+#if defined(HAVE_PCAP_SET_PARSER_DEBUG)
+/*
+ * We have pcap_set_parser_debug() in libpcap; declare it (it's not declared
+ * by any libpcap header, because it's a special hack, only available if
+ * libpcap was configured to include it, and only intended for use by
+ * libpcap developers trying to debug the parser for filter expressions).
+ */
+#ifdef _WIN32
+__declspec(dllimport)
+#else /* _WIN32 */
+extern
+#endif /* _WIN32 */
+void pcap_set_parser_debug(int);
+#elif defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
+/*
+ * We don't have pcap_set_parser_debug() in libpcap, but we do have
+ * pcap_debug or yydebug. Make a local version of pcap_set_parser_debug()
+ * to set the flag, and define HAVE_PCAP_SET_PARSER_DEBUG.
+ */
+static void
+pcap_set_parser_debug(int value)
+{
+#ifdef HAVE_PCAP_DEBUG
+ extern int pcap_debug;
+
+ pcap_debug = value;
+#else /* HAVE_PCAP_DEBUG */
+ extern int yydebug;
+
+ yydebug = value;
+#endif /* HAVE_PCAP_DEBUG */
+}
+
+#define HAVE_PCAP_SET_PARSER_DEBUG
+#endif
+
+#if defined(HAVE_PCAP_SET_OPTIMIZER_DEBUG)
+/*
+ * We have pcap_set_optimizer_debug() in libpcap; declare it (it's not declared
+ * by any libpcap header, because it's a special hack, only available if
+ * libpcap was configured to include it, and only intended for use by
+ * libpcap developers trying to debug the optimizer for filter expressions).
+ */
+#ifdef _WIN32
+__declspec(dllimport)
+#else /* _WIN32 */
+extern
+#endif /* _WIN32 */
+void pcap_set_optimizer_debug(int);
+#endif
+
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+static void
+show_tstamp_types_and_exit(const char *device)
+{
+ int n_tstamp_types;
+ int *tstamp_types = 0;
+ const char *tstamp_type_name;
+ int i;
+
+ n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types);
+ if (n_tstamp_types < 0)
+ error("%s", pcap_geterr(pd));
+
+ if (n_tstamp_types == 0) {
+ fprintf(stderr, "Time stamp type cannot be set for %s\n",
+ device);
+ exit(0);
+ }
+ fprintf(stderr, "Time stamp types for %s (use option -j to set):\n",
+ device);
+ for (i = 0; i < n_tstamp_types; i++) {
+ tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]);
+ if (tstamp_type_name != NULL) {
+ (void) fprintf(stderr, " %s (%s)\n", tstamp_type_name,
+ pcap_tstamp_type_val_to_description(tstamp_types[i]));
+ } else {
+ (void) fprintf(stderr, " %d\n", tstamp_types[i]);
+ }
+ }
+ pcap_free_tstamp_types(tstamp_types);
+ exit(0);
+}
+#endif
+
+static void
+show_dlts_and_exit(const char *device)
+{
+ int n_dlts, i;
+ int *dlts = 0;
+ const char *dlt_name;
+
+ n_dlts = pcap_list_datalinks(pd, &dlts);
+ if (n_dlts < 0)
+ error("%s", pcap_geterr(pd));
+ else if (n_dlts == 0 || !dlts)
+ error("No data link types.");
+
+ /*
+ * If the interface is known to support monitor mode, indicate
+ * whether these are the data link types available when not in
+ * monitor mode, if -I wasn't specified, or when in monitor mode,
+ * when -I was specified (the link-layer types available in
+ * monitor mode might be different from the ones available when
+ * not in monitor mode).
+ */
+ if (supports_monitor_mode)
+ (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n",
+ device,
+ Iflag ? "when in monitor mode" : "when not in monitor mode");
+ else
+ (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n",
+ device);
+
+ for (i = 0; i < n_dlts; i++) {
+ dlt_name = pcap_datalink_val_to_name(dlts[i]);
+ if (dlt_name != NULL) {
+ (void) fprintf(stderr, " %s (%s)", dlt_name,
+ pcap_datalink_val_to_description(dlts[i]));
+
+ /*
+ * OK, does tcpdump handle that type?
+ */
+ if (!has_printer(dlts[i]))
+ (void) fprintf(stderr, " (printing not supported)");
+ fprintf(stderr, "\n");
+ } else {
+ (void) fprintf(stderr, " DLT %d (printing not supported)\n",
+ dlts[i]);
+ }
+ }
+#ifdef HAVE_PCAP_FREE_DATALINKS
+ pcap_free_datalinks(dlts);
+#endif
+ exit(0);
+}
+
+#ifdef HAVE_PCAP_FINDALLDEVS
+static void
+show_devices_and_exit (void)
+{
+ pcap_if_t *dev, *devlist;
+ char ebuf[PCAP_ERRBUF_SIZE];
+ int i;
+
+ if (pcap_findalldevs(&devlist, ebuf) < 0)
+ error("%s", ebuf);
+ for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
+ printf("%d.%s", i+1, dev->name);
+ if (dev->description != NULL)
+ printf(" (%s)", dev->description);
+ if (dev->flags != 0)
+ printf(" [%s]", bittok2str(status_flags, "none", dev->flags));
+ printf("\n");
+ }
+ pcap_freealldevs(devlist);
+ exit(0);
+}
+#endif /* HAVE_PCAP_FINDALLDEVS */
+
+/*
+ * Short options.
+ *
+ * Note that there we use all letters for short options except for g, k,
+ * o, and P, and those are used by other versions of tcpdump, and we should
+ * only use them for the same purposes that the other versions of tcpdump
+ * use them:
+ *
+ * OS X tcpdump uses -g to force non--v output for IP to be on one
+ * line, making it more "g"repable;
+ *
+ * OS X tcpdump uses -k tospecify that packet comments in pcap-ng files
+ * should be printed;
+ *
+ * OpenBSD tcpdump uses -o to indicate that OS fingerprinting should be done
+ * for hosts sending TCP SYN packets;
+ *
+ * OS X tcpdump uses -P to indicate that -w should write pcap-ng rather
+ * than pcap files.
+ *
+ * OS X tcpdump also uses -Q to specify expressions that match packet
+ * metadata, including but not limited to the packet direction.
+ * The expression syntax is different from a simple "in|out|inout",
+ * and those expressions aren't accepted by OS X tcpdump, but the
+ * equivalents would be "in" = "dir=in", "out" = "dir=out", and
+ * "inout" = "dir=in or dir=out", and the parser could conceivably
+ * special-case "in", "out", and "inout" as expressions for backwards
+ * compatibility, so all is not (yet) lost.
+ */
+
+/*
+ * Set up flags that might or might not be supported depending on the
+ * version of libpcap we're using.
+ */
+#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
+#define B_FLAG "B:"
+#define B_FLAG_USAGE " [ -B size ]"
+#else /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
+#define B_FLAG
+#define B_FLAG_USAGE
+#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
+
+#ifdef HAVE_PCAP_CREATE
+#define I_FLAG "I"
+#else /* HAVE_PCAP_CREATE */
+#define I_FLAG
+#endif /* HAVE_PCAP_CREATE */
+
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+#define j_FLAG "j:"
+#define j_FLAG_USAGE " [ -j tstamptype ]"
+#define J_FLAG "J"
+#else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
+#define j_FLAG
+#define j_FLAG_USAGE
+#define J_FLAG
+#endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
+
+#ifdef HAVE_PCAP_FINDALLDEVS
+#define D_FLAG "D"
+#else
+#define D_FLAG
projects / tcpdump / blobdiff