From 1dc671862177ab2969f811ca0e1cb8b3050c775d Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Wed, 7 Sep 2022 10:52:38 +0200 Subject: [PATCH] af_packet: Remove FindKernelHeaders, not needed There's been some wondering why kernel headers are required to compile this plugin as it's not providing a kernel module or otherwise provides functionality related to kernel APIs. AF_PACKET sockets are provided through user-space APIs. There may have been historical reasons, but let's move forward and remove the dependency. Fixes #29 #24 --- src/iosource/af_packet/CMakeLists.txt | 23 +++++++---------------- src/iosource/af_packet/README | 8 +++++--- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/src/iosource/af_packet/CMakeLists.txt b/src/iosource/af_packet/CMakeLists.txt index 6a01b8d691..66bf28de1d 100644 --- a/src/iosource/af_packet/CMakeLists.txt +++ b/src/iosource/af_packet/CMakeLists.txt @@ -5,22 +5,13 @@ project(ZeekPluginAF_Packet) include(ZeekPlugin) -find_package(KernelHeaders) - -if ( KERNELHEADERS_FOUND ) - #TODO: Make sure the specified kernel headers are used - zeek_plugin_begin(Zeek AF_Packet) - zeek_plugin_cc(src/Plugin.cc) - zeek_plugin_cc(src/AF_Packet.cc) - zeek_plugin_cc(src/RX_Ring.cc) - zeek_plugin_bif(src/af_packet.bif) - zeek_plugin_dist_files(zeekctl/af_packet.py README COPYING VERSION) - zeek_plugin_end() - - message(STATUS "Kernelheader prefix : ${KERNELHEADERS_ROOT_DIR}") -else () - message(FATAL_ERROR "Kernel headers not found.") -endif() +zeek_plugin_begin(Zeek AF_Packet) +zeek_plugin_cc(src/Plugin.cc) +zeek_plugin_cc(src/AF_Packet.cc) +zeek_plugin_cc(src/RX_Ring.cc) +zeek_plugin_bif(src/af_packet.bif) +zeek_plugin_dist_files(zeekctl/af_packet.py README COPYING VERSION) +zeek_plugin_end() file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1) diff --git a/src/iosource/af_packet/README b/src/iosource/af_packet/README index 31350ec41d..506f5485c7 100644 --- a/src/iosource/af_packet/README +++ b/src/iosource/af_packet/README @@ -5,19 +5,21 @@ This plugin provides native AF_Packet support for Zeek. For details about AF_Pac ## Installation -Before installing the plugin, make sure the kernel headers are installed and your kernel supports PACKET_FANOUT[^1] and TPACKET_V3. +Before installing the plugin, make sure your kernel supports PACKET_FANOUT[^1] and TPACKET_V3. ### Package Manager + The plugin is available as package for the [Zeek Package Manager](https://github.com/zeek/package-manager) and can be installed using the following command: zkg install zeek-af_packet-plugin ### Manual Install -The following will compile and install the AF_Packet plugin alongside Zeek, assuming it can find the kernel headers in a standard location: + +The following will compile and install the AF_Packet plugin alongside Zeek:: # ./configure && make && make install -If the headers are installed somewhere non-standard, add `--with-kernel=` to the `configure` command. Furthermore, `--with-latest-kernel` will use the latest headers available instead of looking for the headers matching the running kernel's version. If everything built and installed correctly, you should see this: +If everything built and installed correctly, you should see this:: # zeek -NN Zeek::AF_Packet Zeek::AF_Packet - Packet acquisition via AF_Packet (dynamic, version 3.2.0)