/*
* process an input file or device
* May be repeated.
* If start is false, do not initiate new connections
*/
static void process_infile(const std::string &expression,const char *device,const std::string &infile)
{
char error[PCAP_ERRBUF_SIZE];
pcap_t *pd=0;
int dlt=0;
pcap_handler handler;
if (infile!=""){
std::string file_path = infile;
// decompress input if necessary
#ifdef HAVE_INFLATER
for(std::vector<inflater>::const_iterator it = inflaters.begin(); it != inflaters.end(); it++) {
if(it->appropriate(infile)) {
int fd = it->invoke(infile);
file_path = ssprintf("/dev/fd/%d", fd);
if(fd < 0) {
std::cerr << "decompression of '" << infile << "' failed" << std::endl;
exit(1);
}
if(access(file_path.c_str(), R_OK)) {
std::cerr << "decompression of '" << infile << "' is not available on this system" << std::endl;
exit(1);
}
break;
}
}
#endif
if ((pd = pcap_open_offline(file_path.c_str(), error)) == NULL){ /* open the capture file */
die("%s", error);
}
dlt = pcap_datalink(pd); /* get the handler for this kind of packets */
handler = find_handler(dlt, infile.c_str());
} else {
/* if the user didn't specify a device, try to find a reasonable one */
if (device == NULL){
if ((device = pcap_lookupdev(error)) == NULL){
die("%s", error);
}
}
/* make sure we can open the device */
if ((pd = pcap_open_live(device, SNAPLEN, !opt_no_promisc, 1000, error)) == NULL){
die("%s", error);
}
#if defined(HAVE_SETUID) && defined(HAVE_GETUID)
/* drop root privileges - we don't need them any more */
if(setuid(getuid())){
perror("setuid");
}
#endif
/* get the handler for this kind of packets */
dlt = pcap_datalink(pd);
handler = find_handler(dlt, device);
}
/* If DLT_NULL is "broken", giving *any* expression to the pcap
* library when we are using a device of type DLT_NULL causes no
* packets to be delivered. In this case, we use no expression, and
* print a warning message if there is a user-specified expression
*/
#ifdef DLT_NULL_BROKEN
if (dlt == DLT_NULL && expression != ""){
DEBUG(1)("warning: DLT_NULL (loopback device) is broken on your system;");
DEBUG(1)(" filtering does not work. Recording *all* packets.");
}
#endif /* DLT_NULL_BROKEN */
DEBUG(20) ("filter expression: '%s'",expression.c_str());
/* install the filter expression in libpcap */
struct bpf_program fcode;
if (pcap_compile(pd, &fcode, expression.c_str(), 1, 0) < 0){
die("%s", pcap_geterr(pd));
}
if (pcap_setfilter(pd, &fcode) < 0){
die("%s", pcap_geterr(pd));
}
/* initialize our flow state structures */
/* set up signal handlers for graceful exit (pcap uses onexit to put
* interface back into non-promiscuous mode
*/
portable_signal(SIGTERM, terminate);
portable_signal(SIGINT, terminate);
#ifdef SIGHUP
portable_signal(SIGHUP, terminate);
#endif
/* start listening or reading from the input file */
if (infile == "") DEBUG(1) ("listening on %s", device);
if (pcap_loop(pd, -1, handler, (u_char *)tcpdemux::getInstance()) < 0){
die("%s: %s", infile.c_str(),pcap_geterr(pd));
}
}
static void process_infile(const std::string &expression,const char *device,const std::string &infile)
{
char error[PCAP_ERRBUF_SIZE];
pcap_t *pd=0;
int dlt=0;
pcap_handler handler;
#ifdef HAVE_INFLATER
if(inflaters==0) inflaters = build_inflaters();
#endif
if (infile!=""){
std::string file_path = infile;
// decompress input if necessary
#ifdef HAVE_INFLATER
for(inflaters_t::const_iterator it = inflaters->begin(); it != inflaters->end(); it++) {
if((*it)->appropriate(infile)) {
int fd = (*it)->invoke(infile);
file_path = ssprintf("/dev/fd/%d", fd);
if(fd < 0) {
std::cerr << "decompression of '" << infile << "' failed" << std::endl;
exit(1);
}
if(access(file_path.c_str(), R_OK)) {
std::cerr << "decompression of '" << infile << "' is not available on this system" << std::endl;
exit(1);
}
break;
}
}
#endif
if ((pd = pcap_open_offline(file_path.c_str(), error)) == NULL){ /* open the capture file */
die("%s", error);
}
dlt = pcap_datalink(pd); /* get the handler for this kind of packets */
handler = find_handler(dlt, infile.c_str());
} else {
/* if the user didn't specify a device, try to find a reasonable one */
if (device == NULL){
if ((device = pcap_lookupdev(error)) == NULL){
die("%s", error);
}
}
/* make sure we can open the device */
if ((pd = pcap_open_live(device, SNAPLEN, !opt_no_promisc, 1000, error)) == NULL){
die("%s", error);
}
#if defined(HAVE_SETUID) && defined(HAVE_GETUID)
/* drop root privileges - we don't need them any more */
if(setuid(getuid())){
perror("setuid");
}
#endif
/* get the handler for this kind of packets */
dlt = pcap_datalink(pd);
handler = find_handler(dlt, device);
}
DEBUG(20) ("filter expression: '%s'",expression.c_str());
/* install the filter expression in libpcap */
struct bpf_program fcode;
if (pcap_compile(pd, &fcode, expression.c_str(), 1, 0) < 0){
die("%s", pcap_geterr(pd));
}
if (pcap_setfilter(pd, &fcode) < 0){
die("%s", pcap_geterr(pd));
}
/* initialize our flow state structures */
/* set up signal handlers for graceful exit (pcap uses onexit to put
* interface back into non-promiscuous mode
*/
portable_signal(SIGTERM, terminate);
portable_signal(SIGINT, terminate);
#ifdef SIGHUP
portable_signal(SIGHUP, terminate);
#endif
/* start listening or reading from the input file */
if (infile == "") DEBUG(1) ("listening on %s", device);
if (pcap_loop(pd, -1, handler, (u_char *)tcpdemux::getInstance()) < 0){
die("%s: %s", infile.c_str(),pcap_geterr(pd));
}
}
