1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Support for splitting captures into multiple files with a maximum 22 * file size: 23 * 24 * Copyright (c) 2001 25 * Seth Webster <swebster@sst.ll.mit.edu> 26 */ 27 28 #ifndef lint 29 static const char copyright[] _U_ = 30 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ 31 The Regents of the University of California. All rights reserved.\n"; 32 static const char rcsid[] _U_ = 33 "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp $ (LBL)"; 34 #endif 35 36 /* $FreeBSD$ */ 37 38 /* 39 * tcpdump - monitor tcp/ip traffic on an ethernet. 40 * 41 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. 42 * Mercilessly hacked and occasionally improved since then via the 43 * combined efforts of Van, Steve McCanne and Craig Leres of LBL. 44 */ 45 46 #ifdef HAVE_CONFIG_H 47 #include "config.h" 48 #endif 49 50 #include <tcpdump-stdinc.h> 51 52 #ifdef WIN32 53 #include "getopt.h" 54 #include "w32_fzs.h" 55 extern int strcasecmp (const char *__s1, const char *__s2); 56 extern int SIZE_BUF; 57 #define off_t long 58 #define uint UINT 59 #endif /* WIN32 */ 60 61 #ifdef HAVE_SMI_H 62 #include <smi.h> 63 #endif 64 65 #include <pcap.h> 66 #include <signal.h> 67 #include <stdio.h> 68 #include <stdlib.h> 69 #include <string.h> 70 #include <limits.h> 71 #ifndef WIN32 72 #include <sys/wait.h> 73 #include <sys/resource.h> 74 #include <pwd.h> 75 #include <grp.h> 76 #include <errno.h> 77 #endif /* WIN32 */ 78 79 80 #include "netdissect.h" 81 #include "interface.h" 82 #include "addrtoname.h" 83 #include "machdep.h" 84 #include "setsignal.h" 85 #include "gmt2local.h" 86 #include "pcap-missing.h" 87 88 #ifndef NAME_MAX 89 #define NAME_MAX 255 90 #endif 91 92 netdissect_options Gndo; 93 netdissect_options *gndo = &Gndo; 94 95 static int dflag; /* print filter code */ 96 static int Lflag; /* list available data link types and exit */ 97 static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */ 98 99 static int infodelay; 100 static int infoprint; 101 102 char *program_name; 103 104 int32_t thiszone; /* seconds offset from gmt to local time */ 105 106 /* Forwards */ 107 static RETSIGTYPE cleanup(int); 108 static RETSIGTYPE child_cleanup(int); 109 static void usage(void) __attribute__((noreturn)); 110 static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn)); 111 112 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 113 static void ndo_default_print(netdissect_options *, const u_char *, u_int); 114 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); 115 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 116 static void droproot(const char *, const char *); 117 static void ndo_error(netdissect_options *ndo, const char *fmt, ...); 118 static void ndo_warning(netdissect_options *ndo, const char *fmt, ...); 119 120 #ifdef SIGINFO 121 RETSIGTYPE requestinfo(int); 122 #endif 123 124 #if defined(USE_WIN32_MM_TIMER) 125 #include <MMsystem.h> 126 static UINT timer_id; 127 static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR); 128 #elif defined(HAVE_ALARM) 129 static void verbose_stats_dump(int sig); 130 #endif 131 132 static void info(int); 133 static u_int packets_captured; 134 135 typedef u_int (*if_printer)(const struct pcap_pkthdr *, const u_char *); 136 typedef u_int (*if_ndo_printer)(struct netdissect_options *ndo, 137 const struct pcap_pkthdr *, const u_char *); 138 139 struct printer { 140 if_printer f; 141 int type; 142 }; 143 144 145 struct ndo_printer { 146 if_ndo_printer f; 147 int type; 148 }; 149 150 151 static struct printer printers[] = { 152 { arcnet_if_print, DLT_ARCNET }, 153 #ifdef DLT_ARCNET_LINUX 154 { arcnet_linux_if_print, DLT_ARCNET_LINUX }, 155 #endif 156 { ether_if_print, DLT_EN10MB }, 157 { token_if_print, DLT_IEEE802 }, 158 #ifdef DLT_LANE8023 159 { lane_if_print, DLT_LANE8023 }, 160 #endif 161 #ifdef DLT_CIP 162 { cip_if_print, DLT_CIP }, 163 #endif 164 #ifdef DLT_ATM_CLIP 165 { cip_if_print, DLT_ATM_CLIP }, 166 #endif 167 { sl_if_print, DLT_SLIP }, 168 #ifdef DLT_SLIP_BSDOS 169 { sl_bsdos_if_print, DLT_SLIP_BSDOS }, 170 #endif 171 { ppp_if_print, DLT_PPP }, 172 #ifdef DLT_PPP_WITHDIRECTION 173 { ppp_if_print, DLT_PPP_WITHDIRECTION }, 174 #endif 175 #ifdef DLT_PPP_BSDOS 176 { ppp_bsdos_if_print, DLT_PPP_BSDOS }, 177 #endif 178 { fddi_if_print, DLT_FDDI }, 179 { null_if_print, DLT_NULL }, 180 #ifdef DLT_LOOP 181 { null_if_print, DLT_LOOP }, 182 #endif 183 { raw_if_print, DLT_RAW }, 184 { atm_if_print, DLT_ATM_RFC1483 }, 185 #ifdef DLT_C_HDLC 186 { chdlc_if_print, DLT_C_HDLC }, 187 #endif 188 #ifdef DLT_HDLC 189 { chdlc_if_print, DLT_HDLC }, 190 #endif 191 #ifdef DLT_PPP_SERIAL 192 { ppp_hdlc_if_print, DLT_PPP_SERIAL }, 193 #endif 194 #ifdef DLT_PPP_ETHER 195 { pppoe_if_print, DLT_PPP_ETHER }, 196 #endif 197 #ifdef DLT_LINUX_SLL 198 { sll_if_print, DLT_LINUX_SLL }, 199 #endif 200 #ifdef DLT_IEEE802_11 201 { ieee802_11_if_print, DLT_IEEE802_11}, 202 #endif 203 #ifdef DLT_LTALK 204 { ltalk_if_print, DLT_LTALK }, 205 #endif 206 #if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H) 207 { pflog_if_print, DLT_PFLOG }, 208 #endif 209 #ifdef DLT_FR 210 { fr_if_print, DLT_FR }, 211 #endif 212 #ifdef DLT_FRELAY 213 { fr_if_print, DLT_FRELAY }, 214 #endif 215 #ifdef DLT_SUNATM 216 { sunatm_if_print, DLT_SUNATM }, 217 #endif 218 #ifdef DLT_IP_OVER_FC 219 { ipfc_if_print, DLT_IP_OVER_FC }, 220 #endif 221 #ifdef DLT_PRISM_HEADER 222 { prism_if_print, DLT_PRISM_HEADER }, 223 #endif 224 #ifdef DLT_IEEE802_11_RADIO 225 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, 226 #endif 227 #ifdef DLT_ENC 228 { enc_if_print, DLT_ENC }, 229 #endif 230 #ifdef DLT_SYMANTEC_FIREWALL 231 { symantec_if_print, DLT_SYMANTEC_FIREWALL }, 232 #endif 233 #ifdef DLT_APPLE_IP_OVER_IEEE1394 234 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, 235 #endif 236 #ifdef DLT_IEEE802_11_RADIO_AVS 237 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, 238 #endif 239 #ifdef DLT_JUNIPER_ATM1 240 { juniper_atm1_print, DLT_JUNIPER_ATM1 }, 241 #endif 242 #ifdef DLT_JUNIPER_ATM2 243 { juniper_atm2_print, DLT_JUNIPER_ATM2 }, 244 #endif 245 #ifdef DLT_JUNIPER_MFR 246 { juniper_mfr_print, DLT_JUNIPER_MFR }, 247 #endif 248 #ifdef DLT_JUNIPER_MLFR 249 { juniper_mlfr_print, DLT_JUNIPER_MLFR }, 250 #endif 251 #ifdef DLT_JUNIPER_MLPPP 252 { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, 253 #endif 254 #ifdef DLT_JUNIPER_PPPOE 255 { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, 256 #endif 257 #ifdef DLT_JUNIPER_PPPOE_ATM 258 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, 259 #endif 260 #ifdef DLT_JUNIPER_GGSN 261 { juniper_ggsn_print, DLT_JUNIPER_GGSN }, 262 #endif 263 #ifdef DLT_JUNIPER_ES 264 { juniper_es_print, DLT_JUNIPER_ES }, 265 #endif 266 #ifdef DLT_JUNIPER_MONITOR 267 { juniper_monitor_print, DLT_JUNIPER_MONITOR }, 268 #endif 269 #ifdef DLT_JUNIPER_SERVICES 270 { juniper_services_print, DLT_JUNIPER_SERVICES }, 271 #endif 272 #ifdef DLT_JUNIPER_ETHER 273 { juniper_ether_print, DLT_JUNIPER_ETHER }, 274 #endif 275 #ifdef DLT_JUNIPER_PPP 276 { juniper_ppp_print, DLT_JUNIPER_PPP }, 277 #endif 278 #ifdef DLT_JUNIPER_FRELAY 279 { juniper_frelay_print, DLT_JUNIPER_FRELAY }, 280 #endif 281 #ifdef DLT_JUNIPER_CHDLC 282 { juniper_chdlc_print, DLT_JUNIPER_CHDLC }, 283 #endif 284 #ifdef DLT_MFR 285 { mfr_if_print, DLT_MFR }, 286 #endif 287 #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H) 288 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, 289 #endif 290 #ifdef HAVE_PCAP_USB_H 291 #ifdef DLT_USB_LINUX 292 { usb_linux_48_byte_print, DLT_USB_LINUX}, 293 #endif /* DLT_USB_LINUX */ 294 #ifdef DLT_USB_LINUX_MMAPPED 295 { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED}, 296 #endif /* DLT_USB_LINUX_MMAPPED */ 297 #endif /* HAVE_PCAP_USB_H */ 298 #ifdef DLT_IPV4 299 { raw_if_print, DLT_IPV4 }, 300 #endif 301 #ifdef DLT_IPV6 302 { raw_if_print, DLT_IPV6 }, 303 #endif 304 { NULL, 0 }, 305 }; 306 307 static struct ndo_printer ndo_printers[] = { 308 #ifdef DLT_IPNET 309 { ipnet_if_print, DLT_IPNET }, 310 #endif 311 { NULL, 0 }, 312 }; 313 314 static if_printer 315 lookup_printer(int type) 316 { 317 struct printer *p; 318 319 for (p = printers; p->f; ++p) 320 if (type == p->type) 321 return p->f; 322 323 return NULL; 324 /* NOTREACHED */ 325 } 326 327 static if_ndo_printer 328 lookup_ndo_printer(int type) 329 { 330 struct ndo_printer *p; 331 332 for (p = ndo_printers; p->f; ++p) 333 if (type == p->type) 334 return p->f; 335 336 return NULL; 337 /* NOTREACHED */ 338 } 339 340 static pcap_t *pd; 341 342 static int supports_monitor_mode; 343 344 extern int optind; 345 extern int opterr; 346 extern char *optarg; 347 348 struct print_info { 349 netdissect_options *ndo; 350 union { 351 if_printer printer; 352 if_ndo_printer ndo_printer; 353 } p; 354 int ndo_type; 355 }; 356 357 struct dump_info { 358 char *WFileName; 359 char *CurrentFileName; 360 pcap_t *pd; 361 pcap_dumper_t *p; 362 }; 363 364 static void 365 show_dlts_and_exit(const char *device, pcap_t *pd) 366 { 367 int n_dlts; 368 int *dlts = 0; 369 const char *dlt_name; 370 371 n_dlts = pcap_list_datalinks(pd, &dlts); 372 if (n_dlts < 0) 373 error("%s", pcap_geterr(pd)); 374 else if (n_dlts == 0 || !dlts) 375 error("No data link types."); 376 377 /* 378 * If the interface is known to support monitor mode, indicate 379 * whether these are the data link types available when not in 380 * monitor mode, if -I wasn't specified, or when in monitor mode, 381 * when -I was specified (the link-layer types available in 382 * monitor mode might be different from the ones available when 383 * not in monitor mode). 384 */ 385 if (supports_monitor_mode) 386 (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n", 387 device, 388 Iflag ? "when in monitor mode" : "when not in monitor mode"); 389 else 390 (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n", 391 device); 392 393 while (--n_dlts >= 0) { 394 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]); 395 if (dlt_name != NULL) { 396 (void) fprintf(stderr, " %s (%s)", dlt_name, 397 pcap_datalink_val_to_description(dlts[n_dlts])); 398 399 /* 400 * OK, does tcpdump handle that type? 401 */ 402 if (lookup_printer(dlts[n_dlts]) == NULL 403 && lookup_ndo_printer(dlts[n_dlts]) == NULL) 404 (void) fprintf(stderr, " (printing not supported)"); 405 putchar('\n'); 406 } else { 407 (void) fprintf(stderr, " DLT %d (printing not supported)\n", 408 dlts[n_dlts]); 409 } 410 } 411 free(dlts); 412 exit(0); 413 } 414 415 /* 416 * Set up flags that might or might not be supported depending on the 417 * version of libpcap we're using. 418 */ 419 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 420 #define B_FLAG "B:" 421 #define B_FLAG_USAGE " [ -B size ]" 422 #else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 423 #define B_FLAG 424 #define B_FLAG_USAGE 425 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 426 427 #ifdef HAVE_PCAP_CREATE 428 #define I_FLAG "I" 429 #else /* HAVE_PCAP_CREATE */ 430 #define I_FLAG 431 #endif /* HAVE_PCAP_CREATE */ 432 433 #ifdef HAVE_PCAP_FINDALLDEVS 434 #ifndef HAVE_PCAP_IF_T 435 #undef HAVE_PCAP_FINDALLDEVS 436 #endif 437 #endif 438 439 #ifdef HAVE_PCAP_FINDALLDEVS 440 #define D_FLAG "D" 441 #else 442 #define D_FLAG 443 #endif 444 445 #ifdef HAVE_PCAP_DUMP_FLUSH 446 #define U_FLAG "U" 447 #else 448 #define U_FLAG 449 #endif 450 451 #ifndef WIN32 452 /* Drop root privileges and chroot if necessary */ 453 static void 454 droproot(const char *username, const char *chroot_dir) 455 { 456 struct passwd *pw = NULL; 457 458 if (chroot_dir && !username) { 459 fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); 460 exit(1); 461 } 462 463 pw = getpwnam(username); 464 if (pw) { 465 if (chroot_dir) { 466 if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { 467 fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", 468 chroot_dir, pcap_strerror(errno)); 469 exit(1); 470 } 471 } 472 if (initgroups(pw->pw_name, pw->pw_gid) != 0 || 473 setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { 474 fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", 475 username, 476 (unsigned long)pw->pw_uid, 477 (unsigned long)pw->pw_gid, 478 pcap_strerror(errno)); 479 exit(1); 480 } 481 } 482 else { 483 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", 484 username); 485 exit(1); 486 } 487 } 488 #endif /* WIN32 */ 489 490 static int 491 getWflagChars(int x) 492 { 493 int c = 0; 494 495 x -= 1; 496 while (x > 0) { 497 c += 1; 498 x /= 10; 499 } 500 501 return c; 502 } 503 504 505 static void 506 MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars) 507 { 508 char *filename = malloc(NAME_MAX + 1); 509 510 /* Process with strftime if Gflag is set. */ 511 if (Gflag != 0) { 512 struct tm *local_tm; 513 514 /* Convert Gflag_time to a usable format */ 515 if ((local_tm = localtime(&Gflag_time)) == NULL) { 516 error("MakeTimedFilename: localtime"); 517 } 518 519 /* There's no good way to detect an error in strftime since a return 520 * value of 0 isn't necessarily failure. 521 */ 522 strftime(filename, NAME_MAX, orig_name, local_tm); 523 } else { 524 strncpy(filename, orig_name, NAME_MAX); 525 } 526 527 if (cnt == 0 && max_chars == 0) 528 strncpy(buffer, filename, NAME_MAX + 1); 529 else 530 if (snprintf(buffer, NAME_MAX + 1, "%s%0*d", filename, max_chars, cnt) > NAME_MAX) 531 /* Report an error if the filename is too large */ 532 error("too many output files or filename is too long (> %d)", NAME_MAX); 533 free(filename); 534 } 535 536 static int tcpdump_printf(netdissect_options *ndo _U_, 537 const char *fmt, ...) 538 { 539 540 va_list args; 541 int ret; 542 543 va_start(args, fmt); 544 ret=vfprintf(stdout, fmt, args); 545 va_end(args); 546 547 return ret; 548 } 549 550 int 551 main(int argc, char **argv) 552 { 553 register int cnt, op, i; 554 bpf_u_int32 localnet, netmask; 555 register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName; 556 pcap_handler callback; 557 int type; 558 struct bpf_program fcode; 559 #ifndef WIN32 560 RETSIGTYPE (*oldhandler)(int); 561 #endif 562 struct print_info printinfo; 563 struct dump_info dumpinfo; 564 u_char *pcap_userdata; 565 char ebuf[PCAP_ERRBUF_SIZE]; 566 char *username = NULL; 567 char *chroot_dir = NULL; 568 #ifdef HAVE_PCAP_FINDALLDEVS 569 pcap_if_t *devpointer; 570 int devnum; 571 #endif 572 int status; 573 #ifdef WIN32 574 if(wsockinit() != 0) return 1; 575 #endif /* WIN32 */ 576 577 gndo->ndo_Oflag=1; 578 gndo->ndo_Rflag=1; 579 gndo->ndo_dlt=-1; 580 gndo->ndo_default_print=ndo_default_print; 581 gndo->ndo_printf=tcpdump_printf; 582 gndo->ndo_error=ndo_error; 583 gndo->ndo_warning=ndo_warning; 584 gndo->ndo_snaplen = DEFAULT_SNAPLEN; 585 586 cnt = -1; 587 device = NULL; 588 infile = NULL; 589 RFileName = NULL; 590 WFileName = NULL; 591 if ((cp = strrchr(argv[0], '/')) != NULL) 592 program_name = cp + 1; 593 else 594 program_name = argv[0]; 595 596 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) 597 error("%s", ebuf); 598 599 #ifdef LIBSMI 600 smiInit("tcpdump"); 601 #endif 602 603 opterr = 0; 604 while ( 605 (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1) 606 switch (op) { 607 608 case 'a': 609 /* compatibility for old -a */ 610 break; 611 612 case 'A': 613 ++Aflag; 614 break; 615 616 case 'b': 617 ++bflag; 618 break; 619 620 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 621 case 'B': 622 Bflag = atoi(optarg)*1024; 623 if (Bflag <= 0) 624 error("invalid packet buffer size %s", optarg); 625 break; 626 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 627 628 case 'c': 629 cnt = atoi(optarg); 630 if (cnt <= 0) 631 error("invalid packet count %s", optarg); 632 break; 633 634 case 'C': 635 Cflag = atoi(optarg) * 1000000; 636 if (Cflag < 0) 637 error("invalid file size %s", optarg); 638 break; 639 640 case 'd': 641 ++dflag; 642 break; 643 644 #ifdef HAVE_PCAP_FINDALLDEVS 645 case 'D': 646 if (pcap_findalldevs(&devpointer, ebuf) < 0) 647 error("%s", ebuf); 648 else { 649 for (i = 0; devpointer != 0; i++) { 650 printf("%d.%s", i+1, devpointer->name); 651 if (devpointer->description != NULL) 652 printf(" (%s)", devpointer->description); 653 printf("\n"); 654 devpointer = devpointer->next; 655 } 656 } 657 return 0; 658 #endif /* HAVE_PCAP_FINDALLDEVS */ 659 660 case 'L': 661 Lflag++; 662 break; 663 664 case 'e': 665 ++eflag; 666 break; 667 668 case 'E': 669 #ifndef HAVE_LIBCRYPTO 670 warning("crypto code not compiled in"); 671 #endif 672 gndo->ndo_espsecret = optarg; 673 break; 674 675 case 'f': 676 ++fflag; 677 break; 678 679 case 'F': 680 infile = optarg; 681 break; 682 683 case 'G': 684 Gflag = atoi(optarg); 685 if (Gflag < 0) 686 error("invalid number of seconds %s", optarg); 687 688 /* We will create one file initially. */ 689 Gflag_count = 0; 690 691 /* Grab the current time for rotation use. */ 692 if ((Gflag_time = time(NULL)) == (time_t)-1) { 693 error("main: can't get current time: %s", 694 pcap_strerror(errno)); 695 } 696 break; 697 698 case 'i': 699 if (optarg[0] == '0' && optarg[1] == 0) 700 error("Invalid adapter index"); 701 702 #ifdef HAVE_PCAP_FINDALLDEVS 703 /* 704 * If the argument is a number, treat it as 705 * an index into the list of adapters, as 706 * printed by "tcpdump -D". 707 * 708 * This should be OK on UNIX systems, as interfaces 709 * shouldn't have names that begin with digits. 710 * It can be useful on Windows, where more than 711 * one interface can have the same name. 712 */ 713 if ((devnum = atoi(optarg)) != 0) { 714 if (devnum < 0) 715 error("Invalid adapter index"); 716 717 if (pcap_findalldevs(&devpointer, ebuf) < 0) 718 error("%s", ebuf); 719 else { 720 /* 721 * Look for the devnum-th entry 722 * in the list of devices 723 * (1-based). 724 */ 725 for (i = 0; 726 i < devnum-1 && devpointer != NULL; 727 i++, devpointer = devpointer->next) 728 ; 729 if (devpointer == NULL) 730 error("Invalid adapter index"); 731 } 732 device = devpointer->name; 733 break; 734 } 735 #endif /* HAVE_PCAP_FINDALLDEVS */ 736 device = optarg; 737 break; 738 739 #ifdef HAVE_PCAP_CREATE 740 case 'I': 741 ++Iflag; 742 break; 743 #endif /* HAVE_PCAP_CREATE */ 744 745 case 'l': 746 #ifdef WIN32 747 /* 748 * _IOLBF is the same as _IOFBF in Microsoft's C 749 * libraries; the only alternative they offer 750 * is _IONBF. 751 * 752 * XXX - this should really be checking for MSVC++, 753 * not WIN32, if, for example, MinGW has its own 754 * C library that is more UNIX-compatible. 755 */ 756 setvbuf(stdout, NULL, _IONBF, 0); 757 #else /* WIN32 */ 758 #ifdef HAVE_SETLINEBUF 759 setlinebuf(stdout); 760 #else 761 setvbuf(stdout, NULL, _IOLBF, 0); 762 #endif 763 #endif /* WIN32 */ 764 break; 765 766 case 'K': 767 ++Kflag; 768 break; 769 770 case 'm': 771 #ifdef LIBSMI 772 if (smiLoadModule(optarg) == 0) { 773 error("could not load MIB module %s", optarg); 774 } 775 sflag = 1; 776 #else 777 (void)fprintf(stderr, "%s: ignoring option `-m %s' ", 778 program_name, optarg); 779 (void)fprintf(stderr, "(no libsmi support)\n"); 780 #endif 781 break; 782 783 case 'M': 784 /* TCP-MD5 shared secret */ 785 #ifndef HAVE_LIBCRYPTO 786 warning("crypto code not compiled in"); 787 #endif 788 sigsecret = optarg; 789 break; 790 791 case 'n': 792 ++nflag; 793 break; 794 795 case 'N': 796 ++Nflag; 797 break; 798 799 case 'O': 800 Oflag = 0; 801 break; 802 803 case 'p': 804 ++pflag; 805 break; 806 807 case 'q': 808 ++qflag; 809 ++suppress_default_print; 810 break; 811 812 case 'r': 813 RFileName = optarg; 814 break; 815 816 case 'R': 817 Rflag = 0; 818 break; 819 820 case 's': { 821 char *end; 822 823 snaplen = strtol(optarg, &end, 0); 824 if (optarg == end || *end != '\0' 825 || snaplen < 0 || snaplen > MAXIMUM_SNAPLEN) 826 error("invalid snaplen %s", optarg); 827 else if (snaplen == 0) 828 snaplen = MAXIMUM_SNAPLEN; 829 break; 830 } 831 832 case 'S': 833 ++Sflag; 834 break; 835 836 case 't': 837 ++tflag; 838 break; 839 840 case 'T': 841 if (strcasecmp(optarg, "vat") == 0) 842 packettype = PT_VAT; 843 else if (strcasecmp(optarg, "wb") == 0) 844 packettype = PT_WB; 845 else if (strcasecmp(optarg, "rpc") == 0) 846 packettype = PT_RPC; 847 else if (strcasecmp(optarg, "rtp") == 0) 848 packettype = PT_RTP; 849 else if (strcasecmp(optarg, "rtcp") == 0) 850 packettype = PT_RTCP; 851 else if (strcasecmp(optarg, "snmp") == 0) 852 packettype = PT_SNMP; 853 else if (strcasecmp(optarg, "cnfp") == 0) 854 packettype = PT_CNFP; 855 else if (strcasecmp(optarg, "tftp") == 0) 856 packettype = PT_TFTP; 857 else if (strcasecmp(optarg, "aodv") == 0) 858 packettype = PT_AODV; 859 else 860 error("unknown packet type `%s'", optarg); 861 break; 862 863 case 'u': 864 ++uflag; 865 break; 866 867 #ifdef HAVE_PCAP_DUMP_FLUSH 868 case 'U': 869 ++Uflag; 870 break; 871 #endif 872 873 case 'v': 874 ++vflag; 875 break; 876 877 case 'w': 878 WFileName = optarg; 879 break; 880 881 case 'W': 882 Wflag = atoi(optarg); 883 if (Wflag < 0) 884 error("invalid number of output files %s", optarg); 885 WflagChars = getWflagChars(Wflag); 886 break; 887 888 case 'x': 889 ++xflag; 890 ++suppress_default_print; 891 break; 892 893 case 'X': 894 ++Xflag; 895 ++suppress_default_print; 896 break; 897 898 case 'y': 899 gndo->ndo_dltname = optarg; 900 gndo->ndo_dlt = 901 pcap_datalink_name_to_val(gndo->ndo_dltname); 902 if (gndo->ndo_dlt < 0) 903 error("invalid data link type %s", gndo->ndo_dltname); 904 break; 905 906 #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) 907 case 'Y': 908 { 909 /* Undocumented flag */ 910 #ifdef HAVE_PCAP_DEBUG 911 extern int pcap_debug; 912 pcap_debug = 1; 913 #else 914 extern int yydebug; 915 yydebug = 1; 916 #endif 917 } 918 break; 919 #endif 920 case 'z': 921 if (optarg) { 922 zflag = strdup(optarg); 923 } else { 924 usage(); 925 /* NOTREACHED */ 926 } 927 break; 928 929 case 'Z': 930 if (optarg) { 931 username = strdup(optarg); 932 } 933 else { 934 usage(); 935 /* NOTREACHED */ 936 } 937 break; 938 939 default: 940 usage(); 941 /* NOTREACHED */ 942 } 943 944 switch (tflag) { 945 946 case 0: /* Default */ 947 case 4: /* Default + Date*/ 948 thiszone = gmt2local(0); 949 break; 950 951 case 1: /* No time stamp */ 952 case 2: /* Unix timeval style */ 953 case 3: /* Microseconds since previous packet */ 954 case 5: /* Microseconds since first packet */ 955 break; 956 957 default: /* Not supported */ 958 error("only -t, -tt, -ttt, -tttt and -ttttt are supported"); 959 break; 960 } 961 962 #ifdef WITH_CHROOT 963 /* if run as root, prepare for chrooting */ 964 if (getuid() == 0 || geteuid() == 0) { 965 /* future extensibility for cmd-line arguments */ 966 if (!chroot_dir) 967 chroot_dir = WITH_CHROOT; 968 } 969 #endif 970 971 #ifdef WITH_USER 972 /* if run as root, prepare for dropping root privileges */ 973 if (getuid() == 0 || geteuid() == 0) { 974 /* Run with '-Z root' to restore old behaviour */ 975 if (!username) 976 username = WITH_USER; 977 } 978 #endif 979 980 if (RFileName != NULL) { 981 int dlt; 982 const char *dlt_name; 983 984 #ifndef WIN32 985 /* 986 * We don't need network access, so relinquish any set-UID 987 * or set-GID privileges we have (if any). 988 * 989 * We do *not* want set-UID privileges when opening a 990 * trace file, as that might let the user read other 991 * people's trace files (especially if we're set-UID 992 * root). 993 */ 994 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 ) 995 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 996 #endif /* WIN32 */ 997 pd = pcap_open_offline(RFileName, ebuf); 998 if (pd == NULL) 999 error("%s", ebuf); 1000 dlt = pcap_datalink(pd); 1001 dlt_name = pcap_datalink_val_to_name(dlt); 1002 if (dlt_name == NULL) { 1003 fprintf(stderr, "reading from file %s, link-type %u\n", 1004 RFileName, dlt); 1005 } else { 1006 fprintf(stderr, 1007 "reading from file %s, link-type %s (%s)\n", 1008 RFileName, dlt_name, 1009 pcap_datalink_val_to_description(dlt)); 1010 } 1011 localnet = 0; 1012 netmask = 0; 1013 if (fflag != 0) 1014 error("-f and -r options are incompatible"); 1015 } else { 1016 if (device == NULL) { 1017 device = pcap_lookupdev(ebuf); 1018 if (device == NULL) 1019 error("%s", ebuf); 1020 } 1021 #ifdef WIN32 1022 if(strlen(device) == 1) //we assume that an ASCII string is always longer than 1 char 1023 { //a Unicode string has a \0 as second byte (so strlen() is 1) 1024 fprintf(stderr, "%s: listening on %ws\n", program_name, device); 1025 } 1026 else 1027 { 1028 fprintf(stderr, "%s: listening on %s\n", program_name, device); 1029 } 1030 1031 fflush(stderr); 1032 #endif /* WIN32 */ 1033 #ifdef HAVE_PCAP_CREATE 1034 pd = pcap_create(device, ebuf); 1035 if (pd == NULL) 1036 error("%s", ebuf); 1037 /* 1038 * Is this an interface that supports monitor mode? 1039 */ 1040 if (pcap_can_set_rfmon(pd) == 1) 1041 supports_monitor_mode = 1; 1042 else 1043 supports_monitor_mode = 0; 1044 status = pcap_set_snaplen(pd, snaplen); 1045 if (status != 0) 1046 error("%s: pcap_set_snaplen failed: %s", 1047 device, pcap_statustostr(status)); 1048 status = pcap_set_promisc(pd, !pflag); 1049 if (status != 0) 1050 error("%s: pcap_set_promisc failed: %s", 1051 device, pcap_statustostr(status)); 1052 if (Iflag) { 1053 status = pcap_set_rfmon(pd, 1); 1054 if (status != 0) 1055 error("%s: pcap_set_rfmon failed: %s", 1056 device, pcap_statustostr(status)); 1057 } 1058 status = pcap_set_timeout(pd, 1000); 1059 if (status != 0) 1060 error("%s: pcap_set_timeout failed: %s", 1061 device, pcap_statustostr(status)); 1062 if (Bflag != 0) { 1063 status = pcap_set_buffer_size(pd, Bflag); 1064 if (status != 0) 1065 error("%s: pcap_set_buffer_size failed: %s", 1066 device, pcap_statustostr(status)); 1067 } 1068 status = pcap_activate(pd); 1069 if (status < 0) { 1070 /* 1071 * pcap_activate() failed. 1072 */ 1073 cp = pcap_geterr(pd); 1074 if (status == PCAP_ERROR) 1075 error("%s", cp); 1076 else if ((status == PCAP_ERROR_NO_SUCH_DEVICE || 1077 status == PCAP_ERROR_PERM_DENIED) && 1078 *cp != '\0') 1079 error("%s: %s\n(%s)", device, 1080 pcap_statustostr(status), cp); 1081 else 1082 error("%s: %s", device, 1083 pcap_statustostr(status)); 1084 } else if (status > 0) { 1085 /* 1086 * pcap_activate() succeeded, but it's warning us 1087 * of a problem it had. 1088 */ 1089 cp = pcap_geterr(pd); 1090 if (status == PCAP_WARNING) 1091 warning("%s", cp); 1092 else if (status == PCAP_WARNING_PROMISC_NOTSUP && 1093 *cp != '\0') 1094 warning("%s: %s\n(%s)", device, 1095 pcap_statustostr(status), cp); 1096 else 1097 warning("%s: %s", device, 1098 pcap_statustostr(status)); 1099 } 1100 #else 1101 *ebuf = '\0'; 1102 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); 1103 if (pd == NULL) 1104 error("%s", ebuf); 1105 else if (*ebuf) 1106 warning("%s", ebuf); 1107 #endif /* HAVE_PCAP_CREATE */ 1108 /* 1109 * Let user own process after socket has been opened. 1110 */ 1111 #ifndef WIN32 1112 if (setgid(getgid()) != 0 || setuid(getuid()) != 0) 1113 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1114 #endif /* WIN32 */ 1115 #if !defined(HAVE_PCAP_CREATE) && defined(WIN32) 1116 if(Bflag != 0) 1117 if(pcap_setbuff(pd, Bflag)==-1){ 1118 error("%s", pcap_geterr(pd)); 1119 } 1120 #endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */ 1121 if (Lflag) 1122 show_dlts_and_exit(device, pd); 1123 if (gndo->ndo_dlt >= 0) { 1124 #ifdef HAVE_PCAP_SET_DATALINK 1125 if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0) 1126 error("%s", pcap_geterr(pd)); 1127 #else 1128 /* 1129 * We don't actually support changing the 1130 * data link type, so we only let them 1131 * set it to what it already is. 1132 */ 1133 if (gndo->ndo_dlt != pcap_datalink(pd)) { 1134 error("%s is not one of the DLTs supported by this device\n", 1135 gndo->ndo_dltname); 1136 } 1137 #endif 1138 (void)fprintf(stderr, "%s: data link type %s\n", 1139 program_name, gndo->ndo_dltname); 1140 (void)fflush(stderr); 1141 } 1142 i = pcap_snapshot(pd); 1143 if (snaplen < i) { 1144 warning("snaplen raised from %d to %d", snaplen, i); 1145 snaplen = i; 1146 } 1147 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { 1148 localnet = 0; 1149 netmask = 0; 1150 warning("%s", ebuf); 1151 } 1152 } 1153 if (infile) 1154 cmdbuf = read_infile(infile); 1155 else 1156 cmdbuf = copy_argv(&argv[optind]); 1157 1158 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1159 error("%s", pcap_geterr(pd)); 1160 free(cmdbuf); 1161 if (dflag) { 1162 bpf_dump(&fcode, dflag); 1163 pcap_close(pd); 1164 exit(0); 1165 } 1166 init_addrtoname(localnet, netmask); 1167 init_checksum(); 1168 1169 #ifndef WIN32 1170 (void)setsignal(SIGPIPE, cleanup); 1171 (void)setsignal(SIGTERM, cleanup); 1172 (void)setsignal(SIGINT, cleanup); 1173 (void)setsignal(SIGCHLD, child_cleanup); 1174 #endif /* WIN32 */ 1175 /* Cooperate with nohup(1) */ 1176 #ifndef WIN32 1177 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) 1178 (void)setsignal(SIGHUP, oldhandler); 1179 #endif /* WIN32 */ 1180 1181 if (pcap_setfilter(pd, &fcode) < 0) 1182 error("%s", pcap_geterr(pd)); 1183 if (WFileName) { 1184 pcap_dumper_t *p; 1185 /* Do not exceed the default NAME_MAX for files. */ 1186 dumpinfo.CurrentFileName = (char *)malloc(NAME_MAX + 1); 1187 1188 if (dumpinfo.CurrentFileName == NULL) 1189 error("malloc of dumpinfo.CurrentFileName"); 1190 1191 /* We do not need numbering for dumpfiles if Cflag isn't set. */ 1192 if (Cflag != 0) 1193 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars); 1194 else 1195 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); 1196 1197 p = pcap_dump_open(pd, dumpinfo.CurrentFileName); 1198 if (p == NULL) 1199 error("%s", pcap_geterr(pd)); 1200 if (Cflag != 0 || Gflag != 0) { 1201 callback = dump_packet_and_trunc; 1202 dumpinfo.WFileName = WFileName; 1203 dumpinfo.pd = pd; 1204 dumpinfo.p = p; 1205 pcap_userdata = (u_char *)&dumpinfo; 1206 } else { 1207 callback = dump_packet; 1208 pcap_userdata = (u_char *)p; 1209 } 1210 } else { 1211 type = pcap_datalink(pd); 1212 printinfo.ndo_type = 1; 1213 printinfo.ndo = gndo; 1214 printinfo.p.ndo_printer = lookup_ndo_printer(type); 1215 if (printinfo.p.ndo_printer == NULL) { 1216 printinfo.p.printer = lookup_printer(type); 1217 printinfo.ndo_type = 0; 1218 if (printinfo.p.printer == NULL) { 1219 gndo->ndo_dltname = pcap_datalink_val_to_name(type); 1220 if (gndo->ndo_dltname != NULL) 1221 error("packet printing is not supported for link type %s: use -w", 1222 gndo->ndo_dltname); 1223 else 1224 error("packet printing is not supported for link type %d: use -w", type); 1225 } 1226 } 1227 callback = print_packet; 1228 pcap_userdata = (u_char *)&printinfo; 1229 } 1230 #ifndef WIN32 1231 /* 1232 * We cannot do this earlier, because we want to be able to open 1233 * the file (if done) for writing before giving up permissions. 1234 */ 1235 if (getuid() == 0 || geteuid() == 0) { 1236 if (username || chroot_dir) 1237 droproot(username, chroot_dir); 1238 } 1239 #endif /* WIN32 */ 1240 #ifdef SIGINFO 1241 /* 1242 * We can't get statistics when reading from a file rather 1243 * than capturing from a device. 1244 */ 1245 if (RFileName == NULL) 1246 (void)setsignal(SIGINFO, requestinfo); 1247 #endif 1248 1249 if (vflag > 0 && WFileName) { 1250 /* 1251 * When capturing to a file, "-v" means tcpdump should, 1252 * every 10 secodns, "v"erbosely report the number of 1253 * packets captured. 1254 */ 1255 #ifdef USE_WIN32_MM_TIMER 1256 /* call verbose_stats_dump() each 1000 +/-100msec */ 1257 timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC); 1258 setvbuf(stderr, NULL, _IONBF, 0); 1259 #elif defined(HAVE_ALARM) 1260 (void)setsignal(SIGALRM, verbose_stats_dump); 1261 alarm(1); 1262 #endif 1263 } 1264 1265 #ifndef WIN32 1266 if (RFileName == NULL) { 1267 int dlt; 1268 const char *dlt_name; 1269 1270 if (!vflag && !WFileName) { 1271 (void)fprintf(stderr, 1272 "%s: verbose output suppressed, use -v or -vv for full protocol decode\n", 1273 program_name); 1274 } else 1275 (void)fprintf(stderr, "%s: ", program_name); 1276 dlt = pcap_datalink(pd); 1277 dlt_name = pcap_datalink_val_to_name(dlt); 1278 if (dlt_name == NULL) { 1279 (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n", 1280 device, dlt, snaplen); 1281 } else { 1282 (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n", 1283 device, dlt_name, 1284 pcap_datalink_val_to_description(dlt), snaplen); 1285 } 1286 (void)fflush(stderr); 1287 } 1288 #endif /* WIN32 */ 1289 status = pcap_loop(pd, cnt, callback, pcap_userdata); 1290 if (WFileName == NULL) { 1291 /* 1292 * We're printing packets. Flush the printed output, 1293 * so it doesn't get intermingled with error output. 1294 */ 1295 if (status == -2) { 1296 /* 1297 * We got interrupted, so perhaps we didn't 1298 * manage to finish a line we were printing. 1299 * Print an extra newline, just in case. 1300 */ 1301 putchar('\n'); 1302 } 1303 (void)fflush(stdout); 1304 } 1305 if (status == -1) { 1306 /* 1307 * Error. Report it. 1308 */ 1309 (void)fprintf(stderr, "%s: pcap_loop: %s\n", 1310 program_name, pcap_geterr(pd)); 1311 } 1312 if (RFileName == NULL) { 1313 /* 1314 * We're doing a live capture. Report the capture 1315 * statistics. 1316 */ 1317 info(1); 1318 } 1319 pcap_close(pd); 1320 exit(status == -1 ? 1 : 0); 1321 } 1322 1323 /* make a clean exit on interrupts */ 1324 static RETSIGTYPE 1325 cleanup(int signo _U_) 1326 { 1327 #ifdef USE_WIN32_MM_TIMER 1328 if (timer_id) 1329 timeKillEvent(timer_id); 1330 timer_id = 0; 1331 #elif defined(HAVE_ALARM) 1332 alarm(0); 1333 #endif 1334 1335 #ifdef HAVE_PCAP_BREAKLOOP 1336 /* 1337 * We have "pcap_breakloop()"; use it, so that we do as little 1338 * as possible in the signal handler (it's probably not safe 1339 * to do anything with standard I/O streams in a signal handler - 1340 * the ANSI C standard doesn't say it is). 1341 */ 1342 pcap_breakloop(pd); 1343 #else 1344 /* 1345 * We don't have "pcap_breakloop()"; this isn't safe, but 1346 * it's the best we can do. Print the summary if we're 1347 * not reading from a savefile - i.e., if we're doing a 1348 * live capture - and exit. 1349 */ 1350 if (pd != NULL && pcap_file(pd) == NULL) { 1351 /* 1352 * We got interrupted, so perhaps we didn't 1353 * manage to finish a line we were printing. 1354 * Print an extra newline, just in case. 1355 */ 1356 putchar('\n'); 1357 (void)fflush(stdout); 1358 info(1); 1359 } 1360 exit(0); 1361 #endif 1362 } 1363 1364 /* 1365 On windows, we do not use a fork, so we do not care less about 1366 waiting a child processes to die 1367 */ 1368 #ifndef WIN32 1369 static RETSIGTYPE 1370 child_cleanup(int signo _U_) 1371 { 1372 wait(NULL); 1373 } 1374 #endif /* WIN32 */ 1375 1376 static void 1377 info(register int verbose) 1378 { 1379 struct pcap_stat stat; 1380 1381 /* 1382 * Older versions of libpcap didn't set ps_ifdrop on some 1383 * platforms; initialize it to 0 to handle that. 1384 */ 1385 stat.ps_ifdrop = 0; 1386 if (pcap_stats(pd, &stat) < 0) { 1387 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); 1388 infoprint = 0; 1389 return; 1390 } 1391 1392 if (!verbose) 1393 fprintf(stderr, "%s: ", program_name); 1394 1395 (void)fprintf(stderr, "%u packets captured", packets_captured); 1396 if (!verbose) 1397 fputs(", ", stderr); 1398 else 1399 putc('\n', stderr); 1400 (void)fprintf(stderr, "%u packets received by filter", stat.ps_recv); 1401 if (!verbose) 1402 fputs(", ", stderr); 1403 else 1404 putc('\n', stderr); 1405 (void)fprintf(stderr, "%u packets dropped by kernel", stat.ps_drop); 1406 if (stat.ps_ifdrop != 0) { 1407 if (!verbose) 1408 fputs(", ", stderr); 1409 else 1410 putc('\n', stderr); 1411 (void)fprintf(stderr, "%u packets dropped by interface\n", 1412 stat.ps_ifdrop); 1413 } else 1414 putc('\n', stderr); 1415 infoprint = 0; 1416 } 1417 1418 #ifndef WIN32 1419 static void 1420 compress_savefile(const char *filename) 1421 { 1422 if (fork()) 1423 return; 1424 /* 1425 * Set to lowest priority so that this doesn't disturb the capture 1426 */ 1427 #ifdef NZERO 1428 setpriority(PRIO_PROCESS, 0, NZERO - 1); 1429 #else 1430 setpriority(PRIO_PROCESS, 0, 19); 1431 #endif 1432 if (execlp(zflag, zflag, filename, (char *)NULL) == -1) 1433 fprintf(stderr, 1434 "compress_savefile:execlp(%s, %s): %s\n", 1435 zflag, 1436 filename, 1437 strerror(errno)); 1438 } 1439 #else /* WIN32 */ 1440 static void 1441 compress_savefile(const char *filename) 1442 { 1443 fprintf(stderr, 1444 "compress_savefile failed. Functionality not implemented under windows\n"); 1445 } 1446 #endif /* WIN32 */ 1447 1448 static void 1449 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1450 { 1451 struct dump_info *dump_info; 1452 1453 ++packets_captured; 1454 1455 ++infodelay; 1456 1457 dump_info = (struct dump_info *)user; 1458 1459 /* 1460 * XXX - this won't force the file to rotate on the specified time 1461 * boundary, but it will rotate on the first packet received after the 1462 * specified Gflag number of seconds. Note: if a Gflag time boundary 1463 * and a Cflag size boundary coincide, the time rotation will occur 1464 * first thereby cancelling the Cflag boundary (since the file should 1465 * be 0). 1466 */ 1467 if (Gflag != 0) { 1468 /* Check if it is time to rotate */ 1469 time_t t; 1470 1471 /* Get the current time */ 1472 if ((t = time(NULL)) == (time_t)-1) { 1473 error("dump_and_trunc_packet: can't get current_time: %s", 1474 pcap_strerror(errno)); 1475 } 1476 1477 1478 /* If the time is greater than the specified window, rotate */ 1479 if (t - Gflag_time >= Gflag) { 1480 /* Update the Gflag_time */ 1481 Gflag_time = t; 1482 /* Update Gflag_count */ 1483 Gflag_count++; 1484 /* 1485 * Close the current file and open a new one. 1486 */ 1487 pcap_dump_close(dump_info->p); 1488 1489 /* 1490 * Compress the file we just closed, if the user asked for it 1491 */ 1492 if (zflag != NULL) 1493 compress_savefile(dump_info->CurrentFileName); 1494 1495 /* 1496 * Check to see if we've exceeded the Wflag (when 1497 * not using Cflag). 1498 */ 1499 if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) { 1500 (void)fprintf(stderr, "Maximum file limit reached: %d\n", 1501 Wflag); 1502 exit(0); 1503 /* NOTREACHED */ 1504 } 1505 if (dump_info->CurrentFileName != NULL) 1506 free(dump_info->CurrentFileName); 1507 /* Allocate space for max filename + \0. */ 1508 dump_info->CurrentFileName = (char *)malloc(NAME_MAX + 1); 1509 if (dump_info->CurrentFileName == NULL) 1510 error("dump_packet_and_trunc: malloc"); 1511 /* 1512 * This is always the first file in the Cflag 1513 * rotation: e.g. 0 1514 * We also don't need numbering if Cflag is not set. 1515 */ 1516 if (Cflag != 0) 1517 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 1518 WflagChars); 1519 else 1520 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0); 1521 1522 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1523 if (dump_info->p == NULL) 1524 error("%s", pcap_geterr(pd)); 1525 } 1526 } 1527 1528 /* 1529 * XXX - this won't prevent capture files from getting 1530 * larger than Cflag - the last packet written to the 1531 * file could put it over Cflag. 1532 */ 1533 if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) { 1534 /* 1535 * Close the current file and open a new one. 1536 */ 1537 pcap_dump_close(dump_info->p); 1538 1539 /* 1540 * Compress the file we just closed, if the user asked for it 1541 */ 1542 if (zflag != NULL) 1543 compress_savefile(dump_info->CurrentFileName); 1544 1545 Cflag_count++; 1546 if (Wflag > 0) { 1547 if (Cflag_count >= Wflag) 1548 Cflag_count = 0; 1549 } 1550 if (dump_info->CurrentFileName != NULL) 1551 free(dump_info->CurrentFileName); 1552 dump_info->CurrentFileName = (char *)malloc(NAME_MAX + 1); 1553 if (dump_info->CurrentFileName == NULL) 1554 error("dump_packet_and_trunc: malloc"); 1555 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars); 1556 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1557 if (dump_info->p == NULL) 1558 error("%s", pcap_geterr(pd)); 1559 } 1560 1561 pcap_dump((u_char *)dump_info->p, h, sp); 1562 #ifdef HAVE_PCAP_DUMP_FLUSH 1563 if (Uflag) 1564 pcap_dump_flush(dump_info->p); 1565 #endif 1566 1567 --infodelay; 1568 if (infoprint) 1569 info(0); 1570 } 1571 1572 static void 1573 dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1574 { 1575 ++packets_captured; 1576 1577 ++infodelay; 1578 1579 pcap_dump(user, h, sp); 1580 #ifdef HAVE_PCAP_DUMP_FLUSH 1581 if (Uflag) 1582 pcap_dump_flush((pcap_dumper_t *)user); 1583 #endif 1584 1585 --infodelay; 1586 if (infoprint) 1587 info(0); 1588 } 1589 1590 static void 1591 print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1592 { 1593 struct print_info *print_info; 1594 u_int hdrlen; 1595 1596 ++packets_captured; 1597 1598 ++infodelay; 1599 ts_print(&h->ts); 1600 1601 print_info = (struct print_info *)user; 1602 1603 /* 1604 * Some printers want to check that they're not walking off the 1605 * end of the packet. 1606 * Rather than pass it all the way down, we set this global. 1607 */ 1608 snapend = sp + h->caplen; 1609 1610 if(print_info->ndo_type) { 1611 hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp); 1612 } else { 1613 hdrlen = (*print_info->p.printer)(h, sp); 1614 } 1615 1616 if (Xflag) { 1617 /* 1618 * Print the raw packet data in hex and ASCII. 1619 */ 1620 if (Xflag > 1) { 1621 /* 1622 * Include the link-layer header. 1623 */ 1624 hex_and_ascii_print("\n\t", sp, h->caplen); 1625 } else { 1626 /* 1627 * Don't include the link-layer header - and if 1628 * we have nothing past the link-layer header, 1629 * print nothing. 1630 */ 1631 if (h->caplen > hdrlen) 1632 hex_and_ascii_print("\n\t", sp + hdrlen, 1633 h->caplen - hdrlen); 1634 } 1635 } else if (xflag) { 1636 /* 1637 * Print the raw packet data in hex. 1638 */ 1639 if (xflag > 1) { 1640 /* 1641 * Include the link-layer header. 1642 */ 1643 hex_print("\n\t", sp, h->caplen); 1644 } else { 1645 /* 1646 * Don't include the link-layer header - and if 1647 * we have nothing past the link-layer header, 1648 * print nothing. 1649 */ 1650 if (h->caplen > hdrlen) 1651 hex_print("\n\t", sp + hdrlen, 1652 h->caplen - hdrlen); 1653 } 1654 } else if (Aflag) { 1655 /* 1656 * Print the raw packet data in ASCII. 1657 */ 1658 if (Aflag > 1) { 1659 /* 1660 * Include the link-layer header. 1661 */ 1662 ascii_print(sp, h->caplen); 1663 } else { 1664 /* 1665 * Don't include the link-layer header - and if 1666 * we have nothing past the link-layer header, 1667 * print nothing. 1668 */ 1669 if (h->caplen > hdrlen) 1670 ascii_print(sp + hdrlen, h->caplen - hdrlen); 1671 } 1672 } 1673 1674 putchar('\n'); 1675 1676 --infodelay; 1677 if (infoprint) 1678 info(0); 1679 } 1680 1681 #ifdef WIN32 1682 /* 1683 * XXX - there should really be libpcap calls to get the version 1684 * number as a string (the string would be generated from #defines 1685 * at run time, so that it's not generated from string constants 1686 * in the library, as, on many UNIX systems, those constants would 1687 * be statically linked into the application executable image, and 1688 * would thus reflect the version of libpcap on the system on 1689 * which the application was *linked*, not the system on which it's 1690 * *running*. 1691 * 1692 * That routine should be documented, unlike the "version[]" 1693 * string, so that UNIX vendors providing their own libpcaps 1694 * don't omit it (as a couple of vendors have...). 1695 * 1696 * Packet.dll should perhaps also export a routine to return the 1697 * version number of the Packet.dll code, to supply the 1698 * "Wpcap_version" information on Windows. 1699 */ 1700 char WDversion[]="current-cvs.tcpdump.org"; 1701 #if !defined(HAVE_GENERATED_VERSION) 1702 char version[]="current-cvs.tcpdump.org"; 1703 #endif 1704 char pcap_version[]="current-cvs.tcpdump.org"; 1705 char Wpcap_version[]="3.1"; 1706 #endif 1707 1708 /* 1709 * By default, print the specified data out in hex and ASCII. 1710 */ 1711 static void 1712 ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length) 1713 { 1714 hex_and_ascii_print("\n\t", bp, length); /* pass on lf and identation string */ 1715 } 1716 1717 void 1718 default_print(const u_char *bp, u_int length) 1719 { 1720 ndo_default_print(gndo, bp, length); 1721 } 1722 1723 #ifdef SIGINFO 1724 RETSIGTYPE requestinfo(int signo _U_) 1725 { 1726 if (infodelay) 1727 ++infoprint; 1728 else 1729 info(0); 1730 } 1731 #endif 1732 1733 /* 1734 * Called once each second in verbose mode while dumping to file 1735 */ 1736 #ifdef USE_WIN32_MM_TIMER 1737 void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_, 1738 DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_) 1739 { 1740 struct pcap_stat stat; 1741 1742 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 1743 fprintf(stderr, "Got %u\r", packets_captured); 1744 } 1745 #elif defined(HAVE_ALARM) 1746 static void verbose_stats_dump(int sig _U_) 1747 { 1748 struct pcap_stat stat; 1749 1750 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 1751 fprintf(stderr, "Got %u\r", packets_captured); 1752 alarm(1); 1753 } 1754 #endif 1755 1756 static void 1757 usage(void) 1758 { 1759 extern char version[]; 1760 #ifndef HAVE_PCAP_LIB_VERSION 1761 #if defined(WIN32) || defined(HAVE_PCAP_VERSION) 1762 extern char pcap_version[]; 1763 #else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 1764 static char pcap_version[] = "unknown"; 1765 #endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 1766 #endif /* HAVE_PCAP_LIB_VERSION */ 1767 1768 #ifdef HAVE_PCAP_LIB_VERSION 1769 #ifdef WIN32 1770 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 1771 #else /* WIN32 */ 1772 (void)fprintf(stderr, "%s version %s\n", program_name, version); 1773 #endif /* WIN32 */ 1774 (void)fprintf(stderr, "%s\n",pcap_lib_version()); 1775 #else /* HAVE_PCAP_LIB_VERSION */ 1776 #ifdef WIN32 1777 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 1778 (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version); 1779 #else /* WIN32 */ 1780 (void)fprintf(stderr, "%s version %s\n", program_name, version); 1781 (void)fprintf(stderr, "libpcap version %s\n", pcap_version); 1782 #endif /* WIN32 */ 1783 #endif /* HAVE_PCAP_LIB_VERSION */ 1784 (void)fprintf(stderr, 1785 "Usage: %s [-aAbd" D_FLAG "ef" I_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name); 1786 (void)fprintf(stderr, 1787 "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n"); 1788 (void)fprintf(stderr, 1789 "\t\t[ -i interface ] [ -M secret ] [ -r file ]\n"); 1790 (void)fprintf(stderr, 1791 "\t\t[ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]\n"); 1792 (void)fprintf(stderr, 1793 "\t\t[ -y datalinktype ] [ -z command ] [ -Z user ]\n"); 1794 (void)fprintf(stderr, 1795 "\t\t[ expression ]\n"); 1796 exit(1); 1797 } 1798 1799 1800 1801 /* VARARGS */ 1802 static void 1803 ndo_error(netdissect_options *ndo _U_, const char *fmt, ...) 1804 { 1805 va_list ap; 1806 1807 (void)fprintf(stderr, "%s: ", program_name); 1808 va_start(ap, fmt); 1809 (void)vfprintf(stderr, fmt, ap); 1810 va_end(ap); 1811 if (*fmt) { 1812 fmt += strlen(fmt); 1813 if (fmt[-1] != '\n') 1814 (void)fputc('\n', stderr); 1815 } 1816 exit(1); 1817 /* NOTREACHED */ 1818 } 1819 1820 /* VARARGS */ 1821 static void 1822 ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...) 1823 { 1824 va_list ap; 1825 1826 (void)fprintf(stderr, "%s: WARNING: ", program_name); 1827 va_start(ap, fmt); 1828 (void)vfprintf(stderr, fmt, ap); 1829 va_end(ap); 1830 if (*fmt) { 1831 fmt += strlen(fmt); 1832 if (fmt[-1] != '\n') 1833 (void)fputc('\n', stderr); 1834 } 1835 } 1836