int main(int argc, char** argv)
{
char **compiler_args = NULL;
char *compiler_name;
int pid;
struct timespec start, end;
int stat;
FILE *log;
compiler_name = (char*)find_basename(argv[0]);
copy_argv(argv, &compiler_args, 0);
free(compiler_args[0]);
compiler_args[0] = strdup(compiler_name);
clock_gettime(CLOCK_MONOTONIC, &start);
pid = fork();
setenv("PATH", "/usr/bin", 1);
if (pid == 0)
return execvp(compiler_name, compiler_args);
waitpid(pid, &stat, 0);
clock_gettime(CLOCK_MONOTONIC, &end);
int i;
long long int diff = 0;
diff = (end.tv_sec*1000000000+end.tv_nsec) - (start.tv_sec*1000000000+start.tv_nsec);
log = fopen("/tmp/profile.out", "a+");
fseek(log, 0, SEEK_END);
for(i = 0;i<argc-1;i++) {
fprintf(log, "%s ", argv[i]);
}
fprintf(log, "%s: ", argv[i]);
fprintf(log, "%lld nsec\n", diff);
fclose(log);
}
int
main(int argc, char *argv[])
{
int c, sock;
char *intf, *filter, ebuf[PCAP_ERRBUF_SIZE];
pcap_t *pd;
intf = NULL;
while ((c = getopt(argc, argv, "i:n:Ih?V")) != -1) {
switch (c) {
case 'i':
intf = optarg;
break;
case 'n':
Opt_nice = atoi(optarg);
if (Opt_nice < MIN_NICE || Opt_nice > MAX_NICE)
usage();
break;
case 'I':
Opt_icmp = 1;
break;
default:
usage();
break;
}
}
if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL)
errx(1, "%s", ebuf);
argc -= optind;
argv += optind;
if (argc == 0)
usage();
filter = copy_argv(argv);
if ((pd = pcap_init(intf, filter, 128)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pd)) < 0)
errx(1, "couldn't determine link layer offset");
if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
errx(1, "couldn't initialize sending");
warnx("listening on %s [%s]", intf, filter);
tcp_nice_loop(pd, sock);
/* NOTREACHED */
exit(0);
}
Environment::Environment(int argc, char** argv)
: argc_(argc)
, argv_(0)
, fork_exec_lock_()
, halt_lock_()
, finalizer_thread_(NULL)
, loader_(NULL)
{
String::init_hash();
copy_argv(argc, argv);
ruby_init_setproctitle(argc, argv);
shared = new SharedState(this, config, config_parser);
load_vm_options(argc_, argv_);
check_io_descriptors();
root_vm = shared->thread_nexus()->new_vm(shared, "ruby.main");
root_vm->set_main_thread();
shared->set_root_vm(root_vm);
size_t stack_size = 0;
struct rlimit rlim;
if(getrlimit(RLIMIT_STACK, &rlim) == 0) {
stack_size = rlim.rlim_cur;
}
root_vm->set_stack_bounds(stack_size);
root_vm->set_current_thread();
state = new State(root_vm);
loader_ = new memory::TypedRoot<Object*>(state);
NativeMethod::init_thread(state);
start_logging(state);
log_argv();
if(config.log_config.value) {
std::string options;
config_parser.parsed_options(options);
if(options.size()) {
logger::write("config: %s", options.c_str());
}
}
}
int
main(int argc, char *argv[])
{
int c;
while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
case 'n':
Opt_dns = 0;
break;
case 'v':
Opt_invert = 1;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc > 0 && strlen(argv[0])) {
if ((pregex = (regex_t *) malloc(sizeof(*pregex))) == NULL)
err(1, "malloc");
if (regcomp(pregex, argv[0], REG_EXTENDED|REG_NOSUB) != 0)
errx(1, "invalid regular expression");
}
if (argc > 1) {
nids_params.pcap_filter = copy_argv(argv + 1);
}
else nids_params.pcap_filter = DEFAULT_PCAP_FILTER;
nids_params.scan_num_hosts = 0;
nids_params.syslog = null_syslog;
if (!nids_init())
errx(1, "%s", nids_errbuf);
nids_register_tcp(sniff_http_client);
warnx("listening on %s [%s]", nids_params.device,
nids_params.pcap_filter);
nids_run();
/* NOTREACHED */
exit(0);
}
int
main(int argc, char **argv) {
struct timeval del = { 0, 500 * 1000 } ;
int c = 0;
int pid = 0;
while((c = getopt(argc, argv, "ht:")) != -1) {
switch(c) {
case 't':
settime(optarg, &del);
break;
case 'h':
default:
_usage();
exit(1);
}
}
argc -= optind;
argv += optind;
if((pid = fork())) {
unsigned long delay = (del.tv_sec * 1000000) + del.tv_usec;
usleep(delay);
killpg(pid, 9);
} else {
char *cmd = copy_argv(argv);
if(setpgid(0, getpid()) == -1) {
perror("setpgid");
exit(1);
}
system(cmd);
}
exit(0);
}
int
main(int argc, char **argv)
{
char *cp, *device;
int op;
int dorfmon, useactivate;
char ebuf[PCAP_ERRBUF_SIZE];
char *infile;
char *cmdbuf;
pcap_t *pd;
int status = 0;
int pcap_fd;
#if defined(USE_BPF)
struct bpf_program bad_fcode;
struct bpf_insn uninitialized[INSN_COUNT];
#elif defined(USE_SOCKET_FILTERS)
struct sock_fprog bad_fcode;
struct sock_filter uninitialized[INSN_COUNT];
#endif
struct bpf_program fcode;
device = NULL;
dorfmon = 0;
useactivate = 0;
infile = NULL;
if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];
opterr = 0;
while ((op = getopt(argc, argv, "aF:i:I")) != -1) {
switch (op) {
case 'a':
useactivate = 1;
break;
case 'F':
infile = optarg;
break;
case 'i':
device = optarg;
break;
case 'I':
dorfmon = 1;
useactivate = 1; /* required for rfmon */
break;
default:
usage();
/* NOTREACHED */
}
}
if (device == NULL) {
/*
* No interface specified; get whatever pcap_lookupdev()
* finds.
*/
device = pcap_lookupdev(ebuf);
if (device == NULL) {
error("couldn't find interface to use: %s",
ebuf);
}
}
if (infile != NULL) {
/*
* Filter specified with "-F" and a file containing
* a filter.
*/
cmdbuf = read_infile(infile);
} else {
if (optind < argc) {
/*
* Filter specified with arguments on the
* command line.
*/
cmdbuf = copy_argv(&argv[optind+1]);
} else {
/*
* No filter specified; use an empty string, which
* compiles to an "accept all" filter.
*/
cmdbuf = "";
}
}
if (useactivate) {
pd = pcap_create(device, ebuf);
if (pd == NULL)
error("%s: pcap_create() failed: %s", device, ebuf);
status = pcap_set_snaplen(pd, 65535);
if (status != 0)
error("%s: pcap_set_snaplen failed: %s",
device, pcap_statustostr(status));
status = pcap_set_promisc(pd, 1);
if (status != 0)
error("%s: pcap_set_promisc failed: %s",
device, pcap_statustostr(status));
if (dorfmon) {
status = pcap_set_rfmon(pd, 1);
if (status != 0)
error("%s: pcap_set_rfmon failed: %s",
device, pcap_statustostr(status));
}
status = pcap_set_timeout(pd, 1000);
if (status != 0)
error("%s: pcap_set_timeout failed: %s",
device, pcap_statustostr(status));
status = pcap_activate(pd);
if (status < 0) {
/*
* pcap_activate() failed.
*/
error("%s: %s\n(%s)", device,
pcap_statustostr(status), pcap_geterr(pd));
} else if (status > 0) {
/*
* pcap_activate() succeeded, but it's warning us
* of a problem it had.
*/
warning("%s: %s\n(%s)", device,
pcap_statustostr(status), pcap_geterr(pd));
}
} else {
*ebuf = '\0';
pd = pcap_open_live(device, 65535, 1, 1000, ebuf);
if (pd == NULL)
error("%s", ebuf);
else if (*ebuf)
warning("%s", ebuf);
}
pcap_fd = pcap_fileno(pd);
/*
* Try setting a filter with an uninitialized bpf_program
* structure. This should cause valgrind to report a
* problem.
*
* We don't check for errors, because it could get an
* error due to a bad pointer or count.
*/
#if defined(USE_BPF)
ioctl(pcap_fd, BIOCSETF, &bad_fcode);
#elif defined(USE_SOCKET_FILTERS)
setsockopt(pcap_fd, SOL_SOCKET, SO_ATTACH_FILTER, &bad_fcode,
sizeof(bad_fcode));
#endif
/*
* Try setting a filter with an initialized bpf_program
* structure that points to an uninitialized program.
* That should also cause valgrind to report a problem.
*
* We don't check for errors, because it could get an
* error due to a bad pointer or count.
*/
#if defined(USE_BPF)
bad_fcode.bf_len = INSN_COUNT;
bad_fcode.bf_insns = uninitialized;
ioctl(pcap_fd, BIOCSETF, &bad_fcode);
#elif defined(USE_SOCKET_FILTERS)
bad_fcode.len = INSN_COUNT;
bad_fcode.filter = uninitialized;
setsockopt(pcap_fd, SOL_SOCKET, SO_ATTACH_FILTER, &bad_fcode,
sizeof(bad_fcode));
#endif
/*
* Now compile a filter and set the filter with that.
* That should *not* cause valgrind to report a
* problem.
*/
if (pcap_compile(pd, &fcode, cmdbuf, 1, 0) < 0)
error("can't compile filter: %s", pcap_geterr(pd));
if (pcap_setfilter(pd, &fcode) < 0)
error("can't set filter: %s", pcap_geterr(pd));
pcap_close(pd);
exit(status < 0 ? 1 : 0);
}
int
main(int argc, char **argv)
{
char *cp;
int op;
int dflag;
char *infile;
int Oflag;
long snaplen;
int dlt;
bpf_u_int32 netmask = PCAP_NETMASK_UNKNOWN;
char *cmdbuf;
pcap_t *pd;
struct bpf_program fcode;
#ifdef WIN32
if(wsockinit() != 0) return 1;
#endif /* WIN32 */
dflag = 1;
infile = NULL;
Oflag = 1;
snaplen = 68;
if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];
opterr = 0;
while ((op = getopt(argc, argv, "dF:m:Os:")) != -1) {
switch (op) {
case 'd':
++dflag;
break;
case 'F':
infile = optarg;
break;
case 'O':
Oflag = 0;
break;
case 'm': {
in_addr_t addr;
addr = inet_addr(optarg);
if (addr == INADDR_NONE)
error("invalid netmask %s", optarg);
netmask = addr;
break;
}
case 's': {
char *end;
snaplen = strtol(optarg, &end, 0);
if (optarg == end || *end != '\0'
|| snaplen < 0 || snaplen > 65535)
error("invalid snaplen %s", optarg);
else if (snaplen == 0)
snaplen = 65535;
break;
}
default:
usage();
/* NOTREACHED */
}
}
if (optind >= argc) {
usage();
/* NOTREACHED */
}
dlt = pcap_datalink_name_to_val(argv[optind]);
if (dlt < 0)
error("invalid data link type %s", argv[optind]);
if (infile)
cmdbuf = read_infile(infile);
else
cmdbuf = copy_argv(&argv[optind+1]);
pd = pcap_open_dead(dlt, snaplen);
if (pd == NULL)
error("Can't open fake pcap_t");
if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
error("%s", pcap_geterr(pd));
if (!bpf_validate(fcode.bf_insns, fcode.bf_len))
warn("Filter doesn't pass validation");
bpf_dump(&fcode, dflag);
pcap_close(pd);
exit(0);
}
int
main(int argc, char **argv)
{
char *cp;
int op;
#ifndef BDEBUG
int dflag;
#endif
char *infile;
int Oflag;
long snaplen;
char *p;
int dlt;
int have_fcode = 0;
bpf_u_int32 netmask = PCAP_NETMASK_UNKNOWN;
char *cmdbuf;
pcap_t *pd;
struct bpf_program fcode;
#ifdef _WIN32
if (pcap_wsockinit() != 0)
return 1;
#endif /* _WIN32 */
#ifndef BDEBUG
dflag = 1;
#else
/* if optimizer debugging is enabled, output DOT graph
* `dflag=4' is equivalent to -dddd to follow -d/-dd/-ddd
* convention in tcpdump command line
*/
dflag = 4;
#endif
infile = NULL;
Oflag = 1;
snaplen = 68;
if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];
opterr = 0;
while ((op = getopt(argc, argv, "dF:m:Os:")) != -1) {
switch (op) {
case 'd':
++dflag;
break;
case 'F':
infile = optarg;
break;
case 'O':
Oflag = 0;
break;
case 'm': {
bpf_u_int32 addr;
switch (inet_pton(AF_INET, optarg, &addr)) {
case 0:
error("invalid netmask %s", optarg);
break;
case -1:
error("invalid netmask %s: %s", optarg,
pcap_strerror(errno));
break;
case 1:
netmask = addr;
break;
}
break;
}
case 's': {
char *end;
snaplen = strtol(optarg, &end, 0);
if (optarg == end || *end != '\0'
|| snaplen < 0 || snaplen > 65535)
error("invalid snaplen %s", optarg);
else if (snaplen == 0)
snaplen = 65535;
break;
}
default:
usage();
/* NOTREACHED */
}
}
if (optind >= argc) {
usage();
/* NOTREACHED */
}
dlt = pcap_datalink_name_to_val(argv[optind]);
if (dlt < 0) {
dlt = (int)strtol(argv[optind], &p, 10);
if (p == argv[optind] || *p != '\0')
error("invalid data link type %s", argv[optind]);
}
if (infile)
cmdbuf = read_infile(infile);
else
cmdbuf = copy_argv(&argv[optind+1]);
pd = pcap_open_dead(dlt, snaplen);
if (pd == NULL)
error("Can't open fake pcap_t");
if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
error("%s", pcap_geterr(pd));
have_fcode = 1;
if (!bpf_validate(fcode.bf_insns, fcode.bf_len))
warn("Filter doesn't pass validation");
#ifdef BDEBUG
if (cmdbuf != NULL) {
// replace line feed with space
for (cp = cmdbuf; *cp != '\0'; ++cp) {
if (*cp == '\r' || *cp == '\n') {
*cp = ' ';
}
}
// only show machine code if BDEBUG defined, since dflag > 3
printf("machine codes for filter: %s\n", cmdbuf);
} else
printf("machine codes for empty filter:\n");
#endif
bpf_dump(&fcode, dflag);
free(cmdbuf);
if (have_fcode)
pcap_freecode (&fcode);
pcap_close(pd);
exit(0);
}
int main(int argc,char **argv, char **envp)
{
bpf_u_int32 localnet, netmask; /* pcap library stuff */
struct bpf_program filter;
struct pcap_device device;
char errbuf[PCAP_ERRBUF_SIZE];
int index, logf;
struct plugins_list_entry *list;
struct plugin_requests req;
char config_file[SRVBUFLEN];
int psize = DEFAULT_SNAPLEN;
struct id_table bpas_table;
struct id_table blp_table;
struct id_table bmed_table;
struct id_table biss_table;
struct id_table bta_table;
struct id_table idt;
struct pcap_callback_data cb_data;
/* getopt() stuff */
extern char *optarg;
extern int optind, opterr, optopt;
int errflag, cp;
#if defined ENABLE_IPV6
struct sockaddr_storage client;
#else
struct sockaddr client;
#endif
umask(077);
compute_once();
/* a bunch of default definitions */
have_num_memory_pools = FALSE;
reload_map = FALSE;
tag_map_allocated = FALSE;
bpas_map_allocated = FALSE;
blp_map_allocated = FALSE;
bmed_map_allocated = FALSE;
biss_map_allocated = FALSE;
find_id_func = PM_find_id;
errflag = 0;
memset(cfg_cmdline, 0, sizeof(cfg_cmdline));
memset(&config, 0, sizeof(struct configuration));
memset(&device, 0, sizeof(struct pcap_device));
memset(&config_file, 0, sizeof(config_file));
memset(&failed_plugins, 0, sizeof(failed_plugins));
memset(&req, 0, sizeof(req));
memset(dummy_tlhdr, 0, sizeof(dummy_tlhdr));
memset(sll_mac, 0, sizeof(sll_mac));
memset(&bpas_table, 0, sizeof(bpas_table));
memset(&blp_table, 0, sizeof(blp_table));
memset(&bmed_table, 0, sizeof(bmed_table));
memset(&biss_table, 0, sizeof(biss_table));
memset(&bta_table, 0, sizeof(bta_table));
memset(&client, 0, sizeof(client));
memset(&cb_data, 0, sizeof(cb_data));
memset(&tunnel_registry, 0, sizeof(tunnel_registry));
config.acct_type = ACCT_PM;
rows = 0;
glob_pcapt = NULL;
/* getting commandline values */
while (!errflag && ((cp = getopt(argc, argv, ARGS_PMACCTD)) != -1)) {
cfg_cmdline[rows] = malloc(SRVBUFLEN);
switch (cp) {
case 'P':
strlcpy(cfg_cmdline[rows], "plugins: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'D':
strlcpy(cfg_cmdline[rows], "daemonize: true", SRVBUFLEN);
rows++;
break;
case 'd':
debug = TRUE;
strlcpy(cfg_cmdline[rows], "debug: true", SRVBUFLEN);
rows++;
break;
case 'n':
strlcpy(cfg_cmdline[rows], "networks_file: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'o':
strlcpy(cfg_cmdline[rows], "ports_file: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'O':
strlcpy(cfg_cmdline[rows], "print_output: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'u':
strlcpy(cfg_cmdline[rows], "print_num_protos: true", SRVBUFLEN);
rows++;
break;
case 'N':
strlcpy(cfg_cmdline[rows], "promisc: false", SRVBUFLEN);
rows++;
break;
case 'f':
strlcpy(config_file, optarg, sizeof(config_file));
break;
case 'F':
strlcpy(cfg_cmdline[rows], "pidfile: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'c':
strlcpy(cfg_cmdline[rows], "aggregate: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'b':
strlcpy(cfg_cmdline[rows], "imt_buckets: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'm':
strlcpy(cfg_cmdline[rows], "imt_mem_pools_number: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
have_num_memory_pools = TRUE;
rows++;
break;
case 'p':
strlcpy(cfg_cmdline[rows], "imt_path: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'r':
strlcpy(cfg_cmdline[rows], "sql_refresh_time: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
cfg_cmdline[rows] = malloc(SRVBUFLEN);
strlcpy(cfg_cmdline[rows], "print_refresh_time: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'v':
strlcpy(cfg_cmdline[rows], "sql_table_version: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 's':
strlcpy(cfg_cmdline[rows], "imt_mem_pools_size: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'S':
strlcpy(cfg_cmdline[rows], "syslog: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'i':
strlcpy(cfg_cmdline[rows], "interface: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'I':
strlcpy(cfg_cmdline[rows], "pcap_savefile: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'w':
strlcpy(cfg_cmdline[rows], "interface_wait: true", SRVBUFLEN);
rows++;
break;
case 'W':
strlcpy(cfg_cmdline[rows], "savefile_wait: true", SRVBUFLEN);
rows++;
break;
case 'L':
strlcpy(cfg_cmdline[rows], "snaplen: ", SRVBUFLEN);
strncat(cfg_cmdline[rows], optarg, CFG_LINE_LEN(cfg_cmdline[rows]));
rows++;
break;
case 'R':
strlcpy(cfg_cmdline[rows], "sfacctd_renormalize: true", SRVBUFLEN);
rows++;
break;
case 'h':
usage_daemon(argv[0]);
exit(0);
break;
default:
usage_daemon(argv[0]);
exit(1);
break;
}
}
/* post-checks and resolving conflicts */
if (strlen(config_file)) {
if (parse_configuration_file(config_file) != SUCCESS)
exit(1);
}
else {
if (parse_configuration_file(NULL) != SUCCESS)
exit(1);
}
/* XXX: glue; i'm conscious it's a dirty solution from an engineering viewpoint;
someday later i'll fix this */
list = plugins_list;
while(list) {
list->cfg.acct_type = ACCT_PM;
set_default_preferences(&list->cfg);
if (!strcmp(list->name, "default") && !strcmp(list->type.string, "core"))
memcpy(&config, &list->cfg, sizeof(struct configuration));
list = list->next;
}
if (config.files_umask) umask(config.files_umask);
/* Let's check whether we need superuser privileges */
if (config.snaplen) psize = config.snaplen;
else config.snaplen = psize;
if (!config.pcap_savefile) {
if (getuid() != 0) {
printf("%s\n\n", PMACCTD_USAGE_HEADER);
printf("ERROR ( default/core ): You need superuser privileges to run this command.\nExiting ...\n\n");
exit(1);
}
}
if (config.daemon) {
list = plugins_list;
while (list) {
if (!strcmp(list->type.string, "print")) printf("WARN ( default/core ): Daemonizing. Hmm, bye bye screen.\n");
list = list->next;
}
if (debug || config.debug)
printf("WARN ( default/core ): debug is enabled; forking in background. Console logging will get lost.\n");
daemonize();
}
initsetproctitle(argc, argv, envp);
if (config.syslog) {
logf = parse_log_facility(config.syslog);
if (logf == ERR) {
config.syslog = NULL;
printf("WARN ( default/core ): specified syslog facility is not supported; logging to console.\n");
}
else openlog(NULL, LOG_PID, logf);
Log(LOG_INFO, "INFO ( default/core ): Start logging ...\n");
}
if (config.logfile)
{
config.logfile_fd = open_logfile(config.logfile);
list = plugins_list;
while (list) {
list->cfg.logfile_fd = config.logfile_fd ;
list = list->next;
}
}
/* Enforcing policies over aggregation methods */
list = plugins_list;
while (list) {
if (list->type.id != PLUGIN_ID_CORE) {
/* applies to all plugins */
if (config.classifiers_path && (list->cfg.sampling_rate || config.ext_sampling_rate)) {
Log(LOG_ERR, "ERROR ( default/core ): Packet sampling and classification are mutual exclusive.\n");
exit(1);
}
if (list->cfg.sampling_rate && config.ext_sampling_rate) {
Log(LOG_ERR, "ERROR ( default/core ): Internal packet sampling and external packet sampling are mutual exclusive.\n");
exit(1);
}
if (list->type.id == PLUGIN_ID_TEE) {
Log(LOG_ERR, "ERROR ( default/core ): 'tee' plugin not supported in 'pmacctd'.\n");
exit(1);
}
else if (list->type.id == PLUGIN_ID_NFPROBE) {
/* If we already renormalizing an external sampling rate,
we cancel the sampling information from the probe plugin */
if (config.sfacctd_renormalize && list->cfg.ext_sampling_rate) list->cfg.ext_sampling_rate = 0;
config.handle_fragments = TRUE;
list->cfg.nfprobe_what_to_count = list->cfg.what_to_count;
list->cfg.what_to_count = 0;
#if defined (HAVE_L2)
if (list->cfg.nfprobe_version == 9 || list->cfg.nfprobe_version == 10) {
list->cfg.what_to_count |= COUNT_SRC_MAC;
list->cfg.what_to_count |= COUNT_DST_MAC;
list->cfg.what_to_count |= COUNT_VLAN;
}
#endif
list->cfg.what_to_count |= COUNT_SRC_HOST;
list->cfg.what_to_count |= COUNT_DST_HOST;
if (list->cfg.networks_file || list->cfg.networks_mask || list->cfg.nfacctd_net) {
list->cfg.what_to_count |= COUNT_SRC_NMASK;
list->cfg.what_to_count |= COUNT_DST_NMASK;
}
list->cfg.what_to_count |= COUNT_SRC_PORT;
list->cfg.what_to_count |= COUNT_DST_PORT;
list->cfg.what_to_count |= COUNT_IP_TOS;
list->cfg.what_to_count |= COUNT_IP_PROTO;
if (list->cfg.networks_file || (list->cfg.nfacctd_bgp && list->cfg.nfacctd_as == NF_AS_BGP)) {
list->cfg.what_to_count |= COUNT_SRC_AS;
list->cfg.what_to_count |= COUNT_DST_AS;
list->cfg.what_to_count |= COUNT_PEER_DST_IP;
}
if ((list->cfg.nfprobe_version == 9 || list->cfg.nfprobe_version == 10) && list->cfg.classifiers_path) {
list->cfg.what_to_count |= COUNT_CLASS;
config.handle_flows = TRUE;
}
if (list->cfg.pre_tag_map) {
list->cfg.what_to_count |= COUNT_ID;
list->cfg.what_to_count |= COUNT_ID2;
}
list->cfg.what_to_count |= COUNT_IN_IFACE;
list->cfg.what_to_count |= COUNT_OUT_IFACE;
if (list->cfg.what_to_count & (COUNT_STD_COMM|COUNT_EXT_COMM|COUNT_LOCAL_PREF|COUNT_MED|COUNT_AS_PATH|
COUNT_PEER_SRC_AS|COUNT_PEER_DST_AS|COUNT_PEER_SRC_IP|COUNT_SRC_STD_COMM|
COUNT_SRC_EXT_COMM|COUNT_SRC_AS_PATH|COUNT_SRC_MED|COUNT_SRC_LOCAL_PREF|
COUNT_MPLS_VPN_RD)) {
Log(LOG_ERR, "ERROR ( default/core ): 'src_as', 'dst_as' and 'peer_dst_ip' are currently the only BGP-related primitives supported within the 'nfprobe' plugin.\n");
exit(1);
}
list->cfg.what_to_count |= COUNT_COUNTERS;
list->cfg.data_type = PIPE_TYPE_METADATA;
list->cfg.data_type |= PIPE_TYPE_EXTRAS;
}
else if (list->type.id == PLUGIN_ID_SFPROBE) {
/* If we already renormalizing an external sampling rate,
we cancel the sampling information from the probe plugin */
if (config.sfacctd_renormalize && list->cfg.ext_sampling_rate) list->cfg.ext_sampling_rate = 0;
if (psize < 128) psize = config.snaplen = 128; /* SFL_DEFAULT_HEADER_SIZE */
list->cfg.what_to_count = COUNT_PAYLOAD;
if (list->cfg.classifiers_path) {
list->cfg.what_to_count |= COUNT_CLASS;
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (list->cfg.nfacctd_bgp && list->cfg.nfacctd_as == NF_AS_BGP) {
list->cfg.what_to_count |= COUNT_SRC_AS;
list->cfg.what_to_count |= COUNT_DST_AS;
list->cfg.what_to_count |= COUNT_PEER_DST_IP;
}
if (list->cfg.nfacctd_bgp && list->cfg.nfacctd_net == NF_NET_BGP) {
list->cfg.what_to_count |= COUNT_SRC_NMASK;
list->cfg.what_to_count |= COUNT_DST_NMASK;
}
if (list->cfg.pre_tag_map) {
list->cfg.what_to_count |= COUNT_ID;
list->cfg.what_to_count |= COUNT_ID2;
}
if (list->cfg.what_to_count & (COUNT_STD_COMM|COUNT_EXT_COMM|COUNT_LOCAL_PREF|COUNT_MED|COUNT_AS_PATH|
COUNT_PEER_SRC_AS|COUNT_PEER_DST_AS|COUNT_PEER_SRC_IP|COUNT_SRC_STD_COMM|
COUNT_SRC_EXT_COMM|COUNT_SRC_AS_PATH|COUNT_SRC_MED|COUNT_SRC_LOCAL_PREF|
COUNT_MPLS_VPN_RD)) {
Log(LOG_ERR, "ERROR ( default/core ): 'src_as', 'dst_as' and 'peer_dst_ip' are currently the only BGP-related primitives supported within the 'sfprobe' plugin.\n");
exit(1);
}
#if defined (HAVE_L2)
list->cfg.what_to_count |= COUNT_VLAN;
list->cfg.what_to_count |= COUNT_COS;
#endif
list->cfg.data_type = PIPE_TYPE_PAYLOAD;
}
else {
evaluate_sums(&list->cfg.what_to_count, list->name, list->type.string);
if (list->cfg.what_to_count & (COUNT_SRC_PORT|COUNT_DST_PORT|COUNT_SUM_PORT|COUNT_TCPFLAGS))
config.handle_fragments = TRUE;
if (list->cfg.what_to_count & COUNT_FLOWS) {
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (list->cfg.what_to_count & COUNT_CLASS) {
config.handle_fragments = TRUE;
config.handle_flows = TRUE;
}
if (!list->cfg.what_to_count) {
Log(LOG_WARNING, "WARN ( %s/%s ): defaulting to SRC HOST aggregation.\n", list->name, list->type.string);
list->cfg.what_to_count |= COUNT_SRC_HOST;
}
if ((list->cfg.what_to_count & (COUNT_SRC_AS|COUNT_DST_AS|COUNT_SUM_AS)) && !list->cfg.networks_file && list->cfg.nfacctd_as != NF_AS_BGP) {
Log(LOG_ERR, "ERROR ( %s/%s ): AS aggregation selected but NO 'networks_file' or 'pmacctd_as' are specified. Exiting...\n\n", list->name, list->type.string);
exit(1);
}
if (list->cfg.what_to_count & (COUNT_SRC_NET|COUNT_DST_NET|COUNT_SUM_NET|COUNT_SRC_NMASK|COUNT_DST_NMASK)) {
if (!list->cfg.nfacctd_net) {
if (list->cfg.networks_file) list->cfg.nfacctd_net |= NF_NET_NEW;
if (list->cfg.networks_mask) list->cfg.nfacctd_net |= NF_NET_STATIC;
if (!list->cfg.nfacctd_net) {
Log(LOG_ERR, "ERROR ( %s/%s ): network aggregation selected but none of 'pmacctd_net', 'networks_file', 'networks_mask' is specified. Exiting ...\n\n", list->name, list->type.string);
exit(1);
}
}
else {
if ((list->cfg.nfacctd_net == NF_NET_NEW && !list->cfg.networks_file) ||
(list->cfg.nfacctd_net == NF_NET_STATIC && !list->cfg.networks_mask) ||
(list->cfg.nfacctd_net == NF_NET_BGP && !list->cfg.nfacctd_bgp) ||
(list->cfg.nfacctd_net == NF_NET_KEEP)) {
Log(LOG_ERR, "ERROR ( %s/%s ): network aggregation selected but none of 'bgp_daemon', 'networks_file', 'networks_mask' is specified. Exiting ...\n\n", list->name, list->type.string);
exit(1);
}
}
}
if (list->cfg.what_to_count & COUNT_CLASS && !list->cfg.classifiers_path) {
Log(LOG_ERR, "ERROR ( %s/%s ): 'class' aggregation selected but NO 'classifiers' key specified. Exiting...\n\n", list->name, list->type.string);
exit(1);
}
bgp_config_checks(&list->cfg);
list->cfg.what_to_count |= COUNT_COUNTERS;
list->cfg.data_type |= PIPE_TYPE_METADATA;
}
}
list = list->next;
}
/* plugins glue: creation (since 094) */
if (config.classifiers_path) {
init_classifiers(config.classifiers_path);
init_conntrack_table();
}
load_plugins(&req);
if (config.handle_fragments) init_ip_fragment_handler();
if (config.handle_flows) init_ip_flow_handler();
load_networks(config.networks_file, &nt, &nc);
/* If any device/savefile have been specified, choose a suitable device
where to listen for traffic */
if (!config.dev && !config.pcap_savefile) {
Log(LOG_WARNING, "WARN ( default/core ): Selecting a suitable device.\n");
config.dev = pcap_lookupdev(errbuf);
if (!config.dev) {
Log(LOG_WARNING, "WARN ( default/core ): Unable to find a suitable device. Exiting.\n");
exit_all(1);
}
else Log(LOG_DEBUG, "DEBUG ( default/core ): device is %s\n", config.dev);
}
/* reading filter; if it exists, we'll take an action later */
if (!strlen(config_file)) config.clbuf = copy_argv(&argv[optind]);
if (config.dev && config.pcap_savefile) {
Log(LOG_ERR, "ERROR ( default/core ): 'interface' (-i) and 'pcap_savefile' (-I) directives are mutually exclusive. Exiting.\n");
exit_all(1);
}
throttle_startup:
if (config.dev) {
if ((device.dev_desc = pcap_open_live(config.dev, psize, config.promisc, 1000, errbuf)) == NULL) {
if (!config.if_wait) {
Log(LOG_ERR, "ERROR ( default/core ): pcap_open_live(): %s\n", errbuf);
exit_all(1);
}
else {
sleep(5); /* XXX: user defined ? */
goto throttle_startup;
}
}
}
else if (config.pcap_savefile) {
if ((device.dev_desc = pcap_open_offline(config.pcap_savefile, errbuf)) == NULL) {
Log(LOG_ERR, "ERROR ( default/core ): pcap_open_offline(): %s\n", errbuf);
exit_all(1);
}
}
device.active = TRUE;
glob_pcapt = device.dev_desc; /* SIGINT/stats handling */
if (config.pipe_size) {
int slen = sizeof(config.pipe_size), x;
#if defined (PCAP_TYPE_linux) || (PCAP_TYPE_snoop)
Setsocksize(pcap_fileno(device.dev_desc), SOL_SOCKET, SO_RCVBUF, &config.pipe_size, slen);
getsockopt(pcap_fileno(device.dev_desc), SOL_SOCKET, SO_RCVBUF, &x, &slen);
Log(LOG_DEBUG, "DEBUG ( default/core ): PCAP buffer: obtained %d / %d bytes.\n", x, config.pipe_size);
#endif
}
device.link_type = pcap_datalink(device.dev_desc);
for (index = 0; _devices[index].link_type != -1; index++) {
if (device.link_type == _devices[index].link_type)
device.data = &_devices[index];
}
load_plugin_filters(device.link_type);
/* we need to solve some link constraints */
if (device.data == NULL) {
Log(LOG_ERR, "ERROR ( default/core ): data link not supported: %d\n", device.link_type);
exit_all(1);
}
else Log(LOG_INFO, "OK ( default/core ): link type is: %d\n", device.link_type);
if (device.link_type != DLT_EN10MB && device.link_type != DLT_IEEE802 && device.link_type != DLT_LINUX_SLL) {
list = plugins_list;
while (list) {
if ((list->cfg.what_to_count & COUNT_SRC_MAC) || (list->cfg.what_to_count & COUNT_DST_MAC)) {
Log(LOG_ERR, "ERROR ( default/core ): MAC aggregation not available for link type: %d\n", device.link_type);
exit_all(1);
}
list = list->next;
}
}
cb_data.device = &device;
/* doing pcap stuff */
if (!config.dev || pcap_lookupnet(config.dev, &localnet, &netmask, errbuf) < 0) {
localnet = 0;
netmask = 0;
Log(LOG_WARNING, "WARN ( default/core ): %s\n", errbuf);
}
if (pcap_compile(device.dev_desc, &filter, config.clbuf, 0, netmask) < 0)
Log(LOG_WARNING, "WARN: %s\nWARN ( default/core ): going on without a filter\n", pcap_geterr(device.dev_desc));
else {
if (pcap_setfilter(device.dev_desc, &filter) < 0)
Log(LOG_WARNING, "WARN: %s\nWARN ( default/core ): going on without a filter\n", pcap_geterr(device.dev_desc));
}
/* signal handling we want to inherit to plugins (when not re-defined elsewhere) */
signal(SIGCHLD, startup_handle_falling_child); /* takes note of plugins failed during startup phase */
signal(SIGHUP, reload); /* handles reopening of syslog channel */
signal(SIGUSR1, push_stats); /* logs various statistics via Log() calls */
signal(SIGUSR2, reload_maps); /* sets to true the reload_maps flag */
signal(SIGPIPE, SIG_IGN); /* we want to exit gracefully when a pipe is broken */
/* loading pre-tagging map, if any */
if (config.pre_tag_map) {
load_id_file(config.acct_type, config.pre_tag_map, &idt, &req, &tag_map_allocated);
cb_data.idt = (u_char *) &idt;
}
else {
memset(&idt, 0, sizeof(idt));
cb_data.idt = NULL;
}
#if defined ENABLE_THREADS
/* starting the BGP thread */
if (config.nfacctd_bgp) {
req.bpf_filter = TRUE;
load_comm_patterns(&config.nfacctd_bgp_stdcomm_pattern, &config.nfacctd_bgp_extcomm_pattern, &config.nfacctd_bgp_stdcomm_pattern_to_asn);
if (config.nfacctd_bgp_peer_as_src_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_peer_as_src_map) {
load_id_file(MAP_BGP_PEER_AS_SRC, config.nfacctd_bgp_peer_as_src_map, &bpas_table, &req, &bpas_map_allocated);
cb_data.bpas_table = (u_char *) &bpas_table;
}
else {
Log(LOG_ERR, "ERROR: bgp_peer_as_src_type set to 'map' but no map defined. Exiting.\n");
exit(1);
}
}
else cb_data.bpas_table = NULL;
if (config.nfacctd_bgp_src_local_pref_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_src_local_pref_map) {
load_id_file(MAP_BGP_SRC_LOCAL_PREF, config.nfacctd_bgp_src_local_pref_map, &blp_table, &req, &blp_map_allocated);
cb_data.blp_table = (u_char *) &blp_table;
}
else {
Log(LOG_ERR, "ERROR: bgp_src_local_pref_type set to 'map' but no map defined. Exiting.\n");
exit(1);
}
}
else cb_data.blp_table = NULL;
if (config.nfacctd_bgp_src_med_type == BGP_SRC_PRIMITIVES_MAP) {
if (config.nfacctd_bgp_src_med_map) {
load_id_file(MAP_BGP_SRC_MED, config.nfacctd_bgp_src_med_map, &bmed_table, &req, &bmed_map_allocated);
cb_data.bmed_table = (u_char *) &bmed_table;
}
else {
Log(LOG_ERR, "ERROR: bgp_src_med_type set to 'map' but no map defined. Exiting.\n");
exit(1);
}
}
else cb_data.bmed_table = NULL;
if (config.nfacctd_bgp_to_agent_map) {
load_id_file(MAP_BGP_TO_XFLOW_AGENT, config.nfacctd_bgp_to_agent_map, &bta_table, &req, &bta_map_allocated);
cb_data.bta_table = (u_char *) &bta_table;
}
else {
Log(LOG_ERR, "ERROR ( default/core ): 'bgp_daemon' configured but no 'bgp_agent_map' has been specified. Exiting.\n");
exit(1);
}
/* Limiting BGP peers to only two: one would suffice in pmacctd
but in case maps are reloadable (ie. bta), it could be handy
to keep a backup feed in memory */
config.nfacctd_bgp_max_peers = 2;
if (config.nfacctd_bgp_iface_to_rd_map) {
Log(LOG_ERR, "ERROR ( default/core ): 'bgp_iface_to_rd_map' is not supported by this daemon. Exiting.\n");
exit(1);
}
cb_data.f_agent = (char *)&client;
nfacctd_bgp_wrapper();
/* Let's give the BGP thread some advantage to create its structures */
sleep(5);
}
#else
if (config.nfacctd_bgp) {
Log(LOG_ERR, "ERROR ( default/core ): 'bgp_daemon' is available only with threads (--enable-threads). Exiting.\n");
exit(1);
}
#endif
/* Init tunnel handlers */
tunnel_registry_init();
/* plugins glue: creation (until 093) */
evaluate_packet_handlers();
pm_setproctitle("%s [%s]", "Core Process", "default");
if (config.pidfile) write_pid_file(config.pidfile);
/* signals to be handled only by pmacctd;
we set proper handlers after plugin creation */
signal(SIGINT, my_sigint_handler);
signal(SIGTERM, my_sigint_handler);
signal(SIGCHLD, handle_falling_child);
kill(getpid(), SIGCHLD);
/* When reading packets from a savefile, things are lightning fast; we will sit
here just few seconds, thus allowing plugins to complete their startup operations */
if (config.pcap_savefile) {
Log(LOG_INFO, "INFO ( default/core ): PCAP capture file, sleeping for 2 seconds\n");
sleep(2);
}
/* Main loop: if pcap_loop() exits maybe an error occurred; we will try closing
and reopening again our listening device */
for(;;) {
if (!device.active) {
Log(LOG_WARNING, "WARN ( default/core ): %s has become unavailable; throttling ...\n", config.dev);
throttle_loop:
sleep(5); /* XXX: user defined ? */
if ((device.dev_desc = pcap_open_live(config.dev, psize, config.promisc, 1000, errbuf)) == NULL)
goto throttle_loop;
pcap_setfilter(device.dev_desc, &filter);
device.active = TRUE;
}
pcap_loop(device.dev_desc, -1, pcap_cb, (u_char *) &cb_data);
pcap_close(device.dev_desc);
if (config.pcap_savefile) {
if (config.sf_wait) {
fill_pipe_buffer();
Log(LOG_INFO, "INFO ( default/core ): finished reading PCAP capture file\n");
wait(NULL);
}
stop_all_childs();
}
device.active = FALSE;
}
}
int
main(int argc, char **argv)
{
register int op;
bpf_u_int32 localnet, netmask;
register char *cp, *cmdbuf, *device;
int doselect, dopoll, dotimeout, dononblock;
struct bpf_program fcode;
char ebuf[PCAP_ERRBUF_SIZE];
int selectable_fd;
int status;
int packet_count;
device = NULL;
doselect = 0;
dopoll = 0;
dotimeout = 0;
dononblock = 0;
if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];
opterr = 0;
while ((op = getopt(argc, argv, "i:sptn")) != -1) {
switch (op) {
case 'i':
device = optarg;
break;
case 's':
doselect = 1;
break;
case 'p':
dopoll = 1;
break;
case 't':
dotimeout = 1;
break;
case 'n':
dononblock = 1;
break;
default:
usage();
/* NOTREACHED */
}
}
if (doselect && dopoll) {
fprintf(stderr, "selpolltest: choose select (-s) or poll (-p), but not both\n");
return 1;
}
if (dotimeout && !doselect && !dopoll) {
fprintf(stderr, "selpolltest: timeout (-t) requires select (-s) or poll (-p)\n");
return 1;
}
if (device == NULL) {
device = pcap_lookupdev(ebuf);
if (device == NULL)
error("%s", ebuf);
}
*ebuf = '\0';
pd = pcap_open_live(device, 65535, 0, 1000, ebuf);
if (pd == NULL)
error("%s", ebuf);
else if (*ebuf)
warning("%s", ebuf);
if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
localnet = 0;
netmask = 0;
warning("%s", ebuf);
}
cmdbuf = copy_argv(&argv[optind]);
if (pcap_compile(pd, &fcode, cmdbuf, 1, netmask) < 0)
error("%s", pcap_geterr(pd));
if (pcap_setfilter(pd, &fcode) < 0)
error("%s", pcap_geterr(pd));
if (pcap_get_selectable_fd(pd) == -1)
error("pcap_get_selectable_fd() fails");
if (dononblock) {
if (pcap_setnonblock(pd, 1, ebuf) == -1)
error("pcap_setnonblock failed: %s", ebuf);
}
selectable_fd = pcap_get_selectable_fd(pd);
printf("Listening on %s\n", device);
if (doselect) {
for (;;) {
fd_set setread, setexcept;
struct timeval seltimeout;
FD_ZERO(&setread);
FD_SET(selectable_fd, &setread);
FD_ZERO(&setexcept);
FD_SET(selectable_fd, &setexcept);
if (dotimeout) {
seltimeout.tv_sec = 0;
seltimeout.tv_usec = 1000;
status = select(selectable_fd + 1, &setread,
NULL, &setexcept, &seltimeout);
} else {
status = select(selectable_fd + 1, &setread,
NULL, &setexcept, NULL);
}
if (status == -1) {
printf("Select returns error (%s)\n",
strerror(errno));
} else {
if (status == 0)
printf("Select timed out: ");
else
printf("Select returned a descriptor: ");
if (FD_ISSET(selectable_fd, &setread))
printf("readable, ");
else
printf("not readable, ");
if (FD_ISSET(selectable_fd, &setexcept))
printf("exceptional condition\n");
else
printf("no exceptional condition\n");
packet_count = 0;
status = pcap_dispatch(pd, -1, countme,
(u_char *)&packet_count);
if (status < 0)
break;
printf("%d packets seen, %d packets counted after select returns\n",
status, packet_count);
}
}
} else if (dopoll) {
for (;;) {
struct pollfd fd;
int polltimeout;
fd.fd = selectable_fd;
fd.events = POLLIN;
if (dotimeout)
polltimeout = 1;
else
polltimeout = -1;
status = poll(&fd, 1, polltimeout);
if (status == -1) {
printf("Poll returns error (%s)\n",
strerror(errno));
} else {
if (status == 0)
printf("Poll timed out\n");
else {
printf("Poll returned a descriptor: ");
if (fd.revents & POLLIN)
printf("readable, ");
else
printf("not readable, ");
if (fd.revents & POLLERR)
printf("exceptional condition, ");
else
printf("no exceptional condition, ");
if (fd.revents & POLLHUP)
printf("disconnect, ");
else
printf("no disconnect, ");
if (fd.revents & POLLNVAL)
printf("invalid\n");
else
printf("not invalid\n");
}
packet_count = 0;
status = pcap_dispatch(pd, -1, countme,
(u_char *)&packet_count);
if (status < 0)
break;
printf("%d packets seen, %d packets counted after poll returns\n",
status, packet_count);
}
}
} else {
for (;;) {
packet_count = 0;
status = pcap_dispatch(pd, -1, countme,
(u_char *)&packet_count);
if (status < 0)
break;
printf("%d packets seen, %d packets counted after pcap_dispatch returns\n",
status, packet_count);
}
}
if (status == -2) {
/*
* We got interrupted, so perhaps we didn't
* manage to finish a line we were printing.
* Print an extra newline, just in case.
*/
putchar('\n');
}
(void)fflush(stdout);
if (status == -1) {
/*
* Error. Report it.
*/
(void)fprintf(stderr, "%s: pcap_loop: %s\n",
program_name, pcap_geterr(pd));
}
pcap_close(pd);
exit(status == -1 ? 1 : 0);
}
int
main(int argc, char *argv[])
{
extern char *optarg;
extern int optind;
int c;
char *p, *intf, *filter, ebuf[PCAP_ERRBUF_SIZE];
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
intf = NULL;
while ((c = getopt(argc, argv, "i:m:123456789h?V")) != -1) {
switch (c) {
case 'i':
intf = optarg;
break;
case 'm':
Opt_max_kill = atoi(optarg);
break;
case '0': case '1': case '2': case '3': case '4':
case '5': case '6': case '7': case '8': case '9':
p = argv[optind - 1];
if (p[0] == '-' && p[1] == c && p[2] == '\0')
Opt_severity = atoi(++p);
else
Opt_severity = atoi(argv[optind] + 1);
break;
default:
usage();
break;
}
}
if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL)
errx(1, "%s", ebuf);
argc -= optind;
argv += optind;
if (argc == 0)
usage();
filter = copy_argv(argv);
if ((pd = pcap_init(intf, filter, 64)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pd)) < 0)
errx(1, "couldn't determine link layer offset");
if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL)
errx(1, "couldn't initialize sending");
libnet_seed_prand(l);
warnx("listening on %s [%s]", intf, filter);
pcap_loop(pd, -1, tcp_kill_cb, (u_char *)l);
/* NOTREACHED */
exit(0);
}
int passive_main(int argc, char *argv[])
{
register int c, i; /* Temporary variable */
bpf_u_int32 mask; /* our netmask */
bpf_u_int32 net; /* our IP adx */
uint32_t npolls; /* Number of pcap polls */
char errbuf[PCAP_ERRBUF_SIZE]; /* pcap error buffer */
char *filter = NULL; /* pcap filter */
pcap_t *handle; /* pcap handle */
struct bpf_program program; /* BPF filter program */
npolls = NPOLLS_DEFAULT;
port_threshold = PORT_THRESHOLD_DEFAULT;
/* This is a trick to have long options only as this is the standard
for how netstr works. However, if one wanted to unglue this piece
it wouldn't be too difficult */
while (1) {
static struct option long_options[] = {
{"if", required_argument, 0, 'i'},
{"threshold", required_argument, 0, 'T'},
{"polls", required_argument, 0, 'p'},
{"no-verify", no_argument, 0, 'V'},
{"extra", no_argument, 0, 'X'},
{0, 0, 0, 0}
};
int option_index = 0;
c = getopt_long(argc, argv, "", long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'i':
pcap_dev = optarg;
break;
case 'T':
port_threshold = u_int_check(optarg);
break;
case 'p':
npolls = u_int_check(optarg);
break;
case 'V':
verify_port = 0;
break;
case 'X':
xflag = 1;
break;
case 'u':
printf("%s\n", PASSIVE_USAGE);
return EXIT_SUCCESS;
break;
default:
printf("%s\n", PASSIVE_USAGE);
return EXIT_FAILURE;
break;
}
}
isroot_uid(); /* call utils isroot_uid? */
/* Strip off any none getopt arguments for pcap filter */
if (!filter)
filter = copy_argv(&argv[optind]);
/* Initialize the interface to listen on */
if ((!pcap_dev)
&& ((pcap_dev = pcap_lookupdev(errbuf)) == NULL)) {
fprintf(stderr, "%s\n", errbuf);
return EXIT_FAILURE;
}
if ((handle = pcap_open_live(pcap_dev, 68, 0, 0, errbuf)) == NULL) {
fprintf(stderr, "%s\n", errbuf);
return EXIT_FAILURE;
}
pcap_lookupnet(pcap_dev, &net, &mask, errbuf); /* Get netinfo */
if (filter) {
if (pcap_compile(handle, &program, filter, 0, net) == -1) {
fprintf(stderr, "Error - `IP: pcap_compile() IP'\n");
return EXIT_FAILURE;
}
if (pcap_setfilter(handle, &program) == -1) {
fprintf(stderr, "Error - `IP: pcap_setfilter()'\n");
return EXIT_FAILURE;
}
pcap_freecode(&program);
}
printf("Starting capturing engine on %s...\n", pcap_dev);
pcap_loop(handle, npolls, passive_pcap4, NULL);
printf("Closing capturing engine...\n");
pcap_close(handle);
print_hosts();
return EXIT_SUCCESS;
}
int main(int argc, char *argv[])
{
FUNCTION f, *fp;
LHASH_OF(FUNCTION) *prog = NULL;
char **copied_argv = NULL;
char *p, *pname;
char buf[1024];
const char *prompt;
ARGS arg;
int first, n, i, ret = 0;
arg.argv = NULL;
arg.size = 0;
/* Set up some of the environment. */
default_config_file = make_config_name();
bio_in = dup_bio_in(FORMAT_TEXT);
bio_out = dup_bio_out(FORMAT_TEXT);
bio_err = dup_bio_err(FORMAT_TEXT);
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
copied_argv = argv = copy_argv(&argc, argv);
#elif defined(_WIN32)
/*
* Replace argv[] with UTF-8 encoded strings.
*/
win32_utf8argv(&argc, &argv);
#endif
p = getenv("OPENSSL_DEBUG_MEMORY");
if (p != NULL && strcmp(p, "on") == 0)
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
if (getenv("OPENSSL_FIPS")) {
BIO_printf(bio_err, "FIPS mode not supported.\n");
return 1;
}
if (!apps_startup()) {
BIO_printf(bio_err,
"FATAL: Startup failure (dev note: apps_startup() failed)\n");
ERR_print_errors(bio_err);
ret = 1;
goto end;
}
prog = prog_init();
pname = opt_progname(argv[0]);
/* first check the program name */
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
if (fp != NULL) {
argv[0] = pname;
ret = fp->func(argc, argv);
goto end;
}
/* If there is stuff on the command line, run with that. */
if (argc != 1) {
argc--;
argv++;
ret = do_cmd(prog, argc, argv);
if (ret < 0)
ret = 0;
goto end;
}
/* ok, lets enter interactive mode */
for (;;) {
ret = 0;
/* Read a line, continue reading if line ends with \ */
for (p = buf, n = sizeof buf, i = 0, first = 1; n > 0; first = 0) {
prompt = first ? "OpenSSL> " : "> ";
p[0] = '\0';
#ifndef READLINE
fputs(prompt, stdout);
fflush(stdout);
if (!fgets(p, n, stdin))
goto end;
if (p[0] == '\0')
goto end;
i = strlen(p);
if (i <= 1)
break;
if (p[i - 2] != '\\')
break;
i -= 2;
p += i;
n -= i;
#else
{
extern char *readline(const char *);
extern void add_history(const char *cp);
char *text;
text = readline(prompt);
if (text == NULL)
goto end;
i = strlen(text);
if (i == 0 || i > n)
break;
if (text[i - 1] != '\\') {
p += strlen(strcpy(p, text));
free(text);
add_history(buf);
break;
}
text[i - 1] = '\0';
p += strlen(strcpy(p, text));
free(text);
n -= i;
}
#endif
}
if (!chopup_args(&arg, buf)) {
BIO_printf(bio_err, "Can't parse (no memory?)\n");
break;
}
ret = do_cmd(prog, arg.argc, arg.argv);
if (ret == EXIT_THE_PROGRAM) {
ret = 0;
goto end;
}
if (ret != 0)
BIO_printf(bio_err, "error in %s\n", arg.argv[0]);
(void)BIO_flush(bio_out);
(void)BIO_flush(bio_err);
}
ret = 1;
end:
OPENSSL_free(copied_argv);
OPENSSL_free(default_config_file);
lh_FUNCTION_free(prog);
OPENSSL_free(arg.argv);
app_RAND_write();
BIO_free(bio_in);
BIO_free_all(bio_out);
apps_shutdown();
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (CRYPTO_mem_leaks(bio_err) <= 0)
ret = 1;
#endif
BIO_free(bio_err);
EXIT(ret);
}
int
main(int argc, char **argv) {
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *p = NULL;
char *fn = NULL,
*out = "out.pcap",
*filt = "ip";
int c = 0;
int f_wait = 0;
while((c = getopt(argc, argv, "no:sW")) != -1) {
switch(c) {
case 'n':
No_Write = 1;
break;
case 'o':
out = optarg;
break;
case 's':
Full_Snap_Only = 0;
break;
case 'W':
f_wait = 1;
break;
case 'h':
default:
_usage();
exit(1);
}
}
argc -= optind;
argv += optind;
if(argc < 1) {
_usage();
exit(1);
}
fn = argv[0];
if(argc > 1)
filt = copy_argv(&argv[1]);
if((p = pcap_open_offline(fn, errbuf))) {
if(No_Write || (D = pcap_dump_open(p, out))) {
pfilter(p, "%s", filt);
pcap_loop(p, -1, _arrival, (u_char*)p);
} else {
fmt_eprint("can't open output \"%s\"", out);
exit(1);
}
} else {
fmt_eprint("can't open file: %s\n", errbuf);
exit(1);
}
if(D) {
pcap_dump_close(D);
}
fmt_print("%a packets read, %a written (%.1f%%), or %.1f%% of %La total bytes\n",
Read, Written, ((double)Written/(double)Read)*100, ((double)WrittenBytes/(double)ReadBytes)*100, ReadBytes);
while(f_wait) /* debug */ ;
exit(0);
}
int
main(int argc, char **argv)
{
register int op;
bpf_u_int32 localnet, netmask;
register char *cp, *cmdbuf, *device;
struct bpf_program fcode;
char ebuf[PCAP_ERRBUF_SIZE];
int status;
int packet_count;
device = NULL;
if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];
opterr = 0;
while ((op = getopt(argc, argv, "i:")) != -1) {
switch (op) {
case 'i':
device = optarg;
break;
default:
usage();
/* NOTREACHED */
}
}
if (device == NULL) {
device = pcap_lookupdev(ebuf);
if (device == NULL)
error("%s", ebuf);
}
*ebuf = '\0';
pd = pcap_open_live(device, 65535, 0, 1000, ebuf);
if (pd == NULL)
error("%s", ebuf);
else if (*ebuf)
warning("%s", ebuf);
if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
localnet = 0;
netmask = 0;
warning("%s", ebuf);
}
cmdbuf = copy_argv(&argv[optind]);
if (pcap_compile(pd, &fcode, cmdbuf, 1, netmask) < 0)
error("%s", pcap_geterr(pd));
if (pcap_setfilter(pd, &fcode) < 0)
error("%s", pcap_geterr(pd));
if (pcap_setnonblock(pd, 1, ebuf) == -1)
error("pcap_setnonblock failed: %s", ebuf);
printf("Listening on %s\n", device);
for (;;) {
packet_count = 0;
status = pcap_dispatch(pd, -1, countme,
(u_char *)&packet_count);
if (status < 0)
break;
if (status != 0) {
printf("%d packets seen, %d packets counted after pcap_dispatch returns\n",
status, packet_count);
}
}
if (status == -2) {
/*
* We got interrupted, so perhaps we didn't
* manage to finish a line we were printing.
* Print an extra newline, just in case.
*/
putchar('\n');
}
(void)fflush(stdout);
if (status == -1) {
/*
* Error. Report it.
*/
(void)fprintf(stderr, "%s: pcap_loop: %s\n",
program_name, pcap_geterr(pd));
}
pcap_close(pd);
exit(status == -1 ? 1 : 0);
}
int
main(int argc, char **argv)
{
int cnt, op, i, done = 0;
bpf_u_int32 localnet, netmask;
char *cp, *cmdbuf, *device;
struct bpf_program fcode;
void (*oldhandler)(int);
u_char *pcap_userdata;
char ebuf[PCAP_ERRBUF_SIZE];
cnt = -1;
device = NULL;
if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];
opterr = 0;
while ((i = getopt(argc, argv, "pa")) != -1)
{
switch (i)
{
case 'p':
pflag = 1;
break;
case 'a':
aflag = 1;
break;
case '?':
default:
done = 1;
break;
}
if (done) break;
}
if (argc > (optind)) cmdbuf = copy_argv(&argv[optind]);
else cmdbuf = "";
if (device == NULL) {
device = pcap_lookupdev(ebuf);
if (device == NULL)
error("%s", ebuf);
}
pd = pcap_open_live(device, snaplen, 1, 1000, ebuf);
if (pd == NULL)
error("%s", ebuf);
i = pcap_snapshot(pd);
if (snaplen < i) {
warning("snaplen raised from %d to %d", snaplen, i);
snaplen = i;
}
if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
localnet = 0;
netmask = 0;
warning("%s", ebuf);
}
/*
* Let user own process after socket has been opened.
*/
setuid(getuid());
if (pcap_compile(pd, &fcode, cmdbuf, 1, netmask) < 0)
error("%s", pcap_geterr(pd));
(void)setsignal(SIGTERM, program_ending);
(void)setsignal(SIGINT, program_ending);
/* Cooperate with nohup(1) */
if ((oldhandler = setsignal(SIGHUP, program_ending)) != SIG_DFL)
(void)setsignal(SIGHUP, oldhandler);
if (pcap_setfilter(pd, &fcode) < 0)
error("%s", pcap_geterr(pd));
pcap_userdata = 0;
(void)fprintf(stderr, "%s: listening on %s\n", program_name, device);
if (pcap_loop(pd, cnt, raw_print, pcap_userdata) < 0) {
(void)fprintf(stderr, "%s: pcap_loop: %s\n",
program_name, pcap_geterr(pd));
exit(1);
}
pcap_close(pd);
exit(0);
}
/**
* Start a client for either type of remote connection. Work out
* whether the arguments request a remote shell or rsyncd connection,
* and call the appropriate connection function, then run_client.
*
* Calls either start_socket_client (for sockets) or do_cmd and
* client_run (for ssh).
**/
static int start_client(int argc, char *argv[])
{
char *p;
char *shell_machine = NULL;
char *shell_path = NULL;
char *shell_user = NULL;
int ret;
pid_t pid;
int f_in,f_out;
int rc;
/* Don't clobber argv[] so that ps(1) can still show the right
* command line. */
if ((rc = copy_argv(argv)))
return rc;
if (!read_batch) { /* for read_batch, NO source is specified */
argc--;
shell_path = check_for_hostspec(argv[0], &shell_machine, &rsync_port);
if (shell_path) { /* source is remote */
argv++;
if (filesfrom_host && *filesfrom_host
&& strcmp(filesfrom_host, shell_machine) != 0) {
rprintf(FERROR,
"--files-from hostname is not the same as the transfer hostname\n");
exit_cleanup(RERR_SYNTAX);
}
if (rsync_port) {
if (!shell_cmd) {
return start_socket_client(shell_machine,
shell_path,
argc, argv);
}
daemon_over_rsh = 1;
}
am_sender = 0;
} else { /* source is local, check dest arg */
am_sender = 1;
if (argc < 1) { /* destination required */
usage(FERROR);
exit_cleanup(RERR_SYNTAX);
}
shell_path = check_for_hostspec(argv[argc], &shell_machine, &rsync_port);
if (shell_path && filesfrom_host && *filesfrom_host
&& strcmp(filesfrom_host, shell_machine) != 0) {
rprintf(FERROR,
"--files-from hostname is not the same as the transfer hostname\n");
exit_cleanup(RERR_SYNTAX);
}
if (!shell_path) { /* no hostspec found, so src & dest are local */
local_server = 1;
if (filesfrom_host) {
rprintf(FERROR,
"--files-from cannot be remote when the transfer is local\n");
exit_cleanup(RERR_SYNTAX);
}
shell_machine = NULL;
shell_path = argv[argc];
} else if (rsync_port) {
if (!shell_cmd) {
return start_socket_client(shell_machine,
shell_path,
argc, argv);
}
daemon_over_rsh = 1;
}
}
} else { /* read_batch */
local_server = 1;
shell_path = argv[argc-1];
if (check_for_hostspec(shell_path, &shell_machine, &rsync_port)) {
rprintf(FERROR, "remote destination is not allowed with --read-batch\n");
exit_cleanup(RERR_SYNTAX);
}
}
if (shell_machine) {
p = strrchr(shell_machine,'@');
if (p) {
*p = 0;
shell_user = shell_machine;
shell_machine = p+1;
}
}
if (verbose > 3) {
rprintf(FINFO,"cmd=%s machine=%s user=%s path=%s\n",
shell_cmd ? safe_fname(shell_cmd) : "",
shell_machine ? safe_fname(shell_machine) : "",
shell_user ? safe_fname(shell_user) : "",
shell_path ? safe_fname(shell_path) : "");
}
/* for remote source, only single dest arg can remain ... */
if (!am_sender && argc > 1) {
usage(FERROR);
exit_cleanup(RERR_SYNTAX);
}
/* ... or no dest at all */
if (!am_sender && argc == 0)
list_only |= 1;
pid = do_cmd(shell_cmd,shell_machine,shell_user,shell_path,
&f_in,&f_out);
/* if we're running an rsync server on the remote host over a
* remote shell command, we need to do the RSYNCD protocol first */
if (daemon_over_rsh) {
int tmpret;
tmpret = start_inband_exchange(shell_user, shell_path,
f_in, f_out, argc);
if (tmpret < 0)
return tmpret;
}
ret = client_run(f_in, f_out, pid, argc, argv);
fflush(stdout);
fflush(stderr);
return ret;
}
int main (int argc, char **argv) {
int i,
opt,
socket; /* socket to write on */
char *packet, /* captured packet */
*device = NULL, /* interface to sniff on */
*ft_filename = NULL, /* fabrication table filename */
*output_filename = NULL, /* output statistics filename */
filter[1024], /* tcpdump style capture filter */
errbuf[PCAP_ERRBUF_SIZE]; /* error buffer for pcap */
pid_t pid; /* used in daemonizing */
FILE *os; /* output statistics file handle */
struct pcap_pkthdr pcap_h; /* pcap packet header */
pcap_t *capdev; /* the capture device */
/*
* catch sig
*/
/*if (signal(SIGINT, catch_signals) == SIG_ERR) {
perror ("sigset failed for SIGINT");
exit (EXIT_FAILURE);
}*/
/*
* prepare the chewy center
*/
memset(&chewycenter, '\0', sizeof(struct cc));
/*
* parse the command line
*/
while ((opt = getopt(argc, argv, "d:f:hi:o:psvz")) != EOF) {
switch (opt) {
case 'd': /* default answer */
chewycenter.default_answer = optarg;
dflag++;
break;
case 'f': /* fabrication table */
ft_filename = optarg;
fflag++;
break;
case 'i': /* interface */
device = optarg;
break;
case 'o': /* output statistics filename */
output_filename = optarg;
oflag++;
break;
case 'p': /* print only */
pflag++;
break;
case 's': /* supress printing of "ignored *" */
sflag++;
break;
case 'v': /* verbose */
vflag++;
break;
case 'z': /* daemonize */
zflag++;
break;
case 'h': /* usage */
case '?':
usage(argv);
break;
}
}
/*
* if there is no default spoof address or fabrication table specified
* and the user doesn't just want to print captured dns packets
* then we have a problem, because we have no idea what to spoof answers with
*/
if (!dflag && !fflag && !pflag)
usage(argv);
/*
* if a fabrication table file was specified fill the ftable with values from it
*/
if (fflag)
fill_table(ft_filename);
/*
* daemonize if we have to
* we do this after we fill the table because we chdir() here
*/
if (zflag) {
pid = fork();
if (pid < 0) {
printf("\ncould not daemonize");
exit (EXIT_FAILURE);
}
if (pid != 0)
exit (EXIT_SUCCESS);
fclose(stdin); fclose(stdout); fclose(stderr);
setsid();
chdir("/");
umask(0);
}
/*
* make sure there is a device to sniff on
*/
if (!device)
device = pcap_lookupdev(errbuf);
if (!device) {
fprintf(stderr, "\ndevice lookup failed");
exit (EXIT_FAILURE);
}
/*
* set capture filter
* defaults to only capturing traffic destined to a nameserver
*/
argc -= optind;
argv += optind;
strcpy(filter, "udp dst port 53");
if (argc != 0) {
strcat(filter, " and ");
strcat(filter, copy_argv(argv));
}
/*
* prepare the device for capturing
*/
capdev = set_cap_dev(device, filter);
/*
* if we're not only watching grab a socket to write on
*/
if (!pflag)
if ((socket = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
libnet_error(LIBNET_ERR_FATAL, "network initialization failed\n");
/*
* print some informative information
*/
printf("\n[ dns hijacker %s ]\n", VERSION);
printf("\nsniffing on: %s", device);
printf("\nusing filter: %s", filter);
if (dflag) printf("\ndefault answer: %s", chewycenter.default_answer);
if (fflag) printf("\nfabrication table: %s", ft_filename);
if (pflag) printf("\nprint only mode");
if (sflag) printf("\nsuppressing ignored activity output");
printf("\n");
/*
* main loop
* this is where it all happens...
* - sniff a packet
* - parse through that packet printing packet information and
* store relevant values in our struct
* - build an appropriate fabricated answer and
* store it in our struct
* - if we're not only watching
* write the packet
* - if we want to store statistics and we're not only watching
* open, write to, and close the statistics file
*/
for (;;) {
packet = (u_char *)pcap_next(capdev, &pcap_h);
if (packet == NULL)
continue;
parse_dns(packet, (int)pcap_h.caplen);
if (!pflag)
spoof_dns(socket);
if (oflag && !pflag) {
os = fopen(output_filename, "w+");
fprintf(os, "%d", num_spoofed_answers);
fclose(os);
}
}
/* not reached */
return (EXIT_SUCCESS);
}
int
main(int argc, char **argv)
{
register int op;
register char *cp, *cmdbuf, *device;
long longarg;
char *p;
int timeout = 1000;
int immediate = 0;
int nonblock = 0;
bpf_u_int32 localnet, netmask;
struct bpf_program fcode;
char ebuf[PCAP_ERRBUF_SIZE];
int status;
int packet_count;
device = NULL;
if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];
opterr = 0;
while ((op = getopt(argc, argv, "i:mnt:")) != -1) {
switch (op) {
case 'i':
device = optarg;
break;
case 'm':
immediate = 1;
break;
case 'n':
nonblock = 1;
break;
case 't':
longarg = strtol(optarg, &p, 10);
if (p == optarg || *p != '\0') {
error("Timeout value \"%s\" is not a number",
optarg);
/* NOTREACHED */
}
if (longarg < 0) {
error("Timeout value %ld is negative", longarg);
/* NOTREACHED */
}
if (longarg > INT_MAX) {
error("Timeout value %ld is too large (> %d)",
longarg, INT_MAX);
/* NOTREACHED */
}
timeout = (int)longarg;
break;
default:
usage();
/* NOTREACHED */
}
}
if (device == NULL) {
device = pcap_lookupdev(ebuf);
if (device == NULL)
error("%s", ebuf);
}
*ebuf = '\0';
pd = pcap_create(device, ebuf);
if (pd == NULL)
error("%s", ebuf);
status = pcap_set_snaplen(pd, 65535);
if (status != 0)
error("%s: pcap_set_snaplen failed: %s",
device, pcap_statustostr(status));
if (immediate) {
status = pcap_set_immediate_mode(pd, 1);
if (status != 0)
error("%s: pcap_set_immediate_mode failed: %s",
device, pcap_statustostr(status));
}
status = pcap_set_timeout(pd, timeout);
if (status != 0)
error("%s: pcap_set_timeout failed: %s",
device, pcap_statustostr(status));
status = pcap_activate(pd);
if (status < 0) {
/*
* pcap_activate() failed.
*/
error("%s: %s\n(%s)", device,
pcap_statustostr(status), pcap_geterr(pd));
} else if (status > 0) {
/*
* pcap_activate() succeeded, but it's warning us
* of a problem it had.
*/
warning("%s: %s\n(%s)", device,
pcap_statustostr(status), pcap_geterr(pd));
}
if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
localnet = 0;
netmask = 0;
warning("%s", ebuf);
}
cmdbuf = copy_argv(&argv[optind]);
if (pcap_compile(pd, &fcode, cmdbuf, 1, netmask) < 0)
error("%s", pcap_geterr(pd));
if (pcap_setfilter(pd, &fcode) < 0)
error("%s", pcap_geterr(pd));
if (pcap_setnonblock(pd, nonblock, ebuf) == -1)
error("pcap_setnonblock failed: %s", ebuf);
printf("Listening on %s\n", device);
for (;;) {
packet_count = 0;
status = pcap_dispatch(pd, -1, countme,
(u_char *)&packet_count);
if (status < 0)
break;
if (status != 0) {
printf("%d packets seen, %d packets counted after pcap_dispatch returns\n",
status, packet_count);
}
}
if (status == -2) {
/*
* We got interrupted, so perhaps we didn't
* manage to finish a line we were printing.
* Print an extra newline, just in case.
*/
putchar('\n');
}
(void)fflush(stdout);
if (status == -1) {
/*
* Error. Report it.
*/
(void)fprintf(stderr, "%s: pcap_loop: %s\n",
program_name, pcap_geterr(pd));
}
pcap_close(pd);
exit(status == -1 ? 1 : 0);
}
int
main(int argc, char *argv[])
{
int c;
char *services, *savefile, *triggers;
services = savefile = triggers = NULL;
while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
switch (c) {
case 'c':
Opt_client = 1;
break;
case 'd':
Opt_debug++;
break;
case 'f':
services = optarg;
break;
case 'i':
nids_params.device = optarg;
break;
case 'm':
Opt_magic = 1;
break;
case 'n':
Opt_dns = 0;
break;
case 'r':
Opt_read = 1;
savefile = optarg;
break;
case 's':
if ((Opt_snaplen = atoi(optarg)) == 0)
usage();
break;
case 't':
triggers = optarg;
break;
case 'w':
Opt_write = 1;
savefile = optarg;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (Opt_read && Opt_write)
usage();
if (!record_init(savefile))
err(1, "record_init");
signal(SIGHUP, sig_hup);
signal(SIGINT, sig_die);
signal(SIGTERM, sig_die);
if (Opt_read) {
record_dump();
record_close();
exit(0);
}
if (argc != 0)
nids_params.pcap_filter = copy_argv(argv);
nids_params.scan_num_hosts = 0;
nids_params.syslog = null_syslog;
if (!nids_init()) {
record_close();
errx(1, "nids_init: %s", nids_errbuf);
}
if (Opt_magic) {
trigger_init_magic(DSNIFF_LIBDIR DSNIFF_MAGIC);
}
if (triggers) {
trigger_init_list(triggers);
}
if (services == NULL) {
services = DSNIFF_LIBDIR DSNIFF_SERVICES;
}
trigger_init_services(services);
nids_register_ip(trigger_ip);
nids_register_ip(trigger_udp);
if (Opt_client) {
nids_register_ip(trigger_tcp_raw);
signal(SIGALRM, trigger_tcp_raw_timeout);
alarm(TRIGGER_TCP_RAW_TIMEOUT);
}
else nids_register_tcp(trigger_tcp);
if (nids_params.pcap_filter != NULL) {
warnx("listening on %s [%s]", nids_params.device,
nids_params.pcap_filter);
}
else warnx("listening on %s", nids_params.device);
nids_run();
/* NOTREACHED */
exit(0);
}
int Start(int argc, char *originalArgv[]) {
TRACEIN;
// ERZ mod, don't copy -psn_ arg, which Mac OS X generates for
// double-clickable applications
// now make a copy of the args and pretend main.js was requested on the command line
bool needMainJs = (getScriptPassedInArgs(argc, (const char**)originalArgv) == 0);
int i = 0;
int j = 0;
char* sMainJsStr = (char*) std::malloc(10);
std::strcpy(sMainJsStr, "main.js");
char** argv = (char**)std::malloc(sizeof(char*)*(argc+2));
for (i = 0; i<argc; i++, j++) {
argv[j] = originalArgv[i];
if (std::strncmp(originalArgv[i], "-psn_", 4) == 0) {
j--; // overwrite the -psn arg
} else if (strcmp(originalArgv[i], "--version") == 0 || strcmp(originalArgv[i], "-v") == 0) {
printf("PDG v%s\nNode.js %s\n", PDG_VERSION, NODE_VERSION);
exit(0);
} else if (strcmp(originalArgv[i], "--help") == 0) {
printf("Usage: pdg [options] [script.js] [arguments] \n"
"\n"
"If script is not specified, pdg will search for main.js \n"
"\n"
"Options:\n"
" -v, --version print pdg's version\n"
" --no-deprecation silence deprecation warnings\n"
" --trace-deprecation show stack traces on deprecations\n"
" --v8-options print v8 command line options\n"
" --max-stack-size=val set max v8 stack size (bytes)\n"
"\n"
"Environment variables:\n"
#ifdef _WIN32
"NODE_PATH ';'-separated list of directories\n"
#else
"NODE_PATH ':'-separated list of directories\n"
#endif
" prefixed to the module search path.\n"
"NODE_DEBUG Set to \"module\" to debug module loading.\n"
"NODE_DISABLE_COLORS Set to 1 to disable colors in the REPL\n"
"\n"
"PDG Documentation is at http://ezavada.com/pdg/\n"
"Node.js Documentation can be found at http://nodejs.org/\n");
exit(0);
}
}
argc -= (i-j); // adjust for argument(s) removed
if (needMainJs) {
argv[argc] = sMainJsStr;
argc++;
}
argv[argc] = 0; // guard
// uv_setup_args() won't like our non-contigous argv memory, so make a copy
char **argv_clean = copy_argv(argc, argv);
// Hack aroung with the argv pointer. Used for process.title = "blah".
argv = uv_setup_args(argc, argv_clean);
// Logic to duplicate argv as Init() modifies arguments
// that are passed into it.
char **argv_copy = copy_argv(argc, argv);
TRACE("calling node::Init()..");
// This needs to run *before* V8::Initialize()
// Use copy here as to not modify the original argv:
node::Init(argc, argv_copy);
TRACE("calling v8::Initialize()..");
v8::V8::Initialize();
{
v8::Locker locker;
v8::HandleScope handle_scope;
// Create the one and only Context.
v8::Persistent<v8::Context> context = v8::Context::New();
v8::Context::Scope context_scope(context);
node::process_symbol = NODE_PSYMBOL("process");
node::domain_symbol = NODE_PSYMBOL("domain");
TRACE("calling node::SetupProcessObject()..");
// Use original argv, as we're just copying values out of it.
v8::Handle<v8::Object> process_l = node::SetupProcessObject(argc, argv);
TRACE("calling v8_typed_array::AttachBindings()..");
v8_typed_array::AttachBindings(context->Global());
// bypass the usual bootstrap and use ours instead
pdg::setupThirdPartyMain(process_l);
// Create all the objects, load modules, do everything.
// so your next reading stop should be node::Load()!
TRACE("calling node::Load()..");
node::Load(process_l);
// ERZ modification to standard node Start(), to support loading pdg modules
TRACE("calling pdg::installIntoNodeApplication()..");
pdg::installIntoNodeApplication();
// All our arguments are loaded. We've evaluated all of the scripts. We
// might even have created TCP servers. Now we enter the main eventloop. If
// there are no watchers on the loop (except for the ones that were
// uv_unref'd) then this function exits. As long as there are active
// watchers, it blocks.
TRACE("calling uv_run()..");
uv_run(uv_default_loop(), UV_RUN_DEFAULT);
TRACE("calling node::EmitExit()..");
node::EmitExit(process_l);
TRACE("calling node::RunAtExit()..");
node::RunAtExit();
#ifndef NDEBUG
context.Dispose();
#endif
}
#ifndef NDEBUG
// Clean up. Not strictly necessary.
v8::V8::Dispose();
#endif // NDEBUG
// Clean up the copy:
free(argv_copy);
TRACEOUT;
return 0;
}
int
main(int argc, char **argv)
{
int ch, np, ret, Xflag = 0;
pcap_handler phandler = dump_packet;
const char *errstr = NULL;
char *pidf = NULL;
ret = 0;
closefrom(STDERR_FILENO + 1);
while ((ch = getopt(argc, argv, "Dxd:f:i:p:s:")) != -1) {
switch (ch) {
case 'D':
Debug = 1;
break;
case 'd':
delay = strtonum(optarg, 5, 60*60, &errstr);
if (errstr)
usage();
break;
case 'f':
filename = optarg;
break;
case 'i':
interface = optarg;
break;
case 'p':
pidf = optarg;
break;
case 's':
snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN,
&errstr);
if (snaplen <= 0)
snaplen = DEF_SNAPLEN;
if (errstr)
snaplen = PFLOGD_MAXSNAPLEN;
break;
case 'x':
Xflag++;
break;
default:
usage();
}
}
log_debug = Debug;
argc -= optind;
argv += optind;
/* does interface exist */
if (!if_exists(interface)) {
warn("Failed to initialize: %s", interface);
logmsg(LOG_ERR, "Failed to initialize: %s", interface);
logmsg(LOG_ERR, "Exiting, init failure");
exit(1);
}
if (!Debug) {
openlog("pflogd", LOG_PID | LOG_CONS, LOG_DAEMON);
if (daemon(0, 0)) {
logmsg(LOG_WARNING, "Failed to become daemon: %s",
strerror(errno));
}
pidfile(pidf);
}
tzset();
(void)umask(S_IRWXG | S_IRWXO);
/* filter will be used by the privileged process */
if (argc) {
filter = copy_argv(argv);
if (filter == NULL)
logmsg(LOG_NOTICE, "Failed to form filter expression");
}
/* initialize pcap before dropping privileges */
if (init_pcap()) {
logmsg(LOG_ERR, "Exiting, init failure");
exit(1);
}
/* Privilege separation begins here */
if (priv_init()) {
logmsg(LOG_ERR, "unable to privsep");
exit(1);
}
setproctitle("[initializing]");
/* Process is now unprivileged and inside a chroot */
signal(SIGTERM, sig_close);
signal(SIGINT, sig_close);
signal(SIGQUIT, sig_close);
signal(SIGALRM, sig_alrm);
signal(SIGUSR1, sig_usr1);
signal(SIGHUP, sig_hup);
alarm(delay);
buffer = malloc(PFLOGD_BUFSIZE);
if (buffer == NULL) {
logmsg(LOG_WARNING, "Failed to allocate output buffer");
phandler = dump_packet_nobuf;
} else {
bufleft = buflen = PFLOGD_BUFSIZE;
bufpos = buffer;
bufpkt = 0;
}
if (reset_dump(Xflag) < 0) {
if (Xflag)
return (1);
logmsg(LOG_ERR, "Logging suspended: open error");
set_suspended(1);
} else if (Xflag)
return (0);
while (1) {
np = pcap_dispatch(hpcap, PCAP_NUM_PKTS,
phandler, (u_char *)dpcap);
if (np < 0) {
if (!if_exists(interface) == -1) {
logmsg(LOG_NOTICE, "interface %s went away",
interface);
ret = -1;
break;
}
logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap));
}
if (gotsig_close)
break;
if (gotsig_hup) {
if (reset_dump(0)) {
logmsg(LOG_ERR,
"Logging suspended: open error");
set_suspended(1);
}
gotsig_hup = 0;
}
if (gotsig_alrm) {
if (dpcap)
flush_buffer(dpcap);
else
gotsig_hup = 1;
gotsig_alrm = 0;
alarm(delay);
}
if (gotsig_usr1) {
log_pcap_stats();
gotsig_usr1 = 0;
}
}
logmsg(LOG_NOTICE, "Exiting");
if (dpcap) {
flush_buffer(dpcap);
fclose(dpcap);
}
purge_buffer();
log_pcap_stats();
pcap_close(hpcap);
if (!Debug)
closelog();
return (ret);
}
int
main(int argc, char *argv[])
{
extern char *optarg;
extern int optind;
int c;
while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
switch (c) {
case 'i':
nids_params.device = optarg;
break;
case 'p':
nids_params.filename = optarg;
break;
case 'v':
Opt_invert = 1;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc > 0 && strlen(argv[0])) {
if ((pregex = (regex_t *) malloc(sizeof(*pregex))) == NULL)
err(1, "malloc");
if (regcomp(pregex, argv[0], REG_EXTENDED|REG_NOSUB) != 0)
errx(1, "invalid regular expression");
}
if (argc > 1)
nids_params.pcap_filter = copy_argv(argv + 1);
nids_params.scan_num_hosts = 0;
nids_params.syslog = null_syslog;
fh_map_init();
if (!nids_init())
errx(1, "nids_init: %s", nids_errbuf);
nids_register_ip(decode_udp_nfs);
nids_register_tcp(decode_tcp_nfs);
if (nids_params.pcap_filter != NULL) {
if (nids_params.filename == NULL) {
warnx("listening on %s [%s]", nids_params.device,
nids_params.pcap_filter);
}
else {
warnx("using %s [%s]", nids_params.filename,
nids_params.pcap_filter);
}
}
else {
if (nids_params.filename == NULL) {
warnx("listening on %s", nids_params.device);
}
else {
warnx("using %s", nids_params.filename);
}
}
nids_run();
/* NOTREACHED */
exit(0);
}
/**
* main replayer method
*/
static void start(int option, int argc, char* argv[], char** envp)
{
pid_t pid;
int status, fake_argc;
if (option == RECORD) {
copy_executable(argv[2]);
if (access(__executable, X_OK)) {
printf("The specified file '%s' does not exist or is not executable\n", __executable);
return;
}
/* create directory for trace files */
setup_trace_dir(0);
/* initialize trace files */
open_trace_files();
init_trace_files();
copy_argv(argc, argv);
copy_envp(envp);
record_argv_envp(argc, __argv, __envp);
close_trace_files();
pid = sys_fork();
/* child process */
if (pid == 0) {
sys_start_trace(__executable, __argv, __envp);
/* parent process */
} else {
child = pid;
/* make sure that the child process dies when the master process gets interrupted */
install_signal_handler();
/* sync with the child process */
sys_waitpid(pid, &status);
/* configure the child process to get a message upon a thread start, fork(), etc. */
sys_ptrace_setup(pid);
/* initialize stuff */
init_libpfm();
/* initialize the trace file here -- we need to record argc and envp */
open_trace_files();
/* register thread at the scheduler and start the HPC */
rec_sched_register_thread(0, pid);
/* perform the action recording */
fprintf(stderr, "start recording...\n");
start_recording();
fprintf(stderr, "done recording -- cleaning up\n");
/* cleanup all initialized data-structures */
close_trace_files();
close_libpfm();
}
/* replayer code comes here */
} else if (option == REPLAY) {
init_environment(argv[2], &fake_argc, __argv, __envp);
copy_executable(__argv[0]);
if (access(__executable, X_OK)) {
printf("The specified file '%s' does not exist or is not executable\n", __executable);
return;
}
pid = sys_fork();
//child process
if (pid == 0) {
sys_start_trace(__executable, __argv, __envp);
/* parent process */
} else {
child = pid;
/* make sure that the child process dies when the master process gets interrupted */
install_signal_handler();
sys_waitpid(pid, &status);
sys_ptrace_setup(pid);
/* initialize stuff */
init_libpfm();
rep_sched_init();
/* sets the file pointer to the first trace entry */
read_trace_init(argv[2]);
pid_t rec_main_thread = get_recorded_main_thread();
rep_sched_register_thread(pid, rec_main_thread);
/* main loop */
replay();
/* thread wants to exit*/
close_libpfm();
read_trace_close();
rep_sched_close();
}
}
}
int
main(int argc, char *argv[])
{
extern char *optarg;
extern int optind;
int c;
char *intf, *filter, ebuf[PCAP_ERRBUF_SIZE];
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
pcap_t *pd;
intf = NULL;
while ((c = getopt(argc, argv, "i:AIMh?V")) != -1) {
switch (c) {
case 'i':
intf = optarg;
break;
case 'A':
Opt_win = 1;
break;
case 'I':
Opt_icmp = 1;
break;
case 'M':
Opt_pmtu = 1;
break;
default:
usage();
break;
}
}
if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL)
errx(1, "%s", ebuf);
argc -= optind;
argv += optind;
if (argc == 0)
usage();
if ((Opt_win | Opt_icmp | Opt_pmtu) == 0)
Opt_win = Opt_icmp = Opt_pmtu = 1;
filter = copy_argv(argv);
if ((pd = pcap_init(intf, filter, 128)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pd)) < 0)
errx(1, "couldn't determine link layer offset");
if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL)
errx(1, "couldn't initialize sending");
libnet_seed_prand(l);
warnx("listening on %s [%s]", intf, filter);
pcap_loop(pd, -1, tcp_nice_cb, (u_char *)l);
/* NOTREACHED */
exit(0);
}
int main(int argc, char *argv[])
{
FUNCTION f, *fp;
LHASH_OF(FUNCTION) *prog = NULL;
char **copied_argv = NULL;
char *p, *pname;
char buf[1024];
const char *prompt;
ARGS arg;
int first, n, i, ret = 0;
arg.argv = NULL;
arg.size = 0;
/* Set up some of the environment. */
default_config_file = make_config_name();
bio_in = dup_bio_in(FORMAT_TEXT);
bio_out = dup_bio_out(FORMAT_TEXT);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
#if defined( OPENSSL_SYS_VMS)
copied_argv = argv = copy_argv(&argc, argv);
#endif
p = getenv("OPENSSL_DEBUG_MEMORY");
if (p == NULL)
/* if not set, use compiled-in default */
;
else if (strcmp(p, "off") != 0) {
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
} else {
CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
CRYPTO_set_locking_callback(lock_dbg_cb);
if (getenv("OPENSSL_FIPS")) {
#ifdef OPENSSL_FIPS
if (!FIPS_mode_set(1)) {
ERR_load_crypto_strings();
ERR_print_errors(bio_err);
return 1;
}
#else
BIO_printf(bio_err, "FIPS mode not supported.\n");
return 1;
#endif
}
if (!apps_startup())
goto end;
prog = prog_init();
pname = opt_progname(argv[0]);
/* first check the program name */
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
if (fp != NULL) {
argv[0] = pname;
ret = fp->func(argc, argv);
goto end;
}
/* If there is stuff on the command line, run with that. */
if (argc != 1) {
argc--;
argv++;
ret = do_cmd(prog, argc, argv);
if (ret < 0)
ret = 0;
goto end;
}
/* ok, lets enter interactive mode */
for (;;) {
ret = 0;
/* Read a line, continue reading if line ends with \ */
for (p = buf, n = sizeof buf, i = 0, first = 1; n > 0; first = 0) {
prompt = first ? "OpenSSL> " : "> ";
p[0] = '\0';
#ifndef READLINE
fputs(prompt, stdout);
fflush(stdout);
if (!fgets(p, n, stdin))
goto end;
if (p[0] == '\0')
goto end;
i = strlen(p);
if (i <= 1)
break;
if (p[i - 2] != '\\')
break;
i -= 2;
p += i;
n -= i;
#else
{
extern char *readline(const char *);
extern void add_history(const char *cp);
char *text;
char *text = readline(prompt);
if (text == NULL)
goto end;
i = strlen(text);
if (i == 0 || i > n)
break;
if (text[i - 1] != '\\') {
p += strlen(strcpy(p, text));
free(text);
add_history(buf);
break;
}
text[i - 1] = '\0';
p += strlen(strcpy(p, text));
free(text);
n -= i;
}
#endif
}
if (!chopup_args(&arg, buf)) {
BIO_printf(bio_err, "Can't parse (no memory?)\n");
break;
}
ret = do_cmd(prog, arg.argc, arg.argv);
if (ret == EXIT_THE_PROGRAM) {
ret = 0;
goto end;
}
if (ret != 0)
BIO_printf(bio_err, "error in %s\n", arg.argv[0]);
(void)BIO_flush(bio_out);
(void)BIO_flush(bio_err);
}
ret = 1;
end:
OPENSSL_free(copied_argv);
OPENSSL_free(default_config_file);
NCONF_free(config);
config = NULL;
lh_FUNCTION_free(prog);
OPENSSL_free(arg.argv);
BIO_free(bio_in);
BIO_free_all(bio_out);
apps_shutdown();
CRYPTO_mem_leaks(bio_err);
BIO_free(bio_err);
return (ret);
}
int
main(int argc, char **argv)
{
register int cnt, op, i;
bpf_u_int32 localnet, netmask;
register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName;
pcap_handler printer;
struct bpf_program fcode;
RETSIGTYPE (*oldhandler)(int);
u_char *pcap_userdata;
char ebuf[PCAP_ERRBUF_SIZE];
cnt = -1;
device = NULL;
infile = NULL;
RFileName = NULL;
WFileName = NULL;
if ((cp = strrchr(argv[0], '/')) != NULL)
program_name = cp + 1;
else
program_name = argv[0];
if (abort_on_misalignment(ebuf) < 0)
error("%s", ebuf);
opterr = 0;
while (
(op = getopt(argc, argv, "ac:defF:i:lnNOpqr:s:StT:vw:xY")) != EOF)
switch (op) {
case 'a':
++aflag;
break;
case 'c':
cnt = atoi(optarg);
if (cnt <= 0)
error("invalid packet count %s", optarg);
break;
case 'd':
++dflag;
break;
case 'e':
++eflag;
break;
case 'f':
++fflag;
break;
case 'F':
infile = optarg;
break;
case 'i':
device = optarg;
break;
case 'l':
#ifdef HAVE_SETLINEBUF
setlinebuf(stdout);
#else
setvbuf(stdout, NULL, _IOLBF, 0);
#endif
break;
case 'n':
++nflag;
break;
case 'N':
++Nflag;
break;
case 'O':
Oflag = 0;
break;
case 'p':
++pflag;
break;
case 'q':
++qflag;
break;
case 'r':
RFileName = optarg;
break;
case 's':
snaplen = atoi(optarg);
if (snaplen <= 0)
error("invalid snaplen %s", optarg);
break;
case 'S':
++Sflag;
break;
case 't':
--tflag;
break;
case 'T':
if (strcasecmp(optarg, "vat") == 0)
packettype = PT_VAT;
else if (strcasecmp(optarg, "wb") == 0)
packettype = PT_WB;
else if (strcasecmp(optarg, "rpc") == 0)
packettype = PT_RPC;
else if (strcasecmp(optarg, "rtp") == 0)
packettype = PT_RTP;
else if (strcasecmp(optarg, "rtcp") == 0)
packettype = PT_RTCP;
else
error("unknown packet type `%s'", optarg);
break;
case 'v':
++vflag;
break;
case 'w':
WFileName = optarg;
break;
#ifdef YYDEBUG
case 'Y':
{
/* Undocumented flag */
extern int yydebug;
yydebug = 1;
}
break;
#endif
case 'x':
++xflag;
break;
default:
usage();
/* NOTREACHED */
}
if (aflag && nflag)
error("-a and -n options are incompatible");
if (tflag > 0)
thiszone = gmt2local(0);
if (RFileName != NULL) {
/*
* We don't need network access, so set it back to the user id.
* Also, this prevents the user from reading anyone's
* trace file.
*/
setuid(getuid());
pd = pcap_open_offline(RFileName, ebuf);
if (pd == NULL)
error("%s", ebuf);
localnet = 0;
netmask = 0;
if (fflag != 0)
error("-f and -r options are incompatible");
} else {
if (device == NULL) {
device = pcap_lookupdev(ebuf);
if (device == NULL)
error("%s", ebuf);
}
pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf);
if (pd == NULL)
error("%s", ebuf);
i = pcap_snapshot(pd);
if (snaplen < i) {
warning("snaplen raised from %d to %d", snaplen, i);
snaplen = i;
}
if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
localnet = 0;
netmask = 0;
warning("%s", ebuf);
}
/*
* Let user own process after socket has been opened.
*/
setuid(getuid());
}
if (infile)
cmdbuf = read_infile(infile);
else
cmdbuf = copy_argv(&argv[optind]);
if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
error("%s", pcap_geterr(pd));
if (dflag) {
bpf_dump(&fcode, dflag);
exit(0);
}
init_addrtoname(localnet, netmask);
(void)setsignal(SIGTERM, cleanup);
(void)setsignal(SIGINT, cleanup);
/* Cooperate with nohup(1) */
if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
(void)setsignal(SIGHUP, oldhandler);
if (pcap_setfilter(pd, &fcode) < 0)
error("%s", pcap_geterr(pd));
if (WFileName) {
pcap_dumper_t *p = pcap_dump_open(pd, WFileName);
if (p == NULL)
error("%s", pcap_geterr(pd));
printer = pcap_dump;
pcap_userdata = (u_char *)p;
} else {
printer = lookup_printer(pcap_datalink(pd));
pcap_userdata = 0;
}
if (RFileName == NULL) {
(void)fprintf(stderr, "%s: listening on %s\n",
program_name, device);
(void)fflush(stderr);
}
if (pcap_loop(pd, cnt, printer, pcap_userdata) < 0) {
(void)fprintf(stderr, "%s: pcap_loop: %s\n",
program_name, pcap_geterr(pd));
exit(1);
}
pcap_close(pd);
exit(0);
}