From 4065319c159c3f8c8ec8f57a856beb007cf6fbfe Mon Sep 17 00:00:00 2001 From: Denis Ovsienko Date: Sun, 24 Nov 2024 20:17:31 +0000 Subject: [PATCH] Add support for no-capture and no-inject device flags. Add PCAP_IF_NO_INJECT and PCAP_IF_NO_CAPTURE to the list of known device flags. In show_devices_and_exit() do not print a shorthand number for and in find_interface_by_number() do not count no-capture devices. Update description on the "-D" flag in the man page. Before: 1.enp8s0 [Up, Running, Connected] 2.enp4s0 [Up, Running, Connected] 3.ens5 [Up, Running, Connected] 4.any (Pseudo-device that captures on all interfaces) [Up, Running] 5.lo [Up, Running, Loopback] 6.dag0 (alias for dag0:0) [none] 7.dag0:0 (Rx stream 0) [none] 8.dag0:1 (Tx stream 1) [none] 9.dag16 (alias for dag16:0) [none] 10.dag16:0 (Rx stream 0) [none] 11.dag16:1 (Tx stream 1) [none] 12.dag17 (alias for dag17:0) [none] 13.dag17:0 (Rx stream 0) [none] 14.dag17:1 (Tx stream 1) [none] 15.bluetooth-monitor (Bluetooth Linux Monitor) [Wireless] 16.nflog (Linux netfilter log (NFLOG) interface) [none] 17.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none] After: 1.enp8s0 [Up, Running, Connected] 2.enp4s0 [Up, Running, Connected] 3.ens5 [Up, Running, Connected] 4.any (Pseudo-device that captures on all interfaces) [Up, Running, NoInject] 5.lo [Up, Running, Loopback] 6.dag0 (alias for dag0:0) [NoInject] 7.dag0:0 (Rx stream 0) [NoInject] dag0:1 (Tx stream 1) [NoCapture] 8.dag16 (alias for dag16:0) [NoInject] 9.dag16:0 (Rx stream 0) [NoInject] dag16:1 (Tx stream 1) [NoCapture] 10.dag17 (alias for dag17:0) [NoInject] 11.dag17:0 (Rx stream 0) [NoInject] dag17:1 (Tx stream 1) [NoCapture] 12.bluetooth-monitor (Bluetooth Linux Monitor) [Wireless, NoInject] 13.nflog (Linux netfilter log (NFLOG) interface) [NoInject] 14.nfqueue (Linux netfilter queue (NFQUEUE) interface) [NoInject] --- CHANGES | 1 + tcpdump.1.in | 15 ++++++++------- tcpdump.c | 44 ++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 49 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 3252df299..5e1b43791 100644 --- a/CHANGES +++ b/CHANGES @@ -55,6 +55,7 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group and use them rather than custom code Disregard setlinebuf(3), always use setvbuf(3). Change Sun RPC code licence to BSD-3-Clause. + Add support for no-capture and no-inject device flags. Building and testing: Autoconf: Remove detection of early IPv6 stacks. Detect OS IPv6 support using AF_INET6 only. diff --git a/tcpdump.1.in b/tcpdump.1.in index 0acb79eb8..318de0c8a 100644 --- a/tcpdump.1.in +++ b/tcpdump.1.in @@ -20,7 +20,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH TCPDUMP 1 "7 September 2024" +.TH TCPDUMP 1 "24 November 2024" .SH NAME tcpdump \- dump traffic on a network .SH SYNOPSIS @@ -348,13 +348,14 @@ Dump packet-matching code as decimal numbers (preceded with a count). .TP .B \-\-list\-interfaces .PD -Print the list of the network interfaces available on the system and on -which +Print the list of libpcap devices (regular and pseudo network interfaces, +802.11/Bluetooth/USB monitors, DAG/D-Bus/DPDK/netfilter/netmap/RDMA/SNF +devices etc.) available on the host on which .I tcpdump -can capture packets. For each network interface, a number and an -interface name, possibly followed by a text description of the -interface, are printed. The interface name or the number can be supplied -to the +is running. For each device print a name, a text description (if available) +and a set of flags. Also print a number unless libpcap indicates that the +device does not support packet capture. The interface name or the number +can be supplied to the .B \-i flag to specify an interface on which to capture. .IP diff --git a/tcpdump.c b/tcpdump.c index 56dc2145b..ba2c266c9 100644 --- a/tcpdump.c +++ b/tcpdump.c @@ -257,6 +257,12 @@ static const struct tok status_flags[] = { { PCAP_IF_LOOPBACK, "Loopback" }, #ifdef PCAP_IF_WIRELESS { PCAP_IF_WIRELESS, "Wireless" }, +#endif +#ifdef PCAP_IF_NO_INJECT + { PCAP_IF_NO_INJECT, "NoInject" }, +#endif +#ifdef PCAP_IF_NO_CAPTURE + { PCAP_IF_NO_CAPTURE, "NoCapture" }, #endif { 0, NULL } }; @@ -470,8 +476,25 @@ show_devices_and_exit(void) if (pcap_findalldevs(&devlist, ebuf) < 0) error("%s", ebuf); - for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) { + for (i = 0, dev = devlist; dev != NULL; dev = dev->next) { + /* + * If PCAP_IF_NO_CAPTURE is set, do not count the device and + * print it without a number. + */ +#ifdef PCAP_IF_NO_CAPTURE + if (dev->flags & PCAP_IF_NO_CAPTURE) + printf("%s %s", + i > 999 ? " " : + i > 99 ? " " : + i > 9 ? " " : + " ", + dev->name + ); + else + printf("%d.%s", i+1, dev->name); +#else printf("%d.%s", i+1, dev->name); +#endif // PCAP_IF_NO_CAPTURE if (dev->description != NULL) printf(" (%s)", dev->description); if (dev->flags != 0) { @@ -519,6 +542,11 @@ show_devices_and_exit(void) printf("]"); } printf("\n"); +#ifdef PCAP_IF_NO_CAPTURE + if (dev->flags & PCAP_IF_NO_CAPTURE) + continue; +#endif // PCAP_IF_NO_CAPTURE + i++; } pcap_freealldevs(devlist); exit_tcpdump(S_SUCCESS); @@ -1172,10 +1200,18 @@ _U_ error("%s", ebuf); /* * Look for the devnum-th entry in the list of devices (1-based). + * Do not count devices that have PCAP_IF_NO_CAPTURE set, consistently + * with show_devices_and_exit(). */ - for (i = 0, dev = devlist; i < devnum-1 && dev != NULL; - i++, dev = dev->next) - ; + for (i = 0, dev = devlist; dev != NULL; dev = dev->next) { +#ifdef PCAP_IF_NO_CAPTURE + if (dev->flags & PCAP_IF_NO_CAPTURE) + continue; +#endif // PCAP_IF_NO_CAPTURE + if (i == devnum - 1) + break; + i++; + } if (dev == NULL) { pcap_freealldevs(devlist); error("Invalid adapter index %ld: only %ld interfaces found",