]> The Tcpdump Group git mirrors - tcpdump/blobdiff - tcpdump.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add --time-t-size option to print the size of time_t in bits
[tcpdump] / tcpdump.c
diff --git a/tcpdump.c b/tcpdump.c
index 657158e4e678c153f75f982656ccccbce44bd882..ca4babf221575e871f1b65ccbe8b011867f5e609 100644 (file)
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -25,12 +25,6 @@
  *     Seth Webster <[email protected]>
  */
 
  *     Seth Webster <[email protected]>
  */
 
-#ifndef lint
-static const char copyright[] _U_ =
-    "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
-The Regents of the University of California.  All rights reserved.\n";
-#endif
-
 /*
  * tcpdump - dump traffic on a network
  *
 /*
  * tcpdump - dump traffic on a network
  *
@@ -39,28 +33,23 @@ The Regents of the University of California.  All rights reserved.\n";
  * combined efforts of Van, Steve McCanne and Craig Leres of LBL.
  */
 
  * combined efforts of Van, Steve McCanne and Craig Leres of LBL.
  */
 
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
+#include <config.h>
+
+#include "netdissect-stdinc.h"
 
 /*
 
 /*
- * Mac OS X may ship pcap.h from libpcap 0.6 with a libpcap based on
- * 0.8.  That means it has pcap_findalldevs() but the header doesn't
- * define pcap_if_t, meaning that we can't actually *use* pcap_findalldevs().
+ * This must appear after including netdissect-stdinc.h, so that _U_ is
+ * defined.
  */
  */
-#ifdef HAVE_PCAP_FINDALLDEVS
-#ifndef HAVE_PCAP_IF_T
-#undef HAVE_PCAP_FINDALLDEVS
-#endif
+#ifndef lint
+static const char copyright[] _U_ =
+    "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
+The Regents of the University of California.  All rights reserved.\n";
 #endif
 
 #endif
 
-#include <netdissect-stdinc.h>
-
 #include <sys/stat.h>
 
 #include <sys/stat.h>
 
-#ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #include <fcntl.h>
-#endif
 
 #ifdef HAVE_LIBCRYPTO
 #include <openssl/crypto.h>
 
 #ifdef HAVE_LIBCRYPTO
 #include <openssl/crypto.h>
@@ -69,18 +58,41 @@ The Regents of the University of California.  All rights reserved.\n";
 #ifdef HAVE_GETOPT_LONG
 #include <getopt.h>
 #else
 #ifdef HAVE_GETOPT_LONG
 #include <getopt.h>
 #else
-#include "getopt_long.h"
+#include "missing/getopt_long.h"
 #endif
 /* Capsicum-specific code requires macros from <net/bpf.h>, which will fail
  * to compile if <pcap.h> has already been included; including the headers
 #endif
 /* Capsicum-specific code requires macros from <net/bpf.h>, which will fail
  * to compile if <pcap.h> has already been included; including the headers
- * in the opposite order works fine.
+ * in the opposite order works fine. For the most part anyway, because in
+ * FreeBSD <pcap/pcap.h> declares bpf_dump() instead of <net/bpf.h>. Thus
+ * interface.h takes care of it later to avoid a compiler warning.
  */
 #ifdef HAVE_CAPSICUM
  */
 #ifdef HAVE_CAPSICUM
-#include <sys/capability.h>
+#include <sys/capsicum.h>
 #include <sys/ioccom.h>
 #include <net/bpf.h>
 #include <libgen.h>
 #include <sys/ioccom.h>
 #include <net/bpf.h>
 #include <libgen.h>
+#ifdef HAVE_CASPER
+#include <libcasper.h>
+#include <casper/cap_dns.h>
+#include <sys/nv.h>
+#endif /* HAVE_CASPER */
 #endif /* HAVE_CAPSICUM */
 #endif /* HAVE_CAPSICUM */
+#ifdef HAVE_PCAP_OPEN
+/*
+ * We found pcap_open() in the capture library, so we'll be using
+ * the remote capture APIs; define PCAP_REMOTE before we include pcap.h,
+ * so we get those APIs declared, and the types and #defines that they
+ * use defined.
+ *
+ * WinPcap's headers require that PCAP_REMOTE be defined in order to get
+ * remote-capture APIs declared and types and #defines that they use
+ * defined.
+ *
+ * (Versions of libpcap with those APIs, and thus Npcap, which is based on
+ * those versions of libpcap, don't require it.)
+ */
+#define HAVE_REMOTE
+#endif
 #include <pcap.h>
 #include <signal.h>
 #include <stdio.h>
 #include <pcap.h>
 #include <signal.h>
 #include <stdio.h>
@@ -88,13 +100,26 @@ The Regents of the University of California.  All rights reserved.\n";
 #include <stdlib.h>
 #include <string.h>
 #include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 #include <limits.h>
-#ifndef _WIN32
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <sys/time.h>
 #include <sys/wait.h>
 #include <sys/resource.h>
 #include <pwd.h>
 #include <grp.h>
 #endif /* _WIN32 */
 
 #include <sys/wait.h>
 #include <sys/resource.h>
 #include <pwd.h>
 #include <grp.h>
 #endif /* _WIN32 */
 
+/*
+ * Pathname separator.
+ * Use this in pathnames, but do *not* use it in URLs.
+ */
+#ifdef _WIN32
+#define PATH_SEPARATOR '\\'
+#else
+#define PATH_SEPARATOR '/'
+#endif
+
 /* capabilities convenience library */
 /* If a code depends on HAVE_LIBCAP_NG, it depends also on HAVE_CAP_NG_H.
  * If HAVE_CAP_NG_H is not defined, undefine HAVE_LIBCAP_NG.
 /* capabilities convenience library */
 /* If a code depends on HAVE_LIBCAP_NG, it depends also on HAVE_CAP_NG_H.
  * If HAVE_CAP_NG_H is not defined, undefine HAVE_LIBCAP_NG.
@@ -108,30 +133,49 @@ The Regents of the University of California.  All rights reserved.\n";
 #endif /* HAVE_CAP_NG_H */
 #endif /* HAVE_LIBCAP_NG */
 
 #endif /* HAVE_CAP_NG_H */
 #endif /* HAVE_LIBCAP_NG */
 
+#ifdef __FreeBSD__
+#include <sys/sysctl.h>
+#endif /* __FreeBSD__ */
+
+#include "netdissect-stdinc.h"
 #include "netdissect.h"
 #include "interface.h"
 #include "addrtoname.h"
 #include "netdissect.h"
 #include "interface.h"
 #include "addrtoname.h"
-#include "machdep.h"
-#include "setsignal.h"
-#include "gmt2local.h"
 #include "pcap-missing.h"
 #include "ascii_strcasecmp.h"
 
 #include "print.h"
 
 #include "pcap-missing.h"
 #include "ascii_strcasecmp.h"
 
 #include "print.h"
 
+#include "diag-control.h"
+
+#include "fptype.h"
+
 #ifndef PATH_MAX
 #define PATH_MAX 1024
 #endif
 
 #ifndef PATH_MAX
 #define PATH_MAX 1024
 #endif
 
-#ifdef SIGINFO
+#if defined(SIGINFO)
 #define SIGNAL_REQ_INFO SIGINFO
 #define SIGNAL_REQ_INFO SIGINFO
-#elif SIGUSR1
+#elif defined(SIGUSR1)
 #define SIGNAL_REQ_INFO SIGUSR1
 #endif
 
 #define SIGNAL_REQ_INFO SIGUSR1
 #endif
 
-static int Cflag;                      /* rotate dump files after this many bytes */
+#if defined(SIGUSR2)
+#define SIGNAL_FLUSH_PCAP SIGUSR2
+#endif
+
+static int Bflag;                      /* buffer size */
+#ifdef HAVE_PCAP_DUMP_FTELL64
+static int64_t Cflag;                  /* rotate dump files after this many bytes */
+#else
+static long Cflag;                     /* rotate dump files after this many bytes */
+#endif
 static int Cflag_count;                        /* Keep track of which file number we're writing */
 static int Dflag;                      /* list available devices and exit */
 static int Cflag_count;                        /* Keep track of which file number we're writing */
 static int Dflag;                      /* list available devices and exit */
+#ifdef HAVE_PCAP_FINDALLDEVS_EX
+static char *remote_interfaces_source; /* list available devices from this source and exit */
+#endif
+
 /*
  * This is exported because, in some versions of libpcap, if libpcap
  * is built with optimizer debugging code (which is *NOT* the default
 /*
  * This is exported because, in some versions of libpcap, if libpcap
  * is built with optimizer debugging code (which is *NOT* the default
@@ -144,6 +188,7 @@ static int Dflag;                   /* list available devices and exit */
  * dflag but, instead, *if* built with optimizer debugging code,
  * *export* a routine to set that flag.
  */
  * dflag but, instead, *if* built with optimizer debugging code,
  * *export* a routine to set that flag.
  */
+extern int dflag;
 int dflag;                             /* print filter code */
 static int Gflag;                      /* rotate dump files after this many seconds */
 static int Gflag_count;                        /* number of files created with Gflag rotation */
 int dflag;                             /* print filter code */
 static int Gflag;                      /* rotate dump files after this many seconds */
 static int Gflag_count;                        /* number of files created with Gflag rotation */
@@ -152,14 +197,20 @@ static int Lflag;                 /* list available data link types and exit */
 static int Iflag;                      /* rfmon (monitor) mode */
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
 static int Jflag;                      /* list available time stamp types */
 static int Iflag;                      /* rfmon (monitor) mode */
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
 static int Jflag;                      /* list available time stamp types */
+static int jflag = -1;                 /* packet time stamp source */
 #endif
 #endif
-#ifdef HAVE_PCAP_SETDIRECTION
-int Qflag = -1;                                /* restrict captured packet by send/receive direction */
-#endif
+static int lflag;                      /* line-buffered output */
+static int pflag;                      /* don't go promiscuous */
+static int Qflag = -1;                 /* restrict captured packet by send/receive direction */
 static int Uflag;                      /* "unbuffered" output of dump files */
 static int Wflag;                      /* recycle output files after this number of files */
 static int WflagChars;
 static char *zflag = NULL;             /* compress each savefile using a specified command (like gzip or bzip2) */
 static int Uflag;                      /* "unbuffered" output of dump files */
 static int Wflag;                      /* recycle output files after this number of files */
 static int WflagChars;
 static char *zflag = NULL;             /* compress each savefile using a specified command (like gzip or bzip2) */
+static int timeout = 1000;             /* default timeout = 1000 ms = 1 s */
+#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
+static int immediate_mode;
+#endif
+static int count_mode;
 
 static int infodelay;
 static int infoprint;
 
 static int infodelay;
 static int infoprint;
@@ -167,42 +218,31 @@ static int infoprint;
 char *program_name;
 
 /* Forwards */
 char *program_name;
 
 /* Forwards */
-static void error(const char *, ...)
-     __attribute__((noreturn))
-#ifdef __ATTRIBUTE___FORMAT_OK
-     __attribute__((format (printf, 1, 2)))
-#endif /* __ATTRIBUTE___FORMAT_OK */
-     ;
-static void warning(const char *, ...)
-#ifdef __ATTRIBUTE___FORMAT_OK
-     __attribute__((format (printf, 1, 2)))
-#endif /* __ATTRIBUTE___FORMAT_OK */
-     ;
-static void exit_tcpdump(int) __attribute__((noreturn));
-static RETSIGTYPE cleanup(int);
-static RETSIGTYPE child_cleanup(int);
-static void print_version(void);
-static void print_usage(void);
-static void show_tstamp_types_and_exit(const char *device) __attribute__((noreturn));
-static void show_dlts_and_exit(const char *device) __attribute__((noreturn));
+static void (*setsignal (int sig, void (*func)(int)))(int);
+static void cleanup(int);
+static void child_cleanup(int);
+static void print_version(FILE *);
+static void print_usage(FILE *);
 
 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
 
 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
-static void droproot(const char *, const char *);
 
 #ifdef SIGNAL_REQ_INFO
 
 #ifdef SIGNAL_REQ_INFO
-RETSIGTYPE requestinfo(int);
+static void requestinfo(int);
 #endif
 
 #endif
 
-#if defined(USE_WIN32_MM_TIMER)
-  #include <MMsystem.h>
-  static UINT timer_id;
-  static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR);
-#elif defined(HAVE_ALARM)
-  static void verbose_stats_dump(int sig);
+#ifdef SIGNAL_FLUSH_PCAP
+static void flushpcap(int);
 #endif
 
 #endif
 
+#ifdef _WIN32
+    static HANDLE timer_handle = INVALID_HANDLE_VALUE;
+    static void CALLBACK verbose_stats_dump(PVOID param, BOOLEAN timer_fired);
+#else /* _WIN32 */
+  static void verbose_stats_dump(int sig);
+#endif /* _WIN32 */
+
 static void info(int);
 static u_int packets_captured;
 
 static void info(int);
 static u_int packets_captured;
 
@@ -214,10 +254,14 @@ static const struct tok status_flags[] = {
        { PCAP_IF_RUNNING,  "Running"  },
 #endif
        { PCAP_IF_LOOPBACK, "Loopback" },
        { PCAP_IF_RUNNING,  "Running"  },
 #endif
        { PCAP_IF_LOOPBACK, "Loopback" },
+#ifdef PCAP_IF_WIRELESS
+       { PCAP_IF_WIRELESS, "Wireless" },
+#endif
        { 0, NULL }
 };
 
 static pcap_t *pd;
        { 0, NULL }
 };
 
 static pcap_t *pd;
+static pcap_dumper_t *pdd = NULL;
 
 static int supports_monitor_mode;
 
 
 static int supports_monitor_mode;
 
@@ -229,7 +273,8 @@ struct dump_info {
        char    *WFileName;
        char    *CurrentFileName;
        pcap_t  *pd;
        char    *WFileName;
        char    *CurrentFileName;
        pcap_t  *pd;
-       pcap_dumper_t *p;
+       pcap_dumper_t *pdd;
+       netdissect_options *ndo;
 #ifdef HAVE_CAPSICUM
        int     dirfd;
 #endif
 #ifdef HAVE_CAPSICUM
        int     dirfd;
 #endif
@@ -286,9 +331,16 @@ extern
 void pcap_set_optimizer_debug(int);
 #endif
 
 void pcap_set_optimizer_debug(int);
 #endif
 
+static void NORETURN
+exit_tcpdump(const int status)
+{
+       nd_cleanup();
+       exit(status);
+}
+
 /* VARARGS */
 /* VARARGS */
-static void
-error(const char *fmt, ...)
+static void NORETURN PRINTFLIKE(1, 2)
+error(FORMAT_STRING(const char *fmt), ...)
 {
        va_list ap;
 
 {
        va_list ap;
 
@@ -301,13 +353,13 @@ error(const char *fmt, ...)
                if (fmt[-1] != '\n')
                        (void)fputc('\n', stderr);
        }
                if (fmt[-1] != '\n')
                        (void)fputc('\n', stderr);
        }
-       exit_tcpdump(1);
+       exit_tcpdump(S_ERR_HOST_PROGRAM);
        /* NOTREACHED */
 }
 
 /* VARARGS */
        /* NOTREACHED */
 }
 
 /* VARARGS */
-static void
-warning(const char *fmt, ...)
+static void PRINTFLIKE(1, 2)
+warning(FORMAT_STRING(const char *fmt), ...)
 {
        va_list ap;
 
 {
        va_list ap;
 
@@ -322,57 +374,50 @@ warning(const char *fmt, ...)
        }
 }
 
        }
 }
 
-static void
-exit_tcpdump(int status)
-{
-       nd_cleanup();
-       exit(status);
-}
-
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
-static void
-show_tstamp_types_and_exit(const char *device)
+static void NORETURN
+show_tstamp_types_and_exit(pcap_t *pc, const char *device)
 {
        int n_tstamp_types;
        int *tstamp_types = 0;
        const char *tstamp_type_name;
        int i;
 
 {
        int n_tstamp_types;
        int *tstamp_types = 0;
        const char *tstamp_type_name;
        int i;
 
-       n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types);
+       n_tstamp_types = pcap_list_tstamp_types(pc, &tstamp_types);
        if (n_tstamp_types < 0)
        if (n_tstamp_types < 0)
-               error("%s", pcap_geterr(pd));
+               error("%s", pcap_geterr(pc));
 
        if (n_tstamp_types == 0) {
                fprintf(stderr, "Time stamp type cannot be set for %s\n",
                    device);
 
        if (n_tstamp_types == 0) {
                fprintf(stderr, "Time stamp type cannot be set for %s\n",
                    device);
-               exit_tcpdump(0);
+               exit_tcpdump(S_SUCCESS);
        }
        }
-       fprintf(stderr, "Time stamp types for %s (use option -j to set):\n",
+       fprintf(stdout, "Time stamp types for %s (use option -j to set):\n",
            device);
        for (i = 0; i < n_tstamp_types; i++) {
                tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]);
                if (tstamp_type_name != NULL) {
            device);
        for (i = 0; i < n_tstamp_types; i++) {
                tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]);
                if (tstamp_type_name != NULL) {
-                       (void) fprintf(stderr, "  %s (%s)\n", tstamp_type_name,
+                       (void) fprintf(stdout, "  %s (%s)\n", tstamp_type_name,
                            pcap_tstamp_type_val_to_description(tstamp_types[i]));
                } else {
                            pcap_tstamp_type_val_to_description(tstamp_types[i]));
                } else {
-                       (void) fprintf(stderr, "  %d\n", tstamp_types[i]);
+                       (void) fprintf(stdout, "  %d\n", tstamp_types[i]);
                }
        }
        pcap_free_tstamp_types(tstamp_types);
                }
        }
        pcap_free_tstamp_types(tstamp_types);
-       exit_tcpdump(0);
+       exit_tcpdump(S_SUCCESS);
 }
 #endif
 
 }
 #endif
 
-static void
-show_dlts_and_exit(const char *device)
+static void NORETURN
+show_dlts_and_exit(pcap_t *pc, const char *device)
 {
        int n_dlts, i;
        int *dlts = 0;
        const char *dlt_name;
 
 {
        int n_dlts, i;
        int *dlts = 0;
        const char *dlt_name;
 
-       n_dlts = pcap_list_datalinks(pd, &dlts);
+       n_dlts = pcap_list_datalinks(pc, &dlts);
        if (n_dlts < 0)
        if (n_dlts < 0)
-               error("%s", pcap_geterr(pd));
+               error("%s", pcap_geterr(pc));
        else if (n_dlts == 0 || !dlts)
                error("No data link types.");
 
        else if (n_dlts == 0 || !dlts)
                error("No data link types.");
 
@@ -384,40 +429,39 @@ show_dlts_and_exit(const char *device)
         * monitor mode might be different from the ones available when
         * not in monitor mode).
         */
         * monitor mode might be different from the ones available when
         * not in monitor mode).
         */
+       (void) fprintf(stdout, "Data link types for ");
        if (supports_monitor_mode)
        if (supports_monitor_mode)
-               (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n",
+               (void) fprintf(stdout, "%s %s",
                    device,
                    Iflag ? "when in monitor mode" : "when not in monitor mode");
        else
                    device,
                    Iflag ? "when in monitor mode" : "when not in monitor mode");
        else
-               (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n",
+               (void) fprintf(stdout, "%s",
                    device);
                    device);
+       (void) fprintf(stdout, " (use option -y to set):\n");
 
        for (i = 0; i < n_dlts; i++) {
                dlt_name = pcap_datalink_val_to_name(dlts[i]);
                if (dlt_name != NULL) {
 
        for (i = 0; i < n_dlts; i++) {
                dlt_name = pcap_datalink_val_to_name(dlts[i]);
                if (dlt_name != NULL) {
-                       (void) fprintf(stderr, "  %s (%s)", dlt_name,
+                       (void) fprintf(stdout, "  %s (%s)", dlt_name,
                            pcap_datalink_val_to_description(dlts[i]));
 
                        /*
                         * OK, does tcpdump handle that type?
                         */
                        if (!has_printer(dlts[i]))
                            pcap_datalink_val_to_description(dlts[i]));
 
                        /*
                         * OK, does tcpdump handle that type?
                         */
                        if (!has_printer(dlts[i]))
-                               (void) fprintf(stderr, " (printing not supported)");
-                       fprintf(stderr, "\n");
+                               (void) fprintf(stdout, " (printing not supported)");
+                       fprintf(stdout, "\n");
                } else {
                } else {
-                       (void) fprintf(stderr, "  DLT %d (printing not supported)\n",
+                       (void) fprintf(stdout, "  DLT %d (printing not supported)\n",
                            dlts[i]);
                }
        }
                            dlts[i]);
                }
        }
-#ifdef HAVE_PCAP_FREE_DATALINKS
        pcap_free_datalinks(dlts);
        pcap_free_datalinks(dlts);
-#endif
-       exit_tcpdump(0);
+       exit_tcpdump(S_SUCCESS);
 }
 
 }
 
-#ifdef HAVE_PCAP_FINDALLDEVS
-static void
-show_devices_and_exit (void)
+static void NORETURN
+show_devices_and_exit(void)
 {
        pcap_if_t *dev, *devlist;
        char ebuf[PCAP_ERRBUF_SIZE];
 {
        pcap_if_t *dev, *devlist;
        char ebuf[PCAP_ERRBUF_SIZE];
@@ -425,6 +469,84 @@ show_devices_and_exit (void)
 
        if (pcap_findalldevs(&devlist, ebuf) < 0)
                error("%s", ebuf);
 
        if (pcap_findalldevs(&devlist, ebuf) < 0)
                error("%s", ebuf);
+       for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
+               printf("%d.%s", i+1, dev->name);
+               if (dev->description != NULL)
+                       printf(" (%s)", dev->description);
+               if (dev->flags != 0) {
+                       printf(" [");
+                       printf("%s", bittok2str(status_flags, "none", dev->flags));
+#ifdef PCAP_IF_WIRELESS
+                       if (dev->flags & PCAP_IF_WIRELESS) {
+                               switch (dev->flags & PCAP_IF_CONNECTION_STATUS) {
+
+                               case PCAP_IF_CONNECTION_STATUS_UNKNOWN:
+                                       printf(", Association status unknown");
+                                       break;
+
+                               case PCAP_IF_CONNECTION_STATUS_CONNECTED:
+                                       printf(", Associated");
+                                       break;
+
+                               case PCAP_IF_CONNECTION_STATUS_DISCONNECTED:
+                                       printf(", Not associated");
+                                       break;
+
+                               case PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE:
+                                       break;
+                               }
+                       } else {
+                               switch (dev->flags & PCAP_IF_CONNECTION_STATUS) {
+
+                               case PCAP_IF_CONNECTION_STATUS_UNKNOWN:
+                                       printf(", Connection status unknown");
+                                       break;
+
+                               case PCAP_IF_CONNECTION_STATUS_CONNECTED:
+                                       printf(", Connected");
+                                       break;
+
+                               case PCAP_IF_CONNECTION_STATUS_DISCONNECTED:
+                                       printf(", Disconnected");
+                                       break;
+
+                               case PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE:
+                                       break;
+                               }
+                       }
+#endif
+                       printf("]");
+               }
+               printf("\n");
+       }
+       pcap_freealldevs(devlist);
+       exit_tcpdump(S_SUCCESS);
+}
+
+#ifdef HAVE_PCAP_FINDALLDEVS_EX
+static void NORETURN
+show_remote_devices_and_exit(void)
+{
+       pcap_if_t *dev, *devlist;
+       char ebuf[PCAP_ERRBUF_SIZE];
+       int i;
+
+       if (pcap_findalldevs_ex(remote_interfaces_source, NULL, &devlist,
+           ebuf) < 0) {
+               if (strcmp(ebuf, "not supported") == 0) {
+                       /*
+                        * macOS 14's pcap_findalldevs_ex(), which is a
+                        * stub that always returns -1 with an error
+                        * message of "not supported".
+                        *
+                        * In this case, as we passed it an rpcap://
+                        * URL, treat that as meaning "remote capture
+                        * not supported".
+                        */
+                       error("Remote capture not supported");
+               }
+               error("%s", ebuf);
+       }
        for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
                printf("%d.%s", i+1, dev->name);
                if (dev->description != NULL)
        for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
                printf("%d.%s", i+1, dev->name);
                if (dev->description != NULL)
@@ -434,9 +556,9 @@ show_devices_and_exit (void)
                printf("\n");
        }
        pcap_freealldevs(devlist);
                printf("\n");
        }
        pcap_freealldevs(devlist);
-       exit_tcpdump(0);
+       exit_tcpdump(S_SUCCESS);
 }
 }
-#endif /* HAVE_PCAP_FINDALLDEVS */
+#endif /* HAVE_PCAP_FINDALLDEVS_EX */
 
 /*
  * Short options.
 
 /*
  * Short options.
@@ -446,22 +568,22 @@ show_devices_and_exit (void)
  * only use them for the same purposes that the other versions of tcpdump
  * use them:
  *
  * only use them for the same purposes that the other versions of tcpdump
  * use them:
  *
- * OS X tcpdump uses -g to force non--v output for IP to be on one
+ * macOS tcpdump uses -g to force non--v output for IP to be on one
  * line, making it more "g"repable;
  *
  * line, making it more "g"repable;
  *
- * OS X tcpdump uses -k tospecify that packet comments in pcap-ng files
+ * macOS tcpdump uses -k to specify that packet comments in pcapng files
  * should be printed;
  *
  * OpenBSD tcpdump uses -o to indicate that OS fingerprinting should be done
  * for hosts sending TCP SYN packets;
  *
  * should be printed;
  *
  * OpenBSD tcpdump uses -o to indicate that OS fingerprinting should be done
  * for hosts sending TCP SYN packets;
  *
- * OS X tcpdump uses -P to indicate that -w should write pcap-ng rather
+ * macOS tcpdump uses -P to indicate that -w should write pcapng rather
  * than pcap files.
  *
  * than pcap files.
  *
- * OS X tcpdump also uses -Q to specify expressions that match packet
+ * macOS tcpdump also uses -Q to specify expressions that match packet
  * metadata, including but not limited to the packet direction.
  * The expression syntax is different from a simple "in|out|inout",
  * metadata, including but not limited to the packet direction.
  * The expression syntax is different from a simple "in|out|inout",
- * and those expressions aren't accepted by OS X tcpdump, but the
+ * and those expressions aren't accepted by macOS tcpdump, but the
  * equivalents would be "in" = "dir=in", "out" = "dir=out", and
  * "inout" = "dir=in or dir=out", and the parser could conceivably
  * special-case "in", "out", and "inout" as expressions for backwards
  * equivalents would be "in" = "dir=in", "out" = "dir=out", and
  * "inout" = "dir=in or dir=out", and the parser could conceivably
  * special-case "in", "out", and "inout" as expressions for backwards
@@ -472,49 +594,21 @@ show_devices_and_exit (void)
  * Set up flags that might or might not be supported depending on the
  * version of libpcap we're using.
  */
  * Set up flags that might or might not be supported depending on the
  * version of libpcap we're using.
  */
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
-#define B_FLAG         "B:"
-#define B_FLAG_USAGE   " [ -B size ]"
-#else /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
-#define B_FLAG
-#define B_FLAG_USAGE
-#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
-
-#ifdef HAVE_PCAP_CREATE
-#define I_FLAG         "I"
-#else /* HAVE_PCAP_CREATE */
-#define I_FLAG
-#endif /* HAVE_PCAP_CREATE */
-
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
 #define j_FLAG         "j:"
 #define j_FLAG_USAGE   " [ -j tstamptype ]"
 #define J_FLAG         "J"
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
 #define j_FLAG         "j:"
 #define j_FLAG_USAGE   " [ -j tstamptype ]"
 #define J_FLAG         "J"
-#else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
+#else /* HAVE_PCAP_SET_TSTAMP_TYPE */
 #define j_FLAG
 #define j_FLAG_USAGE
 #define J_FLAG
 #define j_FLAG
 #define j_FLAG_USAGE
 #define J_FLAG
-#endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
-
-#ifdef HAVE_PCAP_FINDALLDEVS
-#define D_FLAG "D"
-#else
-#define D_FLAG
-#endif
-
-#ifdef HAVE_PCAP_DUMP_FLUSH
-#define U_FLAG "U"
-#else
-#define U_FLAG
-#endif
+#endif /* HAVE_PCAP_SET_TSTAMP_TYPE */
 
 
-#ifdef HAVE_PCAP_SETDIRECTION
-#define Q_FLAG "Q:"
-#else
-#define Q_FLAG
+#ifdef USE_LIBSMI
+#define m_FLAG_USAGE "[ -m module ] ..."
 #endif
 
 #endif
 
-#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
+#define SHORTOPTS "aAbB:c:C:dDeE:fF:G:hHi:I" j_FLAG J_FLAG "KlLm:M:nNOpqQ:r:s:StT:uUvV:w:W:xXy:Yz:Z:#"
 
 /*
  * Long options.
 
 /*
  * Long options.
@@ -536,39 +630,45 @@ show_devices_and_exit (void)
  * component of the entry for the long option, and have a case for that
  * option in the switch statement.
  */
  * component of the entry for the long option, and have a case for that
  * option in the switch statement.
  */
-#define OPTION_VERSION         128
-#define OPTION_TSTAMP_PRECISION        129
-#define OPTION_IMMEDIATE_MODE  130
+#define OPTION_VERSION                 128
+#define OPTION_TSTAMP_PRECISION                129
+#define OPTION_IMMEDIATE_MODE          130
+#define OPTION_PRINT                   131
+#define OPTION_LIST_REMOTE_INTERFACES  132
+#define OPTION_TSTAMP_MICRO            133
+#define OPTION_TSTAMP_NANO             134
+#define OPTION_FP_TYPE                 135
+#define OPTION_COUNT                   136
+#define OPTION_PRINT_SAMPLING          137
+#define OPTION_LENGTHS                 138
+#define OPTION_TIME_T_SIZE             139
 
 static const struct option longopts[] = {
 
 static const struct option longopts[] = {
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
        { "buffer-size", required_argument, NULL, 'B' },
        { "buffer-size", required_argument, NULL, 'B' },
-#endif
        { "list-interfaces", no_argument, NULL, 'D' },
        { "list-interfaces", no_argument, NULL, 'D' },
+#ifdef HAVE_PCAP_FINDALLDEVS_EX
+       { "list-remote-interfaces", required_argument, NULL, OPTION_LIST_REMOTE_INTERFACES },
+#endif
        { "help", no_argument, NULL, 'h' },
        { "interface", required_argument, NULL, 'i' },
        { "help", no_argument, NULL, 'h' },
        { "interface", required_argument, NULL, 'i' },
-#ifdef HAVE_PCAP_CREATE
        { "monitor-mode", no_argument, NULL, 'I' },
        { "monitor-mode", no_argument, NULL, 'I' },
-#endif
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
        { "time-stamp-type", required_argument, NULL, 'j' },
        { "list-time-stamp-types", no_argument, NULL, 'J' },
 #endif
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
        { "time-stamp-type", required_argument, NULL, 'j' },
        { "list-time-stamp-types", no_argument, NULL, 'J' },
 #endif
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
+       { "micro", no_argument, NULL, OPTION_TSTAMP_MICRO},
+       { "nano", no_argument, NULL, OPTION_TSTAMP_NANO},
        { "time-stamp-precision", required_argument, NULL, OPTION_TSTAMP_PRECISION},
 #endif
        { "dont-verify-checksums", no_argument, NULL, 'K' },
        { "list-data-link-types", no_argument, NULL, 'L' },
        { "no-optimize", no_argument, NULL, 'O' },
        { "no-promiscuous-mode", no_argument, NULL, 'p' },
        { "time-stamp-precision", required_argument, NULL, OPTION_TSTAMP_PRECISION},
 #endif
        { "dont-verify-checksums", no_argument, NULL, 'K' },
        { "list-data-link-types", no_argument, NULL, 'L' },
        { "no-optimize", no_argument, NULL, 'O' },
        { "no-promiscuous-mode", no_argument, NULL, 'p' },
-#ifdef HAVE_PCAP_SETDIRECTION
        { "direction", required_argument, NULL, 'Q' },
        { "direction", required_argument, NULL, 'Q' },
-#endif
        { "snapshot-length", required_argument, NULL, 's' },
        { "absolute-tcp-sequence-numbers", no_argument, NULL, 'S' },
        { "snapshot-length", required_argument, NULL, 's' },
        { "absolute-tcp-sequence-numbers", no_argument, NULL, 'S' },
-#ifdef HAVE_PCAP_DUMP_FLUSH
        { "packet-buffered", no_argument, NULL, 'U' },
        { "packet-buffered", no_argument, NULL, 'U' },
-#endif
        { "linktype", required_argument, NULL, 'y' },
 #ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
        { "immediate-mode", no_argument, NULL, OPTION_IMMEDIATE_MODE },
        { "linktype", required_argument, NULL, 'y' },
 #ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
        { "immediate-mode", no_argument, NULL, OPTION_IMMEDIATE_MODE },
@@ -577,11 +677,29 @@ static const struct option longopts[] = {
        { "debug-filter-parser", no_argument, NULL, 'Y' },
 #endif
        { "relinquish-privileges", required_argument, NULL, 'Z' },
        { "debug-filter-parser", no_argument, NULL, 'Y' },
 #endif
        { "relinquish-privileges", required_argument, NULL, 'Z' },
+       { "count", no_argument, NULL, OPTION_COUNT },
+       { "fp-type", no_argument, NULL, OPTION_FP_TYPE },
        { "number", no_argument, NULL, '#' },
        { "number", no_argument, NULL, '#' },
+       { "print", no_argument, NULL, OPTION_PRINT },
+       { "print-sampling", required_argument, NULL, OPTION_PRINT_SAMPLING },
+       { "lengths", no_argument, NULL, OPTION_LENGTHS },
+       { "time-t-size", no_argument, NULL, OPTION_TIME_T_SIZE },
        { "version", no_argument, NULL, OPTION_VERSION },
        { NULL, 0, NULL, 0 }
 };
 
        { "version", no_argument, NULL, OPTION_VERSION },
        { NULL, 0, NULL, 0 }
 };
 
+#ifdef HAVE_PCAP_FINDALLDEVS_EX
+#define LIST_REMOTE_INTERFACES_USAGE " [ --list-remote-interfaces remote-source ]"
+#else
+#define LIST_REMOTE_INTERFACES_USAGE
+#endif
+
+#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
+#define IMMEDIATE_MODE_USAGE " [ --immediate-mode ]"
+#else
+#define IMMEDIATE_MODE_USAGE ""
+#endif
+
 #ifndef _WIN32
 /* Drop root privileges and chroot if necessary */
 static void
 #ifndef _WIN32
 /* Drop root privileges and chroot if necessary */
 static void
@@ -589,58 +707,49 @@ droproot(const char *username, const char *chroot_dir)
 {
        struct passwd *pw = NULL;
 
 {
        struct passwd *pw = NULL;
 
-       if (chroot_dir && !username) {
-               fprintf(stderr, "%s: Chroot without dropping root is insecure\n",
-                       program_name);
-               exit_tcpdump(1);
-       }
+       if (chroot_dir && !username)
+               error("Chroot without dropping root is insecure");
 
        pw = getpwnam(username);
        if (pw) {
                if (chroot_dir) {
 
        pw = getpwnam(username);
        if (pw) {
                if (chroot_dir) {
-                       if (chroot(chroot_dir) != 0 || chdir ("/") != 0) {
-                               fprintf(stderr, "%s: Couldn't chroot/chdir to '%.64s': %s\n",
-                                       program_name, chroot_dir, pcap_strerror(errno));
-                               exit_tcpdump(1);
-                       }
+                       if (chroot(chroot_dir) != 0 || chdir ("/") != 0)
+                               error("Couldn't chroot/chdir to '%.64s': %s",
+                                     chroot_dir, pcap_strerror(errno));
                }
 #ifdef HAVE_LIBCAP_NG
                {
                        int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
                }
 #ifdef HAVE_LIBCAP_NG
                {
                        int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
-                       if (ret < 0) {
-                               fprintf(stderr, "error : ret %d\n", ret);
-                       } else {
+                       if (ret < 0)
+                               error("capng_change_id(): return %d\n", ret);
+                       else
                                fprintf(stderr, "dropped privs to %s\n", username);
                                fprintf(stderr, "dropped privs to %s\n", username);
-                       }
                }
 #else
                if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
                }
 #else
                if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
-                   setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
-                       fprintf(stderr, "%s: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
-                               program_name, username,
+                   setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0)
+                       error("Couldn't change to '%.32s' uid=%lu gid=%lu: %s",
+                               username,
                                (unsigned long)pw->pw_uid,
                                (unsigned long)pw->pw_gid,
                                pcap_strerror(errno));
                                (unsigned long)pw->pw_uid,
                                (unsigned long)pw->pw_gid,
                                pcap_strerror(errno));
-                       exit_tcpdump(1);
-               }
                else {
                        fprintf(stderr, "dropped privs to %s\n", username);
                }
 #endif /* HAVE_LIBCAP_NG */
                else {
                        fprintf(stderr, "dropped privs to %s\n", username);
                }
 #endif /* HAVE_LIBCAP_NG */
-       }
-       else {
-               fprintf(stderr, "%s: Couldn't find user '%.32s'\n",
-                       program_name, username);
-               exit_tcpdump(1);
-       }
+       } else
+               error("Couldn't find user '%.32s'", username);
 #ifdef HAVE_LIBCAP_NG
 #ifdef HAVE_LIBCAP_NG
-       /* We don't need CAP_SETUID and CAP_SETGID any more. */
+       /* We don't need CAP_SETUID, CAP_SETGID and CAP_SYS_CHROOT anymore. */
+DIAG_OFF_ASSIGN_ENUM
        capng_updatev(
                CAPNG_DROP,
                CAPNG_EFFECTIVE | CAPNG_PERMITTED,
                CAP_SETUID,
                CAP_SETGID,
        capng_updatev(
                CAPNG_DROP,
                CAPNG_EFFECTIVE | CAPNG_PERMITTED,
                CAP_SETUID,
                CAP_SETGID,
+               CAP_SYS_CHROOT,
                -1);
                -1);
+DIAG_ON_ASSIGN_ENUM
        capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
 
        capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
 
@@ -667,7 +776,9 @@ MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
 {
         char *filename = malloc(PATH_MAX + 1);
         if (filename == NULL)
 {
         char *filename = malloc(PATH_MAX + 1);
         if (filename == NULL)
-            error("Makefilename: malloc");
+            error("%s: malloc", __func__);
+        if (strlen(orig_name) == 0)
+            error("an empty string is not a valid file name");
 
         /* Process with strftime if Gflag is set. */
         if (Gflag != 0) {
 
         /* Process with strftime if Gflag is set. */
         if (Gflag != 0) {
@@ -675,13 +786,29 @@ MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
 
           /* Convert Gflag_time to a usable format */
           if ((local_tm = localtime(&Gflag_time)) == NULL) {
 
           /* Convert Gflag_time to a usable format */
           if ((local_tm = localtime(&Gflag_time)) == NULL) {
-                  error("MakeTimedFilename: localtime");
+                  error("%s: localtime", __func__);
           }
 
           /* There's no good way to detect an error in strftime since a return
           }
 
           /* There's no good way to detect an error in strftime since a return
-           * value of 0 isn't necessarily failure.
+           * value of 0 isn't necessarily failure; if orig_name is an empty
+           * string, the formatted string will be empty.
+           *
+           * However, the C90 standard says that, if there *is* a
+           * buffer overflow, the content of the buffer is undefined,
+           * so we must check for a buffer overflow.
+           *
+           * So we check above for an empty orig_name, and only call
+           * strftime() if it's non-empty, in which case the return
+           * value will only be 0 if the formatted date doesn't fit
+           * in the buffer.
+           *
+           * (We check above because, even if we don't use -G, we
+           * want a better error message than "tcpdump: : No such
+           * file or directory" for this case.)
            */
            */
-          strftime(filename, PATH_MAX, orig_name, local_tm);
+          if (strftime(filename, PATH_MAX, orig_name, local_tm) == 0) {
+            error("%s: strftime", __func__);
+          }
         } else {
           strncpy(filename, orig_name, PATH_MAX);
         }
         } else {
           strncpy(filename, orig_name, PATH_MAX);
         }
@@ -699,17 +826,49 @@ static char *
 get_next_file(FILE *VFile, char *ptr)
 {
        char *ret;
 get_next_file(FILE *VFile, char *ptr)
 {
        char *ret;
+       size_t len;
 
        ret = fgets(ptr, PATH_MAX, VFile);
        if (!ret)
                return NULL;
 
 
        ret = fgets(ptr, PATH_MAX, VFile);
        if (!ret)
                return NULL;
 
-       if (ptr[strlen(ptr) - 1] == '\n')
-               ptr[strlen(ptr) - 1] = '\0';
+       len = strlen (ptr);
+       if (len > 0 && ptr[len - 1] == '\n')
+               ptr[len - 1] = '\0';
 
        return ret;
 }
 
 
        return ret;
 }
 
+#ifdef HAVE_CASPER
+static cap_channel_t *
+capdns_setup(void)
+{
+       cap_channel_t *capcas, *capdnsloc;
+       const char *types[1];
+       int families[2];
+
+       capcas = cap_init();
+       if (capcas == NULL)
+               error("unable to create casper process");
+       capdnsloc = cap_service_open(capcas, "system.dns");
+       /* Casper capability no longer needed. */
+       cap_close(capcas);
+       if (capdnsloc == NULL)
+               error("unable to open system.dns service");
+       /* Limit system.dns to reverse DNS lookups. */
+       types[0] = "ADDR";
+       if (cap_dns_type_limit(capdnsloc, types, 1) < 0)
+               error("unable to limit access to system.dns service");
+       families[0] = AF_INET;
+       /* Casper is a feature of FreeBSD, which defines AF_INET6. */
+       families[1] = AF_INET6;
+       if (cap_dns_family_limit(capdnsloc, families, 2) < 0)
+               error("unable to limit access to system.dns service");
+
+       return (capdnsloc);
+}
+#endif /* HAVE_CASPER */
+
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
 static int
 tstamp_precision_from_string(const char *precision)
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
 static int
 tstamp_precision_from_string(const char *precision)
@@ -746,14 +905,14 @@ tstamp_precision_to_string(int precision)
  * necessary to make the standard I/O library work with an fdopen()ed
  * FILE * from that descriptor.
  *
  * necessary to make the standard I/O library work with an fdopen()ed
  * FILE * from that descriptor.
  *
- * A long time ago, in a galaxy far far away, AT&T decided that, instead
+ * A long time ago in a galaxy far, far away, AT&T decided that, instead
  * of providing separate APIs for getting and setting the FD_ flags on a
  * descriptor, getting and setting the O_ flags on a descriptor, and
  * locking files, they'd throw them all into a kitchen-sink fcntl() call
  * along the lines of ioctl(), the fact that ioctl() operations are
  * largely specific to particular character devices but fcntl() operations
  * are either generic to all descriptors or generic to all descriptors for
  * of providing separate APIs for getting and setting the FD_ flags on a
  * descriptor, getting and setting the O_ flags on a descriptor, and
  * locking files, they'd throw them all into a kitchen-sink fcntl() call
  * along the lines of ioctl(), the fact that ioctl() operations are
  * largely specific to particular character devices but fcntl() operations
  * are either generic to all descriptors or generic to all descriptors for
- * regular files nonwithstanding.
+ * regular files notwithstanding.
  *
  * The Capsicum people decided that fine-grained control of descriptor
  * operations was required, so that you need to grant permission for
  *
  * The Capsicum people decided that fine-grained control of descriptor
  * operations was required, so that you need to grant permission for
@@ -769,7 +928,7 @@ tstamp_precision_to_string(int precision)
  * that requires that it be able to do an F_GETFL fcntl() to read
  * the O_ flags.
  *
  * that requires that it be able to do an F_GETFL fcntl() to read
  * the O_ flags.
  *
- * Tcpdump uses ftell() to determine how much data has been written
+ * tcpdump uses ftell() to determine how much data has been written
  * to a file in order to, when used with -C, determine when it's time
  * to rotate capture files.  ftell() therefore needs to do an lseek()
  * to find out the file offset and must, thanks to the aforementioned
  * to a file in order to, when used with -C, determine when it's time
  * to rotate capture files.  ftell() therefore needs to do an lseek()
  * to find out the file offset and must, thanks to the aforementioned
@@ -814,15 +973,15 @@ set_dumper_capsicum_rights(pcap_dumper_t *p)
  * Copy arg vector into a new buffer, concatenating arguments with spaces.
  */
 static char *
  * Copy arg vector into a new buffer, concatenating arguments with spaces.
  */
 static char *
-copy_argv(register char **argv)
+copy_argv(char **argv)
 {
 {
-       register char **p;
-       register u_int len = 0;
+       char **p;
+       size_t len = 0;
        char *buf;
        char *src, *dst;
 
        p = argv;
        char *buf;
        char *src, *dst;
 
        p = argv;
-       if (*p == 0)
+       if (*p == NULL)
                return 0;
 
        while (*p)
                return 0;
 
        while (*p)
@@ -830,7 +989,7 @@ copy_argv(register char **argv)
 
        buf = (char *)malloc(len);
        if (buf == NULL)
 
        buf = (char *)malloc(len);
        if (buf == NULL)
-               error("copy_argv: malloc");
+               error("%s: malloc", __func__);
 
        p = argv;
        dst = buf;
 
        p = argv;
        dst = buf;
@@ -857,17 +1016,25 @@ copy_argv(register char **argv)
 static char *
 read_infile(char *fname)
 {
 static char *
 read_infile(char *fname)
 {
-       register int i, fd, cc;
-       register char *cp;
-       struct stat buf;
+       int i, fd;
+       ssize_t cc;
+       char *cp;
+       our_statb buf;
 
        fd = open(fname, O_RDONLY|O_BINARY);
        if (fd < 0)
                error("can't open %s: %s", fname, pcap_strerror(errno));
 
 
        fd = open(fname, O_RDONLY|O_BINARY);
        if (fd < 0)
                error("can't open %s: %s", fname, pcap_strerror(errno));
 
-       if (fstat(fd, &buf) < 0)
+       if (our_fstat(fd, &buf) < 0)
                error("can't stat %s: %s", fname, pcap_strerror(errno));
 
                error("can't stat %s: %s", fname, pcap_strerror(errno));
 
+       /*
+        * Reject files whose size doesn't fit into an int; a filter
+        * *that* large will probably be too big.
+        */
+       if (buf.st_size > INT_MAX)
+               error("%s is too large", fname);
+
        cp = malloc((u_int)buf.st_size + 1);
        if (cp == NULL)
                error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1,
        cp = malloc((u_int)buf.st_size + 1);
        if (cp == NULL)
                error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1,
@@ -876,7 +1043,8 @@ read_infile(char *fname)
        if (cc < 0)
                error("read %s: %s", fname, pcap_strerror(errno));
        if (cc != buf.st_size)
        if (cc < 0)
                error("read %s: %s", fname, pcap_strerror(errno));
        if (cc != buf.st_size)
-               error("short read %s (%d != %d)", fname, cc, (int)buf.st_size);
+               error("short read %s (%d != %d)", fname, (int) cc,
+                   (int)buf.st_size);
 
        close(fd);
        /* replace "# comment" with spaces */
 
        close(fd);
        /* replace "# comment" with spaces */
@@ -889,110 +1057,444 @@ read_infile(char *fname)
        return (cp);
 }
 
        return (cp);
 }
 
-int
-main(int argc, char **argv)
+static long
+parse_interface_number(const char *device)
 {
 {
-       register int cnt, op, i;
-       bpf_u_int32 localnet =0 , netmask = 0;
-       int timezone_offset = 0;
-       register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName;
-       pcap_handler callback;
-       int dlt;
-       const char *dlt_name;
-       struct bpf_program fcode;
-#ifndef _WIN32
-       RETSIGTYPE (*oldhandler)(int);
-#endif
-       struct dump_info dumpinfo;
-       u_char *pcap_userdata;
-       char ebuf[PCAP_ERRBUF_SIZE];
-       char VFileLine[PATH_MAX + 1];
-       char *username = NULL;
-       char *chroot_dir = NULL;
-       char *ret = NULL;
+       const char *p;
+       long devnum;
        char *end;
        char *end;
-#ifdef HAVE_PCAP_FINDALLDEVS
+
+       /*
+        * Search for a colon, terminating any scheme at the beginning
+        * of the device.
+        */
+       p = strchr(device, ':');
+       if (p != NULL) {
+               /*
+                * We found it.  Is it followed by "//"?
+                */
+               p++;    /* skip the : */
+               if (strncmp(p, "//", 2) == 0) {
+                       /*
+                        * Yes.  Search for the next /, at the end of the
+                        * authority part of the URL.
+                        */
+                       p += 2; /* skip the // */
+                       p = strchr(p, '/');
+                       if (p != NULL) {
+                               /*
+                                * OK, past the / is the path.
+                                */
+                               device = p + 1;
+                       }
+               }
+       }
+       devnum = strtol(device, &end, 10);
+       if (device != end && *end == '\0') {
+               /*
+                * It's all-numeric, but is it a valid number?
+                */
+               if (devnum <= 0) {
+                       /*
+                        * No, it's not an ordinal.
+                        */
+                       error("Invalid adapter index %s", device);
+               }
+               return (devnum);
+       } else {
+               /*
+                * It's not all-numeric; return -1, so our caller
+                * knows that.
+                */
+               return (-1);
+       }
+}
+
+static char *
+find_interface_by_number(const char *url
+#ifndef HAVE_PCAP_FINDALLDEVS_EX
+_U_
+#endif
+, long devnum)
+{
        pcap_if_t *dev, *devlist;
        pcap_if_t *dev, *devlist;
-       int devnum;
+       long i;
+       char ebuf[PCAP_ERRBUF_SIZE];
+       char *device;
+#ifdef HAVE_PCAP_FINDALLDEVS_EX
+       const char *endp;
+       char *host_url;
 #endif
        int status;
 #endif
        int status;
-       FILE *VFile;
-#ifdef HAVE_CAPSICUM
-       cap_rights_t rights;
-       int cansandbox;
-#endif /* HAVE_CAPSICUM */
-       int Bflag = 0;                  /* buffer size */
-       int jflag = -1;                 /* packet time stamp source */
-       int Oflag = 1;                  /* run filter code optimizer */
-       int pflag = 0;                  /* don't go promiscuous */
-       int yflag_dlt = -1;
-       const char *yflag_dlt_name = NULL;
-
-       netdissect_options Ndo;
-       netdissect_options *ndo = &Ndo;
-       int immediate_mode = 0;
 
 
+#ifdef HAVE_PCAP_FINDALLDEVS_EX
        /*
        /*
-        * Initialize the netdissect code.
+        * Search for a colon, terminating any scheme at the beginning
+        * of the URL.
         */
         */
-       if (nd_init(ebuf, sizeof ebuf) == -1)
+       endp = strchr(url, ':');
+       if (endp != NULL) {
+               /*
+                * We found it.  Is it followed by "//"?
+                */
+               endp++; /* skip the : */
+               if (strncmp(endp, "//", 2) == 0) {
+                       /*
+                        * Yes.  Search for the next /, at the end of the
+                        * authority part of the URL.
+                        */
+                       endp += 2;      /* skip the // */
+                       endp = strchr(endp, '/');
+               } else
+                       endp = NULL;
+       }
+       if (endp != NULL) {
+               /*
+                * OK, everything from device to endp is a URL to hand
+                * to pcap_findalldevs_ex().
+                */
+               endp++; /* Include the trailing / in the URL; pcap_findalldevs_ex() requires it */
+               host_url = malloc(endp - url + 1);
+               if (host_url == NULL && (endp - url + 1) > 0)
+                       error("Invalid allocation for host");
+
+               memcpy(host_url, url, endp - url);
+               host_url[endp - url] = '\0';
+               status = pcap_findalldevs_ex(host_url, NULL, &devlist, ebuf);
+               free(host_url);
+       } else
+#endif
+       status = pcap_findalldevs(&devlist, ebuf);
+       if (status < 0)
                error("%s", ebuf);
                error("%s", ebuf);
+       /*
+        * Look for the devnum-th entry in the list of devices (1-based).
+        */
+       for (i = 0, dev = devlist; i < devnum-1 && dev != NULL;
+           i++, dev = dev->next)
+               ;
+       if (dev == NULL) {
+               pcap_freealldevs(devlist);
+               error("Invalid adapter index %ld: only %ld interfaces found",
+                   devnum, i);
+       }
+       device = strdup(dev->name);
+       pcap_freealldevs(devlist);
+       return (device);
+}
 
 
-       memset(ndo, 0, sizeof(*ndo));
-       ndo_set_function_pointers(ndo);
-       ndo->ndo_snaplen = DEFAULT_SNAPLEN;
-
-       cnt = -1;
-       device = NULL;
-       infile = NULL;
-       RFileName = NULL;
-       VFileName = NULL;
-       VFile = NULL;
-       WFileName = NULL;
-       dlt = -1;
-       if ((cp = strrchr(argv[0], '/')) != NULL)
-               ndo->program_name = program_name = cp + 1;
-       else
-               ndo->program_name = program_name = argv[0];
+#ifdef HAVE_PCAP_OPEN
+/*
+ * Prefixes for rpcap URLs.
+ */
+static char rpcap_prefix[] = "rpcap://";
+static char rpcap_ssl_prefix[] = "rpcaps://";
+#endif
 
 
-#ifdef _WIN32
-       if (pcap_wsockinit() != 0)
-               error("Attempting to initialize Winsock failed");
-#endif /* _WIN32 */
+static pcap_t *
+open_interface(const char *device, netdissect_options *ndo, char *ebuf)
+{
+       pcap_t *pc;
+       int status;
+       char *cp;
 
 
+#ifdef HAVE_PCAP_OPEN
        /*
        /*
-        * On platforms where the CPU doesn't support unaligned loads,
-        * force unaligned accesses to abort with SIGBUS, rather than
-        * being fixed up (slowly) by the OS kernel; on those platforms,
-        * misaligned accesses are bugs, and we want tcpdump to crash so
-        * that the bugs are reported.
+        * Is this an rpcap URL?
         */
         */
-       if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
-               error("%s", ebuf);
-
-       while (
-           (op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1)
-               switch (op) {
+       if (strncmp(device, rpcap_prefix, sizeof(rpcap_prefix) - 1) == 0 ||
+           strncmp(device, rpcap_ssl_prefix, sizeof(rpcap_ssl_prefix) - 1) == 0) {
+               /*
+                * Yes.  Open it with pcap_open().
+                */
+               *ebuf = '\0';
+               pc = pcap_open(device, ndo->ndo_snaplen,
+                   pflag ? 0 : PCAP_OPENFLAG_PROMISCUOUS, timeout, NULL,
+                   ebuf);
+               if (pc == NULL) {
+                       /*
+                        * macOS 14's pcap_pcap_open(), which is a
+                        * stub that always returns NULL with an error
+                        * message of "not supported".
+                        *
+                        * In this case, as we passed it an rpcap://
+                        * URL, treat that as meaning "remote capture
+                        * not supported".
+                        */
+                       if (strcmp(ebuf, "not supported") == 0)
+                               error("Remote capture not supported");
 
 
-               case 'a':
-                       /* compatibility for old -a */
-                       break;
+                       /*
+                        * If this failed with "No such device" or "The system
+                        * cannot find the device specified", that means
+                        * the interface doesn't exist; return NULL, so that
+                        * the caller can see whether the device name is
+                        * actually an interface index.
+                        */
+                       if (strstr(ebuf, "No such device") != NULL ||
+                           strstr(ebuf, "The system cannot find the device specified") != NULL)
+                               return (NULL);
+                       error("%s", ebuf);
+               }
+               if (*ebuf)
+                       warning("%s", ebuf);
+               return (pc);
+       }
+#endif /* HAVE_PCAP_OPEN */
 
 
-               case 'A':
-                       ++ndo->ndo_Aflag;
-                       break;
+       pc = pcap_create(device, ebuf);
+       if (pc == NULL) {
+               /*
+                * If this failed with "No such device", that means
+                * the interface doesn't exist; return NULL, so that
+                * the caller can see whether the device name is
+                * actually an interface index.
+                */
+               if (strstr(ebuf, "No such device") != NULL)
+                       return (NULL);
+               error("%s", ebuf);
+       }
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+       if (Jflag)
+               show_tstamp_types_and_exit(pc, device);
+#endif
+#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
+       status = pcap_set_tstamp_precision(pc, ndo->ndo_tstamp_precision);
+       if (status != 0)
+               error("%s: Can't set %ssecond time stamp precision: %s",
+                   device,
+                   tstamp_precision_to_string(ndo->ndo_tstamp_precision),
+                   pcap_statustostr(status));
+#endif
+
+#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
+       if (immediate_mode) {
+               status = pcap_set_immediate_mode(pc, 1);
+               if (status != 0)
+                       error("%s: Can't set immediate mode: %s",
+                           device, pcap_statustostr(status));
+       }
+#endif
+       /*
+        * Is this an interface that supports monitor mode?
+        */
+       if (pcap_can_set_rfmon(pc) == 1)
+               supports_monitor_mode = 1;
+       else
+               supports_monitor_mode = 0;
+       if (ndo->ndo_snaplen != 0) {
+               /*
+                * A snapshot length was explicitly specified;
+                * use it.
+                */
+               status = pcap_set_snaplen(pc, ndo->ndo_snaplen);
+               if (status != 0)
+                       error("%s: Can't set snapshot length: %s",
+                           device, pcap_statustostr(status));
+       }
+       status = pcap_set_promisc(pc, !pflag);
+       if (status != 0)
+               error("%s: Can't set promiscuous mode: %s",
+                   device, pcap_statustostr(status));
+       if (Iflag) {
+               status = pcap_set_rfmon(pc, 1);
+               if (status != 0)
+                       error("%s: Can't set monitor mode: %s",
+                           device, pcap_statustostr(status));
+       }
+       status = pcap_set_timeout(pc, timeout);
+       if (status != 0)
+               error("%s: pcap_set_timeout failed: %s",
+                   device, pcap_statustostr(status));
+       if (Bflag != 0) {
+               status = pcap_set_buffer_size(pc, Bflag);
+               if (status != 0)
+                       error("%s: Can't set buffer size: %s",
+                           device, pcap_statustostr(status));
+       }
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+       if (jflag != -1) {
+               status = pcap_set_tstamp_type(pc, jflag);
+               if (status < 0)
+                       error("%s: Can't set time stamp type: %s",
+                           device, pcap_statustostr(status));
+               else if (status > 0)
+                       warning("When trying to set timestamp type '%s' on %s: %s",
+                           pcap_tstamp_type_val_to_name(jflag), device,
+                           pcap_statustostr(status));
+       }
+#endif
+       status = pcap_activate(pc);
+       if (status < 0) {
+               /*
+                * pcap_activate() failed.
+                */
+               cp = pcap_geterr(pc);
+               if (status == PCAP_ERROR)
+                       error("%s", cp);
+               else if (status == PCAP_ERROR_NO_SUCH_DEVICE) {
+                       /*
+                        * Return an error for our caller to handle.
+                        */
+                       snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s\n(%s)",
+                           device, pcap_statustostr(status), cp);
+               } else if (status == PCAP_ERROR_PERM_DENIED && *cp != '\0')
+                       error("%s: %s\n(%s)", device,
+                           pcap_statustostr(status), cp);
+#ifdef __FreeBSD__
+               else if (status == PCAP_ERROR_RFMON_NOTSUP &&
+                   strncmp(device, "wlan", 4) == 0) {
+                       char parent[8], newdev[8];
+                       char sysctl[32];
+                       size_t s = sizeof(parent);
+
+                       snprintf(sysctl, sizeof(sysctl),
+                           "net.wlan.%d.%%parent", atoi(device + 4));
+                       sysctlbyname(sysctl, parent, &s, NULL, 0);
+                       strlcpy(newdev, device, sizeof(newdev));
+                       /* Suggest a new wlan device. */
+                       /* FIXME: incrementing the index this way is not going to work well
+                        * when the index is 9 or greater but the only consequence in this
+                        * specific case would be an error message that looks a bit odd.
+                        */
+                       newdev[strlen(newdev)-1]++;
+                       error("%s is not a monitor mode VAP\n"
+                           "To create a new monitor mode VAP use:\n"
+                           "  ifconfig %s create wlandev %s wlanmode monitor\n"
+                           "and use %s as the tcpdump interface",
+                           device, newdev, parent, newdev);
+               }
+#endif
+               else
+                       error("%s: %s", device,
+                           pcap_statustostr(status));
+               pcap_close(pc);
+               return (NULL);
+       } else if (status > 0) {
+               /*
+                * pcap_activate() succeeded, but it's warning us
+                * of a problem it had.
+                */
+               cp = pcap_geterr(pc);
+               if (status == PCAP_WARNING)
+                       warning("%s", cp);
+               else if (status == PCAP_WARNING_PROMISC_NOTSUP &&
+                        *cp != '\0')
+                       warning("%s: %s\n(%s)", device,
+                           pcap_statustostr(status), cp);
+               else
+                       warning("%s: %s", device,
+                           pcap_statustostr(status));
+       }
+       if (Qflag != -1) {
+               status = pcap_setdirection(pc, Qflag);
+               if (status != 0)
+                       error("%s: pcap_setdirection() failed: %s",
+                             device,  pcap_geterr(pc));
+       }
+
+       return (pc);
+}
+
+int
+main(int argc, char **argv)
+{
+       int cnt, op, i;
+       bpf_u_int32 localnet = 0, netmask = 0;
+       char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName;
+       char *endp;
+       pcap_handler callback;
+       int dlt;
+       const char *dlt_name;
+       struct bpf_program fcode;
+#ifndef _WIN32
+       void (*oldhandler)(int);
+#endif
+       struct dump_info dumpinfo;
+       u_char *pcap_userdata;
+       char ebuf[PCAP_ERRBUF_SIZE];
+       char VFileLine[PATH_MAX + 1];
+       const char *username = NULL;
+#ifndef _WIN32
+       const char *chroot_dir = NULL;
+#endif
+       char *ret = NULL;
+       char *end;
+       pcap_if_t *devlist;
+       long devnum;
+       int status;
+       FILE *VFile;
+#ifdef HAVE_CAPSICUM
+       cap_rights_t rights;
+       int cansandbox;
+#endif /* HAVE_CAPSICUM */
+       int Oflag = 1;                  /* run filter code optimizer */
+       int yflag_dlt = -1;
+       const char *yflag_dlt_name = NULL;
+       int print = 0;
+       long Cflagmult;
+
+       netdissect_options Ndo;
+       netdissect_options *ndo = &Ndo;
+
+       /*
+        * Initialize the netdissect code.
+        */
+       if (nd_init(ebuf, sizeof(ebuf)) == -1)
+               error("%s", ebuf);
+
+       memset(ndo, 0, sizeof(*ndo));
+       ndo_set_function_pointers(ndo);
+
+       cnt = -1;
+       device = NULL;
+       infile = NULL;
+       RFileName = NULL;
+       VFileName = NULL;
+       VFile = NULL;
+       WFileName = NULL;
+       dlt = -1;
+       if ((cp = strrchr(argv[0], PATH_SEPARATOR)) != NULL)
+               ndo->program_name = program_name = cp + 1;
+       else
+               ndo->program_name = program_name = argv[0];
+
+#if defined(HAVE_PCAP_WSOCKINIT)
+       if (pcap_wsockinit() != 0)
+               error("Attempting to initialize Winsock failed");
+#elif defined(HAVE_WSOCKINIT)
+       if (wsockinit() != 0)
+               error("Attempting to initialize Winsock failed");
+#endif
+
+       /*
+        * An explicit tzset() call is usually not needed as it happens
+        * implicitly the first time we call localtime() or mktime(),
+        * but in some cases (sandboxing, chroot) this may be too late.
+        */
+       tzset();
+
+       while (
+           (op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1)
+               switch (op) {
+
+               case 'a':
+                       /* compatibility for old -a */
+                       break;
+
+               case 'A':
+                       ++ndo->ndo_Aflag;
+                       break;
 
                case 'b':
                        ++ndo->ndo_bflag;
                        break;
 
 
                case 'b':
                        ++ndo->ndo_bflag;
                        break;
 
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
                case 'B':
                        Bflag = atoi(optarg)*1024;
                        if (Bflag <= 0)
                                error("invalid packet buffer size %s", optarg);
                        break;
                case 'B':
                        Bflag = atoi(optarg)*1024;
                        if (Bflag <= 0)
                                error("invalid packet buffer size %s", optarg);
                        break;
-#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
 
                case 'c':
                        cnt = atoi(optarg);
 
                case 'c':
                        cnt = atoi(optarg);
@@ -1001,9 +1503,83 @@ main(int argc, char **argv)
                        break;
 
                case 'C':
                        break;
 
                case 'C':
-                       Cflag = atoi(optarg) * 1000000;
-                       if (Cflag <= 0)
+                       errno = 0;
+#ifdef HAVE_PCAP_DUMP_FTELL64
+                       Cflag = strtoint64_t(optarg, &endp, 10);
+#else
+                       Cflag = strtol(optarg, &endp, 10);
+#endif
+                       if (endp == optarg || errno != 0 || Cflag <= 0)
                                error("invalid file size %s", optarg);
                                error("invalid file size %s", optarg);
+
+                       if (*endp == '\0') {
+                               /*
+                                * There's nothing after the file size,
+                                * so the size is in units of 1 MB
+                                * (1,000,000 bytes).
+                                */
+                               Cflagmult = 1000000;
+                       } else {
+                               /*
+                                * There's something after the file
+                                * size.
+                                *
+                                * If it's a single letter, then:
+                                *
+                                *   if the letter is k or K, the size
+                                *   is in units of 1 KiB (1024 bytes);
+                                *
+                                *   if the letter is m or M, the size
+                                *   is in units of 1 MiB (1,048,576 bytes);
+                                *
+                                *   if the letter is g or G, the size
+                                *   is in units of 1 GiB (1,073,741,824 bytes).
+                                *
+                                * Otherwise, it's an error.
+                                */
+                               switch (*endp) {
+
+                               case 'k':
+                               case 'K':
+                                       Cflagmult = 1024;
+                                       break;
+
+                               case 'm':
+                               case 'M':
+                                       Cflagmult = 1024*1024;
+                                       break;
+
+                               case 'g':
+                               case 'G':
+                                       Cflagmult = 1024*1024*1024;
+                                       break;
+
+                               default:
+                                       error("invalid file size %s", optarg);
+                               }
+
+                               /*
+                                * OK, there was a letter that we treat
+                                * as a units indication; was there
+                                * anything after it?
+                                */
+                               endp++;
+                               if (*endp != '\0') {
+                                       /* Yes - error */
+                                       error("invalid file size %s", optarg);
+                               }
+                       }
+
+                       /*
+                        * Will multiplying it by multiplier overflow?
+                        */
+#ifdef HAVE_PCAP_DUMP_FTELL64
+                       if (Cflag > INT64_T_CONSTANT(0x7fffffffffffffff) / Cflagmult)
+#else
+                       if (Cflag > LONG_MAX / Cflagmult)
+#endif
+                               error("file size %s is too large", optarg);
+                       Cflag *= Cflagmult;
                        break;
 
                case 'd':
                        break;
 
                case 'd':
@@ -1014,6 +1590,12 @@ main(int argc, char **argv)
                        Dflag++;
                        break;
 
                        Dflag++;
                        break;
 
+#ifdef HAVE_PCAP_FINDALLDEVS_EX
+               case OPTION_LIST_REMOTE_INTERFACES:
+                       remote_interfaces_source = optarg;
+                       break;
+#endif
+
                case 'L':
                        Lflag++;
                        break;
                case 'L':
                        Lflag++;
                        break;
@@ -1047,65 +1629,27 @@ main(int argc, char **argv)
 
                        /* Grab the current time for rotation use. */
                        if ((Gflag_time = time(NULL)) == (time_t)-1) {
 
                        /* Grab the current time for rotation use. */
                        if ((Gflag_time = time(NULL)) == (time_t)-1) {
-                               error("main: can't get current time: %s",
-                                   pcap_strerror(errno));
+                               error("%s: can't get current time: %s",
+                                   __func__, pcap_strerror(errno));
                        }
                        break;
 
                case 'h':
                        }
                        break;
 
                case 'h':
-                       print_usage();
-                       exit_tcpdump(0);
-                       break;
+                       print_usage(stdout);
+                       exit_tcpdump(S_SUCCESS);
+                       /* NOTREACHED */
 
                case 'H':
                        ++ndo->ndo_Hflag;
                        break;
 
                case 'i':
 
                case 'H':
                        ++ndo->ndo_Hflag;
                        break;
 
                case 'i':
-                       if (optarg[0] == '0' && optarg[1] == 0)
-                               error("Invalid adapter index");
-
-#ifdef HAVE_PCAP_FINDALLDEVS
-                       /*
-                        * If the argument is a number, treat it as
-                        * an index into the list of adapters, as
-                        * printed by "tcpdump -D".
-                        *
-                        * This should be OK on UNIX systems, as interfaces
-                        * shouldn't have names that begin with digits.
-                        * It can be useful on Windows, where more than
-                        * one interface can have the same name.
-                        */
-                       devnum = strtol(optarg, &end, 10);
-                       if (optarg != end && *end == '\0') {
-                               if (devnum < 0)
-                                       error("Invalid adapter index");
-
-                               if (pcap_findalldevs(&devlist, ebuf) < 0)
-                                       error("%s", ebuf);
-                               /*
-                                * Look for the devnum-th entry in the
-                                * list of devices (1-based).
-                                */
-                               for (i = 0, dev = devlist;
-                                   i < devnum-1 && dev != NULL;
-                                   i++, dev = dev->next)
-                                       ;
-                               if (dev == NULL)
-                                       error("Invalid adapter index");
-                               device = strdup(dev->name);
-                               pcap_freealldevs(devlist);
-                               break;
-                       }
-#endif /* HAVE_PCAP_FINDALLDEVS */
                        device = optarg;
                        break;
 
                        device = optarg;
                        break;
 
-#ifdef HAVE_PCAP_CREATE
                case 'I':
                        ++Iflag;
                        break;
                case 'I':
                        ++Iflag;
                        break;
-#endif /* HAVE_PCAP_CREATE */
 
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
                case 'j':
 
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
                case 'j':
@@ -1132,12 +1676,9 @@ main(int argc, char **argv)
                         */
                        setvbuf(stdout, NULL, _IONBF, 0);
 #else /* _WIN32 */
                         */
                        setvbuf(stdout, NULL, _IONBF, 0);
 #else /* _WIN32 */
-#ifdef HAVE_SETLINEBUF
-                       setlinebuf(stdout);
-#else
                        setvbuf(stdout, NULL, _IOLBF, 0);
                        setvbuf(stdout, NULL, _IOLBF, 0);
-#endif
 #endif /* _WIN32 */
 #endif /* _WIN32 */
+                       lflag = 1;
                        break;
 
                case 'K':
                        break;
 
                case 'K':
@@ -1146,10 +1687,10 @@ main(int argc, char **argv)
 
                case 'm':
                        if (nd_have_smi_support()) {
 
                case 'm':
                        if (nd_have_smi_support()) {
-                               if (nd_load_smi_module(optarg, ebuf, sizeof ebuf) == -1)
+                               if (nd_load_smi_module(optarg, ebuf, sizeof(ebuf)) == -1)
                                        error("%s", ebuf);
                        } else {
                                        error("%s", ebuf);
                        } else {
-                               (void)fprintf(stderr, "%s: ignoring option `-m %s' ",
+                               (void)fprintf(stderr, "%s: ignoring option '-m %s' ",
                                              program_name, optarg);
                                (void)fprintf(stderr, "(no libsmi support)\n");
                        }
                                              program_name, optarg);
                                (void)fprintf(stderr, "(no libsmi support)\n");
                        }
@@ -1184,7 +1725,6 @@ main(int argc, char **argv)
                        ++ndo->ndo_suppress_default_print;
                        break;
 
                        ++ndo->ndo_suppress_default_print;
                        break;
 
-#ifdef HAVE_PCAP_SETDIRECTION
                case 'Q':
                        if (ascii_strcasecmp(optarg, "in") == 0)
                                Qflag = PCAP_D_IN;
                case 'Q':
                        if (ascii_strcasecmp(optarg, "in") == 0)
                                Qflag = PCAP_D_IN;
@@ -1193,21 +1733,19 @@ main(int argc, char **argv)
                        else if (ascii_strcasecmp(optarg, "inout") == 0)
                                Qflag = PCAP_D_INOUT;
                        else
                        else if (ascii_strcasecmp(optarg, "inout") == 0)
                                Qflag = PCAP_D_INOUT;
                        else
-                               error("unknown capture direction `%s'", optarg);
+                               error("unknown capture direction '%s'", optarg);
                        break;
                        break;
-#endif /* HAVE_PCAP_SETDIRECTION */
 
                case 'r':
                        RFileName = optarg;
                        break;
 
                case 's':
 
                case 'r':
                        RFileName = optarg;
                        break;
 
                case 's':
-                       ndo->ndo_snaplen = strtol(optarg, &end, 0);
+                       ndo->ndo_snaplen = (int)strtol(optarg, &end, 0);
                        if (optarg == end || *end != '\0'
                            || ndo->ndo_snaplen < 0 || ndo->ndo_snaplen > MAXIMUM_SNAPLEN)
                        if (optarg == end || *end != '\0'
                            || ndo->ndo_snaplen < 0 || ndo->ndo_snaplen > MAXIMUM_SNAPLEN)
-                               error("invalid snaplen %s", optarg);
-                       else if (ndo->ndo_snaplen == 0)
-                               ndo->ndo_snaplen = MAXIMUM_SNAPLEN;
+                               error("invalid snaplen %s (must be >= 0 and <= %d)",
+                                     optarg, MAXIMUM_SNAPLEN);
                        break;
 
                case 'S':
                        break;
 
                case 'S':
@@ -1253,19 +1791,25 @@ main(int argc, char **argv)
                                ndo->ndo_packettype = PT_LMP;
                        else if (ascii_strcasecmp(optarg, "resp") == 0)
                                ndo->ndo_packettype = PT_RESP;
                                ndo->ndo_packettype = PT_LMP;
                        else if (ascii_strcasecmp(optarg, "resp") == 0)
                                ndo->ndo_packettype = PT_RESP;
+                       else if (ascii_strcasecmp(optarg, "ptp") == 0)
+                               ndo->ndo_packettype = PT_PTP;
+                       else if (ascii_strcasecmp(optarg, "someip") == 0)
+                               ndo->ndo_packettype = PT_SOMEIP;
+                       else if (ascii_strcasecmp(optarg, "domain") == 0)
+                               ndo->ndo_packettype = PT_DOMAIN;
+                       else if (ascii_strcasecmp(optarg, "quic") == 0)
+                               ndo->ndo_packettype = PT_QUIC;
                        else
                        else
-                               error("unknown packet type `%s'", optarg);
+                               error("unknown packet type '%s'", optarg);
                        break;
 
                case 'u':
                        ++ndo->ndo_uflag;
                        break;
 
                        break;
 
                case 'u':
                        ++ndo->ndo_uflag;
                        break;
 
-#ifdef HAVE_PCAP_DUMP_FLUSH
                case 'U':
                        ++Uflag;
                        break;
                case 'U':
                        ++Uflag;
                        break;
-#endif
 
                case 'v':
                        ++ndo->ndo_vflag;
 
                case 'v':
                        ++ndo->ndo_vflag;
@@ -1324,11 +1868,19 @@ main(int argc, char **argv)
                        ndo->ndo_packet_number = 1;
                        break;
 
                        ndo->ndo_packet_number = 1;
                        break;
 
-               case OPTION_VERSION:
-                       print_version();
-                       exit_tcpdump(0);
+               case OPTION_LENGTHS:
+                       ndo->ndo_lengths = 1;
                        break;
 
                        break;
 
+               case OPTION_TIME_T_SIZE:
+                       printf("%zu\n", sizeof(time_t) * 8);
+                       return 0;
+
+               case OPTION_VERSION:
+                       print_version(stdout);
+                       exit_tcpdump(S_SUCCESS);
+                       /* NOTREACHED */
+
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
                case OPTION_TSTAMP_PRECISION:
                        ndo->ndo_tstamp_precision = tstamp_precision_from_string(optarg);
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
                case OPTION_TSTAMP_PRECISION:
                        ndo->ndo_tstamp_precision = tstamp_precision_from_string(optarg);
@@ -1343,33 +1895,69 @@ main(int argc, char **argv)
                        break;
 #endif
 
                        break;
 #endif
 
+               case OPTION_PRINT:
+                       print = 1;
+                       break;
+
+               case OPTION_PRINT_SAMPLING:
+                       print = 1;
+                       ++ndo->ndo_Sflag;
+                       ndo->ndo_print_sampling = atoi(optarg);
+                       if (ndo->ndo_print_sampling <= 0)
+                               error("invalid print sampling %s", optarg);
+                       break;
+
+#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
+               case OPTION_TSTAMP_MICRO:
+                       ndo->ndo_tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
+                       break;
+
+               case OPTION_TSTAMP_NANO:
+                       ndo->ndo_tstamp_precision = PCAP_TSTAMP_PRECISION_NANO;
+                       break;
+#endif
+
+               case OPTION_FP_TYPE:
+                       /*
+                        * Print out the type of floating-point arithmetic
+                        * we're doing; it's probably IEEE, unless somebody
+                        * tries to run this on a VAX, but the precision
+                        * may differ (e.g., it might be 32-bit, 64-bit,
+                        * or 80-bit).
+                        */
+                       float_type_check(0x4e93312d);
+                       return 0;
+
+               case OPTION_COUNT:
+                       count_mode = 1;
+                       break;
+
                default:
                default:
-                       print_usage();
-                       exit_tcpdump(1);
+                       print_usage(stderr);
+                       exit_tcpdump(S_ERR_HOST_PROGRAM);
                        /* NOTREACHED */
                }
 
                        /* NOTREACHED */
                }
 
-#ifdef HAVE_PCAP_FINDALLDEVS
        if (Dflag)
                show_devices_and_exit();
        if (Dflag)
                show_devices_and_exit();
+#ifdef HAVE_PCAP_FINDALLDEVS_EX
+       if (remote_interfaces_source != NULL)
+               show_remote_devices_and_exit();
 #endif
 
        switch (ndo->ndo_tflag) {
 
        case 0: /* Default */
 #endif
 
        switch (ndo->ndo_tflag) {
 
        case 0: /* Default */
-       case 4: /* Default + Date*/
-               timezone_offset = gmt2local(0);
-               break;
-
        case 1: /* No time stamp */
        case 2: /* Unix timeval style */
        case 1: /* No time stamp */
        case 2: /* Unix timeval style */
-       case 3: /* Microseconds since previous packet */
-        case 5: /* Microseconds since first packet */
+       case 3: /* Microseconds/nanoseconds since previous packet */
+       case 4: /* Date + Default */
+       case 5: /* Microseconds/nanoseconds since first packet */
                break;
 
        default: /* Not supported */
                error("only -t, -tt, -ttt, -tttt and -ttttt are supported");
                break;
 
        default: /* Not supported */
                error("only -t, -tt, -ttt, -tttt and -ttttt are supported");
-               break;
+               /* NOTREACHED */
        }
 
        if (ndo->ndo_fflag != 0 && (VFileName != NULL || RFileName != NULL))
        }
 
        if (ndo->ndo_fflag != 0 && (VFileName != NULL || RFileName != NULL))
@@ -1378,16 +1966,18 @@ main(int argc, char **argv)
        if (VFileName != NULL && RFileName != NULL)
                error("-V and -r are mutually exclusive.");
 
        if (VFileName != NULL && RFileName != NULL)
                error("-V and -r are mutually exclusive.");
 
-#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
        /*
        /*
-        * If we're printing dissected packets to the standard output
-        * rather than saving raw packets to a file, and the standard
-        * output is a terminal, use immediate mode, as the user's
-        * probably expecting to see packets pop up immediately.
+        * If we're printing dissected packets to the standard output,
+        * and either the standard output is a terminal or we're doing
+        * "line" buffering, set the capture timeout to .1 second rather
+        * than 1 second, as the user's probably expecting to see packets
+        * pop up immediately shortly after they arrive.
+        *
+        * XXX - would there be some value appropriate for all cases,
+        * based on, say, the buffer size and packet input rate?
         */
         */
-       if (WFileName == NULL && isatty(1))
-               immediate_mode = 1;
-#endif
+       if ((WFileName == NULL || print) && (isatty(1) || lflag))
+               timeout = 100;
 
 #ifdef WITH_CHROOT
        /* if run as root, prepare for chrooting */
 
 #ifdef WITH_CHROOT
        /* if run as root, prepare for chrooting */
@@ -1404,6 +1994,8 @@ main(int argc, char **argv)
                /* Run with '-Z root' to restore old behaviour */
                if (!username)
                        username = WITH_USER;
                /* Run with '-Z root' to restore old behaviour */
                if (!username)
                        username = WITH_USER;
+               else if (strcmp(username, "root") == 0)
+                       username = NULL;
        }
 #endif
 
        }
 #endif
 
@@ -1463,199 +2055,139 @@ main(int argc, char **argv)
 #endif
                dlt = pcap_datalink(pd);
                dlt_name = pcap_datalink_val_to_name(dlt);
 #endif
                dlt = pcap_datalink(pd);
                dlt_name = pcap_datalink_val_to_name(dlt);
+               fprintf(stderr, "reading from file %s", RFileName);
                if (dlt_name == NULL) {
                if (dlt_name == NULL) {
-                       fprintf(stderr, "reading from file %s, link-type %u\n",
-                           RFileName, dlt);
+                       fprintf(stderr, ", link-type %u", dlt);
                } else {
                } else {
-                       fprintf(stderr,
-                           "reading from file %s, link-type %s (%s)\n",
-                           RFileName, dlt_name,
-                           pcap_datalink_val_to_description(dlt));
+                       fprintf(stderr, ", link-type %s (%s)", dlt_name,
+                               pcap_datalink_val_to_description(dlt));
                }
                }
+               fprintf(stderr, ", snapshot length %d\n", pcap_snapshot(pd));
+#if defined(DLT_LINUX_SLL2) && defined(__linux__)
+               if (dlt == DLT_LINUX_SLL2)
+                       fprintf(stderr, "Warning: interface names might be incorrect\n");
+#endif
+       } else if (dflag && !device) {
+               int dump_dlt = DLT_EN10MB;
+               /*
+                * We're dumping the compiled code without an explicit
+                * device specification.  (If a device is specified, we
+                * definitely want to open it to use the DLT of that device.)
+                * Either default to DLT_EN10MB with a warning, or use
+                * the user-specified value if supplied.
+                */
+               /*
+                * If no snapshot length was specified, or a length of 0 was
+                * specified, default to 256KB.
+                */
+               if (ndo->ndo_snaplen == 0)
+                       ndo->ndo_snaplen = MAXIMUM_SNAPLEN;
+               /*
+                * If a DLT was specified with the -y flag, use that instead.
+                */
+               if (yflag_dlt != -1)
+                       dump_dlt = yflag_dlt;
+               else
+                       fprintf(stderr, "Warning: assuming Ethernet\n");
+               pd = pcap_open_dead(dump_dlt, ndo->ndo_snaplen);
        } else {
                /*
                 * We're doing a live capture.
                 */
                if (device == NULL) {
        } else {
                /*
                 * We're doing a live capture.
                 */
                if (device == NULL) {
-#ifdef HAVE_PCAP_FINDALLDEVS
-                       if (pcap_findalldevs(&devlist, ebuf) >= 0 &&
-                           devlist != NULL) {
-                               device = strdup(devlist->name);
-                               pcap_freealldevs(devlist);
-                       }
-#else /* HAVE_PCAP_FINDALLDEVS */
-                       device = pcap_lookupdev(ebuf);
-#endif
-                       if (device == NULL)
+                       /*
+                        * No interface was specified.  Pick one.
+                        */
+                       /*
+                        * Find the list of interfaces, and pick
+                        * the first interface.
+                        */
+                       if (pcap_findalldevs(&devlist, ebuf) == -1)
                                error("%s", ebuf);
                                error("%s", ebuf);
+                       if (devlist == NULL)
+                               error("no interfaces available for capture");
+                       device = strdup(devlist->name);
+                       pcap_freealldevs(devlist);
                }
                }
-#ifdef _WIN32
-               /*
-                * Print a message to the standard error on Windows.
-                * XXX - why do it here, with a different message?
-                */
-               if(strlen(device) == 1) /* we assume that an ASCII string is always longer than 1 char */
-               {                                               /* a Unicode string has a \0 as second byte (so strlen() is 1) */
-                       fprintf(stderr, "%s: listening on %ws\n", program_name, device);
-               }
-               else
-               {
-                       fprintf(stderr, "%s: listening on %s\n", program_name, device);
-               }
-
-               fflush(stderr);
-#endif /* _WIN32 */
-#ifdef HAVE_PCAP_CREATE
-               pd = pcap_create(device, ebuf);
-               if (pd == NULL)
-                       error("%s", ebuf);
-#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
-               if (Jflag)
-                       show_tstamp_types_and_exit(device);
-#endif
-#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
-               status = pcap_set_tstamp_precision(pd, ndo->ndo_tstamp_precision);
-               if (status != 0)
-                       error("%s: Can't set %ssecond time stamp precision: %s",
-                               device,
-                               tstamp_precision_to_string(ndo->ndo_tstamp_precision),
-                               pcap_statustostr(status));
-#endif
 
 
-#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
-               if (immediate_mode) {
-                       status = pcap_set_immediate_mode(pd, 1);
-                       if (status != 0)
-                               error("%s: Can't set immediate mode: %s",
-                               device,
-                               pcap_statustostr(status));
-               }
-#endif
                /*
                /*
-                * Is this an interface that supports monitor mode?
+                * Try to open the interface with the specified name.
                 */
                 */
-               if (pcap_can_set_rfmon(pd) == 1)
-                       supports_monitor_mode = 1;
-               else
-                       supports_monitor_mode = 0;
-               status = pcap_set_snaplen(pd, ndo->ndo_snaplen);
-               if (status != 0)
-                       error("%s: Can't set snapshot length: %s",
-                           device, pcap_statustostr(status));
-               status = pcap_set_promisc(pd, !pflag);
-               if (status != 0)
-                       error("%s: Can't set promiscuous mode: %s",
-                           device, pcap_statustostr(status));
-               if (Iflag) {
-                       status = pcap_set_rfmon(pd, 1);
-                       if (status != 0)
-                               error("%s: Can't set monitor mode: %s",
-                                   device, pcap_statustostr(status));
-               }
-               status = pcap_set_timeout(pd, 1000);
-               if (status != 0)
-                       error("%s: pcap_set_timeout failed: %s",
-                           device, pcap_statustostr(status));
-               if (Bflag != 0) {
-                       status = pcap_set_buffer_size(pd, Bflag);
-                       if (status != 0)
-                               error("%s: Can't set buffer size: %s",
-                                   device, pcap_statustostr(status));
-               }
-#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
-                if (jflag != -1) {
-                       status = pcap_set_tstamp_type(pd, jflag);
-                       if (status < 0)
-                               error("%s: Can't set time stamp type: %s",
-                                     device, pcap_statustostr(status));
-               }
-#endif
-               status = pcap_activate(pd);
-               if (status < 0) {
+               pd = open_interface(device, ndo, ebuf);
+               if (pd == NULL) {
                        /*
                        /*
-                        * pcap_activate() failed.
+                        * That failed.  If we can get a list of
+                        * interfaces, and the interface name
+                        * is purely numeric, try to use it as
+                        * a 1-based index in the list of
+                        * interfaces.
                         */
                         */
-                       cp = pcap_geterr(pd);
-                       if (status == PCAP_ERROR)
-                               error("%s", cp);
-                       else if ((status == PCAP_ERROR_NO_SUCH_DEVICE ||
-                                 status == PCAP_ERROR_PERM_DENIED) &&
-                                *cp != '\0')
-                               error("%s: %s\n(%s)", device,
-                                   pcap_statustostr(status), cp);
-                       else
-                               error("%s: %s", device,
-                                   pcap_statustostr(status));
-               } else if (status > 0) {
+                       devnum = parse_interface_number(device);
+                       if (devnum == -1) {
+                               /*
+                                * It's not a number; just report
+                                * the open error and fail.
+                                */
+                               error("%s", ebuf);
+                       }
+
                        /*
                        /*
-                        * pcap_activate() succeeded, but it's warning us
-                        * of a problem it had.
+                        * OK, it's a number; try to find the
+                        * interface with that index, and try
+                        * to open it.
+                        *
+                        * find_interface_by_number() exits if it
+                        * couldn't be found.
                         */
                         */
-                       cp = pcap_geterr(pd);
-                       if (status == PCAP_WARNING)
-                               warning("%s", cp);
-                       else if (status == PCAP_WARNING_PROMISC_NOTSUP &&
-                                *cp != '\0')
-                               warning("%s: %s\n(%s)", device,
-                                   pcap_statustostr(status), cp);
-                       else
-                               warning("%s: %s", device,
-                                   pcap_statustostr(status));
-               }
-#ifdef HAVE_PCAP_SETDIRECTION
-               if (Qflag != -1) {
-                       status = pcap_setdirection(pd, Qflag);
-                       if (status != 0)
-                               error("%s: pcap_setdirection() failed: %s",
-                                     device,  pcap_geterr(pd));
+                       device = find_interface_by_number(device, devnum);
+                       pd = open_interface(device, ndo, ebuf);
+                       if (pd == NULL)
+                               error("%s", ebuf);
                }
                }
-#endif /* HAVE_PCAP_SETDIRECTION */
-#else
-               *ebuf = '\0';
-               pd = pcap_open_live(device, ndo->ndo_snaplen, !pflag, 1000,
-                   ebuf);
-               if (pd == NULL)
-                       error("%s", ebuf);
-               else if (*ebuf)
-                       warning("%s", ebuf);
-#endif /* HAVE_PCAP_CREATE */
+
                /*
                /*
-                * Let user own process after socket has been opened.
+                * Let user own process after capture device has
+                * been opened.
                 */
 #ifndef _WIN32
                if (setgid(getgid()) != 0 || setuid(getuid()) != 0)
                        fprintf(stderr, "Warning: setgid/setuid failed !\n");
 #endif /* _WIN32 */
                 */
 #ifndef _WIN32
                if (setgid(getgid()) != 0 || setuid(getuid()) != 0)
                        fprintf(stderr, "Warning: setgid/setuid failed !\n");
 #endif /* _WIN32 */
-#if !defined(HAVE_PCAP_CREATE) && defined(_WIN32)
-               if(Bflag != 0)
-                       if(pcap_setbuff(pd, Bflag)==-1){
-                               error("%s", pcap_geterr(pd));
-                       }
-#endif /* !defined(HAVE_PCAP_CREATE) && defined(_WIN32) */
                if (Lflag)
                if (Lflag)
-                       show_dlts_and_exit(device);
+                       show_dlts_and_exit(pd, device);
                if (yflag_dlt >= 0) {
                if (yflag_dlt >= 0) {
-#ifdef HAVE_PCAP_SET_DATALINK
                        if (pcap_set_datalink(pd, yflag_dlt) < 0)
                                error("%s", pcap_geterr(pd));
                        if (pcap_set_datalink(pd, yflag_dlt) < 0)
                                error("%s", pcap_geterr(pd));
-#else
+                       (void)fprintf(stderr, "%s: data link type %s\n",
+                                     program_name,
+                                     pcap_datalink_val_to_name(yflag_dlt));
+                       (void)fflush(stderr);
+               }
+#if defined(DLT_LINUX_SLL2)
+               else {
                        /*
                        /*
-                        * We don't actually support changing the
-                        * data link type, so we only let them
-                        * set it to what it already is.
+                        * Attempt to set default linktype to
+                        * DLT_LINUX_SLL2 when capturing on the
+                        * "any" device.
+                        *
+                        * If the attempt fails, just quietly drive
+                        * on; this may be a non-Linux "any" device
+                        * that doesn't support DLT_LINUX_SLL2.
                         */
                         */
-                       if (yflag_dlt != pcap_datalink(pd)) {
-                               error("%s is not one of the DLTs supported by this device\n",
-                                     yflag_dlt_name);
+                       if (strcmp(device, "any") == 0) {
+DIAG_OFF_WARN_UNUSED_RESULT
+                               (void) pcap_set_datalink(pd, DLT_LINUX_SLL2);
+DIAG_ON_WARN_UNUSED_RESULT
                        }
                        }
-#endif
-                       (void)fprintf(stderr, "%s: data link type %s\n",
-                                     program_name, yflag_dlt_name);
-                       (void)fflush(stderr);
                }
                }
+#endif
                i = pcap_snapshot(pd);
                if (ndo->ndo_snaplen < i) {
                i = pcap_snapshot(pd);
                if (ndo->ndo_snaplen < i) {
-                       warning("snaplen raised from %d to %d", ndo->ndo_snaplen, i);
+                       if (ndo->ndo_snaplen != 0)
+                               warning("snaplen raised from %d to %d", ndo->ndo_snaplen, i);
+                       ndo->ndo_snaplen = i;
+               } else if (ndo->ndo_snaplen > i) {
+                       warning("snaplen lowered from %d to %d", ndo->ndo_snaplen, i);
                        ndo->ndo_snaplen = i;
                }
                 if(ndo->ndo_fflag != 0) {
                        ndo->ndo_snaplen = i;
                }
                 if(ndo->ndo_fflag != 0) {
@@ -1680,21 +2212,41 @@ main(int argc, char **argv)
                pcap_close(pd);
                free(cmdbuf);
                pcap_freecode(&fcode);
                pcap_close(pd);
                free(cmdbuf);
                pcap_freecode(&fcode);
-               exit_tcpdump(0);
+               exit_tcpdump(S_SUCCESS);
        }
        }
-       init_print(ndo, localnet, netmask, timezone_offset);
+
+#ifdef HAVE_CASPER
+       if (!ndo->ndo_nflag)
+               capdns = capdns_setup();
+#endif /* HAVE_CASPER */
+
+       init_print(ndo, localnet, netmask);
 
 #ifndef _WIN32
        (void)setsignal(SIGPIPE, cleanup);
        (void)setsignal(SIGTERM, cleanup);
 
 #ifndef _WIN32
        (void)setsignal(SIGPIPE, cleanup);
        (void)setsignal(SIGTERM, cleanup);
-       (void)setsignal(SIGINT, cleanup);
 #endif /* _WIN32 */
 #endif /* _WIN32 */
+       (void)setsignal(SIGINT, cleanup);
 #if defined(HAVE_FORK) || defined(HAVE_VFORK)
        (void)setsignal(SIGCHLD, child_cleanup);
 #endif
        /* Cooperate with nohup(1) */
 #ifndef _WIN32
 #if defined(HAVE_FORK) || defined(HAVE_VFORK)
        (void)setsignal(SIGCHLD, child_cleanup);
 #endif
        /* Cooperate with nohup(1) */
 #ifndef _WIN32
+       /*
+        * In illumos /usr/include/sys/iso/signal_iso.h causes Clang to
+        * generate a -Wstrict-prototypes warning here, see [1].  The
+        * __illumos__ macro is available since at least GCC 11 and Clang 13,
+        * see [2].
+        * 1: https://www.illumos.org/issues/16344
+        * 2: https://www.illumos.org/issues/13726
+        */
+#ifdef __illumos__
+       DIAG_OFF_STRICT_PROTOTYPES
+#endif /* __illumos__ */
        if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
        if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
+#ifdef __illumos__
+       DIAG_ON_STRICT_PROTOTYPES
+#endif /* __illumos__ */
                (void)setsignal(SIGHUP, oldhandler);
 #endif /* _WIN32 */
 
                (void)setsignal(SIGHUP, oldhandler);
 #endif /* _WIN32 */
 
@@ -1707,7 +2259,7 @@ main(int argc, char **argv)
         * devices, and can't just give users that permission,
         * you'd make tcpdump set-UID or set-GID).
         *
         * devices, and can't just give users that permission,
         * you'd make tcpdump set-UID or set-GID).
         *
-        * Tcpdump doesn't necessarily write only to one savefile;
+        * tcpdump doesn't necessarily write only to one savefile;
         * the general only way to allow a -Z instance to write to
         * savefiles as the user under whose UID it's run, rather
         * than as the user specified with -Z, would thus be to switch
         * the general only way to allow a -Z instance to write to
         * savefiles as the user under whose UID it's run, rather
         * than as the user specified with -Z, would thus be to switch
@@ -1722,20 +2274,33 @@ main(int argc, char **argv)
                /* Initialize capng */
                capng_clear(CAPNG_SELECT_BOTH);
                if (username) {
                /* Initialize capng */
                capng_clear(CAPNG_SELECT_BOTH);
                if (username) {
+DIAG_OFF_ASSIGN_ENUM
                        capng_updatev(
                                CAPNG_ADD,
                                CAPNG_PERMITTED | CAPNG_EFFECTIVE,
                                CAP_SETUID,
                                CAP_SETGID,
                                -1);
                        capng_updatev(
                                CAPNG_ADD,
                                CAPNG_PERMITTED | CAPNG_EFFECTIVE,
                                CAP_SETUID,
                                CAP_SETGID,
                                -1);
+DIAG_ON_ASSIGN_ENUM
+               }
+               if (chroot_dir) {
+DIAG_OFF_ASSIGN_ENUM
+                       capng_update(
+                               CAPNG_ADD,
+                               CAPNG_PERMITTED | CAPNG_EFFECTIVE,
+                               CAP_SYS_CHROOT
+                               );
+DIAG_ON_ASSIGN_ENUM
                }
 
                if (WFileName) {
                }
 
                if (WFileName) {
+DIAG_OFF_ASSIGN_ENUM
                        capng_update(
                                CAPNG_ADD,
                                CAPNG_PERMITTED | CAPNG_EFFECTIVE,
                                CAP_DAC_OVERRIDE
                                );
                        capng_update(
                                CAPNG_ADD,
                                CAPNG_PERMITTED | CAPNG_EFFECTIVE,
                                CAP_DAC_OVERRIDE
                                );
+DIAG_ON_ASSIGN_ENUM
                }
                capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
                }
                capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
@@ -1748,10 +2313,15 @@ main(int argc, char **argv)
        if (pcap_setfilter(pd, &fcode) < 0)
                error("%s", pcap_geterr(pd));
 #ifdef HAVE_CAPSICUM
        if (pcap_setfilter(pd, &fcode) < 0)
                error("%s", pcap_geterr(pd));
 #ifdef HAVE_CAPSICUM
-       if (RFileName == NULL && VFileName == NULL) {
+       if (RFileName == NULL && VFileName == NULL && pcap_fileno(pd) != -1) {
                static const unsigned long cmds[] = { BIOCGSTATS, BIOCROTZBUF };
 
                static const unsigned long cmds[] = { BIOCGSTATS, BIOCROTZBUF };
 
-               cap_rights_init(&rights, CAP_IOCTL, CAP_READ);
+               /*
+                * The various libpcap devices use a combination of
+                * read (bpf), ioctl (bpf, netmap), poll (netmap)
+                * so we add the relevant access rights.
+                */
+               cap_rights_init(&rights, CAP_IOCTL, CAP_READ, CAP_EVENT);
                if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 &&
                    errno != ENOSYS) {
                        error("unable to limit pcap descriptor");
                if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 &&
                    errno != ENOSYS) {
                        error("unable to limit pcap descriptor");
@@ -1763,7 +2333,6 @@ main(int argc, char **argv)
        }
 #endif
        if (WFileName) {
        }
 #endif
        if (WFileName) {
-               pcap_dumper_t *p;
                /* Do not exceed the default PATH_MAX for files. */
                dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1);
 
                /* Do not exceed the default PATH_MAX for files. */
                dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1);
 
@@ -1776,7 +2345,7 @@ main(int argc, char **argv)
                else
                  MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
 
                else
                  MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
 
-               p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
+               pdd = pcap_dump_open(pd, dumpinfo.CurrentFileName);
 #ifdef HAVE_LIBCAP_NG
                /* Give up CAP_DAC_OVERRIDE capability.
                 * Only allow it to be restored if the -C or -G flag have been
 #ifdef HAVE_LIBCAP_NG
                /* Give up CAP_DAC_OVERRIDE capability.
                 * Only allow it to be restored if the -C or -G flag have been
@@ -1790,24 +2359,51 @@ main(int argc, char **argv)
                        );
                capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
                        );
                capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
-               if (p == NULL)
+               if (pdd == NULL)
                        error("%s", pcap_geterr(pd));
 #ifdef HAVE_CAPSICUM
                        error("%s", pcap_geterr(pd));
 #ifdef HAVE_CAPSICUM
-               set_dumper_capsicum_rights(p);
+               set_dumper_capsicum_rights(pdd);
 #endif
                if (Cflag != 0 || Gflag != 0) {
 #ifdef HAVE_CAPSICUM
 #endif
                if (Cflag != 0 || Gflag != 0) {
 #ifdef HAVE_CAPSICUM
-                       dumpinfo.WFileName = strdup(basename(WFileName));
+                       /*
+                        * basename() and dirname() may modify their input buffer
+                        * and they do since FreeBSD 12.0, but they didn't before.
+                        * Hence use the return value only, but always assume the
+                        * input buffer has been modified and would need to be
+                        * reset before the next use.
+                        */
+                       char *WFileName_copy;
+
+                       if ((WFileName_copy = strdup(WFileName)) == NULL) {
+                               error("Unable to allocate memory for file %s",
+                                   WFileName);
+                       }
+                       DIAG_OFF_C11_EXTENSIONS
+                       dumpinfo.WFileName = strdup(basename(WFileName_copy));
+                       DIAG_ON_C11_EXTENSIONS
                        if (dumpinfo.WFileName == NULL) {
                                error("Unable to allocate memory for file %s",
                                    WFileName);
                        }
                        if (dumpinfo.WFileName == NULL) {
                                error("Unable to allocate memory for file %s",
                                    WFileName);
                        }
-                       dumpinfo.dirfd = open(dirname(WFileName),
+                       free(WFileName_copy);
+
+                       if ((WFileName_copy = strdup(WFileName)) == NULL) {
+                               error("Unable to allocate memory for file %s",
+                                   WFileName);
+                       }
+                       DIAG_OFF_C11_EXTENSIONS
+                       char *WFileName_dirname = dirname(WFileName_copy);
+                       DIAG_ON_C11_EXTENSIONS
+                       dumpinfo.dirfd = open(WFileName_dirname,
                            O_DIRECTORY | O_RDONLY);
                        if (dumpinfo.dirfd < 0) {
                                error("unable to open directory %s",
                            O_DIRECTORY | O_RDONLY);
                        if (dumpinfo.dirfd < 0) {
                                error("unable to open directory %s",
-                                   dirname(WFileName));
+                                   WFileName_dirname);
                        }
                        }
+                       free(WFileName_dirname);
+                       free(WFileName_copy);
+
                        cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL,
                            CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK, CAP_WRITE);
                        if (cap_rights_limit(dumpinfo.dirfd, &rights) < 0 &&
                        cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL,
                            CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK, CAP_WRITE);
                        if (cap_rights_limit(dumpinfo.dirfd, &rights) < 0 &&
@@ -1823,19 +2419,27 @@ main(int argc, char **argv)
 #endif
                        callback = dump_packet_and_trunc;
                        dumpinfo.pd = pd;
 #endif
                        callback = dump_packet_and_trunc;
                        dumpinfo.pd = pd;
-                       dumpinfo.p = p;
+                       dumpinfo.pdd = pdd;
                        pcap_userdata = (u_char *)&dumpinfo;
                } else {
                        callback = dump_packet;
                        pcap_userdata = (u_char *)&dumpinfo;
                } else {
                        callback = dump_packet;
-                       pcap_userdata = (u_char *)p;
+                       dumpinfo.WFileName = WFileName;
+                       dumpinfo.pd = pd;
+                       dumpinfo.pdd = pdd;
+                       pcap_userdata = (u_char *)&dumpinfo;
                }
                }
-#ifdef HAVE_PCAP_DUMP_FLUSH
+               if (print) {
+                       dlt = pcap_datalink(pd);
+                       ndo->ndo_if_printer = get_if_printer(dlt);
+                       dumpinfo.ndo = ndo;
+               } else
+                       dumpinfo.ndo = NULL;
+
                if (Uflag)
                if (Uflag)
-                       pcap_dump_flush(p);
-#endif
+                       pcap_dump_flush(pdd);
        } else {
                dlt = pcap_datalink(pd);
        } else {
                dlt = pcap_datalink(pd);
-               ndo->ndo_if_printer = get_if_printer(ndo, dlt);
+               ndo->ndo_if_printer = get_if_printer(dlt);
                callback = print_packet;
                pcap_userdata = (u_char *)ndo;
        }
                callback = print_packet;
                pcap_userdata = (u_char *)ndo;
        }
@@ -1848,24 +2452,47 @@ main(int argc, char **argv)
        if (RFileName == NULL)
                (void)setsignal(SIGNAL_REQ_INFO, requestinfo);
 #endif
        if (RFileName == NULL)
                (void)setsignal(SIGNAL_REQ_INFO, requestinfo);
 #endif
+#ifdef SIGNAL_FLUSH_PCAP
+       (void)setsignal(SIGNAL_FLUSH_PCAP, flushpcap);
+#endif
 
 
-       if (ndo->ndo_vflag > 0 && WFileName) {
+       if (ndo->ndo_vflag > 0 && WFileName && RFileName == NULL && !print) {
                /*
                /*
-                * When capturing to a file, "-v" means tcpdump should,
-                * every 10 seconds, "v"erbosely report the number of
-                * packets captured.
+                * When capturing to a file, if "--print" wasn't specified,
+                *"-v" means tcpdump should, once per second,
+                * "v"erbosely report the number of packets captured.
+                * Except when reading from a file, because -r, -w and -v
+                * together used to make a corner case, in which pcap_loop()
+                * errored due to EINTR (see GH #155 for details).
                 */
                 */
-#ifdef USE_WIN32_MM_TIMER
-               /* call verbose_stats_dump() each 1000 +/-100msec */
-               timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC);
+#ifdef _WIN32
+               /*
+                * https://blogs.msdn.microsoft.com/oldnewthing/20151230-00/?p=92741
+                *
+                * suggests that this dates back to W2K.
+                *
+                * I don't know what a "long wait" is, but we'll assume
+                * that printing the stats could be a "long wait".
+                */
+               CreateTimerQueueTimer(&timer_handle, NULL,
+                   verbose_stats_dump, NULL, 1000, 1000,
+                   WT_EXECUTEDEFAULT|WT_EXECUTELONGFUNCTION);
                setvbuf(stderr, NULL, _IONBF, 0);
                setvbuf(stderr, NULL, _IONBF, 0);
-#elif defined(HAVE_ALARM)
+#else /* _WIN32 */
+               /*
+                * Assume this is UN*X, and that it has setitimer(); that
+                * dates back to UNIX 95.
+                */
+               struct itimerval timer;
                (void)setsignal(SIGALRM, verbose_stats_dump);
                (void)setsignal(SIGALRM, verbose_stats_dump);
-               alarm(1);
-#endif
+               timer.it_interval.tv_sec = 1;
+               timer.it_interval.tv_usec = 0;
+               timer.it_value.tv_sec = 1;
+               timer.it_value.tv_usec = 1;
+               setitimer(ITIMER_REAL, &timer, NULL);
+#endif /* _WIN32 */
        }
 
        }
 
-#ifndef _WIN32
        if (RFileName == NULL) {
                /*
                 * Live capture (if -V was specified, we set RFileName
        if (RFileName == NULL) {
                /*
                 * Live capture (if -V was specified, we set RFileName
@@ -1874,26 +2501,33 @@ main(int argc, char **argv)
                 */
                if (!ndo->ndo_vflag && !WFileName) {
                        (void)fprintf(stderr,
                 */
                if (!ndo->ndo_vflag && !WFileName) {
                        (void)fprintf(stderr,
-                           "%s: verbose output suppressed, use -v or -vv for full protocol decode\n",
+                           "%s: verbose output suppressed, use -v[v]... for full protocol decode\n",
                            program_name);
                } else
                        (void)fprintf(stderr, "%s: ", program_name);
                dlt = pcap_datalink(pd);
                dlt_name = pcap_datalink_val_to_name(dlt);
                            program_name);
                } else
                        (void)fprintf(stderr, "%s: ", program_name);
                dlt = pcap_datalink(pd);
                dlt_name = pcap_datalink_val_to_name(dlt);
+               (void)fprintf(stderr, "listening on %s", device);
                if (dlt_name == NULL) {
                if (dlt_name == NULL) {
-                       (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n",
-                           device, dlt, ndo->ndo_snaplen);
+                       (void)fprintf(stderr, ", link-type %u", dlt);
                } else {
                } else {
-                       (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n",
-                           device, dlt_name,
-                           pcap_datalink_val_to_description(dlt), ndo->ndo_snaplen);
+                       (void)fprintf(stderr, ", link-type %s (%s)", dlt_name,
+                                     pcap_datalink_val_to_description(dlt));
                }
                }
+               (void)fprintf(stderr, ", snapshot length %d bytes\n", ndo->ndo_snaplen);
                (void)fflush(stderr);
        }
                (void)fflush(stderr);
        }
-#endif /* _WIN32 */
 
 #ifdef HAVE_CAPSICUM
 
 #ifdef HAVE_CAPSICUM
-       cansandbox = (ndo->ndo_nflag && VFileName == NULL && zflag == NULL);
+       cansandbox = (VFileName == NULL && zflag == NULL);
+#ifdef HAVE_CASPER
+       cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL));
+#else
+       cansandbox = (cansandbox && ndo->ndo_nflag);
+#endif /* HAVE_CASPER */
+       cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+           RFileName != NULL));
+
        if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
                error("unable to enter the capability mode");
 #endif /* HAVE_CAPSICUM */
        if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
                error("unable to enter the capability mode");
 #endif /* HAVE_CAPSICUM */
@@ -1984,7 +2618,9 @@ main(int argc, char **argv)
                                         * the new DLT.
                                         */
                                        dlt = new_dlt;
                                         * the new DLT.
                                         */
                                        dlt = new_dlt;
-                                       ndo->ndo_if_printer = get_if_printer(ndo, dlt);
+                                       ndo->ndo_if_printer = get_if_printer(dlt);
+                                       /* Free the old filter */
+                                       pcap_freecode(&fcode);
                                        if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
                                                error("%s", pcap_geterr(pd));
                                }
                                        if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
                                                error("%s", pcap_geterr(pd));
                                }
@@ -1999,38 +2635,84 @@ main(int argc, char **argv)
                                 * Report the new file.
                                 */
                                dlt_name = pcap_datalink_val_to_name(dlt);
                                 * Report the new file.
                                 */
                                dlt_name = pcap_datalink_val_to_name(dlt);
+                               fprintf(stderr, "reading from file %s", RFileName);
                                if (dlt_name == NULL) {
                                if (dlt_name == NULL) {
-                                       fprintf(stderr, "reading from file %s, link-type %u\n",
-                                           RFileName, dlt);
+                                       fprintf(stderr, ", link-type %u", dlt);
                                } else {
                                } else {
-                                       fprintf(stderr,
-                                       "reading from file %s, link-type %s (%s)\n",
-                                           RFileName, dlt_name,
-                                           pcap_datalink_val_to_description(dlt));
+                                       fprintf(stderr, ", link-type %s (%s)",
+                                               dlt_name,
+                                               pcap_datalink_val_to_description(dlt));
                                }
                                }
+                               fprintf(stderr, ", snapshot length %d\n", pcap_snapshot(pd));
                        }
                }
        }
        while (ret != NULL);
 
                        }
                }
        }
        while (ret != NULL);
 
+       if (count_mode && RFileName != NULL)
+               fprintf(stdout, "%u packet%s\n", packets_captured,
+                       PLURAL_SUFFIX(packets_captured));
+
        free(cmdbuf);
        pcap_freecode(&fcode);
        free(cmdbuf);
        pcap_freecode(&fcode);
-       exit_tcpdump(status == -1 ? 1 : 0);
+       exit_tcpdump(status == -1 ? S_ERR_HOST_PROGRAM : S_SUCCESS);
+}
+
+/*
+ * Catch a signal.
+ */
+static void
+(*setsignal (int sig, void (*func)(int)))(int)
+{
+#ifdef _WIN32
+       return (signal(sig, func));
+#else
+       struct sigaction old, new;
+
+       memset(&new, 0, sizeof(new));
+       new.sa_handler = func;
+       if ((sig == SIGCHLD)
+# ifdef SIGNAL_REQ_INFO
+               || (sig == SIGNAL_REQ_INFO)
+# endif
+# ifdef SIGNAL_FLUSH_PCAP
+               || (sig == SIGNAL_FLUSH_PCAP)
+# endif
+               )
+               new.sa_flags = SA_RESTART;
+       if (sigaction(sig, &new, &old) < 0)
+               /* The same workaround as for SIG_DFL above. */
+#ifdef __illumos__
+               DIAG_OFF_STRICT_PROTOTYPES
+#endif /* __illumos__ */
+               return (SIG_ERR);
+#ifdef __illumos__
+               DIAG_ON_STRICT_PROTOTYPES
+#endif /* __illumos__ */
+       return (old.sa_handler);
+#endif
 }
 
 /* make a clean exit on interrupts */
 }
 
 /* make a clean exit on interrupts */
-static RETSIGTYPE
+static void
 cleanup(int signo _U_)
 {
 cleanup(int signo _U_)
 {
-#ifdef USE_WIN32_MM_TIMER
-       if (timer_id)
-               timeKillEvent(timer_id);
-       timer_id = 0;
-#elif defined(HAVE_ALARM)
-       alarm(0);
-#endif
+#ifdef _WIN32
+       if (timer_handle != INVALID_HANDLE_VALUE) {
+               DeleteTimerQueueTimer(NULL, timer_handle, NULL);
+               CloseHandle(timer_handle);
+               timer_handle = INVALID_HANDLE_VALUE;
+        }
+#else /* _WIN32 */
+       struct itimerval timer;
+
+       timer.it_interval.tv_sec = 0;
+       timer.it_interval.tv_usec = 0;
+       timer.it_value.tv_sec = 0;
+       timer.it_value.tv_usec = 0;
+       setitimer(ITIMER_REAL, &timer, NULL);
+#endif /* _WIN32 */
 
 
-#ifdef HAVE_PCAP_BREAKLOOP
        /*
         * We have "pcap_breakloop()"; use it, so that we do as little
         * as possible in the signal handler (it's probably not safe
        /*
         * We have "pcap_breakloop()"; use it, so that we do as little
         * as possible in the signal handler (it's probably not safe
@@ -2038,25 +2720,6 @@ cleanup(int signo _U_)
         * the ANSI C standard doesn't say it is).
         */
        pcap_breakloop(pd);
         * the ANSI C standard doesn't say it is).
         */
        pcap_breakloop(pd);
-#else
-       /*
-        * We don't have "pcap_breakloop()"; this isn't safe, but
-        * it's the best we can do.  Print the summary if we're
-        * not reading from a savefile - i.e., if we're doing a
-        * live capture - and exit.
-        */
-       if (pd != NULL && pcap_file(pd) == NULL) {
-               /*
-                * We got interrupted, so perhaps we didn't
-                * manage to finish a line we were printing.
-                * Print an extra newline, just in case.
-                */
-               putchar('\n');
-               (void)fflush(stdout);
-               info(1);
-       }
-       exit_tcpdump(0);
-#endif
 }
 
 /*
 }
 
 /*
@@ -2064,15 +2727,15 @@ cleanup(int signo _U_)
   waiting a child processes to die
  */
 #if defined(HAVE_FORK) || defined(HAVE_VFORK)
   waiting a child processes to die
  */
 #if defined(HAVE_FORK) || defined(HAVE_VFORK)
-static RETSIGTYPE
+static void
 child_cleanup(int signo _U_)
 {
 child_cleanup(int signo _U_)
 {
-  wait(NULL);
+  while (waitpid(-1, NULL, WNOHANG) >= 0);
 }
 #endif /* HAVE_FORK && HAVE_VFORK */
 
 static void
 }
 #endif /* HAVE_FORK && HAVE_VFORK */
 
 static void
-info(register int verbose)
+info(int verbose)
 {
        struct pcap_stat stats;
 
 {
        struct pcap_stat stats;
 
@@ -2155,9 +2818,9 @@ compress_savefile(const char *filename)
                        filename,
                        pcap_strerror(errno));
 #ifdef HAVE_FORK
                        filename,
                        pcap_strerror(errno));
 #ifdef HAVE_FORK
-       exit(1);
+       exit(S_ERR_HOST_PROGRAM);
 #else
 #else
-       _exit(1);
+       _exit(S_ERR_HOST_PROGRAM);
 #endif
 }
 #else  /* HAVE_FORK && HAVE_VFORK */
 #endif
 }
 #else  /* HAVE_FORK && HAVE_VFORK */
@@ -2169,6 +2832,58 @@ compress_savefile(const char *filename)
 }
 #endif /* HAVE_FORK && HAVE_VFORK */
 
 }
 #endif /* HAVE_FORK && HAVE_VFORK */
 
+static void
+close_old_dump_file(struct dump_info *dump_info)
+{
+       /*
+        * Close the current file and open a new one.
+        */
+       pcap_dump_close(dump_info->pdd);
+
+       /*
+        * Compress the file we just closed, if the user asked for it.
+        */
+       if (zflag != NULL)
+               compress_savefile(dump_info->CurrentFileName);
+}
+
+static void
+open_new_dump_file(struct dump_info *dump_info)
+{
+#ifdef HAVE_CAPSICUM
+       FILE *fp;
+       int fd;
+#endif
+
+#ifdef HAVE_LIBCAP_NG
+       capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
+       capng_apply(CAPNG_SELECT_BOTH);
+#endif /* HAVE_LIBCAP_NG */
+#ifdef HAVE_CAPSICUM
+       fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
+           O_CREAT | O_WRONLY | O_TRUNC, 0644);
+       if (fd < 0) {
+               error("unable to open file %s", dump_info->CurrentFileName);
+       }
+       fp = fdopen(fd, "w");
+       if (fp == NULL) {
+               error("unable to fdopen file %s", dump_info->CurrentFileName);
+       }
+       dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
+#else  /* !HAVE_CAPSICUM */
+       dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
+#endif
+#ifdef HAVE_LIBCAP_NG
+       capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
+       capng_apply(CAPNG_SELECT_BOTH);
+#endif /* HAVE_LIBCAP_NG */
+       if (dump_info->pdd == NULL)
+               error("%s", pcap_geterr(pd));
+#ifdef HAVE_CAPSICUM
+       set_dumper_capsicum_rights(dump_info->pdd);
+#endif
+}
+
 static void
 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 {
 static void
 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 {
@@ -2194,32 +2909,19 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
 
                /* Get the current time */
                if ((t = time(NULL)) == (time_t)-1) {
 
                /* Get the current time */
                if ((t = time(NULL)) == (time_t)-1) {
-                       error("dump_and_trunc_packet: can't get current_time: %s",
-                           pcap_strerror(errno));
+                       error("%s: can't get current_time: %s",
+                           __func__, pcap_strerror(errno));
                }
 
 
                /* If the time is greater than the specified window, rotate */
                if (t - Gflag_time >= Gflag) {
                }
 
 
                /* If the time is greater than the specified window, rotate */
                if (t - Gflag_time >= Gflag) {
-#ifdef HAVE_CAPSICUM
-                       FILE *fp;
-                       int fd;
-#endif
-
                        /* Update the Gflag_time */
                        Gflag_time = t;
                        /* Update Gflag_count */
                        Gflag_count++;
                        /* Update the Gflag_time */
                        Gflag_time = t;
                        /* Update Gflag_count */
                        Gflag_count++;
-                       /*
-                        * Close the current file and open a new one.
-                        */
-                       pcap_dump_close(dump_info->p);
 
 
-                       /*
-                        * Compress the file we just closed, if the user asked for it
-                        */
-                       if (zflag != NULL)
-                               compress_savefile(dump_info->CurrentFileName);
+                       close_old_dump_file(dump_info);
 
                        /*
                         * Check to see if we've exceeded the Wflag (when
 
                        /*
                         * Check to see if we've exceeded the Wflag (when
@@ -2228,7 +2930,8 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
                        if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) {
                                (void)fprintf(stderr, "Maximum file limit reached: %d\n",
                                    Wflag);
                        if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) {
                                (void)fprintf(stderr, "Maximum file limit reached: %d\n",
                                    Wflag);
-                               exit_tcpdump(0);
+                               info(1);
+                               exit_tcpdump(S_SUCCESS);
                                /* NOTREACHED */
                        }
                        if (dump_info->CurrentFileName != NULL)
                                /* NOTREACHED */
                        }
                        if (dump_info->CurrentFileName != NULL)
@@ -2255,36 +2958,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
                        else
                                MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0);
 
                        else
                                MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0);
 
-#ifdef HAVE_LIBCAP_NG
-                       capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
-                       capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CAPSICUM
-                       fd = openat(dump_info->dirfd,
-                           dump_info->CurrentFileName,
-                           O_CREAT | O_WRONLY | O_TRUNC, 0644);
-                       if (fd < 0) {
-                               error("unable to open file %s",
-                                   dump_info->CurrentFileName);
-                       }
-                       fp = fdopen(fd, "w");
-                       if (fp == NULL) {
-                               error("unable to fdopen file %s",
-                                   dump_info->CurrentFileName);
-                       }
-                       dump_info->p = pcap_dump_fopen(dump_info->pd, fp);
-#else  /* !HAVE_CAPSICUM */
-                       dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
-#endif
-#ifdef HAVE_LIBCAP_NG
-                       capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
-                       capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
-                       if (dump_info->p == NULL)
-                               error("%s", pcap_geterr(pd));
-#ifdef HAVE_CAPSICUM
-                       set_dumper_capsicum_rights(dump_info->p);
-#endif
+                       open_new_dump_file(dump_info);
                }
        }
 
                }
        }
 
@@ -2294,27 +2968,22 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
         * file could put it over Cflag.
         */
        if (Cflag != 0) {
         * file could put it over Cflag.
         */
        if (Cflag != 0) {
-               long size = pcap_dump_ftell(dump_info->p);
+#ifdef HAVE_PCAP_DUMP_FTELL64
+               int64_t size = pcap_dump_ftell64(dump_info->pdd);
+#else
+               /*
+                * XXX - this only handles a Cflag value > 2^31-1 on
+                * LP64 platforms; to handle ILP32 (32-bit UN*X and
+                * Windows) or LLP64 (64-bit Windows) would require
+                * a version of libpcap with pcap_dump_ftell64().
+                */
+               long size = pcap_dump_ftell(dump_info->pdd);
+#endif
 
                if (size == -1)
                        error("ftell fails on output file");
                if (size > Cflag) {
 
                if (size == -1)
                        error("ftell fails on output file");
                if (size > Cflag) {
-#ifdef HAVE_CAPSICUM
-                       FILE *fp;
-                       int fd;
-#endif
-
-                       /*
-                        * Close the current file and open a new one.
-                        */
-                       pcap_dump_close(dump_info->p);
-
-                       /*
-                        * Compress the file we just closed, if the user
-                        * asked for it.
-                        */
-                       if (zflag != NULL)
-                               compress_savefile(dump_info->CurrentFileName);
+                       close_old_dump_file(dump_info);
 
                        Cflag_count++;
                        if (Wflag > 0) {
 
                        Cflag_count++;
                        if (Wflag > 0) {
@@ -2325,45 +2994,19 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
                                free(dump_info->CurrentFileName);
                        dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1);
                        if (dump_info->CurrentFileName == NULL)
                                free(dump_info->CurrentFileName);
                        dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1);
                        if (dump_info->CurrentFileName == NULL)
-                               error("dump_packet_and_trunc: malloc");
+                               error("%s: malloc", __func__);
                        MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars);
                        MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars);
-#ifdef HAVE_LIBCAP_NG
-                       capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
-                       capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CAPSICUM
-                       fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
-                           O_CREAT | O_WRONLY | O_TRUNC, 0644);
-                       if (fd < 0) {
-                               error("unable to open file %s",
-                                   dump_info->CurrentFileName);
-                       }
-                       fp = fdopen(fd, "w");
-                       if (fp == NULL) {
-                               error("unable to fdopen file %s",
-                                   dump_info->CurrentFileName);
-                       }
-                       dump_info->p = pcap_dump_fopen(dump_info->pd, fp);
-#else  /* !HAVE_CAPSICUM */
-                       dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
-#endif
-#ifdef HAVE_LIBCAP_NG
-                       capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
-                       capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
-                       if (dump_info->p == NULL)
-                               error("%s", pcap_geterr(pd));
-#ifdef HAVE_CAPSICUM
-                       set_dumper_capsicum_rights(dump_info->p);
-#endif
+
+                       open_new_dump_file(dump_info);
                }
        }
 
                }
        }
 
-       pcap_dump((u_char *)dump_info->p, h, sp);
-#ifdef HAVE_PCAP_DUMP_FLUSH
+       pcap_dump((u_char *)dump_info->pdd, h, sp);
        if (Uflag)
        if (Uflag)
-               pcap_dump_flush(dump_info->p);
-#endif
+               pcap_dump_flush(dump_info->pdd);
+
+       if (dump_info->ndo != NULL)
+               pretty_print_packet(dump_info->ndo, h, sp, packets_captured);
 
        --infodelay;
        if (infoprint)
 
        --infodelay;
        if (infoprint)
@@ -2373,15 +3016,20 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
 static void
 dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 {
 static void
 dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 {
+       struct dump_info *dump_info;
+
        ++packets_captured;
 
        ++infodelay;
 
        ++packets_captured;
 
        ++infodelay;
 
-       pcap_dump(user, h, sp);
-#ifdef HAVE_PCAP_DUMP_FLUSH
+       dump_info = (struct dump_info *)user;
+
+       pcap_dump((u_char *)dump_info->pdd, h, sp);
        if (Uflag)
        if (Uflag)
-               pcap_dump_flush((pcap_dumper_t *)user);
-#endif
+               pcap_dump_flush(dump_info->pdd);
+
+       if (dump_info->ndo != NULL)
+               pretty_print_packet(dump_info->ndo, h, sp, packets_captured);
 
        --infodelay;
        if (infoprint)
 
        --infodelay;
        if (infoprint)
@@ -2395,42 +3043,17 @@ print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 
        ++infodelay;
 
 
        ++infodelay;
 
-       pretty_print_packet((netdissect_options *)user, h, sp, packets_captured);
+       if (!count_mode)
+               pretty_print_packet((netdissect_options *)user, h, sp, packets_captured);
 
        --infodelay;
        if (infoprint)
                info(0);
 }
 
 
        --infodelay;
        if (infoprint)
                info(0);
 }
 
-#ifdef _WIN32
-       /*
-        * XXX - there should really be libpcap calls to get the version
-        * number as a string (the string would be generated from #defines
-        * at run time, so that it's not generated from string constants
-        * in the library, as, on many UNIX systems, those constants would
-        * be statically linked into the application executable image, and
-        * would thus reflect the version of libpcap on the system on
-        * which the application was *linked*, not the system on which it's
-        * *running*.
-        *
-        * That routine should be documented, unlike the "version[]"
-        * string, so that UNIX vendors providing their own libpcaps
-        * don't omit it (as a couple of vendors have...).
-        *
-        * Packet.dll should perhaps also export a routine to return the
-        * version number of the Packet.dll code, to supply the
-        * "Wpcap_version" information on Windows.
-        */
-       char WDversion[]="current-git.tcpdump.org";
-#if !defined(HAVE_GENERATED_VERSION)
-       char version[]="current-git.tcpdump.org";
-#endif
-       char pcap_version[]="current-git.tcpdump.org";
-       char Wpcap_version[]="3.1";
-#endif
-
 #ifdef SIGNAL_REQ_INFO
 #ifdef SIGNAL_REQ_INFO
-RETSIGTYPE requestinfo(int signo _U_)
+static void
+requestinfo(int signo _U_)
 {
        if (infodelay)
                ++infoprint;
 {
        if (infodelay)
                ++infoprint;
@@ -2439,99 +3062,102 @@ RETSIGTYPE requestinfo(int signo _U_)
 }
 #endif
 
 }
 #endif
 
+#ifdef SIGNAL_FLUSH_PCAP
+static void
+flushpcap(int signo _U_)
+{
+       if (pdd != NULL)
+               pcap_dump_flush(pdd);
+}
+#endif
+
+static void
+print_packets_captured (void)
+{
+       static u_int prev_packets_captured, first = 1;
+
+       if (infodelay == 0 && (first || packets_captured != prev_packets_captured)) {
+               fprintf(stderr, "Got %u\r", packets_captured);
+               first = 0;
+               prev_packets_captured = packets_captured;
+       }
+}
+
 /*
  * Called once each second in verbose mode while dumping to file
  */
 /*
  * Called once each second in verbose mode while dumping to file
  */
-#ifdef USE_WIN32_MM_TIMER
-void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_,
-                                 DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_)
+#ifdef _WIN32
+static void CALLBACK verbose_stats_dump(PVOID param _U_,
+    BOOLEAN timer_fired _U_)
 {
 {
-       if (infodelay == 0)
-               fprintf(stderr, "Got %u\r", packets_captured);
+       print_packets_captured();
 }
 }
-#elif defined(HAVE_ALARM)
+#else /* _WIN32 */
 static void verbose_stats_dump(int sig _U_)
 {
 static void verbose_stats_dump(int sig _U_)
 {
-       if (infodelay == 0)
-               fprintf(stderr, "Got %u\r", packets_captured);
-       alarm(1);
+       print_packets_captured();
 }
 }
-#endif
+#endif /* _WIN32 */
 
 
-USES_APPLE_DEPRECATED_API
+DIAG_OFF_DEPRECATION
 static void
 static void
-print_version(void)
+print_version(FILE *f)
 {
 {
-       extern char version[];
-#ifndef HAVE_PCAP_LIB_VERSION
-#if defined(_WIN32) || defined(HAVE_PCAP_VERSION)
-       extern char pcap_version[];
-#else /* defined(_WIN32) || defined(HAVE_PCAP_VERSION) */
-       static char pcap_version[] = "unknown";
-#endif /* defined(_WIN32) || defined(HAVE_PCAP_VERSION) */
-#endif /* HAVE_PCAP_LIB_VERSION */
        const char *smi_version_string;
 
        const char *smi_version_string;
 
-#ifdef HAVE_PCAP_LIB_VERSION
-#ifdef _WIN32
-       (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version);
-#else /* _WIN32 */
-       (void)fprintf(stderr, "%s version %s\n", program_name, version);
-#endif /* _WIN32 */
-       (void)fprintf(stderr, "%s\n",pcap_lib_version());
-#else /* HAVE_PCAP_LIB_VERSION */
-#ifdef _WIN32
-       (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version);
-       (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version);
-#else /* _WIN32 */
-       (void)fprintf(stderr, "%s version %s\n", program_name, version);
-       (void)fprintf(stderr, "libpcap version %s\n", pcap_version);
-#endif /* _WIN32 */
-#endif /* HAVE_PCAP_LIB_VERSION */
+       (void)fprintf(f, "%s version " PACKAGE_VERSION "\n", program_name);
+       (void)fprintf(f, "%s\n", pcap_lib_version());
 
 #if defined(HAVE_LIBCRYPTO) && defined(SSLEAY_VERSION)
 
 #if defined(HAVE_LIBCRYPTO) && defined(SSLEAY_VERSION)
-       (void)fprintf (stderr, "%s\n", SSLeay_version(SSLEAY_VERSION));
+       (void)fprintf (f, "%s\n", SSLeay_version(SSLEAY_VERSION));
 #endif
 
        smi_version_string = nd_smi_version_string();
        if (smi_version_string != NULL)
 #endif
 
        smi_version_string = nd_smi_version_string();
        if (smi_version_string != NULL)
-               (void)fprintf (stderr, "SMI-library: %s\n", smi_version_string);
+               (void)fprintf (f, "SMI-library: %s\n", smi_version_string);
+
+#if defined(__SANITIZE_ADDRESS__)
+       (void)fprintf (f, "Compiled with AddressSanitizer/GCC.\n");
+#elif defined(__has_feature)
+#  if __has_feature(address_sanitizer)
+       (void)fprintf (f, "Compiled with AddressSanitizer/Clang.\n");
+#  elif __has_feature(memory_sanitizer)
+       (void)fprintf (f, "Compiled with MemorySanitizer/Clang.\n");
+#  endif
+#endif /* __SANITIZE_ADDRESS__ or __has_feature */
+       (void)fprintf (f, "%zu-bit build, %zu-bit time_t\n",
+                      sizeof(void *) * 8, sizeof(time_t) * 8);
 }
 }
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
 
 static void
 
 static void
-print_usage(void)
+print_usage(FILE *f)
 {
 {
-       print_version();
-       (void)fprintf(stderr,
-"Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqStu" U_FLAG "vxX#]" B_FLAG_USAGE " [ -c count ]\n", program_name);
-       (void)fprintf(stderr,
+       print_version(f);
+       (void)fprintf(f,
+"Usage: %s [-AbdDefhHI" J_FLAG "KlLnNOpqStuUvxX#] [ -B size ] [ -c count ] [--count]\n", program_name);
+       (void)fprintf(f,
 "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
 "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
-       (void)fprintf(stderr,
-"\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ] [ --number ]\n");
-#ifdef HAVE_PCAP_SETDIRECTION
-       (void)fprintf(stderr,
-"\t\t[ -Q in|out|inout ]\n");
-#endif
-       (void)fprintf(stderr,
-"\t\t[ -r file ] [ -s snaplen ] ");
+       (void)fprintf(f,
+"\t\t[ -i interface ]" IMMEDIATE_MODE_USAGE j_FLAG_USAGE "\n");
+       (void)fprintf(f,
+"\t\t[ --lengths ]" LIST_REMOTE_INTERFACES_USAGE "\n");
+#ifdef USE_LIBSMI
+       (void)fprintf(f,
+"\t\t" m_FLAG_USAGE "\n");
+#endif
+       (void)fprintf(f,
+"\t\t[ -M secret ] [ --number ] [ --print ]\n");
+       (void)fprintf(f,
+"\t\t[ --print-sampling nth ] [ -Q in|out|inout ] [ -r file ]\n");
+       (void)fprintf(f,
+"\t\t[ -s snaplen ] [ -T type ] [ --version ]\n");
+       (void)fprintf(f,
+"\t\t[ -V file ] [ -w file ] [ -W filecount ] [ -y datalinktype ]\n");
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
-       (void)fprintf(stderr, "[ --time-stamp-precision precision ]\n");
-       (void)fprintf(stderr,
-"\t\t");
-#endif
-#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
-       (void)fprintf(stderr, "[ --immediate-mode ] ");
+       (void)fprintf(f,
+"\t\t[ --time-stamp-precision precision ] [ --micro ] [ --nano ]\n");
 #endif
 #endif
-       (void)fprintf(stderr, "[ -T type ] [ --version ] [ -V file ]\n");
-       (void)fprintf(stderr,
-"\t\t[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ]\n");
-       (void)fprintf(stderr,
-"\t\t[ -Z user ] [ expression ]\n");
+       (void)fprintf(f,
+"\t\t[ -z postrotate-command ] [ -Z user ] [ expression ]\n");
 }
 }
-/*
- * Local Variables:
- * c-style: whitesmith
- * c-basic-offset: 8
- * End:
- */
[mirror] the TCPdump network dissector