static int Cflag; /* rotate dump files after this many bytes */
static int Cflag_count; /* Keep track of which file number we're writing */
static int Dflag; /* list available devices and exit */
-static int dflag; /* print filter code */
+/*
+ * This is exported because, in some versions of libpcap, if libpcap
+ * is built with optimizer debugging code (which is *NOT* the default
+ * configuration!), the library *imports*(!) a variable named dflag,
+ * under the expectation that tcpdump is exporting it, to govern
+ * how much debugging information to print when optimizing
+ * the generated BPF code.
+ *
+ * This is a horrible hack; newer versions of libpcap don't import
+ * dflag but, instead, *if* built with optimizer debugging code,
+ * *export* a routine to set that flag.
+ */
+int dflag; /* print filter code */
static int Gflag; /* rotate dump files after this many seconds */
static int Gflag_count; /* number of files created with Gflag rotation */
static time_t Gflag_time; /* The last time_t the dump file was rotated. */
#endif
};
+#if defined(HAVE_PCAP_SET_PARSER_DEBUG)
+/*
+ * We have pcap_set_parser_debug() in libpcap; declare it (it's not declared
+ * by any libpcap header, because it's a special hack, only available if
+ * libpcap was configured to include it, and only intended for use by
+ * libpcap developers trying to debug the parser for filter expressions).
+ */
+#ifdef _WIN32
+__declspec(dllimport)
+#else /* _WIN32 */
+extern
+#endif /* _WIN32 */
+void pcap_set_parser_debug(int);
+#elif defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
+/*
+ * We don't have pcap_set_parser_debug() in libpcap, but we do have
+ * pcap_debug or yydebug. Make a local version of pcap_set_parser_debug()
+ * to set the flag, and define HAVE_PCAP_SET_PARSER_DEBUG.
+ */
+static void
+pcap_set_parser_debug(int value)
+{
+#ifdef HAVE_PCAP_DEBUG
+ extern int pcap_debug;
+
+ pcap_debug = value;
+#else /* HAVE_PCAP_DEBUG */
+ extern int yydebug;
+
+ yydebug = value;
+#endif /* HAVE_PCAP_DEBUG */
+}
+
+#define HAVE_PCAP_SET_PARSER_DEBUG
+#endif
+
+#if defined(HAVE_PCAP_SET_OPTIMIZER_DEBUG)
+/*
+ * We have pcap_set_optimizer_debug() in libpcap; declare it (it's not declared
+ * by any libpcap header, because it's a special hack, only available if
+ * libpcap was configured to include it, and only intended for use by
+ * libpcap developers trying to debug the optimizer for filter expressions).
+ */
+#ifdef _WIN32
+__declspec(dllimport)
+#else /* _WIN32 */
+extern
+#endif /* _WIN32 */
+void pcap_set_optimizer_debug(int);
+#endif
+
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
static void
show_tstamp_types_and_exit(const char *device)
#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
{ "immediate-mode", no_argument, NULL, OPTION_IMMEDIATE_MODE },
#endif
-#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
+#ifdef HAVE_PCAP_SET_PARSER_DEBUG
{ "debug-filter-parser", no_argument, NULL, 'Y' },
#endif
{ "relinquish-privileges", required_argument, NULL, 'Z' },
register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName;
pcap_handler callback;
int dlt;
- int new_dlt;
const char *dlt_name;
struct bpf_program fcode;
#ifndef _WIN32
ndo->ndo_packettype = PT_PGM_ZMTP1;
else if (ascii_strcasecmp(optarg, "lmp") == 0)
ndo->ndo_packettype = PT_LMP;
+ else if (strcasecmp(optarg, "resp") == 0)
+ ndo->ndo_packettype = PT_RESP;
else
error("unknown packet type `%s'", optarg);
break;
error("invalid data link type %s", yflag_dlt_name);
break;
-#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
+#ifdef HAVE_PCAP_SET_PARSER_DEBUG
case 'Y':
{
/* Undocumented flag */
-#ifdef HAVE_PCAP_DEBUG
- extern int pcap_debug;
- pcap_debug = 1;
-#else
- extern int yydebug;
- yydebug = 1;
-#endif
+ pcap_set_parser_debug(1);
}
break;
#endif
case 'z':
- zflag = strdup(optarg);
- if (zflag == NULL)
- error("Unable to allocate memory for -z argument");
+ zflag = optarg;
break;
case 'Z':
- username = strdup(optarg);
- if (username == NULL)
- error("Unable to allocate memory for -Z argument");
+ username = optarg;
break;
case '#':
else
cmdbuf = copy_argv(&argv[optind]);
+#ifdef HAVE_PCAP_SET_OPTIMIZER_DEBUG
+ pcap_set_optimizer_debug(dflag);
+#endif
if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
error("%s", pcap_geterr(pd));
if (dflag) {
bpf_dump(&fcode, dflag);
pcap_close(pd);
free(cmdbuf);
+ pcap_freecode(&fcode);
exit(0);
}
init_print(ndo, localnet, netmask, timezone_offset);
if (VFileName != NULL) {
ret = get_next_file(VFile, VFileLine);
if (ret) {
+ int new_dlt;
+
RFileName = VFileLine;
pd = pcap_open_offline(RFileName, ebuf);
if (pd == NULL)
}
#endif
new_dlt = pcap_datalink(pd);
- if (WFileName && new_dlt != dlt)
- error("%s: new dlt does not match original", RFileName);
- ndo->ndo_if_printer = get_if_printer(ndo, new_dlt);
- dlt_name = pcap_datalink_val_to_name(new_dlt);
+ if (new_dlt != dlt) {
+ /*
+ * The new file has a different
+ * link-layer header type from the
+ * previous one.
+ */
+ if (WFileName != NULL) {
+ /*
+ * We're writing raw packets
+ * that match the filter to
+ * a pcap file. pcap files
+ * don't support multiple
+ * different link-layer
+ * header types, so we fail
+ * here.
+ */
+ error("%s: new dlt does not match original", RFileName);
+ }
+
+ /*
+ * We're printing the decoded packets;
+ * switch to the new DLT.
+ *
+ * To do that, we need to change
+ * the printer, change the DLT name,
+ * and recompile the filter with
+ * the new DLT.
+ */
+ dlt = new_dlt;
+ ndo->ndo_if_printer = get_if_printer(ndo, dlt);
+ dlt_name = pcap_datalink_val_to_name(dlt);
+ if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
+ error("%s", pcap_geterr(pd));
+ }
+
+ /*
+ * Set the filter on the new file.
+ */
+ if (pcap_setfilter(pd, &fcode) < 0)
+ error("%s", pcap_geterr(pd));
+
+ /*
+ * Report the new file.
+ */
if (dlt_name == NULL) {
fprintf(stderr, "reading from file %s, link-type %u\n",
- RFileName, new_dlt);
+ RFileName, dlt);
} else {
fprintf(stderr,
"reading from file %s, link-type %s (%s)\n",
- RFileName, dlt_name,
- pcap_datalink_val_to_description(new_dlt));
+ RFileName, dlt_name,
+ pcap_datalink_val_to_description(dlt));
}
- if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
- error("%s", pcap_geterr(pd));
- if (pcap_setfilter(pd, &fcode) < 0)
- error("%s", pcap_geterr(pd));
}
}
}
while (ret != NULL);
free(cmdbuf);
+ pcap_freecode(&fcode);
exit(status == -1 ? 1 : 0);
}
}
#if defined(HAVE_FORK) || defined(HAVE_VFORK)
+#ifdef HAVE_FORK
+#define fork_subprocess() fork()
+#else
+#define fork_subprocess() vfork()
+#endif
static void
compress_savefile(const char *filename)
{
-# ifdef HAVE_FORK
- #define test_fork fork()
-# else
- #define test_fork vfork()
-# endif
- if(test_fork)
+ pid_t child;
+
+ child = fork_subprocess();
+ if (child == -1) {
+ fprintf(stderr,
+ "compress_savefile: fork failed: %s\n",
+ pcap_strerror(errno));
return;
+ }
+ if (child != 0) {
+ /* Parent process. */
+ return;
+ }
+
/*
- * Set to lowest priority so that this doesn't disturb the capture
+ * Child process.
+ * Set to lowest priority so that this doesn't disturb the capture.
*/
#ifdef NZERO
setpriority(PRIO_PROCESS, 0, NZERO - 1);
#endif
if (execlp(zflag, zflag, filename, (char *)NULL) == -1)
fprintf(stderr,
- "compress_savefile:execlp(%s, %s): %s\n",
+ "compress_savefile: execlp(%s, %s) failed: %s\n",
zflag,
filename,
pcap_strerror(errno));
-# ifdef HAVE_FORK
+#ifdef HAVE_FORK
exit(1);
-# else
+#else
_exit(1);
-# endif
+#endif
}
#else /* HAVE_FORK && HAVE_VFORK */
static void
#endif
(void)fprintf(stderr, "[ -T type ] [ --version ] [ -V file ]\n");
(void)fprintf(stderr,
-"\t\t[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ]\n");
+"\t\t[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ]\n");
(void)fprintf(stderr,
"\t\t[ -Z user ] [ expression ]\n");
}
projects / tcpdump / blobdiff