Index: head/contrib/tcpdump/tcpdump.c =================================================================== --- head/contrib/tcpdump/tcpdump.c (revision 282435) +++ head/contrib/tcpdump/tcpdump.c (revision 282436) @@ -1,2643 +1,2641 @@ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Support for splitting captures into multiple files with a maximum * file size: * * Copyright (c) 2001 * Seth Webster */ #ifndef lint static const char copyright[] _U_ = "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* $FreeBSD$ */ /* * tcpdump - monitor tcp/ip traffic on an ethernet. * * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory. * Mercilessly hacked and occasionally improved since then via the * combined efforts of Van, Steve McCanne and Craig Leres of LBL. */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #ifdef WIN32 #include "w32_fzs.h" extern int strcasecmp (const char *__s1, const char *__s2); extern int SIZE_BUF; #define off_t long #define uint UINT #endif /* WIN32 */ #ifdef USE_LIBSMI #include #endif #ifdef HAVE_LIBCRYPTO #include #endif #ifdef HAVE_GETOPT_LONG #include #else #include "getopt_long.h" #endif #include #include #include #include #include #include #ifdef __FreeBSD__ #include #include #endif /* __FreeBSD__ */ #ifdef HAVE_CAPSICUM #include #include #include #include #include #include #include #include #include #endif /* HAVE_CAPSICUM */ #ifndef WIN32 #include #include #include #include #endif /* WIN32 */ /* capabilities convinience library */ #ifdef HAVE_CAP_NG_H #include #endif /* HAVE_CAP_NG_H */ #include "netdissect.h" #include "interface.h" #include "addrtoname.h" #include "machdep.h" #include "setsignal.h" #include "gmt2local.h" #include "pcap-missing.h" #ifndef PATH_MAX #define PATH_MAX 1024 #endif #ifdef SIGINFO #define SIGNAL_REQ_INFO SIGINFO #elif SIGUSR1 #define SIGNAL_REQ_INFO SIGUSR1 #endif netdissect_options Gndo; netdissect_options *gndo = &Gndo; static int Dflag; /* list available devices and exit */ static int dflag; /* print filter code */ static int Lflag; /* list available data link types and exit */ #ifdef HAVE_PCAP_SET_TSTAMP_TYPE static int Jflag; /* list available time stamp types */ #endif #ifdef HAVE_PCAP_SETDIRECTION int Qflag = -1; /* restrict captured packet by send/receive direction */ #endif static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */ static int infodelay; static int infoprint; char *program_name; #ifdef HAVE_CAPSICUM cap_channel_t *capdns; #endif int32_t thiszone; /* seconds offset from gmt to local time */ /* Forwards */ static RETSIGTYPE cleanup(int); static RETSIGTYPE child_cleanup(int); static void print_version(void); static void print_usage(void); static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn)); static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *); static void ndo_default_print(netdissect_options *, const u_char *, u_int); static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *); static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *); static void droproot(const char *, const char *); static void ndo_error(netdissect_options *ndo, const char *fmt, ...) __attribute__((noreturn)) #ifdef __ATTRIBUTE___FORMAT_OK __attribute__((format (printf, 2, 3))) #endif /* __ATTRIBUTE___FORMAT_OK */ ; static void ndo_warning(netdissect_options *ndo, const char *fmt, ...) #ifdef __ATTRIBUTE___FORMAT_OK __attribute__((format (printf, 2, 3))) #endif /* __ATTRIBUTE___FORMAT_OK */ ; #ifdef SIGNAL_REQ_INFO RETSIGTYPE requestinfo(int); #endif #if defined(USE_WIN32_MM_TIMER) #include static UINT timer_id; static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR); #elif defined(HAVE_ALARM) static void verbose_stats_dump(int sig); #endif static void info(int); static u_int packets_captured; struct printer { if_printer f; int type; }; struct ndo_printer { if_ndo_printer f; int type; }; static const struct printer printers[] = { { NULL, 0 }, }; static const struct ndo_printer ndo_printers[] = { { ether_if_print, DLT_EN10MB }, #ifdef DLT_IPNET { ipnet_if_print, DLT_IPNET }, #endif #ifdef DLT_IEEE802_15_4 { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, #endif #ifdef DLT_IEEE802_15_4_NOFCS { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS }, #endif #ifdef DLT_PPI { ppi_if_print, DLT_PPI }, #endif #ifdef DLT_NETANALYZER { netanalyzer_if_print, DLT_NETANALYZER }, #endif #ifdef DLT_NETANALYZER_TRANSPARENT { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, #endif #if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H) { nflog_if_print, DLT_NFLOG}, #endif #ifdef DLT_CIP { cip_if_print, DLT_CIP }, #endif #ifdef DLT_ATM_CLIP { cip_if_print, DLT_ATM_CLIP }, #endif #ifdef DLT_IP_OVER_FC { ipfc_if_print, DLT_IP_OVER_FC }, #endif { null_if_print, DLT_NULL }, #ifdef DLT_LOOP { null_if_print, DLT_LOOP }, #endif #ifdef DLT_APPLE_IP_OVER_IEEE1394 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, #endif #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H) { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR}, #endif #ifdef DLT_LANE8023 { lane_if_print, DLT_LANE8023 }, #endif { arcnet_if_print, DLT_ARCNET }, #ifdef DLT_ARCNET_LINUX { arcnet_linux_if_print, DLT_ARCNET_LINUX }, #endif { raw_if_print, DLT_RAW }, #ifdef DLT_IPV4 { raw_if_print, DLT_IPV4 }, #endif #ifdef DLT_IPV6 { raw_if_print, DLT_IPV6 }, #endif #ifdef HAVE_PCAP_USB_H #ifdef DLT_USB_LINUX { usb_linux_48_byte_print, DLT_USB_LINUX}, #endif /* DLT_USB_LINUX */ #ifdef DLT_USB_LINUX_MMAPPED { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED}, #endif /* DLT_USB_LINUX_MMAPPED */ #endif /* HAVE_PCAP_USB_H */ #ifdef DLT_SYMANTEC_FIREWALL { symantec_if_print, DLT_SYMANTEC_FIREWALL }, #endif #ifdef DLT_C_HDLC { chdlc_if_print, DLT_C_HDLC }, #endif #ifdef DLT_HDLC { chdlc_if_print, DLT_HDLC }, #endif #ifdef DLT_PPP_ETHER { pppoe_if_print, DLT_PPP_ETHER }, #endif #if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H) { pflog_if_print, DLT_PFLOG }, #endif { token_if_print, DLT_IEEE802 }, { fddi_if_print, DLT_FDDI }, #ifdef DLT_LINUX_SLL { sll_if_print, DLT_LINUX_SLL }, #endif #ifdef DLT_FR { fr_if_print, DLT_FR }, #endif #ifdef DLT_FRELAY { fr_if_print, DLT_FRELAY }, #endif #ifdef DLT_MFR { mfr_if_print, DLT_MFR }, #endif { atm_if_print, DLT_ATM_RFC1483 }, #ifdef DLT_SUNATM { sunatm_if_print, DLT_SUNATM }, #endif #ifdef DLT_ENC { enc_if_print, DLT_ENC }, #endif { sl_if_print, DLT_SLIP }, #ifdef DLT_SLIP_BSDOS { sl_bsdos_if_print, DLT_SLIP_BSDOS }, #endif #ifdef DLT_LTALK { ltalk_if_print, DLT_LTALK }, #endif #ifdef DLT_JUNIPER_ATM1 { juniper_atm1_print, DLT_JUNIPER_ATM1 }, #endif #ifdef DLT_JUNIPER_ATM2 { juniper_atm2_print, DLT_JUNIPER_ATM2 }, #endif #ifdef DLT_JUNIPER_MFR { juniper_mfr_print, DLT_JUNIPER_MFR }, #endif #ifdef DLT_JUNIPER_MLFR { juniper_mlfr_print, DLT_JUNIPER_MLFR }, #endif #ifdef DLT_JUNIPER_MLPPP { juniper_mlppp_print, DLT_JUNIPER_MLPPP }, #endif #ifdef DLT_JUNIPER_PPPOE { juniper_pppoe_print, DLT_JUNIPER_PPPOE }, #endif #ifdef DLT_JUNIPER_PPPOE_ATM { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM }, #endif #ifdef DLT_JUNIPER_GGSN { juniper_ggsn_print, DLT_JUNIPER_GGSN }, #endif #ifdef DLT_JUNIPER_ES { juniper_es_print, DLT_JUNIPER_ES }, #endif #ifdef DLT_JUNIPER_MONITOR { juniper_monitor_print, DLT_JUNIPER_MONITOR }, #endif #ifdef DLT_JUNIPER_SERVICES { juniper_services_print, DLT_JUNIPER_SERVICES }, #endif #ifdef DLT_JUNIPER_ETHER { juniper_ether_print, DLT_JUNIPER_ETHER }, #endif #ifdef DLT_JUNIPER_PPP { juniper_ppp_print, DLT_JUNIPER_PPP }, #endif #ifdef DLT_JUNIPER_FRELAY { juniper_frelay_print, DLT_JUNIPER_FRELAY }, #endif #ifdef DLT_JUNIPER_CHDLC { juniper_chdlc_print, DLT_JUNIPER_CHDLC }, #endif #ifdef DLT_PKTAP { pktap_if_print, DLT_PKTAP }, #endif #ifdef DLT_IEEE802_11_RADIO { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, #endif #ifdef DLT_IEEE802_11 { ieee802_11_if_print, DLT_IEEE802_11}, #endif #ifdef DLT_IEEE802_11_RADIO_AVS { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS }, #endif #ifdef DLT_PRISM_HEADER { prism_if_print, DLT_PRISM_HEADER }, #endif { ppp_if_print, DLT_PPP }, #ifdef DLT_PPP_WITHDIRECTION { ppp_if_print, DLT_PPP_WITHDIRECTION }, #endif #ifdef DLT_PPP_BSDOS { ppp_bsdos_if_print, DLT_PPP_BSDOS }, #endif #ifdef DLT_PPP_SERIAL { ppp_hdlc_if_print, DLT_PPP_SERIAL }, #endif { NULL, 0 }, }; static const struct tok status_flags[] = { #ifdef PCAP_IF_UP { PCAP_IF_UP, "Up" }, #endif #ifdef PCAP_IF_RUNNING { PCAP_IF_RUNNING, "Running" }, #endif { PCAP_IF_LOOPBACK, "Loopback" }, { 0, NULL } }; if_printer lookup_printer(int type) { const struct printer *p; for (p = printers; p->f; ++p) if (type == p->type) return p->f; return NULL; /* NOTREACHED */ } if_ndo_printer lookup_ndo_printer(int type) { const struct ndo_printer *p; for (p = ndo_printers; p->f; ++p) if (type == p->type) return p->f; #if defined(DLT_USER2) && defined(DLT_PKTAP) /* * Apple incorrectly chose to use DLT_USER2 for their PKTAP * header. * * We map DLT_PKTAP, whether it's DLT_USER2 as it is on Darwin- * based OSes or the same value as LINKTYPE_PKTAP as it is on * other OSes, to LINKTYPE_PKTAP, so files written with * this version of libpcap for a DLT_PKTAP capture have a link- * layer header type of LINKTYPE_PKTAP. * * However, files written on OS X Mavericks for a DLT_PKTAP * capture have a link-layer header type of LINKTYPE_USER2. * If we don't have a printer for DLT_USER2, and type is * DLT_USER2, we look up the printer for DLT_PKTAP and use * that. */ if (type == DLT_USER2) { for (p = ndo_printers; p->f; ++p) if (DLT_PKTAP == p->type) return p->f; } #endif return NULL; /* NOTREACHED */ } static pcap_t *pd; static int supports_monitor_mode; extern int optind; extern int opterr; extern char *optarg; struct print_info { netdissect_options *ndo; union { if_printer printer; if_ndo_printer ndo_printer; } p; int ndo_type; }; struct dump_info { char *WFileName; char *CurrentFileName; pcap_t *pd; pcap_dumper_t *p; #ifdef HAVE_CAPSICUM int dirfd; #endif }; #ifdef HAVE_PCAP_SET_TSTAMP_TYPE static void show_tstamp_types_and_exit(const char *device, pcap_t *pd) { int n_tstamp_types; int *tstamp_types = 0; const char *tstamp_type_name; int i; n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types); if (n_tstamp_types < 0) error("%s", pcap_geterr(pd)); if (n_tstamp_types == 0) { fprintf(stderr, "Time stamp type cannot be set for %s\n", device); exit(0); } fprintf(stderr, "Time stamp types for %s (use option -j to set):\n", device); for (i = 0; i < n_tstamp_types; i++) { tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]); if (tstamp_type_name != NULL) { (void) fprintf(stderr, " %s (%s)\n", tstamp_type_name, pcap_tstamp_type_val_to_description(tstamp_types[i])); } else { (void) fprintf(stderr, " %d\n", tstamp_types[i]); } } pcap_free_tstamp_types(tstamp_types); exit(0); } #endif static void show_dlts_and_exit(const char *device, pcap_t *pd) { int n_dlts; int *dlts = 0; const char *dlt_name; n_dlts = pcap_list_datalinks(pd, &dlts); if (n_dlts < 0) error("%s", pcap_geterr(pd)); else if (n_dlts == 0 || !dlts) error("No data link types."); /* * If the interface is known to support monitor mode, indicate * whether these are the data link types available when not in * monitor mode, if -I wasn't specified, or when in monitor mode, * when -I was specified (the link-layer types available in * monitor mode might be different from the ones available when * not in monitor mode). */ if (supports_monitor_mode) (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n", device, Iflag ? "when in monitor mode" : "when not in monitor mode"); else (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n", device); while (--n_dlts >= 0) { dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]); if (dlt_name != NULL) { (void) fprintf(stderr, " %s (%s)", dlt_name, pcap_datalink_val_to_description(dlts[n_dlts])); /* * OK, does tcpdump handle that type? */ if (lookup_printer(dlts[n_dlts]) == NULL && lookup_ndo_printer(dlts[n_dlts]) == NULL) (void) fprintf(stderr, " (printing not supported)"); fprintf(stderr, "\n"); } else { (void) fprintf(stderr, " DLT %d (printing not supported)\n", dlts[n_dlts]); } } #ifdef HAVE_PCAP_FREE_DATALINKS pcap_free_datalinks(dlts); #endif exit(0); } #ifdef HAVE_PCAP_FINDALLDEVS static void show_devices_and_exit (void) { pcap_if_t *devpointer; char ebuf[PCAP_ERRBUF_SIZE]; int i; if (pcap_findalldevs(&devpointer, ebuf) < 0) error("%s", ebuf); else { for (i = 0; devpointer != NULL; i++) { printf("%d.%s", i+1, devpointer->name); if (devpointer->description != NULL) printf(" (%s)", devpointer->description); if (devpointer->flags != 0) printf(" [%s]", bittok2str(status_flags, "none", devpointer->flags)); printf("\n"); devpointer = devpointer->next; } } exit(0); } #endif /* HAVE_PCAP_FINDALLDEVS */ /* * Short options. * * Note that there we use all letters for short options except for g, k, * o, and P, and those are used by other versions of tcpdump, and we should * only use them for the same purposes that the other versions of tcpdump * use them: * * OS X tcpdump uses -g to force non--v output for IP to be on one * line, making it more "g"repable; * * OS X tcpdump uses -k tospecify that packet comments in pcap-ng files * should be printed; * * OpenBSD tcpdump uses -o to indicate that OS fingerprinting should be done * for hosts sending TCP SYN packets; * * OS X tcpdump uses -P to indicate that -w should write pcap-ng rather * than pcap files. */ /* * Set up flags that might or might not be supported depending on the * version of libpcap we're using. */ #if defined(HAVE_PCAP_CREATE) || defined(WIN32) #define B_FLAG "B:" #define B_FLAG_USAGE " [ -B size ]" #else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ #define B_FLAG #define B_FLAG_USAGE #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ #ifdef HAVE_PCAP_CREATE #define I_FLAG "I" #else /* HAVE_PCAP_CREATE */ #define I_FLAG #endif /* HAVE_PCAP_CREATE */ #ifdef HAVE_PCAP_SET_TSTAMP_TYPE #define j_FLAG "j:" #define j_FLAG_USAGE " [ -j tstamptype ]" #define J_FLAG "J" #else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ #define j_FLAG #define j_FLAG_USAGE #define J_FLAG #endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ #ifdef HAVE_PCAP_FINDALLDEVS #ifndef HAVE_PCAP_IF_T #undef HAVE_PCAP_FINDALLDEVS #endif #endif #ifdef HAVE_PCAP_FINDALLDEVS #define D_FLAG "D" #else #define D_FLAG #endif #ifdef HAVE_PCAP_DUMP_FLUSH #define U_FLAG "U" #else #define U_FLAG #endif #ifdef HAVE_PCAP_SETDIRECTION #define Q_FLAG "Q:" #else #define Q_FLAG #endif /* * Long options. * * We do not currently have long options corresponding to all short * options; we should probably pick appropriate option names for them. * * However, the short options where the number of times the option is * specified matters, such as -v and -d and -t, should probably not * just map to a long option, as saying * * tcpdump --verbose --verbose * * doesn't make sense; it should be --verbosity={N} or something such * as that. * * For long options with no corresponding short options, we define values * outside the range of ASCII graphic characters, make that the last * component of the entry for the long option, and have a case for that * option in the switch statement. */ #define OPTION_VERSION 128 #define OPTION_TSTAMP_PRECISION 129 static const struct option longopts[] = { #if defined(HAVE_PCAP_CREATE) || defined(WIN32) { "buffer-size", required_argument, NULL, 'B' }, #endif { "list-interfaces", no_argument, NULL, 'D' }, { "help", no_argument, NULL, 'h' }, { "interface", required_argument, NULL, 'i' }, #ifdef HAVE_PCAP_CREATE { "monitor-mode", no_argument, NULL, 'I' }, #endif #ifdef HAVE_PCAP_SET_TSTAMP_TYPE { "time-stamp-type", required_argument, NULL, 'j' }, { "list-time-stamp-types", no_argument, NULL, 'J' }, #endif #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION { "time-stamp-precision", required_argument, NULL, OPTION_TSTAMP_PRECISION}, #endif { "dont-verify-checksums", no_argument, NULL, 'K' }, { "list-data-link-types", no_argument, NULL, 'L' }, { "no-optimize", no_argument, NULL, 'O' }, { "no-promiscuous-mode", no_argument, NULL, 'p' }, #ifdef HAVE_PCAP_SETDIRECTION { "direction", required_argument, NULL, 'Q' }, #endif { "snapshot-length", required_argument, NULL, 's' }, { "absolute-tcp-sequence-numbers", no_argument, NULL, 'S' }, #ifdef HAVE_PCAP_DUMP_FLUSH { "packet-buffered", no_argument, NULL, 'U' }, #endif { "linktype", required_argument, NULL, 'y' }, #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) { "debug-filter-parser", no_argument, NULL, 'Y' }, #endif { "relinquish-privileges", required_argument, NULL, 'Z' }, { "number", no_argument, NULL, '#' }, { "version", no_argument, NULL, OPTION_VERSION }, { NULL, 0, NULL, 0 } }; #ifndef WIN32 /* Drop root privileges and chroot if necessary */ static void droproot(const char *username, const char *chroot_dir) { struct passwd *pw = NULL; if (chroot_dir && !username) { fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n"); exit(1); } pw = getpwnam(username); if (pw) { if (chroot_dir) { if (chroot(chroot_dir) != 0 || chdir ("/") != 0) { fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n", chroot_dir, pcap_strerror(errno)); exit(1); } } #ifdef HAVE_CAP_NG_H int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); if (ret < 0) { fprintf(stderr, "error : ret %d\n", ret); } else { printf("dropped privs to %s\n", username); } /* We don't need CAP_SETUID and CAP_SETGID */ capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); capng_apply(CAPNG_SELECT_BOTH); #else if (initgroups(pw->pw_name, pw->pw_gid) != 0 || setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n", username, (unsigned long)pw->pw_uid, (unsigned long)pw->pw_gid, pcap_strerror(errno)); exit(1); } else { printf("dropped privs to %s\n", username); } #endif /* HAVE_CAP_NG_H */ } else { fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", username); exit(1); } } #endif /* WIN32 */ static int getWflagChars(int x) { int c = 0; x -= 1; while (x > 0) { c += 1; x /= 10; } return c; } static void MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars) { char *filename = malloc(PATH_MAX + 1); if (filename == NULL) error("Makefilename: malloc"); /* Process with strftime if Gflag is set. */ if (Gflag != 0) { struct tm *local_tm; /* Convert Gflag_time to a usable format */ if ((local_tm = localtime(&Gflag_time)) == NULL) { error("MakeTimedFilename: localtime"); } /* There's no good way to detect an error in strftime since a return * value of 0 isn't necessarily failure. */ strftime(filename, PATH_MAX, orig_name, local_tm); } else { strncpy(filename, orig_name, PATH_MAX); } if (cnt == 0 && max_chars == 0) strncpy(buffer, filename, PATH_MAX + 1); else if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX) /* Report an error if the filename is too large */ error("too many output files or filename is too long (> %d)", PATH_MAX); free(filename); } static int tcpdump_printf(netdissect_options *ndo _U_, const char *fmt, ...) { va_list args; int ret; va_start(args, fmt); ret=vfprintf(stdout, fmt, args); va_end(args); return ret; } static struct print_info get_print_info(int type) { struct print_info printinfo; printinfo.ndo_type = 1; printinfo.ndo = gndo; printinfo.p.ndo_printer = lookup_ndo_printer(type); if (printinfo.p.ndo_printer == NULL) { printinfo.p.printer = lookup_printer(type); printinfo.ndo_type = 0; if (printinfo.p.printer == NULL) { gndo->ndo_dltname = pcap_datalink_val_to_name(type); if (gndo->ndo_dltname != NULL) error("packet printing is not supported for link type %s: use -w", gndo->ndo_dltname); else error("packet printing is not supported for link type %d: use -w", type); } } return (printinfo); } static char * get_next_file(FILE *VFile, char *ptr) { char *ret; ret = fgets(ptr, PATH_MAX, VFile); if (!ret) return NULL; if (ptr[strlen(ptr) - 1] == '\n') ptr[strlen(ptr) - 1] = '\0'; return ret; } #ifdef HAVE_CAPSICUM static cap_channel_t * capdns_setup(void) { cap_channel_t *capcas, *capdnsloc; const char *types[1]; int families[2]; capcas = cap_init(); if (capcas == NULL) { warning("unable to contact casperd"); return (NULL); } capdnsloc = cap_service_open(capcas, "system.dns"); /* Casper capability no longer needed. */ cap_close(capcas); if (capdnsloc == NULL) error("unable to open system.dns service"); /* Limit system.dns to reverse DNS lookups. */ types[0] = "ADDR"; if (cap_dns_type_limit(capdnsloc, types, 1) < 0) error("unable to limit access to system.dns service"); families[0] = AF_INET; families[1] = AF_INET6; if (cap_dns_family_limit(capdnsloc, families, 2) < 0) error("unable to limit access to system.dns service"); return (capdnsloc); } #endif /* HAVE_CAPSICUM */ #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION static int tstamp_precision_from_string(const char *precision) { if (strncmp(precision, "nano", strlen("nano")) == 0) return PCAP_TSTAMP_PRECISION_NANO; if (strncmp(precision, "micro", strlen("micro")) == 0) return PCAP_TSTAMP_PRECISION_MICRO; return -EINVAL; } static const char * tstamp_precision_to_string(int precision) { switch (precision) { case PCAP_TSTAMP_PRECISION_MICRO: return "micro"; case PCAP_TSTAMP_PRECISION_NANO: return "nano"; default: return "unknown"; } } #endif int main(int argc, char **argv) { register int cnt, op, i; bpf_u_int32 localnet =0 , netmask = 0; register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName; pcap_handler callback; int type; int dlt; int new_dlt; const char *dlt_name; struct bpf_program fcode; #ifndef WIN32 RETSIGTYPE (*oldhandler)(int); #endif struct print_info printinfo; struct dump_info dumpinfo; u_char *pcap_userdata; char ebuf[PCAP_ERRBUF_SIZE]; char VFileLine[PATH_MAX + 1]; char *username = NULL; char *chroot_dir = NULL; char *ret = NULL; char *end; #ifdef HAVE_PCAP_FINDALLDEVS pcap_if_t *devpointer; int devnum; #endif int status; FILE *VFile; #ifdef HAVE_CAPSICUM cap_rights_t rights; #endif /* HAVE_CAPSICUM */ int cansandbox; #ifdef WIN32 if(wsockinit() != 0) return 1; #endif /* WIN32 */ jflag=-1; /* not set */ gndo->ndo_Oflag=1; gndo->ndo_Rflag=1; gndo->ndo_dlt=-1; gndo->ndo_default_print=ndo_default_print; gndo->ndo_printf=tcpdump_printf; gndo->ndo_error=ndo_error; gndo->ndo_warning=ndo_warning; gndo->ndo_snaplen = DEFAULT_SNAPLEN; cnt = -1; device = NULL; infile = NULL; RFileName = NULL; VFileName = NULL; VFile = NULL; WFileName = NULL; dlt = -1; if ((cp = strrchr(argv[0], '/')) != NULL) program_name = cp + 1; else program_name = argv[0]; if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) error("%s", ebuf); #ifdef USE_LIBSMI smiInit("tcpdump"); #endif while ( (op = getopt_long(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#", longopts, NULL)) != -1) switch (op) { case 'a': /* compatibility for old -a */ break; case 'A': ++Aflag; break; case 'b': ++bflag; break; #if defined(HAVE_PCAP_CREATE) || defined(WIN32) case 'B': Bflag = atoi(optarg)*1024; if (Bflag <= 0) error("invalid packet buffer size %s", optarg); break; #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */ case 'c': cnt = atoi(optarg); if (cnt <= 0) error("invalid packet count %s", optarg); break; case 'C': Cflag = atoi(optarg) * 1000000; if (Cflag < 0) error("invalid file size %s", optarg); break; case 'd': ++dflag; break; case 'D': Dflag++; break; case 'L': Lflag++; break; case 'e': ++eflag; break; case 'E': #ifndef HAVE_LIBCRYPTO warning("crypto code not compiled in"); #endif gndo->ndo_espsecret = optarg; break; case 'f': ++fflag; break; case 'F': infile = optarg; break; case 'G': Gflag = atoi(optarg); if (Gflag < 0) error("invalid number of seconds %s", optarg); /* We will create one file initially. */ Gflag_count = 0; /* Grab the current time for rotation use. */ if ((Gflag_time = time(NULL)) == (time_t)-1) { error("main: can't get current time: %s", pcap_strerror(errno)); } break; case 'h': print_usage(); exit(0); break; case 'H': ++Hflag; break; case 'i': if (optarg[0] == '0' && optarg[1] == 0) error("Invalid adapter index"); #ifdef HAVE_PCAP_FINDALLDEVS /* * If the argument is a number, treat it as * an index into the list of adapters, as * printed by "tcpdump -D". * * This should be OK on UNIX systems, as interfaces * shouldn't have names that begin with digits. * It can be useful on Windows, where more than * one interface can have the same name. */ devnum = strtol(optarg, &end, 10); if (optarg != end && *end == '\0') { if (devnum < 0) error("Invalid adapter index"); if (pcap_findalldevs(&devpointer, ebuf) < 0) error("%s", ebuf); else { /* * Look for the devnum-th entry * in the list of devices * (1-based). */ for (i = 0; i < devnum-1 && devpointer != NULL; i++, devpointer = devpointer->next) ; if (devpointer == NULL) error("Invalid adapter index"); } device = devpointer->name; break; } #endif /* HAVE_PCAP_FINDALLDEVS */ device = optarg; break; #ifdef HAVE_PCAP_CREATE case 'I': ++Iflag; break; #endif /* HAVE_PCAP_CREATE */ #ifdef HAVE_PCAP_SET_TSTAMP_TYPE case 'j': jflag = pcap_tstamp_type_name_to_val(optarg); if (jflag < 0) error("invalid time stamp type %s", optarg); break; case 'J': Jflag++; break; #endif case 'l': #ifdef WIN32 /* * _IOLBF is the same as _IOFBF in Microsoft's C * libraries; the only alternative they offer * is _IONBF. * * XXX - this should really be checking for MSVC++, * not WIN32, if, for example, MinGW has its own * C library that is more UNIX-compatible. */ setvbuf(stdout, NULL, _IONBF, 0); #else /* WIN32 */ #ifdef HAVE_SETLINEBUF setlinebuf(stdout); #else setvbuf(stdout, NULL, _IOLBF, 0); #endif #endif /* WIN32 */ break; case 'K': ++Kflag; break; case 'm': #ifdef USE_LIBSMI if (smiLoadModule(optarg) == 0) { error("could not load MIB module %s", optarg); } sflag = 1; #else (void)fprintf(stderr, "%s: ignoring option `-m %s' ", program_name, optarg); (void)fprintf(stderr, "(no libsmi support)\n"); #endif break; case 'M': /* TCP-MD5 shared secret */ #ifndef HAVE_LIBCRYPTO warning("crypto code not compiled in"); #endif sigsecret = optarg; break; case 'n': ++nflag; break; case 'N': ++Nflag; break; case 'O': Oflag = 0; break; case 'p': ++pflag; break; case 'q': ++qflag; ++suppress_default_print; break; #ifdef HAVE_PCAP_SETDIRECTION case 'Q': if (strcasecmp(optarg, "in") == 0) Qflag = PCAP_D_IN; else if (strcasecmp(optarg, "out") == 0) Qflag = PCAP_D_OUT; else if (strcasecmp(optarg, "inout") == 0) Qflag = PCAP_D_INOUT; else error("unknown capture direction `%s'", optarg); break; #endif /* HAVE_PCAP_SETDIRECTION */ case 'r': RFileName = optarg; break; case 'R': Rflag = 0; break; case 's': snaplen = strtol(optarg, &end, 0); if (optarg == end || *end != '\0' || snaplen < 0 || snaplen > MAXIMUM_SNAPLEN) error("invalid snaplen %s", optarg); else if (snaplen == 0) snaplen = MAXIMUM_SNAPLEN; break; case 'S': ++Sflag; break; case 't': ++tflag; break; case 'T': if (strcasecmp(optarg, "vat") == 0) packettype = PT_VAT; else if (strcasecmp(optarg, "wb") == 0) packettype = PT_WB; else if (strcasecmp(optarg, "rpc") == 0) packettype = PT_RPC; else if (strcasecmp(optarg, "rtp") == 0) packettype = PT_RTP; else if (strcasecmp(optarg, "rtcp") == 0) packettype = PT_RTCP; else if (strcasecmp(optarg, "snmp") == 0) packettype = PT_SNMP; else if (strcasecmp(optarg, "cnfp") == 0) packettype = PT_CNFP; else if (strcasecmp(optarg, "tftp") == 0) packettype = PT_TFTP; else if (strcasecmp(optarg, "aodv") == 0) packettype = PT_AODV; else if (strcasecmp(optarg, "carp") == 0) packettype = PT_CARP; else if (strcasecmp(optarg, "radius") == 0) packettype = PT_RADIUS; else if (strcasecmp(optarg, "zmtp1") == 0) packettype = PT_ZMTP1; else if (strcasecmp(optarg, "vxlan") == 0) packettype = PT_VXLAN; else if (strcasecmp(optarg, "pgm") == 0) packettype = PT_PGM; else if (strcasecmp(optarg, "pgm_zmtp1") == 0) packettype = PT_PGM_ZMTP1; else if (strcasecmp(optarg, "lmp") == 0) packettype = PT_LMP; else error("unknown packet type `%s'", optarg); break; case 'u': ++uflag; break; #ifdef HAVE_PCAP_DUMP_FLUSH case 'U': ++Uflag; break; #endif case 'v': ++vflag; break; case 'V': VFileName = optarg; break; case 'w': WFileName = optarg; break; case 'W': Wflag = atoi(optarg); if (Wflag < 0) error("invalid number of output files %s", optarg); WflagChars = getWflagChars(Wflag); break; case 'x': ++xflag; ++suppress_default_print; break; case 'X': ++Xflag; ++suppress_default_print; break; case 'y': gndo->ndo_dltname = optarg; gndo->ndo_dlt = pcap_datalink_name_to_val(gndo->ndo_dltname); if (gndo->ndo_dlt < 0) error("invalid data link type %s", gndo->ndo_dltname); break; #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) case 'Y': { /* Undocumented flag */ #ifdef HAVE_PCAP_DEBUG extern int pcap_debug; pcap_debug = 1; #else extern int yydebug; yydebug = 1; #endif } break; #endif case 'z': zflag = strdup(optarg); break; case 'Z': username = strdup(optarg); break; case '#': gndo->ndo_packet_number = 1; break; case OPTION_VERSION: print_version(); exit(0); break; #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION case OPTION_TSTAMP_PRECISION: gndo->ndo_tstamp_precision = tstamp_precision_from_string(optarg); if (gndo->ndo_tstamp_precision < 0) error("unsupported time stamp precision"); break; #endif default: print_usage(); exit(1); /* NOTREACHED */ } #ifdef HAVE_PCAP_FINDALLDEVS if (Dflag) show_devices_and_exit(); #endif switch (tflag) { case 0: /* Default */ case 4: /* Default + Date*/ thiszone = gmt2local(0); break; case 1: /* No time stamp */ case 2: /* Unix timeval style */ case 3: /* Microseconds since previous packet */ case 5: /* Microseconds since first packet */ break; default: /* Not supported */ error("only -t, -tt, -ttt, -tttt and -ttttt are supported"); break; } if (fflag != 0 && (VFileName != NULL || RFileName != NULL)) error("-f can not be used with -V or -r"); if (VFileName != NULL && RFileName != NULL) error("-V and -r are mutually exclusive."); #ifdef WITH_CHROOT /* if run as root, prepare for chrooting */ if (getuid() == 0 || geteuid() == 0) { /* future extensibility for cmd-line arguments */ if (!chroot_dir) chroot_dir = WITH_CHROOT; } #endif #ifdef WITH_USER /* if run as root, prepare for dropping root privileges */ if (getuid() == 0 || geteuid() == 0) { /* Run with '-Z root' to restore old behaviour */ if (!username) username = WITH_USER; } #endif if (RFileName != NULL || VFileName != NULL) { /* * If RFileName is non-null, it's the pathname of a * savefile to read. If VFileName is non-null, it's * the pathname of a file containing a list of pathnames * (one per line) of savefiles to read. * * In either case, we're reading a savefile, not doing * a live capture. */ #ifndef WIN32 /* * We don't need network access, so relinquish any set-UID * or set-GID privileges we have (if any). * * We do *not* want set-UID privileges when opening a * trace file, as that might let the user read other * people's trace files (especially if we're set-UID * root). */ if (setgid(getgid()) != 0 || setuid(getuid()) != 0 ) fprintf(stderr, "Warning: setgid/setuid failed !\n"); #endif /* WIN32 */ if (VFileName != NULL) { if (VFileName[0] == '-' && VFileName[1] == '\0') VFile = stdin; else VFile = fopen(VFileName, "r"); if (VFile == NULL) error("Unable to open file: %s\n", strerror(errno)); ret = get_next_file(VFile, VFileLine); if (!ret) error("Nothing in %s\n", VFileName); RFileName = VFileLine; } #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION pd = pcap_open_offline_with_tstamp_precision(RFileName, gndo->ndo_tstamp_precision, ebuf); #else pd = pcap_open_offline(RFileName, ebuf); #endif if (pd == NULL) error("%s", ebuf); #ifdef HAVE_CAPSICUM cap_rights_init(&rights, CAP_READ); if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 && errno != ENOSYS) { error("unable to limit pcap descriptor"); } #endif dlt = pcap_datalink(pd); dlt_name = pcap_datalink_val_to_name(dlt); if (dlt_name == NULL) { fprintf(stderr, "reading from file %s, link-type %u\n", RFileName, dlt); } else { fprintf(stderr, "reading from file %s, link-type %s (%s)\n", RFileName, dlt_name, pcap_datalink_val_to_description(dlt)); } } else { /* * We're doing a live capture. */ if (device == NULL) { device = pcap_lookupdev(ebuf); if (device == NULL) error("%s", ebuf); } #ifdef WIN32 /* * Print a message to the standard error on Windows. * XXX - why do it here, with a different message? */ if(strlen(device) == 1) /* we assume that an ASCII string is always longer than 1 char */ { /* a Unicode string has a \0 as second byte (so strlen() is 1) */ fprintf(stderr, "%s: listening on %ws\n", program_name, device); } else { fprintf(stderr, "%s: listening on %s\n", program_name, device); } fflush(stderr); #endif /* WIN32 */ #ifdef HAVE_PCAP_CREATE pd = pcap_create(device, ebuf); if (pd == NULL) error("%s", ebuf); #ifdef HAVE_PCAP_SET_TSTAMP_TYPE if (Jflag) show_tstamp_types_and_exit(device, pd); #endif #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION status = pcap_set_tstamp_precision(pd, gndo->ndo_tstamp_precision); if (status != 0) error("%s: Can't set %ssecond time stamp precision: %s", device, tstamp_precision_to_string(gndo->ndo_tstamp_precision), pcap_statustostr(status)); #endif /* * Is this an interface that supports monitor mode? */ if (pcap_can_set_rfmon(pd) == 1) supports_monitor_mode = 1; else supports_monitor_mode = 0; status = pcap_set_snaplen(pd, snaplen); if (status != 0) error("%s: Can't set snapshot length: %s", device, pcap_statustostr(status)); status = pcap_set_promisc(pd, !pflag); if (status != 0) error("%s: Can't set promiscuous mode: %s", device, pcap_statustostr(status)); if (Iflag) { status = pcap_set_rfmon(pd, 1); if (status != 0) error("%s: Can't set monitor mode: %s", device, pcap_statustostr(status)); } status = pcap_set_timeout(pd, 1000); if (status != 0) error("%s: pcap_set_timeout failed: %s", device, pcap_statustostr(status)); if (Bflag != 0) { status = pcap_set_buffer_size(pd, Bflag); if (status != 0) error("%s: Can't set buffer size: %s", device, pcap_statustostr(status)); } #ifdef HAVE_PCAP_SET_TSTAMP_TYPE if (jflag != -1) { status = pcap_set_tstamp_type(pd, jflag); if (status < 0) error("%s: Can't set time stamp type: %s", device, pcap_statustostr(status)); } #endif status = pcap_activate(pd); if (status < 0) { /* * pcap_activate() failed. */ cp = pcap_geterr(pd); if (status == PCAP_ERROR) error("%s", cp); else if ((status == PCAP_ERROR_NO_SUCH_DEVICE || status == PCAP_ERROR_PERM_DENIED) && *cp != '\0') error("%s: %s\n(%s)", device, pcap_statustostr(status), cp); #ifdef __FreeBSD__ else if (status == PCAP_ERROR_RFMON_NOTSUP && strncmp(device, "wlan", 4) == 0) { char parent[8], newdev[8]; char sysctl[32]; size_t s = sizeof(parent); snprintf(sysctl, sizeof(sysctl), "net.wlan.%d.%%parent", atoi(device + 4)); sysctlbyname(sysctl, parent, &s, NULL, 0); strlcpy(newdev, device, sizeof(newdev)); /* Suggest a new wlan device. */ newdev[strlen(newdev)-1]++; error("%s is not a monitor mode VAP\n" "To create a new monitor mode VAP use:\n" " ifconfig %s create wlandev %s wlanmode " "monitor\nand use %s as the tcpdump " "interface", device, newdev, parent, newdev); } #endif else error("%s: %s", device, pcap_statustostr(status)); } else if (status > 0) { /* * pcap_activate() succeeded, but it's warning us * of a problem it had. */ cp = pcap_geterr(pd); if (status == PCAP_WARNING) warning("%s", cp); else if (status == PCAP_WARNING_PROMISC_NOTSUP && *cp != '\0') warning("%s: %s\n(%s)", device, pcap_statustostr(status), cp); else warning("%s: %s", device, pcap_statustostr(status)); } #ifdef HAVE_PCAP_SETDIRECTION if (Qflag != -1) { status = pcap_setdirection(pd, Qflag); if (status != 0) error("%s: pcap_setdirection() failed: %s", device, pcap_geterr(pd)); } #endif /* HAVE_PCAP_SETDIRECTION */ #else *ebuf = '\0'; pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf); if (pd == NULL) error("%s", ebuf); else if (*ebuf) warning("%s", ebuf); #endif /* HAVE_PCAP_CREATE */ /* * Let user own process after socket has been opened. */ #ifndef WIN32 if (setgid(getgid()) != 0 || setuid(getuid()) != 0) fprintf(stderr, "Warning: setgid/setuid failed !\n"); #endif /* WIN32 */ #if !defined(HAVE_PCAP_CREATE) && defined(WIN32) if(Bflag != 0) if(pcap_setbuff(pd, Bflag)==-1){ error("%s", pcap_geterr(pd)); } #endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */ if (Lflag) show_dlts_and_exit(device, pd); if (gndo->ndo_dlt >= 0) { #ifdef HAVE_PCAP_SET_DATALINK if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0) error("%s", pcap_geterr(pd)); #else /* * We don't actually support changing the * data link type, so we only let them * set it to what it already is. */ if (gndo->ndo_dlt != pcap_datalink(pd)) { error("%s is not one of the DLTs supported by this device\n", gndo->ndo_dltname); } #endif (void)fprintf(stderr, "%s: data link type %s\n", program_name, gndo->ndo_dltname); (void)fflush(stderr); } i = pcap_snapshot(pd); if (snaplen < i) { warning("snaplen raised from %d to %d", snaplen, i); snaplen = i; } if(fflag != 0) { if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) { warning("foreign (-f) flag used but: %s", ebuf); } } } if (infile) cmdbuf = read_infile(infile); else cmdbuf = copy_argv(&argv[optind]); if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) error("%s", pcap_geterr(pd)); if (dflag) { bpf_dump(&fcode, dflag); pcap_close(pd); free(cmdbuf); exit(0); } #ifdef HAVE_CAPSICUM if (!nflag) capdns = capdns_setup(); #endif /* HAVE_CAPSICUM */ init_addrtoname(gndo, localnet, netmask); init_checksum(); #ifndef WIN32 (void)setsignal(SIGPIPE, cleanup); (void)setsignal(SIGTERM, cleanup); (void)setsignal(SIGINT, cleanup); #endif /* WIN32 */ #if defined(HAVE_FORK) || defined(HAVE_VFORK) (void)setsignal(SIGCHLD, child_cleanup); #endif /* Cooperate with nohup(1) */ #ifndef WIN32 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL) (void)setsignal(SIGHUP, oldhandler); #endif /* WIN32 */ #ifndef WIN32 /* * If a user name was specified with "-Z", attempt to switch to * that user's UID. This would probably be used with sudo, * to allow tcpdump to be run in a special restricted * account (if you just want to allow users to open capture * devices, and can't just give users that permission, * you'd make tcpdump set-UID or set-GID). * * Tcpdump doesn't necessarily write only to one savefile; * the general only way to allow a -Z instance to write to * savefiles as the user under whose UID it's run, rather * than as the user specified with -Z, would thus be to switch * to the original user ID before opening a capture file and * then switch back to the -Z user ID after opening the savefile. * Switching to the -Z user ID only after opening the first * savefile doesn't handle the general case. */ #ifdef HAVE_CAP_NG_H /* We are running as root and we will be writing to savefile */ if ((getuid() == 0 || geteuid() == 0) && WFileName) { if (username) { /* Drop all capabilities from effective set */ capng_clear(CAPNG_EFFECTIVE); /* Add capabilities we will need*/ capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETUID); capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETGID); capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_DAC_OVERRIDE); capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETUID); capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETGID); capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); capng_apply(CAPNG_SELECT_BOTH); } } #endif /* HAVE_CAP_NG_H */ if (getuid() == 0 || geteuid() == 0) { if (username || chroot_dir) droproot(username, chroot_dir); } #endif /* WIN32 */ if (pcap_setfilter(pd, &fcode) < 0) error("%s", pcap_geterr(pd)); #ifdef HAVE_CAPSICUM if (RFileName == NULL && VFileName == NULL) { static const unsigned long cmds[] = { BIOCGSTATS }; cap_rights_init(&rights, CAP_IOCTL, CAP_READ); if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 && errno != ENOSYS) { error("unable to limit pcap descriptor"); } if (cap_ioctls_limit(pcap_fileno(pd), cmds, sizeof(cmds) / sizeof(cmds[0])) < 0 && errno != ENOSYS) { error("unable to limit ioctls on pcap descriptor"); } } #endif if (WFileName) { pcap_dumper_t *p; /* Do not exceed the default PATH_MAX for files. */ dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1); if (dumpinfo.CurrentFileName == NULL) error("malloc of dumpinfo.CurrentFileName"); /* We do not need numbering for dumpfiles if Cflag isn't set. */ if (Cflag != 0) MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars); else MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); p = pcap_dump_open(pd, dumpinfo.CurrentFileName); #ifdef HAVE_CAP_NG_H /* Give up capabilities, clear Effective set */ capng_clear(CAPNG_EFFECTIVE); #endif if (p == NULL) error("%s", pcap_geterr(pd)); #ifdef HAVE_CAPSICUM cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); if (cap_rights_limit(fileno(pcap_dump_file(p)), &rights) < 0 && errno != ENOSYS) { error("unable to limit dump descriptor"); } #endif if (Cflag != 0 || Gflag != 0) { #ifdef HAVE_CAPSICUM dumpinfo.WFileName = strdup(basename(WFileName)); dumpinfo.dirfd = open(dirname(WFileName), O_DIRECTORY | O_RDONLY); if (dumpinfo.dirfd < 0) { error("unable to open directory %s", dirname(WFileName)); } cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL, CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK, CAP_WRITE); if (cap_rights_limit(dumpinfo.dirfd, &rights) < 0 && errno != ENOSYS) { error("unable to limit directory rights"); } #else /* !HAVE_CAPSICUM */ dumpinfo.WFileName = WFileName; #endif callback = dump_packet_and_trunc; dumpinfo.pd = pd; dumpinfo.p = p; pcap_userdata = (u_char *)&dumpinfo; } else { callback = dump_packet; pcap_userdata = (u_char *)p; } #ifdef HAVE_PCAP_DUMP_FLUSH if (Uflag) pcap_dump_flush(p); #endif } else { type = pcap_datalink(pd); printinfo = get_print_info(type); callback = print_packet; pcap_userdata = (u_char *)&printinfo; } #ifdef SIGNAL_REQ_INFO /* * We can't get statistics when reading from a file rather * than capturing from a device. */ if (RFileName == NULL) (void)setsignal(SIGNAL_REQ_INFO, requestinfo); #endif if (vflag > 0 && WFileName) { /* * When capturing to a file, "-v" means tcpdump should, * every 10 secodns, "v"erbosely report the number of * packets captured. */ #ifdef USE_WIN32_MM_TIMER /* call verbose_stats_dump() each 1000 +/-100msec */ timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC); setvbuf(stderr, NULL, _IONBF, 0); #elif defined(HAVE_ALARM) (void)setsignal(SIGALRM, verbose_stats_dump); alarm(1); #endif } #ifndef WIN32 if (RFileName == NULL) { /* * Live capture (if -V was specified, we set RFileName * to a file from the -V file). Print a message to * the standard error on UN*X. */ if (!vflag && !WFileName) { (void)fprintf(stderr, "%s: verbose output suppressed, use -v or -vv for full protocol decode\n", program_name); } else (void)fprintf(stderr, "%s: ", program_name); dlt = pcap_datalink(pd); dlt_name = pcap_datalink_val_to_name(dlt); if (dlt_name == NULL) { (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n", device, dlt, snaplen); } else { (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n", device, dlt_name, pcap_datalink_val_to_description(dlt), snaplen); } (void)fflush(stderr); } #endif /* WIN32 */ #ifdef __FreeBSD__ cansandbox = (VFileName == NULL && zflag == NULL); #ifdef HAVE_CAPSICUM cansandbox = (cansandbox && (nflag || capdns != NULL)); #else cansandbox = (cansandbox && nflag); #endif if (cansandbox && cap_enter() < 0 && errno != ENOSYS) error("unable to enter the capability mode"); - if (cap_sandboxed()) - fprintf(stderr, "capability mode sandbox enabled\n"); #endif /* __FreeBSD__ */ do { status = pcap_loop(pd, cnt, callback, pcap_userdata); if (WFileName == NULL) { /* * We're printing packets. Flush the printed output, * so it doesn't get intermingled with error output. */ if (status == -2) { /* * We got interrupted, so perhaps we didn't * manage to finish a line we were printing. * Print an extra newline, just in case. */ putchar('\n'); } (void)fflush(stdout); } if (status == -2) { /* * We got interrupted. If we are reading multiple * files (via -V) set these so that we stop. */ VFileName = NULL; ret = NULL; } if (status == -1) { /* * Error. Report it. */ (void)fprintf(stderr, "%s: pcap_loop: %s\n", program_name, pcap_geterr(pd)); } if (RFileName == NULL) { /* * We're doing a live capture. Report the capture * statistics. */ info(1); } pcap_close(pd); if (VFileName != NULL) { ret = get_next_file(VFile, VFileLine); if (ret) { RFileName = VFileLine; pd = pcap_open_offline(RFileName, ebuf); if (pd == NULL) error("%s", ebuf); #ifdef HAVE_CAPSICUM cap_rights_init(&rights, CAP_READ); if (cap_rights_limit(fileno(pcap_file(pd)), &rights) < 0 && errno != ENOSYS) { error("unable to limit pcap descriptor"); } #endif new_dlt = pcap_datalink(pd); if (WFileName && new_dlt != dlt) error("%s: new dlt does not match original", RFileName); printinfo = get_print_info(new_dlt); dlt_name = pcap_datalink_val_to_name(new_dlt); if (dlt_name == NULL) { fprintf(stderr, "reading from file %s, link-type %u\n", RFileName, new_dlt); } else { fprintf(stderr, "reading from file %s, link-type %s (%s)\n", RFileName, dlt_name, pcap_datalink_val_to_description(new_dlt)); } if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) error("%s", pcap_geterr(pd)); if (pcap_setfilter(pd, &fcode) < 0) error("%s", pcap_geterr(pd)); } } } while (ret != NULL); free(cmdbuf); exit(status == -1 ? 1 : 0); } /* make a clean exit on interrupts */ static RETSIGTYPE cleanup(int signo _U_) { #ifdef USE_WIN32_MM_TIMER if (timer_id) timeKillEvent(timer_id); timer_id = 0; #elif defined(HAVE_ALARM) alarm(0); #endif #ifdef HAVE_PCAP_BREAKLOOP /* * We have "pcap_breakloop()"; use it, so that we do as little * as possible in the signal handler (it's probably not safe * to do anything with standard I/O streams in a signal handler - * the ANSI C standard doesn't say it is). */ pcap_breakloop(pd); #else /* * We don't have "pcap_breakloop()"; this isn't safe, but * it's the best we can do. Print the summary if we're * not reading from a savefile - i.e., if we're doing a * live capture - and exit. */ if (pd != NULL && pcap_file(pd) == NULL) { /* * We got interrupted, so perhaps we didn't * manage to finish a line we were printing. * Print an extra newline, just in case. */ putchar('\n'); (void)fflush(stdout); info(1); } exit(0); #endif } /* On windows, we do not use a fork, so we do not care less about waiting a child processes to die */ #if defined(HAVE_FORK) || defined(HAVE_VFORK) static RETSIGTYPE child_cleanup(int signo _U_) { wait(NULL); } #endif /* HAVE_FORK && HAVE_VFORK */ static void info(register int verbose) { struct pcap_stat stat; /* * Older versions of libpcap didn't set ps_ifdrop on some * platforms; initialize it to 0 to handle that. */ stat.ps_ifdrop = 0; if (pcap_stats(pd, &stat) < 0) { (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); infoprint = 0; return; } if (!verbose) fprintf(stderr, "%s: ", program_name); (void)fprintf(stderr, "%u packet%s captured", packets_captured, PLURAL_SUFFIX(packets_captured)); if (!verbose) fputs(", ", stderr); else putc('\n', stderr); (void)fprintf(stderr, "%u packet%s received by filter", stat.ps_recv, PLURAL_SUFFIX(stat.ps_recv)); if (!verbose) fputs(", ", stderr); else putc('\n', stderr); (void)fprintf(stderr, "%u packet%s dropped by kernel", stat.ps_drop, PLURAL_SUFFIX(stat.ps_drop)); if (stat.ps_ifdrop != 0) { if (!verbose) fputs(", ", stderr); else putc('\n', stderr); (void)fprintf(stderr, "%u packet%s dropped by interface\n", stat.ps_ifdrop, PLURAL_SUFFIX(stat.ps_ifdrop)); } else putc('\n', stderr); infoprint = 0; } #if defined(HAVE_FORK) || defined(HAVE_VFORK) static void compress_savefile(const char *filename) { # ifdef HAVE_FORK if (fork()) # else if (vfork()) # endif return; /* * Set to lowest priority so that this doesn't disturb the capture */ #ifdef NZERO setpriority(PRIO_PROCESS, 0, NZERO - 1); #else setpriority(PRIO_PROCESS, 0, 19); #endif if (execlp(zflag, zflag, filename, (char *)NULL) == -1) fprintf(stderr, "compress_savefile:execlp(%s, %s): %s\n", zflag, filename, strerror(errno)); # ifdef HAVE_FORK exit(1); # else _exit(1); # endif } #else /* HAVE_FORK && HAVE_VFORK */ static void compress_savefile(const char *filename) { fprintf(stderr, "compress_savefile failed. Functionality not implemented under your system\n"); } #endif /* HAVE_FORK && HAVE_VFORK */ static void dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { struct dump_info *dump_info; #ifdef HAVE_CAPSICUM cap_rights_t rights; #endif ++packets_captured; ++infodelay; dump_info = (struct dump_info *)user; /* * XXX - this won't force the file to rotate on the specified time * boundary, but it will rotate on the first packet received after the * specified Gflag number of seconds. Note: if a Gflag time boundary * and a Cflag size boundary coincide, the time rotation will occur * first thereby cancelling the Cflag boundary (since the file should * be 0). */ if (Gflag != 0) { /* Check if it is time to rotate */ time_t t; /* Get the current time */ if ((t = time(NULL)) == (time_t)-1) { error("dump_and_trunc_packet: can't get current_time: %s", pcap_strerror(errno)); } /* If the time is greater than the specified window, rotate */ if (t - Gflag_time >= Gflag) { #ifdef HAVE_CAPSICUM FILE *fp; int fd; #endif /* Update the Gflag_time */ Gflag_time = t; /* Update Gflag_count */ Gflag_count++; /* * Close the current file and open a new one. */ pcap_dump_close(dump_info->p); /* * Compress the file we just closed, if the user asked for it */ if (zflag != NULL) compress_savefile(dump_info->CurrentFileName); /* * Check to see if we've exceeded the Wflag (when * not using Cflag). */ if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) { (void)fprintf(stderr, "Maximum file limit reached: %d\n", Wflag); exit(0); /* NOTREACHED */ } if (dump_info->CurrentFileName != NULL) free(dump_info->CurrentFileName); /* Allocate space for max filename + \0. */ dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); if (dump_info->CurrentFileName == NULL) error("dump_packet_and_trunc: malloc"); /* * Gflag was set otherwise we wouldn't be here. Reset the count * so multiple files would end with 1,2,3 in the filename. * The counting is handled with the -C flow after this. */ Cflag_count = 0; /* * This is always the first file in the Cflag * rotation: e.g. 0 * We also don't need numbering if Cflag is not set. */ if (Cflag != 0) MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, WflagChars); else MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0); #ifdef HAVE_CAP_NG_H capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); capng_apply(CAPNG_EFFECTIVE); #endif /* HAVE_CAP_NG_H */ #ifdef HAVE_CAPSICUM fd = openat(dump_info->dirfd, dump_info->CurrentFileName, O_CREAT | O_WRONLY | O_TRUNC, 0644); if (fd < 0) { error("unable to open file %s", dump_info->CurrentFileName); } fp = fdopen(fd, "w"); if (fp == NULL) { error("unable to fdopen file %s", dump_info->CurrentFileName); } dump_info->p = pcap_dump_fopen(dump_info->pd, fp); #else /* !HAVE_CAPSICUM */ dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); #endif #ifdef HAVE_CAP_NG_H capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); capng_apply(CAPNG_EFFECTIVE); #endif /* HAVE_CAP_NG_H */ if (dump_info->p == NULL) error("%s", pcap_geterr(pd)); #ifdef HAVE_CAPSICUM cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)), &rights) < 0 && errno != ENOSYS) { error("unable to limit dump descriptor"); } #endif } } /* * XXX - this won't prevent capture files from getting * larger than Cflag - the last packet written to the * file could put it over Cflag. */ if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) { #ifdef HAVE_CAPSICUM FILE *fp; int fd; #endif /* * Close the current file and open a new one. */ pcap_dump_close(dump_info->p); /* * Compress the file we just closed, if the user asked for it */ if (zflag != NULL) compress_savefile(dump_info->CurrentFileName); Cflag_count++; if (Wflag > 0) { if (Cflag_count >= Wflag) Cflag_count = 0; } if (dump_info->CurrentFileName != NULL) free(dump_info->CurrentFileName); dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); if (dump_info->CurrentFileName == NULL) error("dump_packet_and_trunc: malloc"); MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars); #ifdef HAVE_CAPSICUM fd = openat(dump_info->dirfd, dump_info->CurrentFileName, O_CREAT | O_WRONLY | O_TRUNC, 0644); if (fd < 0) { error("unable to open file %s", dump_info->CurrentFileName); } fp = fdopen(fd, "w"); if (fp == NULL) { error("unable to fdopen file %s", dump_info->CurrentFileName); } dump_info->p = pcap_dump_fopen(dump_info->pd, fp); #else /* !HAVE_CAPSICUM */ dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); #endif if (dump_info->p == NULL) error("%s", pcap_geterr(pd)); #ifdef HAVE_CAPSICUM cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)), &rights) < 0 && errno != ENOSYS) { error("unable to limit dump descriptor"); } #endif } pcap_dump((u_char *)dump_info->p, h, sp); #ifdef HAVE_PCAP_DUMP_FLUSH if (Uflag) pcap_dump_flush(dump_info->p); #endif --infodelay; if (infoprint) info(0); } static void dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { ++packets_captured; ++infodelay; pcap_dump(user, h, sp); #ifdef HAVE_PCAP_DUMP_FLUSH if (Uflag) pcap_dump_flush((pcap_dumper_t *)user); #endif --infodelay; if (infoprint) info(0); } static void print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { struct print_info *print_info; u_int hdrlen; netdissect_options *ndo; ++packets_captured; ++infodelay; print_info = (struct print_info *)user; ndo = print_info->ndo; if(ndo->ndo_packet_number) ND_PRINT((ndo, "%5u ", packets_captured)); ts_print(ndo, &h->ts); /* * Some printers want to check that they're not walking off the * end of the packet. * Rather than pass it all the way down, we set this global. */ ndo->ndo_snapend = sp + h->caplen; if(print_info->ndo_type) { hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp); } else { hdrlen = (*print_info->p.printer)(h, sp); } if (ndo->ndo_Xflag) { /* * Print the raw packet data in hex and ASCII. */ if (ndo->ndo_Xflag > 1) { /* * Include the link-layer header. */ hex_and_ascii_print(ndo, "\n\t", sp, h->caplen); } else { /* * Don't include the link-layer header - and if * we have nothing past the link-layer header, * print nothing. */ if (h->caplen > hdrlen) hex_and_ascii_print(ndo, "\n\t", sp + hdrlen, h->caplen - hdrlen); } } else if (ndo->ndo_xflag) { /* * Print the raw packet data in hex. */ if (ndo->ndo_xflag > 1) { /* * Include the link-layer header. */ hex_print(ndo, "\n\t", sp, h->caplen); } else { /* * Don't include the link-layer header - and if * we have nothing past the link-layer header, * print nothing. */ if (h->caplen > hdrlen) hex_print(ndo, "\n\t", sp + hdrlen, h->caplen - hdrlen); } } else if (ndo->ndo_Aflag) { /* * Print the raw packet data in ASCII. */ if (ndo->ndo_Aflag > 1) { /* * Include the link-layer header. */ ascii_print(ndo, sp, h->caplen); } else { /* * Don't include the link-layer header - and if * we have nothing past the link-layer header, * print nothing. */ if (h->caplen > hdrlen) ascii_print(ndo, sp + hdrlen, h->caplen - hdrlen); } } putchar('\n'); --infodelay; if (infoprint) info(0); } #ifdef WIN32 /* * XXX - there should really be libpcap calls to get the version * number as a string (the string would be generated from #defines * at run time, so that it's not generated from string constants * in the library, as, on many UNIX systems, those constants would * be statically linked into the application executable image, and * would thus reflect the version of libpcap on the system on * which the application was *linked*, not the system on which it's * *running*. * * That routine should be documented, unlike the "version[]" * string, so that UNIX vendors providing their own libpcaps * don't omit it (as a couple of vendors have...). * * Packet.dll should perhaps also export a routine to return the * version number of the Packet.dll code, to supply the * "Wpcap_version" information on Windows. */ char WDversion[]="current-git.tcpdump.org"; #if !defined(HAVE_GENERATED_VERSION) char version[]="current-git.tcpdump.org"; #endif char pcap_version[]="current-git.tcpdump.org"; char Wpcap_version[]="3.1"; #endif /* * By default, print the specified data out in hex and ASCII. */ static void ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length) { hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and identation string */ } void default_print(const u_char *bp, u_int length) { ndo_default_print(gndo, bp, length); } #ifdef SIGNAL_REQ_INFO RETSIGTYPE requestinfo(int signo _U_) { if (infodelay) ++infoprint; else info(0); } #endif /* * Called once each second in verbose mode while dumping to file */ #ifdef USE_WIN32_MM_TIMER void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_, DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_) { struct pcap_stat stat; if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) fprintf(stderr, "Got %u\r", packets_captured); } #elif defined(HAVE_ALARM) static void verbose_stats_dump(int sig _U_) { struct pcap_stat stat; if (infodelay == 0 && pcap_stats(pd, &stat) >= 0) fprintf(stderr, "Got %u\r", packets_captured); alarm(1); } #endif USES_APPLE_DEPRECATED_API static void print_version(void) { extern char version[]; #ifndef HAVE_PCAP_LIB_VERSION #if defined(WIN32) || defined(HAVE_PCAP_VERSION) extern char pcap_version[]; #else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ static char pcap_version[] = "unknown"; #endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */ #endif /* HAVE_PCAP_LIB_VERSION */ #ifdef HAVE_PCAP_LIB_VERSION #ifdef WIN32 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); #else /* WIN32 */ (void)fprintf(stderr, "%s version %s\n", program_name, version); #endif /* WIN32 */ (void)fprintf(stderr, "%s\n",pcap_lib_version()); #else /* HAVE_PCAP_LIB_VERSION */ #ifdef WIN32 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version); (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version); #else /* WIN32 */ (void)fprintf(stderr, "%s version %s\n", program_name, version); (void)fprintf(stderr, "libpcap version %s\n", pcap_version); #endif /* WIN32 */ #endif /* HAVE_PCAP_LIB_VERSION */ #if defined(HAVE_LIBCRYPTO) && defined(SSLEAY_VERSION) (void)fprintf (stderr, "%s\n", SSLeay_version(SSLEAY_VERSION)); #endif #ifdef USE_LIBSMI (void)fprintf (stderr, "SMI-library: %s\n", smi_version_string); #endif } USES_APPLE_RST static void print_usage(void) { print_version(); (void)fprintf(stderr, "Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX#]" B_FLAG_USAGE " [ -c count ]\n", program_name); (void)fprintf(stderr, "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n"); (void)fprintf(stderr, "\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ] [ --number ]\n"); #ifdef HAVE_PCAP_SETDIRECTION (void)fprintf(stderr, "\t\t[ -Q in|out|inout ]\n"); #endif (void)fprintf(stderr, "\t\t[ -r file ] [ -s snaplen ] "); #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION (void)fprintf(stderr, "[ --time-stamp-precision precision ]\n"); (void)fprintf(stderr, "\t\t"); #endif (void)fprintf(stderr, "[ -T type ] [ --version ] [ -V file ]\n"); (void)fprintf(stderr, "\t\t[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ]\n"); (void)fprintf(stderr, "\t\t[ -Z user ] [ expression ]\n"); } /* VARARGS */ static void ndo_error(netdissect_options *ndo _U_, const char *fmt, ...) { va_list ap; (void)fprintf(stderr, "%s: ", program_name); va_start(ap, fmt); (void)vfprintf(stderr, fmt, ap); va_end(ap); if (*fmt) { fmt += strlen(fmt); if (fmt[-1] != '\n') (void)fputc('\n', stderr); } exit(1); /* NOTREACHED */ } /* VARARGS */ static void ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...) { va_list ap; (void)fprintf(stderr, "%s: WARNING: ", program_name); va_start(ap, fmt); (void)vfprintf(stderr, fmt, ap); va_end(ap); if (*fmt) { fmt += strlen(fmt); if (fmt[-1] != '\n') (void)fputc('\n', stderr); } } /* * Local Variables: * c-style: whitesmith * c-basic-offset: 8 * End: */ Index: head/sbin/ping/ping.c =================================================================== --- head/sbin/ping/ping.c (revision 282435) +++ head/sbin/ping/ping.c (revision 282436) @@ -1,1843 +1,1840 @@ /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Mike Muuss. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char copyright[] = "@(#) Copyright (c) 1989, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* not lint */ #ifndef lint static char sccsid[] = "@(#)ping.c 8.1 (Berkeley) 6/5/93"; #endif /* not lint */ #endif #include __FBSDID("$FreeBSD$"); /* * P I N G . C * * Using the Internet Control Message Protocol (ICMP) "ECHO" facility, * measure round-trip-delays and packet loss across network paths. * * Author - * Mike Muuss * U. S. Army Ballistic Research Laboratory * December, 1983 * * Status - * Public Domain. Distribution Unlimited. * Bugs - * More statistics could always be gathered. * This program has to run SUID to ROOT to access the ICMP socket. */ #include /* NB: we rely on this for */ #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_LIBCAPSICUM #include #include #include #endif #ifdef IPSEC #include #endif /*IPSEC*/ #include #include #include #include #include #include #include #include #include #include #include #define INADDR_LEN ((int)sizeof(in_addr_t)) #define TIMEVAL_LEN ((int)sizeof(struct tv32)) #define MASK_LEN (ICMP_MASKLEN - ICMP_MINLEN) #define TS_LEN (ICMP_TSLEN - ICMP_MINLEN) #define DEFDATALEN 56 /* default data length */ #define FLOOD_BACKOFF 20000 /* usecs to back off if F_FLOOD mode */ /* runs out of buffer space */ #define MAXIPLEN (sizeof(struct ip) + MAX_IPOPTLEN) #define MAXICMPLEN (ICMP_ADVLENMIN + MAX_IPOPTLEN) #define MAXWAIT 10000 /* max ms to wait for response */ #define MAXALARM (60 * 60) /* max seconds for alarm timeout */ #define MAXTOS 255 #define A(bit) rcvd_tbl[(bit)>>3] /* identify byte in array */ #define B(bit) (1 << ((bit) & 0x07)) /* identify bit in byte */ #define SET(bit) (A(bit) |= B(bit)) #define CLR(bit) (A(bit) &= (~B(bit))) #define TST(bit) (A(bit) & B(bit)) struct tv32 { int32_t tv32_sec; int32_t tv32_usec; }; /* various options */ static int options; #define F_FLOOD 0x0001 #define F_INTERVAL 0x0002 #define F_NUMERIC 0x0004 #define F_PINGFILLED 0x0008 #define F_QUIET 0x0010 #define F_RROUTE 0x0020 #define F_SO_DEBUG 0x0040 #define F_SO_DONTROUTE 0x0080 #define F_VERBOSE 0x0100 #define F_QUIET2 0x0200 #define F_NOLOOP 0x0400 #define F_MTTL 0x0800 #define F_MIF 0x1000 #define F_AUDIBLE 0x2000 #ifdef IPSEC #ifdef IPSEC_POLICY_IPSEC #define F_POLICY 0x4000 #endif /*IPSEC_POLICY_IPSEC*/ #endif /*IPSEC*/ #define F_TTL 0x8000 #define F_MISSED 0x10000 #define F_ONCE 0x20000 #define F_HDRINCL 0x40000 #define F_MASK 0x80000 #define F_TIME 0x100000 #define F_SWEEP 0x200000 #define F_WAITTIME 0x400000 /* * MAX_DUP_CHK is the number of bits in received table, i.e. the maximum * number of received sequence numbers we can keep track of. Change 128 * to 8192 for complete accuracy... */ #define MAX_DUP_CHK (8 * 128) static int mx_dup_ck = MAX_DUP_CHK; static char rcvd_tbl[MAX_DUP_CHK / 8]; static struct sockaddr_in whereto; /* who to ping */ static int datalen = DEFDATALEN; static int maxpayload; static int ssend; /* send socket file descriptor */ static int srecv; /* receive socket file descriptor */ static u_char outpackhdr[IP_MAXPACKET], *outpack; static char BBELL = '\a'; /* characters written for MISSED and AUDIBLE */ static char BSPACE = '\b'; /* characters written for flood */ static char DOT = '.'; static char *hostname; static char *shostname; static int ident; /* process id to identify our packets */ static int uid; /* cached uid for micro-optimization */ static u_char icmp_type = ICMP_ECHO; static u_char icmp_type_rsp = ICMP_ECHOREPLY; static int phdr_len = 0; static int send_len; /* counters */ static long nmissedmax; /* max value of ntransmitted - nreceived - 1 */ static long npackets; /* max packets to transmit */ static long nreceived; /* # of packets we got back */ static long nrepeats; /* number of duplicates */ static long ntransmitted; /* sequence # for outbound packets = #sent */ static long snpackets; /* max packets to transmit in one sweep */ static long sntransmitted; /* # of packets we sent in this sweep */ static int sweepmax; /* max value of payload in sweep */ static int sweepmin = 0; /* start value of payload in sweep */ static int sweepincr = 1; /* payload increment in sweep */ static int interval = 1000; /* interval between packets, ms */ static int waittime = MAXWAIT; /* timeout for each packet */ static long nrcvtimeout = 0; /* # of packets we got back after waittime */ /* timing */ static int timing; /* flag to do timing */ static double tmin = 999999999.0; /* minimum round trip time */ static double tmax = 0.0; /* maximum round trip time */ static double tsum = 0.0; /* sum of all times, for doing average */ static double tsumsq = 0.0; /* sum of all times squared, for std. dev. */ /* nonzero if we've been told to finish up */ static volatile sig_atomic_t finish_up; static volatile sig_atomic_t siginfo_p; #ifdef HAVE_LIBCAPSICUM static cap_channel_t *capdns; #endif static void fill(char *, char *); static u_short in_cksum(u_short *, int); #ifdef HAVE_LIBCAPSICUM static cap_channel_t *capdns_setup(void); #endif static void check_status(void); static void finish(void) __dead2; static void pinger(void); static char *pr_addr(struct in_addr); static char *pr_ntime(n_time); static void pr_icmph(struct icmp *); static void pr_iph(struct ip *); static void pr_pack(char *, int, struct sockaddr_in *, struct timeval *); static void pr_retip(struct ip *); static void status(int); static void stopit(int); static void tvsub(struct timeval *, const struct timeval *); static void usage(void) __dead2; int main(int argc, char *const *argv) { struct sockaddr_in from, sock_in; struct in_addr ifaddr; struct timeval last, intvl; struct iovec iov; struct ip *ip; struct msghdr msg; struct sigaction si_sa; size_t sz; u_char *datap, packet[IP_MAXPACKET] __aligned(4); char *ep, *source, *target, *payload; struct hostent *hp; #ifdef IPSEC_POLICY_IPSEC char *policy_in, *policy_out; #endif struct sockaddr_in *to; double t; u_long alarmtimeout, ultmp; int almost_done, ch, df, hold, i, icmp_len, mib[4], preload; int ssend_errno, srecv_errno, tos, ttl; char ctrl[CMSG_SPACE(sizeof(struct timeval))]; char hnamebuf[MAXHOSTNAMELEN], snamebuf[MAXHOSTNAMELEN]; #ifdef IP_OPTIONS char rspace[MAX_IPOPTLEN]; /* record route space */ #endif unsigned char loop, mttl; payload = source = NULL; #ifdef IPSEC_POLICY_IPSEC policy_in = policy_out = NULL; #endif cap_rights_t rights; bool cansandbox; /* * Do the stuff that we need root priv's for *first*, and * then drop our setuid bit. Save error reporting for * after arg parsing. * * Historicaly ping was using one socket 's' for sending and for * receiving. After capsicum(4) related changes we use two * sockets. It was done for special ping use case - when user * issue ping on multicast or broadcast address replies come * from different addresses, not from the address we * connect(2)'ed to, and send socket do not receive those * packets. */ ssend = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); ssend_errno = errno; srecv = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); srecv_errno = errno; if (setuid(getuid()) != 0) err(EX_NOPERM, "setuid() failed"); uid = getuid(); alarmtimeout = df = preload = tos = 0; outpack = outpackhdr + sizeof(struct ip); while ((ch = getopt(argc, argv, "Aac:DdfG:g:h:I:i:Ll:M:m:nop:QqRrS:s:T:t:vW:z:" #ifdef IPSEC #ifdef IPSEC_POLICY_IPSEC "P:" #endif /*IPSEC_POLICY_IPSEC*/ #endif /*IPSEC*/ )) != -1) { switch(ch) { case 'A': options |= F_MISSED; break; case 'a': options |= F_AUDIBLE; break; case 'c': ultmp = strtoul(optarg, &ep, 0); if (*ep || ep == optarg || ultmp > LONG_MAX || !ultmp) errx(EX_USAGE, "invalid count of packets to transmit: `%s'", optarg); npackets = ultmp; break; case 'D': options |= F_HDRINCL; df = 1; break; case 'd': options |= F_SO_DEBUG; break; case 'f': if (uid) { errno = EPERM; err(EX_NOPERM, "-f flag"); } options |= F_FLOOD; setbuf(stdout, (char *)NULL); break; case 'G': /* Maximum packet size for ping sweep */ ultmp = strtoul(optarg, &ep, 0); if (*ep || ep == optarg) errx(EX_USAGE, "invalid packet size: `%s'", optarg); if (uid != 0 && ultmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, "packet size too large: %lu > %u", ultmp, DEFDATALEN); } options |= F_SWEEP; sweepmax = ultmp; break; case 'g': /* Minimum packet size for ping sweep */ ultmp = strtoul(optarg, &ep, 0); if (*ep || ep == optarg) errx(EX_USAGE, "invalid packet size: `%s'", optarg); if (uid != 0 && ultmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, "packet size too large: %lu > %u", ultmp, DEFDATALEN); } options |= F_SWEEP; sweepmin = ultmp; break; case 'h': /* Packet size increment for ping sweep */ ultmp = strtoul(optarg, &ep, 0); if (*ep || ep == optarg || ultmp < 1) errx(EX_USAGE, "invalid increment size: `%s'", optarg); if (uid != 0 && ultmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, "packet size too large: %lu > %u", ultmp, DEFDATALEN); } options |= F_SWEEP; sweepincr = ultmp; break; case 'I': /* multicast interface */ if (inet_aton(optarg, &ifaddr) == 0) errx(EX_USAGE, "invalid multicast interface: `%s'", optarg); options |= F_MIF; break; case 'i': /* wait between sending packets */ t = strtod(optarg, &ep) * 1000.0; if (*ep || ep == optarg || t > (double)INT_MAX) errx(EX_USAGE, "invalid timing interval: `%s'", optarg); options |= F_INTERVAL; interval = (int)t; if (uid && interval < 1000) { errno = EPERM; err(EX_NOPERM, "-i interval too short"); } break; case 'L': options |= F_NOLOOP; loop = 0; break; case 'l': ultmp = strtoul(optarg, &ep, 0); if (*ep || ep == optarg || ultmp > INT_MAX) errx(EX_USAGE, "invalid preload value: `%s'", optarg); if (uid) { errno = EPERM; err(EX_NOPERM, "-l flag"); } preload = ultmp; break; case 'M': switch(optarg[0]) { case 'M': case 'm': options |= F_MASK; break; case 'T': case 't': options |= F_TIME; break; default: errx(EX_USAGE, "invalid message: `%c'", optarg[0]); break; } break; case 'm': /* TTL */ ultmp = strtoul(optarg, &ep, 0); if (*ep || ep == optarg || ultmp > MAXTTL) errx(EX_USAGE, "invalid TTL: `%s'", optarg); ttl = ultmp; options |= F_TTL; break; case 'n': options |= F_NUMERIC; break; case 'o': options |= F_ONCE; break; #ifdef IPSEC #ifdef IPSEC_POLICY_IPSEC case 'P': options |= F_POLICY; if (!strncmp("in", optarg, 2)) policy_in = strdup(optarg); else if (!strncmp("out", optarg, 3)) policy_out = strdup(optarg); else errx(1, "invalid security policy"); break; #endif /*IPSEC_POLICY_IPSEC*/ #endif /*IPSEC*/ case 'p': /* fill buffer with user pattern */ options |= F_PINGFILLED; payload = optarg; break; case 'Q': options |= F_QUIET2; break; case 'q': options |= F_QUIET; break; case 'R': options |= F_RROUTE; break; case 'r': options |= F_SO_DONTROUTE; break; case 'S': source = optarg; break; case 's': /* size of packet to send */ ultmp = strtoul(optarg, &ep, 0); if (*ep || ep == optarg) errx(EX_USAGE, "invalid packet size: `%s'", optarg); if (uid != 0 && ultmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, "packet size too large: %lu > %u", ultmp, DEFDATALEN); } datalen = ultmp; break; case 'T': /* multicast TTL */ ultmp = strtoul(optarg, &ep, 0); if (*ep || ep == optarg || ultmp > MAXTTL) errx(EX_USAGE, "invalid multicast TTL: `%s'", optarg); mttl = ultmp; options |= F_MTTL; break; case 't': alarmtimeout = strtoul(optarg, &ep, 0); if ((alarmtimeout < 1) || (alarmtimeout == ULONG_MAX)) errx(EX_USAGE, "invalid timeout: `%s'", optarg); if (alarmtimeout > MAXALARM) errx(EX_USAGE, "invalid timeout: `%s' > %d", optarg, MAXALARM); alarm((int)alarmtimeout); break; case 'v': options |= F_VERBOSE; break; case 'W': /* wait ms for answer */ t = strtod(optarg, &ep); if (*ep || ep == optarg || t > (double)INT_MAX) errx(EX_USAGE, "invalid timing interval: `%s'", optarg); options |= F_WAITTIME; waittime = (int)t; break; case 'z': options |= F_HDRINCL; ultmp = strtoul(optarg, &ep, 0); if (*ep || ep == optarg || ultmp > MAXTOS) errx(EX_USAGE, "invalid TOS: `%s'", optarg); tos = ultmp; break; default: usage(); } } if (argc - optind != 1) usage(); target = argv[optind]; switch (options & (F_MASK|F_TIME)) { case 0: break; case F_MASK: icmp_type = ICMP_MASKREQ; icmp_type_rsp = ICMP_MASKREPLY; phdr_len = MASK_LEN; if (!(options & F_QUIET)) (void)printf("ICMP_MASKREQ\n"); break; case F_TIME: icmp_type = ICMP_TSTAMP; icmp_type_rsp = ICMP_TSTAMPREPLY; phdr_len = TS_LEN; if (!(options & F_QUIET)) (void)printf("ICMP_TSTAMP\n"); break; default: errx(EX_USAGE, "ICMP_TSTAMP and ICMP_MASKREQ are exclusive."); break; } icmp_len = sizeof(struct ip) + ICMP_MINLEN + phdr_len; if (options & F_RROUTE) icmp_len += MAX_IPOPTLEN; maxpayload = IP_MAXPACKET - icmp_len; if (datalen > maxpayload) errx(EX_USAGE, "packet size too large: %d > %d", datalen, maxpayload); send_len = icmp_len + datalen; datap = &outpack[ICMP_MINLEN + phdr_len + TIMEVAL_LEN]; if (options & F_PINGFILLED) { fill((char *)datap, payload); } #ifdef HAVE_LIBCAPSICUM capdns = capdns_setup(); #endif if (source) { bzero((char *)&sock_in, sizeof(sock_in)); sock_in.sin_family = AF_INET; if (inet_aton(source, &sock_in.sin_addr) != 0) { shostname = source; } else { #ifdef HAVE_LIBCAPSICUM if (capdns != NULL) hp = cap_gethostbyname2(capdns, source, AF_INET); else #endif hp = gethostbyname2(source, AF_INET); if (!hp) errx(EX_NOHOST, "cannot resolve %s: %s", source, hstrerror(h_errno)); sock_in.sin_len = sizeof sock_in; if ((unsigned)hp->h_length > sizeof(sock_in.sin_addr) || hp->h_length < 0) errx(1, "gethostbyname2: illegal address"); memcpy(&sock_in.sin_addr, hp->h_addr_list[0], sizeof(sock_in.sin_addr)); (void)strncpy(snamebuf, hp->h_name, sizeof(snamebuf) - 1); snamebuf[sizeof(snamebuf) - 1] = '\0'; shostname = snamebuf; } if (bind(ssend, (struct sockaddr *)&sock_in, sizeof sock_in) == -1) err(1, "bind"); } bzero(&whereto, sizeof(whereto)); to = &whereto; to->sin_family = AF_INET; to->sin_len = sizeof *to; if (inet_aton(target, &to->sin_addr) != 0) { hostname = target; } else { #ifdef HAVE_LIBCAPSICUM if (capdns != NULL) hp = cap_gethostbyname2(capdns, target, AF_INET); else #endif hp = gethostbyname2(target, AF_INET); if (!hp) errx(EX_NOHOST, "cannot resolve %s: %s", target, hstrerror(h_errno)); if ((unsigned)hp->h_length > sizeof(to->sin_addr)) errx(1, "gethostbyname2 returned an illegal address"); memcpy(&to->sin_addr, hp->h_addr_list[0], sizeof to->sin_addr); (void)strncpy(hnamebuf, hp->h_name, sizeof(hnamebuf) - 1); hnamebuf[sizeof(hnamebuf) - 1] = '\0'; hostname = hnamebuf; } #ifdef HAVE_LIBCAPSICUM /* From now on we will use only reverse DNS lookups. */ if (capdns != NULL) { const char *types[1]; types[0] = "ADDR"; if (cap_dns_type_limit(capdns, types, 1) < 0) err(1, "unable to limit access to system.dns service"); } #endif if (ssend < 0) { errno = ssend_errno; err(EX_OSERR, "ssend socket"); } if (srecv < 0) { errno = srecv_errno; err(EX_OSERR, "srecv socket"); } if (connect(ssend, (struct sockaddr *)&whereto, sizeof(whereto)) != 0) err(1, "connect"); if (options & F_FLOOD && options & F_INTERVAL) errx(EX_USAGE, "-f and -i: incompatible options"); if (options & F_FLOOD && IN_MULTICAST(ntohl(to->sin_addr.s_addr))) errx(EX_USAGE, "-f flag cannot be used with multicast destination"); if (options & (F_MIF | F_NOLOOP | F_MTTL) && !IN_MULTICAST(ntohl(to->sin_addr.s_addr))) errx(EX_USAGE, "-I, -L, -T flags cannot be used with unicast destination"); if (datalen >= TIMEVAL_LEN) /* can we time transfer */ timing = 1; if (!(options & F_PINGFILLED)) for (i = TIMEVAL_LEN; i < datalen; ++i) *datap++ = i; ident = getpid() & 0xFFFF; hold = 1; if (options & F_SO_DEBUG) { (void)setsockopt(ssend, SOL_SOCKET, SO_DEBUG, (char *)&hold, sizeof(hold)); (void)setsockopt(srecv, SOL_SOCKET, SO_DEBUG, (char *)&hold, sizeof(hold)); } if (options & F_SO_DONTROUTE) (void)setsockopt(ssend, SOL_SOCKET, SO_DONTROUTE, (char *)&hold, sizeof(hold)); #ifdef IPSEC #ifdef IPSEC_POLICY_IPSEC if (options & F_POLICY) { char *buf; if (policy_in != NULL) { buf = ipsec_set_policy(policy_in, strlen(policy_in)); if (buf == NULL) errx(EX_CONFIG, "%s", ipsec_strerror()); if (setsockopt(srecv, IPPROTO_IP, IP_IPSEC_POLICY, buf, ipsec_get_policylen(buf)) < 0) err(EX_CONFIG, "ipsec policy cannot be configured"); free(buf); } if (policy_out != NULL) { buf = ipsec_set_policy(policy_out, strlen(policy_out)); if (buf == NULL) errx(EX_CONFIG, "%s", ipsec_strerror()); if (setsockopt(ssend, IPPROTO_IP, IP_IPSEC_POLICY, buf, ipsec_get_policylen(buf)) < 0) err(EX_CONFIG, "ipsec policy cannot be configured"); free(buf); } } #endif /*IPSEC_POLICY_IPSEC*/ #endif /*IPSEC*/ if (options & F_HDRINCL) { ip = (struct ip*)outpackhdr; if (!(options & (F_TTL | F_MTTL))) { mib[0] = CTL_NET; mib[1] = PF_INET; mib[2] = IPPROTO_IP; mib[3] = IPCTL_DEFTTL; sz = sizeof(ttl); if (sysctl(mib, 4, &ttl, &sz, NULL, 0) == -1) err(1, "sysctl(net.inet.ip.ttl)"); } setsockopt(ssend, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold)); ip->ip_v = IPVERSION; ip->ip_hl = sizeof(struct ip) >> 2; ip->ip_tos = tos; ip->ip_id = 0; ip->ip_off = htons(df ? IP_DF : 0); ip->ip_ttl = ttl; ip->ip_p = IPPROTO_ICMP; ip->ip_src.s_addr = source ? sock_in.sin_addr.s_addr : INADDR_ANY; ip->ip_dst = to->sin_addr; } if (options & F_NUMERIC) cansandbox = true; #ifdef HAVE_LIBCAPSICUM else if (capdns != NULL) cansandbox = true; #endif else cansandbox = false; /* * Here we enter capability mode. Further down access to global * namespaces (e.g filesystem) is restricted (see capsicum(4)). * We must connect(2) our socket before this point. */ if (cansandbox && cap_enter() < 0 && errno != ENOSYS) err(1, "cap_enter"); - if (cap_sandboxed()) - fprintf(stderr, "capability mode sandbox enabled\n"); - cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT); if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS) err(1, "cap_rights_limit srecv"); cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT); if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS) err(1, "cap_rights_limit ssend"); /* record route option */ if (options & F_RROUTE) { #ifdef IP_OPTIONS bzero(rspace, sizeof(rspace)); rspace[IPOPT_OPTVAL] = IPOPT_RR; rspace[IPOPT_OLEN] = sizeof(rspace) - 1; rspace[IPOPT_OFFSET] = IPOPT_MINOFF; rspace[sizeof(rspace) - 1] = IPOPT_EOL; if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace, sizeof(rspace)) < 0) err(EX_OSERR, "setsockopt IP_OPTIONS"); #else errx(EX_UNAVAILABLE, "record route not available in this implementation"); #endif /* IP_OPTIONS */ } if (options & F_TTL) { if (setsockopt(ssend, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl)) < 0) { err(EX_OSERR, "setsockopt IP_TTL"); } } if (options & F_NOLOOP) { if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, sizeof(loop)) < 0) { err(EX_OSERR, "setsockopt IP_MULTICAST_LOOP"); } } if (options & F_MTTL) { if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_TTL, &mttl, sizeof(mttl)) < 0) { err(EX_OSERR, "setsockopt IP_MULTICAST_TTL"); } } if (options & F_MIF) { if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr, sizeof(ifaddr)) < 0) { err(EX_OSERR, "setsockopt IP_MULTICAST_IF"); } } #ifdef SO_TIMESTAMP { int on = 1; if (setsockopt(srecv, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)) < 0) err(EX_OSERR, "setsockopt SO_TIMESTAMP"); } #endif if (sweepmax) { if (sweepmin >= sweepmax) errx(EX_USAGE, "Maximum packet size must be greater than the minimum packet size"); if (datalen != DEFDATALEN) errx(EX_USAGE, "Packet size and ping sweep are mutually exclusive"); if (npackets > 0) { snpackets = npackets; npackets = 0; } else snpackets = 1; datalen = sweepmin; send_len = icmp_len + sweepmin; } if (options & F_SWEEP && !sweepmax) errx(EX_USAGE, "Maximum sweep size must be specified"); /* * When pinging the broadcast address, you can get a lot of answers. * Doing something so evil is useful if you are trying to stress the * ethernet, or just want to fill the arp cache to get some stuff for * /etc/ethers. But beware: RFC 1122 allows hosts to ignore broadcast * or multicast pings if they wish. */ /* * XXX receive buffer needs undetermined space for mbuf overhead * as well. */ hold = IP_MAXPACKET + 128; (void)setsockopt(srecv, SOL_SOCKET, SO_RCVBUF, (char *)&hold, sizeof(hold)); /* CAP_SETSOCKOPT removed */ cap_rights_init(&rights, CAP_RECV, CAP_EVENT); if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS) err(1, "cap_rights_limit srecv setsockopt"); if (uid == 0) (void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold, sizeof(hold)); /* CAP_SETSOCKOPT removed */ cap_rights_init(&rights, CAP_SEND); if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS) err(1, "cap_rights_limit ssend setsockopt"); if (to->sin_family == AF_INET) { (void)printf("PING %s (%s)", hostname, inet_ntoa(to->sin_addr)); if (source) (void)printf(" from %s", shostname); if (sweepmax) (void)printf(": (%d ... %d) data bytes\n", sweepmin, sweepmax); else (void)printf(": %d data bytes\n", datalen); } else { if (sweepmax) (void)printf("PING %s: (%d ... %d) data bytes\n", hostname, sweepmin, sweepmax); else (void)printf("PING %s: %d data bytes\n", hostname, datalen); } /* * Use sigaction() instead of signal() to get unambiguous semantics, * in particular with SA_RESTART not set. */ sigemptyset(&si_sa.sa_mask); si_sa.sa_flags = 0; si_sa.sa_handler = stopit; if (sigaction(SIGINT, &si_sa, 0) == -1) { err(EX_OSERR, "sigaction SIGINT"); } si_sa.sa_handler = status; if (sigaction(SIGINFO, &si_sa, 0) == -1) { err(EX_OSERR, "sigaction"); } if (alarmtimeout > 0) { si_sa.sa_handler = stopit; if (sigaction(SIGALRM, &si_sa, 0) == -1) err(EX_OSERR, "sigaction SIGALRM"); } bzero(&msg, sizeof(msg)); msg.msg_name = (caddr_t)&from; msg.msg_iov = &iov; msg.msg_iovlen = 1; #ifdef SO_TIMESTAMP msg.msg_control = (caddr_t)ctrl; #endif iov.iov_base = packet; iov.iov_len = IP_MAXPACKET; if (preload == 0) pinger(); /* send the first ping */ else { if (npackets != 0 && preload > npackets) preload = npackets; while (preload--) /* fire off them quickies */ pinger(); } (void)gettimeofday(&last, NULL); if (options & F_FLOOD) { intvl.tv_sec = 0; intvl.tv_usec = 10000; } else { intvl.tv_sec = interval / 1000; intvl.tv_usec = interval % 1000 * 1000; } almost_done = 0; while (!finish_up) { struct timeval now, timeout; fd_set rfds; int cc, n; check_status(); if ((unsigned)srecv >= FD_SETSIZE) errx(EX_OSERR, "descriptor too large"); FD_ZERO(&rfds); FD_SET(srecv, &rfds); (void)gettimeofday(&now, NULL); timeout.tv_sec = last.tv_sec + intvl.tv_sec - now.tv_sec; timeout.tv_usec = last.tv_usec + intvl.tv_usec - now.tv_usec; while (timeout.tv_usec < 0) { timeout.tv_usec += 1000000; timeout.tv_sec--; } while (timeout.tv_usec >= 1000000) { timeout.tv_usec -= 1000000; timeout.tv_sec++; } if (timeout.tv_sec < 0) timerclear(&timeout); n = select(srecv + 1, &rfds, NULL, NULL, &timeout); if (n < 0) continue; /* Must be EINTR. */ if (n == 1) { struct timeval *tv = NULL; #ifdef SO_TIMESTAMP struct cmsghdr *cmsg = (struct cmsghdr *)&ctrl; msg.msg_controllen = sizeof(ctrl); #endif msg.msg_namelen = sizeof(from); if ((cc = recvmsg(srecv, &msg, 0)) < 0) { if (errno == EINTR) continue; warn("recvmsg"); continue; } #ifdef SO_TIMESTAMP if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMP && cmsg->cmsg_len == CMSG_LEN(sizeof *tv)) { /* Copy to avoid alignment problems: */ memcpy(&now, CMSG_DATA(cmsg), sizeof(now)); tv = &now; } #endif if (tv == NULL) { (void)gettimeofday(&now, NULL); tv = &now; } pr_pack((char *)packet, cc, &from, tv); if ((options & F_ONCE && nreceived) || (npackets && nreceived >= npackets)) break; } if (n == 0 || options & F_FLOOD) { if (sweepmax && sntransmitted == snpackets) { for (i = 0; i < sweepincr ; ++i) *datap++ = i; datalen += sweepincr; if (datalen > sweepmax) break; send_len = icmp_len + datalen; sntransmitted = 0; } if (!npackets || ntransmitted < npackets) pinger(); else { if (almost_done) break; almost_done = 1; intvl.tv_usec = 0; if (nreceived) { intvl.tv_sec = 2 * tmax / 1000; if (!intvl.tv_sec) intvl.tv_sec = 1; } else { intvl.tv_sec = waittime / 1000; intvl.tv_usec = waittime % 1000 * 1000; } } (void)gettimeofday(&last, NULL); if (ntransmitted - nreceived - 1 > nmissedmax) { nmissedmax = ntransmitted - nreceived - 1; if (options & F_MISSED) (void)write(STDOUT_FILENO, &BBELL, 1); } } } finish(); /* NOTREACHED */ exit(0); /* Make the compiler happy */ } /* * stopit -- * Set the global bit that causes the main loop to quit. * Do NOT call finish() from here, since finish() does far too much * to be called from a signal handler. */ void stopit(int sig __unused) { /* * When doing reverse DNS lookups, the finish_up flag might not * be noticed for a while. Just exit if we get a second SIGINT. */ if (!(options & F_NUMERIC) && finish_up) _exit(nreceived ? 0 : 2); finish_up = 1; } /* * pinger -- * Compose and transmit an ICMP ECHO REQUEST packet. The IP packet * will be added on by the kernel. The ID field is our UNIX process ID, * and the sequence number is an ascending integer. The first TIMEVAL_LEN * bytes of the data portion are used to hold a UNIX "timeval" struct in * host byte-order, to compute the round-trip time. */ static void pinger(void) { struct timeval now; struct tv32 tv32; struct ip *ip; struct icmp *icp; int cc, i; u_char *packet; packet = outpack; icp = (struct icmp *)outpack; icp->icmp_type = icmp_type; icp->icmp_code = 0; icp->icmp_cksum = 0; icp->icmp_seq = htons(ntransmitted); icp->icmp_id = ident; /* ID */ CLR(ntransmitted % mx_dup_ck); if ((options & F_TIME) || timing) { (void)gettimeofday(&now, NULL); tv32.tv32_sec = htonl(now.tv_sec); tv32.tv32_usec = htonl(now.tv_usec); if (options & F_TIME) icp->icmp_otime = htonl((now.tv_sec % (24*60*60)) * 1000 + now.tv_usec / 1000); if (timing) bcopy((void *)&tv32, (void *)&outpack[ICMP_MINLEN + phdr_len], sizeof(tv32)); } cc = ICMP_MINLEN + phdr_len + datalen; /* compute ICMP checksum here */ icp->icmp_cksum = in_cksum((u_short *)icp, cc); if (options & F_HDRINCL) { cc += sizeof(struct ip); ip = (struct ip *)outpackhdr; ip->ip_len = htons(cc); ip->ip_sum = in_cksum((u_short *)outpackhdr, cc); packet = outpackhdr; } i = send(ssend, (char *)packet, cc, 0); if (i < 0 || i != cc) { if (i < 0) { if (options & F_FLOOD && errno == ENOBUFS) { usleep(FLOOD_BACKOFF); return; } warn("sendto"); } else { warn("%s: partial write: %d of %d bytes", hostname, i, cc); } } ntransmitted++; sntransmitted++; if (!(options & F_QUIET) && options & F_FLOOD) (void)write(STDOUT_FILENO, &DOT, 1); } /* * pr_pack -- * Print out the packet, if it came from us. This logic is necessary * because ALL readers of the ICMP socket get a copy of ALL ICMP packets * which arrive ('tis only fair). This permits multiple copies of this * program to be run without having intermingled output (or statistics!). */ static void pr_pack(char *buf, int cc, struct sockaddr_in *from, struct timeval *tv) { struct in_addr ina; u_char *cp, *dp; struct icmp *icp; struct ip *ip; const void *tp; double triptime; int dupflag, hlen, i, j, recv_len, seq; static int old_rrlen; static char old_rr[MAX_IPOPTLEN]; /* Check the IP header */ ip = (struct ip *)buf; hlen = ip->ip_hl << 2; recv_len = cc; if (cc < hlen + ICMP_MINLEN) { if (options & F_VERBOSE) warn("packet too short (%d bytes) from %s", cc, inet_ntoa(from->sin_addr)); return; } /* Now the ICMP part */ cc -= hlen; icp = (struct icmp *)(buf + hlen); if (icp->icmp_type == icmp_type_rsp) { if (icp->icmp_id != ident) return; /* 'Twas not our ECHO */ ++nreceived; triptime = 0.0; if (timing) { struct timeval tv1; struct tv32 tv32; #ifndef icmp_data tp = &icp->icmp_ip; #else tp = icp->icmp_data; #endif tp = (const char *)tp + phdr_len; if ((size_t)(cc - ICMP_MINLEN - phdr_len) >= sizeof(tv1)) { /* Copy to avoid alignment problems: */ memcpy(&tv32, tp, sizeof(tv32)); tv1.tv_sec = ntohl(tv32.tv32_sec); tv1.tv_usec = ntohl(tv32.tv32_usec); tvsub(tv, &tv1); triptime = ((double)tv->tv_sec) * 1000.0 + ((double)tv->tv_usec) / 1000.0; tsum += triptime; tsumsq += triptime * triptime; if (triptime < tmin) tmin = triptime; if (triptime > tmax) tmax = triptime; } else timing = 0; } seq = ntohs(icp->icmp_seq); if (TST(seq % mx_dup_ck)) { ++nrepeats; --nreceived; dupflag = 1; } else { SET(seq % mx_dup_ck); dupflag = 0; } if (options & F_QUIET) return; if (options & F_WAITTIME && triptime > waittime) { ++nrcvtimeout; return; } if (options & F_FLOOD) (void)write(STDOUT_FILENO, &BSPACE, 1); else { (void)printf("%d bytes from %s: icmp_seq=%u", cc, inet_ntoa(*(struct in_addr *)&from->sin_addr.s_addr), seq); (void)printf(" ttl=%d", ip->ip_ttl); if (timing) (void)printf(" time=%.3f ms", triptime); if (dupflag) (void)printf(" (DUP!)"); if (options & F_AUDIBLE) (void)write(STDOUT_FILENO, &BBELL, 1); if (options & F_MASK) { /* Just prentend this cast isn't ugly */ (void)printf(" mask=%s", pr_addr(*(struct in_addr *)&(icp->icmp_mask))); } if (options & F_TIME) { (void)printf(" tso=%s", pr_ntime(icp->icmp_otime)); (void)printf(" tsr=%s", pr_ntime(icp->icmp_rtime)); (void)printf(" tst=%s", pr_ntime(icp->icmp_ttime)); } if (recv_len != send_len) { (void)printf( "\nwrong total length %d instead of %d", recv_len, send_len); } /* check the data */ cp = (u_char*)&icp->icmp_data[phdr_len]; dp = &outpack[ICMP_MINLEN + phdr_len]; cc -= ICMP_MINLEN + phdr_len; i = 0; if (timing) { /* don't check variable timestamp */ cp += TIMEVAL_LEN; dp += TIMEVAL_LEN; cc -= TIMEVAL_LEN; i += TIMEVAL_LEN; } for (; i < datalen && cc > 0; ++i, ++cp, ++dp, --cc) { if (*cp != *dp) { (void)printf("\nwrong data byte #%d should be 0x%x but was 0x%x", i, *dp, *cp); (void)printf("\ncp:"); cp = (u_char*)&icp->icmp_data[0]; for (i = 0; i < datalen; ++i, ++cp) { if ((i % 16) == 8) (void)printf("\n\t"); (void)printf("%2x ", *cp); } (void)printf("\ndp:"); cp = &outpack[ICMP_MINLEN]; for (i = 0; i < datalen; ++i, ++cp) { if ((i % 16) == 8) (void)printf("\n\t"); (void)printf("%2x ", *cp); } break; } } } } else { /* * We've got something other than an ECHOREPLY. * See if it's a reply to something that we sent. * We can compare IP destination, protocol, * and ICMP type and ID. * * Only print all the error messages if we are running * as root to avoid leaking information not normally * available to those not running as root. */ #ifndef icmp_data struct ip *oip = &icp->icmp_ip; #else struct ip *oip = (struct ip *)icp->icmp_data; #endif struct icmp *oicmp = (struct icmp *)(oip + 1); if (((options & F_VERBOSE) && uid == 0) || (!(options & F_QUIET2) && (oip->ip_dst.s_addr == whereto.sin_addr.s_addr) && (oip->ip_p == IPPROTO_ICMP) && (oicmp->icmp_type == ICMP_ECHO) && (oicmp->icmp_id == ident))) { (void)printf("%d bytes from %s: ", cc, pr_addr(from->sin_addr)); pr_icmph(icp); } else return; } /* Display any IP options */ cp = (u_char *)buf + sizeof(struct ip); for (; hlen > (int)sizeof(struct ip); --hlen, ++cp) switch (*cp) { case IPOPT_EOL: hlen = 0; break; case IPOPT_LSRR: case IPOPT_SSRR: (void)printf(*cp == IPOPT_LSRR ? "\nLSRR: " : "\nSSRR: "); j = cp[IPOPT_OLEN] - IPOPT_MINOFF + 1; hlen -= 2; cp += 2; if (j >= INADDR_LEN && j <= hlen - (int)sizeof(struct ip)) { for (;;) { bcopy(++cp, &ina.s_addr, INADDR_LEN); if (ina.s_addr == 0) (void)printf("\t0.0.0.0"); else (void)printf("\t%s", pr_addr(ina)); hlen -= INADDR_LEN; cp += INADDR_LEN - 1; j -= INADDR_LEN; if (j < INADDR_LEN) break; (void)putchar('\n'); } } else (void)printf("\t(truncated route)\n"); break; case IPOPT_RR: j = cp[IPOPT_OLEN]; /* get length */ i = cp[IPOPT_OFFSET]; /* and pointer */ hlen -= 2; cp += 2; if (i > j) i = j; i = i - IPOPT_MINOFF + 1; if (i < 0 || i > (hlen - (int)sizeof(struct ip))) { old_rrlen = 0; continue; } if (i == old_rrlen && !bcmp((char *)cp, old_rr, i) && !(options & F_FLOOD)) { (void)printf("\t(same route)"); hlen -= i; cp += i; break; } old_rrlen = i; bcopy((char *)cp, old_rr, i); (void)printf("\nRR: "); if (i >= INADDR_LEN && i <= hlen - (int)sizeof(struct ip)) { for (;;) { bcopy(++cp, &ina.s_addr, INADDR_LEN); if (ina.s_addr == 0) (void)printf("\t0.0.0.0"); else (void)printf("\t%s", pr_addr(ina)); hlen -= INADDR_LEN; cp += INADDR_LEN - 1; i -= INADDR_LEN; if (i < INADDR_LEN) break; (void)putchar('\n'); } } else (void)printf("\t(truncated route)"); break; case IPOPT_NOP: (void)printf("\nNOP"); break; default: (void)printf("\nunknown option %x", *cp); break; } if (!(options & F_FLOOD)) { (void)putchar('\n'); (void)fflush(stdout); } } /* * in_cksum -- * Checksum routine for Internet Protocol family headers (C Version) */ u_short in_cksum(u_short *addr, int len) { int nleft, sum; u_short *w; union { u_short us; u_char uc[2]; } last; u_short answer; nleft = len; sum = 0; w = addr; /* * Our algorithm is simple, using a 32 bit accumulator (sum), we add * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ while (nleft > 1) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if (nleft == 1) { last.uc[0] = *(u_char *)w; last.uc[1] = 0; sum += last.us; } /* add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum; /* truncate to 16 bits */ return(answer); } /* * tvsub -- * Subtract 2 timeval structs: out = out - in. Out is assumed to * be >= in. */ static void tvsub(struct timeval *out, const struct timeval *in) { if ((out->tv_usec -= in->tv_usec) < 0) { --out->tv_sec; out->tv_usec += 1000000; } out->tv_sec -= in->tv_sec; } /* * status -- * Print out statistics when SIGINFO is received. */ static void status(int sig __unused) { siginfo_p = 1; } static void check_status(void) { if (siginfo_p) { siginfo_p = 0; (void)fprintf(stderr, "\r%ld/%ld packets received (%.1f%%)", nreceived, ntransmitted, ntransmitted ? nreceived * 100.0 / ntransmitted : 0.0); if (nreceived && timing) (void)fprintf(stderr, " %.3f min / %.3f avg / %.3f max", tmin, tsum / (nreceived + nrepeats), tmax); (void)fprintf(stderr, "\n"); } } /* * finish -- * Print out statistics, and give up. */ static void finish(void) { (void)signal(SIGINT, SIG_IGN); (void)signal(SIGALRM, SIG_IGN); (void)putchar('\n'); (void)fflush(stdout); (void)printf("--- %s ping statistics ---\n", hostname); (void)printf("%ld packets transmitted, ", ntransmitted); (void)printf("%ld packets received, ", nreceived); if (nrepeats) (void)printf("+%ld duplicates, ", nrepeats); if (ntransmitted) { if (nreceived > ntransmitted) (void)printf("-- somebody's printing up packets!"); else (void)printf("%.1f%% packet loss", ((ntransmitted - nreceived) * 100.0) / ntransmitted); } if (nrcvtimeout) (void)printf(", %ld packets out of wait time", nrcvtimeout); (void)putchar('\n'); if (nreceived && timing) { double n = nreceived + nrepeats; double avg = tsum / n; double vari = tsumsq / n - avg * avg; (void)printf( "round-trip min/avg/max/stddev = %.3f/%.3f/%.3f/%.3f ms\n", tmin, avg, tmax, sqrt(vari)); } if (nreceived) exit(0); else exit(2); } #ifdef notdef static char *ttab[] = { "Echo Reply", /* ip + seq + udata */ "Dest Unreachable", /* net, host, proto, port, frag, sr + IP */ "Source Quench", /* IP */ "Redirect", /* redirect type, gateway, + IP */ "Echo", "Time Exceeded", /* transit, frag reassem + IP */ "Parameter Problem", /* pointer + IP */ "Timestamp", /* id + seq + three timestamps */ "Timestamp Reply", /* " */ "Info Request", /* id + sq */ "Info Reply" /* " */ }; #endif /* * pr_icmph -- * Print a descriptive string about an ICMP header. */ static void pr_icmph(struct icmp *icp) { switch(icp->icmp_type) { case ICMP_ECHOREPLY: (void)printf("Echo Reply\n"); /* XXX ID + Seq + Data */ break; case ICMP_UNREACH: switch(icp->icmp_code) { case ICMP_UNREACH_NET: (void)printf("Destination Net Unreachable\n"); break; case ICMP_UNREACH_HOST: (void)printf("Destination Host Unreachable\n"); break; case ICMP_UNREACH_PROTOCOL: (void)printf("Destination Protocol Unreachable\n"); break; case ICMP_UNREACH_PORT: (void)printf("Destination Port Unreachable\n"); break; case ICMP_UNREACH_NEEDFRAG: (void)printf("frag needed and DF set (MTU %d)\n", ntohs(icp->icmp_nextmtu)); break; case ICMP_UNREACH_SRCFAIL: (void)printf("Source Route Failed\n"); break; case ICMP_UNREACH_FILTER_PROHIB: (void)printf("Communication prohibited by filter\n"); break; default: (void)printf("Dest Unreachable, Bad Code: %d\n", icp->icmp_code); break; } /* Print returned IP header information */ #ifndef icmp_data pr_retip(&icp->icmp_ip); #else pr_retip((struct ip *)icp->icmp_data); #endif break; case ICMP_SOURCEQUENCH: (void)printf("Source Quench\n"); #ifndef icmp_data pr_retip(&icp->icmp_ip); #else pr_retip((struct ip *)icp->icmp_data); #endif break; case ICMP_REDIRECT: switch(icp->icmp_code) { case ICMP_REDIRECT_NET: (void)printf("Redirect Network"); break; case ICMP_REDIRECT_HOST: (void)printf("Redirect Host"); break; case ICMP_REDIRECT_TOSNET: (void)printf("Redirect Type of Service and Network"); break; case ICMP_REDIRECT_TOSHOST: (void)printf("Redirect Type of Service and Host"); break; default: (void)printf("Redirect, Bad Code: %d", icp->icmp_code); break; } (void)printf("(New addr: %s)\n", inet_ntoa(icp->icmp_gwaddr)); #ifndef icmp_data pr_retip(&icp->icmp_ip); #else pr_retip((struct ip *)icp->icmp_data); #endif break; case ICMP_ECHO: (void)printf("Echo Request\n"); /* XXX ID + Seq + Data */ break; case ICMP_TIMXCEED: switch(icp->icmp_code) { case ICMP_TIMXCEED_INTRANS: (void)printf("Time to live exceeded\n"); break; case ICMP_TIMXCEED_REASS: (void)printf("Frag reassembly time exceeded\n"); break; default: (void)printf("Time exceeded, Bad Code: %d\n", icp->icmp_code); break; } #ifndef icmp_data pr_retip(&icp->icmp_ip); #else pr_retip((struct ip *)icp->icmp_data); #endif break; case ICMP_PARAMPROB: (void)printf("Parameter problem: pointer = 0x%02x\n", icp->icmp_hun.ih_pptr); #ifndef icmp_data pr_retip(&icp->icmp_ip); #else pr_retip((struct ip *)icp->icmp_data); #endif break; case ICMP_TSTAMP: (void)printf("Timestamp\n"); /* XXX ID + Seq + 3 timestamps */ break; case ICMP_TSTAMPREPLY: (void)printf("Timestamp Reply\n"); /* XXX ID + Seq + 3 timestamps */ break; case ICMP_IREQ: (void)printf("Information Request\n"); /* XXX ID + Seq */ break; case ICMP_IREQREPLY: (void)printf("Information Reply\n"); /* XXX ID + Seq */ break; case ICMP_MASKREQ: (void)printf("Address Mask Request\n"); break; case ICMP_MASKREPLY: (void)printf("Address Mask Reply\n"); break; case ICMP_ROUTERADVERT: (void)printf("Router Advertisement\n"); break; case ICMP_ROUTERSOLICIT: (void)printf("Router Solicitation\n"); break; default: (void)printf("Bad ICMP type: %d\n", icp->icmp_type); } } /* * pr_iph -- * Print an IP header with options. */ static void pr_iph(struct ip *ip) { u_char *cp; int hlen; hlen = ip->ip_hl << 2; cp = (u_char *)ip + 20; /* point to options */ (void)printf("Vr HL TOS Len ID Flg off TTL Pro cks Src Dst\n"); (void)printf(" %1x %1x %02x %04x %04x", ip->ip_v, ip->ip_hl, ip->ip_tos, ntohs(ip->ip_len), ntohs(ip->ip_id)); (void)printf(" %1lx %04lx", (u_long) (ntohl(ip->ip_off) & 0xe000) >> 13, (u_long) ntohl(ip->ip_off) & 0x1fff); (void)printf(" %02x %02x %04x", ip->ip_ttl, ip->ip_p, ntohs(ip->ip_sum)); (void)printf(" %s ", inet_ntoa(*(struct in_addr *)&ip->ip_src.s_addr)); (void)printf(" %s ", inet_ntoa(*(struct in_addr *)&ip->ip_dst.s_addr)); /* dump any option bytes */ while (hlen-- > 20) { (void)printf("%02x", *cp++); } (void)putchar('\n'); } /* * pr_addr -- * Return an ascii host address as a dotted quad and optionally with * a hostname. */ static char * pr_addr(struct in_addr ina) { struct hostent *hp; static char buf[16 + 3 + MAXHOSTNAMELEN]; if (options & F_NUMERIC) return inet_ntoa(ina); #ifdef HAVE_LIBCAPSICUM if (capdns != NULL) hp = cap_gethostbyaddr(capdns, (char *)&ina, 4, AF_INET); else #endif hp = gethostbyaddr((char *)&ina, 4, AF_INET); if (hp == NULL) return inet_ntoa(ina); (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name, inet_ntoa(ina)); return(buf); } /* * pr_retip -- * Dump some info on a returned (via ICMP) IP packet. */ static void pr_retip(struct ip *ip) { u_char *cp; int hlen; pr_iph(ip); hlen = ip->ip_hl << 2; cp = (u_char *)ip + hlen; if (ip->ip_p == 6) (void)printf("TCP: from port %u, to port %u (decimal)\n", (*cp * 256 + *(cp + 1)), (*(cp + 2) * 256 + *(cp + 3))); else if (ip->ip_p == 17) (void)printf("UDP: from port %u, to port %u (decimal)\n", (*cp * 256 + *(cp + 1)), (*(cp + 2) * 256 + *(cp + 3))); } static char * pr_ntime(n_time timestamp) { static char buf[10]; int hour, min, sec; sec = ntohl(timestamp) / 1000; hour = sec / 60 / 60; min = (sec % (60 * 60)) / 60; sec = (sec % (60 * 60)) % 60; (void)snprintf(buf, sizeof(buf), "%02d:%02d:%02d", hour, min, sec); return (buf); } static void fill(char *bp, char *patp) { char *cp; int pat[16]; u_int ii, jj, kk; for (cp = patp; *cp; cp++) { if (!isxdigit(*cp)) errx(EX_USAGE, "patterns must be specified as hex digits"); } ii = sscanf(patp, "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x", &pat[0], &pat[1], &pat[2], &pat[3], &pat[4], &pat[5], &pat[6], &pat[7], &pat[8], &pat[9], &pat[10], &pat[11], &pat[12], &pat[13], &pat[14], &pat[15]); if (ii > 0) for (kk = 0; kk <= maxpayload - (TIMEVAL_LEN + ii); kk += ii) for (jj = 0; jj < ii; ++jj) bp[jj + kk] = pat[jj]; if (!(options & F_QUIET)) { (void)printf("PATTERN: 0x"); for (jj = 0; jj < ii; ++jj) (void)printf("%02x", bp[jj] & 0xFF); (void)printf("\n"); } } #ifdef HAVE_LIBCAPSICUM static cap_channel_t * capdns_setup(void) { cap_channel_t *capcas, *capdnsloc; const char *types[2]; int families[1]; capcas = cap_init(); if (capcas == NULL) { warn("unable to contact casperd"); return (NULL); } capdnsloc = cap_service_open(capcas, "system.dns"); /* Casper capability no longer needed. */ cap_close(capcas); if (capdnsloc == NULL) err(1, "unable to open system.dns service"); types[0] = "NAME"; types[1] = "ADDR"; if (cap_dns_type_limit(capdnsloc, types, 2) < 0) err(1, "unable to limit access to system.dns service"); families[0] = AF_INET; if (cap_dns_family_limit(capdnsloc, families, 1) < 0) err(1, "unable to limit access to system.dns service"); return (capdnsloc); } #endif /* HAVE_LIBCAPSICUM */ #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) #define SECOPT " [-P policy]" #else #define SECOPT "" #endif static void usage(void) { (void)fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n", "usage: ping [-AaDdfnoQqRrv] [-c count] [-G sweepmaxsize] [-g sweepminsize]", " [-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl]", " " SECOPT " [-p pattern] [-S src_addr] [-s packetsize] [-t timeout]", " [-W waittime] [-z tos] host", " ping [-AaDdfLnoQqRrv] [-c count] [-I iface] [-i wait] [-l preload]", " [-M mask | time] [-m ttl]" SECOPT " [-p pattern] [-S src_addr]", " [-s packetsize] [-T ttl] [-t timeout] [-W waittime]", " [-z tos] mcast-group"); exit(EX_USAGE); } Index: head/usr.bin/kdump/kdump.c =================================================================== --- head/usr.bin/kdump/kdump.c (revision 282435) +++ head/usr.bin/kdump/kdump.c (revision 282436) @@ -1,2048 +1,2046 @@ /*- * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char copyright[] = "@(#) Copyright (c) 1988, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* not lint */ #ifndef lint #if 0 static char sccsid[] = "@(#)kdump.c 8.1 (Berkeley) 6/6/93"; #endif #endif /* not lint */ #include __FBSDID("$FreeBSD$"); #define _KERNEL extern int errno; #include #undef _KERNEL #include #include #include #define _KERNEL #include #undef _KERNEL #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_LIBCAPSICUM #include #include #include #include #endif #include #include #include #ifdef HAVE_LIBCAPSICUM #include #endif #include #include #include #include #include #include #include #include #include "ktrace.h" #include "kdump_subr.h" u_int abidump(struct ktr_header *); int fetchprocinfo(struct ktr_header *, u_int *); int fread_tail(void *, int, int); void dumpheader(struct ktr_header *); void ktrsyscall(struct ktr_syscall *, u_int); void ktrsysret(struct ktr_sysret *, u_int); void ktrnamei(char *, int); void hexdump(char *, int, int); void visdump(char *, int, int); void ktrgenio(struct ktr_genio *, int); void ktrpsig(struct ktr_psig *); void ktrcsw(struct ktr_csw *); void ktrcsw_old(struct ktr_csw_old *); void ktruser_malloc(void *); void ktruser_rtld(int, void *); void ktruser(int, void *); void ktrcaprights(cap_rights_t *); void ktrsockaddr(struct sockaddr *); void ktrstat(struct stat *); void ktrstruct(char *, size_t); void ktrcapfail(struct ktr_cap_fail *); void ktrfault(struct ktr_fault *); void ktrfaultend(struct ktr_faultend *); void limitfd(int fd); void usage(void); void ioctlname(unsigned long, int); #define TIMESTAMP_NONE 0x0 #define TIMESTAMP_ABSOLUTE 0x1 #define TIMESTAMP_ELAPSED 0x2 #define TIMESTAMP_RELATIVE 0x4 extern const char *signames[], *syscallnames[]; extern int nsyscalls; static int timestamp, decimal, fancy = 1, suppressdata, tail, threads, maxdata, resolv = 0, abiflag = 0, syscallno = 0; static const char *tracefile = DEF_TRACEFILE; static struct ktr_header ktr_header; #define TIME_FORMAT "%b %e %T %Y" #define eqs(s1, s2) (strcmp((s1), (s2)) == 0) #define print_number(i,n,c) do { \ if (decimal) \ printf("%c%jd", c, (intmax_t)*i); \ else \ printf("%c%#jx", c, (uintmax_t)(u_register_t)*i); \ i++; \ n--; \ c = ','; \ } while (0) #if defined(__amd64__) || defined(__i386__) void linux_ktrsyscall(struct ktr_syscall *); void linux_ktrsysret(struct ktr_sysret *); extern const char *linux_syscallnames[]; #include static int nlinux_syscalls = sizeof(linux_syscallnames) / \ sizeof(linux_syscallnames[0]); /* * from linux.h * Linux syscalls return negative errno's, we do positive and map them */ static int bsd_to_linux_errno[ELAST + 1] = { -0, -1, -2, -3, -4, -5, -6, -7, -8, -9, -10, -35, -12, -13, -14, -15, -16, -17, -18, -19, -20, -21, -22, -23, -24, -25, -26, -27, -28, -29, -30, -31, -32, -33, -34, -11,-115,-114, -88, -89, -90, -91, -92, -93, -94, -95, -96, -97, -98, -99, -100,-101,-102,-103,-104,-105,-106,-107,-108,-109, -110,-111, -40, -36,-112,-113, -39, -11, -87,-122, -116, -66, -6, -6, -6, -6, -6, -37, -38, -9, -6, -6, -43, -42, -75,-125, -84, -95, -16, -74, -72, -67, -71 }; #endif struct proc_info { TAILQ_ENTRY(proc_info) info; u_int sv_flags; pid_t pid; }; static TAILQ_HEAD(trace_procs, proc_info) trace_procs; #ifdef HAVE_LIBCAPSICUM static cap_channel_t *cappwd, *capgrp; #endif static void strerror_init(void) { /* * Cache NLS data before entering capability mode. * XXXPJD: There should be strerror_init() and strsignal_init() in libc. */ (void)catopen("libc", NL_CAT_LOCALE); } static void localtime_init(void) { time_t ltime; /* * Allow localtime(3) to cache /etc/localtime content before entering * capability mode. * XXXPJD: There should be localtime_init() in libc. */ (void)time(<ime); (void)localtime(<ime); } #ifdef HAVE_LIBCAPSICUM static int cappwdgrp_setup(cap_channel_t **cappwdp, cap_channel_t **capgrpp) { cap_channel_t *capcas, *cappwdloc, *capgrploc; const char *cmds[1], *fields[1]; capcas = cap_init(); if (capcas == NULL) { warn("unable to contact casperd"); return (-1); } cappwdloc = cap_service_open(capcas, "system.pwd"); capgrploc = cap_service_open(capcas, "system.grp"); /* Casper capability no longer needed. */ cap_close(capcas); if (cappwdloc == NULL || capgrploc == NULL) { if (cappwdloc == NULL) warn("unable to open system.pwd service"); if (capgrploc == NULL) warn("unable to open system.grp service"); exit(1); } /* Limit system.pwd to only getpwuid() function and pw_name field. */ cmds[0] = "getpwuid"; if (cap_pwd_limit_cmds(cappwdloc, cmds, 1) < 0) err(1, "unable to limit system.pwd service"); fields[0] = "pw_name"; if (cap_pwd_limit_fields(cappwdloc, fields, 1) < 0) err(1, "unable to limit system.pwd service"); /* Limit system.grp to only getgrgid() function and gr_name field. */ cmds[0] = "getgrgid"; if (cap_grp_limit_cmds(capgrploc, cmds, 1) < 0) err(1, "unable to limit system.grp service"); fields[0] = "gr_name"; if (cap_grp_limit_fields(capgrploc, fields, 1) < 0) err(1, "unable to limit system.grp service"); *cappwdp = cappwdloc; *capgrpp = capgrploc; return (0); } #endif /* HAVE_LIBCAPSICUM */ int main(int argc, char *argv[]) { int ch, ktrlen, size; void *m; int trpoints = ALL_POINTS; int drop_logged; pid_t pid = 0; u_int sv_flags; setlocale(LC_CTYPE, ""); timestamp = TIMESTAMP_NONE; while ((ch = getopt(argc,argv,"f:dElm:np:AHRrSsTt:")) != -1) switch (ch) { case 'A': abiflag = 1; break; case 'f': tracefile = optarg; break; case 'd': decimal = 1; break; case 'l': tail = 1; break; case 'm': maxdata = atoi(optarg); break; case 'n': fancy = 0; break; case 'p': pid = atoi(optarg); break; case 'r': resolv = 1; break; case 'S': syscallno = 1; break; case 's': suppressdata = 1; break; case 'E': timestamp |= TIMESTAMP_ELAPSED; break; case 'H': threads = 1; break; case 'R': timestamp |= TIMESTAMP_RELATIVE; break; case 'T': timestamp |= TIMESTAMP_ABSOLUTE; break; case 't': trpoints = getpoints(optarg); if (trpoints < 0) errx(1, "unknown trace point in %s", optarg); break; default: usage(); } if (argc > optind) usage(); m = malloc(size = 1025); if (m == NULL) errx(1, "%s", strerror(ENOMEM)); if (!freopen(tracefile, "r", stdin)) err(1, "%s", tracefile); strerror_init(); localtime_init(); #ifdef HAVE_LIBCAPSICUM if (resolv != 0) { if (cappwdgrp_setup(&cappwd, &capgrp) < 0) { cappwd = NULL; capgrp = NULL; } } if (resolv == 0 || (cappwd != NULL && capgrp != NULL)) { if (cap_enter() < 0 && errno != ENOSYS) err(1, "unable to enter capability mode"); } #else if (resolv == 0) { if (cap_enter() < 0 && errno != ENOSYS) err(1, "unable to enter capability mode"); } #endif limitfd(STDIN_FILENO); limitfd(STDOUT_FILENO); limitfd(STDERR_FILENO); - if (cap_sandboxed()) - fprintf(stderr, "capability mode sandbox enabled\n"); TAILQ_INIT(&trace_procs); drop_logged = 0; while (fread_tail(&ktr_header, sizeof(struct ktr_header), 1)) { if (ktr_header.ktr_type & KTR_DROP) { ktr_header.ktr_type &= ~KTR_DROP; if (!drop_logged && threads) { printf( "%6jd %6jd %-8.*s Events dropped.\n", (intmax_t)ktr_header.ktr_pid, ktr_header.ktr_tid > 0 ? (intmax_t)ktr_header.ktr_tid : 0, MAXCOMLEN, ktr_header.ktr_comm); drop_logged = 1; } else if (!drop_logged) { printf("%6jd %-8.*s Events dropped.\n", (intmax_t)ktr_header.ktr_pid, MAXCOMLEN, ktr_header.ktr_comm); drop_logged = 1; } } if (trpoints & (1< size) { m = realloc(m, ktrlen+1); if (m == NULL) errx(1, "%s", strerror(ENOMEM)); size = ktrlen; } if (ktrlen && fread_tail(m, ktrlen, 1) == 0) errx(1, "data too short"); if (fetchprocinfo(&ktr_header, (u_int *)m) != 0) continue; sv_flags = abidump(&ktr_header); if (pid && ktr_header.ktr_pid != pid && ktr_header.ktr_tid != pid) continue; if ((trpoints & (1<ktr_type) { case KTR_PROCCTOR: TAILQ_FOREACH(pi, &trace_procs, info) { if (pi->pid == kth->ktr_pid) { TAILQ_REMOVE(&trace_procs, pi, info); break; } } pi = malloc(sizeof(struct proc_info)); if (pi == NULL) errx(1, "%s", strerror(ENOMEM)); pi->sv_flags = *flags; pi->pid = kth->ktr_pid; TAILQ_INSERT_TAIL(&trace_procs, pi, info); return (1); case KTR_PROCDTOR: TAILQ_FOREACH(pi, &trace_procs, info) { if (pi->pid == kth->ktr_pid) { TAILQ_REMOVE(&trace_procs, pi, info); free(pi); break; } } return (1); } return (0); } u_int abidump(struct ktr_header *kth) { struct proc_info *pi; const char *abi; const char *arch; u_int flags = 0; TAILQ_FOREACH(pi, &trace_procs, info) { if (pi->pid == kth->ktr_pid) { flags = pi->sv_flags; break; } } if (abiflag == 0) return (flags); switch (flags & SV_ABI_MASK) { case SV_ABI_LINUX: abi = "L"; break; case SV_ABI_FREEBSD: abi = "F"; break; default: abi = "U"; break; } if (flags != 0) { if (flags & SV_LP64) arch = "64"; else arch = "32"; } else arch = "00"; printf("%s%s ", abi, arch); return (flags); } void dumpheader(struct ktr_header *kth) { static char unknown[64]; static struct timeval prevtime, prevtime_e, temp; const char *type; const char *sign; switch (kth->ktr_type) { case KTR_SYSCALL: type = "CALL"; break; case KTR_SYSRET: type = "RET "; break; case KTR_NAMEI: type = "NAMI"; break; case KTR_GENIO: type = "GIO "; break; case KTR_PSIG: type = "PSIG"; break; case KTR_CSW: type = "CSW "; break; case KTR_USER: type = "USER"; break; case KTR_STRUCT: type = "STRU"; break; case KTR_SYSCTL: type = "SCTL"; break; case KTR_PROCCTOR: /* FALLTHROUGH */ case KTR_PROCDTOR: return; case KTR_CAPFAIL: type = "CAP "; break; case KTR_FAULT: type = "PFLT"; break; case KTR_FAULTEND: type = "PRET"; break; default: sprintf(unknown, "UNKNOWN(%d)", kth->ktr_type); type = unknown; } /* * The ktr_tid field was previously the ktr_buffer field, which held * the kernel pointer value for the buffer associated with data * following the record header. It now holds a threadid, but only * for trace files after the change. Older trace files still contain * kernel pointers. Detect this and suppress the results by printing * negative tid's as 0. */ if (threads) printf("%6jd %6jd %-8.*s ", (intmax_t)kth->ktr_pid, kth->ktr_tid > 0 ? (intmax_t)kth->ktr_tid : 0, MAXCOMLEN, kth->ktr_comm); else printf("%6jd %-8.*s ", (intmax_t)kth->ktr_pid, MAXCOMLEN, kth->ktr_comm); if (timestamp) { if (timestamp & TIMESTAMP_ABSOLUTE) { printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec, kth->ktr_time.tv_usec); } if (timestamp & TIMESTAMP_ELAPSED) { if (prevtime_e.tv_sec == 0) prevtime_e = kth->ktr_time; timevalsub(&kth->ktr_time, &prevtime_e); printf("%jd.%06ld ", (intmax_t)kth->ktr_time.tv_sec, kth->ktr_time.tv_usec); timevaladd(&kth->ktr_time, &prevtime_e); } if (timestamp & TIMESTAMP_RELATIVE) { if (prevtime.tv_sec == 0) prevtime = kth->ktr_time; temp = kth->ktr_time; timevalsub(&kth->ktr_time, &prevtime); if ((intmax_t)kth->ktr_time.tv_sec < 0) { kth->ktr_time = prevtime; prevtime = temp; timevalsub(&kth->ktr_time, &prevtime); sign = "-"; } else { prevtime = temp; sign = ""; } printf("%s%jd.%06ld ", sign, (intmax_t)kth->ktr_time.tv_sec, kth->ktr_time.tv_usec); } } printf("%s ", type); } #include #define KTRACE #include #undef KTRACE int nsyscalls = sizeof (syscallnames) / sizeof (syscallnames[0]); void ktrsyscall(struct ktr_syscall *ktr, u_int flags) { int narg = ktr->ktr_narg; register_t *ip; intmax_t arg; if ((flags != 0 && ((flags & SV_ABI_MASK) != SV_ABI_FREEBSD)) || (ktr->ktr_code >= nsyscalls || ktr->ktr_code < 0)) printf("[%d]", ktr->ktr_code); else { printf("%s", syscallnames[ktr->ktr_code]); if (syscallno) printf("[%d]", ktr->ktr_code); } ip = &ktr->ktr_args[0]; if (narg) { char c = '('; if (fancy && (flags == 0 || (flags & SV_ABI_MASK) == SV_ABI_FREEBSD)) { switch (ktr->ktr_code) { case SYS_bindat: case SYS_connectat: case SYS_faccessat: case SYS_fchmodat: case SYS_fchownat: case SYS_fstatat: case SYS_futimesat: case SYS_linkat: case SYS_mkdirat: case SYS_mkfifoat: case SYS_mknodat: case SYS_openat: case SYS_readlinkat: case SYS_renameat: case SYS_unlinkat: case SYS_utimensat: putchar('('); atfdname(*ip, decimal); c = ','; ip++; narg--; break; } switch (ktr->ktr_code) { case SYS_ioctl: { print_number(ip, narg, c); putchar(c); ioctlname(*ip, decimal); c = ','; ip++; narg--; break; } case SYS_ptrace: putchar('('); ptraceopname(*ip); c = ','; ip++; narg--; break; case SYS_access: case SYS_eaccess: case SYS_faccessat: print_number(ip, narg, c); putchar(','); accessmodename(*ip); ip++; narg--; break; case SYS_open: case SYS_openat: print_number(ip, narg, c); putchar(','); flagsandmodename(ip[0], ip[1], decimal); ip += 2; narg -= 2; break; case SYS_wait4: print_number(ip, narg, c); print_number(ip, narg, c); /* * A flags value of zero is valid for * wait4() but not for wait6(), so * handle zero special here. */ if (*ip == 0) { print_number(ip, narg, c); } else { putchar(','); wait6optname(*ip); ip++; narg--; } break; case SYS_wait6: putchar('('); idtypename(*ip, decimal); c = ','; ip++; narg--; print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); wait6optname(*ip); ip++; narg--; break; case SYS_chmod: case SYS_fchmod: case SYS_lchmod: print_number(ip, narg, c); putchar(','); modename(*ip); ip++; narg--; break; case SYS_mknod: case SYS_mknodat: print_number(ip, narg, c); putchar(','); modename(*ip); ip++; narg--; break; case SYS_getfsstat: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); getfsstatflagsname(*ip); ip++; narg--; break; case SYS_mount: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); mountflagsname(*ip); ip++; narg--; break; case SYS_unmount: print_number(ip, narg, c); putchar(','); mountflagsname(*ip); ip++; narg--; break; case SYS_recvmsg: case SYS_sendmsg: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); sendrecvflagsname(*ip); ip++; narg--; break; case SYS_recvfrom: case SYS_sendto: print_number(ip, narg, c); print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); sendrecvflagsname(*ip); ip++; narg--; break; case SYS_chflags: case SYS_fchflags: case SYS_lchflags: print_number(ip, narg, c); putchar(','); modename(*ip); ip++; narg--; break; case SYS_kill: print_number(ip, narg, c); putchar(','); signame(*ip); ip++; narg--; break; case SYS_reboot: putchar('('); rebootoptname(*ip); ip++; narg--; break; case SYS_umask: putchar('('); modename(*ip); ip++; narg--; break; case SYS_msync: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); msyncflagsname(*ip); ip++; narg--; break; #ifdef SYS_freebsd6_mmap case SYS_freebsd6_mmap: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); mmapprotname(*ip); putchar(','); ip++; narg--; mmapflagsname(*ip); ip++; narg--; break; #endif case SYS_mmap: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); mmapprotname(*ip); putchar(','); ip++; narg--; mmapflagsname(*ip); ip++; narg--; break; case SYS_mprotect: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); mmapprotname(*ip); ip++; narg--; break; case SYS_madvise: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); madvisebehavname(*ip); ip++; narg--; break; case SYS_setpriority: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); prioname(*ip); ip++; narg--; break; case SYS_fcntl: print_number(ip, narg, c); putchar(','); fcntlcmdname(ip[0], ip[1], decimal); ip += 2; narg -= 2; break; case SYS_socket: { int sockdomain; putchar('('); sockdomain = *ip; sockdomainname(sockdomain); ip++; narg--; putchar(','); socktypenamewithflags(*ip); ip++; narg--; if (sockdomain == PF_INET || sockdomain == PF_INET6) { putchar(','); sockipprotoname(*ip); ip++; narg--; } c = ','; break; } case SYS_setsockopt: case SYS_getsockopt: print_number(ip, narg, c); putchar(','); sockoptlevelname(*ip, decimal); if (*ip == SOL_SOCKET) { ip++; narg--; putchar(','); sockoptname(*ip); } ip++; narg--; break; #ifdef SYS_freebsd6_lseek case SYS_freebsd6_lseek: print_number(ip, narg, c); /* Hidden 'pad' argument, not in lseek(2) */ print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); whencename(*ip); ip++; narg--; break; #endif case SYS_lseek: print_number(ip, narg, c); /* Hidden 'pad' argument, not in lseek(2) */ print_number(ip, narg, c); putchar(','); whencename(*ip); ip++; narg--; break; case SYS_flock: print_number(ip, narg, c); putchar(','); flockname(*ip); ip++; narg--; break; case SYS_mkfifo: case SYS_mkfifoat: case SYS_mkdir: case SYS_mkdirat: print_number(ip, narg, c); putchar(','); modename(*ip); ip++; narg--; break; case SYS_shutdown: print_number(ip, narg, c); putchar(','); shutdownhowname(*ip); ip++; narg--; break; case SYS_socketpair: putchar('('); sockdomainname(*ip); ip++; narg--; putchar(','); socktypenamewithflags(*ip); ip++; narg--; c = ','; break; case SYS_getrlimit: case SYS_setrlimit: putchar('('); rlimitname(*ip); ip++; narg--; c = ','; break; case SYS_quotactl: print_number(ip, narg, c); putchar(','); quotactlname(*ip); ip++; narg--; c = ','; break; case SYS_nfssvc: putchar('('); nfssvcname(*ip); ip++; narg--; c = ','; break; case SYS_rtprio: putchar('('); rtprioname(*ip); ip++; narg--; c = ','; break; case SYS___semctl: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); semctlname(*ip); ip++; narg--; break; case SYS_semget: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); semgetname(*ip); ip++; narg--; break; case SYS_msgctl: print_number(ip, narg, c); putchar(','); shmctlname(*ip); ip++; narg--; break; case SYS_shmat: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); shmatname(*ip); ip++; narg--; break; case SYS_shmctl: print_number(ip, narg, c); putchar(','); shmctlname(*ip); ip++; narg--; break; case SYS_shm_open: print_number(ip, narg, c); putchar(','); flagsname(ip[0]); printf(",0%o", (unsigned int)ip[1]); ip += 3; narg -= 3; break; case SYS_minherit: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); minheritname(*ip); ip++; narg--; break; case SYS_rfork: putchar('('); rforkname(*ip); ip++; narg--; c = ','; break; case SYS_lio_listio: putchar('('); lio_listioname(*ip); ip++; narg--; c = ','; break; case SYS_mlockall: putchar('('); mlockallname(*ip); ip++; narg--; break; case SYS_sched_setscheduler: print_number(ip, narg, c); putchar(','); schedpolicyname(*ip); ip++; narg--; break; case SYS_sched_get_priority_max: case SYS_sched_get_priority_min: putchar('('); schedpolicyname(*ip); ip++; narg--; break; case SYS_sendfile: print_number(ip, narg, c); print_number(ip, narg, c); print_number(ip, narg, c); print_number(ip, narg, c); print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); sendfileflagsname(*(int *)ip); ip++; narg--; break; case SYS_kldsym: print_number(ip, narg, c); putchar(','); kldsymcmdname(*ip); ip++; narg--; break; case SYS_sigprocmask: putchar('('); sigprocmaskhowname(*ip); ip++; narg--; c = ','; break; case SYS___acl_get_file: case SYS___acl_set_file: case SYS___acl_get_fd: case SYS___acl_set_fd: case SYS___acl_delete_file: case SYS___acl_delete_fd: case SYS___acl_aclcheck_file: case SYS___acl_aclcheck_fd: case SYS___acl_get_link: case SYS___acl_set_link: case SYS___acl_delete_link: case SYS___acl_aclcheck_link: print_number(ip, narg, c); putchar(','); acltypename(*ip); ip++; narg--; break; case SYS_sigaction: putchar('('); signame(*ip); ip++; narg--; c = ','; break; case SYS_extattrctl: print_number(ip, narg, c); putchar(','); extattrctlname(*ip); ip++; narg--; break; case SYS_nmount: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); mountflagsname(*ip); ip++; narg--; break; case SYS_thr_create: print_number(ip, narg, c); print_number(ip, narg, c); putchar(','); thrcreateflagsname(*ip); ip++; narg--; break; case SYS_thr_kill: print_number(ip, narg, c); putchar(','); signame(*ip); ip++; narg--; break; case SYS_kldunloadf: print_number(ip, narg, c); putchar(','); kldunloadfflagsname(*ip); ip++; narg--; break; case SYS_linkat: case SYS_renameat: case SYS_symlinkat: print_number(ip, narg, c); putchar(','); atfdname(*ip, decimal); ip++; narg--; break; case SYS_cap_fcntls_limit: print_number(ip, narg, c); putchar(','); arg = *ip; ip++; narg--; capfcntlname(arg); break; case SYS_posix_fadvise: print_number(ip, narg, c); print_number(ip, narg, c); print_number(ip, narg, c); (void)putchar(','); fadvisebehavname((int)*ip); ip++; narg--; break; case SYS_procctl: putchar('('); idtypename(*ip, decimal); c = ','; ip++; narg--; print_number(ip, narg, c); putchar(','); procctlcmdname(*ip); ip++; narg--; break; case SYS__umtx_op: print_number(ip, narg, c); putchar(','); umtxopname(*ip); switch (*ip) { case UMTX_OP_CV_WAIT: ip++; narg--; putchar(','); umtxcvwaitflags(*ip); break; case UMTX_OP_RW_RDLOCK: ip++; narg--; putchar(','); umtxrwlockflags(*ip); break; } ip++; narg--; } } while (narg > 0) { print_number(ip, narg, c); } putchar(')'); } putchar('\n'); } void ktrsysret(struct ktr_sysret *ktr, u_int flags) { register_t ret = ktr->ktr_retval; int error = ktr->ktr_error; int code = ktr->ktr_code; if ((flags != 0 && ((flags & SV_ABI_MASK) != SV_ABI_FREEBSD)) || (code >= nsyscalls || code < 0)) printf("[%d] ", code); else { printf("%s", syscallnames[code]); if (syscallno) printf("[%d]", code); printf(" "); } if (error == 0) { if (fancy) { printf("%ld", (long)ret); if (ret < 0 || ret > 9) printf("/%#lx", (unsigned long)ret); } else { if (decimal) printf("%ld", (long)ret); else printf("%#lx", (unsigned long)ret); } } else if (error == ERESTART) printf("RESTART"); else if (error == EJUSTRETURN) printf("JUSTRETURN"); else { printf("-1 errno %d", ktr->ktr_error); if (fancy) printf(" %s", strerror(ktr->ktr_error)); } putchar('\n'); } void ktrnamei(char *cp, int len) { printf("\"%.*s\"\n", len, cp); } void hexdump(char *p, int len, int screenwidth) { int n, i; int width; width = 0; do { width += 2; i = 13; /* base offset */ i += (width / 2) + 1; /* spaces every second byte */ i += (width * 2); /* width of bytes */ i += 3; /* " |" */ i += width; /* each byte */ i += 1; /* "|" */ } while (i < screenwidth); width -= 2; for (n = 0; n < len; n += width) { for (i = n; i < n + width; i++) { if ((i % width) == 0) { /* beginning of line */ printf(" 0x%04x", i); } if ((i % 2) == 0) { printf(" "); } if (i < len) printf("%02x", p[i] & 0xff); else printf(" "); } printf(" |"); for (i = n; i < n + width; i++) { if (i >= len) break; if (p[i] >= ' ' && p[i] <= '~') printf("%c", p[i]); else printf("."); } printf("|\n"); } if ((i % width) != 0) printf("\n"); } void visdump(char *dp, int datalen, int screenwidth) { int col = 0; char *cp; int width; char visbuf[5]; printf(" \""); col = 8; for (;datalen > 0; datalen--, dp++) { vis(visbuf, *dp, VIS_CSTYLE, *(dp+1)); cp = visbuf; /* * Keep track of printables and * space chars (like fold(1)). */ if (col == 0) { putchar('\t'); col = 8; } switch(*cp) { case '\n': col = 0; putchar('\n'); continue; case '\t': width = 8 - (col&07); break; default: width = strlen(cp); } if (col + width > (screenwidth-2)) { printf("\\\n\t"); col = 8; } col += width; do { putchar(*cp++); } while (*cp); } if (col == 0) printf(" "); printf("\"\n"); } void ktrgenio(struct ktr_genio *ktr, int len) { int datalen = len - sizeof (struct ktr_genio); char *dp = (char *)ktr + sizeof (struct ktr_genio); static int screenwidth = 0; int i, binary; printf("fd %d %s %d byte%s\n", ktr->ktr_fd, ktr->ktr_rw == UIO_READ ? "read" : "wrote", datalen, datalen == 1 ? "" : "s"); if (suppressdata) return; if (screenwidth == 0) { struct winsize ws; if (fancy && ioctl(fileno(stderr), TIOCGWINSZ, &ws) != -1 && ws.ws_col > 8) screenwidth = ws.ws_col; else screenwidth = 80; } if (maxdata && datalen > maxdata) datalen = maxdata; for (i = 0, binary = 0; i < datalen && binary == 0; i++) { if (dp[i] >= 32 && dp[i] < 127) continue; if (dp[i] == 10 || dp[i] == 13 || dp[i] == 0 || dp[i] == 9) continue; binary = 1; } if (binary) hexdump(dp, datalen, screenwidth); else visdump(dp, datalen, screenwidth); } const char *signames[] = { "NULL", "HUP", "INT", "QUIT", "ILL", "TRAP", "IOT", /* 1 - 6 */ "EMT", "FPE", "KILL", "BUS", "SEGV", "SYS", /* 7 - 12 */ "PIPE", "ALRM", "TERM", "URG", "STOP", "TSTP", /* 13 - 18 */ "CONT", "CHLD", "TTIN", "TTOU", "IO", "XCPU", /* 19 - 24 */ "XFSZ", "VTALRM", "PROF", "WINCH", "29", "USR1", /* 25 - 30 */ "USR2", NULL, /* 31 - 32 */ }; void ktrpsig(struct ktr_psig *psig) { if (psig->signo > 0 && psig->signo < NSIG) printf("SIG%s ", signames[psig->signo]); else printf("SIG %d ", psig->signo); if (psig->action == SIG_DFL) { printf("SIG_DFL code="); sigcodename(psig->signo, psig->code); putchar('\n'); } else { printf("caught handler=0x%lx mask=0x%x code=", (u_long)psig->action, psig->mask.__bits[0]); sigcodename(psig->signo, psig->code); putchar('\n'); } } void ktrcsw_old(struct ktr_csw_old *cs) { printf("%s %s\n", cs->out ? "stop" : "resume", cs->user ? "user" : "kernel"); } void ktrcsw(struct ktr_csw *cs) { printf("%s %s \"%s\"\n", cs->out ? "stop" : "resume", cs->user ? "user" : "kernel", cs->wmesg); } #define UTRACE_DLOPEN_START 1 #define UTRACE_DLOPEN_STOP 2 #define UTRACE_DLCLOSE_START 3 #define UTRACE_DLCLOSE_STOP 4 #define UTRACE_LOAD_OBJECT 5 #define UTRACE_UNLOAD_OBJECT 6 #define UTRACE_ADD_RUNDEP 7 #define UTRACE_PRELOAD_FINISHED 8 #define UTRACE_INIT_CALL 9 #define UTRACE_FINI_CALL 10 #define UTRACE_DLSYM_START 11 #define UTRACE_DLSYM_STOP 12 struct utrace_rtld { char sig[4]; /* 'RTLD' */ int event; void *handle; void *mapbase; size_t mapsize; int refcnt; char name[MAXPATHLEN]; }; void ktruser_rtld(int len, void *p) { struct utrace_rtld *ut = p; unsigned char *cp; void *parent; int mode; switch (ut->event) { case UTRACE_DLOPEN_START: mode = ut->refcnt; printf("dlopen(%s, ", ut->name); switch (mode & RTLD_MODEMASK) { case RTLD_NOW: printf("RTLD_NOW"); break; case RTLD_LAZY: printf("RTLD_LAZY"); break; default: printf("%#x", mode & RTLD_MODEMASK); } if (mode & RTLD_GLOBAL) printf(" | RTLD_GLOBAL"); if (mode & RTLD_TRACE) printf(" | RTLD_TRACE"); if (mode & ~(RTLD_MODEMASK | RTLD_GLOBAL | RTLD_TRACE)) printf(" | %#x", mode & ~(RTLD_MODEMASK | RTLD_GLOBAL | RTLD_TRACE)); printf(")\n"); break; case UTRACE_DLOPEN_STOP: printf("%p = dlopen(%s) ref %d\n", ut->handle, ut->name, ut->refcnt); break; case UTRACE_DLCLOSE_START: printf("dlclose(%p) (%s, %d)\n", ut->handle, ut->name, ut->refcnt); break; case UTRACE_DLCLOSE_STOP: printf("dlclose(%p) finished\n", ut->handle); break; case UTRACE_LOAD_OBJECT: printf("RTLD: loaded %p @ %p - %p (%s)\n", ut->handle, ut->mapbase, (char *)ut->mapbase + ut->mapsize - 1, ut->name); break; case UTRACE_UNLOAD_OBJECT: printf("RTLD: unloaded %p @ %p - %p (%s)\n", ut->handle, ut->mapbase, (char *)ut->mapbase + ut->mapsize - 1, ut->name); break; case UTRACE_ADD_RUNDEP: parent = ut->mapbase; printf("RTLD: %p now depends on %p (%s, %d)\n", parent, ut->handle, ut->name, ut->refcnt); break; case UTRACE_PRELOAD_FINISHED: printf("RTLD: LD_PRELOAD finished\n"); break; case UTRACE_INIT_CALL: printf("RTLD: init %p for %p (%s)\n", ut->mapbase, ut->handle, ut->name); break; case UTRACE_FINI_CALL: printf("RTLD: fini %p for %p (%s)\n", ut->mapbase, ut->handle, ut->name); break; case UTRACE_DLSYM_START: printf("RTLD: dlsym(%p, %s)\n", ut->handle, ut->name); break; case UTRACE_DLSYM_STOP: printf("RTLD: %p = dlsym(%p, %s)\n", ut->mapbase, ut->handle, ut->name); break; default: cp = p; cp += 4; len -= 4; printf("RTLD: %d ", len); while (len--) if (decimal) printf(" %d", *cp++); else printf(" %02x", *cp++); printf("\n"); } } struct utrace_malloc { void *p; size_t s; void *r; }; void ktruser_malloc(void *p) { struct utrace_malloc *ut = p; if (ut->p == (void *)(intptr_t)(-1)) printf("malloc_init()\n"); else if (ut->s == 0) printf("free(%p)\n", ut->p); else if (ut->p == NULL) printf("%p = malloc(%zu)\n", ut->r, ut->s); else printf("%p = realloc(%p, %zu)\n", ut->r, ut->p, ut->s); } void ktruser(int len, void *p) { unsigned char *cp; if (len >= 8 && bcmp(p, "RTLD", 4) == 0) { ktruser_rtld(len, p); return; } if (len == sizeof(struct utrace_malloc)) { ktruser_malloc(p); return; } printf("%d ", len); cp = p; while (len--) if (decimal) printf(" %d", *cp++); else printf(" %02x", *cp++); printf("\n"); } void ktrcaprights(cap_rights_t *rightsp) { printf("cap_rights_t "); capname(rightsp); printf("\n"); } void ktrsockaddr(struct sockaddr *sa) { /* TODO: Support additional address families #include struct sockaddr_natm *natm; #include struct sockaddr_nb *nb; */ char addr[64]; /* * note: ktrstruct() has already verified that sa points to a * buffer at least sizeof(struct sockaddr) bytes long and exactly * sa->sa_len bytes long. */ printf("struct sockaddr { "); sockfamilyname(sa->sa_family); printf(", "); #define check_sockaddr_len(n) \ if (sa_##n.s##n##_len < sizeof(struct sockaddr_##n)) { \ printf("invalid"); \ break; \ } switch(sa->sa_family) { case AF_INET: { struct sockaddr_in sa_in; memset(&sa_in, 0, sizeof(sa_in)); memcpy(&sa_in, sa, sa->sa_len); check_sockaddr_len(in); inet_ntop(AF_INET, &sa_in.sin_addr, addr, sizeof addr); printf("%s:%u", addr, ntohs(sa_in.sin_port)); break; } case AF_INET6: { struct sockaddr_in6 sa_in6; memset(&sa_in6, 0, sizeof(sa_in6)); memcpy(&sa_in6, sa, sa->sa_len); check_sockaddr_len(in6); getnameinfo((struct sockaddr *)&sa_in6, sizeof(sa_in6), addr, sizeof(addr), NULL, 0, NI_NUMERICHOST); printf("[%s]:%u", addr, htons(sa_in6.sin6_port)); break; } case AF_UNIX: { struct sockaddr_un sa_un; memset(&sa_un, 0, sizeof(sa_un)); memcpy(&sa_un, sa, sa->sa_len); printf("%.*s", (int)sizeof(sa_un.sun_path), sa_un.sun_path); break; } default: printf("unknown address family"); } printf(" }\n"); } void ktrstat(struct stat *statp) { char mode[12], timestr[PATH_MAX + 4]; struct passwd *pwd; struct group *grp; struct tm *tm; /* * note: ktrstruct() has already verified that statp points to a * buffer exactly sizeof(struct stat) bytes long. */ printf("struct stat {"); printf("dev=%ju, ino=%ju, ", (uintmax_t)statp->st_dev, (uintmax_t)statp->st_ino); if (resolv == 0) printf("mode=0%jo, ", (uintmax_t)statp->st_mode); else { strmode(statp->st_mode, mode); printf("mode=%s, ", mode); } printf("nlink=%ju, ", (uintmax_t)statp->st_nlink); if (resolv == 0) { pwd = NULL; } else { #ifdef HAVE_LIBCAPSICUM if (cappwd != NULL) pwd = cap_getpwuid(cappwd, statp->st_uid); else #endif pwd = getpwuid(statp->st_uid); } if (pwd == NULL) printf("uid=%ju, ", (uintmax_t)statp->st_uid); else printf("uid=\"%s\", ", pwd->pw_name); if (resolv == 0) { grp = NULL; } else { #ifdef HAVE_LIBCAPSICUM if (capgrp != NULL) grp = cap_getgrgid(capgrp, statp->st_gid); else #endif grp = getgrgid(statp->st_gid); } if (grp == NULL) printf("gid=%ju, ", (uintmax_t)statp->st_gid); else printf("gid=\"%s\", ", grp->gr_name); printf("rdev=%ju, ", (uintmax_t)statp->st_rdev); printf("atime="); if (resolv == 0) printf("%jd", (intmax_t)statp->st_atim.tv_sec); else { tm = localtime(&statp->st_atim.tv_sec); strftime(timestr, sizeof(timestr), TIME_FORMAT, tm); printf("\"%s\"", timestr); } if (statp->st_atim.tv_nsec != 0) printf(".%09ld, ", statp->st_atim.tv_nsec); else printf(", "); printf("stime="); if (resolv == 0) printf("%jd", (intmax_t)statp->st_mtim.tv_sec); else { tm = localtime(&statp->st_mtim.tv_sec); strftime(timestr, sizeof(timestr), TIME_FORMAT, tm); printf("\"%s\"", timestr); } if (statp->st_mtim.tv_nsec != 0) printf(".%09ld, ", statp->st_mtim.tv_nsec); else printf(", "); printf("ctime="); if (resolv == 0) printf("%jd", (intmax_t)statp->st_ctim.tv_sec); else { tm = localtime(&statp->st_ctim.tv_sec); strftime(timestr, sizeof(timestr), TIME_FORMAT, tm); printf("\"%s\"", timestr); } if (statp->st_ctim.tv_nsec != 0) printf(".%09ld, ", statp->st_ctim.tv_nsec); else printf(", "); printf("birthtime="); if (resolv == 0) printf("%jd", (intmax_t)statp->st_birthtim.tv_sec); else { tm = localtime(&statp->st_birthtim.tv_sec); strftime(timestr, sizeof(timestr), TIME_FORMAT, tm); printf("\"%s\"", timestr); } if (statp->st_birthtim.tv_nsec != 0) printf(".%09ld, ", statp->st_birthtim.tv_nsec); else printf(", "); printf("size=%jd, blksize=%ju, blocks=%jd, flags=0x%x", (uintmax_t)statp->st_size, (uintmax_t)statp->st_blksize, (intmax_t)statp->st_blocks, statp->st_flags); printf(" }\n"); } void ktrstruct(char *buf, size_t buflen) { char *name, *data; size_t namelen, datalen; int i; cap_rights_t rights; struct stat sb; struct sockaddr_storage ss; for (name = buf, namelen = 0; namelen < buflen && name[namelen] != '\0'; ++namelen) /* nothing */; if (namelen == buflen) goto invalid; if (name[namelen] != '\0') goto invalid; data = buf + namelen + 1; datalen = buflen - namelen - 1; if (datalen == 0) goto invalid; /* sanity check */ for (i = 0; i < (int)namelen; ++i) if (!isalpha(name[i])) goto invalid; if (strcmp(name, "caprights") == 0) { if (datalen != sizeof(cap_rights_t)) goto invalid; memcpy(&rights, data, datalen); ktrcaprights(&rights); } else if (strcmp(name, "stat") == 0) { if (datalen != sizeof(struct stat)) goto invalid; memcpy(&sb, data, datalen); ktrstat(&sb); } else if (strcmp(name, "sockaddr") == 0) { if (datalen > sizeof(ss)) goto invalid; memcpy(&ss, data, datalen); if (datalen != ss.ss_len) goto invalid; ktrsockaddr((struct sockaddr *)&ss); } else { printf("unknown structure\n"); } return; invalid: printf("invalid record\n"); } void ktrcapfail(struct ktr_cap_fail *ktr) { switch (ktr->cap_type) { case CAPFAIL_NOTCAPABLE: /* operation on fd with insufficient capabilities */ printf("operation requires "); capname(&ktr->cap_needed); printf(", descriptor holds "); capname(&ktr->cap_held); break; case CAPFAIL_INCREASE: /* requested more capabilities than fd already has */ printf("attempt to increase capabilities from "); capname(&ktr->cap_held); printf(" to "); capname(&ktr->cap_needed); break; case CAPFAIL_SYSCALL: /* called restricted syscall */ printf("disallowed system call"); break; case CAPFAIL_LOOKUP: /* used ".." in strict-relative mode */ printf("restricted VFS lookup"); break; default: printf("unknown capability failure: "); capname(&ktr->cap_needed); printf(" "); capname(&ktr->cap_held); break; } printf("\n"); } void ktrfault(struct ktr_fault *ktr) { printf("0x%jx ", (uintmax_t)ktr->vaddr); vmprotname(ktr->type); printf("\n"); } void ktrfaultend(struct ktr_faultend *ktr) { vmresultname(ktr->result); printf("\n"); } #if defined(__amd64__) || defined(__i386__) void linux_ktrsyscall(struct ktr_syscall *ktr) { int narg = ktr->ktr_narg; register_t *ip; if (ktr->ktr_code >= nlinux_syscalls || ktr->ktr_code < 0) printf("[%d]", ktr->ktr_code); else { printf("%s", linux_syscallnames[ktr->ktr_code]); if (syscallno) printf("[%d]", ktr->ktr_code); } ip = &ktr->ktr_args[0]; if (narg) { char c = '('; while (narg > 0) print_number(ip, narg, c); putchar(')'); } putchar('\n'); } void linux_ktrsysret(struct ktr_sysret *ktr) { register_t ret = ktr->ktr_retval; int error = ktr->ktr_error; int code = ktr->ktr_code; if (code >= nlinux_syscalls || code < 0) printf("[%d] ", code); else { printf("%s", linux_syscallnames[code]); if (syscallno) printf("[%d]", code); printf(" "); } if (error == 0) { if (fancy) { printf("%ld", (long)ret); if (ret < 0 || ret > 9) printf("/%#lx", (unsigned long)ret); } else { if (decimal) printf("%ld", (long)ret); else printf("%#lx", (unsigned long)ret); } } else if (error == ERESTART) printf("RESTART"); else if (error == EJUSTRETURN) printf("JUSTRETURN"); else { if (ktr->ktr_error <= ELAST + 1) error = abs(bsd_to_linux_errno[ktr->ktr_error]); else error = 999; printf("-1 errno %d", error); if (fancy) printf(" %s", strerror(ktr->ktr_error)); } putchar('\n'); } #endif void usage(void) { fprintf(stderr, "usage: kdump [-dEnlHRrSsTA] [-f trfile] " "[-m maxdata] [-p pid] [-t trstr]\n"); exit(1); }