exist* On Fri, Feb 1, 2013 at 4:14 PM, Jon Schipp <[email protected]> wrote:
> /usr/include/pcap/pcap.h does indeed exits on my system. > Made the include changes with no luck. Using latest libpcap works fine, > added to Ubuntu documentation. > > On Mon, Jan 28, 2013 at 5:41 AM, Daniel Borkmann > <[email protected]>wrote: > >> Would it work for you, if you replace both header includes under >> >> vim bpf.c +719 >> >> with: >> >> #include <pcap.h> >> >> It seems that this is pretty screwed up. Either you include only >> >> #include <pcap.h> >> >> as one can find in old code examples (but then it doesn't compile on >> new distros), or you include: >> >> #include <pcap/pcap.h> >> #include <pcap/bpf.h> >> >> and then it doesn't compile on older ones ... >> >> On Mon, Jan 28, 2013 at 4:51 AM, Jon Schipp <[email protected]> wrote: >> > Just tested. >> > Latest clone without latest libpcap did not work. >> > Latest clone with latest libpcap did work. >> > >> > On Sun, Jan 27, 2013 at 1:43 PM, Daniel Borkmann < >> [email protected]> wrote: >> >> On Sun, Jan 27, 2013 at 10:56 AM, Daniel Borkmann >> >> <[email protected]> wrote: >> >>> On Sun, Jan 27, 2013 at 10:30 AM, Markus Amend < >> [email protected]> wrote: >> >>> >> >>>> latest version of libpcap works. >> >>> >> >>> Thanks for testing. On Monday, I'll try to find a solution how it can >> >>> be made compatible with older versions, until then for these two days, >> >>> a newer libpcap version must be enough. ;-) >> >> >> >> I've removed a define and included the <pcap/bpf.h> library, I think >> >> this should resolve all build issues. >> >> >> >>>> -----Ursprüngliche Nachricht----- >> >>>> Von: [email protected] [mailto: >> [email protected]] Im >> >>>> Auftrag von Daniel Borkmann >> >>>> Gesendet: Samstag, 26. Januar 2013 20:02 >> >>>> An: [email protected] >> >>>> Betreff: Re: [netsniff-ng] Bpfc questions >> >>>> >> >>>> On Sat, Jan 26, 2013 at 4:13 PM, Markus Amend < >> [email protected]> >> >>>> wrote: >> >>>>> First: >unrecognized command line option >> >>>>> "-Wunused-but-set-parameter"<, I have to comment it out >> >>>>> Second: I have the same issue with libpcap-dev 0.8 installod on >> Ubuntu >> >>>>> 10.04 >> >>>>> 64bit: >> >>>>> >> >>>>> make netsniff-ng >> >>>>> /home/markus/.bashrc: 13: shopt: not found >> >>>>> /home/markus/.bashrc: 21: shopt: not found >> >>>>> /home/markus/.bashrc: 99: shopt: not found >> >>>>> /etc/bash_completion: 33: [[: not found >> >>>>> /etc/bash_completion: 39: [[: not found >> >>>>> /etc/bash_completion: 52: Bad substitution NACL_LIB_DIR/NACL_INC_DIR >> >>>>> is undefined, building libnacl with curvetun! >> >>>>> Building netsniff-ng: >> >>>>> -e CC hash.c >> >>>>> -e CC dissector.c >> >>>>> -e CC dissector_eth.c >> >>>>> -e CC dissector_80211.c >> >>>>> -e CC proto_arp.c >> >>>>> -e CC proto_ethernet.c >> >>>>> -e CC proto_icmpv4.c >> >>>>> -e CC proto_icmpv6.c >> >>>>> -e CC proto_igmp.c >> >>>>> -e CC proto_ip_authentication_hdr.c >> >>>>> -e CC proto_ip_esp.c >> >>>>> -e CC proto_ipv4.c >> >>>>> -e CC proto_ipv6.c >> >>>>> -e CC proto_ipv6_dest_opts.c >> >>>>> -e CC proto_ipv6_fragm.c >> >>>>> -e CC proto_ipv6_hop_by_hop.c >> >>>>> -e CC proto_ipv6_in_ipv4.c >> >>>>> -e CC proto_ipv6_mobility_hdr.c >> >>>>> -e CC proto_ipv6_no_nxt_hdr.c >> >>>>> -e CC proto_ipv6_routing.c >> >>>>> -e CC proto_none.c >> >>>>> -e CC proto_tcp.c >> >>>>> -e CC proto_udp.c >> >>>>> -e CC proto_vlan.c >> >>>>> -e CC proto_vlan_q_in_q.c >> >>>>> -e CC proto_mpls_unicast.c >> >>>>> -e CC proto_80211_mac_hdr.c >> >>>>> -e CC xio.c >> >>>>> -e CC xutils.c >> >>>>> -e CC xmalloc.c >> >>>>> -e CC bpf.c >> >>>>> bpf.c: In function ‘bpf_parse_rules’: >> >>>>> bpf.c:780: error: storage size of ‘bpfp’ isn’t known >> >>>>> bpf.c:788: error: ‘PCAP_NETMASK_UNKNOWN’ undeclared (first use in >> this >> >>>>> function) >> >>>>> bpf.c:788: error: (Each undeclared identifier is reported only once >> >>>>> bpf.c:788: error: for each function it appears in.) >> >>>>> bpf.c:780: warning: unused variable ‘bpfp’ >> >>>>> make: *** [netsniff-ng/bpf.o] Error 1 >> >>>> >> >>>> Would it work, if you download and install the latest pcap? >> >>>> >> >>>> https://github.com/mcr/libpcap >> >>>> >> >>>>> -----Ursprüngliche Nachricht----- >> >>>>> Von: [email protected] >> >>>>> [mailto:[email protected]] Im Auftrag von Daniel >> Borkmann >> >>>>> Gesendet: Samstag, 26. Januar 2013 11:10 >> >>>>> An: [email protected] >> >>>>> Betreff: Re: [netsniff-ng] Bpfc questions >> >>>>> >> >>>>> On Sat, Jan 26, 2013 at 1:35 AM, Jon Schipp <[email protected]> >> wrote: >> >>>>>> Grabbed the latest: >> >>>>>> >> >>>>>> Building netsniff-ng toolkit (0.5.8-rc0) for x86_64-linux-gnu: >> >>>>>> Building netsniff-ng: >> >>>>>> -e CC bpf.c >> >>>>>> bpf.c: In function ‘bpf_parse_rules’: >> >>>>>> bpf.c:780:21: error: storage size of ‘bpfp’ isn’t known >> >>>>>> bpf.c:780:21: warning: unused variable ‘bpfp’ [-Wunused-variable] >> >>>>>> make: *** [netsniff-ng/bpf.o] Error 1 >> >>>>> >> >>>>> Hmm, compilation works fine for me on Fedora. Do you have >> >>>>> libpcap-dev/devel installed? It's used (only) to generate a >> >>>>> tcpdump-like BPF filter. Do you have this file? >> >>>>> >> >>>>> * /usr/include/pcap/pcap.h >> >>>>> >> >>>>> Would it work if you change the include in bpf.c to <pcap.h> only? >> >>>>> >> >>>>> Let me know. >> >>>>> >> >>>>>> On Fri, Jan 25, 2013 at 9:53 AM, Daniel Borkmann >> >>>>>> <[email protected]> >> >>>>> wrote: >> >>>>>>> On Fri, Jan 25, 2013 at 4:27 AM, Jon Schipp <[email protected]> >> wrote: >> >>>>>>> >> >>>>>>>> I'm confused about the the terminology here too. I imagine that >> >>>>>>>> "-L|--lla Compile low-level BPF" means compile to >> >>>>>>>> low-level BPF rather than _output_ a low-level filter. I think >> it's >> >>>>>>>> just the ambiguous wording because mnemonics like ld, jeq look >> >>>>>>>> higher level than 0x20, 0x28. >> >>>>>>> >> >>>>>>> Right, I've just removed that in upstream. >> >>>>>>> >> >>>>>>> Also, for a better user experience, I've decided to add support >> for >> >>>>>>> tcpdump-like filtering syntax. >> >>>>>>> >> >>>>>>> For netsniff-ng this means, e.g.: >> >>>>>>> >> >>>>>>> - netsniff-ng -i eth0 udp or tcp >> >>>>>>> - netsniff-ng -i eth0 -f "udp or tcp" -V -o out.pcap --silent >> >>>>>>> - netsniff-ng -i eth0 -f filter.bpfo -V -o out.pcap --silent >> >>>>>>> >> >>>>>>> Where ``cat filter.bpfo'' contains sth. like these opcodes ... >> >>>>>>> >> >>>>>>> { 0x20, 0, 0, 0x00000008 }, >> >>>>>>> { 0x15, 0, 3, 0xccddeeff }, >> >>>>>>> { 0x28, 0, 0, 0x00000006 }, >> >>>>>>> { 0x15, 0, 1, 0x0000aabb }, >> >>>>>>> { 0x6, 0, 0, 0xffffffff }, >> >>>>>>> { 0x6, 0, 0, 0x00000000 }, >> >>>>>>> >> >>>>>>> .... that were produced by bpfc. This means, now you have the full >> >>>>>>> program. ;-) For low-level debugging or advanced filtering (i.e. >> >>>>>>> Linux socket filter extensions), you can use bpfc, compile it >> into a >> >>>>>>> file, pass it to netsniff-ng, for high-level filtering everyone >> >>>>>>> knows tcpdump-like syntax, so you can pass this as well via -f. >> >>>>>>> Internally, it's checked if the parameter you've passed is a file >> or >> >>>> not. >> >>>>>> >> >>>>>> -- >> >>>>>> >> >>>>>> >> >>>>> >> >>>>> -- >> >>>>> >> >>>>> >> >>>>> >> >>>>> -- >> >>>>> >> >>>>> >> >>>> >> >>>> -- >> >>>> >> >>>> >> >>>> >> >> >> >> -- >> >> >> >> >> > >> > -- >> > >> > >> >> -- >> You received this message because you are subscribed to the Google Groups >> "netsniff-ng" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
