diff options
| -rw-r--r-- | usr.sbin/tcpdump/privsep.c | 9 | ||||
| -rw-r--r-- | usr.sbin/tcpdump/privsep.h | 5 | ||||
| -rw-r--r-- | usr.sbin/tcpdump/privsep_pcap.c | 10 | ||||
| -rw-r--r-- | usr.sbin/tcpdump/tcpdump.8 | 13 | ||||
| -rw-r--r-- | usr.sbin/tcpdump/tcpdump.c | 26 |
5 files changed, 44 insertions, 19 deletions
diff --git a/usr.sbin/tcpdump/privsep.c b/usr.sbin/tcpdump/privsep.c index 8608f544161..bfafcca4197 100644 --- a/usr.sbin/tcpdump/privsep.c +++ b/usr.sbin/tcpdump/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.26 2007/11/27 16:22:14 martynas Exp $ */ +/* $OpenBSD: privsep.c,v 1.27 2008/04/18 21:35:11 djm Exp $ */ /* * Copyright (c) 2003 Can Erkin Acar @@ -200,7 +200,7 @@ priv_init(int argc, char **argv) /* parse the arguments for required options */ opterr = 0; while ((i = getopt(argc, argv, - "ac:deE:fF:i:lLnNOopqr:s:StT:vw:xXy:Y")) != -1) { + "ac:D:deE:fF:i:lLnNOopqr:s:StT:vw:xXy:Y")) != -1) { switch (i) { case 'n': nflag++; @@ -319,7 +319,7 @@ static void impl_open_bpf(int fd, int *bpfd) { int snaplen, promisc, err; - u_int dlt; + u_int dlt, dirfilt; char device[IFNAMSIZ]; size_t iflen; @@ -328,10 +328,11 @@ impl_open_bpf(int fd, int *bpfd) must_read(fd, &snaplen, sizeof(int)); must_read(fd, &promisc, sizeof(int)); must_read(fd, &dlt, sizeof(u_int)); + must_read(fd, &dirfilt, sizeof(u_int)); iflen = read_string(fd, device, sizeof(device), __func__); if (iflen == 0) errx(1, "Invalid interface size specified"); - *bpfd = pcap_live(device, snaplen, promisc, dlt); + *bpfd = pcap_live(device, snaplen, promisc, dlt, dirfilt); err = errno; if (*bpfd < 0) logmsg(LOG_DEBUG, diff --git a/usr.sbin/tcpdump/privsep.h b/usr.sbin/tcpdump/privsep.h index b18c1fc8597..519856e83e6 100644 --- a/usr.sbin/tcpdump/privsep.h +++ b/usr.sbin/tcpdump/privsep.h @@ -47,10 +47,11 @@ int priv_init(int, char **); void priv_init_done(void); int setfilter(int, int, char *); -int pcap_live(const char *, int, int, u_int); +int pcap_live(const char *, int, int, u_int, pcap_direction_t); struct bpf_program *priv_pcap_setfilter(pcap_t *, int, u_int32_t); -pcap_t *priv_pcap_live(const char *, int, int, int, char *, u_int); +pcap_t *priv_pcap_live(const char *, int, int, int, char *, u_int, + pcap_direction_t); pcap_t *priv_pcap_offline(const char *, char *); size_t priv_gethostbyaddr(char *, size_t, int, char *, size_t); diff --git a/usr.sbin/tcpdump/privsep_pcap.c b/usr.sbin/tcpdump/privsep_pcap.c index ee4c3b1e5d8..e79321bbcab 100644 --- a/usr.sbin/tcpdump/privsep_pcap.c +++ b/usr.sbin/tcpdump/privsep_pcap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep_pcap.c,v 1.14 2005/11/13 19:37:50 otto Exp $ */ +/* $OpenBSD: privsep_pcap.c,v 1.15 2008/04/18 21:35:11 djm Exp $ */ /* * Copyright (c) 2004 Can Erkin Acar @@ -172,7 +172,8 @@ priv_pcap_setfilter(pcap_t *hpcap, int oflag, u_int32_t netmask) /* privileged part of priv_pcap_live */ int -pcap_live(const char *device, int snaplen, int promisc, u_int dlt) +pcap_live(const char *device, int snaplen, int promisc, u_int dlt, + u_int dirfilt) { char bpf[sizeof "/dev/bpf0000000000"]; int fd, n = 0; @@ -203,6 +204,8 @@ pcap_live(const char *device, int snaplen, int promisc, u_int dlt) if (promisc) /* this is allowed to fail */ ioctl(fd, BIOCPROMISC, NULL); + if (ioctl(fd, BIOCSDIRFILT, &dirfilt) < 0) + goto error; /* lock the descriptor */ if (ioctl(fd, BIOCLOCK, NULL) < 0) @@ -221,7 +224,7 @@ pcap_live(const char *device, int snaplen, int promisc, u_int dlt) */ pcap_t * priv_pcap_live(const char *dev, int slen, int prom, int to_ms, - char *ebuf, u_int dlt) + char *ebuf, u_int dlt, u_int dirfilt) { int fd, err; struct bpf_version bv; @@ -247,6 +250,7 @@ priv_pcap_live(const char *dev, int slen, int prom, int to_ms, must_write(priv_fd, &slen, sizeof(int)); must_write(priv_fd, &prom, sizeof(int)); must_write(priv_fd, &dlt, sizeof(u_int)); + must_write(priv_fd, &dirfilt, sizeof(u_int)); write_string(priv_fd, dev); fd = receive_fd(priv_fd); diff --git a/usr.sbin/tcpdump/tcpdump.8 b/usr.sbin/tcpdump/tcpdump.8 index 256825331b9..a1a8585ad5a 100644 --- a/usr.sbin/tcpdump/tcpdump.8 +++ b/usr.sbin/tcpdump/tcpdump.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: tcpdump.8,v 1.65 2007/08/28 12:52:06 markus Exp $ +.\" $OpenBSD: tcpdump.8,v 1.66 2008/04/18 21:35:11 djm Exp $ .\" .\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.Dd $Mdocdate: August 28 2007 $ +.Dd $Mdocdate: April 18 2008 $ .Dt TCPDUMP 8 .Os .Sh NAME @@ -30,6 +30,7 @@ .Bk -words .Op Fl adefILlNnOopqStvXx .Op Fl c Ar count +.Op Fl D Ar direction .Oo Fl E Oo Ar espalg : Oc Ns .Ar espkey Oc .Op Fl F Ar file @@ -56,6 +57,14 @@ Attempt to convert network and broadcast addresses to names. Exit after receiving .Ar count packets. +.It Fl D Ar direction +Select packets flowing in the specified +.Ar direction . +Valid directions are: +.Cm in +and +.Cm out . +The default is to accept packets flowing in any direction. .It Fl d Dump the compiled packet-matching code in a human readable form to standard output and stop. diff --git a/usr.sbin/tcpdump/tcpdump.c b/usr.sbin/tcpdump/tcpdump.c index f5dfcead941..37031cd6b0c 100644 --- a/usr.sbin/tcpdump/tcpdump.c +++ b/usr.sbin/tcpdump/tcpdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcpdump.c,v 1.59 2007/10/07 16:41:05 deraadt Exp $ */ +/* $OpenBSD: tcpdump.c,v 1.60 2008/04/18 21:35:11 djm Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -26,7 +26,7 @@ static const char copyright[] = "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997\n\ The Regents of the University of California. All rights reserved.\n"; static const char rcsid[] = - "@(#) $Id: tcpdump.c,v 1.59 2007/10/07 16:41:05 deraadt Exp $ (LBL)"; + "@(#) $Id: tcpdump.c,v 1.60 2008/04/18 21:35:11 djm Exp $ (LBL)"; #endif /* @@ -221,7 +221,7 @@ main(int argc, char **argv) pcap_handler printer; struct bpf_program *fcode; u_char *pcap_userdata; - u_int dlt = (u_int) -1; + u_int dirfilt = 0, dlt = (u_int) -1; if ((cp = strrchr(argv[0], '/')) != NULL) program_name = cp + 1; @@ -237,7 +237,7 @@ main(int argc, char **argv) opterr = 0; while ((op = getopt(argc, argv, - "ac:deE:fF:i:IlLnNOopqr:s:StT:vw:xXy:Y")) != -1) + "ac:D:deE:fF:i:IlLnNOopqr:s:StT:vw:xXy:Y")) != -1) switch (op) { case 'a': @@ -250,6 +250,15 @@ main(int argc, char **argv) error("invalid packet count %s", optarg); break; + case 'D': + if (strcasecmp(optarg, "in") == 0) + dirfilt = BPF_DIRECTION_OUT; + else if (strcasecmp(optarg, "out") == 0) + dirfilt = BPF_DIRECTION_IN; + else + error("invalid traffic direction %s", optarg); + break; + case 'd': ++dflag; break; @@ -422,7 +431,8 @@ main(int argc, char **argv) if (device == NULL) error("%s", ebuf); } - pd = priv_pcap_live(device, snaplen, !pflag, 1000, ebuf, dlt); + pd = priv_pcap_live(device, snaplen, !pflag, 1000, ebuf, + dlt, dirfilt); if (pd == NULL) error("%s", ebuf); @@ -669,11 +679,11 @@ __dead void usage(void) { (void)fprintf(stderr, -"Usage: %s [-adefILlNnOopqStvXx] [-c count] [-E [espalg:]espkey] [-F file]\n", +"Usage: %s [-adefILlNnOopqStvXx] [-c count] [-D direction]\n", program_name); (void)fprintf(stderr, -"\t [-i interface] [-r file] [-s snaplen] [-T type] [-w file]\n"); +"\t [-E [espalg:]espkey] [-F file] [-i interface] [-r file]\n"); (void)fprintf(stderr, -"\t [-y datalinktype] [expression]\n"); +"\t [-s snaplen] [-T type] [-w file] [-y datalinktype] [expression]\n"); exit(1); } |