hi,
I need to upgrade my libpcap library in a rhl machine running in 2.4.20-8 kernel. this machine runs squid, iptables, httpd, snmpd, mrtg, squidarg for the main sw's. the outgoing libpcap is libpcap-0.7.2-1 and the incoming is libpcap-0.9.4. i am thinking to run darkstat in this machine. can upgrading libpcap become nuisance, i mean can it adversely affect other running app's in this machine that depends on the old libpcap, i am so unsure how to think rationally here or what to backup before the upgrade.

Maybe you could install that new libpcap to a different location than the old one and compile your new programs with:

./configure --with-libpcap=/path/to/new/libpcap/
Look for right path options with: ./configure --help

Then you could use that old libpcap with old progs and the new libpcap with the new progs.

I havent had any problems when I have upgraded my libpcap but I think this would be a safe way of doing it, better safe than sorry ;-)

EDIT: I'm not sure if you can have 2 libpcaps in same box, maybe you should wait for someone to confirm if it is safe or not ..

Since it's RHL territory, why not found out the RHL way what requires libpcap? "rpm -q --whatrequires libpcap.so.0.7.2" should show which packages depend on it. Use "ldd" on non-static binaries that are not part of rpm's.

Libpcap is backward compatible and I haven't seen any real probs upgrading it. Sure you can have multiple versions to compile against or use / preload with (LD_LIBRARY_PATH), but unless you have custom-built SW that requires it you won't need it. If you would want to back something up it should be the original rpm (not --repackage): if it's still on mirrors that's unnecessary. BTW wrt updating, you're using Fedora Legacy, right?

how correct is this thing?

@unspawn
no i have no custom sw running in this machine and i am not using the fedora legacy updates. but i think i should, i think i should move it to some latest release or atleast upgrade the softwares, but this machine is constantly used 24/7/365, all the more reason to upgrade, but i think i have been following the theme of "if it's not broken, don't fix it" thing. i should plan to upgrade it.

how correct is this thing?
"This thing" aka the RPM database is correct for any well-formed data entered by installing packages: if it says "no" then there prolly are none.


no i have no custom sw running in this machine
If you distrust the RPM db or have custom packages you would do a "find" then either "ldd $binary|grep -q libpcap" or "nm $binary|grep -q pcap_version". An imperfect but fast way would be to look at what binaries do packet captures or need features, apart from specialist tools like P0f, Snort and rootkit sniffers most names match "^tcp.*" like tcpdump, tcptraceroute, tcpslice, etc, etc...


i am not using the fedora legacy updates. but i think i should
Yes you definately should. What deprecated and EOL'ed release are we talking about?

well now i check it out thoroughly, yeah there are a couple of other sw's running besides what i have already mentioned. chkrootkit, ntop are particularly the mains. these were not rpm installations BTW. beside ntop, i don't think chkrootkit would depend on the libpcap lib. ntop can be reinstalled again if it breaks. i just wanted to be sure the essential services like squid and iptables are not affected in anyway.

you are right unspawn, i am running an outdated, deprecated and EOL'ed release (its rhl 8 btw). its been up&running since aug 2003, my predecessor (who's still alive and kicking) configured it and i am actually just using it and using it hard. ok i will talk with him regarding a upgrade, you know i need to take permissions before i set out to do anything (but hey i am still root but). thanx for the guidance.

beside ntop, i don't think chkrootkit would depend on the libpcap lib.
It doesn't. Maybe a false positive using a too short searchterm? The only place pcap is mentioned in the *source* (nearly all Chkrootkit binaries being compiled static by default) is in ifpromisc.c (OK, stale version 0.43 that is).


its rhl 8 btw
If you can, upgrade to RHL 9. Then you have Fedora Legacy support. IIRC: they recently had to jettison support for some releases due to lack of community involvement. If this is a box with legacy SW and you need to stay close to RH then maybe look at CentOS-3.

@unspawn

no i don't think rhl is a neccessity or requirement, if i upgrade it would most probably be with a bsd linux. i don't exactly know why but i have grown fond to bsd style after i started using slackware, cent-os is a close option, i have a 4.3 in my box just need to burn it.

i ended up upgrading the libpcap library for now. yeah nothing broke (till now!). this is just a temporary since we have decided to go for an upgrade. against all odds, rhl9 will be it but first i need to find a public holiday.