contrib/tcpdump/tcpdump.c

41c99275SPeter Avalos/*
41c99275SPeter Avalos * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
41c99275SPeter Avalos *	The Regents of the University of California.  All rights reserved.
41c99275SPeter Avalos *
41c99275SPeter Avalos * Redistribution and use in source and binary forms, with or without
41c99275SPeter Avalos * modification, are permitted provided that: (1) source code distributions
41c99275SPeter Avalos * retain the above copyright notice and this paragraph in its entirety, (2)
41c99275SPeter Avalos * distributions including binary code include the above copyright notice and
41c99275SPeter Avalos * this paragraph in its entirety in the documentation or other materials
41c99275SPeter Avalos * provided with the distribution, and (3) all advertising materials mentioning
41c99275SPeter Avalos * features or use of this software display the following acknowledgement:
41c99275SPeter Avalos * ``This product includes software developed by the University of California,
41c99275SPeter Avalos * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
41c99275SPeter Avalos * the University nor the names of its contributors may be used to endorse
41c99275SPeter Avalos * or promote products derived from this software without specific prior
41c99275SPeter Avalos * written permission.
41c99275SPeter Avalos * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
41c99275SPeter Avalos * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
41c99275SPeter Avalos * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
41c99275SPeter Avalos *
41c99275SPeter Avalos * Support for splitting captures into multiple files with a maximum
41c99275SPeter Avalos * file size:
41c99275SPeter Avalos *
41c99275SPeter Avalos * Copyright (c) 2001
41c99275SPeter Avalos *	Seth Webster <swebster@sst.ll.mit.edu>
41c99275SPeter Avalos */
41c99275SPeter Avalos
41c99275SPeter Avalos/*
411677aeSAaron LI * tcpdump - dump traffic on a network
41c99275SPeter Avalos *
41c99275SPeter Avalos * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory.
41c99275SPeter Avalos * Mercilessly hacked and occasionally improved since then via the
41c99275SPeter Avalos * combined efforts of Van, Steve McCanne and Craig Leres of LBL.
41c99275SPeter Avalos */
41c99275SPeter Avalos
41c99275SPeter Avalos#ifdef HAVE_CONFIG_H
*ed775ee7SAntonio Huete Jimenez#include <config.h>
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
411677aeSAaron LI/*
*ed775ee7SAntonio Huete Jimenez * Some older versions of Mac OS X may ship pcap.h from libpcap 0.6 with a
*ed775ee7SAntonio Huete Jimenez * libpcap based on 0.8.  That means it has pcap_findalldevs() but the
*ed775ee7SAntonio Huete Jimenez * header doesn't define pcap_if_t, meaning that we can't actually *use*
*ed775ee7SAntonio Huete Jimenez * pcap_findalldevs().
411677aeSAaron LI */
411677aeSAaron LI#ifdef HAVE_PCAP_FINDALLDEVS
411677aeSAaron LI#ifndef HAVE_PCAP_IF_T
411677aeSAaron LI#undef HAVE_PCAP_FINDALLDEVS
411677aeSAaron LI#endif
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#include "netdissect-stdinc.h"
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez/*
*ed775ee7SAntonio Huete Jimenez * This must appear after including netdissect-stdinc.h, so that _U_ is
*ed775ee7SAntonio Huete Jimenez * defined.
*ed775ee7SAntonio Huete Jimenez */
*ed775ee7SAntonio Huete Jimenez#ifndef lint
*ed775ee7SAntonio Huete Jimenezstatic const char copyright[] _U_ =
*ed775ee7SAntonio Huete Jimenez    "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
*ed775ee7SAntonio Huete JimenezThe Regents of the University of California.  All rights reserved.\n";
*ed775ee7SAntonio Huete Jimenez#endif
411677aeSAaron LI
411677aeSAaron LI#include <sys/stat.h>
411677aeSAaron LI
411677aeSAaron LI#ifdef HAVE_FCNTL_H
411677aeSAaron LI#include <fcntl.h>
411677aeSAaron LI#endif
411677aeSAaron LI
411677aeSAaron LI#ifdef HAVE_LIBCRYPTO
411677aeSAaron LI#include <openssl/crypto.h>
411677aeSAaron LI#endif
411677aeSAaron LI
411677aeSAaron LI#ifdef HAVE_GETOPT_LONG
411677aeSAaron LI#include <getopt.h>
411677aeSAaron LI#else
*ed775ee7SAntonio Huete Jimenez#include "missing/getopt_long.h"
411677aeSAaron LI#endif
411677aeSAaron LI/* Capsicum-specific code requires macros from <net/bpf.h>, which will fail
411677aeSAaron LI * to compile if <pcap.h> has already been included; including the headers
411677aeSAaron LI * in the opposite order works fine.
411677aeSAaron LI */
411677aeSAaron LI#ifdef HAVE_CAPSICUM
*ed775ee7SAntonio Huete Jimenez#include <sys/capsicum.h>
411677aeSAaron LI#include <sys/ioccom.h>
411677aeSAaron LI#include <net/bpf.h>
411677aeSAaron LI#include <libgen.h>
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_CASPER
*ed775ee7SAntonio Huete Jimenez#include <libcasper.h>
*ed775ee7SAntonio Huete Jimenez#include <casper/cap_dns.h>
*ed775ee7SAntonio Huete Jimenez#include <sys/nv.h>
*ed775ee7SAntonio Huete Jimenez#endif	/* HAVE_CASPER */
411677aeSAaron LI#endif	/* HAVE_CAPSICUM */
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_OPEN
*ed775ee7SAntonio Huete Jimenez/*
*ed775ee7SAntonio Huete Jimenez * We found pcap_open() in the capture library, so we'll be using
*ed775ee7SAntonio Huete Jimenez * the remote capture APIs; define PCAP_REMOTE before we include pcap.h,
*ed775ee7SAntonio Huete Jimenez * so we get those APIs declared, and the types and #defines that they
*ed775ee7SAntonio Huete Jimenez * use defined.
*ed775ee7SAntonio Huete Jimenez *
*ed775ee7SAntonio Huete Jimenez * WinPcap's headers require that PCAP_REMOTE be defined in order to get
*ed775ee7SAntonio Huete Jimenez * remote-capture APIs declared and types and #defines that they use
*ed775ee7SAntonio Huete Jimenez * defined.
*ed775ee7SAntonio Huete Jimenez *
*ed775ee7SAntonio Huete Jimenez * (Versions of libpcap with those APIs, and thus Npcap, which is based on
*ed775ee7SAntonio Huete Jimenez * those versions of libpcap, don't require it.)
*ed775ee7SAntonio Huete Jimenez */
*ed775ee7SAntonio Huete Jimenez#define HAVE_REMOTE
*ed775ee7SAntonio Huete Jimenez#endif
41c99275SPeter Avalos#include <pcap.h>
41c99275SPeter Avalos#include <signal.h>
41c99275SPeter Avalos#include <stdio.h>
411677aeSAaron LI#include <stdarg.h>
41c99275SPeter Avalos#include <stdlib.h>
41c99275SPeter Avalos#include <string.h>
ea7b4bf5SPeter Avalos#include <limits.h>
*ed775ee7SAntonio Huete Jimenez#ifdef _WIN32
*ed775ee7SAntonio Huete Jimenez#include <windows.h>
*ed775ee7SAntonio Huete Jimenez#else
*ed775ee7SAntonio Huete Jimenez#include <sys/time.h>
ea7b4bf5SPeter Avalos#include <sys/wait.h>
ea7b4bf5SPeter Avalos#include <sys/resource.h>
41c99275SPeter Avalos#include <pwd.h>
41c99275SPeter Avalos#include <grp.h>
411677aeSAaron LI#endif /* _WIN32 */
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez/*
*ed775ee7SAntonio Huete Jimenez * Pathname separator.
*ed775ee7SAntonio Huete Jimenez * Use this in pathnames, but do *not* use it in URLs.
*ed775ee7SAntonio Huete Jimenez */
*ed775ee7SAntonio Huete Jimenez#ifdef _WIN32
*ed775ee7SAntonio Huete Jimenez#define PATH_SEPARATOR	'\\'
*ed775ee7SAntonio Huete Jimenez#else
*ed775ee7SAntonio Huete Jimenez#define PATH_SEPARATOR	'/'
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
411677aeSAaron LI/* capabilities convenience library */
411677aeSAaron LI/* If a code depends on HAVE_LIBCAP_NG, it depends also on HAVE_CAP_NG_H.
411677aeSAaron LI * If HAVE_CAP_NG_H is not defined, undefine HAVE_LIBCAP_NG.
411677aeSAaron LI * Thus, the later tests are done only on HAVE_LIBCAP_NG.
411677aeSAaron LI */
411677aeSAaron LI#ifdef HAVE_LIBCAP_NG
411677aeSAaron LI#ifdef HAVE_CAP_NG_H
411677aeSAaron LI#include <cap-ng.h>
411677aeSAaron LI#else
411677aeSAaron LI#undef HAVE_LIBCAP_NG
411677aeSAaron LI#endif /* HAVE_CAP_NG_H */
411677aeSAaron LI#endif /* HAVE_LIBCAP_NG */
ea7b4bf5SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#ifdef __FreeBSD__
*ed775ee7SAntonio Huete Jimenez#include <sys/sysctl.h>
*ed775ee7SAntonio Huete Jimenez#endif /* __FreeBSD__ */
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez#include "netdissect-stdinc.h"
41c99275SPeter Avalos#include "netdissect.h"
41c99275SPeter Avalos#include "interface.h"
41c99275SPeter Avalos#include "addrtoname.h"
41c99275SPeter Avalos#include "machdep.h"
41c99275SPeter Avalos#include "pcap-missing.h"
411677aeSAaron LI#include "ascii_strcasecmp.h"
41c99275SPeter Avalos
411677aeSAaron LI#include "print.h"
411677aeSAaron LI
*ed775ee7SAntonio Huete Jimenez#include "fptype.h"
*ed775ee7SAntonio Huete Jimenez
411677aeSAaron LI#ifndef PATH_MAX
411677aeSAaron LI#define PATH_MAX 1024
ea7b4bf5SPeter Avalos#endif
ea7b4bf5SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#if defined(SIGINFO)
6263709fSPeter Avalos#define SIGNAL_REQ_INFO SIGINFO
*ed775ee7SAntonio Huete Jimenez#elif defined(SIGUSR1)
6263709fSPeter Avalos#define SIGNAL_REQ_INFO SIGUSR1
6263709fSPeter Avalos#endif
6263709fSPeter Avalos
*ed775ee7SAntonio Huete Jimenez#if defined(HAVE_PCAP_DUMP_FLUSH) && defined(SIGUSR2)
*ed775ee7SAntonio Huete Jimenez#define SIGNAL_FLUSH_PCAP SIGUSR2
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
411677aeSAaron LIstatic int Bflag;			/* buffer size */
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_DUMP_FTELL64
*ed775ee7SAntonio Huete Jimenezstatic int64_t Cflag;			/* rotate dump files after this many bytes */
*ed775ee7SAntonio Huete Jimenez#else
411677aeSAaron LIstatic long Cflag;			/* rotate dump files after this many bytes */
*ed775ee7SAntonio Huete Jimenez#endif
411677aeSAaron LIstatic int Cflag_count;			/* Keep track of which file number we're writing */
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS
411677aeSAaron LIstatic int Dflag;			/* list available devices and exit */
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenezstatic char *remote_interfaces_source;	/* list available devices from this source and exit */
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
411677aeSAaron LI/*
411677aeSAaron LI * This is exported because, in some versions of libpcap, if libpcap
411677aeSAaron LI * is built with optimizer debugging code (which is *NOT* the default
411677aeSAaron LI * configuration!), the library *imports*(!) a variable named dflag,
411677aeSAaron LI * under the expectation that tcpdump is exporting it, to govern
411677aeSAaron LI * how much debugging information to print when optimizing
411677aeSAaron LI * the generated BPF code.
411677aeSAaron LI *
411677aeSAaron LI * This is a horrible hack; newer versions of libpcap don't import
411677aeSAaron LI * dflag but, instead, *if* built with optimizer debugging code,
411677aeSAaron LI * *export* a routine to set that flag.
411677aeSAaron LI */
*ed775ee7SAntonio Huete Jimenezextern int dflag;
411677aeSAaron LIint dflag;				/* print filter code */
411677aeSAaron LIstatic int Gflag;			/* rotate dump files after this many seconds */
411677aeSAaron LIstatic int Gflag_count;			/* number of files created with Gflag rotation */
411677aeSAaron LIstatic time_t Gflag_time;		/* The last time_t the dump file was rotated. */
27bfbee1SPeter Avalosstatic int Lflag;			/* list available data link types and exit */
411677aeSAaron LIstatic int Iflag;			/* rfmon (monitor) mode */
27bfbee1SPeter Avalos#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
27bfbee1SPeter Avalosstatic int Jflag;			/* list available time stamp types */
411677aeSAaron LIstatic int jflag = -1;			/* packet time stamp source */
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenezstatic int lflag;			/* line-buffered output */
411677aeSAaron LIstatic int pflag;			/* don't go promiscuous */
411677aeSAaron LI#ifdef HAVE_PCAP_SETDIRECTION
411677aeSAaron LIstatic int Qflag = -1;			/* restrict captured packet by send/receive direction */
411677aeSAaron LI#endif
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_DUMP_FLUSH
411677aeSAaron LIstatic int Uflag;			/* "unbuffered" output of dump files */
*ed775ee7SAntonio Huete Jimenez#endif
411677aeSAaron LIstatic int Wflag;			/* recycle output files after this number of files */
411677aeSAaron LIstatic int WflagChars;
27bfbee1SPeter Avalosstatic char *zflag = NULL;		/* compress each savefile using a specified command (like gzip or bzip2) */
*ed775ee7SAntonio Huete Jimenezstatic int timeout = 1000;		/* default timeout = 1000 ms = 1 s */
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
411677aeSAaron LIstatic int immediate_mode;
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenezstatic int count_mode;
41c99275SPeter Avalos
41c99275SPeter Avalosstatic int infodelay;
41c99275SPeter Avalosstatic int infoprint;
41c99275SPeter Avalos
41c99275SPeter Avaloschar *program_name;
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_CASPER
*ed775ee7SAntonio Huete Jimenezcap_channel_t *capdns;
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
41c99275SPeter Avalos/* Forwards */
*ed775ee7SAntonio Huete Jimenezstatic NORETURN void error(FORMAT_STRING(const char *), ...) PRINTFLIKE(1, 2);
411677aeSAaron LIstatic void warning(FORMAT_STRING(const char *), ...) PRINTFLIKE(1, 2);
*ed775ee7SAntonio Huete Jimenezstatic NORETURN void exit_tcpdump(int);
*ed775ee7SAntonio Huete Jimenezstatic void (*setsignal (int sig, void (*func)(int)))(int);
*ed775ee7SAntonio Huete Jimenezstatic void cleanup(int);
*ed775ee7SAntonio Huete Jimenezstatic void child_cleanup(int);
*ed775ee7SAntonio Huete Jimenezstatic void print_version(FILE *);
*ed775ee7SAntonio Huete Jimenezstatic void print_usage(FILE *);
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
*ed775ee7SAntonio Huete Jimenezstatic NORETURN void show_tstamp_types_and_exit(pcap_t *, const char *device);
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenezstatic NORETURN void show_dlts_and_exit(pcap_t *, const char *device);
411677aeSAaron LI#ifdef HAVE_PCAP_FINDALLDEVS
*ed775ee7SAntonio Huete Jimenezstatic NORETURN void show_devices_and_exit(void);
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenezstatic NORETURN void show_remote_devices_and_exit(void);
411677aeSAaron LI#endif
41c99275SPeter Avalos
41c99275SPeter Avalosstatic void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
41c99275SPeter Avalosstatic void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
41c99275SPeter Avalosstatic void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
41c99275SPeter Avalosstatic void droproot(const char *, const char *);
41c99275SPeter Avalos
6263709fSPeter Avalos#ifdef SIGNAL_REQ_INFO
*ed775ee7SAntonio Huete Jimenezstatic void requestinfo(int);
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#ifdef SIGNAL_FLUSH_PCAP
*ed775ee7SAntonio Huete Jimenezstatic void flushpcap(int);
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#ifdef _WIN32
*ed775ee7SAntonio Huete Jimenez    static HANDLE timer_handle = INVALID_HANDLE_VALUE;
*ed775ee7SAntonio Huete Jimenez    static void CALLBACK verbose_stats_dump(PVOID param, BOOLEAN timer_fired);
*ed775ee7SAntonio Huete Jimenez#else /* _WIN32 */
*ed775ee7SAntonio Huete Jimenez  static void verbose_stats_dump(int sig);
*ed775ee7SAntonio Huete Jimenez#endif /* _WIN32 */
*ed775ee7SAntonio Huete Jimenez
41c99275SPeter Avalosstatic void info(int);
41c99275SPeter Avalosstatic u_int packets_captured;
41c99275SPeter Avalos
411677aeSAaron LI#ifdef HAVE_PCAP_FINDALLDEVS
411677aeSAaron LIstatic const struct tok status_flags[] = {
411677aeSAaron LI#ifdef PCAP_IF_UP
411677aeSAaron LI	{ PCAP_IF_UP,       "Up"       },
411677aeSAaron LI#endif
411677aeSAaron LI#ifdef PCAP_IF_RUNNING
411677aeSAaron LI	{ PCAP_IF_RUNNING,  "Running"  },
411677aeSAaron LI#endif
411677aeSAaron LI	{ PCAP_IF_LOOPBACK, "Loopback" },
*ed775ee7SAntonio Huete Jimenez#ifdef PCAP_IF_WIRELESS
*ed775ee7SAntonio Huete Jimenez	{ PCAP_IF_WIRELESS, "Wireless" },
*ed775ee7SAntonio Huete Jimenez#endif
411677aeSAaron LI	{ 0, NULL }
41c99275SPeter Avalos};
41c99275SPeter Avalos#endif
27bfbee1SPeter Avalos
41c99275SPeter Avalosstatic pcap_t *pd;
*ed775ee7SAntonio Huete Jimenezstatic pcap_dumper_t *pdd = NULL;
41c99275SPeter Avalos
27bfbee1SPeter Avalosstatic int supports_monitor_mode;
27bfbee1SPeter Avalos
41c99275SPeter Avalosextern int optind;
41c99275SPeter Avalosextern int opterr;
41c99275SPeter Avalosextern char *optarg;
41c99275SPeter Avalos
41c99275SPeter Avalosstruct dump_info {
41c99275SPeter Avalos	char	*WFileName;
ea7b4bf5SPeter Avalos	char	*CurrentFileName;
41c99275SPeter Avalos	pcap_t	*pd;
*ed775ee7SAntonio Huete Jimenez	pcap_dumper_t *pdd;
*ed775ee7SAntonio Huete Jimenez	netdissect_options *ndo;
411677aeSAaron LI#ifdef HAVE_CAPSICUM
411677aeSAaron LI	int	dirfd;
411677aeSAaron LI#endif
41c99275SPeter Avalos};
41c99275SPeter Avalos
411677aeSAaron LI#if defined(HAVE_PCAP_SET_PARSER_DEBUG)
411677aeSAaron LI/*
411677aeSAaron LI * We have pcap_set_parser_debug() in libpcap; declare it (it's not declared
411677aeSAaron LI * by any libpcap header, because it's a special hack, only available if
411677aeSAaron LI * libpcap was configured to include it, and only intended for use by
411677aeSAaron LI * libpcap developers trying to debug the parser for filter expressions).
411677aeSAaron LI */
411677aeSAaron LI#ifdef _WIN32
411677aeSAaron LI__declspec(dllimport)
411677aeSAaron LI#else /* _WIN32 */
411677aeSAaron LIextern
411677aeSAaron LI#endif /* _WIN32 */
411677aeSAaron LIvoid pcap_set_parser_debug(int);
411677aeSAaron LI#elif defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
411677aeSAaron LI/*
411677aeSAaron LI * We don't have pcap_set_parser_debug() in libpcap, but we do have
411677aeSAaron LI * pcap_debug or yydebug.  Make a local version of pcap_set_parser_debug()
411677aeSAaron LI * to set the flag, and define HAVE_PCAP_SET_PARSER_DEBUG.
411677aeSAaron LI */
411677aeSAaron LIstatic void
411677aeSAaron LIpcap_set_parser_debug(int value)
411677aeSAaron LI{
411677aeSAaron LI#ifdef HAVE_PCAP_DEBUG
411677aeSAaron LI	extern int pcap_debug;
411677aeSAaron LI
411677aeSAaron LI	pcap_debug = value;
411677aeSAaron LI#else /* HAVE_PCAP_DEBUG */
411677aeSAaron LI	extern int yydebug;
411677aeSAaron LI
411677aeSAaron LI	yydebug = value;
411677aeSAaron LI#endif /* HAVE_PCAP_DEBUG */
411677aeSAaron LI}
411677aeSAaron LI
411677aeSAaron LI#define HAVE_PCAP_SET_PARSER_DEBUG
411677aeSAaron LI#endif
411677aeSAaron LI
411677aeSAaron LI#if defined(HAVE_PCAP_SET_OPTIMIZER_DEBUG)
411677aeSAaron LI/*
411677aeSAaron LI * We have pcap_set_optimizer_debug() in libpcap; declare it (it's not declared
411677aeSAaron LI * by any libpcap header, because it's a special hack, only available if
411677aeSAaron LI * libpcap was configured to include it, and only intended for use by
411677aeSAaron LI * libpcap developers trying to debug the optimizer for filter expressions).
411677aeSAaron LI */
411677aeSAaron LI#ifdef _WIN32
411677aeSAaron LI__declspec(dllimport)
411677aeSAaron LI#else /* _WIN32 */
411677aeSAaron LIextern
411677aeSAaron LI#endif /* _WIN32 */
411677aeSAaron LIvoid pcap_set_optimizer_debug(int);
411677aeSAaron LI#endif
411677aeSAaron LI
411677aeSAaron LI/* VARARGS */
411677aeSAaron LIstatic void
411677aeSAaron LIerror(const char *fmt, ...)
411677aeSAaron LI{
411677aeSAaron LI	va_list ap;
411677aeSAaron LI
411677aeSAaron LI	(void)fprintf(stderr, "%s: ", program_name);
411677aeSAaron LI	va_start(ap, fmt);
411677aeSAaron LI	(void)vfprintf(stderr, fmt, ap);
411677aeSAaron LI	va_end(ap);
411677aeSAaron LI	if (*fmt) {
411677aeSAaron LI		fmt += strlen(fmt);
411677aeSAaron LI		if (fmt[-1] != '\n')
411677aeSAaron LI			(void)fputc('\n', stderr);
411677aeSAaron LI	}
*ed775ee7SAntonio Huete Jimenez	exit_tcpdump(S_ERR_HOST_PROGRAM);
411677aeSAaron LI	/* NOTREACHED */
411677aeSAaron LI}
411677aeSAaron LI
411677aeSAaron LI/* VARARGS */
411677aeSAaron LIstatic void
411677aeSAaron LIwarning(const char *fmt, ...)
411677aeSAaron LI{
411677aeSAaron LI	va_list ap;
411677aeSAaron LI
411677aeSAaron LI	(void)fprintf(stderr, "%s: WARNING: ", program_name);
411677aeSAaron LI	va_start(ap, fmt);
411677aeSAaron LI	(void)vfprintf(stderr, fmt, ap);
411677aeSAaron LI	va_end(ap);
411677aeSAaron LI	if (*fmt) {
411677aeSAaron LI		fmt += strlen(fmt);
411677aeSAaron LI		if (fmt[-1] != '\n')
411677aeSAaron LI			(void)fputc('\n', stderr);
411677aeSAaron LI	}
411677aeSAaron LI}
411677aeSAaron LI
411677aeSAaron LIstatic void
411677aeSAaron LIexit_tcpdump(int status)
411677aeSAaron LI{
411677aeSAaron LI	nd_cleanup();
411677aeSAaron LI	exit(status);
411677aeSAaron LI}
411677aeSAaron LI
27bfbee1SPeter Avalos#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
41c99275SPeter Avalosstatic void
411677aeSAaron LIshow_tstamp_types_and_exit(pcap_t *pc, const char *device)
27bfbee1SPeter Avalos{
27bfbee1SPeter Avalos	int n_tstamp_types;
27bfbee1SPeter Avalos	int *tstamp_types = 0;
27bfbee1SPeter Avalos	const char *tstamp_type_name;
27bfbee1SPeter Avalos	int i;
27bfbee1SPeter Avalos
411677aeSAaron LI	n_tstamp_types = pcap_list_tstamp_types(pc, &tstamp_types);
27bfbee1SPeter Avalos	if (n_tstamp_types < 0)
411677aeSAaron LI		error("%s", pcap_geterr(pc));
27bfbee1SPeter Avalos
27bfbee1SPeter Avalos	if (n_tstamp_types == 0) {
27bfbee1SPeter Avalos		fprintf(stderr, "Time stamp type cannot be set for %s\n",
27bfbee1SPeter Avalos		    device);
*ed775ee7SAntonio Huete Jimenez		exit_tcpdump(S_SUCCESS);
27bfbee1SPeter Avalos	}
27bfbee1SPeter Avalos	fprintf(stderr, "Time stamp types for %s (use option -j to set):\n",
27bfbee1SPeter Avalos	    device);
27bfbee1SPeter Avalos	for (i = 0; i < n_tstamp_types; i++) {
27bfbee1SPeter Avalos		tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]);
27bfbee1SPeter Avalos		if (tstamp_type_name != NULL) {
27bfbee1SPeter Avalos			(void) fprintf(stderr, "  %s (%s)\n", tstamp_type_name,
27bfbee1SPeter Avalos			    pcap_tstamp_type_val_to_description(tstamp_types[i]));
27bfbee1SPeter Avalos		} else {
27bfbee1SPeter Avalos			(void) fprintf(stderr, "  %d\n", tstamp_types[i]);
27bfbee1SPeter Avalos		}
27bfbee1SPeter Avalos	}
27bfbee1SPeter Avalos	pcap_free_tstamp_types(tstamp_types);
*ed775ee7SAntonio Huete Jimenez	exit_tcpdump(S_SUCCESS);
27bfbee1SPeter Avalos}
27bfbee1SPeter Avalos#endif
27bfbee1SPeter Avalos
27bfbee1SPeter Avalosstatic void
411677aeSAaron LIshow_dlts_and_exit(pcap_t *pc, const char *device)
41c99275SPeter Avalos{
411677aeSAaron LI	int n_dlts, i;
41c99275SPeter Avalos	int *dlts = 0;
41c99275SPeter Avalos	const char *dlt_name;
41c99275SPeter Avalos
411677aeSAaron LI	n_dlts = pcap_list_datalinks(pc, &dlts);
41c99275SPeter Avalos	if (n_dlts < 0)
411677aeSAaron LI		error("%s", pcap_geterr(pc));
41c99275SPeter Avalos	else if (n_dlts == 0 || !dlts)
41c99275SPeter Avalos		error("No data link types.");
41c99275SPeter Avalos
27bfbee1SPeter Avalos	/*
27bfbee1SPeter Avalos	 * If the interface is known to support monitor mode, indicate
27bfbee1SPeter Avalos	 * whether these are the data link types available when not in
27bfbee1SPeter Avalos	 * monitor mode, if -I wasn't specified, or when in monitor mode,
27bfbee1SPeter Avalos	 * when -I was specified (the link-layer types available in
27bfbee1SPeter Avalos	 * monitor mode might be different from the ones available when
27bfbee1SPeter Avalos	 * not in monitor mode).
27bfbee1SPeter Avalos	 */
27bfbee1SPeter Avalos	if (supports_monitor_mode)
27bfbee1SPeter Avalos		(void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n",
27bfbee1SPeter Avalos		    device,
27bfbee1SPeter Avalos		    Iflag ? "when in monitor mode" : "when not in monitor mode");
27bfbee1SPeter Avalos	else
27bfbee1SPeter Avalos		(void) fprintf(stderr, "Data link types for %s (use option -y to set):\n",
27bfbee1SPeter Avalos		    device);
41c99275SPeter Avalos
411677aeSAaron LI	for (i = 0; i < n_dlts; i++) {
411677aeSAaron LI		dlt_name = pcap_datalink_val_to_name(dlts[i]);
41c99275SPeter Avalos		if (dlt_name != NULL) {
41c99275SPeter Avalos			(void) fprintf(stderr, "  %s (%s)", dlt_name,
411677aeSAaron LI			    pcap_datalink_val_to_description(dlts[i]));
41c99275SPeter Avalos
41c99275SPeter Avalos			/*
41c99275SPeter Avalos			 * OK, does tcpdump handle that type?
41c99275SPeter Avalos			 */
411677aeSAaron LI			if (!has_printer(dlts[i]))
ea7b4bf5SPeter Avalos				(void) fprintf(stderr, " (printing not supported)");
27bfbee1SPeter Avalos			fprintf(stderr, "\n");
41c99275SPeter Avalos		} else {
ea7b4bf5SPeter Avalos			(void) fprintf(stderr, "  DLT %d (printing not supported)\n",
411677aeSAaron LI			    dlts[i]);
41c99275SPeter Avalos		}
41c99275SPeter Avalos	}
411677aeSAaron LI#ifdef HAVE_PCAP_FREE_DATALINKS
27bfbee1SPeter Avalos	pcap_free_datalinks(dlts);
411677aeSAaron LI#endif
*ed775ee7SAntonio Huete Jimenez	exit_tcpdump(S_SUCCESS);
41c99275SPeter Avalos}
41c99275SPeter Avalos
411677aeSAaron LI#ifdef HAVE_PCAP_FINDALLDEVS
411677aeSAaron LIstatic void
411677aeSAaron LIshow_devices_and_exit(void)
411677aeSAaron LI{
411677aeSAaron LI	pcap_if_t *dev, *devlist;
411677aeSAaron LI	char ebuf[PCAP_ERRBUF_SIZE];
411677aeSAaron LI	int i;
411677aeSAaron LI
411677aeSAaron LI	if (pcap_findalldevs(&devlist, ebuf) < 0)
411677aeSAaron LI		error("%s", ebuf);
411677aeSAaron LI	for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
411677aeSAaron LI		printf("%d.%s", i+1, dev->name);
411677aeSAaron LI		if (dev->description != NULL)
411677aeSAaron LI			printf(" (%s)", dev->description);
*ed775ee7SAntonio Huete Jimenez		if (dev->flags != 0) {
*ed775ee7SAntonio Huete Jimenez			printf(" [");
*ed775ee7SAntonio Huete Jimenez			printf("%s", bittok2str(status_flags, "none", dev->flags));
*ed775ee7SAntonio Huete Jimenez#ifdef PCAP_IF_WIRELESS
*ed775ee7SAntonio Huete Jimenez			if (dev->flags & PCAP_IF_WIRELESS) {
*ed775ee7SAntonio Huete Jimenez				switch (dev->flags & PCAP_IF_CONNECTION_STATUS) {
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez				case PCAP_IF_CONNECTION_STATUS_UNKNOWN:
*ed775ee7SAntonio Huete Jimenez					printf(", Association status unknown");
*ed775ee7SAntonio Huete Jimenez					break;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez				case PCAP_IF_CONNECTION_STATUS_CONNECTED:
*ed775ee7SAntonio Huete Jimenez					printf(", Associated");
*ed775ee7SAntonio Huete Jimenez					break;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez				case PCAP_IF_CONNECTION_STATUS_DISCONNECTED:
*ed775ee7SAntonio Huete Jimenez					printf(", Not associated");
*ed775ee7SAntonio Huete Jimenez					break;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez				case PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE:
*ed775ee7SAntonio Huete Jimenez					break;
*ed775ee7SAntonio Huete Jimenez				}
*ed775ee7SAntonio Huete Jimenez			} else {
*ed775ee7SAntonio Huete Jimenez				switch (dev->flags & PCAP_IF_CONNECTION_STATUS) {
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez				case PCAP_IF_CONNECTION_STATUS_UNKNOWN:
*ed775ee7SAntonio Huete Jimenez					printf(", Connection status unknown");
*ed775ee7SAntonio Huete Jimenez					break;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez				case PCAP_IF_CONNECTION_STATUS_CONNECTED:
*ed775ee7SAntonio Huete Jimenez					printf(", Connected");
*ed775ee7SAntonio Huete Jimenez					break;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez				case PCAP_IF_CONNECTION_STATUS_DISCONNECTED:
*ed775ee7SAntonio Huete Jimenez					printf(", Disconnected");
*ed775ee7SAntonio Huete Jimenez					break;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez				case PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE:
*ed775ee7SAntonio Huete Jimenez					break;
*ed775ee7SAntonio Huete Jimenez				}
*ed775ee7SAntonio Huete Jimenez			}
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez			printf("]");
*ed775ee7SAntonio Huete Jimenez		}
*ed775ee7SAntonio Huete Jimenez		printf("\n");
*ed775ee7SAntonio Huete Jimenez	}
*ed775ee7SAntonio Huete Jimenez	pcap_freealldevs(devlist);
*ed775ee7SAntonio Huete Jimenez	exit_tcpdump(S_SUCCESS);
*ed775ee7SAntonio Huete Jimenez}
*ed775ee7SAntonio Huete Jimenez#endif /* HAVE_PCAP_FINDALLDEVS */
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenezstatic void
*ed775ee7SAntonio Huete Jimenezshow_remote_devices_and_exit(void)
*ed775ee7SAntonio Huete Jimenez{
*ed775ee7SAntonio Huete Jimenez	pcap_if_t *dev, *devlist;
*ed775ee7SAntonio Huete Jimenez	char ebuf[PCAP_ERRBUF_SIZE];
*ed775ee7SAntonio Huete Jimenez	int i;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez	if (pcap_findalldevs_ex(remote_interfaces_source, NULL, &devlist,
*ed775ee7SAntonio Huete Jimenez	    ebuf) < 0)
*ed775ee7SAntonio Huete Jimenez		error("%s", ebuf);
*ed775ee7SAntonio Huete Jimenez	for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
*ed775ee7SAntonio Huete Jimenez		printf("%d.%s", i+1, dev->name);
*ed775ee7SAntonio Huete Jimenez		if (dev->description != NULL)
*ed775ee7SAntonio Huete Jimenez			printf(" (%s)", dev->description);
411677aeSAaron LI		if (dev->flags != 0)
411677aeSAaron LI			printf(" [%s]", bittok2str(status_flags, "none", dev->flags));
411677aeSAaron LI		printf("\n");
411677aeSAaron LI	}
411677aeSAaron LI	pcap_freealldevs(devlist);
*ed775ee7SAntonio Huete Jimenez	exit_tcpdump(S_SUCCESS);
411677aeSAaron LI}
411677aeSAaron LI#endif /* HAVE_PCAP_FINDALLDEVS */
411677aeSAaron LI
411677aeSAaron LI/*
411677aeSAaron LI * Short options.
411677aeSAaron LI *
411677aeSAaron LI * Note that there we use all letters for short options except for g, k,
411677aeSAaron LI * o, and P, and those are used by other versions of tcpdump, and we should
411677aeSAaron LI * only use them for the same purposes that the other versions of tcpdump
411677aeSAaron LI * use them:
411677aeSAaron LI *
*ed775ee7SAntonio Huete Jimenez * macOS tcpdump uses -g to force non--v output for IP to be on one
411677aeSAaron LI * line, making it more "g"repable;
411677aeSAaron LI *
*ed775ee7SAntonio Huete Jimenez * macOS tcpdump uses -k to specify that packet comments in pcapng files
411677aeSAaron LI * should be printed;
411677aeSAaron LI *
411677aeSAaron LI * OpenBSD tcpdump uses -o to indicate that OS fingerprinting should be done
411677aeSAaron LI * for hosts sending TCP SYN packets;
411677aeSAaron LI *
*ed775ee7SAntonio Huete Jimenez * macOS tcpdump uses -P to indicate that -w should write pcapng rather
411677aeSAaron LI * than pcap files.
411677aeSAaron LI *
*ed775ee7SAntonio Huete Jimenez * macOS tcpdump also uses -Q to specify expressions that match packet
411677aeSAaron LI * metadata, including but not limited to the packet direction.
411677aeSAaron LI * The expression syntax is different from a simple "in|out|inout",
*ed775ee7SAntonio Huete Jimenez * and those expressions aren't accepted by macOS tcpdump, but the
411677aeSAaron LI * equivalents would be "in" = "dir=in", "out" = "dir=out", and
411677aeSAaron LI * "inout" = "dir=in or dir=out", and the parser could conceivably
411677aeSAaron LI * special-case "in", "out", and "inout" as expressions for backwards
411677aeSAaron LI * compatibility, so all is not (yet) lost.
411677aeSAaron LI */
411677aeSAaron LI
41c99275SPeter Avalos/*
41c99275SPeter Avalos * Set up flags that might or might not be supported depending on the
41c99275SPeter Avalos * version of libpcap we're using.
41c99275SPeter Avalos */
411677aeSAaron LI#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
41c99275SPeter Avalos#define B_FLAG		"B:"
41c99275SPeter Avalos#define B_FLAG_USAGE	" [ -B size ]"
411677aeSAaron LI#else /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
41c99275SPeter Avalos#define B_FLAG
41c99275SPeter Avalos#define B_FLAG_USAGE
411677aeSAaron LI#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
ea7b4bf5SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS
*ed775ee7SAntonio Huete Jimenez#define D_FLAG	"D"
*ed775ee7SAntonio Huete Jimenez#else
*ed775ee7SAntonio Huete Jimenez#define D_FLAG
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
ea7b4bf5SPeter Avalos#ifdef HAVE_PCAP_CREATE
ea7b4bf5SPeter Avalos#define I_FLAG		"I"
ea7b4bf5SPeter Avalos#else /* HAVE_PCAP_CREATE */
ea7b4bf5SPeter Avalos#define I_FLAG
ea7b4bf5SPeter Avalos#endif /* HAVE_PCAP_CREATE */
41c99275SPeter Avalos
27bfbee1SPeter Avalos#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
27bfbee1SPeter Avalos#define j_FLAG		"j:"
27bfbee1SPeter Avalos#define j_FLAG_USAGE	" [ -j tstamptype ]"
27bfbee1SPeter Avalos#define J_FLAG		"J"
27bfbee1SPeter Avalos#else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
27bfbee1SPeter Avalos#define j_FLAG
27bfbee1SPeter Avalos#define j_FLAG_USAGE
27bfbee1SPeter Avalos#define J_FLAG
27bfbee1SPeter Avalos#endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
27bfbee1SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#ifdef USE_LIBSMI
*ed775ee7SAntonio Huete Jimenez#define m_FLAG_USAGE "[ -m module ] ..."
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_SETDIRECTION
*ed775ee7SAntonio Huete Jimenez#define Q_FLAG "Q:"
*ed775ee7SAntonio Huete Jimenez#define Q_FLAG_USAGE " [ -Q in|out|inout ]"
41c99275SPeter Avalos#else
*ed775ee7SAntonio Huete Jimenez#define Q_FLAG
*ed775ee7SAntonio Huete Jimenez#define Q_FLAG_USAGE
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
41c99275SPeter Avalos#ifdef HAVE_PCAP_DUMP_FLUSH
41c99275SPeter Avalos#define U_FLAG	"U"
41c99275SPeter Avalos#else
41c99275SPeter Avalos#define U_FLAG
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
411677aeSAaron LI#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
411677aeSAaron LI
411677aeSAaron LI/*
411677aeSAaron LI * Long options.
411677aeSAaron LI *
411677aeSAaron LI * We do not currently have long options corresponding to all short
411677aeSAaron LI * options; we should probably pick appropriate option names for them.
411677aeSAaron LI *
411677aeSAaron LI * However, the short options where the number of times the option is
411677aeSAaron LI * specified matters, such as -v and -d and -t, should probably not
411677aeSAaron LI * just map to a long option, as saying
411677aeSAaron LI *
411677aeSAaron LI *  tcpdump --verbose --verbose
411677aeSAaron LI *
411677aeSAaron LI * doesn't make sense; it should be --verbosity={N} or something such
411677aeSAaron LI * as that.
411677aeSAaron LI *
411677aeSAaron LI * For long options with no corresponding short options, we define values
411677aeSAaron LI * outside the range of ASCII graphic characters, make that the last
411677aeSAaron LI * component of the entry for the long option, and have a case for that
411677aeSAaron LI * option in the switch statement.
411677aeSAaron LI */
411677aeSAaron LI#define OPTION_VERSION			128
411677aeSAaron LI#define OPTION_TSTAMP_PRECISION		129
411677aeSAaron LI#define OPTION_IMMEDIATE_MODE		130
*ed775ee7SAntonio Huete Jimenez#define OPTION_PRINT			131
*ed775ee7SAntonio Huete Jimenez#define OPTION_LIST_REMOTE_INTERFACES	132
*ed775ee7SAntonio Huete Jimenez#define OPTION_TSTAMP_MICRO		133
*ed775ee7SAntonio Huete Jimenez#define OPTION_TSTAMP_NANO		134
*ed775ee7SAntonio Huete Jimenez#define OPTION_FP_TYPE			135
*ed775ee7SAntonio Huete Jimenez#define OPTION_COUNT			136
411677aeSAaron LI
411677aeSAaron LIstatic const struct option longopts[] = {
411677aeSAaron LI#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
411677aeSAaron LI	{ "buffer-size", required_argument, NULL, 'B' },
411677aeSAaron LI#endif
411677aeSAaron LI	{ "list-interfaces", no_argument, NULL, 'D' },
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenez	{ "list-remote-interfaces", required_argument, NULL, OPTION_LIST_REMOTE_INTERFACES },
*ed775ee7SAntonio Huete Jimenez#endif
411677aeSAaron LI	{ "help", no_argument, NULL, 'h' },
411677aeSAaron LI	{ "interface", required_argument, NULL, 'i' },
411677aeSAaron LI#ifdef HAVE_PCAP_CREATE
411677aeSAaron LI	{ "monitor-mode", no_argument, NULL, 'I' },
411677aeSAaron LI#endif
411677aeSAaron LI#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
411677aeSAaron LI	{ "time-stamp-type", required_argument, NULL, 'j' },
411677aeSAaron LI	{ "list-time-stamp-types", no_argument, NULL, 'J' },
411677aeSAaron LI#endif
411677aeSAaron LI#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
*ed775ee7SAntonio Huete Jimenez	{ "micro", no_argument, NULL, OPTION_TSTAMP_MICRO},
*ed775ee7SAntonio Huete Jimenez	{ "nano", no_argument, NULL, OPTION_TSTAMP_NANO},
411677aeSAaron LI	{ "time-stamp-precision", required_argument, NULL, OPTION_TSTAMP_PRECISION},
411677aeSAaron LI#endif
411677aeSAaron LI	{ "dont-verify-checksums", no_argument, NULL, 'K' },
411677aeSAaron LI	{ "list-data-link-types", no_argument, NULL, 'L' },
411677aeSAaron LI	{ "no-optimize", no_argument, NULL, 'O' },
411677aeSAaron LI	{ "no-promiscuous-mode", no_argument, NULL, 'p' },
411677aeSAaron LI#ifdef HAVE_PCAP_SETDIRECTION
411677aeSAaron LI	{ "direction", required_argument, NULL, 'Q' },
411677aeSAaron LI#endif
411677aeSAaron LI	{ "snapshot-length", required_argument, NULL, 's' },
411677aeSAaron LI	{ "absolute-tcp-sequence-numbers", no_argument, NULL, 'S' },
411677aeSAaron LI#ifdef HAVE_PCAP_DUMP_FLUSH
411677aeSAaron LI	{ "packet-buffered", no_argument, NULL, 'U' },
411677aeSAaron LI#endif
411677aeSAaron LI	{ "linktype", required_argument, NULL, 'y' },
411677aeSAaron LI#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
411677aeSAaron LI	{ "immediate-mode", no_argument, NULL, OPTION_IMMEDIATE_MODE },
411677aeSAaron LI#endif
411677aeSAaron LI#ifdef HAVE_PCAP_SET_PARSER_DEBUG
411677aeSAaron LI	{ "debug-filter-parser", no_argument, NULL, 'Y' },
411677aeSAaron LI#endif
411677aeSAaron LI	{ "relinquish-privileges", required_argument, NULL, 'Z' },
*ed775ee7SAntonio Huete Jimenez	{ "count", no_argument, NULL, OPTION_COUNT },
*ed775ee7SAntonio Huete Jimenez	{ "fp-type", no_argument, NULL, OPTION_FP_TYPE },
411677aeSAaron LI	{ "number", no_argument, NULL, '#' },
*ed775ee7SAntonio Huete Jimenez	{ "print", no_argument, NULL, OPTION_PRINT },
411677aeSAaron LI	{ "version", no_argument, NULL, OPTION_VERSION },
411677aeSAaron LI	{ NULL, 0, NULL, 0 }
411677aeSAaron LI};
411677aeSAaron LI
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenez#define LIST_REMOTE_INTERFACES_USAGE "[ --list-remote-interfaces remote-source ]"
*ed775ee7SAntonio Huete Jimenez#else
*ed775ee7SAntonio Huete Jimenez#define LIST_REMOTE_INTERFACES_USAGE
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
*ed775ee7SAntonio Huete Jimenez#define IMMEDIATE_MODE_USAGE " [ --immediate-mode ]"
*ed775ee7SAntonio Huete Jimenez#else
*ed775ee7SAntonio Huete Jimenez#define IMMEDIATE_MODE_USAGE ""
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
411677aeSAaron LI#ifndef _WIN32
41c99275SPeter Avalos/* Drop root privileges and chroot if necessary */
41c99275SPeter Avalosstatic void
41c99275SPeter Avalosdroproot(const char *username, const char *chroot_dir)
41c99275SPeter Avalos{
41c99275SPeter Avalos	struct passwd *pw = NULL;
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez	if (chroot_dir && !username)
*ed775ee7SAntonio Huete Jimenez		error("Chroot without dropping root is insecure");
41c99275SPeter Avalos
41c99275SPeter Avalos	pw = getpwnam(username);
41c99275SPeter Avalos	if (pw) {
41c99275SPeter Avalos		if (chroot_dir) {
*ed775ee7SAntonio Huete Jimenez			if (chroot(chroot_dir) != 0 || chdir ("/") != 0)
*ed775ee7SAntonio Huete Jimenez				error("Couldn't chroot/chdir to '%.64s': %s",
*ed775ee7SAntonio Huete Jimenez				      chroot_dir, pcap_strerror(errno));
41c99275SPeter Avalos		}
411677aeSAaron LI#ifdef HAVE_LIBCAP_NG
411677aeSAaron LI		{
411677aeSAaron LI			int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
411677aeSAaron LI			if (ret < 0)
411677aeSAaron LI				error("capng_change_id(): return %d\n", ret);
411677aeSAaron LI			else
411677aeSAaron LI				fprintf(stderr, "dropped privs to %s\n", username);
411677aeSAaron LI		}
411677aeSAaron LI#else
41c99275SPeter Avalos		if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
*ed775ee7SAntonio Huete Jimenez		    setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0)
*ed775ee7SAntonio Huete Jimenez			error("Couldn't change to '%.32s' uid=%lu gid=%lu: %s",
*ed775ee7SAntonio Huete Jimenez				username,
41c99275SPeter Avalos				(unsigned long)pw->pw_uid,
41c99275SPeter Avalos				(unsigned long)pw->pw_gid,
41c99275SPeter Avalos				pcap_strerror(errno));
41c99275SPeter Avalos		else {
411677aeSAaron LI			fprintf(stderr, "dropped privs to %s\n", username);
41c99275SPeter Avalos		}
411677aeSAaron LI#endif /* HAVE_LIBCAP_NG */
*ed775ee7SAntonio Huete Jimenez	} else
*ed775ee7SAntonio Huete Jimenez		error("Couldn't find user '%.32s'", username);
411677aeSAaron LI#ifdef HAVE_LIBCAP_NG
411677aeSAaron LI	/* We don't need CAP_SETUID, CAP_SETGID and CAP_SYS_CHROOT any more. */
*ed775ee7SAntonio Huete JimenezDIAG_OFF_CLANG(assign-enum)
411677aeSAaron LI	capng_updatev(
411677aeSAaron LI		CAPNG_DROP,
411677aeSAaron LI		CAPNG_EFFECTIVE | CAPNG_PERMITTED,
411677aeSAaron LI		CAP_SETUID,
411677aeSAaron LI		CAP_SETGID,
411677aeSAaron LI		CAP_SYS_CHROOT,
411677aeSAaron LI		-1);
*ed775ee7SAntonio Huete JimenezDIAG_ON_CLANG(assign-enum)
411677aeSAaron LI	capng_apply(CAPNG_SELECT_BOTH);
411677aeSAaron LI#endif /* HAVE_LIBCAP_NG */
411677aeSAaron LI
411677aeSAaron LI}
411677aeSAaron LI#endif /* _WIN32 */
41c99275SPeter Avalos
41c99275SPeter Avalosstatic int
41c99275SPeter AvalosgetWflagChars(int x)
41c99275SPeter Avalos{
41c99275SPeter Avalos	int c = 0;
41c99275SPeter Avalos
41c99275SPeter Avalos	x -= 1;
41c99275SPeter Avalos	while (x > 0) {
41c99275SPeter Avalos		c += 1;
41c99275SPeter Avalos		x /= 10;
41c99275SPeter Avalos	}
41c99275SPeter Avalos
41c99275SPeter Avalos	return c;
41c99275SPeter Avalos}
41c99275SPeter Avalos
41c99275SPeter Avalos
41c99275SPeter Avalosstatic void
41c99275SPeter AvalosMakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
41c99275SPeter Avalos{
411677aeSAaron LI        char *filename = malloc(PATH_MAX + 1);
411677aeSAaron LI        if (filename == NULL)
*ed775ee7SAntonio Huete Jimenez            error("%s: malloc", __func__);
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos        /* Process with strftime if Gflag is set. */
ea7b4bf5SPeter Avalos        if (Gflag != 0) {
ea7b4bf5SPeter Avalos          struct tm *local_tm;
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos          /* Convert Gflag_time to a usable format */
ea7b4bf5SPeter Avalos          if ((local_tm = localtime(&Gflag_time)) == NULL) {
*ed775ee7SAntonio Huete Jimenez                  error("%s: localtime", __func__);
ea7b4bf5SPeter Avalos          }
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos          /* There's no good way to detect an error in strftime since a return
ea7b4bf5SPeter Avalos           * value of 0 isn't necessarily failure.
ea7b4bf5SPeter Avalos           */
411677aeSAaron LI          strftime(filename, PATH_MAX, orig_name, local_tm);
ea7b4bf5SPeter Avalos        } else {
411677aeSAaron LI          strncpy(filename, orig_name, PATH_MAX);
ea7b4bf5SPeter Avalos        }
ea7b4bf5SPeter Avalos
41c99275SPeter Avalos	if (cnt == 0 && max_chars == 0)
411677aeSAaron LI		strncpy(buffer, filename, PATH_MAX + 1);
41c99275SPeter Avalos	else
411677aeSAaron LI		if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX)
ea7b4bf5SPeter Avalos                  /* Report an error if the filename is too large */
411677aeSAaron LI                  error("too many output files or filename is too long (> %d)", PATH_MAX);
ea7b4bf5SPeter Avalos        free(filename);
41c99275SPeter Avalos}
41c99275SPeter Avalos
411677aeSAaron LIstatic char *
411677aeSAaron LIget_next_file(FILE *VFile, char *ptr)
41c99275SPeter Avalos{
411677aeSAaron LI	char *ret;
411677aeSAaron LI	size_t len;
41c99275SPeter Avalos
411677aeSAaron LI	ret = fgets(ptr, PATH_MAX, VFile);
411677aeSAaron LI	if (!ret)
411677aeSAaron LI		return NULL;
41c99275SPeter Avalos
411677aeSAaron LI	len = strlen (ptr);
411677aeSAaron LI	if (len > 0 && ptr[len - 1] == '\n')
411677aeSAaron LI		ptr[len - 1] = '\0';
41c99275SPeter Avalos
41c99275SPeter Avalos	return ret;
41c99275SPeter Avalos}
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_CASPER
*ed775ee7SAntonio Huete Jimenezstatic cap_channel_t *
*ed775ee7SAntonio Huete Jimenezcapdns_setup(void)
*ed775ee7SAntonio Huete Jimenez{
*ed775ee7SAntonio Huete Jimenez	cap_channel_t *capcas, *capdnsloc;
*ed775ee7SAntonio Huete Jimenez	const char *types[1];
*ed775ee7SAntonio Huete Jimenez	int families[2];
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez	capcas = cap_init();
*ed775ee7SAntonio Huete Jimenez	if (capcas == NULL)
*ed775ee7SAntonio Huete Jimenez		error("unable to create casper process");
*ed775ee7SAntonio Huete Jimenez	capdnsloc = cap_service_open(capcas, "system.dns");
*ed775ee7SAntonio Huete Jimenez	/* Casper capability no longer needed. */
*ed775ee7SAntonio Huete Jimenez	cap_close(capcas);
*ed775ee7SAntonio Huete Jimenez	if (capdnsloc == NULL)
*ed775ee7SAntonio Huete Jimenez		error("unable to open system.dns service");
*ed775ee7SAntonio Huete Jimenez	/* Limit system.dns to reverse DNS lookups. */
*ed775ee7SAntonio Huete Jimenez	types[0] = "ADDR";
*ed775ee7SAntonio Huete Jimenez	if (cap_dns_type_limit(capdnsloc, types, 1) < 0)
*ed775ee7SAntonio Huete Jimenez		error("unable to limit access to system.dns service");
*ed775ee7SAntonio Huete Jimenez	families[0] = AF_INET;
*ed775ee7SAntonio Huete Jimenez	families[1] = AF_INET6;
*ed775ee7SAntonio Huete Jimenez	if (cap_dns_family_limit(capdnsloc, families, 2) < 0)
*ed775ee7SAntonio Huete Jimenez		error("unable to limit access to system.dns service");
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez	return (capdnsloc);
*ed775ee7SAntonio Huete Jimenez}
*ed775ee7SAntonio Huete Jimenez#endif	/* HAVE_CASPER */
*ed775ee7SAntonio Huete Jimenez
411677aeSAaron LI#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
411677aeSAaron LIstatic int
411677aeSAaron LItstamp_precision_from_string(const char *precision)
411677aeSAaron LI{
411677aeSAaron LI	if (strncmp(precision, "nano", strlen("nano")) == 0)
411677aeSAaron LI		return PCAP_TSTAMP_PRECISION_NANO;
411677aeSAaron LI
411677aeSAaron LI	if (strncmp(precision, "micro", strlen("micro")) == 0)
411677aeSAaron LI		return PCAP_TSTAMP_PRECISION_MICRO;
411677aeSAaron LI
411677aeSAaron LI	return -EINVAL;
411677aeSAaron LI}
411677aeSAaron LI
411677aeSAaron LIstatic const char *
411677aeSAaron LItstamp_precision_to_string(int precision)
411677aeSAaron LI{
411677aeSAaron LI	switch (precision) {
411677aeSAaron LI
411677aeSAaron LI	case PCAP_TSTAMP_PRECISION_MICRO:
411677aeSAaron LI		return "micro";
411677aeSAaron LI
411677aeSAaron LI	case PCAP_TSTAMP_PRECISION_NANO:
411677aeSAaron LI		return "nano";
411677aeSAaron LI
411677aeSAaron LI	default:
411677aeSAaron LI		return "unknown";
411677aeSAaron LI	}
411677aeSAaron LI}
411677aeSAaron LI#endif
411677aeSAaron LI
411677aeSAaron LI#ifdef HAVE_CAPSICUM
411677aeSAaron LI/*
411677aeSAaron LI * Ensure that, on a dump file's descriptor, we have all the rights
411677aeSAaron LI * necessary to make the standard I/O library work with an fdopen()ed
411677aeSAaron LI * FILE * from that descriptor.
411677aeSAaron LI *
*ed775ee7SAntonio Huete Jimenez * A long time ago in a galaxy far, far away, AT&T decided that, instead
411677aeSAaron LI * of providing separate APIs for getting and setting the FD_ flags on a
411677aeSAaron LI * descriptor, getting and setting the O_ flags on a descriptor, and
411677aeSAaron LI * locking files, they'd throw them all into a kitchen-sink fcntl() call
411677aeSAaron LI * along the lines of ioctl(), the fact that ioctl() operations are
411677aeSAaron LI * largely specific to particular character devices but fcntl() operations
411677aeSAaron LI * are either generic to all descriptors or generic to all descriptors for
411677aeSAaron LI * regular files nonwithstanding.
411677aeSAaron LI *
411677aeSAaron LI * The Capsicum people decided that fine-grained control of descriptor
411677aeSAaron LI * operations was required, so that you need to grant permission for
411677aeSAaron LI * reading, writing, seeking, and fcntl-ing.  The latter, courtesy of
411677aeSAaron LI * AT&T's decision, means that "fcntl-ing" isn't a thing, but a motley
411677aeSAaron LI * collection of things, so there are *individual* fcntls for which
411677aeSAaron LI * permission needs to be granted.
411677aeSAaron LI *
411677aeSAaron LI * The FreeBSD standard I/O people implemented some optimizations that
411677aeSAaron LI * requires that the standard I/O routines be able to determine whether
411677aeSAaron LI * the descriptor for the FILE * is open append-only or not; as that
411677aeSAaron LI * descriptor could have come from an open() rather than an fopen(),
411677aeSAaron LI * that requires that it be able to do an F_GETFL fcntl() to read
411677aeSAaron LI * the O_ flags.
411677aeSAaron LI *
411677aeSAaron LI * Tcpdump uses ftell() to determine how much data has been written
411677aeSAaron LI * to a file in order to, when used with -C, determine when it's time
411677aeSAaron LI * to rotate capture files.  ftell() therefore needs to do an lseek()
411677aeSAaron LI * to find out the file offset and must, thanks to the aforementioned
411677aeSAaron LI * optimization, also know whether the descriptor is open append-only
411677aeSAaron LI * or not.
411677aeSAaron LI *
411677aeSAaron LI * The net result of all the above is that we need to grant CAP_SEEK,
411677aeSAaron LI * CAP_WRITE, and CAP_FCNTL with the CAP_FCNTL_GETFL subcapability.
411677aeSAaron LI *
411677aeSAaron LI * Perhaps this is the universe's way of saying that either
411677aeSAaron LI *
411677aeSAaron LI *	1) there needs to be an fopenat() call and a pcap_dump_openat() call
411677aeSAaron LI *	   using it, so that Capsicum-capable tcpdump wouldn't need to do
411677aeSAaron LI *	   an fdopen()
411677aeSAaron LI *
411677aeSAaron LI * or
411677aeSAaron LI *
411677aeSAaron LI *	2) there needs to be a cap_fdopen() call in the FreeBSD standard
411677aeSAaron LI *	   I/O library that knows what rights are needed by the standard
411677aeSAaron LI *	   I/O library, based on the open mode, and assigns them, perhaps
411677aeSAaron LI *	   with an additional argument indicating, for example, whether
411677aeSAaron LI *	   seeking should be allowed, so that tcpdump doesn't need to know
411677aeSAaron LI *	   what the standard I/O library happens to require this week.
411677aeSAaron LI */
411677aeSAaron LIstatic void
411677aeSAaron LIset_dumper_capsicum_rights(pcap_dumper_t *p)
411677aeSAaron LI{
411677aeSAaron LI	int fd = fileno(pcap_dump_file(p));
411677aeSAaron LI	cap_rights_t rights;
411677aeSAaron LI
411677aeSAaron LI	cap_rights_init(&rights, CAP_SEEK, CAP_WRITE, CAP_FCNTL);
411677aeSAaron LI	if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) {
411677aeSAaron LI		error("unable to limit dump descriptor");
411677aeSAaron LI	}
411677aeSAaron LI	if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS) {
411677aeSAaron LI		error("unable to limit dump descriptor fcntls");
411677aeSAaron LI	}
411677aeSAaron LI}
411677aeSAaron LI#endif
411677aeSAaron LI
411677aeSAaron LI/*
411677aeSAaron LI * Copy arg vector into a new buffer, concatenating arguments with spaces.
411677aeSAaron LI */
411677aeSAaron LIstatic char *
*ed775ee7SAntonio Huete Jimenezcopy_argv(char **argv)
411677aeSAaron LI{
*ed775ee7SAntonio Huete Jimenez	char **p;
*ed775ee7SAntonio Huete Jimenez	size_t len = 0;
411677aeSAaron LI	char *buf;
411677aeSAaron LI	char *src, *dst;
411677aeSAaron LI
411677aeSAaron LI	p = argv;
411677aeSAaron LI	if (*p == NULL)
411677aeSAaron LI		return 0;
411677aeSAaron LI
411677aeSAaron LI	while (*p)
411677aeSAaron LI		len += strlen(*p++) + 1;
411677aeSAaron LI
411677aeSAaron LI	buf = (char *)malloc(len);
411677aeSAaron LI	if (buf == NULL)
*ed775ee7SAntonio Huete Jimenez		error("%s: malloc", __func__);
411677aeSAaron LI
411677aeSAaron LI	p = argv;
411677aeSAaron LI	dst = buf;
411677aeSAaron LI	while ((src = *p++) != NULL) {
411677aeSAaron LI		while ((*dst++ = *src++) != '\0')
411677aeSAaron LI			;
411677aeSAaron LI		dst[-1] = ' ';
411677aeSAaron LI	}
411677aeSAaron LI	dst[-1] = '\0';
411677aeSAaron LI
411677aeSAaron LI	return buf;
411677aeSAaron LI}
411677aeSAaron LI
411677aeSAaron LI/*
411677aeSAaron LI * On Windows, we need to open the file in binary mode, so that
411677aeSAaron LI * we get all the bytes specified by the size we get from "fstat()".
411677aeSAaron LI * On UNIX, that's not necessary.  O_BINARY is defined on Windows;
411677aeSAaron LI * we define it as 0 if it's not defined, so it does nothing.
411677aeSAaron LI */
411677aeSAaron LI#ifndef O_BINARY
411677aeSAaron LI#define O_BINARY	0
411677aeSAaron LI#endif
411677aeSAaron LI
411677aeSAaron LIstatic char *
411677aeSAaron LIread_infile(char *fname)
411677aeSAaron LI{
*ed775ee7SAntonio Huete Jimenez	int i, fd;
*ed775ee7SAntonio Huete Jimenez	ssize_t cc;
*ed775ee7SAntonio Huete Jimenez	char *cp;
*ed775ee7SAntonio Huete Jimenez	our_statb buf;
411677aeSAaron LI
411677aeSAaron LI	fd = open(fname, O_RDONLY|O_BINARY);
411677aeSAaron LI	if (fd < 0)
411677aeSAaron LI		error("can't open %s: %s", fname, pcap_strerror(errno));
411677aeSAaron LI
*ed775ee7SAntonio Huete Jimenez	if (our_fstat(fd, &buf) < 0)
411677aeSAaron LI		error("can't stat %s: %s", fname, pcap_strerror(errno));
411677aeSAaron LI
*ed775ee7SAntonio Huete Jimenez	/*
*ed775ee7SAntonio Huete Jimenez	 * Reject files whose size doesn't fit into an int; a filter
*ed775ee7SAntonio Huete Jimenez	 * *that* large will probably be too big.
*ed775ee7SAntonio Huete Jimenez	 */
*ed775ee7SAntonio Huete Jimenez	if (buf.st_size > INT_MAX)
*ed775ee7SAntonio Huete Jimenez		error("%s is too large", fname);
*ed775ee7SAntonio Huete Jimenez
411677aeSAaron LI	cp = malloc((u_int)buf.st_size + 1);
411677aeSAaron LI	if (cp == NULL)
411677aeSAaron LI		error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1,
411677aeSAaron LI			fname, pcap_strerror(errno));
411677aeSAaron LI	cc = read(fd, cp, (u_int)buf.st_size);
411677aeSAaron LI	if (cc < 0)
411677aeSAaron LI		error("read %s: %s", fname, pcap_strerror(errno));
411677aeSAaron LI	if (cc != buf.st_size)
*ed775ee7SAntonio Huete Jimenez		error("short read %s (%d != %d)", fname, (int) cc,
*ed775ee7SAntonio Huete Jimenez		    (int)buf.st_size);
411677aeSAaron LI
411677aeSAaron LI	close(fd);
411677aeSAaron LI	/* replace "# comment" with spaces */
411677aeSAaron LI	for (i = 0; i < cc; i++) {
411677aeSAaron LI		if (cp[i] == '#')
411677aeSAaron LI			while (i < cc && cp[i] != '\n')
411677aeSAaron LI				cp[i++] = ' ';
411677aeSAaron LI	}
411677aeSAaron LI	cp[cc] = '\0';
411677aeSAaron LI	return (cp);
411677aeSAaron LI}
411677aeSAaron LI
411677aeSAaron LI#ifdef HAVE_PCAP_FINDALLDEVS
411677aeSAaron LIstatic long
411677aeSAaron LIparse_interface_number(const char *device)
411677aeSAaron LI{
*ed775ee7SAntonio Huete Jimenez	const char *p;
411677aeSAaron LI	long devnum;
411677aeSAaron LI	char *end;
411677aeSAaron LI
*ed775ee7SAntonio Huete Jimenez	/*
*ed775ee7SAntonio Huete Jimenez	 * Search for a colon, terminating any scheme at the beginning
*ed775ee7SAntonio Huete Jimenez	 * of the device.
*ed775ee7SAntonio Huete Jimenez	 */
*ed775ee7SAntonio Huete Jimenez	p = strchr(device, ':');
*ed775ee7SAntonio Huete Jimenez	if (p != NULL) {
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * We found it.  Is it followed by "//"?
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez		p++;	/* skip the : */
*ed775ee7SAntonio Huete Jimenez		if (strncmp(p, "//", 2) == 0) {
*ed775ee7SAntonio Huete Jimenez			/*
*ed775ee7SAntonio Huete Jimenez			 * Yes.  Search for the next /, at the end of the
*ed775ee7SAntonio Huete Jimenez			 * authority part of the URL.
*ed775ee7SAntonio Huete Jimenez			 */
*ed775ee7SAntonio Huete Jimenez			p += 2;	/* skip the // */
*ed775ee7SAntonio Huete Jimenez			p = strchr(p, '/');
*ed775ee7SAntonio Huete Jimenez			if (p != NULL) {
*ed775ee7SAntonio Huete Jimenez				/*
*ed775ee7SAntonio Huete Jimenez				 * OK, past the / is the path.
*ed775ee7SAntonio Huete Jimenez				 */
*ed775ee7SAntonio Huete Jimenez				device = p + 1;
*ed775ee7SAntonio Huete Jimenez			}
*ed775ee7SAntonio Huete Jimenez		}
*ed775ee7SAntonio Huete Jimenez	}
411677aeSAaron LI	devnum = strtol(device, &end, 10);
411677aeSAaron LI	if (device != end && *end == '\0') {
411677aeSAaron LI		/*
411677aeSAaron LI		 * It's all-numeric, but is it a valid number?
411677aeSAaron LI		 */
411677aeSAaron LI		if (devnum <= 0) {
411677aeSAaron LI			/*
411677aeSAaron LI			 * No, it's not an ordinal.
411677aeSAaron LI			 */
411677aeSAaron LI			error("Invalid adapter index");
411677aeSAaron LI		}
411677aeSAaron LI		return (devnum);
411677aeSAaron LI	} else {
411677aeSAaron LI		/*
411677aeSAaron LI		 * It's not all-numeric; return -1, so our caller
411677aeSAaron LI		 * knows that.
411677aeSAaron LI		 */
411677aeSAaron LI		return (-1);
411677aeSAaron LI	}
411677aeSAaron LI}
411677aeSAaron LI
411677aeSAaron LIstatic char *
*ed775ee7SAntonio Huete Jimenezfind_interface_by_number(const char *url
*ed775ee7SAntonio Huete Jimenez#ifndef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenez_U_
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez, long devnum)
411677aeSAaron LI{
411677aeSAaron LI	pcap_if_t *dev, *devlist;
411677aeSAaron LI	long i;
411677aeSAaron LI	char ebuf[PCAP_ERRBUF_SIZE];
411677aeSAaron LI	char *device;
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenez	const char *endp;
*ed775ee7SAntonio Huete Jimenez	char *host_url;
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez	int status;
411677aeSAaron LI
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenez	/*
*ed775ee7SAntonio Huete Jimenez	 * Search for a colon, terminating any scheme at the beginning
*ed775ee7SAntonio Huete Jimenez	 * of the URL.
*ed775ee7SAntonio Huete Jimenez	 */
*ed775ee7SAntonio Huete Jimenez	endp = strchr(url, ':');
*ed775ee7SAntonio Huete Jimenez	if (endp != NULL) {
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * We found it.  Is it followed by "//"?
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez		endp++;	/* skip the : */
*ed775ee7SAntonio Huete Jimenez		if (strncmp(endp, "//", 2) == 0) {
*ed775ee7SAntonio Huete Jimenez			/*
*ed775ee7SAntonio Huete Jimenez			 * Yes.  Search for the next /, at the end of the
*ed775ee7SAntonio Huete Jimenez			 * authority part of the URL.
*ed775ee7SAntonio Huete Jimenez			 */
*ed775ee7SAntonio Huete Jimenez			endp += 2;	/* skip the // */
*ed775ee7SAntonio Huete Jimenez			endp = strchr(endp, '/');
*ed775ee7SAntonio Huete Jimenez		} else
*ed775ee7SAntonio Huete Jimenez			endp = NULL;
*ed775ee7SAntonio Huete Jimenez	}
*ed775ee7SAntonio Huete Jimenez	if (endp != NULL) {
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * OK, everything from device to endp is a URL to hand
*ed775ee7SAntonio Huete Jimenez		 * to pcap_findalldevs_ex().
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez		endp++;	/* Include the trailing / in the URL; pcap_findalldevs_ex() requires it */
*ed775ee7SAntonio Huete Jimenez		host_url = malloc(endp - url + 1);
*ed775ee7SAntonio Huete Jimenez		if (host_url == NULL && (endp - url + 1) > 0)
*ed775ee7SAntonio Huete Jimenez			error("Invalid allocation for host");
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez		memcpy(host_url, url, endp - url);
*ed775ee7SAntonio Huete Jimenez		host_url[endp - url] = '\0';
*ed775ee7SAntonio Huete Jimenez		status = pcap_findalldevs_ex(host_url, NULL, &devlist, ebuf);
*ed775ee7SAntonio Huete Jimenez		free(host_url);
*ed775ee7SAntonio Huete Jimenez	} else
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez	status = pcap_findalldevs(&devlist, ebuf);
*ed775ee7SAntonio Huete Jimenez	if (status < 0)
411677aeSAaron LI		error("%s", ebuf);
411677aeSAaron LI	/*
411677aeSAaron LI	 * Look for the devnum-th entry in the list of devices (1-based).
411677aeSAaron LI	 */
411677aeSAaron LI	for (i = 0, dev = devlist; i < devnum-1 && dev != NULL;
411677aeSAaron LI	    i++, dev = dev->next)
411677aeSAaron LI		;
411677aeSAaron LI	if (dev == NULL)
411677aeSAaron LI		error("Invalid adapter index");
411677aeSAaron LI	device = strdup(dev->name);
411677aeSAaron LI	pcap_freealldevs(devlist);
411677aeSAaron LI	return (device);
411677aeSAaron LI}
411677aeSAaron LI#endif
411677aeSAaron LI
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_OPEN
*ed775ee7SAntonio Huete Jimenez/*
*ed775ee7SAntonio Huete Jimenez * Prefixes for rpcap URLs.
*ed775ee7SAntonio Huete Jimenez */
*ed775ee7SAntonio Huete Jimenezstatic char rpcap_prefix[] = "rpcap://";
*ed775ee7SAntonio Huete Jimenezstatic char rpcap_ssl_prefix[] = "rpcaps://";
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
411677aeSAaron LIstatic pcap_t *
411677aeSAaron LIopen_interface(const char *device, netdissect_options *ndo, char *ebuf)
411677aeSAaron LI{
411677aeSAaron LI	pcap_t *pc;
411677aeSAaron LI#ifdef HAVE_PCAP_CREATE
411677aeSAaron LI	int status;
411677aeSAaron LI	char *cp;
411677aeSAaron LI#endif
411677aeSAaron LI
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_OPEN
*ed775ee7SAntonio Huete Jimenez	/*
*ed775ee7SAntonio Huete Jimenez	 * Is this an rpcap URL?
*ed775ee7SAntonio Huete Jimenez	 */
*ed775ee7SAntonio Huete Jimenez	if (strncmp(device, rpcap_prefix, sizeof(rpcap_prefix) - 1) == 0 ||
*ed775ee7SAntonio Huete Jimenez	    strncmp(device, rpcap_ssl_prefix, sizeof(rpcap_ssl_prefix) - 1) == 0) {
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * Yes.  Open it with pcap_open().
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez		*ebuf = '\0';
*ed775ee7SAntonio Huete Jimenez		pc = pcap_open(device, ndo->ndo_snaplen,
*ed775ee7SAntonio Huete Jimenez		    pflag ? 0 : PCAP_OPENFLAG_PROMISCUOUS, timeout, NULL,
*ed775ee7SAntonio Huete Jimenez		    ebuf);
*ed775ee7SAntonio Huete Jimenez		if (pc == NULL) {
*ed775ee7SAntonio Huete Jimenez			/*
*ed775ee7SAntonio Huete Jimenez			 * If this failed with "No such device" or "The system
*ed775ee7SAntonio Huete Jimenez			 * cannot find the device specified", that means
*ed775ee7SAntonio Huete Jimenez			 * the interface doesn't exist; return NULL, so that
*ed775ee7SAntonio Huete Jimenez			 * the caller can see whether the device name is
*ed775ee7SAntonio Huete Jimenez			 * actually an interface index.
*ed775ee7SAntonio Huete Jimenez			 */
*ed775ee7SAntonio Huete Jimenez			if (strstr(ebuf, "No such device") != NULL ||
*ed775ee7SAntonio Huete Jimenez			    strstr(ebuf, "The system cannot find the device specified") != NULL)
*ed775ee7SAntonio Huete Jimenez				return (NULL);
*ed775ee7SAntonio Huete Jimenez			error("%s", ebuf);
*ed775ee7SAntonio Huete Jimenez		}
*ed775ee7SAntonio Huete Jimenez		if (*ebuf)
*ed775ee7SAntonio Huete Jimenez			warning("%s", ebuf);
*ed775ee7SAntonio Huete Jimenez		return (pc);
*ed775ee7SAntonio Huete Jimenez	}
*ed775ee7SAntonio Huete Jimenez#endif /* HAVE_PCAP_OPEN */
*ed775ee7SAntonio Huete Jimenez
411677aeSAaron LI#ifdef HAVE_PCAP_CREATE
411677aeSAaron LI	pc = pcap_create(device, ebuf);
411677aeSAaron LI	if (pc == NULL) {
411677aeSAaron LI		/*
411677aeSAaron LI		 * If this failed with "No such device", that means
411677aeSAaron LI		 * the interface doesn't exist; return NULL, so that
411677aeSAaron LI		 * the caller can see whether the device name is
411677aeSAaron LI		 * actually an interface index.
411677aeSAaron LI		 */
411677aeSAaron LI		if (strstr(ebuf, "No such device") != NULL)
411677aeSAaron LI			return (NULL);
411677aeSAaron LI		error("%s", ebuf);
411677aeSAaron LI	}
411677aeSAaron LI#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
411677aeSAaron LI	if (Jflag)
411677aeSAaron LI		show_tstamp_types_and_exit(pc, device);
411677aeSAaron LI#endif
411677aeSAaron LI#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
411677aeSAaron LI	status = pcap_set_tstamp_precision(pc, ndo->ndo_tstamp_precision);
411677aeSAaron LI	if (status != 0)
411677aeSAaron LI		error("%s: Can't set %ssecond time stamp precision: %s",
411677aeSAaron LI		    device,
411677aeSAaron LI		    tstamp_precision_to_string(ndo->ndo_tstamp_precision),
411677aeSAaron LI		    pcap_statustostr(status));
411677aeSAaron LI#endif
411677aeSAaron LI
411677aeSAaron LI#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
411677aeSAaron LI	if (immediate_mode) {
411677aeSAaron LI		status = pcap_set_immediate_mode(pc, 1);
411677aeSAaron LI		if (status != 0)
411677aeSAaron LI			error("%s: Can't set immediate mode: %s",
*ed775ee7SAntonio Huete Jimenez			    device, pcap_statustostr(status));
411677aeSAaron LI	}
411677aeSAaron LI#endif
411677aeSAaron LI	/*
411677aeSAaron LI	 * Is this an interface that supports monitor mode?
411677aeSAaron LI	 */
411677aeSAaron LI	if (pcap_can_set_rfmon(pc) == 1)
411677aeSAaron LI		supports_monitor_mode = 1;
411677aeSAaron LI	else
411677aeSAaron LI		supports_monitor_mode = 0;
*ed775ee7SAntonio Huete Jimenez	if (ndo->ndo_snaplen != 0) {
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * A snapshot length was explicitly specified;
*ed775ee7SAntonio Huete Jimenez		 * use it.
*ed775ee7SAntonio Huete Jimenez		 */
411677aeSAaron LI		status = pcap_set_snaplen(pc, ndo->ndo_snaplen);
411677aeSAaron LI		if (status != 0)
411677aeSAaron LI			error("%s: Can't set snapshot length: %s",
411677aeSAaron LI			    device, pcap_statustostr(status));
*ed775ee7SAntonio Huete Jimenez	}
411677aeSAaron LI	status = pcap_set_promisc(pc, !pflag);
411677aeSAaron LI	if (status != 0)
411677aeSAaron LI		error("%s: Can't set promiscuous mode: %s",
411677aeSAaron LI		    device, pcap_statustostr(status));
411677aeSAaron LI	if (Iflag) {
411677aeSAaron LI		status = pcap_set_rfmon(pc, 1);
411677aeSAaron LI		if (status != 0)
411677aeSAaron LI			error("%s: Can't set monitor mode: %s",
411677aeSAaron LI			    device, pcap_statustostr(status));
411677aeSAaron LI	}
*ed775ee7SAntonio Huete Jimenez	status = pcap_set_timeout(pc, timeout);
411677aeSAaron LI	if (status != 0)
411677aeSAaron LI		error("%s: pcap_set_timeout failed: %s",
411677aeSAaron LI		    device, pcap_statustostr(status));
411677aeSAaron LI	if (Bflag != 0) {
411677aeSAaron LI		status = pcap_set_buffer_size(pc, Bflag);
411677aeSAaron LI		if (status != 0)
411677aeSAaron LI			error("%s: Can't set buffer size: %s",
411677aeSAaron LI			    device, pcap_statustostr(status));
411677aeSAaron LI	}
411677aeSAaron LI#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
411677aeSAaron LI	if (jflag != -1) {
411677aeSAaron LI		status = pcap_set_tstamp_type(pc, jflag);
411677aeSAaron LI		if (status < 0)
411677aeSAaron LI			error("%s: Can't set time stamp type: %s",
411677aeSAaron LI			    device, pcap_statustostr(status));
411677aeSAaron LI		else if (status > 0)
411677aeSAaron LI			warning("When trying to set timestamp type '%s' on %s: %s",
411677aeSAaron LI			    pcap_tstamp_type_val_to_name(jflag), device,
411677aeSAaron LI			    pcap_statustostr(status));
411677aeSAaron LI	}
411677aeSAaron LI#endif
411677aeSAaron LI	status = pcap_activate(pc);
411677aeSAaron LI	if (status < 0) {
411677aeSAaron LI		/*
411677aeSAaron LI		 * pcap_activate() failed.
411677aeSAaron LI		 */
411677aeSAaron LI		cp = pcap_geterr(pc);
411677aeSAaron LI		if (status == PCAP_ERROR)
411677aeSAaron LI			error("%s", cp);
411677aeSAaron LI		else if (status == PCAP_ERROR_NO_SUCH_DEVICE) {
411677aeSAaron LI			/*
411677aeSAaron LI			 * Return an error for our caller to handle.
411677aeSAaron LI			 */
411677aeSAaron LI			snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s\n(%s)",
411677aeSAaron LI			    device, pcap_statustostr(status), cp);
411677aeSAaron LI		} else if (status == PCAP_ERROR_PERM_DENIED && *cp != '\0')
411677aeSAaron LI			error("%s: %s\n(%s)", device,
411677aeSAaron LI			    pcap_statustostr(status), cp);
*ed775ee7SAntonio Huete Jimenez#ifdef __FreeBSD__
*ed775ee7SAntonio Huete Jimenez		else if (status == PCAP_ERROR_RFMON_NOTSUP &&
*ed775ee7SAntonio Huete Jimenez		    strncmp(device, "wlan", 4) == 0) {
*ed775ee7SAntonio Huete Jimenez			char parent[8], newdev[8];
*ed775ee7SAntonio Huete Jimenez			char sysctl[32];
*ed775ee7SAntonio Huete Jimenez			size_t s = sizeof(parent);
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez			snprintf(sysctl, sizeof(sysctl),
*ed775ee7SAntonio Huete Jimenez			    "net.wlan.%d.%%parent", atoi(device + 4));
*ed775ee7SAntonio Huete Jimenez			sysctlbyname(sysctl, parent, &s, NULL, 0);
*ed775ee7SAntonio Huete Jimenez			strlcpy(newdev, device, sizeof(newdev));
*ed775ee7SAntonio Huete Jimenez			/* Suggest a new wlan device. */
*ed775ee7SAntonio Huete Jimenez			/* FIXME: incrementing the index this way is not going to work well
*ed775ee7SAntonio Huete Jimenez			 * when the index is 9 or greater but the only consequence in this
*ed775ee7SAntonio Huete Jimenez			 * specific case would be an error message that looks a bit odd.
*ed775ee7SAntonio Huete Jimenez			 */
*ed775ee7SAntonio Huete Jimenez			newdev[strlen(newdev)-1]++;
*ed775ee7SAntonio Huete Jimenez			error("%s is not a monitor mode VAP\n"
*ed775ee7SAntonio Huete Jimenez			    "To create a new monitor mode VAP use:\n"
*ed775ee7SAntonio Huete Jimenez			    "  ifconfig %s create wlandev %s wlanmode monitor\n"
*ed775ee7SAntonio Huete Jimenez			    "and use %s as the tcpdump interface",
*ed775ee7SAntonio Huete Jimenez			    device, newdev, parent, newdev);
*ed775ee7SAntonio Huete Jimenez		}
*ed775ee7SAntonio Huete Jimenez#endif
411677aeSAaron LI		else
411677aeSAaron LI			error("%s: %s", device,
411677aeSAaron LI			    pcap_statustostr(status));
*ed775ee7SAntonio Huete Jimenez		pcap_close(pc);
*ed775ee7SAntonio Huete Jimenez		return (NULL);
411677aeSAaron LI	} else if (status > 0) {
411677aeSAaron LI		/*
411677aeSAaron LI		 * pcap_activate() succeeded, but it's warning us
411677aeSAaron LI		 * of a problem it had.
411677aeSAaron LI		 */
411677aeSAaron LI		cp = pcap_geterr(pc);
411677aeSAaron LI		if (status == PCAP_WARNING)
411677aeSAaron LI			warning("%s", cp);
411677aeSAaron LI		else if (status == PCAP_WARNING_PROMISC_NOTSUP &&
411677aeSAaron LI		         *cp != '\0')
411677aeSAaron LI			warning("%s: %s\n(%s)", device,
411677aeSAaron LI			    pcap_statustostr(status), cp);
411677aeSAaron LI		else
411677aeSAaron LI			warning("%s: %s", device,
411677aeSAaron LI			    pcap_statustostr(status));
411677aeSAaron LI	}
411677aeSAaron LI#ifdef HAVE_PCAP_SETDIRECTION
411677aeSAaron LI	if (Qflag != -1) {
411677aeSAaron LI		status = pcap_setdirection(pc, Qflag);
411677aeSAaron LI		if (status != 0)
411677aeSAaron LI			error("%s: pcap_setdirection() failed: %s",
411677aeSAaron LI			      device,  pcap_geterr(pc));
411677aeSAaron LI		}
411677aeSAaron LI#endif /* HAVE_PCAP_SETDIRECTION */
411677aeSAaron LI#else /* HAVE_PCAP_CREATE */
411677aeSAaron LI	*ebuf = '\0';
*ed775ee7SAntonio Huete Jimenez	/*
*ed775ee7SAntonio Huete Jimenez	 * If no snapshot length was specified, or a length of 0 was
*ed775ee7SAntonio Huete Jimenez	 * specified, default to 256KB.
*ed775ee7SAntonio Huete Jimenez	 */
*ed775ee7SAntonio Huete Jimenez	if (ndo->ndo_snaplen == 0)
*ed775ee7SAntonio Huete Jimenez		ndo->ndo_snaplen = MAXIMUM_SNAPLEN;
*ed775ee7SAntonio Huete Jimenez	pc = pcap_open_live(device, ndo->ndo_snaplen, !pflag, timeout, ebuf);
411677aeSAaron LI	if (pc == NULL) {
411677aeSAaron LI		/*
411677aeSAaron LI		 * If this failed with "No such device", that means
411677aeSAaron LI		 * the interface doesn't exist; return NULL, so that
411677aeSAaron LI		 * the caller can see whether the device name is
411677aeSAaron LI		 * actually an interface index.
411677aeSAaron LI		 */
411677aeSAaron LI		if (strstr(ebuf, "No such device") != NULL)
411677aeSAaron LI			return (NULL);
411677aeSAaron LI		error("%s", ebuf);
411677aeSAaron LI	}
411677aeSAaron LI	if (*ebuf)
411677aeSAaron LI		warning("%s", ebuf);
411677aeSAaron LI#endif /* HAVE_PCAP_CREATE */
411677aeSAaron LI
411677aeSAaron LI	return (pc);
411677aeSAaron LI}
411677aeSAaron LI
41c99275SPeter Avalosint
41c99275SPeter Avalosmain(int argc, char **argv)
41c99275SPeter Avalos{
*ed775ee7SAntonio Huete Jimenez	int cnt, op, i;
411677aeSAaron LI	bpf_u_int32 localnet = 0, netmask = 0;
*ed775ee7SAntonio Huete Jimenez	char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName;
*ed775ee7SAntonio Huete Jimenez	char *endp;
41c99275SPeter Avalos	pcap_handler callback;
411677aeSAaron LI	int dlt;
411677aeSAaron LI	const char *dlt_name;
41c99275SPeter Avalos	struct bpf_program fcode;
411677aeSAaron LI#ifndef _WIN32
*ed775ee7SAntonio Huete Jimenez	void (*oldhandler)(int);
41c99275SPeter Avalos#endif
41c99275SPeter Avalos	struct dump_info dumpinfo;
41c99275SPeter Avalos	u_char *pcap_userdata;
41c99275SPeter Avalos	char ebuf[PCAP_ERRBUF_SIZE];
411677aeSAaron LI	char VFileLine[PATH_MAX + 1];
*ed775ee7SAntonio Huete Jimenez	const char *username = NULL;
*ed775ee7SAntonio Huete Jimenez#ifndef _WIN32
*ed775ee7SAntonio Huete Jimenez	const char *chroot_dir = NULL;
*ed775ee7SAntonio Huete Jimenez#endif
411677aeSAaron LI	char *ret = NULL;
411677aeSAaron LI	char *end;
41c99275SPeter Avalos#ifdef HAVE_PCAP_FINDALLDEVS
411677aeSAaron LI	pcap_if_t *devlist;
411677aeSAaron LI	long devnum;
41c99275SPeter Avalos#endif
41c99275SPeter Avalos	int status;
411677aeSAaron LI	FILE *VFile;
411677aeSAaron LI#ifdef HAVE_CAPSICUM
411677aeSAaron LI	cap_rights_t rights;
411677aeSAaron LI	int cansandbox;
411677aeSAaron LI#endif	/* HAVE_CAPSICUM */
411677aeSAaron LI	int Oflag = 1;			/* run filter code optimizer */
411677aeSAaron LI	int yflag_dlt = -1;
411677aeSAaron LI	const char *yflag_dlt_name = NULL;
*ed775ee7SAntonio Huete Jimenez	int print = 0;
41c99275SPeter Avalos
411677aeSAaron LI	netdissect_options Ndo;
411677aeSAaron LI	netdissect_options *ndo = &Ndo;
411677aeSAaron LI
411677aeSAaron LI	/*
411677aeSAaron LI	 * Initialize the netdissect code.
411677aeSAaron LI	 */
*ed775ee7SAntonio Huete Jimenez	if (nd_init(ebuf, sizeof(ebuf)) == -1)
411677aeSAaron LI		error("%s", ebuf);
411677aeSAaron LI
411677aeSAaron LI	memset(ndo, 0, sizeof(*ndo));
411677aeSAaron LI	ndo_set_function_pointers(ndo);
41c99275SPeter Avalos
41c99275SPeter Avalos	cnt = -1;
41c99275SPeter Avalos	device = NULL;
41c99275SPeter Avalos	infile = NULL;
41c99275SPeter Avalos	RFileName = NULL;
411677aeSAaron LI	VFileName = NULL;
411677aeSAaron LI	VFile = NULL;
41c99275SPeter Avalos	WFileName = NULL;
411677aeSAaron LI	dlt = -1;
*ed775ee7SAntonio Huete Jimenez	if ((cp = strrchr(argv[0], PATH_SEPARATOR)) != NULL)
411677aeSAaron LI		ndo->program_name = program_name = cp + 1;
41c99275SPeter Avalos	else
411677aeSAaron LI		ndo->program_name = program_name = argv[0];
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#if defined(HAVE_PCAP_WSOCKINIT)
411677aeSAaron LI	if (pcap_wsockinit() != 0)
411677aeSAaron LI		error("Attempting to initialize Winsock failed");
*ed775ee7SAntonio Huete Jimenez#elif defined(HAVE_WSOCKINIT)
*ed775ee7SAntonio Huete Jimenez	if (wsockinit() != 0)
*ed775ee7SAntonio Huete Jimenez		error("Attempting to initialize Winsock failed");
*ed775ee7SAntonio Huete Jimenez#endif
411677aeSAaron LI
411677aeSAaron LI	/*
411677aeSAaron LI	 * On platforms where the CPU doesn't support unaligned loads,
411677aeSAaron LI	 * force unaligned accesses to abort with SIGBUS, rather than
411677aeSAaron LI	 * being fixed up (slowly) by the OS kernel; on those platforms,
411677aeSAaron LI	 * misaligned accesses are bugs, and we want tcpdump to crash so
411677aeSAaron LI	 * that the bugs are reported.
411677aeSAaron LI	 */
41c99275SPeter Avalos	if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
41c99275SPeter Avalos		error("%s", ebuf);
41c99275SPeter Avalos
41c99275SPeter Avalos	while (
411677aeSAaron LI	    (op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1)
41c99275SPeter Avalos		switch (op) {
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'a':
41c99275SPeter Avalos			/* compatibility for old -a */
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'A':
411677aeSAaron LI			++ndo->ndo_Aflag;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
27bfbee1SPeter Avalos		case 'b':
411677aeSAaron LI			++ndo->ndo_bflag;
27bfbee1SPeter Avalos			break;
27bfbee1SPeter Avalos
411677aeSAaron LI#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
41c99275SPeter Avalos		case 'B':
ea7b4bf5SPeter Avalos			Bflag = atoi(optarg)*1024;
ea7b4bf5SPeter Avalos			if (Bflag <= 0)
41c99275SPeter Avalos				error("invalid packet buffer size %s", optarg);
41c99275SPeter Avalos			break;
411677aeSAaron LI#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'c':
41c99275SPeter Avalos			cnt = atoi(optarg);
41c99275SPeter Avalos			if (cnt <= 0)
41c99275SPeter Avalos				error("invalid packet count %s", optarg);
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'C':
*ed775ee7SAntonio Huete Jimenez			errno = 0;
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_DUMP_FTELL64
*ed775ee7SAntonio Huete Jimenez			Cflag = strtoint64_t(optarg, &endp, 10);
*ed775ee7SAntonio Huete Jimenez#else
*ed775ee7SAntonio Huete Jimenez			Cflag = strtol(optarg, &endp, 10);
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez			if (endp == optarg || *endp != '\0' || errno != 0
*ed775ee7SAntonio Huete Jimenez			    || Cflag <= 0)
41c99275SPeter Avalos				error("invalid file size %s", optarg);
*ed775ee7SAntonio Huete Jimenez			/*
*ed775ee7SAntonio Huete Jimenez			 * Will multiplying it by 1000000 overflow?
*ed775ee7SAntonio Huete Jimenez			 */
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_DUMP_FTELL64
*ed775ee7SAntonio Huete Jimenez			if (Cflag > INT64_T_CONSTANT(0x7fffffffffffffff) / 1000000)
*ed775ee7SAntonio Huete Jimenez#else
*ed775ee7SAntonio Huete Jimenez			if (Cflag > LONG_MAX / 1000000)
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez				error("file size %s is too large", optarg);
*ed775ee7SAntonio Huete Jimenez			Cflag *= 1000000;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'd':
41c99275SPeter Avalos			++dflag;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS
41c99275SPeter Avalos		case 'D':
411677aeSAaron LI			Dflag++;
411677aeSAaron LI			break;
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenez		case OPTION_LIST_REMOTE_INTERFACES:
*ed775ee7SAntonio Huete Jimenez			remote_interfaces_source = optarg;
*ed775ee7SAntonio Huete Jimenez			break;
*ed775ee7SAntonio Huete Jimenez#endif
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'L':
41c99275SPeter Avalos			Lflag++;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'e':
411677aeSAaron LI			++ndo->ndo_eflag;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'E':
41c99275SPeter Avalos#ifndef HAVE_LIBCRYPTO
41c99275SPeter Avalos			warning("crypto code not compiled in");
41c99275SPeter Avalos#endif
411677aeSAaron LI			ndo->ndo_espsecret = optarg;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'f':
411677aeSAaron LI			++ndo->ndo_fflag;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'F':
41c99275SPeter Avalos			infile = optarg;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
ea7b4bf5SPeter Avalos		case 'G':
ea7b4bf5SPeter Avalos			Gflag = atoi(optarg);
ea7b4bf5SPeter Avalos			if (Gflag < 0)
ea7b4bf5SPeter Avalos				error("invalid number of seconds %s", optarg);
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos                        /* We will create one file initially. */
ea7b4bf5SPeter Avalos                        Gflag_count = 0;
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos			/* Grab the current time for rotation use. */
ea7b4bf5SPeter Avalos			if ((Gflag_time = time(NULL)) == (time_t)-1) {
*ed775ee7SAntonio Huete Jimenez				error("%s: can't get current time: %s",
*ed775ee7SAntonio Huete Jimenez				    __func__, pcap_strerror(errno));
ea7b4bf5SPeter Avalos			}
ea7b4bf5SPeter Avalos			break;
ea7b4bf5SPeter Avalos
27bfbee1SPeter Avalos		case 'h':
*ed775ee7SAntonio Huete Jimenez			print_usage(stdout);
*ed775ee7SAntonio Huete Jimenez			exit_tcpdump(S_SUCCESS);
27bfbee1SPeter Avalos			break;
27bfbee1SPeter Avalos
27bfbee1SPeter Avalos		case 'H':
411677aeSAaron LI			++ndo->ndo_Hflag;
27bfbee1SPeter Avalos			break;
27bfbee1SPeter Avalos
41c99275SPeter Avalos		case 'i':
41c99275SPeter Avalos			device = optarg;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
ea7b4bf5SPeter Avalos#ifdef HAVE_PCAP_CREATE
ea7b4bf5SPeter Avalos		case 'I':
ea7b4bf5SPeter Avalos			++Iflag;
ea7b4bf5SPeter Avalos			break;
ea7b4bf5SPeter Avalos#endif /* HAVE_PCAP_CREATE */
ea7b4bf5SPeter Avalos
27bfbee1SPeter Avalos#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
27bfbee1SPeter Avalos		case 'j':
27bfbee1SPeter Avalos			jflag = pcap_tstamp_type_name_to_val(optarg);
27bfbee1SPeter Avalos			if (jflag < 0)
27bfbee1SPeter Avalos				error("invalid time stamp type %s", optarg);
27bfbee1SPeter Avalos			break;
27bfbee1SPeter Avalos
27bfbee1SPeter Avalos		case 'J':
27bfbee1SPeter Avalos			Jflag++;
27bfbee1SPeter Avalos			break;
27bfbee1SPeter Avalos#endif
27bfbee1SPeter Avalos
41c99275SPeter Avalos		case 'l':
411677aeSAaron LI#ifdef _WIN32
41c99275SPeter Avalos			/*
41c99275SPeter Avalos			 * _IOLBF is the same as _IOFBF in Microsoft's C
41c99275SPeter Avalos			 * libraries; the only alternative they offer
41c99275SPeter Avalos			 * is _IONBF.
41c99275SPeter Avalos			 *
41c99275SPeter Avalos			 * XXX - this should really be checking for MSVC++,
411677aeSAaron LI			 * not _WIN32, if, for example, MinGW has its own
41c99275SPeter Avalos			 * C library that is more UNIX-compatible.
41c99275SPeter Avalos			 */
41c99275SPeter Avalos			setvbuf(stdout, NULL, _IONBF, 0);
411677aeSAaron LI#else /* _WIN32 */
41c99275SPeter Avalos#ifdef HAVE_SETLINEBUF
41c99275SPeter Avalos			setlinebuf(stdout);
41c99275SPeter Avalos#else
41c99275SPeter Avalos			setvbuf(stdout, NULL, _IOLBF, 0);
41c99275SPeter Avalos#endif
411677aeSAaron LI#endif /* _WIN32 */
*ed775ee7SAntonio Huete Jimenez			lflag = 1;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
ea7b4bf5SPeter Avalos		case 'K':
411677aeSAaron LI			++ndo->ndo_Kflag;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'm':
411677aeSAaron LI			if (nd_have_smi_support()) {
*ed775ee7SAntonio Huete Jimenez				if (nd_load_smi_module(optarg, ebuf, sizeof(ebuf)) == -1)
411677aeSAaron LI					error("%s", ebuf);
411677aeSAaron LI			} else {
41c99275SPeter Avalos				(void)fprintf(stderr, "%s: ignoring option `-m %s' ",
41c99275SPeter Avalos					      program_name, optarg);
41c99275SPeter Avalos				(void)fprintf(stderr, "(no libsmi support)\n");
411677aeSAaron LI			}
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'M':
41c99275SPeter Avalos			/* TCP-MD5 shared secret */
41c99275SPeter Avalos#ifndef HAVE_LIBCRYPTO
41c99275SPeter Avalos			warning("crypto code not compiled in");
41c99275SPeter Avalos#endif
411677aeSAaron LI			ndo->ndo_sigsecret = optarg;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
ea7b4bf5SPeter Avalos		case 'n':
411677aeSAaron LI			++ndo->ndo_nflag;
ea7b4bf5SPeter Avalos			break;
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos		case 'N':
411677aeSAaron LI			++ndo->ndo_Nflag;
ea7b4bf5SPeter Avalos			break;
ea7b4bf5SPeter Avalos
41c99275SPeter Avalos		case 'O':
41c99275SPeter Avalos			Oflag = 0;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'p':
41c99275SPeter Avalos			++pflag;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'q':
411677aeSAaron LI			++ndo->ndo_qflag;
411677aeSAaron LI			++ndo->ndo_suppress_default_print;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
411677aeSAaron LI#ifdef HAVE_PCAP_SETDIRECTION
411677aeSAaron LI		case 'Q':
411677aeSAaron LI			if (ascii_strcasecmp(optarg, "in") == 0)
411677aeSAaron LI				Qflag = PCAP_D_IN;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "out") == 0)
411677aeSAaron LI				Qflag = PCAP_D_OUT;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "inout") == 0)
411677aeSAaron LI				Qflag = PCAP_D_INOUT;
411677aeSAaron LI			else
411677aeSAaron LI				error("unknown capture direction `%s'", optarg);
411677aeSAaron LI			break;
411677aeSAaron LI#endif /* HAVE_PCAP_SETDIRECTION */
411677aeSAaron LI
41c99275SPeter Avalos		case 'r':
41c99275SPeter Avalos			RFileName = optarg;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
411677aeSAaron LI		case 's':
*ed775ee7SAntonio Huete Jimenez			ndo->ndo_snaplen = (int)strtol(optarg, &end, 0);
41c99275SPeter Avalos			if (optarg == end || *end != '\0'
411677aeSAaron LI			    || ndo->ndo_snaplen < 0 || ndo->ndo_snaplen > MAXIMUM_SNAPLEN)
*ed775ee7SAntonio Huete Jimenez				error("invalid snaplen %s (must be >= 0 and <= %d)",
*ed775ee7SAntonio Huete Jimenez				      optarg, MAXIMUM_SNAPLEN);
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'S':
411677aeSAaron LI			++ndo->ndo_Sflag;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 't':
411677aeSAaron LI			++ndo->ndo_tflag;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'T':
411677aeSAaron LI			if (ascii_strcasecmp(optarg, "vat") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_VAT;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "wb") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_WB;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "rpc") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_RPC;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "rtp") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_RTP;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "rtcp") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_RTCP;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "snmp") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_SNMP;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "cnfp") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_CNFP;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "tftp") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_TFTP;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "aodv") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_AODV;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "carp") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_CARP;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "radius") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_RADIUS;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "zmtp1") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_ZMTP1;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "vxlan") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_VXLAN;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "pgm") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_PGM;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "pgm_zmtp1") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_PGM_ZMTP1;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "lmp") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_LMP;
411677aeSAaron LI			else if (ascii_strcasecmp(optarg, "resp") == 0)
411677aeSAaron LI				ndo->ndo_packettype = PT_RESP;
*ed775ee7SAntonio Huete Jimenez			else if (ascii_strcasecmp(optarg, "ptp") == 0)
*ed775ee7SAntonio Huete Jimenez				ndo->ndo_packettype = PT_PTP;
*ed775ee7SAntonio Huete Jimenez			else if (ascii_strcasecmp(optarg, "someip") == 0)
*ed775ee7SAntonio Huete Jimenez				ndo->ndo_packettype = PT_SOMEIP;
*ed775ee7SAntonio Huete Jimenez			else if (ascii_strcasecmp(optarg, "domain") == 0)
*ed775ee7SAntonio Huete Jimenez				ndo->ndo_packettype = PT_DOMAIN;
41c99275SPeter Avalos			else
41c99275SPeter Avalos				error("unknown packet type `%s'", optarg);
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'u':
411677aeSAaron LI			++ndo->ndo_uflag;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos#ifdef HAVE_PCAP_DUMP_FLUSH
41c99275SPeter Avalos		case 'U':
41c99275SPeter Avalos			++Uflag;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'v':
411677aeSAaron LI			++ndo->ndo_vflag;
411677aeSAaron LI			break;
411677aeSAaron LI
411677aeSAaron LI		case 'V':
411677aeSAaron LI			VFileName = optarg;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'w':
41c99275SPeter Avalos			WFileName = optarg;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'W':
41c99275SPeter Avalos			Wflag = atoi(optarg);
411677aeSAaron LI			if (Wflag <= 0)
41c99275SPeter Avalos				error("invalid number of output files %s", optarg);
41c99275SPeter Avalos			WflagChars = getWflagChars(Wflag);
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'x':
411677aeSAaron LI			++ndo->ndo_xflag;
411677aeSAaron LI			++ndo->ndo_suppress_default_print;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'X':
411677aeSAaron LI			++ndo->ndo_Xflag;
411677aeSAaron LI			++ndo->ndo_suppress_default_print;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
41c99275SPeter Avalos		case 'y':
411677aeSAaron LI			yflag_dlt_name = optarg;
411677aeSAaron LI			yflag_dlt =
411677aeSAaron LI				pcap_datalink_name_to_val(yflag_dlt_name);
411677aeSAaron LI			if (yflag_dlt < 0)
411677aeSAaron LI				error("invalid data link type %s", yflag_dlt_name);
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
411677aeSAaron LI#ifdef HAVE_PCAP_SET_PARSER_DEBUG
41c99275SPeter Avalos		case 'Y':
41c99275SPeter Avalos			{
41c99275SPeter Avalos			/* Undocumented flag */
411677aeSAaron LI			pcap_set_parser_debug(1);
41c99275SPeter Avalos			}
41c99275SPeter Avalos			break;
41c99275SPeter Avalos#endif
ea7b4bf5SPeter Avalos		case 'z':
411677aeSAaron LI			zflag = optarg;
ea7b4bf5SPeter Avalos			break;
ea7b4bf5SPeter Avalos
41c99275SPeter Avalos		case 'Z':
411677aeSAaron LI			username = optarg;
41c99275SPeter Avalos			break;
41c99275SPeter Avalos
411677aeSAaron LI		case '#':
411677aeSAaron LI			ndo->ndo_packet_number = 1;
411677aeSAaron LI			break;
411677aeSAaron LI
411677aeSAaron LI		case OPTION_VERSION:
*ed775ee7SAntonio Huete Jimenez			print_version(stdout);
*ed775ee7SAntonio Huete Jimenez			exit_tcpdump(S_SUCCESS);
411677aeSAaron LI			break;
411677aeSAaron LI
411677aeSAaron LI#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
411677aeSAaron LI		case OPTION_TSTAMP_PRECISION:
411677aeSAaron LI			ndo->ndo_tstamp_precision = tstamp_precision_from_string(optarg);
411677aeSAaron LI			if (ndo->ndo_tstamp_precision < 0)
411677aeSAaron LI				error("unsupported time stamp precision");
411677aeSAaron LI			break;
411677aeSAaron LI#endif
411677aeSAaron LI
411677aeSAaron LI#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
411677aeSAaron LI		case OPTION_IMMEDIATE_MODE:
411677aeSAaron LI			immediate_mode = 1;
411677aeSAaron LI			break;
411677aeSAaron LI#endif
411677aeSAaron LI
*ed775ee7SAntonio Huete Jimenez		case OPTION_PRINT:
*ed775ee7SAntonio Huete Jimenez			print = 1;
*ed775ee7SAntonio Huete Jimenez			break;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
*ed775ee7SAntonio Huete Jimenez		case OPTION_TSTAMP_MICRO:
*ed775ee7SAntonio Huete Jimenez			ndo->ndo_tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
*ed775ee7SAntonio Huete Jimenez			break;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez		case OPTION_TSTAMP_NANO:
*ed775ee7SAntonio Huete Jimenez			ndo->ndo_tstamp_precision = PCAP_TSTAMP_PRECISION_NANO;
*ed775ee7SAntonio Huete Jimenez			break;
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez		case OPTION_FP_TYPE:
*ed775ee7SAntonio Huete Jimenez			/*
*ed775ee7SAntonio Huete Jimenez			 * Print out the type of floating-point arithmetic
*ed775ee7SAntonio Huete Jimenez			 * we're doing; it's probably IEEE, unless somebody
*ed775ee7SAntonio Huete Jimenez			 * tries to run this on a VAX, but the precision
*ed775ee7SAntonio Huete Jimenez			 * may differ (e.g., it might be 32-bit, 64-bit,
*ed775ee7SAntonio Huete Jimenez			 * or 80-bit).
*ed775ee7SAntonio Huete Jimenez			 */
*ed775ee7SAntonio Huete Jimenez			float_type_check(0x4e93312d);
*ed775ee7SAntonio Huete Jimenez			return 0;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez		case OPTION_COUNT:
*ed775ee7SAntonio Huete Jimenez			count_mode = 1;
*ed775ee7SAntonio Huete Jimenez			break;
*ed775ee7SAntonio Huete Jimenez
41c99275SPeter Avalos		default:
*ed775ee7SAntonio Huete Jimenez			print_usage(stderr);
*ed775ee7SAntonio Huete Jimenez			exit_tcpdump(S_ERR_HOST_PROGRAM);
41c99275SPeter Avalos			/* NOTREACHED */
41c99275SPeter Avalos		}
41c99275SPeter Avalos
411677aeSAaron LI#ifdef HAVE_PCAP_FINDALLDEVS
411677aeSAaron LI	if (Dflag)
411677aeSAaron LI		show_devices_and_exit();
411677aeSAaron LI#endif
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenez	if (remote_interfaces_source != NULL)
*ed775ee7SAntonio Huete Jimenez		show_remote_devices_and_exit();
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez#if defined(DLT_LINUX_SLL2) && defined(HAVE_PCAP_SET_DATALINK)
*ed775ee7SAntonio Huete Jimenez/* Set default linktype DLT_LINUX_SLL2 when capturing on the "any" device */
*ed775ee7SAntonio Huete Jimenez		if (device != NULL &&
*ed775ee7SAntonio Huete Jimenez		    strncmp (device, "any", strlen("any")) == 0
*ed775ee7SAntonio Huete Jimenez		    && yflag_dlt == -1)
*ed775ee7SAntonio Huete Jimenez			yflag_dlt = DLT_LINUX_SLL2;
*ed775ee7SAntonio Huete Jimenez#endif
411677aeSAaron LI
411677aeSAaron LI	switch (ndo->ndo_tflag) {
41c99275SPeter Avalos
41c99275SPeter Avalos	case 0: /* Default */
41c99275SPeter Avalos	case 1: /* No time stamp */
41c99275SPeter Avalos	case 2: /* Unix timeval style */
*ed775ee7SAntonio Huete Jimenez	case 3: /* Microseconds/nanoseconds since previous packet */
*ed775ee7SAntonio Huete Jimenez	case 4: /* Date + Default */
*ed775ee7SAntonio Huete Jimenez	case 5: /* Microseconds/nanoseconds since first packet */
41c99275SPeter Avalos		break;
41c99275SPeter Avalos
41c99275SPeter Avalos	default: /* Not supported */
ea7b4bf5SPeter Avalos		error("only -t, -tt, -ttt, -tttt and -ttttt are supported");
41c99275SPeter Avalos		break;
41c99275SPeter Avalos	}
41c99275SPeter Avalos
411677aeSAaron LI	if (ndo->ndo_fflag != 0 && (VFileName != NULL || RFileName != NULL))
411677aeSAaron LI		error("-f can not be used with -V or -r");
411677aeSAaron LI
411677aeSAaron LI	if (VFileName != NULL && RFileName != NULL)
411677aeSAaron LI		error("-V and -r are mutually exclusive.");
411677aeSAaron LI
411677aeSAaron LI	/*
*ed775ee7SAntonio Huete Jimenez	 * If we're printing dissected packets to the standard output,
*ed775ee7SAntonio Huete Jimenez	 * and either the standard output is a terminal or we're doing
*ed775ee7SAntonio Huete Jimenez	 * "line" buffering, set the capture timeout to .1 second rather
*ed775ee7SAntonio Huete Jimenez	 * than 1 second, as the user's probably expecting to see packets
*ed775ee7SAntonio Huete Jimenez	 * pop up immediately shortly after they arrive.
*ed775ee7SAntonio Huete Jimenez	 *
*ed775ee7SAntonio Huete Jimenez	 * XXX - would there be some value appropriate for all cases,
*ed775ee7SAntonio Huete Jimenez	 * based on, say, the buffer size and packet input rate?
411677aeSAaron LI	 */
*ed775ee7SAntonio Huete Jimenez	if ((WFileName == NULL || print) && (isatty(1) || lflag))
*ed775ee7SAntonio Huete Jimenez		timeout = 100;
411677aeSAaron LI
41c99275SPeter Avalos#ifdef WITH_CHROOT
41c99275SPeter Avalos	/* if run as root, prepare for chrooting */
41c99275SPeter Avalos	if (getuid() == 0 || geteuid() == 0) {
41c99275SPeter Avalos		/* future extensibility for cmd-line arguments */
41c99275SPeter Avalos		if (!chroot_dir)
41c99275SPeter Avalos			chroot_dir = WITH_CHROOT;
41c99275SPeter Avalos	}
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
41c99275SPeter Avalos#ifdef WITH_USER
41c99275SPeter Avalos	/* if run as root, prepare for dropping root privileges */
41c99275SPeter Avalos	if (getuid() == 0 || geteuid() == 0) {
41c99275SPeter Avalos		/* Run with '-Z root' to restore old behaviour */
41c99275SPeter Avalos		if (!username)
41c99275SPeter Avalos			username = WITH_USER;
41c99275SPeter Avalos	}
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
411677aeSAaron LI	if (RFileName != NULL || VFileName != NULL) {
411677aeSAaron LI		/*
411677aeSAaron LI		 * If RFileName is non-null, it's the pathname of a
411677aeSAaron LI		 * savefile to read.  If VFileName is non-null, it's
411677aeSAaron LI		 * the pathname of a file containing a list of pathnames
411677aeSAaron LI		 * (one per line) of savefiles to read.
411677aeSAaron LI		 *
411677aeSAaron LI		 * In either case, we're reading a savefile, not doing
411677aeSAaron LI		 * a live capture.
411677aeSAaron LI		 */
411677aeSAaron LI#ifndef _WIN32
41c99275SPeter Avalos		/*
41c99275SPeter Avalos		 * We don't need network access, so relinquish any set-UID
41c99275SPeter Avalos		 * or set-GID privileges we have (if any).
41c99275SPeter Avalos		 *
41c99275SPeter Avalos		 * We do *not* want set-UID privileges when opening a
41c99275SPeter Avalos		 * trace file, as that might let the user read other
41c99275SPeter Avalos		 * people's trace files (especially if we're set-UID
41c99275SPeter Avalos		 * root).
41c99275SPeter Avalos		 */
41c99275SPeter Avalos		if (setgid(getgid()) != 0 || setuid(getuid()) != 0 )
41c99275SPeter Avalos			fprintf(stderr, "Warning: setgid/setuid failed !\n");
411677aeSAaron LI#endif /* _WIN32 */
411677aeSAaron LI		if (VFileName != NULL) {
411677aeSAaron LI			if (VFileName[0] == '-' && VFileName[1] == '\0')
411677aeSAaron LI				VFile = stdin;
411677aeSAaron LI			else
411677aeSAaron LI				VFile = fopen(VFileName, "r");
411677aeSAaron LI
411677aeSAaron LI			if (VFile == NULL)
411677aeSAaron LI				error("Unable to open file: %s\n", pcap_strerror(errno));
411677aeSAaron LI
411677aeSAaron LI			ret = get_next_file(VFile, VFileLine);
411677aeSAaron LI			if (!ret)
411677aeSAaron LI				error("Nothing in %s\n", VFileName);
411677aeSAaron LI			RFileName = VFileLine;
411677aeSAaron LI		}
411677aeSAaron LI
411677aeSAaron LI#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
411677aeSAaron LI		pd = pcap_open_offline_with_tstamp_precision(RFileName,
411677aeSAaron LI		    ndo->ndo_tstamp_precision, ebuf);
411677aeSAaron LI#else
41c99275SPeter Avalos		pd = pcap_open_offline(RFileName, ebuf);
411677aeSAaron LI#endif
411677aeSAaron LI
41c99275SPeter Avalos		if (pd == NULL)
41c99275SPeter Avalos			error("%s", ebuf);
411677aeSAaron LI#ifdef HAVE_CAPSICUM
411677aeSAaron LI		cap_rights_init(&rights, CAP_READ);
411677aeSAaron LI		if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 &&
411677aeSAaron LI		    errno != ENOSYS) {
411677aeSAaron LI			error("unable to limit pcap descriptor");
411677aeSAaron LI		}
411677aeSAaron LI#endif
41c99275SPeter Avalos		dlt = pcap_datalink(pd);
41c99275SPeter Avalos		dlt_name = pcap_datalink_val_to_name(dlt);
*ed775ee7SAntonio Huete Jimenez		fprintf(stderr, "reading from file %s", RFileName);
41c99275SPeter Avalos		if (dlt_name == NULL) {
*ed775ee7SAntonio Huete Jimenez			fprintf(stderr, ", link-type %u", dlt);
41c99275SPeter Avalos		} else {
*ed775ee7SAntonio Huete Jimenez			fprintf(stderr, ", link-type %s (%s)", dlt_name,
41c99275SPeter Avalos				pcap_datalink_val_to_description(dlt));
41c99275SPeter Avalos		}
*ed775ee7SAntonio Huete Jimenez		fprintf(stderr, ", snapshot length %d\n", pcap_snapshot(pd));
*ed775ee7SAntonio Huete Jimenez#ifdef DLT_LINUX_SLL2
*ed775ee7SAntonio Huete Jimenez		if (dlt == DLT_LINUX_SLL2)
*ed775ee7SAntonio Huete Jimenez			fprintf(stderr, "Warning: interface names might be incorrect\n");
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez	} else if (dflag && !device) {
*ed775ee7SAntonio Huete Jimenez		int dump_dlt = DLT_EN10MB;
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * We're dumping the compiled code without an explicit
*ed775ee7SAntonio Huete Jimenez		 * device specification.  (If a device is specified, we
*ed775ee7SAntonio Huete Jimenez		 * definitely want to open it to use the DLT of that device.)
*ed775ee7SAntonio Huete Jimenez		 * Either default to DLT_EN10MB with a warning, or use
*ed775ee7SAntonio Huete Jimenez		 * the user-specified value if supplied.
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * If no snapshot length was specified, or a length of 0 was
*ed775ee7SAntonio Huete Jimenez		 * specified, default to 256KB.
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez		if (ndo->ndo_snaplen == 0)
*ed775ee7SAntonio Huete Jimenez			ndo->ndo_snaplen = MAXIMUM_SNAPLEN;
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * If a DLT was specified with the -y flag, use that instead.
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez		if (yflag_dlt != -1)
*ed775ee7SAntonio Huete Jimenez			dump_dlt = yflag_dlt;
*ed775ee7SAntonio Huete Jimenez		else
*ed775ee7SAntonio Huete Jimenez			fprintf(stderr, "Warning: assuming Ethernet\n");
*ed775ee7SAntonio Huete Jimenez	        pd = pcap_open_dead(dump_dlt, ndo->ndo_snaplen);
41c99275SPeter Avalos	} else {
411677aeSAaron LI		/*
411677aeSAaron LI		 * We're doing a live capture.
411677aeSAaron LI		 */
41c99275SPeter Avalos		if (device == NULL) {
411677aeSAaron LI			/*
411677aeSAaron LI			 * No interface was specified.  Pick one.
411677aeSAaron LI			 */
411677aeSAaron LI#ifdef HAVE_PCAP_FINDALLDEVS
411677aeSAaron LI			/*
411677aeSAaron LI			 * Find the list of interfaces, and pick
411677aeSAaron LI			 * the first interface.
411677aeSAaron LI			 */
*ed775ee7SAntonio Huete Jimenez			if (pcap_findalldevs(&devlist, ebuf) == -1)
*ed775ee7SAntonio Huete Jimenez				error("%s", ebuf);
*ed775ee7SAntonio Huete Jimenez			if (devlist == NULL)
*ed775ee7SAntonio Huete Jimenez				error("no interfaces available for capture");
411677aeSAaron LI			device = strdup(devlist->name);
411677aeSAaron LI			pcap_freealldevs(devlist);
411677aeSAaron LI#else /* HAVE_PCAP_FINDALLDEVS */
411677aeSAaron LI			/*
411677aeSAaron LI			 * Use whatever interface pcap_lookupdev()
411677aeSAaron LI			 * chooses.
411677aeSAaron LI			 */
41c99275SPeter Avalos			device = pcap_lookupdev(ebuf);
41c99275SPeter Avalos			if (device == NULL)
41c99275SPeter Avalos				error("%s", ebuf);
*ed775ee7SAntonio Huete Jimenez#endif
41c99275SPeter Avalos		}
411677aeSAaron LI
411677aeSAaron LI		/*
411677aeSAaron LI		 * Try to open the interface with the specified name.
411677aeSAaron LI		 */
411677aeSAaron LI		pd = open_interface(device, ndo, ebuf);
411677aeSAaron LI		if (pd == NULL) {
411677aeSAaron LI			/*
411677aeSAaron LI			 * That failed.  If we can get a list of
411677aeSAaron LI			 * interfaces, and the interface name
411677aeSAaron LI			 * is purely numeric, try to use it as
411677aeSAaron LI			 * a 1-based index in the list of
411677aeSAaron LI			 * interfaces.
411677aeSAaron LI			 */
411677aeSAaron LI#ifdef HAVE_PCAP_FINDALLDEVS
411677aeSAaron LI			devnum = parse_interface_number(device);
411677aeSAaron LI			if (devnum == -1) {
411677aeSAaron LI				/*
411677aeSAaron LI				 * It's not a number; just report
411677aeSAaron LI				 * the open error and fail.
411677aeSAaron LI				 */
411677aeSAaron LI				error("%s", ebuf);
41c99275SPeter Avalos			}
41c99275SPeter Avalos
411677aeSAaron LI			/*
411677aeSAaron LI			 * OK, it's a number; try to find the
411677aeSAaron LI			 * interface with that index, and try
411677aeSAaron LI			 * to open it.
411677aeSAaron LI			 *
411677aeSAaron LI			 * find_interface_by_number() exits if it
411677aeSAaron LI			 * couldn't be found.
411677aeSAaron LI			 */
*ed775ee7SAntonio Huete Jimenez			device = find_interface_by_number(device, devnum);
411677aeSAaron LI			pd = open_interface(device, ndo, ebuf);
ea7b4bf5SPeter Avalos			if (pd == NULL)
ea7b4bf5SPeter Avalos				error("%s", ebuf);
411677aeSAaron LI#else /* HAVE_PCAP_FINDALLDEVS */
27bfbee1SPeter Avalos			/*
411677aeSAaron LI			 * We can't get a list of interfaces; just
411677aeSAaron LI			 * fail.
27bfbee1SPeter Avalos			 */
41c99275SPeter Avalos			error("%s", ebuf);
411677aeSAaron LI#endif /* HAVE_PCAP_FINDALLDEVS */
411677aeSAaron LI		}
411677aeSAaron LI
41c99275SPeter Avalos		/*
*ed775ee7SAntonio Huete Jimenez		 * Let user own process after capture device has
*ed775ee7SAntonio Huete Jimenez		 * been opened.
41c99275SPeter Avalos		 */
411677aeSAaron LI#ifndef _WIN32
41c99275SPeter Avalos		if (setgid(getgid()) != 0 || setuid(getuid()) != 0)
41c99275SPeter Avalos			fprintf(stderr, "Warning: setgid/setuid failed !\n");
411677aeSAaron LI#endif /* _WIN32 */
411677aeSAaron LI#if !defined(HAVE_PCAP_CREATE) && defined(_WIN32)
ea7b4bf5SPeter Avalos		if(Bflag != 0)
ea7b4bf5SPeter Avalos			if(pcap_setbuff(pd, Bflag)==-1){
41c99275SPeter Avalos				error("%s", pcap_geterr(pd));
41c99275SPeter Avalos			}
411677aeSAaron LI#endif /* !defined(HAVE_PCAP_CREATE) && defined(_WIN32) */
41c99275SPeter Avalos		if (Lflag)
411677aeSAaron LI			show_dlts_and_exit(pd, device);
411677aeSAaron LI		if (yflag_dlt >= 0) {
41c99275SPeter Avalos#ifdef HAVE_PCAP_SET_DATALINK
411677aeSAaron LI			if (pcap_set_datalink(pd, yflag_dlt) < 0)
41c99275SPeter Avalos				error("%s", pcap_geterr(pd));
41c99275SPeter Avalos#else
41c99275SPeter Avalos			/*
41c99275SPeter Avalos			 * We don't actually support changing the
41c99275SPeter Avalos			 * data link type, so we only let them
41c99275SPeter Avalos			 * set it to what it already is.
41c99275SPeter Avalos			 */
411677aeSAaron LI			if (yflag_dlt != pcap_datalink(pd)) {
41c99275SPeter Avalos				error("%s is not one of the DLTs supported by this device\n",
411677aeSAaron LI				      yflag_dlt_name);
41c99275SPeter Avalos			}
41c99275SPeter Avalos#endif
41c99275SPeter Avalos			(void)fprintf(stderr, "%s: data link type %s\n",
*ed775ee7SAntonio Huete Jimenez				      program_name,
*ed775ee7SAntonio Huete Jimenez				      pcap_datalink_val_to_name(yflag_dlt));
41c99275SPeter Avalos			(void)fflush(stderr);
41c99275SPeter Avalos		}
41c99275SPeter Avalos		i = pcap_snapshot(pd);
411677aeSAaron LI		if (ndo->ndo_snaplen < i) {
*ed775ee7SAntonio Huete Jimenez			if (ndo->ndo_snaplen != 0)
411677aeSAaron LI				warning("snaplen raised from %d to %d", ndo->ndo_snaplen, i);
411677aeSAaron LI			ndo->ndo_snaplen = i;
*ed775ee7SAntonio Huete Jimenez		} else if (ndo->ndo_snaplen > i) {
*ed775ee7SAntonio Huete Jimenez			warning("snaplen lowered from %d to %d", ndo->ndo_snaplen, i);
*ed775ee7SAntonio Huete Jimenez			ndo->ndo_snaplen = i;
41c99275SPeter Avalos		}
411677aeSAaron LI                if(ndo->ndo_fflag != 0) {
41c99275SPeter Avalos                        if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
411677aeSAaron LI                                warning("foreign (-f) flag used but: %s", ebuf);
41c99275SPeter Avalos                        }
41c99275SPeter Avalos                }
411677aeSAaron LI
411677aeSAaron LI	}
41c99275SPeter Avalos	if (infile)
41c99275SPeter Avalos		cmdbuf = read_infile(infile);
41c99275SPeter Avalos	else
41c99275SPeter Avalos		cmdbuf = copy_argv(&argv[optind]);
41c99275SPeter Avalos
411677aeSAaron LI#ifdef HAVE_PCAP_SET_OPTIMIZER_DEBUG
411677aeSAaron LI	pcap_set_optimizer_debug(dflag);
411677aeSAaron LI#endif
41c99275SPeter Avalos	if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
41c99275SPeter Avalos		error("%s", pcap_geterr(pd));
41c99275SPeter Avalos	if (dflag) {
41c99275SPeter Avalos		bpf_dump(&fcode, dflag);
41c99275SPeter Avalos		pcap_close(pd);
411677aeSAaron LI		free(cmdbuf);
411677aeSAaron LI		pcap_freecode(&fcode);
*ed775ee7SAntonio Huete Jimenez		exit_tcpdump(S_SUCCESS);
41c99275SPeter Avalos	}
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_CASPER
*ed775ee7SAntonio Huete Jimenez	if (!ndo->ndo_nflag)
*ed775ee7SAntonio Huete Jimenez		capdns = capdns_setup();
*ed775ee7SAntonio Huete Jimenez#endif	/* HAVE_CASPER */
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez	init_print(ndo, localnet, netmask);
41c99275SPeter Avalos
411677aeSAaron LI#ifndef _WIN32
41c99275SPeter Avalos	(void)setsignal(SIGPIPE, cleanup);
41c99275SPeter Avalos	(void)setsignal(SIGTERM, cleanup);
411677aeSAaron LI#endif /* _WIN32 */
*ed775ee7SAntonio Huete Jimenez	(void)setsignal(SIGINT, cleanup);
27bfbee1SPeter Avalos#if defined(HAVE_FORK) || defined(HAVE_VFORK)
27bfbee1SPeter Avalos	(void)setsignal(SIGCHLD, child_cleanup);
27bfbee1SPeter Avalos#endif
41c99275SPeter Avalos	/* Cooperate with nohup(1) */
411677aeSAaron LI#ifndef _WIN32
41c99275SPeter Avalos	if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
41c99275SPeter Avalos		(void)setsignal(SIGHUP, oldhandler);
411677aeSAaron LI#endif /* _WIN32 */
41c99275SPeter Avalos
411677aeSAaron LI#ifndef _WIN32
27bfbee1SPeter Avalos	/*
27bfbee1SPeter Avalos	 * If a user name was specified with "-Z", attempt to switch to
27bfbee1SPeter Avalos	 * that user's UID.  This would probably be used with sudo,
27bfbee1SPeter Avalos	 * to allow tcpdump to be run in a special restricted
27bfbee1SPeter Avalos	 * account (if you just want to allow users to open capture
27bfbee1SPeter Avalos	 * devices, and can't just give users that permission,
27bfbee1SPeter Avalos	 * you'd make tcpdump set-UID or set-GID).
27bfbee1SPeter Avalos	 *
27bfbee1SPeter Avalos	 * Tcpdump doesn't necessarily write only to one savefile;
27bfbee1SPeter Avalos	 * the general only way to allow a -Z instance to write to
27bfbee1SPeter Avalos	 * savefiles as the user under whose UID it's run, rather
27bfbee1SPeter Avalos	 * than as the user specified with -Z, would thus be to switch
27bfbee1SPeter Avalos	 * to the original user ID before opening a capture file and
27bfbee1SPeter Avalos	 * then switch back to the -Z user ID after opening the savefile.
27bfbee1SPeter Avalos	 * Switching to the -Z user ID only after opening the first
27bfbee1SPeter Avalos	 * savefile doesn't handle the general case.
27bfbee1SPeter Avalos	 */
411677aeSAaron LI
27bfbee1SPeter Avalos	if (getuid() == 0 || geteuid() == 0) {
411677aeSAaron LI#ifdef HAVE_LIBCAP_NG
411677aeSAaron LI		/* Initialize capng */
411677aeSAaron LI		capng_clear(CAPNG_SELECT_BOTH);
411677aeSAaron LI		if (username) {
*ed775ee7SAntonio Huete JimenezDIAG_OFF_CLANG(assign-enum)
411677aeSAaron LI			capng_updatev(
411677aeSAaron LI				CAPNG_ADD,
411677aeSAaron LI				CAPNG_PERMITTED | CAPNG_EFFECTIVE,
411677aeSAaron LI				CAP_SETUID,
411677aeSAaron LI				CAP_SETGID,
411677aeSAaron LI				-1);
*ed775ee7SAntonio Huete JimenezDIAG_ON_CLANG(assign-enum)
411677aeSAaron LI		}
411677aeSAaron LI		if (chroot_dir) {
*ed775ee7SAntonio Huete JimenezDIAG_OFF_CLANG(assign-enum)
411677aeSAaron LI			capng_update(
411677aeSAaron LI				CAPNG_ADD,
411677aeSAaron LI				CAPNG_PERMITTED | CAPNG_EFFECTIVE,
411677aeSAaron LI				CAP_SYS_CHROOT
411677aeSAaron LI				);
*ed775ee7SAntonio Huete JimenezDIAG_ON_CLANG(assign-enum)
411677aeSAaron LI		}
411677aeSAaron LI
411677aeSAaron LI		if (WFileName) {
*ed775ee7SAntonio Huete JimenezDIAG_OFF_CLANG(assign-enum)
411677aeSAaron LI			capng_update(
411677aeSAaron LI				CAPNG_ADD,
411677aeSAaron LI				CAPNG_PERMITTED | CAPNG_EFFECTIVE,
411677aeSAaron LI				CAP_DAC_OVERRIDE
411677aeSAaron LI				);
*ed775ee7SAntonio Huete JimenezDIAG_ON_CLANG(assign-enum)
411677aeSAaron LI		}
411677aeSAaron LI		capng_apply(CAPNG_SELECT_BOTH);
411677aeSAaron LI#endif /* HAVE_LIBCAP_NG */
27bfbee1SPeter Avalos		if (username || chroot_dir)
27bfbee1SPeter Avalos			droproot(username, chroot_dir);
411677aeSAaron LI
27bfbee1SPeter Avalos	}
411677aeSAaron LI#endif /* _WIN32 */
27bfbee1SPeter Avalos
41c99275SPeter Avalos	if (pcap_setfilter(pd, &fcode) < 0)
41c99275SPeter Avalos		error("%s", pcap_geterr(pd));
411677aeSAaron LI#ifdef HAVE_CAPSICUM
*ed775ee7SAntonio Huete Jimenez	if (RFileName == NULL && VFileName == NULL && pcap_fileno(pd) != -1) {
411677aeSAaron LI		static const unsigned long cmds[] = { BIOCGSTATS, BIOCROTZBUF };
411677aeSAaron LI
411677aeSAaron LI		/*
411677aeSAaron LI		 * The various libpcap devices use a combination of
411677aeSAaron LI		 * read (bpf), ioctl (bpf, netmap), poll (netmap)
411677aeSAaron LI		 * so we add the relevant access rights.
411677aeSAaron LI		 */
411677aeSAaron LI		cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_EVENT);
411677aeSAaron LI		if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 &&
411677aeSAaron LI		    errno != ENOSYS) {
411677aeSAaron LI			error("unable to limit pcap descriptor");
411677aeSAaron LI		}
411677aeSAaron LI		if (cap_ioctls_limit(pcap_fileno(pd), cmds,
411677aeSAaron LI		    sizeof(cmds) / sizeof(cmds[0])) < 0 && errno != ENOSYS) {
411677aeSAaron LI			error("unable to limit ioctls on pcap descriptor");
411677aeSAaron LI		}
411677aeSAaron LI	}
411677aeSAaron LI#endif
41c99275SPeter Avalos	if (WFileName) {
411677aeSAaron LI		/* Do not exceed the default PATH_MAX for files. */
411677aeSAaron LI		dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1);
41c99275SPeter Avalos
ea7b4bf5SPeter Avalos		if (dumpinfo.CurrentFileName == NULL)
ea7b4bf5SPeter Avalos			error("malloc of dumpinfo.CurrentFileName");
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos		/* We do not need numbering for dumpfiles if Cflag isn't set. */
ea7b4bf5SPeter Avalos		if (Cflag != 0)
ea7b4bf5SPeter Avalos		  MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars);
ea7b4bf5SPeter Avalos		else
ea7b4bf5SPeter Avalos		  MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
ea7b4bf5SPeter Avalos
*ed775ee7SAntonio Huete Jimenez		pdd = pcap_dump_open(pd, dumpinfo.CurrentFileName);
411677aeSAaron LI#ifdef HAVE_LIBCAP_NG
411677aeSAaron LI		/* Give up CAP_DAC_OVERRIDE capability.
411677aeSAaron LI		 * Only allow it to be restored if the -C or -G flag have been
411677aeSAaron LI		 * set since we may need to create more files later on.
411677aeSAaron LI		 */
411677aeSAaron LI		capng_update(
411677aeSAaron LI			CAPNG_DROP,
411677aeSAaron LI			(Cflag || Gflag ? 0 : CAPNG_PERMITTED)
411677aeSAaron LI				| CAPNG_EFFECTIVE,
411677aeSAaron LI			CAP_DAC_OVERRIDE
411677aeSAaron LI			);
411677aeSAaron LI		capng_apply(CAPNG_SELECT_BOTH);
411677aeSAaron LI#endif /* HAVE_LIBCAP_NG */
*ed775ee7SAntonio Huete Jimenez		if (pdd == NULL)
41c99275SPeter Avalos			error("%s", pcap_geterr(pd));
411677aeSAaron LI#ifdef HAVE_CAPSICUM
*ed775ee7SAntonio Huete Jimenez		set_dumper_capsicum_rights(pdd);
411677aeSAaron LI#endif
ea7b4bf5SPeter Avalos		if (Cflag != 0 || Gflag != 0) {
411677aeSAaron LI#ifdef HAVE_CAPSICUM
411677aeSAaron LI			dumpinfo.WFileName = strdup(basename(WFileName));
411677aeSAaron LI			if (dumpinfo.WFileName == NULL) {
411677aeSAaron LI				error("Unable to allocate memory for file %s",
411677aeSAaron LI				    WFileName);
411677aeSAaron LI			}
411677aeSAaron LI			dumpinfo.dirfd = open(dirname(WFileName),
411677aeSAaron LI			    O_DIRECTORY | O_RDONLY);
411677aeSAaron LI			if (dumpinfo.dirfd < 0) {
411677aeSAaron LI				error("unable to open directory %s",
411677aeSAaron LI				    dirname(WFileName));
411677aeSAaron LI			}
411677aeSAaron LI			cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL,
411677aeSAaron LI			    CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK, CAP_WRITE);
411677aeSAaron LI			if (cap_rights_limit(dumpinfo.dirfd, &rights) < 0 &&
411677aeSAaron LI			    errno != ENOSYS) {
411677aeSAaron LI				error("unable to limit directory rights");
411677aeSAaron LI			}
411677aeSAaron LI			if (cap_fcntls_limit(dumpinfo.dirfd, CAP_FCNTL_GETFL) < 0 &&
411677aeSAaron LI			    errno != ENOSYS) {
411677aeSAaron LI				error("unable to limit dump descriptor fcntls");
411677aeSAaron LI			}
411677aeSAaron LI#else	/* !HAVE_CAPSICUM */
41c99275SPeter Avalos			dumpinfo.WFileName = WFileName;
411677aeSAaron LI#endif
411677aeSAaron LI			callback = dump_packet_and_trunc;
41c99275SPeter Avalos			dumpinfo.pd = pd;
*ed775ee7SAntonio Huete Jimenez			dumpinfo.pdd = pdd;
41c99275SPeter Avalos			pcap_userdata = (u_char *)&dumpinfo;
41c99275SPeter Avalos		} else {
41c99275SPeter Avalos			callback = dump_packet;
*ed775ee7SAntonio Huete Jimenez			dumpinfo.WFileName = WFileName;
*ed775ee7SAntonio Huete Jimenez			dumpinfo.pd = pd;
*ed775ee7SAntonio Huete Jimenez			dumpinfo.pdd = pdd;
*ed775ee7SAntonio Huete Jimenez			pcap_userdata = (u_char *)&dumpinfo;
41c99275SPeter Avalos		}
*ed775ee7SAntonio Huete Jimenez		if (print) {
*ed775ee7SAntonio Huete Jimenez			dlt = pcap_datalink(pd);
*ed775ee7SAntonio Huete Jimenez			ndo->ndo_if_printer = get_if_printer(dlt);
*ed775ee7SAntonio Huete Jimenez			dumpinfo.ndo = ndo;
*ed775ee7SAntonio Huete Jimenez		} else
*ed775ee7SAntonio Huete Jimenez			dumpinfo.ndo = NULL;
*ed775ee7SAntonio Huete Jimenez
27bfbee1SPeter Avalos#ifdef HAVE_PCAP_DUMP_FLUSH
27bfbee1SPeter Avalos		if (Uflag)
*ed775ee7SAntonio Huete Jimenez			pcap_dump_flush(pdd);
27bfbee1SPeter Avalos#endif
41c99275SPeter Avalos	} else {
411677aeSAaron LI		dlt = pcap_datalink(pd);
*ed775ee7SAntonio Huete Jimenez		ndo->ndo_if_printer = get_if_printer(dlt);
41c99275SPeter Avalos		callback = print_packet;
411677aeSAaron LI		pcap_userdata = (u_char *)ndo;
41c99275SPeter Avalos	}
27bfbee1SPeter Avalos
6263709fSPeter Avalos#ifdef SIGNAL_REQ_INFO
ea7b4bf5SPeter Avalos	/*
ea7b4bf5SPeter Avalos	 * We can't get statistics when reading from a file rather
ea7b4bf5SPeter Avalos	 * than capturing from a device.
ea7b4bf5SPeter Avalos	 */
ea7b4bf5SPeter Avalos	if (RFileName == NULL)
6263709fSPeter Avalos		(void)setsignal(SIGNAL_REQ_INFO, requestinfo);
41c99275SPeter Avalos#endif
*ed775ee7SAntonio Huete Jimenez#ifdef SIGNAL_FLUSH_PCAP
*ed775ee7SAntonio Huete Jimenez	(void)setsignal(SIGNAL_FLUSH_PCAP, flushpcap);
41c99275SPeter Avalos#endif
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez	if (ndo->ndo_vflag > 0 && WFileName && RFileName == NULL && !print) {
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * When capturing to a file, if "--print" wasn't specified,
*ed775ee7SAntonio Huete Jimenez		 *"-v" means tcpdump should, once per second,
*ed775ee7SAntonio Huete Jimenez		 * "v"erbosely report the number of packets captured.
*ed775ee7SAntonio Huete Jimenez		 * Except when reading from a file, because -r, -w and -v
*ed775ee7SAntonio Huete Jimenez		 * together used to make a corner case, in which pcap_loop()
*ed775ee7SAntonio Huete Jimenez		 * errored due to EINTR (see GH #155 for details).
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez#ifdef _WIN32
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * https://blogs.msdn.microsoft.com/oldnewthing/20151230-00/?p=92741
*ed775ee7SAntonio Huete Jimenez		 *
*ed775ee7SAntonio Huete Jimenez		 * suggests that this dates back to W2K.
*ed775ee7SAntonio Huete Jimenez		 *
*ed775ee7SAntonio Huete Jimenez		 * I don't know what a "long wait" is, but we'll assume
*ed775ee7SAntonio Huete Jimenez		 * that printing the stats could be a "long wait".
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez		CreateTimerQueueTimer(&timer_handle, NULL,
*ed775ee7SAntonio Huete Jimenez		    verbose_stats_dump, NULL, 1000, 1000,
*ed775ee7SAntonio Huete Jimenez		    WT_EXECUTEDEFAULT|WT_EXECUTELONGFUNCTION);
*ed775ee7SAntonio Huete Jimenez		setvbuf(stderr, NULL, _IONBF, 0);
*ed775ee7SAntonio Huete Jimenez#else /* _WIN32 */
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * Assume this is UN*X, and that it has setitimer(); that
*ed775ee7SAntonio Huete Jimenez		 * dates back to UNIX 95.
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez		struct itimerval timer;
*ed775ee7SAntonio Huete Jimenez		(void)setsignal(SIGALRM, verbose_stats_dump);
*ed775ee7SAntonio Huete Jimenez		timer.it_interval.tv_sec = 1;
*ed775ee7SAntonio Huete Jimenez		timer.it_interval.tv_usec = 0;
*ed775ee7SAntonio Huete Jimenez		timer.it_value.tv_sec = 1;
*ed775ee7SAntonio Huete Jimenez		timer.it_value.tv_usec = 1;
*ed775ee7SAntonio Huete Jimenez		setitimer(ITIMER_REAL, &timer, NULL);
*ed775ee7SAntonio Huete Jimenez#endif /* _WIN32 */
41c99275SPeter Avalos	}
41c99275SPeter Avalos
41c99275SPeter Avalos	if (RFileName == NULL) {
411677aeSAaron LI		/*
411677aeSAaron LI		 * Live capture (if -V was specified, we set RFileName
411677aeSAaron LI		 * to a file from the -V file).  Print a message to
411677aeSAaron LI		 * the standard error on UN*X.
411677aeSAaron LI		 */
411677aeSAaron LI		if (!ndo->ndo_vflag && !WFileName) {
41c99275SPeter Avalos			(void)fprintf(stderr,
*ed775ee7SAntonio Huete Jimenez			    "%s: verbose output suppressed, use -v[v]... for full protocol decode\n",
41c99275SPeter Avalos			    program_name);
41c99275SPeter Avalos		} else
41c99275SPeter Avalos			(void)fprintf(stderr, "%s: ", program_name);
41c99275SPeter Avalos		dlt = pcap_datalink(pd);
41c99275SPeter Avalos		dlt_name = pcap_datalink_val_to_name(dlt);
*ed775ee7SAntonio Huete Jimenez		(void)fprintf(stderr, "listening on %s", device);
41c99275SPeter Avalos		if (dlt_name == NULL) {
*ed775ee7SAntonio Huete Jimenez			(void)fprintf(stderr, ", link-type %u", dlt);
41c99275SPeter Avalos		} else {
*ed775ee7SAntonio Huete Jimenez			(void)fprintf(stderr, ", link-type %s (%s)", dlt_name,
*ed775ee7SAntonio Huete Jimenez				      pcap_datalink_val_to_description(dlt));
41c99275SPeter Avalos		}
*ed775ee7SAntonio Huete Jimenez		(void)fprintf(stderr, ", snapshot length %d bytes\n", ndo->ndo_snaplen);
41c99275SPeter Avalos		(void)fflush(stderr);
41c99275SPeter Avalos	}
411677aeSAaron LI
411677aeSAaron LI#ifdef HAVE_CAPSICUM
*ed775ee7SAntonio Huete Jimenez	cansandbox = (VFileName == NULL && zflag == NULL);
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_CASPER
*ed775ee7SAntonio Huete Jimenez	cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL));
*ed775ee7SAntonio Huete Jimenez#else
*ed775ee7SAntonio Huete Jimenez	cansandbox = (cansandbox && ndo->ndo_nflag);
*ed775ee7SAntonio Huete Jimenez#endif /* HAVE_CASPER */
411677aeSAaron LI	if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
411677aeSAaron LI		error("unable to enter the capability mode");
411677aeSAaron LI#endif	/* HAVE_CAPSICUM */
411677aeSAaron LI
411677aeSAaron LI	do {
41c99275SPeter Avalos		status = pcap_loop(pd, cnt, callback, pcap_userdata);
41c99275SPeter Avalos		if (WFileName == NULL) {
41c99275SPeter Avalos			/*
41c99275SPeter Avalos			 * We're printing packets.  Flush the printed output,
41c99275SPeter Avalos			 * so it doesn't get intermingled with error output.
41c99275SPeter Avalos			 */
41c99275SPeter Avalos			if (status == -2) {
41c99275SPeter Avalos				/*
41c99275SPeter Avalos				 * We got interrupted, so perhaps we didn't
41c99275SPeter Avalos				 * manage to finish a line we were printing.
41c99275SPeter Avalos				 * Print an extra newline, just in case.
41c99275SPeter Avalos				 */
41c99275SPeter Avalos				putchar('\n');
41c99275SPeter Avalos			}
41c99275SPeter Avalos			(void)fflush(stdout);
41c99275SPeter Avalos		}
411677aeSAaron LI                if (status == -2) {
411677aeSAaron LI			/*
411677aeSAaron LI			 * We got interrupted. If we are reading multiple
411677aeSAaron LI			 * files (via -V) set these so that we stop.
411677aeSAaron LI			 */
411677aeSAaron LI			VFileName = NULL;
411677aeSAaron LI			ret = NULL;
411677aeSAaron LI		}
41c99275SPeter Avalos		if (status == -1) {
41c99275SPeter Avalos			/*
41c99275SPeter Avalos			 * Error.  Report it.
41c99275SPeter Avalos			 */
41c99275SPeter Avalos			(void)fprintf(stderr, "%s: pcap_loop: %s\n",
41c99275SPeter Avalos			    program_name, pcap_geterr(pd));
41c99275SPeter Avalos		}
41c99275SPeter Avalos		if (RFileName == NULL) {
41c99275SPeter Avalos			/*
41c99275SPeter Avalos			 * We're doing a live capture.  Report the capture
41c99275SPeter Avalos			 * statistics.
41c99275SPeter Avalos			 */
41c99275SPeter Avalos			info(1);
41c99275SPeter Avalos		}
41c99275SPeter Avalos		pcap_close(pd);
411677aeSAaron LI		if (VFileName != NULL) {
411677aeSAaron LI			ret = get_next_file(VFile, VFileLine);
411677aeSAaron LI			if (ret) {
411677aeSAaron LI				int new_dlt;
411677aeSAaron LI
411677aeSAaron LI				RFileName = VFileLine;
411677aeSAaron LI				pd = pcap_open_offline(RFileName, ebuf);
411677aeSAaron LI				if (pd == NULL)
411677aeSAaron LI					error("%s", ebuf);
411677aeSAaron LI#ifdef HAVE_CAPSICUM
411677aeSAaron LI				cap_rights_init(&rights, CAP_READ);
411677aeSAaron LI				if (cap_rights_limit(fileno(pcap_file(pd)),
411677aeSAaron LI				    &rights) < 0 && errno != ENOSYS) {
411677aeSAaron LI					error("unable to limit pcap descriptor");
411677aeSAaron LI				}
411677aeSAaron LI#endif
411677aeSAaron LI				new_dlt = pcap_datalink(pd);
411677aeSAaron LI				if (new_dlt != dlt) {
411677aeSAaron LI					/*
411677aeSAaron LI					 * The new file has a different
411677aeSAaron LI					 * link-layer header type from the
411677aeSAaron LI					 * previous one.
411677aeSAaron LI					 */
411677aeSAaron LI					if (WFileName != NULL) {
411677aeSAaron LI						/*
411677aeSAaron LI						 * We're writing raw packets
411677aeSAaron LI						 * that match the filter to
411677aeSAaron LI						 * a pcap file.  pcap files
411677aeSAaron LI						 * don't support multiple
411677aeSAaron LI						 * different link-layer
411677aeSAaron LI						 * header types, so we fail
411677aeSAaron LI						 * here.
411677aeSAaron LI						 */
411677aeSAaron LI						error("%s: new dlt does not match original", RFileName);
411677aeSAaron LI					}
411677aeSAaron LI
411677aeSAaron LI					/*
411677aeSAaron LI					 * We're printing the decoded packets;
411677aeSAaron LI					 * switch to the new DLT.
411677aeSAaron LI					 *
411677aeSAaron LI					 * To do that, we need to change
411677aeSAaron LI					 * the printer, change the DLT name,
411677aeSAaron LI					 * and recompile the filter with
411677aeSAaron LI					 * the new DLT.
411677aeSAaron LI					 */
411677aeSAaron LI					dlt = new_dlt;
*ed775ee7SAntonio Huete Jimenez					ndo->ndo_if_printer = get_if_printer(dlt);
411677aeSAaron LI					if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
411677aeSAaron LI						error("%s", pcap_geterr(pd));
411677aeSAaron LI				}
411677aeSAaron LI
411677aeSAaron LI				/*
411677aeSAaron LI				 * Set the filter on the new file.
411677aeSAaron LI				 */
411677aeSAaron LI				if (pcap_setfilter(pd, &fcode) < 0)
411677aeSAaron LI					error("%s", pcap_geterr(pd));
411677aeSAaron LI
411677aeSAaron LI				/*
411677aeSAaron LI				 * Report the new file.
411677aeSAaron LI				 */
411677aeSAaron LI				dlt_name = pcap_datalink_val_to_name(dlt);
*ed775ee7SAntonio Huete Jimenez				fprintf(stderr, "reading from file %s", RFileName);
411677aeSAaron LI				if (dlt_name == NULL) {
*ed775ee7SAntonio Huete Jimenez					fprintf(stderr, ", link-type %u", dlt);
411677aeSAaron LI				} else {
*ed775ee7SAntonio Huete Jimenez					fprintf(stderr, ", link-type %s (%s)",
*ed775ee7SAntonio Huete Jimenez						dlt_name,
411677aeSAaron LI						pcap_datalink_val_to_description(dlt));
411677aeSAaron LI				}
*ed775ee7SAntonio Huete Jimenez				fprintf(stderr, ", snapshot length %d\n", pcap_snapshot(pd));
411677aeSAaron LI			}
411677aeSAaron LI		}
411677aeSAaron LI	}
411677aeSAaron LI	while (ret != NULL);
411677aeSAaron LI
*ed775ee7SAntonio Huete Jimenez	if (count_mode && RFileName != NULL)
*ed775ee7SAntonio Huete Jimenez		fprintf(stdout, "%u packet%s\n", packets_captured,
*ed775ee7SAntonio Huete Jimenez			PLURAL_SUFFIX(packets_captured));
*ed775ee7SAntonio Huete Jimenez
411677aeSAaron LI	free(cmdbuf);
411677aeSAaron LI	pcap_freecode(&fcode);
411677aeSAaron LI	exit_tcpdump(status == -1 ? 1 : 0);
41c99275SPeter Avalos}
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez/*
*ed775ee7SAntonio Huete Jimenez * Catch a signal.
*ed775ee7SAntonio Huete Jimenez */
*ed775ee7SAntonio Huete Jimenezstatic void
*ed775ee7SAntonio Huete Jimenez(*setsignal (int sig, void (*func)(int)))(int)
*ed775ee7SAntonio Huete Jimenez{
*ed775ee7SAntonio Huete Jimenez#ifdef _WIN32
*ed775ee7SAntonio Huete Jimenez	return (signal(sig, func));
*ed775ee7SAntonio Huete Jimenez#else
*ed775ee7SAntonio Huete Jimenez	struct sigaction old, new;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez	memset(&new, 0, sizeof(new));
*ed775ee7SAntonio Huete Jimenez	new.sa_handler = func;
*ed775ee7SAntonio Huete Jimenez	if (sig == SIGCHLD)
*ed775ee7SAntonio Huete Jimenez		new.sa_flags = SA_RESTART;
*ed775ee7SAntonio Huete Jimenez	if (sigaction(sig, &new, &old) < 0)
*ed775ee7SAntonio Huete Jimenez		return (SIG_ERR);
*ed775ee7SAntonio Huete Jimenez	return (old.sa_handler);
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez}
*ed775ee7SAntonio Huete Jimenez
41c99275SPeter Avalos/* make a clean exit on interrupts */
*ed775ee7SAntonio Huete Jimenezstatic void
41c99275SPeter Avaloscleanup(int signo _U_)
41c99275SPeter Avalos{
*ed775ee7SAntonio Huete Jimenez#ifdef _WIN32
*ed775ee7SAntonio Huete Jimenez	if (timer_handle != INVALID_HANDLE_VALUE) {
*ed775ee7SAntonio Huete Jimenez		DeleteTimerQueueTimer(NULL, timer_handle, NULL);
*ed775ee7SAntonio Huete Jimenez		CloseHandle(timer_handle);
*ed775ee7SAntonio Huete Jimenez		timer_handle = INVALID_HANDLE_VALUE;
*ed775ee7SAntonio Huete Jimenez        }
*ed775ee7SAntonio Huete Jimenez#else /* _WIN32 */
*ed775ee7SAntonio Huete Jimenez	struct itimerval timer;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez	timer.it_interval.tv_sec = 0;
*ed775ee7SAntonio Huete Jimenez	timer.it_interval.tv_usec = 0;
*ed775ee7SAntonio Huete Jimenez	timer.it_value.tv_sec = 0;
*ed775ee7SAntonio Huete Jimenez	timer.it_value.tv_usec = 0;
*ed775ee7SAntonio Huete Jimenez	setitimer(ITIMER_REAL, &timer, NULL);
*ed775ee7SAntonio Huete Jimenez#endif /* _WIN32 */
41c99275SPeter Avalos
41c99275SPeter Avalos#ifdef HAVE_PCAP_BREAKLOOP
41c99275SPeter Avalos	/*
41c99275SPeter Avalos	 * We have "pcap_breakloop()"; use it, so that we do as little
41c99275SPeter Avalos	 * as possible in the signal handler (it's probably not safe
41c99275SPeter Avalos	 * to do anything with standard I/O streams in a signal handler -
41c99275SPeter Avalos	 * the ANSI C standard doesn't say it is).
41c99275SPeter Avalos	 */
41c99275SPeter Avalos	pcap_breakloop(pd);
41c99275SPeter Avalos#else
41c99275SPeter Avalos	/*
41c99275SPeter Avalos	 * We don't have "pcap_breakloop()"; this isn't safe, but
41c99275SPeter Avalos	 * it's the best we can do.  Print the summary if we're
41c99275SPeter Avalos	 * not reading from a savefile - i.e., if we're doing a
41c99275SPeter Avalos	 * live capture - and exit.
41c99275SPeter Avalos	 */
41c99275SPeter Avalos	if (pd != NULL && pcap_file(pd) == NULL) {
41c99275SPeter Avalos		/*
41c99275SPeter Avalos		 * We got interrupted, so perhaps we didn't
41c99275SPeter Avalos		 * manage to finish a line we were printing.
41c99275SPeter Avalos		 * Print an extra newline, just in case.
41c99275SPeter Avalos		 */
41c99275SPeter Avalos		putchar('\n');
41c99275SPeter Avalos		(void)fflush(stdout);
41c99275SPeter Avalos		info(1);
41c99275SPeter Avalos	}
*ed775ee7SAntonio Huete Jimenez	exit_tcpdump(S_SUCCESS);
41c99275SPeter Avalos#endif
41c99275SPeter Avalos}
41c99275SPeter Avalos
ea7b4bf5SPeter Avalos/*
ea7b4bf5SPeter Avalos  On windows, we do not use a fork, so we do not care less about
ea7b4bf5SPeter Avalos  waiting a child processes to die
ea7b4bf5SPeter Avalos */
27bfbee1SPeter Avalos#if defined(HAVE_FORK) || defined(HAVE_VFORK)
*ed775ee7SAntonio Huete Jimenezstatic void
ea7b4bf5SPeter Avaloschild_cleanup(int signo _U_)
ea7b4bf5SPeter Avalos{
ea7b4bf5SPeter Avalos  wait(NULL);
ea7b4bf5SPeter Avalos}
27bfbee1SPeter Avalos#endif /* HAVE_FORK && HAVE_VFORK */
ea7b4bf5SPeter Avalos
41c99275SPeter Avalosstatic void
*ed775ee7SAntonio Huete Jimenezinfo(int verbose)
41c99275SPeter Avalos{
411677aeSAaron LI	struct pcap_stat stats;
41c99275SPeter Avalos
27bfbee1SPeter Avalos	/*
27bfbee1SPeter Avalos	 * Older versions of libpcap didn't set ps_ifdrop on some
27bfbee1SPeter Avalos	 * platforms; initialize it to 0 to handle that.
27bfbee1SPeter Avalos	 */
411677aeSAaron LI	stats.ps_ifdrop = 0;
411677aeSAaron LI	if (pcap_stats(pd, &stats) < 0) {
41c99275SPeter Avalos		(void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd));
ea7b4bf5SPeter Avalos		infoprint = 0;
41c99275SPeter Avalos		return;
41c99275SPeter Avalos	}
41c99275SPeter Avalos
41c99275SPeter Avalos	if (!verbose)
41c99275SPeter Avalos		fprintf(stderr, "%s: ", program_name);
41c99275SPeter Avalos
27bfbee1SPeter Avalos	(void)fprintf(stderr, "%u packet%s captured", packets_captured,
27bfbee1SPeter Avalos	    PLURAL_SUFFIX(packets_captured));
41c99275SPeter Avalos	if (!verbose)
41c99275SPeter Avalos		fputs(", ", stderr);
41c99275SPeter Avalos	else
41c99275SPeter Avalos		putc('\n', stderr);
411677aeSAaron LI	(void)fprintf(stderr, "%u packet%s received by filter", stats.ps_recv,
411677aeSAaron LI	    PLURAL_SUFFIX(stats.ps_recv));
41c99275SPeter Avalos	if (!verbose)
41c99275SPeter Avalos		fputs(", ", stderr);
41c99275SPeter Avalos	else
41c99275SPeter Avalos		putc('\n', stderr);
411677aeSAaron LI	(void)fprintf(stderr, "%u packet%s dropped by kernel", stats.ps_drop,
411677aeSAaron LI	    PLURAL_SUFFIX(stats.ps_drop));
411677aeSAaron LI	if (stats.ps_ifdrop != 0) {
27bfbee1SPeter Avalos		if (!verbose)
27bfbee1SPeter Avalos			fputs(", ", stderr);
27bfbee1SPeter Avalos		else
27bfbee1SPeter Avalos			putc('\n', stderr);
27bfbee1SPeter Avalos		(void)fprintf(stderr, "%u packet%s dropped by interface\n",
411677aeSAaron LI		    stats.ps_ifdrop, PLURAL_SUFFIX(stats.ps_ifdrop));
27bfbee1SPeter Avalos	} else
27bfbee1SPeter Avalos		putc('\n', stderr);
41c99275SPeter Avalos	infoprint = 0;
41c99275SPeter Avalos}
41c99275SPeter Avalos
27bfbee1SPeter Avalos#if defined(HAVE_FORK) || defined(HAVE_VFORK)
411677aeSAaron LI#ifdef HAVE_FORK
411677aeSAaron LI#define fork_subprocess() fork()
411677aeSAaron LI#else
411677aeSAaron LI#define fork_subprocess() vfork()
411677aeSAaron LI#endif
ea7b4bf5SPeter Avalosstatic void
ea7b4bf5SPeter Avaloscompress_savefile(const char *filename)
ea7b4bf5SPeter Avalos{
411677aeSAaron LI	pid_t child;
411677aeSAaron LI
411677aeSAaron LI	child = fork_subprocess();
411677aeSAaron LI	if (child == -1) {
411677aeSAaron LI		fprintf(stderr,
411677aeSAaron LI			"compress_savefile: fork failed: %s\n",
411677aeSAaron LI			pcap_strerror(errno));
ea7b4bf5SPeter Avalos		return;
411677aeSAaron LI	}
411677aeSAaron LI	if (child != 0) {
411677aeSAaron LI		/* Parent process. */
411677aeSAaron LI		return;
411677aeSAaron LI	}
411677aeSAaron LI
ea7b4bf5SPeter Avalos	/*
411677aeSAaron LI	 * Child process.
411677aeSAaron LI	 * Set to lowest priority so that this doesn't disturb the capture.
ea7b4bf5SPeter Avalos	 */
ea7b4bf5SPeter Avalos#ifdef NZERO
ea7b4bf5SPeter Avalos	setpriority(PRIO_PROCESS, 0, NZERO - 1);
ea7b4bf5SPeter Avalos#else
ea7b4bf5SPeter Avalos	setpriority(PRIO_PROCESS, 0, 19);
ea7b4bf5SPeter Avalos#endif
27bfbee1SPeter Avalos	if (execlp(zflag, zflag, filename, (char *)NULL) == -1)
ea7b4bf5SPeter Avalos		fprintf(stderr,
411677aeSAaron LI			"compress_savefile: execlp(%s, %s) failed: %s\n",
ea7b4bf5SPeter Avalos			zflag,
ea7b4bf5SPeter Avalos			filename,
411677aeSAaron LI			pcap_strerror(errno));
27bfbee1SPeter Avalos#ifdef HAVE_FORK
*ed775ee7SAntonio Huete Jimenez	exit(S_ERR_HOST_PROGRAM);
27bfbee1SPeter Avalos#else
*ed775ee7SAntonio Huete Jimenez	_exit(S_ERR_HOST_PROGRAM);
27bfbee1SPeter Avalos#endif
ea7b4bf5SPeter Avalos}
27bfbee1SPeter Avalos#else  /* HAVE_FORK && HAVE_VFORK */
ea7b4bf5SPeter Avalosstatic void
ea7b4bf5SPeter Avaloscompress_savefile(const char *filename)
ea7b4bf5SPeter Avalos{
ea7b4bf5SPeter Avalos	fprintf(stderr,
27bfbee1SPeter Avalos		"compress_savefile failed. Functionality not implemented under your system\n");
ea7b4bf5SPeter Avalos}
27bfbee1SPeter Avalos#endif /* HAVE_FORK && HAVE_VFORK */
ea7b4bf5SPeter Avalos
41c99275SPeter Avalosstatic void
41c99275SPeter Avalosdump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
41c99275SPeter Avalos{
41c99275SPeter Avalos	struct dump_info *dump_info;
41c99275SPeter Avalos
41c99275SPeter Avalos	++packets_captured;
41c99275SPeter Avalos
41c99275SPeter Avalos	++infodelay;
41c99275SPeter Avalos
41c99275SPeter Avalos	dump_info = (struct dump_info *)user;
41c99275SPeter Avalos
41c99275SPeter Avalos	/*
ea7b4bf5SPeter Avalos	 * XXX - this won't force the file to rotate on the specified time
ea7b4bf5SPeter Avalos	 * boundary, but it will rotate on the first packet received after the
ea7b4bf5SPeter Avalos	 * specified Gflag number of seconds. Note: if a Gflag time boundary
ea7b4bf5SPeter Avalos	 * and a Cflag size boundary coincide, the time rotation will occur
ea7b4bf5SPeter Avalos	 * first thereby cancelling the Cflag boundary (since the file should
ea7b4bf5SPeter Avalos	 * be 0).
41c99275SPeter Avalos	 */
ea7b4bf5SPeter Avalos	if (Gflag != 0) {
ea7b4bf5SPeter Avalos		/* Check if it is time to rotate */
ea7b4bf5SPeter Avalos		time_t t;
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos		/* Get the current time */
ea7b4bf5SPeter Avalos		if ((t = time(NULL)) == (time_t)-1) {
*ed775ee7SAntonio Huete Jimenez			error("%s: can't get current_time: %s",
*ed775ee7SAntonio Huete Jimenez			    __func__, pcap_strerror(errno));
ea7b4bf5SPeter Avalos		}
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos		/* If the time is greater than the specified window, rotate */
ea7b4bf5SPeter Avalos		if (t - Gflag_time >= Gflag) {
411677aeSAaron LI#ifdef HAVE_CAPSICUM
411677aeSAaron LI			FILE *fp;
411677aeSAaron LI			int fd;
411677aeSAaron LI#endif
411677aeSAaron LI
ea7b4bf5SPeter Avalos			/* Update the Gflag_time */
ea7b4bf5SPeter Avalos			Gflag_time = t;
ea7b4bf5SPeter Avalos			/* Update Gflag_count */
ea7b4bf5SPeter Avalos			Gflag_count++;
41c99275SPeter Avalos			/*
41c99275SPeter Avalos			 * Close the current file and open a new one.
41c99275SPeter Avalos			 */
*ed775ee7SAntonio Huete Jimenez			pcap_dump_close(dump_info->pdd);
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos			/*
ea7b4bf5SPeter Avalos			 * Compress the file we just closed, if the user asked for it
ea7b4bf5SPeter Avalos			 */
ea7b4bf5SPeter Avalos			if (zflag != NULL)
ea7b4bf5SPeter Avalos				compress_savefile(dump_info->CurrentFileName);
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos			/*
ea7b4bf5SPeter Avalos			 * Check to see if we've exceeded the Wflag (when
ea7b4bf5SPeter Avalos			 * not using Cflag).
ea7b4bf5SPeter Avalos			 */
ea7b4bf5SPeter Avalos			if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) {
ea7b4bf5SPeter Avalos				(void)fprintf(stderr, "Maximum file limit reached: %d\n",
ea7b4bf5SPeter Avalos				    Wflag);
411677aeSAaron LI				info(1);
*ed775ee7SAntonio Huete Jimenez				exit_tcpdump(S_SUCCESS);
ea7b4bf5SPeter Avalos				/* NOTREACHED */
ea7b4bf5SPeter Avalos			}
ea7b4bf5SPeter Avalos			if (dump_info->CurrentFileName != NULL)
ea7b4bf5SPeter Avalos				free(dump_info->CurrentFileName);
ea7b4bf5SPeter Avalos			/* Allocate space for max filename + \0. */
411677aeSAaron LI			dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1);
ea7b4bf5SPeter Avalos			if (dump_info->CurrentFileName == NULL)
ea7b4bf5SPeter Avalos				error("dump_packet_and_trunc: malloc");
ea7b4bf5SPeter Avalos			/*
411677aeSAaron LI			 * Gflag was set otherwise we wouldn't be here. Reset the count
411677aeSAaron LI			 * so multiple files would end with 1,2,3 in the filename.
411677aeSAaron LI			 * The counting is handled with the -C flow after this.
411677aeSAaron LI			 */
411677aeSAaron LI			Cflag_count = 0;
411677aeSAaron LI
411677aeSAaron LI			/*
ea7b4bf5SPeter Avalos			 * This is always the first file in the Cflag
ea7b4bf5SPeter Avalos			 * rotation: e.g. 0
ea7b4bf5SPeter Avalos			 * We also don't need numbering if Cflag is not set.
ea7b4bf5SPeter Avalos			 */
ea7b4bf5SPeter Avalos			if (Cflag != 0)
ea7b4bf5SPeter Avalos				MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0,
ea7b4bf5SPeter Avalos				    WflagChars);
ea7b4bf5SPeter Avalos			else
ea7b4bf5SPeter Avalos				MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0);
ea7b4bf5SPeter Avalos
411677aeSAaron LI#ifdef HAVE_LIBCAP_NG
411677aeSAaron LI			capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
411677aeSAaron LI			capng_apply(CAPNG_SELECT_BOTH);
411677aeSAaron LI#endif /* HAVE_LIBCAP_NG */
411677aeSAaron LI#ifdef HAVE_CAPSICUM
411677aeSAaron LI			fd = openat(dump_info->dirfd,
411677aeSAaron LI			    dump_info->CurrentFileName,
411677aeSAaron LI			    O_CREAT | O_WRONLY | O_TRUNC, 0644);
411677aeSAaron LI			if (fd < 0) {
411677aeSAaron LI				error("unable to open file %s",
411677aeSAaron LI				    dump_info->CurrentFileName);
411677aeSAaron LI			}
411677aeSAaron LI			fp = fdopen(fd, "w");
411677aeSAaron LI			if (fp == NULL) {
411677aeSAaron LI				error("unable to fdopen file %s",
411677aeSAaron LI				    dump_info->CurrentFileName);
411677aeSAaron LI			}
*ed775ee7SAntonio Huete Jimenez			dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
411677aeSAaron LI#else	/* !HAVE_CAPSICUM */
*ed775ee7SAntonio Huete Jimenez			dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
411677aeSAaron LI#endif
411677aeSAaron LI#ifdef HAVE_LIBCAP_NG
411677aeSAaron LI			capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
411677aeSAaron LI			capng_apply(CAPNG_SELECT_BOTH);
411677aeSAaron LI#endif /* HAVE_LIBCAP_NG */
*ed775ee7SAntonio Huete Jimenez			if (dump_info->pdd == NULL)
ea7b4bf5SPeter Avalos				error("%s", pcap_geterr(pd));
411677aeSAaron LI#ifdef HAVE_CAPSICUM
*ed775ee7SAntonio Huete Jimenez			set_dumper_capsicum_rights(dump_info->pdd);
411677aeSAaron LI#endif
ea7b4bf5SPeter Avalos		}
ea7b4bf5SPeter Avalos	}
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos	/*
ea7b4bf5SPeter Avalos	 * XXX - this won't prevent capture files from getting
ea7b4bf5SPeter Avalos	 * larger than Cflag - the last packet written to the
ea7b4bf5SPeter Avalos	 * file could put it over Cflag.
ea7b4bf5SPeter Avalos	 */
411677aeSAaron LI	if (Cflag != 0) {
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_DUMP_FTELL64
*ed775ee7SAntonio Huete Jimenez		int64_t size = pcap_dump_ftell64(dump_info->pdd);
*ed775ee7SAntonio Huete Jimenez#else
*ed775ee7SAntonio Huete Jimenez		/*
*ed775ee7SAntonio Huete Jimenez		 * XXX - this only handles a Cflag value > 2^31-1 on
*ed775ee7SAntonio Huete Jimenez		 * LP64 platforms; to handle ILP32 (32-bit UN*X and
*ed775ee7SAntonio Huete Jimenez		 * Windows) or LLP64 (64-bit Windows) would require
*ed775ee7SAntonio Huete Jimenez		 * a version of libpcap with pcap_dump_ftell64().
*ed775ee7SAntonio Huete Jimenez		 */
*ed775ee7SAntonio Huete Jimenez		long size = pcap_dump_ftell(dump_info->pdd);
*ed775ee7SAntonio Huete Jimenez#endif
411677aeSAaron LI
411677aeSAaron LI		if (size == -1)
411677aeSAaron LI			error("ftell fails on output file");
411677aeSAaron LI		if (size > Cflag) {
411677aeSAaron LI#ifdef HAVE_CAPSICUM
411677aeSAaron LI			FILE *fp;
411677aeSAaron LI			int fd;
411677aeSAaron LI#endif
411677aeSAaron LI
ea7b4bf5SPeter Avalos			/*
ea7b4bf5SPeter Avalos			 * Close the current file and open a new one.
ea7b4bf5SPeter Avalos			 */
*ed775ee7SAntonio Huete Jimenez			pcap_dump_close(dump_info->pdd);
ea7b4bf5SPeter Avalos
ea7b4bf5SPeter Avalos			/*
411677aeSAaron LI			 * Compress the file we just closed, if the user
411677aeSAaron LI			 * asked for it.
ea7b4bf5SPeter Avalos			 */
ea7b4bf5SPeter Avalos			if (zflag != NULL)
ea7b4bf5SPeter Avalos				compress_savefile(dump_info->CurrentFileName);
ea7b4bf5SPeter Avalos
41c99275SPeter Avalos			Cflag_count++;
41c99275SPeter Avalos			if (Wflag > 0) {
41c99275SPeter Avalos				if (Cflag_count >= Wflag)
41c99275SPeter Avalos					Cflag_count = 0;
41c99275SPeter Avalos			}
ea7b4bf5SPeter Avalos			if (dump_info->CurrentFileName != NULL)
ea7b4bf5SPeter Avalos				free(dump_info->CurrentFileName);
411677aeSAaron LI			dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1);
ea7b4bf5SPeter Avalos			if (dump_info->CurrentFileName == NULL)
*ed775ee7SAntonio Huete Jimenez				error("%s: malloc", __func__);
ea7b4bf5SPeter Avalos			MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars);
411677aeSAaron LI#ifdef HAVE_LIBCAP_NG
411677aeSAaron LI			capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
411677aeSAaron LI			capng_apply(CAPNG_SELECT_BOTH);
411677aeSAaron LI#endif /* HAVE_LIBCAP_NG */
411677aeSAaron LI#ifdef HAVE_CAPSICUM
411677aeSAaron LI			fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
411677aeSAaron LI			    O_CREAT | O_WRONLY | O_TRUNC, 0644);
411677aeSAaron LI			if (fd < 0) {
411677aeSAaron LI				error("unable to open file %s",
411677aeSAaron LI				    dump_info->CurrentFileName);
411677aeSAaron LI			}
411677aeSAaron LI			fp = fdopen(fd, "w");
411677aeSAaron LI			if (fp == NULL) {
411677aeSAaron LI				error("unable to fdopen file %s",
411677aeSAaron LI				    dump_info->CurrentFileName);
411677aeSAaron LI			}
*ed775ee7SAntonio Huete Jimenez			dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
411677aeSAaron LI#else	/* !HAVE_CAPSICUM */
*ed775ee7SAntonio Huete Jimenez			dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
411677aeSAaron LI#endif
411677aeSAaron LI#ifdef HAVE_LIBCAP_NG
411677aeSAaron LI			capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
411677aeSAaron LI			capng_apply(CAPNG_SELECT_BOTH);
411677aeSAaron LI#endif /* HAVE_LIBCAP_NG */
*ed775ee7SAntonio Huete Jimenez			if (dump_info->pdd == NULL)
41c99275SPeter Avalos				error("%s", pcap_geterr(pd));
411677aeSAaron LI#ifdef HAVE_CAPSICUM
*ed775ee7SAntonio Huete Jimenez			set_dumper_capsicum_rights(dump_info->pdd);
411677aeSAaron LI#endif
411677aeSAaron LI		}
41c99275SPeter Avalos	}
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez	pcap_dump((u_char *)dump_info->pdd, h, sp);
41c99275SPeter Avalos#ifdef HAVE_PCAP_DUMP_FLUSH
41c99275SPeter Avalos	if (Uflag)
*ed775ee7SAntonio Huete Jimenez		pcap_dump_flush(dump_info->pdd);
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez	if (dump_info->ndo != NULL)
*ed775ee7SAntonio Huete Jimenez		pretty_print_packet(dump_info->ndo, h, sp, packets_captured);
*ed775ee7SAntonio Huete Jimenez
41c99275SPeter Avalos	--infodelay;
41c99275SPeter Avalos	if (infoprint)
41c99275SPeter Avalos		info(0);
41c99275SPeter Avalos}
41c99275SPeter Avalos
41c99275SPeter Avalosstatic void
41c99275SPeter Avalosdump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
41c99275SPeter Avalos{
*ed775ee7SAntonio Huete Jimenez	struct dump_info *dump_info;
*ed775ee7SAntonio Huete Jimenez
41c99275SPeter Avalos	++packets_captured;
41c99275SPeter Avalos
41c99275SPeter Avalos	++infodelay;
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez	dump_info = (struct dump_info *)user;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez	pcap_dump((u_char *)dump_info->pdd, h, sp);
41c99275SPeter Avalos#ifdef HAVE_PCAP_DUMP_FLUSH
41c99275SPeter Avalos	if (Uflag)
*ed775ee7SAntonio Huete Jimenez		pcap_dump_flush(dump_info->pdd);
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez	if (dump_info->ndo != NULL)
*ed775ee7SAntonio Huete Jimenez		pretty_print_packet(dump_info->ndo, h, sp, packets_captured);
*ed775ee7SAntonio Huete Jimenez
41c99275SPeter Avalos	--infodelay;
41c99275SPeter Avalos	if (infoprint)
41c99275SPeter Avalos		info(0);
41c99275SPeter Avalos}
41c99275SPeter Avalos
41c99275SPeter Avalosstatic void
41c99275SPeter Avalosprint_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
41c99275SPeter Avalos{
41c99275SPeter Avalos	++packets_captured;
41c99275SPeter Avalos
41c99275SPeter Avalos	++infodelay;
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez	if (!count_mode)
411677aeSAaron LI		pretty_print_packet((netdissect_options *)user, h, sp, packets_captured);
41c99275SPeter Avalos
41c99275SPeter Avalos	--infodelay;
41c99275SPeter Avalos	if (infoprint)
41c99275SPeter Avalos		info(0);
41c99275SPeter Avalos}
41c99275SPeter Avalos
6263709fSPeter Avalos#ifdef SIGNAL_REQ_INFO
*ed775ee7SAntonio Huete Jimenezstatic void
*ed775ee7SAntonio Huete Jimenezrequestinfo(int signo _U_)
41c99275SPeter Avalos{
41c99275SPeter Avalos	if (infodelay)
41c99275SPeter Avalos		++infoprint;
41c99275SPeter Avalos	else
41c99275SPeter Avalos		info(0);
41c99275SPeter Avalos}
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez#ifdef SIGNAL_FLUSH_PCAP
*ed775ee7SAntonio Huete Jimenezstatic void
*ed775ee7SAntonio Huete Jimenezflushpcap(int signo _U_)
41c99275SPeter Avalos{
*ed775ee7SAntonio Huete Jimenez	if (pdd != NULL)
*ed775ee7SAntonio Huete Jimenez		pcap_dump_flush(pdd);
41c99275SPeter Avalos}
41c99275SPeter Avalos#endif
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenezstatic void
*ed775ee7SAntonio Huete Jimenezprint_packets_captured (void)
*ed775ee7SAntonio Huete Jimenez{
*ed775ee7SAntonio Huete Jimenez	static u_int prev_packets_captured, first = 1;
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez	if (infodelay == 0 && (first || packets_captured != prev_packets_captured)) {
*ed775ee7SAntonio Huete Jimenez		fprintf(stderr, "Got %u\r", packets_captured);
*ed775ee7SAntonio Huete Jimenez		first = 0;
*ed775ee7SAntonio Huete Jimenez		prev_packets_captured = packets_captured;
*ed775ee7SAntonio Huete Jimenez	}
*ed775ee7SAntonio Huete Jimenez}
*ed775ee7SAntonio Huete Jimenez
*ed775ee7SAntonio Huete Jimenez/*
*ed775ee7SAntonio Huete Jimenez * Called once each second in verbose mode while dumping to file
*ed775ee7SAntonio Huete Jimenez */
*ed775ee7SAntonio Huete Jimenez#ifdef _WIN32
*ed775ee7SAntonio Huete Jimenezstatic void CALLBACK verbose_stats_dump(PVOID param _U_,
*ed775ee7SAntonio Huete Jimenez    BOOLEAN timer_fired _U_)
*ed775ee7SAntonio Huete Jimenez{
*ed775ee7SAntonio Huete Jimenez	print_packets_captured();
*ed775ee7SAntonio Huete Jimenez}
*ed775ee7SAntonio Huete Jimenez#else /* _WIN32 */
*ed775ee7SAntonio Huete Jimenezstatic void verbose_stats_dump(int sig _U_)
*ed775ee7SAntonio Huete Jimenez{
*ed775ee7SAntonio Huete Jimenez	print_packets_captured();
*ed775ee7SAntonio Huete Jimenez}
*ed775ee7SAntonio Huete Jimenez#endif /* _WIN32 */
*ed775ee7SAntonio Huete Jimenez
411677aeSAaron LIUSES_APPLE_DEPRECATED_API
41c99275SPeter Avalosstatic void
*ed775ee7SAntonio Huete Jimenezprint_version(FILE *f)
41c99275SPeter Avalos{
41c99275SPeter Avalos#ifndef HAVE_PCAP_LIB_VERSION
*ed775ee7SAntonio Huete Jimenez  #ifdef HAVE_PCAP_VERSION
41c99275SPeter Avalos	extern char pcap_version[];
*ed775ee7SAntonio Huete Jimenez  #else /* HAVE_PCAP_VERSION */
41c99275SPeter Avalos	static char pcap_version[] = "unknown";
*ed775ee7SAntonio Huete Jimenez  #endif /* HAVE_PCAP_VERSION */
41c99275SPeter Avalos#endif /* HAVE_PCAP_LIB_VERSION */
411677aeSAaron LI	const char *smi_version_string;
41c99275SPeter Avalos
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f, "%s version " PACKAGE_VERSION "\n", program_name);
41c99275SPeter Avalos#ifdef HAVE_PCAP_LIB_VERSION
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f, "%s\n", pcap_lib_version());
41c99275SPeter Avalos#else /* HAVE_PCAP_LIB_VERSION */
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f, "libpcap version %s\n", pcap_version);
41c99275SPeter Avalos#endif /* HAVE_PCAP_LIB_VERSION */
411677aeSAaron LI
411677aeSAaron LI#if defined(HAVE_LIBCRYPTO) && defined(SSLEAY_VERSION)
*ed775ee7SAntonio Huete Jimenez	(void)fprintf (f, "%s\n", SSLeay_version(SSLEAY_VERSION));
411677aeSAaron LI#endif
411677aeSAaron LI
411677aeSAaron LI	smi_version_string = nd_smi_version_string();
411677aeSAaron LI	if (smi_version_string != NULL)
*ed775ee7SAntonio Huete Jimenez		(void)fprintf (f, "SMI-library: %s\n", smi_version_string);
411677aeSAaron LI
411677aeSAaron LI#if defined(__SANITIZE_ADDRESS__)
*ed775ee7SAntonio Huete Jimenez	(void)fprintf (f, "Compiled with AddressSanitizer/GCC.\n");
411677aeSAaron LI#elif defined(__has_feature)
411677aeSAaron LI#  if __has_feature(address_sanitizer)
*ed775ee7SAntonio Huete Jimenez	(void)fprintf (f, "Compiled with AddressSanitizer/Clang.\n");
*ed775ee7SAntonio Huete Jimenez#  elif __has_feature(memory_sanitizer)
*ed775ee7SAntonio Huete Jimenez	(void)fprintf (f, "Compiled with MemorySanitizer/Clang.\n");
411677aeSAaron LI#  endif
411677aeSAaron LI#endif /* __SANITIZE_ADDRESS__ or __has_feature */
411677aeSAaron LI}
411677aeSAaron LIUSES_APPLE_RST
411677aeSAaron LI
411677aeSAaron LIstatic void
*ed775ee7SAntonio Huete Jimenezprint_usage(FILE *f)
411677aeSAaron LI{
*ed775ee7SAntonio Huete Jimenez	print_version(f);
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f,
*ed775ee7SAntonio Huete Jimenez"Usage: %s [-Abd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqStu" U_FLAG "vxX#]" B_FLAG_USAGE " [ -c count ] [--count]\n", program_name);
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f,
ea7b4bf5SPeter Avalos"\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f,
*ed775ee7SAntonio Huete Jimenez"\t\t[ -i interface ]" IMMEDIATE_MODE_USAGE j_FLAG_USAGE "\n");
*ed775ee7SAntonio Huete Jimenez#ifdef HAVE_PCAP_FINDALLDEVS_EX
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f,
*ed775ee7SAntonio Huete Jimenez"\t\t" LIST_REMOTE_INTERFACES_USAGE "\n");
411677aeSAaron LI#endif
*ed775ee7SAntonio Huete Jimenez#ifdef USE_LIBSMI
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f,
*ed775ee7SAntonio Huete Jimenez"\t\t" m_FLAG_USAGE "\n");
*ed775ee7SAntonio Huete Jimenez#endif
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f,
*ed775ee7SAntonio Huete Jimenez"\t\t[ -M secret ] [ --number ] [ --print ]" Q_FLAG_USAGE "\n");
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f,
*ed775ee7SAntonio Huete Jimenez"\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ --version ]\n");
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f,
*ed775ee7SAntonio Huete Jimenez"\t\t[ -V file ] [ -w file ] [ -W filecount ] [ -y datalinktype ]\n");
411677aeSAaron LI#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f,
*ed775ee7SAntonio Huete Jimenez"\t\t[ --time-stamp-precision precision ] [ --micro ] [ --nano ]\n");
411677aeSAaron LI#endif
*ed775ee7SAntonio Huete Jimenez	(void)fprintf(f,
*ed775ee7SAntonio Huete Jimenez"\t\t[ -z postrotate-command ] [ -Z user ] [ expression ]\n");
41c99275SPeter Avalos}