README revision 190225
1190225Srpaulo@(#) $Header: /tcpdump/master/libpcap/README,v 1.30.4.3 2008-10-17 10:39:20 ken Exp $ (LBL) 217683Spst 3190225SrpauloLIBPCAP 1.0.0 417683Spst 5190225Srpaulowww.tcpdump.org 675107Sfenner 7190225SrpauloPlease send inquiries/comments/reports to: 8190225Srpaulo tcpdump-workers@lists.tcpdump.org 9190225Srpaulo 1075107SfennerAnonymous CVS is available via: 1198530Sfenner cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master login 1275107Sfenner (password "anoncvs") 1398530Sfenner cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout libpcap 1475107Sfenner 15190225SrpauloVersion 1.0.0 of LIBPCAP can be retrieved with the CVS tag "libpcap_1_0": 16190225Srpaulo cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_1_0 libpcap 1775107Sfenner 18190225SrpauloPlease submit patches against the master copy to the libpcap project on 19190225Srpaulosourceforge.net. 2075107Sfenner 2175107Sfennerformerly from Lawrence Berkeley National Laboratory 2275107Sfenner Network Research Group <libpcap@ee.lbl.gov> 2375107Sfenner ftp://ftp.ee.lbl.gov/libpcap.tar.Z (0.4) 2475107Sfenner 2517683SpstThis directory contains source code for libpcap, a system-independent 2617683Spstinterface for user-level packet capture. libpcap provides a portable 2717683Spstframework for low-level network monitoring. Applications include 2817683Spstnetwork statistics collection, security monitoring, network debugging, 2917683Spstetc. Since almost every system vendor provides a different interface 3017683Spstfor packet capture, and since we've developed several tools that 3117683Spstrequire this functionality, we've created this system-independent API 3217683Spstto ease in porting and to alleviate the need for several 3317683Spstsystem-dependent packet capture modules in each application. 3417683Spst 35127664SbmsFor some platforms there are README.{system} files that discuss issues 36127664Sbmswith the OS's interface for packet capture on those platforms, such as 37127664Sbmshow to enable support for that interface in the OS, if it's not built in 38127664Sbmsby default. 39127664Sbms 4017683SpstThe libpcap interface supports a filtering mechanism based on the 4117683Spstarchitecture in the BSD packet filter. BPF is described in the 1993 4217683SpstWinter Usenix paper ``The BSD Packet Filter: A New Architecture for 43127664SbmsUser-level Packet Capture''. A compressed PostScript version can be 44127664Sbmsfound at 4517683Spst 46127664Sbms ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z 4717683Spst 48127664Sbmsor 49127664Sbms 50127664Sbms http://www.tcpdump.org/papers/bpf-usenix93.ps.Z 51127664Sbms 52127664Sbmsand a gzipped version can be found at 53127664Sbms 54127664Sbms http://www.tcpdump.org/papers/bpf-usenix93.ps.gz 55127664Sbms 56127664SbmsA PDF version can be found at 57127664Sbms 58127664Sbms http://www.tcpdump.org/papers/bpf-usenix93.pdf 59127664Sbms 6017683SpstAlthough most packet capture interfaces support in-kernel filtering, 6117683Spstlibpcap utilizes in-kernel filtering only for the BPF interface. 6217683SpstOn systems that don't have BPF, all packets are read into user-space 6317683Spstand the BPF filters are evaluated in the libpcap library, incurring 6417683Spstadded overhead (especially, for selective filters). Ideally, libpcap 6517683Spstwould translate BPF filters into a filter program that is compatible 6617683Spstwith the underlying kernel subsystem, but this is not yet implemented. 6717683Spst 68127664SbmsBPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, and OpenBSD. DEC 69127664SbmsOSF/1/Digital UNIX/Tru64 UNIX uses the packetfilter interface but has 70127664Sbmsbeen extended to accept BPF filters (which libpcap utilizes). Also, you 71127664Sbmscan add BPF filter support to Ultrix using the kernel source and/or 72127664Sbmsobject patches available in: 7317683Spst 7417683Spst ftp://gatekeeper.dec.com/pub/DEC/net/bpfext42.tar.Z. 7517683Spst 76127664SbmsLinux, in the 2.2 kernel and later kernels, has a "Socket Filter" 77127664Sbmsmechanism that accepts BPF filters; see the README.linux file for 78127664Sbmsinformation on configuring that option. 7917683Spst 80190225SrpauloNote to Linux distributions and *BSD systems that include libpcap: 81190225Srpaulo 82190225SrpauloThere's now a rule to make a shared library, which should work on Linux 83190225Srpauloand *BSD (and OS X). 84190225Srpaulo 85190225SrpauloIt sets the soname of the library to "libpcap.so.1"; this is what it 86190225Srpauloshould be, *NOT* libpcap.so.1.0 or libpcap.so.1.0.0 or something such as 87190225Srpaulothat. 88190225Srpaulo 89190225SrpauloWe've been maintaining binary compatibility between libpcap releases for 90190225Srpauloquite a while; there's no reason to tie a binary linked with libpcap to 91190225Srpauloa particular release of libpcap. 92190225Srpaulo 93127664SbmsProblems, bugs, questions, desirable enhancements, etc. should be sent 94190225Srpauloto the address "tcpdump-workers@lists.tcpdump.org". Bugs, support 95190225Srpaulorequests, and feature requests may also be submitted on the SourceForge 96190225Srpaulosite for libpcap at 9775107Sfenner 98127664Sbms http://sourceforge.net/projects/libpcap/ 9975107Sfenner 100127664SbmsSource code contributions, etc. should be sent to the email address 101190225Srpaulosubmitted as patches on the SourceForge site for libpcap. 102127664Sbms 103127664SbmsCurrent versions can be found at www.tcpdump.org, or the SourceForge 104127664Sbmssite for libpcap. 105127664Sbms 10675107Sfenner - The TCPdump team 107