xref: /freebsd/contrib/libpcap/doc/README.sita (revision 6f9cba8f8b5efd16249633e52483ea351876b67b)
1NOTE: this is not currently supported; the configure script doesn't
2support --with-sita, and CMake doesn't support enabling SITA ACN
3support.  The code currently does not compile; it should really be
4implemented as an additional remote capture mechanism, using a URL,
5rather than as a separate version of libpcap that supports only the ACN
6product, but the infrastructure for that isn't yet available.
7
8The following instructions apply if you have a Linux platform and want
9libpcap to support the 'ACN' WAN/LAN router product from SITA
10(https://www.sita.aero)
11
12This might also work on non-Linux Unix-compatible platforms, but that
13has not been tested.
14
15See also the libpcap INSTALL.md file for further libpcap configuration
16options.
17
18These additions/extensions have been made to PCAP to allow it to
19capture packets from a SITA ACN device (and potentially others).
20
21To enable its support you need to ensure that the distribution has
22a correct configure.ac file; that can be created if necessary by
23using the normal autoconf procedure of:
24
25aclocal
26autoconf
27autoheader
28automake
29
30Then run configure with the 'sita' option:
31
32./configure --with-sita
33
34Applications built with libpcap configured in this way will only detect SITA
35ACN interfaces and will not capture from the native OS packet stream.
36
37The SITA extension provides a remote datascope operation for capturing
38both WAN and LAN protocols.  It effectively splits the operation of
39PCAP into two halves.  The top layer performs the majority of the
40work, but interfaces via a TCP session to remote agents that
41provide the lower layer functionality of actual sniffing and
42filtering. More detailed information regarding the functions and
43inter-device protocol and naming conventions are described in detail
44in 'pcap-sita.html'.
45
46pcap_findalldevs() reads the local system's /etc/hosts file looking
47for host names that match the format of IOP type devices.  ie.  aaa_I_x_y
48and then queries each associated IP address for a list of its WAN and
49LAN devices.  The local system the aggregates the lists obtained from
50each IOP, sorts it, and provides it (to Wireshark et.al) as the
51list of monitorable interfaces.
52
53Once a valid interface has been selected, pcap_open() is called
54which opens a TCP session (to a well known port) on the target IOP
55and tells it to start monitoring.
56
57All captured packets are then forwarded across that TCP session
58back to the local 'top layer' for forwarding to the actual
59sniffing program (wireshark...)
60
61Note that the DLT_SITA link-layer type includes a proprietary header
62that is documented as part of the SITA dissector of Wireshark and is
63also described in 'pcap-sita.html' for posterity sake.
64
65That header provides:
66- Packet direction (in/out) (1 octet)
67- Link layer hardware signal status (1 octet)
68- Transmit/Receive error status (2 octets)
69- Encapsulated WAN protocol ID (1 octet)
70
71
72