1To report a security issue please send an e-mail to [email protected]. 2 3To report bugs and other problems, contribute patches, request a 4feature, provide generic feedback etc please see the file 5CONTRIBUTING in the libpcap source tree root. 6 7LIBPCAP 1.x.y 8Now maintained by "The Tcpdump Group" 9https://www.tcpdump.org 10 11Anonymous Git is available via: 12 git clone git://bpf.tcpdump.org/libpcap 13 14formerly from Lawrence Berkeley National Laboratory 15 Network Research Group <[email protected]> 16 ftp://ftp.ee.lbl.gov/old/libpcap-0.4a7.tar.Z 17 18This directory contains source code for libpcap, a system-independent 19interface for user-level packet capture. libpcap provides a portable 20framework for low-level network monitoring. Applications include 21network statistics collection, security monitoring, network debugging, 22etc. Since almost every system vendor provides a different interface 23for packet capture, and since we've developed several tools that 24require this functionality, we've created this system-independent API 25to ease in porting and to alleviate the need for several 26system-dependent packet capture modules in each application. 27 28For some platforms there are README.{system} files that discuss issues 29with the OS's interface for packet capture on those platforms, such as 30how to enable support for that interface in the OS, if it's not built in 31by default. 32 33The libpcap interface supports a filtering mechanism based on the 34architecture in the BSD packet filter. BPF is described in the 1993 35Winter Usenix paper ``The BSD Packet Filter: A New Architecture for 36User-level Packet Capture''. A compressed PostScript version can be 37found at 38 39 ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z 40 41or 42 43 https://www.tcpdump.org/papers/bpf-usenix93.ps.Z 44 45and a gzipped version can be found at 46 47 https://www.tcpdump.org/papers/bpf-usenix93.ps.gz 48 49A PDF version can be found at 50 51 https://www.tcpdump.org/papers/bpf-usenix93.pdf 52 53Although most packet capture interfaces support in-kernel filtering, 54libpcap utilizes in-kernel filtering only for the BPF interface. 55On systems that don't have BPF, all packets are read into user-space 56and the BPF filters are evaluated in the libpcap library, incurring 57added overhead (especially, for selective filters). Ideally, libpcap 58would translate BPF filters into a filter program that is compatible 59with the underlying kernel subsystem, but this is not yet implemented. 60 61BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, OpenBSD, DragonFly 62BSD, and macOS; an older, modified and undocumented version is standard 63in AIX. {DEC OSF/1, Digital UNIX, Tru64 UNIX} uses the packetfilter 64interface but has been extended to accept BPF filters (which libpcap 65utilizes). Also, you can add BPF filter support to Ultrix using the 66kernel source and/or object patches available in: 67 68 https://www.tcpdump.org/other/bpfext42.tar.Z 69 70Linux, in the 2.2 kernel and later kernels, has a "Socket Filter" 71mechanism that accepts BPF filters; see the README.linux file for 72information on configuring that option. 73 74Note to Linux distributions and *BSD systems that include libpcap: 75 76There's now a rule to make a shared library, which should work on Linux 77and *BSD, among other platforms. 78 79It sets the soname of the library to "libpcap.so.1"; this is what it 80should be, *NOT* libpcap.so.1.x or libpcap.so.1.x.y or something such as 81that. 82 83We've been maintaining binary compatibility between libpcap releases for 84quite a while; there's no reason to tie a binary linked with libpcap to 85a particular release of libpcap. 86 87Current versions can be found at https://www.tcpdump.org. 88 89 - The TCPdump group 90