1214518Srpaulo@(#) $Header: /tcpdump/master/libpcap/README,v 1.34 2008-12-14 19:44:14 guy Exp $ (LBL) 217683Spst 3214518SrpauloLIBPCAP 1.x.y 417683Spst 5190225Srpaulowww.tcpdump.org 675107Sfenner 7190225SrpauloPlease send inquiries/comments/reports to: 8190225Srpaulo tcpdump-workers@lists.tcpdump.org 9190225Srpaulo 10214518SrpauloAnonymous Git is available via: 11214518Srpaulo git clone git://bpf.tcpdump.org/libpcap 1275107Sfenner 13214518SrpauloVersion 1.x.y of LIBPCAP can be retrieved with the CVS tag "libpcap_1_{x}rel{y}": 14214518Srpaulo cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_1_{x}rel{y} libpcap 1575107Sfenner 16251129SdelphijPlease submit patches by forking the branch on GitHub at 1775107Sfenner 18251129Sdelphij http://github.com/mcr/libpcap/tree/master 19251129Sdelphij 20251129Sdelphijand issuing a pull request. 21251129Sdelphij 2275107Sfennerformerly from Lawrence Berkeley National Laboratory 2375107Sfenner Network Research Group <libpcap@ee.lbl.gov> 2475107Sfenner ftp://ftp.ee.lbl.gov/libpcap.tar.Z (0.4) 2575107Sfenner 2617683SpstThis directory contains source code for libpcap, a system-independent 2717683Spstinterface for user-level packet capture. libpcap provides a portable 2817683Spstframework for low-level network monitoring. Applications include 2917683Spstnetwork statistics collection, security monitoring, network debugging, 3017683Spstetc. Since almost every system vendor provides a different interface 3117683Spstfor packet capture, and since we've developed several tools that 3217683Spstrequire this functionality, we've created this system-independent API 3317683Spstto ease in porting and to alleviate the need for several 3417683Spstsystem-dependent packet capture modules in each application. 3517683Spst 36127664SbmsFor some platforms there are README.{system} files that discuss issues 37127664Sbmswith the OS's interface for packet capture on those platforms, such as 38127664Sbmshow to enable support for that interface in the OS, if it's not built in 39127664Sbmsby default. 40127664Sbms 4117683SpstThe libpcap interface supports a filtering mechanism based on the 4217683Spstarchitecture in the BSD packet filter. BPF is described in the 1993 4317683SpstWinter Usenix paper ``The BSD Packet Filter: A New Architecture for 44127664SbmsUser-level Packet Capture''. A compressed PostScript version can be 45127664Sbmsfound at 4617683Spst 47127664Sbms ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z 4817683Spst 49127664Sbmsor 50127664Sbms 51127664Sbms http://www.tcpdump.org/papers/bpf-usenix93.ps.Z 52127664Sbms 53127664Sbmsand a gzipped version can be found at 54127664Sbms 55127664Sbms http://www.tcpdump.org/papers/bpf-usenix93.ps.gz 56127664Sbms 57127664SbmsA PDF version can be found at 58127664Sbms 59127664Sbms http://www.tcpdump.org/papers/bpf-usenix93.pdf 60127664Sbms 6117683SpstAlthough most packet capture interfaces support in-kernel filtering, 6217683Spstlibpcap utilizes in-kernel filtering only for the BPF interface. 6317683SpstOn systems that don't have BPF, all packets are read into user-space 6417683Spstand the BPF filters are evaluated in the libpcap library, incurring 6517683Spstadded overhead (especially, for selective filters). Ideally, libpcap 6617683Spstwould translate BPF filters into a filter program that is compatible 6717683Spstwith the underlying kernel subsystem, but this is not yet implemented. 6817683Spst 69235426SdelphijBPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, OpenBSD, DragonFly 70235426SdelphijBSD, and Mac OS X; an older, modified and undocumented version is 71235426Sdelphijstandard in AIX. {DEC OSF/1, Digital UNIX, Tru64 UNIX} uses the 72235426Sdelphijpacketfilter interface but has been extended to accept BPF filters 73235426Sdelphij(which libpcap utilizes). Also, you can add BPF filter support to 74235426SdelphijUltrix using the kernel source and/or object patches available in: 7517683Spst 76235426Sdelphij http://www.tcpdump.org/other/bpfext42.tar.Z 7717683Spst 78127664SbmsLinux, in the 2.2 kernel and later kernels, has a "Socket Filter" 79127664Sbmsmechanism that accepts BPF filters; see the README.linux file for 80127664Sbmsinformation on configuring that option. 8117683Spst 82190225SrpauloNote to Linux distributions and *BSD systems that include libpcap: 83190225Srpaulo 84190225SrpauloThere's now a rule to make a shared library, which should work on Linux 85214518Srpauloand *BSD, among other platforms. 86190225Srpaulo 87190225SrpauloIt sets the soname of the library to "libpcap.so.1"; this is what it 88214518Srpauloshould be, *NOT* libpcap.so.1.x or libpcap.so.1.x.y or something such as 89190225Srpaulothat. 90190225Srpaulo 91190225SrpauloWe've been maintaining binary compatibility between libpcap releases for 92190225Srpauloquite a while; there's no reason to tie a binary linked with libpcap to 93190225Srpauloa particular release of libpcap. 94190225Srpaulo 95127664SbmsProblems, bugs, questions, desirable enhancements, etc. should be sent 96190225Srpauloto the address "tcpdump-workers@lists.tcpdump.org". Bugs, support 97251129Sdelphijrequests, and feature requests may also be submitted on the GitHub issue 98251129Sdelphijtracker for libpcap at 9975107Sfenner 100251129Sdelphij https://github.com/mcr/libpcap/issues 10175107Sfenner 102127664SbmsSource code contributions, etc. should be sent to the email address 103251129Sdelphijabove or submitted by forking the branch on GitHub at 104127664Sbms 105251129Sdelphij http://github.com/mcr/libpcap/tree/master 106127664Sbms 107251129Sdelphijand issuing a pull request. 108251129Sdelphij 109251129SdelphijCurrent versions can be found at www.tcpdump.org. 110251129Sdelphij 11175107Sfenner - The TCPdump team 112