1996-08-19 20:34:12 +00:00
|
|
|
/*
|
2002-06-21 00:49:02 +00:00
|
|
|
* Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
|
1996-08-19 20:34:12 +00:00
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that: (1) source code distributions
|
|
|
|
* retain the above copyright notice and this paragraph in its entirety, (2)
|
|
|
|
* distributions including binary code include the above copyright notice and
|
|
|
|
* this paragraph in its entirety in the documentation or other materials
|
|
|
|
* provided with the distribution, and (3) all advertising materials mentioning
|
|
|
|
* features or use of this software display the following acknowledgement:
|
|
|
|
* ``This product includes software developed by the University of California,
|
|
|
|
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
|
|
|
|
* the University nor the names of its contributors may be used to endorse
|
|
|
|
* or promote products derived from this software without specific prior
|
|
|
|
* written permission.
|
|
|
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
|
|
|
|
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
|
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
2002-06-21 00:49:02 +00:00
|
|
|
*
|
|
|
|
* Support for splitting captures into multiple files with a maximum
|
|
|
|
* file size:
|
|
|
|
*
|
|
|
|
* Copyright (c) 2001
|
|
|
|
* Seth Webster <swebster@sst.ll.mit.edu>
|
1996-08-19 20:34:12 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef lint
|
2004-03-31 14:57:24 +00:00
|
|
|
static const char copyright[] _U_ =
|
2002-06-21 00:49:02 +00:00
|
|
|
"@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
|
1996-08-19 20:34:12 +00:00
|
|
|
The Regents of the University of California. All rights reserved.\n";
|
2004-03-31 14:57:24 +00:00
|
|
|
static const char rcsid[] _U_ =
|
2010-10-28 16:23:25 +00:00
|
|
|
"@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp $ (LBL)";
|
1996-08-19 20:34:12 +00:00
|
|
|
#endif
|
|
|
|
|
2000-01-26 18:10:21 +00:00
|
|
|
/* $FreeBSD$ */
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
/*
|
|
|
|
* tcpdump - monitor tcp/ip traffic on an ethernet.
|
|
|
|
*
|
|
|
|
* First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory.
|
|
|
|
* Mercilessly hacked and occasionally improved since then via the
|
|
|
|
* combined efforts of Van, Steve McCanne and Craig Leres of LBL.
|
|
|
|
*/
|
|
|
|
|
2000-01-30 01:05:24 +00:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#include <tcpdump-stdinc.h>
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
#include "getopt.h"
|
|
|
|
#include "w32_fzs.h"
|
|
|
|
extern int strcasecmp (const char *__s1, const char *__s2);
|
|
|
|
extern int SIZE_BUF;
|
|
|
|
#define off_t long
|
|
|
|
#define uint UINT
|
|
|
|
#endif /* WIN32 */
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifdef HAVE_SMI_H
|
|
|
|
#include <smi.h>
|
|
|
|
#endif
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
#include <pcap.h>
|
|
|
|
#include <signal.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
2009-03-21 16:23:46 +00:00
|
|
|
#include <limits.h>
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
#include <sys/capability.h>
|
|
|
|
#include <sys/ioccom.h>
|
2013-07-31 02:13:18 +00:00
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/sysctl.h>
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#include <net/bpf.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <libgen.h>
|
|
|
|
#endif /* __FreeBSD__ */
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifndef WIN32
|
2009-03-21 16:23:46 +00:00
|
|
|
#include <sys/wait.h>
|
|
|
|
#include <sys/resource.h>
|
2005-05-29 19:09:28 +00:00
|
|
|
#include <pwd.h>
|
|
|
|
#include <grp.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#endif /* WIN32 */
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2013-05-30 06:46:26 +00:00
|
|
|
/* capabilities convinience library */
|
|
|
|
#ifdef HAVE_CAP_NG_H
|
|
|
|
#include <cap-ng.h>
|
|
|
|
#endif /* HAVE_CAP_NG_H */
|
2009-03-21 16:23:46 +00:00
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
#include "netdissect.h"
|
1996-08-19 20:34:12 +00:00
|
|
|
#include "interface.h"
|
|
|
|
#include "addrtoname.h"
|
|
|
|
#include "machdep.h"
|
1998-09-15 19:36:32 +00:00
|
|
|
#include "setsignal.h"
|
|
|
|
#include "gmt2local.h"
|
2004-03-31 14:57:24 +00:00
|
|
|
#include "pcap-missing.h"
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2013-05-30 06:46:26 +00:00
|
|
|
#ifndef PATH_MAX
|
|
|
|
#define PATH_MAX 1024
|
2009-03-21 16:23:46 +00:00
|
|
|
#endif
|
|
|
|
|
2012-10-04 22:40:22 +00:00
|
|
|
#ifdef SIGINFO
|
|
|
|
#define SIGNAL_REQ_INFO SIGINFO
|
|
|
|
#elif SIGUSR1
|
|
|
|
#define SIGNAL_REQ_INFO SIGUSR1
|
|
|
|
#endif
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
netdissect_options Gndo;
|
|
|
|
netdissect_options *gndo = &Gndo;
|
|
|
|
|
2010-10-28 16:23:25 +00:00
|
|
|
static int dflag; /* print filter code */
|
|
|
|
static int Lflag; /* list available data link types and exit */
|
2012-05-14 08:01:48 +00:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
static int Jflag; /* list available time stamp types */
|
|
|
|
#endif
|
2010-10-28 16:23:25 +00:00
|
|
|
static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
static int infodelay;
|
|
|
|
static int infoprint;
|
1996-08-19 20:34:12 +00:00
|
|
|
|
|
|
|
char *program_name;
|
|
|
|
|
|
|
|
int32_t thiszone; /* seconds offset from gmt to local time */
|
|
|
|
|
|
|
|
/* Forwards */
|
2001-04-03 07:50:46 +00:00
|
|
|
static RETSIGTYPE cleanup(int);
|
2009-03-21 16:23:46 +00:00
|
|
|
static RETSIGTYPE child_cleanup(int);
|
2001-04-03 07:50:46 +00:00
|
|
|
static void usage(void) __attribute__((noreturn));
|
2010-10-28 16:23:25 +00:00
|
|
|
static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn));
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
|
2005-05-29 19:09:28 +00:00
|
|
|
static void ndo_default_print(netdissect_options *, const u_char *, u_int);
|
2004-03-31 14:57:24 +00:00
|
|
|
static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
|
|
|
|
static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
|
2005-05-29 19:09:28 +00:00
|
|
|
static void droproot(const char *, const char *);
|
2012-05-14 08:01:48 +00:00
|
|
|
static void ndo_error(netdissect_options *ndo, const char *fmt, ...)
|
|
|
|
__attribute__ ((noreturn, format (printf, 2, 3)));
|
2005-05-29 19:09:28 +00:00
|
|
|
static void ndo_warning(netdissect_options *ndo, const char *fmt, ...);
|
2002-06-21 00:49:02 +00:00
|
|
|
|
2012-10-04 22:40:22 +00:00
|
|
|
#ifdef SIGNAL_REQ_INFO
|
2002-06-21 00:49:02 +00:00
|
|
|
RETSIGTYPE requestinfo(int);
|
|
|
|
#endif
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
#if defined(USE_WIN32_MM_TIMER)
|
|
|
|
#include <MMsystem.h>
|
|
|
|
static UINT timer_id;
|
|
|
|
static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR);
|
|
|
|
#elif defined(HAVE_ALARM)
|
|
|
|
static void verbose_stats_dump(int sig);
|
|
|
|
#endif
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
static void info(int);
|
|
|
|
static u_int packets_captured;
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
struct printer {
|
2010-10-28 16:23:25 +00:00
|
|
|
if_printer f;
|
1996-08-19 20:34:12 +00:00
|
|
|
int type;
|
|
|
|
};
|
|
|
|
|
2010-10-28 16:23:25 +00:00
|
|
|
|
|
|
|
struct ndo_printer {
|
|
|
|
if_ndo_printer f;
|
|
|
|
int type;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
static struct printer printers[] = {
|
2002-06-21 00:49:02 +00:00
|
|
|
{ arcnet_if_print, DLT_ARCNET },
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef DLT_ARCNET_LINUX
|
|
|
|
{ arcnet_linux_if_print, DLT_ARCNET_LINUX },
|
|
|
|
#endif
|
1999-02-20 11:18:00 +00:00
|
|
|
{ token_if_print, DLT_IEEE802 },
|
2000-01-30 01:05:24 +00:00
|
|
|
#ifdef DLT_LANE8023
|
|
|
|
{ lane_if_print, DLT_LANE8023 },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_CIP
|
|
|
|
{ cip_if_print, DLT_CIP },
|
2001-04-03 07:50:46 +00:00
|
|
|
#endif
|
|
|
|
#ifdef DLT_ATM_CLIP
|
2010-10-28 16:23:25 +00:00
|
|
|
{ cip_if_print, DLT_ATM_CLIP },
|
2000-01-30 01:05:24 +00:00
|
|
|
#endif
|
1996-08-19 20:34:12 +00:00
|
|
|
{ sl_if_print, DLT_SLIP },
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef DLT_SLIP_BSDOS
|
1998-09-15 19:36:32 +00:00
|
|
|
{ sl_bsdos_if_print, DLT_SLIP_BSDOS },
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif
|
1996-08-19 20:34:12 +00:00
|
|
|
{ ppp_if_print, DLT_PPP },
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifdef DLT_PPP_WITHDIRECTION
|
|
|
|
{ ppp_if_print, DLT_PPP_WITHDIRECTION },
|
|
|
|
#endif
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef DLT_PPP_BSDOS
|
1998-09-15 19:36:32 +00:00
|
|
|
{ ppp_bsdos_if_print, DLT_PPP_BSDOS },
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif
|
1996-08-19 20:34:12 +00:00
|
|
|
{ fddi_if_print, DLT_FDDI },
|
|
|
|
{ null_if_print, DLT_NULL },
|
2001-04-03 07:50:46 +00:00
|
|
|
#ifdef DLT_LOOP
|
|
|
|
{ null_if_print, DLT_LOOP },
|
|
|
|
#endif
|
1998-09-15 19:36:32 +00:00
|
|
|
{ raw_if_print, DLT_RAW },
|
1996-08-19 20:34:12 +00:00
|
|
|
{ atm_if_print, DLT_ATM_RFC1483 },
|
2001-04-03 07:50:46 +00:00
|
|
|
#ifdef DLT_C_HDLC
|
|
|
|
{ chdlc_if_print, DLT_C_HDLC },
|
|
|
|
#endif
|
2002-06-21 00:49:02 +00:00
|
|
|
#ifdef DLT_HDLC
|
|
|
|
{ chdlc_if_print, DLT_HDLC },
|
|
|
|
#endif
|
2001-04-03 07:50:46 +00:00
|
|
|
#ifdef DLT_PPP_SERIAL
|
2010-10-28 16:23:25 +00:00
|
|
|
{ ppp_hdlc_if_print, DLT_PPP_SERIAL },
|
2001-04-03 07:50:46 +00:00
|
|
|
#endif
|
2002-06-21 00:49:02 +00:00
|
|
|
#ifdef DLT_PPP_ETHER
|
|
|
|
{ pppoe_if_print, DLT_PPP_ETHER },
|
|
|
|
#endif
|
2001-04-03 07:50:46 +00:00
|
|
|
#ifdef DLT_LINUX_SLL
|
|
|
|
{ sll_if_print, DLT_LINUX_SLL },
|
2002-06-21 00:49:02 +00:00
|
|
|
#endif
|
|
|
|
#ifdef DLT_IEEE802_11
|
|
|
|
{ ieee802_11_if_print, DLT_IEEE802_11},
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_LTALK
|
|
|
|
{ ltalk_if_print, DLT_LTALK },
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif
|
2007-10-16 02:31:48 +00:00
|
|
|
#if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H)
|
2010-10-28 16:23:25 +00:00
|
|
|
{ pflog_if_print, DLT_PFLOG },
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif
|
|
|
|
#ifdef DLT_FR
|
|
|
|
{ fr_if_print, DLT_FR },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_FRELAY
|
|
|
|
{ fr_if_print, DLT_FRELAY },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_SUNATM
|
|
|
|
{ sunatm_if_print, DLT_SUNATM },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_IP_OVER_FC
|
|
|
|
{ ipfc_if_print, DLT_IP_OVER_FC },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_PRISM_HEADER
|
|
|
|
{ prism_if_print, DLT_PRISM_HEADER },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_IEEE802_11_RADIO
|
|
|
|
{ ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_ENC
|
2010-10-28 16:23:25 +00:00
|
|
|
{ enc_if_print, DLT_ENC },
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifdef DLT_SYMANTEC_FIREWALL
|
2010-10-28 16:23:25 +00:00
|
|
|
{ symantec_if_print, DLT_SYMANTEC_FIREWALL },
|
2005-05-29 19:09:28 +00:00
|
|
|
#endif
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef DLT_APPLE_IP_OVER_IEEE1394
|
|
|
|
{ ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
|
2005-05-29 19:09:28 +00:00
|
|
|
#endif
|
2009-03-21 16:23:46 +00:00
|
|
|
#ifdef DLT_IEEE802_11_RADIO_AVS
|
|
|
|
{ ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
|
|
|
|
#endif
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifdef DLT_JUNIPER_ATM1
|
|
|
|
{ juniper_atm1_print, DLT_JUNIPER_ATM1 },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_ATM2
|
|
|
|
{ juniper_atm2_print, DLT_JUNIPER_ATM2 },
|
|
|
|
#endif
|
2005-07-11 04:14:02 +00:00
|
|
|
#ifdef DLT_JUNIPER_MFR
|
|
|
|
{ juniper_mfr_print, DLT_JUNIPER_MFR },
|
|
|
|
#endif
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifdef DLT_JUNIPER_MLFR
|
|
|
|
{ juniper_mlfr_print, DLT_JUNIPER_MLFR },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_MLPPP
|
|
|
|
{ juniper_mlppp_print, DLT_JUNIPER_MLPPP },
|
2005-07-11 04:14:02 +00:00
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_PPPOE
|
|
|
|
{ juniper_pppoe_print, DLT_JUNIPER_PPPOE },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_PPPOE_ATM
|
|
|
|
{ juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_GGSN
|
|
|
|
{ juniper_ggsn_print, DLT_JUNIPER_GGSN },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_ES
|
|
|
|
{ juniper_es_print, DLT_JUNIPER_ES },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_MONITOR
|
|
|
|
{ juniper_monitor_print, DLT_JUNIPER_MONITOR },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_SERVICES
|
|
|
|
{ juniper_services_print, DLT_JUNIPER_SERVICES },
|
2006-09-04 20:25:04 +00:00
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_ETHER
|
2010-10-28 16:23:25 +00:00
|
|
|
{ juniper_ether_print, DLT_JUNIPER_ETHER },
|
2006-09-04 20:25:04 +00:00
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_PPP
|
2010-10-28 16:23:25 +00:00
|
|
|
{ juniper_ppp_print, DLT_JUNIPER_PPP },
|
2006-09-04 20:25:04 +00:00
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_FRELAY
|
2010-10-28 16:23:25 +00:00
|
|
|
{ juniper_frelay_print, DLT_JUNIPER_FRELAY },
|
2006-09-04 20:25:04 +00:00
|
|
|
#endif
|
|
|
|
#ifdef DLT_JUNIPER_CHDLC
|
2010-10-28 16:23:25 +00:00
|
|
|
{ juniper_chdlc_print, DLT_JUNIPER_CHDLC },
|
2007-10-16 02:31:48 +00:00
|
|
|
#endif
|
|
|
|
#ifdef DLT_MFR
|
2010-10-28 16:23:25 +00:00
|
|
|
{ mfr_if_print, DLT_MFR },
|
2009-03-21 16:23:46 +00:00
|
|
|
#endif
|
|
|
|
#if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H)
|
2010-10-28 16:23:25 +00:00
|
|
|
{ bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
|
|
|
|
#endif
|
|
|
|
#ifdef HAVE_PCAP_USB_H
|
|
|
|
#ifdef DLT_USB_LINUX
|
|
|
|
{ usb_linux_48_byte_print, DLT_USB_LINUX},
|
|
|
|
#endif /* DLT_USB_LINUX */
|
|
|
|
#ifdef DLT_USB_LINUX_MMAPPED
|
|
|
|
{ usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED},
|
|
|
|
#endif /* DLT_USB_LINUX_MMAPPED */
|
|
|
|
#endif /* HAVE_PCAP_USB_H */
|
|
|
|
#ifdef DLT_IPV4
|
|
|
|
{ raw_if_print, DLT_IPV4 },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_IPV6
|
|
|
|
{ raw_if_print, DLT_IPV6 },
|
|
|
|
#endif
|
|
|
|
{ NULL, 0 },
|
|
|
|
};
|
|
|
|
|
|
|
|
static struct ndo_printer ndo_printers[] = {
|
2012-05-14 08:01:48 +00:00
|
|
|
{ ether_if_print, DLT_EN10MB },
|
2010-10-28 16:23:25 +00:00
|
|
|
#ifdef DLT_IPNET
|
|
|
|
{ ipnet_if_print, DLT_IPNET },
|
2012-05-14 08:01:48 +00:00
|
|
|
#endif
|
|
|
|
#ifdef DLT_IEEE802_15_4
|
|
|
|
{ ieee802_15_4_if_print, DLT_IEEE802_15_4 },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_IEEE802_15_4_NOFCS
|
|
|
|
{ ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_PPI
|
|
|
|
{ ppi_if_print, DLT_PPI },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_NETANALYZER
|
|
|
|
{ netanalyzer_if_print, DLT_NETANALYZER },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_NETANALYZER_TRANSPARENT
|
|
|
|
{ netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
|
2000-01-30 01:05:24 +00:00
|
|
|
#endif
|
1996-08-19 20:34:12 +00:00
|
|
|
{ NULL, 0 },
|
|
|
|
};
|
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
if_printer
|
1996-08-19 20:34:12 +00:00
|
|
|
lookup_printer(int type)
|
|
|
|
{
|
|
|
|
struct printer *p;
|
|
|
|
|
|
|
|
for (p = printers; p->f; ++p)
|
|
|
|
if (type == p->type)
|
|
|
|
return p->f;
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
return NULL;
|
1996-08-19 20:34:12 +00:00
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
if_ndo_printer
|
2010-10-28 16:23:25 +00:00
|
|
|
lookup_ndo_printer(int type)
|
|
|
|
{
|
|
|
|
struct ndo_printer *p;
|
|
|
|
|
|
|
|
for (p = ndo_printers; p->f; ++p)
|
|
|
|
if (type == p->type)
|
|
|
|
return p->f;
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
static pcap_t *pd;
|
|
|
|
|
2010-10-28 16:23:25 +00:00
|
|
|
static int supports_monitor_mode;
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
extern int optind;
|
|
|
|
extern int opterr;
|
|
|
|
extern char *optarg;
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
struct print_info {
|
2010-10-28 16:23:25 +00:00
|
|
|
netdissect_options *ndo;
|
|
|
|
union {
|
|
|
|
if_printer printer;
|
|
|
|
if_ndo_printer ndo_printer;
|
|
|
|
} p;
|
|
|
|
int ndo_type;
|
2004-03-31 14:57:24 +00:00
|
|
|
};
|
|
|
|
|
2002-06-21 00:49:02 +00:00
|
|
|
struct dump_info {
|
|
|
|
char *WFileName;
|
2009-03-21 16:23:46 +00:00
|
|
|
char *CurrentFileName;
|
2002-06-21 00:49:02 +00:00
|
|
|
pcap_t *pd;
|
|
|
|
pcap_dumper_t *p;
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
int dirfd;
|
|
|
|
#endif
|
2002-06-21 00:49:02 +00:00
|
|
|
};
|
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
static void
|
|
|
|
show_tstamp_types_and_exit(const char *device, pcap_t *pd)
|
|
|
|
{
|
|
|
|
int n_tstamp_types;
|
|
|
|
int *tstamp_types = 0;
|
|
|
|
const char *tstamp_type_name;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types);
|
|
|
|
if (n_tstamp_types < 0)
|
|
|
|
error("%s", pcap_geterr(pd));
|
|
|
|
|
|
|
|
if (n_tstamp_types == 0) {
|
|
|
|
fprintf(stderr, "Time stamp type cannot be set for %s\n",
|
|
|
|
device);
|
|
|
|
exit(0);
|
|
|
|
}
|
|
|
|
fprintf(stderr, "Time stamp types for %s (use option -j to set):\n",
|
|
|
|
device);
|
|
|
|
for (i = 0; i < n_tstamp_types; i++) {
|
|
|
|
tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]);
|
|
|
|
if (tstamp_type_name != NULL) {
|
|
|
|
(void) fprintf(stderr, " %s (%s)\n", tstamp_type_name,
|
|
|
|
pcap_tstamp_type_val_to_description(tstamp_types[i]));
|
|
|
|
} else {
|
|
|
|
(void) fprintf(stderr, " %d\n", tstamp_types[i]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
pcap_free_tstamp_types(tstamp_types);
|
|
|
|
exit(0);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2003-01-26 01:23:26 +00:00
|
|
|
static void
|
2010-10-28 16:23:25 +00:00
|
|
|
show_dlts_and_exit(const char *device, pcap_t *pd)
|
2003-01-26 01:23:26 +00:00
|
|
|
{
|
2004-03-31 14:57:24 +00:00
|
|
|
int n_dlts;
|
2003-01-26 01:23:26 +00:00
|
|
|
int *dlts = 0;
|
2004-03-31 14:57:24 +00:00
|
|
|
const char *dlt_name;
|
|
|
|
|
2003-01-26 01:23:26 +00:00
|
|
|
n_dlts = pcap_list_datalinks(pd, &dlts);
|
|
|
|
if (n_dlts < 0)
|
|
|
|
error("%s", pcap_geterr(pd));
|
|
|
|
else if (n_dlts == 0 || !dlts)
|
|
|
|
error("No data link types.");
|
|
|
|
|
2010-10-28 16:23:25 +00:00
|
|
|
/*
|
|
|
|
* If the interface is known to support monitor mode, indicate
|
|
|
|
* whether these are the data link types available when not in
|
|
|
|
* monitor mode, if -I wasn't specified, or when in monitor mode,
|
|
|
|
* when -I was specified (the link-layer types available in
|
|
|
|
* monitor mode might be different from the ones available when
|
|
|
|
* not in monitor mode).
|
|
|
|
*/
|
|
|
|
if (supports_monitor_mode)
|
|
|
|
(void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n",
|
|
|
|
device,
|
|
|
|
Iflag ? "when in monitor mode" : "when not in monitor mode");
|
|
|
|
else
|
|
|
|
(void) fprintf(stderr, "Data link types for %s (use option -y to set):\n",
|
|
|
|
device);
|
2003-01-26 01:23:26 +00:00
|
|
|
|
|
|
|
while (--n_dlts >= 0) {
|
2004-03-31 14:57:24 +00:00
|
|
|
dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]);
|
|
|
|
if (dlt_name != NULL) {
|
|
|
|
(void) fprintf(stderr, " %s (%s)", dlt_name,
|
|
|
|
pcap_datalink_val_to_description(dlts[n_dlts]));
|
|
|
|
|
|
|
|
/*
|
|
|
|
* OK, does tcpdump handle that type?
|
|
|
|
*/
|
2010-10-28 16:23:25 +00:00
|
|
|
if (lookup_printer(dlts[n_dlts]) == NULL
|
|
|
|
&& lookup_ndo_printer(dlts[n_dlts]) == NULL)
|
2009-03-21 16:23:46 +00:00
|
|
|
(void) fprintf(stderr, " (printing not supported)");
|
2012-05-14 08:01:48 +00:00
|
|
|
fprintf(stderr, "\n");
|
2004-03-31 14:57:24 +00:00
|
|
|
} else {
|
2009-03-21 16:23:46 +00:00
|
|
|
(void) fprintf(stderr, " DLT %d (printing not supported)\n",
|
2004-03-31 14:57:24 +00:00
|
|
|
dlts[n_dlts]);
|
2003-01-26 01:23:26 +00:00
|
|
|
}
|
|
|
|
}
|
2013-05-30 06:46:26 +00:00
|
|
|
#ifdef HAVE_PCAP_FREE_DATALINKS
|
2012-05-14 08:01:48 +00:00
|
|
|
pcap_free_datalinks(dlts);
|
2013-05-30 06:46:26 +00:00
|
|
|
#endif
|
2003-01-26 01:23:26 +00:00
|
|
|
exit(0);
|
|
|
|
}
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
/*
|
|
|
|
* Set up flags that might or might not be supported depending on the
|
|
|
|
* version of libpcap we're using.
|
|
|
|
*/
|
2009-03-21 16:23:46 +00:00
|
|
|
#if defined(HAVE_PCAP_CREATE) || defined(WIN32)
|
2004-03-31 14:57:24 +00:00
|
|
|
#define B_FLAG "B:"
|
|
|
|
#define B_FLAG_USAGE " [ -B size ]"
|
2009-03-21 16:23:46 +00:00
|
|
|
#else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */
|
2004-03-31 14:57:24 +00:00
|
|
|
#define B_FLAG
|
|
|
|
#define B_FLAG_USAGE
|
2009-03-21 16:23:46 +00:00
|
|
|
#endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */
|
|
|
|
|
|
|
|
#ifdef HAVE_PCAP_CREATE
|
|
|
|
#define I_FLAG "I"
|
|
|
|
#else /* HAVE_PCAP_CREATE */
|
|
|
|
#define I_FLAG
|
|
|
|
#endif /* HAVE_PCAP_CREATE */
|
2004-03-31 14:57:24 +00:00
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
#define j_FLAG "j:"
|
|
|
|
#define j_FLAG_USAGE " [ -j tstamptype ]"
|
|
|
|
#define J_FLAG "J"
|
|
|
|
#else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
|
|
|
|
#define j_FLAG
|
|
|
|
#define j_FLAG_USAGE
|
|
|
|
#define J_FLAG
|
|
|
|
#endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
#ifndef HAVE_PCAP_IF_T
|
|
|
|
#undef HAVE_PCAP_FINDALLDEVS
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
#define D_FLAG "D"
|
|
|
|
#else
|
|
|
|
#define D_FLAG
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
|
|
|
#define U_FLAG "U"
|
|
|
|
#else
|
|
|
|
#define U_FLAG
|
|
|
|
#endif
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifndef WIN32
|
|
|
|
/* Drop root privileges and chroot if necessary */
|
|
|
|
static void
|
|
|
|
droproot(const char *username, const char *chroot_dir)
|
|
|
|
{
|
|
|
|
struct passwd *pw = NULL;
|
|
|
|
|
|
|
|
if (chroot_dir && !username) {
|
|
|
|
fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
pw = getpwnam(username);
|
|
|
|
if (pw) {
|
|
|
|
if (chroot_dir) {
|
|
|
|
if (chroot(chroot_dir) != 0 || chdir ("/") != 0) {
|
|
|
|
fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n",
|
|
|
|
chroot_dir, pcap_strerror(errno));
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
2013-05-30 06:46:26 +00:00
|
|
|
#ifdef HAVE_CAP_NG_H
|
|
|
|
int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
|
|
|
|
if (ret < 0) {
|
|
|
|
printf("error : ret %d\n", ret);
|
|
|
|
}
|
|
|
|
/* We don't need CAP_SETUID and CAP_SETGID */
|
|
|
|
capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID);
|
|
|
|
capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID);
|
|
|
|
capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID);
|
|
|
|
capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID);
|
|
|
|
capng_apply(CAPNG_SELECT_BOTH);
|
|
|
|
|
|
|
|
#else
|
2005-05-29 19:09:28 +00:00
|
|
|
if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
|
|
|
|
setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
|
|
|
|
fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
|
|
|
|
username,
|
|
|
|
(unsigned long)pw->pw_uid,
|
|
|
|
(unsigned long)pw->pw_gid,
|
|
|
|
pcap_strerror(errno));
|
|
|
|
exit(1);
|
|
|
|
}
|
2013-05-30 06:46:26 +00:00
|
|
|
#endif /* HAVE_CAP_NG_H */
|
2005-05-29 19:09:28 +00:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n",
|
|
|
|
username);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* WIN32 */
|
|
|
|
|
|
|
|
static int
|
|
|
|
getWflagChars(int x)
|
|
|
|
{
|
|
|
|
int c = 0;
|
|
|
|
|
|
|
|
x -= 1;
|
|
|
|
while (x > 0) {
|
|
|
|
c += 1;
|
|
|
|
x /= 10;
|
|
|
|
}
|
|
|
|
|
|
|
|
return c;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
|
|
|
|
{
|
2013-05-30 06:46:26 +00:00
|
|
|
char *filename = malloc(PATH_MAX + 1);
|
|
|
|
if (filename == NULL)
|
|
|
|
error("Makefilename: malloc");
|
2009-03-21 16:23:46 +00:00
|
|
|
|
|
|
|
/* Process with strftime if Gflag is set. */
|
|
|
|
if (Gflag != 0) {
|
|
|
|
struct tm *local_tm;
|
|
|
|
|
|
|
|
/* Convert Gflag_time to a usable format */
|
|
|
|
if ((local_tm = localtime(&Gflag_time)) == NULL) {
|
|
|
|
error("MakeTimedFilename: localtime");
|
|
|
|
}
|
|
|
|
|
|
|
|
/* There's no good way to detect an error in strftime since a return
|
|
|
|
* value of 0 isn't necessarily failure.
|
|
|
|
*/
|
2013-05-30 06:46:26 +00:00
|
|
|
strftime(filename, PATH_MAX, orig_name, local_tm);
|
2009-03-21 16:23:46 +00:00
|
|
|
} else {
|
2013-05-30 06:46:26 +00:00
|
|
|
strncpy(filename, orig_name, PATH_MAX);
|
2009-03-21 16:23:46 +00:00
|
|
|
}
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
if (cnt == 0 && max_chars == 0)
|
2013-05-30 06:46:26 +00:00
|
|
|
strncpy(buffer, filename, PATH_MAX + 1);
|
2005-05-29 19:09:28 +00:00
|
|
|
else
|
2013-05-30 06:46:26 +00:00
|
|
|
if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX)
|
2009-03-21 16:23:46 +00:00
|
|
|
/* Report an error if the filename is too large */
|
2013-05-30 06:46:26 +00:00
|
|
|
error("too many output files or filename is too long (> %d)", PATH_MAX);
|
2009-03-21 16:23:46 +00:00
|
|
|
free(filename);
|
2005-05-29 19:09:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int tcpdump_printf(netdissect_options *ndo _U_,
|
|
|
|
const char *fmt, ...)
|
|
|
|
{
|
|
|
|
|
|
|
|
va_list args;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
va_start(args, fmt);
|
|
|
|
ret=vfprintf(stdout, fmt, args);
|
|
|
|
va_end(args);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-05-30 06:46:26 +00:00
|
|
|
static struct print_info
|
|
|
|
get_print_info(int type)
|
|
|
|
{
|
|
|
|
struct print_info printinfo;
|
|
|
|
|
|
|
|
printinfo.ndo_type = 1;
|
|
|
|
printinfo.ndo = gndo;
|
|
|
|
printinfo.p.ndo_printer = lookup_ndo_printer(type);
|
|
|
|
if (printinfo.p.ndo_printer == NULL) {
|
|
|
|
printinfo.p.printer = lookup_printer(type);
|
|
|
|
printinfo.ndo_type = 0;
|
|
|
|
if (printinfo.p.printer == NULL) {
|
|
|
|
gndo->ndo_dltname = pcap_datalink_val_to_name(type);
|
|
|
|
if (gndo->ndo_dltname != NULL)
|
|
|
|
error("packet printing is not supported for link type %s: use -w",
|
|
|
|
gndo->ndo_dltname);
|
|
|
|
else
|
|
|
|
error("packet printing is not supported for link type %d: use -w", type);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return (printinfo);
|
|
|
|
}
|
|
|
|
|
|
|
|
static char *
|
|
|
|
get_next_file(FILE *VFile, char *ptr)
|
|
|
|
{
|
|
|
|
char *ret;
|
|
|
|
|
|
|
|
ret = fgets(ptr, PATH_MAX, VFile);
|
|
|
|
if (!ret)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (ptr[strlen(ptr) - 1] == '\n')
|
|
|
|
ptr[strlen(ptr) - 1] = '\0';
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
int
|
|
|
|
main(int argc, char **argv)
|
|
|
|
{
|
|
|
|
register int cnt, op, i;
|
|
|
|
bpf_u_int32 localnet, netmask;
|
2013-05-30 06:46:26 +00:00
|
|
|
register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName;
|
2004-03-31 14:57:24 +00:00
|
|
|
pcap_handler callback;
|
|
|
|
int type;
|
2013-05-30 06:46:26 +00:00
|
|
|
int dlt;
|
|
|
|
int new_dlt;
|
|
|
|
const char *dlt_name;
|
1996-08-19 20:34:12 +00:00
|
|
|
struct bpf_program fcode;
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifndef WIN32
|
1998-09-15 19:36:32 +00:00
|
|
|
RETSIGTYPE (*oldhandler)(int);
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif
|
|
|
|
struct print_info printinfo;
|
2002-06-21 00:49:02 +00:00
|
|
|
struct dump_info dumpinfo;
|
1996-08-19 20:34:12 +00:00
|
|
|
u_char *pcap_userdata;
|
|
|
|
char ebuf[PCAP_ERRBUF_SIZE];
|
2013-05-30 06:46:26 +00:00
|
|
|
char VFileLine[PATH_MAX + 1];
|
2005-05-29 19:09:28 +00:00
|
|
|
char *username = NULL;
|
|
|
|
char *chroot_dir = NULL;
|
2013-05-30 06:46:26 +00:00
|
|
|
char *ret = NULL;
|
|
|
|
char *end;
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
pcap_if_t *devpointer;
|
|
|
|
int devnum;
|
|
|
|
#endif
|
|
|
|
int status;
|
2013-05-30 06:46:26 +00:00
|
|
|
FILE *VFile;
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
cap_rights_t rights;
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
int cansandbox;
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
#endif /* __FreeBSD__ */
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
if(wsockinit() != 0) return 1;
|
|
|
|
#endif /* WIN32 */
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
jflag=-1; /* not set */
|
2005-05-29 19:09:28 +00:00
|
|
|
gndo->ndo_Oflag=1;
|
|
|
|
gndo->ndo_Rflag=1;
|
|
|
|
gndo->ndo_dlt=-1;
|
|
|
|
gndo->ndo_default_print=ndo_default_print;
|
|
|
|
gndo->ndo_printf=tcpdump_printf;
|
|
|
|
gndo->ndo_error=ndo_error;
|
|
|
|
gndo->ndo_warning=ndo_warning;
|
|
|
|
gndo->ndo_snaplen = DEFAULT_SNAPLEN;
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
cnt = -1;
|
|
|
|
device = NULL;
|
|
|
|
infile = NULL;
|
|
|
|
RFileName = NULL;
|
2013-05-30 06:46:26 +00:00
|
|
|
VFileName = NULL;
|
|
|
|
VFile = NULL;
|
1996-08-19 20:34:12 +00:00
|
|
|
WFileName = NULL;
|
2013-05-30 06:46:26 +00:00
|
|
|
dlt = -1;
|
1996-08-19 20:34:12 +00:00
|
|
|
if ((cp = strrchr(argv[0], '/')) != NULL)
|
|
|
|
program_name = cp + 1;
|
|
|
|
else
|
|
|
|
program_name = argv[0];
|
|
|
|
|
2001-04-03 07:50:46 +00:00
|
|
|
if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
|
1997-05-27 02:11:31 +00:00
|
|
|
error("%s", ebuf);
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2000-01-30 01:05:24 +00:00
|
|
|
#ifdef LIBSMI
|
|
|
|
smiInit("tcpdump");
|
|
|
|
#endif
|
2004-03-31 14:57:24 +00:00
|
|
|
|
1998-09-15 19:36:32 +00:00
|
|
|
while (
|
2013-05-30 06:46:26 +00:00
|
|
|
(op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "V:vw:W:xXy:Yz:Z:")) != -1)
|
1996-08-19 20:34:12 +00:00
|
|
|
switch (op) {
|
1998-09-15 19:36:32 +00:00
|
|
|
|
|
|
|
case 'a':
|
2004-03-31 14:57:24 +00:00
|
|
|
/* compatibility for old -a */
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'A':
|
|
|
|
++Aflag;
|
|
|
|
break;
|
|
|
|
|
2010-10-28 16:23:25 +00:00
|
|
|
case 'b':
|
|
|
|
++bflag;
|
|
|
|
break;
|
|
|
|
|
2009-03-21 16:23:46 +00:00
|
|
|
#if defined(HAVE_PCAP_CREATE) || defined(WIN32)
|
2004-03-31 14:57:24 +00:00
|
|
|
case 'B':
|
2009-03-21 16:23:46 +00:00
|
|
|
Bflag = atoi(optarg)*1024;
|
|
|
|
if (Bflag <= 0)
|
2004-03-31 14:57:24 +00:00
|
|
|
error("invalid packet buffer size %s", optarg);
|
1998-09-15 19:36:32 +00:00
|
|
|
break;
|
2009-03-21 16:23:46 +00:00
|
|
|
#endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */
|
1998-09-15 19:36:32 +00:00
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
case 'c':
|
|
|
|
cnt = atoi(optarg);
|
|
|
|
if (cnt <= 0)
|
|
|
|
error("invalid packet count %s", optarg);
|
|
|
|
break;
|
|
|
|
|
2002-06-21 00:49:02 +00:00
|
|
|
case 'C':
|
|
|
|
Cflag = atoi(optarg) * 1000000;
|
2004-03-31 14:57:24 +00:00
|
|
|
if (Cflag < 0)
|
2002-06-21 00:49:02 +00:00
|
|
|
error("invalid file size %s", optarg);
|
|
|
|
break;
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
case 'd':
|
|
|
|
++dflag;
|
|
|
|
break;
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
case 'D':
|
|
|
|
if (pcap_findalldevs(&devpointer, ebuf) < 0)
|
|
|
|
error("%s", ebuf);
|
|
|
|
else {
|
|
|
|
for (i = 0; devpointer != 0; i++) {
|
|
|
|
printf("%d.%s", i+1, devpointer->name);
|
|
|
|
if (devpointer->description != NULL)
|
|
|
|
printf(" (%s)", devpointer->description);
|
|
|
|
printf("\n");
|
|
|
|
devpointer = devpointer->next;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
#endif /* HAVE_PCAP_FINDALLDEVS */
|
|
|
|
|
2003-01-26 01:23:26 +00:00
|
|
|
case 'L':
|
|
|
|
Lflag++;
|
|
|
|
break;
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
case 'e':
|
|
|
|
++eflag;
|
|
|
|
break;
|
|
|
|
|
2000-01-30 01:05:24 +00:00
|
|
|
case 'E':
|
2001-04-03 07:50:46 +00:00
|
|
|
#ifndef HAVE_LIBCRYPTO
|
2000-01-30 01:05:24 +00:00
|
|
|
warning("crypto code not compiled in");
|
|
|
|
#endif
|
2005-05-29 19:09:28 +00:00
|
|
|
gndo->ndo_espsecret = optarg;
|
2000-01-30 01:05:24 +00:00
|
|
|
break;
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
case 'f':
|
|
|
|
++fflag;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'F':
|
|
|
|
infile = optarg;
|
|
|
|
break;
|
|
|
|
|
2009-03-21 16:23:46 +00:00
|
|
|
case 'G':
|
|
|
|
Gflag = atoi(optarg);
|
|
|
|
if (Gflag < 0)
|
|
|
|
error("invalid number of seconds %s", optarg);
|
|
|
|
|
|
|
|
/* We will create one file initially. */
|
|
|
|
Gflag_count = 0;
|
|
|
|
|
|
|
|
/* Grab the current time for rotation use. */
|
|
|
|
if ((Gflag_time = time(NULL)) == (time_t)-1) {
|
|
|
|
error("main: can't get current time: %s",
|
|
|
|
pcap_strerror(errno));
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
case 'h':
|
|
|
|
usage();
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'H':
|
|
|
|
++Hflag;
|
|
|
|
break;
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
case 'i':
|
2004-03-31 14:57:24 +00:00
|
|
|
if (optarg[0] == '0' && optarg[1] == 0)
|
|
|
|
error("Invalid adapter index");
|
|
|
|
|
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
/*
|
|
|
|
* If the argument is a number, treat it as
|
|
|
|
* an index into the list of adapters, as
|
|
|
|
* printed by "tcpdump -D".
|
|
|
|
*
|
|
|
|
* This should be OK on UNIX systems, as interfaces
|
|
|
|
* shouldn't have names that begin with digits.
|
|
|
|
* It can be useful on Windows, where more than
|
|
|
|
* one interface can have the same name.
|
|
|
|
*/
|
2013-05-30 06:46:26 +00:00
|
|
|
devnum = strtol(optarg, &end, 10);
|
|
|
|
if (optarg != end && *end == '\0') {
|
2004-03-31 14:57:24 +00:00
|
|
|
if (devnum < 0)
|
|
|
|
error("Invalid adapter index");
|
|
|
|
|
|
|
|
if (pcap_findalldevs(&devpointer, ebuf) < 0)
|
|
|
|
error("%s", ebuf);
|
|
|
|
else {
|
2010-10-28 16:23:25 +00:00
|
|
|
/*
|
|
|
|
* Look for the devnum-th entry
|
|
|
|
* in the list of devices
|
|
|
|
* (1-based).
|
|
|
|
*/
|
|
|
|
for (i = 0;
|
|
|
|
i < devnum-1 && devpointer != NULL;
|
|
|
|
i++, devpointer = devpointer->next)
|
|
|
|
;
|
|
|
|
if (devpointer == NULL)
|
|
|
|
error("Invalid adapter index");
|
2004-03-31 14:57:24 +00:00
|
|
|
}
|
|
|
|
device = devpointer->name;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
#endif /* HAVE_PCAP_FINDALLDEVS */
|
1996-08-19 20:34:12 +00:00
|
|
|
device = optarg;
|
|
|
|
break;
|
|
|
|
|
2009-03-21 16:23:46 +00:00
|
|
|
#ifdef HAVE_PCAP_CREATE
|
|
|
|
case 'I':
|
|
|
|
++Iflag;
|
|
|
|
break;
|
|
|
|
#endif /* HAVE_PCAP_CREATE */
|
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
case 'j':
|
|
|
|
jflag = pcap_tstamp_type_name_to_val(optarg);
|
|
|
|
if (jflag < 0)
|
|
|
|
error("invalid time stamp type %s", optarg);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'J':
|
|
|
|
Jflag++;
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
case 'l':
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
/*
|
|
|
|
* _IOLBF is the same as _IOFBF in Microsoft's C
|
|
|
|
* libraries; the only alternative they offer
|
|
|
|
* is _IONBF.
|
|
|
|
*
|
|
|
|
* XXX - this should really be checking for MSVC++,
|
|
|
|
* not WIN32, if, for example, MinGW has its own
|
|
|
|
* C library that is more UNIX-compatible.
|
|
|
|
*/
|
|
|
|
setvbuf(stdout, NULL, _IONBF, 0);
|
|
|
|
#else /* WIN32 */
|
1996-08-19 20:34:12 +00:00
|
|
|
#ifdef HAVE_SETLINEBUF
|
|
|
|
setlinebuf(stdout);
|
|
|
|
#else
|
|
|
|
setvbuf(stdout, NULL, _IOLBF, 0);
|
|
|
|
#endif
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif /* WIN32 */
|
1996-08-19 20:34:12 +00:00
|
|
|
break;
|
|
|
|
|
2009-03-21 16:23:46 +00:00
|
|
|
case 'K':
|
|
|
|
++Kflag;
|
1996-08-19 20:34:12 +00:00
|
|
|
break;
|
|
|
|
|
2000-01-30 01:05:24 +00:00
|
|
|
case 'm':
|
|
|
|
#ifdef LIBSMI
|
2009-03-21 16:23:46 +00:00
|
|
|
if (smiLoadModule(optarg) == 0) {
|
2000-01-30 01:05:24 +00:00
|
|
|
error("could not load MIB module %s", optarg);
|
2009-03-21 16:23:46 +00:00
|
|
|
}
|
2000-01-30 01:05:24 +00:00
|
|
|
sflag = 1;
|
|
|
|
#else
|
|
|
|
(void)fprintf(stderr, "%s: ignoring option `-m %s' ",
|
|
|
|
program_name, optarg);
|
|
|
|
(void)fprintf(stderr, "(no libsmi support)\n");
|
|
|
|
#endif
|
2004-03-31 14:57:24 +00:00
|
|
|
break;
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
case 'M':
|
|
|
|
/* TCP-MD5 shared secret */
|
|
|
|
#ifndef HAVE_LIBCRYPTO
|
|
|
|
warning("crypto code not compiled in");
|
|
|
|
#endif
|
2010-10-28 16:23:25 +00:00
|
|
|
sigsecret = optarg;
|
2005-05-29 19:09:28 +00:00
|
|
|
break;
|
|
|
|
|
2009-03-21 16:23:46 +00:00
|
|
|
case 'n':
|
|
|
|
++nflag;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'N':
|
|
|
|
++Nflag;
|
|
|
|
break;
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
case 'O':
|
|
|
|
Oflag = 0;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'p':
|
|
|
|
++pflag;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'q':
|
|
|
|
++qflag;
|
2006-09-04 20:25:04 +00:00
|
|
|
++suppress_default_print;
|
1996-08-19 20:34:12 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'r':
|
|
|
|
RFileName = optarg;
|
|
|
|
break;
|
|
|
|
|
2000-01-30 01:05:24 +00:00
|
|
|
case 'R':
|
|
|
|
Rflag = 0;
|
|
|
|
break;
|
|
|
|
|
2013-05-30 06:46:26 +00:00
|
|
|
case 's':
|
2001-04-03 07:50:46 +00:00
|
|
|
snaplen = strtol(optarg, &end, 0);
|
|
|
|
if (optarg == end || *end != '\0'
|
2010-10-28 16:23:25 +00:00
|
|
|
|| snaplen < 0 || snaplen > MAXIMUM_SNAPLEN)
|
1996-08-19 20:34:12 +00:00
|
|
|
error("invalid snaplen %s", optarg);
|
2001-04-03 07:50:46 +00:00
|
|
|
else if (snaplen == 0)
|
2010-10-28 16:23:25 +00:00
|
|
|
snaplen = MAXIMUM_SNAPLEN;
|
1996-08-19 20:34:12 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'S':
|
|
|
|
++Sflag;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 't':
|
2005-05-29 19:09:28 +00:00
|
|
|
++tflag;
|
1996-08-19 20:34:12 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'T':
|
|
|
|
if (strcasecmp(optarg, "vat") == 0)
|
|
|
|
packettype = PT_VAT;
|
|
|
|
else if (strcasecmp(optarg, "wb") == 0)
|
|
|
|
packettype = PT_WB;
|
|
|
|
else if (strcasecmp(optarg, "rpc") == 0)
|
|
|
|
packettype = PT_RPC;
|
|
|
|
else if (strcasecmp(optarg, "rtp") == 0)
|
|
|
|
packettype = PT_RTP;
|
|
|
|
else if (strcasecmp(optarg, "rtcp") == 0)
|
|
|
|
packettype = PT_RTCP;
|
2000-01-30 01:05:24 +00:00
|
|
|
else if (strcasecmp(optarg, "snmp") == 0)
|
|
|
|
packettype = PT_SNMP;
|
2001-04-03 07:50:46 +00:00
|
|
|
else if (strcasecmp(optarg, "cnfp") == 0)
|
|
|
|
packettype = PT_CNFP;
|
2004-03-31 14:57:24 +00:00
|
|
|
else if (strcasecmp(optarg, "tftp") == 0)
|
|
|
|
packettype = PT_TFTP;
|
|
|
|
else if (strcasecmp(optarg, "aodv") == 0)
|
|
|
|
packettype = PT_AODV;
|
2012-05-14 08:01:48 +00:00
|
|
|
else if (strcasecmp(optarg, "carp") == 0)
|
|
|
|
packettype = PT_CARP;
|
2013-05-30 06:46:26 +00:00
|
|
|
else if (strcasecmp(optarg, "radius") == 0)
|
|
|
|
packettype = PT_RADIUS;
|
|
|
|
else if (strcasecmp(optarg, "zmtp1") == 0)
|
|
|
|
packettype = PT_ZMTP1;
|
|
|
|
else if (strcasecmp(optarg, "vxlan") == 0)
|
|
|
|
packettype = PT_VXLAN;
|
1996-08-19 20:34:12 +00:00
|
|
|
else
|
|
|
|
error("unknown packet type `%s'", optarg);
|
|
|
|
break;
|
|
|
|
|
2001-04-03 07:50:46 +00:00
|
|
|
case 'u':
|
|
|
|
++uflag;
|
|
|
|
break;
|
2004-03-31 14:57:24 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
|
|
|
case 'U':
|
|
|
|
++Uflag;
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
case 'v':
|
|
|
|
++vflag;
|
|
|
|
break;
|
|
|
|
|
2013-05-30 06:46:26 +00:00
|
|
|
case 'V':
|
|
|
|
VFileName = optarg;
|
|
|
|
break;
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
case 'w':
|
|
|
|
WFileName = optarg;
|
|
|
|
break;
|
2000-01-30 01:05:24 +00:00
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
case 'W':
|
|
|
|
Wflag = atoi(optarg);
|
|
|
|
if (Wflag < 0)
|
|
|
|
error("invalid number of output files %s", optarg);
|
|
|
|
WflagChars = getWflagChars(Wflag);
|
|
|
|
break;
|
|
|
|
|
2000-01-30 01:05:24 +00:00
|
|
|
case 'x':
|
|
|
|
++xflag;
|
2006-09-04 20:25:04 +00:00
|
|
|
++suppress_default_print;
|
2000-01-30 01:05:24 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'X':
|
|
|
|
++Xflag;
|
2006-09-04 20:25:04 +00:00
|
|
|
++suppress_default_print;
|
2000-01-30 01:05:24 +00:00
|
|
|
break;
|
|
|
|
|
2003-01-26 01:23:26 +00:00
|
|
|
case 'y':
|
2005-05-29 19:09:28 +00:00
|
|
|
gndo->ndo_dltname = optarg;
|
|
|
|
gndo->ndo_dlt =
|
|
|
|
pcap_datalink_name_to_val(gndo->ndo_dltname);
|
|
|
|
if (gndo->ndo_dlt < 0)
|
|
|
|
error("invalid data link type %s", gndo->ndo_dltname);
|
2003-01-26 01:23:26 +00:00
|
|
|
break;
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
|
1996-08-19 20:34:12 +00:00
|
|
|
case 'Y':
|
|
|
|
{
|
|
|
|
/* Undocumented flag */
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef HAVE_PCAP_DEBUG
|
|
|
|
extern int pcap_debug;
|
|
|
|
pcap_debug = 1;
|
|
|
|
#else
|
1996-08-19 20:34:12 +00:00
|
|
|
extern int yydebug;
|
|
|
|
yydebug = 1;
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif
|
1996-08-19 20:34:12 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
#endif
|
2009-03-21 16:23:46 +00:00
|
|
|
case 'z':
|
|
|
|
if (optarg) {
|
|
|
|
zflag = strdup(optarg);
|
|
|
|
} else {
|
|
|
|
usage();
|
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
case 'Z':
|
|
|
|
if (optarg) {
|
|
|
|
username = strdup(optarg);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
usage();
|
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
default:
|
|
|
|
usage();
|
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
switch (tflag) {
|
|
|
|
|
|
|
|
case 0: /* Default */
|
|
|
|
case 4: /* Default + Date*/
|
1998-09-15 19:36:32 +00:00
|
|
|
thiszone = gmt2local(0);
|
2005-05-29 19:09:28 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 1: /* No time stamp */
|
|
|
|
case 2: /* Unix timeval style */
|
|
|
|
case 3: /* Microseconds since previous packet */
|
2009-03-21 16:23:46 +00:00
|
|
|
case 5: /* Microseconds since first packet */
|
2005-05-29 19:09:28 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default: /* Not supported */
|
2009-03-21 16:23:46 +00:00
|
|
|
error("only -t, -tt, -ttt, -tttt and -ttttt are supported");
|
2005-05-29 19:09:28 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2013-05-30 06:46:26 +00:00
|
|
|
if (fflag != 0 && (VFileName != NULL || RFileName != NULL))
|
|
|
|
error("-f can not be used with -V or -r");
|
|
|
|
|
|
|
|
if (VFileName != NULL && RFileName != NULL)
|
|
|
|
error("-V and -r are mutually exclusive.");
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifdef WITH_CHROOT
|
|
|
|
/* if run as root, prepare for chrooting */
|
|
|
|
if (getuid() == 0 || geteuid() == 0) {
|
|
|
|
/* future extensibility for cmd-line arguments */
|
|
|
|
if (!chroot_dir)
|
|
|
|
chroot_dir = WITH_CHROOT;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef WITH_USER
|
|
|
|
/* if run as root, prepare for dropping root privileges */
|
|
|
|
if (getuid() == 0 || geteuid() == 0) {
|
|
|
|
/* Run with '-Z root' to restore old behaviour */
|
|
|
|
if (!username)
|
|
|
|
username = WITH_USER;
|
|
|
|
}
|
|
|
|
#endif
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2013-05-30 06:46:26 +00:00
|
|
|
if (RFileName != NULL || VFileName != NULL) {
|
|
|
|
/*
|
|
|
|
* If RFileName is non-null, it's the pathname of a
|
|
|
|
* savefile to read. If VFileName is non-null, it's
|
|
|
|
* the pathname of a file containing a list of pathnames
|
|
|
|
* (one per line) of savefiles to read.
|
|
|
|
*
|
|
|
|
* In either case, we're reading a savefile, not doing
|
|
|
|
* a live capture.
|
|
|
|
*/
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifndef WIN32
|
1996-08-19 20:34:12 +00:00
|
|
|
/*
|
2004-03-31 14:57:24 +00:00
|
|
|
* We don't need network access, so relinquish any set-UID
|
|
|
|
* or set-GID privileges we have (if any).
|
|
|
|
*
|
|
|
|
* We do *not* want set-UID privileges when opening a
|
|
|
|
* trace file, as that might let the user read other
|
|
|
|
* people's trace files (especially if we're set-UID
|
|
|
|
* root).
|
1996-08-19 20:34:12 +00:00
|
|
|
*/
|
2005-05-29 19:09:28 +00:00
|
|
|
if (setgid(getgid()) != 0 || setuid(getuid()) != 0 )
|
|
|
|
fprintf(stderr, "Warning: setgid/setuid failed !\n");
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif /* WIN32 */
|
2013-05-30 06:46:26 +00:00
|
|
|
if (VFileName != NULL) {
|
|
|
|
if (VFileName[0] == '-' && VFileName[1] == '\0')
|
|
|
|
VFile = stdin;
|
|
|
|
else
|
|
|
|
VFile = fopen(VFileName, "r");
|
|
|
|
|
|
|
|
if (VFile == NULL)
|
|
|
|
error("Unable to open file: %s\n", strerror(errno));
|
|
|
|
|
|
|
|
ret = get_next_file(VFile, VFileLine);
|
|
|
|
if (!ret)
|
|
|
|
error("Nothing in %s\n", VFileName);
|
|
|
|
RFileName = VFileLine;
|
|
|
|
}
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
pd = pcap_open_offline(RFileName, ebuf);
|
|
|
|
if (pd == NULL)
|
1997-05-27 02:11:31 +00:00
|
|
|
error("%s", ebuf);
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
cap_rights_init(&rights, CAP_READ);
|
|
|
|
if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 &&
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
errno != ENOSYS) {
|
|
|
|
error("unable to limit pcap descriptor");
|
|
|
|
}
|
|
|
|
#endif
|
2004-03-31 14:57:24 +00:00
|
|
|
dlt = pcap_datalink(pd);
|
|
|
|
dlt_name = pcap_datalink_val_to_name(dlt);
|
|
|
|
if (dlt_name == NULL) {
|
|
|
|
fprintf(stderr, "reading from file %s, link-type %u\n",
|
|
|
|
RFileName, dlt);
|
|
|
|
} else {
|
|
|
|
fprintf(stderr,
|
|
|
|
"reading from file %s, link-type %s (%s)\n",
|
|
|
|
RFileName, dlt_name,
|
|
|
|
pcap_datalink_val_to_description(dlt));
|
|
|
|
}
|
1996-08-19 20:34:12 +00:00
|
|
|
localnet = 0;
|
|
|
|
netmask = 0;
|
|
|
|
} else {
|
2013-05-30 06:46:26 +00:00
|
|
|
/*
|
|
|
|
* We're doing a live capture.
|
|
|
|
*/
|
1996-08-19 20:34:12 +00:00
|
|
|
if (device == NULL) {
|
|
|
|
device = pcap_lookupdev(ebuf);
|
|
|
|
if (device == NULL)
|
1997-05-27 02:11:31 +00:00
|
|
|
error("%s", ebuf);
|
1996-08-19 20:34:12 +00:00
|
|
|
}
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef WIN32
|
2013-05-30 06:46:26 +00:00
|
|
|
/*
|
|
|
|
* Print a message to the standard error on Windows.
|
|
|
|
* XXX - why do it here, with a different message?
|
|
|
|
*/
|
2005-05-29 19:09:28 +00:00
|
|
|
if(strlen(device) == 1) //we assume that an ASCII string is always longer than 1 char
|
|
|
|
{ //a Unicode string has a \0 as second byte (so strlen() is 1)
|
2004-03-31 14:57:24 +00:00
|
|
|
fprintf(stderr, "%s: listening on %ws\n", program_name, device);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
fprintf(stderr, "%s: listening on %s\n", program_name, device);
|
|
|
|
}
|
|
|
|
|
|
|
|
fflush(stderr);
|
|
|
|
#endif /* WIN32 */
|
2009-03-21 16:23:46 +00:00
|
|
|
#ifdef HAVE_PCAP_CREATE
|
|
|
|
pd = pcap_create(device, ebuf);
|
|
|
|
if (pd == NULL)
|
|
|
|
error("%s", ebuf);
|
2012-05-14 08:01:48 +00:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
if (Jflag)
|
|
|
|
show_tstamp_types_and_exit(device, pd);
|
|
|
|
#endif
|
2010-10-28 16:23:25 +00:00
|
|
|
/*
|
|
|
|
* Is this an interface that supports monitor mode?
|
|
|
|
*/
|
|
|
|
if (pcap_can_set_rfmon(pd) == 1)
|
|
|
|
supports_monitor_mode = 1;
|
|
|
|
else
|
|
|
|
supports_monitor_mode = 0;
|
2009-03-21 16:23:46 +00:00
|
|
|
status = pcap_set_snaplen(pd, snaplen);
|
|
|
|
if (status != 0)
|
2012-05-14 08:01:48 +00:00
|
|
|
error("%s: Can't set snapshot length: %s",
|
2009-03-21 16:23:46 +00:00
|
|
|
device, pcap_statustostr(status));
|
|
|
|
status = pcap_set_promisc(pd, !pflag);
|
|
|
|
if (status != 0)
|
2012-05-14 08:01:48 +00:00
|
|
|
error("%s: Can't set promiscuous mode: %s",
|
2009-03-21 16:23:46 +00:00
|
|
|
device, pcap_statustostr(status));
|
|
|
|
if (Iflag) {
|
|
|
|
status = pcap_set_rfmon(pd, 1);
|
|
|
|
if (status != 0)
|
2012-05-14 08:01:48 +00:00
|
|
|
error("%s: Can't set monitor mode: %s",
|
2009-03-21 16:23:46 +00:00
|
|
|
device, pcap_statustostr(status));
|
|
|
|
}
|
|
|
|
status = pcap_set_timeout(pd, 1000);
|
|
|
|
if (status != 0)
|
|
|
|
error("%s: pcap_set_timeout failed: %s",
|
|
|
|
device, pcap_statustostr(status));
|
|
|
|
if (Bflag != 0) {
|
|
|
|
status = pcap_set_buffer_size(pd, Bflag);
|
|
|
|
if (status != 0)
|
2012-05-14 08:01:48 +00:00
|
|
|
error("%s: Can't set buffer size: %s",
|
2009-03-21 16:23:46 +00:00
|
|
|
device, pcap_statustostr(status));
|
|
|
|
}
|
2012-05-14 08:01:48 +00:00
|
|
|
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
|
|
|
|
if (jflag != -1) {
|
|
|
|
status = pcap_set_tstamp_type(pd, jflag);
|
|
|
|
if (status < 0)
|
|
|
|
error("%s: Can't set time stamp type: %s",
|
|
|
|
device, pcap_statustostr(status));
|
|
|
|
}
|
|
|
|
#endif
|
2009-03-21 16:23:46 +00:00
|
|
|
status = pcap_activate(pd);
|
|
|
|
if (status < 0) {
|
|
|
|
/*
|
|
|
|
* pcap_activate() failed.
|
|
|
|
*/
|
|
|
|
cp = pcap_geterr(pd);
|
|
|
|
if (status == PCAP_ERROR)
|
|
|
|
error("%s", cp);
|
|
|
|
else if ((status == PCAP_ERROR_NO_SUCH_DEVICE ||
|
|
|
|
status == PCAP_ERROR_PERM_DENIED) &&
|
|
|
|
*cp != '\0')
|
|
|
|
error("%s: %s\n(%s)", device,
|
|
|
|
pcap_statustostr(status), cp);
|
2013-07-31 02:13:18 +00:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
else if (status == PCAP_ERROR_RFMON_NOTSUP &&
|
|
|
|
strncmp(device, "wlan", 4) == 0) {
|
|
|
|
char parent[8], newdev[8];
|
|
|
|
char sysctl[32];
|
|
|
|
size_t s = sizeof(parent);
|
|
|
|
|
|
|
|
snprintf(sysctl, sizeof(sysctl),
|
|
|
|
"net.wlan.%d.%%parent", atoi(device + 4));
|
|
|
|
sysctlbyname(sysctl, parent, &s, NULL, 0);
|
|
|
|
strlcpy(newdev, device, sizeof(newdev));
|
|
|
|
/* Suggest a new wlan device. */
|
|
|
|
newdev[strlen(newdev)-1]++;
|
|
|
|
error("%s is not a monitor mode VAP\n"
|
|
|
|
"To create a new monitor mode VAP use:\n"
|
|
|
|
" ifconfig %s create wlandev %s wlanmode "
|
|
|
|
"monitor\nand use %s as the tcpdump "
|
|
|
|
"interface", device, newdev, parent,
|
|
|
|
newdev);
|
|
|
|
}
|
|
|
|
#endif
|
2009-03-21 16:23:46 +00:00
|
|
|
else
|
|
|
|
error("%s: %s", device,
|
|
|
|
pcap_statustostr(status));
|
|
|
|
} else if (status > 0) {
|
|
|
|
/*
|
|
|
|
* pcap_activate() succeeded, but it's warning us
|
|
|
|
* of a problem it had.
|
|
|
|
*/
|
|
|
|
cp = pcap_geterr(pd);
|
|
|
|
if (status == PCAP_WARNING)
|
|
|
|
warning("%s", cp);
|
|
|
|
else if (status == PCAP_WARNING_PROMISC_NOTSUP &&
|
|
|
|
*cp != '\0')
|
|
|
|
warning("%s: %s\n(%s)", device,
|
|
|
|
pcap_statustostr(status), cp);
|
|
|
|
else
|
|
|
|
warning("%s: %s", device,
|
|
|
|
pcap_statustostr(status));
|
|
|
|
}
|
|
|
|
#else
|
2002-06-21 00:49:02 +00:00
|
|
|
*ebuf = '\0';
|
1996-08-19 20:34:12 +00:00
|
|
|
pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf);
|
|
|
|
if (pd == NULL)
|
1997-05-27 02:11:31 +00:00
|
|
|
error("%s", ebuf);
|
2002-06-21 00:49:02 +00:00
|
|
|
else if (*ebuf)
|
|
|
|
warning("%s", ebuf);
|
2009-03-21 16:23:46 +00:00
|
|
|
#endif /* HAVE_PCAP_CREATE */
|
2005-05-29 19:09:28 +00:00
|
|
|
/*
|
|
|
|
* Let user own process after socket has been opened.
|
|
|
|
*/
|
|
|
|
#ifndef WIN32
|
|
|
|
if (setgid(getgid()) != 0 || setuid(getuid()) != 0)
|
|
|
|
fprintf(stderr, "Warning: setgid/setuid failed !\n");
|
|
|
|
#endif /* WIN32 */
|
2009-03-21 16:23:46 +00:00
|
|
|
#if !defined(HAVE_PCAP_CREATE) && defined(WIN32)
|
|
|
|
if(Bflag != 0)
|
|
|
|
if(pcap_setbuff(pd, Bflag)==-1){
|
2005-05-29 19:09:28 +00:00
|
|
|
error("%s", pcap_geterr(pd));
|
|
|
|
}
|
2009-03-21 16:23:46 +00:00
|
|
|
#endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */
|
2004-03-31 14:57:24 +00:00
|
|
|
if (Lflag)
|
2010-10-28 16:23:25 +00:00
|
|
|
show_dlts_and_exit(device, pd);
|
2005-05-29 19:09:28 +00:00
|
|
|
if (gndo->ndo_dlt >= 0) {
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef HAVE_PCAP_SET_DATALINK
|
2005-05-29 19:09:28 +00:00
|
|
|
if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0)
|
2003-01-26 01:23:26 +00:00
|
|
|
error("%s", pcap_geterr(pd));
|
2004-03-31 14:57:24 +00:00
|
|
|
#else
|
|
|
|
/*
|
|
|
|
* We don't actually support changing the
|
|
|
|
* data link type, so we only let them
|
|
|
|
* set it to what it already is.
|
|
|
|
*/
|
2005-05-29 19:09:28 +00:00
|
|
|
if (gndo->ndo_dlt != pcap_datalink(pd)) {
|
2004-03-31 14:57:24 +00:00
|
|
|
error("%s is not one of the DLTs supported by this device\n",
|
2005-05-29 19:09:28 +00:00
|
|
|
gndo->ndo_dltname);
|
2004-03-31 14:57:24 +00:00
|
|
|
}
|
|
|
|
#endif
|
2003-01-26 01:23:26 +00:00
|
|
|
(void)fprintf(stderr, "%s: data link type %s\n",
|
2009-03-21 16:23:46 +00:00
|
|
|
program_name, gndo->ndo_dltname);
|
2003-01-26 01:23:26 +00:00
|
|
|
(void)fflush(stderr);
|
|
|
|
}
|
1996-08-19 20:34:12 +00:00
|
|
|
i = pcap_snapshot(pd);
|
|
|
|
if (snaplen < i) {
|
|
|
|
warning("snaplen raised from %d to %d", snaplen, i);
|
|
|
|
snaplen = i;
|
|
|
|
}
|
1998-09-15 19:36:32 +00:00
|
|
|
if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
|
|
|
|
localnet = 0;
|
|
|
|
netmask = 0;
|
|
|
|
warning("%s", ebuf);
|
|
|
|
}
|
1996-08-19 20:34:12 +00:00
|
|
|
}
|
|
|
|
if (infile)
|
|
|
|
cmdbuf = read_infile(infile);
|
|
|
|
else
|
|
|
|
cmdbuf = copy_argv(&argv[optind]);
|
|
|
|
|
|
|
|
if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
|
1997-05-27 02:11:31 +00:00
|
|
|
error("%s", pcap_geterr(pd));
|
1996-08-19 20:34:12 +00:00
|
|
|
if (dflag) {
|
|
|
|
bpf_dump(&fcode, dflag);
|
2004-03-31 14:57:24 +00:00
|
|
|
pcap_close(pd);
|
2013-05-30 06:46:26 +00:00
|
|
|
free(cmdbuf);
|
1996-08-19 20:34:12 +00:00
|
|
|
exit(0);
|
|
|
|
}
|
1998-09-15 19:36:32 +00:00
|
|
|
init_addrtoname(localnet, netmask);
|
2009-03-21 16:23:46 +00:00
|
|
|
init_checksum();
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifndef WIN32
|
|
|
|
(void)setsignal(SIGPIPE, cleanup);
|
1998-09-15 19:36:32 +00:00
|
|
|
(void)setsignal(SIGTERM, cleanup);
|
|
|
|
(void)setsignal(SIGINT, cleanup);
|
2009-03-21 16:23:46 +00:00
|
|
|
#endif /* WIN32 */
|
2012-05-14 08:01:48 +00:00
|
|
|
#if defined(HAVE_FORK) || defined(HAVE_VFORK)
|
|
|
|
(void)setsignal(SIGCHLD, child_cleanup);
|
|
|
|
#endif
|
1998-09-15 19:36:32 +00:00
|
|
|
/* Cooperate with nohup(1) */
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifndef WIN32
|
1998-09-15 19:36:32 +00:00
|
|
|
if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
|
|
|
|
(void)setsignal(SIGHUP, oldhandler);
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif /* WIN32 */
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
#ifndef WIN32
|
|
|
|
/*
|
|
|
|
* If a user name was specified with "-Z", attempt to switch to
|
|
|
|
* that user's UID. This would probably be used with sudo,
|
|
|
|
* to allow tcpdump to be run in a special restricted
|
|
|
|
* account (if you just want to allow users to open capture
|
|
|
|
* devices, and can't just give users that permission,
|
|
|
|
* you'd make tcpdump set-UID or set-GID).
|
|
|
|
*
|
|
|
|
* Tcpdump doesn't necessarily write only to one savefile;
|
|
|
|
* the general only way to allow a -Z instance to write to
|
|
|
|
* savefiles as the user under whose UID it's run, rather
|
|
|
|
* than as the user specified with -Z, would thus be to switch
|
|
|
|
* to the original user ID before opening a capture file and
|
|
|
|
* then switch back to the -Z user ID after opening the savefile.
|
|
|
|
* Switching to the -Z user ID only after opening the first
|
|
|
|
* savefile doesn't handle the general case.
|
|
|
|
*/
|
2013-05-30 06:46:26 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_CAP_NG_H
|
|
|
|
/* We are running as root and we will be writing to savefile */
|
|
|
|
if ((getuid() == 0 || geteuid() == 0) && WFileName) {
|
|
|
|
if (username) {
|
|
|
|
/* Drop all capabilities from effective set */
|
|
|
|
capng_clear(CAPNG_EFFECTIVE);
|
|
|
|
/* Add capabilities we will need*/
|
|
|
|
capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETUID);
|
|
|
|
capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETGID);
|
|
|
|
capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_DAC_OVERRIDE);
|
|
|
|
|
|
|
|
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETUID);
|
|
|
|
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETGID);
|
|
|
|
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
|
|
|
|
|
|
|
|
capng_apply(CAPNG_SELECT_BOTH);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* HAVE_CAP_NG_H */
|
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
if (getuid() == 0 || geteuid() == 0) {
|
|
|
|
if (username || chroot_dir)
|
|
|
|
droproot(username, chroot_dir);
|
2013-05-30 06:46:26 +00:00
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
}
|
|
|
|
#endif /* WIN32 */
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
if (pcap_setfilter(pd, &fcode) < 0)
|
1997-05-27 02:11:31 +00:00
|
|
|
error("%s", pcap_geterr(pd));
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
if (RFileName == NULL && VFileName == NULL) {
|
|
|
|
static const unsigned long cmds[] = { BIOCGSTATS };
|
|
|
|
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
cap_rights_init(&rights, CAP_IOCTL, CAP_READ);
|
|
|
|
if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 &&
|
|
|
|
errno != ENOSYS) {
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
error("unable to limit pcap descriptor");
|
|
|
|
}
|
|
|
|
if (cap_ioctls_limit(pcap_fileno(pd), cmds,
|
|
|
|
sizeof(cmds) / sizeof(cmds[0])) < 0 && errno != ENOSYS) {
|
|
|
|
error("unable to limit ioctls on pcap descriptor");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
1996-08-19 20:34:12 +00:00
|
|
|
if (WFileName) {
|
2005-05-29 19:09:28 +00:00
|
|
|
pcap_dumper_t *p;
|
2013-05-30 06:46:26 +00:00
|
|
|
/* Do not exceed the default PATH_MAX for files. */
|
|
|
|
dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1);
|
2009-03-21 16:23:46 +00:00
|
|
|
|
|
|
|
if (dumpinfo.CurrentFileName == NULL)
|
|
|
|
error("malloc of dumpinfo.CurrentFileName");
|
|
|
|
|
|
|
|
/* We do not need numbering for dumpfiles if Cflag isn't set. */
|
|
|
|
if (Cflag != 0)
|
|
|
|
MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars);
|
|
|
|
else
|
|
|
|
MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
|
2005-05-29 19:09:28 +00:00
|
|
|
|
2009-03-21 16:23:46 +00:00
|
|
|
p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
|
2013-05-30 06:46:26 +00:00
|
|
|
#ifdef HAVE_CAP_NG_H
|
|
|
|
/* Give up capabilities, clear Effective set */
|
|
|
|
capng_clear(CAPNG_EFFECTIVE);
|
|
|
|
#endif
|
1996-08-19 20:34:12 +00:00
|
|
|
if (p == NULL)
|
1997-05-27 02:11:31 +00:00
|
|
|
error("%s", pcap_geterr(pd));
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
cap_rights_init(&rights, CAP_SEEK, CAP_WRITE);
|
|
|
|
if (cap_rights_limit(fileno(pcap_dump_file(p)), &rights) < 0 &&
|
|
|
|
errno != ENOSYS) {
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
error("unable to limit dump descriptor");
|
|
|
|
}
|
|
|
|
#endif
|
2009-03-21 16:23:46 +00:00
|
|
|
if (Cflag != 0 || Gflag != 0) {
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
dumpinfo.WFileName = strdup(basename(WFileName));
|
|
|
|
dumpinfo.dirfd = open(dirname(WFileName),
|
|
|
|
O_DIRECTORY | O_RDONLY);
|
|
|
|
if (dumpinfo.dirfd < 0) {
|
|
|
|
error("unable to open directory %s",
|
|
|
|
dirname(WFileName));
|
|
|
|
}
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL,
|
|
|
|
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK, CAP_WRITE);
|
|
|
|
if (cap_rights_limit(dumpinfo.dirfd, &rights) < 0 &&
|
|
|
|
errno != ENOSYS) {
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
error("unable to limit directory rights");
|
|
|
|
}
|
|
|
|
#else /* !__FreeBSD__ */
|
2002-06-21 00:49:02 +00:00
|
|
|
dumpinfo.WFileName = WFileName;
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#endif
|
|
|
|
callback = dump_packet_and_trunc;
|
2002-06-21 00:49:02 +00:00
|
|
|
dumpinfo.pd = pd;
|
|
|
|
dumpinfo.p = p;
|
|
|
|
pcap_userdata = (u_char *)&dumpinfo;
|
|
|
|
} else {
|
2004-03-31 14:57:24 +00:00
|
|
|
callback = dump_packet;
|
2002-06-21 00:49:02 +00:00
|
|
|
pcap_userdata = (u_char *)p;
|
|
|
|
}
|
2012-05-14 08:01:48 +00:00
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
|
|
|
if (Uflag)
|
|
|
|
pcap_dump_flush(p);
|
|
|
|
#endif
|
1996-08-19 20:34:12 +00:00
|
|
|
} else {
|
2004-03-31 14:57:24 +00:00
|
|
|
type = pcap_datalink(pd);
|
2013-05-30 06:46:26 +00:00
|
|
|
printinfo = get_print_info(type);
|
2004-03-31 14:57:24 +00:00
|
|
|
callback = print_packet;
|
|
|
|
pcap_userdata = (u_char *)&printinfo;
|
|
|
|
}
|
2012-05-14 08:01:48 +00:00
|
|
|
|
2012-10-04 22:40:22 +00:00
|
|
|
#ifdef SIGNAL_REQ_INFO
|
2009-03-21 16:23:46 +00:00
|
|
|
/*
|
|
|
|
* We can't get statistics when reading from a file rather
|
|
|
|
* than capturing from a device.
|
|
|
|
*/
|
|
|
|
if (RFileName == NULL)
|
2012-10-04 22:40:22 +00:00
|
|
|
(void)setsignal(SIGNAL_REQ_INFO, requestinfo);
|
2002-06-21 00:49:02 +00:00
|
|
|
#endif
|
2005-05-29 19:09:28 +00:00
|
|
|
|
|
|
|
if (vflag > 0 && WFileName) {
|
|
|
|
/*
|
|
|
|
* When capturing to a file, "-v" means tcpdump should,
|
|
|
|
* every 10 secodns, "v"erbosely report the number of
|
|
|
|
* packets captured.
|
|
|
|
*/
|
|
|
|
#ifdef USE_WIN32_MM_TIMER
|
|
|
|
/* call verbose_stats_dump() each 1000 +/-100msec */
|
|
|
|
timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC);
|
|
|
|
setvbuf(stderr, NULL, _IONBF, 0);
|
|
|
|
#elif defined(HAVE_ALARM)
|
|
|
|
(void)setsignal(SIGALRM, verbose_stats_dump);
|
|
|
|
alarm(1);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifndef WIN32
|
1996-08-19 20:34:12 +00:00
|
|
|
if (RFileName == NULL) {
|
2013-05-30 06:46:26 +00:00
|
|
|
/*
|
|
|
|
* Live capture (if -V was specified, we set RFileName
|
|
|
|
* to a file from the -V file). Print a message to
|
|
|
|
* the standard error on UN*X.
|
|
|
|
*/
|
2004-03-31 14:57:24 +00:00
|
|
|
if (!vflag && !WFileName) {
|
|
|
|
(void)fprintf(stderr,
|
|
|
|
"%s: verbose output suppressed, use -v or -vv for full protocol decode\n",
|
|
|
|
program_name);
|
|
|
|
} else
|
|
|
|
(void)fprintf(stderr, "%s: ", program_name);
|
|
|
|
dlt = pcap_datalink(pd);
|
|
|
|
dlt_name = pcap_datalink_val_to_name(dlt);
|
|
|
|
if (dlt_name == NULL) {
|
|
|
|
(void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n",
|
|
|
|
device, dlt, snaplen);
|
|
|
|
} else {
|
|
|
|
(void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n",
|
|
|
|
device, dlt_name,
|
|
|
|
pcap_datalink_val_to_description(dlt), snaplen);
|
|
|
|
}
|
1996-08-19 20:34:12 +00:00
|
|
|
(void)fflush(stderr);
|
|
|
|
}
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif /* WIN32 */
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
|
|
|
|
#ifdef __FreeBSD__
|
|
|
|
cansandbox = (nflag && VFileName == NULL && zflag == NULL);
|
|
|
|
if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
|
|
|
|
error("unable to enter the capability mode");
|
|
|
|
if (cap_sandboxed())
|
|
|
|
fprintf(stderr, "capability mode sandbox enabled\n");
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
#endif /* __FreeBSD__ */
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
|
2013-05-30 06:46:26 +00:00
|
|
|
do {
|
|
|
|
status = pcap_loop(pd, cnt, callback, pcap_userdata);
|
|
|
|
if (WFileName == NULL) {
|
2004-03-31 14:57:24 +00:00
|
|
|
/*
|
2013-05-30 06:46:26 +00:00
|
|
|
* We're printing packets. Flush the printed output,
|
|
|
|
* so it doesn't get intermingled with error output.
|
2004-03-31 14:57:24 +00:00
|
|
|
*/
|
2013-05-30 06:46:26 +00:00
|
|
|
if (status == -2) {
|
|
|
|
/*
|
|
|
|
* We got interrupted, so perhaps we didn't
|
|
|
|
* manage to finish a line we were printing.
|
|
|
|
* Print an extra newline, just in case.
|
|
|
|
*/
|
|
|
|
putchar('\n');
|
|
|
|
}
|
|
|
|
(void)fflush(stdout);
|
|
|
|
}
|
|
|
|
if (status == -1) {
|
|
|
|
/*
|
|
|
|
* Error. Report it.
|
|
|
|
*/
|
|
|
|
(void)fprintf(stderr, "%s: pcap_loop: %s\n",
|
|
|
|
program_name, pcap_geterr(pd));
|
|
|
|
}
|
|
|
|
if (RFileName == NULL) {
|
|
|
|
/*
|
|
|
|
* We're doing a live capture. Report the capture
|
|
|
|
* statistics.
|
|
|
|
*/
|
|
|
|
info(1);
|
|
|
|
}
|
|
|
|
pcap_close(pd);
|
|
|
|
if (VFileName != NULL) {
|
|
|
|
ret = get_next_file(VFile, VFileLine);
|
|
|
|
if (ret) {
|
|
|
|
RFileName = VFileLine;
|
|
|
|
pd = pcap_open_offline(RFileName, ebuf);
|
|
|
|
if (pd == NULL)
|
|
|
|
error("%s", ebuf);
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
cap_rights_init(&rights, CAP_READ);
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
if (cap_rights_limit(fileno(pcap_file(pd)),
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
&rights) < 0 && errno != ENOSYS) {
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
error("unable to limit pcap descriptor");
|
|
|
|
}
|
|
|
|
#endif
|
2013-05-30 06:46:26 +00:00
|
|
|
new_dlt = pcap_datalink(pd);
|
|
|
|
if (WFileName && new_dlt != dlt)
|
|
|
|
error("%s: new dlt does not match original", RFileName);
|
|
|
|
printinfo = get_print_info(new_dlt);
|
|
|
|
dlt_name = pcap_datalink_val_to_name(new_dlt);
|
|
|
|
if (dlt_name == NULL) {
|
|
|
|
fprintf(stderr, "reading from file %s, link-type %u\n",
|
|
|
|
RFileName, new_dlt);
|
|
|
|
} else {
|
|
|
|
fprintf(stderr,
|
|
|
|
"reading from file %s, link-type %s (%s)\n",
|
|
|
|
RFileName, dlt_name,
|
|
|
|
pcap_datalink_val_to_description(new_dlt));
|
|
|
|
}
|
|
|
|
if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
|
|
|
|
error("%s", pcap_geterr(pd));
|
|
|
|
if (pcap_setfilter(pd, &fcode) < 0)
|
|
|
|
error("%s", pcap_geterr(pd));
|
|
|
|
}
|
2004-03-31 14:57:24 +00:00
|
|
|
}
|
|
|
|
}
|
2013-05-30 06:46:26 +00:00
|
|
|
while (ret != NULL);
|
|
|
|
|
|
|
|
free(cmdbuf);
|
2004-03-31 14:57:24 +00:00
|
|
|
exit(status == -1 ? 1 : 0);
|
1996-08-19 20:34:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* make a clean exit on interrupts */
|
2001-04-03 07:50:46 +00:00
|
|
|
static RETSIGTYPE
|
2004-03-31 14:57:24 +00:00
|
|
|
cleanup(int signo _U_)
|
1996-08-19 20:34:12 +00:00
|
|
|
{
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifdef USE_WIN32_MM_TIMER
|
|
|
|
if (timer_id)
|
|
|
|
timeKillEvent(timer_id);
|
|
|
|
timer_id = 0;
|
|
|
|
#elif defined(HAVE_ALARM)
|
|
|
|
alarm(0);
|
|
|
|
#endif
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef HAVE_PCAP_BREAKLOOP
|
|
|
|
/*
|
|
|
|
* We have "pcap_breakloop()"; use it, so that we do as little
|
|
|
|
* as possible in the signal handler (it's probably not safe
|
|
|
|
* to do anything with standard I/O streams in a signal handler -
|
|
|
|
* the ANSI C standard doesn't say it is).
|
|
|
|
*/
|
|
|
|
pcap_breakloop(pd);
|
|
|
|
#else
|
|
|
|
/*
|
|
|
|
* We don't have "pcap_breakloop()"; this isn't safe, but
|
|
|
|
* it's the best we can do. Print the summary if we're
|
|
|
|
* not reading from a savefile - i.e., if we're doing a
|
|
|
|
* live capture - and exit.
|
|
|
|
*/
|
1996-08-19 20:34:12 +00:00
|
|
|
if (pd != NULL && pcap_file(pd) == NULL) {
|
2004-03-31 14:57:24 +00:00
|
|
|
/*
|
|
|
|
* We got interrupted, so perhaps we didn't
|
|
|
|
* manage to finish a line we were printing.
|
|
|
|
* Print an extra newline, just in case.
|
|
|
|
*/
|
|
|
|
putchar('\n');
|
1996-08-19 20:34:12 +00:00
|
|
|
(void)fflush(stdout);
|
2002-06-21 00:49:02 +00:00
|
|
|
info(1);
|
1996-08-19 20:34:12 +00:00
|
|
|
}
|
|
|
|
exit(0);
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif
|
1996-08-19 20:34:12 +00:00
|
|
|
}
|
|
|
|
|
2009-03-21 16:23:46 +00:00
|
|
|
/*
|
|
|
|
On windows, we do not use a fork, so we do not care less about
|
|
|
|
waiting a child processes to die
|
|
|
|
*/
|
2012-05-14 08:01:48 +00:00
|
|
|
#if defined(HAVE_FORK) || defined(HAVE_VFORK)
|
2009-03-21 16:23:46 +00:00
|
|
|
static RETSIGTYPE
|
|
|
|
child_cleanup(int signo _U_)
|
|
|
|
{
|
|
|
|
wait(NULL);
|
|
|
|
}
|
2012-05-14 08:01:48 +00:00
|
|
|
#endif /* HAVE_FORK && HAVE_VFORK */
|
2009-03-21 16:23:46 +00:00
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
static void
|
2002-06-21 00:49:02 +00:00
|
|
|
info(register int verbose)
|
|
|
|
{
|
|
|
|
struct pcap_stat stat;
|
|
|
|
|
2010-10-28 16:23:25 +00:00
|
|
|
/*
|
|
|
|
* Older versions of libpcap didn't set ps_ifdrop on some
|
|
|
|
* platforms; initialize it to 0 to handle that.
|
|
|
|
*/
|
|
|
|
stat.ps_ifdrop = 0;
|
2002-06-21 00:49:02 +00:00
|
|
|
if (pcap_stats(pd, &stat) < 0) {
|
|
|
|
(void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd));
|
2007-11-21 12:52:26 +00:00
|
|
|
infoprint = 0;
|
2002-06-21 00:49:02 +00:00
|
|
|
return;
|
|
|
|
}
|
2004-03-31 14:57:24 +00:00
|
|
|
|
2002-06-21 00:49:02 +00:00
|
|
|
if (!verbose)
|
|
|
|
fprintf(stderr, "%s: ", program_name);
|
2004-03-31 14:57:24 +00:00
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
(void)fprintf(stderr, "%u packet%s captured", packets_captured,
|
|
|
|
PLURAL_SUFFIX(packets_captured));
|
2004-03-31 14:57:24 +00:00
|
|
|
if (!verbose)
|
|
|
|
fputs(", ", stderr);
|
|
|
|
else
|
|
|
|
putc('\n', stderr);
|
2012-05-14 08:01:48 +00:00
|
|
|
(void)fprintf(stderr, "%u packet%s received by filter", stat.ps_recv,
|
|
|
|
PLURAL_SUFFIX(stat.ps_recv));
|
2002-06-21 00:49:02 +00:00
|
|
|
if (!verbose)
|
|
|
|
fputs(", ", stderr);
|
|
|
|
else
|
|
|
|
putc('\n', stderr);
|
2012-05-14 08:01:48 +00:00
|
|
|
(void)fprintf(stderr, "%u packet%s dropped by kernel", stat.ps_drop,
|
|
|
|
PLURAL_SUFFIX(stat.ps_drop));
|
2010-10-28 16:23:25 +00:00
|
|
|
if (stat.ps_ifdrop != 0) {
|
|
|
|
if (!verbose)
|
|
|
|
fputs(", ", stderr);
|
|
|
|
else
|
|
|
|
putc('\n', stderr);
|
2012-05-14 08:01:48 +00:00
|
|
|
(void)fprintf(stderr, "%u packet%s dropped by interface\n",
|
|
|
|
stat.ps_ifdrop, PLURAL_SUFFIX(stat.ps_ifdrop));
|
2010-10-28 16:23:25 +00:00
|
|
|
} else
|
|
|
|
putc('\n', stderr);
|
2002-06-21 00:49:02 +00:00
|
|
|
infoprint = 0;
|
|
|
|
}
|
|
|
|
|
2012-05-14 08:01:48 +00:00
|
|
|
#if defined(HAVE_FORK) || defined(HAVE_VFORK)
|
2009-03-21 16:23:46 +00:00
|
|
|
static void
|
|
|
|
compress_savefile(const char *filename)
|
|
|
|
{
|
2012-05-14 08:01:48 +00:00
|
|
|
# ifdef HAVE_FORK
|
2009-03-21 16:23:46 +00:00
|
|
|
if (fork())
|
2012-05-14 08:01:48 +00:00
|
|
|
# else
|
|
|
|
if (vfork())
|
|
|
|
# endif
|
2009-03-21 16:23:46 +00:00
|
|
|
return;
|
|
|
|
/*
|
|
|
|
* Set to lowest priority so that this doesn't disturb the capture
|
|
|
|
*/
|
|
|
|
#ifdef NZERO
|
|
|
|
setpriority(PRIO_PROCESS, 0, NZERO - 1);
|
|
|
|
#else
|
|
|
|
setpriority(PRIO_PROCESS, 0, 19);
|
|
|
|
#endif
|
2010-10-28 16:23:25 +00:00
|
|
|
if (execlp(zflag, zflag, filename, (char *)NULL) == -1)
|
2009-03-21 16:23:46 +00:00
|
|
|
fprintf(stderr,
|
|
|
|
"compress_savefile:execlp(%s, %s): %s\n",
|
|
|
|
zflag,
|
|
|
|
filename,
|
|
|
|
strerror(errno));
|
2012-05-14 08:01:48 +00:00
|
|
|
# ifdef HAVE_FORK
|
|
|
|
exit(1);
|
|
|
|
# else
|
|
|
|
_exit(1);
|
|
|
|
# endif
|
2009-03-21 16:23:46 +00:00
|
|
|
}
|
2012-05-14 08:01:48 +00:00
|
|
|
#else /* HAVE_FORK && HAVE_VFORK */
|
2009-03-21 16:23:46 +00:00
|
|
|
static void
|
|
|
|
compress_savefile(const char *filename)
|
|
|
|
{
|
|
|
|
fprintf(stderr,
|
2012-05-14 08:01:48 +00:00
|
|
|
"compress_savefile failed. Functionality not implemented under your system\n");
|
2009-03-21 16:23:46 +00:00
|
|
|
}
|
2012-05-14 08:01:48 +00:00
|
|
|
#endif /* HAVE_FORK && HAVE_VFORK */
|
2009-03-21 16:23:46 +00:00
|
|
|
|
2002-06-21 00:49:02 +00:00
|
|
|
static void
|
2004-03-31 14:57:24 +00:00
|
|
|
dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
|
2002-06-21 00:49:02 +00:00
|
|
|
{
|
2004-03-31 14:57:24 +00:00
|
|
|
struct dump_info *dump_info;
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
cap_rights_t rights;
|
|
|
|
#endif
|
2002-06-21 00:49:02 +00:00
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
++packets_captured;
|
|
|
|
|
|
|
|
++infodelay;
|
|
|
|
|
|
|
|
dump_info = (struct dump_info *)user;
|
|
|
|
|
2009-03-21 16:23:46 +00:00
|
|
|
/*
|
|
|
|
* XXX - this won't force the file to rotate on the specified time
|
|
|
|
* boundary, but it will rotate on the first packet received after the
|
|
|
|
* specified Gflag number of seconds. Note: if a Gflag time boundary
|
|
|
|
* and a Cflag size boundary coincide, the time rotation will occur
|
|
|
|
* first thereby cancelling the Cflag boundary (since the file should
|
|
|
|
* be 0).
|
|
|
|
*/
|
|
|
|
if (Gflag != 0) {
|
|
|
|
/* Check if it is time to rotate */
|
|
|
|
time_t t;
|
|
|
|
|
|
|
|
/* Get the current time */
|
|
|
|
if ((t = time(NULL)) == (time_t)-1) {
|
|
|
|
error("dump_and_trunc_packet: can't get current_time: %s",
|
|
|
|
pcap_strerror(errno));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* If the time is greater than the specified window, rotate */
|
|
|
|
if (t - Gflag_time >= Gflag) {
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
FILE *fp;
|
|
|
|
int fd;
|
|
|
|
#endif
|
|
|
|
|
2009-03-21 16:23:46 +00:00
|
|
|
/* Update the Gflag_time */
|
|
|
|
Gflag_time = t;
|
|
|
|
/* Update Gflag_count */
|
|
|
|
Gflag_count++;
|
|
|
|
/*
|
|
|
|
* Close the current file and open a new one.
|
|
|
|
*/
|
|
|
|
pcap_dump_close(dump_info->p);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Compress the file we just closed, if the user asked for it
|
|
|
|
*/
|
|
|
|
if (zflag != NULL)
|
|
|
|
compress_savefile(dump_info->CurrentFileName);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check to see if we've exceeded the Wflag (when
|
|
|
|
* not using Cflag).
|
|
|
|
*/
|
|
|
|
if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) {
|
|
|
|
(void)fprintf(stderr, "Maximum file limit reached: %d\n",
|
|
|
|
Wflag);
|
|
|
|
exit(0);
|
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
if (dump_info->CurrentFileName != NULL)
|
|
|
|
free(dump_info->CurrentFileName);
|
|
|
|
/* Allocate space for max filename + \0. */
|
2013-05-30 06:46:26 +00:00
|
|
|
dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1);
|
2009-03-21 16:23:46 +00:00
|
|
|
if (dump_info->CurrentFileName == NULL)
|
|
|
|
error("dump_packet_and_trunc: malloc");
|
|
|
|
/*
|
|
|
|
* This is always the first file in the Cflag
|
|
|
|
* rotation: e.g. 0
|
|
|
|
* We also don't need numbering if Cflag is not set.
|
|
|
|
*/
|
|
|
|
if (Cflag != 0)
|
|
|
|
MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0,
|
|
|
|
WflagChars);
|
|
|
|
else
|
|
|
|
MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0);
|
|
|
|
|
2013-05-30 06:46:26 +00:00
|
|
|
#ifdef HAVE_CAP_NG_H
|
|
|
|
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
|
|
|
|
capng_apply(CAPNG_EFFECTIVE);
|
|
|
|
#endif /* HAVE_CAP_NG_H */
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
fd = openat(dump_info->dirfd,
|
|
|
|
dump_info->CurrentFileName,
|
|
|
|
O_CREAT | O_WRONLY | O_TRUNC, 0644);
|
|
|
|
if (fd < 0) {
|
|
|
|
error("unable to open file %s",
|
|
|
|
dump_info->CurrentFileName);
|
|
|
|
}
|
|
|
|
fp = fdopen(fd, "w");
|
|
|
|
if (fp == NULL) {
|
|
|
|
error("unable to fdopen file %s",
|
|
|
|
dump_info->CurrentFileName);
|
|
|
|
}
|
|
|
|
dump_info->p = pcap_dump_fopen(dump_info->pd, fp);
|
|
|
|
#else /* !__FreeBSD__ */
|
2009-03-21 16:23:46 +00:00
|
|
|
dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#endif
|
2013-05-30 06:46:26 +00:00
|
|
|
#ifdef HAVE_CAP_NG_H
|
|
|
|
capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
|
|
|
|
capng_apply(CAPNG_EFFECTIVE);
|
|
|
|
#endif /* HAVE_CAP_NG_H */
|
2009-03-21 16:23:46 +00:00
|
|
|
if (dump_info->p == NULL)
|
|
|
|
error("%s", pcap_geterr(pd));
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
cap_rights_init(&rights, CAP_SEEK, CAP_WRITE);
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)),
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
&rights) < 0 && errno != ENOSYS) {
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
error("unable to limit dump descriptor");
|
|
|
|
}
|
|
|
|
#endif
|
2009-03-21 16:23:46 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-06-21 00:49:02 +00:00
|
|
|
/*
|
|
|
|
* XXX - this won't prevent capture files from getting
|
|
|
|
* larger than Cflag - the last packet written to the
|
|
|
|
* file could put it over Cflag.
|
|
|
|
*/
|
2009-03-21 16:23:46 +00:00
|
|
|
if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) {
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
FILE *fp;
|
|
|
|
int fd;
|
|
|
|
#endif
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
/*
|
|
|
|
* Close the current file and open a new one.
|
|
|
|
*/
|
|
|
|
pcap_dump_close(dump_info->p);
|
2009-03-21 16:23:46 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Compress the file we just closed, if the user asked for it
|
|
|
|
*/
|
|
|
|
if (zflag != NULL)
|
|
|
|
compress_savefile(dump_info->CurrentFileName);
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
Cflag_count++;
|
|
|
|
if (Wflag > 0) {
|
|
|
|
if (Cflag_count >= Wflag)
|
|
|
|
Cflag_count = 0;
|
|
|
|
}
|
2009-03-21 16:23:46 +00:00
|
|
|
if (dump_info->CurrentFileName != NULL)
|
|
|
|
free(dump_info->CurrentFileName);
|
2013-05-30 06:46:26 +00:00
|
|
|
dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1);
|
2009-03-21 16:23:46 +00:00
|
|
|
if (dump_info->CurrentFileName == NULL)
|
2004-03-31 14:57:24 +00:00
|
|
|
error("dump_packet_and_trunc: malloc");
|
2009-03-21 16:23:46 +00:00
|
|
|
MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars);
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
|
|
|
fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
|
|
|
|
O_CREAT | O_WRONLY | O_TRUNC, 0644);
|
|
|
|
if (fd < 0) {
|
|
|
|
error("unable to open file %s",
|
|
|
|
dump_info->CurrentFileName);
|
|
|
|
}
|
|
|
|
fp = fdopen(fd, "w");
|
|
|
|
if (fp == NULL) {
|
|
|
|
error("unable to fdopen file %s",
|
|
|
|
dump_info->CurrentFileName);
|
|
|
|
}
|
|
|
|
dump_info->p = pcap_dump_fopen(dump_info->pd, fp);
|
|
|
|
#else /* !__FreeBSD__ */
|
2009-03-21 16:23:46 +00:00
|
|
|
dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#endif
|
2004-03-31 14:57:24 +00:00
|
|
|
if (dump_info->p == NULL)
|
2002-06-21 00:49:02 +00:00
|
|
|
error("%s", pcap_geterr(pd));
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
#ifdef __FreeBSD__
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
cap_rights_init(&rights, CAP_SEEK, CAP_WRITE);
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)),
|
Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
|
|
|
&rights) < 0 && errno != ENOSYS) {
|
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
|
|
|
error("unable to limit dump descriptor");
|
|
|
|
}
|
|
|
|
#endif
|
2002-06-21 00:49:02 +00:00
|
|
|
}
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
pcap_dump((u_char *)dump_info->p, h, sp);
|
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
|
|
|
if (Uflag)
|
|
|
|
pcap_dump_flush(dump_info->p);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
--infodelay;
|
|
|
|
if (infoprint)
|
|
|
|
info(0);
|
2002-06-21 00:49:02 +00:00
|
|
|
}
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
static void
|
|
|
|
dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
|
1996-08-19 20:34:12 +00:00
|
|
|
{
|
2004-03-31 14:57:24 +00:00
|
|
|
++packets_captured;
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
++infodelay;
|
|
|
|
|
|
|
|
pcap_dump(user, h, sp);
|
|
|
|
#ifdef HAVE_PCAP_DUMP_FLUSH
|
|
|
|
if (Uflag)
|
|
|
|
pcap_dump_flush((pcap_dumper_t *)user);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
--infodelay;
|
|
|
|
if (infoprint)
|
|
|
|
info(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
|
|
|
|
{
|
|
|
|
struct print_info *print_info;
|
|
|
|
u_int hdrlen;
|
|
|
|
|
|
|
|
++packets_captured;
|
|
|
|
|
|
|
|
++infodelay;
|
|
|
|
ts_print(&h->ts);
|
|
|
|
|
|
|
|
print_info = (struct print_info *)user;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Some printers want to check that they're not walking off the
|
|
|
|
* end of the packet.
|
|
|
|
* Rather than pass it all the way down, we set this global.
|
|
|
|
*/
|
|
|
|
snapend = sp + h->caplen;
|
|
|
|
|
2010-10-28 16:23:25 +00:00
|
|
|
if(print_info->ndo_type) {
|
|
|
|
hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp);
|
|
|
|
} else {
|
|
|
|
hdrlen = (*print_info->p.printer)(h, sp);
|
|
|
|
}
|
|
|
|
|
2006-09-04 20:25:04 +00:00
|
|
|
if (Xflag) {
|
2004-03-31 14:57:24 +00:00
|
|
|
/*
|
2006-09-04 20:25:04 +00:00
|
|
|
* Print the raw packet data in hex and ASCII.
|
|
|
|
*/
|
|
|
|
if (Xflag > 1) {
|
|
|
|
/*
|
|
|
|
* Include the link-layer header.
|
|
|
|
*/
|
|
|
|
hex_and_ascii_print("\n\t", sp, h->caplen);
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Don't include the link-layer header - and if
|
|
|
|
* we have nothing past the link-layer header,
|
|
|
|
* print nothing.
|
|
|
|
*/
|
|
|
|
if (h->caplen > hdrlen)
|
|
|
|
hex_and_ascii_print("\n\t", sp + hdrlen,
|
|
|
|
h->caplen - hdrlen);
|
|
|
|
}
|
|
|
|
} else if (xflag) {
|
|
|
|
/*
|
|
|
|
* Print the raw packet data in hex.
|
2004-03-31 14:57:24 +00:00
|
|
|
*/
|
|
|
|
if (xflag > 1) {
|
|
|
|
/*
|
|
|
|
* Include the link-layer header.
|
|
|
|
*/
|
2005-05-29 19:09:28 +00:00
|
|
|
hex_print("\n\t", sp, h->caplen);
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Don't include the link-layer header - and if
|
|
|
|
* we have nothing past the link-layer header,
|
|
|
|
* print nothing.
|
|
|
|
*/
|
|
|
|
if (h->caplen > hdrlen)
|
|
|
|
hex_print("\n\t", sp + hdrlen,
|
|
|
|
h->caplen - hdrlen);
|
|
|
|
}
|
2006-09-04 20:25:04 +00:00
|
|
|
} else if (Aflag) {
|
2005-05-29 19:09:28 +00:00
|
|
|
/*
|
2006-09-04 20:25:04 +00:00
|
|
|
* Print the raw packet data in ASCII.
|
2005-05-29 19:09:28 +00:00
|
|
|
*/
|
2006-09-04 20:25:04 +00:00
|
|
|
if (Aflag > 1) {
|
2005-05-29 19:09:28 +00:00
|
|
|
/*
|
|
|
|
* Include the link-layer header.
|
|
|
|
*/
|
2006-09-04 20:25:04 +00:00
|
|
|
ascii_print(sp, h->caplen);
|
2004-03-31 14:57:24 +00:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Don't include the link-layer header - and if
|
|
|
|
* we have nothing past the link-layer header,
|
|
|
|
* print nothing.
|
|
|
|
*/
|
|
|
|
if (h->caplen > hdrlen)
|
2006-09-04 20:25:04 +00:00
|
|
|
ascii_print(sp + hdrlen, h->caplen - hdrlen);
|
2004-03-31 14:57:24 +00:00
|
|
|
}
|
1996-08-19 20:34:12 +00:00
|
|
|
}
|
2004-03-31 14:57:24 +00:00
|
|
|
|
|
|
|
putchar('\n');
|
|
|
|
|
|
|
|
--infodelay;
|
|
|
|
if (infoprint)
|
|
|
|
info(0);
|
1996-08-19 20:34:12 +00:00
|
|
|
}
|
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
/*
|
|
|
|
* XXX - there should really be libpcap calls to get the version
|
|
|
|
* number as a string (the string would be generated from #defines
|
|
|
|
* at run time, so that it's not generated from string constants
|
|
|
|
* in the library, as, on many UNIX systems, those constants would
|
|
|
|
* be statically linked into the application executable image, and
|
|
|
|
* would thus reflect the version of libpcap on the system on
|
|
|
|
* which the application was *linked*, not the system on which it's
|
|
|
|
* *running*.
|
|
|
|
*
|
|
|
|
* That routine should be documented, unlike the "version[]"
|
|
|
|
* string, so that UNIX vendors providing their own libpcaps
|
|
|
|
* don't omit it (as a couple of vendors have...).
|
|
|
|
*
|
|
|
|
* Packet.dll should perhaps also export a routine to return the
|
|
|
|
* version number of the Packet.dll code, to supply the
|
|
|
|
* "Wpcap_version" information on Windows.
|
|
|
|
*/
|
|
|
|
char WDversion[]="current-cvs.tcpdump.org";
|
2005-05-29 19:09:28 +00:00
|
|
|
#if !defined(HAVE_GENERATED_VERSION)
|
2004-03-31 14:57:24 +00:00
|
|
|
char version[]="current-cvs.tcpdump.org";
|
2005-05-29 19:09:28 +00:00
|
|
|
#endif
|
2004-03-31 14:57:24 +00:00
|
|
|
char pcap_version[]="current-cvs.tcpdump.org";
|
2005-05-29 19:09:28 +00:00
|
|
|
char Wpcap_version[]="3.1";
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif
|
|
|
|
|
1998-09-15 19:36:32 +00:00
|
|
|
/*
|
2006-09-04 20:25:04 +00:00
|
|
|
* By default, print the specified data out in hex and ASCII.
|
1998-09-15 19:36:32 +00:00
|
|
|
*/
|
2005-05-29 19:09:28 +00:00
|
|
|
static void
|
|
|
|
ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length)
|
|
|
|
{
|
2006-09-04 20:25:04 +00:00
|
|
|
hex_and_ascii_print("\n\t", bp, length); /* pass on lf and identation string */
|
2005-05-29 19:09:28 +00:00
|
|
|
}
|
|
|
|
|
1996-08-19 20:34:12 +00:00
|
|
|
void
|
2005-05-29 19:09:28 +00:00
|
|
|
default_print(const u_char *bp, u_int length)
|
1996-08-19 20:34:12 +00:00
|
|
|
{
|
2005-05-29 19:09:28 +00:00
|
|
|
ndo_default_print(gndo, bp, length);
|
1996-08-19 20:34:12 +00:00
|
|
|
}
|
|
|
|
|
2012-10-04 22:40:22 +00:00
|
|
|
#ifdef SIGNAL_REQ_INFO
|
2004-03-31 14:57:24 +00:00
|
|
|
RETSIGTYPE requestinfo(int signo _U_)
|
2002-06-21 00:49:02 +00:00
|
|
|
{
|
|
|
|
if (infodelay)
|
|
|
|
++infoprint;
|
|
|
|
else
|
|
|
|
info(0);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2005-05-29 19:09:28 +00:00
|
|
|
/*
|
|
|
|
* Called once each second in verbose mode while dumping to file
|
|
|
|
*/
|
|
|
|
#ifdef USE_WIN32_MM_TIMER
|
|
|
|
void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_,
|
2009-03-21 16:23:46 +00:00
|
|
|
DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_)
|
2005-05-29 19:09:28 +00:00
|
|
|
{
|
|
|
|
struct pcap_stat stat;
|
|
|
|
|
|
|
|
if (infodelay == 0 && pcap_stats(pd, &stat) >= 0)
|
|
|
|
fprintf(stderr, "Got %u\r", packets_captured);
|
|
|
|
}
|
|
|
|
#elif defined(HAVE_ALARM)
|
|
|
|
static void verbose_stats_dump(int sig _U_)
|
|
|
|
{
|
|
|
|
struct pcap_stat stat;
|
|
|
|
|
|
|
|
if (infodelay == 0 && pcap_stats(pd, &stat) >= 0)
|
|
|
|
fprintf(stderr, "Got %u\r", packets_captured);
|
|
|
|
alarm(1);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2001-04-03 07:50:46 +00:00
|
|
|
static void
|
1997-05-27 02:11:31 +00:00
|
|
|
usage(void)
|
1996-08-19 20:34:12 +00:00
|
|
|
{
|
|
|
|
extern char version[];
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifndef HAVE_PCAP_LIB_VERSION
|
|
|
|
#if defined(WIN32) || defined(HAVE_PCAP_VERSION)
|
1998-09-15 19:36:32 +00:00
|
|
|
extern char pcap_version[];
|
2004-03-31 14:57:24 +00:00
|
|
|
#else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */
|
|
|
|
static char pcap_version[] = "unknown";
|
|
|
|
#endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */
|
|
|
|
#endif /* HAVE_PCAP_LIB_VERSION */
|
1996-08-19 20:34:12 +00:00
|
|
|
|
2004-03-31 14:57:24 +00:00
|
|
|
#ifdef HAVE_PCAP_LIB_VERSION
|
2005-05-29 19:09:28 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
(void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version);
|
|
|
|
#else /* WIN32 */
|
2004-03-31 14:57:24 +00:00
|
|
|
(void)fprintf(stderr, "%s version %s\n", program_name, version);
|
2005-05-29 19:09:28 +00:00
|
|
|
#endif /* WIN32 */
|
|
|
|
(void)fprintf(stderr, "%s\n",pcap_lib_version());
|
2004-03-31 14:57:24 +00:00
|
|
|
#else /* HAVE_PCAP_LIB_VERSION */
|
|
|
|
#ifdef WIN32
|
|
|
|
(void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version);
|
|
|
|
(void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version);
|
|
|
|
#else /* WIN32 */
|
1998-09-15 19:36:32 +00:00
|
|
|
(void)fprintf(stderr, "%s version %s\n", program_name, version);
|
|
|
|
(void)fprintf(stderr, "libpcap version %s\n", pcap_version);
|
2004-03-31 14:57:24 +00:00
|
|
|
#endif /* WIN32 */
|
|
|
|
#endif /* HAVE_PCAP_LIB_VERSION */
|
1996-08-19 20:34:12 +00:00
|
|
|
(void)fprintf(stderr,
|
2012-05-14 08:01:48 +00:00
|
|
|
"Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name);
|
2009-03-21 16:23:46 +00:00
|
|
|
(void)fprintf(stderr,
|
|
|
|
"\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
|
1996-08-19 20:34:12 +00:00
|
|
|
(void)fprintf(stderr,
|
2012-05-14 08:01:48 +00:00
|
|
|
"\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ]\n");
|
2005-05-29 19:09:28 +00:00
|
|
|
(void)fprintf(stderr,
|
2013-05-30 06:46:26 +00:00
|
|
|
"\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]\n");
|
1996-08-19 20:34:12 +00:00
|
|
|
(void)fprintf(stderr,
|
2012-05-14 08:01:48 +00:00
|
|
|
"\t\t[ -W filecount ] [ -y datalinktype ] [ -z command ]\n");
|
2003-01-26 01:23:26 +00:00
|
|
|
(void)fprintf(stderr,
|
2012-05-14 08:01:48 +00:00
|
|
|
"\t\t[ -Z user ] [ expression ]\n");
|
2002-06-21 00:49:02 +00:00
|
|
|
exit(1);
|
1996-08-19 20:34:12 +00:00
|
|
|
}
|
2005-05-29 19:09:28 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* VARARGS */
|
|
|
|
static void
|
|
|
|
ndo_error(netdissect_options *ndo _U_, const char *fmt, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
(void)fprintf(stderr, "%s: ", program_name);
|
|
|
|
va_start(ap, fmt);
|
|
|
|
(void)vfprintf(stderr, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
if (*fmt) {
|
|
|
|
fmt += strlen(fmt);
|
|
|
|
if (fmt[-1] != '\n')
|
|
|
|
(void)fputc('\n', stderr);
|
|
|
|
}
|
|
|
|
exit(1);
|
|
|
|
/* NOTREACHED */
|
|
|
|
}
|
|
|
|
|
|
|
|
/* VARARGS */
|
|
|
|
static void
|
|
|
|
ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
(void)fprintf(stderr, "%s: WARNING: ", program_name);
|
|
|
|
va_start(ap, fmt);
|
|
|
|
(void)vfprintf(stderr, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
if (*fmt) {
|
|
|
|
fmt += strlen(fmt);
|
|
|
|
if (fmt[-1] != '\n')
|
|
|
|
(void)fputc('\n', stderr);
|
|
|
|
}
|
|
|
|
}
|