1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Support for splitting captures into multiple files with a maximum 22 * file size: 23 * 24 * Copyright (c) 2001 25 * Seth Webster <swebster@sst.ll.mit.edu> 26 */ 27 28 #include <sys/cdefs.h> 29 #ifndef lint 30 #if 0 31 static const char copyright[] _U_ = 32 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ 33 The Regents of the University of California. All rights reserved.\n"; 34 static const char rcsid[] _U_ = 35 "@(#) Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp (LBL)"; 36 #else 37 __RCSID("$NetBSD: tcpdump.c,v 1.7 2013/12/31 17:33:31 christos Exp $"); 38 #endif 39 #endif 40 41 /* 42 * tcpdump - monitor tcp/ip traffic on an ethernet. 43 * 44 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. 45 * Mercilessly hacked and occasionally improved since then via the 46 * combined efforts of Van, Steve McCanne and Craig Leres of LBL. 47 */ 48 49 #ifdef HAVE_CONFIG_H 50 #include "config.h" 51 #endif 52 53 #include <tcpdump-stdinc.h> 54 55 #ifdef WIN32 56 #include "getopt.h" 57 #include "w32_fzs.h" 58 extern int strcasecmp (const char *__s1, const char *__s2); 59 extern int SIZE_BUF; 60 #define off_t long 61 #define uint UINT 62 #endif /* WIN32 */ 63 64 #ifdef HAVE_SMI_H 65 #include <smi.h> 66 #endif 67 68 #include <pcap.h> 69 #include <signal.h> 70 #include <stdio.h> 71 #include <stdlib.h> 72 #include <string.h> 73 #include <limits.h> 74 #include <resolv.h> 75 #ifndef WIN32 76 #include <sys/wait.h> 77 #include <sys/resource.h> 78 #include <pwd.h> 79 #include <grp.h> 80 #include <errno.h> 81 #endif /* WIN32 */ 82 83 /* capabilities convinience library */ 84 #ifdef HAVE_CAP_NG_H 85 #include <cap-ng.h> 86 #endif /* HAVE_CAP_NG_H */ 87 88 #include "netdissect.h" 89 #include "interface.h" 90 #include "addrtoname.h" 91 #include "machdep.h" 92 #include "setsignal.h" 93 #include "gmt2local.h" 94 #include "pcap-missing.h" 95 96 #ifndef PATH_MAX 97 #define PATH_MAX 1024 98 #endif 99 100 #ifdef SIGINFO 101 #define SIGNAL_REQ_INFO SIGINFO 102 #elif SIGUSR1 103 #define SIGNAL_REQ_INFO SIGUSR1 104 #endif 105 106 netdissect_options Gndo; 107 netdissect_options *gndo = &Gndo; 108 109 static int dflag; /* print filter code */ 110 static int Lflag; /* list available data link types and exit */ 111 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 112 static int Jflag; /* list available time stamp types */ 113 #endif 114 #ifdef HAVE_PCAP_SETDIRECTION 115 int Pflag = -1; /* Restrict captured packet by sent/receive direction */ 116 #endif 117 static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */ 118 119 static int infodelay; 120 static int infoprint; 121 122 char *program_name; 123 124 int32_t thiszone; /* seconds offset from gmt to local time */ 125 126 /* Forwards */ 127 static RETSIGTYPE cleanup(int); 128 static RETSIGTYPE child_cleanup(int); 129 static void usage(void) __attribute__((noreturn)); 130 static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn)); 131 132 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 133 static void ndo_default_print(netdissect_options *, const u_char *, u_int); 134 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); 135 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 136 static void droproot(const char *, const char *); 137 static void ndo_error(netdissect_options *ndo, const char *fmt, ...) 138 __attribute__ ((noreturn, format (printf, 2, 3))); 139 static void ndo_warning(netdissect_options *ndo, const char *fmt, ...); 140 141 #ifdef SIGNAL_REQ_INFO 142 RETSIGTYPE requestinfo(int); 143 #endif 144 145 #if defined(USE_WIN32_MM_TIMER) 146 #include <MMsystem.h> 147 static UINT timer_id; 148 static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR); 149 #elif defined(HAVE_ALARM) 150 static void verbose_stats_dump(int sig); 151 #endif 152 153 static void info(int); 154 static u_int packets_captured; 155 156 struct printer { 157 if_printer f; 158 int type; 159 }; 160 161 162 struct ndo_printer { 163 if_ndo_printer f; 164 int type; 165 }; 166 167 168 static struct printer printers[] = { 169 { arcnet_if_print, DLT_ARCNET }, 170 #ifdef DLT_ARCNET_LINUX 171 { arcnet_linux_if_print, DLT_ARCNET_LINUX }, 172 #endif 173 { token_if_print, DLT_IEEE802 }, 174 #ifdef DLT_LANE8023 175 { lane_if_print, DLT_LANE8023 }, 176 #endif 177 #ifdef DLT_CIP 178 { cip_if_print, DLT_CIP }, 179 #endif 180 #ifdef DLT_ATM_CLIP 181 { cip_if_print, DLT_ATM_CLIP }, 182 #endif 183 { sl_if_print, DLT_SLIP }, 184 #ifdef DLT_SLIP_BSDOS 185 { sl_bsdos_if_print, DLT_SLIP_BSDOS }, 186 #endif 187 { ppp_if_print, DLT_PPP }, 188 #ifdef DLT_PPP_WITHDIRECTION 189 { ppp_if_print, DLT_PPP_WITHDIRECTION }, 190 #endif 191 #ifdef DLT_PPP_BSDOS 192 { ppp_bsdos_if_print, DLT_PPP_BSDOS }, 193 #endif 194 { fddi_if_print, DLT_FDDI }, 195 { null_if_print, DLT_NULL }, 196 #ifdef DLT_LOOP 197 { null_if_print, DLT_LOOP }, 198 #endif 199 { raw_if_print, DLT_RAW }, 200 { atm_if_print, DLT_ATM_RFC1483 }, 201 #ifdef DLT_C_HDLC 202 { chdlc_if_print, DLT_C_HDLC }, 203 #endif 204 #ifdef DLT_HDLC 205 { chdlc_if_print, DLT_HDLC }, 206 #endif 207 #ifdef DLT_PPP_SERIAL 208 { ppp_hdlc_if_print, DLT_PPP_SERIAL }, 209 #endif 210 #ifdef DLT_PPP_ETHER 211 { pppoe_if_print, DLT_PPP_ETHER }, 212 #endif 213 #ifdef DLT_LINUX_SLL 214 { sll_if_print, DLT_LINUX_SLL }, 215 #endif 216 #ifdef DLT_IEEE802_11 217 { ieee802_11_if_print, DLT_IEEE802_11}, 218 #endif 219 #ifdef DLT_LTALK 220 { ltalk_if_print, DLT_LTALK }, 221 #endif 222 #if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H) 223 { pflog_if_print, DLT_PFLOG }, 224 #endif 225 #ifdef DLT_PFSYNC 226 { pfsync_if_print, DLT_PFSYNC }, 227 #endif 228 #ifdef DLT_FR 229 { fr_if_print, DLT_FR }, 230 #endif 231 #ifdef DLT_FRELAY 232 { fr_if_print, DLT_FRELAY }, 233 #endif 234 #ifdef DLT_SUNATM 235 { sunatm_if_print, DLT_SUNATM }, 236 #endif 237 #ifdef DLT_IP_OVER_FC 238 { ipfc_if_print, DLT_IP_OVER_FC }, 239 #endif 240 #ifdef DLT_PRISM_HEADER 241 { prism_if_print, DLT_PRISM_HEADER }, 242 #endif 243 #ifdef DLT_IEEE802_11_RADIO 244 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, 245 #endif 246 #ifdef DLT_ENC 247 { enc_if_print, DLT_ENC }, 248 #endif 249 #ifdef DLT_SYMANTEC_FIREWALL 250 { symantec_if_print, DLT_SYMANTEC_FIREWALL }, 251 #endif 252 #ifdef DLT_APPLE_IP_OVER_IEEE1394 253 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, 254 #endif 255 #ifdef DLT_IEEE802_11_RADIO_AVS 256 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, 257 #endif 258 #ifdef DLT_JUNIPER_ATM1 259 { juniper_atm1_print, DLT_JUNIPER_ATM1 }, 260 #endif 261 #ifdef DLT_JUNIPER_ATM2 262 { juniper_atm2_print, DLT_JUNIPER_ATM2 }, 263 #endif 264 #ifdef DLT_JUNIPER_MFR 265 { juniper_mfr_print, DLT_JUNIPER_MFR }, 266 #endif 267 #ifdef DLT_JUNIPER_MLFR 268 { juniper_mlfr_print, DLT_JUNIPER_MLFR }, 269 #endif 270 #ifdef DLT_JUNIPER_MLPPP 271 { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, 272 #endif 273 #ifdef DLT_JUNIPER_PPPOE 274 { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, 275 #endif 276 #ifdef DLT_JUNIPER_PPPOE_ATM 277 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, 278 #endif 279 #ifdef DLT_JUNIPER_GGSN 280 { juniper_ggsn_print, DLT_JUNIPER_GGSN }, 281 #endif 282 #ifdef DLT_JUNIPER_ES 283 { juniper_es_print, DLT_JUNIPER_ES }, 284 #endif 285 #ifdef DLT_JUNIPER_MONITOR 286 { juniper_monitor_print, DLT_JUNIPER_MONITOR }, 287 #endif 288 #ifdef DLT_JUNIPER_SERVICES 289 { juniper_services_print, DLT_JUNIPER_SERVICES }, 290 #endif 291 #ifdef DLT_JUNIPER_ETHER 292 { juniper_ether_print, DLT_JUNIPER_ETHER }, 293 #endif 294 #ifdef DLT_JUNIPER_PPP 295 { juniper_ppp_print, DLT_JUNIPER_PPP }, 296 #endif 297 #ifdef DLT_JUNIPER_FRELAY 298 { juniper_frelay_print, DLT_JUNIPER_FRELAY }, 299 #endif 300 #ifdef DLT_JUNIPER_CHDLC 301 { juniper_chdlc_print, DLT_JUNIPER_CHDLC }, 302 #endif 303 #ifdef DLT_MFR 304 { mfr_if_print, DLT_MFR }, 305 #endif 306 #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H) 307 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, 308 #endif 309 #ifdef HAVE_PCAP_USB_H 310 #ifdef DLT_USB_LINUX 311 { usb_linux_48_byte_print, DLT_USB_LINUX}, 312 #endif /* DLT_USB_LINUX */ 313 #ifdef DLT_USB_LINUX_MMAPPED 314 { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED}, 315 #endif /* DLT_USB_LINUX_MMAPPED */ 316 #endif /* HAVE_PCAP_USB_H */ 317 #ifdef DLT_IPV4 318 { raw_if_print, DLT_IPV4 }, 319 #endif 320 #ifdef DLT_IPV6 321 { raw_if_print, DLT_IPV6 }, 322 #endif 323 { NULL, 0 }, 324 }; 325 326 static struct ndo_printer ndo_printers[] = { 327 { ether_if_print, DLT_EN10MB }, 328 #ifdef DLT_IPNET 329 { ipnet_if_print, DLT_IPNET }, 330 #endif 331 #ifdef DLT_IEEE802_15_4 332 { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, 333 #endif 334 #ifdef DLT_IEEE802_15_4_NOFCS 335 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS }, 336 #endif 337 #ifdef DLT_PPI 338 { ppi_if_print, DLT_PPI }, 339 #endif 340 #ifdef DLT_NETANALYZER 341 { netanalyzer_if_print, DLT_NETANALYZER }, 342 #endif 343 #ifdef DLT_NETANALYZER_TRANSPARENT 344 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, 345 #endif 346 #ifdef DLT_NFLOG 347 { nflog_if_print, DLT_NFLOG}, 348 #endif 349 { NULL, 0 }, 350 }; 351 352 if_printer 353 lookup_printer(int type) 354 { 355 struct printer *p; 356 357 for (p = printers; p->f; ++p) 358 if (type == p->type) 359 return p->f; 360 361 return NULL; 362 /* NOTREACHED */ 363 } 364 365 if_ndo_printer 366 lookup_ndo_printer(int type) 367 { 368 struct ndo_printer *p; 369 370 for (p = ndo_printers; p->f; ++p) 371 if (type == p->type) 372 return p->f; 373 374 return NULL; 375 /* NOTREACHED */ 376 } 377 378 static pcap_t *pd; 379 380 static int supports_monitor_mode; 381 382 extern int optind; 383 extern int opterr; 384 extern char *optarg; 385 386 struct print_info { 387 netdissect_options *ndo; 388 union { 389 if_printer printer; 390 if_ndo_printer ndo_printer; 391 } p; 392 int ndo_type; 393 }; 394 395 struct dump_info { 396 char *WFileName; 397 char *CurrentFileName; 398 pcap_t *pd; 399 pcap_dumper_t *p; 400 }; 401 402 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 403 static void 404 show_tstamp_types_and_exit(const char *device, pcap_t *pd) 405 { 406 int n_tstamp_types; 407 int *tstamp_types = 0; 408 const char *tstamp_type_name; 409 int i; 410 411 n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types); 412 if (n_tstamp_types < 0) 413 error("%s", pcap_geterr(pd)); 414 415 if (n_tstamp_types == 0) { 416 fprintf(stderr, "Time stamp type cannot be set for %s\n", 417 device); 418 exit(0); 419 } 420 fprintf(stderr, "Time stamp types for %s (use option -j to set):\n", 421 device); 422 for (i = 0; i < n_tstamp_types; i++) { 423 tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]); 424 if (tstamp_type_name != NULL) { 425 (void) fprintf(stderr, " %s (%s)\n", tstamp_type_name, 426 pcap_tstamp_type_val_to_description(tstamp_types[i])); 427 } else { 428 (void) fprintf(stderr, " %d\n", tstamp_types[i]); 429 } 430 } 431 pcap_free_tstamp_types(tstamp_types); 432 exit(0); 433 } 434 #endif 435 436 static void 437 show_dlts_and_exit(const char *device, pcap_t *pd) 438 { 439 int n_dlts; 440 int *dlts = 0; 441 const char *dlt_name; 442 443 n_dlts = pcap_list_datalinks(pd, &dlts); 444 if (n_dlts < 0) 445 error("%s", pcap_geterr(pd)); 446 else if (n_dlts == 0 || !dlts) 447 error("No data link types."); 448 449 /* 450 * If the interface is known to support monitor mode, indicate 451 * whether these are the data link types available when not in 452 * monitor mode, if -I wasn't specified, or when in monitor mode, 453 * when -I was specified (the link-layer types available in 454 * monitor mode might be different from the ones available when 455 * not in monitor mode). 456 */ 457 if (supports_monitor_mode) 458 (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n", 459 device, 460 Iflag ? "when in monitor mode" : "when not in monitor mode"); 461 else 462 (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n", 463 device); 464 465 while (--n_dlts >= 0) { 466 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]); 467 if (dlt_name != NULL) { 468 (void) fprintf(stderr, " %s (%s)", dlt_name, 469 pcap_datalink_val_to_description(dlts[n_dlts])); 470 471 /* 472 * OK, does tcpdump handle that type? 473 */ 474 if (lookup_printer(dlts[n_dlts]) == NULL 475 && lookup_ndo_printer(dlts[n_dlts]) == NULL) 476 (void) fprintf(stderr, " (printing not supported)"); 477 fprintf(stderr, "\n"); 478 } else { 479 (void) fprintf(stderr, " DLT %d (printing not supported)\n", 480 dlts[n_dlts]); 481 } 482 } 483 #ifdef HAVE_PCAP_FREE_DATALINKS 484 pcap_free_datalinks(dlts); 485 #endif 486 exit(0); 487 } 488 489 /* 490 * Set up flags that might or might not be supported depending on the 491 * version of libpcap we're using. 492 */ 493 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 494 #define B_FLAG "B:" 495 #define B_FLAG_USAGE " [ -B size ]" 496 #else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 497 #define B_FLAG 498 #define B_FLAG_USAGE 499 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 500 501 #ifdef HAVE_PCAP_CREATE 502 #define I_FLAG "I" 503 #else /* HAVE_PCAP_CREATE */ 504 #define I_FLAG 505 #endif /* HAVE_PCAP_CREATE */ 506 507 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 508 #define j_FLAG "j:" 509 #define j_FLAG_USAGE " [ -j tstamptype ]" 510 #define J_FLAG "J" 511 #else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ 512 #define j_FLAG 513 #define j_FLAG_USAGE 514 #define J_FLAG 515 #endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ 516 517 #ifdef HAVE_PCAP_FINDALLDEVS 518 #ifndef HAVE_PCAP_IF_T 519 #undef HAVE_PCAP_FINDALLDEVS 520 #endif 521 #endif 522 523 #ifdef HAVE_PCAP_FINDALLDEVS 524 #define D_FLAG "D" 525 #else 526 #define D_FLAG 527 #endif 528 529 #ifdef HAVE_PCAP_DUMP_FLUSH 530 #define U_FLAG "U" 531 #else 532 #define U_FLAG 533 #endif 534 535 #ifdef HAVE_PCAP_SETDIRECTION 536 #define P_FLAG "P:" 537 #else 538 #define P_FLAG 539 #endif 540 541 #ifndef WIN32 542 /* Drop root privileges and chroot if necessary */ 543 static void 544 droproot(const char *username, const char *chroot_dir) 545 { 546 struct passwd *pw = NULL; 547 548 if (chroot_dir && !username) { 549 fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); 550 exit(1); 551 } 552 553 pw = getpwnam(username); 554 if (pw) { 555 if (initgroups(pw->pw_name, pw->pw_gid) != 0) { 556 fprintf(stderr, "tcpdump: Couldn't initgroups to " 557 "'%.32s' gid=%lu: %s\n", pw->pw_name, 558 (unsigned long)pw->pw_gid, 559 pcap_strerror(errno)); 560 exit(1); 561 } 562 if (chroot_dir) { 563 setprotoent(1); 564 res_init(); 565 if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { 566 fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", 567 chroot_dir, pcap_strerror(errno)); 568 exit(1); 569 } 570 } 571 #ifdef HAVE_CAP_NG_H 572 int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); 573 if (ret < 0) { 574 printf("error : ret %d\n", ret); 575 } 576 /* We don't need CAP_SETUID and CAP_SETGID */ 577 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); 578 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); 579 capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); 580 capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); 581 capng_apply(CAPNG_SELECT_BOTH); 582 583 #else 584 if (initgroups(pw->pw_name, pw->pw_gid) != 0 || 585 setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { 586 fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", 587 username, 588 (unsigned long)pw->pw_uid, 589 (unsigned long)pw->pw_gid, 590 pcap_strerror(errno)); 591 exit(1); 592 } 593 #endif /* HAVE_CAP_NG_H */ 594 } 595 else { 596 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", 597 username); 598 exit(1); 599 } 600 } 601 #endif /* WIN32 */ 602 603 static int 604 getWflagChars(int x) 605 { 606 int c = 0; 607 608 x -= 1; 609 while (x > 0) { 610 c += 1; 611 x /= 10; 612 } 613 614 return c; 615 } 616 617 618 static void 619 MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars) 620 { 621 char *filename = malloc(PATH_MAX + 1); 622 if (filename == NULL) 623 error("Makefilename: malloc"); 624 625 /* Process with strftime if Gflag is set. */ 626 if (Gflag != 0) { 627 struct tm *local_tm; 628 629 /* Convert Gflag_time to a usable format */ 630 if ((local_tm = localtime(&Gflag_time)) == NULL) { 631 error("MakeTimedFilename: localtime"); 632 } 633 634 /* There's no good way to detect an error in strftime since a return 635 * value of 0 isn't necessarily failure. 636 */ 637 strftime(filename, PATH_MAX, orig_name, local_tm); 638 } else { 639 strncpy(filename, orig_name, PATH_MAX); 640 } 641 642 if (cnt == 0 && max_chars == 0) 643 strncpy(buffer, filename, PATH_MAX + 1); 644 else 645 if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX) 646 /* Report an error if the filename is too large */ 647 error("too many output files or filename is too long (> %d)", PATH_MAX); 648 free(filename); 649 } 650 651 static int tcpdump_printf(netdissect_options *ndo _U_, 652 const char *fmt, ...) 653 { 654 655 va_list args; 656 int ret; 657 658 va_start(args, fmt); 659 ret=vfprintf(stdout, fmt, args); 660 va_end(args); 661 662 return ret; 663 } 664 665 static struct print_info 666 get_print_info(int type) 667 { 668 struct print_info printinfo; 669 670 printinfo.ndo_type = 1; 671 printinfo.ndo = gndo; 672 printinfo.p.ndo_printer = lookup_ndo_printer(type); 673 if (printinfo.p.ndo_printer == NULL) { 674 printinfo.p.printer = lookup_printer(type); 675 printinfo.ndo_type = 0; 676 if (printinfo.p.printer == NULL) { 677 gndo->ndo_dltname = pcap_datalink_val_to_name(type); 678 if (gndo->ndo_dltname != NULL) 679 error("packet printing is not supported for link type %s: use -w", 680 gndo->ndo_dltname); 681 else 682 error("packet printing is not supported for link type %d: use -w", type); 683 } 684 } 685 return (printinfo); 686 } 687 688 static char * 689 get_next_file(FILE *VFile, char *ptr) 690 { 691 char *ret; 692 693 ret = fgets(ptr, PATH_MAX, VFile); 694 if (!ret) 695 return NULL; 696 697 if (ptr[strlen(ptr) - 1] == '\n') 698 ptr[strlen(ptr) - 1] = '\0'; 699 700 return ret; 701 } 702 703 int 704 main(int argc, char **argv) 705 { 706 register int cnt, op, i; 707 bpf_u_int32 localnet, netmask; 708 register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName; 709 pcap_handler callback; 710 int type; 711 int dlt; 712 int new_dlt; 713 const char *dlt_name; 714 struct bpf_program fcode; 715 #ifndef WIN32 716 RETSIGTYPE (*oldhandler)(int); 717 #endif 718 struct print_info printinfo; 719 struct dump_info dumpinfo; 720 u_char *pcap_userdata; 721 char ebuf[PCAP_ERRBUF_SIZE]; 722 char VFileLine[PATH_MAX + 1]; 723 char *username = NULL; 724 char *chroot_dir = NULL; 725 char *ret = NULL; 726 char *end; 727 #ifdef HAVE_PCAP_FINDALLDEVS 728 pcap_if_t *devpointer; 729 int devnum; 730 #endif 731 int status; 732 FILE *VFile; 733 #ifdef WIN32 734 if(wsockinit() != 0) return 1; 735 #endif /* WIN32 */ 736 737 jflag=-1; /* not set */ 738 gndo->ndo_Oflag=1; 739 gndo->ndo_Rflag=1; 740 gndo->ndo_dlt=-1; 741 gndo->ndo_default_print=ndo_default_print; 742 gndo->ndo_printf=tcpdump_printf; 743 gndo->ndo_error=ndo_error; 744 gndo->ndo_warning=ndo_warning; 745 gndo->ndo_snaplen = DEFAULT_SNAPLEN; 746 747 cnt = -1; 748 device = NULL; 749 infile = NULL; 750 RFileName = NULL; 751 VFileName = NULL; 752 VFile = NULL; 753 WFileName = NULL; 754 dlt = -1; 755 if ((cp = strrchr(argv[0], '/')) != NULL) 756 program_name = cp + 1; 757 else 758 program_name = argv[0]; 759 760 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) 761 error("%s", ebuf); 762 763 #ifdef LIBSMI 764 smiInit("tcpdump"); 765 #endif 766 767 while ( 768 (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOp" P_FLAG "qr:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:")) != -1) 769 switch (op) { 770 771 case 'a': 772 /* compatibility for old -a */ 773 break; 774 775 case 'A': 776 ++Aflag; 777 break; 778 779 case 'b': 780 ++bflag; 781 break; 782 783 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 784 case 'B': 785 Bflag = atoi(optarg)*1024; 786 if (Bflag <= 0) 787 error("invalid packet buffer size %s", optarg); 788 break; 789 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 790 791 case 'c': 792 cnt = atoi(optarg); 793 if (cnt <= 0) 794 error("invalid packet count %s", optarg); 795 break; 796 797 case 'C': 798 Cflag = atoi(optarg) * 1000000; 799 if (Cflag < 0) 800 error("invalid file size %s", optarg); 801 break; 802 803 case 'd': 804 ++dflag; 805 break; 806 807 #ifdef HAVE_PCAP_FINDALLDEVS 808 case 'D': 809 if (pcap_findalldevs(&devpointer, ebuf) < 0) 810 error("%s", ebuf); 811 else { 812 for (i = 0; devpointer != 0; i++) { 813 printf("%d.%s", i+1, devpointer->name); 814 if (devpointer->description != NULL) 815 printf(" (%s)", devpointer->description); 816 printf("\n"); 817 devpointer = devpointer->next; 818 } 819 } 820 return 0; 821 #endif /* HAVE_PCAP_FINDALLDEVS */ 822 823 case 'L': 824 Lflag++; 825 break; 826 827 case 'e': 828 ++eflag; 829 break; 830 831 case 'E': 832 #ifndef HAVE_LIBCRYPTO 833 warning("crypto code not compiled in"); 834 #endif 835 gndo->ndo_espsecret = optarg; 836 break; 837 838 case 'f': 839 ++fflag; 840 break; 841 842 case 'F': 843 infile = optarg; 844 break; 845 846 case 'G': 847 Gflag = atoi(optarg); 848 if (Gflag < 0) 849 error("invalid number of seconds %s", optarg); 850 851 /* We will create one file initially. */ 852 Gflag_count = 0; 853 854 /* Grab the current time for rotation use. */ 855 if ((Gflag_time = time(NULL)) == (time_t)-1) { 856 error("main: can't get current time: %s", 857 pcap_strerror(errno)); 858 } 859 break; 860 861 case 'h': 862 usage(); 863 break; 864 865 case 'H': 866 ++Hflag; 867 break; 868 869 case 'i': 870 if (optarg[0] == '0' && optarg[1] == 0) 871 error("Invalid adapter index"); 872 873 #ifdef HAVE_PCAP_FINDALLDEVS 874 /* 875 * If the argument is a number, treat it as 876 * an index into the list of adapters, as 877 * printed by "tcpdump -D". 878 * 879 * This should be OK on UNIX systems, as interfaces 880 * shouldn't have names that begin with digits. 881 * It can be useful on Windows, where more than 882 * one interface can have the same name. 883 */ 884 devnum = strtol(optarg, &end, 10); 885 if (optarg != end && *end == '\0') { 886 if (devnum < 0) 887 error("Invalid adapter index"); 888 889 if (pcap_findalldevs(&devpointer, ebuf) < 0) 890 error("%s", ebuf); 891 else { 892 /* 893 * Look for the devnum-th entry 894 * in the list of devices 895 * (1-based). 896 */ 897 for (i = 0; 898 i < devnum-1 && devpointer != NULL; 899 i++, devpointer = devpointer->next) 900 ; 901 if (devpointer == NULL) 902 error("Invalid adapter index"); 903 } 904 device = devpointer->name; 905 break; 906 } 907 #endif /* HAVE_PCAP_FINDALLDEVS */ 908 device = optarg; 909 break; 910 911 #ifdef HAVE_PCAP_CREATE 912 case 'I': 913 ++Iflag; 914 break; 915 #endif /* HAVE_PCAP_CREATE */ 916 917 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 918 case 'j': 919 jflag = pcap_tstamp_type_name_to_val(optarg); 920 if (jflag < 0) 921 error("invalid time stamp type %s", optarg); 922 break; 923 924 case 'J': 925 Jflag++; 926 break; 927 #endif 928 929 case 'l': 930 #ifdef WIN32 931 /* 932 * _IOLBF is the same as _IOFBF in Microsoft's C 933 * libraries; the only alternative they offer 934 * is _IONBF. 935 * 936 * XXX - this should really be checking for MSVC++, 937 * not WIN32, if, for example, MinGW has its own 938 * C library that is more UNIX-compatible. 939 */ 940 setvbuf(stdout, NULL, _IONBF, 0); 941 #else /* WIN32 */ 942 #ifdef HAVE_SETLINEBUF 943 setlinebuf(stdout); 944 #else 945 setvbuf(stdout, NULL, _IOLBF, 0); 946 #endif 947 #endif /* WIN32 */ 948 break; 949 950 case 'K': 951 ++Kflag; 952 break; 953 954 case 'm': 955 #ifdef LIBSMI 956 if (smiLoadModule(optarg) == 0) { 957 error("could not load MIB module %s", optarg); 958 } 959 sflag = 1; 960 #else 961 (void)fprintf(stderr, "%s: ignoring option `-m %s' ", 962 program_name, optarg); 963 (void)fprintf(stderr, "(no libsmi support)\n"); 964 #endif 965 break; 966 967 case 'M': 968 /* TCP-MD5 shared secret */ 969 #ifndef HAVE_LIBCRYPTO 970 warning("crypto code not compiled in"); 971 #endif 972 sigsecret = optarg; 973 break; 974 975 case 'n': 976 ++nflag; 977 break; 978 979 case 'N': 980 ++Nflag; 981 break; 982 983 case 'O': 984 Oflag = 0; 985 break; 986 987 case 'p': 988 ++pflag; 989 break; 990 #ifdef HAVE_PCAP_SETDIRECTION 991 case 'P': 992 if (strcasecmp(optarg, "in") == 0) 993 Pflag = PCAP_D_IN; 994 else if (strcasecmp(optarg, "out") == 0) 995 Pflag = PCAP_D_OUT; 996 else if (strcasecmp(optarg, "inout") == 0) 997 Pflag = PCAP_D_INOUT; 998 else 999 error("unknown capture direction `%s'", optarg); 1000 break; 1001 #endif /* HAVE_PCAP_SETDIRECTION */ 1002 case 'q': 1003 ++qflag; 1004 ++suppress_default_print; 1005 break; 1006 1007 case 'r': 1008 RFileName = optarg; 1009 break; 1010 1011 case 'R': 1012 Rflag = 0; 1013 break; 1014 1015 case 's': 1016 snaplen = strtol(optarg, &end, 0); 1017 if (optarg == end || *end != '\0' 1018 || snaplen < 0 || snaplen > MAXIMUM_SNAPLEN) 1019 error("invalid snaplen %s", optarg); 1020 else if (snaplen == 0) 1021 snaplen = MAXIMUM_SNAPLEN; 1022 break; 1023 1024 case 'S': 1025 ++Sflag; 1026 break; 1027 1028 case 't': 1029 ++tflag; 1030 break; 1031 1032 case 'T': 1033 if (strcasecmp(optarg, "vat") == 0) 1034 packettype = PT_VAT; 1035 else if (strcasecmp(optarg, "wb") == 0) 1036 packettype = PT_WB; 1037 else if (strcasecmp(optarg, "rpc") == 0) 1038 packettype = PT_RPC; 1039 else if (strcasecmp(optarg, "rtp") == 0) 1040 packettype = PT_RTP; 1041 else if (strcasecmp(optarg, "rtcp") == 0) 1042 packettype = PT_RTCP; 1043 else if (strcasecmp(optarg, "snmp") == 0) 1044 packettype = PT_SNMP; 1045 else if (strcasecmp(optarg, "cnfp") == 0) 1046 packettype = PT_CNFP; 1047 else if (strcasecmp(optarg, "tftp") == 0) 1048 packettype = PT_TFTP; 1049 else if (strcasecmp(optarg, "aodv") == 0) 1050 packettype = PT_AODV; 1051 else if (strcasecmp(optarg, "carp") == 0) 1052 packettype = PT_CARP; 1053 else if (strcasecmp(optarg, "radius") == 0) 1054 packettype = PT_RADIUS; 1055 else if (strcasecmp(optarg, "zmtp1") == 0) 1056 packettype = PT_ZMTP1; 1057 else if (strcasecmp(optarg, "vxlan") == 0) 1058 packettype = PT_VXLAN; 1059 else if (strcasecmp(optarg, "pgm") == 0) 1060 packettype = PT_PGM; 1061 else if (strcasecmp(optarg, "pgm_zmtp1") == 0) 1062 packettype = PT_PGM_ZMTP1; 1063 else if (strcasecmp(optarg, "lmp") == 0) 1064 packettype = PT_LMP; 1065 else 1066 error("unknown packet type `%s'", optarg); 1067 break; 1068 1069 case 'u': 1070 ++uflag; 1071 break; 1072 1073 #ifdef HAVE_PCAP_DUMP_FLUSH 1074 case 'U': 1075 ++Uflag; 1076 break; 1077 #endif 1078 1079 case 'v': 1080 ++vflag; 1081 break; 1082 1083 case 'V': 1084 VFileName = optarg; 1085 break; 1086 1087 case 'w': 1088 WFileName = optarg; 1089 break; 1090 1091 case 'W': 1092 Wflag = atoi(optarg); 1093 if (Wflag < 0) 1094 error("invalid number of output files %s", optarg); 1095 WflagChars = getWflagChars(Wflag); 1096 break; 1097 1098 case 'x': 1099 ++xflag; 1100 ++suppress_default_print; 1101 break; 1102 1103 case 'X': 1104 ++Xflag; 1105 ++suppress_default_print; 1106 break; 1107 1108 case 'y': 1109 gndo->ndo_dltname = optarg; 1110 gndo->ndo_dlt = 1111 pcap_datalink_name_to_val(gndo->ndo_dltname); 1112 if (gndo->ndo_dlt < 0) 1113 error("invalid data link type %s", gndo->ndo_dltname); 1114 break; 1115 1116 #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) 1117 case 'Y': 1118 { 1119 /* Undocumented flag */ 1120 #ifdef HAVE_PCAP_DEBUG 1121 extern int pcap_debug; 1122 pcap_debug = 1; 1123 #else 1124 extern int yydebug; 1125 yydebug = 1; 1126 #endif 1127 } 1128 break; 1129 #endif 1130 case 'z': 1131 if (optarg) { 1132 zflag = strdup(optarg); 1133 } else { 1134 usage(); 1135 /* NOTREACHED */ 1136 } 1137 break; 1138 1139 case 'Z': 1140 if (optarg) { 1141 username = strdup(optarg); 1142 } 1143 else { 1144 usage(); 1145 /* NOTREACHED */ 1146 } 1147 break; 1148 1149 default: 1150 usage(); 1151 /* NOTREACHED */ 1152 } 1153 1154 switch (tflag) { 1155 1156 case 0: /* Default */ 1157 case 4: /* Default + Date*/ 1158 thiszone = gmt2local(0); 1159 break; 1160 1161 case 1: /* No time stamp */ 1162 case 2: /* Unix timeval style */ 1163 case 3: /* Microseconds since previous packet */ 1164 case 5: /* Microseconds since first packet */ 1165 break; 1166 1167 default: /* Not supported */ 1168 error("only -t, -tt, -ttt, -tttt and -ttttt are supported"); 1169 break; 1170 } 1171 1172 if (fflag != 0 && (VFileName != NULL || RFileName != NULL)) 1173 error("-f can not be used with -V or -r"); 1174 1175 if (VFileName != NULL && RFileName != NULL) 1176 error("-V and -r are mutually exclusive."); 1177 1178 #ifdef WITH_CHROOT 1179 /* if run as root, prepare for chrooting */ 1180 if (getuid() == 0 || geteuid() == 0) { 1181 /* future extensibility for cmd-line arguments */ 1182 if (!chroot_dir) 1183 chroot_dir = WITH_CHROOT; 1184 } 1185 #endif 1186 1187 #ifdef WITH_USER 1188 /* if run as root, prepare for dropping root privileges */ 1189 if (getuid() == 0 || geteuid() == 0) { 1190 /* Run with '-Z root' to restore old behaviour */ 1191 if (!username) 1192 username = WITH_USER; 1193 } 1194 #endif 1195 1196 if (RFileName != NULL || VFileName != NULL) { 1197 /* 1198 * If RFileName is non-null, it's the pathname of a 1199 * savefile to read. If VFileName is non-null, it's 1200 * the pathname of a file containing a list of pathnames 1201 * (one per line) of savefiles to read. 1202 * 1203 * In either case, we're reading a savefile, not doing 1204 * a live capture. 1205 */ 1206 #ifndef WIN32 1207 /* 1208 * We don't need network access, so relinquish any set-UID 1209 * or set-GID privileges we have (if any). 1210 * 1211 * We do *not* want set-UID privileges when opening a 1212 * trace file, as that might let the user read other 1213 * people's trace files (especially if we're set-UID 1214 * root). 1215 */ 1216 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 ) 1217 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1218 #endif /* WIN32 */ 1219 if (VFileName != NULL) { 1220 if (VFileName[0] == '-' && VFileName[1] == '\0') 1221 VFile = stdin; 1222 else 1223 VFile = fopen(VFileName, "r"); 1224 1225 if (VFile == NULL) 1226 error("Unable to open file: %s\n", strerror(errno)); 1227 1228 ret = get_next_file(VFile, VFileLine); 1229 if (!ret) 1230 error("Nothing in %s\n", VFileName); 1231 RFileName = VFileLine; 1232 } 1233 1234 pd = pcap_open_offline(RFileName, ebuf); 1235 if (pd == NULL) 1236 error("%s", ebuf); 1237 dlt = pcap_datalink(pd); 1238 dlt_name = pcap_datalink_val_to_name(dlt); 1239 if (dlt_name == NULL) { 1240 fprintf(stderr, "reading from file %s, link-type %u\n", 1241 RFileName, dlt); 1242 } else { 1243 fprintf(stderr, 1244 "reading from file %s, link-type %s (%s)\n", 1245 RFileName, dlt_name, 1246 pcap_datalink_val_to_description(dlt)); 1247 } 1248 localnet = 0; 1249 netmask = 0; 1250 } else { 1251 /* 1252 * We're doing a live capture. 1253 */ 1254 if (device == NULL) { 1255 device = pcap_lookupdev(ebuf); 1256 if (device == NULL) 1257 error("%s", ebuf); 1258 } 1259 #ifdef WIN32 1260 /* 1261 * Print a message to the standard error on Windows. 1262 * XXX - why do it here, with a different message? 1263 */ 1264 if(strlen(device) == 1) /* we assume that an ASCII string is always longer than 1 char */ 1265 { /* a Unicode string has a \0 as second byte (so strlen() is 1) */ 1266 fprintf(stderr, "%s: listening on %ws\n", program_name, device); 1267 } 1268 else 1269 { 1270 fprintf(stderr, "%s: listening on %s\n", program_name, device); 1271 } 1272 1273 fflush(stderr); 1274 #endif /* WIN32 */ 1275 #ifdef HAVE_PCAP_CREATE 1276 pd = pcap_create(device, ebuf); 1277 if (pd == NULL) 1278 error("%s", ebuf); 1279 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 1280 if (Jflag) 1281 show_tstamp_types_and_exit(device, pd); 1282 #endif 1283 /* 1284 * Is this an interface that supports monitor mode? 1285 */ 1286 if (pcap_can_set_rfmon(pd) == 1) 1287 supports_monitor_mode = 1; 1288 else 1289 supports_monitor_mode = 0; 1290 status = pcap_set_snaplen(pd, snaplen); 1291 if (status != 0) 1292 error("%s: Can't set snapshot length: %s", 1293 device, pcap_statustostr(status)); 1294 status = pcap_set_promisc(pd, !pflag); 1295 if (status != 0) 1296 error("%s: Can't set promiscuous mode: %s", 1297 device, pcap_statustostr(status)); 1298 if (Iflag) { 1299 status = pcap_set_rfmon(pd, 1); 1300 if (status != 0) 1301 error("%s: Can't set monitor mode: %s", 1302 device, pcap_statustostr(status)); 1303 } 1304 status = pcap_set_timeout(pd, 1000); 1305 if (status != 0) 1306 error("%s: pcap_set_timeout failed: %s", 1307 device, pcap_statustostr(status)); 1308 if (Bflag != 0) { 1309 status = pcap_set_buffer_size(pd, Bflag); 1310 if (status != 0) 1311 error("%s: Can't set buffer size: %s", 1312 device, pcap_statustostr(status)); 1313 } 1314 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 1315 if (jflag != -1) { 1316 status = pcap_set_tstamp_type(pd, jflag); 1317 if (status < 0) 1318 error("%s: Can't set time stamp type: %s", 1319 device, pcap_statustostr(status)); 1320 } 1321 #endif 1322 status = pcap_activate(pd); 1323 if (status < 0) { 1324 /* 1325 * pcap_activate() failed. 1326 */ 1327 cp = pcap_geterr(pd); 1328 if (status == PCAP_ERROR) 1329 error("%s", cp); 1330 else if ((status == PCAP_ERROR_NO_SUCH_DEVICE || 1331 status == PCAP_ERROR_PERM_DENIED) && 1332 *cp != '\0') 1333 error("%s: %s\n(%s)", device, 1334 pcap_statustostr(status), cp); 1335 else 1336 error("%s: %s", device, 1337 pcap_statustostr(status)); 1338 } else if (status > 0) { 1339 /* 1340 * pcap_activate() succeeded, but it's warning us 1341 * of a problem it had. 1342 */ 1343 cp = pcap_geterr(pd); 1344 if (status == PCAP_WARNING) 1345 warning("%s", cp); 1346 else if (status == PCAP_WARNING_PROMISC_NOTSUP && 1347 *cp != '\0') 1348 warning("%s: %s\n(%s)", device, 1349 pcap_statustostr(status), cp); 1350 else 1351 warning("%s: %s", device, 1352 pcap_statustostr(status)); 1353 } 1354 #ifdef HAVE_PCAP_SETDIRECTION 1355 if (Pflag != -1) { 1356 status = pcap_setdirection(pd, Pflag); 1357 if (status != 0) 1358 error("%s: pcap_setdirection() failed: %s", 1359 device, pcap_geterr(pd)); 1360 } 1361 #endif 1362 #else 1363 *ebuf = '\0'; 1364 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); 1365 if (pd == NULL) 1366 error("%s", ebuf); 1367 else if (*ebuf) 1368 warning("%s", ebuf); 1369 #endif /* HAVE_PCAP_CREATE */ 1370 /* 1371 * Let user own process after socket has been opened. 1372 */ 1373 #ifndef WIN32 1374 if (setgid(getgid()) != 0 || setuid(getuid()) != 0) 1375 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1376 #endif /* WIN32 */ 1377 #if !defined(HAVE_PCAP_CREATE) && defined(WIN32) 1378 if(Bflag != 0) 1379 if(pcap_setbuff(pd, Bflag)==-1){ 1380 error("%s", pcap_geterr(pd)); 1381 } 1382 #endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */ 1383 if (Lflag) 1384 show_dlts_and_exit(device, pd); 1385 if (gndo->ndo_dlt >= 0) { 1386 #ifdef HAVE_PCAP_SET_DATALINK 1387 if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0) 1388 error("%s", pcap_geterr(pd)); 1389 #else 1390 /* 1391 * We don't actually support changing the 1392 * data link type, so we only let them 1393 * set it to what it already is. 1394 */ 1395 if (gndo->ndo_dlt != pcap_datalink(pd)) { 1396 error("%s is not one of the DLTs supported by this device\n", 1397 gndo->ndo_dltname); 1398 } 1399 #endif 1400 (void)fprintf(stderr, "%s: data link type %s\n", 1401 program_name, gndo->ndo_dltname); 1402 (void)fflush(stderr); 1403 } 1404 i = pcap_snapshot(pd); 1405 if (snaplen < i) { 1406 warning("snaplen raised from %d to %d", snaplen, i); 1407 snaplen = i; 1408 } 1409 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { 1410 localnet = 0; 1411 netmask = 0; 1412 warning("%s", ebuf); 1413 } 1414 } 1415 if (infile) 1416 cmdbuf = read_infile(infile); 1417 else 1418 cmdbuf = copy_argv(&argv[optind]); 1419 1420 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1421 error("%s", pcap_geterr(pd)); 1422 if (dflag) { 1423 bpf_dump(&fcode, dflag); 1424 pcap_close(pd); 1425 free(cmdbuf); 1426 exit(0); 1427 } 1428 init_addrtoname(localnet, netmask); 1429 init_checksum(); 1430 1431 #ifndef WIN32 1432 (void)setsignal(SIGPIPE, cleanup); 1433 (void)setsignal(SIGTERM, cleanup); 1434 (void)setsignal(SIGINT, cleanup); 1435 #endif /* WIN32 */ 1436 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1437 (void)setsignal(SIGCHLD, child_cleanup); 1438 #endif 1439 /* Cooperate with nohup(1) */ 1440 #ifndef WIN32 1441 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) 1442 (void)setsignal(SIGHUP, oldhandler); 1443 #endif /* WIN32 */ 1444 1445 #ifndef WIN32 1446 /* 1447 * If a user name was specified with "-Z", attempt to switch to 1448 * that user's UID. This would probably be used with sudo, 1449 * to allow tcpdump to be run in a special restricted 1450 * account (if you just want to allow users to open capture 1451 * devices, and can't just give users that permission, 1452 * you'd make tcpdump set-UID or set-GID). 1453 * 1454 * Tcpdump doesn't necessarily write only to one savefile; 1455 * the general only way to allow a -Z instance to write to 1456 * savefiles as the user under whose UID it's run, rather 1457 * than as the user specified with -Z, would thus be to switch 1458 * to the original user ID before opening a capture file and 1459 * then switch back to the -Z user ID after opening the savefile. 1460 * Switching to the -Z user ID only after opening the first 1461 * savefile doesn't handle the general case. 1462 */ 1463 1464 #ifdef HAVE_CAP_NG_H 1465 /* We are running as root and we will be writing to savefile */ 1466 if ((getuid() == 0 || geteuid() == 0) && WFileName) { 1467 if (username) { 1468 /* Drop all capabilities from effective set */ 1469 capng_clear(CAPNG_EFFECTIVE); 1470 /* Add capabilities we will need*/ 1471 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETUID); 1472 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETGID); 1473 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_DAC_OVERRIDE); 1474 1475 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETUID); 1476 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETGID); 1477 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1478 1479 capng_apply(CAPNG_SELECT_BOTH); 1480 } 1481 } 1482 #endif /* HAVE_CAP_NG_H */ 1483 1484 if (getuid() == 0 || geteuid() == 0) { 1485 if (username || chroot_dir) 1486 droproot(username, chroot_dir); 1487 1488 } 1489 #endif /* WIN32 */ 1490 1491 if (pcap_setfilter(pd, &fcode) < 0) 1492 error("%s", pcap_geterr(pd)); 1493 if (WFileName) { 1494 pcap_dumper_t *p; 1495 /* Do not exceed the default PATH_MAX for files. */ 1496 dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1); 1497 1498 if (dumpinfo.CurrentFileName == NULL) 1499 error("malloc of dumpinfo.CurrentFileName"); 1500 1501 /* We do not need numbering for dumpfiles if Cflag isn't set. */ 1502 if (Cflag != 0) 1503 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars); 1504 else 1505 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); 1506 1507 p = pcap_dump_open(pd, dumpinfo.CurrentFileName); 1508 #ifdef HAVE_CAP_NG_H 1509 /* Give up capabilities, clear Effective set */ 1510 capng_clear(CAPNG_EFFECTIVE); 1511 #endif 1512 if (p == NULL) 1513 error("%s", pcap_geterr(pd)); 1514 if (Cflag != 0 || Gflag != 0) { 1515 callback = dump_packet_and_trunc; 1516 dumpinfo.WFileName = WFileName; 1517 dumpinfo.pd = pd; 1518 dumpinfo.p = p; 1519 pcap_userdata = (u_char *)&dumpinfo; 1520 } else { 1521 callback = dump_packet; 1522 pcap_userdata = (u_char *)p; 1523 } 1524 #ifdef HAVE_PCAP_DUMP_FLUSH 1525 if (Uflag) 1526 pcap_dump_flush(p); 1527 #endif 1528 } else { 1529 type = pcap_datalink(pd); 1530 printinfo = get_print_info(type); 1531 callback = print_packet; 1532 pcap_userdata = (u_char *)&printinfo; 1533 } 1534 1535 #ifdef SIGNAL_REQ_INFO 1536 /* 1537 * We can't get statistics when reading from a file rather 1538 * than capturing from a device. 1539 */ 1540 if (RFileName == NULL) 1541 (void)setsignal(SIGNAL_REQ_INFO, requestinfo); 1542 #endif 1543 1544 if (vflag > 0 && WFileName) { 1545 /* 1546 * When capturing to a file, "-v" means tcpdump should, 1547 * every 10 secodns, "v"erbosely report the number of 1548 * packets captured. 1549 */ 1550 #ifdef USE_WIN32_MM_TIMER 1551 /* call verbose_stats_dump() each 1000 +/-100msec */ 1552 timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC); 1553 setvbuf(stderr, NULL, _IONBF, 0); 1554 #elif defined(HAVE_ALARM) 1555 (void)setsignal(SIGALRM, verbose_stats_dump); 1556 alarm(1); 1557 #endif 1558 } 1559 1560 #ifndef WIN32 1561 if (RFileName == NULL) { 1562 /* 1563 * Live capture (if -V was specified, we set RFileName 1564 * to a file from the -V file). Print a message to 1565 * the standard error on UN*X. 1566 */ 1567 if (!vflag && !WFileName) { 1568 (void)fprintf(stderr, 1569 "%s: verbose output suppressed, use -v or -vv for full protocol decode\n", 1570 program_name); 1571 } else 1572 (void)fprintf(stderr, "%s: ", program_name); 1573 dlt = pcap_datalink(pd); 1574 dlt_name = pcap_datalink_val_to_name(dlt); 1575 if (dlt_name == NULL) { 1576 (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n", 1577 device, dlt, snaplen); 1578 } else { 1579 (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n", 1580 device, dlt_name, 1581 pcap_datalink_val_to_description(dlt), snaplen); 1582 } 1583 (void)fflush(stderr); 1584 } 1585 1586 /* 1587 * If a user name was specified with "-Z", attempt to switch to 1588 * that user's UID. This would probably be used with sudo, 1589 * to allow tcpdump to be run in a special restricted 1590 * account (if you just want to allow users to open capture 1591 * devices, and can't just give users that permission, 1592 * you'd make tcpdump set-UID or set-GID). 1593 * 1594 * Tcpdump doesn't necessarily write only to one savefile; 1595 * the general only way to allow a -Z instance to write to 1596 * savefiles as the user under whose UID it's run, rather 1597 * than as the user specified with -Z, would thus be to switch 1598 * to the original user ID before opening a capture file and 1599 * then switch back to the -Z user ID after opening the savefile. 1600 * Switching to the -Z user ID only after opening the first 1601 * savefile doesn't handle the general case. 1602 */ 1603 if (getuid() == 0 || geteuid() == 0) { 1604 if (username || chroot_dir) 1605 droproot(username, chroot_dir); 1606 } 1607 #endif /* WIN32 */ 1608 do { 1609 status = pcap_loop(pd, cnt, callback, pcap_userdata); 1610 if (WFileName == NULL) { 1611 /* 1612 * We're printing packets. Flush the printed output, 1613 * so it doesn't get intermingled with error output. 1614 */ 1615 if (status == -2) { 1616 /* 1617 * We got interrupted, so perhaps we didn't 1618 * manage to finish a line we were printing. 1619 * Print an extra newline, just in case. 1620 */ 1621 putchar('\n'); 1622 } 1623 (void)fflush(stdout); 1624 } 1625 if (status == -2) { 1626 /* 1627 * We got interrupted. If we are reading multiple 1628 * files (via -V) set these so that we stop. 1629 */ 1630 VFileName = NULL; 1631 ret = NULL; 1632 } 1633 if (status == -1) { 1634 /* 1635 * Error. Report it. 1636 */ 1637 (void)fprintf(stderr, "%s: pcap_loop: %s\n", 1638 program_name, pcap_geterr(pd)); 1639 } 1640 if (RFileName == NULL) { 1641 /* 1642 * We're doing a live capture. Report the capture 1643 * statistics. 1644 */ 1645 info(1); 1646 } 1647 pcap_close(pd); 1648 if (VFileName != NULL) { 1649 ret = get_next_file(VFile, VFileLine); 1650 if (ret) { 1651 RFileName = VFileLine; 1652 pd = pcap_open_offline(RFileName, ebuf); 1653 if (pd == NULL) 1654 error("%s", ebuf); 1655 new_dlt = pcap_datalink(pd); 1656 if (WFileName && new_dlt != dlt) 1657 error("%s: new dlt does not match original", RFileName); 1658 printinfo = get_print_info(new_dlt); 1659 dlt_name = pcap_datalink_val_to_name(new_dlt); 1660 if (dlt_name == NULL) { 1661 fprintf(stderr, "reading from file %s, link-type %u\n", 1662 RFileName, new_dlt); 1663 } else { 1664 fprintf(stderr, 1665 "reading from file %s, link-type %s (%s)\n", 1666 RFileName, dlt_name, 1667 pcap_datalink_val_to_description(new_dlt)); 1668 } 1669 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1670 error("%s", pcap_geterr(pd)); 1671 if (pcap_setfilter(pd, &fcode) < 0) 1672 error("%s", pcap_geterr(pd)); 1673 } 1674 } 1675 } 1676 while (ret != NULL); 1677 1678 free(cmdbuf); 1679 exit(status == -1 ? 1 : 0); 1680 } 1681 1682 /* make a clean exit on interrupts */ 1683 static RETSIGTYPE 1684 cleanup(int signo _U_) 1685 { 1686 #ifdef USE_WIN32_MM_TIMER 1687 if (timer_id) 1688 timeKillEvent(timer_id); 1689 timer_id = 0; 1690 #elif defined(HAVE_ALARM) 1691 alarm(0); 1692 #endif 1693 1694 #ifdef HAVE_PCAP_BREAKLOOP 1695 /* 1696 * We have "pcap_breakloop()"; use it, so that we do as little 1697 * as possible in the signal handler (it's probably not safe 1698 * to do anything with standard I/O streams in a signal handler - 1699 * the ANSI C standard doesn't say it is). 1700 */ 1701 pcap_breakloop(pd); 1702 #else 1703 /* 1704 * We don't have "pcap_breakloop()"; this isn't safe, but 1705 * it's the best we can do. Print the summary if we're 1706 * not reading from a savefile - i.e., if we're doing a 1707 * live capture - and exit. 1708 */ 1709 if (pd != NULL && pcap_file(pd) == NULL) { 1710 /* 1711 * We got interrupted, so perhaps we didn't 1712 * manage to finish a line we were printing. 1713 * Print an extra newline, just in case. 1714 */ 1715 putchar('\n'); 1716 (void)fflush(stdout); 1717 info(1); 1718 } 1719 exit(0); 1720 #endif 1721 } 1722 1723 /* 1724 On windows, we do not use a fork, so we do not care less about 1725 waiting a child processes to die 1726 */ 1727 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1728 static RETSIGTYPE 1729 child_cleanup(int signo _U_) 1730 { 1731 wait(NULL); 1732 } 1733 #endif /* HAVE_FORK && HAVE_VFORK */ 1734 1735 static void 1736 info(register int verbose) 1737 { 1738 struct pcap_stat stat; 1739 1740 /* 1741 * Older versions of libpcap didn't set ps_ifdrop on some 1742 * platforms; initialize it to 0 to handle that. 1743 */ 1744 stat.ps_ifdrop = 0; 1745 if (pcap_stats(pd, &stat) < 0) { 1746 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); 1747 infoprint = 0; 1748 return; 1749 } 1750 1751 if (!verbose) 1752 fprintf(stderr, "%s: ", program_name); 1753 1754 (void)fprintf(stderr, "%u packet%s captured", packets_captured, 1755 PLURAL_SUFFIX(packets_captured)); 1756 if (!verbose) 1757 fputs(", ", stderr); 1758 else 1759 putc('\n', stderr); 1760 (void)fprintf(stderr, "%u packet%s received by filter", stat.ps_recv, 1761 PLURAL_SUFFIX(stat.ps_recv)); 1762 if (!verbose) 1763 fputs(", ", stderr); 1764 else 1765 putc('\n', stderr); 1766 (void)fprintf(stderr, "%u packet%s dropped by kernel", stat.ps_drop, 1767 PLURAL_SUFFIX(stat.ps_drop)); 1768 if (stat.ps_ifdrop != 0) { 1769 if (!verbose) 1770 fputs(", ", stderr); 1771 else 1772 putc('\n', stderr); 1773 (void)fprintf(stderr, "%u packet%s dropped by interface\n", 1774 stat.ps_ifdrop, PLURAL_SUFFIX(stat.ps_ifdrop)); 1775 } else 1776 putc('\n', stderr); 1777 infoprint = 0; 1778 } 1779 1780 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1781 static void 1782 compress_savefile(const char *filename) 1783 { 1784 # ifdef HAVE_FORK 1785 if (fork()) 1786 # else 1787 if (vfork()) 1788 # endif 1789 return; 1790 /* 1791 * Set to lowest priority so that this doesn't disturb the capture 1792 */ 1793 #ifdef NZERO 1794 setpriority(PRIO_PROCESS, 0, NZERO - 1); 1795 #else 1796 setpriority(PRIO_PROCESS, 0, 19); 1797 #endif 1798 if (execlp(zflag, zflag, filename, (char *)NULL) == -1) 1799 fprintf(stderr, 1800 "compress_savefile:execlp(%s, %s): %s\n", 1801 zflag, 1802 filename, 1803 strerror(errno)); 1804 # ifdef HAVE_FORK 1805 exit(1); 1806 # else 1807 _exit(1); 1808 # endif 1809 } 1810 #else /* HAVE_FORK && HAVE_VFORK */ 1811 static void 1812 compress_savefile(const char *filename) 1813 { 1814 fprintf(stderr, 1815 "compress_savefile failed. Functionality not implemented under your system\n"); 1816 } 1817 #endif /* HAVE_FORK && HAVE_VFORK */ 1818 1819 static void 1820 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1821 { 1822 struct dump_info *dump_info; 1823 1824 ++packets_captured; 1825 1826 ++infodelay; 1827 1828 dump_info = (struct dump_info *)user; 1829 1830 /* 1831 * XXX - this won't force the file to rotate on the specified time 1832 * boundary, but it will rotate on the first packet received after the 1833 * specified Gflag number of seconds. Note: if a Gflag time boundary 1834 * and a Cflag size boundary coincide, the time rotation will occur 1835 * first thereby cancelling the Cflag boundary (since the file should 1836 * be 0). 1837 */ 1838 if (Gflag != 0) { 1839 /* Check if it is time to rotate */ 1840 time_t t; 1841 1842 /* Get the current time */ 1843 if ((t = time(NULL)) == (time_t)-1) { 1844 error("dump_and_trunc_packet: can't get current_time: %s", 1845 pcap_strerror(errno)); 1846 } 1847 1848 1849 /* If the time is greater than the specified window, rotate */ 1850 if (t - Gflag_time >= Gflag) { 1851 /* Update the Gflag_time */ 1852 Gflag_time = t; 1853 /* Update Gflag_count */ 1854 Gflag_count++; 1855 /* 1856 * Close the current file and open a new one. 1857 */ 1858 pcap_dump_close(dump_info->p); 1859 1860 /* 1861 * Compress the file we just closed, if the user asked for it 1862 */ 1863 if (zflag != NULL) 1864 compress_savefile(dump_info->CurrentFileName); 1865 1866 /* 1867 * Check to see if we've exceeded the Wflag (when 1868 * not using Cflag). 1869 */ 1870 if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) { 1871 (void)fprintf(stderr, "Maximum file limit reached: %d\n", 1872 Wflag); 1873 exit(0); 1874 /* NOTREACHED */ 1875 } 1876 if (dump_info->CurrentFileName != NULL) 1877 free(dump_info->CurrentFileName); 1878 /* Allocate space for max filename + \0. */ 1879 dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); 1880 if (dump_info->CurrentFileName == NULL) 1881 error("dump_packet_and_trunc: malloc"); 1882 /* 1883 * This is always the first file in the Cflag 1884 * rotation: e.g. 0 1885 * We also don't need numbering if Cflag is not set. 1886 */ 1887 if (Cflag != 0) 1888 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 1889 WflagChars); 1890 else 1891 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0); 1892 1893 #ifdef HAVE_CAP_NG_H 1894 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1895 capng_apply(CAPNG_EFFECTIVE); 1896 #endif /* HAVE_CAP_NG_H */ 1897 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1898 #ifdef HAVE_CAP_NG_H 1899 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1900 capng_apply(CAPNG_EFFECTIVE); 1901 #endif /* HAVE_CAP_NG_H */ 1902 if (dump_info->p == NULL) 1903 error("%s", pcap_geterr(pd)); 1904 } 1905 } 1906 1907 /* 1908 * XXX - this won't prevent capture files from getting 1909 * larger than Cflag - the last packet written to the 1910 * file could put it over Cflag. 1911 */ 1912 if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) { 1913 /* 1914 * Close the current file and open a new one. 1915 */ 1916 pcap_dump_close(dump_info->p); 1917 1918 /* 1919 * Compress the file we just closed, if the user asked for it 1920 */ 1921 if (zflag != NULL) 1922 compress_savefile(dump_info->CurrentFileName); 1923 1924 Cflag_count++; 1925 if (Wflag > 0) { 1926 if (Cflag_count >= Wflag) 1927 Cflag_count = 0; 1928 } 1929 if (dump_info->CurrentFileName != NULL) 1930 free(dump_info->CurrentFileName); 1931 dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); 1932 if (dump_info->CurrentFileName == NULL) 1933 error("dump_packet_and_trunc: malloc"); 1934 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars); 1935 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1936 if (dump_info->p == NULL) 1937 error("%s", pcap_geterr(pd)); 1938 } 1939 1940 pcap_dump((u_char *)dump_info->p, h, sp); 1941 #ifdef HAVE_PCAP_DUMP_FLUSH 1942 if (Uflag) 1943 pcap_dump_flush(dump_info->p); 1944 #endif 1945 1946 --infodelay; 1947 if (infoprint) 1948 info(0); 1949 } 1950 1951 static void 1952 dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1953 { 1954 ++packets_captured; 1955 1956 ++infodelay; 1957 1958 pcap_dump(user, h, sp); 1959 #ifdef HAVE_PCAP_DUMP_FLUSH 1960 if (Uflag) 1961 pcap_dump_flush((pcap_dumper_t *)user); 1962 #endif 1963 1964 --infodelay; 1965 if (infoprint) 1966 info(0); 1967 } 1968 1969 static void 1970 print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1971 { 1972 struct print_info *print_info; 1973 u_int hdrlen; 1974 1975 ++packets_captured; 1976 1977 ++infodelay; 1978 ts_print(&h->ts); 1979 1980 print_info = (struct print_info *)user; 1981 1982 /* 1983 * Some printers want to check that they're not walking off the 1984 * end of the packet. 1985 * Rather than pass it all the way down, we set this global. 1986 */ 1987 snapend = sp + h->caplen; 1988 1989 if(print_info->ndo_type) { 1990 hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp); 1991 } else { 1992 hdrlen = (*print_info->p.printer)(h, sp); 1993 } 1994 1995 if (Xflag) { 1996 /* 1997 * Print the raw packet data in hex and ASCII. 1998 */ 1999 if (Xflag > 1) { 2000 /* 2001 * Include the link-layer header. 2002 */ 2003 hex_and_ascii_print("\n\t", sp, h->caplen); 2004 } else { 2005 /* 2006 * Don't include the link-layer header - and if 2007 * we have nothing past the link-layer header, 2008 * print nothing. 2009 */ 2010 if (h->caplen > hdrlen) 2011 hex_and_ascii_print("\n\t", sp + hdrlen, 2012 h->caplen - hdrlen); 2013 } 2014 } else if (xflag) { 2015 /* 2016 * Print the raw packet data in hex. 2017 */ 2018 if (xflag > 1) { 2019 /* 2020 * Include the link-layer header. 2021 */ 2022 hex_print("\n\t", sp, h->caplen); 2023 } else { 2024 /* 2025 * Don't include the link-layer header - and if 2026 * we have nothing past the link-layer header, 2027 * print nothing. 2028 */ 2029 if (h->caplen > hdrlen) 2030 hex_print("\n\t", sp + hdrlen, 2031 h->caplen - hdrlen); 2032 } 2033 } else if (Aflag) { 2034 /* 2035 * Print the raw packet data in ASCII. 2036 */ 2037 if (Aflag > 1) { 2038 /* 2039 * Include the link-layer header. 2040 */ 2041 ascii_print(sp, h->caplen); 2042 } else { 2043 /* 2044 * Don't include the link-layer header - and if 2045 * we have nothing past the link-layer header, 2046 * print nothing. 2047 */ 2048 if (h->caplen > hdrlen) 2049 ascii_print(sp + hdrlen, h->caplen - hdrlen); 2050 } 2051 } 2052 2053 putchar('\n'); 2054 2055 --infodelay; 2056 if (infoprint) 2057 info(0); 2058 } 2059 2060 #ifdef WIN32 2061 /* 2062 * XXX - there should really be libpcap calls to get the version 2063 * number as a string (the string would be generated from #defines 2064 * at run time, so that it's not generated from string constants 2065 * in the library, as, on many UNIX systems, those constants would 2066 * be statically linked into the application executable image, and 2067 * would thus reflect the version of libpcap on the system on 2068 * which the application was *linked*, not the system on which it's 2069 * *running*. 2070 * 2071 * That routine should be documented, unlike the "version[]" 2072 * string, so that UNIX vendors providing their own libpcaps 2073 * don't omit it (as a couple of vendors have...). 2074 * 2075 * Packet.dll should perhaps also export a routine to return the 2076 * version number of the Packet.dll code, to supply the 2077 * "Wpcap_version" information on Windows. 2078 */ 2079 char WDversion[]="current-cvs.tcpdump.org"; 2080 #if !defined(HAVE_GENERATED_VERSION) 2081 char version[]="current-cvs.tcpdump.org"; 2082 #endif 2083 char pcap_version[]="current-cvs.tcpdump.org"; 2084 char Wpcap_version[]="3.1"; 2085 #endif 2086 2087 /* 2088 * By default, print the specified data out in hex and ASCII. 2089 */ 2090 static void 2091 ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length) 2092 { 2093 hex_and_ascii_print("\n\t", bp, length); /* pass on lf and identation string */ 2094 } 2095 2096 void 2097 default_print(const u_char *bp, u_int length) 2098 { 2099 ndo_default_print(gndo, bp, length); 2100 } 2101 2102 #ifdef SIGNAL_REQ_INFO 2103 RETSIGTYPE requestinfo(int signo _U_) 2104 { 2105 if (infodelay) 2106 ++infoprint; 2107 else 2108 info(0); 2109 } 2110 #endif 2111 2112 /* 2113 * Called once each second in verbose mode while dumping to file 2114 */ 2115 #ifdef USE_WIN32_MM_TIMER 2116 void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_, 2117 DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_) 2118 { 2119 struct pcap_stat stat; 2120 2121 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 2122 fprintf(stderr, "Got %u\r", packets_captured); 2123 } 2124 #elif defined(HAVE_ALARM) 2125 static void verbose_stats_dump(int sig _U_) 2126 { 2127 struct pcap_stat stat; 2128 2129 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 2130 fprintf(stderr, "Got %u\r", packets_captured); 2131 alarm(1); 2132 } 2133 #endif 2134 2135 static void 2136 usage(void) 2137 { 2138 extern char version[]; 2139 #ifndef HAVE_PCAP_LIB_VERSION 2140 #if defined(WIN32) || defined(HAVE_PCAP_VERSION) 2141 extern char pcap_version[]; 2142 #else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 2143 static char pcap_version[] = "unknown"; 2144 #endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 2145 #endif /* HAVE_PCAP_LIB_VERSION */ 2146 2147 #ifdef HAVE_PCAP_LIB_VERSION 2148 #ifdef WIN32 2149 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 2150 #else /* WIN32 */ 2151 (void)fprintf(stderr, "%s version %s\n", program_name, version); 2152 #endif /* WIN32 */ 2153 (void)fprintf(stderr, "%s\n",pcap_lib_version()); 2154 #else /* HAVE_PCAP_LIB_VERSION */ 2155 #ifdef WIN32 2156 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 2157 (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version); 2158 #else /* WIN32 */ 2159 (void)fprintf(stderr, "%s version %s\n", program_name, version); 2160 (void)fprintf(stderr, "libpcap version %s\n", pcap_version); 2161 #endif /* WIN32 */ 2162 #endif /* HAVE_PCAP_LIB_VERSION */ 2163 (void)fprintf(stderr, 2164 "Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name); 2165 (void)fprintf(stderr, 2166 "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n"); 2167 (void)fprintf(stderr, 2168 "\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ]\n"); 2169 #ifdef HAVE_PCAP_SETDIRECTION 2170 (void)fprintf(stderr, 2171 "\t\t[ -P in|out|inout ]\n"); 2172 #endif 2173 (void)fprintf(stderr, 2174 "\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]\n"); 2175 (void)fprintf(stderr, 2176 "\t\t[ -W filecount ] [ -y datalinktype ] [ -z command ]\n"); 2177 (void)fprintf(stderr, 2178 "\t\t[ -Z user ] [ expression ]\n"); 2179 exit(1); 2180 } 2181 2182 2183 2184 /* VARARGS */ 2185 static void 2186 ndo_error(netdissect_options *ndo _U_, const char *fmt, ...) 2187 { 2188 va_list ap; 2189 2190 (void)fprintf(stderr, "%s: ", program_name); 2191 va_start(ap, fmt); 2192 (void)vfprintf(stderr, fmt, ap); 2193 va_end(ap); 2194 if (*fmt) { 2195 fmt += strlen(fmt); 2196 if (fmt[-1] != '\n') 2197 (void)fputc('\n', stderr); 2198 } 2199 exit(1); 2200 /* NOTREACHED */ 2201 } 2202 2203 /* VARARGS */ 2204 static void 2205 ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...) 2206 { 2207 va_list ap; 2208 2209 (void)fprintf(stderr, "%s: WARNING: ", program_name); 2210 va_start(ap, fmt); 2211 (void)vfprintf(stderr, fmt, ap); 2212 va_end(ap); 2213 if (*fmt) { 2214 fmt += strlen(fmt); 2215 if (fmt[-1] != '\n') 2216 (void)fputc('\n', stderr); 2217 } 2218 } 2219