You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
167 lines
6.0 KiB
167 lines
6.0 KiB
libpcap for DOS
|
|
---------------
|
|
|
|
This file contains some notes on building and using libpcap for MS-DOS.
|
|
Look in `README' and `pcap.man' for usage and details. These targets are
|
|
supported:
|
|
|
|
- Borland C 4.0+ small or large model.
|
|
- Metaware HighC 3.1+ with PharLap DOS-extender
|
|
- GNU C 2.7+ with djgpp 2.01+ DOS extender
|
|
- Watcom C 11.x with DOS4GW extender
|
|
|
|
Note: the files in the libpcap.zip contains short truncated filenames.
|
|
So for djgpp to work with these, disable the use of long file names by
|
|
setting "LFN=n" in the environment. On the other hand, if you get libpcap
|
|
from Github or the official libpcap.tar.gz, some filenames are beyond 8+3.
|
|
In this case set "LFN=y".
|
|
|
|
Files specific to DOS are pcap-dos.[ch] and the assembly and C files in
|
|
the MSDOS sub-directory. Remember to built the libpcap library from the top
|
|
install directory. And not from the MSDOS sub-directory.
|
|
|
|
Note for djgpp users:
|
|
If you got the libpcap from the official site www.tcpdump, then that
|
|
distribution does NOT contain any sources for building 32-bit drivers.
|
|
Instead get the full version at
|
|
https://www.watt-32.net/pcap/libpcap.zip
|
|
|
|
and set "USE_32BIT_DRIVERS = 1" in msdos\common.dj.
|
|
|
|
|
|
|
|
Requirements
|
|
------------
|
|
|
|
DOS-libpcap currently only works reliably with a real-mode Ethernet packet-
|
|
driver. This driver must be installed prior to using any program (e.g.
|
|
tcpdump) compiled with libpcap. Work is underway to implement protected-
|
|
mode drivers for 32-bit targets (djgpp only). The 3Com 3c509 driver is
|
|
working almost perfectly. Due to lack of LAN-cards, I've not had the
|
|
opportunity to test other drivers. These 32-bit drivers are modified
|
|
Linux drivers.
|
|
|
|
|
|
Required packages
|
|
-----------------
|
|
|
|
The following packages and tools must be present for all targets.
|
|
|
|
1. Watt-32 tcp/ip library. This library is *not* used to send or
|
|
receive network data. It's mostly used to access the 'hosts'
|
|
file and other <netdb.h> features. Get 'watt32s*.zip' at:
|
|
|
|
https://www.watt-32.net
|
|
|
|
2. Exception handler and disassember library (libexc.a) is needed if
|
|
"USE_EXCEPT = 1" in common.dj. Available at:
|
|
|
|
https://www.watt-32.net/misc/exc_dx07.zip
|
|
|
|
3. Flex & Bison is used to generate parser for the filter handler
|
|
pcap_compile:
|
|
ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/flx254b.zip
|
|
ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/bsn241b.zip
|
|
|
|
4. NASM assembler v 0.98 or later is required when building djgpp and
|
|
Watcom targets:
|
|
https://www.nasm.us/
|
|
|
|
5. sed (Stream Editor) is required for doing `make depend'.
|
|
It's available at:
|
|
ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/sed422b.zip
|
|
|
|
A touch tool to update the time-stamp of a file. E.g.:
|
|
ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/grep29b.zip
|
|
|
|
6. For djgpp rm.exe and cp.exe are required. These should already be
|
|
part of your djgpp installation. Also required (experimental at the
|
|
time) for djgpp is DLX 2.91 or later. This tool is for the generation
|
|
of dynamically loadable modules.
|
|
|
|
|
|
Compiling libpcap
|
|
-----------------
|
|
|
|
Follow these steps in building libpcap:
|
|
|
|
1. Make sure you've installed Watt-32 properly (see it's `INSTALL' file).
|
|
During that installation a environment variable `WATT_ROOT' is set.
|
|
This variable is used for building libpcap also (`WATT_INC' is
|
|
deducted from `WATT_ROOT'). djgpp users should also define environment
|
|
variables `C_INCLUDE_PATH' and `LIBRARY_PATH' to point to the include
|
|
directory and library directory respectively. E.g. put this in your
|
|
AUTOEXEC.BAT:
|
|
set C_INCLUDE_PATH=c:/net/watt/inc
|
|
set LIBRARY_PATH=c:/net/watt/lib
|
|
|
|
2. Revise the msdos/common.dj file for your djgpp/gcc installation;
|
|
- change the value of `GCCLIB' to match location of libgcc.a.
|
|
- set `USE_32BIT_DRIVERS = 1' to build 32-bit driver objects.
|
|
|
|
|
|
3. Build pcap by using appropriate makefile. For djgpp, use:
|
|
`make -f msdos/makefile.dj' (i.e. GNU `make')
|
|
|
|
For a Watcom target say:
|
|
`wmake -f msdos\makefile.wc'
|
|
|
|
For a Borland target say:
|
|
`maker -f msdos\Makefile pcap_bc.lib' (Borland's `maker.exe')
|
|
|
|
And for a HighC/Pharlap target say:
|
|
`maker -f msdos\Makefile pcap_hc.lib' (Borland's `maker.exe')
|
|
|
|
You might like to change some `CFLAGS' -- only `DEBUG' define currently
|
|
have any effect. It shows a rotating "fan" in upper right corner of
|
|
screen. Remove `DEBUG' if you don't like it. You could add
|
|
`-fomit-frame-pointer' to `CFLAGS' to speed up the generated code.
|
|
But note, this makes debugging and crash-traceback difficult. Only
|
|
add it if you're fully confident your application is 100% stable.
|
|
|
|
Note: Code in `USE_NDIS2' does not work at the moment.
|
|
|
|
4. The resulting library is put in current directory. There's some
|
|
test-program for `libpcap': `filtertest.exe', `findalldevstest.exe',
|
|
`nonblocktest.exe' and `opentest.exe'.
|
|
|
|
But linking the library with `tcpdump' is the ultimate test. DOS/djgpp
|
|
should now hopefully be a supported target. Get the sources at:
|
|
https://www.tcpdump.org/
|
|
or
|
|
https://github.com/the-tcpdump-group/tcpdump/
|
|
|
|
(click on the 'Download ZIP' on the right side of that page.)
|
|
|
|
|
|
Extensions to libpcap
|
|
---------------------
|
|
|
|
I've included some extra functions to DOS-libpcap:
|
|
|
|
`pcap_config_hook (const char *keyword, const char *value)' :
|
|
|
|
Allows an application to set values of internal libpcap variables.
|
|
`keyword' and an associated `value' should be present in the `debug_tab[]'
|
|
array in pcap-dos.c (currently only used to set debug-levels and parameters
|
|
for the 32-bit network drivers.) Thus an application using DOS-libpcap can
|
|
override the default value during it's configure process (see tcpdump's
|
|
msdos/config.c file for an extended example).
|
|
|
|
`pcap_set_wait (pcap_t *, void (*)(void), int)' :
|
|
|
|
Only effective when reading offline traffic from dump-files.
|
|
Function `pcap_offline_read()' will wait (and optionally yield)
|
|
before printing next packet. This will simulate the pace the packets
|
|
where actually recorded.
|
|
|
|
|
|
|
|
Happy sniffing !
|
|
|
|
|
|
Gisle Vanem <gvanem@yahoo.no>
|
|
|
|
October 1999, 2004, 2006, 2013
|
|
|