# Folks, 
#
# The linux version keeps track of time using the packet times provided by the
# kernel.  On a busy network (no waits between callbacks), libpcap will not make
# system calls.
#
# The major change to pcap-linux.c is it's use of the functionality found in
# pcap-ring.c.  This is where the MMAP functionality is called out.  Please
# read README.ring to get a feeling for the
# features available.
#
# Here are some basic linux make procedures to get yourself a pcap library.
#
# The following assumes that WORKING is set to something like /tmp.
# Also, the md5 checksum's are for example only.

  WORKING=/tmp
  VERSION=0.8
  YEAR=2004
  MM=01
  DD=15

You can find a complete libpcap release at the url below.

  cd $WORKING
  wget http://public.lanl.gov/cpw/libpcap-current.tar.gz
  openssl md5 < libpcap-current.tar.gz 
  # d254fe60530973e314c4149c9fadd0b1


# It is based on tcpdump.org libpcap for YEAR.MM.DD, but when expanded will
# be in a directory called libpcap-VERSION.YEARMMDD.  The following should make
# you a libpcap:

  cd $WORKING
  tar -zxf libpcap-current.tar.gz
  ln -s libpcap-$VERSION.$YEAR$MM$DD libpcap
  cd libpcap
  ./configure --prefix=/usr/local

# or ./configure --prefix=/usr --enable-shared

  make

# Once you have made the library, you could be so bold as to install it in the
# following manner (as root, if the prefix is in ld.so.conf):

#  sudo (cd $WORKING/libpcap; make install; ldconfig)

# But, you might want to wait on that, and try building an application that
# needs the library, like tcpdump:

  cd $WORKING
  wget http://tcpdump.org/daily/tcpdump-current.tar.gz
  tar -zxf tcpdump-current.tar.gz
  ln -s tcpdump-`date '+%Y.%m.%d'` tcpdump
  cd tcpdump
  ./configure
  make

  cat << EOF > /tmp/tst-pcap.sh
#!/bin/sh

PCAP_FRAMES=max PCAP_VERBOSE=1 PCAP_TO_MS=0 PCAP_PERIOD=10000 PCAP_STATS=0x1fff ./tcpdump -i eth0 -s 1514 -w /dev/null -c 100
EOF

# To test that tcpdump is compiled with the mmaped libpcap:

#  sudo sh /tmp/tst-pcap.sh

#               ^
#               You need around 52Mbytes of extra memory for this if you
#               use -s 1514
#
#               Not to mention some traffic on eth0!
#
# Assuming all went well you should start to see summary statistics which
# might assume some meaning after reading README.ring.
#
# Good luck,
#
# -- 
# Phil Wood, cpw@lanl.gov