From Andrew Brown <[email protected]>: add a "-U" flag, which causes

the output stream for "-w" to be flushed after each packet is dumped.

Add checks for "pcap_dump_flush()", and only enable the "-U" flag if
it's present.  Clean up the handling of the "getopt()" argument and the
usage message to get rid of the pile of #ifdefs.

Add documentation for the "-L" and "-y" flags.

Tweak the description of "-r" to properly format "-w" in the text.

diff --git a/CREDITS b/CREDITS
index fa7f2b13fc20a02d3e363914dc258e48d2330054..24551462394f34d69e6dd4df52f563a510df6c2f 100644 (file)
--- a/CREDITS
+++ b/CREDITS
@@ -15,6 +15,7 @@ The current maintainers:
 
 Additional people who have contributed patches:
 
+       Andrew Brown                    <[email protected]>
        Alfredo Andres                  <[email protected]>
        Andrew Hintz                    <[email protected]>
        Andrew Tridgell                 <[email protected]>

diff --git a/config.h.in b/config.h.in
index 89af5e8407417613e9a57de81bcaa2742400e16e..71b1e30a2700176e63bbffbaa41480cc27fd9fe4 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -148,6 +148,9 @@
 /* Define if you have the inet_pton function.  */
 #undef HAVE_INET_PTON
 
+/* Define if you have the pcap_dump_flush function.  */
+#undef HAVE_PCAP_DUMP_FLUSH
+
 /* Define if you have the pcap_findalldevs function.  */
 #undef HAVE_PCAP_FINDALLDEVS
 

diff --git a/configure b/configure
index 3de0a5304920e92fab6985a665e7783fcce1ec96..614fa879e8942e23be1a128c5aa3bdc5ae529197 100755 (executable)
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-# From configure.in Revision: 1.158 
+# From configure.in Revision: 1.159 
 
 
 
@@ -4095,7 +4095,7 @@ fi
 
 
 
-for ac_func in pcap_findalldevs
+for ac_func in pcap_findalldevs pcap_dump_flush
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
 echo "configure:4102: checking for $ac_func" >&5

diff --git a/configure.in b/configure.in
index 5f89c1bff4673d5ce0abc18d6f270d6f7361bd20..8b50a2abf42f5d2e3e4ea42db61906a2db66f7a1 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -1,4 +1,4 @@
-dnl @(#) $Header: /tcpdump/master/tcpdump/configure.in,v 1.158 2002-12-11 05:00:06 guy Exp $ (LBL)
+dnl @(#) $Header: /tcpdump/master/tcpdump/configure.in,v 1.159 2002-12-22 00:15:27 guy Exp $ (LBL)
 dnl
 dnl Copyright (c) 1994, 1995, 1996, 1997
 dnl    The Regents of the University of California.  All rights reserved.
@@ -6,7 +6,7 @@ dnl
 dnl Process this file with autoconf to produce a configure script.
 dnl
 
-AC_REVISION($Revision: 1.158 $)
+AC_REVISION($Revision: 1.159 $)
 AC_PREREQ(2.13)
 AC_INIT(tcpdump.c)
 
@@ -559,7 +559,7 @@ dnl AC_CHECK_HEADERS(zlib.h)
 
 AC_LBL_LIBPCAP(V_PCAPDEP, V_INCLS)
 
-AC_CHECK_FUNCS(pcap_findalldevs)
+AC_CHECK_FUNCS(pcap_findalldevs pcap_dump_flush)
 AC_MSG_CHECKING(whether pcap_version is defined by libpcap)
 AC_TRY_LINK([],
    [

diff --git a/tcpdump.1 b/tcpdump.1
index c564a27200bad8a36ae0a77605ed11c93ba6306d..ce6db3f5b389c919a6121974ea419762dd6d763f 100644 (file)
--- a/tcpdump.1
+++ b/tcpdump.1
@@ -1,4 +1,4 @@
-.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.134 2002-12-19 05:44:47 guy Exp $ (LBL)
+.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.135 2002-12-22 00:15:27 guy Exp $ (LBL)
 .\"
 .\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
 .\"    The Regents of the University of California.  All rights reserved.
@@ -20,14 +20,14 @@
 .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
-.TH TCPDUMP 1  "8 August 2002"
+.TH TCPDUMP 1  "21 December 2002"
 .SH NAME
 tcpdump \- dump traffic on a network
 .SH SYNOPSIS
 .na
 .B tcpdump
 [
-.B \-aAdDeflnNOpqRStuvxX
+.B \-aAdDeflnNOpqRStuUvxXy
 ] [
 .B \-c
 .I count
@@ -76,6 +76,11 @@ tcpdump \- dump traffic on a network
 .I algo:secret
 ]
 [
+.B \-y
+.I datalinktype
+]
+.ti +8
+[
 .I expression
 ]
 .br
@@ -325,6 +330,9 @@ E.g.,
 ``tcpdump\ \ \-l\ \ |\ \ tee dat'' or
 ``tcpdump\ \ \-l \ \ > dat\ \ &\ \ tail\ \ \-f\ \ dat''.
 .TP
+.B \-L
+List the known data link types for the interface and exit.
+.TP
 .B \-m
 Load SMI MIB module definitions from file \fImodule\fR.
 This option
@@ -363,7 +371,9 @@ Since there is no protocol version field in ESP/AH specification,
 \fItcpdump\fP cannot deduce the version of ESP/AH protocol.
 .TP
 .B \-r
-Read packets from \fIfile\fR (which was created with the -w option).
+Read packets from \fIfile\fR (which was created with the
+.B \-w
+option).
 Standard input is used if \fIfile\fR is ``-''.
 .TP
 .B \-S
@@ -417,6 +427,23 @@ Print a timestamp in default format proceeded by date on each dump line.
 .B \-u
 Print undecoded NFS handles.
 .TP
+.B \-U
+Make output saved via the
+.B \-w
+option ``packet-buffered''; i.e., as each packet is saved, it will be
+written to the output file, rather than being written only when the
+output buffer fills.
+.IP
+The
+.B \-U
+flag will not be supported if
+.I tcpdump
+was built with an older version of
+.I libpcap
+that lacks the
+.B pcap_dump_flush()
+function.
+.TP
 .B \-v
 (Slightly more) verbose output.
 For example, the time to live,
@@ -466,6 +493,9 @@ This is very handy for analysing new protocols.
 Print each packet,
 .I including
 its link level header, in hex and ASCII.
+.TP
+.B \-y
+Set the data link type to use while capturing packets to \fIdatalinktype\fP.
 .IP "\fI expression\fP"
 .RS
 selects which packets will be dumped.

diff --git a/tcpdump.c b/tcpdump.c
index a4dde2f34ec35c027b31c73cd8dd7e24d7598172..9cf6442349297a03498534d928f73f7d068c01f5 100644 (file)
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -30,7 +30,7 @@ static const char copyright[] =
     "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
 The Regents of the University of California.  All rights reserved.\n";
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.193 2002-12-19 09:39:17 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.194 2002-12-22 00:15:28 guy Exp $ (LBL)";
 #endif
 
 /*
@@ -83,6 +83,7 @@ int Rflag = 1;                        /* print sequence # field in AH/ESP*/
 int sflag = 0;                 /* use the libsmi to translate OIDs */
 int Sflag;                     /* print raw TCP sequence numbers */
 int tflag = 1;                 /* print packet arrival time */
+int Uflag = 0;                 /* "unbuffered" output of dump files */
 int uflag = 0;                 /* Print undecoded NFS handles */
 int vflag;                     /* verbose */
 int xflag;                     /* print packet in hex */
@@ -262,6 +263,36 @@ show_dlts_and_exit(pcap_t *pd)
        exit(0);
 }
 
+/*
+ * Set up flags that might or might not be supported depending on the
+ * version of libpcap we're using.
+ *
+ * Win32 builds are assumed to be done with the latest version of WinPcap.
+ */
+#ifdef WIN32
+#define B_FLAG         "B:"
+#define B_FLAG_USAGE   " [ -B size ]"
+#define D_FLAG         "D"
+#define U_FLAG         "U"
+#else /* WIN32 */
+
+#define B_FLAG
+#define B_FLAG_USAGE
+
+#ifdef HAVE_PCAP_FINDALLDEVS
+#define D_FLAG "D"
+#else
+#define D_FLAG
+#endif
+
+#ifdef HAVE_PCAP_DUMP_FLUSH
+#define U_FLAG "U"
+#else
+#define U_FLAG
+#endif
+
+#endif /* WIN32 */
+
 int
 main(int argc, char **argv)
 {
@@ -313,15 +344,7 @@ main(int argc, char **argv)
 
        opterr = 0;
        while (
-#ifdef WIN32
-           (op = getopt(argc, argv, "aAB:c:C:dDeE:fF:i:lLm:nNOpqr:Rs:StT:uvw:xXy:Y")) != -1)
-#else /* WIN32 */
-#ifdef HAVE_PCAP_FINDALLDEVS
-           (op = getopt(argc, argv, "aAc:C:dDeE:fF:i:lLm:nNOpqr:Rs:StT:uvw:xXy:Y")) != -1)
-#else /* HAVE_PCAP_FINDALLDEVS */
-           (op = getopt(argc, argv, "aAc:C:deE:fF:i:lLm:nNOpqr:Rs:StT:uvw:xXy:Y")) != -1)
-#endif /* HAVE_PCAP_FINDALLDEVS */
-#endif /* WIN32 */
+           (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:i:lLm:nNOpqr:Rs:StT:u" U_FLAG "vw:xXy:Y")) != -1)
                switch (op) {
 
                case 'a':
@@ -523,6 +546,12 @@ main(int argc, char **argv)
                        ++uflag;
                        break;
 
+#ifdef HAVE_PCAP_DUMP_FLUSH
+               case 'U':
+                       ++Uflag;
+                       break;
+#endif
+
                case 'v':
                        ++vflag;
                        break;
@@ -817,6 +846,10 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
        }
 
        pcap_dump((u_char *)dump_info->p, h, sp);
+#ifdef HAVE_PCAP_FINDALLDEVS
+       if (Uflag)
+               pcap_dump_flush(dump_info->p);
+#endif
 
        --infodelay;
        if (infoprint)
@@ -829,6 +862,10 @@ dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
        ++infodelay;
 
        pcap_dump(user, h, sp);
+#ifdef HAVE_PCAP_FINDALLDEVS
+       if (Uflag)
+               pcap_dump_flush((pcap_dumper_t *)user);
+#endif
 
        --infodelay;
        if (infoprint)
@@ -970,15 +1007,7 @@ usage(void)
        (void)fprintf(stderr, "libpcap version %s\n", pcap_version);
 #endif /* WIN32 */
        (void)fprintf(stderr,
-#ifdef WIN32
-"Usage: %s [-aAdDeflLnNOpqRStuvxX] [-B size] [-c count] [ -C file_size ]\n", program_name);
-#else /* WIN32 */
-#ifdef HAVE_PCAP_FINDALLDEVS
-"Usage: %s [-aAdDeflLnNOpqRStuvxX] [-c count] [ -C file_size ]\n", program_name);
-#else /* HAVE_PCAP_FINDALLDEVS */
-"Usage: %s [-aAdeflLnNOpqRStuvxX] [-c count] [ -C file_size ]\n", program_name);
-#endif /* HAVE_PCAP_FINDALLDEVS */
-#endif /* WIN32 */
+"Usage: %s [-aAd" D_FLAG "eflLnNOpqRStu" U_FLAG "vxXy]" B_FLAG_USAGE " [-c count] [ -C file_size ]\n", program_name);
        (void)fprintf(stderr,
 "\t\t[ -E algo:secret ] [ -F file ] [ -i interface ] [ -r file ]\n");
        (void)fprintf(stderr,