diff options
author | Laurent Ghigonis <laurent@p1sec.com> | 2013-06-05 13:05:52 +0200 |
---|---|---|
committer | Laurent Ghigonis <laurent@p1sec.com> | 2013-06-05 13:05:52 +0200 |
commit | 96dca2aca065b1e60be88d2b7c553f7769df4e5e (patch) | |
tree | 94a71909b9cc4be5c6610a0eff78df34455e129e | |
parent | gg_sniff: update README to match reality and talk about filters (diff) | |
download | glouglou-96dca2aca065b1e60be88d2b7c553f7769df4e5e.tar.xz glouglou-96dca2aca065b1e60be88d2b7c553f7769df4e5e.zip |
gg_sniff: add -f <libpcap filter>
-rw-r--r-- | gg_sniff/gg_sniff.c | 14 | ||||
-rw-r--r-- | gg_sniff/gg_sniff.h | 2 | ||||
-rw-r--r-- | gg_sniff/pcap.c | 8 |
3 files changed, 15 insertions, 9 deletions
diff --git a/gg_sniff/gg_sniff.c b/gg_sniff/gg_sniff.c index cd2d2c5..8ee6de1 100644 --- a/gg_sniff/gg_sniff.c +++ b/gg_sniff/gg_sniff.c @@ -39,7 +39,7 @@ usage(void) { extern char *__progname; - fprintf(stderr, "usage: %s [-hv] [-i interface] [ip [port]]\n", __progname); + fprintf(stderr, "usage: %s [-hv] [-f filter] [-i interface] [ip [port]]\n", __progname); exit(1); } @@ -60,6 +60,7 @@ main(int argc, char **argv) struct event *ev_sigint, *ev_sigterm, *ev_sigchld, *ev_sighup; char ggserv_ip[30] = "127.0.0.1"; char *iface = NULL; + char *filter = NULL; int ggserv_port = GLOUGLOU_PROBE_DEFAULT_PORT; int pcap_init = 0; int loglevel = 0; @@ -70,11 +71,14 @@ main(int argc, char **argv) if (geteuid() != 0) errx(1, "must be root"); - while ((op = getopt(argc, argv, "ahi:v")) != -1) { + while ((op = getopt(argc, argv, "af:hi:v")) != -1) { switch (op) { case 'a': active = 1; break; + case 'f': + filter = strndup(optarg, 256); + break; case 'h': usage(); /* NOTREACHED */ @@ -90,8 +94,8 @@ main(int argc, char **argv) } } switch (argc - optind) { - case 2: ggserv_port = atoi(argv[3]); - case 1: strncpy(ggserv_ip, argv[2], sizeof(ggserv_ip)); + case 2: ggserv_port = atoi(argv[optind+1]); + case 1: strncpy(ggserv_ip, argv[optind], sizeof(ggserv_ip)); case 0: break; default: @@ -110,7 +114,7 @@ main(int argc, char **argv) ggcli = gg_client_connect(_ev_base, ggserv_ip, ggserv_port, NULL, NULL, NULL); if (!ggcli) goto quit; - pcap_init = ggsniff_pcap_init(_ev_base, ggcli, net, iface, active); + pcap_init = ggsniff_pcap_init(_ev_base, ggcli, net, iface, active, filter); if (!pcap_init) goto quit; diff --git a/gg_sniff/gg_sniff.h b/gg_sniff/gg_sniff.h index f848c88..5cbd1fd 100644 --- a/gg_sniff/gg_sniff.h +++ b/gg_sniff/gg_sniff.h @@ -1,5 +1,5 @@ /* pcap.c */ int ggsniff_pcap_init(struct event_base *, struct gg_client *, - struct ggnet *, char *, int); + struct ggnet *, char *, int, char *); void ggsniff_pcap_shutdown(void); diff --git a/gg_sniff/pcap.c b/gg_sniff/pcap.c index 72b9133..ac27b33 100644 --- a/gg_sniff/pcap.c +++ b/gg_sniff/pcap.c @@ -98,7 +98,7 @@ static struct _cap_t _cap; int ggsniff_pcap_init(struct event_base *ev_base, struct gg_client *ggcli, - struct ggnet *net, char *iface, int active) + struct ggnet *net, char *iface, int active, char *filter) { char errbuf[PCAP_ERRBUF_SIZE]; struct bpf_program bprog; @@ -114,9 +114,11 @@ ggsniff_pcap_init(struct event_base *ev_base, struct gg_client *ggcli, err(1, "capture: pcap_open_live failed on interface %s\n" "with snaplen %d : %s", iface, PCAP_SNAPLEN, errbuf); - if (pcap_compile(pcap, &bprog, PCAP_FILTER, 0, 0) < 0) + if (!filter) + filter = strndup(PCAP_FILTER, 256); + if (pcap_compile(pcap, &bprog, filter, 0, 0) < 0) err(1, "capture: pcap_compile failed with filter %s : %s", - PCAP_FILTER, pcap_geterr(pcap)); + filter, pcap_geterr(pcap)); if (pcap_setfilter(pcap, &bprog) < 0) err(1, "capture: pcap_setfilter failed : %s", pcap_geterr(pcap)); |