Changeset View
Changeset View
Standalone View
Standalone View
contrib/tcpdump/tcpdump.c
| Context not available. | |||||
| #include <sys/capsicum.h> | #include <sys/capsicum.h> | ||||
| #include <sys/sysctl.h> | #include <sys/sysctl.h> | ||||
| #endif /* __FreeBSD__ */ | #endif /* __FreeBSD__ */ | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| #include <libcapsicum.h> | #include <libcasper.h> | ||||
| #include <libcapsicum_dns.h> | #include <casper/cap_dns.h> | ||||
| #include <libcapsicum_service.h> | |||||
| #include <sys/nv.h> | #include <sys/nv.h> | ||||
| #include <sys/capability.h> | #include <sys/capability.h> | ||||
| #include <sys/ioccom.h> | #include <sys/ioccom.h> | ||||
| #include <net/bpf.h> | #include <net/bpf.h> | ||||
| #include <fcntl.h> | #include <fcntl.h> | ||||
| #include <libgen.h> | #include <libgen.h> | ||||
| #endif /* HAVE_CAPSICUM */ | #endif /* HAVE_CAPSPER */ | ||||
| #include <pcap.h> | #include <pcap.h> | ||||
| #include <signal.h> | #include <signal.h> | ||||
| #include <stdio.h> | #include <stdio.h> | ||||
| Context not available. | |||||
| char *program_name; | char *program_name; | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| cap_channel_t *capdns; | cap_channel_t *capdns; | ||||
| #endif | #endif | ||||
| Context not available. | |||||
| char *CurrentFileName; | char *CurrentFileName; | ||||
| pcap_t *pd; | pcap_t *pd; | ||||
| pcap_dumper_t *p; | pcap_dumper_t *p; | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| int dirfd; | int dirfd; | ||||
| #endif | #endif | ||||
| }; | }; | ||||
| Context not available. | |||||
| return ret; | return ret; | ||||
| } | } | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| static cap_channel_t * | static cap_channel_t * | ||||
| capdns_setup(void) | capdns_setup(void) | ||||
| { | { | ||||
| Context not available. | |||||
| int families[2]; | int families[2]; | ||||
| capcas = cap_init(); | capcas = cap_init(); | ||||
| if (capcas == NULL) { | if (capcas == NULL) | ||||
| warning("unable to contact casperd"); | error("unable to create casper process"); | ||||
| return (NULL); | |||||
| } | |||||
| capdnsloc = cap_service_open(capcas, "system.dns"); | capdnsloc = cap_service_open(capcas, "system.dns"); | ||||
| /* Casper capability no longer needed. */ | /* Casper capability no longer needed. */ | ||||
| cap_close(capcas); | cap_close(capcas); | ||||
| Context not available. | |||||
| return (capdnsloc); | return (capdnsloc); | ||||
| } | } | ||||
| #endif /* HAVE_CAPSICUM */ | #endif /* HAVE_CAPSPER */ | ||||
| #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION | #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION | ||||
| static int | static int | ||||
| Context not available. | |||||
| } | } | ||||
| #endif | #endif | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| /* | /* | ||||
| * Ensure that, on a dump file's descriptor, we have all the rights | * Ensure that, on a dump file's descriptor, we have all the rights | ||||
| * necessary to make the standard I/O library work with an fdopen()ed | * necessary to make the standard I/O library work with an fdopen()ed | ||||
| Context not available. | |||||
| #endif | #endif | ||||
| int status; | int status; | ||||
| FILE *VFile; | FILE *VFile; | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| cap_rights_t rights; | cap_rights_t rights; | ||||
| #endif /* HAVE_CAPSICUM */ | #endif /* HAVE_CAPSPER */ | ||||
| int cansandbox; | int cansandbox; | ||||
| #ifdef WIN32 | #ifdef WIN32 | ||||
| Context not available. | |||||
| if (pd == NULL) | if (pd == NULL) | ||||
| error("%s", ebuf); | error("%s", ebuf); | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| cap_rights_init(&rights, CAP_READ); | cap_rights_init(&rights, CAP_READ); | ||||
| if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 && | if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 && | ||||
| errno != ENOSYS) { | errno != ENOSYS) { | ||||
| Context not available. | |||||
| exit(0); | exit(0); | ||||
| } | } | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| if (!nflag) | if (!nflag) | ||||
| capdns = capdns_setup(); | capdns = capdns_setup(); | ||||
| #endif /* HAVE_CAPSICUM */ | #endif /* HAVE_CAPSPER */ | ||||
| init_addrtoname(gndo, localnet, netmask); | init_addrtoname(gndo, localnet, netmask); | ||||
| init_checksum(); | init_checksum(); | ||||
| Context not available. | |||||
| if (pcap_setfilter(pd, &fcode) < 0) | if (pcap_setfilter(pd, &fcode) < 0) | ||||
| error("%s", pcap_geterr(pd)); | error("%s", pcap_geterr(pd)); | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| if (RFileName == NULL && VFileName == NULL) { | if (RFileName == NULL && VFileName == NULL) { | ||||
| static const unsigned long cmds[] = { BIOCGSTATS }; | static const unsigned long cmds[] = { BIOCGSTATS }; | ||||
| Context not available. | |||||
| #endif /* HAVE_LIBCAP_NG */ | #endif /* HAVE_LIBCAP_NG */ | ||||
| if (p == NULL) | if (p == NULL) | ||||
| error("%s", pcap_geterr(pd)); | error("%s", pcap_geterr(pd)); | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| set_dumper_capsicum_rights(p); | set_dumper_capsicum_rights(p); | ||||
| #endif | #endif | ||||
| if (Cflag != 0 || Gflag != 0) { | if (Cflag != 0 || Gflag != 0) { | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| dumpinfo.WFileName = strdup(basename(WFileName)); | dumpinfo.WFileName = strdup(basename(WFileName)); | ||||
| dumpinfo.dirfd = open(dirname(WFileName), | dumpinfo.dirfd = open(dirname(WFileName), | ||||
| O_DIRECTORY | O_RDONLY); | O_DIRECTORY | O_RDONLY); | ||||
| Context not available. | |||||
| errno != ENOSYS) { | errno != ENOSYS) { | ||||
| error("unable to limit dump descriptor fcntls"); | error("unable to limit dump descriptor fcntls"); | ||||
| } | } | ||||
| #else /* !HAVE_CAPSICUM */ | #else /* !HAVE_CAPSPER */ | ||||
| dumpinfo.WFileName = WFileName; | dumpinfo.WFileName = WFileName; | ||||
| #endif | #endif | ||||
| callback = dump_packet_and_trunc; | callback = dump_packet_and_trunc; | ||||
| Context not available. | |||||
| #ifdef __FreeBSD__ | #ifdef __FreeBSD__ | ||||
| cansandbox = (VFileName == NULL && zflag == NULL); | cansandbox = (VFileName == NULL && zflag == NULL); | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| cansandbox = (cansandbox && (nflag || capdns != NULL)); | cansandbox = (cansandbox && (nflag || capdns != NULL)); | ||||
| #else | #else | ||||
| cansandbox = (cansandbox && nflag); | cansandbox = (cansandbox && nflag); | ||||
| Context not available. | |||||
| pd = pcap_open_offline(RFileName, ebuf); | pd = pcap_open_offline(RFileName, ebuf); | ||||
| if (pd == NULL) | if (pd == NULL) | ||||
| error("%s", ebuf); | error("%s", ebuf); | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| cap_rights_init(&rights, CAP_READ); | cap_rights_init(&rights, CAP_READ); | ||||
| if (cap_rights_limit(fileno(pcap_file(pd)), | if (cap_rights_limit(fileno(pcap_file(pd)), | ||||
| &rights) < 0 && errno != ENOSYS) { | &rights) < 0 && errno != ENOSYS) { | ||||
| Context not available. | |||||
| /* If the time is greater than the specified window, rotate */ | /* If the time is greater than the specified window, rotate */ | ||||
| if (t - Gflag_time >= Gflag) { | if (t - Gflag_time >= Gflag) { | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| FILE *fp; | FILE *fp; | ||||
| int fd; | int fd; | ||||
| #endif | #endif | ||||
| Context not available. | |||||
| capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); | capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); | ||||
| capng_apply(CAPNG_SELECT_BOTH); | capng_apply(CAPNG_SELECT_BOTH); | ||||
| #endif /* HAVE_LIBCAP_NG */ | #endif /* HAVE_LIBCAP_NG */ | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| fd = openat(dump_info->dirfd, | fd = openat(dump_info->dirfd, | ||||
| dump_info->CurrentFileName, | dump_info->CurrentFileName, | ||||
| O_CREAT | O_WRONLY | O_TRUNC, 0644); | O_CREAT | O_WRONLY | O_TRUNC, 0644); | ||||
| Context not available. | |||||
| dump_info->CurrentFileName); | dump_info->CurrentFileName); | ||||
| } | } | ||||
| dump_info->p = pcap_dump_fopen(dump_info->pd, fp); | dump_info->p = pcap_dump_fopen(dump_info->pd, fp); | ||||
| #else /* !HAVE_CAPSICUM */ | #else /* !HAVE_CAPSPER */ | ||||
| dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); | dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); | ||||
| #endif | #endif | ||||
| #ifdef HAVE_LIBCAP_NG | #ifdef HAVE_LIBCAP_NG | ||||
| Context not available. | |||||
| #endif /* HAVE_LIBCAP_NG */ | #endif /* HAVE_LIBCAP_NG */ | ||||
| if (dump_info->p == NULL) | if (dump_info->p == NULL) | ||||
| error("%s", pcap_geterr(pd)); | error("%s", pcap_geterr(pd)); | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| set_dumper_capsicum_rights(dump_info->p); | set_dumper_capsicum_rights(dump_info->p); | ||||
| #endif | #endif | ||||
| } | } | ||||
| Context not available. | |||||
| if (size == -1) | if (size == -1) | ||||
| error("ftell fails on output file"); | error("ftell fails on output file"); | ||||
| if (size > Cflag) { | if (size > Cflag) { | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| FILE *fp; | FILE *fp; | ||||
| int fd; | int fd; | ||||
| #endif | #endif | ||||
| Context not available. | |||||
| capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); | capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); | ||||
| capng_apply(CAPNG_SELECT_BOTH); | capng_apply(CAPNG_SELECT_BOTH); | ||||
| #endif /* HAVE_LIBCAP_NG */ | #endif /* HAVE_LIBCAP_NG */ | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| fd = openat(dump_info->dirfd, dump_info->CurrentFileName, | fd = openat(dump_info->dirfd, dump_info->CurrentFileName, | ||||
| O_CREAT | O_WRONLY | O_TRUNC, 0644); | O_CREAT | O_WRONLY | O_TRUNC, 0644); | ||||
| if (fd < 0) { | if (fd < 0) { | ||||
| Context not available. | |||||
| dump_info->CurrentFileName); | dump_info->CurrentFileName); | ||||
| } | } | ||||
| dump_info->p = pcap_dump_fopen(dump_info->pd, fp); | dump_info->p = pcap_dump_fopen(dump_info->pd, fp); | ||||
| #else /* !HAVE_CAPSICUM */ | #else /* !HAVE_CAPSPER */ | ||||
| dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); | dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); | ||||
| #endif | #endif | ||||
| #ifdef HAVE_LIBCAP_NG | #ifdef HAVE_LIBCAP_NG | ||||
| Context not available. | |||||
| #endif /* HAVE_LIBCAP_NG */ | #endif /* HAVE_LIBCAP_NG */ | ||||
| if (dump_info->p == NULL) | if (dump_info->p == NULL) | ||||
| error("%s", pcap_geterr(pd)); | error("%s", pcap_geterr(pd)); | ||||
| #ifdef HAVE_CAPSICUM | #ifdef HAVE_CAPSPER | ||||
| set_dumper_capsicum_rights(dump_info->p); | set_dumper_capsicum_rights(dump_info->p); | ||||
| #endif | #endif | ||||
| } | } | ||||
| Context not available. | |||||