| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Do the case-insensitive comparisons in a locale-independent fashion that
only maps ASCII letters, in the standard English-language fashion; that
way, we don't get bitten by, for example, Turkish having separate "i
with dot" and "i without dot" letters, with lower-case "i with dot" being
mapped to upper-case "I with dot" rather than being mapped to "I".
|
|\
| |
| | |
Remove global netdissect_object and remove non-dissection related fields
|
| | |
|
| |
| |
| |
| | |
Allocate ndo on the heap.
|
| |
| |
| |
| | |
Since gndo is only referenced in main() move it there.
|
| | |
|
|/
|
|
|
| |
We have removed all instances of these messages in FreeBSD as they serve
little purpose and break some comsumers.
|
| |
|
|
|
|
|
| |
libnetdissect. This greatly narrows the public interface and allows
libnetdissect to be more easily sandboxed.
|
|
|
|
| |
Reverse order puts the default DLT last, which is a bit weird.
|
|
|
|
| |
Mind the HAVE_CAPSICUM and USE_LIBSMI cases.
|
|
|
|
|
|
|
| |
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
|
| |
|
| |
|
|
|
|
|
|
| |
Remove the TTEST{2}/TCHECK{2} macros. Rename all "ndo_printer" routines,
structures, and structure members to just "printer", and get rid of the
old routines/structures/structure members with those names.
|
|
|
|
|
|
|
|
| |
Rename set_dump_fd_capsicum_rights() to set_dumper_capsicum_rights() and
have it take a pcap_dumper_t * as an argument and extract the file
descriptor itself, rather than having the caller do so.
This fixes a syntax error in one of the calls.
|
|
|
|
|
|
|
| |
That puts all the option lists together; hopefully this encourages
developers who want to add a new flag to read the big "don't use these
options, other tcpdumps use them for their own purposes" command and
thus *dis*courages them from using one of those options.
|
|
|
|
|
|
|
|
|
|
| |
We were doing the same stuff in two places and *almost* the same stuff
in a third place, which should have been doing the same stuff. Put that
stuff into a common routine and just use that.
(What a mess. If you pour a bottle of Capsicum on your OS, it seeps all
throughout the system; might as well admit it and, at least, extend the
standard I/O library to handle it a bit better.)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without these changes pcap_dump_ftell() will return -1 and set errno to
ENOTCAPABLE.
This allows you to do:
tcpdump -C 1 -W 5 -w foo.pcap
Without these changes it will never rotate to foo.pcap1 and continue writing
to foo.pcap0 forever.
Discussed at: http://unix.derkeiler.com/Mailing-Lists/FreeBSD/current/2014-09/msg00142.html
|
|
|
|
|
| |
That way, we don't just keep writing if it fails (which it can when
using Capsicum, for example).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Only set the SETUID/SETGID capabilities if required (i.e. we'll be changing
the effective UID).
- Only set the CAP_DAC_OVERRIDE capability if writing out to a file (i.e. the -w
flag was provided).
- Fix the calls to capng_clear to pass CAPNG_SELECT_BOTH so that the traditional
and bounding capabilities are set.
- Only remove CAP_DAC_OVERRIDE from the permitted set after opening the write
file if neither -G nor -C flag was provided. We always drop it from the
effective set immediately after opening the write file. During file rotation,
we reacquire it immediately before and drop it immediately after opening the
file.
|
|
|
|
| |
It uses '--with-cap-ng', for using libcap-ng [default=yes, if available]
|
|
|
|
|
|
| |
If libpcap has pcap_set_immediate_mode(), then default to immediate mode
if we're printing packets to a terminal, and use immediate mode if
--immediate-mode is specified.
|
|
|
|
| |
Otherwise it interferes with the output of "tcpdump -w -".
|
|
|
|
|
|
|
|
| |
capng_clear needs to be called before capng_change_id can be called within
droproot. Otherwise, an (unusable) error message is output: "error : ret -1".
This also fixes the dropping of the CAP_SETGID capability. Previously,
CAP_SETUID was being dropped twice.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 05d7191 fixed detection of Capsicum availability and the
Capsicum-specific code in tcpdump made it into the compilation process
on respective FreeBSD systems. However, it would fail to compile at
least on FreeBSD 10.1-RELEASE as quoted below. This commit fixes it.
In file included from ./tcpdump.c:89:
/usr/include/net/bpf.h:65:8: error: redefinition of 'bpf_program'
struct bpf_program {
^
../libpcap/pcap/bpf.h:106:8: note: previous definition is here
struct bpf_program {
^
In file included from ./tcpdump.c:89:
/usr/include/net/bpf.h:1206:8: error: redefinition of 'bpf_insn'
struct bpf_insn {
^
../libpcap/pcap/bpf.h:1466:8: note: previous definition is here
struct bpf_insn {
^
2 errors generated.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
It doesn't request byte misalignment repair, it requests that byte
misalignment kill the program with SIGBUS; on platforms that don't
support aligned loads, we should be fetching possibly-misaligned data
using some safe instruction sequence, not by doing misaligned loads and
relying on them to trap to the kernel and be (slowly) emulated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
First, check for smi.h. If we don't have it, don't check for anything
else.
If we do have it, check for libsmi containing smiInit. If we don't have
it, don't check for anything else.
If we do have it, check, with our test program, whether we can use it.
If that succeeds, prepend -lsmi to LIBS, and set USE_LIBSMI. Otherwise,
don't do either of those.
Check, in source, *only* for USE_LIBSMI. If it's set, use libsmi,
otherwise don't - don't even include smi.h, even if we happened to have
found it, and don't print the libsmi version string.
|
|\ |
|
| | |
|
|/ |
|
|
|
|
|
|
| |
Check for pcap_set_tstamp_precision() in the configure script and, if
it's not there, don't include the code that allows time stamp precisions
to be set.
|
|\
| |
| | |
timestamps: make possible to request high precision timestamps
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A while ago we introduced new API in libpcap which made possible to
request time stamps with higher precision (nanoseconds). This commit
aims to move things forward and implement missing bits. It introduces
new long option --time-stamp-precision. Note that there is no equivalent
short option.
When used for a live capture tcpdump will ask the kernel for time stamp
with desired precision and tcpdump will print fraction part of the time
stamp using respective format. We currently support only microsecond and
nanosecond precision. In the future we might support even more granular
time stamp precision, but we should be fine to support only
microseconds and nanoseconds for now. libpcap doesn't provide anything
else at the moment anyway.
When used in combination with -r/-w options then we obtain time stamps
appropriately scaled up or down from libpcap. Also note that distinct
magic number is used for savefiles containing nanosecond time stamps.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I've seen people run into situations where they were using a command like this:
tcpdump -i eth0 -G 500 -w /root/%H%M%S.pcap
The first file would be created successfully but the second file would not
because their version of tcpdump was dropping privs. It was unclear to them
that this was going on and was causing confusion.
At least with this message in there it should become more evident that
privs are being altered and aid in debugging these kinds of problems.
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Also, use #defines starting at 128 (outside the ASCII range) for long
options having no short-option equivalent, and have -h/--help exit with
an exit status of 0 (you just asked for usage information, and you got
it - no fault, no error).
|
|
|
|
| |
The new option is '--number'.
|
|
|
|
|
|
|
| |
We need <errno.h> on UN*X in some files that include tcpdump-stdinc.h,
such as missing/inet_pton.c.
Remove includes of <errno.h> from files that include tcpdump-stdinc.h.
|
|
|
|
|
|
|
|
|
| |
Currently, they're all aliases for existing short options, but we're out
of letters, so we'll be adding some that won't have short options.
This means we can't have entries in the options table corresponding to
short options with no long options, as an entry in the long options
table with a null option name terminates the table.
|
|
|
|
|
|
| |
Sort the options alphabetically, and put in comments for the options
we're *currently* not using, to note that other versions of tcpdump use
them and that we should only use them for the same purposes.
|
|
|
|
|
| |
That way, if we *do* have getopt_long(), we don't end up including our
getopt.h rather than the system's getopt.h.
|