1 /* 2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Support for splitting captures into multiple files with a maximum 22 * file size: 23 * 24 * Copyright (c) 2001 25 * Seth Webster <swebster@sst.ll.mit.edu> 26 */ 27 28 #ifndef lint 29 static const char copyright[] _U_ = 30 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ 31 The Regents of the University of California. All rights reserved.\n"; 32 static const char rcsid[] _U_ = 33 "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.253.2.8 2005/07/05 21:09:05 mcr Exp $ (LBL)"; 34 #endif 35 36 /* $FreeBSD$ */ 37 38 /* 39 * tcpdump - monitor tcp/ip traffic on an ethernet. 40 * 41 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. 42 * Mercilessly hacked and occasionally improved since then via the 43 * combined efforts of Van, Steve McCanne and Craig Leres of LBL. 44 */ 45 46 #ifdef HAVE_CONFIG_H 47 #include "config.h" 48 #endif 49 50 #include <tcpdump-stdinc.h> 51 52 #ifdef WIN32 53 #include "getopt.h" 54 #include "w32_fzs.h" 55 extern int strcasecmp (const char *__s1, const char *__s2); 56 extern int SIZE_BUF; 57 #define off_t long 58 #define uint UINT 59 #endif /* WIN32 */ 60 61 #ifdef HAVE_SMI_H 62 #include <smi.h> 63 #endif 64 65 #include <pcap.h> 66 #include <signal.h> 67 #include <stdio.h> 68 #include <stdlib.h> 69 #include <string.h> 70 #ifndef WIN32 71 #include <pwd.h> 72 #include <grp.h> 73 #include <errno.h> 74 #endif /* WIN32 */ 75 76 #include "netdissect.h" 77 #include "interface.h" 78 #include "addrtoname.h" 79 #include "machdep.h" 80 #include "setsignal.h" 81 #include "gmt2local.h" 82 #include "pcap-missing.h" 83 84 netdissect_options Gndo; 85 netdissect_options *gndo = &Gndo; 86 87 /* 88 * Define the maximum number of files for the -C flag, and how many 89 * characters can be added to a filename for the -C flag (which 90 * should be enough to handle MAX_CFLAG - 1). 91 */ 92 #define MAX_CFLAG 1000000 93 #define MAX_CFLAG_CHARS 6 94 95 int dflag; /* print filter code */ 96 int Lflag; /* list available data link types and exit */ 97 98 static int infodelay; 99 static int infoprint; 100 101 char *program_name; 102 103 int32_t thiszone; /* seconds offset from gmt to local time */ 104 105 /* Forwards */ 106 static RETSIGTYPE cleanup(int); 107 static void usage(void) __attribute__((noreturn)); 108 static void show_dlts_and_exit(pcap_t *pd) __attribute__((noreturn)); 109 110 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 111 static void ndo_default_print(netdissect_options *, const u_char *, u_int); 112 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); 113 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); 114 static void droproot(const char *, const char *); 115 static void ndo_error(netdissect_options *ndo, const char *fmt, ...); 116 static void ndo_warning(netdissect_options *ndo, const char *fmt, ...); 117 118 #ifdef SIGINFO 119 RETSIGTYPE requestinfo(int); 120 #endif 121 122 #if defined(USE_WIN32_MM_TIMER) 123 #include <MMsystem.h> 124 static UINT timer_id; 125 static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR); 126 #elif defined(HAVE_ALARM) 127 static void verbose_stats_dump(int sig); 128 #endif 129 130 static void info(int); 131 static u_int packets_captured; 132 133 typedef u_int (*if_printer)(const struct pcap_pkthdr *, const u_char *); 134 135 struct printer { 136 if_printer f; 137 int type; 138 }; 139 140 static struct printer printers[] = { 141 { arcnet_if_print, DLT_ARCNET }, 142 #ifdef DLT_ARCNET_LINUX 143 { arcnet_linux_if_print, DLT_ARCNET_LINUX }, 144 #endif 145 { ether_if_print, DLT_EN10MB }, 146 { token_if_print, DLT_IEEE802 }, 147 #ifdef DLT_LANE8023 148 { lane_if_print, DLT_LANE8023 }, 149 #endif 150 #ifdef DLT_CIP 151 { cip_if_print, DLT_CIP }, 152 #endif 153 #ifdef DLT_ATM_CLIP 154 { cip_if_print, DLT_ATM_CLIP }, 155 #endif 156 { sl_if_print, DLT_SLIP }, 157 #ifdef DLT_SLIP_BSDOS 158 { sl_bsdos_if_print, DLT_SLIP_BSDOS }, 159 #endif 160 { ppp_if_print, DLT_PPP }, 161 #ifdef DLT_PPP_WITHDIRECTION 162 { ppp_if_print, DLT_PPP_WITHDIRECTION }, 163 #endif 164 #ifdef DLT_PPP_BSDOS 165 { ppp_bsdos_if_print, DLT_PPP_BSDOS }, 166 #endif 167 { fddi_if_print, DLT_FDDI }, 168 { null_if_print, DLT_NULL }, 169 #ifdef DLT_LOOP 170 { null_if_print, DLT_LOOP }, 171 #endif 172 { raw_if_print, DLT_RAW }, 173 { atm_if_print, DLT_ATM_RFC1483 }, 174 #ifdef DLT_C_HDLC 175 { chdlc_if_print, DLT_C_HDLC }, 176 #endif 177 #ifdef DLT_HDLC 178 { chdlc_if_print, DLT_HDLC }, 179 #endif 180 #ifdef DLT_PPP_SERIAL 181 { ppp_hdlc_if_print, DLT_PPP_SERIAL }, 182 #endif 183 #ifdef DLT_PPP_ETHER 184 { pppoe_if_print, DLT_PPP_ETHER }, 185 #endif 186 #ifdef DLT_LINUX_SLL 187 { sll_if_print, DLT_LINUX_SLL }, 188 #endif 189 #ifdef DLT_IEEE802_11 190 { ieee802_11_if_print, DLT_IEEE802_11}, 191 #endif 192 #ifdef DLT_LTALK 193 { ltalk_if_print, DLT_LTALK }, 194 #endif 195 #ifdef DLT_PFLOG 196 { pflog_if_print, DLT_PFLOG }, 197 #endif 198 #ifdef DLT_FR 199 { fr_if_print, DLT_FR }, 200 #endif 201 #ifdef DLT_FRELAY 202 { fr_if_print, DLT_FRELAY }, 203 #endif 204 #ifdef DLT_SUNATM 205 { sunatm_if_print, DLT_SUNATM }, 206 #endif 207 #ifdef DLT_IP_OVER_FC 208 { ipfc_if_print, DLT_IP_OVER_FC }, 209 #endif 210 #ifdef DLT_PRISM_HEADER 211 { prism_if_print, DLT_PRISM_HEADER }, 212 #endif 213 #ifdef DLT_IEEE802_11_RADIO 214 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, 215 #endif 216 #ifdef DLT_ENC 217 { enc_if_print, DLT_ENC }, 218 #endif 219 #ifdef DLT_SYMANTEC_FIREWALL 220 { symantec_if_print, DLT_SYMANTEC_FIREWALL }, 221 #endif 222 #ifdef DLT_APPLE_IP_OVER_IEEE1394 223 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, 224 #endif 225 #ifdef DLT_JUNIPER_ATM1 226 { juniper_atm1_print, DLT_JUNIPER_ATM1 }, 227 #endif 228 #ifdef DLT_JUNIPER_ATM2 229 { juniper_atm2_print, DLT_JUNIPER_ATM2 }, 230 #endif 231 #ifdef DLT_JUNIPER_MFR 232 { juniper_mfr_print, DLT_JUNIPER_MFR }, 233 #endif 234 #ifdef DLT_JUNIPER_MLFR 235 { juniper_mlfr_print, DLT_JUNIPER_MLFR }, 236 #endif 237 #ifdef DLT_JUNIPER_MLPPP 238 { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, 239 #endif 240 #ifdef DLT_JUNIPER_PPPOE 241 { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, 242 #endif 243 #ifdef DLT_JUNIPER_PPPOE_ATM 244 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, 245 #endif 246 #ifdef DLT_JUNIPER_GGSN 247 { juniper_ggsn_print, DLT_JUNIPER_GGSN }, 248 #endif 249 #ifdef DLT_JUNIPER_ES 250 { juniper_es_print, DLT_JUNIPER_ES }, 251 #endif 252 #ifdef DLT_JUNIPER_MONITOR 253 { juniper_monitor_print, DLT_JUNIPER_MONITOR }, 254 #endif 255 #ifdef DLT_JUNIPER_SERVICES 256 { juniper_services_print, DLT_JUNIPER_SERVICES }, 257 #endif 258 { NULL, 0 }, 259 }; 260 261 static if_printer 262 lookup_printer(int type) 263 { 264 struct printer *p; 265 266 for (p = printers; p->f; ++p) 267 if (type == p->type) 268 return p->f; 269 270 return NULL; 271 /* NOTREACHED */ 272 } 273 274 static pcap_t *pd; 275 276 extern int optind; 277 extern int opterr; 278 extern char *optarg; 279 280 struct print_info { 281 if_printer printer; 282 }; 283 284 struct dump_info { 285 char *WFileName; 286 pcap_t *pd; 287 pcap_dumper_t *p; 288 }; 289 290 static void 291 show_dlts_and_exit(pcap_t *pd) 292 { 293 int n_dlts; 294 int *dlts = 0; 295 const char *dlt_name; 296 297 n_dlts = pcap_list_datalinks(pd, &dlts); 298 if (n_dlts < 0) 299 error("%s", pcap_geterr(pd)); 300 else if (n_dlts == 0 || !dlts) 301 error("No data link types."); 302 303 (void) fprintf(stderr, "Data link types (use option -y to set):\n"); 304 305 while (--n_dlts >= 0) { 306 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]); 307 if (dlt_name != NULL) { 308 (void) fprintf(stderr, " %s (%s)", dlt_name, 309 pcap_datalink_val_to_description(dlts[n_dlts])); 310 311 /* 312 * OK, does tcpdump handle that type? 313 */ 314 if (lookup_printer(dlts[n_dlts]) == NULL) 315 (void) fprintf(stderr, " (not supported)"); 316 putchar('\n'); 317 } else { 318 (void) fprintf(stderr, " DLT %d (not supported)\n", 319 dlts[n_dlts]); 320 } 321 } 322 free(dlts); 323 exit(0); 324 } 325 326 /* 327 * Set up flags that might or might not be supported depending on the 328 * version of libpcap we're using. 329 */ 330 #ifdef WIN32 331 #define B_FLAG "B:" 332 #define B_FLAG_USAGE " [ -B size ]" 333 #else /* WIN32 */ 334 #define B_FLAG 335 #define B_FLAG_USAGE 336 #endif /* WIN32 */ 337 338 #ifdef HAVE_PCAP_FINDALLDEVS 339 #ifndef HAVE_PCAP_IF_T 340 #undef HAVE_PCAP_FINDALLDEVS 341 #endif 342 #endif 343 344 #ifdef HAVE_PCAP_FINDALLDEVS 345 #define D_FLAG "D" 346 #else 347 #define D_FLAG 348 #endif 349 350 #ifdef HAVE_PCAP_DUMP_FLUSH 351 #define U_FLAG "U" 352 #else 353 #define U_FLAG 354 #endif 355 356 #ifndef WIN32 357 /* Drop root privileges and chroot if necessary */ 358 static void 359 droproot(const char *username, const char *chroot_dir) 360 { 361 struct passwd *pw = NULL; 362 363 if (chroot_dir && !username) { 364 fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); 365 exit(1); 366 } 367 368 pw = getpwnam(username); 369 if (pw) { 370 if (chroot_dir) { 371 if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { 372 fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", 373 chroot_dir, pcap_strerror(errno)); 374 exit(1); 375 } 376 } 377 if (initgroups(pw->pw_name, pw->pw_gid) != 0 || 378 setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { 379 fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", 380 username, 381 (unsigned long)pw->pw_uid, 382 (unsigned long)pw->pw_gid, 383 pcap_strerror(errno)); 384 exit(1); 385 } 386 } 387 else { 388 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", 389 username); 390 exit(1); 391 } 392 } 393 #endif /* WIN32 */ 394 395 static int 396 getWflagChars(int x) 397 { 398 int c = 0; 399 400 x -= 1; 401 while (x > 0) { 402 c += 1; 403 x /= 10; 404 } 405 406 return c; 407 } 408 409 410 static void 411 MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars) 412 { 413 if (cnt == 0 && max_chars == 0) 414 strcpy(buffer, orig_name); 415 else 416 sprintf(buffer, "%s%0*d", orig_name, max_chars, cnt); 417 } 418 419 static int tcpdump_printf(netdissect_options *ndo _U_, 420 const char *fmt, ...) 421 { 422 423 va_list args; 424 int ret; 425 426 va_start(args, fmt); 427 ret=vfprintf(stdout, fmt, args); 428 va_end(args); 429 430 return ret; 431 } 432 433 int 434 main(int argc, char **argv) 435 { 436 register int cnt, op, i; 437 bpf_u_int32 localnet, netmask; 438 register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName, *WFileNameAlt; 439 pcap_handler callback; 440 int type; 441 struct bpf_program fcode; 442 #ifndef WIN32 443 RETSIGTYPE (*oldhandler)(int); 444 #endif 445 struct print_info printinfo; 446 struct dump_info dumpinfo; 447 u_char *pcap_userdata; 448 char ebuf[PCAP_ERRBUF_SIZE]; 449 char *username = NULL; 450 char *chroot_dir = NULL; 451 #ifdef HAVE_PCAP_FINDALLDEVS 452 pcap_if_t *devpointer; 453 int devnum; 454 #endif 455 int status; 456 #ifdef WIN32 457 u_int UserBufferSize = 1000000; 458 if(wsockinit() != 0) return 1; 459 #endif /* WIN32 */ 460 461 gndo->ndo_Oflag=1; 462 gndo->ndo_Rflag=1; 463 gndo->ndo_dlt=-1; 464 gndo->ndo_default_print=ndo_default_print; 465 gndo->ndo_printf=tcpdump_printf; 466 gndo->ndo_error=ndo_error; 467 gndo->ndo_warning=ndo_warning; 468 gndo->ndo_snaplen = DEFAULT_SNAPLEN; 469 470 cnt = -1; 471 device = NULL; 472 infile = NULL; 473 RFileName = NULL; 474 WFileName = NULL; 475 if ((cp = strrchr(argv[0], '/')) != NULL) 476 program_name = cp + 1; 477 else 478 program_name = argv[0]; 479 480 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) 481 error("%s", ebuf); 482 483 #ifdef LIBSMI 484 smiInit("tcpdump"); 485 #endif 486 487 opterr = 0; 488 while ( 489 (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:i:lLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:YZ:")) != -1) 490 switch (op) { 491 492 case 'a': 493 /* compatibility for old -a */ 494 break; 495 496 case 'A': 497 ++xflag; 498 ++Xflag; 499 ++Aflag; 500 break; 501 502 #ifdef WIN32 503 case 'B': 504 UserBufferSize = atoi(optarg)*1024; 505 if (UserBufferSize < 0) 506 error("invalid packet buffer size %s", optarg); 507 break; 508 #endif /* WIN32 */ 509 510 case 'c': 511 cnt = atoi(optarg); 512 if (cnt <= 0) 513 error("invalid packet count %s", optarg); 514 break; 515 516 case 'C': 517 Cflag = atoi(optarg) * 1000000; 518 if (Cflag < 0) 519 error("invalid file size %s", optarg); 520 break; 521 522 case 'd': 523 ++dflag; 524 break; 525 526 #ifdef HAVE_PCAP_FINDALLDEVS 527 case 'D': 528 if (pcap_findalldevs(&devpointer, ebuf) < 0) 529 error("%s", ebuf); 530 else { 531 for (i = 0; devpointer != 0; i++) { 532 printf("%d.%s", i+1, devpointer->name); 533 if (devpointer->description != NULL) 534 printf(" (%s)", devpointer->description); 535 printf("\n"); 536 devpointer = devpointer->next; 537 } 538 } 539 return 0; 540 #endif /* HAVE_PCAP_FINDALLDEVS */ 541 542 case 'L': 543 Lflag++; 544 break; 545 546 case 'e': 547 ++eflag; 548 break; 549 550 case 'E': 551 #ifndef HAVE_LIBCRYPTO 552 warning("crypto code not compiled in"); 553 #endif 554 gndo->ndo_espsecret = optarg; 555 break; 556 557 case 'f': 558 ++fflag; 559 break; 560 561 case 'F': 562 infile = optarg; 563 break; 564 565 case 'i': 566 if (optarg[0] == '0' && optarg[1] == 0) 567 error("Invalid adapter index"); 568 569 #ifdef HAVE_PCAP_FINDALLDEVS 570 /* 571 * If the argument is a number, treat it as 572 * an index into the list of adapters, as 573 * printed by "tcpdump -D". 574 * 575 * This should be OK on UNIX systems, as interfaces 576 * shouldn't have names that begin with digits. 577 * It can be useful on Windows, where more than 578 * one interface can have the same name. 579 */ 580 if ((devnum = atoi(optarg)) != 0) { 581 if (devnum < 0) 582 error("Invalid adapter index"); 583 584 if (pcap_findalldevs(&devpointer, ebuf) < 0) 585 error("%s", ebuf); 586 else { 587 for (i = 0; i < devnum-1; i++){ 588 devpointer = devpointer->next; 589 if (devpointer == NULL) 590 error("Invalid adapter index"); 591 } 592 } 593 device = devpointer->name; 594 break; 595 } 596 #endif /* HAVE_PCAP_FINDALLDEVS */ 597 device = optarg; 598 break; 599 600 case 'l': 601 #ifdef WIN32 602 /* 603 * _IOLBF is the same as _IOFBF in Microsoft's C 604 * libraries; the only alternative they offer 605 * is _IONBF. 606 * 607 * XXX - this should really be checking for MSVC++, 608 * not WIN32, if, for example, MinGW has its own 609 * C library that is more UNIX-compatible. 610 */ 611 setvbuf(stdout, NULL, _IONBF, 0); 612 #else /* WIN32 */ 613 #ifdef HAVE_SETLINEBUF 614 setlinebuf(stdout); 615 #else 616 setvbuf(stdout, NULL, _IOLBF, 0); 617 #endif 618 #endif /* WIN32 */ 619 break; 620 621 case 'n': 622 ++nflag; 623 break; 624 625 case 'N': 626 ++Nflag; 627 break; 628 629 case 'm': 630 #ifdef LIBSMI 631 if (smiLoadModule(optarg) == 0) { 632 error("could not load MIB module %s", optarg); 633 } 634 sflag = 1; 635 #else 636 (void)fprintf(stderr, "%s: ignoring option `-m %s' ", 637 program_name, optarg); 638 (void)fprintf(stderr, "(no libsmi support)\n"); 639 #endif 640 break; 641 642 case 'M': 643 /* TCP-MD5 shared secret */ 644 #ifndef HAVE_LIBCRYPTO 645 warning("crypto code not compiled in"); 646 #endif 647 tcpmd5secret = optarg; 648 break; 649 650 case 'O': 651 Oflag = 0; 652 break; 653 654 case 'p': 655 ++pflag; 656 break; 657 658 case 'q': 659 ++qflag; 660 break; 661 662 case 'r': 663 RFileName = optarg; 664 break; 665 666 case 'R': 667 Rflag = 0; 668 break; 669 670 case 's': { 671 char *end; 672 673 snaplen = strtol(optarg, &end, 0); 674 if (optarg == end || *end != '\0' 675 || snaplen < 0 || snaplen > 65535) 676 error("invalid snaplen %s", optarg); 677 else if (snaplen == 0) 678 snaplen = 65535; 679 break; 680 } 681 682 case 'S': 683 ++Sflag; 684 break; 685 686 case 't': 687 ++tflag; 688 break; 689 690 case 'T': 691 if (strcasecmp(optarg, "vat") == 0) 692 packettype = PT_VAT; 693 else if (strcasecmp(optarg, "wb") == 0) 694 packettype = PT_WB; 695 else if (strcasecmp(optarg, "rpc") == 0) 696 packettype = PT_RPC; 697 else if (strcasecmp(optarg, "rtp") == 0) 698 packettype = PT_RTP; 699 else if (strcasecmp(optarg, "rtcp") == 0) 700 packettype = PT_RTCP; 701 else if (strcasecmp(optarg, "snmp") == 0) 702 packettype = PT_SNMP; 703 else if (strcasecmp(optarg, "cnfp") == 0) 704 packettype = PT_CNFP; 705 else if (strcasecmp(optarg, "tftp") == 0) 706 packettype = PT_TFTP; 707 else if (strcasecmp(optarg, "aodv") == 0) 708 packettype = PT_AODV; 709 else 710 error("unknown packet type `%s'", optarg); 711 break; 712 713 case 'u': 714 ++uflag; 715 break; 716 717 #ifdef HAVE_PCAP_DUMP_FLUSH 718 case 'U': 719 ++Uflag; 720 break; 721 #endif 722 723 case 'v': 724 ++vflag; 725 break; 726 727 case 'w': 728 WFileName = optarg; 729 break; 730 731 case 'W': 732 Wflag = atoi(optarg); 733 if (Wflag < 0) 734 error("invalid number of output files %s", optarg); 735 WflagChars = getWflagChars(Wflag); 736 break; 737 738 case 'x': 739 ++xflag; 740 break; 741 742 case 'X': 743 ++Xflag; 744 break; 745 746 case 'y': 747 gndo->ndo_dltname = optarg; 748 gndo->ndo_dlt = 749 pcap_datalink_name_to_val(gndo->ndo_dltname); 750 if (gndo->ndo_dlt < 0) 751 error("invalid data link type %s", gndo->ndo_dltname); 752 break; 753 754 #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) 755 case 'Y': 756 { 757 /* Undocumented flag */ 758 #ifdef HAVE_PCAP_DEBUG 759 extern int pcap_debug; 760 pcap_debug = 1; 761 #else 762 extern int yydebug; 763 yydebug = 1; 764 #endif 765 } 766 break; 767 #endif 768 case 'Z': 769 if (optarg) { 770 username = strdup(optarg); 771 } 772 else { 773 usage(); 774 /* NOTREACHED */ 775 } 776 break; 777 778 default: 779 usage(); 780 /* NOTREACHED */ 781 } 782 783 switch (tflag) { 784 785 case 0: /* Default */ 786 case 4: /* Default + Date*/ 787 thiszone = gmt2local(0); 788 break; 789 790 case 1: /* No time stamp */ 791 case 2: /* Unix timeval style */ 792 case 3: /* Microseconds since previous packet */ 793 break; 794 795 default: /* Not supported */ 796 error("only -t, -tt, -ttt, and -tttt are supported"); 797 break; 798 } 799 800 #ifdef WITH_CHROOT 801 /* if run as root, prepare for chrooting */ 802 if (getuid() == 0 || geteuid() == 0) { 803 /* future extensibility for cmd-line arguments */ 804 if (!chroot_dir) 805 chroot_dir = WITH_CHROOT; 806 } 807 #endif 808 809 #ifdef WITH_USER 810 /* if run as root, prepare for dropping root privileges */ 811 if (getuid() == 0 || geteuid() == 0) { 812 /* Run with '-Z root' to restore old behaviour */ 813 if (!username) 814 username = WITH_USER; 815 } 816 #endif 817 818 if (RFileName != NULL) { 819 int dlt; 820 const char *dlt_name; 821 822 #ifndef WIN32 823 /* 824 * We don't need network access, so relinquish any set-UID 825 * or set-GID privileges we have (if any). 826 * 827 * We do *not* want set-UID privileges when opening a 828 * trace file, as that might let the user read other 829 * people's trace files (especially if we're set-UID 830 * root). 831 */ 832 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 ) 833 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 834 #endif /* WIN32 */ 835 pd = pcap_open_offline(RFileName, ebuf); 836 if (pd == NULL) 837 error("%s", ebuf); 838 dlt = pcap_datalink(pd); 839 dlt_name = pcap_datalink_val_to_name(dlt); 840 if (dlt_name == NULL) { 841 fprintf(stderr, "reading from file %s, link-type %u\n", 842 RFileName, dlt); 843 } else { 844 fprintf(stderr, 845 "reading from file %s, link-type %s (%s)\n", 846 RFileName, dlt_name, 847 pcap_datalink_val_to_description(dlt)); 848 } 849 localnet = 0; 850 netmask = 0; 851 if (fflag != 0) 852 error("-f and -r options are incompatible"); 853 } else { 854 if (device == NULL) { 855 device = pcap_lookupdev(ebuf); 856 if (device == NULL) 857 error("%s", ebuf); 858 } 859 #ifdef WIN32 860 if(strlen(device) == 1) //we assume that an ASCII string is always longer than 1 char 861 { //a Unicode string has a \0 as second byte (so strlen() is 1) 862 fprintf(stderr, "%s: listening on %ws\n", program_name, device); 863 } 864 else 865 { 866 fprintf(stderr, "%s: listening on %s\n", program_name, device); 867 } 868 869 fflush(stderr); 870 #endif /* WIN32 */ 871 *ebuf = '\0'; 872 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); 873 if (pd == NULL) 874 error("%s", ebuf); 875 else if (*ebuf) 876 warning("%s", ebuf); 877 /* 878 * Let user own process after socket has been opened. 879 */ 880 #ifndef WIN32 881 if (setgid(getgid()) != 0 || setuid(getuid()) != 0) 882 fprintf(stderr, "Warning: setgid/setuid failed !\n"); 883 #endif /* WIN32 */ 884 #ifdef WIN32 885 if(UserBufferSize != 1000000) 886 if(pcap_setbuff(pd, UserBufferSize)==-1){ 887 error("%s", pcap_geterr(pd)); 888 } 889 #endif /* WIN32 */ 890 if (Lflag) 891 show_dlts_and_exit(pd); 892 if (gndo->ndo_dlt >= 0) { 893 #ifdef HAVE_PCAP_SET_DATALINK 894 if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0) 895 error("%s", pcap_geterr(pd)); 896 #else 897 /* 898 * We don't actually support changing the 899 * data link type, so we only let them 900 * set it to what it already is. 901 */ 902 if (gndo->ndo_dlt != pcap_datalink(pd)) { 903 error("%s is not one of the DLTs supported by this device\n", 904 gndo->ndo_dltname); 905 } 906 #endif 907 (void)fprintf(stderr, "%s: data link type %s\n", 908 program_name, gndo->ndo_dltname); 909 (void)fflush(stderr); 910 } 911 i = pcap_snapshot(pd); 912 if (snaplen < i) { 913 warning("snaplen raised from %d to %d", snaplen, i); 914 snaplen = i; 915 } 916 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { 917 localnet = 0; 918 netmask = 0; 919 warning("%s", ebuf); 920 } 921 } 922 if (infile) 923 cmdbuf = read_infile(infile); 924 else 925 cmdbuf = copy_argv(&argv[optind]); 926 927 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 928 error("%s", pcap_geterr(pd)); 929 if (dflag) { 930 bpf_dump(&fcode, dflag); 931 pcap_close(pd); 932 exit(0); 933 } 934 init_addrtoname(localnet, netmask); 935 936 #ifndef WIN32 937 (void)setsignal(SIGPIPE, cleanup); 938 #endif /* WIN32 */ 939 (void)setsignal(SIGTERM, cleanup); 940 (void)setsignal(SIGINT, cleanup); 941 /* Cooperate with nohup(1) */ 942 #ifndef WIN32 943 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) 944 (void)setsignal(SIGHUP, oldhandler); 945 #endif /* WIN32 */ 946 947 if (pcap_setfilter(pd, &fcode) < 0) 948 error("%s", pcap_geterr(pd)); 949 if (WFileName) { 950 pcap_dumper_t *p; 951 952 WFileNameAlt = (char *)malloc(strlen(WFileName) + MAX_CFLAG_CHARS + 1); 953 if (WFileNameAlt == NULL) 954 error("malloc of WFileNameAlt"); 955 MakeFilename(WFileNameAlt, WFileName, 0, WflagChars); 956 p = pcap_dump_open(pd, WFileNameAlt); 957 if (p == NULL) 958 error("%s", pcap_geterr(pd)); 959 if (Cflag != 0) { 960 callback = dump_packet_and_trunc; 961 dumpinfo.WFileName = WFileName; 962 dumpinfo.pd = pd; 963 dumpinfo.p = p; 964 pcap_userdata = (u_char *)&dumpinfo; 965 } else { 966 callback = dump_packet; 967 pcap_userdata = (u_char *)p; 968 } 969 } else { 970 type = pcap_datalink(pd); 971 printinfo.printer = lookup_printer(type); 972 if (printinfo.printer == NULL) { 973 gndo->ndo_dltname = pcap_datalink_val_to_name(type); 974 if (gndo->ndo_dltname != NULL) 975 error("unsupported data link type %s", 976 gndo->ndo_dltname); 977 else 978 error("unsupported data link type %d", type); 979 } 980 callback = print_packet; 981 pcap_userdata = (u_char *)&printinfo; 982 } 983 #ifndef WIN32 984 /* 985 * We cannot do this earlier, because we want to be able to open 986 * the file (if done) for writing before giving up permissions. 987 */ 988 if (getuid() == 0 || geteuid() == 0) { 989 if (username || chroot_dir) 990 droproot(username, chroot_dir); 991 } 992 #endif /* WIN32 */ 993 #ifdef SIGINFO 994 (void)setsignal(SIGINFO, requestinfo); 995 #endif 996 997 if (vflag > 0 && WFileName) { 998 /* 999 * When capturing to a file, "-v" means tcpdump should, 1000 * every 10 secodns, "v"erbosely report the number of 1001 * packets captured. 1002 */ 1003 #ifdef USE_WIN32_MM_TIMER 1004 /* call verbose_stats_dump() each 1000 +/-100msec */ 1005 timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC); 1006 setvbuf(stderr, NULL, _IONBF, 0); 1007 #elif defined(HAVE_ALARM) 1008 (void)setsignal(SIGALRM, verbose_stats_dump); 1009 alarm(1); 1010 #endif 1011 } 1012 1013 #ifndef WIN32 1014 if (RFileName == NULL) { 1015 int dlt; 1016 const char *dlt_name; 1017 1018 if (!vflag && !WFileName) { 1019 (void)fprintf(stderr, 1020 "%s: verbose output suppressed, use -v or -vv for full protocol decode\n", 1021 program_name); 1022 } else 1023 (void)fprintf(stderr, "%s: ", program_name); 1024 dlt = pcap_datalink(pd); 1025 dlt_name = pcap_datalink_val_to_name(dlt); 1026 if (dlt_name == NULL) { 1027 (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n", 1028 device, dlt, snaplen); 1029 } else { 1030 (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n", 1031 device, dlt_name, 1032 pcap_datalink_val_to_description(dlt), snaplen); 1033 } 1034 (void)fflush(stderr); 1035 } 1036 #endif /* WIN32 */ 1037 status = pcap_loop(pd, cnt, callback, pcap_userdata); 1038 if (WFileName == NULL) { 1039 /* 1040 * We're printing packets. Flush the printed output, 1041 * so it doesn't get intermingled with error output. 1042 */ 1043 if (status == -2) { 1044 /* 1045 * We got interrupted, so perhaps we didn't 1046 * manage to finish a line we were printing. 1047 * Print an extra newline, just in case. 1048 */ 1049 putchar('\n'); 1050 } 1051 (void)fflush(stdout); 1052 } 1053 if (status == -1) { 1054 /* 1055 * Error. Report it. 1056 */ 1057 (void)fprintf(stderr, "%s: pcap_loop: %s\n", 1058 program_name, pcap_geterr(pd)); 1059 } 1060 if (RFileName == NULL) { 1061 /* 1062 * We're doing a live capture. Report the capture 1063 * statistics. 1064 */ 1065 info(1); 1066 } 1067 pcap_close(pd); 1068 exit(status == -1 ? 1 : 0); 1069 } 1070 1071 /* make a clean exit on interrupts */ 1072 static RETSIGTYPE 1073 cleanup(int signo _U_) 1074 { 1075 #ifdef USE_WIN32_MM_TIMER 1076 if (timer_id) 1077 timeKillEvent(timer_id); 1078 timer_id = 0; 1079 #elif defined(HAVE_ALARM) 1080 alarm(0); 1081 #endif 1082 1083 #ifdef HAVE_PCAP_BREAKLOOP 1084 /* 1085 * We have "pcap_breakloop()"; use it, so that we do as little 1086 * as possible in the signal handler (it's probably not safe 1087 * to do anything with standard I/O streams in a signal handler - 1088 * the ANSI C standard doesn't say it is). 1089 */ 1090 pcap_breakloop(pd); 1091 #else 1092 /* 1093 * We don't have "pcap_breakloop()"; this isn't safe, but 1094 * it's the best we can do. Print the summary if we're 1095 * not reading from a savefile - i.e., if we're doing a 1096 * live capture - and exit. 1097 */ 1098 if (pd != NULL && pcap_file(pd) == NULL) { 1099 /* 1100 * We got interrupted, so perhaps we didn't 1101 * manage to finish a line we were printing. 1102 * Print an extra newline, just in case. 1103 */ 1104 putchar('\n'); 1105 (void)fflush(stdout); 1106 info(1); 1107 } 1108 exit(0); 1109 #endif 1110 } 1111 1112 static void 1113 info(register int verbose) 1114 { 1115 struct pcap_stat stat; 1116 1117 if (pcap_stats(pd, &stat) < 0) { 1118 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); 1119 return; 1120 } 1121 1122 if (!verbose) 1123 fprintf(stderr, "%s: ", program_name); 1124 1125 (void)fprintf(stderr, "%u packets captured", packets_captured); 1126 if (!verbose) 1127 fputs(", ", stderr); 1128 else 1129 putc('\n', stderr); 1130 (void)fprintf(stderr, "%d packets received by filter", stat.ps_recv); 1131 if (!verbose) 1132 fputs(", ", stderr); 1133 else 1134 putc('\n', stderr); 1135 (void)fprintf(stderr, "%d packets dropped by kernel\n", stat.ps_drop); 1136 infoprint = 0; 1137 } 1138 1139 static void 1140 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1141 { 1142 struct dump_info *dump_info; 1143 char *name; 1144 1145 ++packets_captured; 1146 1147 ++infodelay; 1148 1149 dump_info = (struct dump_info *)user; 1150 1151 /* 1152 * XXX - this won't prevent capture files from getting 1153 * larger than Cflag - the last packet written to the 1154 * file could put it over Cflag. 1155 */ 1156 if (pcap_dump_ftell(dump_info->p) > Cflag) { 1157 /* 1158 * Close the current file and open a new one. 1159 */ 1160 pcap_dump_close(dump_info->p); 1161 Cflag_count++; 1162 if (Wflag > 0) { 1163 if (Cflag_count >= Wflag) 1164 Cflag_count = 0; 1165 } else { 1166 if (Cflag_count >= MAX_CFLAG) 1167 error("too many output files"); 1168 } 1169 name = (char *)malloc(strlen(dump_info->WFileName) + MAX_CFLAG_CHARS + 1); 1170 if (name == NULL) 1171 error("dump_packet_and_trunc: malloc"); 1172 MakeFilename(name, dump_info->WFileName, Cflag_count, WflagChars); 1173 dump_info->p = pcap_dump_open(dump_info->pd, name); 1174 free(name); 1175 if (dump_info->p == NULL) 1176 error("%s", pcap_geterr(pd)); 1177 } 1178 1179 pcap_dump((u_char *)dump_info->p, h, sp); 1180 #ifdef HAVE_PCAP_DUMP_FLUSH 1181 if (Uflag) 1182 pcap_dump_flush(dump_info->p); 1183 #endif 1184 1185 --infodelay; 1186 if (infoprint) 1187 info(0); 1188 } 1189 1190 static void 1191 dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1192 { 1193 ++packets_captured; 1194 1195 ++infodelay; 1196 1197 pcap_dump(user, h, sp); 1198 #ifdef HAVE_PCAP_DUMP_FLUSH 1199 if (Uflag) 1200 pcap_dump_flush((pcap_dumper_t *)user); 1201 #endif 1202 1203 --infodelay; 1204 if (infoprint) 1205 info(0); 1206 } 1207 1208 static void 1209 print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 1210 { 1211 struct print_info *print_info; 1212 u_int hdrlen; 1213 1214 ++packets_captured; 1215 1216 ++infodelay; 1217 ts_print(&h->ts); 1218 1219 print_info = (struct print_info *)user; 1220 1221 /* 1222 * Some printers want to check that they're not walking off the 1223 * end of the packet. 1224 * Rather than pass it all the way down, we set this global. 1225 */ 1226 snapend = sp + h->caplen; 1227 1228 hdrlen = (*print_info->printer)(h, sp); 1229 if (xflag) { 1230 /* 1231 * Print the raw packet data. 1232 */ 1233 if (xflag > 1) { 1234 /* 1235 * Include the link-layer header. 1236 */ 1237 hex_print("\n\t", sp, h->caplen); 1238 } else { 1239 /* 1240 * Don't include the link-layer header - and if 1241 * we have nothing past the link-layer header, 1242 * print nothing. 1243 */ 1244 if (h->caplen > hdrlen) 1245 hex_print("\n\t", sp + hdrlen, 1246 h->caplen - hdrlen); 1247 } 1248 } else if (Xflag) { 1249 /* 1250 * Print the raw packet data. 1251 */ 1252 if (Xflag > 1) { 1253 /* 1254 * Include the link-layer header. 1255 */ 1256 ascii_print("\n\t", sp, h->caplen); 1257 } else { 1258 /* 1259 * Don't include the link-layer header - and if 1260 * we have nothing past the link-layer header, 1261 * print nothing. 1262 */ 1263 if (h->caplen > hdrlen) 1264 ascii_print("\n\t", sp + hdrlen, 1265 h->caplen - hdrlen); 1266 } 1267 } 1268 1269 putchar('\n'); 1270 1271 --infodelay; 1272 if (infoprint) 1273 info(0); 1274 } 1275 1276 #ifdef WIN32 1277 /* 1278 * XXX - there should really be libpcap calls to get the version 1279 * number as a string (the string would be generated from #defines 1280 * at run time, so that it's not generated from string constants 1281 * in the library, as, on many UNIX systems, those constants would 1282 * be statically linked into the application executable image, and 1283 * would thus reflect the version of libpcap on the system on 1284 * which the application was *linked*, not the system on which it's 1285 * *running*. 1286 * 1287 * That routine should be documented, unlike the "version[]" 1288 * string, so that UNIX vendors providing their own libpcaps 1289 * don't omit it (as a couple of vendors have...). 1290 * 1291 * Packet.dll should perhaps also export a routine to return the 1292 * version number of the Packet.dll code, to supply the 1293 * "Wpcap_version" information on Windows. 1294 */ 1295 char WDversion[]="current-cvs.tcpdump.org"; 1296 #if !defined(HAVE_GENERATED_VERSION) 1297 char version[]="current-cvs.tcpdump.org"; 1298 #endif 1299 char pcap_version[]="current-cvs.tcpdump.org"; 1300 char Wpcap_version[]="3.1"; 1301 #endif 1302 1303 /* 1304 * By default, print the specified data out in hex. 1305 */ 1306 static void 1307 ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length) 1308 { 1309 ascii_print("\n\t", bp, length); /* pass on lf and identation string */ 1310 } 1311 1312 void 1313 default_print(const u_char *bp, u_int length) 1314 { 1315 ndo_default_print(gndo, bp, length); 1316 } 1317 1318 #ifdef SIGINFO 1319 RETSIGTYPE requestinfo(int signo _U_) 1320 { 1321 if (infodelay) 1322 ++infoprint; 1323 else 1324 info(0); 1325 } 1326 #endif 1327 1328 /* 1329 * Called once each second in verbose mode while dumping to file 1330 */ 1331 #ifdef USE_WIN32_MM_TIMER 1332 void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_, 1333 DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_) 1334 { 1335 struct pcap_stat stat; 1336 1337 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 1338 fprintf(stderr, "Got %u\r", packets_captured); 1339 } 1340 #elif defined(HAVE_ALARM) 1341 static void verbose_stats_dump(int sig _U_) 1342 { 1343 struct pcap_stat stat; 1344 1345 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) 1346 fprintf(stderr, "Got %u\r", packets_captured); 1347 alarm(1); 1348 } 1349 #endif 1350 1351 static void 1352 usage(void) 1353 { 1354 extern char version[]; 1355 #ifndef HAVE_PCAP_LIB_VERSION 1356 #if defined(WIN32) || defined(HAVE_PCAP_VERSION) 1357 extern char pcap_version[]; 1358 #else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 1359 static char pcap_version[] = "unknown"; 1360 #endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ 1361 #endif /* HAVE_PCAP_LIB_VERSION */ 1362 1363 #ifdef HAVE_PCAP_LIB_VERSION 1364 #ifdef WIN32 1365 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 1366 #else /* WIN32 */ 1367 (void)fprintf(stderr, "%s version %s\n", program_name, version); 1368 #endif /* WIN32 */ 1369 (void)fprintf(stderr, "%s\n",pcap_lib_version()); 1370 #else /* HAVE_PCAP_LIB_VERSION */ 1371 #ifdef WIN32 1372 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); 1373 (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version); 1374 #else /* WIN32 */ 1375 (void)fprintf(stderr, "%s version %s\n", program_name, version); 1376 (void)fprintf(stderr, "libpcap version %s\n", pcap_version); 1377 #endif /* WIN32 */ 1378 #endif /* HAVE_PCAP_LIB_VERSION */ 1379 (void)fprintf(stderr, 1380 "Usage: %s [-aAd" D_FLAG "eflLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [-c count] [ -C file_size ]\n", program_name); 1381 (void)fprintf(stderr, 1382 "\t\t[ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]\n"); 1383 (void)fprintf(stderr, 1384 "\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]\n"); 1385 (void)fprintf(stderr, 1386 "\t\t[ -W filecount ] [ -y datalinktype ] [ -Z user ]\n"); 1387 (void)fprintf(stderr, 1388 "\t\t[ expression ]\n"); 1389 exit(1); 1390 } 1391 1392 1393 1394 /* VARARGS */ 1395 static void 1396 ndo_error(netdissect_options *ndo _U_, const char *fmt, ...) 1397 { 1398 va_list ap; 1399 1400 (void)fprintf(stderr, "%s: ", program_name); 1401 va_start(ap, fmt); 1402 (void)vfprintf(stderr, fmt, ap); 1403 va_end(ap); 1404 if (*fmt) { 1405 fmt += strlen(fmt); 1406 if (fmt[-1] != '\n') 1407 (void)fputc('\n', stderr); 1408 } 1409 exit(1); 1410 /* NOTREACHED */ 1411 } 1412 1413 /* VARARGS */ 1414 static void 1415 ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...) 1416 { 1417 va_list ap; 1418 1419 (void)fprintf(stderr, "%s: WARNING: ", program_name); 1420 va_start(ap, fmt); 1421 (void)vfprintf(stderr, fmt, ap); 1422 va_end(ap); 1423 if (*fmt) { 1424 fmt += strlen(fmt); 1425 if (fmt[-1] != '\n') 1426 (void)fputc('\n', stderr); 1427 } 1428 } 1429 1430