* combined efforts of Van, Steve McCanne and Craig Leres of LBL.
*/
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
-
-/*
- * Some older versions of Mac OS X may ship pcap.h from libpcap 0.6 with a
- * libpcap based on 0.8. That means it has pcap_findalldevs() but the
- * header doesn't define pcap_if_t, meaning that we can't actually *use*
- * pcap_findalldevs().
- */
-#ifdef HAVE_PCAP_FINDALLDEVS
-#ifndef HAVE_PCAP_IF_T
-#undef HAVE_PCAP_FINDALLDEVS
-#endif
-#endif
#include "netdissect-stdinc.h"
#include <sys/stat.h>
-#ifdef HAVE_FCNTL_H
#include <fcntl.h>
-#endif
#ifdef HAVE_LIBCRYPTO
#include <openssl/crypto.h>
#endif
/* Capsicum-specific code requires macros from <net/bpf.h>, which will fail
* to compile if <pcap.h> has already been included; including the headers
- * in the opposite order works fine.
+ * in the opposite order works fine. For the most part anyway, because in
+ * FreeBSD <pcap/pcap.h> declares bpf_dump() instead of <net/bpf.h>. Thus
+ * interface.h takes care of it later to avoid a compiler warning.
*/
#ifdef HAVE_CAPSICUM
#include <sys/capsicum.h>
#include "netdissect.h"
#include "interface.h"
#include "addrtoname.h"
-#include "machdep.h"
#include "pcap-missing.h"
#include "ascii_strcasecmp.h"
#include "print.h"
+#include "diag-control.h"
+
#include "fptype.h"
#ifndef PATH_MAX
#define SIGNAL_REQ_INFO SIGUSR1
#endif
-#if defined(HAVE_PCAP_DUMP_FLUSH) && defined(SIGUSR2)
+#if defined(SIGUSR2)
#define SIGNAL_FLUSH_PCAP SIGUSR2
#endif
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
static int Bflag; /* buffer size */
-#endif
#ifdef HAVE_PCAP_DUMP_FTELL64
static int64_t Cflag; /* rotate dump files after this many bytes */
#else
static long Cflag; /* rotate dump files after this many bytes */
#endif
static int Cflag_count; /* Keep track of which file number we're writing */
-#ifdef HAVE_PCAP_FINDALLDEVS
static int Dflag; /* list available devices and exit */
-#endif
#ifdef HAVE_PCAP_FINDALLDEVS_EX
static char *remote_interfaces_source; /* list available devices from this source and exit */
#endif
#endif
static int lflag; /* line-buffered output */
static int pflag; /* don't go promiscuous */
-#ifdef HAVE_PCAP_SETDIRECTION
static int Qflag = -1; /* restrict captured packet by send/receive direction */
-#endif
-#ifdef HAVE_PCAP_DUMP_FLUSH
static int Uflag; /* "unbuffered" output of dump files */
-#endif
static int Wflag; /* recycle output files after this number of files */
static int WflagChars;
static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */
char *program_name;
-#ifdef HAVE_CASPER
-cap_channel_t *capdns;
-#endif
-
/* Forwards */
static void (*setsignal (int sig, void (*func)(int)))(int);
static void cleanup(int);
static void info(int);
static u_int packets_captured;
-#ifdef HAVE_PCAP_FINDALLDEVS
static const struct tok status_flags[] = {
#ifdef PCAP_IF_UP
{ PCAP_IF_UP, "Up" },
#endif
{ 0, NULL }
};
-#endif
static pcap_t *pd;
static pcap_dumper_t *pdd = NULL;
dlts[i]);
}
}
-#ifdef HAVE_PCAP_FREE_DATALINKS
pcap_free_datalinks(dlts);
-#endif
exit_tcpdump(S_SUCCESS);
}
-#ifdef HAVE_PCAP_FINDALLDEVS
static void NORETURN
show_devices_and_exit(void)
{
pcap_freealldevs(devlist);
exit_tcpdump(S_SUCCESS);
}
-#endif /* HAVE_PCAP_FINDALLDEVS */
#ifdef HAVE_PCAP_FINDALLDEVS_EX
static void NORETURN
int i;
if (pcap_findalldevs_ex(remote_interfaces_source, NULL, &devlist,
- ebuf) < 0)
+ ebuf) < 0) {
+ if (strcmp(ebuf, "not supported") == 0) {
+ /*
+ * macOS 14's pcap_findalldevs_ex(), which is a
+ * stub that always returns -1 with an error
+ * message of "not supported".
+ *
+ * In this case, as we passed it an rpcap://
+ * URL, treat that as meaning "remote capture
+ * not supported".
+ */
+ error("Remote capture not supported");
+ }
error("%s", ebuf);
+ }
for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
printf("%d.%s", i+1, dev->name);
if (dev->description != NULL)
pcap_freealldevs(devlist);
exit_tcpdump(S_SUCCESS);
}
-#endif /* HAVE_PCAP_FINDALLDEVS */
+#endif /* HAVE_PCAP_FINDALLDEVS_EX */
/*
* Short options.
* Set up flags that might or might not be supported depending on the
* version of libpcap we're using.
*/
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
-#define B_FLAG "B:"
-#define B_FLAG_USAGE " [ -B size ]"
-#else /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
-#define B_FLAG
-#define B_FLAG_USAGE
-#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
-
-#ifdef HAVE_PCAP_FINDALLDEVS
-#define D_FLAG "D"
-#else
-#define D_FLAG
-#endif
-
-#ifdef HAVE_PCAP_CREATE
-#define I_FLAG "I"
-#else /* HAVE_PCAP_CREATE */
-#define I_FLAG
-#endif /* HAVE_PCAP_CREATE */
-
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
#define j_FLAG "j:"
#define j_FLAG_USAGE " [ -j tstamptype ]"
#define J_FLAG "J"
-#else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
+#else /* HAVE_PCAP_SET_TSTAMP_TYPE */
#define j_FLAG
#define j_FLAG_USAGE
#define J_FLAG
-#endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
+#endif /* HAVE_PCAP_SET_TSTAMP_TYPE */
#ifdef USE_LIBSMI
#define m_FLAG_USAGE "[ -m module ] ..."
#endif
-#ifdef HAVE_PCAP_SETDIRECTION
-#define Q_FLAG "Q:"
-#define Q_FLAG_USAGE " [ -Q in|out|inout ]"
-#else
-#define Q_FLAG
-#define Q_FLAG_USAGE
-#endif
-
-#ifdef HAVE_PCAP_DUMP_FLUSH
-#define U_FLAG "U"
-#else
-#define U_FLAG
-#endif
-
-#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
+#define SHORTOPTS "aAbB:c:C:dDeE:fF:G:hHi:I" j_FLAG J_FLAG "KlLm:M:nNOpqQ:r:s:StT:uUvV:w:W:xXy:Yz:Z:#"
/*
* Long options.
#define OPTION_TSTAMP_NANO 134
#define OPTION_FP_TYPE 135
#define OPTION_COUNT 136
+#define OPTION_PRINT_SAMPLING 137
+#define OPTION_LENGTHS 138
static const struct option longopts[] = {
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
{ "buffer-size", required_argument, NULL, 'B' },
-#endif
{ "list-interfaces", no_argument, NULL, 'D' },
#ifdef HAVE_PCAP_FINDALLDEVS_EX
{ "list-remote-interfaces", required_argument, NULL, OPTION_LIST_REMOTE_INTERFACES },
#endif
{ "help", no_argument, NULL, 'h' },
{ "interface", required_argument, NULL, 'i' },
-#ifdef HAVE_PCAP_CREATE
{ "monitor-mode", no_argument, NULL, 'I' },
-#endif
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
{ "time-stamp-type", required_argument, NULL, 'j' },
{ "list-time-stamp-types", no_argument, NULL, 'J' },
{ "list-data-link-types", no_argument, NULL, 'L' },
{ "no-optimize", no_argument, NULL, 'O' },
{ "no-promiscuous-mode", no_argument, NULL, 'p' },
-#ifdef HAVE_PCAP_SETDIRECTION
{ "direction", required_argument, NULL, 'Q' },
-#endif
{ "snapshot-length", required_argument, NULL, 's' },
{ "absolute-tcp-sequence-numbers", no_argument, NULL, 'S' },
-#ifdef HAVE_PCAP_DUMP_FLUSH
{ "packet-buffered", no_argument, NULL, 'U' },
-#endif
{ "linktype", required_argument, NULL, 'y' },
#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
{ "immediate-mode", no_argument, NULL, OPTION_IMMEDIATE_MODE },
{ "fp-type", no_argument, NULL, OPTION_FP_TYPE },
{ "number", no_argument, NULL, '#' },
{ "print", no_argument, NULL, OPTION_PRINT },
+ { "print-sampling", required_argument, NULL, OPTION_PRINT_SAMPLING },
+ { "lengths", no_argument, NULL, OPTION_LENGTHS },
{ "version", no_argument, NULL, OPTION_VERSION },
{ NULL, 0, NULL, 0 }
};
#ifdef HAVE_PCAP_FINDALLDEVS_EX
-#define LIST_REMOTE_INTERFACES_USAGE "[ --list-remote-interfaces remote-source ]"
+#define LIST_REMOTE_INTERFACES_USAGE " [ --list-remote-interfaces remote-source ]"
#else
#define LIST_REMOTE_INTERFACES_USAGE
#endif
} else
error("Couldn't find user '%.32s'", username);
#ifdef HAVE_LIBCAP_NG
- /* We don't need CAP_SETUID, CAP_SETGID and CAP_SYS_CHROOT any more. */
-DIAG_OFF_CLANG(assign-enum)
+ /* We don't need CAP_SETUID, CAP_SETGID and CAP_SYS_CHROOT anymore. */
+DIAG_OFF_ASSIGN_ENUM
capng_updatev(
CAPNG_DROP,
CAPNG_EFFECTIVE | CAPNG_PERMITTED,
CAP_SETGID,
CAP_SYS_CHROOT,
-1);
-DIAG_ON_CLANG(assign-enum)
+DIAG_ON_ASSIGN_ENUM
capng_apply(CAPNG_SELECT_BOTH);
#endif /* HAVE_LIBCAP_NG */
char *filename = malloc(PATH_MAX + 1);
if (filename == NULL)
error("%s: malloc", __func__);
+ if (strlen(orig_name) == 0)
+ error("an empty string is not a valid file name");
/* Process with strftime if Gflag is set. */
if (Gflag != 0) {
}
/* There's no good way to detect an error in strftime since a return
- * value of 0 isn't necessarily failure.
+ * value of 0 isn't necessarily failure; if orig_name is an empty
+ * string, the formatted string will be empty.
+ *
+ * However, the C90 standard says that, if there *is* a
+ * buffer overflow, the content of the buffer is undefined,
+ * so we must check for a buffer overflow.
+ *
+ * So we check above for an empty orig_name, and only call
+ * strftime() if it's non-empty, in which case the return
+ * value will only be 0 if the formatted date doesn't fit
+ * in the buffer.
+ *
+ * (We check above because, even if we don't use -G, we
+ * want a better error message than "tcpdump: : No such
+ * file or directory" for this case.)
*/
- strftime(filename, PATH_MAX, orig_name, local_tm);
+ if (strftime(filename, PATH_MAX, orig_name, local_tm) == 0) {
+ error("%s: strftime", __func__);
+ }
} else {
strncpy(filename, orig_name, PATH_MAX);
}
if (cap_dns_type_limit(capdnsloc, types, 1) < 0)
error("unable to limit access to system.dns service");
families[0] = AF_INET;
+ /* Casper is a feature of FreeBSD, which defines AF_INET6. */
families[1] = AF_INET6;
if (cap_dns_family_limit(capdnsloc, families, 2) < 0)
error("unable to limit access to system.dns service");
* along the lines of ioctl(), the fact that ioctl() operations are
* largely specific to particular character devices but fcntl() operations
* are either generic to all descriptors or generic to all descriptors for
- * regular files nonwithstanding.
+ * regular files notwithstanding.
*
* The Capsicum people decided that fine-grained control of descriptor
* operations was required, so that you need to grant permission for
* that requires that it be able to do an F_GETFL fcntl() to read
* the O_ flags.
*
- * Tcpdump uses ftell() to determine how much data has been written
+ * tcpdump uses ftell() to determine how much data has been written
* to a file in order to, when used with -C, determine when it's time
* to rotate capture files. ftell() therefore needs to do an lseek()
* to find out the file offset and must, thanks to the aforementioned
return (cp);
}
-#ifdef HAVE_PCAP_FINDALLDEVS
static long
parse_interface_number(const char *device)
{
for (i = 0, dev = devlist; i < devnum-1 && dev != NULL;
i++, dev = dev->next)
;
- if (dev == NULL)
- error("Invalid adapter index");
+ if (dev == NULL) {
+ pcap_freealldevs(devlist);
+ error("Invalid adapter index %ld: only %ld interfaces found",
+ devnum, i);
+ }
device = strdup(dev->name);
pcap_freealldevs(devlist);
return (device);
}
-#endif
#ifdef HAVE_PCAP_OPEN
/*
open_interface(const char *device, netdissect_options *ndo, char *ebuf)
{
pcap_t *pc;
-#ifdef HAVE_PCAP_CREATE
int status;
char *cp;
-#endif
#ifdef HAVE_PCAP_OPEN
/*
pflag ? 0 : PCAP_OPENFLAG_PROMISCUOUS, timeout, NULL,
ebuf);
if (pc == NULL) {
+ /*
+ * macOS 14's pcap_pcap_open(), which is a
+ * stub that always returns NULL with an error
+ * message of "not supported".
+ *
+ * In this case, as we passed it an rpcap://
+ * URL, treat that as meaning "remote capture
+ * not supported".
+ */
+ if (strcmp(ebuf, "not supported") == 0)
+ error("Remote capture not supported");
+
/*
* If this failed with "No such device" or "The system
* cannot find the device specified", that means
}
#endif /* HAVE_PCAP_OPEN */
-#ifdef HAVE_PCAP_CREATE
pc = pcap_create(device, ebuf);
if (pc == NULL) {
/*
warning("%s: %s", device,
pcap_statustostr(status));
}
-#ifdef HAVE_PCAP_SETDIRECTION
if (Qflag != -1) {
status = pcap_setdirection(pc, Qflag);
if (status != 0)
error("%s: pcap_setdirection() failed: %s",
device, pcap_geterr(pc));
- }
-#endif /* HAVE_PCAP_SETDIRECTION */
-#else /* HAVE_PCAP_CREATE */
- *ebuf = '\0';
- /*
- * If no snapshot length was specified, or a length of 0 was
- * specified, default to 256KB.
- */
- if (ndo->ndo_snaplen == 0)
- ndo->ndo_snaplen = MAXIMUM_SNAPLEN;
- pc = pcap_open_live(device, ndo->ndo_snaplen, !pflag, timeout, ebuf);
- if (pc == NULL) {
- /*
- * If this failed with "No such device", that means
- * the interface doesn't exist; return NULL, so that
- * the caller can see whether the device name is
- * actually an interface index.
- */
- if (strstr(ebuf, "No such device") != NULL)
- return (NULL);
- error("%s", ebuf);
}
- if (*ebuf)
- warning("%s", ebuf);
-#endif /* HAVE_PCAP_CREATE */
return (pc);
}
#endif
char *ret = NULL;
char *end;
-#ifdef HAVE_PCAP_FINDALLDEVS
pcap_if_t *devlist;
long devnum;
-#endif
int status;
FILE *VFile;
#ifdef HAVE_CAPSICUM
int yflag_dlt = -1;
const char *yflag_dlt_name = NULL;
int print = 0;
- long Cflagmult = 1000000;
+ long Cflagmult;
netdissect_options Ndo;
netdissect_options *ndo = &Ndo;
#endif
/*
- * On platforms where the CPU doesn't support unaligned loads,
- * force unaligned accesses to abort with SIGBUS, rather than
- * being fixed up (slowly) by the OS kernel; on those platforms,
- * misaligned accesses are bugs, and we want tcpdump to crash so
- * that the bugs are reported.
+ * An explicit tzset() call is usually not needed as it happens
+ * implicitly the first time we call localtime() or mktime(),
+ * but in some cases (sandboxing, chroot) this may be too late.
*/
- if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
- error("%s", ebuf);
+ tzset();
while (
(op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1)
++ndo->ndo_bflag;
break;
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
case 'B':
Bflag = atoi(optarg)*1024;
if (Bflag <= 0)
error("invalid packet buffer size %s", optarg);
break;
-#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
case 'c':
cnt = atoi(optarg);
case 'C':
errno = 0;
- if (optarg[strlen(optarg)-1] == 'k') {
- Cflagmult = 1024;
- optarg[strlen(optarg)-1] = '\0';
- }
- if (optarg[strlen(optarg)-1] == 'm') {
- Cflagmult = 1024*1024;
- optarg[strlen(optarg)-1] = '\0';
- }
- if (optarg[strlen(optarg)-1] == 'g') {
- Cflagmult = 1024*1024*1024;
- optarg[strlen(optarg)-1] = '\0';
- }
#ifdef HAVE_PCAP_DUMP_FTELL64
Cflag = strtoint64_t(optarg, &endp, 10);
#else
Cflag = strtol(optarg, &endp, 10);
#endif
- if (endp == optarg || *endp != '\0' || errno != 0
- || Cflag <= 0)
+ if (endp == optarg || errno != 0 || Cflag <= 0)
error("invalid file size %s", optarg);
+
+ if (*endp == '\0') {
+ /*
+ * There's nothing after the file size,
+ * so the size is in units of 1 MB
+ * (1,000,000 bytes).
+ */
+ Cflagmult = 1000000;
+ } else {
+ /*
+ * There's something after the file
+ * size.
+ *
+ * If it's a single letter, then:
+ *
+ * if the letter is k or K, the size
+ * is in units of 1 KiB (1024 bytes);
+ *
+ * if the letter is m or M, the size
+ * is in units of 1 MiB (1,048,576 bytes);
+ *
+ * if the letter is g or G, the size
+ * is in units of 1 GiB (1,073,741,824 bytes).
+ *
+ * Otherwise, it's an error.
+ */
+ switch (*endp) {
+
+ case 'k':
+ case 'K':
+ Cflagmult = 1024;
+ break;
+
+ case 'm':
+ case 'M':
+ Cflagmult = 1024*1024;
+ break;
+
+ case 'g':
+ case 'G':
+ Cflagmult = 1024*1024*1024;
+ break;
+
+ default:
+ error("invalid file size %s", optarg);
+ }
+
+ /*
+ * OK, there was a letter that we treat
+ * as a units indication; was there
+ * anything after it?
+ */
+ endp++;
+ if (*endp != '\0') {
+ /* Yes - error */
+ error("invalid file size %s", optarg);
+ }
+ }
+
/*
* Will multiplying it by multiplier overflow?
*/
++dflag;
break;
-#ifdef HAVE_PCAP_FINDALLDEVS
case 'D':
Dflag++;
break;
-#endif
#ifdef HAVE_PCAP_FINDALLDEVS_EX
case OPTION_LIST_REMOTE_INTERFACES:
case 'h':
print_usage(stdout);
exit_tcpdump(S_SUCCESS);
- break;
+ /* NOTREACHED */
case 'H':
++ndo->ndo_Hflag;
device = optarg;
break;
-#ifdef HAVE_PCAP_CREATE
case 'I':
++Iflag;
break;
-#endif /* HAVE_PCAP_CREATE */
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
case 'j':
*/
setvbuf(stdout, NULL, _IONBF, 0);
#else /* _WIN32 */
-#ifdef HAVE_SETLINEBUF
- setlinebuf(stdout);
-#else
setvbuf(stdout, NULL, _IOLBF, 0);
-#endif
#endif /* _WIN32 */
lflag = 1;
break;
if (nd_load_smi_module(optarg, ebuf, sizeof(ebuf)) == -1)
error("%s", ebuf);
} else {
- (void)fprintf(stderr, "%s: ignoring option `-m %s' ",
+ (void)fprintf(stderr, "%s: ignoring option '-m %s' ",
program_name, optarg);
(void)fprintf(stderr, "(no libsmi support)\n");
}
++ndo->ndo_suppress_default_print;
break;
-#ifdef HAVE_PCAP_SETDIRECTION
case 'Q':
if (ascii_strcasecmp(optarg, "in") == 0)
Qflag = PCAP_D_IN;
else if (ascii_strcasecmp(optarg, "inout") == 0)
Qflag = PCAP_D_INOUT;
else
- error("unknown capture direction `%s'", optarg);
+ error("unknown capture direction '%s'", optarg);
break;
-#endif /* HAVE_PCAP_SETDIRECTION */
case 'r':
RFileName = optarg;
ndo->ndo_packettype = PT_SOMEIP;
else if (ascii_strcasecmp(optarg, "domain") == 0)
ndo->ndo_packettype = PT_DOMAIN;
+ else if (ascii_strcasecmp(optarg, "quic") == 0)
+ ndo->ndo_packettype = PT_QUIC;
else
- error("unknown packet type `%s'", optarg);
+ error("unknown packet type '%s'", optarg);
break;
case 'u':
++ndo->ndo_uflag;
break;
-#ifdef HAVE_PCAP_DUMP_FLUSH
case 'U':
++Uflag;
break;
-#endif
case 'v':
++ndo->ndo_vflag;
ndo->ndo_packet_number = 1;
break;
+ case OPTION_LENGTHS:
+ ndo->ndo_lengths = 1;
+ break;
+
case OPTION_VERSION:
print_version(stdout);
exit_tcpdump(S_SUCCESS);
- break;
+ /* NOTREACHED */
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
case OPTION_TSTAMP_PRECISION:
print = 1;
break;
+ case OPTION_PRINT_SAMPLING:
+ print = 1;
+ ++ndo->ndo_Sflag;
+ ndo->ndo_print_sampling = atoi(optarg);
+ if (ndo->ndo_print_sampling <= 0)
+ error("invalid print sampling %s", optarg);
+ break;
+
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
case OPTION_TSTAMP_MICRO:
ndo->ndo_tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
/* NOTREACHED */
}
-#ifdef HAVE_PCAP_FINDALLDEVS
if (Dflag)
show_devices_and_exit();
-#endif
#ifdef HAVE_PCAP_FINDALLDEVS_EX
if (remote_interfaces_source != NULL)
show_remote_devices_and_exit();
#endif
-#if defined(DLT_LINUX_SLL2) && defined(HAVE_PCAP_SET_DATALINK)
-/* Set default linktype DLT_LINUX_SLL2 when capturing on the "any" device */
- if (device != NULL &&
- strncmp (device, "any", strlen("any")) == 0
- && yflag_dlt == -1)
- yflag_dlt = DLT_LINUX_SLL2;
-#endif
-
switch (ndo->ndo_tflag) {
case 0: /* Default */
default: /* Not supported */
error("only -t, -tt, -ttt, -tttt and -ttttt are supported");
- break;
+ /* NOTREACHED */
}
if (ndo->ndo_fflag != 0 && (VFileName != NULL || RFileName != NULL))
/* Run with '-Z root' to restore old behaviour */
if (!username)
username = WITH_USER;
+ else if (strcmp(username, "root") == 0)
+ username = NULL;
}
#endif
pcap_datalink_val_to_description(dlt));
}
fprintf(stderr, ", snapshot length %d\n", pcap_snapshot(pd));
-#ifdef DLT_LINUX_SLL2
+#if defined(DLT_LINUX_SLL2) && defined(__linux__)
if (dlt == DLT_LINUX_SLL2)
fprintf(stderr, "Warning: interface names might be incorrect\n");
#endif
/*
* No interface was specified. Pick one.
*/
-#ifdef HAVE_PCAP_FINDALLDEVS
/*
* Find the list of interfaces, and pick
* the first interface.
error("no interfaces available for capture");
device = strdup(devlist->name);
pcap_freealldevs(devlist);
-#else /* HAVE_PCAP_FINDALLDEVS */
- /*
- * Use whatever interface pcap_lookupdev()
- * chooses.
- */
- device = pcap_lookupdev(ebuf);
- if (device == NULL)
- error("%s", ebuf);
-#endif
}
/*
* a 1-based index in the list of
* interfaces.
*/
-#ifdef HAVE_PCAP_FINDALLDEVS
devnum = parse_interface_number(device);
if (devnum == -1) {
/*
pd = open_interface(device, ndo, ebuf);
if (pd == NULL)
error("%s", ebuf);
-#else /* HAVE_PCAP_FINDALLDEVS */
- /*
- * We can't get a list of interfaces; just
- * fail.
- */
- error("%s", ebuf);
-#endif /* HAVE_PCAP_FINDALLDEVS */
}
/*
if (setgid(getgid()) != 0 || setuid(getuid()) != 0)
fprintf(stderr, "Warning: setgid/setuid failed !\n");
#endif /* _WIN32 */
-#if !defined(HAVE_PCAP_CREATE) && defined(_WIN32)
- if(Bflag != 0)
- if(pcap_setbuff(pd, Bflag)==-1){
- error("%s", pcap_geterr(pd));
- }
-#endif /* !defined(HAVE_PCAP_CREATE) && defined(_WIN32) */
if (Lflag)
show_dlts_and_exit(pd, device);
if (yflag_dlt >= 0) {
-#ifdef HAVE_PCAP_SET_DATALINK
if (pcap_set_datalink(pd, yflag_dlt) < 0)
error("%s", pcap_geterr(pd));
-#else
- /*
- * We don't actually support changing the
- * data link type, so we only let them
- * set it to what it already is.
- */
- if (yflag_dlt != pcap_datalink(pd)) {
- error("%s is not one of the DLTs supported by this device\n",
- yflag_dlt_name);
- }
-#endif
(void)fprintf(stderr, "%s: data link type %s\n",
program_name,
pcap_datalink_val_to_name(yflag_dlt));
(void)fflush(stderr);
}
+#if defined(DLT_LINUX_SLL2)
+ else {
+ /*
+ * Attempt to set default linktype to
+ * DLT_LINUX_SLL2 when capturing on the
+ * "any" device.
+ *
+ * If the attempt fails, just quietly drive
+ * on; this may be a non-Linux "any" device
+ * that doesn't support DLT_LINUX_SLL2.
+ */
+ if (strcmp(device, "any") == 0) {
+DIAG_OFF_WARN_UNUSED_RESULT
+ (void) pcap_set_datalink(pd, DLT_LINUX_SLL2);
+DIAG_ON_WARN_UNUSED_RESULT
+ }
+ }
+#endif
i = pcap_snapshot(pd);
if (ndo->ndo_snaplen < i) {
if (ndo->ndo_snaplen != 0)
#endif
/* Cooperate with nohup(1) */
#ifndef _WIN32
+ /*
+ * In illumos /usr/include/sys/iso/signal_iso.h causes Clang to
+ * generate a -Wstrict-prototypes warning here, see [1]. The
+ * __illumos__ macro is available since at least GCC 11 and Clang 13,
+ * see [2].
+ * 1: https://www.illumos.org/issues/16344
+ * 2: https://www.illumos.org/issues/13726
+ */
+#ifdef __illumos__
+ DIAG_OFF_STRICT_PROTOTYPES
+#endif /* __illumos__ */
if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
+#ifdef __illumos__
+ DIAG_ON_STRICT_PROTOTYPES
+#endif /* __illumos__ */
(void)setsignal(SIGHUP, oldhandler);
#endif /* _WIN32 */
* devices, and can't just give users that permission,
* you'd make tcpdump set-UID or set-GID).
*
- * Tcpdump doesn't necessarily write only to one savefile;
+ * tcpdump doesn't necessarily write only to one savefile;
* the general only way to allow a -Z instance to write to
* savefiles as the user under whose UID it's run, rather
* than as the user specified with -Z, would thus be to switch
/* Initialize capng */
capng_clear(CAPNG_SELECT_BOTH);
if (username) {
-DIAG_OFF_CLANG(assign-enum)
+DIAG_OFF_ASSIGN_ENUM
capng_updatev(
CAPNG_ADD,
CAPNG_PERMITTED | CAPNG_EFFECTIVE,
CAP_SETUID,
CAP_SETGID,
-1);
-DIAG_ON_CLANG(assign-enum)
+DIAG_ON_ASSIGN_ENUM
}
if (chroot_dir) {
-DIAG_OFF_CLANG(assign-enum)
+DIAG_OFF_ASSIGN_ENUM
capng_update(
CAPNG_ADD,
CAPNG_PERMITTED | CAPNG_EFFECTIVE,
CAP_SYS_CHROOT
);
-DIAG_ON_CLANG(assign-enum)
+DIAG_ON_ASSIGN_ENUM
}
if (WFileName) {
-DIAG_OFF_CLANG(assign-enum)
+DIAG_OFF_ASSIGN_ENUM
capng_update(
CAPNG_ADD,
CAPNG_PERMITTED | CAPNG_EFFECTIVE,
CAP_DAC_OVERRIDE
);
-DIAG_ON_CLANG(assign-enum)
+DIAG_ON_ASSIGN_ENUM
}
capng_apply(CAPNG_SELECT_BOTH);
#endif /* HAVE_LIBCAP_NG */
#endif
if (Cflag != 0 || Gflag != 0) {
#ifdef HAVE_CAPSICUM
- dumpinfo.WFileName = strdup(basename(WFileName));
+ /*
+ * basename() and dirname() may modify their input buffer
+ * and they do since FreeBSD 12.0, but they didn't before.
+ * Hence use the return value only, but always assume the
+ * input buffer has been modified and would need to be
+ * reset before the next use.
+ */
+ char *WFileName_copy;
+
+ if ((WFileName_copy = strdup(WFileName)) == NULL) {
+ error("Unable to allocate memory for file %s",
+ WFileName);
+ }
+ DIAG_OFF_C11_EXTENSIONS
+ dumpinfo.WFileName = strdup(basename(WFileName_copy));
+ DIAG_ON_C11_EXTENSIONS
if (dumpinfo.WFileName == NULL) {
error("Unable to allocate memory for file %s",
WFileName);
}
- dumpinfo.dirfd = open(dirname(WFileName),
+ free(WFileName_copy);
+
+ if ((WFileName_copy = strdup(WFileName)) == NULL) {
+ error("Unable to allocate memory for file %s",
+ WFileName);
+ }
+ DIAG_OFF_C11_EXTENSIONS
+ char *WFileName_dirname = dirname(WFileName_copy);
+ DIAG_ON_C11_EXTENSIONS
+ dumpinfo.dirfd = open(WFileName_dirname,
O_DIRECTORY | O_RDONLY);
if (dumpinfo.dirfd < 0) {
error("unable to open directory %s",
- dirname(WFileName));
+ WFileName_dirname);
}
+ free(WFileName_dirname);
+ free(WFileName_copy);
+
cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK, CAP_WRITE);
if (cap_rights_limit(dumpinfo.dirfd, &rights) < 0 &&
} else
dumpinfo.ndo = NULL;
-#ifdef HAVE_PCAP_DUMP_FLUSH
if (Uflag)
pcap_dump_flush(pdd);
-#endif
} else {
dlt = pcap_datalink(pd);
ndo->ndo_if_printer = get_if_printer(dlt);
#else
cansandbox = (cansandbox && ndo->ndo_nflag);
#endif /* HAVE_CASPER */
+ cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+ RFileName != NULL));
+
if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
error("unable to enter the capability mode");
#endif /* HAVE_CAPSICUM */
*/
dlt = new_dlt;
ndo->ndo_if_printer = get_if_printer(dlt);
+ /* Free the old filter */
+ pcap_freecode(&fcode);
if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
error("%s", pcap_geterr(pd));
}
free(cmdbuf);
pcap_freecode(&fcode);
- exit_tcpdump(status == -1 ? 1 : 0);
+ exit_tcpdump(status == -1 ? S_ERR_HOST_PROGRAM : S_SUCCESS);
}
/*
memset(&new, 0, sizeof(new));
new.sa_handler = func;
- if (sig == SIGCHLD)
+ if ((sig == SIGCHLD)
+# ifdef SIGNAL_REQ_INFO
+ || (sig == SIGNAL_REQ_INFO)
+# endif
+# ifdef SIGNAL_FLUSH_PCAP
+ || (sig == SIGNAL_FLUSH_PCAP)
+# endif
+ )
new.sa_flags = SA_RESTART;
if (sigaction(sig, &new, &old) < 0)
+ /* The same workaround as for SIG_DFL above. */
+#ifdef __illumos__
+ DIAG_OFF_STRICT_PROTOTYPES
+#endif /* __illumos__ */
return (SIG_ERR);
+#ifdef __illumos__
+ DIAG_ON_STRICT_PROTOTYPES
+#endif /* __illumos__ */
return (old.sa_handler);
#endif
}
setitimer(ITIMER_REAL, &timer, NULL);
#endif /* _WIN32 */
-#ifdef HAVE_PCAP_BREAKLOOP
/*
* We have "pcap_breakloop()"; use it, so that we do as little
* as possible in the signal handler (it's probably not safe
* the ANSI C standard doesn't say it is).
*/
pcap_breakloop(pd);
-#else
- /*
- * We don't have "pcap_breakloop()"; this isn't safe, but
- * it's the best we can do. Print the summary if we're
- * not reading from a savefile - i.e., if we're doing a
- * live capture - and exit.
- */
- if (pd != NULL && pcap_file(pd) == NULL) {
- /*
- * We got interrupted, so perhaps we didn't
- * manage to finish a line we were printing.
- * Print an extra newline, just in case.
- */
- putchar('\n');
- (void)fflush(stdout);
- info(1);
- }
- exit_tcpdump(S_SUCCESS);
-#endif
}
/*
static void
child_cleanup(int signo _U_)
{
- wait(NULL);
+ while (waitpid(-1, NULL, WNOHANG) >= 0);
}
#endif /* HAVE_FORK && HAVE_VFORK */
}
#endif /* HAVE_FORK && HAVE_VFORK */
+static void
+close_old_dump_file(struct dump_info *dump_info)
+{
+ /*
+ * Close the current file and open a new one.
+ */
+ pcap_dump_close(dump_info->pdd);
+
+ /*
+ * Compress the file we just closed, if the user asked for it.
+ */
+ if (zflag != NULL)
+ compress_savefile(dump_info->CurrentFileName);
+}
+
+static void
+open_new_dump_file(struct dump_info *dump_info)
+{
+#ifdef HAVE_CAPSICUM
+ FILE *fp;
+ int fd;
+#endif
+
+#ifdef HAVE_LIBCAP_NG
+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
+ capng_apply(CAPNG_SELECT_BOTH);
+#endif /* HAVE_LIBCAP_NG */
+#ifdef HAVE_CAPSICUM
+ fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
+ O_CREAT | O_WRONLY | O_TRUNC, 0644);
+ if (fd < 0) {
+ error("unable to open file %s", dump_info->CurrentFileName);
+ }
+ fp = fdopen(fd, "w");
+ if (fp == NULL) {
+ error("unable to fdopen file %s", dump_info->CurrentFileName);
+ }
+ dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
+#else /* !HAVE_CAPSICUM */
+ dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
+#endif
+#ifdef HAVE_LIBCAP_NG
+ capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
+ capng_apply(CAPNG_SELECT_BOTH);
+#endif /* HAVE_LIBCAP_NG */
+ if (dump_info->pdd == NULL)
+ error("%s", pcap_geterr(pd));
+#ifdef HAVE_CAPSICUM
+ set_dumper_capsicum_rights(dump_info->pdd);
+#endif
+}
+
static void
dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
{
/* If the time is greater than the specified window, rotate */
if (t - Gflag_time >= Gflag) {
-#ifdef HAVE_CAPSICUM
- FILE *fp;
- int fd;
-#endif
-
/* Update the Gflag_time */
Gflag_time = t;
/* Update Gflag_count */
Gflag_count++;
- /*
- * Close the current file and open a new one.
- */
- pcap_dump_close(dump_info->pdd);
- /*
- * Compress the file we just closed, if the user asked for it
- */
- if (zflag != NULL)
- compress_savefile(dump_info->CurrentFileName);
+ close_old_dump_file(dump_info);
/*
* Check to see if we've exceeded the Wflag (when
else
MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0);
-#ifdef HAVE_LIBCAP_NG
- capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
- capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CAPSICUM
- fd = openat(dump_info->dirfd,
- dump_info->CurrentFileName,
- O_CREAT | O_WRONLY | O_TRUNC, 0644);
- if (fd < 0) {
- error("unable to open file %s",
- dump_info->CurrentFileName);
- }
- fp = fdopen(fd, "w");
- if (fp == NULL) {
- error("unable to fdopen file %s",
- dump_info->CurrentFileName);
- }
- dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
-#else /* !HAVE_CAPSICUM */
- dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
-#endif
-#ifdef HAVE_LIBCAP_NG
- capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
- capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
- if (dump_info->pdd == NULL)
- error("%s", pcap_geterr(pd));
-#ifdef HAVE_CAPSICUM
- set_dumper_capsicum_rights(dump_info->pdd);
-#endif
+ open_new_dump_file(dump_info);
}
}
if (size == -1)
error("ftell fails on output file");
if (size > Cflag) {
-#ifdef HAVE_CAPSICUM
- FILE *fp;
- int fd;
-#endif
-
- /*
- * Close the current file and open a new one.
- */
- pcap_dump_close(dump_info->pdd);
-
- /*
- * Compress the file we just closed, if the user
- * asked for it.
- */
- if (zflag != NULL)
- compress_savefile(dump_info->CurrentFileName);
+ close_old_dump_file(dump_info);
Cflag_count++;
if (Wflag > 0) {
if (dump_info->CurrentFileName == NULL)
error("%s: malloc", __func__);
MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars);
-#ifdef HAVE_LIBCAP_NG
- capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
- capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CAPSICUM
- fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
- O_CREAT | O_WRONLY | O_TRUNC, 0644);
- if (fd < 0) {
- error("unable to open file %s",
- dump_info->CurrentFileName);
- }
- fp = fdopen(fd, "w");
- if (fp == NULL) {
- error("unable to fdopen file %s",
- dump_info->CurrentFileName);
- }
- dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
-#else /* !HAVE_CAPSICUM */
- dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
-#endif
-#ifdef HAVE_LIBCAP_NG
- capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
- capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
- if (dump_info->pdd == NULL)
- error("%s", pcap_geterr(pd));
-#ifdef HAVE_CAPSICUM
- set_dumper_capsicum_rights(dump_info->pdd);
-#endif
+
+ open_new_dump_file(dump_info);
}
}
pcap_dump((u_char *)dump_info->pdd, h, sp);
-#ifdef HAVE_PCAP_DUMP_FLUSH
if (Uflag)
pcap_dump_flush(dump_info->pdd);
-#endif
if (dump_info->ndo != NULL)
pretty_print_packet(dump_info->ndo, h, sp, packets_captured);
dump_info = (struct dump_info *)user;
pcap_dump((u_char *)dump_info->pdd, h, sp);
-#ifdef HAVE_PCAP_DUMP_FLUSH
if (Uflag)
pcap_dump_flush(dump_info->pdd);
-#endif
if (dump_info->ndo != NULL)
pretty_print_packet(dump_info->ndo, h, sp, packets_captured);
}
#endif /* _WIN32 */
-USES_APPLE_DEPRECATED_API
+DIAG_OFF_DEPRECATION
static void
print_version(FILE *f)
{
-#ifndef HAVE_PCAP_LIB_VERSION
- #ifdef HAVE_PCAP_VERSION
- extern char pcap_version[];
- #else /* HAVE_PCAP_VERSION */
- static char pcap_version[] = "unknown";
- #endif /* HAVE_PCAP_VERSION */
-#endif /* HAVE_PCAP_LIB_VERSION */
const char *smi_version_string;
(void)fprintf(f, "%s version " PACKAGE_VERSION "\n", program_name);
-#ifdef HAVE_PCAP_LIB_VERSION
(void)fprintf(f, "%s\n", pcap_lib_version());
-#else /* HAVE_PCAP_LIB_VERSION */
- (void)fprintf(f, "libpcap version %s\n", pcap_version);
-#endif /* HAVE_PCAP_LIB_VERSION */
#if defined(HAVE_LIBCRYPTO) && defined(SSLEAY_VERSION)
(void)fprintf (f, "%s\n", SSLeay_version(SSLEAY_VERSION));
(void)fprintf (f, "Compiled with MemorySanitizer/Clang.\n");
# endif
#endif /* __SANITIZE_ADDRESS__ or __has_feature */
+ (void)fprintf (f, "%zu-bit build, %zu-bit time_t\n",
+ sizeof(void *) * 8, sizeof(time_t) * 8);
}
-USES_APPLE_RST
+DIAG_ON_DEPRECATION
static void
print_usage(FILE *f)
{
print_version(f);
(void)fprintf(f,
-"Usage: %s [-Abd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqStu" U_FLAG "vxX#]" B_FLAG_USAGE " [ -c count ] [--count]\n", program_name);
+"Usage: %s [-AbdDefhHI" J_FLAG "KlLnNOpqStuUvxX#] [ -B size ] [ -c count ] [--count]\n", program_name);
(void)fprintf(f,
"\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
(void)fprintf(f,
"\t\t[ -i interface ]" IMMEDIATE_MODE_USAGE j_FLAG_USAGE "\n");
-#ifdef HAVE_PCAP_FINDALLDEVS_EX
(void)fprintf(f,
-"\t\t" LIST_REMOTE_INTERFACES_USAGE "\n");
-#endif
+"\t\t[ --lengths ]" LIST_REMOTE_INTERFACES_USAGE "\n");
#ifdef USE_LIBSMI
(void)fprintf(f,
"\t\t" m_FLAG_USAGE "\n");
#endif
(void)fprintf(f,
-"\t\t[ -M secret ] [ --number ] [ --print ]" Q_FLAG_USAGE "\n");
+"\t\t[ -M secret ] [ --number ] [ --print ]\n");
+ (void)fprintf(f,
+"\t\t[ --print-sampling nth ] [ -Q in|out|inout ] [ -r file ]\n");
(void)fprintf(f,
-"\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ --version ]\n");
+"\t\t[ -s snaplen ] [ -T type ] [ --version ]\n");
(void)fprintf(f,
"\t\t[ -V file ] [ -w file ] [ -W filecount ] [ -y datalinktype ]\n");
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
projects / tcpdump / blobdiff