Just tested. Latest clone without latest libpcap did not work. Latest clone with latest libpcap did work.
On Sun, Jan 27, 2013 at 1:43 PM, Daniel Borkmann <[email protected]> wrote: > On Sun, Jan 27, 2013 at 10:56 AM, Daniel Borkmann > <[email protected]> wrote: >> On Sun, Jan 27, 2013 at 10:30 AM, Markus Amend <[email protected]> >> wrote: >> >>> latest version of libpcap works. >> >> Thanks for testing. On Monday, I'll try to find a solution how it can >> be made compatible with older versions, until then for these two days, >> a newer libpcap version must be enough. ;-) > > I've removed a define and included the <pcap/bpf.h> library, I think > this should resolve all build issues. > >>> -----Ursprüngliche Nachricht----- >>> Von: [email protected] [mailto:[email protected]] Im >>> Auftrag von Daniel Borkmann >>> Gesendet: Samstag, 26. Januar 2013 20:02 >>> An: [email protected] >>> Betreff: Re: [netsniff-ng] Bpfc questions >>> >>> On Sat, Jan 26, 2013 at 4:13 PM, Markus Amend <[email protected]> >>> wrote: >>>> First: >unrecognized command line option >>>> "-Wunused-but-set-parameter"<, I have to comment it out >>>> Second: I have the same issue with libpcap-dev 0.8 installod on Ubuntu >>>> 10.04 >>>> 64bit: >>>> >>>> make netsniff-ng >>>> /home/markus/.bashrc: 13: shopt: not found >>>> /home/markus/.bashrc: 21: shopt: not found >>>> /home/markus/.bashrc: 99: shopt: not found >>>> /etc/bash_completion: 33: [[: not found >>>> /etc/bash_completion: 39: [[: not found >>>> /etc/bash_completion: 52: Bad substitution NACL_LIB_DIR/NACL_INC_DIR >>>> is undefined, building libnacl with curvetun! >>>> Building netsniff-ng: >>>> -e CC hash.c >>>> -e CC dissector.c >>>> -e CC dissector_eth.c >>>> -e CC dissector_80211.c >>>> -e CC proto_arp.c >>>> -e CC proto_ethernet.c >>>> -e CC proto_icmpv4.c >>>> -e CC proto_icmpv6.c >>>> -e CC proto_igmp.c >>>> -e CC proto_ip_authentication_hdr.c >>>> -e CC proto_ip_esp.c >>>> -e CC proto_ipv4.c >>>> -e CC proto_ipv6.c >>>> -e CC proto_ipv6_dest_opts.c >>>> -e CC proto_ipv6_fragm.c >>>> -e CC proto_ipv6_hop_by_hop.c >>>> -e CC proto_ipv6_in_ipv4.c >>>> -e CC proto_ipv6_mobility_hdr.c >>>> -e CC proto_ipv6_no_nxt_hdr.c >>>> -e CC proto_ipv6_routing.c >>>> -e CC proto_none.c >>>> -e CC proto_tcp.c >>>> -e CC proto_udp.c >>>> -e CC proto_vlan.c >>>> -e CC proto_vlan_q_in_q.c >>>> -e CC proto_mpls_unicast.c >>>> -e CC proto_80211_mac_hdr.c >>>> -e CC xio.c >>>> -e CC xutils.c >>>> -e CC xmalloc.c >>>> -e CC bpf.c >>>> bpf.c: In function ‘bpf_parse_rules’: >>>> bpf.c:780: error: storage size of ‘bpfp’ isn’t known >>>> bpf.c:788: error: ‘PCAP_NETMASK_UNKNOWN’ undeclared (first use in this >>>> function) >>>> bpf.c:788: error: (Each undeclared identifier is reported only once >>>> bpf.c:788: error: for each function it appears in.) >>>> bpf.c:780: warning: unused variable ‘bpfp’ >>>> make: *** [netsniff-ng/bpf.o] Error 1 >>> >>> Would it work, if you download and install the latest pcap? >>> >>> https://github.com/mcr/libpcap >>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: [email protected] >>>> [mailto:[email protected]] Im Auftrag von Daniel Borkmann >>>> Gesendet: Samstag, 26. Januar 2013 11:10 >>>> An: [email protected] >>>> Betreff: Re: [netsniff-ng] Bpfc questions >>>> >>>> On Sat, Jan 26, 2013 at 1:35 AM, Jon Schipp <[email protected]> wrote: >>>>> Grabbed the latest: >>>>> >>>>> Building netsniff-ng toolkit (0.5.8-rc0) for x86_64-linux-gnu: >>>>> Building netsniff-ng: >>>>> -e CC bpf.c >>>>> bpf.c: In function ‘bpf_parse_rules’: >>>>> bpf.c:780:21: error: storage size of ‘bpfp’ isn’t known >>>>> bpf.c:780:21: warning: unused variable ‘bpfp’ [-Wunused-variable] >>>>> make: *** [netsniff-ng/bpf.o] Error 1 >>>> >>>> Hmm, compilation works fine for me on Fedora. Do you have >>>> libpcap-dev/devel installed? It's used (only) to generate a >>>> tcpdump-like BPF filter. Do you have this file? >>>> >>>> * /usr/include/pcap/pcap.h >>>> >>>> Would it work if you change the include in bpf.c to <pcap.h> only? >>>> >>>> Let me know. >>>> >>>>> On Fri, Jan 25, 2013 at 9:53 AM, Daniel Borkmann >>>>> <[email protected]> >>>> wrote: >>>>>> On Fri, Jan 25, 2013 at 4:27 AM, Jon Schipp <[email protected]> wrote: >>>>>> >>>>>>> I'm confused about the the terminology here too. I imagine that >>>>>>> "-L|--lla Compile low-level BPF" means compile to >>>>>>> low-level BPF rather than _output_ a low-level filter. I think it's >>>>>>> just the ambiguous wording because mnemonics like ld, jeq look >>>>>>> higher level than 0x20, 0x28. >>>>>> >>>>>> Right, I've just removed that in upstream. >>>>>> >>>>>> Also, for a better user experience, I've decided to add support for >>>>>> tcpdump-like filtering syntax. >>>>>> >>>>>> For netsniff-ng this means, e.g.: >>>>>> >>>>>> - netsniff-ng -i eth0 udp or tcp >>>>>> - netsniff-ng -i eth0 -f "udp or tcp" -V -o out.pcap --silent >>>>>> - netsniff-ng -i eth0 -f filter.bpfo -V -o out.pcap --silent >>>>>> >>>>>> Where ``cat filter.bpfo'' contains sth. like these opcodes ... >>>>>> >>>>>> { 0x20, 0, 0, 0x00000008 }, >>>>>> { 0x15, 0, 3, 0xccddeeff }, >>>>>> { 0x28, 0, 0, 0x00000006 }, >>>>>> { 0x15, 0, 1, 0x0000aabb }, >>>>>> { 0x6, 0, 0, 0xffffffff }, >>>>>> { 0x6, 0, 0, 0x00000000 }, >>>>>> >>>>>> .... that were produced by bpfc. This means, now you have the full >>>>>> program. ;-) For low-level debugging or advanced filtering (i.e. >>>>>> Linux socket filter extensions), you can use bpfc, compile it into a >>>>>> file, pass it to netsniff-ng, for high-level filtering everyone >>>>>> knows tcpdump-like syntax, so you can pass this as well via -f. >>>>>> Internally, it's checked if the parameter you've passed is a file or >>> not. >>>>> >>>>> -- >>>>> >>>>> >>>> >>>> -- >>>> >>>> >>>> >>>> -- >>>> >>>> >>> >>> -- >>> >>> >>> > > -- > > --
