1 Currently only operating systems running on Linux kernels with the option
2 CONFIG_PACKET_MMAP enabled. This feature can be found even back to the days of
3 2.4 kernels. Most operating systems ship pre-compiled kernels that have this
4 config option enabled and even the latest kernel versions got rid of this
5 option and have this functionality already built-in. However, we recommend a
6 kernel >= 2.6.31, because the TX_RING is officially integrated since then. In
7 any case, if you have the possibility, consider getting the latest kernel from
8 Linus' Git repository, tweak and compile it, and run this one!
10 A note for distribution package maintainers can be found at the end of the file.
12 What additional tools are required to build netsniff-ng?
15 - flex, bison (bpfc, trafgen)
17 What libraries are required?
19 - libncurses (ifpps, flowtop)
20 - libGeoIP >=1.4.8 (astraceroute, flowtop)
22 - libnetfilter-conntrack (flowtop)
24 - libnl3 (netsniff-ng, trafgen)
26 For experimental tools (mausezahn branch):
32 What additional tools are recommended after the build?
38 It is common, that these libraries are shipped as distribution packages
39 for an easy installation. We try to keep this as minimal as possible.
41 One-liner installation for *all* dependencies on Debian:
43 $ sudo apt-get install ccache flex bison libnl-3-dev \
44 libnl-genl-3-dev libgeoip-dev libnetfilter-conntrack-dev \
45 libncurses5-dev liburcu-dev libnacl-dev libnet1-dev \
46 libpcap-dev libcli-dev
48 One-liner installation for *all* dependencies on Fedora:
50 $ sudo yum install ccache flex bison ccache libnl3-devel \
51 GeoIP-devel libnetfilter_conntrack-devel ncurses-devel \
52 userspace-rcu-devel nacl-devel libnet-devel libpcap-devel \
55 After downloading the netsniff-ng toolkit, you should change to 'src':
59 The installation (deinstallation) process done by make is fairly simple:
66 (or for both at once: # make mrproper)
68 You can also build only a particular tool, e.g.:
71 # make trafgen_install
73 (# make trafgen_distclean)
74 ($ make trafgen_clean)
76 Currently mausezahn is experimental and not included in the default repository
79 $ git pull origin with-mausezahn
81 This means if you want to use mausezahn, you have to execute 'make mausezahn'
82 for a build. This will be changed at the time when we have cleaned up and
83 fixed the imported code.
85 If you want to build all tools, but curvetun (i.e. because you don't need
86 the tunneling software and the NaCl build process lasts quite long):
89 # make install_allbutcurvetun
93 In order to build curvetun, libnacl must be built first. A helper script
94 called build_nacl.sh is there to facilitate this process. If you want to
95 build NaCl in the directory ~/nacl, the script should be called this way:
98 $ ./build_nacl.sh ~/nacl
100 There's also an abbreviation for this by simply typing:
104 This gives an initial output such as "Building NaCl for arch amd64 on host
105 fuuubar (grab a coffee, this takes a while) ...". If the automatically
106 detected architecture (such as amd64) is not the one you intend to compile
107 for, then edit the (cc="gcc") variable within the build_nacl.sh script to
108 your cross compiler. Yes, we know, the build system of NaCl is a bit of a
109 pain, so you might check for a pre-built package from your distribution in
110 case you are not cross compiling.
112 If NaCl already has been built on the target, it is quicker to use
113 nacl_path.sh this way:
116 $ ./nacl_path.sh ~/nacl/build/include/x86 ~/nacl/build/lib/x86
118 When done, netsniff-ng's build infrastructure will read those evironment
119 variables in order to get the needed paths to NaCl.
121 In case you have to manually install libgeoip in version 1.4.8 or higher, you
122 can also use the provided helper script called build_geoip.sh from the
123 src/astraceroute directory (depending on your distribution, you might want to
124 adapt paths within the script):
126 $ cd src/astraceroute
129 Again, there's also an abbreviation for this by simply typing:
133 For downloading the latest GeoIP database, you should use the script that
134 is located at scripts/geoip-database-update, or use:
138 If you're unsure with any make targets, check out: make help
140 In order to run the toolkit as a normal user, set the following privilege
141 separation after the build/installation:
143 $ sudo setcap cap_net_raw,cap_ipc_lock,cap_sys_admin,cap_net_admin=eip {toolname}
145 Man pages are generated out of the files from Documentation/Manpages dir.
146 They are written in asciidoc format. For this, you need the tool asciidoc which
147 is distributed with on most Linux systems.
149 For bpfc, we also have a Vim syntax highlighting file. Have a look at
150 scripts/bpf.vim for installation instructions.
152 netsniff-ng has been successfully tested on x86 and x86_64. It should also run
153 on most other major architectures. However, since we don't have a possibility
154 to test it, please drop us a short mail, if it runs successfully on hardware
155 other than x86/x86_64.
157 For using TUN/TAP devices as a user, e.g. create a file called
158 src/50-tuntap.rules in /etc/udev/rules.d/ with ...
160 KERNEL=="tun",NAME="net/%k",GROUP="netdev",MODE="0660",OPTIONS+="ignore_remove"
162 ... and restart the udev daemon. Add yourself to the "netdev" group.
164 Add the flag -D__WITH_HARDWARE_TIMESTAMPING=1 into src/Makefile for
165 hardware timestamping support. Note that your kernel must be configured for
166 this (e.g. to ship the linux/net_tstamp.h header file).
168 The following warnings can be seen when compiling bpfc with flex 2.5.35 and
170 - redundant redeclaration of ‘isatty’
171 - cannot optimize loop, the loop counter may overflow
173 Those two warnings occur on generated C code produced by flex and bison and
174 there is no possibility on our side to fix them while staying with both tools.
176 Similar to that, gcc will throw a warning on strchr(3) which is a false
177 positive (http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36513) from glibc:
178 - warning: logical ‘&&’ with non-zero constant will always evaluate as true
180 For cross-compiling netsniff-ng, the process is faily simple. Assuming you
181 want to build netsniff-ng for the Microblaze architecture, update the PATH
182 variable first, e.g.:
184 $ export PATH=<cc-tools-path>/microblazeel-unknown-linux-gnu/bin:$PATH
186 And then, build the toolkit like this:
188 $ make CROSS_COMPILE=microblazeel-unknown-linux-gnu- \
189 CROSS_LD_LIBRARY_PATH=<cc-lib-search-path>
191 Note that some adaptations might be necessary regarding the CFLAGS, since not
192 all might be supported by a different architecture.
194 For doing a debug build of the toolkit with less optimizations and non-stripped
199 For debugging the build system, full commands are shown if every make target is
204 Concerning packaging the toolkit for a Linux distribution, by default,
205 netsniff-ng has some architecture-specific tuning options enabled that don't
206 belong into a package binary of a distribution. Hence, you might want to adapt
207 some build-related things before starting to package the toolkit. All
208 necessary things (e.g., CFLAGS,WFLAGS) can be found in src/Makefile. Hence,
209 you need to adapt it there. You can then build and install the toolkit into
210 a prefixed path like:
212 $ make PREFIX=<path-prefix-for-package>
213 $ make PREFIX=<path-prefix-for-package> install
215 Thanks for maintaining netsniff-ng in your distribution. Further questions
216 will be answered on the public mainling list.