1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Support for splitting captures into multiple files with a maximum 22 * file size: 23 * 24 * Copyright (c) 2001 25 * Seth Webster <swebster@sst.ll.mit.edu> 26 */ 27 28 #ifndef lint 29 static const char copyright[] _U_ = 30 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ 31 The Regents of the University of California. All rights reserved.\n"; 32 static const char rcsid[] _U_ = 33 "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp $ (LBL)"; 34 #endif 35 36 /* $FreeBSD$ */ 37 38 /* 39 * tcpdump - monitor tcp/ip traffic on an ethernet. 40 * 41 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. 42 * Mercilessly hacked and occasionally improved since then via the 43 * combined efforts of Van, Steve McCanne and Craig Leres of LBL. 44 */ 45 46 #ifdef HAVE_CONFIG_H 47 #include "config.h" 48 #endif 49 50 #include <tcpdump-stdinc.h> 51 52 #ifdef WIN32 53 #include "getopt.h" 54 #include "w32_fzs.h" 55 extern int strcasecmp (const char *__s1, const char *__s2); 56 extern int SIZE_BUF; 57 #define off_t long 58 #define uint UINT 59 #endif /* WIN32 */ 60 61 #ifdef HAVE_SMI_H 62 #include <smi.h> 63 #endif 64 65 #include <pcap.h> 66 #include <signal.h> 67 #include <stdio.h> 68 #include <stdlib.h> 69 #include <string.h> 70 #include <limits.h> 71 #ifdef __FreeBSD__ 72 #include <sys/capability.h> 73 #include <sys/ioccom.h> 74 #include <sys/types.h> 75 #include <sys/sysctl.h> 76 #include <net/bpf.h> 77 #include <fcntl.h> 78 #include <libgen.h> 79 #ifdef HAVE_LIBCAPSICUM 80 #include <libcapsicum.h> 81 #include <libcapsicum_dns.h> 82 #include <libcapsicum_service.h> 83 #include <nv.h> 84 #endif /* HAVE_LIBCAPSICUM */ 85 #endif /* __FreeBSD__ */ 86 #ifndef WIN32 87 #include <sys/wait.h> 88 #include <sys/resource.h> 89 #include <pwd.h> 90 #include <grp.h> 91 #include <errno.h> 92 #endif /* WIN32 */ 93 94 /* capabilities convinience library */ 95 #ifdef HAVE_CAP_NG_H 96 #include <cap-ng.h> 97 #endif /* HAVE_CAP_NG_H */ 98 99 #include "netdissect.h" 100 #include "interface.h" 101 #include "addrtoname.h" 102 #include "machdep.h" 103 #include "setsignal.h" 104 #include "gmt2local.h" 105 #include "pcap-missing.h" 106 107 #ifndef PATH_MAX 108 #define PATH_MAX 1024 109 #endif 110 111 #ifdef SIGINFO 112 #define SIGNAL_REQ_INFO SIGINFO 113 #elif SIGUSR1 114 #define SIGNAL_REQ_INFO SIGUSR1 115 #endif 116 117 netdissect_options Gndo; 118 netdissect_options *gndo = &Gndo; 119 120 static int dflag; /* print filter code */ 121 static int Lflag; /* list available data link types and exit */ 122 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 123 static int Jflag; /* list available time stamp types */ 124 #endif 125 static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */ 126 127 static int infodelay; 128 static int infoprint; 129 130 char *program_name; 131 132 #ifdef HAVE_LIBCAPSICUM 133 cap_channel_t *capdns; 134 #endif 135 136 int32_t thiszone; /* seconds offset from gmt to local time */ 137 138 /* Forwards */ 139 static RETSIGTYPE cleanup(int); 140 static RETSIGTYPE child_cleanup(int); 141 static void usage(void) __attribute__((noreturn)); 142 static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn)); 143 144 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 145 static void ndo_default_print(netdissect_options *, const u_char *, u_int); 146 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); 147 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 148 static void droproot(const char *, const char *); 149 static void ndo_error(netdissect_options *ndo, const char *fmt, ...) 150 __attribute__ ((noreturn, format (printf, 2, 3))); 151 static void ndo_warning(netdissect_options *ndo, const char *fmt, ...); 152 153 #ifdef SIGNAL_REQ_INFO 154 RETSIGTYPE requestinfo(int); 155 #endif 156 157 #if defined(USE_WIN32_MM_TIMER) 158 #include <MMsystem.h> 159 static UINT timer_id; 160 static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR); 161 #elif defined(HAVE_ALARM) 162 static void verbose_stats_dump(int sig); 163 #endif 164 165 static void info(int); 166 static u_int packets_captured; 167 168 struct printer { 169 if_printer f; 170 int type; 171 }; 172 173 174 struct ndo_printer { 175 if_ndo_printer f; 176 int type; 177 }; 178 179 180 static struct printer printers[] = { 181 { arcnet_if_print, DLT_ARCNET }, 182 #ifdef DLT_ARCNET_LINUX 183 { arcnet_linux_if_print, DLT_ARCNET_LINUX }, 184 #endif 185 { token_if_print, DLT_IEEE802 }, 186 #ifdef DLT_LANE8023 187 { lane_if_print, DLT_LANE8023 }, 188 #endif 189 #ifdef DLT_CIP 190 { cip_if_print, DLT_CIP }, 191 #endif 192 #ifdef DLT_ATM_CLIP 193 { cip_if_print, DLT_ATM_CLIP }, 194 #endif 195 { sl_if_print, DLT_SLIP }, 196 #ifdef DLT_SLIP_BSDOS 197 { sl_bsdos_if_print, DLT_SLIP_BSDOS }, 198 #endif 199 { ppp_if_print, DLT_PPP }, 200 #ifdef DLT_PPP_WITHDIRECTION 201 { ppp_if_print, DLT_PPP_WITHDIRECTION }, 202 #endif 203 #ifdef DLT_PPP_BSDOS 204 { ppp_bsdos_if_print, DLT_PPP_BSDOS }, 205 #endif 206 { fddi_if_print, DLT_FDDI }, 207 { null_if_print, DLT_NULL }, 208 #ifdef DLT_LOOP 209 { null_if_print, DLT_LOOP }, 210 #endif 211 { raw_if_print, DLT_RAW }, 212 { atm_if_print, DLT_ATM_RFC1483 }, 213 #ifdef DLT_C_HDLC 214 { chdlc_if_print, DLT_C_HDLC }, 215 #endif 216 #ifdef DLT_HDLC 217 { chdlc_if_print, DLT_HDLC }, 218 #endif 219 #ifdef DLT_PPP_SERIAL 220 { ppp_hdlc_if_print, DLT_PPP_SERIAL }, 221 #endif 222 #ifdef DLT_PPP_ETHER 223 { pppoe_if_print, DLT_PPP_ETHER }, 224 #endif 225 #ifdef DLT_LINUX_SLL 226 { sll_if_print, DLT_LINUX_SLL }, 227 #endif 228 #ifdef DLT_IEEE802_11 229 { ieee802_11_if_print, DLT_IEEE802_11}, 230 #endif 231 #ifdef DLT_LTALK 232 { ltalk_if_print, DLT_LTALK }, 233 #endif 234 #if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H) 235 { pflog_if_print, DLT_PFLOG }, 236 #endif 237 #ifdef DLT_FR 238 { fr_if_print, DLT_FR }, 239 #endif 240 #ifdef DLT_FRELAY 241 { fr_if_print, DLT_FRELAY }, 242 #endif 243 #ifdef DLT_SUNATM 244 { sunatm_if_print, DLT_SUNATM }, 245 #endif 246 #ifdef DLT_IP_OVER_FC 247 { ipfc_if_print, DLT_IP_OVER_FC }, 248 #endif 249 #ifdef DLT_PRISM_HEADER 250 { prism_if_print, DLT_PRISM_HEADER }, 251 #endif 252 #ifdef DLT_IEEE802_11_RADIO 253 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, 254 #endif 255 #ifdef DLT_ENC 256 { enc_if_print, DLT_ENC }, 257 #endif 258 #ifdef DLT_SYMANTEC_FIREWALL 259 { symantec_if_print, DLT_SYMANTEC_FIREWALL }, 260 #endif 261 #ifdef DLT_APPLE_IP_OVER_IEEE1394 262 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, 263 #endif 264 #ifdef DLT_IEEE802_11_RADIO_AVS 265 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, 266 #endif 267 #ifdef DLT_JUNIPER_ATM1 268 { juniper_atm1_print, DLT_JUNIPER_ATM1 }, 269 #endif 270 #ifdef DLT_JUNIPER_ATM2 271 { juniper_atm2_print, DLT_JUNIPER_ATM2 }, 272 #endif 273 #ifdef DLT_JUNIPER_MFR 274 { juniper_mfr_print, DLT_JUNIPER_MFR }, 275 #endif 276 #ifdef DLT_JUNIPER_MLFR 277 { juniper_mlfr_print, DLT_JUNIPER_MLFR }, 278 #endif 279 #ifdef DLT_JUNIPER_MLPPP 280 { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, 281 #endif 282 #ifdef DLT_JUNIPER_PPPOE 283 { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, 284 #endif 285 #ifdef DLT_JUNIPER_PPPOE_ATM 286 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, 287 #endif 288 #ifdef DLT_JUNIPER_GGSN 289 { juniper_ggsn_print, DLT_JUNIPER_GGSN }, 290 #endif 291 #ifdef DLT_JUNIPER_ES 292 { juniper_es_print, DLT_JUNIPER_ES }, 293 #endif 294 #ifdef DLT_JUNIPER_MONITOR 295 { juniper_monitor_print, DLT_JUNIPER_MONITOR }, 296 #endif 297 #ifdef DLT_JUNIPER_SERVICES 298 { juniper_services_print, DLT_JUNIPER_SERVICES }, 299 #endif 300 #ifdef DLT_JUNIPER_ETHER 301 { juniper_ether_print, DLT_JUNIPER_ETHER }, 302 #endif 303 #ifdef DLT_JUNIPER_PPP 304 { juniper_ppp_print, DLT_JUNIPER_PPP }, 305 #endif 306 #ifdef DLT_JUNIPER_FRELAY 307 { juniper_frelay_print, DLT_JUNIPER_FRELAY }, 308 #endif 309 #ifdef DLT_JUNIPER_CHDLC 310 { juniper_chdlc_print, DLT_JUNIPER_CHDLC }, 311 #endif 312 #ifdef DLT_MFR 313 { mfr_if_print, DLT_MFR }, 314 #endif 315 #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H) 316 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, 317 #endif 318 #ifdef HAVE_PCAP_USB_H 319 #ifdef DLT_USB_LINUX 320 { usb_linux_48_byte_print, DLT_USB_LINUX}, 321 #endif /* DLT_USB_LINUX */ 322 #ifdef DLT_USB_LINUX_MMAPPED 323 { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED}, 324 #endif /* DLT_USB_LINUX_MMAPPED */ 325 #endif /* HAVE_PCAP_USB_H */ 326 #ifdef DLT_IPV4 327 { raw_if_print, DLT_IPV4 }, 328 #endif 329 #ifdef DLT_IPV6 330 { raw_if_print, DLT_IPV6 }, 331 #endif 332 { NULL, 0 }, 333 }; 334 335 static struct ndo_printer ndo_printers[] = { 336 { ether_if_print, DLT_EN10MB }, 337 #ifdef DLT_IPNET 338 { ipnet_if_print, DLT_IPNET }, 339 #endif 340 #ifdef DLT_IEEE802_15_4 341 { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, 342 #endif 343 #ifdef DLT_IEEE802_15_4_NOFCS 344 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS }, 345 #endif 346 #ifdef DLT_PPI 347 { ppi_if_print, DLT_PPI }, 348 #endif 349 #ifdef DLT_NETANALYZER 350 { netanalyzer_if_print, DLT_NETANALYZER }, 351 #endif 352 #ifdef DLT_NETANALYZER_TRANSPARENT 353 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, 354 #endif 355 { NULL, 0 }, 356 }; 357 358 if_printer 359 lookup_printer(int type) 360 { 361 struct printer *p; 362 363 for (p = printers; p->f; ++p) 364 if (type == p->type) 365 return p->f; 366 367 return NULL; 368 /* NOTREACHED */ 369 } 370 371 if_ndo_printer 372 lookup_ndo_printer(int type) 373 { 374 struct ndo_printer *p; 375 376 for (p = ndo_printers; p->f; ++p) 377 if (type == p->type) 378 return p->f; 379 380 return NULL; 381 /* NOTREACHED */ 382 } 383 384 static pcap_t *pd; 385 386 static int supports_monitor_mode; 387 388 extern int optind; 389 extern int opterr; 390 extern char *optarg; 391 392 struct print_info { 393 netdissect_options *ndo; 394 union { 395 if_printer printer; 396 if_ndo_printer ndo_printer; 397 } p; 398 int ndo_type; 399 }; 400 401 struct dump_info { 402 char *WFileName; 403 char *CurrentFileName; 404 pcap_t *pd; 405 pcap_dumper_t *p; 406 #ifdef __FreeBSD__ 407 int dirfd; 408 #endif 409 }; 410 411 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 412 static void 413 show_tstamp_types_and_exit(const char *device, pcap_t *pd) 414 { 415 int n_tstamp_types; 416 int *tstamp_types = 0; 417 const char *tstamp_type_name; 418 int i; 419 420 n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types); 421 if (n_tstamp_types < 0) 422 error("%s", pcap_geterr(pd)); 423 424 if (n_tstamp_types == 0) { 425 fprintf(stderr, "Time stamp type cannot be set for %s\n", 426 device); 427 exit(0); 428 } 429 fprintf(stderr, "Time stamp types for %s (use option -j to set):\n", 430 device); 431 for (i = 0; i < n_tstamp_types; i++) { 432 tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]); 433 if (tstamp_type_name != NULL) { 434 (void) fprintf(stderr, " %s (%s)\n", tstamp_type_name, 435 pcap_tstamp_type_val_to_description(tstamp_types[i])); 436 } else { 437 (void) fprintf(stderr, " %d\n", tstamp_types[i]); 438 } 439 } 440 pcap_free_tstamp_types(tstamp_types); 441 exit(0); 442 } 443 #endif 444 445 static void 446 show_dlts_and_exit(const char *device, pcap_t *pd) 447 { 448 int n_dlts; 449 int *dlts = 0; 450 const char *dlt_name; 451 452 n_dlts = pcap_list_datalinks(pd, &dlts); 453 if (n_dlts < 0) 454 error("%s", pcap_geterr(pd)); 455 else if (n_dlts == 0 || !dlts) 456 error("No data link types."); 457 458 /* 459 * If the interface is known to support monitor mode, indicate 460 * whether these are the data link types available when not in 461 * monitor mode, if -I wasn't specified, or when in monitor mode, 462 * when -I was specified (the link-layer types available in 463 * monitor mode might be different from the ones available when 464 * not in monitor mode). 465 */ 466 if (supports_monitor_mode) 467 (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n", 468 device, 469 Iflag ? "when in monitor mode" : "when not in monitor mode"); 470 else 471 (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n", 472 device); 473 474 while (--n_dlts >= 0) { 475 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]); 476 if (dlt_name != NULL) { 477 (void) fprintf(stderr, " %s (%s)", dlt_name, 478 pcap_datalink_val_to_description(dlts[n_dlts])); 479 480 /* 481 * OK, does tcpdump handle that type? 482 */ 483 if (lookup_printer(dlts[n_dlts]) == NULL 484 && lookup_ndo_printer(dlts[n_dlts]) == NULL) 485 (void) fprintf(stderr, " (printing not supported)"); 486 fprintf(stderr, "\n"); 487 } else { 488 (void) fprintf(stderr, " DLT %d (printing not supported)\n", 489 dlts[n_dlts]); 490 } 491 } 492 #ifdef HAVE_PCAP_FREE_DATALINKS 493 pcap_free_datalinks(dlts); 494 #endif 495 exit(0); 496 } 497 498 /* 499 * Set up flags that might or might not be supported depending on the 500 * version of libpcap we're using. 501 */ 502 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 503 #define B_FLAG "B:" 504 #define B_FLAG_USAGE " [ -B size ]" 505 #else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 506 #define B_FLAG 507 #define B_FLAG_USAGE 508 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 509 510 #ifdef HAVE_PCAP_CREATE 511 #define I_FLAG "I" 512 #else /* HAVE_PCAP_CREATE */ 513 #define I_FLAG 514 #endif /* HAVE_PCAP_CREATE */ 515 516 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 517 #define j_FLAG "j:" 518 #define j_FLAG_USAGE " [ -j tstamptype ]" 519 #define J_FLAG "J" 520 #else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ 521 #define j_FLAG 522 #define j_FLAG_USAGE 523 #define J_FLAG 524 #endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ 525 526 #ifdef HAVE_PCAP_FINDALLDEVS 527 #ifndef HAVE_PCAP_IF_T 528 #undef HAVE_PCAP_FINDALLDEVS 529 #endif 530 #endif 531 532 #ifdef HAVE_PCAP_FINDALLDEVS 533 #define D_FLAG "D" 534 #else 535 #define D_FLAG 536 #endif 537 538 #ifdef HAVE_PCAP_DUMP_FLUSH 539 #define U_FLAG "U" 540 #else 541 #define U_FLAG 542 #endif 543 544 #ifndef WIN32 545 /* Drop root privileges and chroot if necessary */ 546 static void 547 droproot(const char *username, const char *chroot_dir) 548 { 549 struct passwd *pw = NULL; 550 551 if (chroot_dir && !username) { 552 fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); 553 exit(1); 554 } 555 556 pw = getpwnam(username); 557 if (pw) { 558 if (chroot_dir) { 559 if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { 560 fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", 561 chroot_dir, pcap_strerror(errno)); 562 exit(1); 563 } 564 } 565 #ifdef HAVE_CAP_NG_H 566 int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); 567 if (ret < 0) { 568 printf("error : ret %d\n", ret); 569 } 570 /* We don't need CAP_SETUID and CAP_SETGID */ 571 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); 572 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); 573 capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); 574 capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); 575 capng_apply(CAPNG_SELECT_BOTH); 576 577 #else 578 if (initgroups(pw->pw_name, pw->pw_gid) != 0 || 579 setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { 580 fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", 581 username, 582 (unsigned long)pw->pw_uid, 583 (unsigned long)pw->pw_gid, 584 pcap_strerror(errno)); 585 exit(1); 586 } 587 #endif /* HAVE_CAP_NG_H */ 588 } 589 else { 590 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", 591 username); 592 exit(1); 593 } 594 } 595 #endif /* WIN32 */ 596 597 static int 598 getWflagChars(int x) 599 { 600 int c = 0; 601 602 x -= 1; 603 while (x > 0) { 604 c += 1; 605 x /= 10; 606 } 607 608 return c; 609 } 610 611 612 static void 613 MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars) 614 { 615 char *filename = malloc(PATH_MAX + 1); 616 if (filename == NULL) 617 error("Makefilename: malloc"); 618 619 /* Process with strftime if Gflag is set. */ 620 if (Gflag != 0) { 621 struct tm *local_tm; 622 623 /* Convert Gflag_time to a usable format */ 624 if ((local_tm = localtime(&Gflag_time)) == NULL) { 625 error("MakeTimedFilename: localtime"); 626 } 627 628 /* There's no good way to detect an error in strftime since a return 629 * value of 0 isn't necessarily failure. 630 */ 631 strftime(filename, PATH_MAX, orig_name, local_tm); 632 } else { 633 strncpy(filename, orig_name, PATH_MAX); 634 } 635 636 if (cnt == 0 && max_chars == 0) 637 strncpy(buffer, filename, PATH_MAX + 1); 638 else 639 if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX) 640 /* Report an error if the filename is too large */ 641 error("too many output files or filename is too long (> %d)", PATH_MAX); 642 free(filename); 643 } 644 645 static int tcpdump_printf(netdissect_options *ndo _U_, 646 const char *fmt, ...) 647 { 648 649 va_list args; 650 int ret; 651 652 va_start(args, fmt); 653 ret=vfprintf(stdout, fmt, args); 654 va_end(args); 655 656 return ret; 657 } 658 659 static struct print_info 660 get_print_info(int type) 661 { 662 struct print_info printinfo; 663 664 printinfo.ndo_type = 1; 665 printinfo.ndo = gndo; 666 printinfo.p.ndo_printer = lookup_ndo_printer(type); 667 if (printinfo.p.ndo_printer == NULL) { 668 printinfo.p.printer = lookup_printer(type); 669 printinfo.ndo_type = 0; 670 if (printinfo.p.printer == NULL) { 671 gndo->ndo_dltname = pcap_datalink_val_to_name(type); 672 if (gndo->ndo_dltname != NULL) 673 error("packet printing is not supported for link type %s: use -w", 674 gndo->ndo_dltname); 675 else 676 error("packet printing is not supported for link type %d: use -w", type); 677 } 678 } 679 return (printinfo); 680 } 681 682 static char * 683 get_next_file(FILE *VFile, char *ptr) 684 { 685 char *ret; 686 687 ret = fgets(ptr, PATH_MAX, VFile); 688 if (!ret) 689 return NULL; 690 691 if (ptr[strlen(ptr) - 1] == '\n') 692 ptr[strlen(ptr) - 1] = '\0'; 693 694 return ret; 695 } 696 697 #ifdef HAVE_LIBCAPSICUM 698 static cap_channel_t * 699 capdns_setup(void) 700 { 701 cap_channel_t *capcas, *capdnsloc; 702 const char *types[1]; 703 int families[2]; 704 705 capcas = cap_init(); 706 if (capcas == NULL) { 707 warning("unable to contact casperd"); 708 return (NULL); 709 } 710 capdnsloc = cap_service_open(capcas, "system.dns"); 711 /* Casper capability no longer needed. */ 712 cap_close(capcas); 713 if (capdnsloc == NULL) { 714 warning("unable to open system.dns service"); 715 return (NULL); 716 } 717 /* Limit system.dns to reverse DNS lookups. */ 718 types[0] = "ADDR"; 719 if (cap_dns_type_limit(capdnsloc, types, 1) < 0) { 720 warning("unable to limit access to system.dns service"); 721 cap_close(capdnsloc); 722 return (NULL); 723 } 724 families[0] = AF_INET; 725 families[1] = AF_INET6; 726 if (cap_dns_family_limit(capdnsloc, families, 2) < 0) { 727 warning("unable to limit access to system.dns service"); 728 cap_close(capdnsloc); 729 return (NULL); 730 } 731 732 return (capdnsloc); 733 } 734 #endif /* HAVE_LIBCAPSICUM */ 735 736 int 737 main(int argc, char **argv) 738 { 739 register int cnt, op, i; 740 bpf_u_int32 localnet, netmask; 741 register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName; 742 pcap_handler callback; 743 int type; 744 int dlt; 745 int new_dlt; 746 const char *dlt_name; 747 struct bpf_program fcode; 748 #ifndef WIN32 749 RETSIGTYPE (*oldhandler)(int); 750 #endif 751 struct print_info printinfo; 752 struct dump_info dumpinfo; 753 u_char *pcap_userdata; 754 char ebuf[PCAP_ERRBUF_SIZE]; 755 char VFileLine[PATH_MAX + 1]; 756 char *username = NULL; 757 char *chroot_dir = NULL; 758 char *ret = NULL; 759 char *end; 760 #ifdef HAVE_PCAP_FINDALLDEVS 761 pcap_if_t *devpointer; 762 int devnum; 763 #endif 764 int status; 765 FILE *VFile; 766 #ifdef __FreeBSD__ 767 cap_rights_t rights; 768 int cansandbox; 769 #endif /* __FreeBSD__ */ 770 771 #ifdef WIN32 772 if(wsockinit() != 0) return 1; 773 #endif /* WIN32 */ 774 775 jflag=-1; /* not set */ 776 gndo->ndo_Oflag=1; 777 gndo->ndo_Rflag=1; 778 gndo->ndo_dlt=-1; 779 gndo->ndo_default_print=ndo_default_print; 780 gndo->ndo_printf=tcpdump_printf; 781 gndo->ndo_error=ndo_error; 782 gndo->ndo_warning=ndo_warning; 783 gndo->ndo_snaplen = DEFAULT_SNAPLEN; 784 785 cnt = -1; 786 device = NULL; 787 infile = NULL; 788 RFileName = NULL; 789 VFileName = NULL; 790 VFile = NULL; 791 WFileName = NULL; 792 dlt = -1; 793 if ((cp = strrchr(argv[0], '/')) != NULL) 794 program_name = cp + 1; 795 else 796 program_name = argv[0]; 797 798 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) 799 error("%s", ebuf); 800 801 #ifdef LIBSMI 802 smiInit("tcpdump"); 803 #endif 804 805 while ( 806 (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "V:vw:W:xXy:Yz:Z:")) != -1) 807 switch (op) { 808 809 case 'a': 810 /* compatibility for old -a */ 811 break; 812 813 case 'A': 814 ++Aflag; 815 break; 816 817 case 'b': 818 ++bflag; 819 break; 820 821 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 822 case 'B': 823 Bflag = atoi(optarg)*1024; 824 if (Bflag <= 0) 825 error("invalid packet buffer size %s", optarg); 826 break; 827 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 828 829 case 'c': 830 cnt = atoi(optarg); 831 if (cnt <= 0) 832 error("invalid packet count %s", optarg); 833 break; 834 835 case 'C': 836 Cflag = atoi(optarg) * 1000000; 837 if (Cflag < 0) 838 error("invalid file size %s", optarg); 839 break; 840 841 case 'd': 842 ++dflag; 843 break; 844 845 #ifdef HAVE_PCAP_FINDALLDEVS 846 case 'D': 847 if (pcap_findalldevs(&devpointer, ebuf) < 0) 848 error("%s", ebuf); 849 else { 850 for (i = 0; devpointer != 0; i++) { 851 printf("%d.%s", i+1, devpointer->name); 852 if (devpointer->description != NULL) 853 printf(" (%s)", devpointer->description); 854 printf("\n"); 855 devpointer = devpointer->next; 856 } 857 } 858 return 0; 859 #endif /* HAVE_PCAP_FINDALLDEVS */ 860 861 case 'L': 862 Lflag++; 863 break; 864 865 case 'e': 866 ++eflag; 867 break; 868 869 case 'E': 870 #ifndef HAVE_LIBCRYPTO 871 warning("crypto code not compiled in"); 872 #endif 873 gndo->ndo_espsecret = optarg; 874 break; 875 876 case 'f': 877 ++fflag; 878 break; 879 880 case 'F': 881 infile = optarg; 882 break; 883 884 case 'G': 885 Gflag = atoi(optarg); 886 if (Gflag < 0) 887 error("invalid number of seconds %s", optarg); 888 889 /* We will create one file initially. */ 890 Gflag_count = 0; 891 892 /* Grab the current time for rotation use. */ 893 if ((Gflag_time = time(NULL)) == (time_t)-1) { 894 error("main: can't get current time: %s", 895 pcap_strerror(errno)); 896 } 897 break; 898 899 case 'h': 900 usage(); 901 break; 902 903 case 'H': 904 ++Hflag; 905 break; 906 907 case 'i': 908 if (optarg[0] == '0' && optarg[1] == 0) 909 error("Invalid adapter index"); 910 911 #ifdef HAVE_PCAP_FINDALLDEVS 912 /* 913 * If the argument is a number, treat it as 914 * an index into the list of adapters, as 915 * printed by "tcpdump -D". 916 * 917 * This should be OK on UNIX systems, as interfaces 918 * shouldn't have names that begin with digits. 919 * It can be useful on Windows, where more than 920 * one interface can have the same name. 921 */ 922 devnum = strtol(optarg, &end, 10); 923 if (optarg != end && *end == '\0') { 924 if (devnum < 0) 925 error("Invalid adapter index"); 926 927 if (pcap_findalldevs(&devpointer, ebuf) < 0) 928 error("%s", ebuf); 929 else { 930 /* 931 * Look for the devnum-th entry 932 * in the list of devices 933 * (1-based). 934 */ 935 for (i = 0; 936 i < devnum-1 && devpointer != NULL; 937 i++, devpointer = devpointer->next) 938 ; 939 if (devpointer == NULL) 940 error("Invalid adapter index"); 941 } 942 device = devpointer->name; 943 break; 944 } 945 #endif /* HAVE_PCAP_FINDALLDEVS */ 946 device = optarg; 947 break; 948 949 #ifdef HAVE_PCAP_CREATE 950 case 'I': 951 ++Iflag; 952 break; 953 #endif /* HAVE_PCAP_CREATE */ 954 955 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 956 case 'j': 957 jflag = pcap_tstamp_type_name_to_val(optarg); 958 if (jflag < 0) 959 error("invalid time stamp type %s", optarg); 960 break; 961 962 case 'J': 963 Jflag++; 964 break; 965 #endif 966 967 case 'l': 968 #ifdef WIN32 969 /* 970 * _IOLBF is the same as _IOFBF in Microsoft's C 971 * libraries; the only alternative they offer 972 * is _IONBF. 973 * 974 * XXX - this should really be checking for MSVC++, 975 * not WIN32, if, for example, MinGW has its own 976 * C library that is more UNIX-compatible. 977 */ 978 setvbuf(stdout, NULL, _IONBF, 0); 979 #else /* WIN32 */ 980 #ifdef HAVE_SETLINEBUF 981 setlinebuf(stdout); 982 #else 983 setvbuf(stdout, NULL, _IOLBF, 0); 984 #endif 985 #endif /* WIN32 */ 986 break; 987 988 case 'K': 989 ++Kflag; 990 break; 991 992 case 'm': 993 #ifdef LIBSMI 994 if (smiLoadModule(optarg) == 0) { 995 error("could not load MIB module %s", optarg); 996 } 997 sflag = 1; 998 #else 999 (void)fprintf(stderr, "%s: ignoring option `-m %s' ", 1000 program_name, optarg); 1001 (void)fprintf(stderr, "(no libsmi support)\n"); 1002 #endif 1003 break; 1004 1005 case 'M': 1006 /* TCP-MD5 shared secret */ 1007 #ifndef HAVE_LIBCRYPTO 1008 warning("crypto code not compiled in"); 1009 #endif 1010 sigsecret = optarg; 1011 break; 1012 1013 case 'n': 1014 ++nflag; 1015 break; 1016 1017 case 'N': 1018 ++Nflag; 1019 break; 1020 1021 case 'O': 1022 Oflag = 0; 1023 break; 1024 1025 case 'p': 1026 ++pflag; 1027 break; 1028 1029 case 'q': 1030 ++qflag; 1031 ++suppress_default_print; 1032 break; 1033 1034 case 'r': 1035 RFileName = optarg; 1036 break; 1037 1038 case 'R': 1039 Rflag = 0; 1040 break; 1041 1042 case 's': 1043 snaplen = strtol(optarg, &end, 0); 1044 if (optarg == end || *end != '\0' 1045 || snaplen < 0 || snaplen > MAXIMUM_SNAPLEN) 1046 error("invalid snaplen %s", optarg); 1047 else if (snaplen == 0) 1048 snaplen = MAXIMUM_SNAPLEN; 1049 break; 1050 1051 case 'S': 1052 ++Sflag; 1053 break; 1054 1055 case 't': 1056 ++tflag; 1057 break; 1058 1059 case 'T': 1060 if (strcasecmp(optarg, "vat") == 0) 1061 packettype = PT_VAT; 1062 else if (strcasecmp(optarg, "wb") == 0) 1063 packettype = PT_WB; 1064 else if (strcasecmp(optarg, "rpc") == 0) 1065 packettype = PT_RPC; 1066 else if (strcasecmp(optarg, "rtp") == 0) 1067 packettype = PT_RTP; 1068 else if (strcasecmp(optarg, "rtcp") == 0) 1069 packettype = PT_RTCP; 1070 else if (strcasecmp(optarg, "snmp") == 0) 1071 packettype = PT_SNMP; 1072 else if (strcasecmp(optarg, "cnfp") == 0) 1073 packettype = PT_CNFP; 1074 else if (strcasecmp(optarg, "tftp") == 0) 1075 packettype = PT_TFTP; 1076 else if (strcasecmp(optarg, "aodv") == 0) 1077 packettype = PT_AODV; 1078 else if (strcasecmp(optarg, "carp") == 0) 1079 packettype = PT_CARP; 1080 else if (strcasecmp(optarg, "radius") == 0) 1081 packettype = PT_RADIUS; 1082 else if (strcasecmp(optarg, "zmtp1") == 0) 1083 packettype = PT_ZMTP1; 1084 else if (strcasecmp(optarg, "vxlan") == 0) 1085 packettype = PT_VXLAN; 1086 else 1087 error("unknown packet type `%s'", optarg); 1088 break; 1089 1090 case 'u': 1091 ++uflag; 1092 break; 1093 1094 #ifdef HAVE_PCAP_DUMP_FLUSH 1095 case 'U': 1096 ++Uflag; 1097 break; 1098 #endif 1099 1100 case 'v': 1101 ++vflag; 1102 break; 1103 1104 case 'V': 1105 VFileName = optarg; 1106 break; 1107 1108 case 'w': 1109 WFileName = optarg; 1110 break; 1111 1112 case 'W': 1113 Wflag = atoi(optarg); 1114 if (Wflag < 0) 1115 error("invalid number of output files %s", optarg); 1116 WflagChars = getWflagChars(Wflag); 1117 break; 1118 1119 case 'x': 1120 ++xflag; 1121 ++suppress_default_print; 1122 break; 1123 1124 case 'X': 1125 ++Xflag; 1126 ++suppress_default_print; 1127 break; 1128 1129 case 'y': 1130 gndo->ndo_dltname = optarg; 1131 gndo->ndo_dlt = 1132 pcap_datalink_name_to_val(gndo->ndo_dltname); 1133 if (gndo->ndo_dlt < 0) 1134 error("invalid data link type %s", gndo->ndo_dltname); 1135 break; 1136 1137 #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) 1138 case 'Y': 1139 { 1140 /* Undocumented flag */ 1141 #ifdef HAVE_PCAP_DEBUG 1142 extern int pcap_debug; 1143 pcap_debug = 1; 1144 #else 1145 extern int yydebug; 1146 yydebug = 1; 1147 #endif 1148 } 1149 break; 1150 #endif 1151 case 'z': 1152 if (optarg) { 1153 zflag = strdup(optarg); 1154 } else { 1155 usage(); 1156 /* NOTREACHED */ 1157 } 1158 break; 1159 1160 case 'Z': 1161 if (optarg) { 1162 username = strdup(optarg); 1163 } 1164 else { 1165 usage(); 1166 /* NOTREACHED */ 1167 } 1168 break; 1169 1170 default: 1171 usage(); 1172 /* NOTREACHED */ 1173 } 1174 1175 switch (tflag) { 1176 1177 case 0: /* Default */ 1178 case 4: /* Default + Date*/ 1179 thiszone = gmt2local(0); 1180 break; 1181 1182 case 1: /* No time stamp */ 1183 case 2: /* Unix timeval style */ 1184 case 3: /* Microseconds since previous packet */ 1185 case 5: /* Microseconds since first packet */ 1186 break; 1187 1188 default: /* Not supported */ 1189 error("only -t, -tt, -ttt, -tttt and -ttttt are supported"); 1190 break; 1191 } 1192 1193 if (fflag != 0 && (VFileName != NULL || RFileName != NULL)) 1194 error("-f can not be used with -V or -r"); 1195 1196 if (VFileName != NULL && RFileName != NULL) 1197 error("-V and -r are mutually exclusive."); 1198 1199 #ifdef WITH_CHROOT 1200 /* if run as root, prepare for chrooting */ 1201 if (getuid() == 0 || geteuid() == 0) { 1202 /* future extensibility for cmd-line arguments */ 1203 if (!chroot_dir) 1204 chroot_dir = WITH_CHROOT; 1205 } 1206 #endif 1207 1208 #ifdef WITH_USER 1209 /* if run as root, prepare for dropping root privileges */ 1210 if (getuid() == 0 || geteuid() == 0) { 1211 /* Run with '-Z root' to restore old behaviour */ 1212 if (!username) 1213 username = WITH_USER; 1214 } 1215 #endif 1216 1217 if (RFileName != NULL || VFileName != NULL) { 1218 /* 1219 * If RFileName is non-null, it's the pathname of a 1220 * savefile to read. If VFileName is non-null, it's 1221 * the pathname of a file containing a list of pathnames 1222 * (one per line) of savefiles to read. 1223 * 1224 * In either case, we're reading a savefile, not doing 1225 * a live capture. 1226 */ 1227 #ifndef WIN32 1228 /* 1229 * We don't need network access, so relinquish any set-UID 1230 * or set-GID privileges we have (if any). 1231 * 1232 * We do *not* want set-UID privileges when opening a 1233 * trace file, as that might let the user read other 1234 * people's trace files (especially if we're set-UID 1235 * root). 1236 */ 1237 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 ) 1238 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1239 #endif /* WIN32 */ 1240 if (VFileName != NULL) { 1241 if (VFileName[0] == '-' && VFileName[1] == '\0') 1242 VFile = stdin; 1243 else 1244 VFile = fopen(VFileName, "r"); 1245 1246 if (VFile == NULL) 1247 error("Unable to open file: %s\n", strerror(errno)); 1248 1249 ret = get_next_file(VFile, VFileLine); 1250 if (!ret) 1251 error("Nothing in %s\n", VFileName); 1252 RFileName = VFileLine; 1253 } 1254 1255 pd = pcap_open_offline(RFileName, ebuf); 1256 if (pd == NULL) 1257 error("%s", ebuf); 1258 #ifdef __FreeBSD__ 1259 cap_rights_init(&rights, CAP_READ); 1260 if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 && 1261 errno != ENOSYS) { 1262 error("unable to limit pcap descriptor"); 1263 } 1264 #endif 1265 dlt = pcap_datalink(pd); 1266 dlt_name = pcap_datalink_val_to_name(dlt); 1267 if (dlt_name == NULL) { 1268 fprintf(stderr, "reading from file %s, link-type %u\n", 1269 RFileName, dlt); 1270 } else { 1271 fprintf(stderr, 1272 "reading from file %s, link-type %s (%s)\n", 1273 RFileName, dlt_name, 1274 pcap_datalink_val_to_description(dlt)); 1275 } 1276 localnet = 0; 1277 netmask = 0; 1278 } else { 1279 /* 1280 * We're doing a live capture. 1281 */ 1282 if (device == NULL) { 1283 device = pcap_lookupdev(ebuf); 1284 if (device == NULL) 1285 error("%s", ebuf); 1286 } 1287 #ifdef WIN32 1288 /* 1289 * Print a message to the standard error on Windows. 1290 * XXX - why do it here, with a different message? 1291 */ 1292 if(strlen(device) == 1) //we assume that an ASCII string is always longer than 1 char 1293 { //a Unicode string has a \0 as second byte (so strlen() is 1) 1294 fprintf(stderr, "%s: listening on %ws\n", program_name, device); 1295 } 1296 else 1297 { 1298 fprintf(stderr, "%s: listening on %s\n", program_name, device); 1299 } 1300 1301 fflush(stderr); 1302 #endif /* WIN32 */ 1303 #ifdef HAVE_PCAP_CREATE 1304 pd = pcap_create(device, ebuf); 1305 if (pd == NULL) 1306 error("%s", ebuf); 1307 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 1308 if (Jflag) 1309 show_tstamp_types_and_exit(device, pd); 1310 #endif 1311 /* 1312 * Is this an interface that supports monitor mode? 1313 */ 1314 if (pcap_can_set_rfmon(pd) == 1) 1315 supports_monitor_mode = 1; 1316 else 1317 supports_monitor_mode = 0; 1318 status = pcap_set_snaplen(pd, snaplen); 1319 if (status != 0) 1320 error("%s: Can't set snapshot length: %s", 1321 device, pcap_statustostr(status)); 1322 status = pcap_set_promisc(pd, !pflag); 1323 if (status != 0) 1324 error("%s: Can't set promiscuous mode: %s", 1325 device, pcap_statustostr(status)); 1326 if (Iflag) { 1327 status = pcap_set_rfmon(pd, 1); 1328 if (status != 0) 1329 error("%s: Can't set monitor mode: %s", 1330 device, pcap_statustostr(status)); 1331 } 1332 status = pcap_set_timeout(pd, 1000); 1333 if (status != 0) 1334 error("%s: pcap_set_timeout failed: %s", 1335 device, pcap_statustostr(status)); 1336 if (Bflag != 0) { 1337 status = pcap_set_buffer_size(pd, Bflag); 1338 if (status != 0) 1339 error("%s: Can't set buffer size: %s", 1340 device, pcap_statustostr(status)); 1341 } 1342 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 1343 if (jflag != -1) { 1344 status = pcap_set_tstamp_type(pd, jflag); 1345 if (status < 0) 1346 error("%s: Can't set time stamp type: %s", 1347 device, pcap_statustostr(status)); 1348 } 1349 #endif 1350 status = pcap_activate(pd); 1351 if (status < 0) { 1352 /* 1353 * pcap_activate() failed. 1354 */ 1355 cp = pcap_geterr(pd); 1356 if (status == PCAP_ERROR) 1357 error("%s", cp); 1358 else if ((status == PCAP_ERROR_NO_SUCH_DEVICE || 1359 status == PCAP_ERROR_PERM_DENIED) && 1360 *cp != '\0') 1361 error("%s: %s\n(%s)", device, 1362 pcap_statustostr(status), cp); 1363 #ifdef __FreeBSD__ 1364 else if (status == PCAP_ERROR_RFMON_NOTSUP && 1365 strncmp(device, "wlan", 4) == 0) { 1366 char parent[8], newdev[8]; 1367 char sysctl[32]; 1368 size_t s = sizeof(parent); 1369 1370 snprintf(sysctl, sizeof(sysctl), 1371 "net.wlan.%d.%%parent", atoi(device + 4)); 1372 sysctlbyname(sysctl, parent, &s, NULL, 0); 1373 strlcpy(newdev, device, sizeof(newdev)); 1374 /* Suggest a new wlan device. */ 1375 newdev[strlen(newdev)-1]++; 1376 error("%s is not a monitor mode VAP\n" 1377 "To create a new monitor mode VAP use:\n" 1378 " ifconfig %s create wlandev %s wlanmode " 1379 "monitor\nand use %s as the tcpdump " 1380 "interface", device, newdev, parent, 1381 newdev); 1382 } 1383 #endif 1384 else 1385 error("%s: %s", device, 1386 pcap_statustostr(status)); 1387 } else if (status > 0) { 1388 /* 1389 * pcap_activate() succeeded, but it's warning us 1390 * of a problem it had. 1391 */ 1392 cp = pcap_geterr(pd); 1393 if (status == PCAP_WARNING) 1394 warning("%s", cp); 1395 else if (status == PCAP_WARNING_PROMISC_NOTSUP && 1396 *cp != '\0') 1397 warning("%s: %s\n(%s)", device, 1398 pcap_statustostr(status), cp); 1399 else 1400 warning("%s: %s", device, 1401 pcap_statustostr(status)); 1402 } 1403 #else 1404 *ebuf = '\0'; 1405 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); 1406 if (pd == NULL) 1407 error("%s", ebuf); 1408 else if (*ebuf) 1409 warning("%s", ebuf); 1410 #endif /* HAVE_PCAP_CREATE */ 1411 /* 1412 * Let user own process after socket has been opened. 1413 */ 1414 #ifndef WIN32 1415 if (setgid(getgid()) != 0 || setuid(getuid()) != 0) 1416 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1417 #endif /* WIN32 */ 1418 #if !defined(HAVE_PCAP_CREATE) && defined(WIN32) 1419 if(Bflag != 0) 1420 if(pcap_setbuff(pd, Bflag)==-1){ 1421 error("%s", pcap_geterr(pd)); 1422 } 1423 #endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */ 1424 if (Lflag) 1425 show_dlts_and_exit(device, pd); 1426 if (gndo->ndo_dlt >= 0) { 1427 #ifdef HAVE_PCAP_SET_DATALINK 1428 if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0) 1429 error("%s", pcap_geterr(pd)); 1430 #else 1431 /* 1432 * We don't actually support changing the 1433 * data link type, so we only let them 1434 * set it to what it already is. 1435 */ 1436 if (gndo->ndo_dlt != pcap_datalink(pd)) { 1437 error("%s is not one of the DLTs supported by this device\n", 1438 gndo->ndo_dltname); 1439 } 1440 #endif 1441 (void)fprintf(stderr, "%s: data link type %s\n", 1442 program_name, gndo->ndo_dltname); 1443 (void)fflush(stderr); 1444 } 1445 i = pcap_snapshot(pd); 1446 if (snaplen < i) { 1447 warning("snaplen raised from %d to %d", snaplen, i); 1448 snaplen = i; 1449 } 1450 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { 1451 localnet = 0; 1452 netmask = 0; 1453 warning("%s", ebuf); 1454 } 1455 } 1456 if (infile) 1457 cmdbuf = read_infile(infile); 1458 else 1459 cmdbuf = copy_argv(&argv[optind]); 1460 1461 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1462 error("%s", pcap_geterr(pd)); 1463 if (dflag) { 1464 bpf_dump(&fcode, dflag); 1465 pcap_close(pd); 1466 free(cmdbuf); 1467 exit(0); 1468 } 1469 1470 #ifdef HAVE_LIBCAPSICUM 1471 if (!nflag) 1472 capdns = capdns_setup(); 1473 #endif /* HAVE_LIBCAPSICUM */ 1474 1475 init_addrtoname(localnet, netmask); 1476 init_checksum(); 1477 1478 #ifndef WIN32 1479 (void)setsignal(SIGPIPE, cleanup); 1480 (void)setsignal(SIGTERM, cleanup); 1481 (void)setsignal(SIGINT, cleanup); 1482 #endif /* WIN32 */ 1483 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1484 (void)setsignal(SIGCHLD, child_cleanup); 1485 #endif 1486 /* Cooperate with nohup(1) */ 1487 #ifndef WIN32 1488 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) 1489 (void)setsignal(SIGHUP, oldhandler); 1490 #endif /* WIN32 */ 1491 1492 #ifndef WIN32 1493 /* 1494 * If a user name was specified with "-Z", attempt to switch to 1495 * that user's UID. This would probably be used with sudo, 1496 * to allow tcpdump to be run in a special restricted 1497 * account (if you just want to allow users to open capture 1498 * devices, and can't just give users that permission, 1499 * you'd make tcpdump set-UID or set-GID). 1500 * 1501 * Tcpdump doesn't necessarily write only to one savefile; 1502 * the general only way to allow a -Z instance to write to 1503 * savefiles as the user under whose UID it's run, rather 1504 * than as the user specified with -Z, would thus be to switch 1505 * to the original user ID before opening a capture file and 1506 * then switch back to the -Z user ID after opening the savefile. 1507 * Switching to the -Z user ID only after opening the first 1508 * savefile doesn't handle the general case. 1509 */ 1510 1511 #ifdef HAVE_CAP_NG_H 1512 /* We are running as root and we will be writing to savefile */ 1513 if ((getuid() == 0 || geteuid() == 0) && WFileName) { 1514 if (username) { 1515 /* Drop all capabilities from effective set */ 1516 capng_clear(CAPNG_EFFECTIVE); 1517 /* Add capabilities we will need*/ 1518 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETUID); 1519 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETGID); 1520 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_DAC_OVERRIDE); 1521 1522 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETUID); 1523 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETGID); 1524 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1525 1526 capng_apply(CAPNG_SELECT_BOTH); 1527 } 1528 } 1529 #endif /* HAVE_CAP_NG_H */ 1530 1531 if (getuid() == 0 || geteuid() == 0) { 1532 if (username || chroot_dir) 1533 droproot(username, chroot_dir); 1534 1535 } 1536 #endif /* WIN32 */ 1537 1538 if (pcap_setfilter(pd, &fcode) < 0) 1539 error("%s", pcap_geterr(pd)); 1540 #ifdef __FreeBSD__ 1541 if (RFileName == NULL && VFileName == NULL) { 1542 static const unsigned long cmds[] = { BIOCGSTATS }; 1543 1544 cap_rights_init(&rights, CAP_IOCTL, CAP_READ); 1545 if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 && 1546 errno != ENOSYS) { 1547 error("unable to limit pcap descriptor"); 1548 } 1549 if (cap_ioctls_limit(pcap_fileno(pd), cmds, 1550 sizeof(cmds) / sizeof(cmds[0])) < 0 && errno != ENOSYS) { 1551 error("unable to limit ioctls on pcap descriptor"); 1552 } 1553 } 1554 #endif 1555 if (WFileName) { 1556 pcap_dumper_t *p; 1557 /* Do not exceed the default PATH_MAX for files. */ 1558 dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1); 1559 1560 if (dumpinfo.CurrentFileName == NULL) 1561 error("malloc of dumpinfo.CurrentFileName"); 1562 1563 /* We do not need numbering for dumpfiles if Cflag isn't set. */ 1564 if (Cflag != 0) 1565 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars); 1566 else 1567 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); 1568 1569 p = pcap_dump_open(pd, dumpinfo.CurrentFileName); 1570 #ifdef HAVE_CAP_NG_H 1571 /* Give up capabilities, clear Effective set */ 1572 capng_clear(CAPNG_EFFECTIVE); 1573 #endif 1574 if (p == NULL) 1575 error("%s", pcap_geterr(pd)); 1576 #ifdef __FreeBSD__ 1577 cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); 1578 if (cap_rights_limit(fileno(pcap_dump_file(p)), &rights) < 0 && 1579 errno != ENOSYS) { 1580 error("unable to limit dump descriptor"); 1581 } 1582 #endif 1583 if (Cflag != 0 || Gflag != 0) { 1584 #ifdef __FreeBSD__ 1585 dumpinfo.WFileName = strdup(basename(WFileName)); 1586 dumpinfo.dirfd = open(dirname(WFileName), 1587 O_DIRECTORY | O_RDONLY); 1588 if (dumpinfo.dirfd < 0) { 1589 error("unable to open directory %s", 1590 dirname(WFileName)); 1591 } 1592 cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL, 1593 CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK, CAP_WRITE); 1594 if (cap_rights_limit(dumpinfo.dirfd, &rights) < 0 && 1595 errno != ENOSYS) { 1596 error("unable to limit directory rights"); 1597 } 1598 #else /* !__FreeBSD__ */ 1599 dumpinfo.WFileName = WFileName; 1600 #endif 1601 callback = dump_packet_and_trunc; 1602 dumpinfo.pd = pd; 1603 dumpinfo.p = p; 1604 pcap_userdata = (u_char *)&dumpinfo; 1605 } else { 1606 callback = dump_packet; 1607 pcap_userdata = (u_char *)p; 1608 } 1609 #ifdef HAVE_PCAP_DUMP_FLUSH 1610 if (Uflag) 1611 pcap_dump_flush(p); 1612 #endif 1613 } else { 1614 type = pcap_datalink(pd); 1615 printinfo = get_print_info(type); 1616 callback = print_packet; 1617 pcap_userdata = (u_char *)&printinfo; 1618 } 1619 1620 #ifdef SIGNAL_REQ_INFO 1621 /* 1622 * We can't get statistics when reading from a file rather 1623 * than capturing from a device. 1624 */ 1625 if (RFileName == NULL) 1626 (void)setsignal(SIGNAL_REQ_INFO, requestinfo); 1627 #endif 1628 1629 if (vflag > 0 && WFileName) { 1630 /* 1631 * When capturing to a file, "-v" means tcpdump should, 1632 * every 10 secodns, "v"erbosely report the number of 1633 * packets captured. 1634 */ 1635 #ifdef USE_WIN32_MM_TIMER 1636 /* call verbose_stats_dump() each 1000 +/-100msec */ 1637 timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC); 1638 setvbuf(stderr, NULL, _IONBF, 0); 1639 #elif defined(HAVE_ALARM) 1640 (void)setsignal(SIGALRM, verbose_stats_dump); 1641 alarm(1); 1642 #endif 1643 } 1644 1645 #ifndef WIN32 1646 if (RFileName == NULL) { 1647 /* 1648 * Live capture (if -V was specified, we set RFileName 1649 * to a file from the -V file). Print a message to 1650 * the standard error on UN*X. 1651 */ 1652 if (!vflag && !WFileName) { 1653 (void)fprintf(stderr, 1654 "%s: verbose output suppressed, use -v or -vv for full protocol decode\n", 1655 program_name); 1656 } else 1657 (void)fprintf(stderr, "%s: ", program_name); 1658 dlt = pcap_datalink(pd); 1659 dlt_name = pcap_datalink_val_to_name(dlt); 1660 if (dlt_name == NULL) { 1661 (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n", 1662 device, dlt, snaplen); 1663 } else { 1664 (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n", 1665 device, dlt_name, 1666 pcap_datalink_val_to_description(dlt), snaplen); 1667 } 1668 (void)fflush(stderr); 1669 } 1670 #endif /* WIN32 */ 1671 1672 #ifdef __FreeBSD__ 1673 cansandbox = (VFileName == NULL && zflag == NULL); 1674 #ifdef HAVE_LIBCAPSICUM 1675 cansandbox = (cansandbox && (nflag || capdns != NULL)); 1676 #else 1677 cansandbox = (cansandbox && nflag); 1678 #endif 1679 if (cansandbox && cap_enter() < 0 && errno != ENOSYS) 1680 error("unable to enter the capability mode"); 1681 if (cap_sandboxed()) 1682 fprintf(stderr, "capability mode sandbox enabled\n"); 1683 #endif /* __FreeBSD__ */ 1684 1685 do { 1686 status = pcap_loop(pd, cnt, callback, pcap_userdata); 1687 if (WFileName == NULL) { 1688 /* 1689 * We're printing packets. Flush the printed output, 1690 * so it doesn't get intermingled with error output. 1691 */ 1692 if (status == -2) { 1693 /* 1694 * We got interrupted, so perhaps we didn't 1695 * manage to finish a line we were printing. 1696 * Print an extra newline, just in case. 1697 */ 1698 putchar('\n'); 1699 } 1700 (void)fflush(stdout); 1701 } 1702 if (status == -1) { 1703 /* 1704 * Error. Report it. 1705 */ 1706 (void)fprintf(stderr, "%s: pcap_loop: %s\n", 1707 program_name, pcap_geterr(pd)); 1708 } 1709 if (RFileName == NULL) { 1710 /* 1711 * We're doing a live capture. Report the capture 1712 * statistics. 1713 */ 1714 info(1); 1715 } 1716 pcap_close(pd); 1717 if (VFileName != NULL) { 1718 ret = get_next_file(VFile, VFileLine); 1719 if (ret) { 1720 RFileName = VFileLine; 1721 pd = pcap_open_offline(RFileName, ebuf); 1722 if (pd == NULL) 1723 error("%s", ebuf); 1724 #ifdef __FreeBSD__ 1725 cap_rights_init(&rights, CAP_READ); 1726 if (cap_rights_limit(fileno(pcap_file(pd)), 1727 &rights) < 0 && errno != ENOSYS) { 1728 error("unable to limit pcap descriptor"); 1729 } 1730 #endif 1731 new_dlt = pcap_datalink(pd); 1732 if (WFileName && new_dlt != dlt) 1733 error("%s: new dlt does not match original", RFileName); 1734 printinfo = get_print_info(new_dlt); 1735 dlt_name = pcap_datalink_val_to_name(new_dlt); 1736 if (dlt_name == NULL) { 1737 fprintf(stderr, "reading from file %s, link-type %u\n", 1738 RFileName, new_dlt); 1739 } else { 1740 fprintf(stderr, 1741 "reading from file %s, link-type %s (%s)\n", 1742 RFileName, dlt_name, 1743 pcap_datalink_val_to_description(new_dlt)); 1744 } 1745 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1746 error("%s", pcap_geterr(pd)); 1747 if (pcap_setfilter(pd, &fcode) < 0) 1748 error("%s", pcap_geterr(pd)); 1749 } 1750 } 1751 } 1752 while (ret != NULL); 1753 1754 free(cmdbuf); 1755 exit(status == -1 ? 1 : 0); 1756 } 1757 1758 /* make a clean exit on interrupts */ 1759 static RETSIGTYPE 1760 cleanup(int signo _U_) 1761 { 1762 #ifdef USE_WIN32_MM_TIMER 1763 if (timer_id) 1764 timeKillEvent(timer_id); 1765 timer_id = 0; 1766 #elif defined(HAVE_ALARM) 1767 alarm(0); 1768 #endif 1769 1770 #ifdef HAVE_PCAP_BREAKLOOP 1771 /* 1772 * We have "pcap_breakloop()"; use it, so that we do as little 1773 * as possible in the signal handler (it's probably not safe 1774 * to do anything with standard I/O streams in a signal handler - 1775 * the ANSI C standard doesn't say it is). 1776 */ 1777 pcap_breakloop(pd); 1778 #else 1779 /* 1780 * We don't have "pcap_breakloop()"; this isn't safe, but 1781 * it's the best we can do. Print the summary if we're 1782 * not reading from a savefile - i.e., if we're doing a 1783 * live capture - and exit. 1784 */ 1785 if (pd != NULL && pcap_file(pd) == NULL) { 1786 /* 1787 * We got interrupted, so perhaps we didn't 1788 * manage to finish a line we were printing. 1789 * Print an extra newline, just in case. 1790 */ 1791 putchar('\n'); 1792 (void)fflush(stdout); 1793 info(1); 1794 } 1795 exit(0); 1796 #endif 1797 } 1798 1799 /* 1800 On windows, we do not use a fork, so we do not care less about 1801 waiting a child processes to die 1802 */ 1803 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1804 static RETSIGTYPE 1805 child_cleanup(int signo _U_) 1806 { 1807 wait(NULL); 1808 } 1809 #endif /* HAVE_FORK && HAVE_VFORK */ 1810 1811 static void 1812 info(register int verbose) 1813 { 1814 struct pcap_stat stat; 1815 1816 /* 1817 * Older versions of libpcap didn't set ps_ifdrop on some 1818 * platforms; initialize it to 0 to handle that. 1819 */ 1820 stat.ps_ifdrop = 0; 1821 if (pcap_stats(pd, &stat) < 0) { 1822 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); 1823 infoprint = 0; 1824 return; 1825 } 1826 1827 if (!verbose) 1828 fprintf(stderr, "%s: ", program_name); 1829 1830 (void)fprintf(stderr, "%u packet%s captured", packets_captured, 1831 PLURAL_SUFFIX(packets_captured)); 1832 if (!verbose) 1833 fputs(", ", stderr); 1834 else 1835 putc('\n', stderr); 1836 (void)fprintf(stderr, "%u packet%s received by filter", stat.ps_recv, 1837 PLURAL_SUFFIX(stat.ps_recv)); 1838 if (!verbose) 1839 fputs(", ", stderr); 1840 else 1841 putc('\n', stderr); 1842 (void)fprintf(stderr, "%u packet%s dropped by kernel", stat.ps_drop, 1843 PLURAL_SUFFIX(stat.ps_drop)); 1844 if (stat.ps_ifdrop != 0) { 1845 if (!verbose) 1846 fputs(", ", stderr); 1847 else 1848 putc('\n', stderr); 1849 (void)fprintf(stderr, "%u packet%s dropped by interface\n", 1850 stat.ps_ifdrop, PLURAL_SUFFIX(stat.ps_ifdrop)); 1851 } else 1852 putc('\n', stderr); 1853 infoprint = 0; 1854 } 1855 1856 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1857 static void 1858 compress_savefile(const char *filename) 1859 { 1860 # ifdef HAVE_FORK 1861 if (fork()) 1862 # else 1863 if (vfork()) 1864 # endif 1865 return; 1866 /* 1867 * Set to lowest priority so that this doesn't disturb the capture 1868 */ 1869 #ifdef NZERO 1870 setpriority(PRIO_PROCESS, 0, NZERO - 1); 1871 #else 1872 setpriority(PRIO_PROCESS, 0, 19); 1873 #endif 1874 if (execlp(zflag, zflag, filename, (char *)NULL) == -1) 1875 fprintf(stderr, 1876 "compress_savefile:execlp(%s, %s): %s\n", 1877 zflag, 1878 filename, 1879 strerror(errno)); 1880 # ifdef HAVE_FORK 1881 exit(1); 1882 # else 1883 _exit(1); 1884 # endif 1885 } 1886 #else /* HAVE_FORK && HAVE_VFORK */ 1887 static void 1888 compress_savefile(const char *filename) 1889 { 1890 fprintf(stderr, 1891 "compress_savefile failed. Functionality not implemented under your system\n"); 1892 } 1893 #endif /* HAVE_FORK && HAVE_VFORK */ 1894 1895 static void 1896 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1897 { 1898 struct dump_info *dump_info; 1899 #ifdef __FreeBSD__ 1900 cap_rights_t rights; 1901 #endif 1902 1903 ++packets_captured; 1904 1905 ++infodelay; 1906 1907 dump_info = (struct dump_info *)user; 1908 1909 /* 1910 * XXX - this won't force the file to rotate on the specified time 1911 * boundary, but it will rotate on the first packet received after the 1912 * specified Gflag number of seconds. Note: if a Gflag time boundary 1913 * and a Cflag size boundary coincide, the time rotation will occur 1914 * first thereby cancelling the Cflag boundary (since the file should 1915 * be 0). 1916 */ 1917 if (Gflag != 0) { 1918 /* Check if it is time to rotate */ 1919 time_t t; 1920 1921 /* Get the current time */ 1922 if ((t = time(NULL)) == (time_t)-1) { 1923 error("dump_and_trunc_packet: can't get current_time: %s", 1924 pcap_strerror(errno)); 1925 } 1926 1927 1928 /* If the time is greater than the specified window, rotate */ 1929 if (t - Gflag_time >= Gflag) { 1930 #ifdef __FreeBSD__ 1931 FILE *fp; 1932 int fd; 1933 #endif 1934 1935 /* Update the Gflag_time */ 1936 Gflag_time = t; 1937 /* Update Gflag_count */ 1938 Gflag_count++; 1939 /* 1940 * Close the current file and open a new one. 1941 */ 1942 pcap_dump_close(dump_info->p); 1943 1944 /* 1945 * Compress the file we just closed, if the user asked for it 1946 */ 1947 if (zflag != NULL) 1948 compress_savefile(dump_info->CurrentFileName); 1949 1950 /* 1951 * Check to see if we've exceeded the Wflag (when 1952 * not using Cflag). 1953 */ 1954 if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) { 1955 (void)fprintf(stderr, "Maximum file limit reached: %d\n", 1956 Wflag); 1957 exit(0); 1958 /* NOTREACHED */ 1959 } 1960 if (dump_info->CurrentFileName != NULL) 1961 free(dump_info->CurrentFileName); 1962 /* Allocate space for max filename + \0. */ 1963 dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); 1964 if (dump_info->CurrentFileName == NULL) 1965 error("dump_packet_and_trunc: malloc"); 1966 /* 1967 * This is always the first file in the Cflag 1968 * rotation: e.g. 0 1969 * We also don't need numbering if Cflag is not set. 1970 */ 1971 if (Cflag != 0) 1972 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 1973 WflagChars); 1974 else 1975 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0); 1976 1977 #ifdef HAVE_CAP_NG_H 1978 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1979 capng_apply(CAPNG_EFFECTIVE); 1980 #endif /* HAVE_CAP_NG_H */ 1981 #ifdef __FreeBSD__ 1982 fd = openat(dump_info->dirfd, 1983 dump_info->CurrentFileName, 1984 O_CREAT | O_WRONLY | O_TRUNC, 0644); 1985 if (fd < 0) { 1986 error("unable to open file %s", 1987 dump_info->CurrentFileName); 1988 } 1989 fp = fdopen(fd, "w"); 1990 if (fp == NULL) { 1991 error("unable to fdopen file %s", 1992 dump_info->CurrentFileName); 1993 } 1994 dump_info->p = pcap_dump_fopen(dump_info->pd, fp); 1995 #else /* !__FreeBSD__ */ 1996 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1997 #endif 1998 #ifdef HAVE_CAP_NG_H 1999 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 2000 capng_apply(CAPNG_EFFECTIVE); 2001 #endif /* HAVE_CAP_NG_H */ 2002 if (dump_info->p == NULL) 2003 error("%s", pcap_geterr(pd)); 2004 #ifdef __FreeBSD__ 2005 cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); 2006 if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)), 2007 &rights) < 0 && errno != ENOSYS) { 2008 error("unable to limit dump descriptor"); 2009 } 2010 #endif 2011 } 2012 } 2013 2014 /* 2015 * XXX - this won't prevent capture files from getting 2016 * larger than Cflag - the last packet written to the 2017 * file could put it over Cflag. 2018 */ 2019 if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) { 2020 #ifdef __FreeBSD__ 2021 FILE *fp; 2022 int fd; 2023 #endif 2024 2025 /* 2026 * Close the current file and open a new one. 2027 */ 2028 pcap_dump_close(dump_info->p); 2029 2030 /* 2031 * Compress the file we just closed, if the user asked for it 2032 */ 2033 if (zflag != NULL) 2034 compress_savefile(dump_info->CurrentFileName); 2035 2036 Cflag_count++; 2037 if (Wflag > 0) { 2038 if (Cflag_count >= Wflag) 2039 Cflag_count = 0; 2040 } 2041 if (dump_info->CurrentFileName != NULL) 2042 free(dump_info->CurrentFileName); 2043 dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); 2044 if (dump_info->CurrentFileName == NULL) 2045 error("dump_packet_and_trunc: malloc"); 2046 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars); 2047 #ifdef __FreeBSD__ 2048 fd = openat(dump_info->dirfd, dump_info->CurrentFileName, 2049 O_CREAT | O_WRONLY | O_TRUNC, 0644); 2050 if (fd < 0) { 2051 error("unable to open file %s", 2052 dump_info->CurrentFileName); 2053 } 2054 fp = fdopen(fd, "w"); 2055 if (fp == NULL) { 2056 error("unable to fdopen file %s", 2057 dump_info->CurrentFileName); 2058 } 2059 dump_info->p = pcap_dump_fopen(dump_info->pd, fp); 2060 #else /* !__FreeBSD__ */ 2061 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 2062 #endif 2063 if (dump_info->p == NULL) 2064 error("%s", pcap_geterr(pd)); 2065 #ifdef __FreeBSD__ 2066 cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); 2067 if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)), 2068 &rights) < 0 && errno != ENOSYS) { 2069 error("unable to limit dump descriptor"); 2070 } 2071 #endif 2072 } 2073 2074 pcap_dump((u_char *)dump_info->p, h, sp); 2075 #ifdef HAVE_PCAP_DUMP_FLUSH 2076 if (Uflag) 2077 pcap_dump_flush(dump_info->p); 2078 #endif 2079 2080 --infodelay; 2081 if (infoprint) 2082 info(0); 2083 } 2084 2085 static void 2086 dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 2087 { 2088 ++packets_captured; 2089 2090 ++infodelay; 2091 2092 pcap_dump(user, h, sp); 2093 #ifdef HAVE_PCAP_DUMP_FLUSH 2094 if (Uflag) 2095 pcap_dump_flush((pcap_dumper_t *)user); 2096 #endif 2097 2098 --infodelay; 2099 if (infoprint) 2100 info(0); 2101 } 2102 2103 static void 2104 print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 2105 { 2106 struct print_info *print_info; 2107 u_int hdrlen; 2108 2109 ++packets_captured; 2110 2111 ++infodelay; 2112 ts_print(&h->ts); 2113 2114 print_info = (struct print_info *)user; 2115 2116 /* 2117 * Some printers want to check that they're not walking off the 2118 * end of the packet. 2119 * Rather than pass it all the way down, we set this global. 2120 */ 2121 snapend = sp + h->caplen; 2122 2123 if(print_info->ndo_type) { 2124 hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp); 2125 } else { 2126 hdrlen = (*print_info->p.printer)(h, sp); 2127 } 2128 2129 if (Xflag) { 2130 /* 2131 * Print the raw packet data in hex and ASCII. 2132 */ 2133 if (Xflag > 1) { 2134 /* 2135 * Include the link-layer header. 2136 */ 2137 hex_and_ascii_print("\n\t", sp, h->caplen); 2138 } else { 2139 /* 2140 * Don't include the link-layer header - and if 2141 * we have nothing past the link-layer header, 2142 * print nothing. 2143 */ 2144 if (h->caplen > hdrlen) 2145 hex_and_ascii_print("\n\t", sp + hdrlen, 2146 h->caplen - hdrlen); 2147 } 2148 } else if (xflag) { 2149 /* 2150 * Print the raw packet data in hex. 2151 */ 2152 if (xflag > 1) { 2153 /* 2154 * Include the link-layer header. 2155 */ 2156 hex_print("\n\t", sp, h->caplen); 2157 } else { 2158 /* 2159 * Don't include the link-layer header - and if 2160 * we have nothing past the link-layer header, 2161 * print nothing. 2162 */ 2163 if (h->caplen > hdrlen) 2164 hex_print("\n\t", sp + hdrlen, 2165 h->caplen - hdrlen); 2166 } 2167 } else if (Aflag) { 2168 /* 2169 * Print the raw packet data in ASCII. 2170 */ 2171 if (Aflag > 1) { 2172 /* 2173 * Include the link-layer header. 2174 */ 2175 ascii_print(sp, h->caplen); 2176 } else { 2177 /* 2178 * Don't include the link-layer header - and if 2179 * we have nothing past the link-layer header, 2180 * print nothing. 2181 */ 2182 if (h->caplen > hdrlen) 2183 ascii_print(sp + hdrlen, h->caplen - hdrlen); 2184 } 2185 } 2186 2187 putchar('\n'); 2188 2189 --infodelay; 2190 if (infoprint) 2191 info(0); 2192 } 2193 2194 #ifdef WIN32 2195 /* 2196 * XXX - there should really be libpcap calls to get the version 2197 * number as a string (the string would be generated from #defines 2198 * at run time, so that it's not generated from string constants 2199 * in the library, as, on many UNIX systems, those constants would 2200 * be statically linked into the application executable image, and 2201 * would thus reflect the version of libpcap on the system on 2202 * which the application was *linked*, not the system on which it's 2203 * *running*. 2204 * 2205 * That routine should be documented, unlike the "version[]" 2206 * string, so that UNIX vendors providing their own libpcaps 2207 * don't omit it (as a couple of vendors have...). 2208 * 2209 * Packet.dll should perhaps also export a routine to return the 2210 * version number of the Packet.dll code, to supply the 2211 * "Wpcap_version" information on Windows. 2212 */ 2213 char WDversion[]="current-cvs.tcpdump.org"; 2214 #if !defined(HAVE_GENERATED_VERSION) 2215 char version[]="current-cvs.tcpdump.org"; 2216 #endif 2217 char pcap_version[]="current-cvs.tcpdump.org"; 2218 char Wpcap_version[]="3.1"; 2219 #endif 2220 2221 /* 2222 * By default, print the specified data out in hex and ASCII. 2223 */ 2224 static void 2225 ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length) 2226 { 2227 hex_and_ascii_print("\n\t", bp, length); /* pass on lf and identation string */ 2228 } 2229 2230 void 2231 default_print(const u_char *bp, u_int length) 2232 { 2233 ndo_default_print(gndo, bp, length); 2234 } 2235 2236 #ifdef SIGNAL_REQ_INFO 2237 RETSIGTYPE requestinfo(int signo _U_) 2238 { 2239 if (infodelay) 2240 ++infoprint; 2241 else 2242 info(0); 2243 } 2244 #endif 2245 2246 /* 2247 * Called once each second in verbose mode while dumping to file 2248 */ 2249 #ifdef USE_WIN32_MM_TIMER 2250 void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_, 2251 DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_) 2252 { 2253 struct pcap_stat stat; 2254 2255 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 2256 fprintf(stderr, "Got %u\r", packets_captured); 2257 } 2258 #elif defined(HAVE_ALARM) 2259 static void verbose_stats_dump(int sig _U_) 2260 { 2261 struct pcap_stat stat; 2262 2263 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 2264 fprintf(stderr, "Got %u\r", packets_captured); 2265 alarm(1); 2266 } 2267 #endif 2268 2269 static void 2270 usage(void) 2271 { 2272 extern char version[]; 2273 #ifndef HAVE_PCAP_LIB_VERSION 2274 #if defined(WIN32) || defined(HAVE_PCAP_VERSION) 2275 extern char pcap_version[]; 2276 #else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 2277 static char pcap_version[] = "unknown"; 2278 #endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 2279 #endif /* HAVE_PCAP_LIB_VERSION */ 2280 2281 #ifdef HAVE_PCAP_LIB_VERSION 2282 #ifdef WIN32 2283 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 2284 #else /* WIN32 */ 2285 (void)fprintf(stderr, "%s version %s\n", program_name, version); 2286 #endif /* WIN32 */ 2287 (void)fprintf(stderr, "%s\n",pcap_lib_version()); 2288 #else /* HAVE_PCAP_LIB_VERSION */ 2289 #ifdef WIN32 2290 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 2291 (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version); 2292 #else /* WIN32 */ 2293 (void)fprintf(stderr, "%s version %s\n", program_name, version); 2294 (void)fprintf(stderr, "libpcap version %s\n", pcap_version); 2295 #endif /* WIN32 */ 2296 #endif /* HAVE_PCAP_LIB_VERSION */ 2297 (void)fprintf(stderr, 2298 "Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name); 2299 (void)fprintf(stderr, 2300 "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n"); 2301 (void)fprintf(stderr, 2302 "\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ]\n"); 2303 (void)fprintf(stderr, 2304 "\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]\n"); 2305 (void)fprintf(stderr, 2306 "\t\t[ -W filecount ] [ -y datalinktype ] [ -z command ]\n"); 2307 (void)fprintf(stderr, 2308 "\t\t[ -Z user ] [ expression ]\n"); 2309 exit(1); 2310 } 2311 2312 2313 2314 /* VARARGS */ 2315 static void 2316 ndo_error(netdissect_options *ndo _U_, const char *fmt, ...) 2317 { 2318 va_list ap; 2319 2320 (void)fprintf(stderr, "%s: ", program_name); 2321 va_start(ap, fmt); 2322 (void)vfprintf(stderr, fmt, ap); 2323 va_end(ap); 2324 if (*fmt) { 2325 fmt += strlen(fmt); 2326 if (fmt[-1] != '\n') 2327 (void)fputc('\n', stderr); 2328 } 2329 exit(1); 2330 /* NOTREACHED */ 2331 } 2332 2333 /* VARARGS */ 2334 static void 2335 ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...) 2336 { 2337 va_list ap; 2338 2339 (void)fprintf(stderr, "%s: WARNING: ", program_name); 2340 va_start(ap, fmt); 2341 (void)vfprintf(stderr, fmt, ap); 2342 va_end(ap); 2343 if (*fmt) { 2344 fmt += strlen(fmt); 2345 if (fmt[-1] != '\n') 2346 (void)fputc('\n', stderr); 2347 } 2348 } 2349