Fixing of libpcap for iOS

[demhademha]

On iOS, the file <sys/_endian.h> is required for compilation. Although doingsed -i '1s/^/#include \<sys\/_endian.h>/' *.c` does fix the issue, it'd be nice to fix the underlying issue.

kind regards

[guyharris]

On iOS, the file <sys/_endian.h> is required for compilation.

Why?

What fails if it's not included?

(Without knowing that, we don't know what "the underlying issue" is, and thus can't "fix the underlying issue".)

[demhademha]

The error log can be found at : https://paste.debian.net/1203539/ Using autotools as the build system also produces the same error. The header: sys/_endian.h is required to include this function Kind regards

[guyharris]

What happens if you run the C compiler from the command line, with a "foo.c" file containing

#include <arpa/inet.h>

int
foo(int bar)
{
    return htonl(bar);
}

and with:

• the argument -I /var/mobile/theos/sdks/iPhoneOS14.3.sdk/usr/include
• whatever arguments are necessary to get it to generate ARM64 code for iOS?

[demhademha]

The test binary successfully compiles

[guyharris]

So what compiler commands are being used to compile libpcap?

[demhademha]

    -DCMAKE_BUILD_TYPE=Release -DCMAKE_CROSSCOMPILING=true
    -DCMAKE_SYSTEM_NAME=Darwin -DCMAKE_SYSTEM_PROCESSOR=aarch64
    -DCMAKE_C_FLAGS="-Os -flto=thin -arch arm64 -isysroot /var/mobile/theos/sdks/iPhoneOS14.3.sdk -miphoneos-version-min=14.0 -isystem /var/mobile/backp/Ahmed/Procursus/build_base/iphoneos-arm64/1700/usr/include -isystem /var/mobile/backp/Ahmed/Procursus/build_base/iphoneos-arm64/1700/usr/local/include -F/var/mobile/backp/Ahmed/Procursus/build_base/iphoneos-arm64/1700/System/Library/Frameworks -F/var/mobile/backp/Ahmed/Procursus/build_base/iphoneos-arm64/1700/Library/Frameworks"
    -DCMAKE_CXX_FLAGS="-Os -flto=thin -arch arm64 -isysroot /var/mobile/theos/sdks/iPhoneOS14.3.sdk -miphoneos-version-min=14.0 -isystem /var/mobile/backp/Ahmed/Procursus/build_base/iphoneos-arm64/1700/usr/include -isystem /var/mobile/backp/Ahmed/Procursus/build_base/iphoneos-arm64/1700/usr/local/include -F/var/mobile/backp/Ahmed/Procursus/build_base/iphoneos-arm64/1700/System/Library/Frameworks -F/var/mobile/backp/Ahmed/Procursus/build_base/iphoneos-arm64/1700/Library/Frameworks"
    -DCMAKE_FIND_ROOT_PATH=/var/mobile/backp/Ahmed/Procursus/build_base/iphoneos-arm64/1700
    -DCMAKE_INSTALL_NAME_TOOL=/usr/bin/install_name_tool
    -DCMAKE_INSTALL_PREFIX=/usr
    -DCMAKE_INSTALL_NAME_DIR=/usr/lib
    -DCMAKE_INSTALL_RPATH=/usr
    -DCMAKE_INSTALL_SYSCONFDIR=/etc
    -DCMAKE_OSX_SYSROOT="/var/mobile/theos/sdks/iPhoneOS14.3.sdk"
    -DCMAKE_OSX_ARCHITECTURES="arm64" 
    -DINET6=ON
    -DPCAP_TYPE=bpf
    ..

[guyharris]

So is this build being done on Debian, macOS, or some other OS?

[demhademha]

This build is being done from an ios device. Essentially, build=aarch64-apple-darwin --host=aarch64-apple-darwin However, the build system is not relevant to this issue Kind regards

[guyharris]

This build is being done from an ios device.

So you're running the compiler on an iPhone or iPod touch (or an iPad - iPadOS and iOS are similar enough that it wouldn't make much of a difference here)?

However, the build system is not relevant to this issue

It is unwise to make that assumption.

[demhademha]

This build is being done from an ios device.

So you're running the compiler on an iPhone or iPod touch (or an iPad - iPadOS and iOS are similar enough that it wouldn't make much of a difference here)? Correct

However, the build system is not relevant to this issue

It is unwise to make that assumption. Perhaps, but, the issue is that only <sys/_endian.h> contains the required function which libpcap needs. Do note, that the iOS and macos SDKs are different

[guyharris]

Perhaps, but, the issue is that only <sys/_endian.h> contains the required function which libpcap needs. Do note, that the iOS and macos SDKs are different

Do note that, in the macOS SDK provided as part of Xcode 12.5.1, only <sys/_endian.h> contains the definitions of htonl() etc. and that <arpa/inet.h> include <machine/_endian.h> and <sys/_endian.h>.

Do also note that the <sys/_endian.h> and <arpa/inet.h> in the iOS SDK provided as part of Xcode 12.5.1 are identical to the <sys/_endian.h> and <arpa/inet.h> in the macOS SDK provided as part of Xcode 12.5.1.

And note, while we're at it, that libpcap builds on macOS.

Perhaps there's something wrong with the iOS SDK you're using, or with the way you're running the compiler.

[mcr]

On to the why is the even a thing to care about: will any iOS systems (phone, tablet) actually ever git the right root permissions to do live captures? I suppose though, that one might use a tablet to look at dead captures, or maybe even use rpcapd to another system?

[demhademha]

On to the why is the even a thing to care about: will any iOS systems (phone, tablet) actually ever git the right root permissions to do live captures? Jailbroken devices do in fact give access to root. Access to things such as tcpdump (which requires libpcap) would be beneficial to people (such as researchers).
I suppose though, that one might use a tablet to look at dead captures, or maybe even use rpcapd to another system?

The idea of me creating this issue was to see if we could resolve the libpcap compilation for ios, without requiring the previously mention patch.

[guyharris]

will any iOS systems (phone, tablet) actually ever git the right root permissions to do live captures?

The submitter says they're running the compiler on an iPhone, so they're presumably doing this on a jailbroken iPhone. Those systems can do live captures; apparently there's even a Cydia package for tcpdump.

(Of course, iOS/iPadOS have their own way to let you run tcpdump/Wireshark/whatever on a Mac into which an iPhone/iPod touch/iPad is plugged - see "Set Up iOS Packet Tracing".)

[infrastation]

Dear bug reporter, please provide complete steps to reproduce and any other information required to identify the root cause.

[infrastation]

If anybody sees a good reason to keep this issue open, please tell it. Without further feedback it will be closed in 14 days.

[infrastation]

It is time.