README revision 146768
11520Sjjg@(#) $Header: /tcpdump/master/libpcap/README,v 1.30 2004/10/12 02:02:28 guy Exp $ (LBL) 22933Sakulyakh 31520SjjgLIBPCAP 0.9 41520SjjgNow maintained by "The Tcpdump Group" 51520SjjgSee www.tcpdump.org 61520Sjjg 71520SjjgPlease send inquiries/comments/reports to tcpdump-workers@tcpdump.org 81520Sjjg 91520SjjgAnonymous CVS is available via: 101520Sjjg cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master login 111520Sjjg (password "anoncvs") 121520Sjjg cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout libpcap 131520Sjjg 141520SjjgVersion 0.9 of LIBPCAP can be retrieved with the CVS tag "libpcap_0_9rel1": 151520Sjjg cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_0_9rel1 libpcap 161520Sjjg 171520SjjgPlease send patches against the master copy to patches@tcpdump.org. 181520Sjjg 191520Sjjgformerly from Lawrence Berkeley National Laboratory 201520Sjjg Network Research Group <libpcap@ee.lbl.gov> 211520Sjjg ftp://ftp.ee.lbl.gov/libpcap.tar.Z (0.4) 221520Sjjg 231520SjjgThis directory contains source code for libpcap, a system-independent 241520Sjjginterface for user-level packet capture. libpcap provides a portable 251520Sjjgframework for low-level network monitoring. Applications include 261520Sjjgnetwork statistics collection, security monitoring, network debugging, 271520Sjjgetc. Since almost every system vendor provides a different interface 282933Sakulyakhfor packet capture, and since we've developed several tools that 292933Sakulyakhrequire this functionality, we've created this system-independent API 301520Sjjgto ease in porting and to alleviate the need for several 311520Sjjgsystem-dependent packet capture modules in each application. 321520Sjjg 331520SjjgNote well: this interface is new and is likely to change. 341520Sjjg 351520SjjgFor some platforms there are README.{system} files that discuss issues 361520Sjjgwith the OS's interface for packet capture on those platforms, such as 371520Sjjghow to enable support for that interface in the OS, if it's not built in 381520Sjjgby default. 391520Sjjg 401520SjjgThe libpcap interface supports a filtering mechanism based on the 411520Sjjgarchitecture in the BSD packet filter. BPF is described in the 1993 421520SjjgWinter Usenix paper ``The BSD Packet Filter: A New Architecture for 431520SjjgUser-level Packet Capture''. A compressed PostScript version can be 441520Sjjgfound at 451520Sjjg 461520Sjjg ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z 471520Sjjg 481520Sjjgor 491520Sjjg 501520Sjjg http://www.tcpdump.org/papers/bpf-usenix93.ps.Z 511520Sjjg 522687Sjjgand a gzipped version can be found at 532687Sjjg 542687Sjjg http://www.tcpdump.org/papers/bpf-usenix93.ps.gz 552687Sjjg 562687SjjgA PDF version can be found at 572687Sjjg 582687Sjjg http://www.tcpdump.org/papers/bpf-usenix93.pdf 591520Sjjg 602687SjjgAlthough most packet capture interfaces support in-kernel filtering, 612687Sjjglibpcap utilizes in-kernel filtering only for the BPF interface. 622687SjjgOn systems that don't have BPF, all packets are read into user-space 632687Sjjgand the BPF filters are evaluated in the libpcap library, incurring 641520Sjjgadded overhead (especially, for selective filters). Ideally, libpcap 651520Sjjgwould translate BPF filters into a filter program that is compatible 661520Sjjgwith the underlying kernel subsystem, but this is not yet implemented. 671520Sjjg 681520SjjgBPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, and OpenBSD. DEC 691520SjjgOSF/1/Digital UNIX/Tru64 UNIX uses the packetfilter interface but has 701520Sjjgbeen extended to accept BPF filters (which libpcap utilizes). Also, you 711520Sjjgcan add BPF filter support to Ultrix using the kernel source and/or 721520Sjjgobject patches available in: 731520Sjjg 741520Sjjg ftp://gatekeeper.dec.com/pub/DEC/net/bpfext42.tar.Z. 751520Sjjg 761520SjjgLinux, in the 2.2 kernel and later kernels, has a "Socket Filter" 771520Sjjgmechanism that accepts BPF filters; see the README.linux file for 781520Sjjginformation on configuring that option. 791520Sjjg 801520SjjgProblems, bugs, questions, desirable enhancements, etc. should be sent 811520Sjjgto the address "tcpdump-workers@tcpdump.org". Bugs, support requests, 821520Sjjgand feature requests may also be submitted on the SourceForge site for 831520Sjjglibpcap at 841520Sjjg 851520Sjjg http://sourceforge.net/projects/libpcap/ 861520Sjjg 871520SjjgSource code contributions, etc. should be sent to the email address 881520Sjjg"patches@tcpdump.org", or submitted as patches on the SourceForge site 891520Sjjgfor libpcap. 901520Sjjg 911520SjjgCurrent versions can be found at www.tcpdump.org, or the SourceForge 921520Sjjgsite for libpcap. 931520Sjjg 941520Sjjg - The TCPdump team 951520Sjjg