#include <tcpdump-stdinc.h>
#ifdef WIN32
-#include "getopt.h"
#include "w32_fzs.h"
extern int strcasecmp (const char *__s1, const char *__s2);
extern int SIZE_BUF;
#include <smi.h>
#endif
+#ifdef HAVE_LIBCRYPTO
+#include <openssl/crypto.h>
+#endif
+
+#ifdef HAVE_GETOPT_LONG
+#include <getopt.h>
+#else
+#include "getopt_long.h"
+#endif
#include <pcap.h>
#include <signal.h>
#include <stdio.h>
#include <sys/resource.h>
#include <pwd.h>
#include <grp.h>
-#include <errno.h>
#endif /* WIN32 */
/* capabilities convinience library */
/* Forwards */
static RETSIGTYPE cleanup(int);
static RETSIGTYPE child_cleanup(int);
-static void usage(void) __attribute__((noreturn));
+static void print_version(void);
+static void print_usage(void);
static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn));
static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
static const struct printer printers[] = {
- { token_if_print, DLT_IEEE802 },
- { sl_if_print, DLT_SLIP },
-#ifdef DLT_SLIP_BSDOS
- { sl_bsdos_if_print, DLT_SLIP_BSDOS },
+ { NULL, 0 },
+};
+
+static const struct ndo_printer ndo_printers[] = {
+ { ether_if_print, DLT_EN10MB },
+#ifdef DLT_IPNET
+ { ipnet_if_print, DLT_IPNET },
#endif
- { ppp_if_print, DLT_PPP },
-#ifdef DLT_PPP_WITHDIRECTION
- { ppp_if_print, DLT_PPP_WITHDIRECTION },
+#ifdef DLT_IEEE802_15_4
+ { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
#endif
-#ifdef DLT_PPP_BSDOS
- { ppp_bsdos_if_print, DLT_PPP_BSDOS },
+#ifdef DLT_IEEE802_15_4_NOFCS
+ { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
+#endif
+#ifdef DLT_PPI
+ { ppi_if_print, DLT_PPI },
+#endif
+#ifdef DLT_NETANALYZER
+ { netanalyzer_if_print, DLT_NETANALYZER },
+#endif
+#ifdef DLT_NETANALYZER_TRANSPARENT
+ { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
+#endif
+#if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H)
+ { nflog_if_print, DLT_NFLOG},
+#endif
+#ifdef DLT_CIP
+ { cip_if_print, DLT_CIP },
+#endif
+#ifdef DLT_ATM_CLIP
+ { cip_if_print, DLT_ATM_CLIP },
+#endif
+#ifdef DLT_IP_OVER_FC
+ { ipfc_if_print, DLT_IP_OVER_FC },
+#endif
+ { null_if_print, DLT_NULL },
+#ifdef DLT_LOOP
+ { null_if_print, DLT_LOOP },
+#endif
+#ifdef DLT_APPLE_IP_OVER_IEEE1394
+ { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
+#endif
+#if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H)
+ { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
+#endif
+#ifdef DLT_LANE8023
+ { lane_if_print, DLT_LANE8023 },
+#endif
+ { arcnet_if_print, DLT_ARCNET },
+#ifdef DLT_ARCNET_LINUX
+ { arcnet_linux_if_print, DLT_ARCNET_LINUX },
#endif
- { fddi_if_print, DLT_FDDI },
{ raw_if_print, DLT_RAW },
- { atm_if_print, DLT_ATM_RFC1483 },
+#ifdef DLT_IPV4
+ { raw_if_print, DLT_IPV4 },
+#endif
+#ifdef DLT_IPV6
+ { raw_if_print, DLT_IPV6 },
+#endif
+#ifdef HAVE_PCAP_USB_H
+#ifdef DLT_USB_LINUX
+ { usb_linux_48_byte_print, DLT_USB_LINUX},
+#endif /* DLT_USB_LINUX */
+#ifdef DLT_USB_LINUX_MMAPPED
+ { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED},
+#endif /* DLT_USB_LINUX_MMAPPED */
+#endif /* HAVE_PCAP_USB_H */
+#ifdef DLT_SYMANTEC_FIREWALL
+ { symantec_if_print, DLT_SYMANTEC_FIREWALL },
+#endif
#ifdef DLT_C_HDLC
{ chdlc_if_print, DLT_C_HDLC },
#endif
#ifdef DLT_HDLC
{ chdlc_if_print, DLT_HDLC },
#endif
-#ifdef DLT_PPP_SERIAL
- { ppp_hdlc_if_print, DLT_PPP_SERIAL },
-#endif
#ifdef DLT_PPP_ETHER
{ pppoe_if_print, DLT_PPP_ETHER },
#endif
-#ifdef DLT_LINUX_SLL
- { sll_if_print, DLT_LINUX_SLL },
-#endif
-#ifdef DLT_IEEE802_11
- { ieee802_11_if_print, DLT_IEEE802_11},
-#endif
-#ifdef DLT_LTALK
- { ltalk_if_print, DLT_LTALK },
-#endif
#if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H)
{ pflog_if_print, DLT_PFLOG },
+#endif
+ { token_if_print, DLT_IEEE802 },
+ { fddi_if_print, DLT_FDDI },
+#ifdef DLT_LINUX_SLL
+ { sll_if_print, DLT_LINUX_SLL },
#endif
#ifdef DLT_FR
{ fr_if_print, DLT_FR },
#ifdef DLT_FRELAY
{ fr_if_print, DLT_FRELAY },
#endif
+#ifdef DLT_MFR
+ { mfr_if_print, DLT_MFR },
+#endif
+ { atm_if_print, DLT_ATM_RFC1483 },
#ifdef DLT_SUNATM
{ sunatm_if_print, DLT_SUNATM },
#endif
-#ifdef DLT_PRISM_HEADER
- { prism_if_print, DLT_PRISM_HEADER },
-#endif
-#ifdef DLT_IEEE802_11_RADIO
- { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
-#endif
#ifdef DLT_ENC
{ enc_if_print, DLT_ENC },
#endif
-#ifdef DLT_SYMANTEC_FIREWALL
- { symantec_if_print, DLT_SYMANTEC_FIREWALL },
+ { sl_if_print, DLT_SLIP },
+#ifdef DLT_SLIP_BSDOS
+ { sl_bsdos_if_print, DLT_SLIP_BSDOS },
#endif
-#ifdef DLT_IEEE802_11_RADIO_AVS
- { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
+#ifdef DLT_LTALK
+ { ltalk_if_print, DLT_LTALK },
#endif
#ifdef DLT_JUNIPER_ATM1
{ juniper_atm1_print, DLT_JUNIPER_ATM1 },
#ifdef DLT_JUNIPER_CHDLC
{ juniper_chdlc_print, DLT_JUNIPER_CHDLC },
#endif
-#ifdef DLT_MFR
- { mfr_if_print, DLT_MFR },
-#endif
-#ifdef HAVE_PCAP_USB_H
-#ifdef DLT_USB_LINUX
- { usb_linux_48_byte_print, DLT_USB_LINUX},
-#endif /* DLT_USB_LINUX */
-#ifdef DLT_USB_LINUX_MMAPPED
- { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED},
-#endif /* DLT_USB_LINUX_MMAPPED */
-#endif /* HAVE_PCAP_USB_H */
-#ifdef DLT_IPV4
- { raw_if_print, DLT_IPV4 },
-#endif
-#ifdef DLT_IPV6
- { raw_if_print, DLT_IPV6 },
-#endif
- { NULL, 0 },
-};
-
-static const struct ndo_printer ndo_printers[] = {
- { ether_if_print, DLT_EN10MB },
-#ifdef DLT_IPNET
- { ipnet_if_print, DLT_IPNET },
-#endif
-#ifdef DLT_IEEE802_15_4
- { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
-#endif
-#ifdef DLT_IEEE802_15_4_NOFCS
- { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
-#endif
-#ifdef DLT_PPI
- { ppi_if_print, DLT_PPI },
-#endif
-#ifdef DLT_NETANALYZER
- { netanalyzer_if_print, DLT_NETANALYZER },
-#endif
-#ifdef DLT_NETANALYZER_TRANSPARENT
- { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
-#endif
-#if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H)
- { nflog_if_print, DLT_NFLOG},
-#endif
-#ifdef DLT_CIP
- { cip_if_print, DLT_CIP },
+#ifdef DLT_PKTAP
+ { pktap_if_print, DLT_PKTAP },
#endif
-#ifdef DLT_ATM_CLIP
- { cip_if_print, DLT_ATM_CLIP },
+#ifdef DLT_IEEE802_11_RADIO
+ { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
#endif
-#ifdef DLT_IP_OVER_FC
- { ipfc_if_print, DLT_IP_OVER_FC },
+#ifdef DLT_IEEE802_11
+ { ieee802_11_if_print, DLT_IEEE802_11},
#endif
- { null_if_print, DLT_NULL },
-#ifdef DLT_LOOP
- { null_if_print, DLT_LOOP },
+#ifdef DLT_IEEE802_11_RADIO_AVS
+ { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
#endif
-#ifdef DLT_APPLE_IP_OVER_IEEE1394
- { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
+#ifdef DLT_PRISM_HEADER
+ { prism_if_print, DLT_PRISM_HEADER },
#endif
-#if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H)
- { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
+ { ppp_if_print, DLT_PPP },
+#ifdef DLT_PPP_WITHDIRECTION
+ { ppp_if_print, DLT_PPP_WITHDIRECTION },
#endif
-#ifdef DLT_LANE8023
- { lane_if_print, DLT_LANE8023 },
+#ifdef DLT_PPP_BSDOS
+ { ppp_bsdos_if_print, DLT_PPP_BSDOS },
#endif
- { arcnet_if_print, DLT_ARCNET },
-#ifdef DLT_ARCNET_LINUX
- { arcnet_linux_if_print, DLT_ARCNET_LINUX },
+#ifdef DLT_PPP_SERIAL
+ { ppp_hdlc_if_print, DLT_PPP_SERIAL },
#endif
{ NULL, 0 },
};
if (type == p->type)
return p->f;
+#if defined(DLT_USER2) && defined(DLT_PKTAP)
+ /*
+ * Apple incorrectly chose to use DLT_USER2 for their PKTAP
+ * header.
+ *
+ * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin-
+ * based OSes or the same value as LINKTYPE_PKTAP as it is on
+ * other OSes, to LINKTYPE_PKTAP, so files written with
+ * this version of libpcap for a DLT_PKTAP capture have a link-
+ * layer header type of LINKTYPE_PKTAP.
+ *
+ * However, files written on OS X Mavericks for a DLT_PKTAP
+ * capture have a link-layer header type of LINKTYPE_USER2.
+ * If we don't have a printer for DLT_USER2, and type is
+ * DLT_USER2, we look up the printer for DLT_PKTAP and use
+ * that.
+ */
+ if (type == DLT_USER2) {
+ for (p = ndo_printers; p->f; ++p)
+ if (DLT_PKTAP == p->type)
+ return p->f;
+ }
+#endif
+
return NULL;
/* NOTREACHED */
}
}
#endif /* HAVE_PCAP_FINDALLDEVS */
+/*
+ * Short options.
+ *
+ * Note that there we use all letters for short options except for g, k,
+ * o, and P, and those are used by other versions of tcpdump, and we should
+ * only use them for the same purposes that the other versions of tcpdump
+ * use them:
+ *
+ * OS X tcpdump uses -g to force non--v output for IP to be on one
+ * line, making it more "g"repable;
+ *
+ * OS X tcpdump uses -k tospecify that packet comments in pcap-ng files
+ * should be printed;
+ *
+ * OpenBSD tcpdump uses -o to indicate that OS fingerprinting should be done
+ * for hosts sending TCP SYN packets;
+ *
+ * OS X tcpdump uses -P to indicate that -w should write pcap-ng rather
+ * than pcap files.
+ */
+
/*
* Set up flags that might or might not be supported depending on the
* version of libpcap we're using.
#define Q_FLAG
#endif
+/*
+ * Long options.
+ *
+ * We do not currently have long options corresponding to all short
+ * options; we should probably pick appropriate option names for them.
+ *
+ * However, the short options where the number of times the option is
+ * specified matters, such as -v and -d and -t, should probably not
+ * just map to a long option, as saying
+ *
+ * tcpdump --verbose --verbose
+ *
+ * doesn't make sense; it should be --verbosity={N} or something such
+ * as that.
+ *
+ * For long options with no corresponding short options, we define values
+ * outside the range of ASCII graphic characters, make that the last
+ * component of the entry for the long option, and have a case for that
+ * option in the switch statement.
+ */
+#define OPTION_NUMBER 128
+#define OPTION_VERSION 129
+
+static struct option longopts[] = {
+#if defined(HAVE_PCAP_CREATE) || defined(WIN32)
+ { "buffer-size", required_argument, NULL, 'B' },
+#endif
+ { "list-interfaces", no_argument, NULL, 'D' },
+ { "help", no_argument, NULL, 'h' },
+ { "interface", required_argument, NULL, 'i' },
+#ifdef HAVE_PCAP_CREATE
+ { "monitor-mode", no_argument, NULL, 'I' },
+#endif
+#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+ { "time-stamp-type", required_argument, NULL, 'j' },
+ { "list-time-stamp-types", no_argument, NULL, 'J' },
+#endif
+ { "dont-verify-checksums", no_argument, NULL, 'K' },
+ { "list-data-link-types", no_argument, NULL, 'L' },
+ { "no-optimize", no_argument, NULL, 'O' },
+ { "no-promiscuous-mode", no_argument, NULL, 'p' },
+#ifdef HAVE_PCAP_SETDIRECTION
+ { "direction", required_argument, NULL, 'Q' },
+#endif
+ { "snapshot-length", required_argument, NULL, 's' },
+ { "absolute-tcp-sequence-numbers", no_argument, NULL, 'S' },
+#ifdef HAVE_PCAP_DUMP_FLUSH
+ { "packet-buffered", no_argument, NULL, 'U' },
+#endif
+ { "linktype", required_argument, NULL, 'y' },
+#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
+ { "debug-filter-parser", no_argument, NULL, 'Y' },
+#endif
+ { "relinquish-privileges", required_argument, NULL, 'Z' },
+ { "number", no_argument, NULL, OPTION_NUMBER },
+ { "version", no_argument, NULL, OPTION_VERSION },
+ { NULL, 0, NULL, 0 }
+};
+
#ifndef WIN32
/* Drop root privileges and chroot if necessary */
static void
#endif
while (
- (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:")) != -1)
+ (op = getopt_long(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:", longopts, NULL)) != -1)
switch (op) {
case 'a':
break;
case 'h':
- usage();
+ print_usage();
+ exit(0);
break;
case 'H':
username = strdup(optarg);
break;
+ case OPTION_NUMBER:
+ gndo->ndo_packet_number = 1;
+ break;
+
+ case OPTION_VERSION:
+ print_version();
+ exit(0);
+ break;
+
default:
- usage();
+ print_usage();
+ exit(1);
/* NOTREACHED */
}
free(cmdbuf);
exit(0);
}
- init_addrtoname(localnet, netmask);
+ init_addrtoname(gndo, localnet, netmask);
init_checksum();
#ifndef WIN32
++packets_captured;
++infodelay;
- ts_print(&h->ts);
print_info = (struct print_info *)user;
ndo = print_info->ndo;
+ if(ndo->ndo_packet_number)
+ ND_PRINT((ndo, "%5u ", packets_captured));
+
+ ts_print(ndo, &h->ts);
+
/*
* Some printers want to check that they're not walking off the
* end of the packet.
/*
* Include the link-layer header.
*/
- hex_and_ascii_print("\n\t", sp, h->caplen);
+ hex_and_ascii_print(ndo, "\n\t", sp, h->caplen);
} else {
/*
* Don't include the link-layer header - and if
* print nothing.
*/
if (h->caplen > hdrlen)
- hex_and_ascii_print("\n\t", sp + hdrlen,
+ hex_and_ascii_print(ndo, "\n\t", sp + hdrlen,
h->caplen - hdrlen);
}
} else if (ndo->ndo_xflag) {
/*
* Include the link-layer header.
*/
- ascii_print(sp, h->caplen);
+ ascii_print(ndo, sp, h->caplen);
} else {
/*
* Don't include the link-layer header - and if
* print nothing.
*/
if (h->caplen > hdrlen)
- ascii_print(sp + hdrlen, h->caplen - hdrlen);
+ ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen);
}
}
* By default, print the specified data out in hex and ASCII.
*/
static void
-ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length)
+ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length)
{
- hex_and_ascii_print("\n\t", bp, length); /* pass on lf and identation string */
+ hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and identation string */
}
void
#endif
static void
-usage(void)
+print_version(void)
{
extern char version[];
#ifndef HAVE_PCAP_LIB_VERSION
(void)fprintf(stderr, "libpcap version %s\n", pcap_version);
#endif /* WIN32 */
#endif /* HAVE_PCAP_LIB_VERSION */
+
+#if defined(HAVE_LIBCRYPTO) && defined(SSLEAY_VERSION)
+ (void)fprintf (stderr, "%s\n", SSLeay_version(SSLEAY_VERSION));
+#endif
+
+#if defined(HAVE_SMI_H)
+ (void)fprintf (stderr, "SMI-library: %s\n", smi_version_string);
+#endif
+}
+
+static void
+print_usage(void)
+{
+ print_version();
(void)fprintf(stderr,
"Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name);
(void)fprintf(stderr,
"\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
(void)fprintf(stderr,
-"\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ]\n");
+"\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ] [ --number ]\n");
#ifdef HAVE_PCAP_SETDIRECTION
(void)fprintf(stderr,
"\t\t[ -Q in|out|inout ]\n");
#endif
(void)fprintf(stderr,
-"\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]\n");
+"\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ --version ] [ -V file ]\n");
(void)fprintf(stderr,
-"\t\t[ -W filecount ] [ -y datalinktype ] [ -z command ]\n");
+"\t\t[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ]\n");
(void)fprintf(stderr,
"\t\t[ -Z user ] [ expression ]\n");
- exit(1);
}
projects / tcpdump / blobdiff