README revision 214518
1@(#) $Header: /tcpdump/master/libpcap/README,v 1.34 2008-12-14 19:44:14 guy Exp $ (LBL) 2 3LIBPCAP 1.x.y 4 5www.tcpdump.org 6 7Please send inquiries/comments/reports to: 8 tcpdump-workers@lists.tcpdump.org 9 10Anonymous Git is available via: 11 git clone git://bpf.tcpdump.org/libpcap 12 13Version 1.x.y of LIBPCAP can be retrieved with the CVS tag "libpcap_1_{x}rel{y}": 14 cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_1_{x}rel{y} libpcap 15 16Please submit patches against the master copy to the libpcap project on 17sourceforge.net. 18 19formerly from Lawrence Berkeley National Laboratory 20 Network Research Group <libpcap@ee.lbl.gov> 21 ftp://ftp.ee.lbl.gov/libpcap.tar.Z (0.4) 22 23This directory contains source code for libpcap, a system-independent 24interface for user-level packet capture. libpcap provides a portable 25framework for low-level network monitoring. Applications include 26network statistics collection, security monitoring, network debugging, 27etc. Since almost every system vendor provides a different interface 28for packet capture, and since we've developed several tools that 29require this functionality, we've created this system-independent API 30to ease in porting and to alleviate the need for several 31system-dependent packet capture modules in each application. 32 33For some platforms there are README.{system} files that discuss issues 34with the OS's interface for packet capture on those platforms, such as 35how to enable support for that interface in the OS, if it's not built in 36by default. 37 38The libpcap interface supports a filtering mechanism based on the 39architecture in the BSD packet filter. BPF is described in the 1993 40Winter Usenix paper ``The BSD Packet Filter: A New Architecture for 41User-level Packet Capture''. A compressed PostScript version can be 42found at 43 44 ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z 45 46or 47 48 http://www.tcpdump.org/papers/bpf-usenix93.ps.Z 49 50and a gzipped version can be found at 51 52 http://www.tcpdump.org/papers/bpf-usenix93.ps.gz 53 54A PDF version can be found at 55 56 http://www.tcpdump.org/papers/bpf-usenix93.pdf 57 58Although most packet capture interfaces support in-kernel filtering, 59libpcap utilizes in-kernel filtering only for the BPF interface. 60On systems that don't have BPF, all packets are read into user-space 61and the BPF filters are evaluated in the libpcap library, incurring 62added overhead (especially, for selective filters). Ideally, libpcap 63would translate BPF filters into a filter program that is compatible 64with the underlying kernel subsystem, but this is not yet implemented. 65 66BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, and OpenBSD. DEC 67OSF/1/Digital UNIX/Tru64 UNIX uses the packetfilter interface but has 68been extended to accept BPF filters (which libpcap utilizes). Also, you 69can add BPF filter support to Ultrix using the kernel source and/or 70object patches available in: 71 72 ftp://gatekeeper.dec.com/pub/DEC/net/bpfext42.tar.Z. 73 74Linux, in the 2.2 kernel and later kernels, has a "Socket Filter" 75mechanism that accepts BPF filters; see the README.linux file for 76information on configuring that option. 77 78Note to Linux distributions and *BSD systems that include libpcap: 79 80There's now a rule to make a shared library, which should work on Linux 81and *BSD, among other platforms. 82 83It sets the soname of the library to "libpcap.so.1"; this is what it 84should be, *NOT* libpcap.so.1.x or libpcap.so.1.x.y or something such as 85that. 86 87We've been maintaining binary compatibility between libpcap releases for 88quite a while; there's no reason to tie a binary linked with libpcap to 89a particular release of libpcap. 90 91Problems, bugs, questions, desirable enhancements, etc. should be sent 92to the address "tcpdump-workers@lists.tcpdump.org". Bugs, support 93requests, and feature requests may also be submitted on the SourceForge 94site for libpcap at 95 96 http://sourceforge.net/projects/libpcap/ 97 98Source code contributions, etc. should be sent to the email address 99submitted as patches on the SourceForge site for libpcap. 100 101Current versions can be found at www.tcpdump.org, or the SourceForge 102site for libpcap. 103 104 - The TCPdump team 105