X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/10b807441e79f9c9e557bbb44ae0ecfe01ed5151..2fd7b16acb63b86d7291abb4c68c27e24bc50a85:/tcpdump.c

diff --git a/tcpdump.c b/tcpdump.c
index 72624540..5e232197 100644
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -38,7 +38,7 @@
 #endif
 
 /*
- * Some older versions of Mac OS X may ship pcap.h from libpcap 0.6 with a
+ * Some older versions of Mac OS X ship pcap.h from libpcap 0.6 with a
  * libpcap based on 0.8.  That means it has pcap_findalldevs() but the
  * header doesn't define pcap_if_t, meaning that we can't actually *use*
  * pcap_findalldevs().
@@ -157,7 +157,6 @@ The Regents of the University of California.  All rights reserved.\n";
 #include "netdissect.h"
 #include "interface.h"
 #include "addrtoname.h"
-#include "machdep.h"
 #include "pcap-missing.h"
 #include "ascii_strcasecmp.h"
 
@@ -563,8 +562,21 @@ show_remote_devices_and_exit(void)
 	int i;
 
 	if (pcap_findalldevs_ex(remote_interfaces_source, NULL, &devlist,
-	    ebuf) < 0)
+	    ebuf) < 0) {
+		if (strcmp(ebuf, "not supported") == 0) {
+			/*
+			 * macOS 14's pcap_findalldevs_ex(), which is a
+			 * stub that always returns -1 with an error
+			 * message of "not supported".
+			 *
+			 * In this case, as we passed it an rpcap://
+			 * URL, treat that as meaning "remote capture
+			 * not supported".
+			 */
+			error("Remote capture not supported");
+		}
 		error("%s", ebuf);
+	}
 	for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
 		printf("%d.%s", i+1, dev->name);
 		if (dev->description != NULL)
@@ -692,6 +704,7 @@ show_remote_devices_and_exit(void)
 #define OPTION_FP_TYPE			135
 #define OPTION_COUNT			136
 #define OPTION_PRINT_SAMPLING		137
+#define OPTION_LENGTHS			138
 
 static const struct option longopts[] = {
 #if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
@@ -740,12 +753,13 @@ static const struct option longopts[] = {
 	{ "number", no_argument, NULL, '#' },
 	{ "print", no_argument, NULL, OPTION_PRINT },
 	{ "print-sampling", required_argument, NULL, OPTION_PRINT_SAMPLING },
+	{ "lengths", no_argument, NULL, OPTION_LENGTHS },
 	{ "version", no_argument, NULL, OPTION_VERSION },
 	{ NULL, 0, NULL, 0 }
 };
 
 #ifdef HAVE_PCAP_FINDALLDEVS_EX
-#define LIST_REMOTE_INTERFACES_USAGE "[ --list-remote-interfaces remote-source ]"
+#define LIST_REMOTE_INTERFACES_USAGE " [ --list-remote-interfaces remote-source ]"
 #else
 #define LIST_REMOTE_INTERFACES_USAGE
 #endif
@@ -796,7 +810,7 @@ droproot(const char *username, const char *chroot_dir)
 	} else
 		error("Couldn't find user '%.32s'", username);
 #ifdef HAVE_LIBCAP_NG
-	/* We don't need CAP_SETUID, CAP_SETGID and CAP_SYS_CHROOT any more. */
+	/* We don't need CAP_SETUID, CAP_SETGID and CAP_SYS_CHROOT anymore. */
 DIAG_OFF_ASSIGN_ENUM
 	capng_updatev(
 		CAPNG_DROP,
@@ -968,7 +982,7 @@ tstamp_precision_to_string(int precision)
  * along the lines of ioctl(), the fact that ioctl() operations are
  * largely specific to particular character devices but fcntl() operations
  * are either generic to all descriptors or generic to all descriptors for
- * regular files nonwithstanding.
+ * regular files notwithstanding.
  *
  * The Capsicum people decided that fine-grained control of descriptor
  * operations was required, so that you need to grant permission for
@@ -984,7 +998,7 @@ tstamp_precision_to_string(int precision)
  * that requires that it be able to do an F_GETFL fcntl() to read
  * the O_ flags.
  *
- * Tcpdump uses ftell() to determine how much data has been written
+ * tcpdump uses ftell() to determine how much data has been written
  * to a file in order to, when used with -C, determine when it's time
  * to rotate capture files.  ftell() therefore needs to do an lseek()
  * to find out the file offset and must, thanks to the aforementioned
@@ -1269,6 +1283,18 @@ open_interface(const char *device, netdissect_options *ndo, char *ebuf)
 		    pflag ? 0 : PCAP_OPENFLAG_PROMISCUOUS, timeout, NULL,
 		    ebuf);
 		if (pc == NULL) {
+			/*
+			 * macOS 14's pcap_pcap_open(), which is a
+			 * stub that always returns NULL with an error
+			 * message of "not supported".
+			 *
+			 * In this case, as we passed it an rpcap://
+			 * URL, treat that as meaning "remote capture
+			 * not supported".
+			 */
+			if (strcmp(ebuf, "not supported") == 0)
+				error("Remote capture not supported");
+
 			/*
 			 * If this failed with "No such device" or "The system
 			 * cannot find the device specified", that means
@@ -1438,7 +1464,7 @@ open_interface(const char *device, netdissect_options *ndo, char *ebuf)
 		if (status != 0)
 			error("%s: pcap_setdirection() failed: %s",
 			      device,  pcap_geterr(pc));
-		}
+	}
 #endif /* HAVE_PCAP_SETDIRECTION */
 #else /* HAVE_PCAP_CREATE */
 	*ebuf = '\0';
@@ -1541,14 +1567,11 @@ main(int argc, char **argv)
 #endif
 
 	/*
-	 * On platforms where the CPU doesn't support unaligned loads,
-	 * force unaligned accesses to abort with SIGBUS, rather than
-	 * being fixed up (slowly) by the OS kernel; on those platforms,
-	 * misaligned accesses are bugs, and we want tcpdump to crash so
-	 * that the bugs are reported.
+	 * An explicit tzset() call is usually not needed as it happens
+	 * implicitly the first time we call localtime() or mktime(),
+	 * but in some cases (sandboxing, chroot) this may be too late.
 	 */
-	if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
-		error("%s", ebuf);
+	tzset();
 
 	while (
 	    (op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1)
@@ -1776,7 +1799,7 @@ main(int argc, char **argv)
 				if (nd_load_smi_module(optarg, ebuf, sizeof(ebuf)) == -1)
 					error("%s", ebuf);
 			} else {
-				(void)fprintf(stderr, "%s: ignoring option `-m %s' ",
+				(void)fprintf(stderr, "%s: ignoring option '-m %s' ",
 					      program_name, optarg);
 				(void)fprintf(stderr, "(no libsmi support)\n");
 			}
@@ -1820,7 +1843,7 @@ main(int argc, char **argv)
 			else if (ascii_strcasecmp(optarg, "inout") == 0)
 				Qflag = PCAP_D_INOUT;
 			else
-				error("unknown capture direction `%s'", optarg);
+				error("unknown capture direction '%s'", optarg);
 			break;
 #endif /* HAVE_PCAP_SETDIRECTION */
 
@@ -1888,7 +1911,7 @@ main(int argc, char **argv)
 			else if (ascii_strcasecmp(optarg, "quic") == 0)
 				ndo->ndo_packettype = PT_QUIC;
 			else
-				error("unknown packet type `%s'", optarg);
+				error("unknown packet type '%s'", optarg);
 			break;
 
 		case 'u':
@@ -1958,6 +1981,10 @@ main(int argc, char **argv)
 			ndo->ndo_packet_number = 1;
 			break;
 
+		case OPTION_LENGTHS:
+			ndo->ndo_lengths = 1;
+			break;
+
 		case OPTION_VERSION:
 			print_version(stdout);
 			exit_tcpdump(S_SUCCESS);
@@ -2029,14 +2056,6 @@ main(int argc, char **argv)
 		show_remote_devices_and_exit();
 #endif
 
-#if defined(DLT_LINUX_SLL2) && defined(HAVE_PCAP_SET_DATALINK)
-/* Set default linktype DLT_LINUX_SLL2 when capturing on the "any" device */
-		if (device != NULL &&
-		    strncmp (device, "any", strlen("any")) == 0
-		    && yflag_dlt == -1)
-			yflag_dlt = DLT_LINUX_SLL2;
-#endif
-
 	switch (ndo->ndo_tflag) {
 
 	case 0: /* Default */
@@ -2086,6 +2105,8 @@ main(int argc, char **argv)
 		/* Run with '-Z root' to restore old behaviour */
 		if (!username)
 			username = WITH_USER;
+		else if (strcmp(username, "root") == 0)
+			username = NULL;
 	}
 #endif
 
@@ -2289,6 +2310,24 @@ main(int argc, char **argv)
 				      pcap_datalink_val_to_name(yflag_dlt));
 			(void)fflush(stderr);
 		}
+#if defined(DLT_LINUX_SLL2) && defined(HAVE_PCAP_SET_DATALINK)
+		else {
+			/*
+			 * Attempt to set default linktype to
+			 * DLT_LINUX_SLL2 when capturing on the
+			 * "any" device.
+			 *
+			 * If the attempt fails, just quietly drive
+			 * on; this may be a non-Linux "any" device
+			 * that doesn't support DLT_LINUX_SLL2.
+			 */
+			if (strcmp(device, "any") == 0) {
+DIAG_OFF_WARN_UNUSED_RESULT
+				(void) pcap_set_datalink(pd, DLT_LINUX_SLL2);
+DIAG_ON_WARN_UNUSED_RESULT
+			}
+		}
+#endif
 		i = pcap_snapshot(pd);
 		if (ndo->ndo_snaplen < i) {
 			if (ndo->ndo_snaplen != 0)
@@ -2353,7 +2392,7 @@ main(int argc, char **argv)
 	 * devices, and can't just give users that permission,
 	 * you'd make tcpdump set-UID or set-GID).
 	 *
-	 * Tcpdump doesn't necessarily write only to one savefile;
+	 * tcpdump doesn't necessarily write only to one savefile;
 	 * the general only way to allow a -Z instance to write to
 	 * savefiles as the user under whose UID it's run, rather
 	 * than as the user specified with -Z, would thus be to switch
@@ -2621,6 +2660,9 @@ DIAG_ON_ASSIGN_ENUM
 #else
 	cansandbox = (cansandbox && ndo->ndo_nflag);
 #endif /* HAVE_CASPER */
+	cansandbox = (cansandbox && (pcap_fileno(pd) != -1 ||
+	    RFileName != NULL));
+
 	if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
 		error("unable to enter the capability mode");
 #endif	/* HAVE_CAPSICUM */
@@ -2836,7 +2878,7 @@ cleanup(int signo _U_)
 static void
 child_cleanup(int signo _U_)
 {
-  wait(NULL);
+  while (waitpid(-1, NULL, WNOHANG) >= 0);
 }
 #endif /* HAVE_FORK && HAVE_VFORK */
 
@@ -3293,7 +3335,7 @@ print_usage(FILE *f)
 "\t\t[ -i interface ]" IMMEDIATE_MODE_USAGE j_FLAG_USAGE "\n");
 #ifdef HAVE_PCAP_FINDALLDEVS_EX
 	(void)fprintf(f,
-"\t\t" LIST_REMOTE_INTERFACES_USAGE "\n");
+"\t\t[ --lengths ]" LIST_REMOTE_INTERFACES_USAGE "\n");
 #endif
 #ifdef USE_LIBSMI
 	(void)fprintf(f,