Address Michael's comments.

[tcpdump] / tcpdump.c
diff --git a/tcpdump.c b/tcpdump.c

index 9c418f38a2085664304c95d3e3d03a5dd991e0d9..59aae52764ac6750def856e052e381c041d6199f 100644 (file)
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -74,6 +74,10 @@ extern int SIZE_BUF;
  #include <errno.h>
  #endif /* WIN32 */
  
  #include <errno.h>
  #endif /* WIN32 */
  
+/* capabilities convinience library */
+#ifdef HAVE_CAP_NG_H
+#include <cap-ng.h>
+#endif /* HAVE_CAP_NG_H */
  
  #include "netdissect.h"
  #include "interface.h"
  
  #include "netdissect.h"
  #include "interface.h"
@@ -87,12 +91,21 @@ extern int SIZE_BUF;
  #define NAME_MAX 255
  #endif
  
  #define NAME_MAX 255
  #endif
  
+#ifdef SIGINFO
+#define SIGNAL_REQ_INFO SIGINFO
+#elif SIGUSR1
+#define SIGNAL_REQ_INFO SIGUSR1
+#endif
+
  netdissect_options Gndo;
  netdissect_options *gndo = &Gndo;
  
  netdissect_options Gndo;
  netdissect_options *gndo = &Gndo;
  
-int dflag;                     /* print filter code */
-int Lflag;                     /* list available data link types and exit */
-char *zflag = NULL;            /* compress each savefile using a specified command (like gzip or bzip2) */
+static int dflag;                      /* print filter code */
+static int Lflag;                      /* list available data link types and exit */
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+static int Jflag;                      /* list available time stamp types */
+#endif
+static char *zflag = NULL;             /* compress each savefile using a specified command (like gzip or bzip2) */
  
  static int infodelay;
  static int infoprint;
  
  static int infodelay;
  static int infoprint;
@@ -105,17 +118,18 @@ int32_t thiszone;         /* seconds offset from gmt to local time */
  static RETSIGTYPE cleanup(int);
  static RETSIGTYPE child_cleanup(int);
  static void usage(void) __attribute__((noreturn));
  static RETSIGTYPE cleanup(int);
  static RETSIGTYPE child_cleanup(int);
  static void usage(void) __attribute__((noreturn));
-static void show_dlts_and_exit(pcap_t *pd) __attribute__((noreturn));
+static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn));
  
  static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
  static void ndo_default_print(netdissect_options *, const u_char *, u_int);
  static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
  static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
  static void droproot(const char *, const char *);
  
  static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
  static void ndo_default_print(netdissect_options *, const u_char *, u_int);
  static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
  static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
  static void droproot(const char *, const char *);
-static void ndo_error(netdissect_options *ndo, const char *fmt, ...);
+static void ndo_error(netdissect_options *ndo, const char *fmt, ...)
+     __attribute__ ((noreturn, format (printf, 2, 3)));
  static void ndo_warning(netdissect_options *ndo, const char *fmt, ...);
  
  static void ndo_warning(netdissect_options *ndo, const char *fmt, ...);
  
-#ifdef SIGINFO
+#ifdef SIGNAL_REQ_INFO
  RETSIGTYPE requestinfo(int);
  #endif
  
  RETSIGTYPE requestinfo(int);
  #endif
  
@@ -130,19 +144,23 @@ RETSIGTYPE requestinfo(int);
  static void info(int);
  static u_int packets_captured;
  
  static void info(int);
  static u_int packets_captured;
  
-typedef u_int (*if_printer)(const struct pcap_pkthdr *, const u_char *);
-
  struct printer {
  struct printer {
-       if_printer f;
+        if_printer f;
         int type;
  };
  
         int type;
  };
  
+
+struct ndo_printer {
+        if_ndo_printer f;
+       int type;
+};
+
+
  static struct printer printers[] = {
         { arcnet_if_print,      DLT_ARCNET },
  #ifdef DLT_ARCNET_LINUX
         { arcnet_linux_if_print, DLT_ARCNET_LINUX },
  #endif
  static struct printer printers[] = {
         { arcnet_if_print,      DLT_ARCNET },
  #ifdef DLT_ARCNET_LINUX
         { arcnet_linux_if_print, DLT_ARCNET_LINUX },
  #endif
-       { ether_if_print,       DLT_EN10MB },
         { token_if_print,       DLT_IEEE802 },
  #ifdef DLT_LANE8023
         { lane_if_print,        DLT_LANE8023 },
         { token_if_print,       DLT_IEEE802 },
  #ifdef DLT_LANE8023
         { lane_if_print,        DLT_LANE8023 },
@@ -151,7 +169,7 @@ static struct printer printers[] = {
         { cip_if_print,         DLT_CIP },
  #endif
  #ifdef DLT_ATM_CLIP
         { cip_if_print,         DLT_CIP },
  #endif
  #ifdef DLT_ATM_CLIP
-       { cip_if_print,         DLT_ATM_CLIP },
+       { cip_if_print,         DLT_ATM_CLIP },
  #endif
         { sl_if_print,          DLT_SLIP },
  #ifdef DLT_SLIP_BSDOS
  #endif
         { sl_if_print,          DLT_SLIP },
  #ifdef DLT_SLIP_BSDOS
@@ -178,7 +196,7 @@ static struct printer printers[] = {
         { chdlc_if_print,       DLT_HDLC },
  #endif
  #ifdef DLT_PPP_SERIAL
         { chdlc_if_print,       DLT_HDLC },
  #endif
  #ifdef DLT_PPP_SERIAL
-       { ppp_hdlc_if_print,    DLT_PPP_SERIAL },
+       { ppp_hdlc_if_print,    DLT_PPP_SERIAL },
  #endif
  #ifdef DLT_PPP_ETHER
         { pppoe_if_print,       DLT_PPP_ETHER },
  #endif
  #ifdef DLT_PPP_ETHER
         { pppoe_if_print,       DLT_PPP_ETHER },
@@ -193,7 +211,7 @@ static struct printer printers[] = {
         { ltalk_if_print,       DLT_LTALK },
  #endif
  #if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H)
         { ltalk_if_print,       DLT_LTALK },
  #endif
  #if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H)
-       { pflog_if_print,       DLT_PFLOG },
+       { pflog_if_print,       DLT_PFLOG },
  #endif
  #ifdef DLT_FR
         { fr_if_print,          DLT_FR },
  #endif
  #ifdef DLT_FR
         { fr_if_print,          DLT_FR },
@@ -214,10 +232,10 @@ static struct printer printers[] = {
         { ieee802_11_radio_if_print,    DLT_IEEE802_11_RADIO },
  #endif
  #ifdef DLT_ENC
         { ieee802_11_radio_if_print,    DLT_IEEE802_11_RADIO },
  #endif
  #ifdef DLT_ENC
-       { enc_if_print,         DLT_ENC },
+       { enc_if_print,         DLT_ENC },
  #endif
  #ifdef DLT_SYMANTEC_FIREWALL
  #endif
  #ifdef DLT_SYMANTEC_FIREWALL
-       { symantec_if_print,    DLT_SYMANTEC_FIREWALL },
+       { symantec_if_print,    DLT_SYMANTEC_FIREWALL },
  #endif
  #ifdef DLT_APPLE_IP_OVER_IEEE1394
         { ap1394_if_print,      DLT_APPLE_IP_OVER_IEEE1394 },
  #endif
  #ifdef DLT_APPLE_IP_OVER_IEEE1394
         { ap1394_if_print,      DLT_APPLE_IP_OVER_IEEE1394 },
@@ -259,33 +277,64 @@ static struct printer printers[] = {
         { juniper_services_print, DLT_JUNIPER_SERVICES },
  #endif
  #ifdef DLT_JUNIPER_ETHER
         { juniper_services_print, DLT_JUNIPER_SERVICES },
  #endif
  #ifdef DLT_JUNIPER_ETHER
-       { juniper_ether_print, DLT_JUNIPER_ETHER },
+       { juniper_ether_print,  DLT_JUNIPER_ETHER },
  #endif
  #ifdef DLT_JUNIPER_PPP
  #endif
  #ifdef DLT_JUNIPER_PPP
-       { juniper_ppp_print, DLT_JUNIPER_PPP },
+       { juniper_ppp_print,    DLT_JUNIPER_PPP },
  #endif
  #ifdef DLT_JUNIPER_FRELAY
  #endif
  #ifdef DLT_JUNIPER_FRELAY
-       { juniper_frelay_print, DLT_JUNIPER_FRELAY },
+       { juniper_frelay_print, DLT_JUNIPER_FRELAY },
  #endif
  #ifdef DLT_JUNIPER_CHDLC
  #endif
  #ifdef DLT_JUNIPER_CHDLC
-       { juniper_chdlc_print, DLT_JUNIPER_CHDLC },
+       { juniper_chdlc_print,  DLT_JUNIPER_CHDLC },
  #endif
  #ifdef DLT_MFR
  #endif
  #ifdef DLT_MFR
-       { mfr_if_print, DLT_MFR },
+       { mfr_if_print,         DLT_MFR },
  #endif
  #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H)
  #endif
  #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H)
-       { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
+       { bt_if_print,          DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
+#endif
+#ifdef HAVE_PCAP_USB_H
+#ifdef DLT_USB_LINUX
+       { usb_linux_48_byte_print, DLT_USB_LINUX},
+#endif /* DLT_USB_LINUX */
+#ifdef DLT_USB_LINUX_MMAPPED
+       { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED},
+#endif /* DLT_USB_LINUX_MMAPPED */
+#endif /* HAVE_PCAP_USB_H */
+#ifdef DLT_IPV4
+       { raw_if_print,         DLT_IPV4 },
+#endif
+#ifdef DLT_IPV6
+       { raw_if_print,         DLT_IPV6 },
+#endif
+       { NULL,                 0 },
+};
+
+static struct ndo_printer ndo_printers[] = {
+       { ether_if_print,       DLT_EN10MB },
+#ifdef DLT_IPNET
+       { ipnet_if_print,       DLT_IPNET },
  #endif
  #endif
-#if defined(HAVE_PCAP_USB_H) && defined(DLT_USB_LINUX)
-       { usb_linux_print, DLT_USB_LINUX},
+#ifdef DLT_IEEE802_15_4
+       { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
  #endif
  #endif
-#if defined(HAVE_PCAP_USB_H) && defined(DLT_USB_LINUX_MMAPPED)
-       { usb_linux_print, DLT_USB_LINUX_MMAPPED},
+#ifdef DLT_IEEE802_15_4_NOFCS
+       { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
+#endif
+#ifdef DLT_PPI
+       { ppi_if_print,         DLT_PPI },
+#endif
+#ifdef DLT_NETANALYZER
+       { netanalyzer_if_print, DLT_NETANALYZER },
+#endif
+#ifdef DLT_NETANALYZER_TRANSPARENT
+       { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
  #endif
         { NULL,                 0 },
  };
  
  #endif
         { NULL,                 0 },
  };
  
-static if_printer
+if_printer
  lookup_printer(int type)
  {
         struct printer *p;
  lookup_printer(int type)
  {
         struct printer *p;
@@ -298,14 +347,34 @@ lookup_printer(int type)
         /* NOTREACHED */
  }
  
         /* NOTREACHED */
  }
  
+if_ndo_printer
+lookup_ndo_printer(int type)
+{
+       struct ndo_printer *p;
+
+       for (p = ndo_printers; p->f; ++p)
+               if (type == p->type)
+                       return p->f;
+
+       return NULL;
+       /* NOTREACHED */
+}
+
  static pcap_t *pd;
  
  static pcap_t *pd;
  
+static int supports_monitor_mode;
+
  extern int optind;
  extern int opterr;
  extern char *optarg;
  
  struct print_info {
  extern int optind;
  extern int opterr;
  extern char *optarg;
  
  struct print_info {
-       if_printer printer;
+        netdissect_options *ndo;
+        union {
+                if_printer     printer;
+                if_ndo_printer ndo_printer;
+        } p;
+        int ndo_type;
  };
  
  struct dump_info {
  };
  
  struct dump_info {
@@ -315,8 +384,42 @@ struct dump_info {
         pcap_dumper_t *p;
  };
  
         pcap_dumper_t *p;
  };
  
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+static void
+show_tstamp_types_and_exit(const char *device, pcap_t *pd)
+{
+       int n_tstamp_types;
+       int *tstamp_types = 0;
+       const char *tstamp_type_name;
+       int i;
+
+       n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types);
+       if (n_tstamp_types < 0)
+               error("%s", pcap_geterr(pd));
+
+       if (n_tstamp_types == 0) {
+               fprintf(stderr, "Time stamp type cannot be set for %s\n",
+                   device);
+               exit(0);
+       }
+       fprintf(stderr, "Time stamp types for %s (use option -j to set):\n",
+           device);
+       for (i = 0; i < n_tstamp_types; i++) {
+               tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]);
+               if (tstamp_type_name != NULL) {
+                       (void) fprintf(stderr, "  %s (%s)\n", tstamp_type_name,
+                           pcap_tstamp_type_val_to_description(tstamp_types[i]));
+               } else {
+                       (void) fprintf(stderr, "  %d\n", tstamp_types[i]);
+               }
+       }
+       pcap_free_tstamp_types(tstamp_types);
+       exit(0);
+}
+#endif
+
  static void
  static void
-show_dlts_and_exit(pcap_t *pd)
+show_dlts_and_exit(const char *device, pcap_t *pd)
  {
         int n_dlts;
         int *dlts = 0;
  {
         int n_dlts;
         int *dlts = 0;
@@ -328,7 +431,21 @@ show_dlts_and_exit(pcap_t *pd)
         else if (n_dlts == 0 || !dlts)
                 error("No data link types.");
  
         else if (n_dlts == 0 || !dlts)
                 error("No data link types.");
  
-       (void) fprintf(stderr, "Data link types (use option -y to set):\n");
+       /*
+        * If the interface is known to support monitor mode, indicate
+        * whether these are the data link types available when not in
+        * monitor mode, if -I wasn't specified, or when in monitor mode,
+        * when -I was specified (the link-layer types available in
+        * monitor mode might be different from the ones available when
+        * not in monitor mode).
+        */
+       if (supports_monitor_mode)
+               (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n",
+                   device,
+                   Iflag ? "when in monitor mode" : "when not in monitor mode");
+       else
+               (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n",
+                   device);
  
         while (--n_dlts >= 0) {
                 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]);
  
         while (--n_dlts >= 0) {
                 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]);
@@ -339,15 +456,18 @@ show_dlts_and_exit(pcap_t *pd)
                         /*
                          * OK, does tcpdump handle that type?
                          */
                         /*
                          * OK, does tcpdump handle that type?
                          */
-                       if (lookup_printer(dlts[n_dlts]) == NULL)
+                       if (lookup_printer(dlts[n_dlts]) == NULL
+                            && lookup_ndo_printer(dlts[n_dlts]) == NULL)
                                 (void) fprintf(stderr, " (printing not supported)");
                                 (void) fprintf(stderr, " (printing not supported)");
-                       putchar('\n');
+                       fprintf(stderr, "\n");
                 } else {
                         (void) fprintf(stderr, "  DLT %d (printing not supported)\n",
                             dlts[n_dlts]);
                 }
         }
                 } else {
                         (void) fprintf(stderr, "  DLT %d (printing not supported)\n",
                             dlts[n_dlts]);
                 }
         }
-       free(dlts);
+#ifdef HAVE_PCAP_FREE_DATALINKS
+       pcap_free_datalinks(dlts);
+#endif
         exit(0);
  }
  
         exit(0);
  }
  
@@ -369,6 +489,16 @@ show_dlts_and_exit(pcap_t *pd)
  #define I_FLAG
  #endif /* HAVE_PCAP_CREATE */
  
  #define I_FLAG
  #endif /* HAVE_PCAP_CREATE */
  
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+#define j_FLAG         "j:"
+#define j_FLAG_USAGE   " [ -j tstamptype ]"
+#define J_FLAG         "J"
+#else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
+#define j_FLAG
+#define j_FLAG_USAGE
+#define J_FLAG
+#endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
+
  #ifdef HAVE_PCAP_FINDALLDEVS
  #ifndef HAVE_PCAP_IF_T
  #undef HAVE_PCAP_FINDALLDEVS
  #ifdef HAVE_PCAP_FINDALLDEVS
  #ifndef HAVE_PCAP_IF_T
  #undef HAVE_PCAP_FINDALLDEVS
@@ -408,6 +538,19 @@ droproot(const char *username, const char *chroot_dir)
                                 exit(1);
                         }
                 }
                                 exit(1);
                         }
                 }
+#ifdef HAVE_CAP_NG_H
+               int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
+               if (ret < 0) {
+                       printf("error : ret %d\n", ret);
+               }
+               /* We don't need CAP_SETUID and CAP_SETGID */
+               capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID);
+               capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID);
+               capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID);
+               capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID);
+               capng_apply(CAPNG_SELECT_BOTH);
+
+#else
                 if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
                     setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
                         fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
                 if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
                     setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
                         fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
@@ -417,6 +560,7 @@ droproot(const char *username, const char *chroot_dir)
                             pcap_strerror(errno));
                         exit(1);
                 }
                             pcap_strerror(errno));
                         exit(1);
                 }
+#endif /* HAVE_CAP_NG_H */
         }
         else {
                 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n",
         }
         else {
                 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n",
@@ -486,14 +630,51 @@ static int tcpdump_printf(netdissect_options *ndo _U_,
    return ret;
  }
  
    return ret;
  }
  
+struct print_info get_print_info(int type) {
+       struct print_info printinfo;
+
+       printinfo.ndo_type = 1;
+       printinfo.ndo = gndo;
+       printinfo.p.ndo_printer = lookup_ndo_printer(type);
+       if (printinfo.p.ndo_printer == NULL) {
+               printinfo.p.printer = lookup_printer(type);
+               printinfo.ndo_type = 0;
+               if (printinfo.p.printer == NULL) {
+                       gndo->ndo_dltname = pcap_datalink_val_to_name(type);
+                       if (gndo->ndo_dltname != NULL)
+                               error("packet printing is not supported for link type %s: use -w",
+                                     gndo->ndo_dltname);
+                       else
+                               error("packet printing is not supported for link type %d: use -w", type);
+               }
+       }
+       return (printinfo);
+}
+
+char *get_next_file(FILE *VFile, char *ptr) {
+       char *ret;
+
+       ret = fgets(ptr, NAME_MAX, VFile);
+       if (!ret)
+               return NULL;
+
+       if (ptr[strlen(ptr) - 1] == '\n')
+               ptr[strlen(ptr) - 1] = '\0';
+
+       return ret;
+}
+
  int
  main(int argc, char **argv)
  {
         register int cnt, op, i;
         bpf_u_int32 localnet, netmask;
  int
  main(int argc, char **argv)
  {
         register int cnt, op, i;
         bpf_u_int32 localnet, netmask;
-       register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName;
+       register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName;
         pcap_handler callback;
         int type;
         pcap_handler callback;
         int type;
+       int dlt;
+       int new_dlt;
+       const char *dlt_name;
         struct bpf_program fcode;
  #ifndef WIN32
         RETSIGTYPE (*oldhandler)(int);
         struct bpf_program fcode;
  #ifndef WIN32
         RETSIGTYPE (*oldhandler)(int);
@@ -502,17 +683,21 @@ main(int argc, char **argv)
         struct dump_info dumpinfo;
         u_char *pcap_userdata;
         char ebuf[PCAP_ERRBUF_SIZE];
         struct dump_info dumpinfo;
         u_char *pcap_userdata;
         char ebuf[PCAP_ERRBUF_SIZE];
+       char VFileLine[NAME_MAX + 1];
         char *username = NULL;
         char *chroot_dir = NULL;
         char *username = NULL;
         char *chroot_dir = NULL;
+       char *ret = NULL;
  #ifdef HAVE_PCAP_FINDALLDEVS
         pcap_if_t *devpointer;
         int devnum;
  #endif
         int status;
  #ifdef HAVE_PCAP_FINDALLDEVS
         pcap_if_t *devpointer;
         int devnum;
  #endif
         int status;
+       FILE *VFile;
  #ifdef WIN32
         if(wsockinit() != 0) return 1;
  #endif /* WIN32 */
  
  #ifdef WIN32
         if(wsockinit() != 0) return 1;
  #endif /* WIN32 */
  
+       jflag=-1;       /* not set */
          gndo->ndo_Oflag=1;
         gndo->ndo_Rflag=1;
         gndo->ndo_dlt=-1;
          gndo->ndo_Oflag=1;
         gndo->ndo_Rflag=1;
         gndo->ndo_dlt=-1;
@@ -526,6 +711,7 @@ main(int argc, char **argv)
         device = NULL;
         infile = NULL;
         RFileName = NULL;
         device = NULL;
         infile = NULL;
         RFileName = NULL;
+       VFileName = NULL;
         WFileName = NULL;
         if ((cp = strrchr(argv[0], '/')) != NULL)
                 program_name = cp + 1;
         WFileName = NULL;
         if ((cp = strrchr(argv[0], '/')) != NULL)
                 program_name = cp + 1;
@@ -539,9 +725,8 @@ main(int argc, char **argv)
         smiInit("tcpdump");
  #endif
  
         smiInit("tcpdump");
  #endif
  
-       opterr = 0;
         while (
         while (
-           (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1)
+           (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "V:vw:W:xXy:Yz:Z:")) != -1)
                 switch (op) {
  
                 case 'a':
                 switch (op) {
  
                 case 'a':
@@ -551,6 +736,7 @@ main(int argc, char **argv)
                 case 'A':
                         ++Aflag;
                         break;
                 case 'A':
                         ++Aflag;
                         break;
+
                 case 'b':
                         ++bflag;
                         break;
                 case 'b':
                         ++bflag;
                         break;
@@ -633,6 +819,14 @@ main(int argc, char **argv)
                         }
                         break;
  
                         }
                         break;
  
+               case 'h':
+                       usage();
+                       break;
+
+               case 'H':
+                       ++Hflag;
+                       break;
+
                 case 'i':
                         if (optarg[0] == '0' && optarg[1] == 0)
                                 error("Invalid adapter index");
                 case 'i':
                         if (optarg[0] == '0' && optarg[1] == 0)
                                 error("Invalid adapter index");
@@ -655,11 +849,17 @@ main(int argc, char **argv)
                                 if (pcap_findalldevs(&devpointer, ebuf) < 0)
                                         error("%s", ebuf);
                                 else {
                                 if (pcap_findalldevs(&devpointer, ebuf) < 0)
                                         error("%s", ebuf);
                                 else {
-                                       for (i = 0; i < devnum-1; i++){
-                                               devpointer = devpointer->next;
-                                               if (devpointer == NULL)
-                                                       error("Invalid adapter index");
-                                       }
+                                       /*
+                                        * Look for the devnum-th entry
+                                        * in the list of devices
+                                        * (1-based).
+                                        */
+                                       for (i = 0;
+                                           i < devnum-1 && devpointer != NULL;
+                                           i++, devpointer = devpointer->next)
+                                               ;
+                                       if (devpointer == NULL)
+                                               error("Invalid adapter index");
                                 }
                                 device = devpointer->name;
                                 break;
                                 }
                                 device = devpointer->name;
                                 break;
@@ -674,6 +874,18 @@ main(int argc, char **argv)
                         break;
  #endif /* HAVE_PCAP_CREATE */
  
                         break;
  #endif /* HAVE_PCAP_CREATE */
  
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+               case 'j':
+                       jflag = pcap_tstamp_type_name_to_val(optarg);
+                       if (jflag < 0)
+                               error("invalid time stamp type %s", optarg);
+                       break;
+
+               case 'J':
+                       Jflag++;
+                       break;
+#endif
+
                 case 'l':
  #ifdef WIN32
                         /*
                 case 'l':
  #ifdef WIN32
                         /*
@@ -788,6 +1000,10 @@ main(int argc, char **argv)
                                 packettype = PT_TFTP;
                         else if (strcasecmp(optarg, "aodv") == 0)
                                 packettype = PT_AODV;
                                 packettype = PT_TFTP;
                         else if (strcasecmp(optarg, "aodv") == 0)
                                 packettype = PT_AODV;
+                       else if (strcasecmp(optarg, "carp") == 0)
+                               packettype = PT_CARP;
+                       else if (strcasecmp(optarg, "radius") == 0)
+                               packettype = PT_RADIUS;
                         else
                                 error("unknown packet type `%s'", optarg);
                         break;
                         else
                                 error("unknown packet type `%s'", optarg);
                         break;
@@ -806,6 +1022,10 @@ main(int argc, char **argv)
                         ++vflag;
                         break;
  
                         ++vflag;
                         break;
  
+               case 'V':
+                       VFileName = optarg;
+                       break;
+
                 case 'w':
                         WFileName = optarg;
                         break;
                 case 'w':
                         WFileName = optarg;
                         break;
@@ -891,6 +1111,12 @@ main(int argc, char **argv)
                 break;
         }
  
                 break;
         }
  
+       if (fflag != 0 && (VFileName != NULL || RFileName != NULL))
+               error("-f can not be used with -V or -r");
+
+       if (VFileName != NULL && RFileName != NULL)
+               error("-V and -r are mutually exclusive.");
+
  #ifdef WITH_CHROOT
         /* if run as root, prepare for chrooting */
         if (getuid() == 0 || geteuid() == 0) {
  #ifdef WITH_CHROOT
         /* if run as root, prepare for chrooting */
         if (getuid() == 0 || geteuid() == 0) {
@@ -909,10 +1135,7 @@ main(int argc, char **argv)
         }
  #endif
  
         }
  #endif
  
-       if (RFileName != NULL) {
-               int dlt;
-               const char *dlt_name;
-
+       if (RFileName != NULL || VFileName != NULL) {
  #ifndef WIN32
                 /*
                  * We don't need network access, so relinquish any set-UID
  #ifndef WIN32
                 /*
                  * We don't need network access, so relinquish any set-UID
@@ -926,6 +1149,21 @@ main(int argc, char **argv)
                 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 )
                         fprintf(stderr, "Warning: setgid/setuid failed !\n");
  #endif /* WIN32 */
                 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 )
                         fprintf(stderr, "Warning: setgid/setuid failed !\n");
  #endif /* WIN32 */
+               if (VFileName != NULL) {
+                       if (VFileName[0] == '-' && VFileName[1] == '\0')
+                               VFile = stdin;
+                       else
+                               VFile = fopen(VFileName, "r");
+
+                       if (VFile == NULL)
+                               error("Unable to open file: %s\n", strerror(errno));
+
+                       ret = get_next_file(VFile, VFileLine);
+                       if (!ret)
+                               error("Nothing in %s\n", VFileName);
+                       RFileName = VFileLine;
+               }
+
                 pd = pcap_open_offline(RFileName, ebuf);
                 if (pd == NULL)
                         error("%s", ebuf);
                 pd = pcap_open_offline(RFileName, ebuf);
                 if (pd == NULL)
                         error("%s", ebuf);
@@ -942,8 +1180,6 @@ main(int argc, char **argv)
                 }
                 localnet = 0;
                 netmask = 0;
                 }
                 localnet = 0;
                 netmask = 0;
-               if (fflag != 0)
-                       error("-f and -r options are incompatible");
         } else {
                 if (device == NULL) {
                         device = pcap_lookupdev(ebuf);
         } else {
                 if (device == NULL) {
                         device = pcap_lookupdev(ebuf);
@@ -966,18 +1202,29 @@ main(int argc, char **argv)
                 pd = pcap_create(device, ebuf);
                 if (pd == NULL)
                         error("%s", ebuf);
                 pd = pcap_create(device, ebuf);
                 if (pd == NULL)
                         error("%s", ebuf);
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+               if (Jflag)
+                       show_tstamp_types_and_exit(device, pd);
+#endif
+               /*
+                * Is this an interface that supports monitor mode?
+                */
+               if (pcap_can_set_rfmon(pd) == 1)
+                       supports_monitor_mode = 1;
+               else
+                       supports_monitor_mode = 0;
                 status = pcap_set_snaplen(pd, snaplen);
                 if (status != 0)
                 status = pcap_set_snaplen(pd, snaplen);
                 if (status != 0)
-                       error("%s: pcap_set_snaplen failed: %s",
+                       error("%s: Can't set snapshot length: %s",
                             device, pcap_statustostr(status));
                 status = pcap_set_promisc(pd, !pflag);
                 if (status != 0)
                             device, pcap_statustostr(status));
                 status = pcap_set_promisc(pd, !pflag);
                 if (status != 0)
-                       error("%s: pcap_set_promisc failed: %s",
+                       error("%s: Can't set promiscuous mode: %s",
                             device, pcap_statustostr(status));
                 if (Iflag) {
                         status = pcap_set_rfmon(pd, 1);
                         if (status != 0)
                             device, pcap_statustostr(status));
                 if (Iflag) {
                         status = pcap_set_rfmon(pd, 1);
                         if (status != 0)
-                               error("%s: pcap_set_rfmon failed: %s",
+                               error("%s: Can't set monitor mode: %s",
                                     device, pcap_statustostr(status));
                 }
                 status = pcap_set_timeout(pd, 1000);
                                     device, pcap_statustostr(status));
                 }
                 status = pcap_set_timeout(pd, 1000);
@@ -987,9 +1234,17 @@ main(int argc, char **argv)
                 if (Bflag != 0) {
                         status = pcap_set_buffer_size(pd, Bflag);
                         if (status != 0)
                 if (Bflag != 0) {
                         status = pcap_set_buffer_size(pd, Bflag);
                         if (status != 0)
-                               error("%s: pcap_set_buffer_size failed: %s",
+                               error("%s: Can't set buffer size: %s",
                                     device, pcap_statustostr(status));
                 }
                                     device, pcap_statustostr(status));
                 }
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+                if (jflag != -1) {
+                       status = pcap_set_tstamp_type(pd, jflag);
+                       if (status < 0)
+                               error("%s: Can't set time stamp type: %s",
+                                   device, pcap_statustostr(status));
+               }
+#endif
                 status = pcap_activate(pd);
                 if (status < 0) {
                         /*
                 status = pcap_activate(pd);
                 if (status < 0) {
                         /*
@@ -1044,7 +1299,7 @@ main(int argc, char **argv)
                         }
  #endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */
                 if (Lflag)
                         }
  #endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */
                 if (Lflag)
-                       show_dlts_and_exit(pd);
+                       show_dlts_and_exit(device, pd);
                 if (gndo->ndo_dlt >= 0) {
  #ifdef HAVE_PCAP_SET_DATALINK
                         if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0)
                 if (gndo->ndo_dlt >= 0) {
  #ifdef HAVE_PCAP_SET_DATALINK
                         if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0)
@@ -1082,10 +1337,10 @@ main(int argc, char **argv)
  
         if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
                 error("%s", pcap_geterr(pd));
  
         if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
                 error("%s", pcap_geterr(pd));
-       free(cmdbuf);
         if (dflag) {
                 bpf_dump(&fcode, dflag);
                 pcap_close(pd);
         if (dflag) {
                 bpf_dump(&fcode, dflag);
                 pcap_close(pd);
+               free(cmdbuf);
                 exit(0);
         }
         init_addrtoname(localnet, netmask);
                 exit(0);
         }
         init_addrtoname(localnet, netmask);
@@ -1095,14 +1350,62 @@ main(int argc, char **argv)
         (void)setsignal(SIGPIPE, cleanup);
         (void)setsignal(SIGTERM, cleanup);
         (void)setsignal(SIGINT, cleanup);
         (void)setsignal(SIGPIPE, cleanup);
         (void)setsignal(SIGTERM, cleanup);
         (void)setsignal(SIGINT, cleanup);
-       (void)setsignal(SIGCHLD, child_cleanup);
  #endif /* WIN32 */
  #endif /* WIN32 */
+#if defined(HAVE_FORK) || defined(HAVE_VFORK)
+       (void)setsignal(SIGCHLD, child_cleanup);
+#endif
         /* Cooperate with nohup(1) */
  #ifndef WIN32  
         if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
                 (void)setsignal(SIGHUP, oldhandler);
  #endif /* WIN32 */
  
         /* Cooperate with nohup(1) */
  #ifndef WIN32  
         if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
                 (void)setsignal(SIGHUP, oldhandler);
  #endif /* WIN32 */
  
+#ifndef WIN32
+       /*
+        * If a user name was specified with "-Z", attempt to switch to
+        * that user's UID.  This would probably be used with sudo,
+        * to allow tcpdump to be run in a special restricted
+        * account (if you just want to allow users to open capture
+        * devices, and can't just give users that permission,
+        * you'd make tcpdump set-UID or set-GID).
+        *
+        * Tcpdump doesn't necessarily write only to one savefile;
+        * the general only way to allow a -Z instance to write to
+        * savefiles as the user under whose UID it's run, rather
+        * than as the user specified with -Z, would thus be to switch
+        * to the original user ID before opening a capture file and
+        * then switch back to the -Z user ID after opening the savefile.
+        * Switching to the -Z user ID only after opening the first
+        * savefile doesn't handle the general case.
+        */
+
+#ifdef HAVE_CAP_NG_H
+       /* We are running as root and we will be writing to savefile */
+       if ((getuid() == 0 || geteuid() == 0) && WFileName) {
+               if (username) {
+                       /* Drop all capabilities from effective set */
+                       capng_clear(CAPNG_EFFECTIVE);
+                       /* Add capabilities we will need*/
+                       capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETUID);
+                       capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETGID);
+                       capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_DAC_OVERRIDE);
+
+                       capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETUID);
+                       capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETGID);
+                       capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
+
+                       capng_apply(CAPNG_SELECT_BOTH);
+               }
+       }
+#endif /* HAVE_CAP_NG_H */
+
+       if (getuid() == 0 || geteuid() == 0) {
+               if (username || chroot_dir)
+                       droproot(username, chroot_dir);
+
+       }
+#endif /* WIN32 */
+
         if (pcap_setfilter(pd, &fcode) < 0)
                 error("%s", pcap_geterr(pd));
         if (WFileName) {
         if (pcap_setfilter(pd, &fcode) < 0)
                 error("%s", pcap_geterr(pd));
         if (WFileName) {
@@ -1120,6 +1423,10 @@ main(int argc, char **argv)
                   MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
  
                 p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
                   MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
  
                 p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
+#ifdef HAVE_CAP_NG_H
+        /* Give up capabilities, clear Effective set */
+        capng_clear(CAPNG_EFFECTIVE);
+#endif
                 if (p == NULL)
                         error("%s", pcap_geterr(pd));
                 if (Cflag != 0 || Gflag != 0) {
                 if (p == NULL)
                         error("%s", pcap_geterr(pd));
                 if (Cflag != 0 || Gflag != 0) {
@@ -1132,37 +1439,24 @@ main(int argc, char **argv)
                         callback = dump_packet;
                         pcap_userdata = (u_char *)p;
                 }
                         callback = dump_packet;
                         pcap_userdata = (u_char *)p;
                 }
+#ifdef HAVE_PCAP_DUMP_FLUSH
+               if (Uflag)
+                       pcap_dump_flush(p);
+#endif
         } else {
                 type = pcap_datalink(pd);
         } else {
                 type = pcap_datalink(pd);
-               printinfo.printer = lookup_printer(type);
-               if (printinfo.printer == NULL) {
-                       gndo->ndo_dltname = pcap_datalink_val_to_name(type);
-                       if (gndo->ndo_dltname != NULL)
-                               error("packet printing is not supported for link type %s: use -w",
-                                     gndo->ndo_dltname);
-                       else
-                               error("packet printing is not supported for link type %d: use -w", type);
-               }
+               printinfo = get_print_info(type);
                 callback = print_packet;
                 pcap_userdata = (u_char *)&printinfo;
         }
                 callback = print_packet;
                 pcap_userdata = (u_char *)&printinfo;
         }
-#ifndef WIN32
-       /*
-        * We cannot do this earlier, because we want to be able to open
-        * the file (if done) for writing before giving up permissions.
-        */
-       if (getuid() == 0 || geteuid() == 0) {
-               if (username || chroot_dir)
-                       droproot(username, chroot_dir);
-       }
-#endif /* WIN32 */
-#ifdef SIGINFO
+
+#ifdef SIGNAL_REQ_INFO
         /*
          * We can't get statistics when reading from a file rather
          * than capturing from a device.
          */
         if (RFileName == NULL)
         /*
          * We can't get statistics when reading from a file rather
          * than capturing from a device.
          */
         if (RFileName == NULL)
-               (void)setsignal(SIGINFO, requestinfo);
+               (void)setsignal(SIGNAL_REQ_INFO, requestinfo);
  #endif
  
         if (vflag > 0 && WFileName) {
  #endif
  
         if (vflag > 0 && WFileName) {
@@ -1183,9 +1477,6 @@ main(int argc, char **argv)
  
  #ifndef WIN32
         if (RFileName == NULL) {
  
  #ifndef WIN32
         if (RFileName == NULL) {
-               int dlt;
-               const char *dlt_name;
-
                 if (!vflag && !WFileName) {
                         (void)fprintf(stderr,
                             "%s: verbose output suppressed, use -v or -vv for full protocol decode\n",
                 if (!vflag && !WFileName) {
                         (void)fprintf(stderr,
                             "%s: verbose output suppressed, use -v or -vv for full protocol decode\n",
@@ -1205,37 +1496,69 @@ main(int argc, char **argv)
                 (void)fflush(stderr);
         }
  #endif /* WIN32 */
                 (void)fflush(stderr);
         }
  #endif /* WIN32 */
-       status = pcap_loop(pd, cnt, callback, pcap_userdata);
-       if (WFileName == NULL) {
-               /*
-                * We're printing packets.  Flush the printed output,
-                * so it doesn't get intermingled with error output.
-                */
-               if (status == -2) {
+       do {
+               status = pcap_loop(pd, cnt, callback, pcap_userdata);
+               if (WFileName == NULL) {
                         /*
                         /*
-                        * We got interrupted, so perhaps we didn't
-                        * manage to finish a line we were printing.
-                        * Print an extra newline, just in case.
+                        * We're printing packets.  Flush the printed output,
+                        * so it doesn't get intermingled with error output.
                          */
                          */
-                       putchar('\n');
+                       if (status == -2) {
+                               /*
+                                * We got interrupted, so perhaps we didn't
+                                * manage to finish a line we were printing.
+                                * Print an extra newline, just in case.
+                                */
+                               putchar('\n');
+                       }
+                       (void)fflush(stdout);
+               }
+               if (status == -1) {
+                       /*
+                        * Error.  Report it.
+                        */
+                       (void)fprintf(stderr, "%s: pcap_loop: %s\n",
+                           program_name, pcap_geterr(pd));
+               }
+               if (RFileName == NULL) {
+                       /*
+                        * We're doing a live capture.  Report the capture
+                        * statistics.
+                        */
+                       info(1);
+               }
+               pcap_close(pd);
+               if (VFileName != NULL) {
+                       ret = get_next_file(VFile, VFileLine);
+                       if (ret) {
+                               RFileName = VFileLine;
+                               pd = pcap_open_offline(RFileName, ebuf);
+                               if (pd == NULL)
+                                       error("%s", ebuf);
+                               new_dlt = pcap_datalink(pd);
+                               if (WFileName && new_dlt != dlt)
+                                       error("%s: new dlt does not match original", RFileName);
+                               printinfo = get_print_info(new_dlt);
+                               dlt_name = pcap_datalink_val_to_name(new_dlt);
+                               if (dlt_name == NULL) {
+                                       fprintf(stderr, "reading from file %s, link-type %u\n",
+                                       RFileName, new_dlt);
+                               } else {
+                                       fprintf(stderr,
+                                       "reading from file %s, link-type %s (%s)\n",
+                                       RFileName, dlt_name,
+                                       pcap_datalink_val_to_description(new_dlt));
+                               }
+                               if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
+                                       error("%s", pcap_geterr(pd));
+                               if (pcap_setfilter(pd, &fcode) < 0)
+                                       error("%s", pcap_geterr(pd));
+                       }
                 }
                 }
-               (void)fflush(stdout);
-       }
-       if (status == -1) {
-               /*
-                * Error.  Report it.
-                */
-               (void)fprintf(stderr, "%s: pcap_loop: %s\n",
-                   program_name, pcap_geterr(pd));
-       }
-       if (RFileName == NULL) {
-               /*
-                * We're doing a live capture.  Report the capture
-                * statistics.
-                */
-               info(1);
         }
         }
-       pcap_close(pd);
+       while (ret != NULL);
+
+       free(cmdbuf);
         exit(status == -1 ? 1 : 0);
  }
  
         exit(status == -1 ? 1 : 0);
  }
  
@@ -1284,19 +1607,24 @@ cleanup(int signo _U_)
    On windows, we do not use a fork, so we do not care less about
    waiting a child processes to die
   */
    On windows, we do not use a fork, so we do not care less about
    waiting a child processes to die
   */
-#ifndef WIN32
+#if defined(HAVE_FORK) || defined(HAVE_VFORK)
  static RETSIGTYPE
  child_cleanup(int signo _U_)
  {
    wait(NULL);
  }
  static RETSIGTYPE
  child_cleanup(int signo _U_)
  {
    wait(NULL);
  }
-#endif /* WIN32 */
+#endif /* HAVE_FORK && HAVE_VFORK */
  
  static void
  info(register int verbose)
  {
         struct pcap_stat stat;
  
  
  static void
  info(register int verbose)
  {
         struct pcap_stat stat;
  
+       /*
+        * Older versions of libpcap didn't set ps_ifdrop on some
+        * platforms; initialize it to 0 to handle that.
+        */
+       stat.ps_ifdrop = 0;
         if (pcap_stats(pd, &stat) < 0) {
                 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd));
                 infoprint = 0;
         if (pcap_stats(pd, &stat) < 0) {
                 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd));
                 infoprint = 0;
@@ -1306,25 +1634,41 @@ info(register int verbose)
         if (!verbose)
                 fprintf(stderr, "%s: ", program_name);
  
         if (!verbose)
                 fprintf(stderr, "%s: ", program_name);
  
-       (void)fprintf(stderr, "%u packets captured", packets_captured);
+       (void)fprintf(stderr, "%u packet%s captured", packets_captured,
+           PLURAL_SUFFIX(packets_captured));
         if (!verbose)
                 fputs(", ", stderr);
         else
                 putc('\n', stderr);
         if (!verbose)
                 fputs(", ", stderr);
         else
                 putc('\n', stderr);
-       (void)fprintf(stderr, "%d packets received by filter", stat.ps_recv);
+       (void)fprintf(stderr, "%u packet%s received by filter", stat.ps_recv,
+           PLURAL_SUFFIX(stat.ps_recv));
         if (!verbose)
                 fputs(", ", stderr);
         else
                 putc('\n', stderr);
         if (!verbose)
                 fputs(", ", stderr);
         else
                 putc('\n', stderr);
-       (void)fprintf(stderr, "%d packets dropped by kernel\n", stat.ps_drop);
+       (void)fprintf(stderr, "%u packet%s dropped by kernel", stat.ps_drop,
+           PLURAL_SUFFIX(stat.ps_drop));
+       if (stat.ps_ifdrop != 0) {
+               if (!verbose)
+                       fputs(", ", stderr);
+               else
+                       putc('\n', stderr);
+               (void)fprintf(stderr, "%u packet%s dropped by interface\n",
+                   stat.ps_ifdrop, PLURAL_SUFFIX(stat.ps_ifdrop));
+       } else
+               putc('\n', stderr);
         infoprint = 0;
  }
  
         infoprint = 0;
  }
  
-#ifndef WIN32
+#if defined(HAVE_FORK) || defined(HAVE_VFORK)
  static void
  compress_savefile(const char *filename)
  {
  static void
  compress_savefile(const char *filename)
  {
+# ifdef HAVE_FORK
         if (fork())
         if (fork())
+# else
+       if (vfork())
+# endif
                 return;
         /*
          * Set to lowest priority so that this doesn't disturb the capture
                 return;
         /*
          * Set to lowest priority so that this doesn't disturb the capture
@@ -1334,21 +1678,26 @@ compress_savefile(const char *filename)
  #else
         setpriority(PRIO_PROCESS, 0, 19);
  #endif
  #else
         setpriority(PRIO_PROCESS, 0, 19);
  #endif
-       if (execlp(zflag, zflag, filename, NULL) == -1)
+       if (execlp(zflag, zflag, filename, (char *)NULL) == -1)
                 fprintf(stderr,
                         "compress_savefile:execlp(%s, %s): %s\n",
                         zflag,
                         filename,
                         strerror(errno));
                 fprintf(stderr,
                         "compress_savefile:execlp(%s, %s): %s\n",
                         zflag,
                         filename,
                         strerror(errno));
+# ifdef HAVE_FORK
+       exit(1);
+# else
+       _exit(1);
+# endif
  }
  }
-#else  /* WIN32 */
+#else  /* HAVE_FORK && HAVE_VFORK */
  static void
  compress_savefile(const char *filename)
  {
         fprintf(stderr,
  static void
  compress_savefile(const char *filename)
  {
         fprintf(stderr,
-               "compress_savefile failed. Functionality not implemented under windows\n");
+               "compress_savefile failed. Functionality not implemented under your system\n");
  }
  }
-#endif /* WIN32 */
+#endif /* HAVE_FORK && HAVE_VFORK */
  
  static void
  dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
  
  static void
  dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
@@ -1424,7 +1773,15 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
                         else
                                 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0);
  
                         else
                                 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0);
  
+#ifdef HAVE_CAP_NG_H
+                       capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
+                       capng_apply(CAPNG_EFFECTIVE);
+#endif /* HAVE_CAP_NG_H */
                         dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
                         dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
+#ifdef HAVE_CAP_NG_H
+                       capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
+                       capng_apply(CAPNG_EFFECTIVE);
+#endif /* HAVE_CAP_NG_H */
                         if (dump_info->p == NULL)
                                 error("%s", pcap_geterr(pd));
                 }
                         if (dump_info->p == NULL)
                                 error("%s", pcap_geterr(pd));
                 }
@@ -1512,7 +1869,12 @@ print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
          */
         snapend = sp + h->caplen;
  
          */
         snapend = sp + h->caplen;
  
-       hdrlen = (*print_info->printer)(h, sp);
+        if(print_info->ndo_type) {
+                hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp);
+        } else {
+                hdrlen = (*print_info->p.printer)(h, sp);
+        }
+                
         if (Xflag) {
                 /*
                  * Print the raw packet data in hex and ASCII.
         if (Xflag) {
                 /*
                  * Print the raw packet data in hex and ASCII.
@@ -1620,7 +1982,7 @@ default_print(const u_char *bp, u_int length)
         ndo_default_print(gndo, bp, length);
  }
  
         ndo_default_print(gndo, bp, length);
  }
  
-#ifdef SIGINFO
+#ifdef SIGNAL_REQ_INFO
  RETSIGTYPE requestinfo(int signo _U_)
  {
         if (infodelay)
  RETSIGTYPE requestinfo(int signo _U_)
  {
         if (infodelay)
@@ -1682,17 +2044,17 @@ usage(void)
  #endif /* WIN32 */
  #endif /* HAVE_PCAP_LIB_VERSION */
         (void)fprintf(stderr,
  #endif /* WIN32 */
  #endif /* HAVE_PCAP_LIB_VERSION */
         (void)fprintf(stderr,
-"Usage: %s [-aAd" D_FLAG "ef" I_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name);
+"Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name);
         (void)fprintf(stderr,
  "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
         (void)fprintf(stderr,
         (void)fprintf(stderr,
  "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
         (void)fprintf(stderr,
-"\t\t[ -i interface ] [ -M secret ] [ -r file ]\n");
+"\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ]\n");
         (void)fprintf(stderr,
         (void)fprintf(stderr,
-"\t\t[ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]\n");
+"\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]\n");
         (void)fprintf(stderr,
         (void)fprintf(stderr,
-"\t\t[ -y datalinktype ] [ -z command ] [ -Z user ]\n");
+"\t\t[ -W filecount ] [ -y datalinktype ] [ -z command ]\n");
         (void)fprintf(stderr,
         (void)fprintf(stderr,
-"\t\t[ expression ]\n");
+"\t\t[ -Z user ] [ expression ]\n");
         exit(1);
  }
  
         exit(1);
  }