1# LIBPCAP 1.x.y by [The Tcpdump Group](https://www.tcpdump.org) 2 3**To report a security issue please send an e-mail to security@tcpdump.org.** 4 5To report bugs and other problems, contribute patches, request a 6feature, provide generic feedback etc please see the 7[guidelines for contributing](CONTRIBUTING.md). 8 9The [documentation directory](doc/) has README files about specific 10operating systems and options. 11 12Anonymous Git is available via: 13 14 https://github.com/the-tcpdump-group/libpcap.git 15 16This directory contains source code for libpcap, a system-independent 17interface for user-level packet capture. libpcap provides a portable 18framework for low-level network monitoring. Applications include 19network statistics collection, security monitoring, network debugging, 20etc. Since almost every system vendor provides a different interface 21for packet capture, and since we've developed several tools that 22require this functionality, we've created this system-independent API 23to ease in porting and to alleviate the need for several 24system-dependent packet capture modules in each application. 25 26```text 27formerly from Lawrence Berkeley National Laboratory 28 Network Research Group <libpcap@ee.lbl.gov> 29 ftp://ftp.ee.lbl.gov/old/libpcap-0.4a7.tar.Z 30``` 31 32### Support for particular platforms and BPF 33For some platforms there are `README.{system}` files that discuss issues 34with the OS's interface for packet capture on those platforms, such as 35how to enable support for that interface in the OS, if it's not built in 36by default. 37 38The libpcap interface supports a filtering mechanism based on the 39architecture in the BSD packet filter. BPF is described in the 1993 40Winter Usenix paper ``The BSD Packet Filter: A New Architecture for 41User-level Packet Capture'' 42([compressed PostScript](https://www.tcpdump.org/papers/bpf-usenix93.ps.Z), 43[gzipped PostScript](https://www.tcpdump.org/papers/bpf-usenix93.ps.gz), 44[PDF](https://www.tcpdump.org/papers/bpf-usenix93.pdf)). 45 46Although most packet capture interfaces support in-kernel filtering, 47libpcap utilizes in-kernel filtering only for the BPF interface. 48On systems that don't have BPF, all packets are read into user-space 49and the BPF filters are evaluated in the libpcap library, incurring 50added overhead (especially, for selective filters). Ideally, libpcap 51would translate BPF filters into a filter program that is compatible 52with the underlying kernel subsystem, but this is not yet implemented. 53 54BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, OpenBSD, DragonFly 55BSD, macOS, and Solaris 11; an older, modified and undocumented version 56is standard in AIX. {DEC OSF/1, Digital UNIX, Tru64 UNIX} uses the 57packetfilter interface but has been extended to accept BPF filters 58(which libpcap utilizes). 59 60Linux has a number of BPF based systems, and libpcap does not support 61any of the eBPF mechanisms as yet, although it supports many of the 62memory mapped receive mechanisms. 63See the [Linux-specific README](doc/README.linux) for more information. 64 65### Note to Linux distributions and *BSD systems that include libpcap: 66 67There's now a rule to make a shared library, which should work on Linux 68and *BSD, among other platforms. 69 70It sets the soname of the library to `libpcap.so.1`; this is what it 71should be, **NOT** `libpcap.so.1.x` or `libpcap.so.1.x.y` or something such as 72that. 73 74We've been maintaining binary compatibility between libpcap releases for 75quite a while; there's no reason to tie a binary linked with libpcap to 76a particular release of libpcap. 77