[tcpdump-workers] tcpdump -i crash
Hi, I've received a bug report that tcpdump crashes when -i option is used and there are no interfaces available. https://bugzilla.redhat.com/show_bug.cgi?id=497819 This should fix it: --- a/tcpdump.c +++ b/tcpdump.c @@ -655,6 +655,8 @@ main(int argc, char **argv) if (pcap_findalldevs(&devpointer, ebuf) < 0) error("%s", ebuf); else { + if (devpointer == NULL) + error("Invalid adapter index"); for (i = 0; i < devnum-1; i++){ devpointer = devpointer->next; if (devpointer == NULL) Thanks, -- Miroslav Lichvar - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [PATCH 1/3] Add getnameinfo support to getname and getname6.
--- addrtoname.c | 44 1 files changed, 36 insertions(+), 8 deletions(-) diff --git a/addrtoname.c b/addrtoname.c index e67d114..593840c 100644 --- a/addrtoname.c +++ b/addrtoname.c @@ -224,7 +224,6 @@ static u_int32_t f_localnet; const char * getname(const u_char *ap) { - register struct hostent *hp; u_int32_t addr; static struct hnamemem *p; /* static for longjmp() */ @@ -236,6 +235,7 @@ getname(const u_char *ap) } p->addr = addr; p->nxt = newhnamemem(); + p->name = NULL; /* * Print names unless: @@ -246,12 +246,26 @@ getname(const u_char *ap) */ if (!nflag && (addr & f_netmask) == f_localnet) { +#ifdef HAVE_GETNAMEINFO + struct sockaddr_in sa; + char hbuf[NI_MAXHOST]; + + memset(&sa, 0, sizeof (sa)); + sa.sin_family = AF_INET; + sa.sin_addr.s_addr = addr; + if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), + hbuf, sizeof (hbuf), NULL, 0, 0)) + p->name = strdup(hbuf); +#else + register struct hostent *hp; hp = gethostbyaddr((char *)&addr, 4, AF_INET); - if (hp) { - char *dotp; - + if (hp) p->name = strdup(hp->h_name); +#endif + if (p->name != NULL) { if (Nflag) { + char *dotp; + /* Remove domain qualifications */ dotp = strchr(p->name, '.'); if (dotp) @@ -272,7 +286,6 @@ getname(const u_char *ap) const char * getname6(const u_char *ap) { - register struct hostent *hp; struct in6_addr addr; static struct h6namemem *p; /* static for longjmp() */ register const char *cp; @@ -286,17 +299,32 @@ getname6(const u_char *ap) } p->addr = addr; p->nxt = newh6namemem(); + p->name = NULL; /* * Do not print names if -n was given. */ if (!nflag) { +#ifdef HAVE_GETNAMEINFO + struct sockaddr_in6 sa; + char hbuf[NI_MAXHOST]; + + memset(&sa, 0, sizeof (sa)); + sa.sin6_family = AF_INET6; + sa.sin6_addr = addr; + if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), + hbuf, sizeof (hbuf), NULL, 0, 0)) + p->name = strdup(hbuf); +#else + register struct hostent *hp; hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); - if (hp) { - char *dotp; - + if (hp) p->name = strdup(hp->h_name); +#endif + if (p->name != NULL) { if (Nflag) { + char *dotp; + /* Remove domain qualifications */ dotp = strchr(p->name, '.'); if (dotp) -- 1.6.2.5 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [PATCH 3/3] Convert port numbers to service names unless -nn is used.
--- addrtoname.c |4 ++-- tcpdump.1.in |6 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/addrtoname.c b/addrtoname.c index 593840c..59ee47a 100644 --- a/addrtoname.c +++ b/addrtoname.c @@ -736,7 +736,7 @@ init_servarray(void) while (table->name) table = table->nxt; - if (nflag) { + if (nflag > 1) { (void)snprintf(buf, sizeof(buf), "%d", port); table->name = strdup(buf); } else @@ -1136,7 +1136,7 @@ init_addrtoname(u_int32_t localnet, u_int32_t mask) f_localnet = localnet; f_netmask = mask; } - if (nflag) + if (nflag > 1) /* * Simplest way to suppress names. */ diff --git a/tcpdump.1.in b/tcpdump.1.in index 86174c2..c1dad64 100644 --- a/tcpdump.1.in +++ b/tcpdump.1.in @@ -394,7 +394,11 @@ Use \fIsecret\fP as a shared secret for validating the digests found in TCP segments with the TCP-MD5 option (RFC 2385), if present. .TP .B \-n -Don't convert addresses (i.e., host addresses, port numbers, etc.) to names. +Don't convert host addresses to names. This can be used to avoid +DNS lookups. +.TP +.B \-nn +Don't convert protocol and port numbers etc. to names either. .TP .B \-N Don't print domain name qualification of host names. -- 1.6.2.5 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [PATCH 2/3] With -C option drop root before opening first savefile.
This is to avoid having savefiles with different ownership and to avoid terminating tcpdump with permission denied error when opening second savefile. --- tcpdump.1.in |4 tcpdump.c|7 ++- 2 files changed, 10 insertions(+), 1 deletions(-) diff --git a/tcpdump.1.in b/tcpdump.1.in index f0f7ce0..86174c2 100644 --- a/tcpdump.1.in +++ b/tcpdump.1.in @@ -206,6 +206,10 @@ have the name specified with the flag, with a number after it, starting at 1 and continuing upward. The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes, not 1,048,576 bytes). + +Note that when used with +.B \-Z +option, privileges are dropped before opening first savefile. .TP .B \-d Dump the compiled packet-matching code in a human readable form to diff --git a/tcpdump.c b/tcpdump.c index 26d1d80..e37de80 100644 --- a/tcpdump.c +++ b/tcpdump.c @@ -1109,6 +1109,11 @@ main(int argc, char **argv) (void)setsignal(SIGHUP, oldhandler); #endif /* WIN32 */ + if (Cflag != 0 && (getuid() == 0 || geteuid() == 0)) { + if (username || chroot_dir) + droproot(username, chroot_dir); + } + if (pcap_setfilter(pd, &fcode) < 0) error("%s", pcap_geterr(pd)); if (WFileName) { @@ -1157,7 +1162,7 @@ main(int argc, char **argv) * We cannot do this earlier, because we want to be able to open * the file (if done) for writing before giving up permissions. */ - if (getuid() == 0 || geteuid() == 0) { + if (Cflag == 0 && (getuid() == 0 || geteuid() == 0)) { if (username || chroot_dir) droproot(username, chroot_dir); } -- 1.6.2.5 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [PATCH 1/3] Add getnameinfo support to getname and getname6.
--- addrtoname.c | 44 1 files changed, 36 insertions(+), 8 deletions(-) diff --git a/addrtoname.c b/addrtoname.c index e67d114..593840c 100644 --- a/addrtoname.c +++ b/addrtoname.c @@ -224,7 +224,6 @@ static u_int32_t f_localnet; const char * getname(const u_char *ap) { - register struct hostent *hp; u_int32_t addr; static struct hnamemem *p; /* static for longjmp() */ @@ -236,6 +235,7 @@ getname(const u_char *ap) } p->addr = addr; p->nxt = newhnamemem(); + p->name = NULL; /* * Print names unless: @@ -246,12 +246,26 @@ getname(const u_char *ap) */ if (!nflag && (addr & f_netmask) == f_localnet) { +#ifdef HAVE_GETNAMEINFO + struct sockaddr_in sa; + char hbuf[NI_MAXHOST]; + + memset(&sa, 0, sizeof (sa)); + sa.sin_family = AF_INET; + sa.sin_addr.s_addr = addr; + if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), + hbuf, sizeof (hbuf), NULL, 0, 0)) + p->name = strdup(hbuf); +#else + register struct hostent *hp; hp = gethostbyaddr((char *)&addr, 4, AF_INET); - if (hp) { - char *dotp; - + if (hp) p->name = strdup(hp->h_name); +#endif + if (p->name != NULL) { if (Nflag) { + char *dotp; + /* Remove domain qualifications */ dotp = strchr(p->name, '.'); if (dotp) @@ -272,7 +286,6 @@ getname(const u_char *ap) const char * getname6(const u_char *ap) { - register struct hostent *hp; struct in6_addr addr; static struct h6namemem *p; /* static for longjmp() */ register const char *cp; @@ -286,17 +299,32 @@ getname6(const u_char *ap) } p->addr = addr; p->nxt = newh6namemem(); + p->name = NULL; /* * Do not print names if -n was given. */ if (!nflag) { +#ifdef HAVE_GETNAMEINFO + struct sockaddr_in6 sa; + char hbuf[NI_MAXHOST]; + + memset(&sa, 0, sizeof (sa)); + sa.sin6_family = AF_INET6; + sa.sin6_addr = addr; + if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), + hbuf, sizeof (hbuf), NULL, 0, 0)) + p->name = strdup(hbuf); +#else + register struct hostent *hp; hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); - if (hp) { - char *dotp; - + if (hp) p->name = strdup(hp->h_name); +#endif + if (p->name != NULL) { if (Nflag) { + char *dotp; + /* Remove domain qualifications */ dotp = strchr(p->name, '.'); if (dotp) -- 1.6.2.5 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] [PATCH 1/3] Add getnameinfo support to getname
On Sun, Aug 30, 2009 at 06:54:34PM -0700, Guy Harris wrote: > What's the advantage to using getnameinfo() rather than gethostbyaddr(). I'm not sure there are any real advantages, it's just that gethostbyaddr() is marked as obsolete on some systems. -- Miroslav Lichvar - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] libpcap capture performance drop
On Fri, Aug 13, 2010 at 02:00:22PM -0700, Guy Harris wrote: > No. I forgot that the availability of the memory-mapped pcap > mechanism isn't determined by the configure script, it's determined > by what the system includes offer. > > Instead, in pcap-linux.c, just #if 0 out the > > /* check for memory mapped access avaibility. We assume every needed > * struct is defined if the macro TPACKET_HDRLEN is defined, because it > * uses many ring related structs and macros */ Would it be possible to support disabling mmaped access in runtime with an environment variable? I had one user complaining about slow startup of tcpdump -s 0 and it seems that there is not much we can do about it as kernel has to allocated large blocks of continuous memory. -- Miroslav Lichvar - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] typos in man pages
Hi, here is a patch fixing some typos. -- Miroslav Lichvar >From 2855059315d26bcaadd1c48d56752809cebc8219 Mon Sep 17 00:00:00 2001 From: John Bradshaw Date: Mon, 7 Mar 2011 13:27:15 +0100 Subject: [PATCH] Fix typos in man pages. --- pcap_compile.3pcap.in |2 +- pcap_next_ex.3pcap|4 ++-- pcap_open_live.3pcap |2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pcap_compile.3pcap.in b/pcap_compile.3pcap.in index e557fdb..7dbdad5 100644 --- a/pcap_compile.3pcap.in +++ b/pcap_compile.3pcap.in @@ -55,7 +55,7 @@ the filter program. If the netmask of the network on which packets are being captured isn't known to the program, or if packets are being captured on the Linux "any" pseudo-interface that can capture on more than one network, a value of PCAP_NETMASK_UNKNOWN can be supplied; tests -for IPv4 broadcast addreses will fail to compile, but all other tests in +for IPv4 broadcast addresses will fail to compile, but all other tests in the filter program will be OK. .SH RETURN VALUE .B pcap_compile() diff --git a/pcap_next_ex.3pcap b/pcap_next_ex.3pcap index 922efe2..7373836 100644 --- a/pcap_next_ex.3pcap +++ b/pcap_next_ex.3pcap @@ -95,13 +95,13 @@ as an argument to fetch or display the error text. .B pcap_next() returns a pointer to the packet data on success, and returns .B NULL -if an error occured, or if no packets were read from a live +if an error occurred, or if no packets were read from a live capture (if, for example, they were discarded because they didn't pass the packet filter, or if, on platforms that support a read timeout that starts before any packets arrive, the timeout expires before any packets arrive, or if the file descriptor for the capture device is in non-blocking mode and no packets were available to be read), or if no more packets are available in a ``savefile.'' Unfortunately, there is -no way to determine whether an error occured or not. +no way to determine whether an error occurred or not. .SH SEE ALSO pcap(3PCAP), pcap_geterr(3PCAP), pcap_dispatch(3PCAP) diff --git a/pcap_open_live.3pcap b/pcap_open_live.3pcap index 623f098..0889a2a 100644 --- a/pcap_open_live.3pcap +++ b/pcap_open_live.3pcap @@ -74,7 +74,7 @@ is filled in with an appropriate error message. .I errbuf may also be set to warning text when .B pcap_open_live() -succeds; to detect this case the caller should store a zero-length string in +succeeds; to detect this case the caller should store a zero-length string in .I errbuf before calling .B pcap_open_live() -- 1.7.4 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.