1b00ab754SHans Petter Selaskylibpcap for DOS 2b00ab754SHans Petter Selasky--------------- 3b00ab754SHans Petter Selasky 4b00ab754SHans Petter SelaskyThis file contains some notes on building and using libpcap for MS-DOS. 5b00ab754SHans Petter SelaskyLook in `README' and `pcap.man' for usage and details. These targets are 6b00ab754SHans Petter Selaskysupported: 7b00ab754SHans Petter Selasky 8b00ab754SHans Petter Selasky - Borland C 4.0+ small or large model. 9b00ab754SHans Petter Selasky - Metaware HighC 3.1+ with PharLap DOS-extender 10b00ab754SHans Petter Selasky - GNU C 2.7+ with djgpp 2.01+ DOS extender 11b00ab754SHans Petter Selasky - Watcom C 11.x with DOS4GW extender 12b00ab754SHans Petter Selasky 13b00ab754SHans Petter SelaskyNote: the files in the libpcap.zip contains short truncated filenames. 14b00ab754SHans Petter Selasky So for djgpp to work with these, disable the use of long file names by 15b00ab754SHans Petter Selasky setting "LFN=n" in the environment. On the other hand, if you get libpcap 16*afdbf109SJoseph Mingrone from GitHub or the official libpcap.tar.gz, some filenames are beyond 8+3. 17b00ab754SHans Petter Selasky In this case set "LFN=y". 18b00ab754SHans Petter Selasky 19b00ab754SHans Petter SelaskyFiles specific to DOS are pcap-dos.[ch] and the assembly and C files in 20b00ab754SHans Petter Selaskythe MSDOS sub-directory. Remember to built the libpcap library from the top 21b00ab754SHans Petter Selaskyinstall directory. And not from the MSDOS sub-directory. 22b00ab754SHans Petter Selasky 23b00ab754SHans Petter SelaskyNote for djgpp users: 24b00ab754SHans Petter Selasky If you got the libpcap from the official site www.tcpdump, then that 25b00ab754SHans Petter Selasky distribution does NOT contain any sources for building 32-bit drivers. 26b00ab754SHans Petter Selasky Instead get the full version at 276f9cba8fSJoseph Mingrone https://www.watt-32.net/pcap/libpcap.zip 28b00ab754SHans Petter Selasky 29b00ab754SHans Petter Selasky and set "USE_32BIT_DRIVERS = 1" in msdos\common.dj. 30b00ab754SHans Petter Selasky 31b00ab754SHans Petter Selasky 32b00ab754SHans Petter Selasky 33b00ab754SHans Petter SelaskyRequirements 34b00ab754SHans Petter Selasky------------ 35b00ab754SHans Petter Selasky 36b00ab754SHans Petter SelaskyDOS-libpcap currently only works reliably with a real-mode Ethernet packet- 37b00ab754SHans Petter Selaskydriver. This driver must be installed prior to using any program (e.g. 38b00ab754SHans Petter Selaskytcpdump) compiled with libpcap. Work is underway to implement protected- 39b00ab754SHans Petter Selaskymode drivers for 32-bit targets (djgpp only). The 3Com 3c509 driver is 40b00ab754SHans Petter Selaskyworking almost perfectly. Due to lack of LAN-cards, I've not had the 41b00ab754SHans Petter Selaskyopportunity to test other drivers. These 32-bit drivers are modified 42b00ab754SHans Petter SelaskyLinux drivers. 43b00ab754SHans Petter Selasky 44b00ab754SHans Petter Selasky 45b00ab754SHans Petter SelaskyRequired packages 46b00ab754SHans Petter Selasky----------------- 47b00ab754SHans Petter Selasky 48b00ab754SHans Petter SelaskyThe following packages and tools must be present for all targets. 49b00ab754SHans Petter Selasky 50b00ab754SHans Petter Selasky1. Watt-32 tcp/ip library. This library is *not* used to send or 51b00ab754SHans Petter Selasky receive network data. It's mostly used to access the 'hosts' 52b00ab754SHans Petter Selasky file and other <netdb.h> features. Get 'watt32s*.zip' at: 53b00ab754SHans Petter Selasky 546f9cba8fSJoseph Mingrone https://www.watt-32.net 55b00ab754SHans Petter Selasky 56*afdbf109SJoseph Mingrone2. Exception handler and disassembler library (libexc.a) is needed if 57b00ab754SHans Petter Selasky "USE_EXCEPT = 1" in common.dj. Available at: 58b00ab754SHans Petter Selasky 596f9cba8fSJoseph Mingrone https://www.watt-32.net/misc/exc_dx07.zip 60b00ab754SHans Petter Selasky 61b00ab754SHans Petter Selasky3. Flex & Bison is used to generate parser for the filter handler 62b00ab754SHans Petter Selasky pcap_compile: 63b00ab754SHans Petter Selasky ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/flx254b.zip 64b00ab754SHans Petter Selasky ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/bsn241b.zip 65b00ab754SHans Petter Selasky 66b00ab754SHans Petter Selasky4. NASM assembler v 0.98 or later is required when building djgpp and 67b00ab754SHans Petter Selasky Watcom targets: 686f9cba8fSJoseph Mingrone https://www.nasm.us/ 69b00ab754SHans Petter Selasky 70b00ab754SHans Petter Selasky5. sed (Stream Editor) is required for doing `make depend'. 71b00ab754SHans Petter Selasky It's available at: 72b00ab754SHans Petter Selasky ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/sed422b.zip 73b00ab754SHans Petter Selasky 74b00ab754SHans Petter Selasky A touch tool to update the time-stamp of a file. E.g.: 75b00ab754SHans Petter Selasky ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/grep29b.zip 76b00ab754SHans Petter Selasky 77b00ab754SHans Petter Selasky6. For djgpp rm.exe and cp.exe are required. These should already be 78b00ab754SHans Petter Selasky part of your djgpp installation. Also required (experimental at the 79b00ab754SHans Petter Selasky time) for djgpp is DLX 2.91 or later. This tool is for the generation 80b00ab754SHans Petter Selasky of dynamically loadable modules. 81b00ab754SHans Petter Selasky 82b00ab754SHans Petter Selasky 83b00ab754SHans Petter SelaskyCompiling libpcap 84b00ab754SHans Petter Selasky----------------- 85b00ab754SHans Petter Selasky 86b00ab754SHans Petter SelaskyFollow these steps in building libpcap: 87b00ab754SHans Petter Selasky 88b00ab754SHans Petter Selasky1. Make sure you've installed Watt-32 properly (see it's `INSTALL' file). 89b00ab754SHans Petter Selasky During that installation a environment variable `WATT_ROOT' is set. 90b00ab754SHans Petter Selasky This variable is used for building libpcap also (`WATT_INC' is 91b00ab754SHans Petter Selasky deducted from `WATT_ROOT'). djgpp users should also define environment 92b00ab754SHans Petter Selasky variables `C_INCLUDE_PATH' and `LIBRARY_PATH' to point to the include 93b00ab754SHans Petter Selasky directory and library directory respectively. E.g. put this in your 94b00ab754SHans Petter Selasky AUTOEXEC.BAT: 95b00ab754SHans Petter Selasky set C_INCLUDE_PATH=c:/net/watt/inc 96b00ab754SHans Petter Selasky set LIBRARY_PATH=c:/net/watt/lib 97b00ab754SHans Petter Selasky 98b00ab754SHans Petter Selasky2. Revise the msdos/common.dj file for your djgpp/gcc installation; 99b00ab754SHans Petter Selasky - change the value of `GCCLIB' to match location of libgcc.a. 100b00ab754SHans Petter Selasky - set `USE_32BIT_DRIVERS = 1' to build 32-bit driver objects. 101b00ab754SHans Petter Selasky 102b00ab754SHans Petter Selasky 103b00ab754SHans Petter Selasky3. Build pcap by using appropriate makefile. For djgpp, use: 104b00ab754SHans Petter Selasky `make -f msdos/makefile.dj' (i.e. GNU `make') 105b00ab754SHans Petter Selasky 106b00ab754SHans Petter Selasky For a Watcom target say: 107b00ab754SHans Petter Selasky `wmake -f msdos\makefile.wc' 108b00ab754SHans Petter Selasky 109b00ab754SHans Petter Selasky For a Borland target say: 110b00ab754SHans Petter Selasky `maker -f msdos\Makefile pcap_bc.lib' (Borland's `maker.exe') 111b00ab754SHans Petter Selasky 112b00ab754SHans Petter Selasky And for a HighC/Pharlap target say: 113b00ab754SHans Petter Selasky `maker -f msdos\Makefile pcap_hc.lib' (Borland's `maker.exe') 114b00ab754SHans Petter Selasky 115b00ab754SHans Petter Selasky You might like to change some `CFLAGS' -- only `DEBUG' define currently 116b00ab754SHans Petter Selasky have any effect. It shows a rotating "fan" in upper right corner of 117b00ab754SHans Petter Selasky screen. Remove `DEBUG' if you don't like it. You could add 118b00ab754SHans Petter Selasky `-fomit-frame-pointer' to `CFLAGS' to speed up the generated code. 119b00ab754SHans Petter Selasky But note, this makes debugging and crash-traceback difficult. Only 120b00ab754SHans Petter Selasky add it if you're fully confident your application is 100% stable. 121b00ab754SHans Petter Selasky 122b00ab754SHans Petter Selasky Note: Code in `USE_NDIS2' does not work at the moment. 123b00ab754SHans Petter Selasky 124b00ab754SHans Petter Selasky4. The resulting library is put in current directory. There's some 125b00ab754SHans Petter Selasky test-program for `libpcap': `filtertest.exe', `findalldevstest.exe', 126b00ab754SHans Petter Selasky `nonblocktest.exe' and `opentest.exe'. 127b00ab754SHans Petter Selasky 128b00ab754SHans Petter Selasky But linking the library with `tcpdump' is the ultimate test. DOS/djgpp 129b00ab754SHans Petter Selasky should now hopefully be a supported target. Get the sources at: 13057e22627SCy Schubert https://www.tcpdump.org/ 131b00ab754SHans Petter Selasky or 132b00ab754SHans Petter Selasky https://github.com/the-tcpdump-group/tcpdump/ 133b00ab754SHans Petter Selasky 134b00ab754SHans Petter Selasky (click on the 'Download ZIP' on the right side of that page.) 135b00ab754SHans Petter Selasky 136b00ab754SHans Petter Selasky 137b00ab754SHans Petter SelaskyExtensions to libpcap 138b00ab754SHans Petter Selasky--------------------- 139b00ab754SHans Petter Selasky 140b00ab754SHans Petter SelaskyI've included some extra functions to DOS-libpcap: 141b00ab754SHans Petter Selasky 142b00ab754SHans Petter Selasky `pcap_config_hook (const char *keyword, const char *value)' : 143b00ab754SHans Petter Selasky 144b00ab754SHans Petter Selasky Allows an application to set values of internal libpcap variables. 145b00ab754SHans Petter Selasky `keyword' and an associated `value' should be present in the `debug_tab[]' 146b00ab754SHans Petter Selasky array in pcap-dos.c (currently only used to set debug-levels and parameters 147b00ab754SHans Petter Selasky for the 32-bit network drivers.) Thus an application using DOS-libpcap can 148b00ab754SHans Petter Selasky override the default value during it's configure process (see tcpdump's 149b00ab754SHans Petter Selasky msdos/config.c file for an extended example). 150b00ab754SHans Petter Selasky 151b00ab754SHans Petter Selasky `pcap_set_wait (pcap_t *, void (*)(void), int)' : 152b00ab754SHans Petter Selasky 153b00ab754SHans Petter Selasky Only effective when reading offline traffic from dump-files. 154b00ab754SHans Petter Selasky Function `pcap_offline_read()' will wait (and optionally yield) 155b00ab754SHans Petter Selasky before printing next packet. This will simulate the pace the packets 156b00ab754SHans Petter Selasky where actually recorded. 157b00ab754SHans Petter Selasky 158b00ab754SHans Petter Selasky 159b00ab754SHans Petter Selasky 160b00ab754SHans Petter SelaskyHappy sniffing ! 161b00ab754SHans Petter Selasky 162b00ab754SHans Petter Selasky 163b00ab754SHans Petter SelaskyGisle Vanem <gvanem@yahoo.no> 164b00ab754SHans Petter Selasky 165b00ab754SHans Petter SelaskyOctober 1999, 2004, 2006, 2013 166b00ab754SHans Petter Selasky 167