int main(int argc, char **argv)
{
int pid, ret, i, o, blah;
/* Flip through the arguments looking for pids */
for(i=1;i<argc; i++) {
/* What's the PID? */
pid=atoi(argv[i]);
o=owner(pid);
if( (pid<1) || (o==-1) ) {
/* We're not going to worry about process groups */
blah=fprintf(stderr, "Warning: %s is not a valid PID\n", argv[i]);
} else {
syslog(LOG_NOTICE|LOG_AUTH,
"superkill: %s (%d) wishes to kill %d, owned by %d\n",
getlogin(), getuid(), pid, o);
/* We start with an INT, same as ^C */
if( kill(pid, SIGINT) <0 ) {
perror(argv[i]);
}
/* Give it a couple of seconds to die */
blah=sleep(2);
if( ISRUNNING(pid) ) {
/* Do this if it didn't kill the first time */
if( kill(pid, SIGKILL) <0 ) {
perror(argv[i]);
}
/* Check to see if it survived the 9 */
if(ISRUNNING(pid)) {
syslog(LOG_NOTICE|LOG_AUTH,
"superkill: %s (%d) could not kill %d\n",
getlogin(), getuid(), pid);
blah=fprintf(stderr, "Couldn't kill %d\n", pid);
ret=1;
}
}
}
}
closelog();
return(ret);
}
/*
* Look for a given device in the specified list of devices.
*
* If we find it, return 0 and set *curdev_ret to point to it.
*
* If we don't find it, check whether we can open it:
*
* If that fails with PCAP_ERROR_NO_SUCH_DEVICE or
* PCAP_ERROR_IFACE_NOT_UP, don't attempt to add an entry for
* it, as that probably means it exists but doesn't support
* packet capture.
*
* Otherwise, attempt to add an entry for it, with the specified
* ifnet flags and description, and, if that succeeds, return 0
* and set *curdev_ret to point to the new entry, otherwise
* return PCAP_ERROR and set errbuf to an error message.
*/
int
add_or_find_if(pcap_if_t **curdev_ret, pcap_if_t **alldevs, const char *name,
u_int flags, const char *description, char *errbuf)
{
pcap_t *p;
pcap_if_t *curdev, *prevdev, *nextdev;
u_int this_figure_of_merit, nextdev_figure_of_merit;
char open_errbuf[PCAP_ERRBUF_SIZE];
int ret;
/*
* Is there already an entry in the list for this interface?
*/
for (curdev = *alldevs; curdev != NULL; curdev = curdev->next) {
if (strcmp(name, curdev->name) == 0)
break; /* yes, we found it */
}
if (curdev == NULL) {
/*
* No, we didn't find it.
*
* Can we open this interface for live capture?
*
* We do this check so that interfaces that are
* supplied by the interface enumeration mechanism
* we're using but that don't support packet capture
* aren't included in the list. Loopback interfaces
* on Solaris are an example of this; we don't just
* omit loopback interfaces on all platforms because
* you *can* capture on loopback interfaces on some
* OSes.
*
* On OS X, we don't do this check if the device
* name begins with "wlt"; at least some versions
* of OS X offer monitor mode capturing by having
* a separate "monitor mode" device for each wireless
* adapter, rather than by implementing the ioctls
* that {Free,Net,Open,DragonFly}BSD provide.
* Opening that device puts the adapter into monitor
* mode, which, at least for some adapters, causes
* them to deassociate from the network with which
* they're associated.
*
* Instead, we try to open the corresponding "en"
* device (so that we don't end up with, for users
* without sufficient privilege to open capture
* devices, a list of adapters that only includes
* the wlt devices).
*/
#ifdef __APPLE__
if (strncmp(name, "wlt", 3) == 0) {
char *en_name;
size_t en_name_len;
/*
* Try to allocate a buffer for the "en"
* device's name.
*/
en_name_len = strlen(name) - 1;
en_name = malloc(en_name_len + 1);
if (en_name == NULL) {
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"malloc: %s", pcap_strerror(errno));
return (-1);
}
strcpy(en_name, "en");
strcat(en_name, name + 3);
p = pcap_create(en_name, open_errbuf);
free(en_name);
} else
#endif /* __APPLE */
p = pcap_create(name, open_errbuf);
if (p == NULL) {
/*
* The attempt to create the pcap_t failed;
* that's probably an indication that we're
* out of memory.
*
* Don't bother including this interface,
* but don't treat it as an error.
*/
*curdev_ret = NULL;
return (0);
}
/* Small snaplen, so we don't try to allocate much memory. */
pcap_set_snaplen(p, 68);
ret = pcap_activate(p);
pcap_close(p);
switch (ret) {
case PCAP_ERROR_NO_SUCH_DEVICE:
case PCAP_ERROR_IFACE_NOT_UP:
/*
* We expect these two errors - they're the
* reason we try to open the device.
*
* PCAP_ERROR_NO_SUCH_DEVICE typically means
* "there's no such device *known to the
* OS's capture mechanism*", so, even though
* it might be a valid network interface, you
* can't capture on it (e.g., the loopback
* device in Solaris up to Solaris 10, or
* the vmnet devices in OS X with VMware
* Fusion). We don't include those devices
* in our list of devices, as there's no
* point in doing so - they're not available
* for capture.
*
* PCAP_ERROR_IFACE_NOT_UP means that the
* OS's capture mechanism doesn't work on
* interfaces not marked as up; some capture
* mechanisms *do* support that, so we no
* longer reject those interfaces out of hand,
* but we *do* want to reject them if they
* can't be opened for capture.
*/
*curdev_ret = NULL;
return (0);
}
/*
* Yes, we can open it, or we can't, for some other
* reason.
*
* If we can open it, we want to offer it for
* capture, as you can capture on it. If we can't,
* we want to offer it for capture, so that, if
* the user tries to capture on it, they'll get
* an error and they'll know why they can't
* capture on it (e.g., insufficient permissions)
* or they'll report it as a problem (and then
* have the error message to provide as information).
*
* Allocate a new entry.
*/
curdev = malloc(sizeof(pcap_if_t));
if (curdev == NULL) {
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"malloc: %s", pcap_strerror(errno));
return (-1);
}
/*
* Fill in the entry.
*/
curdev->next = NULL;
curdev->name = strdup(name);
if (curdev->name == NULL) {
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"malloc: %s", pcap_strerror(errno));
free(curdev);
return (-1);
}
if (description != NULL) {
/*
* We have a description for this interface.
*/
curdev->description = strdup(description);
if (curdev->description == NULL) {
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"malloc: %s", pcap_strerror(errno));
free(curdev->name);
free(curdev);
return (-1);
}
} else {
/*
* We don't.
*/
curdev->description = NULL;
}
curdev->addresses = NULL; /* list starts out as empty */
curdev->flags = 0;
if (ISLOOPBACK(name, flags))
curdev->flags |= PCAP_IF_LOOPBACK;
if (ISUP(flags))
curdev->flags |= PCAP_IF_UP;
if (ISRUNNING(flags))
curdev->flags |= PCAP_IF_RUNNING;
/*
* Add it to the list, in the appropriate location.
* First, get the "figure of merit" for this
* interface.
*/
this_figure_of_merit = get_figure_of_merit(curdev);
/*
* Now look for the last interface with an figure of merit
* less than or equal to the new interface's figure of
* merit.
*
* We start with "prevdev" being NULL, meaning we're before
* the first element in the list.
*/
prevdev = NULL;
for (;;) {
/*
* Get the interface after this one.
*/
if (prevdev == NULL) {
/*
* The next element is the first element.
*/
nextdev = *alldevs;
} else
nextdev = prevdev->next;
/*
* Are we at the end of the list?
*/
if (nextdev == NULL) {
/*
* Yes - we have to put the new entry
* after "prevdev".
*/
break;
}
/*
* Is the new interface's figure of merit less
* than the next interface's figure of merit,
* meaning that the new interface is better
* than the next interface?
*/
nextdev_figure_of_merit = get_figure_of_merit(nextdev);
if (this_figure_of_merit < nextdev_figure_of_merit) {
/*
* Yes - we should put the new entry
* before "nextdev", i.e. after "prevdev".
*/
break;
}
prevdev = nextdev;
}
/*
* Insert before "nextdev".
*/
curdev->next = nextdev;
/*
* Insert after "prevdev" - unless "prevdev" is null,
* in which case this is the first interface.
*/
if (prevdev == NULL) {
/*
* This is the first interface. Pass back a
* pointer to it, and put "curdev" before
* "nextdev".
*/
*alldevs = curdev;
} else
prevdev->next = curdev;
}
*curdev_ret = curdev;
return (0);
}
