* combined efforts of Van, Steve McCanne and Craig Leres of LBL.
*/
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
-
-/*
- * Some older versions of Mac OS X ship pcap.h from libpcap 0.6 with a
- * libpcap based on 0.8. That means it has pcap_findalldevs() but the
- * header doesn't define pcap_if_t, meaning that we can't actually *use*
- * pcap_findalldevs().
- */
-#ifdef HAVE_PCAP_FINDALLDEVS
-#ifndef HAVE_PCAP_IF_T
-#undef HAVE_PCAP_FINDALLDEVS
-#endif
-#endif
#include "netdissect-stdinc.h"
#include <sys/stat.h>
-#ifdef HAVE_FCNTL_H
#include <fcntl.h>
-#endif
#ifdef HAVE_LIBCRYPTO
#include <openssl/crypto.h>
#include "netdissect.h"
#include "interface.h"
#include "addrtoname.h"
-#include "machdep.h"
#include "pcap-missing.h"
#include "ascii_strcasecmp.h"
#define SIGNAL_REQ_INFO SIGUSR1
#endif
-#if defined(HAVE_PCAP_DUMP_FLUSH) && defined(SIGUSR2)
+#if defined(SIGUSR2)
#define SIGNAL_FLUSH_PCAP SIGUSR2
#endif
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
static int Bflag; /* buffer size */
-#endif
#ifdef HAVE_PCAP_DUMP_FTELL64
static int64_t Cflag; /* rotate dump files after this many bytes */
#else
static long Cflag; /* rotate dump files after this many bytes */
#endif
static int Cflag_count; /* Keep track of which file number we're writing */
-#ifdef HAVE_PCAP_FINDALLDEVS
static int Dflag; /* list available devices and exit */
-#endif
#ifdef HAVE_PCAP_FINDALLDEVS_EX
static char *remote_interfaces_source; /* list available devices from this source and exit */
#endif
#endif
static int lflag; /* line-buffered output */
static int pflag; /* don't go promiscuous */
-#ifdef HAVE_PCAP_SETDIRECTION
static int Qflag = -1; /* restrict captured packet by send/receive direction */
-#endif
-#ifdef HAVE_PCAP_DUMP_FLUSH
static int Uflag; /* "unbuffered" output of dump files */
-#endif
static int Wflag; /* recycle output files after this number of files */
static int WflagChars;
static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */
static void info(int);
static u_int packets_captured;
-#ifdef HAVE_PCAP_FINDALLDEVS
static const struct tok status_flags[] = {
#ifdef PCAP_IF_UP
{ PCAP_IF_UP, "Up" },
#endif
{ 0, NULL }
};
-#endif
static pcap_t *pd;
static pcap_dumper_t *pdd = NULL;
dlts[i]);
}
}
-#ifdef HAVE_PCAP_FREE_DATALINKS
pcap_free_datalinks(dlts);
-#endif
exit_tcpdump(S_SUCCESS);
}
-#ifdef HAVE_PCAP_FINDALLDEVS
static void NORETURN
show_devices_and_exit(void)
{
pcap_freealldevs(devlist);
exit_tcpdump(S_SUCCESS);
}
-#endif /* HAVE_PCAP_FINDALLDEVS */
#ifdef HAVE_PCAP_FINDALLDEVS_EX
static void NORETURN
int i;
if (pcap_findalldevs_ex(remote_interfaces_source, NULL, &devlist,
- ebuf) < 0)
+ ebuf) < 0) {
+ if (strcmp(ebuf, "not supported") == 0) {
+ /*
+ * macOS 14's pcap_findalldevs_ex(), which is a
+ * stub that always returns -1 with an error
+ * message of "not supported".
+ *
+ * In this case, as we passed it an rpcap://
+ * URL, treat that as meaning "remote capture
+ * not supported".
+ */
+ error("Remote capture not supported");
+ }
error("%s", ebuf);
+ }
for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
printf("%d.%s", i+1, dev->name);
if (dev->description != NULL)
pcap_freealldevs(devlist);
exit_tcpdump(S_SUCCESS);
}
-#endif /* HAVE_PCAP_FINDALLDEVS */
+#endif /* HAVE_PCAP_FINDALLDEVS_EX */
/*
* Short options.
* Set up flags that might or might not be supported depending on the
* version of libpcap we're using.
*/
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
-#define B_FLAG "B:"
-#define B_FLAG_USAGE " [ -B size ]"
-#else /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
-#define B_FLAG
-#define B_FLAG_USAGE
-#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
-
-#ifdef HAVE_PCAP_FINDALLDEVS
-#define D_FLAG "D"
-#else
-#define D_FLAG
-#endif
-
-#ifdef HAVE_PCAP_CREATE
-#define I_FLAG "I"
-#else /* HAVE_PCAP_CREATE */
-#define I_FLAG
-#endif /* HAVE_PCAP_CREATE */
-
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
#define j_FLAG "j:"
#define j_FLAG_USAGE " [ -j tstamptype ]"
#define J_FLAG "J"
-#else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
+#else /* HAVE_PCAP_SET_TSTAMP_TYPE */
#define j_FLAG
#define j_FLAG_USAGE
#define J_FLAG
-#endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
+#endif /* HAVE_PCAP_SET_TSTAMP_TYPE */
#ifdef USE_LIBSMI
#define m_FLAG_USAGE "[ -m module ] ..."
#endif
-#ifdef HAVE_PCAP_SETDIRECTION
-#define Q_FLAG "Q:"
-#define Q_FLAG_USAGE " [ -Q in|out|inout ]"
-#else
-#define Q_FLAG
-#define Q_FLAG_USAGE
-#endif
-
-#ifdef HAVE_PCAP_DUMP_FLUSH
-#define U_FLAG "U"
-#else
-#define U_FLAG
-#endif
-
-#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
+#define SHORTOPTS "aAbB:c:C:dDeE:fF:G:hHi:I" j_FLAG J_FLAG "KlLm:M:nNOpqQ:r:s:StT:uUvV:w:W:xXy:Yz:Z:#"
/*
* Long options.
#define OPTION_FP_TYPE 135
#define OPTION_COUNT 136
#define OPTION_PRINT_SAMPLING 137
+#define OPTION_LENGTHS 138
static const struct option longopts[] = {
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
{ "buffer-size", required_argument, NULL, 'B' },
-#endif
{ "list-interfaces", no_argument, NULL, 'D' },
#ifdef HAVE_PCAP_FINDALLDEVS_EX
{ "list-remote-interfaces", required_argument, NULL, OPTION_LIST_REMOTE_INTERFACES },
#endif
{ "help", no_argument, NULL, 'h' },
{ "interface", required_argument, NULL, 'i' },
-#ifdef HAVE_PCAP_CREATE
{ "monitor-mode", no_argument, NULL, 'I' },
-#endif
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
{ "time-stamp-type", required_argument, NULL, 'j' },
{ "list-time-stamp-types", no_argument, NULL, 'J' },
{ "list-data-link-types", no_argument, NULL, 'L' },
{ "no-optimize", no_argument, NULL, 'O' },
{ "no-promiscuous-mode", no_argument, NULL, 'p' },
-#ifdef HAVE_PCAP_SETDIRECTION
{ "direction", required_argument, NULL, 'Q' },
-#endif
{ "snapshot-length", required_argument, NULL, 's' },
{ "absolute-tcp-sequence-numbers", no_argument, NULL, 'S' },
-#ifdef HAVE_PCAP_DUMP_FLUSH
{ "packet-buffered", no_argument, NULL, 'U' },
-#endif
{ "linktype", required_argument, NULL, 'y' },
#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
{ "immediate-mode", no_argument, NULL, OPTION_IMMEDIATE_MODE },
{ "number", no_argument, NULL, '#' },
{ "print", no_argument, NULL, OPTION_PRINT },
{ "print-sampling", required_argument, NULL, OPTION_PRINT_SAMPLING },
+ { "lengths", no_argument, NULL, OPTION_LENGTHS },
{ "version", no_argument, NULL, OPTION_VERSION },
{ NULL, 0, NULL, 0 }
};
#ifdef HAVE_PCAP_FINDALLDEVS_EX
-#define LIST_REMOTE_INTERFACES_USAGE "[ --list-remote-interfaces remote-source ]"
+#define LIST_REMOTE_INTERFACES_USAGE " [ --list-remote-interfaces remote-source ]"
#else
#define LIST_REMOTE_INTERFACES_USAGE
#endif
* that requires that it be able to do an F_GETFL fcntl() to read
* the O_ flags.
*
- * Tcpdump uses ftell() to determine how much data has been written
+ * tcpdump uses ftell() to determine how much data has been written
* to a file in order to, when used with -C, determine when it's time
* to rotate capture files. ftell() therefore needs to do an lseek()
* to find out the file offset and must, thanks to the aforementioned
return (cp);
}
-#ifdef HAVE_PCAP_FINDALLDEVS
static long
parse_interface_number(const char *device)
{
for (i = 0, dev = devlist; i < devnum-1 && dev != NULL;
i++, dev = dev->next)
;
- if (dev == NULL)
- error("Invalid adapter index");
+ if (dev == NULL) {
+ pcap_freealldevs(devlist);
+ error("Invalid adapter index %ld: only %ld interfaces found",
+ devnum, i);
+ }
device = strdup(dev->name);
pcap_freealldevs(devlist);
return (device);
}
-#endif
#ifdef HAVE_PCAP_OPEN
/*
open_interface(const char *device, netdissect_options *ndo, char *ebuf)
{
pcap_t *pc;
-#ifdef HAVE_PCAP_CREATE
int status;
char *cp;
-#endif
#ifdef HAVE_PCAP_OPEN
/*
pflag ? 0 : PCAP_OPENFLAG_PROMISCUOUS, timeout, NULL,
ebuf);
if (pc == NULL) {
+ /*
+ * macOS 14's pcap_pcap_open(), which is a
+ * stub that always returns NULL with an error
+ * message of "not supported".
+ *
+ * In this case, as we passed it an rpcap://
+ * URL, treat that as meaning "remote capture
+ * not supported".
+ */
+ if (strcmp(ebuf, "not supported") == 0)
+ error("Remote capture not supported");
+
/*
* If this failed with "No such device" or "The system
* cannot find the device specified", that means
}
#endif /* HAVE_PCAP_OPEN */
-#ifdef HAVE_PCAP_CREATE
pc = pcap_create(device, ebuf);
if (pc == NULL) {
/*
warning("%s: %s", device,
pcap_statustostr(status));
}
-#ifdef HAVE_PCAP_SETDIRECTION
if (Qflag != -1) {
status = pcap_setdirection(pc, Qflag);
if (status != 0)
error("%s: pcap_setdirection() failed: %s",
device, pcap_geterr(pc));
- }
-#endif /* HAVE_PCAP_SETDIRECTION */
-#else /* HAVE_PCAP_CREATE */
- *ebuf = '\0';
- /*
- * If no snapshot length was specified, or a length of 0 was
- * specified, default to 256KB.
- */
- if (ndo->ndo_snaplen == 0)
- ndo->ndo_snaplen = MAXIMUM_SNAPLEN;
- pc = pcap_open_live(device, ndo->ndo_snaplen, !pflag, timeout, ebuf);
- if (pc == NULL) {
- /*
- * If this failed with "No such device", that means
- * the interface doesn't exist; return NULL, so that
- * the caller can see whether the device name is
- * actually an interface index.
- */
- if (strstr(ebuf, "No such device") != NULL)
- return (NULL);
- error("%s", ebuf);
}
- if (*ebuf)
- warning("%s", ebuf);
-#endif /* HAVE_PCAP_CREATE */
return (pc);
}
#endif
char *ret = NULL;
char *end;
-#ifdef HAVE_PCAP_FINDALLDEVS
pcap_if_t *devlist;
long devnum;
-#endif
int status;
FILE *VFile;
#ifdef HAVE_CAPSICUM
#endif
/*
- * On platforms where the CPU doesn't support unaligned loads,
- * force unaligned accesses to abort with SIGBUS, rather than
- * being fixed up (slowly) by the OS kernel; on those platforms,
- * misaligned accesses are bugs, and we want tcpdump to crash so
- * that the bugs are reported.
+ * An explicit tzset() call is usually not needed as it happens
+ * implicitly the first time we call localtime() or mktime(),
+ * but in some cases (sandboxing, chroot) this may be too late.
*/
- if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
- error("%s", ebuf);
+ tzset();
while (
(op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1)
++ndo->ndo_bflag;
break;
-#if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
case 'B':
Bflag = atoi(optarg)*1024;
if (Bflag <= 0)
error("invalid packet buffer size %s", optarg);
break;
-#endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
case 'c':
cnt = atoi(optarg);
++dflag;
break;
-#ifdef HAVE_PCAP_FINDALLDEVS
case 'D':
Dflag++;
break;
-#endif
#ifdef HAVE_PCAP_FINDALLDEVS_EX
case OPTION_LIST_REMOTE_INTERFACES:
case 'h':
print_usage(stdout);
exit_tcpdump(S_SUCCESS);
- break;
+ /* NOTREACHED */
case 'H':
++ndo->ndo_Hflag;
device = optarg;
break;
-#ifdef HAVE_PCAP_CREATE
case 'I':
++Iflag;
break;
-#endif /* HAVE_PCAP_CREATE */
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
case 'j':
*/
setvbuf(stdout, NULL, _IONBF, 0);
#else /* _WIN32 */
-#ifdef HAVE_SETLINEBUF
- setlinebuf(stdout);
-#else
setvbuf(stdout, NULL, _IOLBF, 0);
-#endif
#endif /* _WIN32 */
lflag = 1;
break;
if (nd_load_smi_module(optarg, ebuf, sizeof(ebuf)) == -1)
error("%s", ebuf);
} else {
- (void)fprintf(stderr, "%s: ignoring option `-m %s' ",
+ (void)fprintf(stderr, "%s: ignoring option '-m %s' ",
program_name, optarg);
(void)fprintf(stderr, "(no libsmi support)\n");
}
++ndo->ndo_suppress_default_print;
break;
-#ifdef HAVE_PCAP_SETDIRECTION
case 'Q':
if (ascii_strcasecmp(optarg, "in") == 0)
Qflag = PCAP_D_IN;
else if (ascii_strcasecmp(optarg, "inout") == 0)
Qflag = PCAP_D_INOUT;
else
- error("unknown capture direction `%s'", optarg);
+ error("unknown capture direction '%s'", optarg);
break;
-#endif /* HAVE_PCAP_SETDIRECTION */
case 'r':
RFileName = optarg;
else if (ascii_strcasecmp(optarg, "quic") == 0)
ndo->ndo_packettype = PT_QUIC;
else
- error("unknown packet type `%s'", optarg);
+ error("unknown packet type '%s'", optarg);
break;
case 'u':
++ndo->ndo_uflag;
break;
-#ifdef HAVE_PCAP_DUMP_FLUSH
case 'U':
++Uflag;
break;
-#endif
case 'v':
++ndo->ndo_vflag;
ndo->ndo_packet_number = 1;
break;
+ case OPTION_LENGTHS:
+ ndo->ndo_lengths = 1;
+ break;
+
case OPTION_VERSION:
print_version(stdout);
exit_tcpdump(S_SUCCESS);
- break;
+ /* NOTREACHED */
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
case OPTION_TSTAMP_PRECISION:
/* NOTREACHED */
}
-#ifdef HAVE_PCAP_FINDALLDEVS
if (Dflag)
show_devices_and_exit();
-#endif
#ifdef HAVE_PCAP_FINDALLDEVS_EX
if (remote_interfaces_source != NULL)
show_remote_devices_and_exit();
default: /* Not supported */
error("only -t, -tt, -ttt, -tttt and -ttttt are supported");
- break;
+ /* NOTREACHED */
}
if (ndo->ndo_fflag != 0 && (VFileName != NULL || RFileName != NULL))
pcap_datalink_val_to_description(dlt));
}
fprintf(stderr, ", snapshot length %d\n", pcap_snapshot(pd));
-#ifdef DLT_LINUX_SLL2
+#if defined(DLT_LINUX_SLL2) && defined(__linux__)
if (dlt == DLT_LINUX_SLL2)
fprintf(stderr, "Warning: interface names might be incorrect\n");
#endif
/*
* No interface was specified. Pick one.
*/
-#ifdef HAVE_PCAP_FINDALLDEVS
/*
* Find the list of interfaces, and pick
* the first interface.
error("no interfaces available for capture");
device = strdup(devlist->name);
pcap_freealldevs(devlist);
-#else /* HAVE_PCAP_FINDALLDEVS */
- /*
- * Use whatever interface pcap_lookupdev()
- * chooses.
- */
- device = pcap_lookupdev(ebuf);
- if (device == NULL)
- error("%s", ebuf);
-#endif
}
/*
* a 1-based index in the list of
* interfaces.
*/
-#ifdef HAVE_PCAP_FINDALLDEVS
devnum = parse_interface_number(device);
if (devnum == -1) {
/*
pd = open_interface(device, ndo, ebuf);
if (pd == NULL)
error("%s", ebuf);
-#else /* HAVE_PCAP_FINDALLDEVS */
- /*
- * We can't get a list of interfaces; just
- * fail.
- */
- error("%s", ebuf);
-#endif /* HAVE_PCAP_FINDALLDEVS */
}
/*
if (setgid(getgid()) != 0 || setuid(getuid()) != 0)
fprintf(stderr, "Warning: setgid/setuid failed !\n");
#endif /* _WIN32 */
-#if !defined(HAVE_PCAP_CREATE) && defined(_WIN32)
- if(Bflag != 0)
- if(pcap_setbuff(pd, Bflag)==-1){
- error("%s", pcap_geterr(pd));
- }
-#endif /* !defined(HAVE_PCAP_CREATE) && defined(_WIN32) */
if (Lflag)
show_dlts_and_exit(pd, device);
if (yflag_dlt >= 0) {
-#ifdef HAVE_PCAP_SET_DATALINK
if (pcap_set_datalink(pd, yflag_dlt) < 0)
error("%s", pcap_geterr(pd));
-#else
- /*
- * We don't actually support changing the
- * data link type, so we only let them
- * set it to what it already is.
- */
- if (yflag_dlt != pcap_datalink(pd)) {
- error("%s is not one of the DLTs supported by this device\n",
- yflag_dlt_name);
- }
-#endif
(void)fprintf(stderr, "%s: data link type %s\n",
program_name,
pcap_datalink_val_to_name(yflag_dlt));
(void)fflush(stderr);
}
-#if defined(DLT_LINUX_SLL2) && defined(HAVE_PCAP_SET_DATALINK)
+#if defined(DLT_LINUX_SLL2)
else {
/*
* Attempt to set default linktype to
* on; this may be a non-Linux "any" device
* that doesn't support DLT_LINUX_SLL2.
*/
- if (strcmp(device, "any") == 0)
+ if (strcmp(device, "any") == 0) {
+DIAG_OFF_WARN_UNUSED_RESULT
(void) pcap_set_datalink(pd, DLT_LINUX_SLL2);
+DIAG_ON_WARN_UNUSED_RESULT
+ }
}
#endif
i = pcap_snapshot(pd);
#endif
/* Cooperate with nohup(1) */
#ifndef _WIN32
+ /*
+ * In illumos /usr/include/sys/iso/signal_iso.h causes Clang to
+ * generate a -Wstrict-prototypes warning here, see [1]. The
+ * __illumos__ macro is available since at least GCC 11 and Clang 13,
+ * see [2].
+ * 1: https://www.illumos.org/issues/16344
+ * 2: https://www.illumos.org/issues/13726
+ */
+#ifdef __illumos__
+ DIAG_OFF_STRICT_PROTOTYPES
+#endif /* __illumos__ */
if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
+#ifdef __illumos__
+ DIAG_ON_STRICT_PROTOTYPES
+#endif /* __illumos__ */
(void)setsignal(SIGHUP, oldhandler);
#endif /* _WIN32 */
* devices, and can't just give users that permission,
* you'd make tcpdump set-UID or set-GID).
*
- * Tcpdump doesn't necessarily write only to one savefile;
+ * tcpdump doesn't necessarily write only to one savefile;
* the general only way to allow a -Z instance to write to
* savefiles as the user under whose UID it's run, rather
* than as the user specified with -Z, would thus be to switch
} else
dumpinfo.ndo = NULL;
-#ifdef HAVE_PCAP_DUMP_FLUSH
if (Uflag)
pcap_dump_flush(pdd);
-#endif
} else {
dlt = pcap_datalink(pd);
ndo->ndo_if_printer = get_if_printer(dlt);
)
new.sa_flags = SA_RESTART;
if (sigaction(sig, &new, &old) < 0)
+ /* The same workaround as for SIG_DFL above. */
+#ifdef __illumos__
+ DIAG_OFF_STRICT_PROTOTYPES
+#endif /* __illumos__ */
return (SIG_ERR);
+#ifdef __illumos__
+ DIAG_ON_STRICT_PROTOTYPES
+#endif /* __illumos__ */
return (old.sa_handler);
#endif
}
setitimer(ITIMER_REAL, &timer, NULL);
#endif /* _WIN32 */
-#ifdef HAVE_PCAP_BREAKLOOP
/*
* We have "pcap_breakloop()"; use it, so that we do as little
* as possible in the signal handler (it's probably not safe
* the ANSI C standard doesn't say it is).
*/
pcap_breakloop(pd);
-#else
- /*
- * We don't have "pcap_breakloop()"; this isn't safe, but
- * it's the best we can do. Print the summary if we're
- * not reading from a savefile - i.e., if we're doing a
- * live capture - and exit.
- */
- if (pd != NULL && pcap_file(pd) == NULL) {
- /*
- * We got interrupted, so perhaps we didn't
- * manage to finish a line we were printing.
- * Print an extra newline, just in case.
- */
- putchar('\n');
- (void)fflush(stdout);
- info(1);
- }
- exit_tcpdump(S_SUCCESS);
-#endif
}
/*
}
#endif /* HAVE_FORK && HAVE_VFORK */
+static void
+close_old_dump_file(struct dump_info *dump_info)
+{
+ /*
+ * Close the current file and open a new one.
+ */
+ pcap_dump_close(dump_info->pdd);
+
+ /*
+ * Compress the file we just closed, if the user asked for it.
+ */
+ if (zflag != NULL)
+ compress_savefile(dump_info->CurrentFileName);
+}
+
+static void
+open_new_dump_file(struct dump_info *dump_info)
+{
+#ifdef HAVE_CAPSICUM
+ FILE *fp;
+ int fd;
+#endif
+
+#ifdef HAVE_LIBCAP_NG
+ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
+ capng_apply(CAPNG_SELECT_BOTH);
+#endif /* HAVE_LIBCAP_NG */
+#ifdef HAVE_CAPSICUM
+ fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
+ O_CREAT | O_WRONLY | O_TRUNC, 0644);
+ if (fd < 0) {
+ error("unable to open file %s", dump_info->CurrentFileName);
+ }
+ fp = fdopen(fd, "w");
+ if (fp == NULL) {
+ error("unable to fdopen file %s", dump_info->CurrentFileName);
+ }
+ dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
+#else /* !HAVE_CAPSICUM */
+ dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
+#endif
+#ifdef HAVE_LIBCAP_NG
+ capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
+ capng_apply(CAPNG_SELECT_BOTH);
+#endif /* HAVE_LIBCAP_NG */
+ if (dump_info->pdd == NULL)
+ error("%s", pcap_geterr(pd));
+#ifdef HAVE_CAPSICUM
+ set_dumper_capsicum_rights(dump_info->pdd);
+#endif
+}
+
static void
dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
{
/* If the time is greater than the specified window, rotate */
if (t - Gflag_time >= Gflag) {
-#ifdef HAVE_CAPSICUM
- FILE *fp;
- int fd;
-#endif
-
/* Update the Gflag_time */
Gflag_time = t;
/* Update Gflag_count */
Gflag_count++;
- /*
- * Close the current file and open a new one.
- */
- pcap_dump_close(dump_info->pdd);
- /*
- * Compress the file we just closed, if the user asked for it
- */
- if (zflag != NULL)
- compress_savefile(dump_info->CurrentFileName);
+ close_old_dump_file(dump_info);
/*
* Check to see if we've exceeded the Wflag (when
else
MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0);
-#ifdef HAVE_LIBCAP_NG
- capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
- capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CAPSICUM
- fd = openat(dump_info->dirfd,
- dump_info->CurrentFileName,
- O_CREAT | O_WRONLY | O_TRUNC, 0644);
- if (fd < 0) {
- error("unable to open file %s",
- dump_info->CurrentFileName);
- }
- fp = fdopen(fd, "w");
- if (fp == NULL) {
- error("unable to fdopen file %s",
- dump_info->CurrentFileName);
- }
- dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
-#else /* !HAVE_CAPSICUM */
- dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
-#endif
-#ifdef HAVE_LIBCAP_NG
- capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
- capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
- if (dump_info->pdd == NULL)
- error("%s", pcap_geterr(pd));
-#ifdef HAVE_CAPSICUM
- set_dumper_capsicum_rights(dump_info->pdd);
-#endif
+ open_new_dump_file(dump_info);
}
}
if (size == -1)
error("ftell fails on output file");
if (size > Cflag) {
-#ifdef HAVE_CAPSICUM
- FILE *fp;
- int fd;
-#endif
-
- /*
- * Close the current file and open a new one.
- */
- pcap_dump_close(dump_info->pdd);
-
- /*
- * Compress the file we just closed, if the user
- * asked for it.
- */
- if (zflag != NULL)
- compress_savefile(dump_info->CurrentFileName);
+ close_old_dump_file(dump_info);
Cflag_count++;
if (Wflag > 0) {
if (dump_info->CurrentFileName == NULL)
error("%s: malloc", __func__);
MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars);
-#ifdef HAVE_LIBCAP_NG
- capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
- capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CAPSICUM
- fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
- O_CREAT | O_WRONLY | O_TRUNC, 0644);
- if (fd < 0) {
- error("unable to open file %s",
- dump_info->CurrentFileName);
- }
- fp = fdopen(fd, "w");
- if (fp == NULL) {
- error("unable to fdopen file %s",
- dump_info->CurrentFileName);
- }
- dump_info->pdd = pcap_dump_fopen(dump_info->pd, fp);
-#else /* !HAVE_CAPSICUM */
- dump_info->pdd = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
-#endif
-#ifdef HAVE_LIBCAP_NG
- capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
- capng_apply(CAPNG_SELECT_BOTH);
-#endif /* HAVE_LIBCAP_NG */
- if (dump_info->pdd == NULL)
- error("%s", pcap_geterr(pd));
-#ifdef HAVE_CAPSICUM
- set_dumper_capsicum_rights(dump_info->pdd);
-#endif
+
+ open_new_dump_file(dump_info);
}
}
pcap_dump((u_char *)dump_info->pdd, h, sp);
-#ifdef HAVE_PCAP_DUMP_FLUSH
if (Uflag)
pcap_dump_flush(dump_info->pdd);
-#endif
if (dump_info->ndo != NULL)
pretty_print_packet(dump_info->ndo, h, sp, packets_captured);
dump_info = (struct dump_info *)user;
pcap_dump((u_char *)dump_info->pdd, h, sp);
-#ifdef HAVE_PCAP_DUMP_FLUSH
if (Uflag)
pcap_dump_flush(dump_info->pdd);
-#endif
if (dump_info->ndo != NULL)
pretty_print_packet(dump_info->ndo, h, sp, packets_captured);
static void
print_version(FILE *f)
{
-#ifndef HAVE_PCAP_LIB_VERSION
- #ifdef HAVE_PCAP_VERSION
- extern char pcap_version[];
- #else /* HAVE_PCAP_VERSION */
- static char pcap_version[] = "unknown";
- #endif /* HAVE_PCAP_VERSION */
-#endif /* HAVE_PCAP_LIB_VERSION */
const char *smi_version_string;
(void)fprintf(f, "%s version " PACKAGE_VERSION "\n", program_name);
-#ifdef HAVE_PCAP_LIB_VERSION
(void)fprintf(f, "%s\n", pcap_lib_version());
-#else /* HAVE_PCAP_LIB_VERSION */
- (void)fprintf(f, "libpcap version %s\n", pcap_version);
-#endif /* HAVE_PCAP_LIB_VERSION */
#if defined(HAVE_LIBCRYPTO) && defined(SSLEAY_VERSION)
(void)fprintf (f, "%s\n", SSLeay_version(SSLEAY_VERSION));
(void)fprintf (f, "Compiled with MemorySanitizer/Clang.\n");
# endif
#endif /* __SANITIZE_ADDRESS__ or __has_feature */
+ (void)fprintf (f, "%zu-bit build, %zu-bit time_t\n",
+ sizeof(void *) * 8, sizeof(time_t) * 8);
}
DIAG_ON_DEPRECATION
{
print_version(f);
(void)fprintf(f,
-"Usage: %s [-Abd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqStu" U_FLAG "vxX#]" B_FLAG_USAGE " [ -c count ] [--count]\n", program_name);
+"Usage: %s [-AbdDefhHI" J_FLAG "KlLnNOpqStuUvxX#] [ -B size ] [ -c count ] [--count]\n", program_name);
(void)fprintf(f,
"\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
(void)fprintf(f,
"\t\t[ -i interface ]" IMMEDIATE_MODE_USAGE j_FLAG_USAGE "\n");
-#ifdef HAVE_PCAP_FINDALLDEVS_EX
(void)fprintf(f,
-"\t\t" LIST_REMOTE_INTERFACES_USAGE "\n");
-#endif
+"\t\t[ --lengths ]" LIST_REMOTE_INTERFACES_USAGE "\n");
#ifdef USE_LIBSMI
(void)fprintf(f,
"\t\t" m_FLAG_USAGE "\n");
(void)fprintf(f,
"\t\t[ -M secret ] [ --number ] [ --print ]\n");
(void)fprintf(f,
-"\t\t[ --print-sampling nth ]" Q_FLAG_USAGE " [ -r file ]\n");
+"\t\t[ --print-sampling nth ] [ -Q in|out|inout ] [ -r file ]\n");
(void)fprintf(f,
"\t\t[ -s snaplen ] [ -T type ] [ --version ]\n");
(void)fprintf(f,
projects / tcpdump / blobdiff