int i;
if (pcap_findalldevs_ex(remote_interfaces_source, NULL, &devlist,
- ebuf) < 0)
+ ebuf) < 0) {
+ if (strcmp(ebuf, "not supported") == 0) {
+ /*
+ * macOS 14's pcap_findalldevs_ex(), which is a
+ * stub that always returns -1 with an error
+ * message of "not supported".
+ *
+ * In this case, as we passed it an rpcap://
+ * URL, treat that as meaning "remote capture
+ * not supported".
+ */
+ error("Remote capture not supported");
+ }
error("%s", ebuf);
+ }
for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
printf("%d.%s", i+1, dev->name);
if (dev->description != NULL)
} else
error("Couldn't find user '%.32s'", username);
#ifdef HAVE_LIBCAP_NG
- /* We don't need CAP_SETUID, CAP_SETGID and CAP_SYS_CHROOT any more. */
+ /* We don't need CAP_SETUID, CAP_SETGID and CAP_SYS_CHROOT anymore. */
DIAG_OFF_ASSIGN_ENUM
capng_updatev(
CAPNG_DROP,
* along the lines of ioctl(), the fact that ioctl() operations are
* largely specific to particular character devices but fcntl() operations
* are either generic to all descriptors or generic to all descriptors for
- * regular files nonwithstanding.
+ * regular files notwithstanding.
*
* The Capsicum people decided that fine-grained control of descriptor
* operations was required, so that you need to grant permission for
* that requires that it be able to do an F_GETFL fcntl() to read
* the O_ flags.
*
- * Tcpdump uses ftell() to determine how much data has been written
+ * tcpdump uses ftell() to determine how much data has been written
* to a file in order to, when used with -C, determine when it's time
* to rotate capture files. ftell() therefore needs to do an lseek()
* to find out the file offset and must, thanks to the aforementioned
pflag ? 0 : PCAP_OPENFLAG_PROMISCUOUS, timeout, NULL,
ebuf);
if (pc == NULL) {
+ /*
+ * macOS 14's pcap_pcap_open(), which is a
+ * stub that always returns NULL with an error
+ * message of "not supported".
+ *
+ * In this case, as we passed it an rpcap://
+ * URL, treat that as meaning "remote capture
+ * not supported".
+ */
+ if (strcmp(ebuf, "not supported") == 0)
+ error("Remote capture not supported");
+
/*
* If this failed with "No such device" or "The system
* cannot find the device specified", that means
if (status != 0)
error("%s: pcap_setdirection() failed: %s",
device, pcap_geterr(pc));
- }
+ }
#endif /* HAVE_PCAP_SETDIRECTION */
#else /* HAVE_PCAP_CREATE */
*ebuf = '\0';
if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
error("%s", ebuf);
+ /*
+ * An explicit tzset() call is usually not needed as it happens
+ * implicitly the first time we call localtime() or mktime(),
+ * but in some cases (sandboxing, chroot) this may be too late.
+ */
+ tzset();
+
while (
(op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1)
switch (op) {
if (nd_load_smi_module(optarg, ebuf, sizeof(ebuf)) == -1)
error("%s", ebuf);
} else {
- (void)fprintf(stderr, "%s: ignoring option `-m %s' ",
+ (void)fprintf(stderr, "%s: ignoring option '-m %s' ",
program_name, optarg);
(void)fprintf(stderr, "(no libsmi support)\n");
}
else if (ascii_strcasecmp(optarg, "inout") == 0)
Qflag = PCAP_D_INOUT;
else
- error("unknown capture direction `%s'", optarg);
+ error("unknown capture direction '%s'", optarg);
break;
#endif /* HAVE_PCAP_SETDIRECTION */
else if (ascii_strcasecmp(optarg, "quic") == 0)
ndo->ndo_packettype = PT_QUIC;
else
- error("unknown packet type `%s'", optarg);
+ error("unknown packet type '%s'", optarg);
break;
case 'u':
show_remote_devices_and_exit();
#endif
-#if defined(DLT_LINUX_SLL2) && defined(HAVE_PCAP_SET_DATALINK)
-/* Set default linktype DLT_LINUX_SLL2 when capturing on the "any" device */
- if (device != NULL &&
- strncmp (device, "any", strlen("any")) == 0
- && yflag_dlt == -1)
- yflag_dlt = DLT_LINUX_SLL2;
-#endif
-
switch (ndo->ndo_tflag) {
case 0: /* Default */
/* Run with '-Z root' to restore old behaviour */
if (!username)
username = WITH_USER;
+ else if (strcmp(username, "root") == 0)
+ username = NULL;
}
#endif
pcap_datalink_val_to_name(yflag_dlt));
(void)fflush(stderr);
}
+#if defined(DLT_LINUX_SLL2) && defined(HAVE_PCAP_SET_DATALINK)
+ else {
+ /*
+ * Attempt to set default linktype to
+ * DLT_LINUX_SLL2 when capturing on the
+ * "any" device.
+ *
+ * If the attempt fails, just quietly drive
+ * on; this may be a non-Linux "any" device
+ * that doesn't support DLT_LINUX_SLL2.
+ */
+ if (strcmp(device, "any") == 0) {
+DIAG_OFF_WARN_UNUSED_RESULT
+ (void) pcap_set_datalink(pd, DLT_LINUX_SLL2);
+DIAG_ON_WARN_UNUSED_RESULT
+ }
+ }
+#endif
i = pcap_snapshot(pd);
if (ndo->ndo_snaplen < i) {
if (ndo->ndo_snaplen != 0)
* devices, and can't just give users that permission,
* you'd make tcpdump set-UID or set-GID).
*
- * Tcpdump doesn't necessarily write only to one savefile;
+ * tcpdump doesn't necessarily write only to one savefile;
* the general only way to allow a -Z instance to write to
* savefiles as the user under whose UID it's run, rather
* than as the user specified with -Z, would thus be to switch
#else
cansandbox = (cansandbox && ndo->ndo_nflag);
#endif /* HAVE_CASPER */
+ cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+ RFileName != NULL));
+
if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
error("unable to enter the capability mode");
#endif /* HAVE_CAPSICUM */
projects / tcpdump / blobdiff