[tcpdump-workers] tcpdump -i crash

2009-04-27 Thread Miroslav Lichvar
Hi,

I've received a bug report that tcpdump crashes when -i option is
used and there are no interfaces available.

https://bugzilla.redhat.com/show_bug.cgi?id=497819

This should fix it:

--- a/tcpdump.c
+++ b/tcpdump.c
@@ -655,6 +655,8 @@ main(int argc, char **argv)
if (pcap_findalldevs(&devpointer, ebuf) < 0)
error("%s", ebuf);
else {
+   if (devpointer == NULL)
+   error("Invalid adapter index");
for (i = 0; i < devnum-1; i++){
devpointer = devpointer->next;
if (devpointer == NULL)


Thanks,

-- 
Miroslav Lichvar
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


[tcpdump-workers] [PATCH 1/3] Add getnameinfo support to getname and getname6.

2009-08-13 Thread Miroslav Lichvar
---
 addrtoname.c |   44 
 1 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/addrtoname.c b/addrtoname.c
index e67d114..593840c 100644
--- a/addrtoname.c
+++ b/addrtoname.c
@@ -224,7 +224,6 @@ static u_int32_t f_localnet;
 const char *
 getname(const u_char *ap)
 {
-   register struct hostent *hp;
u_int32_t addr;
static struct hnamemem *p;  /* static for longjmp() */
 
@@ -236,6 +235,7 @@ getname(const u_char *ap)
}
p->addr = addr;
p->nxt = newhnamemem();
+   p->name = NULL;
 
/*
 * Print names unless:
@@ -246,12 +246,26 @@ getname(const u_char *ap)
 */
if (!nflag &&
(addr & f_netmask) == f_localnet) {
+#ifdef HAVE_GETNAMEINFO
+   struct sockaddr_in sa;
+   char hbuf[NI_MAXHOST];
+
+   memset(&sa, 0, sizeof (sa));
+   sa.sin_family = AF_INET;
+   sa.sin_addr.s_addr = addr;
+   if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa),
+   hbuf, sizeof (hbuf), NULL, 0, 0))
+   p->name = strdup(hbuf);
+#else
+   register struct hostent *hp;
hp = gethostbyaddr((char *)&addr, 4, AF_INET);
-   if (hp) {
-   char *dotp;
-
+   if (hp)
p->name = strdup(hp->h_name);
+#endif
+   if (p->name != NULL) {
if (Nflag) {
+   char *dotp;
+
/* Remove domain qualifications */
dotp = strchr(p->name, '.');
if (dotp)
@@ -272,7 +286,6 @@ getname(const u_char *ap)
 const char *
 getname6(const u_char *ap)
 {
-   register struct hostent *hp;
struct in6_addr addr;
static struct h6namemem *p; /* static for longjmp() */
register const char *cp;
@@ -286,17 +299,32 @@ getname6(const u_char *ap)
}
p->addr = addr;
p->nxt = newh6namemem();
+   p->name = NULL;
 
/*
 * Do not print names if -n was given.
 */
if (!nflag) {
+#ifdef HAVE_GETNAMEINFO
+   struct sockaddr_in6 sa;
+   char hbuf[NI_MAXHOST];
+
+   memset(&sa, 0, sizeof (sa));
+   sa.sin6_family = AF_INET6;
+   sa.sin6_addr = addr;
+   if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa),
+   hbuf, sizeof (hbuf), NULL, 0, 0))
+   p->name = strdup(hbuf);
+#else
+   register struct hostent *hp;
hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6);
-   if (hp) {
-   char *dotp;
-
+   if (hp)
p->name = strdup(hp->h_name);
+#endif
+   if (p->name != NULL) {
if (Nflag) {
+   char *dotp;
+
/* Remove domain qualifications */
dotp = strchr(p->name, '.');
if (dotp)
-- 
1.6.2.5

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


[tcpdump-workers] [PATCH 3/3] Convert port numbers to service names unless -nn is used.

2009-08-13 Thread Miroslav Lichvar
---
 addrtoname.c |4 ++--
 tcpdump.1.in |6 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/addrtoname.c b/addrtoname.c
index 593840c..59ee47a 100644
--- a/addrtoname.c
+++ b/addrtoname.c
@@ -736,7 +736,7 @@ init_servarray(void)
 
while (table->name)
table = table->nxt;
-   if (nflag) {
+   if (nflag > 1) {
(void)snprintf(buf, sizeof(buf), "%d", port);
table->name = strdup(buf);
} else
@@ -1136,7 +1136,7 @@ init_addrtoname(u_int32_t localnet, u_int32_t mask)
f_localnet = localnet;
f_netmask = mask;
}
-   if (nflag)
+   if (nflag > 1)
/*
 * Simplest way to suppress names.
 */
diff --git a/tcpdump.1.in b/tcpdump.1.in
index 86174c2..c1dad64 100644
--- a/tcpdump.1.in
+++ b/tcpdump.1.in
@@ -394,7 +394,11 @@ Use \fIsecret\fP as a shared secret for validating the 
digests found in
 TCP segments with the TCP-MD5 option (RFC 2385), if present.
 .TP
 .B \-n
-Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
+Don't convert host addresses to names.  This can be used to avoid 
+DNS lookups.
+.TP
+.B \-nn
+Don't convert protocol and port numbers etc. to names either.  
 .TP
 .B \-N
 Don't print domain name qualification of host names.
-- 
1.6.2.5

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


[tcpdump-workers] [PATCH 2/3] With -C option drop root before opening first savefile.

2009-08-13 Thread Miroslav Lichvar
This is to avoid having savefiles with different ownership and to avoid
terminating tcpdump with permission denied error when opening second
savefile.
---
 tcpdump.1.in |4 
 tcpdump.c|7 ++-
 2 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/tcpdump.1.in b/tcpdump.1.in
index f0f7ce0..86174c2 100644
--- a/tcpdump.1.in
+++ b/tcpdump.1.in
@@ -206,6 +206,10 @@ have the name specified with the
 flag, with a number after it, starting at 1 and continuing upward.
 The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
 not 1,048,576 bytes).
+
+Note that when used with
+.B \-Z
+option, privileges are dropped before opening first savefile.
 .TP
 .B \-d
 Dump the compiled packet-matching code in a human readable form to
diff --git a/tcpdump.c b/tcpdump.c
index 26d1d80..e37de80 100644
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -1109,6 +1109,11 @@ main(int argc, char **argv)
(void)setsignal(SIGHUP, oldhandler);
 #endif /* WIN32 */
 
+   if (Cflag != 0 && (getuid() == 0 || geteuid() == 0)) {
+   if (username || chroot_dir)
+   droproot(username, chroot_dir);
+   }
+
if (pcap_setfilter(pd, &fcode) < 0)
error("%s", pcap_geterr(pd));
if (WFileName) {
@@ -1157,7 +1162,7 @@ main(int argc, char **argv)
 * We cannot do this earlier, because we want to be able to open
 * the file (if done) for writing before giving up permissions.
 */
-   if (getuid() == 0 || geteuid() == 0) {
+   if (Cflag == 0 && (getuid() == 0 || geteuid() == 0)) {
if (username || chroot_dir)
droproot(username, chroot_dir);
}
-- 
1.6.2.5

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


[tcpdump-workers] [PATCH 1/3] Add getnameinfo support to getname and getname6.

2009-08-16 Thread Miroslav Lichvar
---
 addrtoname.c |   44 
 1 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/addrtoname.c b/addrtoname.c
index e67d114..593840c 100644
--- a/addrtoname.c
+++ b/addrtoname.c
@@ -224,7 +224,6 @@ static u_int32_t f_localnet;
 const char *
 getname(const u_char *ap)
 {
-   register struct hostent *hp;
u_int32_t addr;
static struct hnamemem *p;  /* static for longjmp() */
 
@@ -236,6 +235,7 @@ getname(const u_char *ap)
}
p->addr = addr;
p->nxt = newhnamemem();
+   p->name = NULL;
 
/*
 * Print names unless:
@@ -246,12 +246,26 @@ getname(const u_char *ap)
 */
if (!nflag &&
(addr & f_netmask) == f_localnet) {
+#ifdef HAVE_GETNAMEINFO
+   struct sockaddr_in sa;
+   char hbuf[NI_MAXHOST];
+
+   memset(&sa, 0, sizeof (sa));
+   sa.sin_family = AF_INET;
+   sa.sin_addr.s_addr = addr;
+   if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa),
+   hbuf, sizeof (hbuf), NULL, 0, 0))
+   p->name = strdup(hbuf);
+#else
+   register struct hostent *hp;
hp = gethostbyaddr((char *)&addr, 4, AF_INET);
-   if (hp) {
-   char *dotp;
-
+   if (hp)
p->name = strdup(hp->h_name);
+#endif
+   if (p->name != NULL) {
if (Nflag) {
+   char *dotp;
+
/* Remove domain qualifications */
dotp = strchr(p->name, '.');
if (dotp)
@@ -272,7 +286,6 @@ getname(const u_char *ap)
 const char *
 getname6(const u_char *ap)
 {
-   register struct hostent *hp;
struct in6_addr addr;
static struct h6namemem *p; /* static for longjmp() */
register const char *cp;
@@ -286,17 +299,32 @@ getname6(const u_char *ap)
}
p->addr = addr;
p->nxt = newh6namemem();
+   p->name = NULL;
 
/*
 * Do not print names if -n was given.
 */
if (!nflag) {
+#ifdef HAVE_GETNAMEINFO
+   struct sockaddr_in6 sa;
+   char hbuf[NI_MAXHOST];
+
+   memset(&sa, 0, sizeof (sa));
+   sa.sin6_family = AF_INET6;
+   sa.sin6_addr = addr;
+   if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa),
+   hbuf, sizeof (hbuf), NULL, 0, 0))
+   p->name = strdup(hbuf);
+#else
+   register struct hostent *hp;
hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6);
-   if (hp) {
-   char *dotp;
-
+   if (hp)
p->name = strdup(hp->h_name);
+#endif
+   if (p->name != NULL) {
if (Nflag) {
+   char *dotp;
+
/* Remove domain qualifications */
dotp = strchr(p->name, '.');
if (dotp)
-- 
1.6.2.5

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


Re: [tcpdump-workers] [PATCH 1/3] Add getnameinfo support to getname

2009-09-01 Thread Miroslav Lichvar
On Sun, Aug 30, 2009 at 06:54:34PM -0700, Guy Harris wrote:
> What's the advantage to using getnameinfo() rather than gethostbyaddr().

I'm not sure there are any real advantages, it's just that
gethostbyaddr() is marked as obsolete on some systems.

-- 
Miroslav Lichvar
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


Re: [tcpdump-workers] libpcap capture performance drop

2010-08-16 Thread Miroslav Lichvar
On Fri, Aug 13, 2010 at 02:00:22PM -0700, Guy Harris wrote:
> No.  I forgot that the availability of the memory-mapped pcap
> mechanism isn't determined by the configure script, it's determined
> by what the system includes offer.
> 
> Instead, in pcap-linux.c, just #if 0 out the
> 
>  /* check for memory mapped access avaibility. We assume every needed
>   * struct is defined if the macro TPACKET_HDRLEN is defined, because it
>   * uses many ring related structs and macros */

Would it be possible to support disabling mmaped access in runtime
with an environment variable?

I had one user complaining about slow startup of tcpdump -s 0 and it
seems that there is not much we can do about it as kernel has to
allocated large blocks of continuous memory.

-- 
Miroslav Lichvar
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


[tcpdump-workers] typos in man pages

2011-03-07 Thread Miroslav Lichvar
Hi,

here is a patch fixing some typos.

-- 
Miroslav Lichvar
>From 2855059315d26bcaadd1c48d56752809cebc8219 Mon Sep 17 00:00:00 2001
From: John Bradshaw 
Date: Mon, 7 Mar 2011 13:27:15 +0100
Subject: [PATCH] Fix typos in man pages.

---
 pcap_compile.3pcap.in |2 +-
 pcap_next_ex.3pcap|4 ++--
 pcap_open_live.3pcap  |2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pcap_compile.3pcap.in b/pcap_compile.3pcap.in
index e557fdb..7dbdad5 100644
--- a/pcap_compile.3pcap.in
+++ b/pcap_compile.3pcap.in
@@ -55,7 +55,7 @@ the filter program.  If the netmask of the network on which 
packets are
 being captured isn't known to the program, or if packets are being
 captured on the Linux "any" pseudo-interface that can capture on more
 than one network, a value of PCAP_NETMASK_UNKNOWN can be supplied; tests
-for IPv4 broadcast addreses will fail to compile, but all other tests in
+for IPv4 broadcast addresses will fail to compile, but all other tests in
 the filter program will be OK.
 .SH RETURN VALUE
 .B pcap_compile()
diff --git a/pcap_next_ex.3pcap b/pcap_next_ex.3pcap
index 922efe2..7373836 100644
--- a/pcap_next_ex.3pcap
+++ b/pcap_next_ex.3pcap
@@ -95,13 +95,13 @@ as an argument to fetch or display the error text.
 .B pcap_next()
 returns a pointer to the packet data on success, and returns
 .B NULL
-if an error occured, or if no packets were read from a live
+if an error occurred, or if no packets were read from a live
 capture (if, for example, they were discarded because they didn't pass
 the packet filter, or if, on platforms that support a read timeout that
 starts before any packets arrive, the timeout expires before any packets
 arrive, or if the file descriptor for the capture device is in
 non-blocking mode and no packets were available to be read), or if no
 more packets are available in a ``savefile.''  Unfortunately, there is
-no way to determine whether an error occured or not.
+no way to determine whether an error occurred or not.
 .SH SEE ALSO
 pcap(3PCAP), pcap_geterr(3PCAP), pcap_dispatch(3PCAP)
diff --git a/pcap_open_live.3pcap b/pcap_open_live.3pcap
index 623f098..0889a2a 100644
--- a/pcap_open_live.3pcap
+++ b/pcap_open_live.3pcap
@@ -74,7 +74,7 @@ is filled in with an appropriate error message.
 .I errbuf
 may also be set to warning text when
 .B pcap_open_live()
-succeds; to detect this case the caller should store a zero-length string in
+succeeds; to detect this case the caller should store a zero-length string in
 .I errbuf
 before calling
 .B pcap_open_live()
-- 
1.7.4

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.