Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

af_packet: Remove FindKernelHeaders, not needed

Browse source 
There's been some wondering why kernel headers are required to compile
this plugin as it's not providing a kernel module or otherwise provides
functionality related to kernel APIs. AF_PACKET sockets are provided
through user-space APIs.

There may have been historical reasons, but let's move forward and
remove the dependency.

Fixes #29 #24
This commit is contained in:
Arne Welzel 2022-09-07 10:52:38 +02:00 committed by Tim Wojtulewicz
parent 46f364c3dd
commit 1dc6718621
2 changed files with 12 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/iosource/af_packet/CMakeLists.txt
View file

@ -5,22 +5,13 @@ project(ZeekPluginAF_Packet)
include(ZeekPlugin)
find_package(KernelHeaders)
if ( KERNELHEADERS_FOUND )
#TODO: Make sure the specified kernel headers are used
zeek_plugin_begin(Zeek AF_Packet)
zeek_plugin_cc(src/Plugin.cc)
zeek_plugin_cc(src/AF_Packet.cc)
zeek_plugin_cc(src/RX_Ring.cc)
zeek_plugin_bif(src/af_packet.bif)
zeek_plugin_dist_files(zeekctl/af_packet.py README COPYING VERSION)
zeek_plugin_end()
message(STATUS "Kernelheader prefix : ${KERNELHEADERS_ROOT_DIR}")
else ()
message(FATAL_ERROR "Kernel headers not found.")
endif()
zeek_plugin_begin(Zeek AF_Packet)
zeek_plugin_cc(src/Plugin.cc)
zeek_plugin_cc(src/AF_Packet.cc)
zeek_plugin_cc(src/RX_Ring.cc)
zeek_plugin_bif(src/af_packet.bif)
zeek_plugin_dist_files(zeekctl/af_packet.py README COPYING VERSION)
zeek_plugin_end()
file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1)

8
src/iosource/af_packet/README
View file

@ -5,19 +5,21 @@ This plugin provides native AF_Packet support for Zeek. For details about AF_Pac
## Installation
Before installing the plugin, make sure the kernel headers are installed and your kernel supports PACKET_FANOUT[^1] and TPACKET_V3.
Before installing the plugin, make sure your kernel supports PACKET_FANOUT[^1] and TPACKET_V3.
### Package Manager
The plugin is available as package for the [Zeek Package Manager](https://github.com/zeek/package-manager) and can be installed using the following command:
zkg install zeek-af_packet-plugin
### Manual Install
The following will compile and install the AF_Packet plugin alongside Zeek, assuming it can find the kernel headers in a standard location:
The following will compile and install the AF_Packet plugin alongside Zeek::
# ./configure && make && make install
If the headers are installed somewhere non-standard, add `--with-kernel=<kernel-header-directory>` to the `configure` command. Furthermore, `--with-latest-kernel` will use the latest headers available instead of looking for the headers matching the running kernel's version. If everything built and installed correctly, you should see this:
If everything built and installed correctly, you should see this::
# zeek -NN Zeek::AF_Packet
Zeek::AF_Packet - Packet acquisition via AF_Packet (dynamic, version 3.2.0)