> What is the "correct" version of libpcap for Linux out there?
> I've seen one at: http://www.inner.net/pub/ipv6/ (by Craig Metz)
> and one at: http://tango.netpedia.net/ (by Alexey Kuznetsov).
Good question.
Any version that doesn't have the 990417 version of Alexey's patch is
probably "good enough" for many purposes, including supporting Ethereal,
as long as it also has the patch on the Ethereal Web site to make
timeouts in "pcap_open_live()" work. (Versions *with* that patch
exhibit the problem being discussed here. Later versions of his patch
change the magic number for the modified file format - and can read
files in either the new format or the old, as long as the new-format
files have the right magic number.)
I have the impression that there're tons of patches for "libpcap" out
there, which may in part be because...
> Is libpcap being actively maintained at ftp://ftp.ee.lbl.gov/ anymore?
> I read somewhere that Van Jacobson left that place and is now
> at Cisco.
...there aren't any signs, at least not obvious to me, that anybody at
LBL NRG is maintaining it. The last mod time on "libpcap.tar.Z" is
1999-04-05, and it's a symlink to "libpcap-0.4.tar.Z", whose last mod
time is 1998-07-25.
The NRG's home page at
http://www-nrg.ee.lbl.gov/nrg.html
says:
Past and Present Group Staff
Sally Floyd (at ACIRI as of February 1999)
Craig Leres
Vern Paxson (at ACIRI as of February 1999)
Van Jacobson, Group Leader (at Cisco since late 1998)
Kevin Fall (at UCB since late 1998)
Steven McCanne (at UCB since 1997)
But don't worry, all of the old email addresses will still work...
which seems to indicate that most of them are "Past" rather than
"Present".
The baton may have been picked up by the folks at "tcpdump.org"; the
page at
http://www.tcpdump.org/
says:
This page was started to collect various patches that have been
floating around for LBL's tcpdump and libpcap programs.
and they have a CVS tree with their versions of "libpcap" and "tcpdump".
I plan to check whether the "pcap-linux.c" in their "libpcap" has
patches to make timeouts work; if not, I'll send them our patch, along
with another patch I have to fix an irritating bug in "pcap_compile()"
that can cause a failure to parse a capture-filter expression to make
all *subsequent* attempts to parse a capture-filter expression fail
*even though the subsequent attempts were given a valid capture filter
expression*.
Some or all of the patches at the sites you list may have their patches
incorporated into the "tcpdump.org" version - Alexey's on the
"tcpdump-workers@xxxxxxxxxxx" mailing list.
(The "tcpdump.org" version isn't a Linux version, it's a version for
UNIX-flavored OSes in general, including but not limited to Linux, or
any of the BSDs, or....)
BTW, whatever changes *you've* had to make to "libpcap" to make it work
with AIX should be sent to them as well.
