On Sun, Jan 27, 2013 at 10:56 AM, Daniel Borkmann <[email protected]> wrote: > On Sun, Jan 27, 2013 at 10:30 AM, Markus Amend <[email protected]> wrote: > >> latest version of libpcap works. > > Thanks for testing. On Monday, I'll try to find a solution how it can > be made compatible with older versions, until then for these two days, > a newer libpcap version must be enough. ;-)
I've removed a define and included the <pcap/bpf.h> library, I think this should resolve all build issues. >> -----Ursprüngliche Nachricht----- >> Von: [email protected] [mailto:[email protected]] Im >> Auftrag von Daniel Borkmann >> Gesendet: Samstag, 26. Januar 2013 20:02 >> An: [email protected] >> Betreff: Re: [netsniff-ng] Bpfc questions >> >> On Sat, Jan 26, 2013 at 4:13 PM, Markus Amend <[email protected]> >> wrote: >>> First: >unrecognized command line option >>> "-Wunused-but-set-parameter"<, I have to comment it out >>> Second: I have the same issue with libpcap-dev 0.8 installod on Ubuntu >>> 10.04 >>> 64bit: >>> >>> make netsniff-ng >>> /home/markus/.bashrc: 13: shopt: not found >>> /home/markus/.bashrc: 21: shopt: not found >>> /home/markus/.bashrc: 99: shopt: not found >>> /etc/bash_completion: 33: [[: not found >>> /etc/bash_completion: 39: [[: not found >>> /etc/bash_completion: 52: Bad substitution NACL_LIB_DIR/NACL_INC_DIR >>> is undefined, building libnacl with curvetun! >>> Building netsniff-ng: >>> -e CC hash.c >>> -e CC dissector.c >>> -e CC dissector_eth.c >>> -e CC dissector_80211.c >>> -e CC proto_arp.c >>> -e CC proto_ethernet.c >>> -e CC proto_icmpv4.c >>> -e CC proto_icmpv6.c >>> -e CC proto_igmp.c >>> -e CC proto_ip_authentication_hdr.c >>> -e CC proto_ip_esp.c >>> -e CC proto_ipv4.c >>> -e CC proto_ipv6.c >>> -e CC proto_ipv6_dest_opts.c >>> -e CC proto_ipv6_fragm.c >>> -e CC proto_ipv6_hop_by_hop.c >>> -e CC proto_ipv6_in_ipv4.c >>> -e CC proto_ipv6_mobility_hdr.c >>> -e CC proto_ipv6_no_nxt_hdr.c >>> -e CC proto_ipv6_routing.c >>> -e CC proto_none.c >>> -e CC proto_tcp.c >>> -e CC proto_udp.c >>> -e CC proto_vlan.c >>> -e CC proto_vlan_q_in_q.c >>> -e CC proto_mpls_unicast.c >>> -e CC proto_80211_mac_hdr.c >>> -e CC xio.c >>> -e CC xutils.c >>> -e CC xmalloc.c >>> -e CC bpf.c >>> bpf.c: In function ‘bpf_parse_rules’: >>> bpf.c:780: error: storage size of ‘bpfp’ isn’t known >>> bpf.c:788: error: ‘PCAP_NETMASK_UNKNOWN’ undeclared (first use in this >>> function) >>> bpf.c:788: error: (Each undeclared identifier is reported only once >>> bpf.c:788: error: for each function it appears in.) >>> bpf.c:780: warning: unused variable ‘bpfp’ >>> make: *** [netsniff-ng/bpf.o] Error 1 >> >> Would it work, if you download and install the latest pcap? >> >> https://github.com/mcr/libpcap >> >>> -----Ursprüngliche Nachricht----- >>> Von: [email protected] >>> [mailto:[email protected]] Im Auftrag von Daniel Borkmann >>> Gesendet: Samstag, 26. Januar 2013 11:10 >>> An: [email protected] >>> Betreff: Re: [netsniff-ng] Bpfc questions >>> >>> On Sat, Jan 26, 2013 at 1:35 AM, Jon Schipp <[email protected]> wrote: >>>> Grabbed the latest: >>>> >>>> Building netsniff-ng toolkit (0.5.8-rc0) for x86_64-linux-gnu: >>>> Building netsniff-ng: >>>> -e CC bpf.c >>>> bpf.c: In function ‘bpf_parse_rules’: >>>> bpf.c:780:21: error: storage size of ‘bpfp’ isn’t known >>>> bpf.c:780:21: warning: unused variable ‘bpfp’ [-Wunused-variable] >>>> make: *** [netsniff-ng/bpf.o] Error 1 >>> >>> Hmm, compilation works fine for me on Fedora. Do you have >>> libpcap-dev/devel installed? It's used (only) to generate a >>> tcpdump-like BPF filter. Do you have this file? >>> >>> * /usr/include/pcap/pcap.h >>> >>> Would it work if you change the include in bpf.c to <pcap.h> only? >>> >>> Let me know. >>> >>>> On Fri, Jan 25, 2013 at 9:53 AM, Daniel Borkmann >>>> <[email protected]> >>> wrote: >>>>> On Fri, Jan 25, 2013 at 4:27 AM, Jon Schipp <[email protected]> wrote: >>>>> >>>>>> I'm confused about the the terminology here too. I imagine that >>>>>> "-L|--lla Compile low-level BPF" means compile to >>>>>> low-level BPF rather than _output_ a low-level filter. I think it's >>>>>> just the ambiguous wording because mnemonics like ld, jeq look >>>>>> higher level than 0x20, 0x28. >>>>> >>>>> Right, I've just removed that in upstream. >>>>> >>>>> Also, for a better user experience, I've decided to add support for >>>>> tcpdump-like filtering syntax. >>>>> >>>>> For netsniff-ng this means, e.g.: >>>>> >>>>> - netsniff-ng -i eth0 udp or tcp >>>>> - netsniff-ng -i eth0 -f "udp or tcp" -V -o out.pcap --silent >>>>> - netsniff-ng -i eth0 -f filter.bpfo -V -o out.pcap --silent >>>>> >>>>> Where ``cat filter.bpfo'' contains sth. like these opcodes ... >>>>> >>>>> { 0x20, 0, 0, 0x00000008 }, >>>>> { 0x15, 0, 3, 0xccddeeff }, >>>>> { 0x28, 0, 0, 0x00000006 }, >>>>> { 0x15, 0, 1, 0x0000aabb }, >>>>> { 0x6, 0, 0, 0xffffffff }, >>>>> { 0x6, 0, 0, 0x00000000 }, >>>>> >>>>> .... that were produced by bpfc. This means, now you have the full >>>>> program. ;-) For low-level debugging or advanced filtering (i.e. >>>>> Linux socket filter extensions), you can use bpfc, compile it into a >>>>> file, pass it to netsniff-ng, for high-level filtering everyone >>>>> knows tcpdump-like syntax, so you can pass this as well via -f. >>>>> Internally, it's checked if the parameter you've passed is a file or >> not. >>>> >>>> -- >>>> >>>> >>> >>> -- >>> >>> >>> >>> -- >>> >>> >> >> -- >> >> >> --
