1 /* ciscodump.c
2 * ciscodump is extcap tool used to capture data using a ssh on a remote cisco router
3 *
4 * Copyright 2015, Dario Lombardo
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13 #include "config.h"
14 #define WS_LOG_DOMAIN "ciscodump"
15
16 #include <extcap/extcap-base.h>
17 #include <wsutil/interface.h>
18 #include <wsutil/strtoi.h>
19 #include <wsutil/filesystem.h>
20 #include <wsutil/privileges.h>
21 #include <wsutil/please_report_bug.h>
22 #include <wsutil/wslog.h>
23 #include <extcap/ssh-base.h>
24 #include <writecap/pcapio.h>
25
26 #include <errno.h>
27 #include <string.h>
28 #include <fcntl.h>
29
30 #include <cli_main.h>
31
32 #define CISCODUMP_VERSION_MAJOR "1"
33 #define CISCODUMP_VERSION_MINOR "0"
34 #define CISCODUMP_VERSION_RELEASE "0"
35
36 /* The read timeout in msec */
37 #define CISCODUMP_READ_TIMEOUT 3000
38
39 #define CISCODUMP_EXTCAP_INTERFACE "ciscodump"
40 #define SSH_READ_BLOCK_SIZE 1024
41 #define SSH_READ_TIMEOUT 10000
42
43 #define WIRESHARK_CAPTURE_POINT "WIRESHARK_CAPTURE_POINT"
44 #define WIRESHARK_CAPTURE_BUFFER "WIRESHARK_CAPTURE_BUFFER"
45 #define WIRESHARK_CAPTURE_ACCESSLIST "WIRESHARK_CAPTURE_ACCESSLIST"
46
47 #define PCAP_SNAPLEN 0xffff
48
49 #define PACKET_MAX_SIZE 65535
50
51 #define MINIMUM_IOS_MAJOR 12
52 #define MINIMUM_IOS_MINOR 4
53
54 /* Status of the parser */
55 enum {
56 CISCODUMP_PARSER_STARTING,
57 CISCODUMP_PARSER_IN_PACKET,
58 CISCODUMP_PARSER_IN_HEADER,
59 CISCODUMP_PARSER_END_PACKET,
60 CISCODUMP_PARSER_ERROR
61 };
62
63 enum {
64 EXTCAP_BASE_OPTIONS_ENUM,
65 OPT_HELP,
66 OPT_VERSION,
67 OPT_REMOTE_HOST,
68 OPT_REMOTE_PORT,
69 OPT_REMOTE_USERNAME,
70 OPT_REMOTE_PASSWORD,
71 OPT_REMOTE_INTERFACE,
72 OPT_REMOTE_FILTER,
73 OPT_SSHKEY,
74 OPT_SSHKEY_PASSPHRASE,
75 OPT_PROXYCOMMAND,
76 OPT_REMOTE_COUNT
77 };
78
79 static struct ws_option longopts[] = {
80 EXTCAP_BASE_OPTIONS,
81 { "help", ws_no_argument, NULL, OPT_HELP},
82 { "version", ws_no_argument, NULL, OPT_VERSION},
83 SSH_BASE_OPTIONS,
84 { 0, 0, 0, 0}
85 };
86
interfaces_list_to_filter(GSList * interfaces,unsigned int remote_port)87 static char* interfaces_list_to_filter(GSList* interfaces, unsigned int remote_port)
88 {
89 GString* filter = g_string_new(NULL);
90 GSList* cur;
91
92 if (interfaces) {
93 g_string_append_printf(filter, "deny tcp host %s any eq %u, deny tcp any eq %u host %s",
94 (char*)interfaces->data, remote_port, remote_port, (char*)interfaces->data);
95 cur = g_slist_next(interfaces);
96 while (cur) {
97 g_string_append_printf(filter, ", deny tcp host %s any eq %u, deny tcp any eq %u host %s",
98 (char*)cur->data, remote_port, remote_port, (char*)cur->data);
99 cur = g_slist_next(cur);
100 }
101 g_string_append_printf(filter, ", permit ip any any");
102 }
103
104 return g_string_free(filter, FALSE);
105 }
106
local_interfaces_to_filter(const unsigned int remote_port)107 static char* local_interfaces_to_filter(const unsigned int remote_port)
108 {
109 GSList* interfaces = local_interfaces_to_list();
110 char* filter = interfaces_list_to_filter(interfaces, remote_port);
111 g_slist_free_full(interfaces, g_free);
112 return filter;
113 }
114
115 /* Read bytes from the channel. If bytes == -1, read all data (until timeout). If outbuf != NULL, data are stored there */
read_output_bytes(ssh_channel channel,int bytes,char * outbuf)116 static int read_output_bytes(ssh_channel channel, int bytes, char* outbuf)
117 {
118 char chr;
119 int total;
120 int bytes_read;
121
122 total = (bytes > 0 ? bytes : G_MAXINT);
123 bytes_read = 0;
124
125 while(ssh_channel_read_timeout(channel, &chr, 1, 0, 2000) > 0 && bytes_read < total) {
126 ws_debug("%c", chr);
127 if (chr == '^')
128 return EXIT_FAILURE;
129 if (outbuf)
130 outbuf[bytes_read] = chr;
131 bytes_read++;
132 }
133 return EXIT_SUCCESS;
134 }
135
ciscodump_cleanup(ssh_session sshs,ssh_channel channel,const char * iface,const char * cfilter)136 static void ciscodump_cleanup(ssh_session sshs, ssh_channel channel, const char* iface, const char* cfilter)
137 {
138 if (channel) {
139 if (read_output_bytes(channel, -1, NULL) == EXIT_SUCCESS) {
140 ssh_channel_printf(channel, "monitor capture point stop %s\n", WIRESHARK_CAPTURE_POINT);
141 ssh_channel_printf(channel, "no monitor capture point ip cef %s %s\n", WIRESHARK_CAPTURE_POINT, iface);
142 ssh_channel_printf(channel, "no monitor capture buffer %s\n", WIRESHARK_CAPTURE_BUFFER);
143 if (cfilter) {
144 ssh_channel_printf(channel, "configure terminal\n");
145 ssh_channel_printf(channel, "no ip access-list ex %s\n", WIRESHARK_CAPTURE_ACCESSLIST);
146 }
147 read_output_bytes(channel, -1, NULL);
148 }
149 }
150 ssh_cleanup(&sshs, &channel);
151 }
152
wait_until_data(ssh_channel channel,const guint32 count)153 static int wait_until_data(ssh_channel channel, const guint32 count)
154 {
155 long unsigned got = 0;
156 char output[SSH_READ_BLOCK_SIZE];
157 char* output_ptr;
158 guint rounds = 100;
159
160 while (got < count && rounds--) {
161 if (ssh_channel_printf(channel, "show monitor capture buffer %s parameters\n", WIRESHARK_CAPTURE_BUFFER) == EXIT_FAILURE) {
162 ws_warning("Can't write to channel");
163 return EXIT_FAILURE;
164 }
165 if (read_output_bytes(channel, SSH_READ_BLOCK_SIZE, output) == EXIT_FAILURE)
166 return EXIT_FAILURE;
167
168 output_ptr = g_strstr_len(output, strlen(output), "Packets");
169 if (!output_ptr) {
170 ws_warning("Error in sscanf()");
171 return EXIT_FAILURE;
172 } else {
173 if (sscanf(output_ptr, "Packets : %lu", &got) != 1)
174 return EXIT_FAILURE;
175 }
176 }
177 ws_debug("All packets got: dumping");
178 return EXIT_SUCCESS;
179 }
180
parse_line(guint8 * packet,unsigned * offset,char * line,int status)181 static int parse_line(guint8* packet, unsigned* offset, char* line, int status)
182 {
183 char** parts;
184 char** part;
185 guint32 value;
186 size_t size;
187
188 if (strlen(line) <= 1) {
189 if (status == CISCODUMP_PARSER_IN_PACKET)
190 return CISCODUMP_PARSER_END_PACKET;
191 else
192 return status;
193 }
194
195 /* we got the packet header */
196 /* The packet header is a line like: */
197 /* 16:09:37.171 ITA Mar 18 2016 : IPv4 LES CEF : Gi0/1 None */
198 if (g_regex_match_simple("^\\d{2}:\\d{2}:\\d{2}.\\d+ .*", line, (GRegexCompileFlags) (G_REGEX_CASELESS | G_REGEX_RAW), G_REGEX_MATCH_ANCHORED)) {
199 return CISCODUMP_PARSER_IN_HEADER;
200 }
201
202 /* we got a line of the packet */
203 /* A line looks like */
204 /* <address>: <1st group> <2nd group> <3rd group> <4th group> <ascii representation> */
205 /* ABCDEF01: 01020304 05060708 090A0B0C 0D0E0F10 ................ */
206 /* Note that any of the 4 groups are optional and that a group can be 1 to 4 bytes long */
207 parts = g_regex_split_simple(
208 "^[\\dA-F]{8,8}:\\s+([\\dA-F]{2,8})\\s+([\\dA-F]{2,8}){0,1}\\s+([\\dA-F]{2,8}){0,1}\\s+([\\dA-F]{2,8}){0,1}.*",
209 line, G_REGEX_CASELESS, G_REGEX_MATCH_ANCHORED);
210
211 part = parts;
212 while(*part) {
213 if (strlen(*part) > 1) {
214 value = (guint32)strtoul(*part, NULL, 16);
215 value = ntohl(value);
216 size = strlen(*part) / 2;
217 memcpy(packet + *offset, &value, size);
218 *offset += (guint32)size;
219 }
220 part++;
221 }
222 g_strfreev(parts);
223 return CISCODUMP_PARSER_IN_PACKET;
224 }
225
ssh_loop_read(ssh_channel channel,FILE * fp,const guint32 count)226 static void ssh_loop_read(ssh_channel channel, FILE* fp, const guint32 count)
227 {
228 char line[SSH_READ_BLOCK_SIZE];
229 char chr;
230 unsigned offset = 0;
231 unsigned packet_size = 0;
232 guint8* packet;
233 gint64 curtime = g_get_real_time();
234 int err;
235 guint64 bytes_written;
236 long unsigned packets = 0;
237 int status = CISCODUMP_PARSER_STARTING;
238
239 /* This is big enough to put on the heap */
240 packet = (guint8*)g_malloc(PACKET_MAX_SIZE);
241
242 do {
243 if (ssh_channel_read_timeout(channel, &chr, 1, FALSE, SSH_READ_TIMEOUT) == SSH_ERROR) {
244 ws_warning("Error reading from channel");
245 g_free(packet);
246 return;
247 }
248
249 if (chr != '\n') {
250 line[offset] = chr;
251 offset++;
252 } else {
253 /* Parse the current line */
254 line[offset] = '\0';
255 status = parse_line(packet, &packet_size, line, status);
256
257 if (status == CISCODUMP_PARSER_END_PACKET) {
258 /* dump the packet to the pcap file */
259 if (!libpcap_write_packet(fp,
260 (guint32)(curtime / G_USEC_PER_SEC), (guint32)(curtime % G_USEC_PER_SEC),
261 packet_size, packet_size, packet, &bytes_written, &err)) {
262 ws_debug("Error in libpcap_write_packet(): %s", g_strerror(err));
263 break;
264 }
265 ws_debug("Dumped packet %lu size: %u", packets, packet_size);
266 packet_size = 0;
267 status = CISCODUMP_PARSER_STARTING;
268 packets++;
269 }
270 offset = 0;
271 }
272
273 } while(packets < count);
274
275 g_free(packet);
276 }
277
check_ios_version(ssh_channel channel)278 static int check_ios_version(ssh_channel channel)
279 {
280 gchar* cmdline = "show version | include Cisco IOS\n";
281 gchar version[255];
282 guint major = 0;
283 guint minor = 0;
284 gchar* cur;
285
286 memset(version, 0x0, 255);
287
288 if (ssh_channel_write(channel, cmdline, (guint32)strlen(cmdline)) == SSH_ERROR)
289 return FALSE;
290 if (read_output_bytes(channel, (int)strlen(cmdline), NULL) == EXIT_FAILURE)
291 return FALSE;
292 if (read_output_bytes(channel, 255, version) == EXIT_FAILURE)
293 return FALSE;
294
295 cur = g_strstr_len(version, strlen(version), "Version");
296 if (cur) {
297 cur += strlen("Version ");
298 if (sscanf(cur, "%u.%u", &major, &minor) != 2)
299 return FALSE;
300
301 if ((major > MINIMUM_IOS_MAJOR) || (major == MINIMUM_IOS_MAJOR && minor >= MINIMUM_IOS_MINOR)) {
302 ws_debug("Current IOS Version: %u.%u", major, minor);
303 if (read_output_bytes(channel, -1, NULL) == EXIT_FAILURE)
304 return FALSE;
305 return TRUE;
306 }
307 }
308
309 ws_warning("Invalid IOS version. Minimum version: 12.4, current: %u.%u", major, minor);
310 return FALSE;
311 }
312
run_capture(ssh_session sshs,const char * iface,const char * cfilter,const guint32 count)313 static ssh_channel run_capture(ssh_session sshs, const char* iface, const char* cfilter, const guint32 count)
314 {
315 char* cmdline = NULL;
316 ssh_channel channel;
317 int ret = 0;
318
319 channel = ssh_channel_new(sshs);
320 if (!channel)
321 return NULL;
322
323 if (ssh_channel_open_session(channel) != SSH_OK)
324 goto error;
325
326 if (ssh_channel_request_pty(channel) != SSH_OK)
327 goto error;
328
329 if (ssh_channel_change_pty_size(channel, 80, 24) != SSH_OK)
330 goto error;
331
332 if (ssh_channel_request_shell(channel) != SSH_OK)
333 goto error;
334
335 if (!check_ios_version(channel))
336 goto error;
337
338 if (ssh_channel_printf(channel, "terminal length 0\n") == EXIT_FAILURE)
339 goto error;
340
341 if (ssh_channel_printf(channel, "monitor capture buffer %s max-size 9500\n", WIRESHARK_CAPTURE_BUFFER) == EXIT_FAILURE)
342 goto error;
343
344 if (ssh_channel_printf(channel, "monitor capture buffer %s limit packet-count %u\n", WIRESHARK_CAPTURE_BUFFER, count) == EXIT_FAILURE)
345 goto error;
346
347 if (cfilter) {
348 gchar* multiline_filter;
349 gchar* chr;
350
351 if (ssh_channel_printf(channel, "configure terminal\n") == EXIT_FAILURE)
352 goto error;
353
354 if (ssh_channel_printf(channel, "ip access-list ex %s\n", WIRESHARK_CAPTURE_ACCESSLIST) == EXIT_FAILURE)
355 goto error;
356
357 multiline_filter = g_strdup(cfilter);
358 chr = multiline_filter;
359 while((chr = g_strstr_len(chr, strlen(chr), ",")) != NULL) {
360 chr[0] = '\n';
361 ws_debug("Splitting filter into multiline");
362 }
363 ret = ssh_channel_write(channel, multiline_filter, (uint32_t)strlen(multiline_filter));
364 g_free(multiline_filter);
365 if (ret == SSH_ERROR)
366 goto error;
367
368 if (ssh_channel_printf(channel, "\nend\n") == EXIT_FAILURE)
369 goto error;
370
371 if (ssh_channel_printf(channel, "monitor capture buffer %s filter access-list %s\n",
372 WIRESHARK_CAPTURE_BUFFER, WIRESHARK_CAPTURE_ACCESSLIST) == EXIT_FAILURE)
373 goto error;
374 }
375
376 if (ssh_channel_printf(channel, "monitor capture point ip cef %s %s both\n", WIRESHARK_CAPTURE_POINT,
377 iface) == EXIT_FAILURE)
378 goto error;
379
380 if (ssh_channel_printf(channel, "monitor capture point associate %s %s \n", WIRESHARK_CAPTURE_POINT,
381 WIRESHARK_CAPTURE_BUFFER) == EXIT_FAILURE)
382 goto error;
383
384 if (ssh_channel_printf(channel, "monitor capture point start %s\n", WIRESHARK_CAPTURE_POINT) == EXIT_FAILURE)
385 goto error;
386
387 if (read_output_bytes(channel, -1, NULL) == EXIT_FAILURE)
388 goto error;
389
390 if (wait_until_data(channel, count) == EXIT_FAILURE)
391 goto error;
392
393 if (read_output_bytes(channel, -1, NULL) == EXIT_FAILURE)
394 goto error;
395
396 cmdline = g_strdup_printf("show monitor capture buffer %s dump\n", WIRESHARK_CAPTURE_BUFFER);
397 if (ssh_channel_printf(channel, cmdline) == EXIT_FAILURE)
398 goto error;
399
400 if (read_output_bytes(channel, (int)strlen(cmdline), NULL) == EXIT_FAILURE)
401 goto error;
402
403 g_free(cmdline);
404 return channel;
405 error:
406 g_free(cmdline);
407 ws_warning("Error running ssh remote command");
408 read_output_bytes(channel, -1, NULL);
409
410 ssh_channel_close(channel);
411 ssh_channel_free(channel);
412 return NULL;
413 }
414
ssh_open_remote_connection(const ssh_params_t * ssh_params,const char * iface,const char * cfilter,const guint32 count,const char * fifo)415 static int ssh_open_remote_connection(const ssh_params_t* ssh_params, const char* iface, const char* cfilter,
416 const guint32 count, const char* fifo)
417 {
418 ssh_session sshs;
419 ssh_channel channel;
420 FILE* fp = stdout;
421 guint64 bytes_written = 0;
422 int err;
423 int ret = EXIT_FAILURE;
424 char* err_info = NULL;
425
426 if (g_strcmp0(fifo, "-")) {
427 /* Open or create the output file */
428 fp = fopen(fifo, "wb");
429 if (!fp) {
430 ws_warning("Error creating output file: %s", g_strerror(errno));
431 return EXIT_FAILURE;
432 }
433 }
434
435 sshs = create_ssh_connection(ssh_params, &err_info);
436 if (!sshs) {
437 ws_warning("Error creating connection: %s", err_info);
438 goto cleanup;
439 }
440
441 if (!libpcap_write_file_header(fp, 1, PCAP_SNAPLEN, FALSE, &bytes_written, &err)) {
442 ws_warning("Can't write pcap file header");
443 goto cleanup;
444 }
445
446 channel = run_capture(sshs, iface, cfilter, count);
447 if (!channel) {
448 ret = EXIT_FAILURE;
449 goto cleanup;
450 }
451
452 /* read from channel and write into fp */
453 ssh_loop_read(channel, fp, count);
454
455 /* clean up and exit */
456 ciscodump_cleanup(sshs, channel, iface, cfilter);
457
458 ret = EXIT_SUCCESS;
459 cleanup:
460 if (fp != stdout)
461 fclose(fp);
462
463 return ret;
464 }
465
list_config(char * interface,unsigned int remote_port)466 static int list_config(char *interface, unsigned int remote_port)
467 {
468 unsigned inc = 0;
469 char* ipfilter;
470
471 if (!interface) {
472 ws_warning("No interface specified.");
473 return EXIT_FAILURE;
474 }
475
476 if (g_strcmp0(interface, CISCODUMP_EXTCAP_INTERFACE)) {
477 ws_warning("interface must be %s", CISCODUMP_EXTCAP_INTERFACE);
478 return EXIT_FAILURE;
479 }
480
481 ipfilter = local_interfaces_to_filter(remote_port);
482
483 printf("arg {number=%u}{call=--remote-host}{display=Remote SSH server address}"
484 "{type=string}{tooltip=The remote SSH host. It can be both "
485 "an IP address or a hostname}{required=true}{group=Server}\n", inc++);
486 printf("arg {number=%u}{call=--remote-port}{display=Remote SSH server port}"
487 "{type=unsigned}{default=22}{tooltip=The remote SSH host port (1-65535)}"
488 "{range=1,65535}{group=Server}\n", inc++);
489 printf("arg {number=%u}{call=--remote-username}{display=Remote SSH server username}"
490 "{type=string}{default=%s}{tooltip=The remote SSH username. If not provided, "
491 "the current user will be used}{group=Authentication}\n", inc++, g_get_user_name());
492 printf("arg {number=%u}{call=--remote-password}{display=Remote SSH server password}"
493 "{type=password}{tooltip=The SSH password, used when other methods (SSH agent "
494 "or key files) are unavailable.}{group=Authentication}\n", inc++);
495 printf("arg {number=%u}{call=--sshkey}{display=Path to SSH private key}"
496 "{type=fileselect}{tooltip=The path on the local filesystem of the private ssh key}"
497 "{group=Authentication}\n", inc++);
498 printf("arg {number=%u}{call=--proxycommand}{display=ProxyCommand}"
499 "{type=string}{tooltip=The command to use as proxy for the SSH connection}"
500 "{group=Authentication}\n", inc++);
501 printf("arg {number=%u}{call--sshkey-passphrase}{display=SSH key passphrase}"
502 "{type=password}{tooltip=Passphrase to unlock the SSH private key}"
503 "{group=Authentication\n", inc++);
504 printf("arg {number=%u}{call=--remote-interface}{display=Remote interface}"
505 "{type=string}{required=true}{tooltip=The remote network interface used for capture"
506 "}{group=Capture}\n", inc++);
507 printf("arg {number=%u}{call=--remote-filter}{display=Remote capture filter}"
508 "{type=string}{tooltip=The remote capture filter}", inc++);
509 if (ipfilter)
510 printf("{default=%s}", ipfilter);
511 printf("{group=Capture}\n");
512 printf("arg {number=%u}{call=--remote-count}{display=Packets to capture}"
513 "{type=unsigned}{required=true}{tooltip=The number of remote packets to capture.}"
514 "{group=Capture}\n", inc++);
515
516 extcap_config_debug(&inc);
517
518 g_free(ipfilter);
519
520 return EXIT_SUCCESS;
521 }
522
main(int argc,char * argv[])523 int main(int argc, char *argv[])
524 {
525 char* err_msg;
526 int result;
527 int option_idx = 0;
528 ssh_params_t* ssh_params = ssh_params_new();
529 char* remote_interface = NULL;
530 char* remote_filter = NULL;
531 guint32 count = 0;
532 int ret = EXIT_FAILURE;
533 extcap_parameters * extcap_conf = g_new0(extcap_parameters, 1);
534 char* help_url;
535 char* help_header = NULL;
536
537 /* Initialize log handler early so we can have proper logging during startup. */
538 extcap_log_init("ciscodump");
539
540 /*
541 * Get credential information for later use.
542 */
543 init_process_policies();
544
545 /*
546 * Attempt to get the pathname of the directory containing the
547 * executable file.
548 */
549 err_msg = init_progfile_dir(argv[0]);
550 if (err_msg != NULL) {
551 ws_warning("Can't get pathname of directory containing the extcap program: %s.",
552 err_msg);
553 g_free(err_msg);
554 }
555
556 help_url = data_file_url("ciscodump.html");
557 extcap_base_set_util_info(extcap_conf, argv[0], CISCODUMP_VERSION_MAJOR, CISCODUMP_VERSION_MINOR,
558 CISCODUMP_VERSION_RELEASE, help_url);
559 add_libssh_info(extcap_conf);
560 g_free(help_url);
561 extcap_base_register_interface(extcap_conf, CISCODUMP_EXTCAP_INTERFACE, "Cisco remote capture", 147, "Remote capture dependent DLT");
562
563 help_header = g_strdup_printf(
564 " %s --extcap-interfaces\n"
565 " %s --extcap-interface=%s --extcap-dlts\n"
566 " %s --extcap-interface=%s --extcap-config\n"
567 " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
568 "--remote-username myuser --remote-interface gigabit0/0 "
569 "--fifo=FILENAME --capture\n", argv[0], argv[0], CISCODUMP_EXTCAP_INTERFACE, argv[0],
570 CISCODUMP_EXTCAP_INTERFACE, argv[0], CISCODUMP_EXTCAP_INTERFACE);
571 extcap_help_add_header(extcap_conf, help_header);
572 g_free(help_header);
573
574 extcap_help_add_option(extcap_conf, "--help", "print this help");
575 extcap_help_add_option(extcap_conf, "--version", "print the version");
576 extcap_help_add_option(extcap_conf, "--remote-host <host>", "the remote SSH host");
577 extcap_help_add_option(extcap_conf, "--remote-port <port>", "the remote SSH port (default: 22)");
578 extcap_help_add_option(extcap_conf, "--remote-username <username>", "the remote SSH username (default: the current user)");
579 extcap_help_add_option(extcap_conf, "--remote-password <password>", "the remote SSH password. "
580 "If not specified, ssh-agent and ssh-key are used");
581 extcap_help_add_option(extcap_conf, "--sshkey <public key path>", "the path of the ssh key");
582 extcap_help_add_option(extcap_conf, "--sshkey-passphrase <public key passphrase>", "the passphrase to unlock public ssh");
583 extcap_help_add_option(extcap_conf, "--proxycommand <proxy command>", "the command to use as proxy the the ssh connection");
584 extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface");
585 extcap_help_add_option(extcap_conf, "--remote-filter <filter>", "a filter for remote capture "
586 "(default: don't capture data for lal interfaces IPs)");
587
588 ws_opterr = 0;
589 ws_optind = 0;
590
591 if (argc == 1) {
592 extcap_help_print(extcap_conf);
593 goto end;
594 }
595
596 while ((result = ws_getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) {
597
598 switch (result) {
599
600 case OPT_HELP:
601 extcap_help_print(extcap_conf);
602 ret = EXIT_SUCCESS;
603 goto end;
604
605 case OPT_VERSION:
606 extcap_version_print(extcap_conf);
607 goto end;
608
609 case OPT_REMOTE_HOST:
610 g_free(ssh_params->host);
611 ssh_params->host = g_strdup(ws_optarg);
612 break;
613
614 case OPT_REMOTE_PORT:
615 if (!ws_strtou16(ws_optarg, NULL, &ssh_params->port) || ssh_params->port == 0) {
616 ws_warning("Invalid port: %s", ws_optarg);
617 goto end;
618 }
619 break;
620
621 case OPT_REMOTE_USERNAME:
622 g_free(ssh_params->username);
623 ssh_params->username = g_strdup(ws_optarg);
624 break;
625
626 case OPT_REMOTE_PASSWORD:
627 g_free(ssh_params->password);
628 ssh_params->password = g_strdup(ws_optarg);
629 memset(ws_optarg, 'X', strlen(ws_optarg));
630 break;
631
632 case OPT_SSHKEY:
633 g_free(ssh_params->sshkey_path);
634 ssh_params->sshkey_path = g_strdup(ws_optarg);
635 break;
636
637 case OPT_SSHKEY_PASSPHRASE:
638 g_free(ssh_params->sshkey_passphrase);
639 ssh_params->sshkey_passphrase = g_strdup(ws_optarg);
640 memset(ws_optarg, 'X', strlen(ws_optarg));
641 break;
642
643 case OPT_PROXYCOMMAND:
644 g_free(ssh_params->proxycommand);
645 ssh_params->proxycommand = g_strdup(ws_optarg);
646 break;
647
648 case OPT_REMOTE_INTERFACE:
649 g_free(remote_interface);
650 remote_interface = g_strdup(ws_optarg);
651 break;
652
653 case OPT_REMOTE_FILTER:
654 g_free(remote_filter);
655 remote_filter = g_strdup(ws_optarg);
656 break;
657
658 case OPT_REMOTE_COUNT:
659 if (!ws_strtou32(ws_optarg, NULL, &count)) {
660 ws_warning("Invalid packet count: %s", ws_optarg);
661 goto end;
662 }
663 break;
664
665 case ':':
666 /* missing option argument */
667 ws_warning("Option '%s' requires an argument", argv[ws_optind - 1]);
668 break;
669
670 default:
671 if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, ws_optarg)) {
672 ws_warning("Invalid option: %s", argv[ws_optind - 1]);
673 goto end;
674 }
675 }
676 }
677
678 extcap_cmdline_debug(argv, argc);
679
680 if (ws_optind != argc) {
681 ws_warning("Unexpected extra option: %s", argv[ws_optind]);
682 goto end;
683 }
684
685 if (extcap_base_handle_interface(extcap_conf)) {
686 ret = EXIT_SUCCESS;
687 goto end;
688 }
689
690 if (extcap_conf->show_config) {
691 ret = list_config(extcap_conf->interface, ssh_params->port);
692 goto end;
693 }
694
695 err_msg = ws_init_sockets();
696 if (err_msg != NULL) {
697 ws_warning("ERROR: %s", err_msg);
698 g_free(err_msg);
699 ws_warning("%s", please_report_bug());
700 goto end;
701 }
702
703 if (extcap_conf->capture) {
704 if (!ssh_params->host) {
705 ws_warning("Missing parameter: --remote-host");
706 goto end;
707 }
708
709 if (!remote_interface) {
710 ws_warning("ERROR: No interface specified (--remote-interface)");
711 goto end;
712 }
713 if (count == 0) {
714 ws_warning("ERROR: count of packets must be specified (--remote-count)");
715 goto end;
716 }
717 ssh_params->debug = extcap_conf->debug;
718 ret = ssh_open_remote_connection(ssh_params, remote_interface,
719 remote_filter, count, extcap_conf->fifo);
720 } else {
721 ws_debug("You should not come here... maybe some parameter missing?");
722 ret = EXIT_FAILURE;
723 }
724
725 end:
726 ssh_params_free(ssh_params);
727 g_free(remote_interface);
728 g_free(remote_filter);
729 extcap_base_cleanup(&extcap_conf);
730 return ret;
731 }
732
733 /*
734 * Editor modelines - https://www.wireshark.org/tools/modelines.html
735 *
736 * Local variables:
737 * c-basic-offset: 8
738 * tab-width: 8
739 * indent-tabs-mode: t
740 * End:
741 *
742 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
743 * :indentSize=8:tabSize=8:noTabs=false:
744 */
745