Ethereal-users: Re: [ethereal-users] HP-UX 11.0 and capturing permission problem

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 23 Dec 1999 16:46:43 -0800 (PST)
> Perhaps this means that "pcap-dlpi.c" in "libpcap" needs to handle HP-UX
> differently, and find (if possible) the PPA of the interface whose name
> it was handed, and act as if you'd specified "dlpiN" rather than the
> name.  If so, then the two differences may be the same - "/dev/dlpi0"
> isn't a network interface, so you can't do an SIOCGIFADDR on it, and it
> doesn't show up in the list from SIOCGIFCONF.

It looks as if the version to which Rick Jones referred might do that. 
I've attached the latest version of "README.hpux", with a bunch of new
stuff I added and checked in; it discusses that.

(I'm currently exchanging mail with Rick on his stuff; I'd like to get
his changes into the "tcpdump.org" version, along with any stuff Craig
Rodrigues does for AIX, and some stuff I'm doing - by remote control, as
I have no IRIX machine handy - for IRIX.)
The Software Porting And Archive Centre for HP-UX, at

	http://hpux.csc.liv.ac.uk/

(and with mirrors in various countries, listed on the Centre's home
page) has ported versions, in both source and binary form, for Ethereal,
as well as for the "libpcap", GLib, GTK+, "zlib", and CMU SNMP libraries
that it uses.

The changes they've made appear largely to be compile option changes; if
you've downloaded the source to the latest version of Ethereal (the
version on the Centre's site may not necessarily be the latest version),
it should be able to compile, perhaps with those changes.

They appear to have used HP-UX's "cc" compiler, with the options "-Ae
-O"; there's a comment "Add -Dhpux_9 if building under 9.X".  It may
also build with GCC.

If you want to use Ethereal to capture packets, you will have to install
"libpcap"; the INSTALL file for "libpcap" has several comments about
HP-UX, which you should read if you're going to install and use
"libpcap" on HP-UX.

Another note, from a mail message to the "ethereal-users" list:

  Date: Wed, 22 Dec 1999 09:05:47 -0600 (EST)
  From: Gerald Combs <gerald@xxxxxxxx>
  To: Lothar Seitter <lothar.seitter@xxxxxxxxxxxx>
  cc: ethereal-users@xxxxxxxx
  Subject: Re: [ethereal-users] permission problem with capturing

  On Wed, 22 Dec 1999, Lothar Seitter wrote:

  > running 'ethereal' under HP-UX 11 with root permission and
  > /dev/lan0 set to 777, I always get the message:
  > "There are no network interfaces that can be opened.
  > Please to make sure you have sufficient permission to 
  > capture packets."
  > 
  > I start ethereal with 'etheral -i lan0' and lan0 is definitely
  > the lan interface.
  > 
  > What am I missing???

  You may need to reference the card's DLPI device directly.  We were having
  trouble getting Ethereal to capture on an HP-UX 10.20 machine here.  I
  found an article on Deja News that says:

  "To access a particular interface, you would say "tcpdump -i /dev/dlpiN"
  where N is the PPA of the interface you wish to use. You get the PPA by
  looking at the output of lanscan. On 10.20, it is the same value as the
  NMID. On 11.X, it is the Card Instance number."

  This didn't help in our case, but it might in yours.  The full article is
  at http://x34.deja.com/[ST_rn=ps]/getdoc.xp?AN=549366486 .

  Another article by the same author mentions that experimental versions of
  libpcap and tcpdump are available at
  ftp://ftp.cup.hp.com/dist/networking/tools/ .  The article itself is at
  http://x34.deja.com/[ST_rn=ps]/getdoc.xp?AN=558665378 .

The first of those articles also says:

  BTW, before you have to make a follow-up post, you will find that
  unless you have the latest lan common/DLPI/driver patches installed,
  you will _not_ see the system's own outbound traffic.

It appears that a consequence of the fact that HP-UX's DLPI doesn't work
like Solaris's, in that, on Solaris, to get at the device "hme0", say,
"libpcap" has to open "/dev/hme" and then tell it to use the 0th
interface, whilst on HP-UX you have to go through "/dev/dlpi", you won't
get a list of interfaces in the dialog box for "Capture:Start" - you'll
have to do through the aforementioned song and dance to find the PPA of
the interface you want to use, and supply the "dlpiN" name by hand (I
think you can omit the "/dev/" in both "tcpdump" and Ethereal).

The experimental stuff to which the second article refers is a STREAMS
module that implements BPF-style filtering and buffering, an
experimental version of "libpcap-0.4" that pushes that STREAMS module,
and source to "tcpdump-3.4".

The STREAMS module is in source form - no binary has been provided. 
It's in

	ftp://ftp.cup.hp.com/dist/networking/tools/bpfmod/bpfmod_0.1.tar.gz

"libpcap" and "tcpdump" are in both source and binary form; they're in

	ftp://ftp.cup.hp.com/dist/networking/tools/bpfmod/tcpdump_bpfmod.tar.gz

NOTE: the "libpcap" source has "pcap-bpfmod.c" and "pcap-dlpi.c" and
"pcap-dlpi.c.real".

"pcap-dlpi.c.real" appears to be the "libpcap-0.4" "pcap-dlpi.c"
modified to push the BPF STREAMS module but not to do anything with it.

"pcap-dlpi.c" is the same as "pcap-bpfmod.c".

"pcap-bpfmod.c"/"pcap-dlpi.c" appears to have had a pile of stuff
removed (e.g., the SunOS 5/Solaris support), and stuff added to try to
do the "find the PPA for the interface and do the right thing" stuff
alluded to above, and to push the BPF STREAMS module - however, it
doesn't appear to include anything to hand the BPF filter to the STREAMS
module or otherwise use it.