2021-08-12 07:37:34 +08:00
|
|
|
/*
|
2001-07-05 06:03:13 +08:00
|
|
|
* Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
|
1999-10-08 07:47:09 +08:00
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that: (1) source code distributions
|
|
|
|
* retain the above copyright notice and this paragraph in its entirety, (2)
|
|
|
|
* distributions including binary code include the above copyright notice and
|
|
|
|
* this paragraph in its entirety in the documentation or other materials
|
|
|
|
* provided with the distribution, and (3) all advertising materials mentioning
|
|
|
|
* features or use of this software display the following acknowledgement:
|
|
|
|
* ``This product includes software developed by the University of California,
|
|
|
|
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
|
|
|
|
* the University nor the names of its contributors may be used to endorse
|
|
|
|
* or promote products derived from this software without specific prior
|
|
|
|
* written permission.
|
|
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
|
|
|
|
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
|
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
2001-10-03 15:35:42 +08:00
|
|
|
*
|
|
|
|
* Support for splitting captures into multiple files with a maximum
|
|
|
|
* file size:
|
|
|
|
*
|
|
|
|
* Copyright (c) 2001
|
|
|
|
* Seth Webster <swebster@sst.ll.mit.edu>
|
1999-10-08 07:47:09 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2015-09-09 01:24:28 +08:00
|
|
|
* tcpdump - dump traffic on a network
|
1999-10-08 07:47:09 +08:00
|
|
|
*
|
|
|
|
* First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory.
|
|
|
|
* Mercilessly hacked and occasionally improved since then via the
|
|
|
|
* combined efforts of Van, Steve McCanne and Craig Leres of LBL.
|
|
|
|
*/
|
|
|
|
|
1999-11-21 17:36:43 +08:00
|
|
|
#ifdef HAVE_CONFIG_H
|
2018-01-22 04:27:08 +08:00
|
|
|
#include <config.h>
|
1999-11-21 17:36:43 +08:00
|
|
|
#endif
|
|
|
|
|
2014-11-06 15:38:09 +08:00
|
|
|
/*
|
2023-02-25 17:51:45 +08:00
|
|
|
* Some older versions of Mac OS X ship pcap.h from libpcap 0.6 with a
|
2017-02-18 05:51:08 +08:00
|
|
|
* libpcap based on 0.8. That means it has pcap_findalldevs() but the
|
|
|
|
* header doesn't define pcap_if_t, meaning that we can't actually *use*
|
|
|
|
* pcap_findalldevs().
|
2014-11-06 15:38:09 +08:00
|
|
|
*/
|
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
#ifndef HAVE_PCAP_IF_T
|
|
|
|
#undef HAVE_PCAP_FINDALLDEVS
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
2018-01-20 22:59:49 +08:00
|
|
|
#include "netdissect-stdinc.h"
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2018-01-22 09:57:20 +08:00
|
|
|
/*
|
|
|
|
* This must appear after including netdissect-stdinc.h, so that _U_ is
|
|
|
|
* defined.
|
|
|
|
*/
|
|
|
|
#ifndef lint
|
|
|
|
static const char copyright[] _U_ =
|
|
|
|
"@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
|
|
|
|
The Regents of the University of California. All rights reserved.\n";
|
|
|
|
#endif
|
|
|
|
|
2016-08-05 04:19:57 +08:00
|
|
|
#include <sys/stat.h>
|
|
|
|
|
|
|
|
#ifdef HAVE_FCNTL_H
|
|
|
|
#include <fcntl.h>
|
|
|
|
#endif
|
|
|
|
|
2014-05-08 03:07:35 +08:00
|
|
|
#ifdef HAVE_LIBCRYPTO
|
|
|
|
#include <openssl/crypto.h>
|
|
|
|
#endif
|
|
|
|
|
2014-05-01 06:28:06 +08:00
|
|
|
#ifdef HAVE_GETOPT_LONG
|
|
|
|
#include <getopt.h>
|
|
|
|
#else
|
2018-09-15 10:21:06 +08:00
|
|
|
#include "missing/getopt_long.h"
|
2014-05-01 06:28:06 +08:00
|
|
|
#endif
|
2014-12-29 19:02:17 +08:00
|
|
|
/* Capsicum-specific code requires macros from <net/bpf.h>, which will fail
|
|
|
|
* to compile if <pcap.h> has already been included; including the headers
|
2021-08-04 06:38:48 +08:00
|
|
|
* in the opposite order works fine. For the most part anyway, because in
|
|
|
|
* FreeBSD <pcap/pcap.h> declares bpf_dump() instead of <net/bpf.h>. Thus
|
|
|
|
* interface.h takes care of it later to avoid a compiler warning.
|
2014-12-29 19:02:17 +08:00
|
|
|
*/
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
2018-11-06 18:55:22 +08:00
|
|
|
#include <sys/capsicum.h>
|
2014-07-11 03:19:39 +08:00
|
|
|
#include <sys/ioccom.h>
|
|
|
|
#include <net/bpf.h>
|
|
|
|
#include <libgen.h>
|
2017-02-02 08:13:05 +08:00
|
|
|
#ifdef HAVE_CASPER
|
|
|
|
#include <libcasper.h>
|
|
|
|
#include <casper/cap_dns.h>
|
|
|
|
#include <sys/nv.h>
|
|
|
|
#endif /* HAVE_CASPER */
|
2014-07-11 03:19:39 +08:00
|
|
|
#endif /* HAVE_CAPSICUM */
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_OPEN
|
2019-04-04 02:10:14 +08:00
|
|
|
/*
|
|
|
|
* We found pcap_open() in the capture library, so we'll be using
|
|
|
|
* the remote capture APIs; define PCAP_REMOTE before we include pcap.h,
|
|
|
|
* so we get those APIs declared, and the types and #defines that they
|
|
|
|
* use defined.
|
|
|
|
*
|
|
|
|
* WinPcap's headers require that PCAP_REMOTE be defined in order to get
|
|
|
|
* remote-capture APIs declared and types and #defines that they use
|
|
|
|
* defined.
|
|
|
|
*
|
|
|
|
* (Versions of libpcap with those APIs, and thus Npcap, which is based on
|
|
|
|
* those versions of libpcap, don't require it.)
|
|
|
|
*/
|
2017-10-21 02:26:57 +08:00
|
|
|
#define HAVE_REMOTE
|
|
|
|
#endif
|
2014-12-29 19:02:17 +08:00
|
|
|
#include <pcap.h>
|
|
|
|
#include <signal.h>
|
|
|
|
#include <stdio.h>
|
2016-08-05 04:19:57 +08:00
|
|
|
#include <stdarg.h>
|
2014-12-29 19:02:17 +08:00
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <limits.h>
|
2017-11-13 16:13:15 +08:00
|
|
|
#ifdef _WIN32
|
|
|
|
#include <windows.h>
|
|
|
|
#else
|
2017-11-13 10:39:10 +08:00
|
|
|
#include <sys/time.h>
|
2007-10-13 08:46:16 +08:00
|
|
|
#include <sys/wait.h>
|
|
|
|
#include <sys/resource.h>
|
2004-01-22 17:35:50 +08:00
|
|
|
#include <pwd.h>
|
|
|
|
#include <grp.h>
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* _WIN32 */
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2020-06-12 12:01:31 +08:00
|
|
|
/*
|
|
|
|
* Pathname separator.
|
|
|
|
* Use this in pathnames, but do *not* use it in URLs.
|
|
|
|
*/
|
|
|
|
#ifdef _WIN32
|
|
|
|
#define PATH_SEPARATOR '\\'
|
|
|
|
#else
|
|
|
|
#define PATH_SEPARATOR '/'
|
|
|
|
#endif
|
|
|
|
|
2015-02-15 22:32:23 +08:00
|
|
|
/* capabilities convenience library */
|
|
|
|
/* If a code depends on HAVE_LIBCAP_NG, it depends also on HAVE_CAP_NG_H.
|
|
|
|
* If HAVE_CAP_NG_H is not defined, undefine HAVE_LIBCAP_NG.
|
|
|
|
* Thus, the later tests are done only on HAVE_LIBCAP_NG.
|
|
|
|
*/
|
|
|
|
#ifdef HAVE_LIBCAP_NG
|
2012-05-25 22:26:17 +08:00
|
|
|
#ifdef HAVE_CAP_NG_H
|
|
|
|
#include <cap-ng.h>
|
2015-02-15 22:32:23 +08:00
|
|
|
#else
|
|
|
|
#undef HAVE_LIBCAP_NG
|
2012-05-25 22:26:17 +08:00
|
|
|
#endif /* HAVE_CAP_NG_H */
|
2015-02-15 22:32:23 +08:00
|
|
|
#endif /* HAVE_LIBCAP_NG */
|
2007-10-13 08:46:16 +08:00
|
|
|
|
2017-04-03 05:43:49 +08:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
#endif /* __FreeBSD__ */
|
|
|
|
|
2020-10-01 02:37:30 +08:00
|
|
|
#include "netdissect-stdinc.h"
|
2004-03-30 22:42:38 +08:00
|
|
|
#include "netdissect.h"
|
1999-10-08 07:47:09 +08:00
|
|
|
#include "interface.h"
|
|
|
|
#include "addrtoname.h"
|
|
|
|
#include "machdep.h"
|
2002-12-19 17:27:54 +08:00
|
|
|
#include "pcap-missing.h"
|
2015-06-12 06:47:44 +08:00
|
|
|
#include "ascii_strcasecmp.h"
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2015-04-16 00:39:05 +08:00
|
|
|
#include "print.h"
|
|
|
|
|
2021-07-24 16:51:02 +08:00
|
|
|
#include "diag-control.h"
|
|
|
|
|
2020-02-05 11:53:11 +08:00
|
|
|
#include "fptype.h"
|
|
|
|
|
2012-09-28 11:44:34 +08:00
|
|
|
#ifndef PATH_MAX
|
|
|
|
#define PATH_MAX 1024
|
2005-10-20 15:43:51 +08:00
|
|
|
#endif
|
|
|
|
|
2018-04-09 08:31:22 +08:00
|
|
|
#if defined(SIGINFO)
|
2012-02-07 21:16:19 +08:00
|
|
|
#define SIGNAL_REQ_INFO SIGINFO
|
2018-04-09 08:31:22 +08:00
|
|
|
#elif defined(SIGUSR1)
|
2012-02-07 21:16:19 +08:00
|
|
|
#define SIGNAL_REQ_INFO SIGUSR1
|
|
|
|
#endif
|
|
|
|
|
2018-04-08 06:46:53 +08:00
|
|
|
#if defined(HAVE_PCAP_DUMP_FLUSH) && defined(SIGUSR2)
|
|
|
|
#define SIGNAL_FLUSH_PCAP SIGUSR2
|
|
|
|
#endif
|
|
|
|
|
2018-07-30 05:59:40 +08:00
|
|
|
#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
|
2016-08-10 02:12:35 +08:00
|
|
|
static int Bflag; /* buffer size */
|
2018-07-30 05:59:40 +08:00
|
|
|
#endif
|
2017-10-21 03:15:26 +08:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FTELL64
|
2017-09-30 16:10:29 +08:00
|
|
|
static int64_t Cflag; /* rotate dump files after this many bytes */
|
|
|
|
#else
|
2017-03-19 08:22:17 +08:00
|
|
|
static long Cflag; /* rotate dump files after this many bytes */
|
2017-09-30 16:10:29 +08:00
|
|
|
#endif
|
2015-04-24 08:27:45 +08:00
|
|
|
static int Cflag_count; /* Keep track of which file number we're writing */
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
2014-01-15 04:38:16 +08:00
|
|
|
static int Dflag; /* list available devices and exit */
|
2017-10-21 02:26:57 +08:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS_EX
|
|
|
|
static char *remote_interfaces_source; /* list available devices from this source and exit */
|
|
|
|
#endif
|
|
|
|
|
2015-12-31 10:49:37 +08:00
|
|
|
/*
|
|
|
|
* This is exported because, in some versions of libpcap, if libpcap
|
|
|
|
* is built with optimizer debugging code (which is *NOT* the default
|
|
|
|
* configuration!), the library *imports*(!) a variable named dflag,
|
|
|
|
* under the expectation that tcpdump is exporting it, to govern
|
|
|
|
* how much debugging information to print when optimizing
|
|
|
|
* the generated BPF code.
|
|
|
|
*
|
|
|
|
* This is a horrible hack; newer versions of libpcap don't import
|
|
|
|
* dflag but, instead, *if* built with optimizer debugging code,
|
|
|
|
* *export* a routine to set that flag.
|
|
|
|
*/
|
2019-03-19 17:39:06 +08:00
|
|
|
extern int dflag;
|
2015-12-31 10:49:37 +08:00
|
|
|
int dflag; /* print filter code */
|
2015-04-24 08:27:45 +08:00
|
|
|
static int Gflag; /* rotate dump files after this many seconds */
|
|
|
|
static int Gflag_count; /* number of files created with Gflag rotation */
|
|
|
|
static time_t Gflag_time; /* The last time_t the dump file was rotated. */
|
2010-02-20 16:02:00 +08:00
|
|
|
static int Lflag; /* list available data link types and exit */
|
2015-04-24 08:27:45 +08:00
|
|
|
static int Iflag; /* rfmon (monitor) mode */
|
2010-08-23 08:32:26 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
static int Jflag; /* list available time stamp types */
|
2016-08-10 02:12:35 +08:00
|
|
|
static int jflag = -1; /* packet time stamp source */
|
2018-07-30 05:59:40 +08:00
|
|
|
#endif
|
2020-01-20 11:34:00 +08:00
|
|
|
static int lflag; /* line-buffered output */
|
2016-08-10 02:12:35 +08:00
|
|
|
static int pflag; /* don't go promiscuous */
|
2009-08-26 03:42:12 +08:00
|
|
|
#ifdef HAVE_PCAP_SETDIRECTION
|
2016-09-02 23:29:50 +08:00
|
|
|
static int Qflag = -1; /* restrict captured packet by send/receive direction */
|
2009-08-26 03:42:12 +08:00
|
|
|
#endif
|
2018-07-30 05:59:40 +08:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
2015-04-24 08:27:45 +08:00
|
|
|
static int Uflag; /* "unbuffered" output of dump files */
|
2018-07-30 05:59:40 +08:00
|
|
|
#endif
|
2015-04-24 08:27:45 +08:00
|
|
|
static int Wflag; /* recycle output files after this number of files */
|
|
|
|
static int WflagChars;
|
2010-02-20 16:02:00 +08:00
|
|
|
static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */
|
2020-01-20 11:34:00 +08:00
|
|
|
static int timeout = 1000; /* default timeout = 1000 ms = 1 s */
|
2018-04-05 04:15:23 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
|
2016-08-10 02:12:35 +08:00
|
|
|
static int immediate_mode;
|
2018-04-05 04:15:23 +08:00
|
|
|
#endif
|
2020-02-26 23:55:21 +08:00
|
|
|
static int count_mode;
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2002-12-19 17:39:10 +08:00
|
|
|
static int infodelay;
|
|
|
|
static int infoprint;
|
1999-10-08 07:47:09 +08:00
|
|
|
|
|
|
|
char *program_name;
|
|
|
|
|
|
|
|
/* Forwards */
|
2017-10-16 13:36:07 +08:00
|
|
|
static void (*setsignal (int sig, void (*func)(int)))(int);
|
|
|
|
static void cleanup(int);
|
|
|
|
static void child_cleanup(int);
|
2020-09-10 22:01:53 +08:00
|
|
|
static void print_version(FILE *);
|
|
|
|
static void print_usage(FILE *);
|
2001-10-01 09:12:00 +08:00
|
|
|
|
2002-12-19 17:39:10 +08:00
|
|
|
static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
|
2002-11-12 03:54:40 +08:00
|
|
|
static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
|
|
|
|
static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
|
2001-10-01 09:12:00 +08:00
|
|
|
|
2012-02-07 21:16:19 +08:00
|
|
|
#ifdef SIGNAL_REQ_INFO
|
2018-04-09 08:31:22 +08:00
|
|
|
static void requestinfo(int);
|
2001-07-05 06:03:13 +08:00
|
|
|
#endif
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2018-04-08 06:46:53 +08:00
|
|
|
#ifdef SIGNAL_FLUSH_PCAP
|
2018-04-09 08:31:22 +08:00
|
|
|
static void flushpcap(int);
|
2018-04-08 06:46:53 +08:00
|
|
|
#endif
|
|
|
|
|
2017-11-13 05:31:57 +08:00
|
|
|
#ifdef _WIN32
|
2017-11-13 16:17:33 +08:00
|
|
|
static HANDLE timer_handle = INVALID_HANDLE_VALUE;
|
2017-11-13 11:01:37 +08:00
|
|
|
static void CALLBACK verbose_stats_dump(PVOID param, BOOLEAN timer_fired);
|
2017-11-13 05:31:57 +08:00
|
|
|
#else /* _WIN32 */
|
2004-01-16 03:53:48 +08:00
|
|
|
static void verbose_stats_dump(int sig);
|
2017-11-13 05:31:57 +08:00
|
|
|
#endif /* _WIN32 */
|
2004-01-16 03:53:48 +08:00
|
|
|
|
2002-12-19 17:39:10 +08:00
|
|
|
static void info(int);
|
2003-09-17 05:02:51 +08:00
|
|
|
static u_int packets_captured;
|
2002-12-19 17:39:10 +08:00
|
|
|
|
2016-08-10 02:12:35 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
2014-01-13 04:52:58 +08:00
|
|
|
static const struct tok status_flags[] = {
|
|
|
|
#ifdef PCAP_IF_UP
|
|
|
|
{ PCAP_IF_UP, "Up" },
|
|
|
|
#endif
|
|
|
|
#ifdef PCAP_IF_RUNNING
|
|
|
|
{ PCAP_IF_RUNNING, "Running" },
|
|
|
|
#endif
|
|
|
|
{ PCAP_IF_LOOPBACK, "Loopback" },
|
2018-05-01 03:44:58 +08:00
|
|
|
#ifdef PCAP_IF_WIRELESS
|
|
|
|
{ PCAP_IF_WIRELESS, "Wireless" },
|
|
|
|
#endif
|
2014-01-13 04:52:58 +08:00
|
|
|
{ 0, NULL }
|
|
|
|
};
|
2016-08-10 02:12:35 +08:00
|
|
|
#endif
|
2014-01-13 04:52:58 +08:00
|
|
|
|
2001-10-03 15:35:42 +08:00
|
|
|
static pcap_t *pd;
|
2018-04-09 08:29:41 +08:00
|
|
|
static pcap_dumper_t *pdd = NULL;
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2009-12-01 16:39:54 +08:00
|
|
|
static int supports_monitor_mode;
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
extern int optind;
|
|
|
|
extern int opterr;
|
|
|
|
extern char *optarg;
|
|
|
|
|
2001-10-03 15:35:42 +08:00
|
|
|
struct dump_info {
|
|
|
|
char *WFileName;
|
2006-03-24 01:33:01 +08:00
|
|
|
char *CurrentFileName;
|
2001-10-03 15:35:42 +08:00
|
|
|
pcap_t *pd;
|
2018-04-09 08:29:41 +08:00
|
|
|
pcap_dumper_t *pdd;
|
2017-10-12 03:09:42 +08:00
|
|
|
netdissect_options *ndo;
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
|
|
|
int dirfd;
|
|
|
|
#endif
|
2001-10-03 15:35:42 +08:00
|
|
|
};
|
|
|
|
|
2015-12-31 10:49:37 +08:00
|
|
|
#if defined(HAVE_PCAP_SET_PARSER_DEBUG)
|
|
|
|
/*
|
|
|
|
* We have pcap_set_parser_debug() in libpcap; declare it (it's not declared
|
|
|
|
* by any libpcap header, because it's a special hack, only available if
|
|
|
|
* libpcap was configured to include it, and only intended for use by
|
|
|
|
* libpcap developers trying to debug the parser for filter expressions).
|
|
|
|
*/
|
|
|
|
#ifdef _WIN32
|
|
|
|
__declspec(dllimport)
|
|
|
|
#else /* _WIN32 */
|
|
|
|
extern
|
|
|
|
#endif /* _WIN32 */
|
|
|
|
void pcap_set_parser_debug(int);
|
|
|
|
#elif defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
|
|
|
|
/*
|
|
|
|
* We don't have pcap_set_parser_debug() in libpcap, but we do have
|
|
|
|
* pcap_debug or yydebug. Make a local version of pcap_set_parser_debug()
|
|
|
|
* to set the flag, and define HAVE_PCAP_SET_PARSER_DEBUG.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
pcap_set_parser_debug(int value)
|
|
|
|
{
|
|
|
|
#ifdef HAVE_PCAP_DEBUG
|
|
|
|
extern int pcap_debug;
|
|
|
|
|
|
|
|
pcap_debug = value;
|
|
|
|
#else /* HAVE_PCAP_DEBUG */
|
|
|
|
extern int yydebug;
|
|
|
|
|
|
|
|
yydebug = value;
|
|
|
|
#endif /* HAVE_PCAP_DEBUG */
|
|
|
|
}
|
|
|
|
|
|
|
|
#define HAVE_PCAP_SET_PARSER_DEBUG
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#if defined(HAVE_PCAP_SET_OPTIMIZER_DEBUG)
|
|
|
|
/*
|
|
|
|
* We have pcap_set_optimizer_debug() in libpcap; declare it (it's not declared
|
|
|
|
* by any libpcap header, because it's a special hack, only available if
|
|
|
|
* libpcap was configured to include it, and only intended for use by
|
|
|
|
* libpcap developers trying to debug the optimizer for filter expressions).
|
|
|
|
*/
|
|
|
|
#ifdef _WIN32
|
|
|
|
__declspec(dllimport)
|
|
|
|
#else /* _WIN32 */
|
|
|
|
extern
|
|
|
|
#endif /* _WIN32 */
|
|
|
|
void pcap_set_optimizer_debug(int);
|
|
|
|
#endif
|
|
|
|
|
2021-03-29 18:23:21 +08:00
|
|
|
static void NORETURN
|
|
|
|
exit_tcpdump(const int status)
|
|
|
|
{
|
|
|
|
nd_cleanup();
|
|
|
|
exit(status);
|
|
|
|
}
|
|
|
|
|
2016-08-05 04:19:57 +08:00
|
|
|
/* VARARGS */
|
2021-03-29 18:23:21 +08:00
|
|
|
static void NORETURN PRINTFLIKE(1, 2)
|
|
|
|
error(FORMAT_STRING(const char *fmt), ...)
|
2016-08-05 04:19:57 +08:00
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
(void)fprintf(stderr, "%s: ", program_name);
|
|
|
|
va_start(ap, fmt);
|
|
|
|
(void)vfprintf(stderr, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
if (*fmt) {
|
|
|
|
fmt += strlen(fmt);
|
|
|
|
if (fmt[-1] != '\n')
|
|
|
|
(void)fputc('\n', stderr);
|
|
|
|
}
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_ERR_HOST_PROGRAM);
|
2016-08-05 04:19:57 +08:00
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
|
|
|
|
/* VARARGS */
|
2021-03-29 18:23:21 +08:00
|
|
|
static void PRINTFLIKE(1, 2)
|
|
|
|
warning(FORMAT_STRING(const char *fmt), ...)
|
2016-08-05 04:19:57 +08:00
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
(void)fprintf(stderr, "%s: WARNING: ", program_name);
|
|
|
|
va_start(ap, fmt);
|
|
|
|
(void)vfprintf(stderr, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
if (*fmt) {
|
|
|
|
fmt += strlen(fmt);
|
|
|
|
if (fmt[-1] != '\n')
|
|
|
|
(void)fputc('\n', stderr);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-08-23 08:32:26 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
2021-03-29 18:23:21 +08:00
|
|
|
static void NORETURN
|
2016-09-02 20:01:57 +08:00
|
|
|
show_tstamp_types_and_exit(pcap_t *pc, const char *device)
|
2010-08-23 08:32:26 +08:00
|
|
|
{
|
|
|
|
int n_tstamp_types;
|
|
|
|
int *tstamp_types = 0;
|
|
|
|
const char *tstamp_type_name;
|
|
|
|
int i;
|
|
|
|
|
2016-09-02 20:01:57 +08:00
|
|
|
n_tstamp_types = pcap_list_tstamp_types(pc, &tstamp_types);
|
2010-08-23 08:32:26 +08:00
|
|
|
if (n_tstamp_types < 0)
|
2016-09-02 20:01:57 +08:00
|
|
|
error("%s", pcap_geterr(pc));
|
2010-08-23 08:32:26 +08:00
|
|
|
|
2010-08-23 08:59:00 +08:00
|
|
|
if (n_tstamp_types == 0) {
|
|
|
|
fprintf(stderr, "Time stamp type cannot be set for %s\n",
|
|
|
|
device);
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_SUCCESS);
|
2010-08-23 08:59:00 +08:00
|
|
|
}
|
2021-07-08 18:26:36 +08:00
|
|
|
fprintf(stdout, "Time stamp types for %s (use option -j to set):\n",
|
2010-08-23 08:59:00 +08:00
|
|
|
device);
|
2010-08-23 08:32:26 +08:00
|
|
|
for (i = 0; i < n_tstamp_types; i++) {
|
|
|
|
tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]);
|
|
|
|
if (tstamp_type_name != NULL) {
|
2021-07-08 18:26:36 +08:00
|
|
|
(void) fprintf(stdout, " %s (%s)\n", tstamp_type_name,
|
2010-08-23 08:32:26 +08:00
|
|
|
pcap_tstamp_type_val_to_description(tstamp_types[i]));
|
|
|
|
} else {
|
2021-07-08 18:26:36 +08:00
|
|
|
(void) fprintf(stdout, " %d\n", tstamp_types[i]);
|
2010-08-23 08:32:26 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
pcap_free_tstamp_types(tstamp_types);
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_SUCCESS);
|
2010-08-23 08:32:26 +08:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2021-03-29 18:23:21 +08:00
|
|
|
static void NORETURN
|
2016-09-04 18:16:06 +08:00
|
|
|
show_dlts_and_exit(pcap_t *pc, const char *device)
|
2002-12-19 17:27:54 +08:00
|
|
|
{
|
2015-03-28 04:02:36 +08:00
|
|
|
int n_dlts, i;
|
2002-12-19 17:27:54 +08:00
|
|
|
int *dlts = 0;
|
|
|
|
const char *dlt_name;
|
|
|
|
|
2016-09-04 18:16:06 +08:00
|
|
|
n_dlts = pcap_list_datalinks(pc, &dlts);
|
2002-12-19 17:27:54 +08:00
|
|
|
if (n_dlts < 0)
|
2016-09-04 18:16:06 +08:00
|
|
|
error("%s", pcap_geterr(pc));
|
2002-12-19 17:27:54 +08:00
|
|
|
else if (n_dlts == 0 || !dlts)
|
|
|
|
error("No data link types.");
|
|
|
|
|
2009-12-01 16:39:54 +08:00
|
|
|
/*
|
|
|
|
* If the interface is known to support monitor mode, indicate
|
|
|
|
* whether these are the data link types available when not in
|
|
|
|
* monitor mode, if -I wasn't specified, or when in monitor mode,
|
|
|
|
* when -I was specified (the link-layer types available in
|
|
|
|
* monitor mode might be different from the ones available when
|
|
|
|
* not in monitor mode).
|
|
|
|
*/
|
2021-07-08 17:55:21 +08:00
|
|
|
(void) fprintf(stdout, "Data link types for ");
|
2009-12-01 16:39:54 +08:00
|
|
|
if (supports_monitor_mode)
|
2021-07-08 17:55:21 +08:00
|
|
|
(void) fprintf(stdout, "%s %s",
|
2009-12-01 16:39:54 +08:00
|
|
|
device,
|
2015-04-24 08:27:45 +08:00
|
|
|
Iflag ? "when in monitor mode" : "when not in monitor mode");
|
2009-12-01 16:39:54 +08:00
|
|
|
else
|
2021-07-08 17:55:21 +08:00
|
|
|
(void) fprintf(stdout, "%s",
|
2009-12-01 16:39:54 +08:00
|
|
|
device);
|
2021-07-08 17:55:21 +08:00
|
|
|
(void) fprintf(stdout, " (use option -y to set):\n");
|
2002-12-19 17:27:54 +08:00
|
|
|
|
2015-03-28 04:02:36 +08:00
|
|
|
for (i = 0; i < n_dlts; i++) {
|
|
|
|
dlt_name = pcap_datalink_val_to_name(dlts[i]);
|
2002-12-19 17:27:54 +08:00
|
|
|
if (dlt_name != NULL) {
|
2021-07-08 01:19:37 +08:00
|
|
|
(void) fprintf(stdout, " %s (%s)", dlt_name,
|
2015-03-28 04:02:36 +08:00
|
|
|
pcap_datalink_val_to_description(dlts[i]));
|
2002-12-19 17:27:54 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* OK, does tcpdump handle that type?
|
|
|
|
*/
|
2015-04-16 00:39:05 +08:00
|
|
|
if (!has_printer(dlts[i]))
|
2021-07-08 01:19:37 +08:00
|
|
|
(void) fprintf(stdout, " (printing not supported)");
|
|
|
|
fprintf(stdout, "\n");
|
2002-12-19 17:27:54 +08:00
|
|
|
} else {
|
2021-07-08 01:19:37 +08:00
|
|
|
(void) fprintf(stdout, " DLT %d (printing not supported)\n",
|
2015-03-28 04:02:36 +08:00
|
|
|
dlts[i]);
|
2002-12-19 17:27:54 +08:00
|
|
|
}
|
|
|
|
}
|
2012-07-01 06:59:18 +08:00
|
|
|
#ifdef HAVE_PCAP_FREE_DATALINKS
|
2010-08-23 08:32:26 +08:00
|
|
|
pcap_free_datalinks(dlts);
|
2012-07-01 06:59:18 +08:00
|
|
|
#endif
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_SUCCESS);
|
2002-12-19 17:27:54 +08:00
|
|
|
}
|
|
|
|
|
2014-01-15 04:38:16 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
2021-03-29 18:23:21 +08:00
|
|
|
static void NORETURN
|
2017-10-21 02:26:57 +08:00
|
|
|
show_devices_and_exit(void)
|
2014-01-15 04:38:16 +08:00
|
|
|
{
|
2015-09-25 06:47:47 +08:00
|
|
|
pcap_if_t *dev, *devlist;
|
2014-01-15 04:38:16 +08:00
|
|
|
char ebuf[PCAP_ERRBUF_SIZE];
|
|
|
|
int i;
|
|
|
|
|
2015-09-25 06:47:47 +08:00
|
|
|
if (pcap_findalldevs(&devlist, ebuf) < 0)
|
2014-01-15 04:38:16 +08:00
|
|
|
error("%s", ebuf);
|
2015-09-25 06:47:47 +08:00
|
|
|
for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
|
|
|
|
printf("%d.%s", i+1, dev->name);
|
|
|
|
if (dev->description != NULL)
|
|
|
|
printf(" (%s)", dev->description);
|
2018-05-01 03:44:58 +08:00
|
|
|
if (dev->flags != 0) {
|
|
|
|
printf(" [");
|
|
|
|
printf("%s", bittok2str(status_flags, "none", dev->flags));
|
|
|
|
#ifdef PCAP_IF_WIRELESS
|
|
|
|
if (dev->flags & PCAP_IF_WIRELESS) {
|
|
|
|
switch (dev->flags & PCAP_IF_CONNECTION_STATUS) {
|
|
|
|
|
|
|
|
case PCAP_IF_CONNECTION_STATUS_UNKNOWN:
|
|
|
|
printf(", Association status unknown");
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PCAP_IF_CONNECTION_STATUS_CONNECTED:
|
|
|
|
printf(", Associated");
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PCAP_IF_CONNECTION_STATUS_DISCONNECTED:
|
|
|
|
printf(", Not associated");
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
switch (dev->flags & PCAP_IF_CONNECTION_STATUS) {
|
|
|
|
|
|
|
|
case PCAP_IF_CONNECTION_STATUS_UNKNOWN:
|
|
|
|
printf(", Connection status unknown");
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PCAP_IF_CONNECTION_STATUS_CONNECTED:
|
|
|
|
printf(", Connected");
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PCAP_IF_CONNECTION_STATUS_DISCONNECTED:
|
|
|
|
printf(", Disconnected");
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
printf("]");
|
|
|
|
}
|
2015-09-25 03:45:59 +08:00
|
|
|
printf("\n");
|
2014-01-15 04:38:16 +08:00
|
|
|
}
|
2015-09-25 06:47:47 +08:00
|
|
|
pcap_freealldevs(devlist);
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_SUCCESS);
|
2014-01-15 04:38:16 +08:00
|
|
|
}
|
|
|
|
#endif /* HAVE_PCAP_FINDALLDEVS */
|
|
|
|
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS_EX
|
2021-03-29 18:23:21 +08:00
|
|
|
static void NORETURN
|
2017-10-21 02:26:57 +08:00
|
|
|
show_remote_devices_and_exit(void)
|
|
|
|
{
|
|
|
|
pcap_if_t *dev, *devlist;
|
|
|
|
char ebuf[PCAP_ERRBUF_SIZE];
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (pcap_findalldevs_ex(remote_interfaces_source, NULL, &devlist,
|
|
|
|
ebuf) < 0)
|
|
|
|
error("%s", ebuf);
|
|
|
|
for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
|
|
|
|
printf("%d.%s", i+1, dev->name);
|
|
|
|
if (dev->description != NULL)
|
|
|
|
printf(" (%s)", dev->description);
|
|
|
|
if (dev->flags != 0)
|
|
|
|
printf(" [%s]", bittok2str(status_flags, "none", dev->flags));
|
|
|
|
printf("\n");
|
|
|
|
}
|
|
|
|
pcap_freealldevs(devlist);
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_SUCCESS);
|
2017-10-21 02:26:57 +08:00
|
|
|
}
|
|
|
|
#endif /* HAVE_PCAP_FINDALLDEVS */
|
|
|
|
|
2014-05-03 02:49:30 +08:00
|
|
|
/*
|
|
|
|
* Short options.
|
|
|
|
*
|
|
|
|
* Note that there we use all letters for short options except for g, k,
|
|
|
|
* o, and P, and those are used by other versions of tcpdump, and we should
|
|
|
|
* only use them for the same purposes that the other versions of tcpdump
|
|
|
|
* use them:
|
|
|
|
*
|
2018-01-09 10:49:50 +08:00
|
|
|
* macOS tcpdump uses -g to force non--v output for IP to be on one
|
2014-05-03 02:49:30 +08:00
|
|
|
* line, making it more "g"repable;
|
|
|
|
*
|
2018-01-09 10:49:50 +08:00
|
|
|
* macOS tcpdump uses -k to specify that packet comments in pcapng files
|
2014-05-03 02:49:30 +08:00
|
|
|
* should be printed;
|
|
|
|
*
|
|
|
|
* OpenBSD tcpdump uses -o to indicate that OS fingerprinting should be done
|
|
|
|
* for hosts sending TCP SYN packets;
|
|
|
|
*
|
2018-01-09 10:49:50 +08:00
|
|
|
* macOS tcpdump uses -P to indicate that -w should write pcapng rather
|
2014-05-03 02:49:30 +08:00
|
|
|
* than pcap files.
|
2015-03-09 06:55:47 +08:00
|
|
|
*
|
2018-01-09 10:49:50 +08:00
|
|
|
* macOS tcpdump also uses -Q to specify expressions that match packet
|
2015-03-09 06:55:47 +08:00
|
|
|
* metadata, including but not limited to the packet direction.
|
|
|
|
* The expression syntax is different from a simple "in|out|inout",
|
2018-01-09 10:49:50 +08:00
|
|
|
* and those expressions aren't accepted by macOS tcpdump, but the
|
2015-03-09 06:55:47 +08:00
|
|
|
* equivalents would be "in" = "dir=in", "out" = "dir=out", and
|
|
|
|
* "inout" = "dir=in or dir=out", and the parser could conceivably
|
|
|
|
* special-case "in", "out", and "inout" as expressions for backwards
|
|
|
|
* compatibility, so all is not (yet) lost.
|
2014-05-03 02:49:30 +08:00
|
|
|
*/
|
|
|
|
|
2002-12-22 08:15:26 +08:00
|
|
|
/*
|
|
|
|
* Set up flags that might or might not be supported depending on the
|
|
|
|
* version of libpcap we're using.
|
|
|
|
*/
|
2015-09-01 05:43:15 +08:00
|
|
|
#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
|
2002-12-22 08:15:26 +08:00
|
|
|
#define B_FLAG "B:"
|
|
|
|
#define B_FLAG_USAGE " [ -B size ]"
|
2015-09-01 05:43:15 +08:00
|
|
|
#else /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
|
2002-12-22 08:15:26 +08:00
|
|
|
#define B_FLAG
|
|
|
|
#define B_FLAG_USAGE
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
|
2008-04-05 03:42:11 +08:00
|
|
|
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
#define D_FLAG "D"
|
|
|
|
#else
|
|
|
|
#define D_FLAG
|
|
|
|
#endif
|
|
|
|
|
2008-04-05 03:42:11 +08:00
|
|
|
#ifdef HAVE_PCAP_CREATE
|
|
|
|
#define I_FLAG "I"
|
|
|
|
#else /* HAVE_PCAP_CREATE */
|
|
|
|
#define I_FLAG
|
|
|
|
#endif /* HAVE_PCAP_CREATE */
|
2002-12-22 08:15:26 +08:00
|
|
|
|
2010-08-23 08:32:26 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
#define j_FLAG "j:"
|
|
|
|
#define j_FLAG_USAGE " [ -j tstamptype ]"
|
|
|
|
#define J_FLAG "J"
|
|
|
|
#else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
|
|
|
|
#define j_FLAG
|
|
|
|
#define j_FLAG_USAGE
|
|
|
|
#define J_FLAG
|
|
|
|
#endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
|
|
|
|
|
2018-10-29 23:31:19 +08:00
|
|
|
#ifdef USE_LIBSMI
|
|
|
|
#define m_FLAG_USAGE "[ -m module ] ..."
|
|
|
|
#endif
|
|
|
|
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_SETDIRECTION
|
|
|
|
#define Q_FLAG "Q:"
|
|
|
|
#define Q_FLAG_USAGE " [ -Q in|out|inout ]"
|
2002-12-22 08:15:26 +08:00
|
|
|
#else
|
2017-10-21 02:26:57 +08:00
|
|
|
#define Q_FLAG
|
|
|
|
#define Q_FLAG_USAGE
|
2002-12-22 08:15:26 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
|
|
|
#define U_FLAG "U"
|
|
|
|
#else
|
|
|
|
#define U_FLAG
|
|
|
|
#endif
|
|
|
|
|
2015-09-08 15:14:13 +08:00
|
|
|
#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
|
2015-03-09 06:55:47 +08:00
|
|
|
|
2014-05-03 02:49:30 +08:00
|
|
|
/*
|
|
|
|
* Long options.
|
|
|
|
*
|
|
|
|
* We do not currently have long options corresponding to all short
|
|
|
|
* options; we should probably pick appropriate option names for them.
|
|
|
|
*
|
|
|
|
* However, the short options where the number of times the option is
|
|
|
|
* specified matters, such as -v and -d and -t, should probably not
|
|
|
|
* just map to a long option, as saying
|
|
|
|
*
|
|
|
|
* tcpdump --verbose --verbose
|
|
|
|
*
|
|
|
|
* doesn't make sense; it should be --verbosity={N} or something such
|
|
|
|
* as that.
|
|
|
|
*
|
2014-05-07 05:25:43 +08:00
|
|
|
* For long options with no corresponding short options, we define values
|
|
|
|
* outside the range of ASCII graphic characters, make that the last
|
|
|
|
* component of the entry for the long option, and have a case for that
|
|
|
|
* option in the switch statement.
|
2014-05-03 02:49:30 +08:00
|
|
|
*/
|
2017-10-21 02:26:57 +08:00
|
|
|
#define OPTION_VERSION 128
|
|
|
|
#define OPTION_TSTAMP_PRECISION 129
|
|
|
|
#define OPTION_IMMEDIATE_MODE 130
|
|
|
|
#define OPTION_PRINT 131
|
|
|
|
#define OPTION_LIST_REMOTE_INTERFACES 132
|
2019-04-03 01:28:17 +08:00
|
|
|
#define OPTION_TSTAMP_MICRO 133
|
|
|
|
#define OPTION_TSTAMP_NANO 134
|
2020-02-05 11:08:10 +08:00
|
|
|
#define OPTION_FP_TYPE 135
|
2020-02-26 23:55:21 +08:00
|
|
|
#define OPTION_COUNT 136
|
2022-01-17 08:05:15 +08:00
|
|
|
#define OPTION_PRINT_SAMPLING 137
|
2014-05-07 05:25:43 +08:00
|
|
|
|
2014-06-21 03:01:13 +08:00
|
|
|
static const struct option longopts[] = {
|
2015-09-01 05:43:15 +08:00
|
|
|
#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
|
2014-05-03 02:49:30 +08:00
|
|
|
{ "buffer-size", required_argument, NULL, 'B' },
|
|
|
|
#endif
|
|
|
|
{ "list-interfaces", no_argument, NULL, 'D' },
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS_EX
|
|
|
|
{ "list-remote-interfaces", required_argument, NULL, OPTION_LIST_REMOTE_INTERFACES },
|
|
|
|
#endif
|
2014-05-03 02:49:30 +08:00
|
|
|
{ "help", no_argument, NULL, 'h' },
|
|
|
|
{ "interface", required_argument, NULL, 'i' },
|
2014-05-01 06:28:06 +08:00
|
|
|
#ifdef HAVE_PCAP_CREATE
|
2014-05-03 02:49:30 +08:00
|
|
|
{ "monitor-mode", no_argument, NULL, 'I' },
|
2014-05-01 06:28:06 +08:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
2014-05-03 02:49:30 +08:00
|
|
|
{ "time-stamp-type", required_argument, NULL, 'j' },
|
|
|
|
{ "list-time-stamp-types", no_argument, NULL, 'J' },
|
2014-05-01 06:28:06 +08:00
|
|
|
#endif
|
2014-06-26 03:06:35 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
|
2019-04-03 01:28:17 +08:00
|
|
|
{ "micro", no_argument, NULL, OPTION_TSTAMP_MICRO},
|
|
|
|
{ "nano", no_argument, NULL, OPTION_TSTAMP_NANO},
|
2014-03-19 21:14:25 +08:00
|
|
|
{ "time-stamp-precision", required_argument, NULL, OPTION_TSTAMP_PRECISION},
|
2014-06-26 03:06:35 +08:00
|
|
|
#endif
|
2014-05-03 02:49:30 +08:00
|
|
|
{ "dont-verify-checksums", no_argument, NULL, 'K' },
|
|
|
|
{ "list-data-link-types", no_argument, NULL, 'L' },
|
|
|
|
{ "no-optimize", no_argument, NULL, 'O' },
|
|
|
|
{ "no-promiscuous-mode", no_argument, NULL, 'p' },
|
2014-05-01 06:28:06 +08:00
|
|
|
#ifdef HAVE_PCAP_SETDIRECTION
|
2014-05-03 02:49:30 +08:00
|
|
|
{ "direction", required_argument, NULL, 'Q' },
|
|
|
|
#endif
|
|
|
|
{ "snapshot-length", required_argument, NULL, 's' },
|
|
|
|
{ "absolute-tcp-sequence-numbers", no_argument, NULL, 'S' },
|
2014-05-01 06:28:06 +08:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
2014-05-03 02:49:30 +08:00
|
|
|
{ "packet-buffered", no_argument, NULL, 'U' },
|
|
|
|
#endif
|
|
|
|
{ "linktype", required_argument, NULL, 'y' },
|
2015-02-11 06:55:43 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
|
|
|
|
{ "immediate-mode", no_argument, NULL, OPTION_IMMEDIATE_MODE },
|
|
|
|
#endif
|
2015-12-31 10:49:37 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_PARSER_DEBUG
|
2014-05-03 02:49:30 +08:00
|
|
|
{ "debug-filter-parser", no_argument, NULL, 'Y' },
|
2014-05-01 06:28:06 +08:00
|
|
|
#endif
|
2014-05-03 02:49:30 +08:00
|
|
|
{ "relinquish-privileges", required_argument, NULL, 'Z' },
|
2020-02-26 23:55:21 +08:00
|
|
|
{ "count", no_argument, NULL, OPTION_COUNT },
|
2020-02-05 11:08:10 +08:00
|
|
|
{ "fp-type", no_argument, NULL, OPTION_FP_TYPE },
|
2014-07-10 20:47:11 +08:00
|
|
|
{ "number", no_argument, NULL, '#' },
|
2017-10-12 03:09:42 +08:00
|
|
|
{ "print", no_argument, NULL, OPTION_PRINT },
|
2022-01-17 08:05:15 +08:00
|
|
|
{ "print-sampling", required_argument, NULL, OPTION_PRINT_SAMPLING },
|
2014-05-07 05:25:43 +08:00
|
|
|
{ "version", no_argument, NULL, OPTION_VERSION },
|
2014-05-01 06:28:06 +08:00
|
|
|
{ NULL, 0, NULL, 0 }
|
|
|
|
};
|
|
|
|
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS_EX
|
2018-10-29 23:31:19 +08:00
|
|
|
#define LIST_REMOTE_INTERFACES_USAGE "[ --list-remote-interfaces remote-source ]"
|
2017-10-21 02:26:57 +08:00
|
|
|
#else
|
|
|
|
#define LIST_REMOTE_INTERFACES_USAGE
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
|
|
|
|
#define IMMEDIATE_MODE_USAGE " [ --immediate-mode ]"
|
|
|
|
#else
|
|
|
|
#define IMMEDIATE_MODE_USAGE ""
|
|
|
|
#endif
|
|
|
|
|
2015-09-01 05:43:15 +08:00
|
|
|
#ifndef _WIN32
|
2004-02-25 22:23:32 +08:00
|
|
|
/* Drop root privileges and chroot if necessary */
|
From Chris Cogdon <chris@cogdon.org>:
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
2004-01-26 10:05:17 +08:00
|
|
|
static void
|
2004-02-25 22:23:32 +08:00
|
|
|
droproot(const char *username, const char *chroot_dir)
|
2004-01-22 17:35:50 +08:00
|
|
|
{
|
|
|
|
struct passwd *pw = NULL;
|
From Chris Cogdon <chris@cogdon.org>:
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
2004-01-26 10:05:17 +08:00
|
|
|
|
2018-07-14 23:02:34 +08:00
|
|
|
if (chroot_dir && !username)
|
|
|
|
error("Chroot without dropping root is insecure");
|
2014-01-02 10:27:54 +08:00
|
|
|
|
2004-01-22 17:35:50 +08:00
|
|
|
pw = getpwnam(username);
|
|
|
|
if (pw) {
|
2004-02-25 22:23:32 +08:00
|
|
|
if (chroot_dir) {
|
2018-07-14 23:02:34 +08:00
|
|
|
if (chroot(chroot_dir) != 0 || chdir ("/") != 0)
|
|
|
|
error("Couldn't chroot/chdir to '%.64s': %s",
|
|
|
|
chroot_dir, pcap_strerror(errno));
|
2004-02-25 22:23:32 +08:00
|
|
|
}
|
2015-02-15 22:32:23 +08:00
|
|
|
#ifdef HAVE_LIBCAP_NG
|
2015-08-19 02:59:31 +08:00
|
|
|
{
|
|
|
|
int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
|
2018-07-15 00:18:12 +08:00
|
|
|
if (ret < 0)
|
|
|
|
error("capng_change_id(): return %d\n", ret);
|
|
|
|
else
|
2015-08-19 02:59:31 +08:00
|
|
|
fprintf(stderr, "dropped privs to %s\n", username);
|
2014-06-14 02:27:44 +08:00
|
|
|
}
|
2012-05-25 22:26:17 +08:00
|
|
|
#else
|
2004-04-07 16:14:10 +08:00
|
|
|
if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
|
2018-07-14 23:02:34 +08:00
|
|
|
setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0)
|
|
|
|
error("Couldn't change to '%.32s' uid=%lu gid=%lu: %s",
|
|
|
|
username,
|
2015-09-08 23:43:21 +08:00
|
|
|
(unsigned long)pw->pw_uid,
|
|
|
|
(unsigned long)pw->pw_gid,
|
|
|
|
pcap_strerror(errno));
|
2014-05-16 22:32:55 +08:00
|
|
|
else {
|
2015-02-09 09:21:51 +08:00
|
|
|
fprintf(stderr, "dropped privs to %s\n", username);
|
2014-05-16 22:32:55 +08:00
|
|
|
}
|
2015-02-15 22:32:23 +08:00
|
|
|
#endif /* HAVE_LIBCAP_NG */
|
2018-07-14 23:02:34 +08:00
|
|
|
} else
|
|
|
|
error("Couldn't find user '%.32s'", username);
|
2015-02-19 00:38:56 +08:00
|
|
|
#ifdef HAVE_LIBCAP_NG
|
2016-02-07 20:43:29 +08:00
|
|
|
/* We don't need CAP_SETUID, CAP_SETGID and CAP_SYS_CHROOT any more. */
|
2021-07-24 16:51:02 +08:00
|
|
|
DIAG_OFF_ASSIGN_ENUM
|
2015-02-19 00:38:56 +08:00
|
|
|
capng_updatev(
|
|
|
|
CAPNG_DROP,
|
|
|
|
CAPNG_EFFECTIVE | CAPNG_PERMITTED,
|
|
|
|
CAP_SETUID,
|
|
|
|
CAP_SETGID,
|
2016-02-07 20:43:29 +08:00
|
|
|
CAP_SYS_CHROOT,
|
2015-02-19 00:38:56 +08:00
|
|
|
-1);
|
2021-07-24 16:51:02 +08:00
|
|
|
DIAG_ON_ASSIGN_ENUM
|
2015-02-19 00:38:56 +08:00
|
|
|
capng_apply(CAPNG_SELECT_BOTH);
|
|
|
|
#endif /* HAVE_LIBCAP_NG */
|
|
|
|
|
2004-01-22 17:35:50 +08:00
|
|
|
}
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* _WIN32 */
|
2004-01-22 17:35:50 +08:00
|
|
|
|
From Chris Cogdon <chris@cogdon.org>:
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
2004-01-26 10:05:17 +08:00
|
|
|
static int
|
|
|
|
getWflagChars(int x)
|
|
|
|
{
|
|
|
|
int c = 0;
|
|
|
|
|
|
|
|
x -= 1;
|
|
|
|
while (x > 0) {
|
|
|
|
c += 1;
|
|
|
|
x /= 10;
|
|
|
|
}
|
|
|
|
|
|
|
|
return c;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
|
|
|
|
{
|
2012-09-28 11:44:34 +08:00
|
|
|
char *filename = malloc(PATH_MAX + 1);
|
2012-09-05 02:15:29 +08:00
|
|
|
if (filename == NULL)
|
2020-10-08 06:33:51 +08:00
|
|
|
error("%s: malloc", __func__);
|
Have a common routine for converting dates and times to strings.
Have a routine that takes a buffer, a strftime format, and a struct tm *
as arguments, and:
* checks whether the struct tm * is null and, if so, returns a string
indicating that the date and time couldn't be converted;
* otherwise, passes it to strftime(), along with the buffer and the
format argument and, if strftime() returns 0, meaning the string didn't
fit into the buffer and thus that the buffer's contents are undefined,
returns a string indicating that the date and time didn't fit into the
buffer;
* otherwise, returns a pointer to the buffer.
Call that routine instead of directly calling strftime() in printers;
that prevents printing a buffer with undefined data if the buffer isn't
big enough for the string.
Also, when generating file names using an strftime format, check the
return value of strftime() to make sure the buffer didn't overflow.
2023-01-31 15:03:16 +08:00
|
|
|
if (strlen(orig_name) == 0)
|
|
|
|
error("an empty string is not a valid file name");
|
2005-10-20 15:43:51 +08:00
|
|
|
|
|
|
|
/* Process with strftime if Gflag is set. */
|
2015-04-24 08:27:45 +08:00
|
|
|
if (Gflag != 0) {
|
2005-10-20 15:43:51 +08:00
|
|
|
struct tm *local_tm;
|
|
|
|
|
|
|
|
/* Convert Gflag_time to a usable format */
|
2015-04-24 08:27:45 +08:00
|
|
|
if ((local_tm = localtime(&Gflag_time)) == NULL) {
|
2020-10-08 06:33:51 +08:00
|
|
|
error("%s: localtime", __func__);
|
2005-10-20 15:43:51 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* There's no good way to detect an error in strftime since a return
|
Have a common routine for converting dates and times to strings.
Have a routine that takes a buffer, a strftime format, and a struct tm *
as arguments, and:
* checks whether the struct tm * is null and, if so, returns a string
indicating that the date and time couldn't be converted;
* otherwise, passes it to strftime(), along with the buffer and the
format argument and, if strftime() returns 0, meaning the string didn't
fit into the buffer and thus that the buffer's contents are undefined,
returns a string indicating that the date and time didn't fit into the
buffer;
* otherwise, returns a pointer to the buffer.
Call that routine instead of directly calling strftime() in printers;
that prevents printing a buffer with undefined data if the buffer isn't
big enough for the string.
Also, when generating file names using an strftime format, check the
return value of strftime() to make sure the buffer didn't overflow.
2023-01-31 15:03:16 +08:00
|
|
|
* value of 0 isn't necessarily failure; if orig_name is an empty
|
|
|
|
* string, the formatted string will be empty.
|
|
|
|
*
|
|
|
|
* However, the C90 standard says that, if there *is* a
|
|
|
|
* buffer overflow, the content of the buffer is undefined,
|
|
|
|
* so we must check for a buffer overflow.
|
|
|
|
*
|
|
|
|
* So we check above for an empty orig_name, and only call
|
|
|
|
* strftime() if it's non-empty, in which case the return
|
|
|
|
* value will only be 0 if the formatted date doesn't fit
|
|
|
|
* in the buffer.
|
|
|
|
*
|
|
|
|
* (We check above because, even if we don't use -G, we
|
|
|
|
* want a better error message than "tcpdump: : No such
|
|
|
|
* file or directory" for this case.)
|
2005-10-20 15:43:51 +08:00
|
|
|
*/
|
Have a common routine for converting dates and times to strings.
Have a routine that takes a buffer, a strftime format, and a struct tm *
as arguments, and:
* checks whether the struct tm * is null and, if so, returns a string
indicating that the date and time couldn't be converted;
* otherwise, passes it to strftime(), along with the buffer and the
format argument and, if strftime() returns 0, meaning the string didn't
fit into the buffer and thus that the buffer's contents are undefined,
returns a string indicating that the date and time didn't fit into the
buffer;
* otherwise, returns a pointer to the buffer.
Call that routine instead of directly calling strftime() in printers;
that prevents printing a buffer with undefined data if the buffer isn't
big enough for the string.
Also, when generating file names using an strftime format, check the
return value of strftime() to make sure the buffer didn't overflow.
2023-01-31 15:03:16 +08:00
|
|
|
if (strftime(filename, PATH_MAX, orig_name, local_tm) == 0) {
|
|
|
|
error("%s: strftime", __func__);
|
|
|
|
}
|
2005-10-20 15:43:51 +08:00
|
|
|
} else {
|
2012-09-28 11:44:34 +08:00
|
|
|
strncpy(filename, orig_name, PATH_MAX);
|
2005-10-20 15:43:51 +08:00
|
|
|
}
|
|
|
|
|
From Chris Cogdon <chris@cogdon.org>:
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
2004-01-26 10:05:17 +08:00
|
|
|
if (cnt == 0 && max_chars == 0)
|
2012-09-28 11:44:34 +08:00
|
|
|
strncpy(buffer, filename, PATH_MAX + 1);
|
From Chris Cogdon <chris@cogdon.org>:
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
2004-01-26 10:05:17 +08:00
|
|
|
else
|
2019-08-09 13:39:54 +08:00
|
|
|
if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX)
|
2005-10-20 15:43:51 +08:00
|
|
|
/* Report an error if the filename is too large */
|
2012-09-28 11:44:34 +08:00
|
|
|
error("too many output files or filename is too long (> %d)", PATH_MAX);
|
2005-10-25 17:29:44 +08:00
|
|
|
free(filename);
|
From Chris Cogdon <chris@cogdon.org>:
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
2004-01-26 10:05:17 +08:00
|
|
|
}
|
|
|
|
|
2012-11-30 15:39:43 +08:00
|
|
|
static char *
|
|
|
|
get_next_file(FILE *VFile, char *ptr)
|
|
|
|
{
|
2012-09-07 02:40:21 +08:00
|
|
|
char *ret;
|
2018-06-18 05:15:19 +08:00
|
|
|
size_t len;
|
2012-09-07 02:40:21 +08:00
|
|
|
|
2012-11-30 15:39:43 +08:00
|
|
|
ret = fgets(ptr, PATH_MAX, VFile);
|
2012-09-07 02:40:21 +08:00
|
|
|
if (!ret)
|
|
|
|
return NULL;
|
|
|
|
|
2018-06-18 05:15:19 +08:00
|
|
|
len = strlen (ptr);
|
|
|
|
if (len > 0 && ptr[len - 1] == '\n')
|
|
|
|
ptr[len - 1] = '\0';
|
2012-09-07 02:40:21 +08:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2017-02-02 08:13:05 +08:00
|
|
|
#ifdef HAVE_CASPER
|
|
|
|
static cap_channel_t *
|
|
|
|
capdns_setup(void)
|
|
|
|
{
|
|
|
|
cap_channel_t *capcas, *capdnsloc;
|
|
|
|
const char *types[1];
|
|
|
|
int families[2];
|
|
|
|
|
|
|
|
capcas = cap_init();
|
|
|
|
if (capcas == NULL)
|
|
|
|
error("unable to create casper process");
|
|
|
|
capdnsloc = cap_service_open(capcas, "system.dns");
|
|
|
|
/* Casper capability no longer needed. */
|
|
|
|
cap_close(capcas);
|
|
|
|
if (capdnsloc == NULL)
|
|
|
|
error("unable to open system.dns service");
|
|
|
|
/* Limit system.dns to reverse DNS lookups. */
|
|
|
|
types[0] = "ADDR";
|
|
|
|
if (cap_dns_type_limit(capdnsloc, types, 1) < 0)
|
|
|
|
error("unable to limit access to system.dns service");
|
|
|
|
families[0] = AF_INET;
|
Detect OS IPv6 support using AF_INET6 only.
tcpdump source code has not been using struct in6_addr since commit
0c9cfdc in 2019, so lose the conditional structure declaration, which is
a no-op.
Since commit de7c619 in 2015 netdissect-stdinc.h on Windows defines
HAVE_OS_IPV6_SUPPORT if AF_INET6 if defined, which makes it equivalent
to AF_INET6. On Unix-like systems taking struct in6_addr out of scope
would make HAVE_OS_IPV6_SUPPORT equivalent to AF_INET6, thus after
removing struct in6_addr remove HAVE_OS_IPV6_SUPPORT together with
Autoconf and CMake checks that define it. Leave an unrelated CMake
workaround in place for later debugging.
On Windows do not define AF_INET6 if it is not defined, which makes
AF_INET6 a universal indicator of the OS IPv6 support on all supported
OSes. The few remaining use cases that genuinely need AF_INET6 use it
to make OS API calls, so if the macro is not defined, it most likely
means such an API call in the best case would return just a well-formed
error status. With this in mind, in win32_gethostbyaddr() and
ip6addr_string() guard all IPv6-specific code with #ifdef AF_INET6. In
tcpdump.c add a comment to note why a guard is not required for
Casper-specific conditional code that uses AF_INET6.
This way when the OS does not support IPv6, IPv6 addresses will not
resolve to names, which is expected. Other than that, tcpdump should be
able to process IPv6 addresses the usual way regardless if the OS would
be able to process the packets with these addresses.
2023-02-21 16:02:28 +08:00
|
|
|
/* Casper is a feature of FreeBSD, which defines AF_INET6. */
|
2017-02-02 08:13:05 +08:00
|
|
|
families[1] = AF_INET6;
|
|
|
|
if (cap_dns_family_limit(capdnsloc, families, 2) < 0)
|
|
|
|
error("unable to limit access to system.dns service");
|
|
|
|
|
|
|
|
return (capdnsloc);
|
|
|
|
}
|
|
|
|
#endif /* HAVE_CASPER */
|
|
|
|
|
2014-06-26 03:06:35 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
|
2014-03-19 21:14:25 +08:00
|
|
|
static int
|
|
|
|
tstamp_precision_from_string(const char *precision)
|
|
|
|
{
|
|
|
|
if (strncmp(precision, "nano", strlen("nano")) == 0)
|
|
|
|
return PCAP_TSTAMP_PRECISION_NANO;
|
|
|
|
|
|
|
|
if (strncmp(precision, "micro", strlen("micro")) == 0)
|
|
|
|
return PCAP_TSTAMP_PRECISION_MICRO;
|
|
|
|
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2014-06-26 03:06:35 +08:00
|
|
|
static const char *
|
|
|
|
tstamp_precision_to_string(int precision)
|
|
|
|
{
|
|
|
|
switch (precision) {
|
|
|
|
|
|
|
|
case PCAP_TSTAMP_PRECISION_MICRO:
|
|
|
|
return "micro";
|
|
|
|
|
|
|
|
case PCAP_TSTAMP_PRECISION_NANO:
|
|
|
|
return "nano";
|
|
|
|
|
|
|
|
default:
|
|
|
|
return "unknown";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2015-03-06 07:32:01 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
|
|
|
/*
|
|
|
|
* Ensure that, on a dump file's descriptor, we have all the rights
|
|
|
|
* necessary to make the standard I/O library work with an fdopen()ed
|
|
|
|
* FILE * from that descriptor.
|
|
|
|
*
|
2020-03-30 16:34:57 +08:00
|
|
|
* A long time ago in a galaxy far, far away, AT&T decided that, instead
|
2015-03-06 07:32:01 +08:00
|
|
|
* of providing separate APIs for getting and setting the FD_ flags on a
|
|
|
|
* descriptor, getting and setting the O_ flags on a descriptor, and
|
|
|
|
* locking files, they'd throw them all into a kitchen-sink fcntl() call
|
|
|
|
* along the lines of ioctl(), the fact that ioctl() operations are
|
|
|
|
* largely specific to particular character devices but fcntl() operations
|
|
|
|
* are either generic to all descriptors or generic to all descriptors for
|
|
|
|
* regular files nonwithstanding.
|
|
|
|
*
|
|
|
|
* The Capsicum people decided that fine-grained control of descriptor
|
|
|
|
* operations was required, so that you need to grant permission for
|
|
|
|
* reading, writing, seeking, and fcntl-ing. The latter, courtesy of
|
|
|
|
* AT&T's decision, means that "fcntl-ing" isn't a thing, but a motley
|
|
|
|
* collection of things, so there are *individual* fcntls for which
|
|
|
|
* permission needs to be granted.
|
|
|
|
*
|
|
|
|
* The FreeBSD standard I/O people implemented some optimizations that
|
|
|
|
* requires that the standard I/O routines be able to determine whether
|
|
|
|
* the descriptor for the FILE * is open append-only or not; as that
|
|
|
|
* descriptor could have come from an open() rather than an fopen(),
|
|
|
|
* that requires that it be able to do an F_GETFL fcntl() to read
|
|
|
|
* the O_ flags.
|
|
|
|
*
|
|
|
|
* Tcpdump uses ftell() to determine how much data has been written
|
|
|
|
* to a file in order to, when used with -C, determine when it's time
|
|
|
|
* to rotate capture files. ftell() therefore needs to do an lseek()
|
|
|
|
* to find out the file offset and must, thanks to the aforementioned
|
|
|
|
* optimization, also know whether the descriptor is open append-only
|
|
|
|
* or not.
|
|
|
|
*
|
|
|
|
* The net result of all the above is that we need to grant CAP_SEEK,
|
|
|
|
* CAP_WRITE, and CAP_FCNTL with the CAP_FCNTL_GETFL subcapability.
|
|
|
|
*
|
|
|
|
* Perhaps this is the universe's way of saying that either
|
|
|
|
*
|
|
|
|
* 1) there needs to be an fopenat() call and a pcap_dump_openat() call
|
|
|
|
* using it, so that Capsicum-capable tcpdump wouldn't need to do
|
|
|
|
* an fdopen()
|
|
|
|
*
|
|
|
|
* or
|
|
|
|
*
|
|
|
|
* 2) there needs to be a cap_fdopen() call in the FreeBSD standard
|
|
|
|
* I/O library that knows what rights are needed by the standard
|
|
|
|
* I/O library, based on the open mode, and assigns them, perhaps
|
|
|
|
* with an additional argument indicating, for example, whether
|
|
|
|
* seeking should be allowed, so that tcpdump doesn't need to know
|
|
|
|
* what the standard I/O library happens to require this week.
|
|
|
|
*/
|
|
|
|
static void
|
2015-03-10 06:34:03 +08:00
|
|
|
set_dumper_capsicum_rights(pcap_dumper_t *p)
|
2015-03-06 07:32:01 +08:00
|
|
|
{
|
2015-03-10 06:34:03 +08:00
|
|
|
int fd = fileno(pcap_dump_file(p));
|
2015-03-06 07:32:01 +08:00
|
|
|
cap_rights_t rights;
|
|
|
|
|
|
|
|
cap_rights_init(&rights, CAP_SEEK, CAP_WRITE, CAP_FCNTL);
|
|
|
|
if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) {
|
|
|
|
error("unable to limit dump descriptor");
|
|
|
|
}
|
|
|
|
if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS) {
|
|
|
|
error("unable to limit dump descriptor fcntls");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2016-08-05 04:19:57 +08:00
|
|
|
/*
|
|
|
|
* Copy arg vector into a new buffer, concatenating arguments with spaces.
|
|
|
|
*/
|
|
|
|
static char *
|
2017-12-14 02:17:47 +08:00
|
|
|
copy_argv(char **argv)
|
2016-08-05 04:19:57 +08:00
|
|
|
{
|
2017-12-14 02:17:47 +08:00
|
|
|
char **p;
|
2018-09-15 16:41:59 +08:00
|
|
|
size_t len = 0;
|
2016-08-05 04:19:57 +08:00
|
|
|
char *buf;
|
|
|
|
char *src, *dst;
|
|
|
|
|
|
|
|
p = argv;
|
2016-08-25 01:30:56 +08:00
|
|
|
if (*p == NULL)
|
2016-08-05 04:19:57 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
while (*p)
|
|
|
|
len += strlen(*p++) + 1;
|
|
|
|
|
|
|
|
buf = (char *)malloc(len);
|
|
|
|
if (buf == NULL)
|
2020-10-08 06:33:51 +08:00
|
|
|
error("%s: malloc", __func__);
|
2016-08-05 04:19:57 +08:00
|
|
|
|
|
|
|
p = argv;
|
|
|
|
dst = buf;
|
|
|
|
while ((src = *p++) != NULL) {
|
|
|
|
while ((*dst++ = *src++) != '\0')
|
|
|
|
;
|
|
|
|
dst[-1] = ' ';
|
|
|
|
}
|
|
|
|
dst[-1] = '\0';
|
|
|
|
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* On Windows, we need to open the file in binary mode, so that
|
|
|
|
* we get all the bytes specified by the size we get from "fstat()".
|
|
|
|
* On UNIX, that's not necessary. O_BINARY is defined on Windows;
|
|
|
|
* we define it as 0 if it's not defined, so it does nothing.
|
|
|
|
*/
|
|
|
|
#ifndef O_BINARY
|
|
|
|
#define O_BINARY 0
|
|
|
|
#endif
|
|
|
|
|
|
|
|
static char *
|
|
|
|
read_infile(char *fname)
|
|
|
|
{
|
2019-07-21 21:20:54 +08:00
|
|
|
int i, fd;
|
|
|
|
ssize_t cc;
|
2017-12-14 02:17:47 +08:00
|
|
|
char *cp;
|
2020-10-01 02:37:30 +08:00
|
|
|
our_statb buf;
|
2016-08-05 04:19:57 +08:00
|
|
|
|
|
|
|
fd = open(fname, O_RDONLY|O_BINARY);
|
|
|
|
if (fd < 0)
|
|
|
|
error("can't open %s: %s", fname, pcap_strerror(errno));
|
|
|
|
|
2020-10-01 02:37:30 +08:00
|
|
|
if (our_fstat(fd, &buf) < 0)
|
2016-08-05 04:19:57 +08:00
|
|
|
error("can't stat %s: %s", fname, pcap_strerror(errno));
|
|
|
|
|
2020-10-01 02:37:30 +08:00
|
|
|
/*
|
|
|
|
* Reject files whose size doesn't fit into an int; a filter
|
|
|
|
* *that* large will probably be too big.
|
|
|
|
*/
|
|
|
|
if (buf.st_size > INT_MAX)
|
|
|
|
error("%s is too large", fname);
|
|
|
|
|
2016-08-05 04:19:57 +08:00
|
|
|
cp = malloc((u_int)buf.st_size + 1);
|
|
|
|
if (cp == NULL)
|
|
|
|
error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1,
|
|
|
|
fname, pcap_strerror(errno));
|
|
|
|
cc = read(fd, cp, (u_int)buf.st_size);
|
|
|
|
if (cc < 0)
|
|
|
|
error("read %s: %s", fname, pcap_strerror(errno));
|
|
|
|
if (cc != buf.st_size)
|
2020-10-01 02:37:30 +08:00
|
|
|
error("short read %s (%d != %d)", fname, (int) cc,
|
|
|
|
(int)buf.st_size);
|
2016-08-05 04:19:57 +08:00
|
|
|
|
|
|
|
close(fd);
|
|
|
|
/* replace "# comment" with spaces */
|
|
|
|
for (i = 0; i < cc; i++) {
|
|
|
|
if (cp[i] == '#')
|
|
|
|
while (i < cc && cp[i] != '\n')
|
|
|
|
cp[i++] = ' ';
|
|
|
|
}
|
|
|
|
cp[cc] = '\0';
|
|
|
|
return (cp);
|
|
|
|
}
|
|
|
|
|
2016-08-10 02:12:35 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
static long
|
|
|
|
parse_interface_number(const char *device)
|
|
|
|
{
|
2018-04-01 17:17:42 +08:00
|
|
|
const char *p;
|
2016-08-10 02:12:35 +08:00
|
|
|
long devnum;
|
|
|
|
char *end;
|
|
|
|
|
2018-04-01 17:17:42 +08:00
|
|
|
/*
|
|
|
|
* Search for a colon, terminating any scheme at the beginning
|
|
|
|
* of the device.
|
|
|
|
*/
|
|
|
|
p = strchr(device, ':');
|
|
|
|
if (p != NULL) {
|
|
|
|
/*
|
|
|
|
* We found it. Is it followed by "//"?
|
|
|
|
*/
|
|
|
|
p++; /* skip the : */
|
|
|
|
if (strncmp(p, "//", 2) == 0) {
|
|
|
|
/*
|
|
|
|
* Yes. Search for the next /, at the end of the
|
|
|
|
* authority part of the URL.
|
|
|
|
*/
|
|
|
|
p += 2; /* skip the // */
|
|
|
|
p = strchr(p, '/');
|
|
|
|
if (p != NULL) {
|
|
|
|
/*
|
|
|
|
* OK, past the / is the path.
|
|
|
|
*/
|
|
|
|
device = p + 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2016-08-10 02:12:35 +08:00
|
|
|
devnum = strtol(device, &end, 10);
|
|
|
|
if (device != end && *end == '\0') {
|
|
|
|
/*
|
|
|
|
* It's all-numeric, but is it a valid number?
|
|
|
|
*/
|
|
|
|
if (devnum <= 0) {
|
|
|
|
/*
|
|
|
|
* No, it's not an ordinal.
|
|
|
|
*/
|
|
|
|
error("Invalid adapter index");
|
|
|
|
}
|
|
|
|
return (devnum);
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* It's not all-numeric; return -1, so our caller
|
|
|
|
* knows that.
|
|
|
|
*/
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static char *
|
2018-07-12 22:02:56 +08:00
|
|
|
find_interface_by_number(const char *url
|
|
|
|
#ifndef HAVE_PCAP_FINDALLDEVS_EX
|
|
|
|
_U_
|
|
|
|
#endif
|
|
|
|
, long devnum)
|
2016-08-10 02:12:35 +08:00
|
|
|
{
|
|
|
|
pcap_if_t *dev, *devlist;
|
|
|
|
long i;
|
|
|
|
char ebuf[PCAP_ERRBUF_SIZE];
|
|
|
|
char *device;
|
2018-04-01 17:17:42 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS_EX
|
|
|
|
const char *endp;
|
|
|
|
char *host_url;
|
|
|
|
#endif
|
|
|
|
int status;
|
2016-08-10 02:12:35 +08:00
|
|
|
|
2018-04-01 17:17:42 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS_EX
|
|
|
|
/*
|
|
|
|
* Search for a colon, terminating any scheme at the beginning
|
|
|
|
* of the URL.
|
|
|
|
*/
|
|
|
|
endp = strchr(url, ':');
|
|
|
|
if (endp != NULL) {
|
|
|
|
/*
|
|
|
|
* We found it. Is it followed by "//"?
|
|
|
|
*/
|
|
|
|
endp++; /* skip the : */
|
|
|
|
if (strncmp(endp, "//", 2) == 0) {
|
|
|
|
/*
|
|
|
|
* Yes. Search for the next /, at the end of the
|
|
|
|
* authority part of the URL.
|
|
|
|
*/
|
|
|
|
endp += 2; /* skip the // */
|
|
|
|
endp = strchr(endp, '/');
|
|
|
|
} else
|
|
|
|
endp = NULL;
|
|
|
|
}
|
|
|
|
if (endp != NULL) {
|
|
|
|
/*
|
|
|
|
* OK, everything from device to endp is a URL to hand
|
|
|
|
* to pcap_findalldevs_ex().
|
|
|
|
*/
|
|
|
|
endp++; /* Include the trailing / in the URL; pcap_findalldevs_ex() requires it */
|
|
|
|
host_url = malloc(endp - url + 1);
|
2018-10-09 10:18:52 +08:00
|
|
|
if (host_url == NULL && (endp - url + 1) > 0)
|
|
|
|
error("Invalid allocation for host");
|
|
|
|
|
2018-04-01 17:17:42 +08:00
|
|
|
memcpy(host_url, url, endp - url);
|
|
|
|
host_url[endp - url] = '\0';
|
|
|
|
status = pcap_findalldevs_ex(host_url, NULL, &devlist, ebuf);
|
|
|
|
free(host_url);
|
|
|
|
} else
|
|
|
|
#endif
|
|
|
|
status = pcap_findalldevs(&devlist, ebuf);
|
|
|
|
if (status < 0)
|
2016-08-10 02:12:35 +08:00
|
|
|
error("%s", ebuf);
|
|
|
|
/*
|
|
|
|
* Look for the devnum-th entry in the list of devices (1-based).
|
|
|
|
*/
|
|
|
|
for (i = 0, dev = devlist; i < devnum-1 && dev != NULL;
|
|
|
|
i++, dev = dev->next)
|
|
|
|
;
|
|
|
|
if (dev == NULL)
|
|
|
|
error("Invalid adapter index");
|
|
|
|
device = strdup(dev->name);
|
|
|
|
pcap_freealldevs(devlist);
|
|
|
|
return (device);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_OPEN
|
|
|
|
/*
|
2019-01-07 10:30:59 +08:00
|
|
|
* Prefixes for rpcap URLs.
|
2017-10-21 02:26:57 +08:00
|
|
|
*/
|
|
|
|
static char rpcap_prefix[] = "rpcap://";
|
2019-01-07 10:30:59 +08:00
|
|
|
static char rpcap_ssl_prefix[] = "rpcaps://";
|
2017-10-21 02:26:57 +08:00
|
|
|
#endif
|
|
|
|
|
2016-08-10 02:12:35 +08:00
|
|
|
static pcap_t *
|
|
|
|
open_interface(const char *device, netdissect_options *ndo, char *ebuf)
|
|
|
|
{
|
|
|
|
pcap_t *pc;
|
|
|
|
#ifdef HAVE_PCAP_CREATE
|
|
|
|
int status;
|
|
|
|
char *cp;
|
|
|
|
#endif
|
|
|
|
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_OPEN
|
|
|
|
/*
|
|
|
|
* Is this an rpcap URL?
|
|
|
|
*/
|
2019-01-07 10:30:59 +08:00
|
|
|
if (strncmp(device, rpcap_prefix, sizeof(rpcap_prefix) - 1) == 0 ||
|
|
|
|
strncmp(device, rpcap_ssl_prefix, sizeof(rpcap_ssl_prefix) - 1) == 0) {
|
2017-10-21 02:26:57 +08:00
|
|
|
/*
|
|
|
|
* Yes. Open it with pcap_open().
|
|
|
|
*/
|
|
|
|
*ebuf = '\0';
|
|
|
|
pc = pcap_open(device, ndo->ndo_snaplen,
|
2020-01-20 11:34:00 +08:00
|
|
|
pflag ? 0 : PCAP_OPENFLAG_PROMISCUOUS, timeout, NULL,
|
2017-10-21 02:26:57 +08:00
|
|
|
ebuf);
|
|
|
|
if (pc == NULL) {
|
|
|
|
/*
|
2018-04-01 17:17:42 +08:00
|
|
|
* If this failed with "No such device" or "The system
|
|
|
|
* cannot find the device specified", that means
|
2017-10-21 02:26:57 +08:00
|
|
|
* the interface doesn't exist; return NULL, so that
|
|
|
|
* the caller can see whether the device name is
|
|
|
|
* actually an interface index.
|
|
|
|
*/
|
2018-04-01 17:17:42 +08:00
|
|
|
if (strstr(ebuf, "No such device") != NULL ||
|
|
|
|
strstr(ebuf, "The system cannot find the device specified") != NULL)
|
2017-10-21 02:26:57 +08:00
|
|
|
return (NULL);
|
|
|
|
error("%s", ebuf);
|
|
|
|
}
|
|
|
|
if (*ebuf)
|
|
|
|
warning("%s", ebuf);
|
|
|
|
return (pc);
|
|
|
|
}
|
|
|
|
#endif /* HAVE_PCAP_OPEN */
|
|
|
|
|
2016-08-10 02:12:35 +08:00
|
|
|
#ifdef HAVE_PCAP_CREATE
|
|
|
|
pc = pcap_create(device, ebuf);
|
2016-08-11 02:45:18 +08:00
|
|
|
if (pc == NULL) {
|
|
|
|
/*
|
|
|
|
* If this failed with "No such device", that means
|
|
|
|
* the interface doesn't exist; return NULL, so that
|
|
|
|
* the caller can see whether the device name is
|
|
|
|
* actually an interface index.
|
|
|
|
*/
|
|
|
|
if (strstr(ebuf, "No such device") != NULL)
|
|
|
|
return (NULL);
|
2016-08-10 02:12:35 +08:00
|
|
|
error("%s", ebuf);
|
2016-08-11 02:45:18 +08:00
|
|
|
}
|
2016-08-10 02:12:35 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
if (Jflag)
|
2016-09-02 20:01:57 +08:00
|
|
|
show_tstamp_types_and_exit(pc, device);
|
2016-08-10 02:12:35 +08:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
|
|
|
|
status = pcap_set_tstamp_precision(pc, ndo->ndo_tstamp_precision);
|
|
|
|
if (status != 0)
|
|
|
|
error("%s: Can't set %ssecond time stamp precision: %s",
|
2018-08-01 00:58:38 +08:00
|
|
|
device,
|
|
|
|
tstamp_precision_to_string(ndo->ndo_tstamp_precision),
|
|
|
|
pcap_statustostr(status));
|
2016-08-10 02:12:35 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
|
|
|
|
if (immediate_mode) {
|
|
|
|
status = pcap_set_immediate_mode(pc, 1);
|
|
|
|
if (status != 0)
|
|
|
|
error("%s: Can't set immediate mode: %s",
|
2018-08-01 00:58:38 +08:00
|
|
|
device, pcap_statustostr(status));
|
2016-08-10 02:12:35 +08:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
/*
|
|
|
|
* Is this an interface that supports monitor mode?
|
|
|
|
*/
|
|
|
|
if (pcap_can_set_rfmon(pc) == 1)
|
|
|
|
supports_monitor_mode = 1;
|
|
|
|
else
|
|
|
|
supports_monitor_mode = 0;
|
2017-06-03 12:50:45 +08:00
|
|
|
if (ndo->ndo_snaplen != 0) {
|
|
|
|
/*
|
|
|
|
* A snapshot length was explicitly specified;
|
|
|
|
* use it.
|
|
|
|
*/
|
|
|
|
status = pcap_set_snaplen(pc, ndo->ndo_snaplen);
|
|
|
|
if (status != 0)
|
|
|
|
error("%s: Can't set snapshot length: %s",
|
|
|
|
device, pcap_statustostr(status));
|
|
|
|
}
|
2016-08-10 02:12:35 +08:00
|
|
|
status = pcap_set_promisc(pc, !pflag);
|
|
|
|
if (status != 0)
|
|
|
|
error("%s: Can't set promiscuous mode: %s",
|
|
|
|
device, pcap_statustostr(status));
|
|
|
|
if (Iflag) {
|
|
|
|
status = pcap_set_rfmon(pc, 1);
|
|
|
|
if (status != 0)
|
|
|
|
error("%s: Can't set monitor mode: %s",
|
|
|
|
device, pcap_statustostr(status));
|
|
|
|
}
|
2020-01-20 11:34:00 +08:00
|
|
|
status = pcap_set_timeout(pc, timeout);
|
2016-08-10 02:12:35 +08:00
|
|
|
if (status != 0)
|
|
|
|
error("%s: pcap_set_timeout failed: %s",
|
|
|
|
device, pcap_statustostr(status));
|
|
|
|
if (Bflag != 0) {
|
|
|
|
status = pcap_set_buffer_size(pc, Bflag);
|
|
|
|
if (status != 0)
|
|
|
|
error("%s: Can't set buffer size: %s",
|
|
|
|
device, pcap_statustostr(status));
|
|
|
|
}
|
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
if (jflag != -1) {
|
|
|
|
status = pcap_set_tstamp_type(pc, jflag);
|
|
|
|
if (status < 0)
|
|
|
|
error("%s: Can't set time stamp type: %s",
|
2018-08-01 00:58:38 +08:00
|
|
|
device, pcap_statustostr(status));
|
2018-07-31 20:54:04 +08:00
|
|
|
else if (status > 0)
|
|
|
|
warning("When trying to set timestamp type '%s' on %s: %s",
|
2018-08-01 00:58:38 +08:00
|
|
|
pcap_tstamp_type_val_to_name(jflag), device,
|
|
|
|
pcap_statustostr(status));
|
2016-08-10 02:12:35 +08:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
status = pcap_activate(pc);
|
|
|
|
if (status < 0) {
|
|
|
|
/*
|
|
|
|
* pcap_activate() failed.
|
|
|
|
*/
|
|
|
|
cp = pcap_geterr(pc);
|
|
|
|
if (status == PCAP_ERROR)
|
|
|
|
error("%s", cp);
|
|
|
|
else if (status == PCAP_ERROR_NO_SUCH_DEVICE) {
|
|
|
|
/*
|
|
|
|
* Return an error for our caller to handle.
|
|
|
|
*/
|
2019-08-09 13:39:54 +08:00
|
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s\n(%s)",
|
2016-08-10 02:12:35 +08:00
|
|
|
device, pcap_statustostr(status), cp);
|
|
|
|
} else if (status == PCAP_ERROR_PERM_DENIED && *cp != '\0')
|
|
|
|
error("%s: %s\n(%s)", device,
|
|
|
|
pcap_statustostr(status), cp);
|
2017-02-03 06:02:49 +08:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
else if (status == PCAP_ERROR_RFMON_NOTSUP &&
|
|
|
|
strncmp(device, "wlan", 4) == 0) {
|
|
|
|
char parent[8], newdev[8];
|
|
|
|
char sysctl[32];
|
|
|
|
size_t s = sizeof(parent);
|
|
|
|
|
2019-08-09 13:39:54 +08:00
|
|
|
snprintf(sysctl, sizeof(sysctl),
|
2017-02-03 06:02:49 +08:00
|
|
|
"net.wlan.%d.%%parent", atoi(device + 4));
|
|
|
|
sysctlbyname(sysctl, parent, &s, NULL, 0);
|
|
|
|
strlcpy(newdev, device, sizeof(newdev));
|
|
|
|
/* Suggest a new wlan device. */
|
2017-04-03 05:43:49 +08:00
|
|
|
/* FIXME: incrementing the index this way is not going to work well
|
|
|
|
* when the index is 9 or greater but the only consequence in this
|
|
|
|
* specific case would be an error message that looks a bit odd.
|
|
|
|
*/
|
2017-02-03 06:02:49 +08:00
|
|
|
newdev[strlen(newdev)-1]++;
|
|
|
|
error("%s is not a monitor mode VAP\n"
|
|
|
|
"To create a new monitor mode VAP use:\n"
|
|
|
|
" ifconfig %s create wlandev %s wlanmode monitor\n"
|
|
|
|
"and use %s as the tcpdump interface",
|
|
|
|
device, newdev, parent, newdev);
|
|
|
|
}
|
|
|
|
#endif
|
2016-08-10 02:12:35 +08:00
|
|
|
else
|
|
|
|
error("%s: %s", device,
|
|
|
|
pcap_statustostr(status));
|
2019-11-24 11:28:01 +08:00
|
|
|
pcap_close(pc);
|
|
|
|
return (NULL);
|
2016-08-10 02:12:35 +08:00
|
|
|
} else if (status > 0) {
|
|
|
|
/*
|
|
|
|
* pcap_activate() succeeded, but it's warning us
|
|
|
|
* of a problem it had.
|
|
|
|
*/
|
|
|
|
cp = pcap_geterr(pc);
|
|
|
|
if (status == PCAP_WARNING)
|
|
|
|
warning("%s", cp);
|
|
|
|
else if (status == PCAP_WARNING_PROMISC_NOTSUP &&
|
|
|
|
*cp != '\0')
|
|
|
|
warning("%s: %s\n(%s)", device,
|
|
|
|
pcap_statustostr(status), cp);
|
|
|
|
else
|
|
|
|
warning("%s: %s", device,
|
|
|
|
pcap_statustostr(status));
|
|
|
|
}
|
|
|
|
#ifdef HAVE_PCAP_SETDIRECTION
|
|
|
|
if (Qflag != -1) {
|
|
|
|
status = pcap_setdirection(pc, Qflag);
|
|
|
|
if (status != 0)
|
|
|
|
error("%s: pcap_setdirection() failed: %s",
|
|
|
|
device, pcap_geterr(pc));
|
|
|
|
}
|
|
|
|
#endif /* HAVE_PCAP_SETDIRECTION */
|
|
|
|
#else /* HAVE_PCAP_CREATE */
|
|
|
|
*ebuf = '\0';
|
2017-06-03 12:50:45 +08:00
|
|
|
/*
|
|
|
|
* If no snapshot length was specified, or a length of 0 was
|
|
|
|
* specified, default to 256KB.
|
|
|
|
*/
|
|
|
|
if (ndo->ndo_snaplen == 0)
|
2019-10-08 13:07:27 +08:00
|
|
|
ndo->ndo_snaplen = MAXIMUM_SNAPLEN;
|
2020-01-20 11:34:00 +08:00
|
|
|
pc = pcap_open_live(device, ndo->ndo_snaplen, !pflag, timeout, ebuf);
|
2016-08-11 02:45:18 +08:00
|
|
|
if (pc == NULL) {
|
|
|
|
/*
|
|
|
|
* If this failed with "No such device", that means
|
|
|
|
* the interface doesn't exist; return NULL, so that
|
|
|
|
* the caller can see whether the device name is
|
|
|
|
* actually an interface index.
|
|
|
|
*/
|
|
|
|
if (strstr(ebuf, "No such device") != NULL)
|
|
|
|
return (NULL);
|
2016-08-10 02:12:35 +08:00
|
|
|
error("%s", ebuf);
|
2016-08-11 02:45:18 +08:00
|
|
|
}
|
|
|
|
if (*ebuf)
|
2016-08-10 02:12:35 +08:00
|
|
|
warning("%s", ebuf);
|
|
|
|
#endif /* HAVE_PCAP_CREATE */
|
|
|
|
|
|
|
|
return (pc);
|
|
|
|
}
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
int
|
|
|
|
main(int argc, char **argv)
|
|
|
|
{
|
2017-12-14 02:17:47 +08:00
|
|
|
int cnt, op, i;
|
2017-10-12 03:09:42 +08:00
|
|
|
bpf_u_int32 localnet = 0, netmask = 0;
|
2017-12-14 02:17:47 +08:00
|
|
|
char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName;
|
2017-09-22 00:47:42 +08:00
|
|
|
char *endp;
|
2002-12-19 17:39:10 +08:00
|
|
|
pcap_handler callback;
|
2012-08-11 09:43:54 +08:00
|
|
|
int dlt;
|
|
|
|
const char *dlt_name;
|
1999-10-08 07:47:09 +08:00
|
|
|
struct bpf_program fcode;
|
2015-09-01 05:43:15 +08:00
|
|
|
#ifndef _WIN32
|
2017-10-16 13:36:07 +08:00
|
|
|
void (*oldhandler)(int);
|
2002-08-01 16:52:55 +08:00
|
|
|
#endif
|
2001-12-23 06:12:23 +08:00
|
|
|
struct dump_info dumpinfo;
|
1999-10-08 07:47:09 +08:00
|
|
|
u_char *pcap_userdata;
|
|
|
|
char ebuf[PCAP_ERRBUF_SIZE];
|
2012-11-30 15:39:43 +08:00
|
|
|
char VFileLine[PATH_MAX + 1];
|
2019-08-04 23:08:03 +08:00
|
|
|
const char *username = NULL;
|
2019-08-04 20:23:02 +08:00
|
|
|
#ifndef _WIN32
|
2019-07-23 20:12:43 +08:00
|
|
|
const char *chroot_dir = NULL;
|
2019-08-04 20:23:02 +08:00
|
|
|
#endif
|
2012-08-11 09:43:54 +08:00
|
|
|
char *ret = NULL;
|
2012-09-28 12:12:00 +08:00
|
|
|
char *end;
|
2002-08-04 06:37:01 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
2016-08-10 02:12:35 +08:00
|
|
|
pcap_if_t *devlist;
|
|
|
|
long devnum;
|
2002-08-04 06:37:01 +08:00
|
|
|
#endif
|
2003-11-04 15:29:15 +08:00
|
|
|
int status;
|
2012-08-11 09:43:54 +08:00
|
|
|
FILE *VFile;
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
|
|
|
cap_rights_t rights;
|
|
|
|
int cansandbox;
|
|
|
|
#endif /* HAVE_CAPSICUM */
|
2015-09-15 01:19:43 +08:00
|
|
|
int Oflag = 1; /* run filter code optimizer */
|
|
|
|
int yflag_dlt = -1;
|
|
|
|
const char *yflag_dlt_name = NULL;
|
2017-10-12 03:09:42 +08:00
|
|
|
int print = 0;
|
2021-07-11 05:01:18 +08:00
|
|
|
long Cflagmult;
|
2015-09-15 01:19:43 +08:00
|
|
|
|
2015-04-25 02:19:03 +08:00
|
|
|
netdissect_options Ndo;
|
|
|
|
netdissect_options *ndo = &Ndo;
|
2014-07-11 03:19:39 +08:00
|
|
|
|
2016-08-05 04:19:57 +08:00
|
|
|
/*
|
|
|
|
* Initialize the netdissect code.
|
|
|
|
*/
|
2018-02-07 02:15:45 +08:00
|
|
|
if (nd_init(ebuf, sizeof(ebuf)) == -1)
|
2016-08-05 04:19:57 +08:00
|
|
|
error("%s", ebuf);
|
|
|
|
|
2015-04-25 02:19:03 +08:00
|
|
|
memset(ndo, 0, sizeof(*ndo));
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo_set_function_pointers(ndo);
|
2014-01-02 10:27:54 +08:00
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
cnt = -1;
|
|
|
|
device = NULL;
|
|
|
|
infile = NULL;
|
|
|
|
RFileName = NULL;
|
2012-08-11 09:43:54 +08:00
|
|
|
VFileName = NULL;
|
2012-11-30 17:16:53 +08:00
|
|
|
VFile = NULL;
|
1999-10-08 07:47:09 +08:00
|
|
|
WFileName = NULL;
|
2012-11-30 17:16:53 +08:00
|
|
|
dlt = -1;
|
2020-06-12 12:01:31 +08:00
|
|
|
if ((cp = strrchr(argv[0], PATH_SEPARATOR)) != NULL)
|
2015-09-08 01:04:50 +08:00
|
|
|
ndo->program_name = program_name = cp + 1;
|
1999-10-08 07:47:09 +08:00
|
|
|
else
|
2015-09-08 01:04:50 +08:00
|
|
|
ndo->program_name = program_name = argv[0];
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2018-01-29 18:16:13 +08:00
|
|
|
#if defined(HAVE_PCAP_WSOCKINIT)
|
2015-09-12 02:09:35 +08:00
|
|
|
if (pcap_wsockinit() != 0)
|
|
|
|
error("Attempting to initialize Winsock failed");
|
2018-01-29 18:16:13 +08:00
|
|
|
#elif defined(HAVE_WSOCKINIT)
|
|
|
|
if (wsockinit() != 0)
|
|
|
|
error("Attempting to initialize Winsock failed");
|
|
|
|
#endif
|
2015-09-12 02:09:35 +08:00
|
|
|
|
2014-09-04 05:03:53 +08:00
|
|
|
/*
|
|
|
|
* On platforms where the CPU doesn't support unaligned loads,
|
|
|
|
* force unaligned accesses to abort with SIGBUS, rather than
|
|
|
|
* being fixed up (slowly) by the OS kernel; on those platforms,
|
|
|
|
* misaligned accesses are bugs, and we want tcpdump to crash so
|
|
|
|
* that the bugs are reported.
|
|
|
|
*/
|
2000-01-17 14:24:23 +08:00
|
|
|
if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
|
1999-10-08 07:47:09 +08:00
|
|
|
error("%s", ebuf);
|
|
|
|
|
|
|
|
while (
|
2015-03-09 06:55:47 +08:00
|
|
|
(op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1)
|
1999-10-08 07:47:09 +08:00
|
|
|
switch (op) {
|
|
|
|
|
|
|
|
case 'a':
|
2003-08-01 06:36:43 +08:00
|
|
|
/* compatibility for old -a */
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
|
|
|
|
2002-12-19 17:27:54 +08:00
|
|
|
case 'A':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_Aflag;
|
2002-12-19 17:27:54 +08:00
|
|
|
break;
|
2010-02-08 18:33:12 +08:00
|
|
|
|
2009-01-21 04:40:22 +08:00
|
|
|
case 'b':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_bflag;
|
2009-01-21 04:40:22 +08:00
|
|
|
break;
|
2002-04-24 14:55:54 +08:00
|
|
|
|
2015-09-01 05:43:15 +08:00
|
|
|
#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
|
2002-08-01 16:52:55 +08:00
|
|
|
case 'B':
|
2015-04-24 08:27:45 +08:00
|
|
|
Bflag = atoi(optarg)*1024;
|
|
|
|
if (Bflag <= 0)
|
2002-08-01 16:52:55 +08:00
|
|
|
error("invalid packet buffer size %s", optarg);
|
|
|
|
break;
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
|
2002-08-01 16:52:55 +08:00
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
case 'c':
|
|
|
|
cnt = atoi(optarg);
|
|
|
|
if (cnt <= 0)
|
|
|
|
error("invalid packet count %s", optarg);
|
|
|
|
break;
|
|
|
|
|
2001-10-01 09:12:00 +08:00
|
|
|
case 'C':
|
2017-09-22 00:47:42 +08:00
|
|
|
errno = 0;
|
2017-10-21 03:15:26 +08:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FTELL64
|
2017-09-30 16:10:29 +08:00
|
|
|
Cflag = strtoint64_t(optarg, &endp, 10);
|
|
|
|
#else
|
2017-09-22 00:47:42 +08:00
|
|
|
Cflag = strtol(optarg, &endp, 10);
|
2017-09-30 16:10:29 +08:00
|
|
|
#endif
|
2021-07-11 05:01:18 +08:00
|
|
|
if (endp == optarg || errno != 0 || Cflag <= 0)
|
2001-10-01 09:12:00 +08:00
|
|
|
error("invalid file size %s", optarg);
|
2021-07-11 05:01:18 +08:00
|
|
|
|
|
|
|
if (*endp == '\0') {
|
|
|
|
/*
|
|
|
|
* There's nothing after the file size,
|
|
|
|
* so the size is in units of 1 MB
|
|
|
|
* (1,000,000 bytes).
|
|
|
|
*/
|
|
|
|
Cflagmult = 1000000;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* There's something after the file
|
|
|
|
* size.
|
|
|
|
*
|
|
|
|
* If it's a single letter, then:
|
|
|
|
*
|
|
|
|
* if the letter is k or K, the size
|
|
|
|
* is in units of 1 KiB (1024 bytes);
|
|
|
|
*
|
|
|
|
* if the letter is m or M, the size
|
|
|
|
* is in units of 1 MiB (1,048,576 bytes);
|
|
|
|
*
|
|
|
|
* if the letter is g or G, the size
|
|
|
|
* is in units of 1 GiB (1,073,741,824 bytes).
|
|
|
|
*
|
|
|
|
* Otherwise, it's an error.
|
|
|
|
*/
|
|
|
|
switch (*endp) {
|
|
|
|
|
|
|
|
case 'k':
|
|
|
|
case 'K':
|
|
|
|
Cflagmult = 1024;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'm':
|
|
|
|
case 'M':
|
|
|
|
Cflagmult = 1024*1024;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'g':
|
|
|
|
case 'G':
|
|
|
|
Cflagmult = 1024*1024*1024;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
error("invalid file size %s", optarg);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* OK, there was a letter that we treat
|
|
|
|
* as a units indication; was there
|
|
|
|
* anything after it?
|
|
|
|
*/
|
|
|
|
endp++;
|
|
|
|
if (*endp != '\0') {
|
|
|
|
/* Yes - error */
|
|
|
|
error("invalid file size %s", optarg);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-22 00:47:42 +08:00
|
|
|
/*
|
2021-05-09 02:32:24 +08:00
|
|
|
* Will multiplying it by multiplier overflow?
|
2017-09-22 00:47:42 +08:00
|
|
|
*/
|
2017-10-21 03:15:26 +08:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FTELL64
|
2021-05-09 02:32:24 +08:00
|
|
|
if (Cflag > INT64_T_CONSTANT(0x7fffffffffffffff) / Cflagmult)
|
2017-09-30 16:10:29 +08:00
|
|
|
#else
|
2021-05-09 02:32:24 +08:00
|
|
|
if (Cflag > LONG_MAX / Cflagmult)
|
2017-09-30 16:10:29 +08:00
|
|
|
#endif
|
2017-09-22 00:47:42 +08:00
|
|
|
error("file size %s is too large", optarg);
|
2021-05-09 02:32:24 +08:00
|
|
|
Cflag *= Cflagmult;
|
2001-10-01 09:12:00 +08:00
|
|
|
break;
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
case 'd':
|
|
|
|
++dflag;
|
|
|
|
break;
|
|
|
|
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
2002-08-01 16:52:55 +08:00
|
|
|
case 'D':
|
2014-01-15 04:38:16 +08:00
|
|
|
Dflag++;
|
|
|
|
break;
|
2017-10-21 02:26:57 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS_EX
|
|
|
|
case OPTION_LIST_REMOTE_INTERFACES:
|
|
|
|
remote_interfaces_source = optarg;
|
|
|
|
break;
|
|
|
|
#endif
|
2002-08-01 16:52:55 +08:00
|
|
|
|
2002-12-19 17:27:54 +08:00
|
|
|
case 'L':
|
|
|
|
Lflag++;
|
|
|
|
break;
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
case 'e':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_eflag;
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
|
|
|
|
1999-10-30 13:11:06 +08:00
|
|
|
case 'E':
|
2000-01-15 10:33:06 +08:00
|
|
|
#ifndef HAVE_LIBCRYPTO
|
1999-10-30 13:11:06 +08:00
|
|
|
warning("crypto code not compiled in");
|
|
|
|
#endif
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_espsecret = optarg;
|
1999-10-30 13:11:06 +08:00
|
|
|
break;
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
case 'f':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_fflag;
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'F':
|
|
|
|
infile = optarg;
|
|
|
|
break;
|
|
|
|
|
2005-10-20 15:43:51 +08:00
|
|
|
case 'G':
|
2015-04-24 08:27:45 +08:00
|
|
|
Gflag = atoi(optarg);
|
|
|
|
if (Gflag < 0)
|
2005-10-20 15:43:51 +08:00
|
|
|
error("invalid number of seconds %s", optarg);
|
2005-12-06 04:24:48 +08:00
|
|
|
|
|
|
|
/* We will create one file initially. */
|
2015-04-24 08:27:45 +08:00
|
|
|
Gflag_count = 0;
|
2005-12-06 04:24:48 +08:00
|
|
|
|
|
|
|
/* Grab the current time for rotation use. */
|
2015-04-24 08:27:45 +08:00
|
|
|
if ((Gflag_time = time(NULL)) == (time_t)-1) {
|
2020-10-08 06:33:51 +08:00
|
|
|
error("%s: can't get current time: %s",
|
|
|
|
__func__, pcap_strerror(errno));
|
2005-12-06 04:24:48 +08:00
|
|
|
}
|
2005-10-20 15:43:51 +08:00
|
|
|
break;
|
|
|
|
|
2010-05-28 14:58:01 +08:00
|
|
|
case 'h':
|
2020-09-10 22:01:53 +08:00
|
|
|
print_usage(stdout);
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_SUCCESS);
|
2011-06-22 09:15:50 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'H':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_Hflag;
|
2010-05-28 14:58:01 +08:00
|
|
|
break;
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
case 'i':
|
|
|
|
device = optarg;
|
|
|
|
break;
|
|
|
|
|
2008-04-05 03:42:11 +08:00
|
|
|
#ifdef HAVE_PCAP_CREATE
|
|
|
|
case 'I':
|
2015-04-24 08:27:45 +08:00
|
|
|
++Iflag;
|
2008-04-05 03:42:11 +08:00
|
|
|
break;
|
|
|
|
#endif /* HAVE_PCAP_CREATE */
|
|
|
|
|
2010-08-23 08:32:26 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
case 'j':
|
2015-04-24 08:27:45 +08:00
|
|
|
jflag = pcap_tstamp_type_name_to_val(optarg);
|
|
|
|
if (jflag < 0)
|
2010-08-23 08:32:26 +08:00
|
|
|
error("invalid time stamp type %s", optarg);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'J':
|
|
|
|
Jflag++;
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
case 'l':
|
2015-09-01 05:43:15 +08:00
|
|
|
#ifdef _WIN32
|
2003-11-18 16:53:19 +08:00
|
|
|
/*
|
|
|
|
* _IOLBF is the same as _IOFBF in Microsoft's C
|
|
|
|
* libraries; the only alternative they offer
|
|
|
|
* is _IONBF.
|
|
|
|
*
|
|
|
|
* XXX - this should really be checking for MSVC++,
|
2015-09-01 05:43:15 +08:00
|
|
|
* not _WIN32, if, for example, MinGW has its own
|
2003-11-18 16:53:19 +08:00
|
|
|
* C library that is more UNIX-compatible.
|
|
|
|
*/
|
|
|
|
setvbuf(stdout, NULL, _IONBF, 0);
|
2015-09-01 05:43:15 +08:00
|
|
|
#else /* _WIN32 */
|
1999-10-08 07:47:09 +08:00
|
|
|
#ifdef HAVE_SETLINEBUF
|
|
|
|
setlinebuf(stdout);
|
|
|
|
#else
|
|
|
|
setvbuf(stdout, NULL, _IOLBF, 0);
|
|
|
|
#endif
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* _WIN32 */
|
2020-01-20 11:34:00 +08:00
|
|
|
lflag = 1;
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
|
|
|
|
2006-05-06 07:13:00 +08:00
|
|
|
case 'K':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_Kflag;
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
|
|
|
|
1999-12-14 02:06:13 +08:00
|
|
|
case 'm':
|
2016-08-05 05:35:35 +08:00
|
|
|
if (nd_have_smi_support()) {
|
2018-02-07 02:15:45 +08:00
|
|
|
if (nd_load_smi_module(optarg, ebuf, sizeof(ebuf)) == -1)
|
2016-08-05 05:35:35 +08:00
|
|
|
error("%s", ebuf);
|
|
|
|
} else {
|
|
|
|
(void)fprintf(stderr, "%s: ignoring option `-m %s' ",
|
|
|
|
program_name, optarg);
|
|
|
|
(void)fprintf(stderr, "(no libsmi support)\n");
|
2005-12-06 04:24:48 +08:00
|
|
|
}
|
2004-01-14 11:24:29 +08:00
|
|
|
break;
|
2002-06-12 01:08:37 +08:00
|
|
|
|
2004-03-23 15:15:36 +08:00
|
|
|
case 'M':
|
|
|
|
/* TCP-MD5 shared secret */
|
|
|
|
#ifndef HAVE_LIBCRYPTO
|
|
|
|
warning("crypto code not compiled in");
|
|
|
|
#endif
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_sigsecret = optarg;
|
2004-03-23 15:15:36 +08:00
|
|
|
break;
|
|
|
|
|
2006-05-06 07:13:00 +08:00
|
|
|
case 'n':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_nflag;
|
2006-05-06 07:13:00 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'N':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_Nflag;
|
2006-05-06 07:13:00 +08:00
|
|
|
break;
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
case 'O':
|
2015-04-24 08:27:45 +08:00
|
|
|
Oflag = 0;
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'p':
|
2015-04-24 08:27:45 +08:00
|
|
|
++pflag;
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
2013-12-16 15:38:55 +08:00
|
|
|
|
|
|
|
case 'q':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_qflag;
|
|
|
|
++ndo->ndo_suppress_default_print;
|
2013-12-16 15:38:55 +08:00
|
|
|
break;
|
|
|
|
|
2009-08-26 03:42:12 +08:00
|
|
|
#ifdef HAVE_PCAP_SETDIRECTION
|
2013-12-16 15:38:55 +08:00
|
|
|
case 'Q':
|
2015-06-12 06:47:44 +08:00
|
|
|
if (ascii_strcasecmp(optarg, "in") == 0)
|
2013-12-16 15:38:55 +08:00
|
|
|
Qflag = PCAP_D_IN;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "out") == 0)
|
2013-12-16 15:38:55 +08:00
|
|
|
Qflag = PCAP_D_OUT;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "inout") == 0)
|
2013-12-16 15:38:55 +08:00
|
|
|
Qflag = PCAP_D_INOUT;
|
2009-08-26 03:42:12 +08:00
|
|
|
else
|
|
|
|
error("unknown capture direction `%s'", optarg);
|
|
|
|
break;
|
|
|
|
#endif /* HAVE_PCAP_SETDIRECTION */
|
1999-10-08 07:47:09 +08:00
|
|
|
|
|
|
|
case 'r':
|
|
|
|
RFileName = optarg;
|
|
|
|
break;
|
|
|
|
|
2012-09-28 12:12:00 +08:00
|
|
|
case 's':
|
2019-07-21 21:56:10 +08:00
|
|
|
ndo->ndo_snaplen = (int)strtol(optarg, &end, 0);
|
2000-04-21 18:32:03 +08:00
|
|
|
if (optarg == end || *end != '\0'
|
2015-04-25 00:02:48 +08:00
|
|
|
|| ndo->ndo_snaplen < 0 || ndo->ndo_snaplen > MAXIMUM_SNAPLEN)
|
2018-09-10 16:07:34 +08:00
|
|
|
error("invalid snaplen %s (must be >= 0 and <= %d)",
|
|
|
|
optarg, MAXIMUM_SNAPLEN);
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'S':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_Sflag;
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 't':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_tflag;
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'T':
|
2015-06-12 06:47:44 +08:00
|
|
|
if (ascii_strcasecmp(optarg, "vat") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_VAT;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "wb") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_WB;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "rpc") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_RPC;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "rtp") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_RTP;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "rtcp") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_RTCP;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "snmp") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_SNMP;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "cnfp") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_CNFP;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "tftp") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_TFTP;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "aodv") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_AODV;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "carp") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_CARP;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "radius") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_RADIUS;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "zmtp1") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_ZMTP1;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "vxlan") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_VXLAN;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "pgm") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_PGM;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "pgm_zmtp1") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_PGM_ZMTP1;
|
2015-06-12 06:47:44 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "lmp") == 0)
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packettype = PT_LMP;
|
2016-07-02 04:58:52 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "resp") == 0)
|
|
|
|
ndo->ndo_packettype = PT_RESP;
|
2018-12-14 14:28:36 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "ptp") == 0)
|
|
|
|
ndo->ndo_packettype = PT_PTP;
|
2020-02-18 23:38:16 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "someip") == 0)
|
|
|
|
ndo->ndo_packettype = PT_SOMEIP;
|
2020-03-02 23:04:35 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "domain") == 0)
|
|
|
|
ndo->ndo_packettype = PT_DOMAIN;
|
2021-10-01 09:34:46 +08:00
|
|
|
else if (ascii_strcasecmp(optarg, "quic") == 0)
|
|
|
|
ndo->ndo_packettype = PT_QUIC;
|
1999-10-08 07:47:09 +08:00
|
|
|
else
|
|
|
|
error("unknown packet type `%s'", optarg);
|
|
|
|
break;
|
|
|
|
|
2000-06-01 09:10:31 +08:00
|
|
|
case 'u':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_uflag;
|
2000-06-01 09:10:31 +08:00
|
|
|
break;
|
2002-06-12 01:08:37 +08:00
|
|
|
|
2002-12-22 08:15:26 +08:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
|
|
|
case 'U':
|
2015-04-24 08:27:45 +08:00
|
|
|
++Uflag;
|
2002-12-22 08:15:26 +08:00
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
case 'v':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_vflag;
|
1999-10-08 07:47:09 +08:00
|
|
|
break;
|
|
|
|
|
2012-08-11 09:43:54 +08:00
|
|
|
case 'V':
|
|
|
|
VFileName = optarg;
|
|
|
|
break;
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
case 'w':
|
|
|
|
WFileName = optarg;
|
|
|
|
break;
|
1999-12-22 23:44:09 +08:00
|
|
|
|
From Chris Cogdon <chris@cogdon.org>:
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
2004-01-26 10:05:17 +08:00
|
|
|
case 'W':
|
2015-04-24 08:27:45 +08:00
|
|
|
Wflag = atoi(optarg);
|
2016-06-30 07:15:33 +08:00
|
|
|
if (Wflag <= 0)
|
From Chris Cogdon <chris@cogdon.org>:
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
2004-01-26 10:05:17 +08:00
|
|
|
error("invalid number of output files %s", optarg);
|
2015-04-24 08:27:45 +08:00
|
|
|
WflagChars = getWflagChars(Wflag);
|
From Chris Cogdon <chris@cogdon.org>:
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
2004-01-26 10:05:17 +08:00
|
|
|
break;
|
|
|
|
|
1999-12-22 23:44:09 +08:00
|
|
|
case 'x':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_xflag;
|
|
|
|
++ndo->ndo_suppress_default_print;
|
1999-12-22 23:44:09 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'X':
|
2015-04-25 00:02:48 +08:00
|
|
|
++ndo->ndo_Xflag;
|
|
|
|
++ndo->ndo_suppress_default_print;
|
1999-12-22 23:44:09 +08:00
|
|
|
break;
|
|
|
|
|
2002-12-19 17:27:54 +08:00
|
|
|
case 'y':
|
2015-09-15 01:19:43 +08:00
|
|
|
yflag_dlt_name = optarg;
|
|
|
|
yflag_dlt =
|
|
|
|
pcap_datalink_name_to_val(yflag_dlt_name);
|
|
|
|
if (yflag_dlt < 0)
|
|
|
|
error("invalid data link type %s", yflag_dlt_name);
|
2002-12-19 17:27:54 +08:00
|
|
|
break;
|
|
|
|
|
2015-12-31 10:49:37 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_PARSER_DEBUG
|
1999-10-08 07:47:09 +08:00
|
|
|
case 'Y':
|
|
|
|
{
|
|
|
|
/* Undocumented flag */
|
2015-12-31 10:49:37 +08:00
|
|
|
pcap_set_parser_debug(1);
|
1999-10-08 07:47:09 +08:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
#endif
|
2006-03-24 01:33:01 +08:00
|
|
|
case 'z':
|
2015-12-18 05:04:09 +08:00
|
|
|
zflag = optarg;
|
2006-03-24 01:33:01 +08:00
|
|
|
break;
|
|
|
|
|
2004-01-22 17:35:50 +08:00
|
|
|
case 'Z':
|
2015-12-18 05:04:09 +08:00
|
|
|
username = optarg;
|
2004-01-22 17:35:50 +08:00
|
|
|
break;
|
|
|
|
|
2014-07-10 20:47:11 +08:00
|
|
|
case '#':
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_packet_number = 1;
|
2014-05-06 18:07:55 +08:00
|
|
|
break;
|
|
|
|
|
2014-05-07 05:25:43 +08:00
|
|
|
case OPTION_VERSION:
|
2020-09-10 22:01:53 +08:00
|
|
|
print_version(stdout);
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_SUCCESS);
|
2014-05-07 05:25:43 +08:00
|
|
|
break;
|
|
|
|
|
2014-06-26 03:06:35 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
|
2014-03-19 21:14:25 +08:00
|
|
|
case OPTION_TSTAMP_PRECISION:
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_tstamp_precision = tstamp_precision_from_string(optarg);
|
|
|
|
if (ndo->ndo_tstamp_precision < 0)
|
2014-03-19 21:14:25 +08:00
|
|
|
error("unsupported time stamp precision");
|
|
|
|
break;
|
2014-06-26 03:06:35 +08:00
|
|
|
#endif
|
2014-03-19 21:14:25 +08:00
|
|
|
|
2015-02-11 06:55:43 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
|
|
|
|
case OPTION_IMMEDIATE_MODE:
|
2015-09-14 23:16:26 +08:00
|
|
|
immediate_mode = 1;
|
2015-02-11 06:55:43 +08:00
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
|
2017-10-12 03:09:42 +08:00
|
|
|
case OPTION_PRINT:
|
|
|
|
print = 1;
|
|
|
|
break;
|
|
|
|
|
2022-01-17 08:05:15 +08:00
|
|
|
case OPTION_PRINT_SAMPLING:
|
|
|
|
print = 1;
|
|
|
|
++ndo->ndo_Sflag;
|
|
|
|
ndo->ndo_print_sampling = atoi(optarg);
|
|
|
|
if (ndo->ndo_print_sampling <= 0)
|
|
|
|
error("invalid print sampling %s", optarg);
|
|
|
|
break;
|
|
|
|
|
2019-04-03 01:28:17 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
|
|
|
|
case OPTION_TSTAMP_MICRO:
|
|
|
|
ndo->ndo_tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case OPTION_TSTAMP_NANO:
|
|
|
|
ndo->ndo_tstamp_precision = PCAP_TSTAMP_PRECISION_NANO;
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
|
2020-02-05 11:08:10 +08:00
|
|
|
case OPTION_FP_TYPE:
|
|
|
|
/*
|
|
|
|
* Print out the type of floating-point arithmetic
|
|
|
|
* we're doing; it's probably IEEE, unless somebody
|
|
|
|
* tries to run this on a VAX, but the precision
|
|
|
|
* may differ (e.g., it might be 32-bit, 64-bit,
|
|
|
|
* or 80-bit).
|
|
|
|
*/
|
2020-02-05 11:53:11 +08:00
|
|
|
float_type_check(0x4e93312d);
|
2020-02-05 11:08:10 +08:00
|
|
|
return 0;
|
|
|
|
|
2020-02-26 23:55:21 +08:00
|
|
|
case OPTION_COUNT:
|
|
|
|
count_mode = 1;
|
|
|
|
break;
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
default:
|
2020-09-10 22:01:53 +08:00
|
|
|
print_usage(stderr);
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_ERR_HOST_PROGRAM);
|
1999-10-08 07:47:09 +08:00
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
|
2014-01-15 04:38:16 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
if (Dflag)
|
|
|
|
show_devices_and_exit();
|
|
|
|
#endif
|
2017-10-21 02:26:57 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS_EX
|
|
|
|
if (remote_interfaces_source != NULL)
|
|
|
|
show_remote_devices_and_exit();
|
|
|
|
#endif
|
2014-01-15 04:38:16 +08:00
|
|
|
|
2020-05-08 18:29:22 +08:00
|
|
|
#if defined(DLT_LINUX_SLL2) && defined(HAVE_PCAP_SET_DATALINK)
|
|
|
|
/* Set default linktype DLT_LINUX_SLL2 when capturing on the "any" device */
|
|
|
|
if (device != NULL &&
|
|
|
|
strncmp (device, "any", strlen("any")) == 0
|
|
|
|
&& yflag_dlt == -1)
|
|
|
|
yflag_dlt = DLT_LINUX_SLL2;
|
|
|
|
#endif
|
|
|
|
|
2015-04-25 00:02:48 +08:00
|
|
|
switch (ndo->ndo_tflag) {
|
2004-06-16 07:05:05 +08:00
|
|
|
|
|
|
|
case 0: /* Default */
|
2004-06-16 07:09:46 +08:00
|
|
|
case 1: /* No time stamp */
|
|
|
|
case 2: /* Unix timeval style */
|
2018-08-07 23:11:43 +08:00
|
|
|
case 3: /* Microseconds/nanoseconds since previous packet */
|
|
|
|
case 4: /* Date + Default */
|
|
|
|
case 5: /* Microseconds/nanoseconds since first packet */
|
2004-06-16 07:09:46 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
default: /* Not supported */
|
2005-12-13 16:37:22 +08:00
|
|
|
error("only -t, -tt, -ttt, -tttt and -ttttt are supported");
|
2004-06-16 07:09:46 +08:00
|
|
|
break;
|
2004-06-16 07:05:05 +08:00
|
|
|
}
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2015-04-25 00:02:48 +08:00
|
|
|
if (ndo->ndo_fflag != 0 && (VFileName != NULL || RFileName != NULL))
|
2012-08-11 09:43:54 +08:00
|
|
|
error("-f can not be used with -V or -r");
|
|
|
|
|
|
|
|
if (VFileName != NULL && RFileName != NULL)
|
|
|
|
error("-V and -r are mutually exclusive.");
|
|
|
|
|
2015-02-11 06:55:43 +08:00
|
|
|
/*
|
2020-01-20 11:34:00 +08:00
|
|
|
* If we're printing dissected packets to the standard output,
|
|
|
|
* and either the standard output is a terminal or we're doing
|
|
|
|
* "line" buffering, set the capture timeout to .1 second rather
|
|
|
|
* than 1 second, as the user's probably expecting to see packets
|
|
|
|
* pop up immediately shortly after they arrive.
|
2017-10-12 03:09:42 +08:00
|
|
|
*
|
2020-01-20 11:34:00 +08:00
|
|
|
* XXX - would there be some value appropriate for all cases,
|
|
|
|
* based on, say, the buffer size and packet input rate?
|
2015-02-11 06:55:43 +08:00
|
|
|
*/
|
2020-01-20 11:34:00 +08:00
|
|
|
if ((WFileName == NULL || print) && (isatty(1) || lflag))
|
|
|
|
timeout = 100;
|
2015-02-11 06:55:43 +08:00
|
|
|
|
2004-02-25 22:23:32 +08:00
|
|
|
#ifdef WITH_CHROOT
|
|
|
|
/* if run as root, prepare for chrooting */
|
|
|
|
if (getuid() == 0 || geteuid() == 0) {
|
|
|
|
/* future extensibility for cmd-line arguments */
|
|
|
|
if (!chroot_dir)
|
|
|
|
chroot_dir = WITH_CHROOT;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2004-02-24 16:12:18 +08:00
|
|
|
#ifdef WITH_USER
|
|
|
|
/* if run as root, prepare for dropping root privileges */
|
|
|
|
if (getuid() == 0 || geteuid() == 0) {
|
2014-01-02 10:27:54 +08:00
|
|
|
/* Run with '-Z root' to restore old behaviour */
|
2004-02-24 16:12:18 +08:00
|
|
|
if (!username)
|
|
|
|
username = WITH_USER;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2012-08-11 09:43:54 +08:00
|
|
|
if (RFileName != NULL || VFileName != NULL) {
|
2012-11-30 17:16:53 +08:00
|
|
|
/*
|
|
|
|
* If RFileName is non-null, it's the pathname of a
|
|
|
|
* savefile to read. If VFileName is non-null, it's
|
|
|
|
* the pathname of a file containing a list of pathnames
|
|
|
|
* (one per line) of savefiles to read.
|
|
|
|
*
|
|
|
|
* In either case, we're reading a savefile, not doing
|
|
|
|
* a live capture.
|
|
|
|
*/
|
2015-09-01 05:43:15 +08:00
|
|
|
#ifndef _WIN32
|
1999-10-08 07:47:09 +08:00
|
|
|
/*
|
2003-06-04 07:32:42 +08:00
|
|
|
* We don't need network access, so relinquish any set-UID
|
|
|
|
* or set-GID privileges we have (if any).
|
|
|
|
*
|
|
|
|
* We do *not* want set-UID privileges when opening a
|
|
|
|
* trace file, as that might let the user read other
|
|
|
|
* people's trace files (especially if we're set-UID
|
|
|
|
* root).
|
1999-10-08 07:47:09 +08:00
|
|
|
*/
|
2004-02-24 16:12:18 +08:00
|
|
|
if (setgid(getgid()) != 0 || setuid(getuid()) != 0 )
|
|
|
|
fprintf(stderr, "Warning: setgid/setuid failed !\n");
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* _WIN32 */
|
2012-08-11 09:43:54 +08:00
|
|
|
if (VFileName != NULL) {
|
|
|
|
if (VFileName[0] == '-' && VFileName[1] == '\0')
|
2012-09-07 02:40:21 +08:00
|
|
|
VFile = stdin;
|
2012-08-11 09:43:54 +08:00
|
|
|
else
|
|
|
|
VFile = fopen(VFileName, "r");
|
|
|
|
|
|
|
|
if (VFile == NULL)
|
2015-10-13 04:17:01 +08:00
|
|
|
error("Unable to open file: %s\n", pcap_strerror(errno));
|
2012-08-11 09:43:54 +08:00
|
|
|
|
2012-09-07 02:40:21 +08:00
|
|
|
ret = get_next_file(VFile, VFileLine);
|
2012-08-11 09:43:54 +08:00
|
|
|
if (!ret)
|
2012-09-07 02:40:21 +08:00
|
|
|
error("Nothing in %s\n", VFileName);
|
2012-08-11 09:43:54 +08:00
|
|
|
RFileName = VFileLine;
|
|
|
|
}
|
|
|
|
|
2014-06-26 03:06:35 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
|
|
|
|
pd = pcap_open_offline_with_tstamp_precision(RFileName,
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_tstamp_precision, ebuf);
|
2014-06-26 03:06:35 +08:00
|
|
|
#else
|
|
|
|
pd = pcap_open_offline(RFileName, ebuf);
|
|
|
|
#endif
|
2014-03-19 21:14:25 +08:00
|
|
|
|
2003-06-04 07:32:42 +08:00
|
|
|
if (pd == NULL)
|
|
|
|
error("%s", ebuf);
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
|
|
|
cap_rights_init(&rights, CAP_READ);
|
|
|
|
if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 &&
|
|
|
|
errno != ENOSYS) {
|
|
|
|
error("unable to limit pcap descriptor");
|
|
|
|
}
|
|
|
|
#endif
|
2003-08-01 09:01:40 +08:00
|
|
|
dlt = pcap_datalink(pd);
|
|
|
|
dlt_name = pcap_datalink_val_to_name(dlt);
|
2018-10-05 03:59:44 +08:00
|
|
|
fprintf(stderr, "reading from file %s", RFileName);
|
2003-11-19 07:09:42 +08:00
|
|
|
if (dlt_name == NULL) {
|
2018-10-05 03:59:44 +08:00
|
|
|
fprintf(stderr, ", link-type %u", dlt);
|
2003-11-19 07:09:42 +08:00
|
|
|
} else {
|
2018-10-05 03:59:44 +08:00
|
|
|
fprintf(stderr, ", link-type %s (%s)", dlt_name,
|
|
|
|
pcap_datalink_val_to_description(dlt));
|
2003-11-19 07:09:42 +08:00
|
|
|
}
|
2018-10-05 03:59:44 +08:00
|
|
|
fprintf(stderr, ", snapshot length %d\n", pcap_snapshot(pd));
|
2018-07-13 04:01:43 +08:00
|
|
|
#ifdef DLT_LINUX_SLL2
|
|
|
|
if (dlt == DLT_LINUX_SLL2)
|
|
|
|
fprintf(stderr, "Warning: interface names might be incorrect\n");
|
|
|
|
#endif
|
2019-10-08 00:03:35 +08:00
|
|
|
} else if (dflag && !device) {
|
|
|
|
int dump_dlt = DLT_EN10MB;
|
|
|
|
/*
|
|
|
|
* We're dumping the compiled code without an explicit
|
|
|
|
* device specification. (If a device is specified, we
|
|
|
|
* definitely want to open it to use the DLT of that device.)
|
|
|
|
* Either default to DLT_EN10MB with a warning, or use
|
|
|
|
* the user-specified value if supplied.
|
|
|
|
*/
|
|
|
|
/*
|
|
|
|
* If no snapshot length was specified, or a length of 0 was
|
|
|
|
* specified, default to 256KB.
|
|
|
|
*/
|
|
|
|
if (ndo->ndo_snaplen == 0)
|
|
|
|
ndo->ndo_snaplen = MAXIMUM_SNAPLEN;
|
|
|
|
/*
|
|
|
|
* If a DLT was specified with the -y flag, use that instead.
|
|
|
|
*/
|
|
|
|
if (yflag_dlt != -1)
|
|
|
|
dump_dlt = yflag_dlt;
|
|
|
|
else
|
|
|
|
fprintf(stderr, "Warning: assuming Ethernet\n");
|
|
|
|
pd = pcap_open_dead(dump_dlt, ndo->ndo_snaplen);
|
1999-10-08 07:47:09 +08:00
|
|
|
} else {
|
2012-11-30 17:16:53 +08:00
|
|
|
/*
|
|
|
|
* We're doing a live capture.
|
|
|
|
*/
|
1999-10-08 07:47:09 +08:00
|
|
|
if (device == NULL) {
|
2016-08-10 02:12:35 +08:00
|
|
|
/*
|
|
|
|
* No interface was specified. Pick one.
|
|
|
|
*/
|
2015-09-22 04:12:20 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
2016-08-10 02:12:35 +08:00
|
|
|
/*
|
|
|
|
* Find the list of interfaces, and pick
|
|
|
|
* the first interface.
|
|
|
|
*/
|
2017-09-10 01:39:50 +08:00
|
|
|
if (pcap_findalldevs(&devlist, ebuf) == -1)
|
|
|
|
error("%s", ebuf);
|
|
|
|
if (devlist == NULL)
|
|
|
|
error("no interfaces available for capture");
|
|
|
|
device = strdup(devlist->name);
|
|
|
|
pcap_freealldevs(devlist);
|
2015-09-22 04:12:20 +08:00
|
|
|
#else /* HAVE_PCAP_FINDALLDEVS */
|
2016-08-10 02:12:35 +08:00
|
|
|
/*
|
|
|
|
* Use whatever interface pcap_lookupdev()
|
|
|
|
* chooses.
|
|
|
|
*/
|
1999-10-08 07:47:09 +08:00
|
|
|
device = pcap_lookupdev(ebuf);
|
|
|
|
if (device == NULL)
|
|
|
|
error("%s", ebuf);
|
2017-09-10 01:39:50 +08:00
|
|
|
#endif
|
1999-10-08 07:47:09 +08:00
|
|
|
}
|
2014-03-19 21:14:25 +08:00
|
|
|
|
2009-12-01 16:39:54 +08:00
|
|
|
/*
|
2016-08-10 02:12:35 +08:00
|
|
|
* Try to open the interface with the specified name.
|
2009-12-01 16:39:54 +08:00
|
|
|
*/
|
2016-08-10 02:12:35 +08:00
|
|
|
pd = open_interface(device, ndo, ebuf);
|
|
|
|
if (pd == NULL) {
|
2008-04-10 05:45:06 +08:00
|
|
|
/*
|
2016-08-10 02:12:35 +08:00
|
|
|
* That failed. If we can get a list of
|
|
|
|
* interfaces, and the interface name
|
|
|
|
* is purely numeric, try to use it as
|
|
|
|
* a 1-based index in the list of
|
|
|
|
* interfaces.
|
2008-04-10 05:45:06 +08:00
|
|
|
*/
|
2016-08-10 02:12:35 +08:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
devnum = parse_interface_number(device);
|
|
|
|
if (devnum == -1) {
|
|
|
|
/*
|
|
|
|
* It's not a number; just report
|
|
|
|
* the open error and fail.
|
|
|
|
*/
|
|
|
|
error("%s", ebuf);
|
|
|
|
}
|
|
|
|
|
2008-04-10 05:45:06 +08:00
|
|
|
/*
|
2016-08-10 02:12:35 +08:00
|
|
|
* OK, it's a number; try to find the
|
|
|
|
* interface with that index, and try
|
|
|
|
* to open it.
|
|
|
|
*
|
|
|
|
* find_interface_by_number() exits if it
|
|
|
|
* couldn't be found.
|
|
|
|
*/
|
2018-04-01 17:17:42 +08:00
|
|
|
device = find_interface_by_number(device, devnum);
|
2016-08-10 02:12:35 +08:00
|
|
|
pd = open_interface(device, ndo, ebuf);
|
|
|
|
if (pd == NULL)
|
|
|
|
error("%s", ebuf);
|
|
|
|
#else /* HAVE_PCAP_FINDALLDEVS */
|
|
|
|
/*
|
|
|
|
* We can't get a list of interfaces; just
|
|
|
|
* fail.
|
2008-04-10 05:45:06 +08:00
|
|
|
*/
|
1999-10-08 07:47:09 +08:00
|
|
|
error("%s", ebuf);
|
2016-08-10 02:12:35 +08:00
|
|
|
#endif /* HAVE_PCAP_FINDALLDEVS */
|
|
|
|
}
|
|
|
|
|
2004-02-24 16:12:18 +08:00
|
|
|
/*
|
2017-06-03 12:50:45 +08:00
|
|
|
* Let user own process after capture device has
|
|
|
|
* been opened.
|
2004-02-24 16:12:18 +08:00
|
|
|
*/
|
2015-09-01 05:43:15 +08:00
|
|
|
#ifndef _WIN32
|
2004-02-24 16:12:18 +08:00
|
|
|
if (setgid(getgid()) != 0 || setuid(getuid()) != 0)
|
|
|
|
fprintf(stderr, "Warning: setgid/setuid failed !\n");
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* _WIN32 */
|
|
|
|
#if !defined(HAVE_PCAP_CREATE) && defined(_WIN32)
|
2008-04-05 03:42:11 +08:00
|
|
|
if(Bflag != 0)
|
|
|
|
if(pcap_setbuff(pd, Bflag)==-1){
|
2002-08-01 16:52:55 +08:00
|
|
|
error("%s", pcap_geterr(pd));
|
|
|
|
}
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* !defined(HAVE_PCAP_CREATE) && defined(_WIN32) */
|
2002-12-19 17:27:54 +08:00
|
|
|
if (Lflag)
|
2016-09-04 18:16:06 +08:00
|
|
|
show_dlts_and_exit(pd, device);
|
2015-09-15 01:19:43 +08:00
|
|
|
if (yflag_dlt >= 0) {
|
2002-12-19 17:27:54 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_DATALINK
|
2015-09-15 01:19:43 +08:00
|
|
|
if (pcap_set_datalink(pd, yflag_dlt) < 0)
|
2002-12-19 17:27:54 +08:00
|
|
|
error("%s", pcap_geterr(pd));
|
|
|
|
#else
|
|
|
|
/*
|
|
|
|
* We don't actually support changing the
|
|
|
|
* data link type, so we only let them
|
|
|
|
* set it to what it already is.
|
|
|
|
*/
|
2015-09-15 01:19:43 +08:00
|
|
|
if (yflag_dlt != pcap_datalink(pd)) {
|
2002-12-19 17:27:54 +08:00
|
|
|
error("%s is not one of the DLTs supported by this device\n",
|
2015-09-15 01:19:43 +08:00
|
|
|
yflag_dlt_name);
|
2002-12-19 17:27:54 +08:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
(void)fprintf(stderr, "%s: data link type %s\n",
|
2020-05-08 18:29:22 +08:00
|
|
|
program_name,
|
|
|
|
pcap_datalink_val_to_name(yflag_dlt));
|
2002-12-19 17:27:54 +08:00
|
|
|
(void)fflush(stderr);
|
|
|
|
}
|
1999-10-08 07:47:09 +08:00
|
|
|
i = pcap_snapshot(pd);
|
2015-04-25 00:02:48 +08:00
|
|
|
if (ndo->ndo_snaplen < i) {
|
2017-06-03 12:50:45 +08:00
|
|
|
if (ndo->ndo_snaplen != 0)
|
|
|
|
warning("snaplen raised from %d to %d", ndo->ndo_snaplen, i);
|
|
|
|
ndo->ndo_snaplen = i;
|
|
|
|
} else if (ndo->ndo_snaplen > i) {
|
|
|
|
warning("snaplen lowered from %d to %d", ndo->ndo_snaplen, i);
|
2015-04-25 00:02:48 +08:00
|
|
|
ndo->ndo_snaplen = i;
|
1999-10-08 07:47:09 +08:00
|
|
|
}
|
2015-04-25 00:02:48 +08:00
|
|
|
if(ndo->ndo_fflag != 0) {
|
2014-03-04 22:04:45 +08:00
|
|
|
if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
|
|
|
|
warning("foreign (-f) flag used but: %s", ebuf);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
}
|
|
|
|
if (infile)
|
|
|
|
cmdbuf = read_infile(infile);
|
|
|
|
else
|
|
|
|
cmdbuf = copy_argv(&argv[optind]);
|
|
|
|
|
2015-12-31 10:49:37 +08:00
|
|
|
#ifdef HAVE_PCAP_SET_OPTIMIZER_DEBUG
|
|
|
|
pcap_set_optimizer_debug(dflag);
|
|
|
|
#endif
|
2015-04-24 08:27:45 +08:00
|
|
|
if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
|
1999-10-08 07:47:09 +08:00
|
|
|
error("%s", pcap_geterr(pd));
|
|
|
|
if (dflag) {
|
|
|
|
bpf_dump(&fcode, dflag);
|
2002-08-06 12:36:12 +08:00
|
|
|
pcap_close(pd);
|
2012-08-11 09:43:54 +08:00
|
|
|
free(cmdbuf);
|
2015-12-16 05:12:43 +08:00
|
|
|
pcap_freecode(&fcode);
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_SUCCESS);
|
1999-10-08 07:47:09 +08:00
|
|
|
}
|
2017-02-02 08:13:05 +08:00
|
|
|
|
|
|
|
#ifdef HAVE_CASPER
|
|
|
|
if (!ndo->ndo_nflag)
|
|
|
|
capdns = capdns_setup();
|
|
|
|
#endif /* HAVE_CASPER */
|
|
|
|
|
2018-08-07 23:11:43 +08:00
|
|
|
init_print(ndo, localnet, netmask);
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2015-09-01 05:43:15 +08:00
|
|
|
#ifndef _WIN32
|
2003-07-30 13:51:40 +08:00
|
|
|
(void)setsignal(SIGPIPE, cleanup);
|
1999-10-08 07:47:09 +08:00
|
|
|
(void)setsignal(SIGTERM, cleanup);
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* _WIN32 */
|
2017-10-22 01:47:58 +08:00
|
|
|
(void)setsignal(SIGINT, cleanup);
|
2010-12-01 08:18:32 +08:00
|
|
|
#if defined(HAVE_FORK) || defined(HAVE_VFORK)
|
|
|
|
(void)setsignal(SIGCHLD, child_cleanup);
|
|
|
|
#endif
|
1999-10-08 07:47:09 +08:00
|
|
|
/* Cooperate with nohup(1) */
|
2015-09-01 05:43:15 +08:00
|
|
|
#ifndef _WIN32
|
1999-10-08 07:47:09 +08:00
|
|
|
if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
|
|
|
|
(void)setsignal(SIGHUP, oldhandler);
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* _WIN32 */
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2015-09-01 05:43:15 +08:00
|
|
|
#ifndef _WIN32
|
2010-11-07 10:28:10 +08:00
|
|
|
/*
|
|
|
|
* If a user name was specified with "-Z", attempt to switch to
|
|
|
|
* that user's UID. This would probably be used with sudo,
|
|
|
|
* to allow tcpdump to be run in a special restricted
|
|
|
|
* account (if you just want to allow users to open capture
|
|
|
|
* devices, and can't just give users that permission,
|
|
|
|
* you'd make tcpdump set-UID or set-GID).
|
|
|
|
*
|
|
|
|
* Tcpdump doesn't necessarily write only to one savefile;
|
|
|
|
* the general only way to allow a -Z instance to write to
|
|
|
|
* savefiles as the user under whose UID it's run, rather
|
|
|
|
* than as the user specified with -Z, would thus be to switch
|
|
|
|
* to the original user ID before opening a capture file and
|
|
|
|
* then switch back to the -Z user ID after opening the savefile.
|
|
|
|
* Switching to the -Z user ID only after opening the first
|
|
|
|
* savefile doesn't handle the general case.
|
|
|
|
*/
|
2012-05-25 22:26:17 +08:00
|
|
|
|
2015-01-28 02:32:14 +08:00
|
|
|
if (getuid() == 0 || geteuid() == 0) {
|
2015-02-15 22:32:23 +08:00
|
|
|
#ifdef HAVE_LIBCAP_NG
|
2015-02-19 00:38:56 +08:00
|
|
|
/* Initialize capng */
|
|
|
|
capng_clear(CAPNG_SELECT_BOTH);
|
|
|
|
if (username) {
|
2021-07-24 16:51:02 +08:00
|
|
|
DIAG_OFF_ASSIGN_ENUM
|
2015-01-28 02:32:14 +08:00
|
|
|
capng_updatev(
|
|
|
|
CAPNG_ADD,
|
|
|
|
CAPNG_PERMITTED | CAPNG_EFFECTIVE,
|
|
|
|
CAP_SETUID,
|
|
|
|
CAP_SETGID,
|
|
|
|
-1);
|
2021-07-24 16:51:02 +08:00
|
|
|
DIAG_ON_ASSIGN_ENUM
|
2012-05-25 22:26:17 +08:00
|
|
|
}
|
2016-02-07 20:43:29 +08:00
|
|
|
if (chroot_dir) {
|
2021-07-24 16:51:02 +08:00
|
|
|
DIAG_OFF_ASSIGN_ENUM
|
2016-02-07 20:43:29 +08:00
|
|
|
capng_update(
|
|
|
|
CAPNG_ADD,
|
|
|
|
CAPNG_PERMITTED | CAPNG_EFFECTIVE,
|
|
|
|
CAP_SYS_CHROOT
|
|
|
|
);
|
2021-07-24 16:51:02 +08:00
|
|
|
DIAG_ON_ASSIGN_ENUM
|
2016-02-07 20:43:29 +08:00
|
|
|
}
|
2015-02-19 00:38:56 +08:00
|
|
|
|
|
|
|
if (WFileName) {
|
2021-07-24 16:51:02 +08:00
|
|
|
DIAG_OFF_ASSIGN_ENUM
|
2015-02-19 00:38:56 +08:00
|
|
|
capng_update(
|
|
|
|
CAPNG_ADD,
|
|
|
|
CAPNG_PERMITTED | CAPNG_EFFECTIVE,
|
|
|
|
CAP_DAC_OVERRIDE
|
|
|
|
);
|
2021-07-24 16:51:02 +08:00
|
|
|
DIAG_ON_ASSIGN_ENUM
|
2015-02-19 00:38:56 +08:00
|
|
|
}
|
|
|
|
capng_apply(CAPNG_SELECT_BOTH);
|
2015-02-15 22:32:23 +08:00
|
|
|
#endif /* HAVE_LIBCAP_NG */
|
2010-11-07 10:28:10 +08:00
|
|
|
if (username || chroot_dir)
|
|
|
|
droproot(username, chroot_dir);
|
2012-05-25 22:26:17 +08:00
|
|
|
|
2010-11-07 10:28:10 +08:00
|
|
|
}
|
2015-09-01 05:43:15 +08:00
|
|
|
#endif /* _WIN32 */
|
2010-11-07 10:28:10 +08:00
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
if (pcap_setfilter(pd, &fcode) < 0)
|
|
|
|
error("%s", pcap_geterr(pd));
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
2018-02-18 17:10:26 +08:00
|
|
|
if (RFileName == NULL && VFileName == NULL && pcap_fileno(pd) != -1) {
|
2015-10-14 23:05:24 +08:00
|
|
|
static const unsigned long cmds[] = { BIOCGSTATS, BIOCROTZBUF };
|
2014-07-11 03:19:39 +08:00
|
|
|
|
2014-10-03 05:34:52 +08:00
|
|
|
/*
|
|
|
|
* The various libpcap devices use a combination of
|
|
|
|
* read (bpf), ioctl (bpf, netmap), poll (netmap)
|
|
|
|
* so we add the relevant access rights.
|
|
|
|
*/
|
|
|
|
cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_EVENT);
|
2014-07-11 03:19:39 +08:00
|
|
|
if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 &&
|
|
|
|
errno != ENOSYS) {
|
|
|
|
error("unable to limit pcap descriptor");
|
|
|
|
}
|
|
|
|
if (cap_ioctls_limit(pcap_fileno(pd), cmds,
|
|
|
|
sizeof(cmds) / sizeof(cmds[0])) < 0 && errno != ENOSYS) {
|
|
|
|
error("unable to limit ioctls on pcap descriptor");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
1999-10-08 07:47:09 +08:00
|
|
|
if (WFileName) {
|
2012-09-28 11:44:34 +08:00
|
|
|
/* Do not exceed the default PATH_MAX for files. */
|
|
|
|
dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1);
|
From Chris Cogdon <chris@cogdon.org>:
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
2004-01-26 10:05:17 +08:00
|
|
|
|
2006-03-24 01:33:01 +08:00
|
|
|
if (dumpinfo.CurrentFileName == NULL)
|
|
|
|
error("malloc of dumpinfo.CurrentFileName");
|
2005-10-20 15:43:51 +08:00
|
|
|
|
2005-12-06 04:24:48 +08:00
|
|
|
/* We do not need numbering for dumpfiles if Cflag isn't set. */
|
2015-04-24 08:27:45 +08:00
|
|
|
if (Cflag != 0)
|
|
|
|
MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars);
|
2005-12-06 04:24:48 +08:00
|
|
|
else
|
2006-03-24 01:33:01 +08:00
|
|
|
MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
|
2005-10-20 15:43:51 +08:00
|
|
|
|
2018-04-09 08:29:41 +08:00
|
|
|
pdd = pcap_dump_open(pd, dumpinfo.CurrentFileName);
|
2015-02-15 22:32:23 +08:00
|
|
|
#ifdef HAVE_LIBCAP_NG
|
2015-02-19 00:38:56 +08:00
|
|
|
/* Give up CAP_DAC_OVERRIDE capability.
|
|
|
|
* Only allow it to be restored if the -C or -G flag have been
|
|
|
|
* set since we may need to create more files later on.
|
|
|
|
*/
|
|
|
|
capng_update(
|
|
|
|
CAPNG_DROP,
|
2015-04-24 08:27:45 +08:00
|
|
|
(Cflag || Gflag ? 0 : CAPNG_PERMITTED)
|
2015-02-19 00:38:56 +08:00
|
|
|
| CAPNG_EFFECTIVE,
|
|
|
|
CAP_DAC_OVERRIDE
|
|
|
|
);
|
|
|
|
capng_apply(CAPNG_SELECT_BOTH);
|
2015-02-15 22:32:23 +08:00
|
|
|
#endif /* HAVE_LIBCAP_NG */
|
2018-04-09 08:29:41 +08:00
|
|
|
if (pdd == NULL)
|
1999-10-08 07:47:09 +08:00
|
|
|
error("%s", pcap_geterr(pd));
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
2018-11-10 03:43:14 +08:00
|
|
|
set_dumper_capsicum_rights(pdd);
|
2014-07-11 03:19:39 +08:00
|
|
|
#endif
|
2015-04-24 08:27:45 +08:00
|
|
|
if (Cflag != 0 || Gflag != 0) {
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
2021-08-05 21:18:55 +08:00
|
|
|
/*
|
|
|
|
* basename() and dirname() may modify their input buffer
|
|
|
|
* and they do since FreeBSD 12.0, but they didn't before.
|
|
|
|
* Hence use the return value only, but always assume the
|
|
|
|
* input buffer has been modified and would need to be
|
|
|
|
* reset before the next use.
|
|
|
|
*/
|
|
|
|
char *WFileName_copy;
|
|
|
|
|
|
|
|
if ((WFileName_copy = strdup(WFileName)) == NULL) {
|
|
|
|
error("Unable to allocate memory for file %s",
|
|
|
|
WFileName);
|
|
|
|
}
|
|
|
|
DIAG_OFF_C11_EXTENSIONS
|
|
|
|
dumpinfo.WFileName = strdup(basename(WFileName_copy));
|
|
|
|
DIAG_ON_C11_EXTENSIONS
|
2015-07-14 04:04:08 +08:00
|
|
|
if (dumpinfo.WFileName == NULL) {
|
|
|
|
error("Unable to allocate memory for file %s",
|
|
|
|
WFileName);
|
|
|
|
}
|
2021-08-05 21:18:55 +08:00
|
|
|
free(WFileName_copy);
|
|
|
|
|
|
|
|
if ((WFileName_copy = strdup(WFileName)) == NULL) {
|
|
|
|
error("Unable to allocate memory for file %s",
|
|
|
|
WFileName);
|
|
|
|
}
|
|
|
|
DIAG_OFF_C11_EXTENSIONS
|
|
|
|
char *WFileName_dirname = dirname(WFileName_copy);
|
|
|
|
DIAG_ON_C11_EXTENSIONS
|
|
|
|
dumpinfo.dirfd = open(WFileName_dirname,
|
2014-07-11 03:19:39 +08:00
|
|
|
O_DIRECTORY | O_RDONLY);
|
|
|
|
if (dumpinfo.dirfd < 0) {
|
|
|
|
error("unable to open directory %s",
|
2021-08-05 21:18:55 +08:00
|
|
|
WFileName_dirname);
|
2014-07-11 03:19:39 +08:00
|
|
|
}
|
2021-08-05 21:18:55 +08:00
|
|
|
free(WFileName_dirname);
|
|
|
|
free(WFileName_copy);
|
|
|
|
|
2014-07-11 03:19:39 +08:00
|
|
|
cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL,
|
|
|
|
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK, CAP_WRITE);
|
|
|
|
if (cap_rights_limit(dumpinfo.dirfd, &rights) < 0 &&
|
|
|
|
errno != ENOSYS) {
|
|
|
|
error("unable to limit directory rights");
|
|
|
|
}
|
2015-02-19 06:07:18 +08:00
|
|
|
if (cap_fcntls_limit(dumpinfo.dirfd, CAP_FCNTL_GETFL) < 0 &&
|
|
|
|
errno != ENOSYS) {
|
|
|
|
error("unable to limit dump descriptor fcntls");
|
|
|
|
}
|
2014-07-11 03:19:39 +08:00
|
|
|
#else /* !HAVE_CAPSICUM */
|
2001-12-23 06:12:23 +08:00
|
|
|
dumpinfo.WFileName = WFileName;
|
2014-07-11 03:19:39 +08:00
|
|
|
#endif
|
|
|
|
callback = dump_packet_and_trunc;
|
2001-12-23 06:12:23 +08:00
|
|
|
dumpinfo.pd = pd;
|
2018-04-09 08:29:41 +08:00
|
|
|
dumpinfo.pdd = pdd;
|
2001-12-23 06:12:23 +08:00
|
|
|
pcap_userdata = (u_char *)&dumpinfo;
|
2001-10-03 16:05:47 +08:00
|
|
|
} else {
|
2002-12-19 17:39:10 +08:00
|
|
|
callback = dump_packet;
|
2017-10-12 03:09:42 +08:00
|
|
|
dumpinfo.WFileName = WFileName;
|
|
|
|
dumpinfo.pd = pd;
|
2018-04-09 08:29:41 +08:00
|
|
|
dumpinfo.pdd = pdd;
|
2017-10-12 03:09:42 +08:00
|
|
|
pcap_userdata = (u_char *)&dumpinfo;
|
2001-10-03 16:05:47 +08:00
|
|
|
}
|
2017-10-12 03:09:42 +08:00
|
|
|
if (print) {
|
|
|
|
dlt = pcap_datalink(pd);
|
2020-08-07 01:12:49 +08:00
|
|
|
ndo->ndo_if_printer = get_if_printer(dlt);
|
2017-10-12 03:09:42 +08:00
|
|
|
dumpinfo.ndo = ndo;
|
|
|
|
} else
|
|
|
|
dumpinfo.ndo = NULL;
|
|
|
|
|
2010-06-05 15:37:27 +08:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
2015-04-24 08:27:45 +08:00
|
|
|
if (Uflag)
|
2018-04-09 08:29:41 +08:00
|
|
|
pcap_dump_flush(pdd);
|
2010-06-05 15:37:27 +08:00
|
|
|
#endif
|
1999-10-08 07:47:09 +08:00
|
|
|
} else {
|
2015-09-14 21:34:13 +08:00
|
|
|
dlt = pcap_datalink(pd);
|
2020-08-07 01:12:49 +08:00
|
|
|
ndo->ndo_if_printer = get_if_printer(dlt);
|
2002-12-19 17:39:10 +08:00
|
|
|
callback = print_packet;
|
2015-09-14 21:34:13 +08:00
|
|
|
pcap_userdata = (u_char *)ndo;
|
2002-11-12 03:54:40 +08:00
|
|
|
}
|
2010-11-07 10:28:10 +08:00
|
|
|
|
2012-02-07 21:16:19 +08:00
|
|
|
#ifdef SIGNAL_REQ_INFO
|
2007-11-22 04:39:24 +08:00
|
|
|
/*
|
|
|
|
* We can't get statistics when reading from a file rather
|
|
|
|
* than capturing from a device.
|
|
|
|
*/
|
|
|
|
if (RFileName == NULL)
|
2012-02-07 21:16:19 +08:00
|
|
|
(void)setsignal(SIGNAL_REQ_INFO, requestinfo);
|
2001-07-05 06:03:13 +08:00
|
|
|
#endif
|
2018-04-08 06:46:53 +08:00
|
|
|
#ifdef SIGNAL_FLUSH_PCAP
|
|
|
|
(void)setsignal(SIGNAL_FLUSH_PCAP, flushpcap);
|
|
|
|
#endif
|
2004-01-16 03:53:48 +08:00
|
|
|
|
2020-08-29 09:48:07 +08:00
|
|
|
if (ndo->ndo_vflag > 0 && WFileName && RFileName == NULL && !print) {
|
2004-01-16 03:53:48 +08:00
|
|
|
/*
|
2017-10-12 03:09:42 +08:00
|
|
|
* When capturing to a file, if "--print" wasn't specified,
|
2017-10-13 17:42:11 +08:00
|
|
|
*"-v" means tcpdump should, once per second,
|
2017-10-12 03:09:42 +08:00
|
|
|
* "v"erbosely report the number of packets captured.
|
2020-08-29 09:48:07 +08:00
|
|
|
* Except when reading from a file, because -r, -w and -v
|
|
|
|
* together used to make a corner case, in which pcap_loop()
|
|
|
|
* errored due to EINTR (see GH #155 for details).
|
2004-01-16 03:53:48 +08:00
|
|
|
*/
|
2017-11-13 05:31:57 +08:00
|
|
|
#ifdef _WIN32
|
2017-11-13 10:12:04 +08:00
|
|
|
/*
|
2017-11-13 11:01:37 +08:00
|
|
|
* https://blogs.msdn.microsoft.com/oldnewthing/20151230-00/?p=92741
|
2017-11-13 10:12:04 +08:00
|
|
|
*
|
2017-11-13 11:01:37 +08:00
|
|
|
* suggests that this dates back to W2K.
|
2017-11-13 10:12:04 +08:00
|
|
|
*
|
2017-11-13 11:01:37 +08:00
|
|
|
* I don't know what a "long wait" is, but we'll assume
|
|
|
|
* that printing the stats could be a "long wait".
|
2017-11-13 10:12:04 +08:00
|
|
|
*/
|
2017-11-13 11:01:37 +08:00
|
|
|
CreateTimerQueueTimer(&timer_handle, NULL,
|
2017-11-13 16:17:33 +08:00
|
|
|
verbose_stats_dump, NULL, 1000, 1000,
|
2017-11-13 11:01:37 +08:00
|
|
|
WT_EXECUTEDEFAULT|WT_EXECUTELONGFUNCTION);
|
2004-01-16 03:53:48 +08:00
|
|
|
setvbuf(stderr, NULL, _IONBF, 0);
|
2017-11-13 05:31:57 +08:00
|
|
|
#else /* _WIN32 */
|
2017-11-13 10:39:10 +08:00
|
|
|
/*
|
|
|
|
* Assume this is UN*X, and that it has setitimer(); that
|
|
|
|
* dates back to UNIX 95.
|
|
|
|
*/
|
|
|
|
struct itimerval timer;
|
2004-01-16 03:53:48 +08:00
|
|
|
(void)setsignal(SIGALRM, verbose_stats_dump);
|
2017-11-13 10:39:10 +08:00
|
|
|
timer.it_interval.tv_sec = 1;
|
|
|
|
timer.it_interval.tv_usec = 0;
|
|
|
|
timer.it_value.tv_sec = 1;
|
|
|
|
timer.it_value.tv_usec = 1;
|
|
|
|
setitimer(ITIMER_REAL, &timer, NULL);
|
2017-11-13 05:31:57 +08:00
|
|
|
#endif /* _WIN32 */
|
2004-01-16 03:53:48 +08:00
|
|
|
}
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
if (RFileName == NULL) {
|
2012-11-30 17:16:53 +08:00
|
|
|
/*
|
|
|
|
* Live capture (if -V was specified, we set RFileName
|
|
|
|
* to a file from the -V file). Print a message to
|
|
|
|
* the standard error on UN*X.
|
|
|
|
*/
|
2015-04-25 00:02:48 +08:00
|
|
|
if (!ndo->ndo_vflag && !WFileName) {
|
2003-01-08 12:33:27 +08:00
|
|
|
(void)fprintf(stderr,
|
2020-04-25 02:50:49 +08:00
|
|
|
"%s: verbose output suppressed, use -v[v]... for full protocol decode\n",
|
2003-01-08 12:33:27 +08:00
|
|
|
program_name);
|
|
|
|
} else
|
|
|
|
(void)fprintf(stderr, "%s: ", program_name);
|
2003-08-01 09:01:40 +08:00
|
|
|
dlt = pcap_datalink(pd);
|
|
|
|
dlt_name = pcap_datalink_val_to_name(dlt);
|
2018-10-05 15:33:34 +08:00
|
|
|
(void)fprintf(stderr, "listening on %s", device);
|
2003-11-19 07:09:42 +08:00
|
|
|
if (dlt_name == NULL) {
|
2018-10-05 15:33:34 +08:00
|
|
|
(void)fprintf(stderr, ", link-type %u", dlt);
|
2003-11-19 07:09:42 +08:00
|
|
|
} else {
|
2018-10-05 15:33:34 +08:00
|
|
|
(void)fprintf(stderr, ", link-type %s (%s)", dlt_name,
|
|
|
|
pcap_datalink_val_to_description(dlt));
|
2003-11-19 07:09:42 +08:00
|
|
|
}
|
2018-10-05 15:33:34 +08:00
|
|
|
(void)fprintf(stderr, ", snapshot length %d bytes\n", ndo->ndo_snaplen);
|
2003-01-08 12:33:27 +08:00
|
|
|
(void)fflush(stderr);
|
1999-10-08 07:47:09 +08:00
|
|
|
}
|
2014-07-11 03:19:39 +08:00
|
|
|
|
|
|
|
#ifdef HAVE_CAPSICUM
|
2017-02-02 08:13:05 +08:00
|
|
|
cansandbox = (VFileName == NULL && zflag == NULL);
|
|
|
|
#ifdef HAVE_CASPER
|
|
|
|
cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL));
|
|
|
|
#else
|
|
|
|
cansandbox = (cansandbox && ndo->ndo_nflag);
|
|
|
|
#endif /* HAVE_CASPER */
|
2014-07-11 03:19:39 +08:00
|
|
|
if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
|
|
|
|
error("unable to enter the capability mode");
|
|
|
|
#endif /* HAVE_CAPSICUM */
|
|
|
|
|
2012-08-11 09:43:54 +08:00
|
|
|
do {
|
|
|
|
status = pcap_loop(pd, cnt, callback, pcap_userdata);
|
|
|
|
if (WFileName == NULL) {
|
2003-11-04 15:29:15 +08:00
|
|
|
/*
|
2012-08-11 09:43:54 +08:00
|
|
|
* We're printing packets. Flush the printed output,
|
|
|
|
* so it doesn't get intermingled with error output.
|
2003-11-04 15:29:15 +08:00
|
|
|
*/
|
2012-08-11 09:43:54 +08:00
|
|
|
if (status == -2) {
|
|
|
|
/*
|
|
|
|
* We got interrupted, so perhaps we didn't
|
|
|
|
* manage to finish a line we were printing.
|
|
|
|
* Print an extra newline, just in case.
|
|
|
|
*/
|
|
|
|
putchar('\n');
|
|
|
|
}
|
|
|
|
(void)fflush(stdout);
|
|
|
|
}
|
2013-03-28 10:28:11 +08:00
|
|
|
if (status == -2) {
|
|
|
|
/*
|
|
|
|
* We got interrupted. If we are reading multiple
|
|
|
|
* files (via -V) set these so that we stop.
|
|
|
|
*/
|
|
|
|
VFileName = NULL;
|
|
|
|
ret = NULL;
|
|
|
|
}
|
2012-08-11 09:43:54 +08:00
|
|
|
if (status == -1) {
|
|
|
|
/*
|
|
|
|
* Error. Report it.
|
|
|
|
*/
|
|
|
|
(void)fprintf(stderr, "%s: pcap_loop: %s\n",
|
|
|
|
program_name, pcap_geterr(pd));
|
|
|
|
}
|
|
|
|
if (RFileName == NULL) {
|
|
|
|
/*
|
|
|
|
* We're doing a live capture. Report the capture
|
|
|
|
* statistics.
|
|
|
|
*/
|
|
|
|
info(1);
|
|
|
|
}
|
|
|
|
pcap_close(pd);
|
|
|
|
if (VFileName != NULL) {
|
2012-09-07 02:40:21 +08:00
|
|
|
ret = get_next_file(VFile, VFileLine);
|
2012-08-11 09:43:54 +08:00
|
|
|
if (ret) {
|
2016-03-21 06:23:16 +08:00
|
|
|
int new_dlt;
|
|
|
|
|
2012-08-11 09:43:54 +08:00
|
|
|
RFileName = VFileLine;
|
|
|
|
pd = pcap_open_offline(RFileName, ebuf);
|
|
|
|
if (pd == NULL)
|
|
|
|
error("%s", ebuf);
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
|
|
|
cap_rights_init(&rights, CAP_READ);
|
|
|
|
if (cap_rights_limit(fileno(pcap_file(pd)),
|
|
|
|
&rights) < 0 && errno != ENOSYS) {
|
|
|
|
error("unable to limit pcap descriptor");
|
|
|
|
}
|
|
|
|
#endif
|
2012-08-12 02:19:31 +08:00
|
|
|
new_dlt = pcap_datalink(pd);
|
2016-03-21 06:23:16 +08:00
|
|
|
if (new_dlt != dlt) {
|
|
|
|
/*
|
|
|
|
* The new file has a different
|
|
|
|
* link-layer header type from the
|
|
|
|
* previous one.
|
|
|
|
*/
|
|
|
|
if (WFileName != NULL) {
|
|
|
|
/*
|
|
|
|
* We're writing raw packets
|
|
|
|
* that match the filter to
|
|
|
|
* a pcap file. pcap files
|
|
|
|
* don't support multiple
|
|
|
|
* different link-layer
|
|
|
|
* header types, so we fail
|
|
|
|
* here.
|
|
|
|
*/
|
|
|
|
error("%s: new dlt does not match original", RFileName);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We're printing the decoded packets;
|
|
|
|
* switch to the new DLT.
|
|
|
|
*
|
2016-03-21 06:59:27 +08:00
|
|
|
* To do that, we need to change
|
|
|
|
* the printer, change the DLT name,
|
|
|
|
* and recompile the filter with
|
|
|
|
* the new DLT.
|
2016-03-21 06:23:16 +08:00
|
|
|
*/
|
|
|
|
dlt = new_dlt;
|
2020-08-07 01:12:49 +08:00
|
|
|
ndo->ndo_if_printer = get_if_printer(dlt);
|
2023-02-06 04:12:22 +08:00
|
|
|
/* Free the old filter */
|
|
|
|
pcap_freecode(&fcode);
|
2016-03-21 06:59:27 +08:00
|
|
|
if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
|
|
|
|
error("%s", pcap_geterr(pd));
|
2016-03-21 06:23:16 +08:00
|
|
|
}
|
|
|
|
|
2016-03-21 06:59:27 +08:00
|
|
|
/*
|
|
|
|
* Set the filter on the new file.
|
|
|
|
*/
|
|
|
|
if (pcap_setfilter(pd, &fcode) < 0)
|
|
|
|
error("%s", pcap_geterr(pd));
|
|
|
|
|
2016-03-21 06:23:16 +08:00
|
|
|
/*
|
|
|
|
* Report the new file.
|
|
|
|
*/
|
2016-06-27 09:02:12 +08:00
|
|
|
dlt_name = pcap_datalink_val_to_name(dlt);
|
2018-10-05 03:59:44 +08:00
|
|
|
fprintf(stderr, "reading from file %s", RFileName);
|
2012-08-11 09:43:54 +08:00
|
|
|
if (dlt_name == NULL) {
|
2018-10-05 03:59:44 +08:00
|
|
|
fprintf(stderr, ", link-type %u", dlt);
|
2012-08-11 09:43:54 +08:00
|
|
|
} else {
|
2018-10-05 03:59:44 +08:00
|
|
|
fprintf(stderr, ", link-type %s (%s)",
|
|
|
|
dlt_name,
|
|
|
|
pcap_datalink_val_to_description(dlt));
|
2012-08-11 09:43:54 +08:00
|
|
|
}
|
2018-10-05 03:59:44 +08:00
|
|
|
fprintf(stderr, ", snapshot length %d\n", pcap_snapshot(pd));
|
2012-08-11 09:43:54 +08:00
|
|
|
}
|
2003-11-04 15:29:15 +08:00
|
|
|
}
|
|
|
|
}
|
2012-08-11 09:43:54 +08:00
|
|
|
while (ret != NULL);
|
|
|
|
|
2020-02-26 23:55:21 +08:00
|
|
|
if (count_mode && RFileName != NULL)
|
2020-11-04 19:15:14 +08:00
|
|
|
fprintf(stdout, "%u packet%s\n", packets_captured,
|
2020-02-26 23:55:21 +08:00
|
|
|
PLURAL_SUFFIX(packets_captured));
|
|
|
|
|
2012-08-11 09:43:54 +08:00
|
|
|
free(cmdbuf);
|
2015-12-16 05:12:43 +08:00
|
|
|
pcap_freecode(&fcode);
|
2022-02-04 18:13:25 +08:00
|
|
|
exit_tcpdump(status == -1 ? S_ERR_HOST_PROGRAM : S_SUCCESS);
|
1999-10-08 07:47:09 +08:00
|
|
|
}
|
|
|
|
|
2017-10-16 13:36:07 +08:00
|
|
|
/*
|
|
|
|
* Catch a signal.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
(*setsignal (int sig, void (*func)(int)))(int)
|
|
|
|
{
|
|
|
|
#ifdef _WIN32
|
|
|
|
return (signal(sig, func));
|
|
|
|
#else
|
|
|
|
struct sigaction old, new;
|
|
|
|
|
|
|
|
memset(&new, 0, sizeof(new));
|
|
|
|
new.sa_handler = func;
|
2022-07-17 03:34:39 +08:00
|
|
|
if ((sig == SIGCHLD)
|
|
|
|
# ifdef SIGNAL_REQ_INFO
|
|
|
|
|| (sig == SIGNAL_REQ_INFO)
|
|
|
|
# endif
|
|
|
|
# ifdef SIGNAL_FLUSH_PCAP
|
|
|
|
|| (sig == SIGNAL_FLUSH_PCAP)
|
|
|
|
# endif
|
|
|
|
)
|
2017-10-16 13:36:07 +08:00
|
|
|
new.sa_flags = SA_RESTART;
|
|
|
|
if (sigaction(sig, &new, &old) < 0)
|
|
|
|
return (SIG_ERR);
|
|
|
|
return (old.sa_handler);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
1999-10-08 07:47:09 +08:00
|
|
|
/* make a clean exit on interrupts */
|
2017-10-16 13:36:07 +08:00
|
|
|
static void
|
2003-11-04 15:29:15 +08:00
|
|
|
cleanup(int signo _U_)
|
1999-10-08 07:47:09 +08:00
|
|
|
{
|
2017-11-13 05:31:57 +08:00
|
|
|
#ifdef _WIN32
|
2017-11-13 16:17:33 +08:00
|
|
|
if (timer_handle != INVALID_HANDLE_VALUE) {
|
2017-11-13 11:01:37 +08:00
|
|
|
DeleteTimerQueueTimer(NULL, timer_handle, NULL);
|
|
|
|
CloseHandle(timer_handle);
|
2017-11-13 16:17:33 +08:00
|
|
|
timer_handle = INVALID_HANDLE_VALUE;
|
2017-11-13 11:01:37 +08:00
|
|
|
}
|
2017-11-13 05:31:57 +08:00
|
|
|
#else /* _WIN32 */
|
2017-11-13 10:39:10 +08:00
|
|
|
struct itimerval timer;
|
|
|
|
|
|
|
|
timer.it_interval.tv_sec = 0;
|
|
|
|
timer.it_interval.tv_usec = 0;
|
|
|
|
timer.it_value.tv_sec = 0;
|
|
|
|
timer.it_value.tv_usec = 0;
|
|
|
|
setitimer(ITIMER_REAL, &timer, NULL);
|
2017-11-13 05:31:57 +08:00
|
|
|
#endif /* _WIN32 */
|
2004-01-16 03:53:48 +08:00
|
|
|
|
2003-11-04 15:29:15 +08:00
|
|
|
#ifdef HAVE_PCAP_BREAKLOOP
|
|
|
|
/*
|
|
|
|
* We have "pcap_breakloop()"; use it, so that we do as little
|
|
|
|
* as possible in the signal handler (it's probably not safe
|
|
|
|
* to do anything with standard I/O streams in a signal handler -
|
|
|
|
* the ANSI C standard doesn't say it is).
|
|
|
|
*/
|
|
|
|
pcap_breakloop(pd);
|
|
|
|
#else
|
|
|
|
/*
|
|
|
|
* We don't have "pcap_breakloop()"; this isn't safe, but
|
|
|
|
* it's the best we can do. Print the summary if we're
|
|
|
|
* not reading from a savefile - i.e., if we're doing a
|
|
|
|
* live capture - and exit.
|
|
|
|
*/
|
1999-10-08 07:47:09 +08:00
|
|
|
if (pd != NULL && pcap_file(pd) == NULL) {
|
2003-11-04 15:29:15 +08:00
|
|
|
/*
|
|
|
|
* We got interrupted, so perhaps we didn't
|
|
|
|
* manage to finish a line we were printing.
|
|
|
|
* Print an extra newline, just in case.
|
|
|
|
*/
|
|
|
|
putchar('\n');
|
1999-10-08 07:47:09 +08:00
|
|
|
(void)fflush(stdout);
|
2001-07-05 06:03:13 +08:00
|
|
|
info(1);
|
1999-10-08 07:47:09 +08:00
|
|
|
}
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_SUCCESS);
|
2003-11-04 15:29:15 +08:00
|
|
|
#endif
|
1999-10-08 07:47:09 +08:00
|
|
|
}
|
|
|
|
|
2007-10-13 08:46:16 +08:00
|
|
|
/*
|
|
|
|
On windows, we do not use a fork, so we do not care less about
|
|
|
|
waiting a child processes to die
|
|
|
|
*/
|
2010-12-01 08:18:32 +08:00
|
|
|
#if defined(HAVE_FORK) || defined(HAVE_VFORK)
|
2017-10-16 13:36:07 +08:00
|
|
|
static void
|
2006-03-24 01:33:01 +08:00
|
|
|
child_cleanup(int signo _U_)
|
|
|
|
{
|
|
|
|
wait(NULL);
|
|
|
|
}
|
2010-12-01 08:18:32 +08:00
|
|
|
#endif /* HAVE_FORK && HAVE_VFORK */
|
2006-03-24 01:33:01 +08:00
|
|
|
|
2002-12-19 17:39:10 +08:00
|
|
|
static void
|
2017-12-14 02:17:47 +08:00
|
|
|
info(int verbose)
|
2001-07-05 06:03:13 +08:00
|
|
|
{
|
2015-09-18 03:23:46 +08:00
|
|
|
struct pcap_stat stats;
|
2001-07-05 06:03:13 +08:00
|
|
|
|
2009-09-08 07:52:15 +08:00
|
|
|
/*
|
|
|
|
* Older versions of libpcap didn't set ps_ifdrop on some
|
|
|
|
* platforms; initialize it to 0 to handle that.
|
|
|
|
*/
|
2015-09-18 03:23:46 +08:00
|
|
|
stats.ps_ifdrop = 0;
|
|
|
|
if (pcap_stats(pd, &stats) < 0) {
|
2001-07-05 06:03:13 +08:00
|
|
|
(void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd));
|
2007-11-22 04:31:31 +08:00
|
|
|
infoprint = 0;
|
2001-07-05 06:03:13 +08:00
|
|
|
return;
|
|
|
|
}
|
2002-08-01 16:52:55 +08:00
|
|
|
|
2001-07-05 06:03:13 +08:00
|
|
|
if (!verbose)
|
|
|
|
fprintf(stderr, "%s: ", program_name);
|
2002-08-01 16:52:55 +08:00
|
|
|
|
2011-03-09 01:11:25 +08:00
|
|
|
(void)fprintf(stderr, "%u packet%s captured", packets_captured,
|
|
|
|
PLURAL_SUFFIX(packets_captured));
|
2003-09-17 05:02:51 +08:00
|
|
|
if (!verbose)
|
|
|
|
fputs(", ", stderr);
|
|
|
|
else
|
|
|
|
putc('\n', stderr);
|
2015-09-18 03:23:46 +08:00
|
|
|
(void)fprintf(stderr, "%u packet%s received by filter", stats.ps_recv,
|
|
|
|
PLURAL_SUFFIX(stats.ps_recv));
|
2001-07-05 06:03:13 +08:00
|
|
|
if (!verbose)
|
|
|
|
fputs(", ", stderr);
|
|
|
|
else
|
|
|
|
putc('\n', stderr);
|
2015-09-18 03:23:46 +08:00
|
|
|
(void)fprintf(stderr, "%u packet%s dropped by kernel", stats.ps_drop,
|
|
|
|
PLURAL_SUFFIX(stats.ps_drop));
|
|
|
|
if (stats.ps_ifdrop != 0) {
|
2009-09-08 07:52:15 +08:00
|
|
|
if (!verbose)
|
|
|
|
fputs(", ", stderr);
|
|
|
|
else
|
|
|
|
putc('\n', stderr);
|
2011-03-09 01:11:25 +08:00
|
|
|
(void)fprintf(stderr, "%u packet%s dropped by interface\n",
|
2015-09-18 03:23:46 +08:00
|
|
|
stats.ps_ifdrop, PLURAL_SUFFIX(stats.ps_ifdrop));
|
2009-09-08 07:52:15 +08:00
|
|
|
} else
|
|
|
|
putc('\n', stderr);
|
2001-07-05 06:03:13 +08:00
|
|
|
infoprint = 0;
|
|
|
|
}
|
|
|
|
|
2010-12-01 08:18:32 +08:00
|
|
|
#if defined(HAVE_FORK) || defined(HAVE_VFORK)
|
2015-12-14 06:29:40 +08:00
|
|
|
#ifdef HAVE_FORK
|
|
|
|
#define fork_subprocess() fork()
|
|
|
|
#else
|
|
|
|
#define fork_subprocess() vfork()
|
|
|
|
#endif
|
2006-03-24 01:33:01 +08:00
|
|
|
static void
|
|
|
|
compress_savefile(const char *filename)
|
|
|
|
{
|
2015-12-14 06:29:40 +08:00
|
|
|
pid_t child;
|
|
|
|
|
|
|
|
child = fork_subprocess();
|
|
|
|
if (child == -1) {
|
|
|
|
fprintf(stderr,
|
|
|
|
"compress_savefile: fork failed: %s\n",
|
|
|
|
pcap_strerror(errno));
|
2006-03-24 01:33:01 +08:00
|
|
|
return;
|
2015-12-14 06:29:40 +08:00
|
|
|
}
|
|
|
|
if (child != 0) {
|
|
|
|
/* Parent process. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2006-03-24 01:33:01 +08:00
|
|
|
/*
|
2015-12-14 06:29:40 +08:00
|
|
|
* Child process.
|
|
|
|
* Set to lowest priority so that this doesn't disturb the capture.
|
2006-03-24 01:33:01 +08:00
|
|
|
*/
|
|
|
|
#ifdef NZERO
|
|
|
|
setpriority(PRIO_PROCESS, 0, NZERO - 1);
|
|
|
|
#else
|
|
|
|
setpriority(PRIO_PROCESS, 0, 19);
|
|
|
|
#endif
|
2009-06-10 06:05:28 +08:00
|
|
|
if (execlp(zflag, zflag, filename, (char *)NULL) == -1)
|
2006-03-24 01:33:01 +08:00
|
|
|
fprintf(stderr,
|
2015-12-14 06:29:40 +08:00
|
|
|
"compress_savefile: execlp(%s, %s) failed: %s\n",
|
2006-03-24 01:33:01 +08:00
|
|
|
zflag,
|
|
|
|
filename,
|
2015-10-13 04:17:01 +08:00
|
|
|
pcap_strerror(errno));
|
2015-12-14 06:29:40 +08:00
|
|
|
#ifdef HAVE_FORK
|
2018-02-25 18:04:39 +08:00
|
|
|
exit(S_ERR_HOST_PROGRAM);
|
2015-12-14 06:29:40 +08:00
|
|
|
#else
|
2018-02-25 18:04:39 +08:00
|
|
|
_exit(S_ERR_HOST_PROGRAM);
|
2015-12-14 06:29:40 +08:00
|
|
|
#endif
|
2006-03-24 01:33:01 +08:00
|
|
|
}
|
2010-12-01 08:18:32 +08:00
|
|
|
#else /* HAVE_FORK && HAVE_VFORK */
|
2007-10-13 08:46:16 +08:00
|
|
|
static void
|
|
|
|
compress_savefile(const char *filename)
|
|
|
|
{
|
|
|
|
fprintf(stderr,
|
2010-12-01 08:18:32 +08:00
|
|
|
"compress_savefile failed. Functionality not implemented under your system\n");
|
2007-10-13 08:46:16 +08:00
|
|
|
}
|
2010-12-01 08:18:32 +08:00
|
|
|
#endif /* HAVE_FORK && HAVE_VFORK */
|
2006-03-24 01:33:01 +08:00
|
|
|
|
2001-10-03 15:35:42 +08:00
|
|
|
static void
|
2002-11-12 03:54:40 +08:00
|
|
|
dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
|
2001-10-03 15:35:42 +08:00
|
|
|
{
|
2002-11-12 03:54:40 +08:00
|
|
|
struct dump_info *dump_info;
|
2001-10-03 15:35:42 +08:00
|
|
|
|
2003-09-17 05:02:51 +08:00
|
|
|
++packets_captured;
|
|
|
|
|
2002-11-12 03:54:40 +08:00
|
|
|
++infodelay;
|
|
|
|
|
|
|
|
dump_info = (struct dump_info *)user;
|
2002-06-12 01:08:37 +08:00
|
|
|
|
2005-10-20 15:43:51 +08:00
|
|
|
/*
|
2005-12-06 04:24:48 +08:00
|
|
|
* XXX - this won't force the file to rotate on the specified time
|
|
|
|
* boundary, but it will rotate on the first packet received after the
|
|
|
|
* specified Gflag number of seconds. Note: if a Gflag time boundary
|
|
|
|
* and a Cflag size boundary coincide, the time rotation will occur
|
|
|
|
* first thereby cancelling the Cflag boundary (since the file should
|
|
|
|
* be 0).
|
2005-10-20 15:43:51 +08:00
|
|
|
*/
|
2015-04-24 08:27:45 +08:00
|
|
|
if (Gflag != 0) {
|
2005-12-06 04:24:48 +08:00
|
|
|
/* Check if it is time to rotate */
|
|
|
|
time_t t;
|
2005-10-20 15:43:51 +08:00
|
|
|
|
2005-12-06 04:24:48 +08:00
|
|
|
/* Get the current time */
|
|
|
|
if ((t = time(NULL)) == (time_t)-1) {
|
2020-10-08 06:33:51 +08:00
|
|
|
error("%s: can't get current_time: %s",
|
|
|
|
__func__, pcap_strerror(errno));
|
2005-12-06 04:24:48 +08:00
|
|
|
}
|
2005-10-20 15:43:51 +08:00
|
|
|
|
|
|
|
|
2005-12-06 04:24:48 +08:00
|
|
|
/* If the time is greater than the specified window, rotate */
|
2015-04-24 08:27:45 +08:00
|
|
|
if (t - Gflag_time >= Gflag) {
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
|
|
|
FILE *fp;
|
|
|
|
int fd;
|
|
|
|
#endif
|
|
|
|
|
2005-12-06 04:24:48 +08:00
|
|
|
/* Update the Gflag_time */
|
2015-04-24 08:27:45 +08:00
|
|
|
Gflag_time = t;
|
2005-12-06 04:24:48 +08:00
|
|
|
/* Update Gflag_count */
|
2015-04-24 08:27:45 +08:00
|
|
|
Gflag_count++;
|
2005-12-06 04:24:48 +08:00
|
|
|
/*
|
|
|
|
* Close the current file and open a new one.
|
|
|
|
*/
|
2018-04-09 08:29:41 +08:00
|
|
|
pcap_dump_close(dump_info->pdd);
|
2005-10-20 15:43:51 +08:00
|
|
|
|
2006-03-24 01:33:01 +08:00
|
|
|
/*
|
|
|
|
* Compress the file we just closed, if the user asked for it
|
|
|
|
*/
|
|
|
|
if (zflag != NULL)
|
|
|
|
compress_savefile(dump_info->CurrentFileName);
|
|
|
|
|
2005-12-06 04:24:48 +08:00
|
|
|
/*
|
|
|
|
* Check to see if we've exceeded the Wflag (when
|
|
|
|
* not using Cflag).
|
|
|
|
*/
|
2015-04-24 08:27:45 +08:00
|
|
|
if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) {
|
2005-12-06 04:24:48 +08:00
|
|
|
(void)fprintf(stderr, "Maximum file limit reached: %d\n",
|
2015-04-24 08:27:45 +08:00
|
|
|
Wflag);
|
2017-01-18 10:49:55 +08:00
|
|
|
info(1);
|
2018-02-25 18:04:39 +08:00
|
|
|
exit_tcpdump(S_SUCCESS);
|
2005-12-06 04:24:48 +08:00
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
2006-03-24 01:33:01 +08:00
|
|
|
if (dump_info->CurrentFileName != NULL)
|
|
|
|
free(dump_info->CurrentFileName);
|
2005-12-06 04:24:48 +08:00
|
|
|
/* Allocate space for max filename + \0. */
|
2012-09-28 11:44:34 +08:00
|
|
|
dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1);
|
2006-03-24 01:33:01 +08:00
|
|
|
if (dump_info->CurrentFileName == NULL)
|
2005-12-06 04:24:48 +08:00
|
|
|
error("dump_packet_and_trunc: malloc");
|
2014-01-06 05:28:54 +08:00
|
|
|
/*
|
|
|
|
* Gflag was set otherwise we wouldn't be here. Reset the count
|
|
|
|
* so multiple files would end with 1,2,3 in the filename.
|
|
|
|
* The counting is handled with the -C flow after this.
|
|
|
|
*/
|
2015-04-24 08:27:45 +08:00
|
|
|
Cflag_count = 0;
|
2014-01-06 05:28:54 +08:00
|
|
|
|
2005-12-06 04:24:48 +08:00
|
|
|
/*
|
|
|
|
* This is always the first file in the Cflag
|
|
|
|
* rotation: e.g. 0
|
|
|
|
* We also don't need numbering if Cflag is not set.
|
|
|
|
*/
|
2015-04-24 08:27:45 +08:00
|
|
|
if (Cflag != 0)
|
2006-03-24 01:33:01 +08:00
|
|
|
MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0,
|
2015-04-24 08:27:45 +08:00
|
|
|
WflagChars);
|
2005-12-06 04:24:48 +08:00
|
|
|
else
|
2006-03-24 01:33:01 +08:00
|
|
|
MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0);
|
2005-12-06 04:24:48 +08:00
|
|
|
|
2015-02-15 22:32:23 +08:00
|
|
|
#ifdef HAVE_LIBCAP_NG
|
2012-05-25 22:26:17 +08:00
|
|
|
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
|
2015-02-19 00:38:56 +08:00
|
|
|
capng_apply(CAPNG_SELECT_BOTH);
|
2015-02-15 22:32:23 +08:00
|
|
|
#endif /* HAVE_LIBCAP_NG */
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
|
|
|
fd = openat(dump_info->dirfd,
|
|
|
|
dump_info->CurrentFileName,
|
|
|
|
O_CREAT | O_WRONLY | O_TRUNC, 0644);
|
|
|
|
if (fd < 0) {
|
|
|
|
error("unable to open file %s",
|
|
|
|
dump_info->CurrentFileName);
|
|
|
|
}
|
|
|
|
fp = fdopen(fd, "w");
|
|
|
|
if (fp == NULL) {
|
|
|
|
error("unable to fdopen file %s",
|
|
|
|
dump_info->CurrentFileName);
|
|
|
|
}
|
2018-04-09 08:29:41 +08:00
|
|
|
dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
|
2014-07-11 03:19:39 +08:00
|
|
|
#else /* !HAVE_CAPSICUM */
|
2018-04-09 08:29:41 +08:00
|
|
|
dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
|
2014-07-11 03:19:39 +08:00
|
|
|
#endif
|
2015-02-15 22:32:23 +08:00
|
|
|
#ifdef HAVE_LIBCAP_NG
|
2012-05-25 22:26:17 +08:00
|
|
|
capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
|
2015-02-19 00:38:56 +08:00
|
|
|
capng_apply(CAPNG_SELECT_BOTH);
|
2015-02-15 22:32:23 +08:00
|
|
|
#endif /* HAVE_LIBCAP_NG */
|
2018-04-09 08:29:41 +08:00
|
|
|
if (dump_info->pdd == NULL)
|
2005-12-06 04:24:48 +08:00
|
|
|
error("%s", pcap_geterr(pd));
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
2018-04-09 08:29:41 +08:00
|
|
|
set_dumper_capsicum_rights(dump_info->pdd);
|
2014-07-11 03:19:39 +08:00
|
|
|
#endif
|
2005-12-06 04:24:48 +08:00
|
|
|
}
|
|
|
|
}
|
2005-10-20 15:43:51 +08:00
|
|
|
|
2001-10-03 15:35:42 +08:00
|
|
|
/*
|
|
|
|
* XXX - this won't prevent capture files from getting
|
|
|
|
* larger than Cflag - the last packet written to the
|
|
|
|
* file could put it over Cflag.
|
|
|
|
*/
|
2015-04-24 08:27:45 +08:00
|
|
|
if (Cflag != 0) {
|
2017-10-21 03:15:26 +08:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FTELL64
|
2018-04-09 08:29:41 +08:00
|
|
|
int64_t size = pcap_dump_ftell64(dump_info->pdd);
|
2017-09-30 16:10:29 +08:00
|
|
|
#else
|
|
|
|
/*
|
|
|
|
* XXX - this only handles a Cflag value > 2^31-1 on
|
|
|
|
* LP64 platforms; to handle ILP32 (32-bit UN*X and
|
|
|
|
* Windows) or LLP64 (64-bit Windows) would require
|
|
|
|
* a version of libpcap with pcap_dump_ftell64().
|
|
|
|
*/
|
2018-04-09 08:29:41 +08:00
|
|
|
long size = pcap_dump_ftell(dump_info->pdd);
|
2017-09-30 16:10:29 +08:00
|
|
|
#endif
|
2015-02-19 05:18:21 +08:00
|
|
|
|
|
|
|
if (size == -1)
|
|
|
|
error("ftell fails on output file");
|
2015-04-24 08:27:45 +08:00
|
|
|
if (size > Cflag) {
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
2015-02-19 05:18:21 +08:00
|
|
|
FILE *fp;
|
|
|
|
int fd;
|
2014-07-11 03:19:39 +08:00
|
|
|
#endif
|
|
|
|
|
2015-02-19 05:18:21 +08:00
|
|
|
/*
|
|
|
|
* Close the current file and open a new one.
|
|
|
|
*/
|
2018-04-09 08:29:41 +08:00
|
|
|
pcap_dump_close(dump_info->pdd);
|
2006-03-24 01:33:01 +08:00
|
|
|
|
2015-02-19 05:18:21 +08:00
|
|
|
/*
|
|
|
|
* Compress the file we just closed, if the user
|
|
|
|
* asked for it.
|
|
|
|
*/
|
|
|
|
if (zflag != NULL)
|
|
|
|
compress_savefile(dump_info->CurrentFileName);
|
2006-03-24 01:33:01 +08:00
|
|
|
|
2015-04-24 08:27:45 +08:00
|
|
|
Cflag_count++;
|
|
|
|
if (Wflag > 0) {
|
|
|
|
if (Cflag_count >= Wflag)
|
|
|
|
Cflag_count = 0;
|
2015-02-19 05:18:21 +08:00
|
|
|
}
|
|
|
|
if (dump_info->CurrentFileName != NULL)
|
|
|
|
free(dump_info->CurrentFileName);
|
|
|
|
dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1);
|
|
|
|
if (dump_info->CurrentFileName == NULL)
|
2020-10-08 06:33:51 +08:00
|
|
|
error("%s: malloc", __func__);
|
2015-04-24 08:27:45 +08:00
|
|
|
MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars);
|
2015-02-19 00:38:56 +08:00
|
|
|
#ifdef HAVE_LIBCAP_NG
|
2015-02-19 05:18:21 +08:00
|
|
|
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
|
|
|
|
capng_apply(CAPNG_SELECT_BOTH);
|
2015-02-19 00:38:56 +08:00
|
|
|
#endif /* HAVE_LIBCAP_NG */
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
2015-02-19 05:18:21 +08:00
|
|
|
fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
|
|
|
|
O_CREAT | O_WRONLY | O_TRUNC, 0644);
|
|
|
|
if (fd < 0) {
|
|
|
|
error("unable to open file %s",
|
|
|
|
dump_info->CurrentFileName);
|
|
|
|
}
|
|
|
|
fp = fdopen(fd, "w");
|
|
|
|
if (fp == NULL) {
|
|
|
|
error("unable to fdopen file %s",
|
|
|
|
dump_info->CurrentFileName);
|
|
|
|
}
|
2018-04-09 08:29:41 +08:00
|
|
|
dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
|
2014-07-11 03:19:39 +08:00
|
|
|
#else /* !HAVE_CAPSICUM */
|
2018-04-09 08:29:41 +08:00
|
|
|
dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
|
2014-07-11 03:19:39 +08:00
|
|
|
#endif
|
2015-02-19 00:38:56 +08:00
|
|
|
#ifdef HAVE_LIBCAP_NG
|
2015-02-19 05:18:21 +08:00
|
|
|
capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
|
|
|
|
capng_apply(CAPNG_SELECT_BOTH);
|
2015-02-19 00:38:56 +08:00
|
|
|
#endif /* HAVE_LIBCAP_NG */
|
2018-04-09 08:29:41 +08:00
|
|
|
if (dump_info->pdd == NULL)
|
2015-02-19 05:18:21 +08:00
|
|
|
error("%s", pcap_geterr(pd));
|
2014-07-11 03:19:39 +08:00
|
|
|
#ifdef HAVE_CAPSICUM
|
2018-04-09 08:29:41 +08:00
|
|
|
set_dumper_capsicum_rights(dump_info->pdd);
|
2014-07-11 03:19:39 +08:00
|
|
|
#endif
|
2015-02-19 05:18:21 +08:00
|
|
|
}
|
2001-10-03 15:35:42 +08:00
|
|
|
}
|
|
|
|
|
2018-04-09 08:29:41 +08:00
|
|
|
pcap_dump((u_char *)dump_info->pdd, h, sp);
|
2002-12-23 05:15:36 +08:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
2015-04-24 08:27:45 +08:00
|
|
|
if (Uflag)
|
2018-04-09 08:29:41 +08:00
|
|
|
pcap_dump_flush(dump_info->pdd);
|
2002-12-22 08:15:26 +08:00
|
|
|
#endif
|
2002-11-12 03:54:40 +08:00
|
|
|
|
2017-10-12 03:09:42 +08:00
|
|
|
if (dump_info->ndo != NULL)
|
|
|
|
pretty_print_packet(dump_info->ndo, h, sp, packets_captured);
|
|
|
|
|
2002-11-12 03:54:40 +08:00
|
|
|
--infodelay;
|
|
|
|
if (infoprint)
|
|
|
|
info(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
|
|
|
|
{
|
2017-10-12 03:09:42 +08:00
|
|
|
struct dump_info *dump_info;
|
|
|
|
|
2003-09-17 05:02:51 +08:00
|
|
|
++packets_captured;
|
|
|
|
|
2002-11-12 03:54:40 +08:00
|
|
|
++infodelay;
|
|
|
|
|
2017-10-12 03:09:42 +08:00
|
|
|
dump_info = (struct dump_info *)user;
|
|
|
|
|
2018-04-09 08:29:41 +08:00
|
|
|
pcap_dump((u_char *)dump_info->pdd, h, sp);
|
2002-12-23 05:15:36 +08:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
2015-04-24 08:27:45 +08:00
|
|
|
if (Uflag)
|
2018-04-09 08:29:41 +08:00
|
|
|
pcap_dump_flush(dump_info->pdd);
|
2002-12-22 08:15:26 +08:00
|
|
|
#endif
|
2002-11-12 03:54:40 +08:00
|
|
|
|
2017-10-12 03:09:42 +08:00
|
|
|
if (dump_info->ndo != NULL)
|
|
|
|
pretty_print_packet(dump_info->ndo, h, sp, packets_captured);
|
|
|
|
|
2002-11-12 03:54:40 +08:00
|
|
|
--infodelay;
|
|
|
|
if (infoprint)
|
|
|
|
info(0);
|
2001-10-03 15:35:42 +08:00
|
|
|
}
|
|
|
|
|
2002-12-19 17:39:10 +08:00
|
|
|
static void
|
|
|
|
print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
|
|
|
|
{
|
2003-09-17 05:02:51 +08:00
|
|
|
++packets_captured;
|
|
|
|
|
2002-12-19 17:39:10 +08:00
|
|
|
++infodelay;
|
|
|
|
|
2020-02-26 23:55:21 +08:00
|
|
|
if (!count_mode)
|
|
|
|
pretty_print_packet((netdissect_options *)user, h, sp, packets_captured);
|
2002-12-19 17:39:10 +08:00
|
|
|
|
|
|
|
--infodelay;
|
|
|
|
if (infoprint)
|
|
|
|
info(0);
|
|
|
|
}
|
|
|
|
|
2012-02-07 21:16:19 +08:00
|
|
|
#ifdef SIGNAL_REQ_INFO
|
2018-04-09 08:31:22 +08:00
|
|
|
static void
|
|
|
|
requestinfo(int signo _U_)
|
2001-07-05 06:03:13 +08:00
|
|
|
{
|
|
|
|
if (infodelay)
|
|
|
|
++infoprint;
|
|
|
|
else
|
|
|
|
info(0);
|
2018-04-08 06:46:53 +08:00
|
|
|
}
|
2018-04-08 06:04:58 +08:00
|
|
|
#endif
|
2018-04-08 06:46:53 +08:00
|
|
|
|
|
|
|
#ifdef SIGNAL_FLUSH_PCAP
|
2018-04-09 08:31:22 +08:00
|
|
|
static void
|
|
|
|
flushpcap(int signo _U_)
|
2018-04-08 06:46:53 +08:00
|
|
|
{
|
2018-04-09 08:29:41 +08:00
|
|
|
if (pdd != NULL)
|
|
|
|
pcap_dump_flush(pdd);
|
2001-07-05 06:03:13 +08:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2017-10-12 22:55:36 +08:00
|
|
|
static void
|
|
|
|
print_packets_captured (void)
|
|
|
|
{
|
|
|
|
static u_int prev_packets_captured, first = 1;
|
|
|
|
|
|
|
|
if (infodelay == 0 && (first || packets_captured != prev_packets_captured)) {
|
|
|
|
fprintf(stderr, "Got %u\r", packets_captured);
|
|
|
|
first = 0;
|
|
|
|
prev_packets_captured = packets_captured;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-01-16 03:53:48 +08:00
|
|
|
/*
|
|
|
|
* Called once each second in verbose mode while dumping to file
|
|
|
|
*/
|
2017-11-13 05:31:57 +08:00
|
|
|
#ifdef _WIN32
|
2017-11-13 11:01:37 +08:00
|
|
|
static void CALLBACK verbose_stats_dump(PVOID param _U_,
|
|
|
|
BOOLEAN timer_fired _U_)
|
2004-01-16 03:53:48 +08:00
|
|
|
{
|
2017-10-12 22:55:36 +08:00
|
|
|
print_packets_captured();
|
2004-01-16 03:53:48 +08:00
|
|
|
}
|
2017-11-13 05:31:57 +08:00
|
|
|
#else /* _WIN32 */
|
2004-01-16 03:53:48 +08:00
|
|
|
static void verbose_stats_dump(int sig _U_)
|
|
|
|
{
|
2017-10-12 22:55:36 +08:00
|
|
|
print_packets_captured();
|
2004-01-16 03:53:48 +08:00
|
|
|
}
|
2017-11-13 05:31:57 +08:00
|
|
|
#endif /* _WIN32 */
|
2004-01-16 03:53:48 +08:00
|
|
|
|
2021-07-24 16:51:02 +08:00
|
|
|
DIAG_OFF_DEPRECATION
|
2000-07-11 08:49:02 +08:00
|
|
|
static void
|
2020-09-10 22:01:53 +08:00
|
|
|
print_version(FILE *f)
|
1999-10-08 07:47:09 +08:00
|
|
|
{
|
2003-02-11 15:41:52 +08:00
|
|
|
#ifndef HAVE_PCAP_LIB_VERSION
|
2017-11-13 04:34:08 +08:00
|
|
|
#ifdef HAVE_PCAP_VERSION
|
1999-10-08 07:47:09 +08:00
|
|
|
extern char pcap_version[];
|
2017-11-13 04:34:08 +08:00
|
|
|
#else /* HAVE_PCAP_VERSION */
|
2002-09-05 09:31:41 +08:00
|
|
|
static char pcap_version[] = "unknown";
|
2017-11-13 04:34:08 +08:00
|
|
|
#endif /* HAVE_PCAP_VERSION */
|
2003-02-11 15:41:52 +08:00
|
|
|
#endif /* HAVE_PCAP_LIB_VERSION */
|
2016-08-05 05:35:35 +08:00
|
|
|
const char *smi_version_string;
|
1999-10-08 07:47:09 +08:00
|
|
|
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f, "%s version " PACKAGE_VERSION "\n", program_name);
|
2003-02-11 15:41:52 +08:00
|
|
|
#ifdef HAVE_PCAP_LIB_VERSION
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f, "%s\n", pcap_lib_version());
|
2003-02-11 15:41:52 +08:00
|
|
|
#else /* HAVE_PCAP_LIB_VERSION */
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f, "libpcap version %s\n", pcap_version);
|
2003-02-11 15:41:52 +08:00
|
|
|
#endif /* HAVE_PCAP_LIB_VERSION */
|
2014-05-08 03:07:35 +08:00
|
|
|
|
|
|
|
#if defined(HAVE_LIBCRYPTO) && defined(SSLEAY_VERSION)
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf (f, "%s\n", SSLeay_version(SSLEAY_VERSION));
|
2014-05-08 03:07:35 +08:00
|
|
|
#endif
|
|
|
|
|
2016-08-05 05:35:35 +08:00
|
|
|
smi_version_string = nd_smi_version_string();
|
|
|
|
if (smi_version_string != NULL)
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf (f, "SMI-library: %s\n", smi_version_string);
|
2017-02-03 23:32:12 +08:00
|
|
|
|
|
|
|
#if defined(__SANITIZE_ADDRESS__)
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf (f, "Compiled with AddressSanitizer/GCC.\n");
|
2017-02-03 23:32:12 +08:00
|
|
|
#elif defined(__has_feature)
|
|
|
|
# if __has_feature(address_sanitizer)
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf (f, "Compiled with AddressSanitizer/Clang.\n");
|
2020-04-22 20:36:50 +08:00
|
|
|
# elif __has_feature(memory_sanitizer)
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf (f, "Compiled with MemorySanitizer/Clang.\n");
|
2017-02-03 23:32:12 +08:00
|
|
|
# endif
|
|
|
|
#endif /* __SANITIZE_ADDRESS__ or __has_feature */
|
2014-05-07 05:25:43 +08:00
|
|
|
}
|
2021-07-24 16:51:02 +08:00
|
|
|
DIAG_ON_DEPRECATION
|
2014-05-07 05:25:43 +08:00
|
|
|
|
|
|
|
static void
|
2020-09-10 22:01:53 +08:00
|
|
|
print_usage(FILE *f)
|
2014-05-07 05:25:43 +08:00
|
|
|
{
|
2020-09-10 22:01:53 +08:00
|
|
|
print_version(f);
|
|
|
|
(void)fprintf(f,
|
2020-02-27 21:26:53 +08:00
|
|
|
"Usage: %s [-Abd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqStu" U_FLAG "vxX#]" B_FLAG_USAGE " [ -c count ] [--count]\n", program_name);
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f,
|
2008-04-05 03:42:11 +08:00
|
|
|
"\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f,
|
2017-10-21 02:26:57 +08:00
|
|
|
"\t\t[ -i interface ]" IMMEDIATE_MODE_USAGE j_FLAG_USAGE "\n");
|
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS_EX
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f,
|
2017-10-21 02:26:57 +08:00
|
|
|
"\t\t" LIST_REMOTE_INTERFACES_USAGE "\n");
|
2018-10-29 23:31:19 +08:00
|
|
|
#endif
|
|
|
|
#ifdef USE_LIBSMI
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f,
|
2018-10-29 23:31:19 +08:00
|
|
|
"\t\t" m_FLAG_USAGE "\n");
|
2009-08-26 03:42:12 +08:00
|
|
|
#endif
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f,
|
2022-01-17 08:05:15 +08:00
|
|
|
"\t\t[ -M secret ] [ --number ] [ --print ]\n");
|
|
|
|
(void)fprintf(f,
|
|
|
|
"\t\t[ --print-sampling nth ]" Q_FLAG_USAGE " [ -r file ]\n");
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f,
|
2022-01-17 08:05:15 +08:00
|
|
|
"\t\t[ -s snaplen ] [ -T type ] [ --version ]\n");
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f,
|
2019-04-03 01:28:17 +08:00
|
|
|
"\t\t[ -V file ] [ -w file ] [ -W filecount ] [ -y datalinktype ]\n");
|
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f,
|
2019-04-03 01:28:17 +08:00
|
|
|
"\t\t[ --time-stamp-precision precision ] [ --micro ] [ --nano ]\n");
|
|
|
|
#endif
|
2020-09-10 22:01:53 +08:00
|
|
|
(void)fprintf(f,
|
2017-10-21 02:26:57 +08:00
|
|
|
"\t\t[ -z postrotate-command ] [ -Z user ] [ expression ]\n");
|
1999-10-08 07:47:09 +08:00
|
|
|
}
|