1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Support for splitting captures into multiple files with a maximum 22 * file size: 23 * 24 * Copyright (c) 2001 25 * Seth Webster <swebster@sst.ll.mit.edu> 26 */ 27 28 #ifndef lint 29 static const char copyright[] _U_ = 30 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ 31 The Regents of the University of California. All rights reserved.\n"; 32 static const char rcsid[] _U_ = 33 "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.271.2.11 2008-09-25 21:50:04 guy Exp $ (LBL)"; 34 #endif 35 36 /* 37 * tcpdump - monitor tcp/ip traffic on an ethernet. 38 * 39 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. 40 * Mercilessly hacked and occasionally improved since then via the 41 * combined efforts of Van, Steve McCanne and Craig Leres of LBL. 42 */ 43 44 #ifdef HAVE_CONFIG_H 45 #include "config.h" 46 #endif 47 48 #include <tcpdump-stdinc.h> 49 50 #ifdef WIN32 51 #include "getopt.h" 52 #include "w32_fzs.h" 53 extern int strcasecmp (const char *__s1, const char *__s2); 54 extern int SIZE_BUF; 55 #define off_t long 56 #define uint UINT 57 #endif /* WIN32 */ 58 59 #ifdef HAVE_SMI_H 60 #include <smi.h> 61 #endif 62 63 #include <pcap.h> 64 #include <signal.h> 65 #include <stdio.h> 66 #include <stdlib.h> 67 #include <string.h> 68 #include <limits.h> 69 #ifndef WIN32 70 #include <sys/wait.h> 71 #include <sys/resource.h> 72 #include <pwd.h> 73 #include <grp.h> 74 #include <errno.h> 75 #endif /* WIN32 */ 76 77 78 #include "netdissect.h" 79 #include "interface.h" 80 #include "addrtoname.h" 81 #include "machdep.h" 82 #include "setsignal.h" 83 #include "gmt2local.h" 84 #include "pcap-missing.h" 85 86 #ifndef NAME_MAX 87 #define NAME_MAX 255 88 #endif 89 90 netdissect_options Gndo; 91 netdissect_options *gndo = &Gndo; 92 93 int dflag; /* print filter code */ 94 int Lflag; /* list available data link types and exit */ 95 char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */ 96 97 static int infodelay; 98 static int infoprint; 99 100 char *program_name; 101 102 int32_t thiszone; /* seconds offset from gmt to local time */ 103 104 /* Forwards */ 105 static RETSIGTYPE cleanup(int); 106 static RETSIGTYPE child_cleanup(int); 107 static void usage(void) __attribute__((noreturn)); 108 static void show_dlts_and_exit(pcap_t *pd) __attribute__((noreturn)); 109 110 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 111 static void ndo_default_print(netdissect_options *, const u_char *, u_int); 112 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); 113 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 114 static void droproot(const char *, const char *); 115 static void ndo_error(netdissect_options *ndo, const char *fmt, ...); 116 static void ndo_warning(netdissect_options *ndo, const char *fmt, ...); 117 118 #ifdef SIGINFO 119 RETSIGTYPE requestinfo(int); 120 #endif 121 122 #if defined(USE_WIN32_MM_TIMER) 123 #include <MMsystem.h> 124 static UINT timer_id; 125 static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR); 126 #elif defined(HAVE_ALARM) 127 static void verbose_stats_dump(int sig); 128 #endif 129 130 static void info(int); 131 static u_int packets_captured; 132 133 typedef u_int (*if_printer)(const struct pcap_pkthdr *, const u_char *); 134 135 struct printer { 136 if_printer f; 137 int type; 138 }; 139 140 static struct printer printers[] = { 141 { arcnet_if_print, DLT_ARCNET }, 142 #ifdef DLT_ARCNET_LINUX 143 { arcnet_linux_if_print, DLT_ARCNET_LINUX }, 144 #endif 145 { ether_if_print, DLT_EN10MB }, 146 { token_if_print, DLT_IEEE802 }, 147 #ifdef DLT_LANE8023 148 { lane_if_print, DLT_LANE8023 }, 149 #endif 150 #ifdef DLT_CIP 151 { cip_if_print, DLT_CIP }, 152 #endif 153 #ifdef DLT_ATM_CLIP 154 { cip_if_print, DLT_ATM_CLIP }, 155 #endif 156 { sl_if_print, DLT_SLIP }, 157 #ifdef DLT_SLIP_BSDOS 158 { sl_bsdos_if_print, DLT_SLIP_BSDOS }, 159 #endif 160 { ppp_if_print, DLT_PPP }, 161 #ifdef DLT_PPP_WITHDIRECTION 162 { ppp_if_print, DLT_PPP_WITHDIRECTION }, 163 #endif 164 #ifdef DLT_PPP_BSDOS 165 { ppp_bsdos_if_print, DLT_PPP_BSDOS }, 166 #endif 167 { fddi_if_print, DLT_FDDI }, 168 { null_if_print, DLT_NULL }, 169 #ifdef DLT_LOOP 170 { null_if_print, DLT_LOOP }, 171 #endif 172 { raw_if_print, DLT_RAW }, 173 { atm_if_print, DLT_ATM_RFC1483 }, 174 #ifdef DLT_C_HDLC 175 { chdlc_if_print, DLT_C_HDLC }, 176 #endif 177 #ifdef DLT_HDLC 178 { chdlc_if_print, DLT_HDLC }, 179 #endif 180 #ifdef DLT_PPP_SERIAL 181 { ppp_hdlc_if_print, DLT_PPP_SERIAL }, 182 #endif 183 #ifdef DLT_PPP_ETHER 184 { pppoe_if_print, DLT_PPP_ETHER }, 185 #endif 186 #ifdef DLT_LINUX_SLL 187 { sll_if_print, DLT_LINUX_SLL }, 188 #endif 189 #ifdef DLT_IEEE802_11 190 { ieee802_11_if_print, DLT_IEEE802_11}, 191 #endif 192 #ifdef DLT_LTALK 193 { ltalk_if_print, DLT_LTALK }, 194 #endif 195 #if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H) 196 { pflog_if_print, DLT_PFLOG }, 197 #endif 198 #ifdef DLT_FR 199 { fr_if_print, DLT_FR }, 200 #endif 201 #ifdef DLT_FRELAY 202 { fr_if_print, DLT_FRELAY }, 203 #endif 204 #ifdef DLT_SUNATM 205 { sunatm_if_print, DLT_SUNATM }, 206 #endif 207 #ifdef DLT_IP_OVER_FC 208 { ipfc_if_print, DLT_IP_OVER_FC }, 209 #endif 210 #ifdef DLT_PRISM_HEADER 211 { prism_if_print, DLT_PRISM_HEADER }, 212 #endif 213 #ifdef DLT_IEEE802_11_RADIO 214 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, 215 #endif 216 #ifdef DLT_ENC 217 { enc_if_print, DLT_ENC }, 218 #endif 219 #ifdef DLT_SYMANTEC_FIREWALL 220 { symantec_if_print, DLT_SYMANTEC_FIREWALL }, 221 #endif 222 #ifdef DLT_APPLE_IP_OVER_IEEE1394 223 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, 224 #endif 225 #ifdef DLT_IEEE802_11_RADIO_AVS 226 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, 227 #endif 228 #ifdef DLT_JUNIPER_ATM1 229 { juniper_atm1_print, DLT_JUNIPER_ATM1 }, 230 #endif 231 #ifdef DLT_JUNIPER_ATM2 232 { juniper_atm2_print, DLT_JUNIPER_ATM2 }, 233 #endif 234 #ifdef DLT_JUNIPER_MFR 235 { juniper_mfr_print, DLT_JUNIPER_MFR }, 236 #endif 237 #ifdef DLT_JUNIPER_MLFR 238 { juniper_mlfr_print, DLT_JUNIPER_MLFR }, 239 #endif 240 #ifdef DLT_JUNIPER_MLPPP 241 { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, 242 #endif 243 #ifdef DLT_JUNIPER_PPPOE 244 { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, 245 #endif 246 #ifdef DLT_JUNIPER_PPPOE_ATM 247 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, 248 #endif 249 #ifdef DLT_JUNIPER_GGSN 250 { juniper_ggsn_print, DLT_JUNIPER_GGSN }, 251 #endif 252 #ifdef DLT_JUNIPER_ES 253 { juniper_es_print, DLT_JUNIPER_ES }, 254 #endif 255 #ifdef DLT_JUNIPER_MONITOR 256 { juniper_monitor_print, DLT_JUNIPER_MONITOR }, 257 #endif 258 #ifdef DLT_JUNIPER_SERVICES 259 { juniper_services_print, DLT_JUNIPER_SERVICES }, 260 #endif 261 #ifdef DLT_JUNIPER_ETHER 262 { juniper_ether_print, DLT_JUNIPER_ETHER }, 263 #endif 264 #ifdef DLT_JUNIPER_PPP 265 { juniper_ppp_print, DLT_JUNIPER_PPP }, 266 #endif 267 #ifdef DLT_JUNIPER_FRELAY 268 { juniper_frelay_print, DLT_JUNIPER_FRELAY }, 269 #endif 270 #ifdef DLT_JUNIPER_CHDLC 271 { juniper_chdlc_print, DLT_JUNIPER_CHDLC }, 272 #endif 273 #ifdef DLT_MFR 274 { mfr_if_print, DLT_MFR }, 275 #endif 276 #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H) 277 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, 278 #endif 279 { NULL, 0 }, 280 }; 281 282 static if_printer 283 lookup_printer(int type) 284 { 285 struct printer *p; 286 287 for (p = printers; p->f; ++p) 288 if (type == p->type) 289 return p->f; 290 291 return NULL; 292 /* NOTREACHED */ 293 } 294 295 static pcap_t *pd; 296 297 extern int optind; 298 extern int opterr; 299 extern char *optarg; 300 301 struct print_info { 302 if_printer printer; 303 }; 304 305 struct dump_info { 306 char *WFileName; 307 char *CurrentFileName; 308 pcap_t *pd; 309 pcap_dumper_t *p; 310 }; 311 312 static void 313 show_dlts_and_exit(pcap_t *pd) 314 { 315 int n_dlts; 316 int *dlts = 0; 317 const char *dlt_name; 318 319 n_dlts = pcap_list_datalinks(pd, &dlts); 320 if (n_dlts < 0) 321 error("%s", pcap_geterr(pd)); 322 else if (n_dlts == 0 || !dlts) 323 error("No data link types."); 324 325 (void) fprintf(stderr, "Data link types (use option -y to set):\n"); 326 327 while (--n_dlts >= 0) { 328 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]); 329 if (dlt_name != NULL) { 330 (void) fprintf(stderr, " %s (%s)", dlt_name, 331 pcap_datalink_val_to_description(dlts[n_dlts])); 332 333 /* 334 * OK, does tcpdump handle that type? 335 */ 336 if (lookup_printer(dlts[n_dlts]) == NULL) 337 (void) fprintf(stderr, " (printing not supported)"); 338 putchar('\n'); 339 } else { 340 (void) fprintf(stderr, " DLT %d (printing not supported)\n", 341 dlts[n_dlts]); 342 } 343 } 344 free(dlts); 345 exit(0); 346 } 347 348 /* 349 * Set up flags that might or might not be supported depending on the 350 * version of libpcap we're using. 351 */ 352 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 353 #define B_FLAG "B:" 354 #define B_FLAG_USAGE " [ -B size ]" 355 #else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 356 #define B_FLAG 357 #define B_FLAG_USAGE 358 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 359 360 #ifdef HAVE_PCAP_CREATE 361 #define I_FLAG "I" 362 #else /* HAVE_PCAP_CREATE */ 363 #define I_FLAG 364 #endif /* HAVE_PCAP_CREATE */ 365 366 #ifdef HAVE_PCAP_FINDALLDEVS 367 #ifndef HAVE_PCAP_IF_T 368 #undef HAVE_PCAP_FINDALLDEVS 369 #endif 370 #endif 371 372 #ifdef HAVE_PCAP_FINDALLDEVS 373 #define D_FLAG "D" 374 #else 375 #define D_FLAG 376 #endif 377 378 #ifdef HAVE_PCAP_DUMP_FLUSH 379 #define U_FLAG "U" 380 #else 381 #define U_FLAG 382 #endif 383 384 #ifndef WIN32 385 /* Drop root privileges and chroot if necessary */ 386 static void 387 droproot(const char *username, const char *chroot_dir) 388 { 389 struct passwd *pw = NULL; 390 391 if (chroot_dir && !username) { 392 fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); 393 exit(1); 394 } 395 396 pw = getpwnam(username); 397 if (pw) { 398 if (chroot_dir) { 399 if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { 400 fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", 401 chroot_dir, pcap_strerror(errno)); 402 exit(1); 403 } 404 } 405 if (initgroups(pw->pw_name, pw->pw_gid) != 0 || 406 setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { 407 fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", 408 username, 409 (unsigned long)pw->pw_uid, 410 (unsigned long)pw->pw_gid, 411 pcap_strerror(errno)); 412 exit(1); 413 } 414 } 415 else { 416 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", 417 username); 418 exit(1); 419 } 420 } 421 #endif /* WIN32 */ 422 423 static int 424 getWflagChars(int x) 425 { 426 int c = 0; 427 428 x -= 1; 429 while (x > 0) { 430 c += 1; 431 x /= 10; 432 } 433 434 return c; 435 } 436 437 438 static void 439 MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars) 440 { 441 char *filename = malloc(NAME_MAX + 1); 442 443 /* Process with strftime if Gflag is set. */ 444 if (Gflag != 0) { 445 struct tm *local_tm; 446 447 /* Convert Gflag_time to a usable format */ 448 if ((local_tm = localtime(&Gflag_time)) == NULL) { 449 error("MakeTimedFilename: localtime"); 450 } 451 452 /* There's no good way to detect an error in strftime since a return 453 * value of 0 isn't necessarily failure. 454 */ 455 strftime(filename, NAME_MAX, orig_name, local_tm); 456 } else { 457 strncpy(filename, orig_name, NAME_MAX); 458 } 459 460 if (cnt == 0 && max_chars == 0) 461 strncpy(buffer, filename, NAME_MAX + 1); 462 else 463 if (snprintf(buffer, NAME_MAX + 1, "%s%0*d", filename, max_chars, cnt) > NAME_MAX) 464 /* Report an error if the filename is too large */ 465 error("too many output files or filename is too long (> %d)", NAME_MAX); 466 free(filename); 467 } 468 469 static int tcpdump_printf(netdissect_options *ndo _U_, 470 const char *fmt, ...) 471 { 472 473 va_list args; 474 int ret; 475 476 va_start(args, fmt); 477 ret=vfprintf(stdout, fmt, args); 478 va_end(args); 479 480 return ret; 481 } 482 483 int 484 main(int argc, char **argv) 485 { 486 register int cnt, op, i; 487 bpf_u_int32 localnet, netmask; 488 register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName; 489 pcap_handler callback; 490 int type; 491 struct bpf_program fcode; 492 #ifndef WIN32 493 RETSIGTYPE (*oldhandler)(int); 494 #endif 495 struct print_info printinfo; 496 struct dump_info dumpinfo; 497 u_char *pcap_userdata; 498 char ebuf[PCAP_ERRBUF_SIZE]; 499 char *username = NULL; 500 char *chroot_dir = NULL; 501 #ifdef HAVE_PCAP_FINDALLDEVS 502 pcap_if_t *devpointer; 503 int devnum; 504 #endif 505 int status; 506 #ifdef WIN32 507 if(wsockinit() != 0) return 1; 508 #endif /* WIN32 */ 509 510 gndo->ndo_Oflag=1; 511 gndo->ndo_Rflag=1; 512 gndo->ndo_dlt=-1; 513 gndo->ndo_default_print=ndo_default_print; 514 gndo->ndo_printf=tcpdump_printf; 515 gndo->ndo_error=ndo_error; 516 gndo->ndo_warning=ndo_warning; 517 gndo->ndo_snaplen = DEFAULT_SNAPLEN; 518 519 cnt = -1; 520 device = NULL; 521 infile = NULL; 522 RFileName = NULL; 523 WFileName = NULL; 524 if ((cp = strrchr(argv[0], '/')) != NULL) 525 program_name = cp + 1; 526 else 527 program_name = argv[0]; 528 529 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) 530 error("%s", ebuf); 531 532 #ifdef LIBSMI 533 smiInit("tcpdump"); 534 #endif 535 536 opterr = 0; 537 while ( 538 (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1) 539 switch (op) { 540 541 case 'a': 542 /* compatibility for old -a */ 543 break; 544 545 case 'A': 546 ++Aflag; 547 break; 548 549 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 550 case 'B': 551 Bflag = atoi(optarg)*1024; 552 if (Bflag <= 0) 553 error("invalid packet buffer size %s", optarg); 554 break; 555 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 556 557 case 'c': 558 cnt = atoi(optarg); 559 if (cnt <= 0) 560 error("invalid packet count %s", optarg); 561 break; 562 563 case 'C': 564 Cflag = atoi(optarg) * 1000000; 565 if (Cflag < 0) 566 error("invalid file size %s", optarg); 567 break; 568 569 case 'd': 570 ++dflag; 571 break; 572 573 #ifdef HAVE_PCAP_FINDALLDEVS 574 case 'D': 575 if (pcap_findalldevs(&devpointer, ebuf) < 0) 576 error("%s", ebuf); 577 else { 578 for (i = 0; devpointer != 0; i++) { 579 printf("%d.%s", i+1, devpointer->name); 580 if (devpointer->description != NULL) 581 printf(" (%s)", devpointer->description); 582 printf("\n"); 583 devpointer = devpointer->next; 584 } 585 } 586 return 0; 587 #endif /* HAVE_PCAP_FINDALLDEVS */ 588 589 case 'L': 590 Lflag++; 591 break; 592 593 case 'e': 594 ++eflag; 595 break; 596 597 case 'E': 598 #ifndef HAVE_LIBCRYPTO 599 warning("crypto code not compiled in"); 600 #endif 601 gndo->ndo_espsecret = optarg; 602 break; 603 604 case 'f': 605 ++fflag; 606 break; 607 608 case 'F': 609 infile = optarg; 610 break; 611 612 case 'G': 613 Gflag = atoi(optarg); 614 if (Gflag < 0) 615 error("invalid number of seconds %s", optarg); 616 617 /* We will create one file initially. */ 618 Gflag_count = 0; 619 620 /* Grab the current time for rotation use. */ 621 if ((Gflag_time = time(NULL)) == (time_t)-1) { 622 error("main: can't get current time: %s", 623 pcap_strerror(errno)); 624 } 625 break; 626 627 case 'i': 628 if (optarg[0] == '0' && optarg[1] == 0) 629 error("Invalid adapter index"); 630 631 #ifdef HAVE_PCAP_FINDALLDEVS 632 /* 633 * If the argument is a number, treat it as 634 * an index into the list of adapters, as 635 * printed by "tcpdump -D". 636 * 637 * This should be OK on UNIX systems, as interfaces 638 * shouldn't have names that begin with digits. 639 * It can be useful on Windows, where more than 640 * one interface can have the same name. 641 */ 642 if ((devnum = atoi(optarg)) != 0) { 643 if (devnum < 0) 644 error("Invalid adapter index"); 645 646 if (pcap_findalldevs(&devpointer, ebuf) < 0) 647 error("%s", ebuf); 648 else { 649 for (i = 0; i < devnum-1; i++){ 650 devpointer = devpointer->next; 651 if (devpointer == NULL) 652 error("Invalid adapter index"); 653 } 654 } 655 device = devpointer->name; 656 break; 657 } 658 #endif /* HAVE_PCAP_FINDALLDEVS */ 659 device = optarg; 660 break; 661 662 #ifdef HAVE_PCAP_CREATE 663 case 'I': 664 ++Iflag; 665 break; 666 #endif /* HAVE_PCAP_CREATE */ 667 668 case 'l': 669 #ifdef WIN32 670 /* 671 * _IOLBF is the same as _IOFBF in Microsoft's C 672 * libraries; the only alternative they offer 673 * is _IONBF. 674 * 675 * XXX - this should really be checking for MSVC++, 676 * not WIN32, if, for example, MinGW has its own 677 * C library that is more UNIX-compatible. 678 */ 679 setvbuf(stdout, NULL, _IONBF, 0); 680 #else /* WIN32 */ 681 #ifdef HAVE_SETLINEBUF 682 setlinebuf(stdout); 683 #else 684 setvbuf(stdout, NULL, _IOLBF, 0); 685 #endif 686 #endif /* WIN32 */ 687 break; 688 689 case 'K': 690 ++Kflag; 691 break; 692 693 case 'm': 694 #ifdef LIBSMI 695 if (smiLoadModule(optarg) == 0) { 696 error("could not load MIB module %s", optarg); 697 } 698 sflag = 1; 699 #else 700 (void)fprintf(stderr, "%s: ignoring option `-m %s' ", 701 program_name, optarg); 702 (void)fprintf(stderr, "(no libsmi support)\n"); 703 #endif 704 break; 705 706 case 'M': 707 /* TCP-MD5 shared secret */ 708 #ifndef HAVE_LIBCRYPTO 709 warning("crypto code not compiled in"); 710 #endif 711 tcpmd5secret = optarg; 712 break; 713 714 case 'n': 715 ++nflag; 716 break; 717 718 case 'N': 719 ++Nflag; 720 break; 721 722 case 'O': 723 Oflag = 0; 724 break; 725 726 case 'p': 727 ++pflag; 728 break; 729 730 case 'q': 731 ++qflag; 732 ++suppress_default_print; 733 break; 734 735 case 'r': 736 RFileName = optarg; 737 break; 738 739 case 'R': 740 Rflag = 0; 741 break; 742 743 case 's': { 744 char *end; 745 746 snaplen = strtol(optarg, &end, 0); 747 if (optarg == end || *end != '\0' 748 || snaplen < 0 || snaplen > 65535) 749 error("invalid snaplen %s", optarg); 750 else if (snaplen == 0) 751 snaplen = 65535; 752 break; 753 } 754 755 case 'S': 756 ++Sflag; 757 break; 758 759 case 't': 760 ++tflag; 761 break; 762 763 case 'T': 764 if (strcasecmp(optarg, "vat") == 0) 765 packettype = PT_VAT; 766 else if (strcasecmp(optarg, "wb") == 0) 767 packettype = PT_WB; 768 else if (strcasecmp(optarg, "rpc") == 0) 769 packettype = PT_RPC; 770 else if (strcasecmp(optarg, "rtp") == 0) 771 packettype = PT_RTP; 772 else if (strcasecmp(optarg, "rtcp") == 0) 773 packettype = PT_RTCP; 774 else if (strcasecmp(optarg, "snmp") == 0) 775 packettype = PT_SNMP; 776 else if (strcasecmp(optarg, "cnfp") == 0) 777 packettype = PT_CNFP; 778 else if (strcasecmp(optarg, "tftp") == 0) 779 packettype = PT_TFTP; 780 else if (strcasecmp(optarg, "aodv") == 0) 781 packettype = PT_AODV; 782 else 783 error("unknown packet type `%s'", optarg); 784 break; 785 786 case 'u': 787 ++uflag; 788 break; 789 790 #ifdef HAVE_PCAP_DUMP_FLUSH 791 case 'U': 792 ++Uflag; 793 break; 794 #endif 795 796 case 'v': 797 ++vflag; 798 break; 799 800 case 'w': 801 WFileName = optarg; 802 break; 803 804 case 'W': 805 Wflag = atoi(optarg); 806 if (Wflag < 0) 807 error("invalid number of output files %s", optarg); 808 WflagChars = getWflagChars(Wflag); 809 break; 810 811 case 'x': 812 ++xflag; 813 ++suppress_default_print; 814 break; 815 816 case 'X': 817 ++Xflag; 818 ++suppress_default_print; 819 break; 820 821 case 'y': 822 gndo->ndo_dltname = optarg; 823 gndo->ndo_dlt = 824 pcap_datalink_name_to_val(gndo->ndo_dltname); 825 if (gndo->ndo_dlt < 0) 826 error("invalid data link type %s", gndo->ndo_dltname); 827 break; 828 829 #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) 830 case 'Y': 831 { 832 /* Undocumented flag */ 833 #ifdef HAVE_PCAP_DEBUG 834 extern int pcap_debug; 835 pcap_debug = 1; 836 #else 837 extern int yydebug; 838 yydebug = 1; 839 #endif 840 } 841 break; 842 #endif 843 case 'z': 844 if (optarg) { 845 zflag = strdup(optarg); 846 } else { 847 usage(); 848 /* NOTREACHED */ 849 } 850 break; 851 852 case 'Z': 853 if (optarg) { 854 username = strdup(optarg); 855 } 856 else { 857 usage(); 858 /* NOTREACHED */ 859 } 860 break; 861 862 default: 863 usage(); 864 /* NOTREACHED */ 865 } 866 867 switch (tflag) { 868 869 case 0: /* Default */ 870 case 4: /* Default + Date*/ 871 thiszone = gmt2local(0); 872 break; 873 874 case 1: /* No time stamp */ 875 case 2: /* Unix timeval style */ 876 case 3: /* Microseconds since previous packet */ 877 case 5: /* Microseconds since first packet */ 878 break; 879 880 default: /* Not supported */ 881 error("only -t, -tt, -ttt, -tttt and -ttttt are supported"); 882 break; 883 } 884 885 #ifdef WITH_CHROOT 886 /* if run as root, prepare for chrooting */ 887 if (getuid() == 0 || geteuid() == 0) { 888 /* future extensibility for cmd-line arguments */ 889 if (!chroot_dir) 890 chroot_dir = WITH_CHROOT; 891 } 892 #endif 893 894 #ifdef WITH_USER 895 /* if run as root, prepare for dropping root privileges */ 896 if (getuid() == 0 || geteuid() == 0) { 897 /* Run with '-Z root' to restore old behaviour */ 898 if (!username) 899 username = WITH_USER; 900 } 901 #endif 902 903 if (RFileName != NULL) { 904 int dlt; 905 const char *dlt_name; 906 907 #ifndef WIN32 908 /* 909 * We don't need network access, so relinquish any set-UID 910 * or set-GID privileges we have (if any). 911 * 912 * We do *not* want set-UID privileges when opening a 913 * trace file, as that might let the user read other 914 * people's trace files (especially if we're set-UID 915 * root). 916 */ 917 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 ) 918 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 919 #endif /* WIN32 */ 920 pd = pcap_open_offline(RFileName, ebuf); 921 if (pd == NULL) 922 error("%s", ebuf); 923 dlt = pcap_datalink(pd); 924 dlt_name = pcap_datalink_val_to_name(dlt); 925 if (dlt_name == NULL) { 926 fprintf(stderr, "reading from file %s, link-type %u\n", 927 RFileName, dlt); 928 } else { 929 fprintf(stderr, 930 "reading from file %s, link-type %s (%s)\n", 931 RFileName, dlt_name, 932 pcap_datalink_val_to_description(dlt)); 933 } 934 localnet = 0; 935 netmask = 0; 936 if (fflag != 0) 937 error("-f and -r options are incompatible"); 938 } else { 939 if (device == NULL) { 940 device = pcap_lookupdev(ebuf); 941 if (device == NULL) 942 error("%s", ebuf); 943 } 944 #ifdef WIN32 945 if(strlen(device) == 1) //we assume that an ASCII string is always longer than 1 char 946 { //a Unicode string has a \0 as second byte (so strlen() is 1) 947 fprintf(stderr, "%s: listening on %ws\n", program_name, device); 948 } 949 else 950 { 951 fprintf(stderr, "%s: listening on %s\n", program_name, device); 952 } 953 954 fflush(stderr); 955 #endif /* WIN32 */ 956 #ifdef HAVE_PCAP_CREATE 957 pd = pcap_create(device, ebuf); 958 if (pd == NULL) 959 error("%s", ebuf); 960 status = pcap_set_snaplen(pd, snaplen); 961 if (status != 0) 962 error("%s: pcap_set_snaplen failed: %s", 963 device, pcap_statustostr(status)); 964 status = pcap_set_promisc(pd, !pflag); 965 if (status != 0) 966 error("%s: pcap_set_promisc failed: %s", 967 device, pcap_statustostr(status)); 968 if (Iflag) { 969 status = pcap_set_rfmon(pd, 1); 970 if (status != 0) 971 error("%s: pcap_set_rfmon failed: %s", 972 device, pcap_statustostr(status)); 973 } 974 status = pcap_set_timeout(pd, 1000); 975 if (status != 0) 976 error("%s: pcap_set_timeout failed: %s", 977 device, pcap_statustostr(status)); 978 if (Bflag != 0) { 979 status = pcap_set_buffer_size(pd, Bflag); 980 if (status != 0) 981 error("%s: pcap_set_buffer_size failed: %s", 982 device, pcap_statustostr(status)); 983 } 984 status = pcap_activate(pd); 985 if (status < 0) { 986 /* 987 * pcap_activate() failed. 988 */ 989 cp = pcap_geterr(pd); 990 if (status == PCAP_ERROR) 991 error("%s", cp); 992 else if ((status == PCAP_ERROR_NO_SUCH_DEVICE || 993 status == PCAP_ERROR_PERM_DENIED) && 994 *cp != '\0') 995 error("%s: %s\n(%s)", device, 996 pcap_statustostr(status), cp); 997 else 998 error("%s: %s", device, 999 pcap_statustostr(status)); 1000 } else if (status > 0) { 1001 /* 1002 * pcap_activate() succeeded, but it's warning us 1003 * of a problem it had. 1004 */ 1005 cp = pcap_geterr(pd); 1006 if (status == PCAP_WARNING) 1007 warning("%s", cp); 1008 else if (status == PCAP_WARNING_PROMISC_NOTSUP && 1009 *cp != '\0') 1010 warning("%s: %s\n(%s)", device, 1011 pcap_statustostr(status), cp); 1012 else 1013 warning("%s: %s", device, 1014 pcap_statustostr(status)); 1015 } 1016 #else 1017 *ebuf = '\0'; 1018 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); 1019 if (pd == NULL) 1020 error("%s", ebuf); 1021 else if (*ebuf) 1022 warning("%s", ebuf); 1023 #endif /* HAVE_PCAP_CREATE */ 1024 /* 1025 * Let user own process after socket has been opened. 1026 */ 1027 #ifndef WIN32 1028 if (setgid(getgid()) != 0 || setuid(getuid()) != 0) 1029 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1030 #endif /* WIN32 */ 1031 #if !defined(HAVE_PCAP_CREATE) && defined(WIN32) 1032 if(Bflag != 0) 1033 if(pcap_setbuff(pd, Bflag)==-1){ 1034 error("%s", pcap_geterr(pd)); 1035 } 1036 #endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */ 1037 if (Lflag) 1038 show_dlts_and_exit(pd); 1039 if (gndo->ndo_dlt >= 0) { 1040 #ifdef HAVE_PCAP_SET_DATALINK 1041 if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0) 1042 error("%s", pcap_geterr(pd)); 1043 #else 1044 /* 1045 * We don't actually support changing the 1046 * data link type, so we only let them 1047 * set it to what it already is. 1048 */ 1049 if (gndo->ndo_dlt != pcap_datalink(pd)) { 1050 error("%s is not one of the DLTs supported by this device\n", 1051 gndo->ndo_dltname); 1052 } 1053 #endif 1054 (void)fprintf(stderr, "%s: data link type %s\n", 1055 program_name, gndo->ndo_dltname); 1056 (void)fflush(stderr); 1057 } 1058 i = pcap_snapshot(pd); 1059 if (snaplen < i) { 1060 warning("snaplen raised from %d to %d", snaplen, i); 1061 snaplen = i; 1062 } 1063 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { 1064 localnet = 0; 1065 netmask = 0; 1066 warning("%s", ebuf); 1067 } 1068 } 1069 if (infile) 1070 cmdbuf = read_infile(infile); 1071 else 1072 cmdbuf = copy_argv(&argv[optind]); 1073 1074 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1075 error("%s", pcap_geterr(pd)); 1076 if (dflag) { 1077 bpf_dump(&fcode, dflag); 1078 pcap_close(pd); 1079 exit(0); 1080 } 1081 init_addrtoname(localnet, netmask); 1082 init_checksum(); 1083 1084 #ifndef WIN32 1085 (void)setsignal(SIGPIPE, cleanup); 1086 (void)setsignal(SIGTERM, cleanup); 1087 (void)setsignal(SIGINT, cleanup); 1088 (void)setsignal(SIGCHLD, child_cleanup); 1089 #endif /* WIN32 */ 1090 /* Cooperate with nohup(1) */ 1091 #ifndef WIN32 1092 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) 1093 (void)setsignal(SIGHUP, oldhandler); 1094 #endif /* WIN32 */ 1095 1096 if (pcap_setfilter(pd, &fcode) < 0) 1097 error("%s", pcap_geterr(pd)); 1098 if (WFileName) { 1099 pcap_dumper_t *p; 1100 /* Do not exceed the default NAME_MAX for files. */ 1101 dumpinfo.CurrentFileName = (char *)malloc(NAME_MAX + 1); 1102 1103 if (dumpinfo.CurrentFileName == NULL) 1104 error("malloc of dumpinfo.CurrentFileName"); 1105 1106 /* We do not need numbering for dumpfiles if Cflag isn't set. */ 1107 if (Cflag != 0) 1108 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars); 1109 else 1110 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); 1111 1112 p = pcap_dump_open(pd, dumpinfo.CurrentFileName); 1113 if (p == NULL) 1114 error("%s", pcap_geterr(pd)); 1115 if (Cflag != 0 || Gflag != 0) { 1116 callback = dump_packet_and_trunc; 1117 dumpinfo.WFileName = WFileName; 1118 dumpinfo.pd = pd; 1119 dumpinfo.p = p; 1120 pcap_userdata = (u_char *)&dumpinfo; 1121 } else { 1122 callback = dump_packet; 1123 pcap_userdata = (u_char *)p; 1124 } 1125 } else { 1126 type = pcap_datalink(pd); 1127 printinfo.printer = lookup_printer(type); 1128 if (printinfo.printer == NULL) { 1129 gndo->ndo_dltname = pcap_datalink_val_to_name(type); 1130 if (gndo->ndo_dltname != NULL) 1131 error("unsupported data link type %s", 1132 gndo->ndo_dltname); 1133 else 1134 error("unsupported data link type %d", type); 1135 } 1136 callback = print_packet; 1137 pcap_userdata = (u_char *)&printinfo; 1138 } 1139 #ifndef WIN32 1140 /* 1141 * We cannot do this earlier, because we want to be able to open 1142 * the file (if done) for writing before giving up permissions. 1143 */ 1144 if (getuid() == 0 || geteuid() == 0) { 1145 if (username || chroot_dir) 1146 droproot(username, chroot_dir); 1147 } 1148 #endif /* WIN32 */ 1149 #ifdef SIGINFO 1150 /* 1151 * We can't get statistics when reading from a file rather 1152 * than capturing from a device. 1153 */ 1154 if (RFileName == NULL) 1155 (void)setsignal(SIGINFO, requestinfo); 1156 #endif 1157 1158 if (vflag > 0 && WFileName) { 1159 /* 1160 * When capturing to a file, "-v" means tcpdump should, 1161 * every 10 secodns, "v"erbosely report the number of 1162 * packets captured. 1163 */ 1164 #ifdef USE_WIN32_MM_TIMER 1165 /* call verbose_stats_dump() each 1000 +/-100msec */ 1166 timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC); 1167 setvbuf(stderr, NULL, _IONBF, 0); 1168 #elif defined(HAVE_ALARM) 1169 (void)setsignal(SIGALRM, verbose_stats_dump); 1170 alarm(1); 1171 #endif 1172 } 1173 1174 #ifndef WIN32 1175 if (RFileName == NULL) { 1176 int dlt; 1177 const char *dlt_name; 1178 1179 if (!vflag && !WFileName) { 1180 (void)fprintf(stderr, 1181 "%s: verbose output suppressed, use -v or -vv for full protocol decode\n", 1182 program_name); 1183 } else 1184 (void)fprintf(stderr, "%s: ", program_name); 1185 dlt = pcap_datalink(pd); 1186 dlt_name = pcap_datalink_val_to_name(dlt); 1187 if (dlt_name == NULL) { 1188 (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n", 1189 device, dlt, snaplen); 1190 } else { 1191 (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n", 1192 device, dlt_name, 1193 pcap_datalink_val_to_description(dlt), snaplen); 1194 } 1195 (void)fflush(stderr); 1196 } 1197 #endif /* WIN32 */ 1198 status = pcap_loop(pd, cnt, callback, pcap_userdata); 1199 if (WFileName == NULL) { 1200 /* 1201 * We're printing packets. Flush the printed output, 1202 * so it doesn't get intermingled with error output. 1203 */ 1204 if (status == -2) { 1205 /* 1206 * We got interrupted, so perhaps we didn't 1207 * manage to finish a line we were printing. 1208 * Print an extra newline, just in case. 1209 */ 1210 putchar('\n'); 1211 } 1212 (void)fflush(stdout); 1213 } 1214 if (status == -1) { 1215 /* 1216 * Error. Report it. 1217 */ 1218 (void)fprintf(stderr, "%s: pcap_loop: %s\n", 1219 program_name, pcap_geterr(pd)); 1220 } 1221 if (RFileName == NULL) { 1222 /* 1223 * We're doing a live capture. Report the capture 1224 * statistics. 1225 */ 1226 info(1); 1227 } 1228 pcap_close(pd); 1229 exit(status == -1 ? 1 : 0); 1230 } 1231 1232 /* make a clean exit on interrupts */ 1233 static RETSIGTYPE 1234 cleanup(int signo _U_) 1235 { 1236 #ifdef USE_WIN32_MM_TIMER 1237 if (timer_id) 1238 timeKillEvent(timer_id); 1239 timer_id = 0; 1240 #elif defined(HAVE_ALARM) 1241 alarm(0); 1242 #endif 1243 1244 #ifdef HAVE_PCAP_BREAKLOOP 1245 /* 1246 * We have "pcap_breakloop()"; use it, so that we do as little 1247 * as possible in the signal handler (it's probably not safe 1248 * to do anything with standard I/O streams in a signal handler - 1249 * the ANSI C standard doesn't say it is). 1250 */ 1251 pcap_breakloop(pd); 1252 #else 1253 /* 1254 * We don't have "pcap_breakloop()"; this isn't safe, but 1255 * it's the best we can do. Print the summary if we're 1256 * not reading from a savefile - i.e., if we're doing a 1257 * live capture - and exit. 1258 */ 1259 if (pd != NULL && pcap_file(pd) == NULL) { 1260 /* 1261 * We got interrupted, so perhaps we didn't 1262 * manage to finish a line we were printing. 1263 * Print an extra newline, just in case. 1264 */ 1265 putchar('\n'); 1266 (void)fflush(stdout); 1267 info(1); 1268 } 1269 exit(0); 1270 #endif 1271 } 1272 1273 /* 1274 On windows, we do not use a fork, so we do not care less about 1275 waiting a child processes to die 1276 */ 1277 #ifndef WIN32 1278 static RETSIGTYPE 1279 child_cleanup(int signo _U_) 1280 { 1281 wait(NULL); 1282 } 1283 #endif /* WIN32 */ 1284 1285 static void 1286 info(register int verbose) 1287 { 1288 struct pcap_stat stat; 1289 1290 if (pcap_stats(pd, &stat) < 0) { 1291 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); 1292 infoprint = 0; 1293 return; 1294 } 1295 1296 if (!verbose) 1297 fprintf(stderr, "%s: ", program_name); 1298 1299 (void)fprintf(stderr, "%u packets captured", packets_captured); 1300 if (!verbose) 1301 fputs(", ", stderr); 1302 else 1303 putc('\n', stderr); 1304 (void)fprintf(stderr, "%d packets received by filter", stat.ps_recv); 1305 if (!verbose) 1306 fputs(", ", stderr); 1307 else 1308 putc('\n', stderr); 1309 (void)fprintf(stderr, "%d packets dropped by kernel\n", stat.ps_drop); 1310 infoprint = 0; 1311 } 1312 1313 #ifndef WIN32 1314 static void 1315 compress_savefile(const char *filename) 1316 { 1317 if (fork()) 1318 return; 1319 /* 1320 * Set to lowest priority so that this doesn't disturb the capture 1321 */ 1322 #ifdef NZERO 1323 setpriority(PRIO_PROCESS, 0, NZERO - 1); 1324 #else 1325 setpriority(PRIO_PROCESS, 0, 19); 1326 #endif 1327 if (execlp(zflag, zflag, filename, NULL) == -1) 1328 fprintf(stderr, 1329 "compress_savefile:execlp(%s, %s): %s\n", 1330 zflag, 1331 filename, 1332 strerror(errno)); 1333 } 1334 #else /* WIN32 */ 1335 static void 1336 compress_savefile(const char *filename) 1337 { 1338 fprintf(stderr, 1339 "compress_savefile failed. Functionality not implemented under windows\n"); 1340 } 1341 #endif /* WIN32 */ 1342 1343 static void 1344 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1345 { 1346 struct dump_info *dump_info; 1347 1348 ++packets_captured; 1349 1350 ++infodelay; 1351 1352 dump_info = (struct dump_info *)user; 1353 1354 /* 1355 * XXX - this won't force the file to rotate on the specified time 1356 * boundary, but it will rotate on the first packet received after the 1357 * specified Gflag number of seconds. Note: if a Gflag time boundary 1358 * and a Cflag size boundary coincide, the time rotation will occur 1359 * first thereby cancelling the Cflag boundary (since the file should 1360 * be 0). 1361 */ 1362 if (Gflag != 0) { 1363 /* Check if it is time to rotate */ 1364 time_t t; 1365 1366 /* Get the current time */ 1367 if ((t = time(NULL)) == (time_t)-1) { 1368 error("dump_and_trunc_packet: can't get current_time: %s", 1369 pcap_strerror(errno)); 1370 } 1371 1372 1373 /* If the time is greater than the specified window, rotate */ 1374 if (t - Gflag_time >= Gflag) { 1375 /* Update the Gflag_time */ 1376 Gflag_time = t; 1377 /* Update Gflag_count */ 1378 Gflag_count++; 1379 /* 1380 * Close the current file and open a new one. 1381 */ 1382 pcap_dump_close(dump_info->p); 1383 1384 /* 1385 * Compress the file we just closed, if the user asked for it 1386 */ 1387 if (zflag != NULL) 1388 compress_savefile(dump_info->CurrentFileName); 1389 1390 /* 1391 * Check to see if we've exceeded the Wflag (when 1392 * not using Cflag). 1393 */ 1394 if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) { 1395 (void)fprintf(stderr, "Maximum file limit reached: %d\n", 1396 Wflag); 1397 exit(0); 1398 /* NOTREACHED */ 1399 } 1400 if (dump_info->CurrentFileName != NULL) 1401 free(dump_info->CurrentFileName); 1402 /* Allocate space for max filename + \0. */ 1403 dump_info->CurrentFileName = (char *)malloc(NAME_MAX + 1); 1404 if (dump_info->CurrentFileName == NULL) 1405 error("dump_packet_and_trunc: malloc"); 1406 /* 1407 * This is always the first file in the Cflag 1408 * rotation: e.g. 0 1409 * We also don't need numbering if Cflag is not set. 1410 */ 1411 if (Cflag != 0) 1412 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 1413 WflagChars); 1414 else 1415 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0); 1416 1417 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1418 if (dump_info->p == NULL) 1419 error("%s", pcap_geterr(pd)); 1420 } 1421 } 1422 1423 /* 1424 * XXX - this won't prevent capture files from getting 1425 * larger than Cflag - the last packet written to the 1426 * file could put it over Cflag. 1427 */ 1428 if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) { 1429 /* 1430 * Close the current file and open a new one. 1431 */ 1432 pcap_dump_close(dump_info->p); 1433 1434 /* 1435 * Compress the file we just closed, if the user asked for it 1436 */ 1437 if (zflag != NULL) 1438 compress_savefile(dump_info->CurrentFileName); 1439 1440 Cflag_count++; 1441 if (Wflag > 0) { 1442 if (Cflag_count >= Wflag) 1443 Cflag_count = 0; 1444 } 1445 if (dump_info->CurrentFileName != NULL) 1446 free(dump_info->CurrentFileName); 1447 dump_info->CurrentFileName = (char *)malloc(NAME_MAX + 1); 1448 if (dump_info->CurrentFileName == NULL) 1449 error("dump_packet_and_trunc: malloc"); 1450 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars); 1451 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1452 if (dump_info->p == NULL) 1453 error("%s", pcap_geterr(pd)); 1454 } 1455 1456 pcap_dump((u_char *)dump_info->p, h, sp); 1457 #ifdef HAVE_PCAP_DUMP_FLUSH 1458 if (Uflag) 1459 pcap_dump_flush(dump_info->p); 1460 #endif 1461 1462 --infodelay; 1463 if (infoprint) 1464 info(0); 1465 } 1466 1467 static void 1468 dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1469 { 1470 ++packets_captured; 1471 1472 ++infodelay; 1473 1474 pcap_dump(user, h, sp); 1475 #ifdef HAVE_PCAP_DUMP_FLUSH 1476 if (Uflag) 1477 pcap_dump_flush((pcap_dumper_t *)user); 1478 #endif 1479 1480 --infodelay; 1481 if (infoprint) 1482 info(0); 1483 } 1484 1485 static void 1486 print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1487 { 1488 struct print_info *print_info; 1489 u_int hdrlen; 1490 1491 ++packets_captured; 1492 1493 ++infodelay; 1494 ts_print(&h->ts); 1495 1496 print_info = (struct print_info *)user; 1497 1498 /* 1499 * Some printers want to check that they're not walking off the 1500 * end of the packet. 1501 * Rather than pass it all the way down, we set this global. 1502 */ 1503 snapend = sp + h->caplen; 1504 1505 hdrlen = (*print_info->printer)(h, sp); 1506 if (Xflag) { 1507 /* 1508 * Print the raw packet data in hex and ASCII. 1509 */ 1510 if (Xflag > 1) { 1511 /* 1512 * Include the link-layer header. 1513 */ 1514 hex_and_ascii_print("\n\t", sp, h->caplen); 1515 } else { 1516 /* 1517 * Don't include the link-layer header - and if 1518 * we have nothing past the link-layer header, 1519 * print nothing. 1520 */ 1521 if (h->caplen > hdrlen) 1522 hex_and_ascii_print("\n\t", sp + hdrlen, 1523 h->caplen - hdrlen); 1524 } 1525 } else if (xflag) { 1526 /* 1527 * Print the raw packet data in hex. 1528 */ 1529 if (xflag > 1) { 1530 /* 1531 * Include the link-layer header. 1532 */ 1533 hex_print("\n\t", sp, h->caplen); 1534 } else { 1535 /* 1536 * Don't include the link-layer header - and if 1537 * we have nothing past the link-layer header, 1538 * print nothing. 1539 */ 1540 if (h->caplen > hdrlen) 1541 hex_print("\n\t", sp + hdrlen, 1542 h->caplen - hdrlen); 1543 } 1544 } else if (Aflag) { 1545 /* 1546 * Print the raw packet data in ASCII. 1547 */ 1548 if (Aflag > 1) { 1549 /* 1550 * Include the link-layer header. 1551 */ 1552 ascii_print(sp, h->caplen); 1553 } else { 1554 /* 1555 * Don't include the link-layer header - and if 1556 * we have nothing past the link-layer header, 1557 * print nothing. 1558 */ 1559 if (h->caplen > hdrlen) 1560 ascii_print(sp + hdrlen, h->caplen - hdrlen); 1561 } 1562 } 1563 1564 putchar('\n'); 1565 1566 --infodelay; 1567 if (infoprint) 1568 info(0); 1569 } 1570 1571 #ifdef WIN32 1572 /* 1573 * XXX - there should really be libpcap calls to get the version 1574 * number as a string (the string would be generated from #defines 1575 * at run time, so that it's not generated from string constants 1576 * in the library, as, on many UNIX systems, those constants would 1577 * be statically linked into the application executable image, and 1578 * would thus reflect the version of libpcap on the system on 1579 * which the application was *linked*, not the system on which it's 1580 * *running*. 1581 * 1582 * That routine should be documented, unlike the "version[]" 1583 * string, so that UNIX vendors providing their own libpcaps 1584 * don't omit it (as a couple of vendors have...). 1585 * 1586 * Packet.dll should perhaps also export a routine to return the 1587 * version number of the Packet.dll code, to supply the 1588 * "Wpcap_version" information on Windows. 1589 */ 1590 char WDversion[]="current-cvs.tcpdump.org"; 1591 #if !defined(HAVE_GENERATED_VERSION) 1592 char version[]="current-cvs.tcpdump.org"; 1593 #endif 1594 char pcap_version[]="current-cvs.tcpdump.org"; 1595 char Wpcap_version[]="3.1"; 1596 #endif 1597 1598 /* 1599 * By default, print the specified data out in hex and ASCII. 1600 */ 1601 static void 1602 ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length) 1603 { 1604 hex_and_ascii_print("\n\t", bp, length); /* pass on lf and identation string */ 1605 } 1606 1607 void 1608 default_print(const u_char *bp, u_int length) 1609 { 1610 ndo_default_print(gndo, bp, length); 1611 } 1612 1613 #ifdef SIGINFO 1614 RETSIGTYPE requestinfo(int signo _U_) 1615 { 1616 if (infodelay) 1617 ++infoprint; 1618 else 1619 info(0); 1620 } 1621 #endif 1622 1623 /* 1624 * Called once each second in verbose mode while dumping to file 1625 */ 1626 #ifdef USE_WIN32_MM_TIMER 1627 void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_, 1628 DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_) 1629 { 1630 struct pcap_stat stat; 1631 1632 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 1633 fprintf(stderr, "Got %u\r", packets_captured); 1634 } 1635 #elif defined(HAVE_ALARM) 1636 static void verbose_stats_dump(int sig _U_) 1637 { 1638 struct pcap_stat stat; 1639 1640 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 1641 fprintf(stderr, "Got %u\r", packets_captured); 1642 alarm(1); 1643 } 1644 #endif 1645 1646 static void 1647 usage(void) 1648 { 1649 extern char version[]; 1650 #ifndef HAVE_PCAP_LIB_VERSION 1651 #if defined(WIN32) || defined(HAVE_PCAP_VERSION) 1652 extern char pcap_version[]; 1653 #else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 1654 static char pcap_version[] = "unknown"; 1655 #endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 1656 #endif /* HAVE_PCAP_LIB_VERSION */ 1657 1658 #ifdef HAVE_PCAP_LIB_VERSION 1659 #ifdef WIN32 1660 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 1661 #else /* WIN32 */ 1662 (void)fprintf(stderr, "%s version %s\n", program_name, version); 1663 #endif /* WIN32 */ 1664 (void)fprintf(stderr, "%s\n",pcap_lib_version()); 1665 #else /* HAVE_PCAP_LIB_VERSION */ 1666 #ifdef WIN32 1667 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 1668 (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version); 1669 #else /* WIN32 */ 1670 (void)fprintf(stderr, "%s version %s\n", program_name, version); 1671 (void)fprintf(stderr, "libpcap version %s\n", pcap_version); 1672 #endif /* WIN32 */ 1673 #endif /* HAVE_PCAP_LIB_VERSION */ 1674 (void)fprintf(stderr, 1675 "Usage: %s [-aAd" D_FLAG "ef" I_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name); 1676 (void)fprintf(stderr, 1677 "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n"); 1678 (void)fprintf(stderr, 1679 "\t\t[ -i interface ] [ -M secret ] [ -r file ]\n"); 1680 (void)fprintf(stderr, 1681 "\t\t[ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]\n"); 1682 (void)fprintf(stderr, 1683 "\t\t[ -y datalinktype ] [ -z command ] [ -Z user ]\n"); 1684 (void)fprintf(stderr, 1685 "\t\t[ expression ]\n"); 1686 exit(1); 1687 } 1688 1689 1690 1691 /* VARARGS */ 1692 static void 1693 ndo_error(netdissect_options *ndo _U_, const char *fmt, ...) 1694 { 1695 va_list ap; 1696 1697 (void)fprintf(stderr, "%s: ", program_name); 1698 va_start(ap, fmt); 1699 (void)vfprintf(stderr, fmt, ap); 1700 va_end(ap); 1701 if (*fmt) { 1702 fmt += strlen(fmt); 1703 if (fmt[-1] != '\n') 1704 (void)fputc('\n', stderr); 1705 } 1706 exit(1); 1707 /* NOTREACHED */ 1708 } 1709 1710 /* VARARGS */ 1711 static void 1712 ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...) 1713 { 1714 va_list ap; 1715 1716 (void)fprintf(stderr, "%s: WARNING: ", program_name); 1717 va_start(ap, fmt); 1718 (void)vfprintf(stderr, fmt, ap); 1719 va_end(ap); 1720 if (*fmt) { 1721 fmt += strlen(fmt); 1722 if (fmt[-1] != '\n') 1723 (void)fputc('\n', stderr); 1724 } 1725 } 1726