> -#ifdef HAVE_NETPACKET_PACKET_H
> +#if defined(HAVE_NETPACKET_PACKET_H) || defined (SO_ATTACH_FILTER)
Well, that's the downside of using a tired old version of the C library
and a shiny new kernel (arguably, it's the downside of the C library and
the Linux kernel being two separately maintained pieces of software) -
you need "netpacket/packet.h" as a header file in order to use PF_PACKET
sockets, and you need PF_PACKET sockets in order to use the socket
filter.
> For both, removing #include <netinet/if_ether.h> is enough and tcpdump
> compiles, but it doesn't works fully :
>
> # ./tcpdump -ln -vvv -i any
> tcpdump: pcap_open_live: The "any" device isn't supported on 2.0[.x]-kernel systems
>
> But I don't have a 2.0.x kernel, I have a 2.4.0-test4 kernel.
OK, we'll change the message to
The "any" device isn't supported on 2.0[.x]-kernel systems or
systems with later kernels and old header files.
because that's what you have. You need PF_PACKET sockets in order to
use the "any" device, but, to use PF_PACKET sockets, libpcap needs not
only a kernel that supports them but *header files* that support them;
unfortunately, libc5 appears not to include header files that support
them.
If you want the "any" device, you'll either have to
1) upgrade libc to a version that comes with
"netpacket/packet.h"
or
2) do further hand-customization of your system and install a
"netpacket/packet.h" header file that works with your kernel and
libc5
or
3) do further hand-customization of libpcap to somehow make it
capable of using PF_PACKET sockets without having a
"netpacket/packet.h" header file.
I'd suggest doing 1) or 2), as that way you'll have a system where the
header files more closely match your kernel, rather than some weird
Frankenstein monster with a shiny modern kernel sewed together with an
ancient C library and header files.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
