Home | History | Annotate | only in /external/libpcap
Up to higher level directory
NameDateSize
acconfig.h09-Oct-2013303
aclocal.m409-Oct-201324.6K
Android.mk09-Oct-2013442
arcnet.h09-Oct-20132.5K
atmuni31.h09-Oct-20133.9K
bpf/09-Oct-2013
bpf_dump.c09-Oct-20132K
bpf_image.c09-Oct-20134.9K
CHANGES09-Oct-201317.8K
ChmodBPF/09-Oct-2013
CleanSpec.mk09-Oct-20132.2K
config.guess09-Oct-201341.9K
config.h09-Oct-20135.2K
config.h.in09-Oct-20134.8K
config.sub09-Oct-201330.1K
configure09-Oct-2013238.7K
configure.in09-Oct-201321.5K
CREDITS09-Oct-20134K
doc/09-Oct-2013
etherent.c09-Oct-20133.3K
ethertype.h09-Oct-20133.4K
fad-getad.c09-Oct-20138.3K
fad-gifc.c09-Oct-201316.3K
fad-glifc.c09-Oct-201310.3K
fad-null.c09-Oct-20132.6K
fad-win32.c09-Oct-20137.9K
ffs.h09-Oct-2013416
FILES09-Oct-20131.8K
gencode.c09-Oct-2013168.2K
gencode.h09-Oct-20139.4K
grammar.c09-Oct-201383.6K
grammar.y09-Oct-201313.1K
inet.c09-Oct-201319.5K
install-sh09-Oct-20135.5K
INSTALL.txt09-Oct-201316.1K
lbl/09-Oct-2013
LICENSE09-Oct-2013873
llc.h09-Oct-20132K
Makefile.in09-Oct-20137.2K
missing/09-Oct-2013
mkdep09-Oct-20132.3K
MODULE_LICENSE_BSD09-Oct-20130
nametoaddr.c09-Oct-201310.1K
nlpid.h09-Oct-20131.8K
NOTICE09-Oct-2013873
optimize.c09-Oct-201348.3K
packaging/09-Oct-2013
pcap-bpf.c09-Oct-201330.1K
pcap-bpf.h09-Oct-201325.4K
pcap-dag.c09-Oct-201325.8K
pcap-dag.h09-Oct-2013603
pcap-dlpi.c09-Oct-201346.7K
pcap-dos.c09-Oct-201334.3K
pcap-dos.h09-Oct-20136.8K
pcap-enet.c09-Oct-20134.9K
pcap-int.h09-Oct-201310.6K
pcap-linux.c09-Oct-201361.2K
pcap-namedb.h09-Oct-20133.3K
pcap-nit.c09-Oct-20138.8K
pcap-nit.h09-Oct-2013970
pcap-null.c09-Oct-20131.8K
pcap-pf.c09-Oct-201316.4K
pcap-pf.h09-Oct-2013969
pcap-septel.c09-Oct-20137.8K
pcap-septel.h09-Oct-2013573
pcap-snit.c09-Oct-201310.8K
pcap-snoop.c09-Oct-201311.7K
pcap-stdinc.h09-Oct-20132.2K
pcap-win32.c09-Oct-201318.9K
pcap.309-Oct-201335.3K
pcap.c09-Oct-201325.2K
pcap.h09-Oct-201310.8K
pcap1.h09-Oct-20139.3K
ppp.h09-Oct-20132.7K
README09-Oct-20133.7K
README.linux09-Oct-20133.7K
savefile.c09-Oct-201342.7K
scanner.c09-Oct-2013169.2K
scanner.l09-Oct-201310.2K
sll.h09-Oct-20135.4K
sunatmpos.h09-Oct-20132.2K
TODO09-Oct-20131.5K
tokdefs.h09-Oct-20135.3K
VERSION09-Oct-20136
version.c09-Oct-201331
version.h09-Oct-201367
wlan_filtering.patch09-Oct-201310.3K

README

      1 @(#) $Header: /tcpdump/master/libpcap/README,v 1.30 2004/10/12 02:02:28 guy Exp $ (LBL)
      2 
      3 LIBPCAP 0.9
      4 Now maintained by "The Tcpdump Group"
      5 See 		www.tcpdump.org
      6 
      7 Please send inquiries/comments/reports to 	tcpdump-workers (a] tcpdump.org
      8 
      9 Anonymous CVS is available via:
     10 	cvs -d :pserver:tcpdump (a] cvs.tcpdump.org:/tcpdump/master login
     11 	(password "anoncvs")
     12 	cvs -d :pserver:tcpdump (a] cvs.tcpdump.org:/tcpdump/master checkout libpcap
     13 
     14 Version 0.9 of LIBPCAP can be retrieved with the CVS tag "libpcap_0_9rel1":
     15 	cvs -d :pserver:tcpdump (a] cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_0_9rel1 libpcap
     16 
     17 Please send patches against the master copy to patches (a] tcpdump.org.
     18 
     19 formerly from 	Lawrence Berkeley National Laboratory
     20 		Network Research Group <libpcap (a] ee.lbl.gov>
     21 		ftp://ftp.ee.lbl.gov/libpcap.tar.Z (0.4)
     22 
     23 This directory contains source code for libpcap, a system-independent
     24 interface for user-level packet capture.  libpcap provides a portable
     25 framework for low-level network monitoring.  Applications include
     26 network statistics collection, security monitoring, network debugging,
     27 etc.  Since almost every system vendor provides a different interface
     28 for packet capture, and since we've developed several tools that
     29 require this functionality, we've created this system-independent API
     30 to ease in porting and to alleviate the need for several
     31 system-dependent packet capture modules in each application.
     32 
     33 Note well: this interface is new and is likely to change.
     34 
     35 For some platforms there are README.{system} files that discuss issues
     36 with the OS's interface for packet capture on those platforms, such as
     37 how to enable support for that interface in the OS, if it's not built in
     38 by default.
     39 
     40 The libpcap interface supports a filtering mechanism based on the
     41 architecture in the BSD packet filter.  BPF is described in the 1993
     42 Winter Usenix paper ``The BSD Packet Filter: A New Architecture for
     43 User-level Packet Capture''.  A compressed PostScript version can be
     44 found at
     45 
     46 	ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z
     47 
     48 or
     49 
     50 	http://www.tcpdump.org/papers/bpf-usenix93.ps.Z
     51 
     52 and a gzipped version can be found at
     53 
     54 	http://www.tcpdump.org/papers/bpf-usenix93.ps.gz
     55 
     56 A PDF version can be found at
     57 
     58 	http://www.tcpdump.org/papers/bpf-usenix93.pdf
     59 
     60 Although most packet capture interfaces support in-kernel filtering,
     61 libpcap utilizes in-kernel filtering only for the BPF interface.
     62 On systems that don't have BPF, all packets are read into user-space
     63 and the BPF filters are evaluated in the libpcap library, incurring
     64 added overhead (especially, for selective filters).  Ideally, libpcap
     65 would translate BPF filters into a filter program that is compatible
     66 with the underlying kernel subsystem, but this is not yet implemented.
     67 
     68 BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, and OpenBSD.  DEC
     69 OSF/1/Digital UNIX/Tru64 UNIX uses the packetfilter interface but has
     70 been extended to accept BPF filters (which libpcap utilizes).  Also, you
     71 can add BPF filter support to Ultrix using the kernel source and/or
     72 object patches available in:
     73 
     74 	ftp://gatekeeper.dec.com/pub/DEC/net/bpfext42.tar.Z.
     75 
     76 Linux, in the 2.2 kernel and later kernels, has a "Socket Filter"
     77 mechanism that accepts BPF filters; see the README.linux file for
     78 information on configuring that option.
     79 
     80 Problems, bugs, questions, desirable enhancements, etc. should be sent
     81 to the address "tcpdump-workers (a] tcpdump.org".  Bugs, support requests,
     82 and feature requests may also be submitted on the SourceForge site for
     83 libpcap at
     84 
     85 	http://sourceforge.net/projects/libpcap/
     86 
     87 Source code contributions, etc. should be sent to the email address
     88 "patches (a] tcpdump.org", or submitted as patches on the SourceForge site
     89 for libpcap.
     90 
     91 Current versions can be found at www.tcpdump.org, or the SourceForge
     92 site for libpcap.
     93 
     94  - The TCPdump team
     95 

README.linux

      1 In order for libpcap to be able to capture packets on a Linux system,
      2 the "packet" protocol must be supported by your kernel.  If it is not,
      3 you may get error messages such as
      4 
      5 	modprobe: can't locate module net-pf-17
      6 
      7 in "/var/adm/messages", or may get messages such as
      8 
      9 	socket: Address family not supported by protocol
     10 
     11 from applications using libpcap.
     12 
     13 You must configure the kernel with the CONFIG_PACKET option for this
     14 protocol; the following note is from the Linux "Configure.help" file for
     15 the 2.0[.x] kernel:
     16 
     17 	Packet socket
     18 	CONFIG_PACKET
     19 	  The Packet protocol is used by applications which communicate
     20 	  directly with network devices without an intermediate network
     21 	  protocol implemented in the kernel, e.g. tcpdump. If you want them
     22 	  to work, choose Y. 
     23 
     24 	  This driver is also available as a module called af_packet.o ( =
     25 	  code which can be inserted in and removed from the running kernel
     26 	  whenever you want). If you want to compile it as a module, say M
     27 	  here and read Documentation/modules.txt; if you use modprobe or
     28 	  kmod, you may also want to add "alias net-pf-17 af_packet" to 
     29 	  /etc/modules.conf.
     30 
     31 and the note for the 2.2[.x] kernel says:
     32 
     33 	Packet socket
     34 	CONFIG_PACKET
     35 	  The Packet protocol is used by applications which communicate
     36 	  directly with network devices without an intermediate network
     37 	  protocol implemented in the kernel, e.g. tcpdump. If you want them
     38 	  to work, choose Y. This driver is also available as a module called
     39 	  af_packet.o ( = code which can be inserted in and removed from the
     40 	  running kernel whenever you want). If you want to compile it as a
     41 	  module, say M here and read Documentation/modules.txt.  You will
     42 	  need to add 'alias net-pf-17 af_packet' to your /etc/conf.modules
     43 	  file for the module version to function automatically.  If unsure,
     44 	  say Y.
     45 
     46 In addition, there is an option that, in 2.2 and later kernels, will
     47 allow packet capture filters specified to programs such as tcpdump to be
     48 executed in the kernel, so that packets that don't pass the filter won't
     49 be copied from the kernel to the program, rather than having all packets
     50 copied to the program and libpcap doing the filtering in user mode. 
     51 
     52 Copying packets from the kernel to the program consumes a significant
     53 amount of CPU, so filtering in the kernel can reduce the overhead of
     54 capturing packets if a filter has been specified that discards a
     55 significant number of packets.  (If no filter is specified, it makes no
     56 difference whether the filtering isn't performed in the kernel or isn't
     57 performed in user mode. :-))
     58 
     59 The option for this is the CONFIG_FILTER option; the "Configure.help"
     60 file says:
     61 
     62 	Socket filtering
     63 	CONFIG_FILTER
     64 	  The Linux Socket Filter is derived from the Berkeley Packet Filter.
     65 	  If you say Y here, user-space programs can attach a filter to any
     66 	  socket and thereby tell the kernel that it should allow or disallow
     67 	  certain types of data to get through the socket. Linux Socket
     68 	  Filtering works on all socket types except TCP for now. See the text
     69 	  file linux/Documentation/networking/filter.txt for more information.
     70 	  If unsure, say N.
     71 
     72 
     73 Statistics:
     74 Statistics reported by pcap are platform specific.  The statistics
     75 reported by pcap_stats on Linux are as follows:
     76 
     77 2.2.x
     78 =====
     79 ps_recv   Number of packets that were accepted by the pcap filter
     80 ps_drops  Always 0, this statistic is not gatherd on this platform
     81 
     82 2.4.x
     83 =====
     84 ps_rec    Number of packets that were accepted by the pcap filter
     85 ps_drops  Number of packets that had passed filtering but were not
     86           passed on to pcap due to things like buffer shortage, etc.
     87 			 This is useful because these are packets you are interested in
     88 			 but won't be reported by, for example, tcpdump output.
     89