1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Support for splitting captures into multiple files with a maximum 22 * file size: 23 * 24 * Copyright (c) 2001 25 * Seth Webster <swebster@sst.ll.mit.edu> 26 */ 27 28 #ifndef lint 29 static const char copyright[] _U_ = 30 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ 31 The Regents of the University of California. All rights reserved.\n"; 32 static const char rcsid[] _U_ = 33 "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp $ (LBL)"; 34 #endif 35 36 /* $FreeBSD$ */ 37 38 /* 39 * tcpdump - monitor tcp/ip traffic on an ethernet. 40 * 41 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. 42 * Mercilessly hacked and occasionally improved since then via the 43 * combined efforts of Van, Steve McCanne and Craig Leres of LBL. 44 */ 45 46 #ifdef HAVE_CONFIG_H 47 #include "config.h" 48 #endif 49 50 #include <tcpdump-stdinc.h> 51 52 #ifdef WIN32 53 #include "getopt.h" 54 #include "w32_fzs.h" 55 extern int strcasecmp (const char *__s1, const char *__s2); 56 extern int SIZE_BUF; 57 #define off_t long 58 #define uint UINT 59 #endif /* WIN32 */ 60 61 #ifdef HAVE_SMI_H 62 #include <smi.h> 63 #endif 64 65 #include <pcap.h> 66 #include <signal.h> 67 #include <stdio.h> 68 #include <stdlib.h> 69 #include <string.h> 70 #include <limits.h> 71 #ifdef __FreeBSD__ 72 #include <sys/capability.h> 73 #include <sys/ioccom.h> 74 #include <net/bpf.h> 75 #include <fcntl.h> 76 #include <libgen.h> 77 #endif /* __FreeBSD__ */ 78 #ifndef WIN32 79 #include <sys/wait.h> 80 #include <sys/resource.h> 81 #include <pwd.h> 82 #include <grp.h> 83 #include <errno.h> 84 #endif /* WIN32 */ 85 86 /* capabilities convinience library */ 87 #ifdef HAVE_CAP_NG_H 88 #include <cap-ng.h> 89 #endif /* HAVE_CAP_NG_H */ 90 91 #include "netdissect.h" 92 #include "interface.h" 93 #include "addrtoname.h" 94 #include "machdep.h" 95 #include "setsignal.h" 96 #include "gmt2local.h" 97 #include "pcap-missing.h" 98 99 #ifndef PATH_MAX 100 #define PATH_MAX 1024 101 #endif 102 103 #ifdef SIGINFO 104 #define SIGNAL_REQ_INFO SIGINFO 105 #elif SIGUSR1 106 #define SIGNAL_REQ_INFO SIGUSR1 107 #endif 108 109 netdissect_options Gndo; 110 netdissect_options *gndo = &Gndo; 111 112 static int dflag; /* print filter code */ 113 static int Lflag; /* list available data link types and exit */ 114 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 115 static int Jflag; /* list available time stamp types */ 116 #endif 117 static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */ 118 119 static int infodelay; 120 static int infoprint; 121 122 char *program_name; 123 124 int32_t thiszone; /* seconds offset from gmt to local time */ 125 126 /* Forwards */ 127 static RETSIGTYPE cleanup(int); 128 static RETSIGTYPE child_cleanup(int); 129 static void usage(void) __attribute__((noreturn)); 130 static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn)); 131 132 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 133 static void ndo_default_print(netdissect_options *, const u_char *, u_int); 134 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); 135 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 136 static void droproot(const char *, const char *); 137 static void ndo_error(netdissect_options *ndo, const char *fmt, ...) 138 __attribute__ ((noreturn, format (printf, 2, 3))); 139 static void ndo_warning(netdissect_options *ndo, const char *fmt, ...); 140 141 #ifdef SIGNAL_REQ_INFO 142 RETSIGTYPE requestinfo(int); 143 #endif 144 145 #if defined(USE_WIN32_MM_TIMER) 146 #include <MMsystem.h> 147 static UINT timer_id; 148 static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR); 149 #elif defined(HAVE_ALARM) 150 static void verbose_stats_dump(int sig); 151 #endif 152 153 static void info(int); 154 static u_int packets_captured; 155 156 struct printer { 157 if_printer f; 158 int type; 159 }; 160 161 162 struct ndo_printer { 163 if_ndo_printer f; 164 int type; 165 }; 166 167 168 static struct printer printers[] = { 169 { arcnet_if_print, DLT_ARCNET }, 170 #ifdef DLT_ARCNET_LINUX 171 { arcnet_linux_if_print, DLT_ARCNET_LINUX }, 172 #endif 173 { token_if_print, DLT_IEEE802 }, 174 #ifdef DLT_LANE8023 175 { lane_if_print, DLT_LANE8023 }, 176 #endif 177 #ifdef DLT_CIP 178 { cip_if_print, DLT_CIP }, 179 #endif 180 #ifdef DLT_ATM_CLIP 181 { cip_if_print, DLT_ATM_CLIP }, 182 #endif 183 { sl_if_print, DLT_SLIP }, 184 #ifdef DLT_SLIP_BSDOS 185 { sl_bsdos_if_print, DLT_SLIP_BSDOS }, 186 #endif 187 { ppp_if_print, DLT_PPP }, 188 #ifdef DLT_PPP_WITHDIRECTION 189 { ppp_if_print, DLT_PPP_WITHDIRECTION }, 190 #endif 191 #ifdef DLT_PPP_BSDOS 192 { ppp_bsdos_if_print, DLT_PPP_BSDOS }, 193 #endif 194 { fddi_if_print, DLT_FDDI }, 195 { null_if_print, DLT_NULL }, 196 #ifdef DLT_LOOP 197 { null_if_print, DLT_LOOP }, 198 #endif 199 { raw_if_print, DLT_RAW }, 200 { atm_if_print, DLT_ATM_RFC1483 }, 201 #ifdef DLT_C_HDLC 202 { chdlc_if_print, DLT_C_HDLC }, 203 #endif 204 #ifdef DLT_HDLC 205 { chdlc_if_print, DLT_HDLC }, 206 #endif 207 #ifdef DLT_PPP_SERIAL 208 { ppp_hdlc_if_print, DLT_PPP_SERIAL }, 209 #endif 210 #ifdef DLT_PPP_ETHER 211 { pppoe_if_print, DLT_PPP_ETHER }, 212 #endif 213 #ifdef DLT_LINUX_SLL 214 { sll_if_print, DLT_LINUX_SLL }, 215 #endif 216 #ifdef DLT_IEEE802_11 217 { ieee802_11_if_print, DLT_IEEE802_11}, 218 #endif 219 #ifdef DLT_LTALK 220 { ltalk_if_print, DLT_LTALK }, 221 #endif 222 #if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H) 223 { pflog_if_print, DLT_PFLOG }, 224 #endif 225 #ifdef DLT_FR 226 { fr_if_print, DLT_FR }, 227 #endif 228 #ifdef DLT_FRELAY 229 { fr_if_print, DLT_FRELAY }, 230 #endif 231 #ifdef DLT_SUNATM 232 { sunatm_if_print, DLT_SUNATM }, 233 #endif 234 #ifdef DLT_IP_OVER_FC 235 { ipfc_if_print, DLT_IP_OVER_FC }, 236 #endif 237 #ifdef DLT_PRISM_HEADER 238 { prism_if_print, DLT_PRISM_HEADER }, 239 #endif 240 #ifdef DLT_IEEE802_11_RADIO 241 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, 242 #endif 243 #ifdef DLT_ENC 244 { enc_if_print, DLT_ENC }, 245 #endif 246 #ifdef DLT_SYMANTEC_FIREWALL 247 { symantec_if_print, DLT_SYMANTEC_FIREWALL }, 248 #endif 249 #ifdef DLT_APPLE_IP_OVER_IEEE1394 250 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, 251 #endif 252 #ifdef DLT_IEEE802_11_RADIO_AVS 253 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, 254 #endif 255 #ifdef DLT_JUNIPER_ATM1 256 { juniper_atm1_print, DLT_JUNIPER_ATM1 }, 257 #endif 258 #ifdef DLT_JUNIPER_ATM2 259 { juniper_atm2_print, DLT_JUNIPER_ATM2 }, 260 #endif 261 #ifdef DLT_JUNIPER_MFR 262 { juniper_mfr_print, DLT_JUNIPER_MFR }, 263 #endif 264 #ifdef DLT_JUNIPER_MLFR 265 { juniper_mlfr_print, DLT_JUNIPER_MLFR }, 266 #endif 267 #ifdef DLT_JUNIPER_MLPPP 268 { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, 269 #endif 270 #ifdef DLT_JUNIPER_PPPOE 271 { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, 272 #endif 273 #ifdef DLT_JUNIPER_PPPOE_ATM 274 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, 275 #endif 276 #ifdef DLT_JUNIPER_GGSN 277 { juniper_ggsn_print, DLT_JUNIPER_GGSN }, 278 #endif 279 #ifdef DLT_JUNIPER_ES 280 { juniper_es_print, DLT_JUNIPER_ES }, 281 #endif 282 #ifdef DLT_JUNIPER_MONITOR 283 { juniper_monitor_print, DLT_JUNIPER_MONITOR }, 284 #endif 285 #ifdef DLT_JUNIPER_SERVICES 286 { juniper_services_print, DLT_JUNIPER_SERVICES }, 287 #endif 288 #ifdef DLT_JUNIPER_ETHER 289 { juniper_ether_print, DLT_JUNIPER_ETHER }, 290 #endif 291 #ifdef DLT_JUNIPER_PPP 292 { juniper_ppp_print, DLT_JUNIPER_PPP }, 293 #endif 294 #ifdef DLT_JUNIPER_FRELAY 295 { juniper_frelay_print, DLT_JUNIPER_FRELAY }, 296 #endif 297 #ifdef DLT_JUNIPER_CHDLC 298 { juniper_chdlc_print, DLT_JUNIPER_CHDLC }, 299 #endif 300 #ifdef DLT_MFR 301 { mfr_if_print, DLT_MFR }, 302 #endif 303 #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H) 304 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, 305 #endif 306 #ifdef HAVE_PCAP_USB_H 307 #ifdef DLT_USB_LINUX 308 { usb_linux_48_byte_print, DLT_USB_LINUX}, 309 #endif /* DLT_USB_LINUX */ 310 #ifdef DLT_USB_LINUX_MMAPPED 311 { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED}, 312 #endif /* DLT_USB_LINUX_MMAPPED */ 313 #endif /* HAVE_PCAP_USB_H */ 314 #ifdef DLT_IPV4 315 { raw_if_print, DLT_IPV4 }, 316 #endif 317 #ifdef DLT_IPV6 318 { raw_if_print, DLT_IPV6 }, 319 #endif 320 { NULL, 0 }, 321 }; 322 323 static struct ndo_printer ndo_printers[] = { 324 { ether_if_print, DLT_EN10MB }, 325 #ifdef DLT_IPNET 326 { ipnet_if_print, DLT_IPNET }, 327 #endif 328 #ifdef DLT_IEEE802_15_4 329 { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, 330 #endif 331 #ifdef DLT_IEEE802_15_4_NOFCS 332 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS }, 333 #endif 334 #ifdef DLT_PPI 335 { ppi_if_print, DLT_PPI }, 336 #endif 337 #ifdef DLT_NETANALYZER 338 { netanalyzer_if_print, DLT_NETANALYZER }, 339 #endif 340 #ifdef DLT_NETANALYZER_TRANSPARENT 341 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, 342 #endif 343 { NULL, 0 }, 344 }; 345 346 if_printer 347 lookup_printer(int type) 348 { 349 struct printer *p; 350 351 for (p = printers; p->f; ++p) 352 if (type == p->type) 353 return p->f; 354 355 return NULL; 356 /* NOTREACHED */ 357 } 358 359 if_ndo_printer 360 lookup_ndo_printer(int type) 361 { 362 struct ndo_printer *p; 363 364 for (p = ndo_printers; p->f; ++p) 365 if (type == p->type) 366 return p->f; 367 368 return NULL; 369 /* NOTREACHED */ 370 } 371 372 static pcap_t *pd; 373 374 static int supports_monitor_mode; 375 376 extern int optind; 377 extern int opterr; 378 extern char *optarg; 379 380 struct print_info { 381 netdissect_options *ndo; 382 union { 383 if_printer printer; 384 if_ndo_printer ndo_printer; 385 } p; 386 int ndo_type; 387 }; 388 389 struct dump_info { 390 char *WFileName; 391 char *CurrentFileName; 392 pcap_t *pd; 393 pcap_dumper_t *p; 394 #ifdef __FreeBSD__ 395 int dirfd; 396 #endif 397 }; 398 399 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 400 static void 401 show_tstamp_types_and_exit(const char *device, pcap_t *pd) 402 { 403 int n_tstamp_types; 404 int *tstamp_types = 0; 405 const char *tstamp_type_name; 406 int i; 407 408 n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types); 409 if (n_tstamp_types < 0) 410 error("%s", pcap_geterr(pd)); 411 412 if (n_tstamp_types == 0) { 413 fprintf(stderr, "Time stamp type cannot be set for %s\n", 414 device); 415 exit(0); 416 } 417 fprintf(stderr, "Time stamp types for %s (use option -j to set):\n", 418 device); 419 for (i = 0; i < n_tstamp_types; i++) { 420 tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]); 421 if (tstamp_type_name != NULL) { 422 (void) fprintf(stderr, " %s (%s)\n", tstamp_type_name, 423 pcap_tstamp_type_val_to_description(tstamp_types[i])); 424 } else { 425 (void) fprintf(stderr, " %d\n", tstamp_types[i]); 426 } 427 } 428 pcap_free_tstamp_types(tstamp_types); 429 exit(0); 430 } 431 #endif 432 433 static void 434 show_dlts_and_exit(const char *device, pcap_t *pd) 435 { 436 int n_dlts; 437 int *dlts = 0; 438 const char *dlt_name; 439 440 n_dlts = pcap_list_datalinks(pd, &dlts); 441 if (n_dlts < 0) 442 error("%s", pcap_geterr(pd)); 443 else if (n_dlts == 0 || !dlts) 444 error("No data link types."); 445 446 /* 447 * If the interface is known to support monitor mode, indicate 448 * whether these are the data link types available when not in 449 * monitor mode, if -I wasn't specified, or when in monitor mode, 450 * when -I was specified (the link-layer types available in 451 * monitor mode might be different from the ones available when 452 * not in monitor mode). 453 */ 454 if (supports_monitor_mode) 455 (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n", 456 device, 457 Iflag ? "when in monitor mode" : "when not in monitor mode"); 458 else 459 (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n", 460 device); 461 462 while (--n_dlts >= 0) { 463 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]); 464 if (dlt_name != NULL) { 465 (void) fprintf(stderr, " %s (%s)", dlt_name, 466 pcap_datalink_val_to_description(dlts[n_dlts])); 467 468 /* 469 * OK, does tcpdump handle that type? 470 */ 471 if (lookup_printer(dlts[n_dlts]) == NULL 472 && lookup_ndo_printer(dlts[n_dlts]) == NULL) 473 (void) fprintf(stderr, " (printing not supported)"); 474 fprintf(stderr, "\n"); 475 } else { 476 (void) fprintf(stderr, " DLT %d (printing not supported)\n", 477 dlts[n_dlts]); 478 } 479 } 480 #ifdef HAVE_PCAP_FREE_DATALINKS 481 pcap_free_datalinks(dlts); 482 #endif 483 exit(0); 484 } 485 486 /* 487 * Set up flags that might or might not be supported depending on the 488 * version of libpcap we're using. 489 */ 490 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 491 #define B_FLAG "B:" 492 #define B_FLAG_USAGE " [ -B size ]" 493 #else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 494 #define B_FLAG 495 #define B_FLAG_USAGE 496 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 497 498 #ifdef HAVE_PCAP_CREATE 499 #define I_FLAG "I" 500 #else /* HAVE_PCAP_CREATE */ 501 #define I_FLAG 502 #endif /* HAVE_PCAP_CREATE */ 503 504 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 505 #define j_FLAG "j:" 506 #define j_FLAG_USAGE " [ -j tstamptype ]" 507 #define J_FLAG "J" 508 #else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ 509 #define j_FLAG 510 #define j_FLAG_USAGE 511 #define J_FLAG 512 #endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ 513 514 #ifdef HAVE_PCAP_FINDALLDEVS 515 #ifndef HAVE_PCAP_IF_T 516 #undef HAVE_PCAP_FINDALLDEVS 517 #endif 518 #endif 519 520 #ifdef HAVE_PCAP_FINDALLDEVS 521 #define D_FLAG "D" 522 #else 523 #define D_FLAG 524 #endif 525 526 #ifdef HAVE_PCAP_DUMP_FLUSH 527 #define U_FLAG "U" 528 #else 529 #define U_FLAG 530 #endif 531 532 #ifndef WIN32 533 /* Drop root privileges and chroot if necessary */ 534 static void 535 droproot(const char *username, const char *chroot_dir) 536 { 537 struct passwd *pw = NULL; 538 539 if (chroot_dir && !username) { 540 fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); 541 exit(1); 542 } 543 544 pw = getpwnam(username); 545 if (pw) { 546 if (chroot_dir) { 547 if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { 548 fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", 549 chroot_dir, pcap_strerror(errno)); 550 exit(1); 551 } 552 } 553 #ifdef HAVE_CAP_NG_H 554 int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); 555 if (ret < 0) { 556 printf("error : ret %d\n", ret); 557 } 558 /* We don't need CAP_SETUID and CAP_SETGID */ 559 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); 560 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); 561 capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); 562 capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); 563 capng_apply(CAPNG_SELECT_BOTH); 564 565 #else 566 if (initgroups(pw->pw_name, pw->pw_gid) != 0 || 567 setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { 568 fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", 569 username, 570 (unsigned long)pw->pw_uid, 571 (unsigned long)pw->pw_gid, 572 pcap_strerror(errno)); 573 exit(1); 574 } 575 #endif /* HAVE_CAP_NG_H */ 576 } 577 else { 578 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", 579 username); 580 exit(1); 581 } 582 } 583 #endif /* WIN32 */ 584 585 static int 586 getWflagChars(int x) 587 { 588 int c = 0; 589 590 x -= 1; 591 while (x > 0) { 592 c += 1; 593 x /= 10; 594 } 595 596 return c; 597 } 598 599 600 static void 601 MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars) 602 { 603 char *filename = malloc(PATH_MAX + 1); 604 if (filename == NULL) 605 error("Makefilename: malloc"); 606 607 /* Process with strftime if Gflag is set. */ 608 if (Gflag != 0) { 609 struct tm *local_tm; 610 611 /* Convert Gflag_time to a usable format */ 612 if ((local_tm = localtime(&Gflag_time)) == NULL) { 613 error("MakeTimedFilename: localtime"); 614 } 615 616 /* There's no good way to detect an error in strftime since a return 617 * value of 0 isn't necessarily failure. 618 */ 619 strftime(filename, PATH_MAX, orig_name, local_tm); 620 } else { 621 strncpy(filename, orig_name, PATH_MAX); 622 } 623 624 if (cnt == 0 && max_chars == 0) 625 strncpy(buffer, filename, PATH_MAX + 1); 626 else 627 if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX) 628 /* Report an error if the filename is too large */ 629 error("too many output files or filename is too long (> %d)", PATH_MAX); 630 free(filename); 631 } 632 633 static int tcpdump_printf(netdissect_options *ndo _U_, 634 const char *fmt, ...) 635 { 636 637 va_list args; 638 int ret; 639 640 va_start(args, fmt); 641 ret=vfprintf(stdout, fmt, args); 642 va_end(args); 643 644 return ret; 645 } 646 647 static struct print_info 648 get_print_info(int type) 649 { 650 struct print_info printinfo; 651 652 printinfo.ndo_type = 1; 653 printinfo.ndo = gndo; 654 printinfo.p.ndo_printer = lookup_ndo_printer(type); 655 if (printinfo.p.ndo_printer == NULL) { 656 printinfo.p.printer = lookup_printer(type); 657 printinfo.ndo_type = 0; 658 if (printinfo.p.printer == NULL) { 659 gndo->ndo_dltname = pcap_datalink_val_to_name(type); 660 if (gndo->ndo_dltname != NULL) 661 error("packet printing is not supported for link type %s: use -w", 662 gndo->ndo_dltname); 663 else 664 error("packet printing is not supported for link type %d: use -w", type); 665 } 666 } 667 return (printinfo); 668 } 669 670 static char * 671 get_next_file(FILE *VFile, char *ptr) 672 { 673 char *ret; 674 675 ret = fgets(ptr, PATH_MAX, VFile); 676 if (!ret) 677 return NULL; 678 679 if (ptr[strlen(ptr) - 1] == '\n') 680 ptr[strlen(ptr) - 1] = '\0'; 681 682 return ret; 683 } 684 685 int 686 main(int argc, char **argv) 687 { 688 register int cnt, op, i; 689 bpf_u_int32 localnet, netmask; 690 register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName; 691 pcap_handler callback; 692 int type; 693 int dlt; 694 int new_dlt; 695 const char *dlt_name; 696 struct bpf_program fcode; 697 #ifndef WIN32 698 RETSIGTYPE (*oldhandler)(int); 699 #endif 700 struct print_info printinfo; 701 struct dump_info dumpinfo; 702 u_char *pcap_userdata; 703 char ebuf[PCAP_ERRBUF_SIZE]; 704 char VFileLine[PATH_MAX + 1]; 705 char *username = NULL; 706 char *chroot_dir = NULL; 707 char *ret = NULL; 708 char *end; 709 #ifdef HAVE_PCAP_FINDALLDEVS 710 pcap_if_t *devpointer; 711 int devnum; 712 #endif 713 int status; 714 FILE *VFile; 715 #ifdef __FreeBSD__ 716 int cansandbox; 717 #endif 718 719 #ifdef WIN32 720 if(wsockinit() != 0) return 1; 721 #endif /* WIN32 */ 722 723 jflag=-1; /* not set */ 724 gndo->ndo_Oflag=1; 725 gndo->ndo_Rflag=1; 726 gndo->ndo_dlt=-1; 727 gndo->ndo_default_print=ndo_default_print; 728 gndo->ndo_printf=tcpdump_printf; 729 gndo->ndo_error=ndo_error; 730 gndo->ndo_warning=ndo_warning; 731 gndo->ndo_snaplen = DEFAULT_SNAPLEN; 732 733 cnt = -1; 734 device = NULL; 735 infile = NULL; 736 RFileName = NULL; 737 VFileName = NULL; 738 VFile = NULL; 739 WFileName = NULL; 740 dlt = -1; 741 if ((cp = strrchr(argv[0], '/')) != NULL) 742 program_name = cp + 1; 743 else 744 program_name = argv[0]; 745 746 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) 747 error("%s", ebuf); 748 749 #ifdef LIBSMI 750 smiInit("tcpdump"); 751 #endif 752 753 while ( 754 (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "V:vw:W:xXy:Yz:Z:")) != -1) 755 switch (op) { 756 757 case 'a': 758 /* compatibility for old -a */ 759 break; 760 761 case 'A': 762 ++Aflag; 763 break; 764 765 case 'b': 766 ++bflag; 767 break; 768 769 #if defined(HAVE_PCAP_CREATE) || defined(WIN32) 770 case 'B': 771 Bflag = atoi(optarg)*1024; 772 if (Bflag <= 0) 773 error("invalid packet buffer size %s", optarg); 774 break; 775 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ 776 777 case 'c': 778 cnt = atoi(optarg); 779 if (cnt <= 0) 780 error("invalid packet count %s", optarg); 781 break; 782 783 case 'C': 784 Cflag = atoi(optarg) * 1000000; 785 if (Cflag < 0) 786 error("invalid file size %s", optarg); 787 break; 788 789 case 'd': 790 ++dflag; 791 break; 792 793 #ifdef HAVE_PCAP_FINDALLDEVS 794 case 'D': 795 if (pcap_findalldevs(&devpointer, ebuf) < 0) 796 error("%s", ebuf); 797 else { 798 for (i = 0; devpointer != 0; i++) { 799 printf("%d.%s", i+1, devpointer->name); 800 if (devpointer->description != NULL) 801 printf(" (%s)", devpointer->description); 802 printf("\n"); 803 devpointer = devpointer->next; 804 } 805 } 806 return 0; 807 #endif /* HAVE_PCAP_FINDALLDEVS */ 808 809 case 'L': 810 Lflag++; 811 break; 812 813 case 'e': 814 ++eflag; 815 break; 816 817 case 'E': 818 #ifndef HAVE_LIBCRYPTO 819 warning("crypto code not compiled in"); 820 #endif 821 gndo->ndo_espsecret = optarg; 822 break; 823 824 case 'f': 825 ++fflag; 826 break; 827 828 case 'F': 829 infile = optarg; 830 break; 831 832 case 'G': 833 Gflag = atoi(optarg); 834 if (Gflag < 0) 835 error("invalid number of seconds %s", optarg); 836 837 /* We will create one file initially. */ 838 Gflag_count = 0; 839 840 /* Grab the current time for rotation use. */ 841 if ((Gflag_time = time(NULL)) == (time_t)-1) { 842 error("main: can't get current time: %s", 843 pcap_strerror(errno)); 844 } 845 break; 846 847 case 'h': 848 usage(); 849 break; 850 851 case 'H': 852 ++Hflag; 853 break; 854 855 case 'i': 856 if (optarg[0] == '0' && optarg[1] == 0) 857 error("Invalid adapter index"); 858 859 #ifdef HAVE_PCAP_FINDALLDEVS 860 /* 861 * If the argument is a number, treat it as 862 * an index into the list of adapters, as 863 * printed by "tcpdump -D". 864 * 865 * This should be OK on UNIX systems, as interfaces 866 * shouldn't have names that begin with digits. 867 * It can be useful on Windows, where more than 868 * one interface can have the same name. 869 */ 870 devnum = strtol(optarg, &end, 10); 871 if (optarg != end && *end == '\0') { 872 if (devnum < 0) 873 error("Invalid adapter index"); 874 875 if (pcap_findalldevs(&devpointer, ebuf) < 0) 876 error("%s", ebuf); 877 else { 878 /* 879 * Look for the devnum-th entry 880 * in the list of devices 881 * (1-based). 882 */ 883 for (i = 0; 884 i < devnum-1 && devpointer != NULL; 885 i++, devpointer = devpointer->next) 886 ; 887 if (devpointer == NULL) 888 error("Invalid adapter index"); 889 } 890 device = devpointer->name; 891 break; 892 } 893 #endif /* HAVE_PCAP_FINDALLDEVS */ 894 device = optarg; 895 break; 896 897 #ifdef HAVE_PCAP_CREATE 898 case 'I': 899 ++Iflag; 900 break; 901 #endif /* HAVE_PCAP_CREATE */ 902 903 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 904 case 'j': 905 jflag = pcap_tstamp_type_name_to_val(optarg); 906 if (jflag < 0) 907 error("invalid time stamp type %s", optarg); 908 break; 909 910 case 'J': 911 Jflag++; 912 break; 913 #endif 914 915 case 'l': 916 #ifdef WIN32 917 /* 918 * _IOLBF is the same as _IOFBF in Microsoft's C 919 * libraries; the only alternative they offer 920 * is _IONBF. 921 * 922 * XXX - this should really be checking for MSVC++, 923 * not WIN32, if, for example, MinGW has its own 924 * C library that is more UNIX-compatible. 925 */ 926 setvbuf(stdout, NULL, _IONBF, 0); 927 #else /* WIN32 */ 928 #ifdef HAVE_SETLINEBUF 929 setlinebuf(stdout); 930 #else 931 setvbuf(stdout, NULL, _IOLBF, 0); 932 #endif 933 #endif /* WIN32 */ 934 break; 935 936 case 'K': 937 ++Kflag; 938 break; 939 940 case 'm': 941 #ifdef LIBSMI 942 if (smiLoadModule(optarg) == 0) { 943 error("could not load MIB module %s", optarg); 944 } 945 sflag = 1; 946 #else 947 (void)fprintf(stderr, "%s: ignoring option `-m %s' ", 948 program_name, optarg); 949 (void)fprintf(stderr, "(no libsmi support)\n"); 950 #endif 951 break; 952 953 case 'M': 954 /* TCP-MD5 shared secret */ 955 #ifndef HAVE_LIBCRYPTO 956 warning("crypto code not compiled in"); 957 #endif 958 sigsecret = optarg; 959 break; 960 961 case 'n': 962 ++nflag; 963 break; 964 965 case 'N': 966 ++Nflag; 967 break; 968 969 case 'O': 970 Oflag = 0; 971 break; 972 973 case 'p': 974 ++pflag; 975 break; 976 977 case 'q': 978 ++qflag; 979 ++suppress_default_print; 980 break; 981 982 case 'r': 983 RFileName = optarg; 984 break; 985 986 case 'R': 987 Rflag = 0; 988 break; 989 990 case 's': 991 snaplen = strtol(optarg, &end, 0); 992 if (optarg == end || *end != '\0' 993 || snaplen < 0 || snaplen > MAXIMUM_SNAPLEN) 994 error("invalid snaplen %s", optarg); 995 else if (snaplen == 0) 996 snaplen = MAXIMUM_SNAPLEN; 997 break; 998 999 case 'S': 1000 ++Sflag; 1001 break; 1002 1003 case 't': 1004 ++tflag; 1005 break; 1006 1007 case 'T': 1008 if (strcasecmp(optarg, "vat") == 0) 1009 packettype = PT_VAT; 1010 else if (strcasecmp(optarg, "wb") == 0) 1011 packettype = PT_WB; 1012 else if (strcasecmp(optarg, "rpc") == 0) 1013 packettype = PT_RPC; 1014 else if (strcasecmp(optarg, "rtp") == 0) 1015 packettype = PT_RTP; 1016 else if (strcasecmp(optarg, "rtcp") == 0) 1017 packettype = PT_RTCP; 1018 else if (strcasecmp(optarg, "snmp") == 0) 1019 packettype = PT_SNMP; 1020 else if (strcasecmp(optarg, "cnfp") == 0) 1021 packettype = PT_CNFP; 1022 else if (strcasecmp(optarg, "tftp") == 0) 1023 packettype = PT_TFTP; 1024 else if (strcasecmp(optarg, "aodv") == 0) 1025 packettype = PT_AODV; 1026 else if (strcasecmp(optarg, "carp") == 0) 1027 packettype = PT_CARP; 1028 else if (strcasecmp(optarg, "radius") == 0) 1029 packettype = PT_RADIUS; 1030 else if (strcasecmp(optarg, "zmtp1") == 0) 1031 packettype = PT_ZMTP1; 1032 else if (strcasecmp(optarg, "vxlan") == 0) 1033 packettype = PT_VXLAN; 1034 else 1035 error("unknown packet type `%s'", optarg); 1036 break; 1037 1038 case 'u': 1039 ++uflag; 1040 break; 1041 1042 #ifdef HAVE_PCAP_DUMP_FLUSH 1043 case 'U': 1044 ++Uflag; 1045 break; 1046 #endif 1047 1048 case 'v': 1049 ++vflag; 1050 break; 1051 1052 case 'V': 1053 VFileName = optarg; 1054 break; 1055 1056 case 'w': 1057 WFileName = optarg; 1058 break; 1059 1060 case 'W': 1061 Wflag = atoi(optarg); 1062 if (Wflag < 0) 1063 error("invalid number of output files %s", optarg); 1064 WflagChars = getWflagChars(Wflag); 1065 break; 1066 1067 case 'x': 1068 ++xflag; 1069 ++suppress_default_print; 1070 break; 1071 1072 case 'X': 1073 ++Xflag; 1074 ++suppress_default_print; 1075 break; 1076 1077 case 'y': 1078 gndo->ndo_dltname = optarg; 1079 gndo->ndo_dlt = 1080 pcap_datalink_name_to_val(gndo->ndo_dltname); 1081 if (gndo->ndo_dlt < 0) 1082 error("invalid data link type %s", gndo->ndo_dltname); 1083 break; 1084 1085 #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) 1086 case 'Y': 1087 { 1088 /* Undocumented flag */ 1089 #ifdef HAVE_PCAP_DEBUG 1090 extern int pcap_debug; 1091 pcap_debug = 1; 1092 #else 1093 extern int yydebug; 1094 yydebug = 1; 1095 #endif 1096 } 1097 break; 1098 #endif 1099 case 'z': 1100 if (optarg) { 1101 zflag = strdup(optarg); 1102 } else { 1103 usage(); 1104 /* NOTREACHED */ 1105 } 1106 break; 1107 1108 case 'Z': 1109 if (optarg) { 1110 username = strdup(optarg); 1111 } 1112 else { 1113 usage(); 1114 /* NOTREACHED */ 1115 } 1116 break; 1117 1118 default: 1119 usage(); 1120 /* NOTREACHED */ 1121 } 1122 1123 switch (tflag) { 1124 1125 case 0: /* Default */ 1126 case 4: /* Default + Date*/ 1127 thiszone = gmt2local(0); 1128 break; 1129 1130 case 1: /* No time stamp */ 1131 case 2: /* Unix timeval style */ 1132 case 3: /* Microseconds since previous packet */ 1133 case 5: /* Microseconds since first packet */ 1134 break; 1135 1136 default: /* Not supported */ 1137 error("only -t, -tt, -ttt, -tttt and -ttttt are supported"); 1138 break; 1139 } 1140 1141 if (fflag != 0 && (VFileName != NULL || RFileName != NULL)) 1142 error("-f can not be used with -V or -r"); 1143 1144 if (VFileName != NULL && RFileName != NULL) 1145 error("-V and -r are mutually exclusive."); 1146 1147 #ifdef WITH_CHROOT 1148 /* if run as root, prepare for chrooting */ 1149 if (getuid() == 0 || geteuid() == 0) { 1150 /* future extensibility for cmd-line arguments */ 1151 if (!chroot_dir) 1152 chroot_dir = WITH_CHROOT; 1153 } 1154 #endif 1155 1156 #ifdef WITH_USER 1157 /* if run as root, prepare for dropping root privileges */ 1158 if (getuid() == 0 || geteuid() == 0) { 1159 /* Run with '-Z root' to restore old behaviour */ 1160 if (!username) 1161 username = WITH_USER; 1162 } 1163 #endif 1164 1165 if (RFileName != NULL || VFileName != NULL) { 1166 /* 1167 * If RFileName is non-null, it's the pathname of a 1168 * savefile to read. If VFileName is non-null, it's 1169 * the pathname of a file containing a list of pathnames 1170 * (one per line) of savefiles to read. 1171 * 1172 * In either case, we're reading a savefile, not doing 1173 * a live capture. 1174 */ 1175 #ifndef WIN32 1176 /* 1177 * We don't need network access, so relinquish any set-UID 1178 * or set-GID privileges we have (if any). 1179 * 1180 * We do *not* want set-UID privileges when opening a 1181 * trace file, as that might let the user read other 1182 * people's trace files (especially if we're set-UID 1183 * root). 1184 */ 1185 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 ) 1186 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1187 #endif /* WIN32 */ 1188 if (VFileName != NULL) { 1189 if (VFileName[0] == '-' && VFileName[1] == '\0') 1190 VFile = stdin; 1191 else 1192 VFile = fopen(VFileName, "r"); 1193 1194 if (VFile == NULL) 1195 error("Unable to open file: %s\n", strerror(errno)); 1196 1197 ret = get_next_file(VFile, VFileLine); 1198 if (!ret) 1199 error("Nothing in %s\n", VFileName); 1200 RFileName = VFileLine; 1201 } 1202 1203 pd = pcap_open_offline(RFileName, ebuf); 1204 if (pd == NULL) 1205 error("%s", ebuf); 1206 #ifdef __FreeBSD__ 1207 if (cap_rights_limit(fileno(pcap_file(pd)), CAP_READ) < 0 && 1208 errno != ENOSYS) { 1209 error("unable to limit pcap descriptor"); 1210 } 1211 #endif 1212 dlt = pcap_datalink(pd); 1213 dlt_name = pcap_datalink_val_to_name(dlt); 1214 if (dlt_name == NULL) { 1215 fprintf(stderr, "reading from file %s, link-type %u\n", 1216 RFileName, dlt); 1217 } else { 1218 fprintf(stderr, 1219 "reading from file %s, link-type %s (%s)\n", 1220 RFileName, dlt_name, 1221 pcap_datalink_val_to_description(dlt)); 1222 } 1223 localnet = 0; 1224 netmask = 0; 1225 } else { 1226 /* 1227 * We're doing a live capture. 1228 */ 1229 if (device == NULL) { 1230 device = pcap_lookupdev(ebuf); 1231 if (device == NULL) 1232 error("%s", ebuf); 1233 } 1234 #ifdef WIN32 1235 /* 1236 * Print a message to the standard error on Windows. 1237 * XXX - why do it here, with a different message? 1238 */ 1239 if(strlen(device) == 1) //we assume that an ASCII string is always longer than 1 char 1240 { //a Unicode string has a \0 as second byte (so strlen() is 1) 1241 fprintf(stderr, "%s: listening on %ws\n", program_name, device); 1242 } 1243 else 1244 { 1245 fprintf(stderr, "%s: listening on %s\n", program_name, device); 1246 } 1247 1248 fflush(stderr); 1249 #endif /* WIN32 */ 1250 #ifdef HAVE_PCAP_CREATE 1251 pd = pcap_create(device, ebuf); 1252 if (pd == NULL) 1253 error("%s", ebuf); 1254 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 1255 if (Jflag) 1256 show_tstamp_types_and_exit(device, pd); 1257 #endif 1258 /* 1259 * Is this an interface that supports monitor mode? 1260 */ 1261 if (pcap_can_set_rfmon(pd) == 1) 1262 supports_monitor_mode = 1; 1263 else 1264 supports_monitor_mode = 0; 1265 status = pcap_set_snaplen(pd, snaplen); 1266 if (status != 0) 1267 error("%s: Can't set snapshot length: %s", 1268 device, pcap_statustostr(status)); 1269 status = pcap_set_promisc(pd, !pflag); 1270 if (status != 0) 1271 error("%s: Can't set promiscuous mode: %s", 1272 device, pcap_statustostr(status)); 1273 if (Iflag) { 1274 status = pcap_set_rfmon(pd, 1); 1275 if (status != 0) 1276 error("%s: Can't set monitor mode: %s", 1277 device, pcap_statustostr(status)); 1278 } 1279 status = pcap_set_timeout(pd, 1000); 1280 if (status != 0) 1281 error("%s: pcap_set_timeout failed: %s", 1282 device, pcap_statustostr(status)); 1283 if (Bflag != 0) { 1284 status = pcap_set_buffer_size(pd, Bflag); 1285 if (status != 0) 1286 error("%s: Can't set buffer size: %s", 1287 device, pcap_statustostr(status)); 1288 } 1289 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE 1290 if (jflag != -1) { 1291 status = pcap_set_tstamp_type(pd, jflag); 1292 if (status < 0) 1293 error("%s: Can't set time stamp type: %s", 1294 device, pcap_statustostr(status)); 1295 } 1296 #endif 1297 status = pcap_activate(pd); 1298 if (status < 0) { 1299 /* 1300 * pcap_activate() failed. 1301 */ 1302 cp = pcap_geterr(pd); 1303 if (status == PCAP_ERROR) 1304 error("%s", cp); 1305 else if ((status == PCAP_ERROR_NO_SUCH_DEVICE || 1306 status == PCAP_ERROR_PERM_DENIED) && 1307 *cp != '\0') 1308 error("%s: %s\n(%s)", device, 1309 pcap_statustostr(status), cp); 1310 else 1311 error("%s: %s", device, 1312 pcap_statustostr(status)); 1313 } else if (status > 0) { 1314 /* 1315 * pcap_activate() succeeded, but it's warning us 1316 * of a problem it had. 1317 */ 1318 cp = pcap_geterr(pd); 1319 if (status == PCAP_WARNING) 1320 warning("%s", cp); 1321 else if (status == PCAP_WARNING_PROMISC_NOTSUP && 1322 *cp != '\0') 1323 warning("%s: %s\n(%s)", device, 1324 pcap_statustostr(status), cp); 1325 else 1326 warning("%s: %s", device, 1327 pcap_statustostr(status)); 1328 } 1329 #else 1330 *ebuf = '\0'; 1331 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); 1332 if (pd == NULL) 1333 error("%s", ebuf); 1334 else if (*ebuf) 1335 warning("%s", ebuf); 1336 #endif /* HAVE_PCAP_CREATE */ 1337 /* 1338 * Let user own process after socket has been opened. 1339 */ 1340 #ifndef WIN32 1341 if (setgid(getgid()) != 0 || setuid(getuid()) != 0) 1342 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 1343 #endif /* WIN32 */ 1344 #if !defined(HAVE_PCAP_CREATE) && defined(WIN32) 1345 if(Bflag != 0) 1346 if(pcap_setbuff(pd, Bflag)==-1){ 1347 error("%s", pcap_geterr(pd)); 1348 } 1349 #endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */ 1350 if (Lflag) 1351 show_dlts_and_exit(device, pd); 1352 if (gndo->ndo_dlt >= 0) { 1353 #ifdef HAVE_PCAP_SET_DATALINK 1354 if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0) 1355 error("%s", pcap_geterr(pd)); 1356 #else 1357 /* 1358 * We don't actually support changing the 1359 * data link type, so we only let them 1360 * set it to what it already is. 1361 */ 1362 if (gndo->ndo_dlt != pcap_datalink(pd)) { 1363 error("%s is not one of the DLTs supported by this device\n", 1364 gndo->ndo_dltname); 1365 } 1366 #endif 1367 (void)fprintf(stderr, "%s: data link type %s\n", 1368 program_name, gndo->ndo_dltname); 1369 (void)fflush(stderr); 1370 } 1371 i = pcap_snapshot(pd); 1372 if (snaplen < i) { 1373 warning("snaplen raised from %d to %d", snaplen, i); 1374 snaplen = i; 1375 } 1376 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { 1377 localnet = 0; 1378 netmask = 0; 1379 warning("%s", ebuf); 1380 } 1381 } 1382 if (infile) 1383 cmdbuf = read_infile(infile); 1384 else 1385 cmdbuf = copy_argv(&argv[optind]); 1386 1387 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1388 error("%s", pcap_geterr(pd)); 1389 if (dflag) { 1390 bpf_dump(&fcode, dflag); 1391 pcap_close(pd); 1392 free(cmdbuf); 1393 exit(0); 1394 } 1395 init_addrtoname(localnet, netmask); 1396 init_checksum(); 1397 1398 #ifndef WIN32 1399 (void)setsignal(SIGPIPE, cleanup); 1400 (void)setsignal(SIGTERM, cleanup); 1401 (void)setsignal(SIGINT, cleanup); 1402 #endif /* WIN32 */ 1403 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1404 (void)setsignal(SIGCHLD, child_cleanup); 1405 #endif 1406 /* Cooperate with nohup(1) */ 1407 #ifndef WIN32 1408 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) 1409 (void)setsignal(SIGHUP, oldhandler); 1410 #endif /* WIN32 */ 1411 1412 #ifndef WIN32 1413 /* 1414 * If a user name was specified with "-Z", attempt to switch to 1415 * that user's UID. This would probably be used with sudo, 1416 * to allow tcpdump to be run in a special restricted 1417 * account (if you just want to allow users to open capture 1418 * devices, and can't just give users that permission, 1419 * you'd make tcpdump set-UID or set-GID). 1420 * 1421 * Tcpdump doesn't necessarily write only to one savefile; 1422 * the general only way to allow a -Z instance to write to 1423 * savefiles as the user under whose UID it's run, rather 1424 * than as the user specified with -Z, would thus be to switch 1425 * to the original user ID before opening a capture file and 1426 * then switch back to the -Z user ID after opening the savefile. 1427 * Switching to the -Z user ID only after opening the first 1428 * savefile doesn't handle the general case. 1429 */ 1430 1431 #ifdef HAVE_CAP_NG_H 1432 /* We are running as root and we will be writing to savefile */ 1433 if ((getuid() == 0 || geteuid() == 0) && WFileName) { 1434 if (username) { 1435 /* Drop all capabilities from effective set */ 1436 capng_clear(CAPNG_EFFECTIVE); 1437 /* Add capabilities we will need*/ 1438 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETUID); 1439 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETGID); 1440 capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_DAC_OVERRIDE); 1441 1442 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETUID); 1443 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETGID); 1444 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1445 1446 capng_apply(CAPNG_SELECT_BOTH); 1447 } 1448 } 1449 #endif /* HAVE_CAP_NG_H */ 1450 1451 if (getuid() == 0 || geteuid() == 0) { 1452 if (username || chroot_dir) 1453 droproot(username, chroot_dir); 1454 1455 } 1456 #endif /* WIN32 */ 1457 1458 if (pcap_setfilter(pd, &fcode) < 0) 1459 error("%s", pcap_geterr(pd)); 1460 #ifdef __FreeBSD__ 1461 if (RFileName == NULL && VFileName == NULL) { 1462 static const unsigned long cmds[] = { BIOCGSTATS }; 1463 1464 if (cap_rights_limit(pcap_fileno(pd), 1465 CAP_IOCTL | CAP_READ) < 0 && errno != ENOSYS) { 1466 error("unable to limit pcap descriptor"); 1467 } 1468 if (cap_ioctls_limit(pcap_fileno(pd), cmds, 1469 sizeof(cmds) / sizeof(cmds[0])) < 0 && errno != ENOSYS) { 1470 error("unable to limit ioctls on pcap descriptor"); 1471 } 1472 } 1473 #endif 1474 if (WFileName) { 1475 pcap_dumper_t *p; 1476 /* Do not exceed the default PATH_MAX for files. */ 1477 dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1); 1478 1479 if (dumpinfo.CurrentFileName == NULL) 1480 error("malloc of dumpinfo.CurrentFileName"); 1481 1482 /* We do not need numbering for dumpfiles if Cflag isn't set. */ 1483 if (Cflag != 0) 1484 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars); 1485 else 1486 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); 1487 1488 p = pcap_dump_open(pd, dumpinfo.CurrentFileName); 1489 #ifdef HAVE_CAP_NG_H 1490 /* Give up capabilities, clear Effective set */ 1491 capng_clear(CAPNG_EFFECTIVE); 1492 #endif 1493 if (p == NULL) 1494 error("%s", pcap_geterr(pd)); 1495 #ifdef __FreeBSD__ 1496 if (cap_rights_limit(fileno(pcap_dump_file(p)), 1497 CAP_SEEK | CAP_WRITE) < 0 && errno != ENOSYS) { 1498 error("unable to limit dump descriptor"); 1499 } 1500 #endif 1501 if (Cflag != 0 || Gflag != 0) { 1502 #ifdef __FreeBSD__ 1503 dumpinfo.WFileName = strdup(basename(WFileName)); 1504 dumpinfo.dirfd = open(dirname(WFileName), 1505 O_DIRECTORY | O_RDONLY); 1506 if (dumpinfo.dirfd < 0) { 1507 error("unable to open directory %s", 1508 dirname(WFileName)); 1509 } 1510 if (cap_rights_limit(dumpinfo.dirfd, CAP_CREATE | 1511 CAP_FCNTL | CAP_FTRUNCATE | CAP_LOOKUP | CAP_SEEK | 1512 CAP_WRITE) < 0 && errno != ENOSYS) { 1513 error("unable to limit directory rights"); 1514 } 1515 #else /* !__FreeBSD__ */ 1516 dumpinfo.WFileName = WFileName; 1517 #endif 1518 callback = dump_packet_and_trunc; 1519 dumpinfo.pd = pd; 1520 dumpinfo.p = p; 1521 pcap_userdata = (u_char *)&dumpinfo; 1522 } else { 1523 callback = dump_packet; 1524 pcap_userdata = (u_char *)p; 1525 } 1526 #ifdef HAVE_PCAP_DUMP_FLUSH 1527 if (Uflag) 1528 pcap_dump_flush(p); 1529 #endif 1530 } else { 1531 type = pcap_datalink(pd); 1532 printinfo = get_print_info(type); 1533 callback = print_packet; 1534 pcap_userdata = (u_char *)&printinfo; 1535 } 1536 1537 #ifdef SIGNAL_REQ_INFO 1538 /* 1539 * We can't get statistics when reading from a file rather 1540 * than capturing from a device. 1541 */ 1542 if (RFileName == NULL) 1543 (void)setsignal(SIGNAL_REQ_INFO, requestinfo); 1544 #endif 1545 1546 if (vflag > 0 && WFileName) { 1547 /* 1548 * When capturing to a file, "-v" means tcpdump should, 1549 * every 10 secodns, "v"erbosely report the number of 1550 * packets captured. 1551 */ 1552 #ifdef USE_WIN32_MM_TIMER 1553 /* call verbose_stats_dump() each 1000 +/-100msec */ 1554 timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC); 1555 setvbuf(stderr, NULL, _IONBF, 0); 1556 #elif defined(HAVE_ALARM) 1557 (void)setsignal(SIGALRM, verbose_stats_dump); 1558 alarm(1); 1559 #endif 1560 } 1561 1562 #ifndef WIN32 1563 if (RFileName == NULL) { 1564 /* 1565 * Live capture (if -V was specified, we set RFileName 1566 * to a file from the -V file). Print a message to 1567 * the standard error on UN*X. 1568 */ 1569 if (!vflag && !WFileName) { 1570 (void)fprintf(stderr, 1571 "%s: verbose output suppressed, use -v or -vv for full protocol decode\n", 1572 program_name); 1573 } else 1574 (void)fprintf(stderr, "%s: ", program_name); 1575 dlt = pcap_datalink(pd); 1576 dlt_name = pcap_datalink_val_to_name(dlt); 1577 if (dlt_name == NULL) { 1578 (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n", 1579 device, dlt, snaplen); 1580 } else { 1581 (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n", 1582 device, dlt_name, 1583 pcap_datalink_val_to_description(dlt), snaplen); 1584 } 1585 (void)fflush(stderr); 1586 } 1587 #endif /* WIN32 */ 1588 1589 #ifdef __FreeBSD__ 1590 cansandbox = (nflag && VFileName == NULL && zflag == NULL); 1591 if (cansandbox && cap_enter() < 0 && errno != ENOSYS) 1592 error("unable to enter the capability mode"); 1593 if (cap_sandboxed()) 1594 fprintf(stderr, "capability mode sandbox enabled\n"); 1595 #endif 1596 1597 do { 1598 status = pcap_loop(pd, cnt, callback, pcap_userdata); 1599 if (WFileName == NULL) { 1600 /* 1601 * We're printing packets. Flush the printed output, 1602 * so it doesn't get intermingled with error output. 1603 */ 1604 if (status == -2) { 1605 /* 1606 * We got interrupted, so perhaps we didn't 1607 * manage to finish a line we were printing. 1608 * Print an extra newline, just in case. 1609 */ 1610 putchar('\n'); 1611 } 1612 (void)fflush(stdout); 1613 } 1614 if (status == -1) { 1615 /* 1616 * Error. Report it. 1617 */ 1618 (void)fprintf(stderr, "%s: pcap_loop: %s\n", 1619 program_name, pcap_geterr(pd)); 1620 } 1621 if (RFileName == NULL) { 1622 /* 1623 * We're doing a live capture. Report the capture 1624 * statistics. 1625 */ 1626 info(1); 1627 } 1628 pcap_close(pd); 1629 if (VFileName != NULL) { 1630 ret = get_next_file(VFile, VFileLine); 1631 if (ret) { 1632 RFileName = VFileLine; 1633 pd = pcap_open_offline(RFileName, ebuf); 1634 if (pd == NULL) 1635 error("%s", ebuf); 1636 #ifdef __FreeBSD__ 1637 if (cap_rights_limit(fileno(pcap_file(pd)), 1638 CAP_READ) < 0 && errno != ENOSYS) { 1639 error("unable to limit pcap descriptor"); 1640 } 1641 #endif 1642 new_dlt = pcap_datalink(pd); 1643 if (WFileName && new_dlt != dlt) 1644 error("%s: new dlt does not match original", RFileName); 1645 printinfo = get_print_info(new_dlt); 1646 dlt_name = pcap_datalink_val_to_name(new_dlt); 1647 if (dlt_name == NULL) { 1648 fprintf(stderr, "reading from file %s, link-type %u\n", 1649 RFileName, new_dlt); 1650 } else { 1651 fprintf(stderr, 1652 "reading from file %s, link-type %s (%s)\n", 1653 RFileName, dlt_name, 1654 pcap_datalink_val_to_description(new_dlt)); 1655 } 1656 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 1657 error("%s", pcap_geterr(pd)); 1658 if (pcap_setfilter(pd, &fcode) < 0) 1659 error("%s", pcap_geterr(pd)); 1660 } 1661 } 1662 } 1663 while (ret != NULL); 1664 1665 free(cmdbuf); 1666 exit(status == -1 ? 1 : 0); 1667 } 1668 1669 /* make a clean exit on interrupts */ 1670 static RETSIGTYPE 1671 cleanup(int signo _U_) 1672 { 1673 #ifdef USE_WIN32_MM_TIMER 1674 if (timer_id) 1675 timeKillEvent(timer_id); 1676 timer_id = 0; 1677 #elif defined(HAVE_ALARM) 1678 alarm(0); 1679 #endif 1680 1681 #ifdef HAVE_PCAP_BREAKLOOP 1682 /* 1683 * We have "pcap_breakloop()"; use it, so that we do as little 1684 * as possible in the signal handler (it's probably not safe 1685 * to do anything with standard I/O streams in a signal handler - 1686 * the ANSI C standard doesn't say it is). 1687 */ 1688 pcap_breakloop(pd); 1689 #else 1690 /* 1691 * We don't have "pcap_breakloop()"; this isn't safe, but 1692 * it's the best we can do. Print the summary if we're 1693 * not reading from a savefile - i.e., if we're doing a 1694 * live capture - and exit. 1695 */ 1696 if (pd != NULL && pcap_file(pd) == NULL) { 1697 /* 1698 * We got interrupted, so perhaps we didn't 1699 * manage to finish a line we were printing. 1700 * Print an extra newline, just in case. 1701 */ 1702 putchar('\n'); 1703 (void)fflush(stdout); 1704 info(1); 1705 } 1706 exit(0); 1707 #endif 1708 } 1709 1710 /* 1711 On windows, we do not use a fork, so we do not care less about 1712 waiting a child processes to die 1713 */ 1714 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1715 static RETSIGTYPE 1716 child_cleanup(int signo _U_) 1717 { 1718 wait(NULL); 1719 } 1720 #endif /* HAVE_FORK && HAVE_VFORK */ 1721 1722 static void 1723 info(register int verbose) 1724 { 1725 struct pcap_stat stat; 1726 1727 /* 1728 * Older versions of libpcap didn't set ps_ifdrop on some 1729 * platforms; initialize it to 0 to handle that. 1730 */ 1731 stat.ps_ifdrop = 0; 1732 if (pcap_stats(pd, &stat) < 0) { 1733 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); 1734 infoprint = 0; 1735 return; 1736 } 1737 1738 if (!verbose) 1739 fprintf(stderr, "%s: ", program_name); 1740 1741 (void)fprintf(stderr, "%u packet%s captured", packets_captured, 1742 PLURAL_SUFFIX(packets_captured)); 1743 if (!verbose) 1744 fputs(", ", stderr); 1745 else 1746 putc('\n', stderr); 1747 (void)fprintf(stderr, "%u packet%s received by filter", stat.ps_recv, 1748 PLURAL_SUFFIX(stat.ps_recv)); 1749 if (!verbose) 1750 fputs(", ", stderr); 1751 else 1752 putc('\n', stderr); 1753 (void)fprintf(stderr, "%u packet%s dropped by kernel", stat.ps_drop, 1754 PLURAL_SUFFIX(stat.ps_drop)); 1755 if (stat.ps_ifdrop != 0) { 1756 if (!verbose) 1757 fputs(", ", stderr); 1758 else 1759 putc('\n', stderr); 1760 (void)fprintf(stderr, "%u packet%s dropped by interface\n", 1761 stat.ps_ifdrop, PLURAL_SUFFIX(stat.ps_ifdrop)); 1762 } else 1763 putc('\n', stderr); 1764 infoprint = 0; 1765 } 1766 1767 #if defined(HAVE_FORK) || defined(HAVE_VFORK) 1768 static void 1769 compress_savefile(const char *filename) 1770 { 1771 # ifdef HAVE_FORK 1772 if (fork()) 1773 # else 1774 if (vfork()) 1775 # endif 1776 return; 1777 /* 1778 * Set to lowest priority so that this doesn't disturb the capture 1779 */ 1780 #ifdef NZERO 1781 setpriority(PRIO_PROCESS, 0, NZERO - 1); 1782 #else 1783 setpriority(PRIO_PROCESS, 0, 19); 1784 #endif 1785 if (execlp(zflag, zflag, filename, (char *)NULL) == -1) 1786 fprintf(stderr, 1787 "compress_savefile:execlp(%s, %s): %s\n", 1788 zflag, 1789 filename, 1790 strerror(errno)); 1791 # ifdef HAVE_FORK 1792 exit(1); 1793 # else 1794 _exit(1); 1795 # endif 1796 } 1797 #else /* HAVE_FORK && HAVE_VFORK */ 1798 static void 1799 compress_savefile(const char *filename) 1800 { 1801 fprintf(stderr, 1802 "compress_savefile failed. Functionality not implemented under your system\n"); 1803 } 1804 #endif /* HAVE_FORK && HAVE_VFORK */ 1805 1806 static void 1807 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1808 { 1809 struct dump_info *dump_info; 1810 1811 ++packets_captured; 1812 1813 ++infodelay; 1814 1815 dump_info = (struct dump_info *)user; 1816 1817 /* 1818 * XXX - this won't force the file to rotate on the specified time 1819 * boundary, but it will rotate on the first packet received after the 1820 * specified Gflag number of seconds. Note: if a Gflag time boundary 1821 * and a Cflag size boundary coincide, the time rotation will occur 1822 * first thereby cancelling the Cflag boundary (since the file should 1823 * be 0). 1824 */ 1825 if (Gflag != 0) { 1826 /* Check if it is time to rotate */ 1827 time_t t; 1828 1829 /* Get the current time */ 1830 if ((t = time(NULL)) == (time_t)-1) { 1831 error("dump_and_trunc_packet: can't get current_time: %s", 1832 pcap_strerror(errno)); 1833 } 1834 1835 1836 /* If the time is greater than the specified window, rotate */ 1837 if (t - Gflag_time >= Gflag) { 1838 #ifdef __FreeBSD__ 1839 FILE *fp; 1840 int fd; 1841 #endif 1842 1843 /* Update the Gflag_time */ 1844 Gflag_time = t; 1845 /* Update Gflag_count */ 1846 Gflag_count++; 1847 /* 1848 * Close the current file and open a new one. 1849 */ 1850 pcap_dump_close(dump_info->p); 1851 1852 /* 1853 * Compress the file we just closed, if the user asked for it 1854 */ 1855 if (zflag != NULL) 1856 compress_savefile(dump_info->CurrentFileName); 1857 1858 /* 1859 * Check to see if we've exceeded the Wflag (when 1860 * not using Cflag). 1861 */ 1862 if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) { 1863 (void)fprintf(stderr, "Maximum file limit reached: %d\n", 1864 Wflag); 1865 exit(0); 1866 /* NOTREACHED */ 1867 } 1868 if (dump_info->CurrentFileName != NULL) 1869 free(dump_info->CurrentFileName); 1870 /* Allocate space for max filename + \0. */ 1871 dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); 1872 if (dump_info->CurrentFileName == NULL) 1873 error("dump_packet_and_trunc: malloc"); 1874 /* 1875 * This is always the first file in the Cflag 1876 * rotation: e.g. 0 1877 * We also don't need numbering if Cflag is not set. 1878 */ 1879 if (Cflag != 0) 1880 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 1881 WflagChars); 1882 else 1883 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0); 1884 1885 #ifdef HAVE_CAP_NG_H 1886 capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1887 capng_apply(CAPNG_EFFECTIVE); 1888 #endif /* HAVE_CAP_NG_H */ 1889 #ifdef __FreeBSD__ 1890 fd = openat(dump_info->dirfd, 1891 dump_info->CurrentFileName, 1892 O_CREAT | O_WRONLY | O_TRUNC, 0644); 1893 if (fd < 0) { 1894 error("unable to open file %s", 1895 dump_info->CurrentFileName); 1896 } 1897 fp = fdopen(fd, "w"); 1898 if (fp == NULL) { 1899 error("unable to fdopen file %s", 1900 dump_info->CurrentFileName); 1901 } 1902 dump_info->p = pcap_dump_fopen(dump_info->pd, fp); 1903 #else /* !__FreeBSD__ */ 1904 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1905 #endif 1906 #ifdef HAVE_CAP_NG_H 1907 capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); 1908 capng_apply(CAPNG_EFFECTIVE); 1909 #endif /* HAVE_CAP_NG_H */ 1910 if (dump_info->p == NULL) 1911 error("%s", pcap_geterr(pd)); 1912 #ifdef __FreeBSD__ 1913 if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)), 1914 CAP_SEEK | CAP_WRITE) < 0 && errno != ENOSYS) { 1915 error("unable to limit dump descriptor"); 1916 } 1917 #endif 1918 } 1919 } 1920 1921 /* 1922 * XXX - this won't prevent capture files from getting 1923 * larger than Cflag - the last packet written to the 1924 * file could put it over Cflag. 1925 */ 1926 if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) { 1927 #ifdef __FreeBSD__ 1928 FILE *fp; 1929 int fd; 1930 #endif 1931 1932 /* 1933 * Close the current file and open a new one. 1934 */ 1935 pcap_dump_close(dump_info->p); 1936 1937 /* 1938 * Compress the file we just closed, if the user asked for it 1939 */ 1940 if (zflag != NULL) 1941 compress_savefile(dump_info->CurrentFileName); 1942 1943 Cflag_count++; 1944 if (Wflag > 0) { 1945 if (Cflag_count >= Wflag) 1946 Cflag_count = 0; 1947 } 1948 if (dump_info->CurrentFileName != NULL) 1949 free(dump_info->CurrentFileName); 1950 dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); 1951 if (dump_info->CurrentFileName == NULL) 1952 error("dump_packet_and_trunc: malloc"); 1953 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars); 1954 #ifdef __FreeBSD__ 1955 fd = openat(dump_info->dirfd, dump_info->CurrentFileName, 1956 O_CREAT | O_WRONLY | O_TRUNC, 0644); 1957 if (fd < 0) { 1958 error("unable to open file %s", 1959 dump_info->CurrentFileName); 1960 } 1961 fp = fdopen(fd, "w"); 1962 if (fp == NULL) { 1963 error("unable to fdopen file %s", 1964 dump_info->CurrentFileName); 1965 } 1966 dump_info->p = pcap_dump_fopen(dump_info->pd, fp); 1967 #else /* !__FreeBSD__ */ 1968 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); 1969 #endif 1970 if (dump_info->p == NULL) 1971 error("%s", pcap_geterr(pd)); 1972 #ifdef __FreeBSD__ 1973 if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)), 1974 CAP_SEEK | CAP_WRITE) < 0 && errno != ENOSYS) { 1975 error("unable to limit dump descriptor"); 1976 } 1977 #endif 1978 } 1979 1980 pcap_dump((u_char *)dump_info->p, h, sp); 1981 #ifdef HAVE_PCAP_DUMP_FLUSH 1982 if (Uflag) 1983 pcap_dump_flush(dump_info->p); 1984 #endif 1985 1986 --infodelay; 1987 if (infoprint) 1988 info(0); 1989 } 1990 1991 static void 1992 dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1993 { 1994 ++packets_captured; 1995 1996 ++infodelay; 1997 1998 pcap_dump(user, h, sp); 1999 #ifdef HAVE_PCAP_DUMP_FLUSH 2000 if (Uflag) 2001 pcap_dump_flush((pcap_dumper_t *)user); 2002 #endif 2003 2004 --infodelay; 2005 if (infoprint) 2006 info(0); 2007 } 2008 2009 static void 2010 print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 2011 { 2012 struct print_info *print_info; 2013 u_int hdrlen; 2014 2015 ++packets_captured; 2016 2017 ++infodelay; 2018 ts_print(&h->ts); 2019 2020 print_info = (struct print_info *)user; 2021 2022 /* 2023 * Some printers want to check that they're not walking off the 2024 * end of the packet. 2025 * Rather than pass it all the way down, we set this global. 2026 */ 2027 snapend = sp + h->caplen; 2028 2029 if(print_info->ndo_type) { 2030 hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp); 2031 } else { 2032 hdrlen = (*print_info->p.printer)(h, sp); 2033 } 2034 2035 if (Xflag) { 2036 /* 2037 * Print the raw packet data in hex and ASCII. 2038 */ 2039 if (Xflag > 1) { 2040 /* 2041 * Include the link-layer header. 2042 */ 2043 hex_and_ascii_print("\n\t", sp, h->caplen); 2044 } else { 2045 /* 2046 * Don't include the link-layer header - and if 2047 * we have nothing past the link-layer header, 2048 * print nothing. 2049 */ 2050 if (h->caplen > hdrlen) 2051 hex_and_ascii_print("\n\t", sp + hdrlen, 2052 h->caplen - hdrlen); 2053 } 2054 } else if (xflag) { 2055 /* 2056 * Print the raw packet data in hex. 2057 */ 2058 if (xflag > 1) { 2059 /* 2060 * Include the link-layer header. 2061 */ 2062 hex_print("\n\t", sp, h->caplen); 2063 } else { 2064 /* 2065 * Don't include the link-layer header - and if 2066 * we have nothing past the link-layer header, 2067 * print nothing. 2068 */ 2069 if (h->caplen > hdrlen) 2070 hex_print("\n\t", sp + hdrlen, 2071 h->caplen - hdrlen); 2072 } 2073 } else if (Aflag) { 2074 /* 2075 * Print the raw packet data in ASCII. 2076 */ 2077 if (Aflag > 1) { 2078 /* 2079 * Include the link-layer header. 2080 */ 2081 ascii_print(sp, h->caplen); 2082 } else { 2083 /* 2084 * Don't include the link-layer header - and if 2085 * we have nothing past the link-layer header, 2086 * print nothing. 2087 */ 2088 if (h->caplen > hdrlen) 2089 ascii_print(sp + hdrlen, h->caplen - hdrlen); 2090 } 2091 } 2092 2093 putchar('\n'); 2094 2095 --infodelay; 2096 if (infoprint) 2097 info(0); 2098 } 2099 2100 #ifdef WIN32 2101 /* 2102 * XXX - there should really be libpcap calls to get the version 2103 * number as a string (the string would be generated from #defines 2104 * at run time, so that it's not generated from string constants 2105 * in the library, as, on many UNIX systems, those constants would 2106 * be statically linked into the application executable image, and 2107 * would thus reflect the version of libpcap on the system on 2108 * which the application was *linked*, not the system on which it's 2109 * *running*. 2110 * 2111 * That routine should be documented, unlike the "version[]" 2112 * string, so that UNIX vendors providing their own libpcaps 2113 * don't omit it (as a couple of vendors have...). 2114 * 2115 * Packet.dll should perhaps also export a routine to return the 2116 * version number of the Packet.dll code, to supply the 2117 * "Wpcap_version" information on Windows. 2118 */ 2119 char WDversion[]="current-cvs.tcpdump.org"; 2120 #if !defined(HAVE_GENERATED_VERSION) 2121 char version[]="current-cvs.tcpdump.org"; 2122 #endif 2123 char pcap_version[]="current-cvs.tcpdump.org"; 2124 char Wpcap_version[]="3.1"; 2125 #endif 2126 2127 /* 2128 * By default, print the specified data out in hex and ASCII. 2129 */ 2130 static void 2131 ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length) 2132 { 2133 hex_and_ascii_print("\n\t", bp, length); /* pass on lf and identation string */ 2134 } 2135 2136 void 2137 default_print(const u_char *bp, u_int length) 2138 { 2139 ndo_default_print(gndo, bp, length); 2140 } 2141 2142 #ifdef SIGNAL_REQ_INFO 2143 RETSIGTYPE requestinfo(int signo _U_) 2144 { 2145 if (infodelay) 2146 ++infoprint; 2147 else 2148 info(0); 2149 } 2150 #endif 2151 2152 /* 2153 * Called once each second in verbose mode while dumping to file 2154 */ 2155 #ifdef USE_WIN32_MM_TIMER 2156 void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_, 2157 DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_) 2158 { 2159 struct pcap_stat stat; 2160 2161 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 2162 fprintf(stderr, "Got %u\r", packets_captured); 2163 } 2164 #elif defined(HAVE_ALARM) 2165 static void verbose_stats_dump(int sig _U_) 2166 { 2167 struct pcap_stat stat; 2168 2169 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 2170 fprintf(stderr, "Got %u\r", packets_captured); 2171 alarm(1); 2172 } 2173 #endif 2174 2175 static void 2176 usage(void) 2177 { 2178 extern char version[]; 2179 #ifndef HAVE_PCAP_LIB_VERSION 2180 #if defined(WIN32) || defined(HAVE_PCAP_VERSION) 2181 extern char pcap_version[]; 2182 #else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 2183 static char pcap_version[] = "unknown"; 2184 #endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 2185 #endif /* HAVE_PCAP_LIB_VERSION */ 2186 2187 #ifdef HAVE_PCAP_LIB_VERSION 2188 #ifdef WIN32 2189 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 2190 #else /* WIN32 */ 2191 (void)fprintf(stderr, "%s version %s\n", program_name, version); 2192 #endif /* WIN32 */ 2193 (void)fprintf(stderr, "%s\n",pcap_lib_version()); 2194 #else /* HAVE_PCAP_LIB_VERSION */ 2195 #ifdef WIN32 2196 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 2197 (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version); 2198 #else /* WIN32 */ 2199 (void)fprintf(stderr, "%s version %s\n", program_name, version); 2200 (void)fprintf(stderr, "libpcap version %s\n", pcap_version); 2201 #endif /* WIN32 */ 2202 #endif /* HAVE_PCAP_LIB_VERSION */ 2203 (void)fprintf(stderr, 2204 "Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name); 2205 (void)fprintf(stderr, 2206 "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n"); 2207 (void)fprintf(stderr, 2208 "\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ]\n"); 2209 (void)fprintf(stderr, 2210 "\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]\n"); 2211 (void)fprintf(stderr, 2212 "\t\t[ -W filecount ] [ -y datalinktype ] [ -z command ]\n"); 2213 (void)fprintf(stderr, 2214 "\t\t[ -Z user ] [ expression ]\n"); 2215 exit(1); 2216 } 2217 2218 2219 2220 /* VARARGS */ 2221 static void 2222 ndo_error(netdissect_options *ndo _U_, const char *fmt, ...) 2223 { 2224 va_list ap; 2225 2226 (void)fprintf(stderr, "%s: ", program_name); 2227 va_start(ap, fmt); 2228 (void)vfprintf(stderr, fmt, ap); 2229 va_end(ap); 2230 if (*fmt) { 2231 fmt += strlen(fmt); 2232 if (fmt[-1] != '\n') 2233 (void)fputc('\n', stderr); 2234 } 2235 exit(1); 2236 /* NOTREACHED */ 2237 } 2238 2239 /* VARARGS */ 2240 static void 2241 ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...) 2242 { 2243 va_list ap; 2244 2245 (void)fprintf(stderr, "%s: WARNING: ", program_name); 2246 va_start(ap, fmt); 2247 (void)vfprintf(stderr, fmt, ap); 2248 va_end(ap); 2249 if (*fmt) { 2250 fmt += strlen(fmt); 2251 if (fmt[-1] != '\n') 2252 (void)fputc('\n', stderr); 2253 } 2254 } 2255