./configure" (a shell script). The configure
4script will determine your system attributes and generate an
5appropriate Makefile from Makefile.in. Next run "make". If everything
6goes well you can su to root and run "make install". However, you need
7not install libpcap if you just want to build tcpdump; just make sure
8the tcpdump and libpcap directory trees have the same parent
9directory.
10
11If configure says:
12
13    configure: warning: cannot determine packet capture interface
14    configure: warning: (see INSTALL for more info)
15
16then your system either does not support packet capture or your system
17does support packet capture but libpcap does not support that
18particular type. (If you have HP-UX, see below.) If your system uses a
19packet capture not supported by libpcap, please send us patches; don't
20forget to include an autoconf fragment suitable for use in
21configure.in.
22
23It is possible to override the default packet capture type, although
24the circumstance where this works are limited. For example if you have
25installed bpf under SunOS 4 and wish to build a snit libpcap:
26
27    ./configure --with-pcap=snit
28
29Another example is to force a supported packet capture type in the case
30where the configure scripts fails to detect it.
31
32You will need an ANSI C compiler to build libpcap. The configure script
33will abort if your compiler is not ANSI compliant. If this happens, use
34the GNU C compiler, available via anonymous ftp:
35
36	ftp://ftp.gnu.org/pub/gnu/gcc/
37
38If you use flex, you must use version 2.4.6 or higher. The configure
39script automatically detects the version of flex and will not use it
40unless it is new enough. You can use "flex -V" to see what version you
41have (unless it's really old). The current version of flex is available
42via anonymous ftp:
43
44	ftp://ftp.ee.lbl.gov/flex-*.tar.Z
45
46As of this writing, the current version is 2.5.4.
47
48If you use bison, you must use flex (and visa versa). The configure
49script automatically falls back to lex and yacc if both flex and bison
50are not found.
51
52Sometimes the stock C compiler does not interact well with flex and
53bison. The list of problems includes undefined references for alloca.
54You can get around this by installing gcc or manually disabling flex
55and bison with:
56
57    ./configure --without-flex --without-bison
58
59If your system only has AT&T lex, this is okay unless your libpcap
60program uses other lex/yacc generated code. (Although it's possible to
61map the yy* identifiers with a script, we use flex and bison so we
62don't feel this is necessary.)
63
64Some systems support the Berkeley Packet Filter natively; for example
65out of the box OSF and BSD/OS have bpf. If your system does not support
66bpf, you will need to pick up:
67
68	ftp://ftp.ee.lbl.gov/bpf-*.tar.Z
69
70Note well: you MUST have kernel source for your operating system in
71order to install bpf. An exception is SunOS 4; the bpf distribution
72includes replacement kernel objects for some of the standard SunOS 4
73network device drivers. See the bpf INSTALL document for more
74information.
75
76If you use Solaris, there is a bug with bufmod(7) that is fixed in
77Solaris 2.3.2 (aka SunOS 5.3.2). Setting a snapshot length with the
78broken bufmod(7) results in data be truncated from the FRONT of the
79packet instead of the end.  The work around is to not set a snapshot
80length but this results in performance problems since the entire packet
81is copied to user space. If you must run an older version of Solaris,
82there is a patch available from Sun; ask for bugid 1149065. After
83installing the patch, use "setenv BUFMOD_FIXED" to enable use of
84bufmod(7). However, we recommend you run a more current release of
85Solaris.
86
87If you use the SPARCompiler, you must be careful to not use the
88/usr/ucb/cc interface. If you do, you will get bogus warnings and
89perhaps errors. Either make sure your path has /opt/SUNWspro/bin
90before /usr/ucb or else:
91
92    setenv CC /opt/SUNWspro/bin/cc
93
94before running configure. (You might have to do a "make distclean"
95if you already ran configure once).
96
97Also note that "make depend" won't work; while all of the known
98universe uses -M, the SPARCompiler uses -xM to generate makefile
99dependencies.
100
101If you are trying to do packet capture with a FORE ATM card, you may or
102may not be able to. They usually only release their driver in object
103code so unless their driver supports packet capture, there's not much
104libpcap can do.
105
106If you get an error like:
107
108    tcpdump: recv_ack: bind error 0x???
109
110when using DLPI, look for the DL_ERROR_ACK error return values, usually
111in /usr/include/sys/dlpi.h, and find the corresponding value.
112
113Under {DEC OSF/1, Digital UNIX, Tru64 UNIX}, packet capture must be
114enabled before it can be used.  For instructions on how to enable packet
115filter support, see:
116
117	ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX
118
119Look for the "How do I configure the Berkeley Packet Filter and capture
120tcpdump traces?" item.
121
122Once you enable packet filter support, your OSF system will support bpf
123natively.
124
125Under Ultrix, packet capture must be enabled before it can be used. For
126instructions on how to enable packet filter support, see:
127
128	ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix
129
130If you use HP-UX, you must have at least version 9 and either the
131version of cc that supports ANSI C (cc -Aa) or else use the GNU C
132compiler. You must also buy the optional streams package. If you don't
133have:
134
135    /usr/include/sys/dlpi.h
136    /usr/include/sys/dlpi_ext.h
137
138then you don't have the streams package. In addition, we believe you
139need to install the "9.X LAN and DLPI drivers cumulative" patch
140(PHNE_6855) to make the version 9 DLPI work with libpcap.
141
142The DLPI streams package is standard starting with HP-UX 10.
143
144The HP implementation of DLPI is a little bit eccentric. Unlike
145Solaris, you must attach /dev/dlpi instead of the specific /dev/*
146network pseudo device entry in order to capture packets. The PPA is
147based on the ifnet "index" number. Under HP-UX 9, it is necessary to
148read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10,
149DLPI can provide information for determining the PPA. It does not seem
150to be possible to trace the loopback interface. Unlike other DLPI
151implementations, PHYS implies MULTI and SAP and you get an error if you
152try to enable more than one promiscuous mode at a time.
153
154It is impossible to capture outbound packets on HP-UX 9.  To do so on
155HP-UX 10, you will, apparently, need a late "LAN products cumulative
156patch" (at one point, it was claimed that this would be PHNE_18173 for
157s700/10.20; at another point, it was claimed that the required patches
158were PHNE_20892, PHNE_20725 and PHCO_10947, or newer patches), and to do
159so on HP-UX 11 you will, apparently, need the latest lancommon/DLPI
160patches and the latest driver patch for the interface(s) in use on HP-UX
16111 (at one point, it was claimed that patches PHNE_19766, PHNE_19826,
162PHNE_20008, and PHNE_20735 did the trick).
163
164Furthermore, on HP-UX 10, you will need to turn on a kernel switch by
165doing
166
167	echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem
168
169You would have to arrange that this happen on reboots; the right way to
170do that would probably be to put it into an executable script file
171"/sbin/init.d/outbound_promisc" and making
172"/sbin/rc2.d/S350outbound_promisc" a symbolic link to that script.
173
174Finally, testing shows that there can't be more than one simultaneous
175DLPI user per network interface.
176
177If you use Linux, this version of libpcap is known to compile and run
178under Red Hat 4.0 with the 2.0.25 kernel.  It may work with earlier 2.X
179versions but is guaranteed not to work with 1.X kernels.  Running more
180than one libpcap program at a time, on a system with a 2.0.X kernel, can
181cause problems since promiscuous mode is implemented by twiddling the
182interface flags from the libpcap application; the packet capture
183mechanism in the 2.2 and later kernels doesn't have this problem.  Also,
184packet timestamps aren't very good.  This appears to be due to haphazard
185handling of the timestamp in the kernel.
186
187Note well: there is rumoured to be a version of tcpdump floating around
188called 3.0.3 that includes libpcap and is supposed to support Linux.
189You should be advised that neither the Network Research Group at LBNL
190nor the Tcpdump Group ever generated a release with this version number.
191The LBNL Network Research Group notes with interest that a standard
192cracker trick to get people to install trojans is to distribute bogus
193packages that have a version number higher than the current release.
194They also noted with annoyance that 90% of the Linux related bug reports
195they got are due to changes made to unofficial versions of their page.
196If you are having trouble but aren't using a version that came from
197tcpdump.org, please try that before submitting a bug report!
198
199On Linux, libpcap will not work if the kernel does not have the packet
200socket option enabled; see the README.linux file for information about
201this.
202
203If you use AIX, you may not be able to build libpcap from this release.
204We do not have an AIX system in house so it's impossible for us to test
205AIX patches submitted to us.  We are told that you must link against
206/lib/pse.exp, that you must use AIX cc or a GNU C compiler newer than
2072.7.2, and that you may need to run strload before running a libpcap
208application.
209
210Read the README.aix file for information on installing libpcap and
211configuring your system to be able to support libpcap.
212
213If you use NeXTSTEP, you will not be able to build libpcap from this
214release.
215
216If you use SINIX, you should be able to build libpcap from this
217release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS
218V1.0 or V1.1 compiler. But note that in some releases of SINIX, yacc
219emits incorrect code; if grammar.y fails to compile, change every
220occurence of:
221
222	#ifdef YYDEBUG
223
224to:
225	#if YYDEBUG
226
227Another workaround is to use flex and bison.
228
229If you use SCO, you might have trouble building libpcap from this
230release. We do not have a machine running SCO and have not had reports
231of anyone successfully building on it; the current release of libpcap
232does not compile on SCO OpenServer 5.  Although SCO apparently supports
233DLPI to some extent, the DLPI in OpenServer 5 is very non-standard, and
234it appears that completely new code would need to be written to capture
235network traffic.  SCO do not appear to provide tcpdump binaries for
236OpenServer 5 or OpenServer 6 as part of SCO Skunkware:
237
238	http://www.sco.com/skunkware/
239
240If you use UnixWare, you might be able to build libpcap from this
241release, or you might not.  We do not have a machine running UnixWare,
242so we have not tested it; however, SCO provide packages for libpcap
2430.6.2 and tcpdump 3.7.1 in the UnixWare 7/Open UNIX 8 part of SCO
244Skunkware, and the source package for libpcap 0.6.2 is not changed from
245the libpcap 0.6.2 source release, so this release of libpcap might also
246build without changes on UnixWare 7.
247
248If linking tcpdump fails with "Undefined: _alloca" when using bison on
249a Sun4, your version of bison is broken. In any case version 1.16 or
250higher is recommended (1.14 is known to cause problems 1.16 is known to
251work). Either pick up a current version from:
252
253	ftp://ftp.gnu.org/pub/gnu/bison
254
255or hack around it by inserting the lines:
256
257	#ifdef __GNUC__
258	#define alloca __builtin_alloca
259	#else
260	#ifdef sparc
261	#include <alloca.h>
262	#else
263	char *alloca ();
264	#endif
265	#endif
266
267right after the (100 line!) GNU license comment in bison.simple, remove
268grammar.[co] and fire up make again.
269
270If you use SunOS 4, your kernel must support streams NIT. If you run a
271libpcap program and it dies with:
272
273    /dev/nit: No such device
274
275You must add streams NIT support to your kernel configuration, run
276config and boot the new kernel.
277
278If you are running a version of SunOS earlier than 4.1, you will need
279to replace the Sun supplied /sys/sun{3,4,4c}/OBJ/nit_if.o with the
280appropriate version from this distribution's SUNOS4 subdirectory and
281build a new kernel:
282
283	nit_if.o.sun3-sunos4		(any flavor of sun3)
284	nit_if.o.sun4c-sunos4.0.3c	(SS1, SS1+, IPC, SLC, etc.)
285	nit_if.o.sun4-sunos4		(Sun4's not covered by
286					    nit_if.o.sun4c-sunos4.0.3c)
287
288These nit replacements fix a bug that makes nit essentially unusable in
289pre-SunOS 4.1.  In addition, our sun4c-sunos4.0.3c nit gives you
290timestamps to the resolution of the SS-1 clock (1 us) rather than the
291lousy 20ms timestamps Sun gives you  (tcpdump will print out the full
292timestamp resolution if it finds it's running on a SS-1).
293
294FILES
295-----
296CHANGES		- description of differences between releases
297ChmodBPF/*	- Mac OS X startup item to set ownership and permissions
298		  on /dev/bpf*
299CREDITS		- people that have helped libpcap along
300INSTALL.txt	- this file
301LICENSE		- the license under which tcpdump is distributed
302Makefile.in	- compilation rules (input to the configure script)
303README		- description of distribution
304README.aix	- notes on using libpcap on AIX
305README.dag	- notes on using libpcap to capture on Endace DAG devices
306README.hpux	- notes on using libpcap on HP-UX
307README.linux	- notes on using libpcap on Linux
308README.macosx	- notes on using libpcap on Mac OS X
309README.septel   - notes on using libpcap to capture on Intel/Septel devices
310README.sita	- notes on using libpcap to capture on SITA devices
311README.tru64	- notes on using libpcap on Digital/Tru64 UNIX
312README.Win32	- notes on using libpcap on Win32 systems (with WinPcap)
313SUNOS4		- pre-SunOS 4.1 replacement kernel nit modules
314VERSION		- version of this release
315acconfig.h	- support for post-2.13 autoconf
316aclocal.m4	- autoconf macros
317arcnet.h	- ARCNET definitions
318atmuni31.h	- ATM Q.2931 definitions
319bpf/net		- copy of bpf_filter.c
320bpf_dump.c	- BPF program printing routines
321bpf_filter.c	- symlink to bpf/net/bpf_filter.c
322bpf_image.c	- BPF disassembly routine
323config.guess	- autoconf support
324config.h.in	- autoconf input
325config.sub	- autoconf support
326configure	- configure script (run this first)
327configure.in	- configure script source
328dlpisubs.c	- DLPI-related functions for pcap-dlpi.c and pcap-libdlpi.c
329dlpisubs.h	- DLPI-related function declarations
330etherent.c	- /etc/ethers support routines
331ethertype.h	- Ethernet protocol types and names definitions
332fad-getad.c	- pcap_findalldevs() for systems with getifaddrs()
333fad-gifc.c	- pcap_findalldevs() for systems with only SIOCGIFLIST
334fad-glifc.c	- pcap_findalldevs() for systems with SIOCGLIFCONF
335fad-null.c	- pcap_findalldevs() for systems without capture support
336fad-sita.c	- pcap_findalldevs() for systems with SITA support
337fad-win32.c	- pcap_findalldevs() for WinPcap
338filtertest.c	- test program for BPF compiler
339findalldevstest.c - test program for pcap_findalldevs()
340gencode.c	- BPF code generation routines
341gencode.h	- BPF code generation definitions
342grammar.y	- filter string grammar
343ieee80211.h	- 802.11 definitions
344inet.c		- network routines
345install-sh	- BSD style install script
346lbl/os-*.h	- OS-dependent defines and prototypes
347llc.h		- 802.2 LLC SAP definitions
348missing/*	- replacements for missing library functions
349mkdep		- construct Makefile dependency list
350msdos/*		- drivers for MS-DOS capture support
351nametoaddr.c	- hostname to address routines
352nlpid.h		- OSI network layer protocol identifier definitions
353net		- symlink to bpf/net
354optimize.c	- BPF optimization routines
355packaging	- packaging information for building libpcap RPMs
356pcap/bluetooth.h - public definition of DLT_BLUETOOTH_HCI_H4_WITH_PHDR header
357pcap/bpf.h	- BPF definitions
358pcap/namedb.h	- public libpcap name database definitions
359pcap/pcap.h	- public libpcap definitions
360pcap/sll.h	- public definition of DLT_LINUX_SLL header
361pcap/usb.h	- public definition of DLT_USB header
362pcap-bpf.c	- BSD Packet Filter support
363pcap-bpf.h	- header for backwards compatibility
364pcap-bt-linux.c	- Bluetooth capture support for Linux
365pcap-bt-linux.h	- Bluetooth capture support for Linux
366pcap-dag.c	- Endace DAG device capture support
367pcap-dag.h	- Endace DAG device capture support
368pcap-dlpi.c	- Data Link Provider Interface support
369pcap-dos.c	- MS-DOS capture support
370pcap-dos.h	- headers for MS-DOS capture support
371pcap-enet.c	- enet support
372pcap-int.h	- internal libpcap definitions
373pcap-libdlpi.c	- Data Link Provider Interface support for systems with libdlpi
374pcap-linux.c	- Linux packet socket support
375pcap-namedb.h	- header for backwards compatibility
376pcap-nit.c	- SunOS Network Interface Tap support
377pcap-nit.h	- SunOS Network Interface Tap definitions
378pcap-null.c	- dummy monitor support (allows offline use of libpcap)
379pcap-pf.c	- Ultrix and Digital/Tru64 UNIX Packet Filter support
380pcap-pf.h	- Ultrix and Digital/Tru64 UNIX Packet Filter definitions
381pcap-septel.c   - Intel/Septel device capture support
382pcap-septel.h   - Intel/Septel device capture support
383pcap-sita.c	- SITA device capture support
384pcap-sita.h	- SITA device capture support
385pcap-sita.html	- SITA device capture documentation
386pcap-stdinc.h	- includes and #defines for compiling on Win32 systems
387pcap-snit.c	- SunOS 4.x STREAMS-based Network Interface Tap support
388pcap-snoop.c	- IRIX Snoop network monitoring support
389pcap-usb-linux.c - USB capture support for Linux
390pcap-usb-linux.h - USB capture support for Linux
391pcap-win32.c	- WinPcap capture support
392pcap.3pcap	- manual entry for the library
393pcap.c		- pcap utility routines
394pcap.h		- header for backwards compatibility
395pcap_*.3pcap	- manual entries for library functions
396pcap-filter.4	- manual entry for filter syntax
397pcap-linktype.4	- manual entry for link-layer header types
398ppp.h		- Point to Point Protocol definitions
399runlex.sh	- wrapper for Lex/Flex
400savefile.c	- offline support
401scanner.l	- filter string scanner
402sunatmpos.h	- definitions for SunATM capturing
403Win32		- headers and routines for building on Win32 systems
404