| JP Abgrall | 511eca3 | 2014-02-12 13:46:45 -0800 | [diff] [blame] | 1 | Using BPF: |
| 2 | |
| 3 | (1) AIX 4.x's version of BPF is undocumented and somewhat unstandard; the |
| 4 | current BPF support code includes changes that should work around |
| 5 | that; it appears to compile and work on at least one AIX 4.3.3 |
| 6 | machine. |
| 7 | |
| 8 | Note that the BPF driver and the "/dev/bpf" devices might not exist |
| 9 | on your machine; AIX's tcpdump loads the driver and creates the |
| 10 | devices if they don't already exist. Our libpcap should do the |
| 11 | same, and the configure script should detect that it's on an AIX |
| 12 | system and choose BPF even if the devices aren't there. |
| 13 | |
| 14 | (2) If libpcap doesn't compile on your machine when configured to use |
| 15 | BPF, or if the workarounds fail to make it work correctly, you |
| 16 | should send to tcpdump-workers@lists.tcpdump.org a detailed bug |
| 17 | report (if the compile fails, send us the compile error messages; |
| 18 | if it compiles but fails to work correctly, send us as detailed as |
| 19 | possible a description of the symptoms, including indications of the |
| 20 | network link-layer type being wrong or time stamps being wrong). |
| 21 | |
| 22 | If you fix the problems yourself, please submit a patch by forking |
| 23 | the branch at |
| 24 | |
| 25 | https://github.com/the-tcpdump-group/libpcap/issues |
| 26 | |
| 27 | and issuing a pull request, so we can incorporate the fixes into the |
| 28 | next release. |
| 29 | |
| 30 | If you don't fix the problems yourself, you can, as a workaround, |
| 31 | make libpcap use DLPI instead of BPF. |
| 32 | |
| 33 | This can be done by specifying the flag: |
| 34 | |
| 35 | --with-pcap=dlpi |
| 36 | |
| 37 | to the "configure" script for libpcap. |
| 38 | |
| 39 | If you use DLPI: |
| 40 | |
| 41 | (1) It is a good idea to have the latest version of the DLPI driver on |
| 42 | your system, since certain versions may be buggy and cause your AIX |
| 43 | system to crash. DLPI is included in the fileset bos.rte.tty. I |
| 44 | found that the DLPI driver that came with AIX 4.3.2 was buggy, and |
| 45 | had to upgrade to bos.rte.tty 4.3.2.4: |
| 46 | |
| 47 | lslpp -l bos.rte.tty |
| 48 | |
| 49 | bos.rte.tty 4.3.2.4 COMMITTED Base TTY Support and Commands |
| 50 | |
| 51 | Updates for AIX filesets can be obtained from: |
| 52 | ftp://service.software.ibm.com/aix/fixes/ |
| 53 | |
| 54 | These updates can be installed with the smit program. |
| 55 | |
| 56 | (2) After compiling libpcap, you need to make sure that the DLPI driver |
| 57 | is loaded. Type: |
| 58 | |
| 59 | strload -q -d dlpi |
| 60 | |
| 61 | If the result is: |
| 62 | |
| 63 | dlpi: yes |
| 64 | |
| 65 | then the DLPI driver is loaded correctly. |
| 66 | |
| 67 | If it is: |
| 68 | |
| 69 | dlpi: no |
| 70 | |
| 71 | Then you need to type: |
| 72 | |
| 73 | strload -f /etc/dlpi.conf |
| 74 | |
| 75 | Check again with strload -q -d dlpi that the dlpi driver is loaded. |
| 76 | |
| 77 | Alternatively, you can uncomment the lines for DLPI in |
| 78 | /etc/pse.conf and reboot the machine; this way DLPI will always |
| 79 | be loaded when you boot your system. |
| 80 | |
| 81 | (3) There appears to be a problem in the DLPI code in some versions of |
| 82 | AIX, causing a warning about DL_PROMISC_MULTI failing; this might |
| 83 | be responsible for DLPI not being able to capture outgoing packets. |