tcpdump.c revision 280250
1/* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Support for splitting captures into multiple files with a maximum 22 * file size: 23 * 24 * Copyright (c) 2001 25 * Seth Webster <swebster@sst.ll.mit.edu> 26 */ 27 28#ifndef lint 29static const char copyright[] _U_ = 30 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ 31The Regents of the University of California. All rights reserved.\n"; 32static const char rcsid[] _U_ = 33 "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp $ (LBL)"; 34#endif 35 36/* $FreeBSD: stable/10/contrib/tcpdump/tcpdump.c 280250 2015-03-19 12:32:48Z rwatson $ */ 37 38/* 39 * tcpdump - monitor tcp/ip traffic on an ethernet. 40 * 41 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. 42 * Mercilessly hacked and occasionally improved since then via the 43 * combined efforts of Van, Steve McCanne and Craig Leres of LBL. 44 */ 45 46#ifdef HAVE_CONFIG_H 47#include "config.h" 48#endif 49 50#include <tcpdump-stdinc.h> 51 52#ifdef WIN32 53#include "getopt.h" 54#include "w32_fzs.h" 55extern int strcasecmp (const char *__s1, const char *__s2); 56extern int SIZE_BUF; 57#define off_t long 58#define uint UINT 59#endif /* WIN32 */ 60 61#ifdef HAVE_SMI_H 62#include <smi.h> 63#endif 64 65#include <pcap.h> 66#include <signal.h> 67#include <stdio.h> 68#include <stdlib.h> 69#include <string.h> 70#include <limits.h> 71#ifdef __FreeBSD__ 72#include <sys/capsicum.h> 73#include <sys/ioccom.h> 74#include <sys/types.h> 75#include <sys/sysctl.h> 76#include <net/bpf.h> 77#include <fcntl.h> 78#include <libgen.h> 79#endif /* __FreeBSD__ */ 80#ifndef WIN32 81#include <sys/wait.h> 82#include <sys/resource.h> 83#include <pwd.h> 84#include <grp.h> 85#include <errno.h> 86#endif /* WIN32 */ 87 88/* capabilities convinience library */ 89#ifdef HAVE_CAP_NG_H 90#include <cap-ng.h> 91#endif /* HAVE_CAP_NG_H */ 92 93#include "netdissect.h" 94#include "interface.h" 95#include "addrtoname.h" 96#include "machdep.h" 97#include "setsignal.h" 98#include "gmt2local.h" 99#include "pcap-missing.h" 100 101#ifndef PATH_MAX 102#define PATH_MAX 1024 103#endif 104 105#ifdef SIGINFO 106#define SIGNAL_REQ_INFO SIGINFO 107#elif SIGUSR1 108#define SIGNAL_REQ_INFO SIGUSR1 109#endif 110 111netdissect_options Gndo; 112netdissect_options *gndo = &Gndo; 113 114static int dflag; /* print filter code */ 115static int Lflag; /* list available data link types and exit */ 116#ifdef HAVE_PCAP_SET_TSTAMP_TYPE 117static int Jflag; /* list available time stamp types */ 118#endif 119static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */ 120 121static int infodelay; 122static int infoprint; 123 124char *program_name; 125 126int32_t thiszone; /* seconds offset from gmt to local time */ 127 128/* Forwards */ 129static RETSIGTYPE cleanup(int); 130static RETSIGTYPE child_cleanup(int); 131static void usage(void) __attribute__((noreturn)); 132static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn)); 133 134static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 135static void ndo_default_print(netdissect_options *, const u_char *, u_int); 136static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); 137static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 138static void droproot(const char *, const char *); 139static void ndo_error(netdissect_options *ndo, const char *fmt, ...) 140 __attribute__ ((noreturn, format (printf, 2, 3))); 141static void ndo_warning(netdissect_options *ndo, const char *fmt, ...); 142 143#ifdef SIGNAL_REQ_INFO 144RETSIGTYPE requestinfo(int); 145#endif 146 147#if defined(USE_WIN32_MM_TIMER) 148 #include <MMsystem.h> 149 static UINT timer_id; 150 static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR); 151#elif defined(HAVE_ALARM) 152 static void verbose_stats_dump(int sig); 153#endif 154 155static void info(int); 156static u_int packets_captured; 157 158struct printer { 159 if_printer f; 160 int type; 161}; 162 163 164struct ndo_printer { 165 if_ndo_printer f; 166 int type; 167}; 168 169 170static struct printer printers[] = { 171 { arcnet_if_print, DLT_ARCNET }, 172#ifdef DLT_ARCNET_LINUX 173 { arcnet_linux_if_print, DLT_ARCNET_LINUX }, 174#endif 175 { token_if_print, DLT_IEEE802 }, 176#ifdef DLT_LANE8023 177 { lane_if_print, DLT_LANE8023 }, 178#endif 179#ifdef DLT_CIP 180 { cip_if_print, DLT_CIP }, 181#endif 182#ifdef DLT_ATM_CLIP 183 { cip_if_print, DLT_ATM_CLIP }, 184#endif 185 { sl_if_print, DLT_SLIP }, 186#ifdef DLT_SLIP_BSDOS 187 { sl_bsdos_if_print, DLT_SLIP_BSDOS }, 188#endif 189 { ppp_if_print, DLT_PPP }, 190#ifdef DLT_PPP_WITHDIRECTION 191 { ppp_if_print, DLT_PPP_WITHDIRECTION }, 192#endif 193#ifdef DLT_PPP_BSDOS 194 { ppp_bsdos_if_print, DLT_PPP_BSDOS }, 195#endif 196 { fddi_if_print, DLT_FDDI }, 197 { null_if_print, DLT_NULL }, 198#ifdef DLT_LOOP 199 { null_if_print, DLT_LOOP }, 200#endif 201 { raw_if_print, DLT_RAW }, 202 { atm_if_print, DLT_ATM_RFC1483 }, 203#ifdef DLT_C_HDLC 204 { chdlc_if_print, DLT_C_HDLC }, 205#endif 206#ifdef DLT_HDLC 207 { chdlc_if_print, DLT_HDLC }, 208#endif 209#ifdef DLT_PPP_SERIAL 210 { ppp_hdlc_if_print, DLT_PPP_SERIAL }, 211#endif 212#ifdef DLT_PPP_ETHER 213 { pppoe_if_print, DLT_PPP_ETHER }, 214#endif 215#ifdef DLT_LINUX_SLL 216 { sll_if_print, DLT_LINUX_SLL }, 217#endif 218#ifdef DLT_IEEE802_11 219 { ieee802_11_if_print, DLT_IEEE802_11}, 220#endif 221#ifdef DLT_LTALK 222 { ltalk_if_print, DLT_LTALK }, 223#endif 224#if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H) 225 { pflog_if_print, DLT_PFLOG }, 226#endif 227#ifdef DLT_FR 228 { fr_if_print, DLT_FR }, 229#endif 230#ifdef DLT_FRELAY 231 { fr_if_print, DLT_FRELAY }, 232#endif 233#ifdef DLT_SUNATM 234 { sunatm_if_print, DLT_SUNATM }, 235#endif 236#ifdef DLT_IP_OVER_FC 237 { ipfc_if_print, DLT_IP_OVER_FC }, 238#endif 239#ifdef DLT_PRISM_HEADER 240 { prism_if_print, DLT_PRISM_HEADER }, 241#endif 242#ifdef DLT_IEEE802_11_RADIO 243 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, 244#endif 245#ifdef DLT_ENC 246 { enc_if_print, DLT_ENC }, 247#endif 248#ifdef DLT_SYMANTEC_FIREWALL 249 { symantec_if_print, DLT_SYMANTEC_FIREWALL }, 250#endif 251#ifdef DLT_APPLE_IP_OVER_IEEE1394 252 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, 253#endif 254#ifdef DLT_IEEE802_11_RADIO_AVS 255 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, 256#endif 257#ifdef DLT_JUNIPER_ATM1 258 { juniper_atm1_print, DLT_JUNIPER_ATM1 }, 259#endif 260#ifdef DLT_JUNIPER_ATM2 261 { juniper_atm2_print, DLT_JUNIPER_ATM2 }, 262#endif 263#ifdef DLT_JUNIPER_MFR 264 { juniper_mfr_print, DLT_JUNIPER_MFR }, 265#endif 266#ifdef DLT_JUNIPER_MLFR 267 { juniper_mlfr_print, DLT_JUNIPER_MLFR }, 268#endif 269#ifdef DLT_JUNIPER_MLPPP 270 { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, 271#endif 272#ifdef DLT_JUNIPER_PPPOE 273 { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, 274#endif 275#ifdef DLT_JUNIPER_PPPOE_ATM 276 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, 277#endif 278#ifdef DLT_JUNIPER_GGSN 279 { juniper_ggsn_print, DLT_JUNIPER_GGSN }, 280#endif 281#ifdef DLT_JUNIPER_ES 282 { juniper_es_print, DLT_JUNIPER_ES }, 283#endif 284#ifdef DLT_JUNIPER_MONITOR 285 { juniper_monitor_print, DLT_JUNIPER_MONITOR }, 286#endif 287#ifdef DLT_JUNIPER_SERVICES 288 { juniper_services_print, DLT_JUNIPER_SERVICES }, 289#endif 290#ifdef DLT_JUNIPER_ETHER 291 { juniper_ether_print, DLT_JUNIPER_ETHER }, 292#endif 293#ifdef DLT_JUNIPER_PPP 294 { juniper_ppp_print, DLT_JUNIPER_PPP }, 295#endif 296#ifdef DLT_JUNIPER_FRELAY 297 { juniper_frelay_print, DLT_JUNIPER_FRELAY }, 298#endif 299#ifdef DLT_JUNIPER_CHDLC 300 { juniper_chdlc_print, DLT_JUNIPER_CHDLC }, 301#endif 302#ifdef DLT_MFR 303 { mfr_if_print, DLT_MFR }, 304#endif 305#if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H) 306 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, 307#endif 308#ifdef HAVE_PCAP_USB_H 309#ifdef DLT_USB_LINUX 310 { usb_linux_48_byte_print, DLT_USB_LINUX}, 311#endif /* DLT_USB_LINUX */ 312#ifdef DLT_USB_LINUX_MMAPPED 313 { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED}, 314#endif /* DLT_USB_LINUX_MMAPPED */ 315#endif /* HAVE_PCAP_USB_H */ 316#ifdef DLT_IPV4 317 { raw_if_print, DLT_IPV4 }, 318#endif 319#ifdef DLT_IPV6 320 { raw_if_print, DLT_IPV6 }, 321#endif 322 { NULL, 0 }, 323}; 324 325static struct ndo_printer ndo_printers[] = { 326 { ether_if_print, DLT_EN10MB }, 327#ifdef DLT_IPNET 328 { ipnet_if_print, DLT_IPNET }, 329#endif 330#ifdef DLT_IEEE802_15_4 331 { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, 332#endif 333#ifdef DLT_IEEE802_15_4_NOFCS 334 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS }, 335#endif 336#ifdef DLT_PPI 337 { ppi_if_print, DLT_PPI }, 338#endif 339#ifdef DLT_NETANALYZER 340 { netanalyzer_if_print, DLT_NETANALYZER }, 341#endif 342#ifdef DLT_NETANALYZER_TRANSPARENT 343 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, 344#endif 345 { NULL, 0 }, 346}; 347 348if_printer 349lookup_printer(int type) 350{ 351 struct printer *p; 352 353 for (p = printers; p->f; ++p) 354 if (type == p->type) 355 return p->f; 356 357 return NULL; 358 /* NOTREACHED */ 359} 360 361if_ndo_printer 362lookup_ndo_printer(int type) 363{ 364 struct ndo_printer *p; 365 366 for (p = ndo_printers; p->f; ++p) 367 if (type == p->type) 368 return p->f; 369 370 return NULL; 371 /* NOTREACHED */ 372} 373 374static pcap_t *pd; 375 376static int supports_monitor_mode; 377 378extern int optind; 379extern int opterr; 380extern char *optarg; 381 382struct print_info { 383 netdissect_options *ndo; 384 union { 385 if_printer printer; 386 if_ndo_printer ndo_printer; 387 } p; 388 int ndo_type; 389}; 390 391struct dump_info { 392 char *WFileName; 393 char *CurrentFileName; 394 pcap_t *pd; 395 pcap_dumper_t *p; 396#ifdef __FreeBSD__ 397 int dirfd; 398#endif 399}; 400 401#ifdef HAVE_PCAP_SET_TSTAMP_TYPE 402static void 403show_tstamp_types_and_exit(const char *device, pcap_t *pd) 404{ 405 int n_tstamp_types; 406 int *tstamp_types = 0; 407 const char *tstamp_type_name; 408 int i; 409 410 n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types); 411 if (n_tstamp_types < 0) 412 error("%s", pcap_geterr(pd)); 413 414 if (n_tstamp_types == 0) { 415 fprintf(stderr, "Time stamp type cannot be set for %s\n", 416 device); 417 exit(0); 418 } 419 fprintf(stderr, "Time stamp types for %s (use option -j to set):\n", 420 device); 421 for (i = 0; i < n_tstamp_types; i++) { 422 tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]); 423 if (tstamp_type_name != NULL) { 424 (void) fprintf(stderr, " %s (%s)\n", tstamp_type_name, 425 pcap_tstamp_type_val_to_description(tstamp_types[i])); 426 } else { 427 (void) fprintf(stderr, " %d\n", tstamp_types[i]); 428 } 429 } 430 pcap_free_tstamp_types(tstamp_types); 431 exit(0); 432} 433#endif 434 435static void 436show_dlts_and_exit(const char *device, pcap_t *pd) 437{ 438 int n_dlts; 439 int *dlts = 0; 440 const char *dlt_name; 441 442 n_dlts = pcap_list_datalinks(pd, &dlts); 443 if (n_dlts < 0) 444 error("%s", pcap_geterr(pd)); 445 else if (n_dlts == 0 || !dlts) 446 error("No data link types."); 447 448 /* 449 * If the interface is known to support monitor mode, indicate 450 * whether these are the data link types available when not in 451 * monitor mode, if -I wasn't specified, or when in monitor mode, 452 * when -I was specified (the link-layer types available in 453 * monitor mode might be different from the ones available when 454 * not in monitor mode). 455 */ 456 if (supports_monitor_mode) 457 (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n", 458 device, 459 Iflag ? "when in monitor mode" : "when not in monitor mode"); 460 else 461 (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n", 462 device); 463 464 while (--n_dlts >= 0) { 465 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]); 466 if (dlt_name != NULL) { 467 (void) fprintf(stderr, " %s (%s)", dlt_name, 468 pcap_datalink_val_to_description(dlts[n_dlts])); 469 470 /* 471 * OK, does tcpdump handle that type? 472 */ 473 if (lookup_printer(dlts[n_dlts]) == NULL 474 && lookup_ndo_printer(dlts[n_dlts]) == NULL) 475 (void) fprintf(stderr, " (printing not supported)"); 476 fprintf(stderr, "\n"); 477 } else { 478 (void) fprintf(stderr, " DLT %d (printing not supported)\n", 479 dlts[n_dlts]); 480 } 481 } 482#ifdef HAVE_PCAP_FREE_DATALINKS 483 pcap_free_datalinks(dlts); 484#endif 485 exit(0); 486} 487 488/* 489 * Set up flags that might or might not be supported depending on the 490 * version of libpcap we're using. 491 */ 492#if defined(HAVE_PCAP_CREATE) || defined(WIN32) 493#define B_FLAG "B:" 494#define B_FLAG_USAGE " [ -B size ]" 495#else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 496#define B_FLAG 497#define B_FLAG_USAGE 498#endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 499 500#ifdef HAVE_PCAP_CREATE 501#define I_FLAG "I" 502#else /* HAVE_PCAP_CREATE */ 503#define I_FLAG 504#endif /* HAVE_PCAP_CREATE */ 505 506#ifdef HAVE_PCAP_SET_TSTAMP_TYPE 507#define j_FLAG "j:" 508#define j_FLAG_USAGE " [ -j tstamptype ]" 509#define J_FLAG "J" 510#else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ 511#define j_FLAG 512#define j_FLAG_USAGE 513#define J_FLAG 514#endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ 515 516#ifdef HAVE_PCAP_FINDALLDEVS 517#ifndef HAVE_PCAP_IF_T 518#undef HAVE_PCAP_FINDALLDEVS 519#endif 520#endif 521 522#ifdef HAVE_PCAP_FINDALLDEVS 523#define D_FLAG "D" 524#else 525#define D_FLAG 526#endif 527 528#ifdef HAVE_PCAP_DUMP_FLUSH 529#define U_FLAG "U" 530#else 531#define U_FLAG 532#endif 533 534#ifndef WIN32 535/* Drop root privileges and chroot if necessary */ 536static void 537droproot(const char *username, const char *chroot_dir) 538{ 539 struct passwd *pw = NULL; 540 541 if (chroot_dir && !username) { 542 fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); 543 exit(1); 544 } 545 546 pw = getpwnam(username); 547 if (pw) { 548 if (chroot_dir) { 549 if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { 550 fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", 551 chroot_dir, pcap_strerror(errno)); 552 exit(1); 553 } 554 } 555#ifdef HAVE_CAP_NG_H 556 int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); 557 if (ret < 0) { 558 printf("error : ret %d\n", ret); 559 } 560 /* We don't need CAP_SETUID and CAP_SETGID */ 561 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); 562 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); 563 capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); 564 capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); 565 capng_apply(CAPNG_SELECT_BOTH); 566 567#else 568 if (initgroups(pw->pw_name, pw->pw_gid) != 0 || 569 setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { 570 fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", 571 username, 572 (unsigned long)pw->pw_uid, 573 (unsigned long)pw->pw_gid, 574 pcap_strerror(errno)); 575 exit(1); 576 } 577#endif /* HAVE_CAP_NG_H */ 578 } 579 else { 580 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", 581 username); 582 exit(1); 583 } 584} 585#endif /* WIN32 */ 586 587static int 588getWflagChars(int x) 589{ 590 int c = 0; 591 592 x -= 1; 593 while (x > 0) { 594 c += 1; 595 x /= 10; 596 } 597 598 return c; 599} 600 601 602static void 603MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars) 604{ 605 char *filename = malloc(PATH_MAX + 1); 606 if (filename == NULL) 607 error("Makefilename: malloc"); 608 609 /* Process with strftime if Gflag is set. */ 610 if (Gflag != 0) { 611 struct tm *local_tm; 612 613 /* Convert Gflag_time to a usable format */ 614 if ((local_tm = localtime(&Gflag_time)) == NULL) { 615 error("MakeTimedFilename: localtime"); 616 } 617 618 /* There's no good way to detect an error in strftime since a return 619 * value of 0 isn't necessarily failure. 620 */ 621 strftime(filename, PATH_MAX, orig_name, local_tm); 622 } else { 623 strncpy(filename, orig_name, PATH_MAX); 624 } 625 626 if (cnt == 0 && max_chars == 0) 627 strncpy(buffer, filename, PATH_MAX + 1); 628 else 629 if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX) 630 /* Report an error if the filename is too large */ 631 error("too many output files or filename is too long (> %d)", PATH_MAX); 632 free(filename); 633} 634 635static int tcpdump_printf(netdissect_options *ndo _U_, 636 const char *fmt, ...) 637{ 638 639 va_list args; 640 int ret; 641 642 va_start(args, fmt); 643 ret=vfprintf(stdout, fmt, args); 644 va_end(args); 645 646 return ret; 647} 648 649static struct print_info 650get_print_info(int type) 651{ 652 struct print_info printinfo; 653 654 printinfo.ndo_type = 1; 655 printinfo.ndo = gndo; 656 printinfo.p.ndo_printer = lookup_ndo_printer(type); 657 if (printinfo.p.ndo_printer == NULL) { 658 printinfo.p.printer = lookup_printer(type); 659 printinfo.ndo_type = 0; 660 if (printinfo.p.printer == NULL) { 661 gndo->ndo_dltname = pcap_datalink_val_to_name(type); 662 if (gndo->ndo_dltname != NULL) 663 error("packet printing is not supported for link type %s: use -w", 664 gndo->ndo_dltname); 665 else 666 error("packet printing is not supported for link type %d: use -w", type); 667 } 668 } 669 return (printinfo); 670} 671 672static char * 673get_next_file(FILE *VFile, char *ptr) 674{ 675 char *ret; 676 677 ret = fgets(ptr, PATH_MAX, VFile); 678 if (!ret) 679 return NULL; 680 681 if (ptr[strlen(ptr) - 1] == '\n') 682 ptr[strlen(ptr) - 1] = '\0'; 683 684 return ret; 685} 686 687int 688main(int argc, char **argv) 689{ 690 register int cnt, op, i; 691 bpf_u_int32 localnet, netmask; 692 register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName; 693 pcap_handler callback; 694 int type; 695 int dlt; 696 int new_dlt; 697 const char *dlt_name; 698 struct bpf_program fcode; 699#ifndef WIN32 700 RETSIGTYPE (*oldhandler)(int); 701#endif 702 struct print_info printinfo; 703 struct dump_info dumpinfo; 704 u_char *pcap_userdata; 705 char ebuf[PCAP_ERRBUF_SIZE]; 706 char VFileLine[PATH_MAX + 1]; 707 char *username = NULL; 708 char *chroot_dir = NULL; 709 char *ret = NULL; 710 char *end; 711#ifdef HAVE_PCAP_FINDALLDEVS 712 pcap_if_t *devpointer; 713 int devnum; 714#endif 715 int status; 716 FILE *VFile; 717#ifdef __FreeBSD__ 718 cap_rights_t rights; 719 int cansandbox; 720#endif /* __FreeBSD__ */ 721 722#ifdef WIN32 723 if(wsockinit() != 0) return 1; 724#endif /* WIN32 */ 725 726 jflag=-1; /* not set */ 727 gndo->ndo_Oflag=1; 728 gndo->ndo_Rflag=1; 729 gndo->ndo_dlt=-1; 730 gndo->ndo_default_print=ndo_default_print; 731 gndo->ndo_printf=tcpdump_printf; 732 gndo->ndo_error=ndo_error; 733 gndo->ndo_warning=ndo_warning; 734 gndo->ndo_snaplen = DEFAULT_SNAPLEN; 735 736 cnt = -1; 737 device = NULL; 738 infile = NULL; 739 RFileName = NULL; 740 VFileName = NULL; 741 VFile = NULL; 742 WFileName = NULL; 743 dlt = -1; 744 if ((cp = strrchr(argv[0], '/')) != NULL) 745 program_name = cp + 1; 746 else 747 program_name = argv[0]; 748 749 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) 750 error("%s", ebuf); 751 752#ifdef LIBSMI 753 smiInit("tcpdump"); 754#endif 755 756 while ( 757 (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "V:vw:W:xXy:Yz:Z:")) != -1) 758 switch (op) { 759 760 case 'a': 761 /* compatibility for old -a */ 762 break; 763 764 case 'A': 765 ++Aflag; 766 break; 767 768 case 'b': 769 ++bflag; 770 break; 771 772#if defined(HAVE_PCAP_CREATE) || defined(WIN32) 773 case 'B': 774 Bflag = atoi(optarg)*1024; 775 if (Bflag <= 0) 776 error("invalid packet buffer size %s", optarg); 777 break; 778#endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 779 780 case 'c': 781 cnt = atoi(optarg); 782 if (cnt <= 0) 783 error("invalid packet count %s", optarg); 784 break; 785 786 case 'C': 787 Cflag = atoi(optarg) * 1000000; 788 if (Cflag < 0) 789 error("invalid file size %s", optarg); 790 break; 791 792 case 'd': 793 ++dflag; 794 break; 795 796#ifdef HAVE_PCAP_FINDALLDEVS 797 case 'D': 798 if (pcap_findalldevs(&devpointer, ebuf) < 0) 799 error("%s", ebuf); 800 else { 801 for (i = 0; devpointer != 0; i++) { 802 printf("%d.%s", i+1, devpointer->name); 803 if (devpointer->description != NULL) 804 printf(" (%s)", devpointer->description); 805 printf("\n"); 806 devpointer = devpointer->next; 807 } 808 } 809 return 0; 810#endif /* HAVE_PCAP_FINDALLDEVS */ 811 812 case 'L': 813 Lflag++; 814 break; 815 816 case 'e': 817 ++eflag; 818 break; 819 820 case 'E': 821#ifndef HAVE_LIBCRYPTO 822 warning("crypto code not compiled in"); 823#endif 824 gndo->ndo_espsecret = optarg; 825 break; 826 827 case 'f': 828 ++fflag; 829 break; 830 831 case 'F': 832 infile = optarg; 833 break; 834 835 case 'G': 836 Gflag = atoi(optarg); 837 if (Gflag < 0) 838 error("invalid number of seconds %s", optarg); 839 840 /* We will create one file initially. */ 841 Gflag_count = 0; 842 843 /* Grab the current time for rotation use. */ 844 if ((Gflag_time = time(NULL)) == (time_t)-1) { 845 error("main: can't get current time: %s", 846 pcap_strerror(errno)); 847 } 848 break; 849 850 case 'h': 851 usage(); 852 break; 853 854 case 'H': 855 ++Hflag; 856 break; 857 858 case 'i': 859 if (optarg[0] == '0' && optarg[1] == 0) 860 error("Invalid adapter index"); 861 862#ifdef HAVE_PCAP_FINDALLDEVS 863 /* 864 * If the argument is a number, treat it as 865 * an index into the list of adapters, as 866 * printed by "tcpdump -D". 867 * 868 * This should be OK on UNIX systems, as interfaces 869 * shouldn't have names that begin with digits. 870 * It can be useful on Windows, where more than 871 * one interface can have the same name. 872 */ 873 devnum = strtol(optarg, &end, 10); 874 if (optarg != end && *end == '\0') { 875 if (devnum < 0) 876 error("Invalid adapter index"); 877 878 if (pcap_findalldevs(&devpointer, ebuf) < 0) 879 error("%s", ebuf); 880 else { 881 /* 882 * Look for the devnum-th entry 883 * in the list of devices 884 * (1-based). 885 */ 886 for (i = 0; 887 i < devnum-1 && devpointer != NULL; 888 i++, devpointer = devpointer->next) 889 ; 890 if (devpointer == NULL) 891 error("Invalid adapter index"); 892 } 893 device = devpointer->name; 894 break; 895 } 896#endif /* HAVE_PCAP_FINDALLDEVS */ 897 device = optarg; 898 break; 899 900#ifdef HAVE_PCAP_CREATE 901 case 'I': 902 ++Iflag; 903 break; 904#endif /* HAVE_PCAP_CREATE */ 905 906#ifdef HAVE_PCAP_SET_TSTAMP_TYPE 907 case 'j': 908 jflag = pcap_tstamp_type_name_to_val(optarg); 909 if (jflag < 0) 910 error("invalid time stamp type %s", optarg); 911 break; 912 913 case 'J': 914 Jflag++; 915 break; 916#endif 917 918 case 'l': 919#ifdef WIN32 920 /* 921 * _IOLBF is the same as _IOFBF in Microsoft's C 922 * libraries; the only alternative they offer 923 * is _IONBF. 924 * 925 * XXX - this should really be checking for MSVC++, 926 * not WIN32, if, for example, MinGW has its own 927 * C library that is more UNIX-compatible. 928 */ 929 setvbuf(stdout, NULL, _IONBF, 0); 930#else /* WIN32 */ 931#ifdef HAVE_SETLINEBUF 932 setlinebuf(stdout); 933#else 934 setvbuf(stdout, NULL, _IOLBF, 0); 935#endif 936#endif /* WIN32 */ 937 break; 938 939 case 'K': 940 ++Kflag; 941 break; 942 943 case 'm': 944#ifdef LIBSMI 945 if (smiLoadModule(optarg) == 0) { 946 error("could not load MIB module %s", optarg); 947 } 948 sflag = 1; 949#else 950 (void)fprintf(stderr, "%s: ignoring option `-m %s' ", 951 program_name, optarg); 952 (void)fprintf(stderr, "(no libsmi support)\n"); 953#endif 954 break; 955 956 case 'M': 957 /* TCP-MD5 shared secret */ 958#ifndef HAVE_LIBCRYPTO 959 warning("crypto code not compiled in"); 960#endif 961 sigsecret = optarg; 962 break; 963 964 case 'n': 965 ++nflag; 966 break; 967 968 case 'N': 969 ++Nflag; 970 break; 971 972 case 'O': 973 Oflag = 0; 974 break; 975 976 case 'p': 977 ++pflag; 978 break; 979 980 case 'q': 981 ++qflag; 982 ++suppress_default_print; 983 break; 984 985 case 'r': 986 RFileName = optarg; 987 break; 988 989 case 'R': 990 Rflag = 0; 991 break; 992 993 case 's': 994 snaplen = strtol(optarg, &end, 0); 995 if (optarg == end || *end != '\0' 996 || snaplen < 0 || snaplen > MAXIMUM_SNAPLEN) 997 error("invalid snaplen %s", optarg); 998 else if (snaplen == 0) 999 snaplen = MAXIMUM_SNAPLEN; 1000 break; 1001 1002 case 'S': 1003 ++Sflag; 1004 break; 1005 1006 case 't': 1007 ++tflag; 1008 break; 1009 1010 case 'T': 1011 if (strcasecmp(optarg, "vat") == 0) 1012 packettype = PT_VAT; 1013 else if (strcasecmp(optarg, "wb") == 0) 1014 packettype = PT_WB; 1015 else if (strcasecmp(optarg, "rpc") == 0) 1016 packettype = PT_RPC; 1017 else if (strcasecmp(optarg, "rtp") == 0) 1018 packettype = PT_RTP; 1019 else if (strcasecmp(optarg, "rtcp") == 0) 1020 packettype = PT_RTCP; 1021 else if (strcasecmp(optarg, "snmp") == 0) 1022 packettype = PT_SNMP; 1023 else if (strcasecmp(optarg, "cnfp") == 0) 1024 packettype = PT_CNFP; 1025 else if (strcasecmp(optarg, "tftp") == 0) 1026 packettype = PT_TFTP; 1027 else if (strcasecmp(optarg, "aodv") == 0) 1028 packettype = PT_AODV; 1029 else if (strcasecmp(optarg, "carp") == 0) 1030 packettype = PT_CARP; 1031 else if (strcasecmp(optarg, "radius") == 0) 1032 packettype = PT_RADIUS; 1033 else if (strcasecmp(optarg, "zmtp1") == 0) 1034 packettype = PT_ZMTP1; 1035 else if (strcasecmp(optarg, "vxlan") == 0) 1036 packettype = PT_VXLAN; 1037 else 1038 error("unknown packet type `%s'", optarg); 1039 break; 1040 1041 case 'u': 1042 ++uflag; 1043 break; 1044 1045#ifdef HAVE_PCAP_DUMP_FLUSH 1046 case 'U': 1047 ++Uflag; 1048 break; 1049#endif 1050 1051 case 'v': 1052 ++vflag; 1053 break; 1054 1055 case 'V': 1056 VFileName = optarg; 1057 break; 1058 1059 case 'w': 1060 WFileName = optarg; 1061 break; 1062 1063 case 'W': 1064 Wflag = atoi(optarg); 1065 if (Wflag < 0) 1066 error("invalid number of output files %s", optarg); 1067 WflagChars = getWflagChars(Wflag); 1068 break; 1069 1070 case 'x': 1071 ++xflag; 1072 ++suppress_default_print; 1073 break; 1074 1075 case 'X': 1076 ++Xflag; 1077 ++suppress_default_print; 1078 break; 1079 1080 case 'y': 1081 gndo->ndo_dltname = optarg; 1082 gndo->ndo_dlt = 1083 pcap_datalink_name_to_val(gndo->ndo_dltname); 1084 if (gndo->ndo_dlt < 0) 1085 error("invalid data link type %s", gndo->ndo_dltname); 1086 break; 1087 1088#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) 1089 case 'Y': 1090 { 1091 /* Undocumented flag */ 1092#ifdef HAVE_PCAP_DEBUG 1093 extern int pcap_debug; 1094 pcap_debug = 1; 1095#else 1096 extern int yydebug; 1097 yydebug = 1; 1098#endif 1099 } 1100 break; 1101#endif 1102 case 'z': 1103 if (optarg) { 1104 zflag = strdup(optarg); 1105 } else { 1106 usage(); 1107 /* NOTREACHED */ 1108 } 1109 break; 1110 1111 case 'Z': 1112 if (optarg) { 1113 username = strdup(optarg); 1114 } 1115 else { 1116 usage(); 1117 /* NOTREACHED */ 1118 } 1119 break; 1120 1121 default: 1122 usage(); 1123 /* NOTREACHED */ 1124 } 1125 1126 switch (tflag) { 1127 1128 case 0: /* Default */ 1129 case 4: /* Default + Date*/ 1130 thiszone = gmt2local(0); 1131 break; 1132 1133 case 1: /* No time stamp */ 1134 case 2: /* Unix timeval style */ 1135 case 3: /* Microseconds since previous packet */ 1136 case 5: /* Microseconds since first packet */ 1137 break; 1138 1139 default: /* Not supported */ 1140 error("only -t, -tt, -ttt, -tttt and -ttttt are supported"); 1141 break; 1142 } 1143 1144 if (fflag != 0 && (VFileName != NULL || RFileName != NULL)) 1145 error("-f can not be used with -V or -r"); 1146 1147 if (VFileName != NULL && RFileName != NULL) 1148 error("-V and -r are mutually exclusive."); 1149 1150#ifdef WITH_CHROOT 1151 /* if run as root, prepare for chrooting */ 1152 if (getuid() == 0 || geteuid() == 0) { 1153 /* future extensibility for cmd-line arguments */ 1154 if (!chroot_dir) 1155 chroot_dir = WITH_CHROOT; 1156 } 1157#endif 1158 1159#ifdef WITH_USER 1160 /* if run as root, prepare for dropping root privileges */ 1161 if (getuid() == 0 || geteuid() == 0) { 1162 /* Run with '-Z root' to restore old behaviour */ 1163 if (!username) 1164 username = WITH_USER; 1165 } 1166#endif 1167 1168 if (RFileName != NULL || VFileName != NULL) { 1169 /* 1170 * If RFileName is non-null, it's the pathname of a 1171 * savefile to read. If VFileName is non-null, it's 1172 * the pathname of a file containing a list of pathnames 1173 * (one per line) of savefiles to read. 1174 * 1175 * In either case, we're reading a savefile, not doing 1176 * a live capture. 1177 */ 1178#ifndef WIN32 1179 /* 1180 * We don't need network access, so relinquish any set-UID 1181 * or set-GID privileges we have (if any). 1182 * 1183 * We do *not* want set-UID privileges when opening a 1184 * trace file, as that might let the user read other 1185 * people's trace files (especially if we're set-UID 1186 * root). 1187 */ 1188 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 ) 1189 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1190#endif /* WIN32 */ 1191 if (VFileName != NULL) { 1192 if (VFileName[0] == '-' && VFileName[1] == '\0') 1193 VFile = stdin; 1194 else 1195 VFile = fopen(VFileName, "r"); 1196 1197 if (VFile == NULL) 1198 error("Unable to open file: %s\n", strerror(errno)); 1199 1200 ret = get_next_file(VFile, VFileLine); 1201 if (!ret) 1202 error("Nothing in %s\n", VFileName); 1203 RFileName = VFileLine; 1204 } 1205 1206 pd = pcap_open_offline(RFileName, ebuf); 1207 if (pd == NULL) 1208 error("%s", ebuf); 1209#ifdef __FreeBSD__ 1210 cap_rights_init(&rights, CAP_READ); 1211 if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 && 1212 errno != ENOSYS) { 1213 error("unable to limit pcap descriptor"); 1214 } 1215#endif 1216 dlt = pcap_datalink(pd); 1217 dlt_name = pcap_datalink_val_to_name(dlt); 1218 if (dlt_name == NULL) { 1219 fprintf(stderr, "reading from file %s, link-type %u\n", 1220 RFileName, dlt); 1221 } else { 1222 fprintf(stderr, 1223 "reading from file %s, link-type %s (%s)\n", 1224 RFileName, dlt_name, 1225 pcap_datalink_val_to_description(dlt)); 1226 } 1227 localnet = 0; 1228 netmask = 0; 1229 } else { 1230 /* 1231 * We're doing a live capture. 1232 */ 1233 if (device == NULL) { 1234 device = pcap_lookupdev(ebuf); 1235 if (device == NULL) 1236 error("%s", ebuf); 1237 } 1238#ifdef WIN32 1239 /* 1240 * Print a message to the standard error on Windows. 1241 * XXX - why do it here, with a different message? 1242 */ 1243 if(strlen(device) == 1) //we assume that an ASCII string is always longer than 1 char 1244 { //a Unicode string has a \0 as second byte (so strlen() is 1) 1245 fprintf(stderr, "%s: listening on %ws\n", program_name, device); 1246 } 1247 else 1248 { 1249 fprintf(stderr, "%s: listening on %s\n", program_name, device); 1250 } 1251 1252 fflush(stderr); 1253#endif /* WIN32 */ 1254#ifdef HAVE_PCAP_CREATE 1255 pd = pcap_create(device, ebuf); 1256 if (pd == NULL) 1257 error("%s", ebuf); 1258#ifdef HAVE_PCAP_SET_TSTAMP_TYPE 1259 if (Jflag) 1260 show_tstamp_types_and_exit(device, pd); 1261#endif 1262 /* 1263 * Is this an interface that supports monitor mode? 1264 */ 1265 if (pcap_can_set_rfmon(pd) == 1) 1266 supports_monitor_mode = 1; 1267 else 1268 supports_monitor_mode = 0; 1269 status = pcap_set_snaplen(pd, snaplen); 1270 if (status != 0) 1271 error("%s: Can't set snapshot length: %s", 1272 device, pcap_statustostr(status)); 1273 status = pcap_set_promisc(pd, !pflag); 1274 if (status != 0) 1275 error("%s: Can't set promiscuous mode: %s", 1276 device, pcap_statustostr(status)); 1277 if (Iflag) { 1278 status = pcap_set_rfmon(pd, 1); 1279 if (status != 0) 1280 error("%s: Can't set monitor mode: %s", 1281 device, pcap_statustostr(status)); 1282 } 1283 status = pcap_set_timeout(pd, 1000); 1284 if (status != 0) 1285 error("%s: pcap_set_timeout failed: %s", 1286 device, pcap_statustostr(status)); 1287 if (Bflag != 0) { 1288 status = pcap_set_buffer_size(pd, Bflag); 1289 if (status != 0) 1290 error("%s: Can't set buffer size: %s", 1291 device, pcap_statustostr(status)); 1292 } 1293#ifdef HAVE_PCAP_SET_TSTAMP_TYPE 1294 if (jflag != -1) { 1295 status = pcap_set_tstamp_type(pd, jflag); 1296 if (status < 0) 1297 error("%s: Can't set time stamp type: %s", 1298 device, pcap_statustostr(status)); 1299 } 1300#endif 1301 status = pcap_activate(pd); 1302 if (status < 0) { 1303 /* 1304 * pcap_activate() failed. 1305 */ 1306 cp = pcap_geterr(pd); 1307 if (status == PCAP_ERROR) 1308 error("%s", cp); 1309 else if ((status == PCAP_ERROR_NO_SUCH_DEVICE || 1310 status == PCAP_ERROR_PERM_DENIED) && 1311 *cp != '\0') 1312 error("%s: %s\n(%s)", device, 1313 pcap_statustostr(status), cp); 1314#ifdef __FreeBSD__ 1315 else if (status == PCAP_ERROR_RFMON_NOTSUP && 1316 strncmp(device, "wlan", 4) == 0) { 1317 char parent[8], newdev[8]; 1318 char sysctl[32]; 1319 size_t s = sizeof(parent); 1320 1321 snprintf(sysctl, sizeof(sysctl), 1322 "net.wlan.%d.%%parent", atoi(device + 4)); 1323 sysctlbyname(sysctl, parent, &s, NULL, 0); 1324 strlcpy(newdev, device, sizeof(newdev)); 1325 /* Suggest a new wlan device. */ 1326 newdev[strlen(newdev)-1]++; 1327 error("%s is not a monitor mode VAP\n" 1328 "To create a new monitor mode VAP use:\n" 1329 " ifconfig %s create wlandev %s wlanmode " 1330 "monitor\nand use %s as the tcpdump " 1331 "interface", device, newdev, parent, 1332 newdev); 1333 } 1334#endif 1335 else 1336 error("%s: %s", device, 1337 pcap_statustostr(status)); 1338 } else if (status > 0) { 1339 /* 1340 * pcap_activate() succeeded, but it's warning us 1341 * of a problem it had. 1342 */ 1343 cp = pcap_geterr(pd); 1344 if (status == PCAP_WARNING) 1345 warning("%s", cp); 1346 else if (status == PCAP_WARNING_PROMISC_NOTSUP && 1347 *cp != '\0') 1348 warning("%s: %s\n(%s)", device, 1349 pcap_statustostr(status), cp); 1350 else 1351 warning("%s: %s", device, 1352 pcap_statustostr(status)); 1353 } 1354#else 1355 *ebuf = '\0'; 1356 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); 1357 if (pd == NULL) 1358 error("%s", ebuf); 1359 else if (*ebuf) 1360 warning("%s", ebuf); 1361#endif /* HAVE_PCAP_CREATE */ 1362 /* 1363 * Let user own process after socket has been opened. 1364 */ 1365#ifndef WIN32 1366 if (setgid(getgid()) != 0 || setuid(getuid()) != 0) 1367 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1368#endif /* WIN32 */ 1369#if !defined(HAVE_PCAP_CREATE) && defined(WIN32) 1370 if(Bflag != 0) 1371 if(pcap_setbuff(pd, Bflag)==-1){ 1372 error("%s", pcap_geterr(pd)); 1373 } 1374#endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */ 1375 if (Lflag) 1376 show_dlts_and_exit(device, pd); 1377 if (gndo->ndo_dlt >= 0) { 1378#ifdef HAVE_PCAP_SET_DATALINK 1379 if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0) 1380 error("%s", pcap_geterr(pd)); 1381#else 1382 /* 1383 * We don't actually support changing the 1384 * data link type, so we only let them 1385 * set it to what it already is. 1386 */ 1387 if (gndo->ndo_dlt != pcap_datalink(pd)) { 1388 error("%s is not one of the DLTs supported by this device\n", 1389 gndo->ndo_dltname); 1390 } 1391#endif 1392 (void)fprintf(stderr, "%s: data link type %s\n", 1393 program_name, gndo->ndo_dltname); 1394 (void)fflush(stderr); 1395 } 1396 i = pcap_snapshot(pd); 1397 if (snaplen < i) { 1398 warning("snaplen raised from %d to %d", snaplen, i); 1399 snaplen = i; 1400 } 1401 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { 1402 localnet = 0; 1403 netmask = 0; 1404 warning("%s", ebuf); 1405 } 1406 } 1407 if (infile) 1408 cmdbuf = read_infile(infile); 1409 else 1410 cmdbuf = copy_argv(&argv[optind]); 1411 1412 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1413 error("%s", pcap_geterr(pd)); 1414 if (dflag) { 1415 bpf_dump(&fcode, dflag); 1416 pcap_close(pd); 1417 free(cmdbuf); 1418 exit(0); 1419 } 1420 init_addrtoname(localnet, netmask); 1421 init_checksum(); 1422 1423#ifndef WIN32 1424 (void)setsignal(SIGPIPE, cleanup); 1425 (void)setsignal(SIGTERM, cleanup); 1426 (void)setsignal(SIGINT, cleanup); 1427#endif /* WIN32 */ 1428#if defined(HAVE_FORK) || defined(HAVE_VFORK) 1429 (void)setsignal(SIGCHLD, child_cleanup); 1430#endif 1431 /* Cooperate with nohup(1) */ 1432#ifndef WIN32 1433 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) 1434 (void)setsignal(SIGHUP, oldhandler); 1435#endif /* WIN32 */ 1436 1437#ifndef WIN32 1438 /* 1439 * If a user name was specified with "-Z", attempt to switch to 1440 * that user's UID. This would probably be used with sudo, 1441 * to allow tcpdump to be run in a special restricted 1442 * account (if you just want to allow users to open capture 1443 * devices, and can't just give users that permission, 1444 * you'd make tcpdump set-UID or set-GID). 1445 * 1446 * Tcpdump doesn't necessarily write only to one savefile; 1447 * the general only way to allow a -Z instance to write to 1448 * savefiles as the user under whose UID it's run, rather 1449 * than as the user specified with -Z, would thus be to switch 1450 * to the original user ID before opening a capture file and 1451 * then switch back to the -Z user ID after opening the savefile. 1452 * Switching to the -Z user ID only after opening the first 1453 * savefile doesn't handle the general case. 1454 */ 1455 1456#ifdef HAVE_CAP_NG_H 1457 /* We are running as root and we will be writing to savefile */ 1458 if ((getuid() == 0 || geteuid() == 0) && WFileName) { 1459 if (username) { 1460 /* Drop all capabilities from effective set */ 1461 capng_clear(CAPNG_EFFECTIVE); 1462 /* Add capabilities we will need*/ 1463 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETUID); 1464 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETGID); 1465 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_DAC_OVERRIDE); 1466 1467 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETUID); 1468 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETGID); 1469 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1470 1471 capng_apply(CAPNG_SELECT_BOTH); 1472 } 1473 } 1474#endif /* HAVE_CAP_NG_H */ 1475 1476 if (getuid() == 0 || geteuid() == 0) { 1477 if (username || chroot_dir) 1478 droproot(username, chroot_dir); 1479 1480 } 1481#endif /* WIN32 */ 1482 1483 if (pcap_setfilter(pd, &fcode) < 0) 1484 error("%s", pcap_geterr(pd)); 1485#ifdef __FreeBSD__ 1486 if (RFileName == NULL && VFileName == NULL) { 1487 static const unsigned long cmds[] = { BIOCGSTATS }; 1488 1489 cap_rights_init(&rights, CAP_IOCTL, CAP_READ); 1490 if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 && 1491 errno != ENOSYS) { 1492 error("unable to limit pcap descriptor"); 1493 } 1494 if (cap_ioctls_limit(pcap_fileno(pd), cmds, 1495 sizeof(cmds) / sizeof(cmds[0])) < 0 && errno != ENOSYS) { 1496 error("unable to limit ioctls on pcap descriptor"); 1497 } 1498 } 1499#endif 1500 if (WFileName) { 1501 pcap_dumper_t *p; 1502 /* Do not exceed the default PATH_MAX for files. */ 1503 dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1); 1504 1505 if (dumpinfo.CurrentFileName == NULL) 1506 error("malloc of dumpinfo.CurrentFileName"); 1507 1508 /* We do not need numbering for dumpfiles if Cflag isn't set. */ 1509 if (Cflag != 0) 1510 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars); 1511 else 1512 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); 1513 1514 p = pcap_dump_open(pd, dumpinfo.CurrentFileName); 1515#ifdef HAVE_CAP_NG_H 1516 /* Give up capabilities, clear Effective set */ 1517 capng_clear(CAPNG_EFFECTIVE); 1518#endif 1519 if (p == NULL) 1520 error("%s", pcap_geterr(pd)); 1521#ifdef __FreeBSD__ 1522 cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); 1523 if (cap_rights_limit(fileno(pcap_dump_file(p)), &rights) < 0 && 1524 errno != ENOSYS) { 1525 error("unable to limit dump descriptor"); 1526 } 1527#endif 1528 if (Cflag != 0 || Gflag != 0) { 1529#ifdef __FreeBSD__ 1530 dumpinfo.WFileName = strdup(basename(WFileName)); 1531 dumpinfo.dirfd = open(dirname(WFileName), 1532 O_DIRECTORY | O_RDONLY); 1533 if (dumpinfo.dirfd < 0) { 1534 error("unable to open directory %s", 1535 dirname(WFileName)); 1536 } 1537 cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL, 1538 CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK, CAP_WRITE); 1539 if (cap_rights_limit(dumpinfo.dirfd, &rights) < 0 && 1540 errno != ENOSYS) { 1541 error("unable to limit directory rights"); 1542 } 1543#else /* !__FreeBSD__ */ 1544 dumpinfo.WFileName = WFileName; 1545#endif 1546 callback = dump_packet_and_trunc; 1547 dumpinfo.pd = pd; 1548 dumpinfo.p = p; 1549 pcap_userdata = (u_char *)&dumpinfo; 1550 } else { 1551 callback = dump_packet; 1552 pcap_userdata = (u_char *)p; 1553 } 1554#ifdef HAVE_PCAP_DUMP_FLUSH 1555 if (Uflag) 1556 pcap_dump_flush(p); 1557#endif 1558 } else { 1559 type = pcap_datalink(pd); 1560 printinfo = get_print_info(type); 1561 callback = print_packet; 1562 pcap_userdata = (u_char *)&printinfo; 1563 } 1564 1565#ifdef SIGNAL_REQ_INFO 1566 /* 1567 * We can't get statistics when reading from a file rather 1568 * than capturing from a device. 1569 */ 1570 if (RFileName == NULL) 1571 (void)setsignal(SIGNAL_REQ_INFO, requestinfo); 1572#endif 1573 1574 if (vflag > 0 && WFileName) { 1575 /* 1576 * When capturing to a file, "-v" means tcpdump should, 1577 * every 10 secodns, "v"erbosely report the number of 1578 * packets captured. 1579 */ 1580#ifdef USE_WIN32_MM_TIMER 1581 /* call verbose_stats_dump() each 1000 +/-100msec */ 1582 timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC); 1583 setvbuf(stderr, NULL, _IONBF, 0); 1584#elif defined(HAVE_ALARM) 1585 (void)setsignal(SIGALRM, verbose_stats_dump); 1586 alarm(1); 1587#endif 1588 } 1589 1590#ifndef WIN32 1591 if (RFileName == NULL) { 1592 /* 1593 * Live capture (if -V was specified, we set RFileName 1594 * to a file from the -V file). Print a message to 1595 * the standard error on UN*X. 1596 */ 1597 if (!vflag && !WFileName) { 1598 (void)fprintf(stderr, 1599 "%s: verbose output suppressed, use -v or -vv for full protocol decode\n", 1600 program_name); 1601 } else 1602 (void)fprintf(stderr, "%s: ", program_name); 1603 dlt = pcap_datalink(pd); 1604 dlt_name = pcap_datalink_val_to_name(dlt); 1605 if (dlt_name == NULL) { 1606 (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n", 1607 device, dlt, snaplen); 1608 } else { 1609 (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n", 1610 device, dlt_name, 1611 pcap_datalink_val_to_description(dlt), snaplen); 1612 } 1613 (void)fflush(stderr); 1614 } 1615#endif /* WIN32 */ 1616 1617#ifdef __FreeBSD__ 1618 cansandbox = (nflag && VFileName == NULL && zflag == NULL); 1619 if (cansandbox && cap_enter() < 0 && errno != ENOSYS) 1620 error("unable to enter the capability mode"); 1621 if (cap_sandboxed()) 1622 fprintf(stderr, "capability mode sandbox enabled\n"); 1623#endif /* __FreeBSD__ */ 1624 1625 do { 1626 status = pcap_loop(pd, cnt, callback, pcap_userdata); 1627 if (WFileName == NULL) { 1628 /* 1629 * We're printing packets. Flush the printed output, 1630 * so it doesn't get intermingled with error output. 1631 */ 1632 if (status == -2) { 1633 /* 1634 * We got interrupted, so perhaps we didn't 1635 * manage to finish a line we were printing. 1636 * Print an extra newline, just in case. 1637 */ 1638 putchar('\n'); 1639 } 1640 (void)fflush(stdout); 1641 } 1642 if (status == -1) { 1643 /* 1644 * Error. Report it. 1645 */ 1646 (void)fprintf(stderr, "%s: pcap_loop: %s\n", 1647 program_name, pcap_geterr(pd)); 1648 } 1649 if (RFileName == NULL) { 1650 /* 1651 * We're doing a live capture. Report the capture 1652 * statistics. 1653 */ 1654 info(1); 1655 } 1656 pcap_close(pd); 1657 if (VFileName != NULL) { 1658 ret = get_next_file(VFile, VFileLine); 1659 if (ret) { 1660 RFileName = VFileLine; 1661 pd = pcap_open_offline(RFileName, ebuf); 1662 if (pd == NULL) 1663 error("%s", ebuf); 1664#ifdef __FreeBSD__ 1665 cap_rights_init(&rights, CAP_READ); 1666 if (cap_rights_limit(fileno(pcap_file(pd)), 1667 &rights) < 0 && errno != ENOSYS) { 1668 error("unable to limit pcap descriptor"); 1669 } 1670#endif 1671 new_dlt = pcap_datalink(pd); 1672 if (WFileName && new_dlt != dlt) 1673 error("%s: new dlt does not match original", RFileName); 1674 printinfo = get_print_info(new_dlt); 1675 dlt_name = pcap_datalink_val_to_name(new_dlt); 1676 if (dlt_name == NULL) { 1677 fprintf(stderr, "reading from file %s, link-type %u\n", 1678 RFileName, new_dlt); 1679 } else { 1680 fprintf(stderr, 1681 "reading from file %s, link-type %s (%s)\n", 1682 RFileName, dlt_name, 1683 pcap_datalink_val_to_description(new_dlt)); 1684 } 1685 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1686 error("%s", pcap_geterr(pd)); 1687 if (pcap_setfilter(pd, &fcode) < 0) 1688 error("%s", pcap_geterr(pd)); 1689 } 1690 } 1691 } 1692 while (ret != NULL); 1693 1694 free(cmdbuf); 1695 exit(status == -1 ? 1 : 0); 1696} 1697 1698/* make a clean exit on interrupts */ 1699static RETSIGTYPE 1700cleanup(int signo _U_) 1701{ 1702#ifdef USE_WIN32_MM_TIMER 1703 if (timer_id) 1704 timeKillEvent(timer_id); 1705 timer_id = 0; 1706#elif defined(HAVE_ALARM) 1707 alarm(0); 1708#endif 1709 1710#ifdef HAVE_PCAP_BREAKLOOP 1711 /* 1712 * We have "pcap_breakloop()"; use it, so that we do as little 1713 * as possible in the signal handler (it's probably not safe 1714 * to do anything with standard I/O streams in a signal handler - 1715 * the ANSI C standard doesn't say it is). 1716 */ 1717 pcap_breakloop(pd); 1718#else 1719 /* 1720 * We don't have "pcap_breakloop()"; this isn't safe, but 1721 * it's the best we can do. Print the summary if we're 1722 * not reading from a savefile - i.e., if we're doing a 1723 * live capture - and exit. 1724 */ 1725 if (pd != NULL && pcap_file(pd) == NULL) { 1726 /* 1727 * We got interrupted, so perhaps we didn't 1728 * manage to finish a line we were printing. 1729 * Print an extra newline, just in case. 1730 */ 1731 putchar('\n'); 1732 (void)fflush(stdout); 1733 info(1); 1734 } 1735 exit(0); 1736#endif 1737} 1738 1739/* 1740 On windows, we do not use a fork, so we do not care less about 1741 waiting a child processes to die 1742 */ 1743#if defined(HAVE_FORK) || defined(HAVE_VFORK) 1744static RETSIGTYPE 1745child_cleanup(int signo _U_) 1746{ 1747 wait(NULL); 1748} 1749#endif /* HAVE_FORK && HAVE_VFORK */ 1750 1751static void 1752info(register int verbose) 1753{ 1754 struct pcap_stat stat; 1755 1756 /* 1757 * Older versions of libpcap didn't set ps_ifdrop on some 1758 * platforms; initialize it to 0 to handle that. 1759 */ 1760 stat.ps_ifdrop = 0; 1761 if (pcap_stats(pd, &stat) < 0) { 1762 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); 1763 infoprint = 0; 1764 return; 1765 } 1766 1767 if (!verbose) 1768 fprintf(stderr, "%s: ", program_name); 1769 1770 (void)fprintf(stderr, "%u packet%s captured", packets_captured, 1771 PLURAL_SUFFIX(packets_captured)); 1772 if (!verbose) 1773 fputs(", ", stderr); 1774 else 1775 putc('\n', stderr); 1776 (void)fprintf(stderr, "%u packet%s received by filter", stat.ps_recv, 1777 PLURAL_SUFFIX(stat.ps_recv)); 1778 if (!verbose) 1779 fputs(", ", stderr); 1780 else 1781 putc('\n', stderr); 1782 (void)fprintf(stderr, "%u packet%s dropped by kernel", stat.ps_drop, 1783 PLURAL_SUFFIX(stat.ps_drop)); 1784 if (stat.ps_ifdrop != 0) { 1785 if (!verbose) 1786 fputs(", ", stderr); 1787 else 1788 putc('\n', stderr); 1789 (void)fprintf(stderr, "%u packet%s dropped by interface\n", 1790 stat.ps_ifdrop, PLURAL_SUFFIX(stat.ps_ifdrop)); 1791 } else 1792 putc('\n', stderr); 1793 infoprint = 0; 1794} 1795 1796#if defined(HAVE_FORK) || defined(HAVE_VFORK) 1797static void 1798compress_savefile(const char *filename) 1799{ 1800# ifdef HAVE_FORK 1801 if (fork()) 1802# else 1803 if (vfork()) 1804# endif 1805 return; 1806 /* 1807 * Set to lowest priority so that this doesn't disturb the capture 1808 */ 1809#ifdef NZERO 1810 setpriority(PRIO_PROCESS, 0, NZERO - 1); 1811#else 1812 setpriority(PRIO_PROCESS, 0, 19); 1813#endif 1814 if (execlp(zflag, zflag, filename, (char *)NULL) == -1) 1815 fprintf(stderr, 1816 "compress_savefile:execlp(%s, %s): %s\n", 1817 zflag, 1818 filename, 1819 strerror(errno)); 1820# ifdef HAVE_FORK 1821 exit(1); 1822# else 1823 _exit(1); 1824# endif 1825} 1826#else /* HAVE_FORK && HAVE_VFORK */ 1827static void 1828compress_savefile(const char *filename) 1829{ 1830 fprintf(stderr, 1831 "compress_savefile failed. Functionality not implemented under your system\n"); 1832} 1833#endif /* HAVE_FORK && HAVE_VFORK */ 1834 1835static void 1836dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1837{ 1838 struct dump_info *dump_info; 1839#ifdef __FreeBSD__ 1840 cap_rights_t rights; 1841#endif 1842 1843 ++packets_captured; 1844 1845 ++infodelay; 1846 1847 dump_info = (struct dump_info *)user; 1848 1849 /* 1850 * XXX - this won't force the file to rotate on the specified time 1851 * boundary, but it will rotate on the first packet received after the 1852 * specified Gflag number of seconds. Note: if a Gflag time boundary 1853 * and a Cflag size boundary coincide, the time rotation will occur 1854 * first thereby cancelling the Cflag boundary (since the file should 1855 * be 0). 1856 */ 1857 if (Gflag != 0) { 1858 /* Check if it is time to rotate */ 1859 time_t t; 1860 1861 /* Get the current time */ 1862 if ((t = time(NULL)) == (time_t)-1) { 1863 error("dump_and_trunc_packet: can't get current_time: %s", 1864 pcap_strerror(errno)); 1865 } 1866 1867 1868 /* If the time is greater than the specified window, rotate */ 1869 if (t - Gflag_time >= Gflag) { 1870#ifdef __FreeBSD__ 1871 FILE *fp; 1872 int fd; 1873#endif 1874 1875 /* Update the Gflag_time */ 1876 Gflag_time = t; 1877 /* Update Gflag_count */ 1878 Gflag_count++; 1879 /* 1880 * Close the current file and open a new one. 1881 */ 1882 pcap_dump_close(dump_info->p); 1883 1884 /* 1885 * Compress the file we just closed, if the user asked for it 1886 */ 1887 if (zflag != NULL) 1888 compress_savefile(dump_info->CurrentFileName); 1889 1890 /* 1891 * Check to see if we've exceeded the Wflag (when 1892 * not using Cflag). 1893 */ 1894 if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) { 1895 (void)fprintf(stderr, "Maximum file limit reached: %d\n", 1896 Wflag); 1897 exit(0); 1898 /* NOTREACHED */ 1899 } 1900 if (dump_info->CurrentFileName != NULL) 1901 free(dump_info->CurrentFileName); 1902 /* Allocate space for max filename + \0. */ 1903 dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); 1904 if (dump_info->CurrentFileName == NULL) 1905 error("dump_packet_and_trunc: malloc"); 1906 /* 1907 * This is always the first file in the Cflag 1908 * rotation: e.g. 0 1909 * We also don't need numbering if Cflag is not set. 1910 */ 1911 if (Cflag != 0) 1912 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 1913 WflagChars); 1914 else 1915 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0); 1916 1917#ifdef HAVE_CAP_NG_H 1918 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1919 capng_apply(CAPNG_EFFECTIVE); 1920#endif /* HAVE_CAP_NG_H */ 1921#ifdef __FreeBSD__ 1922 fd = openat(dump_info->dirfd, 1923 dump_info->CurrentFileName, 1924 O_CREAT | O_WRONLY | O_TRUNC, 0644); 1925 if (fd < 0) { 1926 error("unable to open file %s", 1927 dump_info->CurrentFileName); 1928 } 1929 fp = fdopen(fd, "w"); 1930 if (fp == NULL) { 1931 error("unable to fdopen file %s", 1932 dump_info->CurrentFileName); 1933 } 1934 dump_info->p = pcap_dump_fopen(dump_info->pd, fp); 1935#else /* !__FreeBSD__ */ 1936 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1937#endif 1938#ifdef HAVE_CAP_NG_H 1939 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1940 capng_apply(CAPNG_EFFECTIVE); 1941#endif /* HAVE_CAP_NG_H */ 1942 if (dump_info->p == NULL) 1943 error("%s", pcap_geterr(pd)); 1944#ifdef __FreeBSD__ 1945 cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); 1946 if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)), 1947 &rights) < 0 && errno != ENOSYS) { 1948 error("unable to limit dump descriptor"); 1949 } 1950#endif 1951 } 1952 } 1953 1954 /* 1955 * XXX - this won't prevent capture files from getting 1956 * larger than Cflag - the last packet written to the 1957 * file could put it over Cflag. 1958 */ 1959 if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) { 1960#ifdef __FreeBSD__ 1961 FILE *fp; 1962 int fd; 1963#endif 1964 1965 /* 1966 * Close the current file and open a new one. 1967 */ 1968 pcap_dump_close(dump_info->p); 1969 1970 /* 1971 * Compress the file we just closed, if the user asked for it 1972 */ 1973 if (zflag != NULL) 1974 compress_savefile(dump_info->CurrentFileName); 1975 1976 Cflag_count++; 1977 if (Wflag > 0) { 1978 if (Cflag_count >= Wflag) 1979 Cflag_count = 0; 1980 } 1981 if (dump_info->CurrentFileName != NULL) 1982 free(dump_info->CurrentFileName); 1983 dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); 1984 if (dump_info->CurrentFileName == NULL) 1985 error("dump_packet_and_trunc: malloc"); 1986 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars); 1987#ifdef __FreeBSD__ 1988 fd = openat(dump_info->dirfd, dump_info->CurrentFileName, 1989 O_CREAT | O_WRONLY | O_TRUNC, 0644); 1990 if (fd < 0) { 1991 error("unable to open file %s", 1992 dump_info->CurrentFileName); 1993 } 1994 fp = fdopen(fd, "w"); 1995 if (fp == NULL) { 1996 error("unable to fdopen file %s", 1997 dump_info->CurrentFileName); 1998 } 1999 dump_info->p = pcap_dump_fopen(dump_info->pd, fp); 2000#else /* !__FreeBSD__ */ 2001 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 2002#endif 2003 if (dump_info->p == NULL) 2004 error("%s", pcap_geterr(pd)); 2005#ifdef __FreeBSD__ 2006 cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); 2007 if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)), 2008 &rights) < 0 && errno != ENOSYS) { 2009 error("unable to limit dump descriptor"); 2010 } 2011#endif 2012 } 2013 2014 pcap_dump((u_char *)dump_info->p, h, sp); 2015#ifdef HAVE_PCAP_DUMP_FLUSH 2016 if (Uflag) 2017 pcap_dump_flush(dump_info->p); 2018#endif 2019 2020 --infodelay; 2021 if (infoprint) 2022 info(0); 2023} 2024 2025static void 2026dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 2027{ 2028 ++packets_captured; 2029 2030 ++infodelay; 2031 2032 pcap_dump(user, h, sp); 2033#ifdef HAVE_PCAP_DUMP_FLUSH 2034 if (Uflag) 2035 pcap_dump_flush((pcap_dumper_t *)user); 2036#endif 2037 2038 --infodelay; 2039 if (infoprint) 2040 info(0); 2041} 2042 2043static void 2044print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 2045{ 2046 struct print_info *print_info; 2047 u_int hdrlen; 2048 2049 ++packets_captured; 2050 2051 ++infodelay; 2052 ts_print(&h->ts); 2053 2054 print_info = (struct print_info *)user; 2055 2056 /* 2057 * Some printers want to check that they're not walking off the 2058 * end of the packet. 2059 * Rather than pass it all the way down, we set this global. 2060 */ 2061 snapend = sp + h->caplen; 2062 2063 if(print_info->ndo_type) { 2064 hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp); 2065 } else { 2066 hdrlen = (*print_info->p.printer)(h, sp); 2067 } 2068 2069 if (Xflag) { 2070 /* 2071 * Print the raw packet data in hex and ASCII. 2072 */ 2073 if (Xflag > 1) { 2074 /* 2075 * Include the link-layer header. 2076 */ 2077 hex_and_ascii_print("\n\t", sp, h->caplen); 2078 } else { 2079 /* 2080 * Don't include the link-layer header - and if 2081 * we have nothing past the link-layer header, 2082 * print nothing. 2083 */ 2084 if (h->caplen > hdrlen) 2085 hex_and_ascii_print("\n\t", sp + hdrlen, 2086 h->caplen - hdrlen); 2087 } 2088 } else if (xflag) { 2089 /* 2090 * Print the raw packet data in hex. 2091 */ 2092 if (xflag > 1) { 2093 /* 2094 * Include the link-layer header. 2095 */ 2096 hex_print("\n\t", sp, h->caplen); 2097 } else { 2098 /* 2099 * Don't include the link-layer header - and if 2100 * we have nothing past the link-layer header, 2101 * print nothing. 2102 */ 2103 if (h->caplen > hdrlen) 2104 hex_print("\n\t", sp + hdrlen, 2105 h->caplen - hdrlen); 2106 } 2107 } else if (Aflag) { 2108 /* 2109 * Print the raw packet data in ASCII. 2110 */ 2111 if (Aflag > 1) { 2112 /* 2113 * Include the link-layer header. 2114 */ 2115 ascii_print(sp, h->caplen); 2116 } else { 2117 /* 2118 * Don't include the link-layer header - and if 2119 * we have nothing past the link-layer header, 2120 * print nothing. 2121 */ 2122 if (h->caplen > hdrlen) 2123 ascii_print(sp + hdrlen, h->caplen - hdrlen); 2124 } 2125 } 2126 2127 putchar('\n'); 2128 2129 --infodelay; 2130 if (infoprint) 2131 info(0); 2132} 2133 2134#ifdef WIN32 2135 /* 2136 * XXX - there should really be libpcap calls to get the version 2137 * number as a string (the string would be generated from #defines 2138 * at run time, so that it's not generated from string constants 2139 * in the library, as, on many UNIX systems, those constants would 2140 * be statically linked into the application executable image, and 2141 * would thus reflect the version of libpcap on the system on 2142 * which the application was *linked*, not the system on which it's 2143 * *running*. 2144 * 2145 * That routine should be documented, unlike the "version[]" 2146 * string, so that UNIX vendors providing their own libpcaps 2147 * don't omit it (as a couple of vendors have...). 2148 * 2149 * Packet.dll should perhaps also export a routine to return the 2150 * version number of the Packet.dll code, to supply the 2151 * "Wpcap_version" information on Windows. 2152 */ 2153 char WDversion[]="current-cvs.tcpdump.org"; 2154#if !defined(HAVE_GENERATED_VERSION) 2155 char version[]="current-cvs.tcpdump.org"; 2156#endif 2157 char pcap_version[]="current-cvs.tcpdump.org"; 2158 char Wpcap_version[]="3.1"; 2159#endif 2160 2161/* 2162 * By default, print the specified data out in hex and ASCII. 2163 */ 2164static void 2165ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length) 2166{ 2167 hex_and_ascii_print("\n\t", bp, length); /* pass on lf and identation string */ 2168} 2169 2170void 2171default_print(const u_char *bp, u_int length) 2172{ 2173 ndo_default_print(gndo, bp, length); 2174} 2175 2176#ifdef SIGNAL_REQ_INFO 2177RETSIGTYPE requestinfo(int signo _U_) 2178{ 2179 if (infodelay) 2180 ++infoprint; 2181 else 2182 info(0); 2183} 2184#endif 2185 2186/* 2187 * Called once each second in verbose mode while dumping to file 2188 */ 2189#ifdef USE_WIN32_MM_TIMER 2190void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_, 2191 DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_) 2192{ 2193 struct pcap_stat stat; 2194 2195 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 2196 fprintf(stderr, "Got %u\r", packets_captured); 2197} 2198#elif defined(HAVE_ALARM) 2199static void verbose_stats_dump(int sig _U_) 2200{ 2201 struct pcap_stat stat; 2202 2203 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 2204 fprintf(stderr, "Got %u\r", packets_captured); 2205 alarm(1); 2206} 2207#endif 2208 2209static void 2210usage(void) 2211{ 2212 extern char version[]; 2213#ifndef HAVE_PCAP_LIB_VERSION 2214#if defined(WIN32) || defined(HAVE_PCAP_VERSION) 2215 extern char pcap_version[]; 2216#else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 2217 static char pcap_version[] = "unknown"; 2218#endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 2219#endif /* HAVE_PCAP_LIB_VERSION */ 2220 2221#ifdef HAVE_PCAP_LIB_VERSION 2222#ifdef WIN32 2223 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 2224#else /* WIN32 */ 2225 (void)fprintf(stderr, "%s version %s\n", program_name, version); 2226#endif /* WIN32 */ 2227 (void)fprintf(stderr, "%s\n",pcap_lib_version()); 2228#else /* HAVE_PCAP_LIB_VERSION */ 2229#ifdef WIN32 2230 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 2231 (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version); 2232#else /* WIN32 */ 2233 (void)fprintf(stderr, "%s version %s\n", program_name, version); 2234 (void)fprintf(stderr, "libpcap version %s\n", pcap_version); 2235#endif /* WIN32 */ 2236#endif /* HAVE_PCAP_LIB_VERSION */ 2237 (void)fprintf(stderr, 2238"Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name); 2239 (void)fprintf(stderr, 2240"\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n"); 2241 (void)fprintf(stderr, 2242"\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ]\n"); 2243 (void)fprintf(stderr, 2244"\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]\n"); 2245 (void)fprintf(stderr, 2246"\t\t[ -W filecount ] [ -y datalinktype ] [ -z command ]\n"); 2247 (void)fprintf(stderr, 2248"\t\t[ -Z user ] [ expression ]\n"); 2249 exit(1); 2250} 2251 2252 2253 2254/* VARARGS */ 2255static void 2256ndo_error(netdissect_options *ndo _U_, const char *fmt, ...) 2257{ 2258 va_list ap; 2259 2260 (void)fprintf(stderr, "%s: ", program_name); 2261 va_start(ap, fmt); 2262 (void)vfprintf(stderr, fmt, ap); 2263 va_end(ap); 2264 if (*fmt) { 2265 fmt += strlen(fmt); 2266 if (fmt[-1] != '\n') 2267 (void)fputc('\n', stderr); 2268 } 2269 exit(1); 2270 /* NOTREACHED */ 2271} 2272 2273/* VARARGS */ 2274static void 2275ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...) 2276{ 2277 va_list ap; 2278 2279 (void)fprintf(stderr, "%s: WARNING: ", program_name); 2280 va_start(ap, fmt); 2281 (void)vfprintf(stderr, fmt, ap); 2282 va_end(ap); 2283 if (*fmt) { 2284 fmt += strlen(fmt); 2285 if (fmt[-1] != '\n') 2286 (void)fputc('\n', stderr); 2287 } 2288} 2289