/*
- * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
+ * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * Support for splitting captures into multiple files with a maximum
+ * file size:
+ *
+ * Copyright (c) 2001
*/
#ifndef lint
-static const char copyright[] =
- "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997\n\
+static const char copyright[] _U_ =
+ "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
The Regents of the University of California. All rights reserved.\n";
-static const char rcsid[] =
- "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.142 2000-01-17 06:24:27 itojun Exp $ (LBL)";
+static const char rcsid[] _U_ =
+ "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.254 2005-04-20 12:41:44 hannes Exp $ (LBL)";
#endif
/*
#include "config.h"
#endif
-#include <sys/types.h>
-#include <sys/time.h>
+#include <tcpdump-stdinc.h>
-#include <netinet/in.h>
+#ifdef WIN32
+#include "getopt.h"
+#include "w32_fzs.h"
+extern int strcasecmp (const char *__s1, const char *__s2);
+extern int SIZE_BUF;
+#define off_t long
+#define uint UINT
+#endif /* WIN32 */
+
+#ifdef HAVE_SMI_H
+#include <smi.h>
+#endif
#include <pcap.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <unistd.h>
-#include <ctype.h>
-
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
+#ifndef WIN32
+#include <pwd.h>
+#include <grp.h>
+#include <errno.h>
+#endif /* WIN32 */
+#include "netdissect.h"
#include "interface.h"
#include "addrtoname.h"
#include "machdep.h"
#include "setsignal.h"
#include "gmt2local.h"
+#include "pcap-missing.h"
+
+netdissect_options Gndo;
+netdissect_options *gndo = &Gndo;
+
+/*
+ * Define the maximum number of files for the -C flag, and how many
+ * characters can be added to a filename for the -C flag (which
+ * should be enough to handle MAX_CFLAG - 1).
+ */
+#define MAX_CFLAG 1000000
+#define MAX_CFLAG_CHARS 6
-int aflag; /* translate network and broadcast addresses */
int dflag; /* print filter code */
-int eflag; /* print ethernet header */
-int fflag; /* don't translate "foreign" IP address */
-int nflag; /* leave addresses as numbers */
-int Nflag; /* remove domains from printed host names */
-int Oflag = 1; /* run filter code optimizer */
-int pflag; /* don't go promiscuous */
-int qflag; /* quick (shorter) output */
-int Rflag = 1; /* print sequence # field in AH/ESP*/
-int sflag = 0; /* use the libsmi to translate OIDs */
-int Sflag; /* print raw TCP sequence numbers */
-int tflag = 1; /* print packet arrival time */
-int vflag; /* verbose */
-int xflag; /* print packet in hex */
-int Xflag; /* print packet in ascii as well as hex */
-
-char *espsecret = NULL; /* ESP secret key */
-
-int packettype;
+int Lflag; /* list available data link types and exit */
+static int infodelay;
+static int infoprint;
char *program_name;
int32_t thiszone; /* seconds offset from gmt to local time */
-/* Externs */
-extern void bpf_dump(struct bpf_program *, int);
-
/* Forwards */
-RETSIGTYPE cleanup(int);
-extern __dead void usage(void) __attribute__((volatile));
+static RETSIGTYPE cleanup(int);
+static void usage(void) __attribute__((noreturn));
+static void show_dlts_and_exit(pcap_t *pd) __attribute__((noreturn));
+
+static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
+static void ndo_default_print(netdissect_options *, const u_char *, u_int);
+static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
+static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
+static void droproot(const char *, const char *);
+static void ndo_error(netdissect_options *ndo, const char *fmt, ...);
+static void ndo_warning(netdissect_options *ndo, const char *fmt, ...);
+
+#ifdef SIGINFO
+RETSIGTYPE requestinfo(int);
+#endif
+
+#if defined(USE_WIN32_MM_TIMER)
+ #include <MMsystem.h>
+ static UINT timer_id;
+ static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR);
+#elif defined(HAVE_ALARM)
+ static void verbose_stats_dump(int sig);
+#endif
+
+static void info(int);
+static u_int packets_captured;
-/* Length of saved portion of packet. */
-int snaplen = DEFAULT_SNAPLEN;
+typedef u_int (*if_printer)(const struct pcap_pkthdr *, const u_char *);
struct printer {
- pcap_handler f;
+ if_printer f;
int type;
};
static struct printer printers[] = {
+ { arcnet_if_print, DLT_ARCNET },
+#ifdef DLT_ARCNET_LINUX
+ { arcnet_linux_if_print, DLT_ARCNET_LINUX },
+#endif
{ ether_if_print, DLT_EN10MB },
- { ether_if_print, DLT_IEEE802 },
+ { token_if_print, DLT_IEEE802 },
#ifdef DLT_LANE8023
{ lane_if_print, DLT_LANE8023 },
#endif
#ifdef DLT_CIP
{ cip_if_print, DLT_CIP },
+#endif
+#ifdef DLT_ATM_CLIP
+ { cip_if_print, DLT_ATM_CLIP },
#endif
{ sl_if_print, DLT_SLIP },
+#ifdef DLT_SLIP_BSDOS
{ sl_bsdos_if_print, DLT_SLIP_BSDOS },
+#endif
{ ppp_if_print, DLT_PPP },
+#ifdef DLT_PPP_WITHDIRECTION
+ { ppp_if_print, DLT_PPP_WITHDIRECTION },
+#endif
+#ifdef DLT_PPP_BSDOS
{ ppp_bsdos_if_print, DLT_PPP_BSDOS },
+#endif
{ fddi_if_print, DLT_FDDI },
{ null_if_print, DLT_NULL },
+#ifdef DLT_LOOP
+ { null_if_print, DLT_LOOP },
+#endif
{ raw_if_print, DLT_RAW },
{ atm_if_print, DLT_ATM_RFC1483 },
-#ifdef DLT_CHDLC
- { chdlc_if_print, DLT_CHDLC },
+#ifdef DLT_C_HDLC
+ { chdlc_if_print, DLT_C_HDLC },
+#endif
+#ifdef DLT_HDLC
+ { chdlc_if_print, DLT_HDLC },
+#endif
+#ifdef DLT_PPP_SERIAL
+ { ppp_hdlc_if_print, DLT_PPP_SERIAL },
+#endif
+#ifdef DLT_PPP_ETHER
+ { pppoe_if_print, DLT_PPP_ETHER },
+#endif
+#ifdef DLT_LINUX_SLL
+ { sll_if_print, DLT_LINUX_SLL },
+#endif
+#ifdef DLT_IEEE802_11
+ { ieee802_11_if_print, DLT_IEEE802_11},
+#endif
+#ifdef DLT_LTALK
+ { ltalk_if_print, DLT_LTALK },
+#endif
+#ifdef DLT_PFLOG
+ { pflog_if_print, DLT_PFLOG },
+#endif
+#ifdef DLT_FR
+ { fr_if_print, DLT_FR },
+#endif
+#ifdef DLT_FRELAY
+ { fr_if_print, DLT_FRELAY },
+#endif
+#ifdef DLT_SUNATM
+ { sunatm_if_print, DLT_SUNATM },
+#endif
+#ifdef DLT_IP_OVER_FC
+ { ipfc_if_print, DLT_IP_OVER_FC },
+#endif
+#ifdef DLT_PRISM_HEADER
+ { prism_if_print, DLT_PRISM_HEADER },
+#endif
+#ifdef DLT_IEEE802_11_RADIO
+ { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
+#endif
+#ifdef DLT_ENC
+ { enc_if_print, DLT_ENC },
+#endif
+#ifdef DLT_SYMANTEC_FIREWALL
+ { symantec_if_print, DLT_SYMANTEC_FIREWALL },
+#endif
+#ifdef DLT_APPLE_IP_OVER_IEEE1394
+ { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
+#endif
+#ifdef DLT_JUNIPER_ATM1
+ { juniper_atm1_print, DLT_JUNIPER_ATM1 },
+#endif
+#ifdef DLT_JUNIPER_ATM2
+ { juniper_atm2_print, DLT_JUNIPER_ATM2 },
+#endif
+#ifdef DLT_JUNIPER_MFR
+ { juniper_mfr_print, DLT_JUNIPER_MFR },
+#endif
+#ifdef DLT_JUNIPER_MLFR
+ { juniper_mlfr_print, DLT_JUNIPER_MLFR },
+#endif
+#ifdef DLT_JUNIPER_MLPPP
+ { juniper_mlppp_print, DLT_JUNIPER_MLPPP },
#endif
{ NULL, 0 },
};
-static pcap_handler
+static if_printer
lookup_printer(int type)
{
struct printer *p;
if (type == p->type)
return p->f;
- error("unknown data link type 0x%x", type);
+ return NULL;
/* NOTREACHED */
}
extern int opterr;
extern char *optarg;
+struct print_info {
+ if_printer printer;
+};
+
+struct dump_info {
+ char *WFileName;
+ pcap_t *pd;
+ pcap_dumper_t *p;
+};
+
+static void
+show_dlts_and_exit(pcap_t *pd)
+{
+ int n_dlts;
+ int *dlts = 0;
+ const char *dlt_name;
+
+ n_dlts = pcap_list_datalinks(pd, &dlts);
+ if (n_dlts < 0)
+ error("%s", pcap_geterr(pd));
+ else if (n_dlts == 0 || !dlts)
+ error("No data link types.");
+
+ (void) fprintf(stderr, "Data link types (use option -y to set):\n");
+
+ while (--n_dlts >= 0) {
+ dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]);
+ if (dlt_name != NULL) {
+ (void) fprintf(stderr, " %s (%s)", dlt_name,
+ pcap_datalink_val_to_description(dlts[n_dlts]));
+
+ /*
+ * OK, does tcpdump handle that type?
+ */
+ if (lookup_printer(dlts[n_dlts]) == NULL)
+ (void) fprintf(stderr, " (not supported)");
+ putchar('\n');
+ } else {
+ (void) fprintf(stderr, " DLT %d (not supported)\n",
+ dlts[n_dlts]);
+ }
+ }
+ free(dlts);
+ exit(0);
+}
+
+/*
+ * Set up flags that might or might not be supported depending on the
+ * version of libpcap we're using.
+ */
+#ifdef WIN32
+#define B_FLAG "B:"
+#define B_FLAG_USAGE " [ -B size ]"
+#else /* WIN32 */
+#define B_FLAG
+#define B_FLAG_USAGE
+#endif /* WIN32 */
+
+#ifdef HAVE_PCAP_FINDALLDEVS
+#ifndef HAVE_PCAP_IF_T
+#undef HAVE_PCAP_FINDALLDEVS
+#endif
+#endif
+
+#ifdef HAVE_PCAP_FINDALLDEVS
+#define D_FLAG "D"
+#else
+#define D_FLAG
+#endif
+
+#ifdef HAVE_PCAP_DUMP_FLUSH
+#define U_FLAG "U"
+#else
+#define U_FLAG
+#endif
+
+#ifndef WIN32
+/* Drop root privileges and chroot if necessary */
+static void
+droproot(const char *username, const char *chroot_dir)
+{
+ struct passwd *pw = NULL;
+
+ if (chroot_dir && !username) {
+ fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n");
+ exit(1);
+ }
+
+ pw = getpwnam(username);
+ if (pw) {
+ if (chroot_dir) {
+ if (chroot(chroot_dir) != 0 || chdir ("/") != 0) {
+ fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n",
+ chroot_dir, pcap_strerror(errno));
+ exit(1);
+ }
+ }
+ if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
+ setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
+ fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
+ username,
+ (unsigned long)pw->pw_uid,
+ (unsigned long)pw->pw_gid,
+ pcap_strerror(errno));
+ exit(1);
+ }
+ }
+ else {
+ fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n",
+ username);
+ exit(1);
+ }
+}
+#endif /* WIN32 */
+
+static int
+getWflagChars(int x)
+{
+ int c = 0;
+
+ x -= 1;
+ while (x > 0) {
+ c += 1;
+ x /= 10;
+ }
+
+ return c;
+}
+
+
+static void
+MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
+{
+ if (cnt == 0 && max_chars == 0)
+ strcpy(buffer, orig_name);
+ else
+ sprintf(buffer, "%s%0*d", orig_name, max_chars, cnt);
+}
+
+static int tcpdump_printf(netdissect_options *ndo _U_,
+ const char *fmt, ...)
+{
+
+ va_list args;
+ int ret;
+
+ va_start(args, fmt);
+ ret=vfprintf(stdout, fmt, args);
+ va_end(args);
+
+ return ret;
+}
+
int
main(int argc, char **argv)
{
register int cnt, op, i;
bpf_u_int32 localnet, netmask;
- register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName;
- pcap_handler printer;
+ register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName, *WFileNameAlt;
+ pcap_handler callback;
+ int type;
struct bpf_program fcode;
+#ifndef WIN32
RETSIGTYPE (*oldhandler)(int);
+#endif
+ struct print_info printinfo;
+ struct dump_info dumpinfo;
u_char *pcap_userdata;
char ebuf[PCAP_ERRBUF_SIZE];
-
+ char *username = NULL;
+ char *chroot_dir = NULL;
+#ifdef HAVE_PCAP_FINDALLDEVS
+ pcap_if_t *devpointer;
+ int devnum;
+#endif
+ int status;
+#ifdef WIN32
+ u_int UserBufferSize = 1000000;
+ if(wsockinit() != 0) return 1;
+#endif /* WIN32 */
+
+ gndo->ndo_Oflag=1;
+ gndo->ndo_Rflag=1;
+ gndo->ndo_dlt=-1;
+ gndo->ndo_default_print=ndo_default_print;
+ gndo->ndo_printf=tcpdump_printf;
+ gndo->ndo_error=ndo_error;
+ gndo->ndo_warning=ndo_warning;
+ gndo->ndo_snaplen = DEFAULT_SNAPLEN;
+
cnt = -1;
device = NULL;
infile = NULL;
#ifdef LIBSMI
smiInit("tcpdump");
#endif
-
+
opterr = 0;
while (
- (op = getopt(argc, argv, "ac:deE:fF:i:lnNm:Opqr:Rs:StT:vw:xXY")) != EOF)
+ (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:i:lLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:YZ:")) != -1)
switch (op) {
case 'a':
- ++aflag;
+ /* compatibility for old -a */
+ break;
+
+ case 'A':
+ ++xflag;
+ ++Xflag;
+ ++Aflag;
break;
+#ifdef WIN32
+ case 'B':
+ UserBufferSize = atoi(optarg)*1024;
+ if (UserBufferSize < 0)
+ error("invalid packet buffer size %s", optarg);
+ break;
+#endif /* WIN32 */
+
case 'c':
cnt = atoi(optarg);
if (cnt <= 0)
error("invalid packet count %s", optarg);
break;
+ case 'C':
+ Cflag = atoi(optarg) * 1000000;
+ if (Cflag < 0)
+ error("invalid file size %s", optarg);
+ break;
+
case 'd':
++dflag;
break;
+#ifdef HAVE_PCAP_FINDALLDEVS
+ case 'D':
+ if (pcap_findalldevs(&devpointer, ebuf) < 0)
+ error("%s", ebuf);
+ else {
+ for (i = 0; devpointer != 0; i++) {
+ printf("%d.%s", i+1, devpointer->name);
+ if (devpointer->description != NULL)
+ printf(" (%s)", devpointer->description);
+ printf("\n");
+ devpointer = devpointer->next;
+ }
+ }
+ return 0;
+#endif /* HAVE_PCAP_FINDALLDEVS */
+
+ case 'L':
+ Lflag++;
+ break;
+
case 'e':
++eflag;
break;
#ifndef HAVE_LIBCRYPTO
warning("crypto code not compiled in");
#endif
- espsecret = optarg;
+ gndo->ndo_espsecret = optarg;
break;
case 'f':
break;
case 'i':
+ if (optarg[0] == '0' && optarg[1] == 0)
+ error("Invalid adapter index");
+
+#ifdef HAVE_PCAP_FINDALLDEVS
+ /*
+ * If the argument is a number, treat it as
+ * an index into the list of adapters, as
+ * printed by "tcpdump -D".
+ *
+ * This should be OK on UNIX systems, as interfaces
+ * shouldn't have names that begin with digits.
+ * It can be useful on Windows, where more than
+ * one interface can have the same name.
+ */
+ if ((devnum = atoi(optarg)) != 0) {
+ if (devnum < 0)
+ error("Invalid adapter index");
+
+ if (pcap_findalldevs(&devpointer, ebuf) < 0)
+ error("%s", ebuf);
+ else {
+ for (i = 0; i < devnum-1; i++){
+ devpointer = devpointer->next;
+ if (devpointer == NULL)
+ error("Invalid adapter index");
+ }
+ }
+ device = devpointer->name;
+ break;
+ }
+#endif /* HAVE_PCAP_FINDALLDEVS */
device = optarg;
break;
case 'l':
+#ifdef WIN32
+ /*
+ * _IOLBF is the same as _IOFBF in Microsoft's C
+ * libraries; the only alternative they offer
+ * is _IONBF.
+ *
+ * XXX - this should really be checking for MSVC++,
+ * not WIN32, if, for example, MinGW has its own
+ * C library that is more UNIX-compatible.
+ */
+ setvbuf(stdout, NULL, _IONBF, 0);
+#else /* WIN32 */
#ifdef HAVE_SETLINEBUF
setlinebuf(stdout);
#else
setvbuf(stdout, NULL, _IOLBF, 0);
#endif
+#endif /* WIN32 */
break;
case 'n':
program_name, optarg);
(void)fprintf(stderr, "(no libsmi support)\n");
#endif
-
+ break;
+
+ case 'M':
+ /* TCP-MD5 shared secret */
+#ifndef HAVE_LIBCRYPTO
+ warning("crypto code not compiled in");
+#endif
+ tcpmd5secret = optarg;
+ break;
+
case 'O':
Oflag = 0;
break;
Rflag = 0;
break;
- case 's':
- snaplen = atoi(optarg);
- if (snaplen <= 0)
+ case 's': {
+ char *end;
+
+ snaplen = strtol(optarg, &end, 0);
+ if (optarg == end || *end != '\0'
+ || snaplen < 0 || snaplen > 65535)
error("invalid snaplen %s", optarg);
+ else if (snaplen == 0)
+ snaplen = 65535;
break;
+ }
case 'S':
++Sflag;
break;
case 't':
- --tflag;
+ ++tflag;
break;
case 'T':
packettype = PT_RTCP;
else if (strcasecmp(optarg, "snmp") == 0)
packettype = PT_SNMP;
+ else if (strcasecmp(optarg, "cnfp") == 0)
+ packettype = PT_CNFP;
+ else if (strcasecmp(optarg, "tftp") == 0)
+ packettype = PT_TFTP;
+ else if (strcasecmp(optarg, "aodv") == 0)
+ packettype = PT_AODV;
else
error("unknown packet type `%s'", optarg);
break;
+ case 'u':
+ ++uflag;
+ break;
+
+#ifdef HAVE_PCAP_DUMP_FLUSH
+ case 'U':
+ ++Uflag;
+ break;
+#endif
+
case 'v':
++vflag;
break;
WFileName = optarg;
break;
+ case 'W':
+ Wflag = atoi(optarg);
+ if (Wflag < 0)
+ error("invalid number of output files %s", optarg);
+ WflagChars = getWflagChars(Wflag);
+ break;
+
case 'x':
++xflag;
break;
case 'X':
- ++xflag;
++Xflag;
break;
-#ifdef YYDEBUG
+ case 'y':
+ gndo->ndo_dltname = optarg;
+ gndo->ndo_dlt =
+ pcap_datalink_name_to_val(gndo->ndo_dltname);
+ if (gndo->ndo_dlt < 0)
+ error("invalid data link type %s", gndo->ndo_dltname);
+ break;
+
+#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
case 'Y':
{
/* Undocumented flag */
+#ifdef HAVE_PCAP_DEBUG
+ extern int pcap_debug;
+ pcap_debug = 1;
+#else
extern int yydebug;
yydebug = 1;
+#endif
}
break;
#endif
+ case 'Z':
+ if (optarg) {
+ username = strdup(optarg);
+ }
+ else {
+ usage();
+ /* NOTREACHED */
+ }
+ break;
+
default:
usage();
/* NOTREACHED */
}
- if (aflag && nflag)
- error("-a and -n options are incompatible");
+ switch (tflag) {
- if (tflag > 0)
+ case 0: /* Default */
+ case 4: /* Default + Date*/
thiszone = gmt2local(0);
+ break;
+
+ case 1: /* No time stamp */
+ case 2: /* Unix timeval style */
+ case 3: /* Microseconds since previous packet */
+ break;
+
+ default: /* Not supported */
+ error("only -t, -tt, -ttt, and -tttt are supported");
+ break;
+ }
+
+#ifdef WITH_CHROOT
+ /* if run as root, prepare for chrooting */
+ if (getuid() == 0 || geteuid() == 0) {
+ /* future extensibility for cmd-line arguments */
+ if (!chroot_dir)
+ chroot_dir = WITH_CHROOT;
+ }
+#endif
+
+#ifdef WITH_USER
+ /* if run as root, prepare for dropping root privileges */
+ if (getuid() == 0 || geteuid() == 0) {
+ /* Run with '-Z root' to restore old behaviour */
+ if (!username)
+ username = WITH_USER;
+ }
+#endif
if (RFileName != NULL) {
+ int dlt;
+ const char *dlt_name;
+
+#ifndef WIN32
/*
- * We don't need network access, so set it back to the user id.
- * Also, this prevents the user from reading anyone's
- * trace file.
+ * We don't need network access, so relinquish any set-UID
+ * or set-GID privileges we have (if any).
+ *
+ * We do *not* want set-UID privileges when opening a
+ * trace file, as that might let the user read other
+ * people's trace files (especially if we're set-UID
+ * root).
*/
- setuid(getuid());
-
+ if (setgid(getgid()) != 0 || setuid(getuid()) != 0 )
+ fprintf(stderr, "Warning: setgid/setuid failed !\n");
+#endif /* WIN32 */
pd = pcap_open_offline(RFileName, ebuf);
if (pd == NULL)
error("%s", ebuf);
+ dlt = pcap_datalink(pd);
+ dlt_name = pcap_datalink_val_to_name(dlt);
+ if (dlt_name == NULL) {
+ fprintf(stderr, "reading from file %s, link-type %u\n",
+ RFileName, dlt);
+ } else {
+ fprintf(stderr,
+ "reading from file %s, link-type %s (%s)\n",
+ RFileName, dlt_name,
+ pcap_datalink_val_to_description(dlt));
+ }
localnet = 0;
netmask = 0;
if (fflag != 0)
if (device == NULL)
error("%s", ebuf);
}
+#ifdef WIN32
+ if(strlen(device) == 1) //we assume that an ASCII string is always longer than 1 char
+ { //a Unicode string has a \0 as second byte (so strlen() is 1)
+ fprintf(stderr, "%s: listening on %ws\n", program_name, device);
+ }
+ else
+ {
+ fprintf(stderr, "%s: listening on %s\n", program_name, device);
+ }
+
+ fflush(stderr);
+#endif /* WIN32 */
+ *ebuf = '\0';
pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf);
if (pd == NULL)
error("%s", ebuf);
+ else if (*ebuf)
+ warning("%s", ebuf);
+ /*
+ * Let user own process after socket has been opened.
+ */
+#ifndef WIN32
+ if (setgid(getgid()) != 0 || setuid(getuid()) != 0)
+ fprintf(stderr, "Warning: setgid/setuid failed !\n");
+#endif /* WIN32 */
+#ifdef WIN32
+ if(UserBufferSize != 1000000)
+ if(pcap_setbuff(pd, UserBufferSize)==-1){
+ error("%s", pcap_geterr(pd));
+ }
+#endif /* WIN32 */
+ if (Lflag)
+ show_dlts_and_exit(pd);
+ if (gndo->ndo_dlt >= 0) {
+#ifdef HAVE_PCAP_SET_DATALINK
+ if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0)
+ error("%s", pcap_geterr(pd));
+#else
+ /*
+ * We don't actually support changing the
+ * data link type, so we only let them
+ * set it to what it already is.
+ */
+ if (gndo->ndo_dlt != pcap_datalink(pd)) {
+ error("%s is not one of the DLTs supported by this device\n",
+ gndo->ndo_dltname);
+ }
+#endif
+ (void)fprintf(stderr, "%s: data link type %s\n",
+ program_name, gndo->ndo_dltname);
+ (void)fflush(stderr);
+ }
i = pcap_snapshot(pd);
if (snaplen < i) {
warning("snaplen raised from %d to %d", snaplen, i);
netmask = 0;
warning("%s", ebuf);
}
- /*
- * Let user own process after socket has been opened.
- */
- setuid(getuid());
}
if (infile)
cmdbuf = read_infile(infile);
error("%s", pcap_geterr(pd));
if (dflag) {
bpf_dump(&fcode, dflag);
+ pcap_close(pd);
exit(0);
}
init_addrtoname(localnet, netmask);
+#ifndef WIN32
+ (void)setsignal(SIGPIPE, cleanup);
+#endif /* WIN32 */
(void)setsignal(SIGTERM, cleanup);
(void)setsignal(SIGINT, cleanup);
/* Cooperate with nohup(1) */
+#ifndef WIN32
if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
(void)setsignal(SIGHUP, oldhandler);
+#endif /* WIN32 */
if (pcap_setfilter(pd, &fcode) < 0)
error("%s", pcap_geterr(pd));
if (WFileName) {
- pcap_dumper_t *p = pcap_dump_open(pd, WFileName);
+ pcap_dumper_t *p;
+
+ WFileNameAlt = (char *)malloc(strlen(WFileName) + MAX_CFLAG_CHARS + 1);
+ if (WFileNameAlt == NULL)
+ error("malloc of WFileNameAlt");
+ MakeFilename(WFileNameAlt, WFileName, 0, WflagChars);
+ p = pcap_dump_open(pd, WFileNameAlt);
if (p == NULL)
error("%s", pcap_geterr(pd));
- printer = pcap_dump;
- pcap_userdata = (u_char *)p;
+ if (Cflag != 0) {
+ callback = dump_packet_and_trunc;
+ dumpinfo.WFileName = WFileName;
+ dumpinfo.pd = pd;
+ dumpinfo.p = p;
+ pcap_userdata = (u_char *)&dumpinfo;
+ } else {
+ callback = dump_packet;
+ pcap_userdata = (u_char *)p;
+ }
} else {
- printer = lookup_printer(pcap_datalink(pd));
- pcap_userdata = 0;
+ type = pcap_datalink(pd);
+ printinfo.printer = lookup_printer(type);
+ if (printinfo.printer == NULL) {
+ gndo->ndo_dltname = pcap_datalink_val_to_name(type);
+ if (gndo->ndo_dltname != NULL)
+ error("unsupported data link type %s",
+ gndo->ndo_dltname);
+ else
+ error("unsupported data link type %d", type);
+ }
+ callback = print_packet;
+ pcap_userdata = (u_char *)&printinfo;
+ }
+#ifndef WIN32
+ /*
+ * We cannot do this earlier, because we want to be able to open
+ * the file (if done) for writing before giving up permissions.
+ */
+ if (getuid() == 0 || geteuid() == 0) {
+ if (username || chroot_dir)
+ droproot(username, chroot_dir);
}
+#endif /* WIN32 */
+#ifdef SIGINFO
+ (void)setsignal(SIGINFO, requestinfo);
+#endif
+
+ if (vflag > 0 && WFileName) {
+ /*
+ * When capturing to a file, "-v" means tcpdump should,
+ * every 10 secodns, "v"erbosely report the number of
+ * packets captured.
+ */
+#ifdef USE_WIN32_MM_TIMER
+ /* call verbose_stats_dump() each 1000 +/-100msec */
+ timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC);
+ setvbuf(stderr, NULL, _IONBF, 0);
+#elif defined(HAVE_ALARM)
+ (void)setsignal(SIGALRM, verbose_stats_dump);
+ alarm(1);
+#endif
+ }
+
+#ifndef WIN32
if (RFileName == NULL) {
- (void)fprintf(stderr, "%s: listening on %s\n",
- program_name, device);
+ int dlt;
+ const char *dlt_name;
+
+ if (!vflag && !WFileName) {
+ (void)fprintf(stderr,
+ "%s: verbose output suppressed, use -v or -vv for full protocol decode\n",
+ program_name);
+ } else
+ (void)fprintf(stderr, "%s: ", program_name);
+ dlt = pcap_datalink(pd);
+ dlt_name = pcap_datalink_val_to_name(dlt);
+ if (dlt_name == NULL) {
+ (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n",
+ device, dlt, snaplen);
+ } else {
+ (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n",
+ device, dlt_name,
+ pcap_datalink_val_to_description(dlt), snaplen);
+ }
(void)fflush(stderr);
}
- if (pcap_loop(pd, cnt, printer, pcap_userdata) < 0) {
+#endif /* WIN32 */
+ status = pcap_loop(pd, cnt, callback, pcap_userdata);
+ if (WFileName == NULL) {
+ /*
+ * We're printing packets. Flush the printed output,
+ * so it doesn't get intermingled with error output.
+ */
+ if (status == -2) {
+ /*
+ * We got interrupted, so perhaps we didn't
+ * manage to finish a line we were printing.
+ * Print an extra newline, just in case.
+ */
+ putchar('\n');
+ }
+ (void)fflush(stdout);
+ }
+ if (status == -1) {
+ /*
+ * Error. Report it.
+ */
(void)fprintf(stderr, "%s: pcap_loop: %s\n",
program_name, pcap_geterr(pd));
- exit(1);
+ }
+ if (RFileName == NULL) {
+ /*
+ * We're doing a live capture. Report the capture
+ * statistics.
+ */
+ info(1);
}
pcap_close(pd);
- exit(0);
+ exit(status == -1 ? 1 : 0);
}
/* make a clean exit on interrupts */
-RETSIGTYPE
-cleanup(int signo)
+static RETSIGTYPE
+cleanup(int signo _U_)
{
- struct pcap_stat stat;
+#ifdef USE_WIN32_MM_TIMER
+ if (timer_id)
+ timeKillEvent(timer_id);
+ timer_id = 0;
+#elif defined(HAVE_ALARM)
+ alarm(0);
+#endif
- /* Can't print the summary if reading from a savefile */
+#ifdef HAVE_PCAP_BREAKLOOP
+ /*
+ * We have "pcap_breakloop()"; use it, so that we do as little
+ * as possible in the signal handler (it's probably not safe
+ * to do anything with standard I/O streams in a signal handler -
+ * the ANSI C standard doesn't say it is).
+ */
+ pcap_breakloop(pd);
+#else
+ /*
+ * We don't have "pcap_breakloop()"; this isn't safe, but
+ * it's the best we can do. Print the summary if we're
+ * not reading from a savefile - i.e., if we're doing a
+ * live capture - and exit.
+ */
if (pd != NULL && pcap_file(pd) == NULL) {
+ /*
+ * We got interrupted, so perhaps we didn't
+ * manage to finish a line we were printing.
+ * Print an extra newline, just in case.
+ */
+ putchar('\n');
(void)fflush(stdout);
- putc('\n', stderr);
- if (pcap_stats(pd, &stat) < 0)
- (void)fprintf(stderr, "pcap_stats: %s\n",
- pcap_geterr(pd));
- else {
- (void)fprintf(stderr, "%d packets received by filter\n",
- stat.ps_recv);
- (void)fprintf(stderr, "%d packets dropped by kernel\n",
- stat.ps_drop);
- }
+ info(1);
}
exit(0);
+#endif
}
-/* Like default_print() but data need not be aligned */
-void
-default_print_unaligned(register const u_char *cp, register u_int length)
+static void
+info(register int verbose)
{
- register u_int i, s;
- register int nshorts;
+ struct pcap_stat stat;
- if (Xflag) {
- ascii_print(cp, length);
+ if (pcap_stats(pd, &stat) < 0) {
+ (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd));
return;
}
- nshorts = (u_int) length / sizeof(u_short);
- i = 0;
- while (--nshorts >= 0) {
- if ((i++ % 8) == 0)
- (void)printf("\n\t\t\t");
- s = *cp++;
- (void)printf(" %02x%02x", s, *cp++);
+
+ if (!verbose)
+ fprintf(stderr, "%s: ", program_name);
+
+ (void)fprintf(stderr, "%u packets captured", packets_captured);
+ if (!verbose)
+ fputs(", ", stderr);
+ else
+ putc('\n', stderr);
+ (void)fprintf(stderr, "%d packets received by filter", stat.ps_recv);
+ if (!verbose)
+ fputs(", ", stderr);
+ else
+ putc('\n', stderr);
+ (void)fprintf(stderr, "%d packets dropped by kernel\n", stat.ps_drop);
+ infoprint = 0;
+}
+
+static void
+dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
+{
+ struct dump_info *dump_info;
+ char *name;
+
+ ++packets_captured;
+
+ ++infodelay;
+
+ dump_info = (struct dump_info *)user;
+
+ /*
+ * XXX - this won't prevent capture files from getting
+ * larger than Cflag - the last packet written to the
+ * file could put it over Cflag.
+ */
+ if (ftell((FILE *)dump_info->p) > Cflag) {
+ /*
+ * Close the current file and open a new one.
+ */
+ pcap_dump_close(dump_info->p);
+ Cflag_count++;
+ if (Wflag > 0) {
+ if (Cflag_count >= Wflag)
+ Cflag_count = 0;
+ } else {
+ if (Cflag_count >= MAX_CFLAG)
+ error("too many output files");
+ }
+ name = (char *)malloc(strlen(dump_info->WFileName) + MAX_CFLAG_CHARS + 1);
+ if (name == NULL)
+ error("dump_packet_and_trunc: malloc");
+ MakeFilename(name, dump_info->WFileName, Cflag_count, WflagChars);
+ dump_info->p = pcap_dump_open(dump_info->pd, name);
+ free(name);
+ if (dump_info->p == NULL)
+ error("%s", pcap_geterr(pd));
}
- if (length & 1) {
- if ((i % 8) == 0)
- (void)printf("\n\t\t\t");
- (void)printf(" %02x", *cp);
+
+ pcap_dump((u_char *)dump_info->p, h, sp);
+#ifdef HAVE_PCAP_DUMP_FLUSH
+ if (Uflag)
+ pcap_dump_flush(dump_info->p);
+#endif
+
+ --infodelay;
+ if (infoprint)
+ info(0);
+}
+
+static void
+dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
+{
+ ++packets_captured;
+
+ ++infodelay;
+
+ pcap_dump(user, h, sp);
+#ifdef HAVE_PCAP_DUMP_FLUSH
+ if (Uflag)
+ pcap_dump_flush((pcap_dumper_t *)user);
+#endif
+
+ --infodelay;
+ if (infoprint)
+ info(0);
+}
+
+static void
+print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
+{
+ struct print_info *print_info;
+ u_int hdrlen;
+
+ ++packets_captured;
+
+ ++infodelay;
+ ts_print(&h->ts);
+
+ print_info = (struct print_info *)user;
+
+ /*
+ * Some printers want to check that they're not walking off the
+ * end of the packet.
+ * Rather than pass it all the way down, we set this global.
+ */
+ snapend = sp + h->caplen;
+
+ hdrlen = (*print_info->printer)(h, sp);
+ if (xflag) {
+ /*
+ * Print the raw packet data.
+ */
+ if (xflag > 1) {
+ /*
+ * Include the link-layer header.
+ */
+ hex_print("\n\t", sp, h->caplen);
+ } else {
+ /*
+ * Don't include the link-layer header - and if
+ * we have nothing past the link-layer header,
+ * print nothing.
+ */
+ if (h->caplen > hdrlen)
+ hex_print("\n\t", sp + hdrlen,
+ h->caplen - hdrlen);
+ }
+ } else if (Xflag) {
+ /*
+ * Print the raw packet data.
+ */
+ if (Xflag > 1) {
+ /*
+ * Include the link-layer header.
+ */
+ ascii_print("\n\t", sp, h->caplen);
+ } else {
+ /*
+ * Don't include the link-layer header - and if
+ * we have nothing past the link-layer header,
+ * print nothing.
+ */
+ if (h->caplen > hdrlen)
+ ascii_print("\n\t", sp + hdrlen,
+ h->caplen - hdrlen);
+ }
}
+
+ putchar('\n');
+
+ --infodelay;
+ if (infoprint)
+ info(0);
}
+#ifdef WIN32
+ /*
+ * XXX - there should really be libpcap calls to get the version
+ * number as a string (the string would be generated from #defines
+ * at run time, so that it's not generated from string constants
+ * in the library, as, on many UNIX systems, those constants would
+ * be statically linked into the application executable image, and
+ * would thus reflect the version of libpcap on the system on
+ * which the application was *linked*, not the system on which it's
+ * *running*.
+ *
+ * That routine should be documented, unlike the "version[]"
+ * string, so that UNIX vendors providing their own libpcaps
+ * don't omit it (as a couple of vendors have...).
+ *
+ * Packet.dll should perhaps also export a routine to return the
+ * version number of the Packet.dll code, to supply the
+ * "Wpcap_version" information on Windows.
+ */
+ char WDversion[]="current-cvs.tcpdump.org";
+#if !defined(HAVE_GENERATED_VERSION)
+ char version[]="current-cvs.tcpdump.org";
+#endif
+ char pcap_version[]="current-cvs.tcpdump.org";
+ char Wpcap_version[]="3.1";
+#endif
+
/*
- * By default, print the packet out in hex.
+ * By default, print the specified data out in hex.
*/
+static void
+ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length)
+{
+ ascii_print("\n\t", bp, length); /* pass on lf and identation string */
+}
+
void
-default_print(register const u_char *bp, register u_int length)
+default_print(const u_char *bp, u_int length)
+{
+ ndo_default_print(gndo, bp, length);
+}
+
+#ifdef SIGINFO
+RETSIGTYPE requestinfo(int signo _U_)
+{
+ if (infodelay)
+ ++infoprint;
+ else
+ info(0);
+}
+#endif
+
+/*
+ * Called once each second in verbose mode while dumping to file
+ */
+#ifdef USE_WIN32_MM_TIMER
+void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_,
+ DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_)
{
- default_print_unaligned(bp, length);
+ struct pcap_stat stat;
+
+ if (infodelay == 0 && pcap_stats(pd, &stat) >= 0)
+ fprintf(stderr, "Got %u\r", packets_captured);
}
+#elif defined(HAVE_ALARM)
+static void verbose_stats_dump(int sig _U_)
+{
+ struct pcap_stat stat;
-__dead void
+ if (infodelay == 0 && pcap_stats(pd, &stat) >= 0)
+ fprintf(stderr, "Got %u\r", packets_captured);
+ alarm(1);
+}
+#endif
+
+static void
usage(void)
{
extern char version[];
+#ifndef HAVE_PCAP_LIB_VERSION
+#if defined(WIN32) || defined(HAVE_PCAP_VERSION)
extern char pcap_version[];
-
+#else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */
+ static char pcap_version[] = "unknown";
+#endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */
+#endif /* HAVE_PCAP_LIB_VERSION */
+
+#ifdef HAVE_PCAP_LIB_VERSION
+#ifdef WIN32
+ (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version);
+#else /* WIN32 */
+ (void)fprintf(stderr, "%s version %s\n", program_name, version);
+#endif /* WIN32 */
+ (void)fprintf(stderr, "%s\n",pcap_lib_version());
+#else /* HAVE_PCAP_LIB_VERSION */
+#ifdef WIN32
+ (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version);
+ (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version);
+#else /* WIN32 */
(void)fprintf(stderr, "%s version %s\n", program_name, version);
(void)fprintf(stderr, "libpcap version %s\n", pcap_version);
+#endif /* WIN32 */
+#endif /* HAVE_PCAP_LIB_VERSION */
+ (void)fprintf(stderr,
+"Usage: %s [-aAd" D_FLAG "eflLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [-c count] [ -C file_size ]\n", program_name);
+ (void)fprintf(stderr,
+"\t\t[ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]\n");
(void)fprintf(stderr,
-"Usage: %s [-adeflnNOpqStvxX] [-c count] [ -F file ]\n", program_name);
+"\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]\n");
(void)fprintf(stderr,
-"\t\t[ -i interface ] [ -r file ] [ -s snaplen ]\n");
+"\t\t[ -W filecount ] [ -y datalinktype ] [ -Z user ]\n");
(void)fprintf(stderr,
-"\t\t[ -T type ] [ -w file ] [ expression ]\n");
- exit(-1);
+"\t\t[ expression ]\n");
+ exit(1);
}
+
+
+
+/* VARARGS */
+static void
+ndo_error(netdissect_options *ndo _U_, const char *fmt, ...)
+{
+ va_list ap;
+
+ (void)fprintf(stderr, "%s: ", program_name);
+ va_start(ap, fmt);
+ (void)vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ if (*fmt) {
+ fmt += strlen(fmt);
+ if (fmt[-1] != '\n')
+ (void)fputc('\n', stderr);
+ }
+ exit(1);
+ /* NOTREACHED */
+}
+
+/* VARARGS */
+static void
+ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...)
+{
+ va_list ap;
+
+ (void)fprintf(stderr, "%s: WARNING: ", program_name);
+ va_start(ap, fmt);
+ (void)vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ if (*fmt) {
+ fmt += strlen(fmt);
+ if (fmt[-1] != '\n')
+ (void)fputc('\n', stderr);
+ }
+}
+
projects / tcpdump / blobdiff