1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Support for splitting captures into multiple files with a maximum 22 * file size: 23 * 24 * Copyright (c) 2001 25 * Seth Webster <swebster@sst.ll.mit.edu> 26 */ 27 28 #include <sys/cdefs.h> 29 #ifndef lint 30 #if 0 31 static const char copyright[] _U_ = 32 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ 33 The Regents of the University of California. All rights reserved.\n"; 34 static const char rcsid[] _U_ = 35 "@(#) Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp (LBL)"; 36 #else 37 __RCSID("$NetBSD: tcpdump.c,v 1.8 2014/05/13 20:29:59 christos Exp $"); 38 #endif 39 #endif 40 41 /* 42 * tcpdump - monitor tcp/ip traffic on an ethernet. 43 * 44 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. 45 * Mercilessly hacked and occasionally improved since then via the 46 * combined efforts of Van, Steve McCanne and Craig Leres of LBL. 47 */ 48 49 #ifdef HAVE_CONFIG_H 50 #include "config.h" 51 #endif 52 53 #include <tcpdump-stdinc.h> 54 55 #ifdef WIN32 56 #include "getopt.h" 57 #include "w32_fzs.h" 58 extern int strcasecmp (const char *__s1, const char *__s2); 59 extern int SIZE_BUF; 60 #define off_t long 61 #define uint UINT 62 #endif /* WIN32 */ 63 64 #ifdef HAVE_SMI_H 65 #include <smi.h> 66 #endif 67 68 #include <pcap.h> 69 #include <signal.h> 70 #include <stdio.h> 71 #include <stdlib.h> 72 #include <string.h> 73 #include <limits.h> 74 #include <resolv.h> 75 #ifndef WIN32 76 #include <sys/wait.h> 77 #include <sys/resource.h> 78 #include <pwd.h> 79 #include <grp.h> 80 #include <errno.h> 81 #endif /* WIN32 */ 82 83 /* capabilities convinience library */ 84 #ifdef HAVE_CAP_NG_H 85 #include <cap-ng.h> 86 #endif /* HAVE_CAP_NG_H */ 87 88 #include "netdissect.h" 89 #include "interface.h" 90 #include "addrtoname.h" 91 #include "machdep.h" 92 #include "setsignal.h" 93 #include "gmt2local.h" 94 #include "pcap-missing.h" 95 96 #ifndef PATH_MAX 97 #define PATH_MAX 1024 98 #endif 99 100 #ifdef SIGINFO 101 #define SIGNAL_REQ_INFO SIGINFO 102 #elif SIGUSR1 103 #define SIGNAL_REQ_INFO SIGUSR1 104 #endif 105 106 netdissect_options Gndo; 107 netdissect_options *gndo = &Gndo; 108 109 static int dflag; /* print filter code */ 110 static int Lflag; /* list available data link types and exit */ 111 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 112 static int Jflag; /* list available time stamp types */ 113 #endif 114 #ifdef HAVE_PCAP_SETDIRECTION 115 int Pflag = -1; /* Restrict captured packet by sent/receive direction */ 116 #endif 117 static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */ 118 119 static int infodelay; 120 static int infoprint; 121 122 char *program_name; 123 124 int32_t thiszone; /* seconds offset from gmt to local time */ 125 126 /* Forwards */ 127 static RETSIGTYPE cleanup(int); 128 static RETSIGTYPE child_cleanup(int); 129 static void usage(void) __attribute__((noreturn)); 130 static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn)); 131 132 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 133 static void ndo_default_print(netdissect_options *, const u_char *, u_int); 134 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); 135 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 136 static void droproot(const char *, const char *); 137 static void ndo_error(netdissect_options *ndo, const char *fmt, ...) 138 __attribute__ ((noreturn, format (printf, 2, 3))); 139 static void ndo_warning(netdissect_options *ndo, const char *fmt, ...); 140 141 #ifdef SIGNAL_REQ_INFO 142 RETSIGTYPE requestinfo(int); 143 #endif 144 145 #if defined(USE_WIN32_MM_TIMER) 146 #include <MMsystem.h> 147 static UINT timer_id; 148 static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR); 149 #elif defined(HAVE_ALARM) 150 static void verbose_stats_dump(int sig); 151 #endif 152 153 static void info(int); 154 static u_int packets_captured; 155 156 struct printer { 157 if_printer f; 158 int type; 159 }; 160 161 162 struct ndo_printer { 163 if_ndo_printer f; 164 int type; 165 }; 166 167 168 static struct printer printers[] = { 169 { arcnet_if_print, DLT_ARCNET }, 170 #ifdef DLT_ARCNET_LINUX 171 { arcnet_linux_if_print, DLT_ARCNET_LINUX }, 172 #endif 173 { token_if_print, DLT_IEEE802 }, 174 #ifdef DLT_LANE8023 175 { lane_if_print, DLT_LANE8023 }, 176 #endif 177 #ifdef DLT_CIP 178 { cip_if_print, DLT_CIP }, 179 #endif 180 #ifdef DLT_ATM_CLIP 181 { cip_if_print, DLT_ATM_CLIP }, 182 #endif 183 { sl_if_print, DLT_SLIP }, 184 #ifdef DLT_SLIP_BSDOS 185 { sl_bsdos_if_print, DLT_SLIP_BSDOS }, 186 #endif 187 { ppp_if_print, DLT_PPP }, 188 #ifdef DLT_PPP_WITHDIRECTION 189 { ppp_if_print, DLT_PPP_WITHDIRECTION }, 190 #endif 191 #ifdef DLT_PPP_BSDOS 192 { ppp_bsdos_if_print, DLT_PPP_BSDOS }, 193 #endif 194 { fddi_if_print, DLT_FDDI }, 195 { null_if_print, DLT_NULL }, 196 #ifdef DLT_LOOP 197 { null_if_print, DLT_LOOP }, 198 #endif 199 { raw_if_print, DLT_RAW }, 200 { atm_if_print, DLT_ATM_RFC1483 }, 201 #ifdef DLT_C_HDLC 202 { chdlc_if_print, DLT_C_HDLC }, 203 #endif 204 #ifdef DLT_HDLC 205 { chdlc_if_print, DLT_HDLC }, 206 #endif 207 #ifdef DLT_PPP_SERIAL 208 { ppp_hdlc_if_print, DLT_PPP_SERIAL }, 209 #endif 210 #ifdef DLT_PPP_ETHER 211 { pppoe_if_print, DLT_PPP_ETHER }, 212 #endif 213 #ifdef DLT_LINUX_SLL 214 { sll_if_print, DLT_LINUX_SLL }, 215 #endif 216 #ifdef DLT_IEEE802_11 217 { ieee802_11_if_print, DLT_IEEE802_11}, 218 #endif 219 #ifdef DLT_LTALK 220 { ltalk_if_print, DLT_LTALK }, 221 #endif 222 #if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H) 223 { pflog_if_print, DLT_PFLOG }, 224 #endif 225 #ifdef DLT_PFSYNC 226 { pfsync_if_print, DLT_PFSYNC }, 227 #endif 228 #ifdef DLT_FR 229 { fr_if_print, DLT_FR }, 230 #endif 231 #ifdef DLT_FRELAY 232 { fr_if_print, DLT_FRELAY }, 233 #endif 234 #ifdef DLT_SUNATM 235 { sunatm_if_print, DLT_SUNATM }, 236 #endif 237 #ifdef DLT_IP_OVER_FC 238 { ipfc_if_print, DLT_IP_OVER_FC }, 239 #endif 240 #ifdef DLT_PRISM_HEADER 241 { prism_if_print, DLT_PRISM_HEADER }, 242 #endif 243 #ifdef DLT_IEEE802_11_RADIO 244 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, 245 #endif 246 #ifdef DLT_ENC 247 { enc_if_print, DLT_ENC }, 248 #endif 249 #ifdef DLT_SYMANTEC_FIREWALL 250 { symantec_if_print, DLT_SYMANTEC_FIREWALL }, 251 #endif 252 #ifdef DLT_APPLE_IP_OVER_IEEE1394 253 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, 254 #endif 255 #ifdef DLT_IEEE802_11_RADIO_AVS 256 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, 257 #endif 258 #ifdef DLT_JUNIPER_ATM1 259 { juniper_atm1_print, DLT_JUNIPER_ATM1 }, 260 #endif 261 #ifdef DLT_JUNIPER_ATM2 262 { juniper_atm2_print, DLT_JUNIPER_ATM2 }, 263 #endif 264 #ifdef DLT_JUNIPER_MFR 265 { juniper_mfr_print, DLT_JUNIPER_MFR }, 266 #endif 267 #ifdef DLT_JUNIPER_MLFR 268 { juniper_mlfr_print, DLT_JUNIPER_MLFR }, 269 #endif 270 #ifdef DLT_JUNIPER_MLPPP 271 { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, 272 #endif 273 #ifdef DLT_JUNIPER_PPPOE 274 { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, 275 #endif 276 #ifdef DLT_JUNIPER_PPPOE_ATM 277 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, 278 #endif 279 #ifdef DLT_JUNIPER_GGSN 280 { juniper_ggsn_print, DLT_JUNIPER_GGSN }, 281 #endif 282 #ifdef DLT_JUNIPER_ES 283 { juniper_es_print, DLT_JUNIPER_ES }, 284 #endif 285 #ifdef DLT_JUNIPER_MONITOR 286 { juniper_monitor_print, DLT_JUNIPER_MONITOR }, 287 #endif 288 #ifdef DLT_JUNIPER_SERVICES 289 { juniper_services_print, DLT_JUNIPER_SERVICES }, 290 #endif 291 #ifdef DLT_JUNIPER_ETHER 292 { juniper_ether_print, DLT_JUNIPER_ETHER }, 293 #endif 294 #ifdef DLT_JUNIPER_PPP 295 { juniper_ppp_print, DLT_JUNIPER_PPP }, 296 #endif 297 #ifdef DLT_JUNIPER_FRELAY 298 { juniper_frelay_print, DLT_JUNIPER_FRELAY }, 299 #endif 300 #ifdef DLT_JUNIPER_CHDLC 301 { juniper_chdlc_print, DLT_JUNIPER_CHDLC }, 302 #endif 303 #ifdef DLT_MFR 304 { mfr_if_print, DLT_MFR }, 305 #endif 306 #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H) 307 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, 308 #endif 309 #ifdef HAVE_PCAP_USB_H 310 #ifdef DLT_USB_LINUX 311 { usb_linux_48_byte_print, DLT_USB_LINUX}, 312 #endif /* DLT_USB_LINUX */ 313 #ifdef DLT_USB_LINUX_MMAPPED 314 { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED}, 315 #endif /* DLT_USB_LINUX_MMAPPED */ 316 #endif /* HAVE_PCAP_USB_H */ 317 #ifdef DLT_IPV4 318 { raw_if_print, DLT_IPV4 }, 319 #endif 320 #ifdef DLT_IPV6 321 { raw_if_print, DLT_IPV6 }, 322 #endif 323 { NULL, 0 }, 324 }; 325 326 static struct ndo_printer ndo_printers[] = { 327 { ether_if_print, DLT_EN10MB }, 328 #ifdef DLT_IPNET 329 { ipnet_if_print, DLT_IPNET }, 330 #endif 331 #ifdef DLT_IEEE802_15_4 332 { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, 333 #endif 334 #ifdef DLT_IEEE802_15_4_NOFCS 335 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS }, 336 #endif 337 #ifdef DLT_PPI 338 { ppi_if_print, DLT_PPI }, 339 #endif 340 #ifdef DLT_NETANALYZER 341 { netanalyzer_if_print, DLT_NETANALYZER }, 342 #endif 343 #ifdef DLT_NETANALYZER_TRANSPARENT 344 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, 345 #endif 346 #ifdef DLT_NFLOG 347 { nflog_if_print, DLT_NFLOG}, 348 #endif 349 { NULL, 0 }, 350 }; 351 352 if_printer 353 lookup_printer(int type) 354 { 355 struct printer *p; 356 357 for (p = printers; p->f; ++p) 358 if (type == p->type) 359 return p->f; 360 361 return NULL; 362 /* NOTREACHED */ 363 } 364 365 if_ndo_printer 366 lookup_ndo_printer(int type) 367 { 368 struct ndo_printer *p; 369 370 for (p = ndo_printers; p->f; ++p) 371 if (type == p->type) 372 return p->f; 373 374 return NULL; 375 /* NOTREACHED */ 376 } 377 378 static pcap_t *pd; 379 380 static int supports_monitor_mode; 381 382 extern int optind; 383 extern int opterr; 384 extern char *optarg; 385 386 struct print_info { 387 netdissect_options *ndo; 388 union { 389 if_printer printer; 390 if_ndo_printer ndo_printer; 391 } p; 392 int ndo_type; 393 }; 394 395 struct dump_info { 396 char *WFileName; 397 char *CurrentFileName; 398 pcap_t *pd; 399 pcap_dumper_t *p; 400 }; 401 402 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 403 static void 404 show_tstamp_types_and_exit(const char *device, pcap_t *pd) 405 { 406 int n_tstamp_types; 407 int *tstamp_types = 0; 408 const char *tstamp_type_name; 409 int i; 410 411 n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types); 412 if (n_tstamp_types < 0) 413 error("%s", pcap_geterr(pd)); 414 415 if (n_tstamp_types == 0) { 416 fprintf(stderr, "Time stamp type cannot be set for %s\n", 417 device); 418 exit(0); 419 } 420 fprintf(stderr, "Time stamp types for %s (use option -j to set):\n", 421 device); 422 for (i = 0; i < n_tstamp_types; i++) { 423 tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]); 424 if (tstamp_type_name != NULL) { 425 (void) fprintf(stderr, " %s (%s)\n", tstamp_type_name, 426 pcap_tstamp_type_val_to_description(tstamp_types[i])); 427 } else { 428 (void) fprintf(stderr, " %d\n", tstamp_types[i]); 429 } 430 } 431 pcap_free_tstamp_types(tstamp_types); 432 exit(0); 433 } 434 #endif 435 436 static void 437 show_dlts_and_exit(const char *device, pcap_t *pd) 438 { 439 int n_dlts; 440 int *dlts = 0; 441 const char *dlt_name; 442 443 n_dlts = pcap_list_datalinks(pd, &dlts); 444 if (n_dlts < 0) 445 error("%s", pcap_geterr(pd)); 446 else if (n_dlts == 0 || !dlts) 447 error("No data link types."); 448 449 /* 450 * If the interface is known to support monitor mode, indicate 451 * whether these are the data link types available when not in 452 * monitor mode, if -I wasn't specified, or when in monitor mode, 453 * when -I was specified (the link-layer types available in 454 * monitor mode might be different from the ones available when 455 * not in monitor mode). 456 */ 457 if (supports_monitor_mode) 458 (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n", 459 device, 460 Iflag ? "when in monitor mode" : "when not in monitor mode"); 461 else 462 (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n", 463 device); 464 465 while (--n_dlts >= 0) { 466 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]); 467 if (dlt_name != NULL) { 468 (void) fprintf(stderr, " %s (%s)", dlt_name, 469 pcap_datalink_val_to_description(dlts[n_dlts])); 470 471 /* 472 * OK, does tcpdump handle that type? 473 */ 474 if (lookup_printer(dlts[n_dlts]) == NULL 475 && lookup_ndo_printer(dlts[n_dlts]) == NULL) 476 (void) fprintf(stderr, " (printing not supported)"); 477 fprintf(stderr, "\n"); 478 } else { 479 (void) fprintf(stderr, " DLT %d (printing not supported)\n", 480 dlts[n_dlts]); 481 } 482 } 483 #ifdef HAVE_PCAP_FREE_DATALINKS 484 pcap_free_datalinks(dlts); 485 #endif 486 exit(0); 487 } 488 489 /* 490 * Set up flags that might or might not be supported depending on the 491 * version of libpcap we're using. 492 */ 493 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 494 #define B_FLAG "B:" 495 #define B_FLAG_USAGE " [ -B size ]" 496 #else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 497 #define B_FLAG 498 #define B_FLAG_USAGE 499 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 500 501 #ifdef HAVE_PCAP_CREATE 502 #define I_FLAG "I" 503 #else /* HAVE_PCAP_CREATE */ 504 #define I_FLAG 505 #endif /* HAVE_PCAP_CREATE */ 506 507 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 508 #define j_FLAG "j:" 509 #define j_FLAG_USAGE " [ -j tstamptype ]" 510 #define J_FLAG "J" 511 #else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ 512 #define j_FLAG 513 #define j_FLAG_USAGE 514 #define J_FLAG 515 #endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ 516 517 #ifdef HAVE_PCAP_FINDALLDEVS 518 #ifndef HAVE_PCAP_IF_T 519 #undef HAVE_PCAP_FINDALLDEVS 520 #endif 521 #endif 522 523 #ifdef HAVE_PCAP_FINDALLDEVS 524 #define D_FLAG "D" 525 #else 526 #define D_FLAG 527 #endif 528 529 #ifdef HAVE_PCAP_DUMP_FLUSH 530 #define U_FLAG "U" 531 #else 532 #define U_FLAG 533 #endif 534 535 #ifdef HAVE_PCAP_SETDIRECTION 536 #define P_FLAG "P:" 537 #else 538 #define P_FLAG 539 #endif 540 541 #ifndef WIN32 542 /* Drop root privileges and chroot if necessary */ 543 static void 544 droproot(const char *username, const char *chroot_dir) 545 { 546 struct passwd *pw = NULL; 547 548 if (chroot_dir && !username) { 549 fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); 550 exit(1); 551 } 552 553 pw = getpwnam(username); 554 if (pw) { 555 if (initgroups(pw->pw_name, pw->pw_gid) != 0) { 556 fprintf(stderr, "tcpdump: Couldn't initgroups to " 557 "'%.32s' gid=%lu: %s\n", pw->pw_name, 558 (unsigned long)pw->pw_gid, 559 pcap_strerror(errno)); 560 exit(1); 561 } 562 if (chroot_dir) { 563 setprotoent(1); 564 res_init(); 565 if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { 566 fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", 567 chroot_dir, pcap_strerror(errno)); 568 exit(1); 569 } 570 } 571 #ifdef HAVE_CAP_NG_H 572 int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); 573 if (ret < 0) { 574 printf("error : ret %d\n", ret); 575 } 576 /* We don't need CAP_SETUID and CAP_SETGID */ 577 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); 578 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); 579 capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); 580 capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); 581 capng_apply(CAPNG_SELECT_BOTH); 582 583 #else 584 if (initgroups(pw->pw_name, pw->pw_gid) != 0 || 585 setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { 586 fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", 587 username, 588 (unsigned long)pw->pw_uid, 589 (unsigned long)pw->pw_gid, 590 pcap_strerror(errno)); 591 exit(1); 592 } 593 #endif /* HAVE_CAP_NG_H */ 594 } 595 else { 596 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", 597 username); 598 exit(1); 599 } 600 } 601 #endif /* WIN32 */ 602 603 static int 604 getWflagChars(int x) 605 { 606 int c = 0; 607 608 x -= 1; 609 while (x > 0) { 610 c += 1; 611 x /= 10; 612 } 613 614 return c; 615 } 616 617 618 static void 619 MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars) 620 { 621 char *filename = malloc(PATH_MAX + 1); 622 if (filename == NULL) 623 error("Makefilename: malloc"); 624 625 /* Process with strftime if Gflag is set. */ 626 if (Gflag != 0) { 627 struct tm *local_tm; 628 629 /* Convert Gflag_time to a usable format */ 630 if ((local_tm = localtime(&Gflag_time)) == NULL) { 631 error("MakeTimedFilename: localtime"); 632 } 633 634 /* There's no good way to detect an error in strftime since a return 635 * value of 0 isn't necessarily failure. 636 */ 637 strftime(filename, PATH_MAX, orig_name, local_tm); 638 } else { 639 strncpy(filename, orig_name, PATH_MAX); 640 } 641 642 if (cnt == 0 && max_chars == 0) 643 strncpy(buffer, filename, PATH_MAX + 1); 644 else 645 if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX) 646 /* Report an error if the filename is too large */ 647 error("too many output files or filename is too long (> %d)", PATH_MAX); 648 free(filename); 649 } 650 651 static int tcpdump_printf(netdissect_options *ndo _U_, 652 const char *fmt, ...) 653 { 654 655 va_list args; 656 int ret; 657 658 va_start(args, fmt); 659 ret=vfprintf(stdout, fmt, args); 660 va_end(args); 661 662 return ret; 663 } 664 665 static struct print_info 666 get_print_info(int type) 667 { 668 struct print_info printinfo; 669 670 printinfo.ndo_type = 1; 671 printinfo.ndo = gndo; 672 printinfo.p.ndo_printer = lookup_ndo_printer(type); 673 if (printinfo.p.ndo_printer == NULL) { 674 printinfo.p.printer = lookup_printer(type); 675 printinfo.ndo_type = 0; 676 if (printinfo.p.printer == NULL) { 677 gndo->ndo_dltname = pcap_datalink_val_to_name(type); 678 if (gndo->ndo_dltname != NULL) 679 error("packet printing is not supported for link type %s: use -w", 680 gndo->ndo_dltname); 681 else 682 error("packet printing is not supported for link type %d: use -w", type); 683 } 684 } 685 return (printinfo); 686 } 687 688 static char * 689 get_next_file(FILE *VFile, char *ptr) 690 { 691 char *ret; 692 693 ret = fgets(ptr, PATH_MAX, VFile); 694 if (!ret) 695 return NULL; 696 697 if (ptr[strlen(ptr) - 1] == '\n') 698 ptr[strlen(ptr) - 1] = '\0'; 699 700 return ret; 701 } 702 703 int 704 main(int argc, char **argv) 705 { 706 register int cnt, op, i; 707 bpf_u_int32 localnet, netmask; 708 register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName; 709 pcap_handler callback; 710 int type; 711 int dlt; 712 int new_dlt; 713 const char *dlt_name; 714 struct bpf_program fcode; 715 #ifndef WIN32 716 RETSIGTYPE (*oldhandler)(int); 717 #endif 718 struct print_info printinfo; 719 struct dump_info dumpinfo; 720 u_char *pcap_userdata; 721 char ebuf[PCAP_ERRBUF_SIZE]; 722 char VFileLine[PATH_MAX + 1]; 723 char *username = NULL; 724 char *chroot_dir = NULL; 725 char *ret = NULL; 726 char *end; 727 #ifdef HAVE_PCAP_FINDALLDEVS 728 pcap_if_t *devpointer; 729 int devnum; 730 #endif 731 int status; 732 FILE *VFile; 733 #ifdef WIN32 734 if(wsockinit() != 0) return 1; 735 #endif /* WIN32 */ 736 737 jflag=-1; /* not set */ 738 gndo->ndo_Oflag=1; 739 gndo->ndo_Rflag=1; 740 gndo->ndo_dlt=-1; 741 gndo->ndo_default_print=ndo_default_print; 742 gndo->ndo_printf=tcpdump_printf; 743 gndo->ndo_error=ndo_error; 744 gndo->ndo_warning=ndo_warning; 745 gndo->ndo_snaplen = DEFAULT_SNAPLEN; 746 747 cnt = -1; 748 device = NULL; 749 infile = NULL; 750 RFileName = NULL; 751 VFileName = NULL; 752 VFile = NULL; 753 WFileName = NULL; 754 dlt = -1; 755 if ((cp = strrchr(argv[0], '/')) != NULL) 756 program_name = cp + 1; 757 else 758 program_name = argv[0]; 759 760 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) 761 error("%s", ebuf); 762 763 #ifdef LIBSMI 764 smiInit("tcpdump"); 765 #endif 766 767 while ( 768 (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOp" P_FLAG "qr:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:")) != -1) 769 switch (op) { 770 771 case 'a': 772 /* compatibility for old -a */ 773 break; 774 775 case 'A': 776 ++Aflag; 777 break; 778 779 case 'b': 780 ++bflag; 781 break; 782 783 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 784 case 'B': 785 Bflag = atoi(optarg)*1024; 786 if (Bflag <= 0) 787 error("invalid packet buffer size %s", optarg); 788 break; 789 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 790 791 case 'c': 792 cnt = atoi(optarg); 793 if (cnt <= 0) 794 error("invalid packet count %s", optarg); 795 break; 796 797 case 'C': 798 Cflag = atoi(optarg) * 1000000; 799 if (Cflag < 0) 800 error("invalid file size %s", optarg); 801 break; 802 803 case 'd': 804 ++dflag; 805 break; 806 807 #ifdef HAVE_PCAP_FINDALLDEVS 808 case 'D': 809 if (pcap_findalldevs(&devpointer, ebuf) < 0) 810 error("%s", ebuf); 811 else { 812 for (i = 0; devpointer != 0; i++) { 813 printf("%d.%s", i+1, devpointer->name); 814 if (devpointer->description != NULL) 815 printf(" (%s)", devpointer->description); 816 printf("\n"); 817 devpointer = devpointer->next; 818 } 819 } 820 return 0; 821 #endif /* HAVE_PCAP_FINDALLDEVS */ 822 823 case 'L': 824 Lflag++; 825 break; 826 827 case 'e': 828 ++eflag; 829 break; 830 831 case 'E': 832 #ifndef HAVE_LIBCRYPTO 833 warning("crypto code not compiled in"); 834 #endif 835 gndo->ndo_espsecret = optarg; 836 break; 837 838 case 'f': 839 ++fflag; 840 break; 841 842 case 'F': 843 infile = optarg; 844 break; 845 846 case 'G': 847 Gflag = atoi(optarg); 848 if (Gflag < 0) 849 error("invalid number of seconds %s", optarg); 850 851 /* We will create one file initially. */ 852 Gflag_count = 0; 853 854 /* Grab the current time for rotation use. */ 855 if ((Gflag_time = time(NULL)) == (time_t)-1) { 856 error("main: can't get current time: %s", 857 pcap_strerror(errno)); 858 } 859 break; 860 861 case 'h': 862 usage(); 863 break; 864 865 case 'H': 866 ++Hflag; 867 break; 868 869 case 'i': 870 if (optarg[0] == '0' && optarg[1] == 0) 871 error("Invalid adapter index"); 872 873 #ifdef HAVE_PCAP_FINDALLDEVS 874 /* 875 * If the argument is a number, treat it as 876 * an index into the list of adapters, as 877 * printed by "tcpdump -D". 878 * 879 * This should be OK on UNIX systems, as interfaces 880 * shouldn't have names that begin with digits. 881 * It can be useful on Windows, where more than 882 * one interface can have the same name. 883 */ 884 devnum = strtol(optarg, &end, 10); 885 if (optarg != end && *end == '\0') { 886 if (devnum < 0) 887 error("Invalid adapter index"); 888 889 if (pcap_findalldevs(&devpointer, ebuf) < 0) 890 error("%s", ebuf); 891 else { 892 /* 893 * Look for the devnum-th entry 894 * in the list of devices 895 * (1-based). 896 */ 897 for (i = 0; 898 i < devnum-1 && devpointer != NULL; 899 i++, devpointer = devpointer->next) 900 ; 901 if (devpointer == NULL) 902 error("Invalid adapter index"); 903 } 904 device = devpointer->name; 905 break; 906 } 907 #endif /* HAVE_PCAP_FINDALLDEVS */ 908 device = optarg; 909 break; 910 911 #ifdef HAVE_PCAP_CREATE 912 case 'I': 913 ++Iflag; 914 break; 915 #endif /* HAVE_PCAP_CREATE */ 916 917 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 918 case 'j': 919 jflag = pcap_tstamp_type_name_to_val(optarg); 920 if (jflag < 0) 921 error("invalid time stamp type %s", optarg); 922 break; 923 924 case 'J': 925 Jflag++; 926 break; 927 #endif 928 929 case 'l': 930 #ifdef WIN32 931 /* 932 * _IOLBF is the same as _IOFBF in Microsoft's C 933 * libraries; the only alternative they offer 934 * is _IONBF. 935 * 936 * XXX - this should really be checking for MSVC++, 937 * not WIN32, if, for example, MinGW has its own 938 * C library that is more UNIX-compatible. 939 */ 940 setvbuf(stdout, NULL, _IONBF, 0); 941 #else /* WIN32 */ 942 #ifdef HAVE_SETLINEBUF 943 setlinebuf(stdout); 944 #else 945 setvbuf(stdout, NULL, _IOLBF, 0); 946 #endif 947 #endif /* WIN32 */ 948 break; 949 950 case 'K': 951 ++Kflag; 952 break; 953 954 case 'm': 955 #ifdef LIBSMI 956 if (smiLoadModule(optarg) == 0) { 957 error("could not load MIB module %s", optarg); 958 } 959 sflag = 1; 960 #else 961 (void)fprintf(stderr, "%s: ignoring option `-m %s' ", 962 program_name, optarg); 963 (void)fprintf(stderr, "(no libsmi support)\n"); 964 #endif 965 break; 966 967 case 'M': 968 /* TCP-MD5 shared secret */ 969 #ifndef HAVE_LIBCRYPTO 970 warning("crypto code not compiled in"); 971 #endif 972 sigsecret = optarg; 973 break; 974 975 case 'n': 976 ++nflag; 977 break; 978 979 case 'N': 980 ++Nflag; 981 break; 982 983 case 'O': 984 Oflag = 0; 985 break; 986 987 case 'p': 988 ++pflag; 989 break; 990 #ifdef HAVE_PCAP_SETDIRECTION 991 case 'P': 992 if (strcasecmp(optarg, "in") == 0) 993 Pflag = PCAP_D_IN; 994 else if (strcasecmp(optarg, "out") == 0) 995 Pflag = PCAP_D_OUT; 996 else if (strcasecmp(optarg, "inout") == 0) 997 Pflag = PCAP_D_INOUT; 998 else 999 error("unknown capture direction `%s'", optarg); 1000 break; 1001 #endif /* HAVE_PCAP_SETDIRECTION */ 1002 case 'q': 1003 ++qflag; 1004 ++suppress_default_print; 1005 break; 1006 1007 case 'r': 1008 RFileName = optarg; 1009 break; 1010 1011 case 'R': 1012 Rflag = 0; 1013 break; 1014 1015 case 's': 1016 snaplen = strtol(optarg, &end, 0); 1017 if (optarg == end || *end != '\0' 1018 || snaplen < 0 || snaplen > MAXIMUM_SNAPLEN) 1019 error("invalid snaplen %s", optarg); 1020 else if (snaplen == 0) 1021 snaplen = MAXIMUM_SNAPLEN; 1022 break; 1023 1024 case 'S': 1025 ++Sflag; 1026 break; 1027 1028 case 't': 1029 ++tflag; 1030 break; 1031 1032 case 'T': 1033 if (strcasecmp(optarg, "vat") == 0) 1034 packettype = PT_VAT; 1035 else if (strcasecmp(optarg, "wb") == 0) 1036 packettype = PT_WB; 1037 else if (strcasecmp(optarg, "rpc") == 0) 1038 packettype = PT_RPC; 1039 else if (strcasecmp(optarg, "rtp") == 0) 1040 packettype = PT_RTP; 1041 else if (strcasecmp(optarg, "rtcp") == 0) 1042 packettype = PT_RTCP; 1043 else if (strcasecmp(optarg, "snmp") == 0) 1044 packettype = PT_SNMP; 1045 else if (strcasecmp(optarg, "cnfp") == 0) 1046 packettype = PT_CNFP; 1047 else if (strcasecmp(optarg, "tftp") == 0) 1048 packettype = PT_TFTP; 1049 else if (strcasecmp(optarg, "aodv") == 0) 1050 packettype = PT_AODV; 1051 else if (strcasecmp(optarg, "carp") == 0) 1052 packettype = PT_CARP; 1053 else if (strcasecmp(optarg, "radius") == 0) 1054 packettype = PT_RADIUS; 1055 else if (strcasecmp(optarg, "zmtp1") == 0) 1056 packettype = PT_ZMTP1; 1057 else if (strcasecmp(optarg, "vxlan") == 0) 1058 packettype = PT_VXLAN; 1059 else if (strcasecmp(optarg, "pgm") == 0) 1060 packettype = PT_PGM; 1061 else if (strcasecmp(optarg, "pgm_zmtp1") == 0) 1062 packettype = PT_PGM_ZMTP1; 1063 else if (strcasecmp(optarg, "lmp") == 0) 1064 packettype = PT_LMP; 1065 else 1066 error("unknown packet type `%s'", optarg); 1067 break; 1068 1069 case 'u': 1070 ++uflag; 1071 break; 1072 1073 #ifdef HAVE_PCAP_DUMP_FLUSH 1074 case 'U': 1075 ++Uflag; 1076 break; 1077 #endif 1078 1079 case 'v': 1080 ++vflag; 1081 break; 1082 1083 case 'V': 1084 VFileName = optarg; 1085 break; 1086 1087 case 'w': 1088 WFileName = optarg; 1089 break; 1090 1091 case 'W': 1092 Wflag = atoi(optarg); 1093 if (Wflag < 0) 1094 error("invalid number of output files %s", optarg); 1095 WflagChars = getWflagChars(Wflag); 1096 break; 1097 1098 case 'x': 1099 ++xflag; 1100 ++suppress_default_print; 1101 break; 1102 1103 case 'X': 1104 ++Xflag; 1105 ++suppress_default_print; 1106 break; 1107 1108 case 'y': 1109 gndo->ndo_dltname = optarg; 1110 gndo->ndo_dlt = 1111 pcap_datalink_name_to_val(gndo->ndo_dltname); 1112 if (gndo->ndo_dlt < 0) 1113 error("invalid data link type %s", gndo->ndo_dltname); 1114 break; 1115 1116 #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) 1117 case 'Y': 1118 { 1119 /* Undocumented flag */ 1120 #ifdef HAVE_PCAP_DEBUG 1121 extern int pcap_debug; 1122 pcap_debug = 1; 1123 #else 1124 extern int yydebug; 1125 yydebug = 1; 1126 #endif 1127 } 1128 break; 1129 #endif 1130 case 'z': 1131 if (optarg) { 1132 zflag = strdup(optarg); 1133 } else { 1134 usage(); 1135 /* NOTREACHED */ 1136 } 1137 break; 1138 1139 case 'Z': 1140 if (optarg) { 1141 username = strdup(optarg); 1142 } 1143 else { 1144 usage(); 1145 /* NOTREACHED */ 1146 } 1147 break; 1148 1149 default: 1150 usage(); 1151 /* NOTREACHED */ 1152 } 1153 1154 switch (tflag) { 1155 1156 case 0: /* Default */ 1157 case 4: /* Default + Date*/ 1158 thiszone = gmt2local(0); 1159 break; 1160 1161 case 1: /* No time stamp */ 1162 case 2: /* Unix timeval style */ 1163 case 3: /* Microseconds since previous packet */ 1164 case 5: /* Microseconds since first packet */ 1165 break; 1166 1167 default: /* Not supported */ 1168 error("only -t, -tt, -ttt, -tttt and -ttttt are supported"); 1169 break; 1170 } 1171 1172 if (fflag != 0 && (VFileName != NULL || RFileName != NULL)) 1173 error("-f can not be used with -V or -r"); 1174 1175 if (VFileName != NULL && RFileName != NULL) 1176 error("-V and -r are mutually exclusive."); 1177 1178 #ifdef WITH_CHROOT 1179 /* if run as root, prepare for chrooting */ 1180 if (getuid() == 0 || geteuid() == 0) { 1181 /* future extensibility for cmd-line arguments */ 1182 if (!chroot_dir) 1183 chroot_dir = WITH_CHROOT; 1184 } 1185 #endif 1186 1187 #ifdef WITH_USER 1188 /* if run as root, prepare for dropping root privileges */ 1189 if (getuid() == 0 || geteuid() == 0) { 1190 /* Run with '-Z root' to restore old behaviour */ 1191 if (!username) 1192 username = WITH_USER; 1193 } 1194 #endif 1195 1196 if (RFileName != NULL || VFileName != NULL) { 1197 /* 1198 * If RFileName is non-null, it's the pathname of a 1199 * savefile to read. If VFileName is non-null, it's 1200 * the pathname of a file containing a list of pathnames 1201 * (one per line) of savefiles to read. 1202 * 1203 * In either case, we're reading a savefile, not doing 1204 * a live capture. 1205 */ 1206 #ifndef WIN32 1207 /* 1208 * We don't need network access, so relinquish any set-UID 1209 * or set-GID privileges we have (if any). 1210 * 1211 * We do *not* want set-UID privileges when opening a 1212 * trace file, as that might let the user read other 1213 * people's trace files (especially if we're set-UID 1214 * root). 1215 */ 1216 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 ) 1217 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1218 #endif /* WIN32 */ 1219 if (VFileName != NULL) { 1220 if (VFileName[0] == '-' && VFileName[1] == '\0') 1221 VFile = stdin; 1222 else 1223 VFile = fopen(VFileName, "r"); 1224 1225 if (VFile == NULL) 1226 error("Unable to open file: %s\n", strerror(errno)); 1227 1228 ret = get_next_file(VFile, VFileLine); 1229 if (!ret) 1230 error("Nothing in %s\n", VFileName); 1231 RFileName = VFileLine; 1232 } 1233 1234 pd = pcap_open_offline(RFileName, ebuf); 1235 if (pd == NULL) 1236 error("%s", ebuf); 1237 dlt = pcap_datalink(pd); 1238 dlt_name = pcap_datalink_val_to_name(dlt); 1239 if (dlt_name == NULL) { 1240 fprintf(stderr, "reading from file %s, link-type %u\n", 1241 RFileName, dlt); 1242 } else { 1243 fprintf(stderr, 1244 "reading from file %s, link-type %s (%s)\n", 1245 RFileName, dlt_name, 1246 pcap_datalink_val_to_description(dlt)); 1247 } 1248 localnet = 0; 1249 netmask = 0; 1250 } else { 1251 /* 1252 * We're doing a live capture. 1253 */ 1254 if (device == NULL) { 1255 device = pcap_lookupdev(ebuf); 1256 if (device == NULL) 1257 error("%s", ebuf); 1258 } 1259 #ifdef WIN32 1260 /* 1261 * Print a message to the standard error on Windows. 1262 * XXX - why do it here, with a different message? 1263 */ 1264 if(strlen(device) == 1) /* we assume that an ASCII string is always longer than 1 char */ 1265 { /* a Unicode string has a \0 as second byte (so strlen() is 1) */ 1266 fprintf(stderr, "%s: listening on %ws\n", program_name, device); 1267 } 1268 else 1269 { 1270 fprintf(stderr, "%s: listening on %s\n", program_name, device); 1271 } 1272 1273 fflush(stderr); 1274 #endif /* WIN32 */ 1275 #ifdef HAVE_PCAP_CREATE 1276 pd = pcap_create(device, ebuf); 1277 if (pd == NULL) 1278 error("%s", ebuf); 1279 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 1280 if (Jflag) 1281 show_tstamp_types_and_exit(device, pd); 1282 #endif 1283 /* 1284 * Is this an interface that supports monitor mode? 1285 */ 1286 if (pcap_can_set_rfmon(pd) == 1) 1287 supports_monitor_mode = 1; 1288 else 1289 supports_monitor_mode = 0; 1290 status = pcap_set_snaplen(pd, snaplen); 1291 if (status != 0) 1292 error("%s: Can't set snapshot length: %s", 1293 device, pcap_statustostr(status)); 1294 status = pcap_set_promisc(pd, !pflag); 1295 if (status != 0) 1296 error("%s: Can't set promiscuous mode: %s", 1297 device, pcap_statustostr(status)); 1298 if (Iflag) { 1299 status = pcap_set_rfmon(pd, 1); 1300 if (status != 0) 1301 error("%s: Can't set monitor mode: %s", 1302 device, pcap_statustostr(status)); 1303 } 1304 status = pcap_set_timeout(pd, 1000); 1305 if (status != 0) 1306 error("%s: pcap_set_timeout failed: %s", 1307 device, pcap_statustostr(status)); 1308 if (Bflag != 0) { 1309 status = pcap_set_buffer_size(pd, Bflag); 1310 if (status != 0) 1311 error("%s: Can't set buffer size: %s", 1312 device, pcap_statustostr(status)); 1313 } 1314 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 1315 if (jflag != -1) { 1316 status = pcap_set_tstamp_type(pd, jflag); 1317 if (status < 0) 1318 error("%s: Can't set time stamp type: %s", 1319 device, pcap_statustostr(status)); 1320 } 1321 #endif 1322 status = pcap_activate(pd); 1323 if (status < 0) { 1324 /* 1325 * pcap_activate() failed. 1326 */ 1327 cp = pcap_geterr(pd); 1328 if (status == PCAP_ERROR) 1329 error("%s", cp); 1330 else if ((status == PCAP_ERROR_NO_SUCH_DEVICE || 1331 status == PCAP_ERROR_PERM_DENIED) && 1332 *cp != '\0') 1333 error("%s: %s\n(%s)", device, 1334 pcap_statustostr(status), cp); 1335 else 1336 error("%s: %s", device, 1337 pcap_statustostr(status)); 1338 } else if (status > 0) { 1339 /* 1340 * pcap_activate() succeeded, but it's warning us 1341 * of a problem it had. 1342 */ 1343 cp = pcap_geterr(pd); 1344 if (status == PCAP_WARNING) 1345 warning("%s", cp); 1346 else if (status == PCAP_WARNING_PROMISC_NOTSUP && 1347 *cp != '\0') 1348 warning("%s: %s\n(%s)", device, 1349 pcap_statustostr(status), cp); 1350 else 1351 warning("%s: %s", device, 1352 pcap_statustostr(status)); 1353 } 1354 #ifdef HAVE_PCAP_SETDIRECTION 1355 if (Pflag != -1) { 1356 status = pcap_setdirection(pd, Pflag); 1357 if (status != 0) 1358 error("%s: pcap_setdirection() failed: %s", 1359 device, pcap_geterr(pd)); 1360 } 1361 #endif 1362 #else 1363 *ebuf = '\0'; 1364 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); 1365 if (pd == NULL) 1366 error("%s", ebuf); 1367 else if (*ebuf) 1368 warning("%s", ebuf); 1369 #endif /* HAVE_PCAP_CREATE */ 1370 /* 1371 * Let user own process after socket has been opened. 1372 */ 1373 #ifndef WIN32 1374 if (setgid(getgid()) != 0 || setuid(getuid()) != 0) 1375 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1376 #endif /* WIN32 */ 1377 #if !defined(HAVE_PCAP_CREATE) && defined(WIN32) 1378 if(Bflag != 0) 1379 if(pcap_setbuff(pd, Bflag)==-1){ 1380 error("%s", pcap_geterr(pd)); 1381 } 1382 #endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */ 1383 if (Lflag) 1384 show_dlts_and_exit(device, pd); 1385 if (gndo->ndo_dlt >= 0) { 1386 #ifdef HAVE_PCAP_SET_DATALINK 1387 if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0) 1388 error("%s", pcap_geterr(pd)); 1389 #else 1390 /* 1391 * We don't actually support changing the 1392 * data link type, so we only let them 1393 * set it to what it already is. 1394 */ 1395 if (gndo->ndo_dlt != pcap_datalink(pd)) { 1396 error("%s is not one of the DLTs supported by this device\n", 1397 gndo->ndo_dltname); 1398 } 1399 #endif 1400 (void)fprintf(stderr, "%s: data link type %s\n", 1401 program_name, gndo->ndo_dltname); 1402 (void)fflush(stderr); 1403 } 1404 i = pcap_snapshot(pd); 1405 if (snaplen < i) { 1406 warning("snaplen raised from %d to %d", snaplen, i); 1407 snaplen = i; 1408 } 1409 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { 1410 localnet = 0; 1411 netmask = 0; 1412 warning("%s", ebuf); 1413 } 1414 } 1415 if (infile) 1416 cmdbuf = read_infile(infile); 1417 else 1418 cmdbuf = copy_argv(&argv[optind]); 1419 1420 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1421 error("%s", pcap_geterr(pd)); 1422 if (dflag) { 1423 bpf_dump(&fcode, dflag); 1424 pcap_close(pd); 1425 free(cmdbuf); 1426 exit(0); 1427 } 1428 init_addrtoname(localnet, netmask); 1429 init_checksum(); 1430 1431 #ifndef WIN32 1432 (void)setsignal(SIGPIPE, cleanup); 1433 (void)setsignal(SIGTERM, cleanup); 1434 (void)setsignal(SIGINT, cleanup); 1435 #endif /* WIN32 */ 1436 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1437 (void)setsignal(SIGCHLD, child_cleanup); 1438 #endif 1439 /* Cooperate with nohup(1) */ 1440 #ifndef WIN32 1441 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) 1442 (void)setsignal(SIGHUP, oldhandler); 1443 #endif /* WIN32 */ 1444 1445 #ifndef WIN32 1446 /* 1447 * If a user name was specified with "-Z", attempt to switch to 1448 * that user's UID. This would probably be used with sudo, 1449 * to allow tcpdump to be run in a special restricted 1450 * account (if you just want to allow users to open capture 1451 * devices, and can't just give users that permission, 1452 * you'd make tcpdump set-UID or set-GID). 1453 * 1454 * Tcpdump doesn't necessarily write only to one savefile; 1455 * the general only way to allow a -Z instance to write to 1456 * savefiles as the user under whose UID it's run, rather 1457 * than as the user specified with -Z, would thus be to switch 1458 * to the original user ID before opening a capture file and 1459 * then switch back to the -Z user ID after opening the savefile. 1460 * Switching to the -Z user ID only after opening the first 1461 * savefile doesn't handle the general case. 1462 */ 1463 1464 #ifdef HAVE_CAP_NG_H 1465 /* We are running as root and we will be writing to savefile */ 1466 if ((getuid() == 0 || geteuid() == 0) && WFileName) { 1467 if (username) { 1468 /* Drop all capabilities from effective set */ 1469 capng_clear(CAPNG_EFFECTIVE); 1470 /* Add capabilities we will need*/ 1471 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETUID); 1472 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETGID); 1473 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_DAC_OVERRIDE); 1474 1475 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETUID); 1476 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETGID); 1477 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1478 1479 capng_apply(CAPNG_SELECT_BOTH); 1480 } 1481 } 1482 #endif /* HAVE_CAP_NG_H */ 1483 1484 if (getuid() == 0 || geteuid() == 0) { 1485 if (username || chroot_dir) { 1486 #ifndef HAVE_CAP_NG_H 1487 if (!WFileName) 1488 #endif 1489 droproot(username, chroot_dir); 1490 } 1491 1492 } 1493 #endif /* WIN32 */ 1494 1495 if (pcap_setfilter(pd, &fcode) < 0) 1496 error("%s", pcap_geterr(pd)); 1497 if (WFileName) { 1498 pcap_dumper_t *p; 1499 /* Do not exceed the default PATH_MAX for files. */ 1500 dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1); 1501 1502 if (dumpinfo.CurrentFileName == NULL) 1503 error("malloc of dumpinfo.CurrentFileName"); 1504 1505 /* We do not need numbering for dumpfiles if Cflag isn't set. */ 1506 if (Cflag != 0) 1507 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars); 1508 else 1509 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); 1510 1511 p = pcap_dump_open(pd, dumpinfo.CurrentFileName); 1512 #ifdef HAVE_CAP_NG_H 1513 /* Give up capabilities, clear Effective set */ 1514 capng_clear(CAPNG_EFFECTIVE); 1515 #endif 1516 if (p == NULL) 1517 error("%s", pcap_geterr(pd)); 1518 if (Cflag != 0 || Gflag != 0) { 1519 callback = dump_packet_and_trunc; 1520 dumpinfo.WFileName = WFileName; 1521 dumpinfo.pd = pd; 1522 dumpinfo.p = p; 1523 pcap_userdata = (u_char *)&dumpinfo; 1524 } else { 1525 callback = dump_packet; 1526 pcap_userdata = (u_char *)p; 1527 } 1528 #ifdef HAVE_PCAP_DUMP_FLUSH 1529 if (Uflag) 1530 pcap_dump_flush(p); 1531 #endif 1532 } else { 1533 type = pcap_datalink(pd); 1534 printinfo = get_print_info(type); 1535 callback = print_packet; 1536 pcap_userdata = (u_char *)&printinfo; 1537 } 1538 1539 #ifdef SIGNAL_REQ_INFO 1540 /* 1541 * We can't get statistics when reading from a file rather 1542 * than capturing from a device. 1543 */ 1544 if (RFileName == NULL) 1545 (void)setsignal(SIGNAL_REQ_INFO, requestinfo); 1546 #endif 1547 1548 if (vflag > 0 && WFileName) { 1549 /* 1550 * When capturing to a file, "-v" means tcpdump should, 1551 * every 10 secodns, "v"erbosely report the number of 1552 * packets captured. 1553 */ 1554 #ifdef USE_WIN32_MM_TIMER 1555 /* call verbose_stats_dump() each 1000 +/-100msec */ 1556 timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC); 1557 setvbuf(stderr, NULL, _IONBF, 0); 1558 #elif defined(HAVE_ALARM) 1559 (void)setsignal(SIGALRM, verbose_stats_dump); 1560 alarm(1); 1561 #endif 1562 } 1563 1564 #ifndef WIN32 1565 if (RFileName == NULL) { 1566 /* 1567 * Live capture (if -V was specified, we set RFileName 1568 * to a file from the -V file). Print a message to 1569 * the standard error on UN*X. 1570 */ 1571 if (!vflag && !WFileName) { 1572 (void)fprintf(stderr, 1573 "%s: verbose output suppressed, use -v or -vv for full protocol decode\n", 1574 program_name); 1575 } else 1576 (void)fprintf(stderr, "%s: ", program_name); 1577 dlt = pcap_datalink(pd); 1578 dlt_name = pcap_datalink_val_to_name(dlt); 1579 if (dlt_name == NULL) { 1580 (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n", 1581 device, dlt, snaplen); 1582 } else { 1583 (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n", 1584 device, dlt_name, 1585 pcap_datalink_val_to_description(dlt), snaplen); 1586 } 1587 (void)fflush(stderr); 1588 } 1589 1590 /* 1591 * If a user name was specified with "-Z", attempt to switch to 1592 * that user's UID. This would probably be used with sudo, 1593 * to allow tcpdump to be run in a special restricted 1594 * account (if you just want to allow users to open capture 1595 * devices, and can't just give users that permission, 1596 * you'd make tcpdump set-UID or set-GID). 1597 * 1598 * Tcpdump doesn't necessarily write only to one savefile; 1599 * the general only way to allow a -Z instance to write to 1600 * savefiles as the user under whose UID it's run, rather 1601 * than as the user specified with -Z, would thus be to switch 1602 * to the original user ID before opening a capture file and 1603 * then switch back to the -Z user ID after opening the savefile. 1604 * Switching to the -Z user ID only after opening the first 1605 * savefile doesn't handle the general case. 1606 */ 1607 if (getuid() == 0 || geteuid() == 0) { 1608 if (username || chroot_dir) 1609 droproot(username, chroot_dir); 1610 } 1611 #endif /* WIN32 */ 1612 do { 1613 status = pcap_loop(pd, cnt, callback, pcap_userdata); 1614 if (WFileName == NULL) { 1615 /* 1616 * We're printing packets. Flush the printed output, 1617 * so it doesn't get intermingled with error output. 1618 */ 1619 if (status == -2) { 1620 /* 1621 * We got interrupted, so perhaps we didn't 1622 * manage to finish a line we were printing. 1623 * Print an extra newline, just in case. 1624 */ 1625 putchar('\n'); 1626 } 1627 (void)fflush(stdout); 1628 } 1629 if (status == -2) { 1630 /* 1631 * We got interrupted. If we are reading multiple 1632 * files (via -V) set these so that we stop. 1633 */ 1634 VFileName = NULL; 1635 ret = NULL; 1636 } 1637 if (status == -1) { 1638 /* 1639 * Error. Report it. 1640 */ 1641 (void)fprintf(stderr, "%s: pcap_loop: %s\n", 1642 program_name, pcap_geterr(pd)); 1643 } 1644 if (RFileName == NULL) { 1645 /* 1646 * We're doing a live capture. Report the capture 1647 * statistics. 1648 */ 1649 info(1); 1650 } 1651 pcap_close(pd); 1652 if (VFileName != NULL) { 1653 ret = get_next_file(VFile, VFileLine); 1654 if (ret) { 1655 RFileName = VFileLine; 1656 pd = pcap_open_offline(RFileName, ebuf); 1657 if (pd == NULL) 1658 error("%s", ebuf); 1659 new_dlt = pcap_datalink(pd); 1660 if (WFileName && new_dlt != dlt) 1661 error("%s: new dlt does not match original", RFileName); 1662 printinfo = get_print_info(new_dlt); 1663 dlt_name = pcap_datalink_val_to_name(new_dlt); 1664 if (dlt_name == NULL) { 1665 fprintf(stderr, "reading from file %s, link-type %u\n", 1666 RFileName, new_dlt); 1667 } else { 1668 fprintf(stderr, 1669 "reading from file %s, link-type %s (%s)\n", 1670 RFileName, dlt_name, 1671 pcap_datalink_val_to_description(new_dlt)); 1672 } 1673 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1674 error("%s", pcap_geterr(pd)); 1675 if (pcap_setfilter(pd, &fcode) < 0) 1676 error("%s", pcap_geterr(pd)); 1677 } 1678 } 1679 } 1680 while (ret != NULL); 1681 1682 free(cmdbuf); 1683 exit(status == -1 ? 1 : 0); 1684 } 1685 1686 /* make a clean exit on interrupts */ 1687 static RETSIGTYPE 1688 cleanup(int signo _U_) 1689 { 1690 #ifdef USE_WIN32_MM_TIMER 1691 if (timer_id) 1692 timeKillEvent(timer_id); 1693 timer_id = 0; 1694 #elif defined(HAVE_ALARM) 1695 alarm(0); 1696 #endif 1697 1698 #ifdef HAVE_PCAP_BREAKLOOP 1699 /* 1700 * We have "pcap_breakloop()"; use it, so that we do as little 1701 * as possible in the signal handler (it's probably not safe 1702 * to do anything with standard I/O streams in a signal handler - 1703 * the ANSI C standard doesn't say it is). 1704 */ 1705 pcap_breakloop(pd); 1706 #else 1707 /* 1708 * We don't have "pcap_breakloop()"; this isn't safe, but 1709 * it's the best we can do. Print the summary if we're 1710 * not reading from a savefile - i.e., if we're doing a 1711 * live capture - and exit. 1712 */ 1713 if (pd != NULL && pcap_file(pd) == NULL) { 1714 /* 1715 * We got interrupted, so perhaps we didn't 1716 * manage to finish a line we were printing. 1717 * Print an extra newline, just in case. 1718 */ 1719 putchar('\n'); 1720 (void)fflush(stdout); 1721 info(1); 1722 } 1723 exit(0); 1724 #endif 1725 } 1726 1727 /* 1728 On windows, we do not use a fork, so we do not care less about 1729 waiting a child processes to die 1730 */ 1731 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1732 static RETSIGTYPE 1733 child_cleanup(int signo _U_) 1734 { 1735 wait(NULL); 1736 } 1737 #endif /* HAVE_FORK && HAVE_VFORK */ 1738 1739 static void 1740 info(register int verbose) 1741 { 1742 struct pcap_stat stat; 1743 1744 /* 1745 * Older versions of libpcap didn't set ps_ifdrop on some 1746 * platforms; initialize it to 0 to handle that. 1747 */ 1748 stat.ps_ifdrop = 0; 1749 if (pcap_stats(pd, &stat) < 0) { 1750 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); 1751 infoprint = 0; 1752 return; 1753 } 1754 1755 if (!verbose) 1756 fprintf(stderr, "%s: ", program_name); 1757 1758 (void)fprintf(stderr, "%u packet%s captured", packets_captured, 1759 PLURAL_SUFFIX(packets_captured)); 1760 if (!verbose) 1761 fputs(", ", stderr); 1762 else 1763 putc('\n', stderr); 1764 (void)fprintf(stderr, "%u packet%s received by filter", stat.ps_recv, 1765 PLURAL_SUFFIX(stat.ps_recv)); 1766 if (!verbose) 1767 fputs(", ", stderr); 1768 else 1769 putc('\n', stderr); 1770 (void)fprintf(stderr, "%u packet%s dropped by kernel", stat.ps_drop, 1771 PLURAL_SUFFIX(stat.ps_drop)); 1772 if (stat.ps_ifdrop != 0) { 1773 if (!verbose) 1774 fputs(", ", stderr); 1775 else 1776 putc('\n', stderr); 1777 (void)fprintf(stderr, "%u packet%s dropped by interface\n", 1778 stat.ps_ifdrop, PLURAL_SUFFIX(stat.ps_ifdrop)); 1779 } else 1780 putc('\n', stderr); 1781 infoprint = 0; 1782 } 1783 1784 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1785 static void 1786 compress_savefile(const char *filename) 1787 { 1788 # ifdef HAVE_FORK 1789 if (fork()) 1790 # else 1791 if (vfork()) 1792 # endif 1793 return; 1794 /* 1795 * Set to lowest priority so that this doesn't disturb the capture 1796 */ 1797 #ifdef NZERO 1798 setpriority(PRIO_PROCESS, 0, NZERO - 1); 1799 #else 1800 setpriority(PRIO_PROCESS, 0, 19); 1801 #endif 1802 if (execlp(zflag, zflag, filename, (char *)NULL) == -1) 1803 fprintf(stderr, 1804 "compress_savefile:execlp(%s, %s): %s\n", 1805 zflag, 1806 filename, 1807 strerror(errno)); 1808 # ifdef HAVE_FORK 1809 exit(1); 1810 # else 1811 _exit(1); 1812 # endif 1813 } 1814 #else /* HAVE_FORK && HAVE_VFORK */ 1815 static void 1816 compress_savefile(const char *filename) 1817 { 1818 fprintf(stderr, 1819 "compress_savefile failed. Functionality not implemented under your system\n"); 1820 } 1821 #endif /* HAVE_FORK && HAVE_VFORK */ 1822 1823 static void 1824 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1825 { 1826 struct dump_info *dump_info; 1827 1828 ++packets_captured; 1829 1830 ++infodelay; 1831 1832 dump_info = (struct dump_info *)user; 1833 1834 /* 1835 * XXX - this won't force the file to rotate on the specified time 1836 * boundary, but it will rotate on the first packet received after the 1837 * specified Gflag number of seconds. Note: if a Gflag time boundary 1838 * and a Cflag size boundary coincide, the time rotation will occur 1839 * first thereby cancelling the Cflag boundary (since the file should 1840 * be 0). 1841 */ 1842 if (Gflag != 0) { 1843 /* Check if it is time to rotate */ 1844 time_t t; 1845 1846 /* Get the current time */ 1847 if ((t = time(NULL)) == (time_t)-1) { 1848 error("dump_and_trunc_packet: can't get current_time: %s", 1849 pcap_strerror(errno)); 1850 } 1851 1852 1853 /* If the time is greater than the specified window, rotate */ 1854 if (t - Gflag_time >= Gflag) { 1855 /* Update the Gflag_time */ 1856 Gflag_time = t; 1857 /* Update Gflag_count */ 1858 Gflag_count++; 1859 /* 1860 * Close the current file and open a new one. 1861 */ 1862 pcap_dump_close(dump_info->p); 1863 1864 /* 1865 * Compress the file we just closed, if the user asked for it 1866 */ 1867 if (zflag != NULL) 1868 compress_savefile(dump_info->CurrentFileName); 1869 1870 /* 1871 * Check to see if we've exceeded the Wflag (when 1872 * not using Cflag). 1873 */ 1874 if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) { 1875 (void)fprintf(stderr, "Maximum file limit reached: %d\n", 1876 Wflag); 1877 exit(0); 1878 /* NOTREACHED */ 1879 } 1880 if (dump_info->CurrentFileName != NULL) 1881 free(dump_info->CurrentFileName); 1882 /* Allocate space for max filename + \0. */ 1883 dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); 1884 if (dump_info->CurrentFileName == NULL) 1885 error("dump_packet_and_trunc: malloc"); 1886 /* 1887 * This is always the first file in the Cflag 1888 * rotation: e.g. 0 1889 * We also don't need numbering if Cflag is not set. 1890 */ 1891 if (Cflag != 0) 1892 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 1893 WflagChars); 1894 else 1895 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0); 1896 1897 #ifdef HAVE_CAP_NG_H 1898 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1899 capng_apply(CAPNG_EFFECTIVE); 1900 #endif /* HAVE_CAP_NG_H */ 1901 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1902 #ifdef HAVE_CAP_NG_H 1903 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1904 capng_apply(CAPNG_EFFECTIVE); 1905 #endif /* HAVE_CAP_NG_H */ 1906 if (dump_info->p == NULL) 1907 error("%s", pcap_geterr(pd)); 1908 } 1909 } 1910 1911 /* 1912 * XXX - this won't prevent capture files from getting 1913 * larger than Cflag - the last packet written to the 1914 * file could put it over Cflag. 1915 */ 1916 if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) { 1917 /* 1918 * Close the current file and open a new one. 1919 */ 1920 pcap_dump_close(dump_info->p); 1921 1922 /* 1923 * Compress the file we just closed, if the user asked for it 1924 */ 1925 if (zflag != NULL) 1926 compress_savefile(dump_info->CurrentFileName); 1927 1928 Cflag_count++; 1929 if (Wflag > 0) { 1930 if (Cflag_count >= Wflag) 1931 Cflag_count = 0; 1932 } 1933 if (dump_info->CurrentFileName != NULL) 1934 free(dump_info->CurrentFileName); 1935 dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); 1936 if (dump_info->CurrentFileName == NULL) 1937 error("dump_packet_and_trunc: malloc"); 1938 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars); 1939 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1940 if (dump_info->p == NULL) 1941 error("%s", pcap_geterr(pd)); 1942 } 1943 1944 pcap_dump((u_char *)dump_info->p, h, sp); 1945 #ifdef HAVE_PCAP_DUMP_FLUSH 1946 if (Uflag) 1947 pcap_dump_flush(dump_info->p); 1948 #endif 1949 1950 --infodelay; 1951 if (infoprint) 1952 info(0); 1953 } 1954 1955 static void 1956 dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1957 { 1958 ++packets_captured; 1959 1960 ++infodelay; 1961 1962 pcap_dump(user, h, sp); 1963 #ifdef HAVE_PCAP_DUMP_FLUSH 1964 if (Uflag) 1965 pcap_dump_flush((pcap_dumper_t *)user); 1966 #endif 1967 1968 --infodelay; 1969 if (infoprint) 1970 info(0); 1971 } 1972 1973 static void 1974 print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1975 { 1976 struct print_info *print_info; 1977 u_int hdrlen; 1978 1979 ++packets_captured; 1980 1981 ++infodelay; 1982 ts_print(&h->ts); 1983 1984 print_info = (struct print_info *)user; 1985 1986 /* 1987 * Some printers want to check that they're not walking off the 1988 * end of the packet. 1989 * Rather than pass it all the way down, we set this global. 1990 */ 1991 snapend = sp + h->caplen; 1992 1993 if(print_info->ndo_type) { 1994 hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp); 1995 } else { 1996 hdrlen = (*print_info->p.printer)(h, sp); 1997 } 1998 1999 if (Xflag) { 2000 /* 2001 * Print the raw packet data in hex and ASCII. 2002 */ 2003 if (Xflag > 1) { 2004 /* 2005 * Include the link-layer header. 2006 */ 2007 hex_and_ascii_print("\n\t", sp, h->caplen); 2008 } else { 2009 /* 2010 * Don't include the link-layer header - and if 2011 * we have nothing past the link-layer header, 2012 * print nothing. 2013 */ 2014 if (h->caplen > hdrlen) 2015 hex_and_ascii_print("\n\t", sp + hdrlen, 2016 h->caplen - hdrlen); 2017 } 2018 } else if (xflag) { 2019 /* 2020 * Print the raw packet data in hex. 2021 */ 2022 if (xflag > 1) { 2023 /* 2024 * Include the link-layer header. 2025 */ 2026 hex_print("\n\t", sp, h->caplen); 2027 } else { 2028 /* 2029 * Don't include the link-layer header - and if 2030 * we have nothing past the link-layer header, 2031 * print nothing. 2032 */ 2033 if (h->caplen > hdrlen) 2034 hex_print("\n\t", sp + hdrlen, 2035 h->caplen - hdrlen); 2036 } 2037 } else if (Aflag) { 2038 /* 2039 * Print the raw packet data in ASCII. 2040 */ 2041 if (Aflag > 1) { 2042 /* 2043 * Include the link-layer header. 2044 */ 2045 ascii_print(sp, h->caplen); 2046 } else { 2047 /* 2048 * Don't include the link-layer header - and if 2049 * we have nothing past the link-layer header, 2050 * print nothing. 2051 */ 2052 if (h->caplen > hdrlen) 2053 ascii_print(sp + hdrlen, h->caplen - hdrlen); 2054 } 2055 } 2056 2057 putchar('\n'); 2058 2059 --infodelay; 2060 if (infoprint) 2061 info(0); 2062 } 2063 2064 #ifdef WIN32 2065 /* 2066 * XXX - there should really be libpcap calls to get the version 2067 * number as a string (the string would be generated from #defines 2068 * at run time, so that it's not generated from string constants 2069 * in the library, as, on many UNIX systems, those constants would 2070 * be statically linked into the application executable image, and 2071 * would thus reflect the version of libpcap on the system on 2072 * which the application was *linked*, not the system on which it's 2073 * *running*. 2074 * 2075 * That routine should be documented, unlike the "version[]" 2076 * string, so that UNIX vendors providing their own libpcaps 2077 * don't omit it (as a couple of vendors have...). 2078 * 2079 * Packet.dll should perhaps also export a routine to return the 2080 * version number of the Packet.dll code, to supply the 2081 * "Wpcap_version" information on Windows. 2082 */ 2083 char WDversion[]="current-cvs.tcpdump.org"; 2084 #if !defined(HAVE_GENERATED_VERSION) 2085 char version[]="current-cvs.tcpdump.org"; 2086 #endif 2087 char pcap_version[]="current-cvs.tcpdump.org"; 2088 char Wpcap_version[]="3.1"; 2089 #endif 2090 2091 /* 2092 * By default, print the specified data out in hex and ASCII. 2093 */ 2094 static void 2095 ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length) 2096 { 2097 hex_and_ascii_print("\n\t", bp, length); /* pass on lf and identation string */ 2098 } 2099 2100 void 2101 default_print(const u_char *bp, u_int length) 2102 { 2103 ndo_default_print(gndo, bp, length); 2104 } 2105 2106 #ifdef SIGNAL_REQ_INFO 2107 RETSIGTYPE requestinfo(int signo _U_) 2108 { 2109 if (infodelay) 2110 ++infoprint; 2111 else 2112 info(0); 2113 } 2114 #endif 2115 2116 /* 2117 * Called once each second in verbose mode while dumping to file 2118 */ 2119 #ifdef USE_WIN32_MM_TIMER 2120 void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_, 2121 DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_) 2122 { 2123 struct pcap_stat stat; 2124 2125 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 2126 fprintf(stderr, "Got %u\r", packets_captured); 2127 } 2128 #elif defined(HAVE_ALARM) 2129 static void verbose_stats_dump(int sig _U_) 2130 { 2131 struct pcap_stat stat; 2132 2133 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 2134 fprintf(stderr, "Got %u\r", packets_captured); 2135 alarm(1); 2136 } 2137 #endif 2138 2139 static void 2140 usage(void) 2141 { 2142 extern char version[]; 2143 #ifndef HAVE_PCAP_LIB_VERSION 2144 #if defined(WIN32) || defined(HAVE_PCAP_VERSION) 2145 extern char pcap_version[]; 2146 #else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 2147 static char pcap_version[] = "unknown"; 2148 #endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 2149 #endif /* HAVE_PCAP_LIB_VERSION */ 2150 2151 #ifdef HAVE_PCAP_LIB_VERSION 2152 #ifdef WIN32 2153 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 2154 #else /* WIN32 */ 2155 (void)fprintf(stderr, "%s version %s\n", program_name, version); 2156 #endif /* WIN32 */ 2157 (void)fprintf(stderr, "%s\n",pcap_lib_version()); 2158 #else /* HAVE_PCAP_LIB_VERSION */ 2159 #ifdef WIN32 2160 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 2161 (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version); 2162 #else /* WIN32 */ 2163 (void)fprintf(stderr, "%s version %s\n", program_name, version); 2164 (void)fprintf(stderr, "libpcap version %s\n", pcap_version); 2165 #endif /* WIN32 */ 2166 #endif /* HAVE_PCAP_LIB_VERSION */ 2167 (void)fprintf(stderr, 2168 "Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name); 2169 (void)fprintf(stderr, 2170 "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n"); 2171 (void)fprintf(stderr, 2172 "\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ]\n"); 2173 #ifdef HAVE_PCAP_SETDIRECTION 2174 (void)fprintf(stderr, 2175 "\t\t[ -P in|out|inout ]\n"); 2176 #endif 2177 (void)fprintf(stderr, 2178 "\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]\n"); 2179 (void)fprintf(stderr, 2180 "\t\t[ -W filecount ] [ -y datalinktype ] [ -z command ]\n"); 2181 (void)fprintf(stderr, 2182 "\t\t[ -Z user ] [ expression ]\n"); 2183 exit(1); 2184 } 2185 2186 2187 2188 /* VARARGS */ 2189 static void 2190 ndo_error(netdissect_options *ndo _U_, const char *fmt, ...) 2191 { 2192 va_list ap; 2193 2194 (void)fprintf(stderr, "%s: ", program_name); 2195 va_start(ap, fmt); 2196 (void)vfprintf(stderr, fmt, ap); 2197 va_end(ap); 2198 if (*fmt) { 2199 fmt += strlen(fmt); 2200 if (fmt[-1] != '\n') 2201 (void)fputc('\n', stderr); 2202 } 2203 exit(1); 2204 /* NOTREACHED */ 2205 } 2206 2207 /* VARARGS */ 2208 static void 2209 ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...) 2210 { 2211 va_list ap; 2212 2213 (void)fprintf(stderr, "%s: WARNING: ", program_name); 2214 va_start(ap, fmt); 2215 (void)vfprintf(stderr, fmt, ap); 2216 va_end(ap); 2217 if (*fmt) { 2218 fmt += strlen(fmt); 2219 if (fmt[-1] != '\n') 2220 (void)fputc('\n', stderr); 2221 } 2222 } 2223