Re: libpcap (for tcpdump) compile

Lynne Seamans · ‎08-25-2006

We still have an 11.00 system due to application restrictions.

I'd like to get tcpdump on it, so i need libpcap. There is no depot for either on 11.00, so i'm trying to compile the code i downloaded from the porting centre:
http://hpux.connect.org.uk/hppd/hpux/Networking/Admin/libpcap-0.9.4/

libpcap requires flex, bison, gcc and make. Got 'em all, although maybe not the latest.

configure runs, go to "gmake" (per instructions) -- it completes some lines, then dies with a pipe error:

(removed lines)
$$.scanner.c scanner.c
bison -y -p pcap_ -d grammar.y
gmake: *** [grammar.c] Broken pipe

Very similar with regular "make", gets a "Termination Signal 13", which is a sigpipe, so i guess they're saying the same thing.

Anybody have success with this?

rick jones · ‎08-25-2006

If you get libpcap sources from www.tcpdump.org you can compile them just fine with the HP compiler. No real need for gmake, flex or bison.

I've never tried with those, and gcc under HP-UX. Just the HP compiler (unbundled) and the HP-UX standard make lex and yacc.

there is no rest for the wicked yet the virtuous have no pillows

Lynne Seamans · ‎08-28-2006

Sounded like a good idea, got the source for libpcap 0.9.4 from tcpdump.org. It still tried to use flex and bison, so did configure --without-flex.

It said our LEX wasn't sufficient ??

Got:

configure: WARNING: don't have both flex and bison; reverting to lex/yacc
checking for capable lex... insufficient
configure: error: Your operating system's lex is insufficient to compile
libpcap. flex is a lex replacement that has many advantages, including
being able to compile libpcap. For more information, see
http://www.gnu.org/software/flex/flex.html .

Jonathan Fife · ‎08-28-2006

Just from a quick google search it looks like you need GNU m4 instead of the ccs m4.

If you have the GNU m4 installed, try playing with your PATH or maybe set an M4 environment variable and re-running configure.

Decay is inherent in all compounded things. Strive on with diligence

rick jones · ‎08-28-2006

Go into the configure script and look for "insufficient" and you should see something like:

echo $ECHO_N "checking for capable lex... $ECHO_C" >&6
if test "${tcpdump_cv_capable_lex+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if lex -t scanner.l > /dev/null 2>&1; then
tcpdump_cv_capable_lex=yes
else
tcpdump_cv_capable_lex=insufficient
fi
fi

run that lex command by hand. You will probably see something like:

...
"scanner.l" line 349: error 4: Parse tree too big
6000/6000 nodes(%e), 0/25000 positions(%p), 1/2000 (%n), 0 transitions, 0/4000 packed char classes(%k), 0/16000 packed transitions(%a), 0/19000 output slots(%o)

Notice the bit about "nodes(%e)" - go into scanner.l and change the %e to something larger. You should see something akin to:

...
6056/9000 nodes(%e), 22089/25000 positions(%p), 1312/2000 (%n), 48325 transitions, 3621/4000 packed char classes(%k), 14716/16000 packed transitions(%a), 17206/19000 output slots(%o)

and re-run configure and all should be well. From time to time I've provided the tcpdump/libpcap folks with patches along those lines, but things can grow and get beyond the patches and so configure becomes unhappy again.

there is no rest for the wicked yet the virtuous have no pillows

Lynne Seamans · ‎08-29-2006

That worked! YIPPEE and thank you thank you!

Now, went on to compile TCPDUMP (configure --without-gcc) and print-dccp.c bit failed. Found this link, also from Rick, http://www.tcpdump.org/lists/workers/2005/11/msg00013.html
did what it said and got past that.

NOW, i'm hitting another compile error and NOT getting anything with Google (at least that i could understand):

cc: "print-isoclns.c", line 1619: error 1594: The sizeof operator cannot be applied to types with unknown size.
cc: "print-isoclns.c", line 1649: error 1594: The sizeof operator cannot be applied to types with unknown size.
*** Error exit code 1

rick jones · ‎08-29-2006

Which revision of tcpdump are you trying to compile? What does it look like the variables might be at those lines of code, and can you find where they are actually defined? Perhaps there is a missing include file, or perhaps the configure script ass-u-me-d something about 11.0 that was not true.

there is no rest for the wicked yet the virtuous have no pillows

Lynne Seamans · ‎08-29-2006

version, latest (i think) 3.9.4

looked at code at those lines:

1619 u_int8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */

1649 memset(prefix, 0, sizeof(struct in6_addr)); /* clear the copy buffer */

So it looks like "in6_addr" is the variable, and it seems to be talked about in ip6 areas of code.

And thanks for all your help. Thanks so much.

rick jones · ‎08-29-2006

Right - and while 11.0 may have done some "pre-enablement" for IPv6 it doesn't really have support for IPv6. So, if there is a configure option to disable using host IPv6 you should use it and see if that lets things go a bit better.

And if that _does_ work, please forward all the details to the tcpdump-workers mailing list - including what you needed to change to make lex happy.

there is no rest for the wicked yet the virtuous have no pillows

Lynne Seamans · ‎08-29-2006

Oh that makes such good sense, i must have done it wrong, though. Here's the whole sad tale:

r:/home/root/tcpdump/tcpdump-3.9.4> ./configure --disable-ipv6 --without-gcc
checking build system type... hppa2.0w-hp-hpux11.00
checking host system type... hppa2.0w-hp-hpux11.00
checking for gcc... cc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... no
checking whether cc accepts -g... yes
checking for cc option to accept ANSI C... none needed
checking that cc handles ansi prototypes... yes
checking for inline... __inline
checking for __attribute__... no
checking how to run the C preprocessor... cc -E
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... no
checking for unistd.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking rpc/rpcent.h usability... no
checking rpc/rpcent.h presence... no
checking for rpc/rpcent.h... no
checking netdnet/dnetdb.h usability... no
checking netdnet/dnetdb.h presence... no
checking for netdnet/dnetdb.h... no
checking for netinet/if_ether.h... no
configure: Rechecking with some additional includes
checking for netinet/if_ether.h... yes
checking whether time.h and sys/time.h may both be included... yes
checking smi.h usability... no
checking smi.h presence... no
checking for smi.h... no
checking for smiInit in -lsmi... no
checking whether to enable the possibly-buggy SMB printer... yes
configure: WARNING: The SMB printer may have exploitable buffer overflows!!!
checking whether to drop root privileges by default... no
checking whether to chroot... no
checking whether to enable ipv6... no
checking for dnet_htoa declaration in netdnet/dnetdb.h... no
checking for char... yes
checking size of char... 1
checking for short... yes
checking size of short... 2
checking for int... yes
checking size of int... 4
checking for long... yes
checking size of long... 4
checking for long long... yes
checking size of long long... 8
checking for addrinfo... no
checking for NI_MAXSERV... no
checking for NI_NAMEREQD... no
checking for sockaddr_storage... no
checking for INADDRSZ... yes
checking for IN6ADDRSZ... no
checking for RES_USE_INET6... no
checking for res_state_ext... no
checking for nsort in res_state... no
checking for vfprintf... yes
checking for strcasecmp... yes
checking for strlcat... no
checking for strlcpy... no
checking for strdup... yes
checking for strsep... no
checking for strftime... no
checking for setlinebuf... no
checking for alarm... yes
checking for vsnprintf... yes
checking for snprintf... yes
checking return type of signal handlers... void
checking for sigaction... yes
checking for library containing dnet_htoa... no
checking for main in -lrpc... no
checking for library containing getrpcbynumber... -lnsl
checking for library containing gethostbyname... none required
checking for library containing socket... none required
checking for library containing putmsg... none required
checking for local pcap library... not found
checking for main in -lpcap... yes
checking for extraneous pcap header directories... not found
checking for pcap_list_datalinks... yes
checking for pcap_set_datalink... yes
checking for pcap_datalink_name_to_val... yes
checking for pcap_datalink_val_to_description... yes
checking for pcap_breakloop... yes
checking for pcap_dump_ftell... yes
checking for inet_ntop... no
checking for inet_pton... no
checking for inet_aton... yes
checking for ether_ntohost... no
checking if sockaddr struct has sa_len member... no
checking for pcap_findalldevs... yes
checking for pcap_dump_flush... yes
checking for pcap_lib_version... yes
checking for pcap_if_t... yes
checking whether pcap_debug is defined by libpcap... no
checking whether yydebug is defined by libpcap... yes
checking for bpf_dump... yes
checking sys/bitypes.h usability... no
checking sys/bitypes.h presence... no
checking for sys/bitypes.h... no
checking for int8_t... yes
checking for u_int8_t... no
checking for int16_t... yes
checking for u_int16_t... no
checking for int32_t... yes
checking for u_int32_t... no
checking for int64_t... yes
checking for u_int64_t... no
checking for inttypes.h... (cached) yes
checking whether inttypes.h defines the PRI[doxu]64 macros... yes
checking if sockaddr struct has sa_len member... no
checking if unaligned accesses fail... yes
checking for h_errno... yes
checking for SSLeay... no
checking for a BSD-compatible install... /opt/imake/bin/install -c
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: executing default-1 commands
r:/home/root/tcpdump/tcpdump-3.9.4> make
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./addrtoname.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./cpack.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./gmpls.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./oui.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./gmt2local.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./ipproto.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./nlpid.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./l2vpn.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./machdep.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./parsenfsfh.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-802_11.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-ap1394.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-ah.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-arcnet.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-aodv.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-arp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-ascii.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-atalk.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-atm.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-beep.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-bfd.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-bgp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-bootp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-cdp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-chdlc.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-cip.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-cnfp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-dccp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-decnet.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-domain.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-dvmrp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-enc.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-egp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-eap.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-eigrp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-esp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-ether.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-fddi.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-fr.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-gre.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-hsrp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-icmp.c
cc: "print-icmp.c", line 406: warning 611: Type conversion loses "const" qualifier.
cc: "print-icmp.c", line 406: warning 563: Argument #3 is not the correct type.
cc: "print-icmp.c", line 416: warning 611: Type conversion loses "const" qualifier.
cc: "print-icmp.c", line 416: warning 563: Argument #3 is not the correct type.
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-igmp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-igrp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-ip.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-ipcomp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-ipfc.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-ipx.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-isakmp.c
cc -O -DHAVE_CONFIG_H -I./missing -D_U_="" -I. -I/usr/local/include -I./missing -c ./print-isoclns.c
cc: "print-isoclns.c", line 1619: error 1594: The sizeof operator cannot be applied to types with unknown size.
cc: "print-isoclns.c", line 1649: error 1594: The sizeof operator cannot be applied to types with unknown size.
*** Error exit code 1

Stop.

rick jones · ‎08-29-2006

While it would be a blunt instrument, given the liklihood of seeing any ISO CLNS traffic, you could probably see about making that an empty file, or perhaps editing the Makefile.in to remove it from the build.

And backing-up a bit, given the status of 11.0, it might be a _very_ good idea to get those application restrictions addressed and get onto an OS from this century :) 11iv2 (aka 11.23) would be a good place to be. Heck, it would probably still run your existing application binaries just fine. Depending on how much "stuff" has to come along for the ride with those binaries, you might be able to try it out using one of the "testdrive" systems first:

http://www.testdrive.hp.com/

there is no rest for the wicked yet the virtuous have no pillows

Lynne Seamans · ‎08-29-2006

Yeah, i know, i had looked into upgrading earlier this year... didn't get a lot of buy in from the DBA's though. Believe it or not, COBOL in the application is the issue.

Lynne Seamans · ‎08-30-2006

Wow, I have a usable "tcpdump"!

"gutted" print-isoclns.c, and then got some errors at the end:
usr/ccs/bin/ld: Unsatisfied symbols:
isoclns_print (first referenced in print-chdlc.o) (code)

BUT it still made the executable, which does what i need it to do.

So, Rick, i will GLADY write this up, but it seems not really "correct" enough. Whatever you think, and i can't thank you enough for all your assistance.

(i'm nagging about 11.0 -> 11.23 upgrades too)

rick jones · ‎08-30-2006

While the gutting isn't really the "right" fix, letting the tcpdump-workers mailing list know about the issue would be the first step towards fixing it.

As for the unresolved symbols bit, you could tweak the gutting by either removing calls to the routine from elsewhere, or making the routine a noop (ie just return) rather than not being there at all.

Upgrading to newer OS and hardware will be thanks enough :)

there is no rest for the wicked yet the virtuous have no pillows

Banibrata Dutta · ‎08-31-2006

I know that you've got tcpdump working, but I hope you are aware of the fact that, "nettl" is a very powerful tool on hp-ux. You can grab all the network traffic (and do filtering on it). The dump file created, can be read & effortlessly decoded by Ethereal. So if you have the luxery of running Ethereal on a different host, and willing to FTP the capture-dump file around (just once actully), you have a very powerful combo.

AFIAK, tcpdump cannot capture packets sent thru the localhost & also between applications sitting on same host (though using the non-localhost IP's for comm.). They simply don't reach deep enough in the network stack, for libpcap to be able to read them. This used to the fact until 2 yrs back, not sure if this has changed now.

-bd

rick jones · ‎09-01-2006

Indeed, one cannot use tcdpump to trace loopback traffic under HP-UX. That is a limitation of promiscuous mode in HP-UX used by libpcap. 'Tcpdump' in and of itself doesn't care.

WRT "local" traffic to the other assigned IPs, there is a bit of a kludge one could use if necessary. You can used ndd to set "ip_loopback_bypass" to force traffic to local IPs to go to the driver(s). This then sends them past the promiscuous taps and so the traffic should become visible to libpcap. IIRC "ip_loopback_bypass" is in the "unsupported" category (eg be careful kids)

there is no rest for the wicked yet the virtuous have no pillows

Lynne Seamans · ‎09-01-2006

Thanks, Barbara, and yes, i was aware of nettl, and have even tried to use it, but i just wasn't smart enough, i guess, to understand what i needed to do.

Maybe the idea that i could dump and ftp to a machine with ethereal might change my mind, but nettl made me feel dumb.

Banibrata Dutta · ‎09-01-2006

It is true to using "nettl" to capture IP traffic might seem a little daunting at first, but once you get hang of it, it's a easy.

Here's a little how-to:

1) Stop all tracing
nettl -tf -e all

2) Start IP traffic capture, and then Start the TCP/IP test case nettl -tn all -e ns_ls_ip -usize 1024 -tracemax 99999 -f /tmp/tf

3) Stop all tracing
nettl -tf -e all

After tracing is stopped, you'd fine one or two files in /tmp/tf000 & maybe /tmp/tf001.

These files are directly readable by Ethereal/Wireshark, with all it's glorious decoding.

Lynne Seamans · ‎09-05-2006

fyi, i sent the saga off to tcpdump-workers.

also, i do appreciate the hint on using nettl, i'm going to give it a try!

Lynne Seamans · ‎08-21-2007

problem solved and documented

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: libpcap (for tcpdump) compile

libpcap (for tcpdump) compile