1*0036d835SchristosUsing BPF: 2*0036d835Schristos 3*0036d835Schristos(1) AIX 4.x's version of BPF is undocumented and somewhat unstandard; the 4*0036d835Schristos current BPF support code includes changes that should work around 5*0036d835Schristos that; it appears to compile and work on at least one AIX 4.3.3 6*0036d835Schristos machine. 7*0036d835Schristos 8*0036d835Schristos Note that the BPF driver and the "/dev/bpf" devices might not exist 9*0036d835Schristos on your machine; AIX's tcpdump loads the driver and creates the 10*0036d835Schristos devices if they don't already exist. Our libpcap should do the 11*0036d835Schristos same, and the configure script should detect that it's on an AIX 12*0036d835Schristos system and choose BPF even if the devices aren't there. 13*0036d835Schristos 14*0036d835Schristos Also note that tcpdump _binary_ compiled on AIX 4 may have a problem 15*0036d835Schristos doing the initial loading of the BPF driver if copied to AIX 5 and 16*0036d835Schristos run there (GH #52). tcpdump binary natively compiled on AIX 5 should 17*0036d835Schristos not have this issue. 18*0036d835Schristos 19*0036d835Schristos(2) If libpcap doesn't compile on your machine when configured to use 20*0036d835Schristos BPF, or if the workarounds fail to make it work correctly, you 21*0036d835Schristos should send to tcpdump-workers@lists.tcpdump.org a detailed bug 22*0036d835Schristos report (if the compile fails, send us the compile error messages; 23*0036d835Schristos if it compiles but fails to work correctly, send us as detailed as 24*0036d835Schristos possible a description of the symptoms, including indications of the 25*0036d835Schristos network link-layer type being wrong or time stamps being wrong). 26*0036d835Schristos 27*0036d835Schristos If you fix the problems yourself, please submit a patch by forking 28*0036d835Schristos the branch at 29*0036d835Schristos 30*0036d835Schristos https://github.com/the-tcpdump-group/libpcap/issues 31*0036d835Schristos 32*0036d835Schristos and issuing a pull request, so we can incorporate the fixes into the 33*0036d835Schristos next release. 34*0036d835Schristos 35*0036d835Schristos If you don't fix the problems yourself, you can, as a workaround, 36*0036d835Schristos make libpcap use DLPI instead of BPF. 37*0036d835Schristos 38*0036d835Schristos This can be done by specifying the flag: 39*0036d835Schristos 40*0036d835Schristos --with-pcap=dlpi 41*0036d835Schristos 42*0036d835Schristos to the "configure" script for libpcap. 43*0036d835Schristos 44*0036d835SchristosIf you use DLPI: 45*0036d835Schristos 46*0036d835Schristos(1) It is a good idea to have the latest version of the DLPI driver on 47*0036d835Schristos your system, since certain versions may be buggy and cause your AIX 48*0036d835Schristos system to crash. DLPI is included in the fileset bos.rte.tty. I 49*0036d835Schristos found that the DLPI driver that came with AIX 4.3.2 was buggy, and 50*0036d835Schristos had to upgrade to bos.rte.tty 4.3.2.4: 51*0036d835Schristos 52*0036d835Schristos lslpp -l bos.rte.tty 53*0036d835Schristos 54*0036d835Schristos bos.rte.tty 4.3.2.4 COMMITTED Base TTY Support and Commands 55*0036d835Schristos 56*0036d835Schristos Updates for AIX filesets can be obtained from: 57*0036d835Schristos ftp://service.software.ibm.com/aix/fixes/ 58*0036d835Schristos 59*0036d835Schristos These updates can be installed with the smit program. 60*0036d835Schristos 61*0036d835Schristos(2) After compiling libpcap, you need to make sure that the DLPI driver 62*0036d835Schristos is loaded. Type: 63*0036d835Schristos 64*0036d835Schristos strload -q -d dlpi 65*0036d835Schristos 66*0036d835Schristos If the result is: 67*0036d835Schristos 68*0036d835Schristos dlpi: yes 69*0036d835Schristos 70*0036d835Schristos then the DLPI driver is loaded correctly. 71*0036d835Schristos 72*0036d835Schristos If it is: 73*0036d835Schristos 74*0036d835Schristos dlpi: no 75*0036d835Schristos 76*0036d835Schristos Then you need to type: 77*0036d835Schristos 78*0036d835Schristos strload -f /etc/dlpi.conf 79*0036d835Schristos 80*0036d835Schristos Check again with strload -q -d dlpi that the dlpi driver is loaded. 81*0036d835Schristos 82*0036d835Schristos Alternatively, you can uncomment the lines for DLPI in 83*0036d835Schristos /etc/pse.conf and reboot the machine; this way DLPI will always 84*0036d835Schristos be loaded when you boot your system. 85*0036d835Schristos 86*0036d835Schristos(3) There appears to be a problem in the DLPI code in some versions of 87*0036d835Schristos AIX, causing a warning about DL_PROMISC_MULTI failing; this might 88*0036d835Schristos be responsible for DLPI not being able to capture outgoing packets. 89