>>Using libpcap-0.6.2 with <pcap-int.h> seems to have solved the tcpslice >>issues. > >Great. Any patches required, or it worked right out of the box?
Minor patching was required: + add <time.h> to util.c + remove <config.h> from strlcpy.c (Ideally the autoconf environment could be changed to include conf.h, but this was less effort. ;-) > >Strange that > >tcpdump and other utils (tcptrace, ethereal) built with libpcap 0.4 can >cope > >with files made with libpcap 0.6, but tcpslice cannot. > >Yes, tcpslice plays more tricks with the file I/O; tcpdump etc. >just read packets sequentially, so perhaps there's something going >on there. >From my debugging runs through tcpslice it seemed like it ought to have been able to find the last packet in the file. It backed up to a location prior to a header, but find_header just went right on by... I did not trace it deep enough to determine why it skipped the header. > >Let me know if you want the source RPM and/or spec files I built. > >Um, I'm afraid I'm pretty clueless with respect to rpm, but I guess >we could use the spec file. That would let us build a source RPM >for new releases on our own, right? The easiest thing is to just take my source RPM, which contains all the source files I used, all the patches, and the spec file. "installing" a source RPM is safe and can be done by a non-privileged user if they have write permission to the install area. (Defaults to /usr/src/redhat/* on RedHat.) Source files are not recorded in the RPM database and are not uninstalled via RPM. Just delete all the files it installs. (You can see which files will be installed using "rpm -q -l -p <source RPM pathname>) Alternatively you can manually install the files in the proper directories after I send them to you: /usr/src/redhat/SPECS/tcpslice.spec /usr/src/redhat/SOURCES/tcpslice-1.2a1.tar.gz /usr/src/redhat/SOURCES/tcpslice_tcpdump_org.patch /usr/src/redhat/SOURCES/sbonds_tcpslice_util_timeh.patch /usr/src/redhat/SOURCES/sbonds_tcpslice_strlcpy.patch tcpslice.spec: File I created which describes how to compile and package everything up. I encourage you to look through http://www.rpm.org/max-rpm/ to see what the sections are and what they mean. RPM is an excellent packaging scheme, and seems to work better than either Solaris packages or HP-UX depots. (The only others with which I have significant experience.) tcpslice-1.2a1.tar.gz: This is the original source from LBL FTP site, in keeping with the RPM philosophy of "pristine sources". I encourage you to check it versus your own copy retrieved from the LBL FTP site. Any source RPM should have an unmodified copy of the source, as it comes from the original authors. tcpslice_tcpdump_org.patch: This brings the above file up to date with the 2001-10-11 CVS version you made available to me. sbonds_tcpslice_util_timeh.patch: My patch to add <time.h> with appropriate #define checking into util.c, copied from tcpdump.c. sbonds_tcpslice_strlcpy.patch: My patch to remove <conf.h> from strlcpy.c. After all these are manually installed, building your own package is as simple as: $ cd /usr/src/redhat/SPECS $ rpm -ba tcpslice.spec (Again, if you're curious what all this will do, check out the Maximum RPM book, available online as mentioned above. Basically this just streamlines an untar, patch, configure, make, install, and package sequence.) I hestitate to spam this list with a large file like my source RPM. Is there a good place to upload it? It's about 86k in size. I also have a source (270k) RPM for libpcap 0.6.2, which is just the libpcap-0.4.tar.gz file and a monster patch to convert it to 0.6.2. No other patching was needed. For some reason, RPM think version 0.6.2 is older than 0.4 and requires the "--oldpackage" option when installing. I'm not sure why it thinks this new version is older. RedHat has about a billion patches for libpcap 0.4. Some of them might be useful to include in 0.6.2. -- Steve Bonds _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
