diff options
| author | glebius <glebius@FreeBSD.org> | 2017-02-10 07:22:12 +0000 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2017-02-10 07:04:32 -0200 |
| commit | abb72844124d16a7ad83487bf5f12c49b66e60d5 (patch) | |
| tree | d6de71264e438b11eb1d196ca9e0c63eda8e56b4 /contrib/tcpdump/tcpdump.c | |
| parent | 9c520da80579466ed328970249f2a9ea5cb61063 (diff) | |
| download | FreeBSD-src-abb72844124d16a7ad83487bf5f12c49b66e60d5.zip FreeBSD-src-abb72844124d16a7ad83487bf5f12c49b66e60d5.tar.gz | |
Merge r309649, r313048, r313083, r313104:
tcpdump 4.9.0
(cherry picked from commit ad0c9114e00a9a30168e0c13c17d8f65571aa67f)
Diffstat (limited to 'contrib/tcpdump/tcpdump.c')
| -rw-r--r-- | contrib/tcpdump/tcpdump.c | 1835 |
1 files changed, 872 insertions, 963 deletions
diff --git a/contrib/tcpdump/tcpdump.c b/contrib/tcpdump/tcpdump.c index 2bec0b8..202dce2 100644 --- a/contrib/tcpdump/tcpdump.c +++ b/contrib/tcpdump/tcpdump.c @@ -31,10 +31,8 @@ static const char copyright[] _U_ = The Regents of the University of California. All rights reserved.\n"; #endif -/* $FreeBSD$ */ - /* - * tcpdump - monitor tcp/ip traffic on an ethernet. + * tcpdump - dump traffic on a network * * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. * Mercilessly hacked and occasionally improved since then via the @@ -56,18 +54,12 @@ The Regents of the University of California. All rights reserved.\n"; #endif #endif -#include <tcpdump-stdinc.h> +#include <netdissect-stdinc.h> -#ifdef WIN32 -#include "w32_fzs.h" -extern int strcasecmp (const char *__s1, const char *__s2); -extern int SIZE_BUF; -#define off_t long -#define uint UINT -#endif /* WIN32 */ +#include <sys/stat.h> -#ifdef USE_LIBSMI -#include <smi.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> #endif #ifdef HAVE_LIBCRYPTO @@ -83,32 +75,31 @@ extern int SIZE_BUF; * to compile if <pcap.h> has already been included; including the headers * in the opposite order works fine. */ -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM #include <sys/capsicum.h> #include <sys/sysctl.h> +#include <sys/nv.h> +#include <sys/ioccom.h> +#include <net/bpf.h> #include <libgen.h> -#endif /* __FreeBSD__ */ #ifdef HAVE_CASPER #include <libcasper.h> #include <casper/cap_dns.h> -#include <sys/nv.h> -#include <sys/capability.h> -#include <sys/ioccom.h> -#include <net/bpf.h> -#include <fcntl.h> #endif /* HAVE_CASPER */ +#endif /* HAVE_CAPSICUM */ #include <pcap.h> #include <signal.h> #include <stdio.h> +#include <stdarg.h> #include <stdlib.h> #include <string.h> #include <limits.h> -#ifndef WIN32 +#ifndef _WIN32 #include <sys/wait.h> #include <sys/resource.h> #include <pwd.h> #include <grp.h> -#endif /* WIN32 */ +#endif /* _WIN32 */ /* capabilities convenience library */ /* If a code depends on HAVE_LIBCAP_NG, it depends also on HAVE_CAP_NG_H. @@ -130,6 +121,9 @@ extern int SIZE_BUF; #include "setsignal.h" #include "gmt2local.h" #include "pcap-missing.h" +#include "ascii_strcasecmp.h" + +#include "print.h" #ifndef PATH_MAX #define PATH_MAX 1024 @@ -141,19 +135,41 @@ extern int SIZE_BUF; #define SIGNAL_REQ_INFO SIGUSR1 #endif -netdissect_options Gndo; -netdissect_options *gndo = &Gndo; - +static int Bflag; /* buffer size */ +static int Cflag; /* rotate dump files after this many bytes */ +static int Cflag_count; /* Keep track of which file number we're writing */ static int Dflag; /* list available devices and exit */ -static int dflag; /* print filter code */ +/* + * This is exported because, in some versions of libpcap, if libpcap + * is built with optimizer debugging code (which is *NOT* the default + * configuration!), the library *imports*(!) a variable named dflag, + * under the expectation that tcpdump is exporting it, to govern + * how much debugging information to print when optimizing + * the generated BPF code. + * + * This is a horrible hack; newer versions of libpcap don't import + * dflag but, instead, *if* built with optimizer debugging code, + * *export* a routine to set that flag. + */ +int dflag; /* print filter code */ +static int Gflag; /* rotate dump files after this many seconds */ +static int Gflag_count; /* number of files created with Gflag rotation */ +static time_t Gflag_time; /* The last time_t the dump file was rotated. */ static int Lflag; /* list available data link types and exit */ +static int Iflag; /* rfmon (monitor) mode */ #ifdef HAVE_PCAP_SET_TSTAMP_TYPE static int Jflag; /* list available time stamp types */ #endif +static int jflag = -1; /* packet time stamp source */ +static int pflag; /* don't go promiscuous */ #ifdef HAVE_PCAP_SETDIRECTION -int Qflag = -1; /* restrict captured packet by send/receive direction */ +static int Qflag = -1; /* restrict captured packet by send/receive direction */ #endif +static int Uflag; /* "unbuffered" output of dump files */ +static int Wflag; /* recycle output files after this number of files */ +static int WflagChars; static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */ +static int immediate_mode; static int infodelay; static int infoprint; @@ -164,31 +180,33 @@ char *program_name; cap_channel_t *capdns; #endif -int32_t thiszone; /* seconds offset from gmt to local time */ - /* Forwards */ +static void error(const char *, ...) + __attribute__((noreturn)) +#ifdef __ATTRIBUTE___FORMAT_OK + __attribute__((format (printf, 1, 2))) +#endif /* __ATTRIBUTE___FORMAT_OK */ + ; +static void warning(const char *, ...) +#ifdef __ATTRIBUTE___FORMAT_OK + __attribute__((format (printf, 1, 2))) +#endif /* __ATTRIBUTE___FORMAT_OK */ + ; +static void exit_tcpdump(int) __attribute__((noreturn)); static RETSIGTYPE cleanup(int); static RETSIGTYPE child_cleanup(int); static void print_version(void); static void print_usage(void); -static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn)); +static void show_tstamp_types_and_exit(pcap_t *, const char *device) __attribute__((noreturn)); +static void show_dlts_and_exit(pcap_t *, const char *device) __attribute__((noreturn)); +#ifdef HAVE_PCAP_FINDALLDEVS +static void show_devices_and_exit (void) __attribute__((noreturn)); +#endif static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *); -static void ndo_default_print(netdissect_options *, const u_char *, u_int); static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); static void droproot(const char *, const char *); -static void ndo_error(netdissect_options *ndo, const char *fmt, ...) - __attribute__((noreturn)) -#ifdef __ATTRIBUTE___FORMAT_OK - __attribute__((format (printf, 2, 3))) -#endif /* __ATTRIBUTE___FORMAT_OK */ - ; -static void ndo_warning(netdissect_options *ndo, const char *fmt, ...) -#ifdef __ATTRIBUTE___FORMAT_OK - __attribute__((format (printf, 2, 3))) -#endif /* __ATTRIBUTE___FORMAT_OK */ - ; #ifdef SIGNAL_REQ_INFO RETSIGTYPE requestinfo(int); @@ -205,202 +223,7 @@ RETSIGTYPE requestinfo(int); static void info(int); static u_int packets_captured; -struct printer { - if_printer f; - int type; -}; - - -struct ndo_printer { - if_ndo_printer f; - int type; -}; - - -static const struct printer printers[] = { - { NULL, 0 }, -}; - -static const struct ndo_printer ndo_printers[] = { - { ether_if_print, DLT_EN10MB }, -#ifdef DLT_IPNET - { ipnet_if_print, DLT_IPNET }, -#endif -#ifdef DLT_IEEE802_15_4 - { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, -#endif -#ifdef DLT_IEEE802_15_4_NOFCS - { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS }, -#endif -#ifdef DLT_PPI - { ppi_if_print, DLT_PPI }, -#endif -#ifdef DLT_NETANALYZER - { netanalyzer_if_print, DLT_NETANALYZER }, -#endif -#ifdef DLT_NETANALYZER_TRANSPARENT - { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, -#endif -#if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H) - { nflog_if_print, DLT_NFLOG}, -#endif -#ifdef DLT_CIP - { cip_if_print, DLT_CIP }, -#endif -#ifdef DLT_ATM_CLIP - { cip_if_print, DLT_ATM_CLIP }, -#endif -#ifdef DLT_IP_OVER_FC - { ipfc_if_print, DLT_IP_OVER_FC }, -#endif - { null_if_print, DLT_NULL }, -#ifdef DLT_LOOP - { null_if_print, DLT_LOOP }, -#endif -#ifdef DLT_APPLE_IP_OVER_IEEE1394 - { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, -#endif -#if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H) - { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, -#endif -#ifdef DLT_LANE8023 - { lane_if_print, DLT_LANE8023 }, -#endif - { arcnet_if_print, DLT_ARCNET }, -#ifdef DLT_ARCNET_LINUX - { arcnet_linux_if_print, DLT_ARCNET_LINUX }, -#endif - { raw_if_print, DLT_RAW }, -#ifdef DLT_IPV4 - { raw_if_print, DLT_IPV4 }, -#endif -#ifdef DLT_IPV6 - { raw_if_print, DLT_IPV6 }, -#endif -#ifdef HAVE_PCAP_USB_H -#ifdef DLT_USB_LINUX - { usb_linux_48_byte_print, DLT_USB_LINUX}, -#endif /* DLT_USB_LINUX */ -#ifdef DLT_USB_LINUX_MMAPPED - { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED}, -#endif /* DLT_USB_LINUX_MMAPPED */ -#endif /* HAVE_PCAP_USB_H */ -#ifdef DLT_SYMANTEC_FIREWALL - { symantec_if_print, DLT_SYMANTEC_FIREWALL }, -#endif -#ifdef DLT_C_HDLC - { chdlc_if_print, DLT_C_HDLC }, -#endif -#ifdef DLT_HDLC - { chdlc_if_print, DLT_HDLC }, -#endif -#ifdef DLT_PPP_ETHER - { pppoe_if_print, DLT_PPP_ETHER }, -#endif -#if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H) - { pflog_if_print, DLT_PFLOG }, -#endif - { token_if_print, DLT_IEEE802 }, - { fddi_if_print, DLT_FDDI }, -#ifdef DLT_LINUX_SLL - { sll_if_print, DLT_LINUX_SLL }, -#endif -#ifdef DLT_FR - { fr_if_print, DLT_FR }, -#endif -#ifdef DLT_FRELAY - { fr_if_print, DLT_FRELAY }, -#endif -#ifdef DLT_MFR - { mfr_if_print, DLT_MFR }, -#endif - { atm_if_print, DLT_ATM_RFC1483 }, -#ifdef DLT_SUNATM - { sunatm_if_print, DLT_SUNATM }, -#endif -#ifdef DLT_ENC - { enc_if_print, DLT_ENC }, -#endif - { sl_if_print, DLT_SLIP }, -#ifdef DLT_SLIP_BSDOS - { sl_bsdos_if_print, DLT_SLIP_BSDOS }, -#endif -#ifdef DLT_LTALK - { ltalk_if_print, DLT_LTALK }, -#endif -#ifdef DLT_JUNIPER_ATM1 - { juniper_atm1_print, DLT_JUNIPER_ATM1 }, -#endif -#ifdef DLT_JUNIPER_ATM2 - { juniper_atm2_print, DLT_JUNIPER_ATM2 }, -#endif -#ifdef DLT_JUNIPER_MFR - { juniper_mfr_print, DLT_JUNIPER_MFR }, -#endif -#ifdef DLT_JUNIPER_MLFR - { juniper_mlfr_print, DLT_JUNIPER_MLFR }, -#endif -#ifdef DLT_JUNIPER_MLPPP - { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, -#endif -#ifdef DLT_JUNIPER_PPPOE - { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, -#endif -#ifdef DLT_JUNIPER_PPPOE_ATM - { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, -#endif -#ifdef DLT_JUNIPER_GGSN - { juniper_ggsn_print, DLT_JUNIPER_GGSN }, -#endif -#ifdef DLT_JUNIPER_ES - { juniper_es_print, DLT_JUNIPER_ES }, -#endif -#ifdef DLT_JUNIPER_MONITOR - { juniper_monitor_print, DLT_JUNIPER_MONITOR }, -#endif -#ifdef DLT_JUNIPER_SERVICES - { juniper_services_print, DLT_JUNIPER_SERVICES }, -#endif -#ifdef DLT_JUNIPER_ETHER - { juniper_ether_print, DLT_JUNIPER_ETHER }, -#endif -#ifdef DLT_JUNIPER_PPP - { juniper_ppp_print, DLT_JUNIPER_PPP }, -#endif -#ifdef DLT_JUNIPER_FRELAY - { juniper_frelay_print, DLT_JUNIPER_FRELAY }, -#endif -#ifdef DLT_JUNIPER_CHDLC - { juniper_chdlc_print, DLT_JUNIPER_CHDLC }, -#endif -#ifdef DLT_PKTAP - { pktap_if_print, DLT_PKTAP }, -#endif -#ifdef DLT_IEEE802_11_RADIO - { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, -#endif -#ifdef DLT_IEEE802_11 - { ieee802_11_if_print, DLT_IEEE802_11}, -#endif -#ifdef DLT_IEEE802_11_RADIO_AVS - { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, -#endif -#ifdef DLT_PRISM_HEADER - { prism_if_print, DLT_PRISM_HEADER }, -#endif - { ppp_if_print, DLT_PPP }, -#ifdef DLT_PPP_WITHDIRECTION - { ppp_if_print, DLT_PPP_WITHDIRECTION }, -#endif -#ifdef DLT_PPP_BSDOS - { ppp_bsdos_if_print, DLT_PPP_BSDOS }, -#endif -#ifdef DLT_PPP_SERIAL - { ppp_hdlc_if_print, DLT_PPP_SERIAL }, -#endif - { NULL, 0 }, -}; - +#ifdef HAVE_PCAP_FINDALLDEVS static const struct tok status_flags[] = { #ifdef PCAP_IF_UP { PCAP_IF_UP, "Up" }, @@ -411,57 +234,8 @@ static const struct tok status_flags[] = { { PCAP_IF_LOOPBACK, "Loopback" }, { 0, NULL } }; - -if_printer -lookup_printer(int type) -{ - const struct printer *p; - - for (p = printers; p->f; ++p) - if (type == p->type) - return p->f; - - return NULL; - /* NOTREACHED */ -} - -if_ndo_printer -lookup_ndo_printer(int type) -{ - const struct ndo_printer *p; - - for (p = ndo_printers; p->f; ++p) - if (type == p->type) - return p->f; - -#if defined(DLT_USER2) && defined(DLT_PKTAP) - /* - * Apple incorrectly chose to use DLT_USER2 for their PKTAP - * header. - * - * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin- - * based OSes or the same value as LINKTYPE_PKTAP as it is on - * other OSes, to LINKTYPE_PKTAP, so files written with - * this version of libpcap for a DLT_PKTAP capture have a link- - * layer header type of LINKTYPE_PKTAP. - * - * However, files written on OS X Mavericks for a DLT_PKTAP - * capture have a link-layer header type of LINKTYPE_USER2. - * If we don't have a printer for DLT_USER2, and type is - * DLT_USER2, we look up the printer for DLT_PKTAP and use - * that. - */ - if (type == DLT_USER2) { - for (p = ndo_printers; p->f; ++p) - if (DLT_PKTAP == p->type) - return p->f; - } #endif - return NULL; - /* NOTREACHED */ -} - static pcap_t *pd; static int supports_monitor_mode; @@ -470,42 +244,127 @@ extern int optind; extern int opterr; extern char *optarg; -struct print_info { - netdissect_options *ndo; - union { - if_printer printer; - if_ndo_printer ndo_printer; - } p; - int ndo_type; -}; - struct dump_info { char *WFileName; char *CurrentFileName; pcap_t *pd; pcap_dumper_t *p; -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM int dirfd; #endif }; +#if defined(HAVE_PCAP_SET_PARSER_DEBUG) +/* + * We have pcap_set_parser_debug() in libpcap; declare it (it's not declared + * by any libpcap header, because it's a special hack, only available if + * libpcap was configured to include it, and only intended for use by + * libpcap developers trying to debug the parser for filter expressions). + */ +#ifdef _WIN32 +__declspec(dllimport) +#else /* _WIN32 */ +extern +#endif /* _WIN32 */ +void pcap_set_parser_debug(int); +#elif defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) +/* + * We don't have pcap_set_parser_debug() in libpcap, but we do have + * pcap_debug or yydebug. Make a local version of pcap_set_parser_debug() + * to set the flag, and define HAVE_PCAP_SET_PARSER_DEBUG. + */ +static void +pcap_set_parser_debug(int value) +{ +#ifdef HAVE_PCAP_DEBUG + extern int pcap_debug; + + pcap_debug = value; +#else /* HAVE_PCAP_DEBUG */ + extern int yydebug; + + yydebug = value; +#endif /* HAVE_PCAP_DEBUG */ +} + +#define HAVE_PCAP_SET_PARSER_DEBUG +#endif + +#if defined(HAVE_PCAP_SET_OPTIMIZER_DEBUG) +/* + * We have pcap_set_optimizer_debug() in libpcap; declare it (it's not declared + * by any libpcap header, because it's a special hack, only available if + * libpcap was configured to include it, and only intended for use by + * libpcap developers trying to debug the optimizer for filter expressions). + */ +#ifdef _WIN32 +__declspec(dllimport) +#else /* _WIN32 */ +extern +#endif /* _WIN32 */ +void pcap_set_optimizer_debug(int); +#endif + +/* VARARGS */ +static void +error(const char *fmt, ...) +{ + va_list ap; + + (void)fprintf(stderr, "%s: ", program_name); + va_start(ap, fmt); + (void)vfprintf(stderr, fmt, ap); + va_end(ap); + if (*fmt) { + fmt += strlen(fmt); + if (fmt[-1] != '\n') + (void)fputc('\n', stderr); + } + exit_tcpdump(1); + /* NOTREACHED */ +} + +/* VARARGS */ +static void +warning(const char *fmt, ...) +{ + va_list ap; + + (void)fprintf(stderr, "%s: WARNING: ", program_name); + va_start(ap, fmt); + (void)vfprintf(stderr, fmt, ap); + va_end(ap); + if (*fmt) { + fmt += strlen(fmt); + if (fmt[-1] != '\n') + (void)fputc('\n', stderr); + } +} + +static void +exit_tcpdump(int status) +{ + nd_cleanup(); + exit(status); +} + #ifdef HAVE_PCAP_SET_TSTAMP_TYPE static void -show_tstamp_types_and_exit(const char *device, pcap_t *pd) +show_tstamp_types_and_exit(pcap_t *pc, const char *device) { int n_tstamp_types; int *tstamp_types = 0; const char *tstamp_type_name; int i; - n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types); + n_tstamp_types = pcap_list_tstamp_types(pc, &tstamp_types); if (n_tstamp_types < 0) - error("%s", pcap_geterr(pd)); + error("%s", pcap_geterr(pc)); if (n_tstamp_types == 0) { fprintf(stderr, "Time stamp type cannot be set for %s\n", device); - exit(0); + exit_tcpdump(0); } fprintf(stderr, "Time stamp types for %s (use option -j to set):\n", device); @@ -519,20 +378,20 @@ show_tstamp_types_and_exit(const char *device, pcap_t *pd) } } pcap_free_tstamp_types(tstamp_types); - exit(0); + exit_tcpdump(0); } #endif static void -show_dlts_and_exit(const char *device, pcap_t *pd) +show_dlts_and_exit(pcap_t *pc, const char *device) { - int n_dlts; + int n_dlts, i; int *dlts = 0; const char *dlt_name; - n_dlts = pcap_list_datalinks(pd, &dlts); + n_dlts = pcap_list_datalinks(pc, &dlts); if (n_dlts < 0) - error("%s", pcap_geterr(pd)); + error("%s", pcap_geterr(pc)); else if (n_dlts == 0 || !dlts) error("No data link types."); @@ -552,52 +411,49 @@ show_dlts_and_exit(const char *device, pcap_t *pd) (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n", device); - while (--n_dlts >= 0) { - dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]); + for (i = 0; i < n_dlts; i++) { + dlt_name = pcap_datalink_val_to_name(dlts[i]); if (dlt_name != NULL) { (void) fprintf(stderr, " %s (%s)", dlt_name, - pcap_datalink_val_to_description(dlts[n_dlts])); + pcap_datalink_val_to_description(dlts[i])); /* * OK, does tcpdump handle that type? */ - if (lookup_printer(dlts[n_dlts]) == NULL - && lookup_ndo_printer(dlts[n_dlts]) == NULL) + if (!has_printer(dlts[i])) (void) fprintf(stderr, " (printing not supported)"); fprintf(stderr, "\n"); } else { (void) fprintf(stderr, " DLT %d (printing not supported)\n", - dlts[n_dlts]); + dlts[i]); } } #ifdef HAVE_PCAP_FREE_DATALINKS pcap_free_datalinks(dlts); #endif - exit(0); + exit_tcpdump(0); } #ifdef HAVE_PCAP_FINDALLDEVS static void show_devices_and_exit (void) { - pcap_if_t *devpointer; + pcap_if_t *dev, *devlist; char ebuf[PCAP_ERRBUF_SIZE]; int i; - if (pcap_findalldevs(&devpointer, ebuf) < 0) + if (pcap_findalldevs(&devlist, ebuf) < 0) error("%s", ebuf); - else { - for (i = 0; devpointer != NULL; i++) { - printf("%d.%s", i+1, devpointer->name); - if (devpointer->description != NULL) - printf(" (%s)", devpointer->description); - if (devpointer->flags != 0) - printf(" [%s]", bittok2str(status_flags, "none", devpointer->flags)); - printf("\n"); - devpointer = devpointer->next; - } + for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) { + printf("%d.%s", i+1, dev->name); + if (dev->description != NULL) + printf(" (%s)", dev->description); + if (dev->flags != 0) + printf(" [%s]", bittok2str(status_flags, "none", dev->flags)); + printf("\n"); } - exit(0); + pcap_freealldevs(devlist); + exit_tcpdump(0); } #endif /* HAVE_PCAP_FINDALLDEVS */ @@ -612,7 +468,7 @@ show_devices_and_exit (void) * OS X tcpdump uses -g to force non--v output for IP to be on one * line, making it more "g"repable; * - * OS X tcpdump uses -k tospecify that packet comments in pcap-ng files + * OS X tcpdump uses -k to specify that packet comments in pcap-ng files * should be printed; * * OpenBSD tcpdump uses -o to indicate that OS fingerprinting should be done @@ -635,13 +491,13 @@ show_devices_and_exit (void) * Set up flags that might or might not be supported depending on the * version of libpcap we're using. */ -#if defined(HAVE_PCAP_CREATE) || defined(WIN32) +#if defined(HAVE_PCAP_CREATE) || defined(_WIN32) #define B_FLAG "B:" #define B_FLAG_USAGE " [ -B size ]" -#else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ +#else /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */ #define B_FLAG #define B_FLAG_USAGE -#endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ +#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */ #ifdef HAVE_PCAP_CREATE #define I_FLAG "I" @@ -677,7 +533,7 @@ show_devices_and_exit (void) #define Q_FLAG #endif -#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#" +#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#" /* * Long options. @@ -704,7 +560,7 @@ show_devices_and_exit (void) #define OPTION_IMMEDIATE_MODE 130 static const struct option longopts[] = { -#if defined(HAVE_PCAP_CREATE) || defined(WIN32) +#if defined(HAVE_PCAP_CREATE) || defined(_WIN32) { "buffer-size", required_argument, NULL, 'B' }, #endif { "list-interfaces", no_argument, NULL, 'D' }, @@ -736,7 +592,7 @@ static const struct option longopts[] = { #ifdef HAVE_PCAP_SET_IMMEDIATE_MODE { "immediate-mode", no_argument, NULL, OPTION_IMMEDIATE_MODE }, #endif -#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) +#ifdef HAVE_PCAP_SET_PARSER_DEBUG { "debug-filter-parser", no_argument, NULL, 'Y' }, #endif { "relinquish-privileges", required_argument, NULL, 'Z' }, @@ -745,7 +601,7 @@ static const struct option longopts[] = { { NULL, 0, NULL, 0 } }; -#ifndef WIN32 +#ifndef _WIN32 /* Drop root privileges and chroot if necessary */ static void droproot(const char *username, const char *chroot_dir) @@ -753,36 +609,38 @@ droproot(const char *username, const char *chroot_dir) struct passwd *pw = NULL; if (chroot_dir && !username) { - fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); - exit(1); + fprintf(stderr, "%s: Chroot without dropping root is insecure\n", + program_name); + exit_tcpdump(1); } pw = getpwnam(username); if (pw) { if (chroot_dir) { if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { - fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", - chroot_dir, pcap_strerror(errno)); - exit(1); + fprintf(stderr, "%s: Couldn't chroot/chdir to '%.64s': %s\n", + program_name, chroot_dir, pcap_strerror(errno)); + exit_tcpdump(1); } } #ifdef HAVE_LIBCAP_NG - int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); - if (ret < 0) { - fprintf(stderr, "error : ret %d\n", ret); - } - else { - fprintf(stderr, "dropped privs to %s\n", username); + { + int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); + if (ret < 0) { + fprintf(stderr, "error : ret %d\n", ret); + } else { + fprintf(stderr, "dropped privs to %s\n", username); + } } #else if (initgroups(pw->pw_name, pw->pw_gid) != 0 || setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { - fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", - username, - (unsigned long)pw->pw_uid, - (unsigned long)pw->pw_gid, - pcap_strerror(errno)); - exit(1); + fprintf(stderr, "%s: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", + program_name, username, + (unsigned long)pw->pw_uid, + (unsigned long)pw->pw_gid, + pcap_strerror(errno)); + exit_tcpdump(1); } else { fprintf(stderr, "dropped privs to %s\n", username); @@ -790,23 +648,24 @@ droproot(const char *username, const char *chroot_dir) #endif /* HAVE_LIBCAP_NG */ } else { - fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", - username); - exit(1); + fprintf(stderr, "%s: Couldn't find user '%.32s'\n", + program_name, username); + exit_tcpdump(1); } #ifdef HAVE_LIBCAP_NG - /* We don't need CAP_SETUID and CAP_SETGID any more. */ + /* We don't need CAP_SETUID, CAP_SETGID and CAP_SYS_CHROOT any more. */ capng_updatev( CAPNG_DROP, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SETUID, CAP_SETGID, + CAP_SYS_CHROOT, -1); capng_apply(CAPNG_SELECT_BOTH); #endif /* HAVE_LIBCAP_NG */ } -#endif /* WIN32 */ +#endif /* _WIN32 */ static int getWflagChars(int x) @@ -856,43 +715,6 @@ MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars) free(filename); } -static int tcpdump_printf(netdissect_options *ndo _U_, - const char *fmt, ...) -{ - - va_list args; - int ret; - - va_start(args, fmt); - ret=vfprintf(stdout, fmt, args); - va_end(args); - - return ret; -} - -static struct print_info -get_print_info(int type) -{ - struct print_info printinfo; - - printinfo.ndo_type = 1; - printinfo.ndo = gndo; - printinfo.p.ndo_printer = lookup_ndo_printer(type); - if (printinfo.p.ndo_printer == NULL) { - printinfo.p.printer = lookup_printer(type); - printinfo.ndo_type = 0; - if (printinfo.p.printer == NULL) { - gndo->ndo_dltname = pcap_datalink_val_to_name(type); - if (gndo->ndo_dltname != NULL) - error("packet printing is not supported for link type %s: use -w", - gndo->ndo_dltname); - else - error("packet printing is not supported for link type %d: use -w", type); - } - } - return (printinfo); -} - static char * get_next_file(FILE *VFile, char *ptr) { @@ -967,7 +789,7 @@ tstamp_precision_to_string(int precision) } #endif -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM /* * Ensure that, on a dump file's descriptor, we have all the rights * necessary to make the standard I/O library work with an fdopen()ed @@ -1037,22 +859,321 @@ set_dumper_capsicum_rights(pcap_dumper_t *p) } #endif +/* + * Copy arg vector into a new buffer, concatenating arguments with spaces. + */ +static char * +copy_argv(register char **argv) +{ + register char **p; + register u_int len = 0; + char *buf; + char *src, *dst; + + p = argv; + if (*p == NULL) + return 0; + + while (*p) + len += strlen(*p++) + 1; + + buf = (char *)malloc(len); + if (buf == NULL) + error("copy_argv: malloc"); + + p = argv; + dst = buf; + while ((src = *p++) != NULL) { + while ((*dst++ = *src++) != '\0') + ; + dst[-1] = ' '; + } + dst[-1] = '\0'; + + return buf; +} + +/* + * On Windows, we need to open the file in binary mode, so that + * we get all the bytes specified by the size we get from "fstat()". + * On UNIX, that's not necessary. O_BINARY is defined on Windows; + * we define it as 0 if it's not defined, so it does nothing. + */ +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +static char * +read_infile(char *fname) +{ + register int i, fd, cc; + register char *cp; + struct stat buf; + + fd = open(fname, O_RDONLY|O_BINARY); + if (fd < 0) + error("can't open %s: %s", fname, pcap_strerror(errno)); + + if (fstat(fd, &buf) < 0) + error("can't stat %s: %s", fname, pcap_strerror(errno)); + + cp = malloc((u_int)buf.st_size + 1); + if (cp == NULL) + error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1, + fname, pcap_strerror(errno)); + cc = read(fd, cp, (u_int)buf.st_size); + if (cc < 0) + error("read %s: %s", fname, pcap_strerror(errno)); + if (cc != buf.st_size) + error("short read %s (%d != %d)", fname, cc, (int)buf.st_size); + + close(fd); + /* replace "# comment" with spaces */ + for (i = 0; i < cc; i++) { + if (cp[i] == '#') + while (i < cc && cp[i] != '\n') + cp[i++] = ' '; + } + cp[cc] = '\0'; + return (cp); +} + +#ifdef HAVE_PCAP_FINDALLDEVS +static long +parse_interface_number(const char *device) +{ + long devnum; + char *end; + + devnum = strtol(device, &end, 10); + if (device != end && *end == '\0') { + /* + * It's all-numeric, but is it a valid number? + */ + if (devnum <= 0) { + /* + * No, it's not an ordinal. + */ + error("Invalid adapter index"); + } + return (devnum); + } else { + /* + * It's not all-numeric; return -1, so our caller + * knows that. + */ + return (-1); + } +} + +static char * +find_interface_by_number(long devnum) +{ + pcap_if_t *dev, *devlist; + long i; + char ebuf[PCAP_ERRBUF_SIZE]; + char *device; + + if (pcap_findalldevs(&devlist, ebuf) < 0) + error("%s", ebuf); + /* + * Look for the devnum-th entry in the list of devices (1-based). + */ + for (i = 0, dev = devlist; i < devnum-1 && dev != NULL; + i++, dev = dev->next) + ; + if (dev == NULL) + error("Invalid adapter index"); + device = strdup(dev->name); + pcap_freealldevs(devlist); + return (device); +} +#endif + +static pcap_t * +open_interface(const char *device, netdissect_options *ndo, char *ebuf) +{ + pcap_t *pc; +#ifdef HAVE_PCAP_CREATE + int status; + char *cp; +#endif + +#ifdef HAVE_PCAP_CREATE + pc = pcap_create(device, ebuf); + if (pc == NULL) { + /* + * If this failed with "No such device", that means + * the interface doesn't exist; return NULL, so that + * the caller can see whether the device name is + * actually an interface index. + */ + if (strstr(ebuf, "No such device") != NULL) + return (NULL); + error("%s", ebuf); + } +#ifdef HAVE_PCAP_SET_TSTAMP_TYPE + if (Jflag) + show_tstamp_types_and_exit(pc, device); +#endif +#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION + status = pcap_set_tstamp_precision(pc, ndo->ndo_tstamp_precision); + if (status != 0) + error("%s: Can't set %ssecond time stamp precision: %s", + device, + tstamp_precision_to_string(ndo->ndo_tstamp_precision), + pcap_statustostr(status)); +#endif + +#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE + if (immediate_mode) { + status = pcap_set_immediate_mode(pc, 1); + if (status != 0) + error("%s: Can't set immediate mode: %s", + device, + pcap_statustostr(status)); + } +#endif + /* + * Is this an interface that supports monitor mode? + */ + if (pcap_can_set_rfmon(pc) == 1) + supports_monitor_mode = 1; + else + supports_monitor_mode = 0; + status = pcap_set_snaplen(pc, ndo->ndo_snaplen); + if (status != 0) + error("%s: Can't set snapshot length: %s", + device, pcap_statustostr(status)); + status = pcap_set_promisc(pc, !pflag); + if (status != 0) + error("%s: Can't set promiscuous mode: %s", + device, pcap_statustostr(status)); + if (Iflag) { + status = pcap_set_rfmon(pc, 1); + if (status != 0) + error("%s: Can't set monitor mode: %s", + device, pcap_statustostr(status)); + } + status = pcap_set_timeout(pc, 1000); + if (status != 0) + error("%s: pcap_set_timeout failed: %s", + device, pcap_statustostr(status)); + if (Bflag != 0) { + status = pcap_set_buffer_size(pc, Bflag); + if (status != 0) + error("%s: Can't set buffer size: %s", + device, pcap_statustostr(status)); + } +#ifdef HAVE_PCAP_SET_TSTAMP_TYPE + if (jflag != -1) { + status = pcap_set_tstamp_type(pc, jflag); + if (status < 0) + error("%s: Can't set time stamp type: %s", + device, pcap_statustostr(status)); + } +#endif + status = pcap_activate(pc); + if (status < 0) { + /* + * pcap_activate() failed. + */ + cp = pcap_geterr(pc); + if (status == PCAP_ERROR) + error("%s", cp); + else if (status == PCAP_ERROR_NO_SUCH_DEVICE) { + /* + * Return an error for our caller to handle. + */ + pcap_close(pc); + snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s\n(%s)", + device, pcap_statustostr(status), cp); + return (NULL); + } else if (status == PCAP_ERROR_PERM_DENIED && *cp != '\0') + error("%s: %s\n(%s)", device, + pcap_statustostr(status), cp); +#ifdef __FreeBSD__ + else if (status == PCAP_ERROR_RFMON_NOTSUP && + strncmp(device, "wlan", 4) == 0) { + char parent[8], newdev[8]; + char sysctl[32]; + size_t s = sizeof(parent); + + snprintf(sysctl, sizeof(sysctl), + "net.wlan.%d.%%parent", atoi(device + 4)); + sysctlbyname(sysctl, parent, &s, NULL, 0); + strlcpy(newdev, device, sizeof(newdev)); + /* Suggest a new wlan device. */ + newdev[strlen(newdev)-1]++; + error("%s is not a monitor mode VAP\n" + "To create a new monitor mode VAP use:\n" + " ifconfig %s create wlandev %s wlanmode monitor\n" + "and use %s as the tcpdump interface", + device, newdev, parent, newdev); + } +#endif + else + error("%s: %s", device, + pcap_statustostr(status)); + } else if (status > 0) { + /* + * pcap_activate() succeeded, but it's warning us + * of a problem it had. + */ + cp = pcap_geterr(pc); + if (status == PCAP_WARNING) + warning("%s", cp); + else if (status == PCAP_WARNING_PROMISC_NOTSUP && + *cp != '\0') + warning("%s: %s\n(%s)", device, + pcap_statustostr(status), cp); + else + warning("%s: %s", device, + pcap_statustostr(status)); + } +#ifdef HAVE_PCAP_SETDIRECTION + if (Qflag != -1) { + status = pcap_setdirection(pc, Qflag); + if (status != 0) + error("%s: pcap_setdirection() failed: %s", + device, pcap_geterr(pc)); + } +#endif /* HAVE_PCAP_SETDIRECTION */ +#else /* HAVE_PCAP_CREATE */ + *ebuf = '\0'; + pc = pcap_open_live(device, ndo->ndo_snaplen, !pflag, 1000, ebuf); + if (pc == NULL) { + /* + * If this failed with "No such device", that means + * the interface doesn't exist; return NULL, so that + * the caller can see whether the device name is + * actually an interface index. + */ + if (strstr(ebuf, "No such device") != NULL) + return (NULL); + error("%s", ebuf); + } + if (*ebuf) + warning("%s", ebuf); +#endif /* HAVE_PCAP_CREATE */ + + return (pc); +} + int main(int argc, char **argv) { register int cnt, op, i; bpf_u_int32 localnet =0 , netmask = 0; + int timezone_offset = 0; register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName; pcap_handler callback; - int type; int dlt; - int new_dlt; const char *dlt_name; struct bpf_program fcode; -#ifndef WIN32 +#ifndef _WIN32 RETSIGTYPE (*oldhandler)(int); #endif - struct print_info printinfo; struct dump_info dumpinfo; u_char *pcap_userdata; char ebuf[PCAP_ERRBUF_SIZE]; @@ -1062,30 +1183,31 @@ main(int argc, char **argv) char *ret = NULL; char *end; #ifdef HAVE_PCAP_FINDALLDEVS - pcap_if_t *devpointer; - int devnum; + pcap_if_t *devlist; + long devnum; #endif int status; FILE *VFile; -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM cap_rights_t rights; -#endif /* !__FreeBSD__ */ int cansandbox; +#endif /* HAVE_CAPSICUM */ + int Oflag = 1; /* run filter code optimizer */ + int yflag_dlt = -1; + const char *yflag_dlt_name = NULL; -#ifdef WIN32 - if(wsockinit() != 0) return 1; -#endif /* WIN32 */ - - jflag=-1; /* not set */ - gndo->ndo_Oflag=1; - gndo->ndo_Rflag=1; - gndo->ndo_dlt=-1; - gndo->ndo_default_print=ndo_default_print; - gndo->ndo_printf=tcpdump_printf; - gndo->ndo_error=ndo_error; - gndo->ndo_warning=ndo_warning; - gndo->ndo_snaplen = DEFAULT_SNAPLEN; - gndo->ndo_immediate = 0; + netdissect_options Ndo; + netdissect_options *ndo = &Ndo; + + /* + * Initialize the netdissect code. + */ + if (nd_init(ebuf, sizeof ebuf) == -1) + error("%s", ebuf); + + memset(ndo, 0, sizeof(*ndo)); + ndo_set_function_pointers(ndo); + ndo->ndo_snaplen = DEFAULT_SNAPLEN; cnt = -1; device = NULL; @@ -1096,9 +1218,14 @@ main(int argc, char **argv) WFileName = NULL; dlt = -1; if ((cp = strrchr(argv[0], '/')) != NULL) - program_name = cp + 1; + ndo->program_name = program_name = cp + 1; else - program_name = argv[0]; + ndo->program_name = program_name = argv[0]; + +#ifdef _WIN32 + if (pcap_wsockinit() != 0) + error("Attempting to initialize Winsock failed"); +#endif /* _WIN32 */ /* * On platforms where the CPU doesn't support unaligned loads, @@ -1110,10 +1237,6 @@ main(int argc, char **argv) if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) error("%s", ebuf); -#ifdef USE_LIBSMI - smiInit("tcpdump"); -#endif - while ( (op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1) switch (op) { @@ -1123,20 +1246,20 @@ main(int argc, char **argv) break; case 'A': - ++Aflag; + ++ndo->ndo_Aflag; break; case 'b': - ++bflag; + ++ndo->ndo_bflag; break; -#if defined(HAVE_PCAP_CREATE) || defined(WIN32) +#if defined(HAVE_PCAP_CREATE) || defined(_WIN32) case 'B': Bflag = atoi(optarg)*1024; if (Bflag <= 0) error("invalid packet buffer size %s", optarg); break; -#endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ +#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */ case 'c': cnt = atoi(optarg); @@ -1146,7 +1269,7 @@ main(int argc, char **argv) case 'C': Cflag = atoi(optarg) * 1000000; - if (Cflag < 0) + if (Cflag <= 0) error("invalid file size %s", optarg); break; @@ -1163,18 +1286,18 @@ main(int argc, char **argv) break; case 'e': - ++eflag; + ++ndo->ndo_eflag; break; case 'E': #ifndef HAVE_LIBCRYPTO warning("crypto code not compiled in"); #endif - gndo->ndo_espsecret = optarg; + ndo->ndo_espsecret = optarg; break; case 'f': - ++fflag; + ++ndo->ndo_fflag; break; case 'F': @@ -1198,52 +1321,14 @@ main(int argc, char **argv) case 'h': print_usage(); - exit(0); + exit_tcpdump(0); break; case 'H': - ++Hflag; + ++ndo->ndo_Hflag; break; case 'i': - if (optarg[0] == '0' && optarg[1] == 0) - error("Invalid adapter index"); - -#ifdef HAVE_PCAP_FINDALLDEVS - /* - * If the argument is a number, treat it as - * an index into the list of adapters, as - * printed by "tcpdump -D". - * - * This should be OK on UNIX systems, as interfaces - * shouldn't have names that begin with digits. - * It can be useful on Windows, where more than - * one interface can have the same name. - */ - devnum = strtol(optarg, &end, 10); - if (optarg != end && *end == '\0') { - if (devnum < 0) - error("Invalid adapter index"); - - if (pcap_findalldevs(&devpointer, ebuf) < 0) - error("%s", ebuf); - else { - /* - * Look for the devnum-th entry - * in the list of devices - * (1-based). - */ - for (i = 0; - i < devnum-1 && devpointer != NULL; - i++, devpointer = devpointer->next) - ; - if (devpointer == NULL) - error("Invalid adapter index"); - } - device = devpointer->name; - break; - } -#endif /* HAVE_PCAP_FINDALLDEVS */ device = optarg; break; @@ -1266,41 +1351,39 @@ main(int argc, char **argv) #endif case 'l': -#ifdef WIN32 +#ifdef _WIN32 /* * _IOLBF is the same as _IOFBF in Microsoft's C * libraries; the only alternative they offer * is _IONBF. * * XXX - this should really be checking for MSVC++, - * not WIN32, if, for example, MinGW has its own + * not _WIN32, if, for example, MinGW has its own * C library that is more UNIX-compatible. */ setvbuf(stdout, NULL, _IONBF, 0); -#else /* WIN32 */ +#else /* _WIN32 */ #ifdef HAVE_SETLINEBUF setlinebuf(stdout); #else setvbuf(stdout, NULL, _IOLBF, 0); #endif -#endif /* WIN32 */ +#endif /* _WIN32 */ break; case 'K': - ++Kflag; + ++ndo->ndo_Kflag; break; case 'm': -#ifdef USE_LIBSMI - if (smiLoadModule(optarg) == 0) { - error("could not load MIB module %s", optarg); + if (nd_have_smi_support()) { + if (nd_load_smi_module(optarg, ebuf, sizeof ebuf) == -1) + error("%s", ebuf); + } else { + (void)fprintf(stderr, "%s: ignoring option `-m %s' ", + program_name, optarg); + (void)fprintf(stderr, "(no libsmi support)\n"); } - sflag = 1; -#else - (void)fprintf(stderr, "%s: ignoring option `-m %s' ", - program_name, optarg); - (void)fprintf(stderr, "(no libsmi support)\n"); -#endif break; case 'M': @@ -1308,15 +1391,15 @@ main(int argc, char **argv) #ifndef HAVE_LIBCRYPTO warning("crypto code not compiled in"); #endif - sigsecret = optarg; + ndo->ndo_sigsecret = optarg; break; case 'n': - ++nflag; + ++ndo->ndo_nflag; break; case 'N': - ++Nflag; + ++ndo->ndo_Nflag; break; case 'O': @@ -1328,17 +1411,17 @@ main(int argc, char **argv) break; case 'q': - ++qflag; - ++suppress_default_print; + ++ndo->ndo_qflag; + ++ndo->ndo_suppress_default_print; break; #ifdef HAVE_PCAP_SETDIRECTION case 'Q': - if (strcasecmp(optarg, "in") == 0) + if (ascii_strcasecmp(optarg, "in") == 0) Qflag = PCAP_D_IN; - else if (strcasecmp(optarg, "out") == 0) + else if (ascii_strcasecmp(optarg, "out") == 0) Qflag = PCAP_D_OUT; - else if (strcasecmp(optarg, "inout") == 0) + else if (ascii_strcasecmp(optarg, "inout") == 0) Qflag = PCAP_D_INOUT; else error("unknown capture direction `%s'", optarg); @@ -1349,66 +1432,64 @@ main(int argc, char **argv) RFileName = optarg; break; - case 'R': - Rflag = 0; - break; - case 's': - snaplen = strtol(optarg, &end, 0); + ndo->ndo_snaplen = strtol(optarg, &end, 0); if (optarg == end || *end != '\0' - || snaplen < 0 || snaplen > MAXIMUM_SNAPLEN) + || ndo->ndo_snaplen < 0 || ndo->ndo_snaplen > MAXIMUM_SNAPLEN) error("invalid snaplen %s", optarg); - else if (snaplen == 0) - snaplen = MAXIMUM_SNAPLEN; + else if (ndo->ndo_snaplen == 0) + ndo->ndo_snaplen = MAXIMUM_SNAPLEN; break; case 'S': - ++Sflag; + ++ndo->ndo_Sflag; break; case 't': - ++tflag; + ++ndo->ndo_tflag; break; case 'T': - if (strcasecmp(optarg, "vat") == 0) - packettype = PT_VAT; - else if (strcasecmp(optarg, "wb") == 0) - packettype = PT_WB; - else if (strcasecmp(optarg, "rpc") == 0) - packettype = PT_RPC; - else if (strcasecmp(optarg, "rtp") == 0) - packettype = PT_RTP; - else if (strcasecmp(optarg, "rtcp") == 0) - packettype = PT_RTCP; - else if (strcasecmp(optarg, "snmp") == 0) - packettype = PT_SNMP; - else if (strcasecmp(optarg, "cnfp") == 0) - packettype = PT_CNFP; - else if (strcasecmp(optarg, "tftp") == 0) - packettype = PT_TFTP; - else if (strcasecmp(optarg, "aodv") == 0) - packettype = PT_AODV; - else if (strcasecmp(optarg, "carp") == 0) - packettype = PT_CARP; - else if (strcasecmp(optarg, "radius") == 0) - packettype = PT_RADIUS; - else if (strcasecmp(optarg, "zmtp1") == 0) - packettype = PT_ZMTP1; - else if (strcasecmp(optarg, "vxlan") == 0) - packettype = PT_VXLAN; - else if (strcasecmp(optarg, "pgm") == 0) - packettype = PT_PGM; - else if (strcasecmp(optarg, "pgm_zmtp1") == 0) - packettype = PT_PGM_ZMTP1; - else if (strcasecmp(optarg, "lmp") == 0) - packettype = PT_LMP; + if (ascii_strcasecmp(optarg, "vat") == 0) + ndo->ndo_packettype = PT_VAT; + else if (ascii_strcasecmp(optarg, "wb") == 0) + ndo->ndo_packettype = PT_WB; + else if (ascii_strcasecmp(optarg, "rpc") == 0) + ndo->ndo_packettype = PT_RPC; + else if (ascii_strcasecmp(optarg, "rtp") == 0) + ndo->ndo_packettype = PT_RTP; + else if (ascii_strcasecmp(optarg, "rtcp") == 0) + ndo->ndo_packettype = PT_RTCP; + else if (ascii_strcasecmp(optarg, "snmp") == 0) + ndo->ndo_packettype = PT_SNMP; + else if (ascii_strcasecmp(optarg, "cnfp") == 0) + ndo->ndo_packettype = PT_CNFP; + else if (ascii_strcasecmp(optarg, "tftp") == 0) + ndo->ndo_packettype = PT_TFTP; + else if (ascii_strcasecmp(optarg, "aodv") == 0) + ndo->ndo_packettype = PT_AODV; + else if (ascii_strcasecmp(optarg, "carp") == 0) + ndo->ndo_packettype = PT_CARP; + else if (ascii_strcasecmp(optarg, "radius") == 0) + ndo->ndo_packettype = PT_RADIUS; + else if (ascii_strcasecmp(optarg, "zmtp1") == 0) + ndo->ndo_packettype = PT_ZMTP1; + else if (ascii_strcasecmp(optarg, "vxlan") == 0) + ndo->ndo_packettype = PT_VXLAN; + else if (ascii_strcasecmp(optarg, "pgm") == 0) + ndo->ndo_packettype = PT_PGM; + else if (ascii_strcasecmp(optarg, "pgm_zmtp1") == 0) + ndo->ndo_packettype = PT_PGM_ZMTP1; + else if (ascii_strcasecmp(optarg, "lmp") == 0) + ndo->ndo_packettype = PT_LMP; + else if (ascii_strcasecmp(optarg, "resp") == 0) + ndo->ndo_packettype = PT_RESP; else error("unknown packet type `%s'", optarg); break; case 'u': - ++uflag; + ++ndo->ndo_uflag; break; #ifdef HAVE_PCAP_DUMP_FLUSH @@ -1418,7 +1499,7 @@ main(int argc, char **argv) #endif case 'v': - ++vflag; + ++ndo->ndo_vflag; break; case 'V': @@ -1431,77 +1512,71 @@ main(int argc, char **argv) case 'W': Wflag = atoi(optarg); - if (Wflag < 0) + if (Wflag <= 0) error("invalid number of output files %s", optarg); WflagChars = getWflagChars(Wflag); break; case 'x': - ++xflag; - ++suppress_default_print; + ++ndo->ndo_xflag; + ++ndo->ndo_suppress_default_print; break; case 'X': - ++Xflag; - ++suppress_default_print; + ++ndo->ndo_Xflag; + ++ndo->ndo_suppress_default_print; break; case 'y': - gndo->ndo_dltname = optarg; - gndo->ndo_dlt = - pcap_datalink_name_to_val(gndo->ndo_dltname); - if (gndo->ndo_dlt < 0) - error("invalid data link type %s", gndo->ndo_dltname); + yflag_dlt_name = optarg; + yflag_dlt = + pcap_datalink_name_to_val(yflag_dlt_name); + if (yflag_dlt < 0) + error("invalid data link type %s", yflag_dlt_name); break; -#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) +#ifdef HAVE_PCAP_SET_PARSER_DEBUG case 'Y': { /* Undocumented flag */ -#ifdef HAVE_PCAP_DEBUG - extern int pcap_debug; - pcap_debug = 1; -#else - extern int yydebug; - yydebug = 1; -#endif + pcap_set_parser_debug(1); } break; #endif case 'z': - zflag = strdup(optarg); + zflag = optarg; break; case 'Z': - username = strdup(optarg); + username = optarg; break; case '#': - gndo->ndo_packet_number = 1; + ndo->ndo_packet_number = 1; break; case OPTION_VERSION: print_version(); - exit(0); + exit_tcpdump(0); break; #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION case OPTION_TSTAMP_PRECISION: - gndo->ndo_tstamp_precision = tstamp_precision_from_string(optarg); - if (gndo->ndo_tstamp_precision < 0) + ndo->ndo_tstamp_precision = tstamp_precision_from_string(optarg); + if (ndo->ndo_tstamp_precision < 0) error("unsupported time stamp precision"); break; #endif #ifdef HAVE_PCAP_SET_IMMEDIATE_MODE case OPTION_IMMEDIATE_MODE: - gndo->ndo_immediate = 1; + immediate_mode = 1; break; #endif default: print_usage(); - exit(1); + exit_tcpdump(1); /* NOTREACHED */ } @@ -1510,11 +1585,11 @@ main(int argc, char **argv) show_devices_and_exit(); #endif - switch (tflag) { + switch (ndo->ndo_tflag) { case 0: /* Default */ case 4: /* Default + Date*/ - thiszone = gmt2local(0); + timezone_offset = gmt2local(0); break; case 1: /* No time stamp */ @@ -1528,7 +1603,7 @@ main(int argc, char **argv) break; } - if (fflag != 0 && (VFileName != NULL || RFileName != NULL)) + if (ndo->ndo_fflag != 0 && (VFileName != NULL || RFileName != NULL)) error("-f can not be used with -V or -r"); if (VFileName != NULL && RFileName != NULL) @@ -1542,7 +1617,7 @@ main(int argc, char **argv) * probably expecting to see packets pop up immediately. */ if (WFileName == NULL && isatty(1)) - gndo->ndo_immediate = 1; + immediate_mode = 1; #endif #ifdef WITH_CHROOT @@ -1573,7 +1648,7 @@ main(int argc, char **argv) * In either case, we're reading a savefile, not doing * a live capture. */ -#ifndef WIN32 +#ifndef _WIN32 /* * We don't need network access, so relinquish any set-UID * or set-GID privileges we have (if any). @@ -1585,7 +1660,7 @@ main(int argc, char **argv) */ if (setgid(getgid()) != 0 || setuid(getuid()) != 0 ) fprintf(stderr, "Warning: setgid/setuid failed !\n"); -#endif /* WIN32 */ +#endif /* _WIN32 */ if (VFileName != NULL) { if (VFileName[0] == '-' && VFileName[1] == '\0') VFile = stdin; @@ -1593,7 +1668,7 @@ main(int argc, char **argv) VFile = fopen(VFileName, "r"); if (VFile == NULL) - error("Unable to open file: %s\n", strerror(errno)); + error("Unable to open file: %s\n", pcap_strerror(errno)); ret = get_next_file(VFile, VFileLine); if (!ret) @@ -1603,14 +1678,14 @@ main(int argc, char **argv) #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION pd = pcap_open_offline_with_tstamp_precision(RFileName, - gndo->ndo_tstamp_precision, ebuf); + ndo->ndo_tstamp_precision, ebuf); #else pd = pcap_open_offline(RFileName, ebuf); #endif if (pd == NULL) error("%s", ebuf); -#ifdef HAVE_CASPER +#ifdef HAVE_CAPSICUM cap_rights_init(&rights, CAP_READ); if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 && errno != ENOSYS) { @@ -1633,178 +1708,91 @@ main(int argc, char **argv) * We're doing a live capture. */ if (device == NULL) { + /* + * No interface was specified. Pick one. + */ +#ifdef HAVE_PCAP_FINDALLDEVS + /* + * Find the list of interfaces, and pick + * the first interface. + */ + if (pcap_findalldevs(&devlist, ebuf) >= 0 && + devlist != NULL) { + device = strdup(devlist->name); + pcap_freealldevs(devlist); + } +#else /* HAVE_PCAP_FINDALLDEVS */ + /* + * Use whatever interface pcap_lookupdev() + * chooses. + */ device = pcap_lookupdev(ebuf); +#endif if (device == NULL) error("%s", ebuf); } -#ifdef WIN32 - /* - * Print a message to the standard error on Windows. - * XXX - why do it here, with a different message? - */ - if(strlen(device) == 1) /* we assume that an ASCII string is always longer than 1 char */ - { /* a Unicode string has a \0 as second byte (so strlen() is 1) */ - fprintf(stderr, "%s: listening on %ws\n", program_name, device); - } - else - { - fprintf(stderr, "%s: listening on %s\n", program_name, device); - } - - fflush(stderr); -#endif /* WIN32 */ -#ifdef HAVE_PCAP_CREATE - pd = pcap_create(device, ebuf); - if (pd == NULL) - error("%s", ebuf); -#ifdef HAVE_PCAP_SET_TSTAMP_TYPE - if (Jflag) - show_tstamp_types_and_exit(device, pd); -#endif -#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION - status = pcap_set_tstamp_precision(pd, gndo->ndo_tstamp_precision); - if (status != 0) - error("%s: Can't set %ssecond time stamp precision: %s", - device, - tstamp_precision_to_string(gndo->ndo_tstamp_precision), - pcap_statustostr(status)); -#endif -#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE - if (gndo->ndo_immediate) { - status = pcap_set_immediate_mode(pd, 1); - if (status != 0) - error("%s: Can't set immediate mode: %s", - device, - pcap_statustostr(status)); - } -#endif /* - * Is this an interface that supports monitor mode? + * Try to open the interface with the specified name. */ - if (pcap_can_set_rfmon(pd) == 1) - supports_monitor_mode = 1; - else - supports_monitor_mode = 0; - status = pcap_set_snaplen(pd, snaplen); - if (status != 0) - error("%s: Can't set snapshot length: %s", - device, pcap_statustostr(status)); - status = pcap_set_promisc(pd, !pflag); - if (status != 0) - error("%s: Can't set promiscuous mode: %s", - device, pcap_statustostr(status)); - if (Iflag) { - status = pcap_set_rfmon(pd, 1); - if (status != 0) - error("%s: Can't set monitor mode: %s", - device, pcap_statustostr(status)); - } - status = pcap_set_timeout(pd, 1000); - if (status != 0) - error("%s: pcap_set_timeout failed: %s", - device, pcap_statustostr(status)); - if (Bflag != 0) { - status = pcap_set_buffer_size(pd, Bflag); - if (status != 0) - error("%s: Can't set buffer size: %s", - device, pcap_statustostr(status)); - } -#ifdef HAVE_PCAP_SET_TSTAMP_TYPE - if (jflag != -1) { - status = pcap_set_tstamp_type(pd, jflag); - if (status < 0) - error("%s: Can't set time stamp type: %s", - device, pcap_statustostr(status)); - } -#endif - status = pcap_activate(pd); - if (status < 0) { + pd = open_interface(device, ndo, ebuf); + if (pd == NULL) { /* - * pcap_activate() failed. + * That failed. If we can get a list of + * interfaces, and the interface name + * is purely numeric, try to use it as + * a 1-based index in the list of + * interfaces. */ - cp = pcap_geterr(pd); - if (status == PCAP_ERROR) - error("%s", cp); - else if ((status == PCAP_ERROR_NO_SUCH_DEVICE || - status == PCAP_ERROR_PERM_DENIED) && - *cp != '\0') - error("%s: %s\n(%s)", device, - pcap_statustostr(status), cp); -#ifdef __FreeBSD__ - else if (status == PCAP_ERROR_RFMON_NOTSUP && - strncmp(device, "wlan", 4) == 0) { - char parent[8], newdev[8]; - char sysctl[32]; - size_t s = sizeof(parent); - - snprintf(sysctl, sizeof(sysctl), - "net.wlan.%d.%%parent", atoi(device + 4)); - sysctlbyname(sysctl, parent, &s, NULL, 0); - strlcpy(newdev, device, sizeof(newdev)); - /* Suggest a new wlan device. */ - newdev[strlen(newdev)-1]++; - error("%s is not a monitor mode VAP\n" - "To create a new monitor mode VAP use:\n" - " ifconfig %s create wlandev %s wlanmode " - "monitor\nand use %s as the tcpdump " - "interface", device, newdev, parent, - newdev); +#ifdef HAVE_PCAP_FINDALLDEVS + devnum = parse_interface_number(device); + if (devnum == -1) { + /* + * It's not a number; just report + * the open error and fail. + */ + error("%s", ebuf); } -#endif - else - error("%s: %s", device, - pcap_statustostr(status)); - } else if (status > 0) { + /* - * pcap_activate() succeeded, but it's warning us - * of a problem it had. + * OK, it's a number; try to find the + * interface with that index, and try + * to open it. + * + * find_interface_by_number() exits if it + * couldn't be found. + */ + device = find_interface_by_number(devnum); + pd = open_interface(device, ndo, ebuf); + if (pd == NULL) + error("%s", ebuf); +#else /* HAVE_PCAP_FINDALLDEVS */ + /* + * We can't get a list of interfaces; just + * fail. */ - cp = pcap_geterr(pd); - if (status == PCAP_WARNING) - warning("%s", cp); - else if (status == PCAP_WARNING_PROMISC_NOTSUP && - *cp != '\0') - warning("%s: %s\n(%s)", device, - pcap_statustostr(status), cp); - else - warning("%s: %s", device, - pcap_statustostr(status)); - } -#ifdef HAVE_PCAP_SETDIRECTION - if (Qflag != -1) { - status = pcap_setdirection(pd, Qflag); - if (status != 0) - error("%s: pcap_setdirection() failed: %s", - device, pcap_geterr(pd)); - } -#endif /* HAVE_PCAP_SETDIRECTION */ -#else - *ebuf = '\0'; - pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); - if (pd == NULL) error("%s", ebuf); - else if (*ebuf) - warning("%s", ebuf); -#endif /* HAVE_PCAP_CREATE */ +#endif /* HAVE_PCAP_FINDALLDEVS */ + } + /* * Let user own process after socket has been opened. */ -#ifndef WIN32 +#ifndef _WIN32 if (setgid(getgid()) != 0 || setuid(getuid()) != 0) fprintf(stderr, "Warning: setgid/setuid failed !\n"); -#endif /* WIN32 */ -#if !defined(HAVE_PCAP_CREATE) && defined(WIN32) +#endif /* _WIN32 */ +#if !defined(HAVE_PCAP_CREATE) && defined(_WIN32) if(Bflag != 0) if(pcap_setbuff(pd, Bflag)==-1){ error("%s", pcap_geterr(pd)); } -#endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */ +#endif /* !defined(HAVE_PCAP_CREATE) && defined(_WIN32) */ if (Lflag) - show_dlts_and_exit(device, pd); - if (gndo->ndo_dlt >= 0) { + show_dlts_and_exit(pd, device); + if (yflag_dlt >= 0) { #ifdef HAVE_PCAP_SET_DATALINK - if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0) + if (pcap_set_datalink(pd, yflag_dlt) < 0) error("%s", pcap_geterr(pd)); #else /* @@ -1812,21 +1800,21 @@ main(int argc, char **argv) * data link type, so we only let them * set it to what it already is. */ - if (gndo->ndo_dlt != pcap_datalink(pd)) { + if (yflag_dlt != pcap_datalink(pd)) { error("%s is not one of the DLTs supported by this device\n", - gndo->ndo_dltname); + yflag_dlt_name); } #endif (void)fprintf(stderr, "%s: data link type %s\n", - program_name, gndo->ndo_dltname); + program_name, yflag_dlt_name); (void)fflush(stderr); } i = pcap_snapshot(pd); - if (snaplen < i) { - warning("snaplen raised from %d to %d", snaplen, i); - snaplen = i; + if (ndo->ndo_snaplen < i) { + warning("snaplen raised from %d to %d", ndo->ndo_snaplen, i); + ndo->ndo_snaplen = i; } - if(fflag != 0) { + if(ndo->ndo_fflag != 0) { if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { warning("foreign (-f) flag used but: %s", ebuf); } @@ -1838,38 +1826,41 @@ main(int argc, char **argv) else cmdbuf = copy_argv(&argv[optind]); +#ifdef HAVE_PCAP_SET_OPTIMIZER_DEBUG + pcap_set_optimizer_debug(dflag); +#endif if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) error("%s", pcap_geterr(pd)); if (dflag) { bpf_dump(&fcode, dflag); pcap_close(pd); free(cmdbuf); - exit(0); + pcap_freecode(&fcode); + exit_tcpdump(0); } #ifdef HAVE_CASPER - if (!nflag) + if (!ndo->ndo_nflag) capdns = capdns_setup(); #endif /* HAVE_CASPER */ - init_addrtoname(gndo, localnet, netmask); - init_checksum(); + init_print(ndo, localnet, netmask, timezone_offset); -#ifndef WIN32 +#ifndef _WIN32 (void)setsignal(SIGPIPE, cleanup); (void)setsignal(SIGTERM, cleanup); (void)setsignal(SIGINT, cleanup); -#endif /* WIN32 */ +#endif /* _WIN32 */ #if defined(HAVE_FORK) || defined(HAVE_VFORK) (void)setsignal(SIGCHLD, child_cleanup); #endif /* Cooperate with nohup(1) */ -#ifndef WIN32 +#ifndef _WIN32 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) (void)setsignal(SIGHUP, oldhandler); -#endif /* WIN32 */ +#endif /* _WIN32 */ -#ifndef WIN32 +#ifndef _WIN32 /* * If a user name was specified with "-Z", attempt to switch to * that user's UID. This would probably be used with sudo, @@ -1900,6 +1891,13 @@ main(int argc, char **argv) CAP_SETGID, -1); } + if (chroot_dir) { + capng_update( + CAPNG_ADD, + CAPNG_PERMITTED | CAPNG_EFFECTIVE, + CAP_SYS_CHROOT + ); + } if (WFileName) { capng_update( @@ -1914,13 +1912,13 @@ main(int argc, char **argv) droproot(username, chroot_dir); } -#endif /* WIN32 */ +#endif /* _WIN32 */ if (pcap_setfilter(pd, &fcode) < 0) error("%s", pcap_geterr(pd)); -#ifdef HAVE_CASPER +#ifdef HAVE_CAPSICUM if (RFileName == NULL && VFileName == NULL) { - static const unsigned long cmds[] = { BIOCGSTATS }; + static const unsigned long cmds[] = { BIOCGSTATS, BIOCROTZBUF }; /* * The various libpcap devices use a combination of @@ -1968,12 +1966,16 @@ main(int argc, char **argv) #endif /* HAVE_LIBCAP_NG */ if (p == NULL) error("%s", pcap_geterr(pd)); -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM set_dumper_capsicum_rights(p); #endif if (Cflag != 0 || Gflag != 0) { -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM dumpinfo.WFileName = strdup(basename(WFileName)); + if (dumpinfo.WFileName == NULL) { + error("Unable to allocate memory for file %s", + WFileName); + } dumpinfo.dirfd = open(dirname(WFileName), O_DIRECTORY | O_RDONLY); if (dumpinfo.dirfd < 0) { @@ -1990,7 +1992,7 @@ main(int argc, char **argv) errno != ENOSYS) { error("unable to limit dump descriptor fcntls"); } -#else /* !__FreeBSD__ */ +#else /* !HAVE_CAPSICUM */ dumpinfo.WFileName = WFileName; #endif callback = dump_packet_and_trunc; @@ -2006,10 +2008,10 @@ main(int argc, char **argv) pcap_dump_flush(p); #endif } else { - type = pcap_datalink(pd); - printinfo = get_print_info(type); + dlt = pcap_datalink(pd); + ndo->ndo_if_printer = get_if_printer(ndo, dlt); callback = print_packet; - pcap_userdata = (u_char *)&printinfo; + pcap_userdata = (u_char *)ndo; } #ifdef SIGNAL_REQ_INFO @@ -2021,10 +2023,10 @@ main(int argc, char **argv) (void)setsignal(SIGNAL_REQ_INFO, requestinfo); #endif - if (vflag > 0 && WFileName) { + if (ndo->ndo_vflag > 0 && WFileName) { /* * When capturing to a file, "-v" means tcpdump should, - * every 10 secodns, "v"erbosely report the number of + * every 10 seconds, "v"erbosely report the number of * packets captured. */ #ifdef USE_WIN32_MM_TIMER @@ -2037,14 +2039,13 @@ main(int argc, char **argv) #endif } -#ifndef WIN32 if (RFileName == NULL) { /* * Live capture (if -V was specified, we set RFileName * to a file from the -V file). Print a message to * the standard error on UN*X. */ - if (!vflag && !WFileName) { + if (!ndo->ndo_vflag && !WFileName) { (void)fprintf(stderr, "%s: verbose output suppressed, use -v or -vv for full protocol decode\n", program_name); @@ -2054,26 +2055,25 @@ main(int argc, char **argv) dlt_name = pcap_datalink_val_to_name(dlt); if (dlt_name == NULL) { (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n", - device, dlt, snaplen); + device, dlt, ndo->ndo_snaplen); } else { (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n", device, dlt_name, - pcap_datalink_val_to_description(dlt), snaplen); + pcap_datalink_val_to_description(dlt), ndo->ndo_snaplen); } (void)fflush(stderr); } -#endif /* WIN32 */ -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM cansandbox = (VFileName == NULL && zflag == NULL); #ifdef HAVE_CASPER - cansandbox = (cansandbox && (nflag || capdns != NULL)); + cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL)); #else - cansandbox = (cansandbox && nflag); -#endif + cansandbox = (cansandbox && ndo->ndo_nflag); +#endif /* HAVE_CASPER */ if (cansandbox && cap_enter() < 0 && errno != ENOSYS) error("unable to enter the capability mode"); -#endif /* __FreeBSD__ */ +#endif /* HAVE_CAPSICUM */ do { status = pcap_loop(pd, cnt, callback, pcap_userdata); @@ -2118,11 +2118,13 @@ main(int argc, char **argv) if (VFileName != NULL) { ret = get_next_file(VFile, VFileLine); if (ret) { + int new_dlt; + RFileName = VFileLine; pd = pcap_open_offline(RFileName, ebuf); if (pd == NULL) error("%s", ebuf); -#ifdef HAVE_CASPER +#ifdef HAVE_CAPSICUM cap_rights_init(&rights, CAP_READ); if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 && errno != ENOSYS) { @@ -2130,30 +2132,67 @@ main(int argc, char **argv) } #endif new_dlt = pcap_datalink(pd); - if (WFileName && new_dlt != dlt) - error("%s: new dlt does not match original", RFileName); - printinfo = get_print_info(new_dlt); - dlt_name = pcap_datalink_val_to_name(new_dlt); + if (new_dlt != dlt) { + /* + * The new file has a different + * link-layer header type from the + * previous one. + */ + if (WFileName != NULL) { + /* + * We're writing raw packets + * that match the filter to + * a pcap file. pcap files + * don't support multiple + * different link-layer + * header types, so we fail + * here. + */ + error("%s: new dlt does not match original", RFileName); + } + + /* + * We're printing the decoded packets; + * switch to the new DLT. + * + * To do that, we need to change + * the printer, change the DLT name, + * and recompile the filter with + * the new DLT. + */ + dlt = new_dlt; + ndo->ndo_if_printer = get_if_printer(ndo, dlt); + if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) + error("%s", pcap_geterr(pd)); + } + + /* + * Set the filter on the new file. + */ + if (pcap_setfilter(pd, &fcode) < 0) + error("%s", pcap_geterr(pd)); + + /* + * Report the new file. + */ + dlt_name = pcap_datalink_val_to_name(dlt); if (dlt_name == NULL) { fprintf(stderr, "reading from file %s, link-type %u\n", - RFileName, new_dlt); + RFileName, dlt); } else { fprintf(stderr, "reading from file %s, link-type %s (%s)\n", - RFileName, dlt_name, - pcap_datalink_val_to_description(new_dlt)); + RFileName, dlt_name, + pcap_datalink_val_to_description(dlt)); } - if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) - error("%s", pcap_geterr(pd)); - if (pcap_setfilter(pd, &fcode) < 0) - error("%s", pcap_geterr(pd)); } } } while (ret != NULL); free(cmdbuf); - exit(status == -1 ? 1 : 0); + pcap_freecode(&fcode); + exit_tcpdump(status == -1 ? 1 : 0); } /* make a clean exit on interrupts */ @@ -2193,7 +2232,7 @@ cleanup(int signo _U_) (void)fflush(stdout); info(1); } - exit(0); + exit_tcpdump(0); #endif } @@ -2212,14 +2251,14 @@ child_cleanup(int signo _U_) static void info(register int verbose) { - struct pcap_stat stat; + struct pcap_stat stats; /* * Older versions of libpcap didn't set ps_ifdrop on some * platforms; initialize it to 0 to handle that. */ - stat.ps_ifdrop = 0; - if (pcap_stats(pd, &stat) < 0) { + stats.ps_ifdrop = 0; + if (pcap_stats(pd, &stats) < 0) { (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); infoprint = 0; return; @@ -2234,38 +2273,52 @@ info(register int verbose) fputs(", ", stderr); else putc('\n', stderr); - (void)fprintf(stderr, "%u packet%s received by filter", stat.ps_recv, - PLURAL_SUFFIX(stat.ps_recv)); + (void)fprintf(stderr, "%u packet%s received by filter", stats.ps_recv, + PLURAL_SUFFIX(stats.ps_recv)); if (!verbose) fputs(", ", stderr); else putc('\n', stderr); - (void)fprintf(stderr, "%u packet%s dropped by kernel", stat.ps_drop, - PLURAL_SUFFIX(stat.ps_drop)); - if (stat.ps_ifdrop != 0) { + (void)fprintf(stderr, "%u packet%s dropped by kernel", stats.ps_drop, + PLURAL_SUFFIX(stats.ps_drop)); + if (stats.ps_ifdrop != 0) { if (!verbose) fputs(", ", stderr); else putc('\n', stderr); (void)fprintf(stderr, "%u packet%s dropped by interface\n", - stat.ps_ifdrop, PLURAL_SUFFIX(stat.ps_ifdrop)); + stats.ps_ifdrop, PLURAL_SUFFIX(stats.ps_ifdrop)); } else putc('\n', stderr); infoprint = 0; } #if defined(HAVE_FORK) || defined(HAVE_VFORK) +#ifdef HAVE_FORK +#define fork_subprocess() fork() +#else +#define fork_subprocess() vfork() +#endif static void compress_savefile(const char *filename) { -# ifdef HAVE_FORK - if (fork()) -# else - if (vfork()) -# endif + pid_t child; + + child = fork_subprocess(); + if (child == -1) { + fprintf(stderr, + "compress_savefile: fork failed: %s\n", + pcap_strerror(errno)); + return; + } + if (child != 0) { + /* Parent process. */ return; + } + /* - * Set to lowest priority so that this doesn't disturb the capture + * Child process. + * Set to lowest priority so that this doesn't disturb the capture. */ #ifdef NZERO setpriority(PRIO_PROCESS, 0, NZERO - 1); @@ -2274,15 +2327,15 @@ compress_savefile(const char *filename) #endif if (execlp(zflag, zflag, filename, (char *)NULL) == -1) fprintf(stderr, - "compress_savefile:execlp(%s, %s): %s\n", + "compress_savefile: execlp(%s, %s) failed: %s\n", zflag, filename, - strerror(errno)); -# ifdef HAVE_FORK + pcap_strerror(errno)); +#ifdef HAVE_FORK exit(1); -# else +#else _exit(1); -# endif +#endif } #else /* HAVE_FORK && HAVE_VFORK */ static void @@ -2325,7 +2378,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s /* If the time is greater than the specified window, rotate */ if (t - Gflag_time >= Gflag) { -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM FILE *fp; int fd; #endif @@ -2352,7 +2405,8 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) { (void)fprintf(stderr, "Maximum file limit reached: %d\n", Wflag); - exit(0); + info(1); + exit_tcpdump(0); /* NOTREACHED */ } if (dump_info->CurrentFileName != NULL) @@ -2383,7 +2437,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); capng_apply(CAPNG_SELECT_BOTH); #endif /* HAVE_LIBCAP_NG */ -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM fd = openat(dump_info->dirfd, dump_info->CurrentFileName, O_CREAT | O_WRONLY | O_TRUNC, 0644); @@ -2397,7 +2451,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s dump_info->CurrentFileName); } dump_info->p = pcap_dump_fopen(dump_info->pd, fp); -#else /* !__FreeBSD__ */ +#else /* !HAVE_CAPSICUM */ dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); #endif #ifdef HAVE_LIBCAP_NG @@ -2406,7 +2460,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s #endif /* HAVE_LIBCAP_NG */ if (dump_info->p == NULL) error("%s", pcap_geterr(pd)); -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM set_dumper_capsicum_rights(dump_info->p); #endif } @@ -2423,7 +2477,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s if (size == -1) error("ftell fails on output file"); if (size > Cflag) { -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM FILE *fp; int fd; #endif @@ -2455,7 +2509,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); capng_apply(CAPNG_SELECT_BOTH); #endif /* HAVE_LIBCAP_NG */ -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM fd = openat(dump_info->dirfd, dump_info->CurrentFileName, O_CREAT | O_WRONLY | O_TRUNC, 0644); if (fd < 0) { @@ -2468,7 +2522,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s dump_info->CurrentFileName); } dump_info->p = pcap_dump_fopen(dump_info->pd, fp); -#else /* !__FreeBSD__ */ +#else /* !HAVE_CAPSICUM */ dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); #endif #ifdef HAVE_LIBCAP_NG @@ -2477,7 +2531,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s #endif /* HAVE_LIBCAP_NG */ if (dump_info->p == NULL) error("%s", pcap_geterr(pd)); -#ifdef __FreeBSD__ +#ifdef HAVE_CAPSICUM set_dumper_capsicum_rights(dump_info->p); #endif } @@ -2515,107 +2569,18 @@ dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) static void print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { - struct print_info *print_info; - u_int hdrlen; - netdissect_options *ndo; - ++packets_captured; ++infodelay; - print_info = (struct print_info *)user; - ndo = print_info->ndo; - - if(ndo->ndo_packet_number) - ND_PRINT((ndo, "%5u ", packets_captured)); - - ts_print(ndo, &h->ts); - - /* - * Some printers want to check that they're not walking off the - * end of the packet. - * Rather than pass it all the way down, we set this member - * of the netdissect_options structure. - */ - ndo->ndo_snapend = sp + h->caplen; - - if(print_info->ndo_type) { - hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp); - } else { - hdrlen = (*print_info->p.printer)(h, sp); - } - - /* - * Restore the original snapend, as a printer might have - * changed it. - */ - ndo->ndo_snapend = sp + h->caplen; - if (ndo->ndo_Xflag) { - /* - * Print the raw packet data in hex and ASCII. - */ - if (ndo->ndo_Xflag > 1) { - /* - * Include the link-layer header. - */ - hex_and_ascii_print(ndo, "\n\t", sp, h->caplen); - } else { - /* - * Don't include the link-layer header - and if - * we have nothing past the link-layer header, - * print nothing. - */ - if (h->caplen > hdrlen) - hex_and_ascii_print(ndo, "\n\t", sp + hdrlen, - h->caplen - hdrlen); - } - } else if (ndo->ndo_xflag) { - /* - * Print the raw packet data in hex. - */ - if (ndo->ndo_xflag > 1) { - /* - * Include the link-layer header. - */ - hex_print(ndo, "\n\t", sp, h->caplen); - } else { - /* - * Don't include the link-layer header - and if - * we have nothing past the link-layer header, - * print nothing. - */ - if (h->caplen > hdrlen) - hex_print(ndo, "\n\t", sp + hdrlen, - h->caplen - hdrlen); - } - } else if (ndo->ndo_Aflag) { - /* - * Print the raw packet data in ASCII. - */ - if (ndo->ndo_Aflag > 1) { - /* - * Include the link-layer header. - */ - ascii_print(ndo, sp, h->caplen); - } else { - /* - * Don't include the link-layer header - and if - * we have nothing past the link-layer header, - * print nothing. - */ - if (h->caplen > hdrlen) - ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen); - } - } - - putchar('\n'); + pretty_print_packet((netdissect_options *)user, h, sp, packets_captured); --infodelay; if (infoprint) info(0); } -#ifdef WIN32 +#ifdef _WIN32 /* * XXX - there should really be libpcap calls to get the version * number as a string (the string would be generated from #defines @@ -2642,21 +2607,6 @@ print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) char Wpcap_version[]="3.1"; #endif -/* - * By default, print the specified data out in hex and ASCII. - */ -static void -ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length) -{ - hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and indentation string */ -} - -void -default_print(const u_char *bp, u_int length) -{ - ndo_default_print(gndo, bp, length); -} - #ifdef SIGNAL_REQ_INFO RETSIGTYPE requestinfo(int signo _U_) { @@ -2674,17 +2624,13 @@ RETSIGTYPE requestinfo(int signo _U_) void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_, DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_) { - struct pcap_stat stat; - - if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) + if (infodelay == 0) fprintf(stderr, "Got %u\r", packets_captured); } #elif defined(HAVE_ALARM) static void verbose_stats_dump(int sig _U_) { - struct pcap_stat stat; - - if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) + if (infodelay == 0) fprintf(stderr, "Got %u\r", packets_captured); alarm(1); } @@ -2696,37 +2642,38 @@ print_version(void) { extern char version[]; #ifndef HAVE_PCAP_LIB_VERSION -#if defined(WIN32) || defined(HAVE_PCAP_VERSION) +#if defined(_WIN32) || defined(HAVE_PCAP_VERSION) extern char pcap_version[]; -#else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ +#else /* defined(_WIN32) || defined(HAVE_PCAP_VERSION) */ static char pcap_version[] = "unknown"; -#endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ +#endif /* defined(_WIN32) || defined(HAVE_PCAP_VERSION) */ #endif /* HAVE_PCAP_LIB_VERSION */ + const char *smi_version_string; #ifdef HAVE_PCAP_LIB_VERSION -#ifdef WIN32 +#ifdef _WIN32 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); -#else /* WIN32 */ +#else /* _WIN32 */ (void)fprintf(stderr, "%s version %s\n", program_name, version); -#endif /* WIN32 */ +#endif /* _WIN32 */ (void)fprintf(stderr, "%s\n",pcap_lib_version()); #else /* HAVE_PCAP_LIB_VERSION */ -#ifdef WIN32 +#ifdef _WIN32 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version); -#else /* WIN32 */ +#else /* _WIN32 */ (void)fprintf(stderr, "%s version %s\n", program_name, version); (void)fprintf(stderr, "libpcap version %s\n", pcap_version); -#endif /* WIN32 */ +#endif /* _WIN32 */ #endif /* HAVE_PCAP_LIB_VERSION */ #if defined(HAVE_LIBCRYPTO) && defined(SSLEAY_VERSION) (void)fprintf (stderr, "%s\n", SSLeay_version(SSLEAY_VERSION)); #endif -#ifdef USE_LIBSMI - (void)fprintf (stderr, "SMI-library: %s\n", smi_version_string); -#endif + smi_version_string = nd_smi_version_string(); + if (smi_version_string != NULL) + (void)fprintf (stderr, "SMI-library: %s\n", smi_version_string); } USES_APPLE_RST @@ -2735,7 +2682,7 @@ print_usage(void) { print_version(); (void)fprintf(stderr, -"Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX#]" B_FLAG_USAGE " [ -c count ]\n", program_name); +"Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqStu" U_FLAG "vxX#]" B_FLAG_USAGE " [ -c count ]\n", program_name); (void)fprintf(stderr, "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n"); (void)fprintf(stderr, @@ -2756,48 +2703,10 @@ print_usage(void) #endif (void)fprintf(stderr, "[ -T type ] [ --version ] [ -V file ]\n"); (void)fprintf(stderr, -"\t\t[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ]\n"); +"\t\t[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ]\n"); (void)fprintf(stderr, "\t\t[ -Z user ] [ expression ]\n"); } - - - -/* VARARGS */ -static void -ndo_error(netdissect_options *ndo _U_, const char *fmt, ...) -{ - va_list ap; - - (void)fprintf(stderr, "%s: ", program_name); - va_start(ap, fmt); - (void)vfprintf(stderr, fmt, ap); - va_end(ap); - if (*fmt) { - fmt += strlen(fmt); - if (fmt[-1] != '\n') - (void)fputc('\n', stderr); - } - exit(1); - /* NOTREACHED */ -} - -/* VARARGS */ -static void -ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...) -{ - va_list ap; - - (void)fprintf(stderr, "%s: WARNING: ", program_name); - va_start(ap, fmt); - (void)vfprintf(stderr, fmt, ap); - va_end(ap); - if (*fmt) { - fmt += strlen(fmt); - if (fmt[-1] != '\n') - (void)fputc('\n', stderr); - } -} /* * Local Variables: * c-style: whitesmith |
