int main (int argc, char ** argv) { pcap_t *pc; /* Fake struct pcap so we can compile expr */ struct bpf_program filter; /* Filter program for link-active pkts */ u_int32_t netmask=0; int dflag = 3; if (argc == 4) { if (!strcmp (argv[1], "-d")) { dflag = atoi (argv[2]); argv += 2; argc -=2; } } if (argc != 2) { printf ("usage; %s [ -d <debug_level> ] expression\n", argv[0]); return 1; } pc = pcap_open_dead(DLT_PPP_PPPD, PPP_HDRLEN); if (pcap_compile(pc, &filter, argv[1], 1, netmask) == 0) { printf ("#\n# Expression: %s\n#\n", argv[1]); bpf_dump (&filter, dflag); return 0; } else { printf("error in active-filter expression: %s\n", pcap_geterr(pc)); } return 1; }
static void opt_dump(struct block *root) { struct bpf_program f; memset(bids, 0, sizeof bids); f.bf_insns = icode_to_fcode(root, &f.bf_len); bpf_dump(&f, 1); putchar('\n'); free((char *)f.bf_insns); }
void bpf_dump_all(struct sock_fprog *bpf) { int i; for (i = 0; i < bpf->len; ++i) printf("%s\n", bpf_dump(bpf->filter[i], i)); }
int main(int argc, char **argv) { char *cp; int op; int dflag; char *infile; int Oflag; long snaplen; int dlt; bpf_u_int32 netmask = PCAP_NETMASK_UNKNOWN; char *cmdbuf; pcap_t *pd; struct bpf_program fcode; #ifdef WIN32 if(wsockinit() != 0) return 1; #endif /* WIN32 */ dflag = 1; infile = NULL; Oflag = 1; snaplen = 68; if ((cp = strrchr(argv[0], '/')) != NULL) program_name = cp + 1; else program_name = argv[0]; opterr = 0; while ((op = getopt(argc, argv, "dF:m:Os:")) != -1) { switch (op) { case 'd': ++dflag; break; case 'F': infile = optarg; break; case 'O': Oflag = 0; break; case 'm': { in_addr_t addr; addr = inet_addr(optarg); if (addr == INADDR_NONE) error("invalid netmask %s", optarg); netmask = addr; break; } case 's': { char *end; snaplen = strtol(optarg, &end, 0); if (optarg == end || *end != '\0' || snaplen < 0 || snaplen > 65535) error("invalid snaplen %s", optarg); else if (snaplen == 0) snaplen = 65535; break; } default: usage(); /* NOTREACHED */ } } if (optind >= argc) { usage(); /* NOTREACHED */ } dlt = pcap_datalink_name_to_val(argv[optind]); if (dlt < 0) error("invalid data link type %s", argv[optind]); if (infile) cmdbuf = read_infile(infile); else cmdbuf = copy_argv(&argv[optind+1]); pd = pcap_open_dead(dlt, snaplen); if (pd == NULL) error("Can't open fake pcap_t"); if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) error("%s", pcap_geterr(pd)); if (!bpf_validate(fcode.bf_insns, fcode.bf_len)) warn("Filter doesn't pass validation"); bpf_dump(&fcode, dflag); pcap_close(pd); exit(0); }
int main(int argc, char **argv) { char *cp; int op; #ifndef BDEBUG int dflag; #endif char *infile; int Oflag; long snaplen; char *p; int dlt; int have_fcode = 0; bpf_u_int32 netmask = PCAP_NETMASK_UNKNOWN; char *cmdbuf; pcap_t *pd; struct bpf_program fcode; #ifdef _WIN32 if (pcap_wsockinit() != 0) return 1; #endif /* _WIN32 */ #ifndef BDEBUG dflag = 1; #else /* if optimizer debugging is enabled, output DOT graph * `dflag=4' is equivalent to -dddd to follow -d/-dd/-ddd * convention in tcpdump command line */ dflag = 4; #endif infile = NULL; Oflag = 1; snaplen = 68; if ((cp = strrchr(argv[0], '/')) != NULL) program_name = cp + 1; else program_name = argv[0]; opterr = 0; while ((op = getopt(argc, argv, "dF:m:Os:")) != -1) { switch (op) { case 'd': ++dflag; break; case 'F': infile = optarg; break; case 'O': Oflag = 0; break; case 'm': { bpf_u_int32 addr; switch (inet_pton(AF_INET, optarg, &addr)) { case 0: error("invalid netmask %s", optarg); break; case -1: error("invalid netmask %s: %s", optarg, pcap_strerror(errno)); break; case 1: netmask = addr; break; } break; } case 's': { char *end; snaplen = strtol(optarg, &end, 0); if (optarg == end || *end != '\0' || snaplen < 0 || snaplen > 65535) error("invalid snaplen %s", optarg); else if (snaplen == 0) snaplen = 65535; break; } default: usage(); /* NOTREACHED */ } } if (optind >= argc) { usage(); /* NOTREACHED */ } dlt = pcap_datalink_name_to_val(argv[optind]); if (dlt < 0) { dlt = (int)strtol(argv[optind], &p, 10); if (p == argv[optind] || *p != '\0') error("invalid data link type %s", argv[optind]); } if (infile) cmdbuf = read_infile(infile); else cmdbuf = copy_argv(&argv[optind+1]); pd = pcap_open_dead(dlt, snaplen); if (pd == NULL) error("Can't open fake pcap_t"); if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) error("%s", pcap_geterr(pd)); have_fcode = 1; if (!bpf_validate(fcode.bf_insns, fcode.bf_len)) warn("Filter doesn't pass validation"); #ifdef BDEBUG if (cmdbuf != NULL) { // replace line feed with space for (cp = cmdbuf; *cp != '\0'; ++cp) { if (*cp == '\r' || *cp == '\n') { *cp = ' '; } } // only show machine code if BDEBUG defined, since dflag > 3 printf("machine codes for filter: %s\n", cmdbuf); } else printf("machine codes for empty filter:\n"); #endif bpf_dump(&fcode, dflag); free(cmdbuf); if (have_fcode) pcap_freecode (&fcode); pcap_close(pd); exit(0); }
int main(int argc, char **argv) { register int cnt, op, i; bpf_u_int32 localnet, netmask; register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName; pcap_handler printer; struct bpf_program fcode; RETSIGTYPE (*oldhandler)(int); u_char *pcap_userdata; char ebuf[PCAP_ERRBUF_SIZE]; cnt = -1; device = NULL; infile = NULL; RFileName = NULL; WFileName = NULL; if ((cp = strrchr(argv[0], '/')) != NULL) program_name = cp + 1; else program_name = argv[0]; if (abort_on_misalignment(ebuf) < 0) error("%s", ebuf); opterr = 0; while ( (op = getopt(argc, argv, "ac:defF:i:lnNOpqr:s:StT:vw:xY")) != EOF) switch (op) { case 'a': ++aflag; break; case 'c': cnt = atoi(optarg); if (cnt <= 0) error("invalid packet count %s", optarg); break; case 'd': ++dflag; break; case 'e': ++eflag; break; case 'f': ++fflag; break; case 'F': infile = optarg; break; case 'i': device = optarg; break; case 'l': #ifdef HAVE_SETLINEBUF setlinebuf(stdout); #else setvbuf(stdout, NULL, _IOLBF, 0); #endif break; case 'n': ++nflag; break; case 'N': ++Nflag; break; case 'O': Oflag = 0; break; case 'p': ++pflag; break; case 'q': ++qflag; break; case 'r': RFileName = optarg; break; case 's': snaplen = atoi(optarg); if (snaplen <= 0) error("invalid snaplen %s", optarg); break; case 'S': ++Sflag; break; case 't': --tflag; break; case 'T': if (strcasecmp(optarg, "vat") == 0) packettype = PT_VAT; else if (strcasecmp(optarg, "wb") == 0) packettype = PT_WB; else if (strcasecmp(optarg, "rpc") == 0) packettype = PT_RPC; else if (strcasecmp(optarg, "rtp") == 0) packettype = PT_RTP; else if (strcasecmp(optarg, "rtcp") == 0) packettype = PT_RTCP; else error("unknown packet type `%s'", optarg); break; case 'v': ++vflag; break; case 'w': WFileName = optarg; break; #ifdef YYDEBUG case 'Y': { /* Undocumented flag */ extern int yydebug; yydebug = 1; } break; #endif case 'x': ++xflag; break; default: usage(); /* NOTREACHED */ } if (aflag && nflag) error("-a and -n options are incompatible"); if (tflag > 0) thiszone = gmt2local(0); if (RFileName != NULL) { /* * We don't need network access, so set it back to the user id. * Also, this prevents the user from reading anyone's * trace file. */ setuid(getuid()); pd = pcap_open_offline(RFileName, ebuf); if (pd == NULL) error("%s", ebuf); localnet = 0; netmask = 0; if (fflag != 0) error("-f and -r options are incompatible"); } else { if (device == NULL) { device = pcap_lookupdev(ebuf); if (device == NULL) error("%s", ebuf); } pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); if (pd == NULL) error("%s", ebuf); i = pcap_snapshot(pd); if (snaplen < i) { warning("snaplen raised from %d to %d", snaplen, i); snaplen = i; } if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { localnet = 0; netmask = 0; warning("%s", ebuf); } /* * Let user own process after socket has been opened. */ setuid(getuid()); } if (infile) cmdbuf = read_infile(infile); else cmdbuf = copy_argv(&argv[optind]); if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) error("%s", pcap_geterr(pd)); if (dflag) { bpf_dump(&fcode, dflag); exit(0); } init_addrtoname(localnet, netmask); (void)setsignal(SIGTERM, cleanup); (void)setsignal(SIGINT, cleanup); /* Cooperate with nohup(1) */ if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) (void)setsignal(SIGHUP, oldhandler); if (pcap_setfilter(pd, &fcode) < 0) error("%s", pcap_geterr(pd)); if (WFileName) { pcap_dumper_t *p = pcap_dump_open(pd, WFileName); if (p == NULL) error("%s", pcap_geterr(pd)); printer = pcap_dump; pcap_userdata = (u_char *)p; } else { printer = lookup_printer(pcap_datalink(pd)); pcap_userdata = 0; } if (RFileName == NULL) { (void)fprintf(stderr, "%s: listening on %s\n", program_name, device); (void)fflush(stderr); } if (pcap_loop(pd, cnt, printer, pcap_userdata) < 0) { (void)fprintf(stderr, "%s: pcap_loop: %s\n", program_name, pcap_geterr(pd)); exit(1); } pcap_close(pd); exit(0); }