This is a new ebuild to add Phil Wood's version of libpcap to portage. This version of libpcap supports ring buffers to enable increased packet capture performance. The repoman has been paid but he still complains about the BSD license. Will this prevent it from being added to portage? Reproducible: Always # repoman full RepoMan scours the neighborhood... ebuild.allmasked 1 net-libs/libpcap-ringbuffer ebuild.badheader 1 net-libs/libpcap-ringbuffer/libpcap-ringbuffer-0.9.8.20081022.ebuild: Invalid Gentoo Copyright on line: 1 upstream.workaround 1 net-libs/libpcap-ringbuffer/libpcap-ringbuffer-0.9.8.20081022.ebuild: Upstream parallel compilation bug (ebuild calls emake -j1 on line: 52) Note: use --include-dev (-d) to check dependencies for 'dev' profiles RepoMan sez: "You're only giving me a partial QA payment? I'll take it this time, but I'm not happy."
Created attachment 187720 [details] libpcap-ringbuffer-0.9.8.20081022.ebuild New ebuild for libpcap-ringbuffer
Created attachment 187722 [details] metadata.xml
Created attachment 187724 [details, diff] libpcap-ringbuffer-0.9.8.20081022-makefile.patch Patch file required to make some pre-compile time adjustments
Created attachment 187726 [details] 90libpcap-ringbuffer.envd This version of libpcap uses some environment variables to control the size of the ring buffer and how much memory is allotted to packet capturing. This file will be place in /etc/env.d for the user to control these settings.
add myself to CC list
(In reply to comment #5) > add myself to CC list Not necessary as you're the reporter of the bug and receive mails on changes anyway.
Thank you for report, Jason. But as far as I know libpcap-1.0.0 already has required ringbuffer implementation, and that was the reason we dropped from portage tree (bug 208702). Why do you think this package is still required in the main tree? Currently resolving bug as WONTFIX.
(In reply to comment #7) > Thank you for report, Jason. But as far as I know libpcap-1.0.0 already has > required ringbuffer implementation, and that was the reason we dropped from > portage tree (bug 208702). Why do you think this package is still required in > the main tree? Currently resolving bug as WONTFIX. > I would really like to see this package added to portage for a number of reasons... 1) Phil Wood's version of libpcap provides far superior packet capture than even libpcap-1.0. 2) libpcap-ringbuffer provides a user configurable ring buffer size via the environment variables PCAP_FRAMES or PCAP_MEMORY. This is extremely useful. 3) libpcap-ringbuffer provides user configurable statistical information about the traffic being captured. This information can be printed to the screen or redirect to a file. This is not provided by libpcap-1.0. 0 Start date and time 1 Packets processed 2 Packets dropped 3 Packets total 4 Packets ignored 5 Packets seen by device (in and out) 6 Bytes seen by device (in and out) 7 Bytes received 8 Number of times poll system call called 9 Current ring buffer index 10 Maximum number of frames pulled from ring before having to poll 11 Specious signal to pull frames from ring 12 Elapsed time between first and last packet seen during sample time 13 Received errors 14 Received drops 15 Transfer errors 16 Transfer drops 17 Multicast packet count (the Packets total includes this number) 4) There are numerous configuration options available to the user that are not available with libpcap-1.0... PCAP_SNAPLEN think tcpdump -s PCAP_PROMISC -1 = promiscous -2 = not promiscuous PCAP_TO_MS variable meanings, think milliseconds(ms) to wait for a packet, but read the note regarding to_ms above. PCAP_RAW 2 = cooked mode PCAP_PROTO ip,ipv6,arp,rarp,802.2,802.3,lat,dec,atalk,aarp,ipx,x25 PCAP_MADDR requires hex string which will override PCAP_PROMISC PCAP_FRAMES greater than 0 up to n. (n is found experimentally.) PCAP_MEMORY set to how much free memory (in Kbytes) you are willing to allocate. (preferred method.) PCAP_VERBOSE print informative messages, since old app doesn't see them. PCAP_STATS print pcap statistics to stderr every PCAP_PERIOD ms. Stats will also be printed whenever pcap_read, pcap_dispatch, and pcap_loop return to the calling program. PCAP_TIMEOUT return errno "ETIMEDOUT" when packet time is greater than value provided (eg PCAP_TIMEOUT=1044406300 will cause tcpdump to quit on Mon Feb 4 17:51:40 MST 2003). PCAP_PERIOD milliseconds between stats (will not cause pcap_dispatch to return, will generate stats). 5) This version is specifically mentioned in the snort docs... http://www.snort.org/docs/snort_htmanuals/htmanual_2832/node402.html A quick search on the archives of the snort-user mailing list will show that a lot of users use this package. Even if libpcap-ringbuffer didn't provide any of this, why not add it? There is no harm in giving the user a 2ed libpcap option. The virtual is already in place to support it. Is there anything else I need to provide to help move this along?
