On Sat, Jan 26, 2013 at 4:13 PM, Markus Amend <[email protected]> wrote: > First: >unrecognized command line option "-Wunused-but-set-parameter"<, I > have to comment it out > Second: I have the same issue with libpcap-dev 0.8 installod on Ubuntu 10.04 > 64bit: > > make netsniff-ng > /home/markus/.bashrc: 13: shopt: not found > /home/markus/.bashrc: 21: shopt: not found > /home/markus/.bashrc: 99: shopt: not found > /etc/bash_completion: 33: [[: not found > /etc/bash_completion: 39: [[: not found > /etc/bash_completion: 52: Bad substitution > NACL_LIB_DIR/NACL_INC_DIR is undefined, building libnacl with curvetun! > Building netsniff-ng: > -e CC hash.c > -e CC dissector.c > -e CC dissector_eth.c > -e CC dissector_80211.c > -e CC proto_arp.c > -e CC proto_ethernet.c > -e CC proto_icmpv4.c > -e CC proto_icmpv6.c > -e CC proto_igmp.c > -e CC proto_ip_authentication_hdr.c > -e CC proto_ip_esp.c > -e CC proto_ipv4.c > -e CC proto_ipv6.c > -e CC proto_ipv6_dest_opts.c > -e CC proto_ipv6_fragm.c > -e CC proto_ipv6_hop_by_hop.c > -e CC proto_ipv6_in_ipv4.c > -e CC proto_ipv6_mobility_hdr.c > -e CC proto_ipv6_no_nxt_hdr.c > -e CC proto_ipv6_routing.c > -e CC proto_none.c > -e CC proto_tcp.c > -e CC proto_udp.c > -e CC proto_vlan.c > -e CC proto_vlan_q_in_q.c > -e CC proto_mpls_unicast.c > -e CC proto_80211_mac_hdr.c > -e CC xio.c > -e CC xutils.c > -e CC xmalloc.c > -e CC bpf.c > bpf.c: In function ‘bpf_parse_rules’: > bpf.c:780: error: storage size of ‘bpfp’ isn’t known > bpf.c:788: error: ‘PCAP_NETMASK_UNKNOWN’ undeclared (first use in this > function) > bpf.c:788: error: (Each undeclared identifier is reported only once > bpf.c:788: error: for each function it appears in.) > bpf.c:780: warning: unused variable ‘bpfp’ > make: *** [netsniff-ng/bpf.o] Error 1
Would it work, if you download and install the latest pcap? https://github.com/mcr/libpcap > -----Ursprüngliche Nachricht----- > Von: [email protected] [mailto:[email protected]] Im > Auftrag von Daniel Borkmann > Gesendet: Samstag, 26. Januar 2013 11:10 > An: [email protected] > Betreff: Re: [netsniff-ng] Bpfc questions > > On Sat, Jan 26, 2013 at 1:35 AM, Jon Schipp <[email protected]> wrote: >> Grabbed the latest: >> >> Building netsniff-ng toolkit (0.5.8-rc0) for x86_64-linux-gnu: >> Building netsniff-ng: >> -e CC bpf.c >> bpf.c: In function ‘bpf_parse_rules’: >> bpf.c:780:21: error: storage size of ‘bpfp’ isn’t known >> bpf.c:780:21: warning: unused variable ‘bpfp’ [-Wunused-variable] >> make: *** [netsniff-ng/bpf.o] Error 1 > > Hmm, compilation works fine for me on Fedora. Do you have libpcap-dev/devel > installed? It's used (only) to generate a tcpdump-like BPF filter. Do you > have this file? > > * /usr/include/pcap/pcap.h > > Would it work if you change the include in bpf.c to <pcap.h> only? > > Let me know. > >> On Fri, Jan 25, 2013 at 9:53 AM, Daniel Borkmann <[email protected]> > wrote: >>> On Fri, Jan 25, 2013 at 4:27 AM, Jon Schipp <[email protected]> wrote: >>> >>>> I'm confused about the the terminology here too. I imagine that >>>> "-L|--lla Compile low-level BPF" means compile to >>>> low-level BPF rather than _output_ a low-level filter. I think it's >>>> just the ambiguous wording because mnemonics like ld, jeq look >>>> higher level than 0x20, 0x28. >>> >>> Right, I've just removed that in upstream. >>> >>> Also, for a better user experience, I've decided to add support for >>> tcpdump-like filtering syntax. >>> >>> For netsniff-ng this means, e.g.: >>> >>> - netsniff-ng -i eth0 udp or tcp >>> - netsniff-ng -i eth0 -f "udp or tcp" -V -o out.pcap --silent >>> - netsniff-ng -i eth0 -f filter.bpfo -V -o out.pcap --silent >>> >>> Where ``cat filter.bpfo'' contains sth. like these opcodes ... >>> >>> { 0x20, 0, 0, 0x00000008 }, >>> { 0x15, 0, 3, 0xccddeeff }, >>> { 0x28, 0, 0, 0x00000006 }, >>> { 0x15, 0, 1, 0x0000aabb }, >>> { 0x6, 0, 0, 0xffffffff }, >>> { 0x6, 0, 0, 0x00000000 }, >>> >>> .... that were produced by bpfc. This means, now you have the full >>> program. ;-) For low-level debugging or advanced filtering (i.e. >>> Linux socket filter extensions), you can use bpfc, compile it into a >>> file, pass it to netsniff-ng, for high-level filtering everyone knows >>> tcpdump-like syntax, so you can pass this as well via -f. Internally, >>> it's checked if the parameter you've passed is a file or not. >> >> -- >> >> > > -- > > > > -- > > --
