+#ifndef WIN32
+/* Drop root privileges and chroot if necessary */
+static void
+droproot(const char *username, const char *chroot_dir)
+{
+ struct passwd *pw = NULL;
+
+ if (chroot_dir && !username) {
+ fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n");
+ exit(1);
+ }
+
+ pw = getpwnam(username);
+ if (pw) {
+ if (chroot_dir) {
+ if (chroot(chroot_dir) != 0 || chdir ("/") != 0) {
+ fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n",
+ chroot_dir, pcap_strerror(errno));
+ exit(1);
+ }
+ }
+#ifdef HAVE_LIBCAP_NG
+ int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
+ if (ret < 0) {
+ fprintf(stderr, "error : ret %d\n", ret);
+ }
+ else {
+ fprintf(stderr, "dropped privs to %s\n", username);
+ }
+#else
+ if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
+ setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
+ fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
+ username,
+ (unsigned long)pw->pw_uid,
+ (unsigned long)pw->pw_gid,
+ pcap_strerror(errno));
+ exit(1);
+ }
+ else {
+ fprintf(stderr, "dropped privs to %s\n", username);
+ }
+#endif /* HAVE_LIBCAP_NG */
+ }
+ else {
+ fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n",
+ username);
+ exit(1);
+ }
+#ifdef HAVE_LIBCAP_NG
+ /* We don't need CAP_SETUID and CAP_SETGID any more. */
+ capng_updatev(
+ CAPNG_DROP,
+ CAPNG_EFFECTIVE | CAPNG_PERMITTED,
+ CAP_SETUID,
+ CAP_SETGID,
+ -1);
+ capng_apply(CAPNG_SELECT_BOTH);
+#endif /* HAVE_LIBCAP_NG */
+
+}
+#endif /* WIN32 */
+
+static int
+getWflagChars(int x)
+{
+ int c = 0;
+
+ x -= 1;
+ while (x > 0) {
+ c += 1;
+ x /= 10;
+ }
+
+ return c;
+}
+
+
+static void
+MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
+{
+ char *filename = malloc(PATH_MAX + 1);
+ if (filename == NULL)
+ error("Makefilename: malloc");
+
+ /* Process with strftime if Gflag is set. */
+ if (Gflag != 0) {
+ struct tm *local_tm;
+
+ /* Convert Gflag_time to a usable format */
+ if ((local_tm = localtime(&Gflag_time)) == NULL) {
+ error("MakeTimedFilename: localtime");
+ }
+
+ /* There's no good way to detect an error in strftime since a return
+ * value of 0 isn't necessarily failure.
+ */
+ strftime(filename, PATH_MAX, orig_name, local_tm);
+ } else {
+ strncpy(filename, orig_name, PATH_MAX);
+ }
+
+ if (cnt == 0 && max_chars == 0)
+ strncpy(buffer, filename, PATH_MAX + 1);
+ else
+ if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX)
+ /* Report an error if the filename is too large */
+ error("too many output files or filename is too long (> %d)", PATH_MAX);
+ free(filename);
+}
+
+static int tcpdump_printf(netdissect_options *ndo _U_,
+ const char *fmt, ...)
+{
+
+ va_list args;
+ int ret;
+
+ va_start(args, fmt);
+ ret=vfprintf(stdout, fmt, args);
+ va_end(args);
+
+ return ret;
+}
+
+static struct print_info
+get_print_info(int type)
+{
+ struct print_info printinfo;
+
+ printinfo.ndo_type = 1;
+ printinfo.ndo = gndo;
+ printinfo.p.ndo_printer = lookup_ndo_printer(type);
+ if (printinfo.p.ndo_printer == NULL) {
+ printinfo.p.printer = lookup_printer(type);
+ printinfo.ndo_type = 0;
+ if (printinfo.p.printer == NULL) {
+ gndo->ndo_dltname = pcap_datalink_val_to_name(type);
+ if (gndo->ndo_dltname != NULL)
+ error("packet printing is not supported for link type %s: use -w",
+ gndo->ndo_dltname);
+ else
+ error("packet printing is not supported for link type %d: use -w", type);
+ }
+ }
+ return (printinfo);
+}
+
+static char *
+get_next_file(FILE *VFile, char *ptr)
+{
+ char *ret;
+
+ ret = fgets(ptr, PATH_MAX, VFile);
+ if (!ret)
+ return NULL;
+
+ if (ptr[strlen(ptr) - 1] == '\n')
+ ptr[strlen(ptr) - 1] = '\0';
+
+ return ret;
+}
+
+#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
+static int
+tstamp_precision_from_string(const char *precision)
+{
+ if (strncmp(precision, "nano", strlen("nano")) == 0)
+ return PCAP_TSTAMP_PRECISION_NANO;
+
+ if (strncmp(precision, "micro", strlen("micro")) == 0)
+ return PCAP_TSTAMP_PRECISION_MICRO;
+
+ return -EINVAL;
+}
+
+static const char *
+tstamp_precision_to_string(int precision)
+{
+ switch (precision) {
+
+ case PCAP_TSTAMP_PRECISION_MICRO:
+ return "micro";
+
+ case PCAP_TSTAMP_PRECISION_NANO:
+ return "nano";
+
+ default:
+ return "unknown";
+ }
+}
+#endif
+
+int
+main(int argc, char **argv)
+{
+ register int cnt, op, i;
+ bpf_u_int32 localnet =0 , netmask = 0;
+ register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName;
+ pcap_handler callback;
+ int type;
+ int dlt;
+ int new_dlt;
+ const char *dlt_name;
+ struct bpf_program fcode;
+#ifndef WIN32
+ RETSIGTYPE (*oldhandler)(int);
+#endif
+ struct print_info printinfo;
+ struct dump_info dumpinfo;
+ u_char *pcap_userdata;
+ char ebuf[PCAP_ERRBUF_SIZE];
+ char VFileLine[PATH_MAX + 1];
+ char *username = NULL;
+ char *chroot_dir = NULL;
+ char *ret = NULL;
+ char *end;
+#ifdef HAVE_PCAP_FINDALLDEVS
+ pcap_if_t *devpointer;
+ int devnum;
+#endif
+ int status;
+ FILE *VFile;
+#ifdef HAVE_CAPSICUM
+ cap_rights_t rights;
+ int cansandbox;
+#endif /* HAVE_CAPSICUM */
+
+#ifdef WIN32
+ if(wsockinit() != 0) return 1;
+#endif /* WIN32 */
+
+ jflag=-1; /* not set */
+ gndo->ndo_Oflag=1;
+ gndo->ndo_Rflag=1;
+ gndo->ndo_dlt=-1;
+ gndo->ndo_default_print=ndo_default_print;
+ gndo->ndo_printf=tcpdump_printf;
+ gndo->ndo_error=ndo_error;
+ gndo->ndo_warning=ndo_warning;
+ gndo->ndo_snaplen = DEFAULT_SNAPLEN;
+ gndo->ndo_immediate = 0;
+
+ cnt = -1;
+ device = NULL;
+ infile = NULL;
+ RFileName = NULL;
+ VFileName = NULL;
+ VFile = NULL;
+ WFileName = NULL;
+ dlt = -1;
+ if ((cp = strrchr(argv[0], '/')) != NULL)
+ program_name = cp + 1;
+ else
+ program_name = argv[0];
+
+ /*
+ * On platforms where the CPU doesn't support unaligned loads,
+ * force unaligned accesses to abort with SIGBUS, rather than
+ * being fixed up (slowly) by the OS kernel; on those platforms,
+ * misaligned accesses are bugs, and we want tcpdump to crash so
+ * that the bugs are reported.
+ */
+ if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
+ error("%s", ebuf);
+
+#ifdef USE_LIBSMI
+ smiInit("tcpdump");
+#endif
+
+ while (
+ (op = getopt_long(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#", longopts, NULL)) != -1)
+ switch (op) {
+
+ case 'a':
+ /* compatibility for old -a */
+ break;
+
+ case 'A':
+ ++Aflag;
+ break;
+
+ case 'b':
+ ++bflag;
+ break;
+
+#if defined(HAVE_PCAP_CREATE) || defined(WIN32)
+ case 'B':
+ Bflag = atoi(optarg)*1024;
+ if (Bflag <= 0)
+ error("invalid packet buffer size %s", optarg);
+ break;
+#endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */
+
+ case 'c':
+ cnt = atoi(optarg);
+ if (cnt <= 0)
+ error("invalid packet count %s", optarg);
+ break;
+
+ case 'C':
+ Cflag = atoi(optarg) * 1000000;
+ if (Cflag < 0)
+ error("invalid file size %s", optarg);
+ break;
+
+ case 'd':
+ ++dflag;
+ break;
+
+ case 'D':
+ Dflag++;
+ break;
+
+ case 'L':
+ Lflag++;
+ break;
+
+ case 'e':
+ ++eflag;
+ break;
+
+ case 'E':
+#ifndef HAVE_LIBCRYPTO
+ warning("crypto code not compiled in");
+#endif
+ gndo->ndo_espsecret = optarg;
+ break;
+
+ case 'f':
+ ++fflag;
+ break;
+
+ case 'F':
+ infile = optarg;
+ break;
+
+ case 'G':
+ Gflag = atoi(optarg);
+ if (Gflag < 0)
+ error("invalid number of seconds %s", optarg);
+
+ /* We will create one file initially. */
+ Gflag_count = 0;
+
+ /* Grab the current time for rotation use. */
+ if ((Gflag_time = time(NULL)) == (time_t)-1) {
+ error("main: can't get current time: %s",
+ pcap_strerror(errno));
+ }
+ break;
+
+ case 'h':
+ print_usage();
+ exit(0);
+ break;
+
+ case 'H':
+ ++Hflag;
+ break;
+
+ case 'i':
+ if (optarg[0] == '0' && optarg[1] == 0)
+ error("Invalid adapter index");
+
+#ifdef HAVE_PCAP_FINDALLDEVS
+ /*
+ * If the argument is a number, treat it as
+ * an index into the list of adapters, as
+ * printed by "tcpdump -D".
+ *
+ * This should be OK on UNIX systems, as interfaces
+ * shouldn't have names that begin with digits.
+ * It can be useful on Windows, where more than
+ * one interface can have the same name.
+ */
+ devnum = strtol(optarg, &end, 10);
+ if (optarg != end && *end == '\0') {
+ if (devnum < 0)
+ error("Invalid adapter index");
+
+ if (pcap_findalldevs(&devpointer, ebuf) < 0)
+ error("%s", ebuf);
+ else {
+ /*
+ * Look for the devnum-th entry
+ * in the list of devices
+ * (1-based).
+ */
+ for (i = 0;
+ i < devnum-1 && devpointer != NULL;
+ i++, devpointer = devpointer->next)
+ ;
+ if (devpointer == NULL)
+ error("Invalid adapter index");
+ }
+ device = devpointer->name;
+ break;
+ }
+#endif /* HAVE_PCAP_FINDALLDEVS */
+ device = optarg;
+ break;
+
+#ifdef HAVE_PCAP_CREATE
+ case 'I':
+ ++Iflag;
+ break;
+#endif /* HAVE_PCAP_CREATE */
+
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+ case 'j':
+ jflag = pcap_tstamp_type_name_to_val(optarg);
+ if (jflag < 0)
+ error("invalid time stamp type %s", optarg);
+ break;
+
+ case 'J':
+ Jflag++;
+ break;
+#endif
+
+ case 'l':
+#ifdef WIN32
+ /*
+ * _IOLBF is the same as _IOFBF in Microsoft's C
+ * libraries; the only alternative they offer
+ * is _IONBF.
+ *
+ * XXX - this should really be checking for MSVC++,
+ * not WIN32, if, for example, MinGW has its own
+ * C library that is more UNIX-compatible.
+ */
+ setvbuf(stdout, NULL, _IONBF, 0);
+#else /* WIN32 */
+#ifdef HAVE_SETLINEBUF
+ setlinebuf(stdout);
+#else
+ setvbuf(stdout, NULL, _IOLBF, 0);
+#endif
+#endif /* WIN32 */
+ break;
+
+ case 'K':
+ ++Kflag;
+ break;
+
+ case 'm':
+#ifdef USE_LIBSMI
+ if (smiLoadModule(optarg) == 0) {
+ error("could not load MIB module %s", optarg);
+ }
+ sflag = 1;
+#else
+ (void)fprintf(stderr, "%s: ignoring option `-m %s' ",
+ program_name, optarg);
+ (void)fprintf(stderr, "(no libsmi support)\n");
+#endif
+ break;
+
+ case 'M':
+ /* TCP-MD5 shared secret */
+#ifndef HAVE_LIBCRYPTO
+ warning("crypto code not compiled in");
+#endif
+ sigsecret = optarg;
+ break;
+
+ case 'n':
+ ++nflag;
+ break;
+
+ case 'N':
+ ++Nflag;
+ break;
+
+ case 'O':
+ Oflag = 0;
+ break;
+
+ case 'p':
+ ++pflag;
+ break;
+
+ case 'q':
+ ++qflag;
+ ++suppress_default_print;
+ break;
+
+#ifdef HAVE_PCAP_SETDIRECTION
+ case 'Q':
+ if (strcasecmp(optarg, "in") == 0)
+ Qflag = PCAP_D_IN;
+ else if (strcasecmp(optarg, "out") == 0)
+ Qflag = PCAP_D_OUT;
+ else if (strcasecmp(optarg, "inout") == 0)
+ Qflag = PCAP_D_INOUT;
+ else
+ error("unknown capture direction `%s'", optarg);
+ break;
+#endif /* HAVE_PCAP_SETDIRECTION */
+
+ case 'r':
+ RFileName = optarg;
+ break;
projects / tcpdump / blobdiff