--- Begin Message ---
Hello Guy, thank you for your help.
>> further down:
>> #ifdef PCAP_SUPPORT_KPNODE
>> || strstr(device, "kpnode") != NULL
>> #endif
> That's presumably in pcap_lookupnet(); if so, that's the correct way to add
> kpnode there.
>
> (I need to change that to use a better mechanism, so that it's the
> responsibility of the module to handle that, rather than hardcoding module
> information in a function.)
In general, that is my perception of the whole pcap library. There are
so many different kinds of interfaces, which have to be recognized.
Device nodes like usbnode and mine kernelprobe, IP interfaces like eth
and lo which cannot be represented as simple character node devices, and
many more. But there must be at least one function to parse the system
of all these interfaces which can be scanned? I searched the source code
of each appearance of usbmon, and tried to do something similar.
>> If you're just doing it on your own, and you will be using this modified
>> libpcap only on systems where kpnode is available, the easiest way to do it
>> would be to leave out the #ifdef`s for PCAP_SUPPORT_KPNODE.
I did it, leave out the #ifdef, so that my symbols are defined anyway.
>
>> After execution of the configure script I put
>> manually my files into the EXTRA_DIST list.
> EXTRA_DIST is useful only if you plan to do "make releasetar" to make a
> source tarball - and if you want to do *that*, add it to Makefile.in, not to
> Makefile, so you won't have to fix Makefile manually.
It was a hack of mine, to add my sourcecode files into the list of files
for building the project. Now I changed this by adding
MODULE_C_SRC="$MODULE_C_SRC pcap-kpnode.c"
>
>> But so far, when I build the pcap library not even the symbol kpnode
>> appears in the binary
> Do you mean that a symbol named "kpnode" doesn't appear in the (shared)
> library binary?
>
> Or do you mean that symbols with "kpnode" in their names, such as
> kpnode_findalldevs and kpnode_create, don't appear in the library binary?
>
> If so, are you looking for *exported* symbols or *all* symbols? On most
> platforms - and Linux is one such platform - we compile libpcap so that
> *only* routines we've designated as being libpcap APIs are exported by the
> library; others are internal-only symbols. For example, if I do
>
It didn't appear at all within the symbol list, neither with nm nor with
readelf or objdump. No symbols which starts with "kpnode" at all.
>
> 4$ nm libpcap.so.1.11.0-PRE-GIT | egrep pcap_open
> 0000000000012ea0 T pcap_open
> 000000000001bdc0 T pcap_open_dead
> 000000000001bce0 T pcap_open_dead_with_tstamp_precision
> 000000000001b9a0 T pcap_open_live
> 000000000002cf20 T pcap_open_offline
> 000000000001ab10 t pcap_open_offline_common
> 000000000002cde0 T pcap_open_offline_with_tstamp_precision
> 0000000000015b70 t pcap_open_rpcap
>
> symbols such as pcap_open(), pcap_open_live(), pcap_open_offline(), etc.
> *are* exported symbols - they're shown with 'T'.
>
> So, to check for symbols, you should do "nm" and pipe the result to "egrep
> kpnode_". Those symbols should show up with 't', not 'T', as they aren't
> part of the API - kpnode_findalldevs() should automatically get called if a
> program calls pcap_findalldevs() (e.g., if tcpdump is compile with this
> library, "tcpdump -D" should cause kpnode_findalldevs() to be called, and
> should show the kpnode device(s)), and kpnode_create() should automatically
> get called if a program calls pcap_create() (or pcap_open_live()) on a kpnode
> device (e.g., if tcpdump is compile with this library, "tcpdump -i kpnode",
> or whatever the name of a kpnode device is, should cause kpnode_create() to
> be called, and should capture on that kpnode device if run with sufficient
> privileges to do so).
After my recent changes (adding MODULE_C_SRC, leave out the #ifdef ...)
I get my symbols listed with nm, but they are flagged with an U as
undefined. So I presume they are defined as symbols, but not assigned to
any function? When I install and use this latest build with tcpdump -D,
I get an "undefined symbol: kpnode_findalldevs" which figures, I think.
It says: tcpdump: symbol lookup error:
/lib/aarch64-linux-gnu/libpcap.0.8: undefined symbol: kpnode_findalldevs
>
> You *also* need to modify configure.ac so that, if it sets
> PCAP_SUPPORT_KPNODE, it also does
>
> MODULE_C_SRC="$MODULE_C_SRC pcap-kpnode.c"
Did so.
>
> to add pcap-kpnode.c to the the list of libpcap module source files. Not
> only will that cause it to be compiled into an object file, it will also
> cause that object file to be included in the library.
>
> Given that you got a pcap-kpnode.o file, then either you compiled it manually
> yourself, or you made a change of that sort, or you manually added
> pcap-kpnode.c to the list of module source files in the Makefile after
> configuring, or you manually added it to the list of module source files in
> Makefile.in *before* configuring, or you added it to another source file
> list, or you did something else.
>
> Which of those did you do?
This time I did not touch the makefile after invoke configure. I made
the changes to the configure.ac file you suggested, and no editing of
the makefile any more. As I mentioned, the kpnode symbol appear in the
list with a capital U:
U kpnode_findalldevs
U kpnode_create
Thank you
BR Christian
--- End Message ---
