Changeset View
Changeset View
Standalone View
Standalone View
contrib/tcpdump/tcpdump.c
| Context not available. | |||||
| * in the opposite order works fine. | * in the opposite order works fine. | ||||
| */ | */ | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSICUM | ||||
| #include <sys/capability.h> | #include <sys/capsicum.h> | ||||
| #include <sys/sysctl.h> | |||||
| #include <sys/nv.h> | |||||
| #include <sys/ioccom.h> | #include <sys/ioccom.h> | ||||
| #include <net/bpf.h> | #include <net/bpf.h> | ||||
| #include <libgen.h> | #include <libgen.h> | ||||
| #ifdef HAVE_CASPER | |||||
| #include <libcasper.h> | |||||
| #include <casper/cap_dns.h> | |||||
| #endif /* HAVE_CASPER */ | |||||
| #endif /* HAVE_CAPSICUM */ | #endif /* HAVE_CAPSICUM */ | ||||
| #include <pcap.h> | #include <pcap.h> | ||||
| #include <signal.h> | #include <signal.h> | ||||
| Context not available. | |||||
| char *program_name; | char *program_name; | ||||
| #ifdef HAVE_CASPER | |||||
| cap_channel_t *capdns; | |||||
| #endif | |||||
| /* Forwards */ | /* Forwards */ | ||||
| static void error(FORMAT_STRING(const char *), ...) NORETURN PRINTFLIKE(1, 2); | static void error(FORMAT_STRING(const char *), ...) NORETURN PRINTFLIKE(1, 2); | ||||
| static void warning(FORMAT_STRING(const char *), ...) PRINTFLIKE(1, 2); | static void warning(FORMAT_STRING(const char *), ...) PRINTFLIKE(1, 2); | ||||
| Context not available. | |||||
| return ret; | return ret; | ||||
| } | } | ||||
| #ifdef HAVE_CASPER | |||||
| static cap_channel_t * | |||||
| capdns_setup(void) | |||||
| { | |||||
| cap_channel_t *capcas, *capdnsloc; | |||||
| const char *types[1]; | |||||
| int families[2]; | |||||
| capcas = cap_init(); | |||||
| if (capcas == NULL) | |||||
| error("unable to create casper process"); | |||||
| capdnsloc = cap_service_open(capcas, "system.dns"); | |||||
| /* Casper capability no longer needed. */ | |||||
| cap_close(capcas); | |||||
| if (capdnsloc == NULL) | |||||
| error("unable to open system.dns service"); | |||||
| /* Limit system.dns to reverse DNS lookups. */ | |||||
| types[0] = "ADDR"; | |||||
| if (cap_dns_type_limit(capdnsloc, types, 1) < 0) | |||||
| error("unable to limit access to system.dns service"); | |||||
| families[0] = AF_INET; | |||||
| families[1] = AF_INET6; | |||||
| if (cap_dns_family_limit(capdnsloc, families, 2) < 0) | |||||
| error("unable to limit access to system.dns service"); | |||||
| return (capdnsloc); | |||||
| } | |||||
| #endif /* HAVE_CASPER */ | |||||
| #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION | #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION | ||||
| static int | static int | ||||
| tstamp_precision_from_string(const char *precision) | tstamp_precision_from_string(const char *precision) | ||||
| Context not available. | |||||
| } else if (status == PCAP_ERROR_PERM_DENIED && *cp != '\0') | } else if (status == PCAP_ERROR_PERM_DENIED && *cp != '\0') | ||||
| error("%s: %s\n(%s)", device, | error("%s: %s\n(%s)", device, | ||||
| pcap_statustostr(status), cp); | pcap_statustostr(status), cp); | ||||
| #ifdef __FreeBSD__ | |||||
| else if (status == PCAP_ERROR_RFMON_NOTSUP && | |||||
| strncmp(device, "wlan", 4) == 0) { | |||||
| char parent[8], newdev[8]; | |||||
| char sysctl[32]; | |||||
| size_t s = sizeof(parent); | |||||
| snprintf(sysctl, sizeof(sysctl), | |||||
| "net.wlan.%d.%%parent", atoi(device + 4)); | |||||
| sysctlbyname(sysctl, parent, &s, NULL, 0); | |||||
| strlcpy(newdev, device, sizeof(newdev)); | |||||
| /* Suggest a new wlan device. */ | |||||
| newdev[strlen(newdev)-1]++; | |||||
| error("%s is not a monitor mode VAP\n" | |||||
| "To create a new monitor mode VAP use:\n" | |||||
| " ifconfig %s create wlandev %s wlanmode monitor\n" | |||||
| "and use %s as the tcpdump interface", | |||||
| device, newdev, parent, newdev); | |||||
| } | |||||
| #endif | |||||
| else | else | ||||
| error("%s: %s", device, | error("%s: %s", device, | ||||
| pcap_statustostr(status)); | pcap_statustostr(status)); | ||||
| Context not available. | |||||
| pcap_freecode(&fcode); | pcap_freecode(&fcode); | ||||
| exit_tcpdump(0); | exit_tcpdump(0); | ||||
| } | } | ||||
| #ifdef HAVE_CASPER | |||||
| if (!ndo->ndo_nflag) | |||||
| capdns = capdns_setup(); | |||||
| #endif /* HAVE_CASPER */ | |||||
| init_print(ndo, localnet, netmask, timezone_offset); | init_print(ndo, localnet, netmask, timezone_offset); | ||||
| #ifndef _WIN32 | #ifndef _WIN32 | ||||
| Context not available. | |||||
| } | } | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSICUM | ||||
| cansandbox = (ndo->ndo_nflag && VFileName == NULL && zflag == NULL); | cansandbox = (VFileName == NULL && zflag == NULL); | ||||
| #ifdef HAVE_CASPER | |||||
| cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL)); | |||||
| #else | |||||
| cansandbox = (cansandbox && ndo->ndo_nflag); | |||||
| #endif /* HAVE_CASPER */ | |||||
| if (cansandbox && cap_enter() < 0 && errno != ENOSYS) | if (cansandbox && cap_enter() < 0 && errno != ENOSYS) | ||||
| error("unable to enter the capability mode"); | error("unable to enter the capability mode"); | ||||
| #endif /* HAVE_CAPSICUM */ | #endif /* HAVE_CAPSICUM */ | ||||
| Context not available. | |||||