|
|
|
@ -37,7 +37,7 @@ static gchar* sshdump_extcap_interface;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#define SSHDUMP_VERSION_MAJOR "1"
|
|
|
|
|
#define SSHDUMP_VERSION_MINOR "1"
|
|
|
|
|
#define SSHDUMP_VERSION_MINOR "2"
|
|
|
|
|
#define SSHDUMP_VERSION_RELEASE "0"
|
|
|
|
|
|
|
|
|
|
#define SSH_READ_BLOCK_SIZE 256
|
|
|
|
@ -58,7 +58,9 @@ enum {
|
|
|
|
|
OPT_SSHKEY_PASSPHRASE,
|
|
|
|
|
OPT_PROXYCOMMAND,
|
|
|
|
|
OPT_REMOTE_COUNT,
|
|
|
|
|
OPT_REMOTE_SUDO,
|
|
|
|
|
OPT_REMOTE_SUDO, // Deprecated
|
|
|
|
|
OPT_REMOTE_PRIV,
|
|
|
|
|
OPT_REMOTE_PRIV_USER,
|
|
|
|
|
OPT_REMOTE_NOPROM
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
@ -69,7 +71,9 @@ static struct ws_option longopts[] = {
|
|
|
|
|
SSH_BASE_OPTIONS,
|
|
|
|
|
{ "remote-capture-command-select", ws_required_argument, NULL, OPT_REMOTE_CAPTURE_COMMAND_SELECT},
|
|
|
|
|
{ "remote-capture-command", ws_required_argument, NULL, OPT_REMOTE_CAPTURE_COMMAND},
|
|
|
|
|
{ "remote-sudo", ws_no_argument, NULL, OPT_REMOTE_SUDO },
|
|
|
|
|
{ "remote-sudo", ws_no_argument, NULL, OPT_REMOTE_SUDO }, // Deprecated
|
|
|
|
|
{ "remote-priv", ws_required_argument, NULL, OPT_REMOTE_PRIV },
|
|
|
|
|
{ "remote-priv-user", ws_required_argument, NULL, OPT_REMOTE_PRIV_USER },
|
|
|
|
|
{ "remote-noprom", ws_no_argument, NULL, OPT_REMOTE_NOPROM },
|
|
|
|
|
{ 0, 0, 0, 0}
|
|
|
|
|
};
|
|
|
|
@ -130,7 +134,7 @@ static char* local_interfaces_to_filter(const guint16 remote_port)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command_select,
|
|
|
|
|
const char* capture_command, const gboolean use_sudo, gboolean noprom,
|
|
|
|
|
const char* capture_command, const char* privilege, gboolean noprom,
|
|
|
|
|
const char* iface, const char* cfilter, const guint32 count)
|
|
|
|
|
{
|
|
|
|
|
gchar* cmdline = NULL;
|
|
|
|
@ -175,7 +179,7 @@ static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command
|
|
|
|
|
count_str = ws_strdup_printf("-c %u", count);
|
|
|
|
|
|
|
|
|
|
cmdline = ws_strdup_printf("%s tcpdump -U %s%s %s -w - %s %s",
|
|
|
|
|
use_sudo ? "sudo" : "",
|
|
|
|
|
privilege,
|
|
|
|
|
quoted_iface ? "-i " : "",
|
|
|
|
|
quoted_iface ? quoted_iface : "",
|
|
|
|
|
noprom ? "-p" : "",
|
|
|
|
@ -196,7 +200,7 @@ static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command
|
|
|
|
|
count_str = ws_strdup_printf("-c %u", count);
|
|
|
|
|
|
|
|
|
|
cmdline = ws_strdup_printf("%s dumpcap %s %s -w - %s -f %s",
|
|
|
|
|
use_sudo ? "sudo" : "",
|
|
|
|
|
privilege,
|
|
|
|
|
noprom ? "-p" : "",
|
|
|
|
|
*ifaces ? ifaces : "",
|
|
|
|
|
count_str ? count_str : "",
|
|
|
|
@ -223,7 +227,7 @@ static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ssh_open_remote_connection(const ssh_params_t* params, const char* iface, const char* cfilter,
|
|
|
|
|
const char* capture_command_select, const char* capture_command, const gboolean use_sudo,
|
|
|
|
|
const char* capture_command_select, const char* capture_command, const char* privilege,
|
|
|
|
|
gboolean noprom, const guint32 count, const char* fifo)
|
|
|
|
|
{
|
|
|
|
|
ssh_session sshs = NULL;
|
|
|
|
@ -248,7 +252,7 @@ static int ssh_open_remote_connection(const ssh_params_t* params, const char* if
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
channel = run_ssh_command(sshs, capture_command_select, capture_command, use_sudo, noprom, iface, cfilter, count);
|
|
|
|
|
channel = run_ssh_command(sshs, capture_command_select, capture_command, privilege, noprom, iface, cfilter, count);
|
|
|
|
|
|
|
|
|
|
if (!channel) {
|
|
|
|
|
ws_warning("Can't run ssh command.");
|
|
|
|
@ -323,7 +327,7 @@ static int list_config(char *interface, unsigned int remote_port)
|
|
|
|
|
"{type=string}{tooltip=The remote SSH host. It can be both "
|
|
|
|
|
"an IP address or a hostname}{required=true}{group=Server}\n", inc++);
|
|
|
|
|
printf("arg {number=%u}{call=--remote-port}{display=Remote SSH server port}"
|
|
|
|
|
"{type=unsigned}{tooltip=The remote SSH host port (1-65535)}"
|
|
|
|
|
"{type=unsigned}{default=22}{tooltip=The remote SSH host port (1-65535)}"
|
|
|
|
|
"{range=1,65535}{group=Server}\n", inc++);
|
|
|
|
|
printf("arg {number=%u}{call=--remote-username}{display=Remote SSH server username}"
|
|
|
|
|
"{type=string}{tooltip=The remote SSH username. If not provided, "
|
|
|
|
@ -350,8 +354,18 @@ static int list_config(char *interface, unsigned int remote_port)
|
|
|
|
|
printf("value {arg=%u}{value=other}{display=Other:}\n", inc++);
|
|
|
|
|
printf("arg {number=%u}{call=--remote-capture-command}{display=Remote capture command}"
|
|
|
|
|
"{type=string}{tooltip=The remote command used to capture}{group=Capture}\n", inc++);
|
|
|
|
|
printf("arg {number=%u}{call=--remote-sudo}{display=Use sudo on the remote machine}"
|
|
|
|
|
"{type=boolflag}{tooltip=Prepend the capture command with sudo on the remote machine}"
|
|
|
|
|
// Deprecated
|
|
|
|
|
//printf("arg {number=%u}{call=--remote-sudo}{display=Use sudo on the remote machine}"
|
|
|
|
|
// "{type=boolflag}{tooltip=Prepend the capture command with sudo on the remote machine}"
|
|
|
|
|
// "{group=Capture}\n", inc++);
|
|
|
|
|
printf("arg {number=%u}{call=--remote-priv}{display=Gain capture privilege on the remote machine}"
|
|
|
|
|
"{type=radio}{tooltip=Optionally prepend the capture command with sudo or doas on the remote machine}"
|
|
|
|
|
"{group=Capture}\n", inc);
|
|
|
|
|
printf("value {arg=%u}{value=none}{display=none}{default=true}\n", inc);
|
|
|
|
|
printf("value {arg=%u}{value=sudo}{display=sudo}\n", inc);
|
|
|
|
|
printf("value {arg=%u}{value=doas -n}{display=doas}\n", inc++);
|
|
|
|
|
printf("arg {number=%u}{call=--remote-priv-user}{display=Privileged user name for sudo or doas}"
|
|
|
|
|
"{type=string}{tooltip=User name of privileged user to execute the capture command on the remote machine}"
|
|
|
|
|
"{group=Capture}\n", inc++);
|
|
|
|
|
printf("arg {number=%u}{call=--remote-noprom}{display=No promiscuous mode}"
|
|
|
|
|
"{type=boolflag}{tooltip=Don't use promiscuous mode on the remote machine}{group=Capture}"
|
|
|
|
@ -401,7 +415,8 @@ int main(int argc, char *argv[])
|
|
|
|
|
extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1);
|
|
|
|
|
char* help_url;
|
|
|
|
|
char* help_header = NULL;
|
|
|
|
|
gboolean use_sudo = FALSE;
|
|
|
|
|
char* priv = NULL;
|
|
|
|
|
char* priv_user = NULL;
|
|
|
|
|
gboolean noprom = FALSE;
|
|
|
|
|
gchar* interface_description = g_strdup("SSH remote capture");
|
|
|
|
|
|
|
|
|
@ -461,7 +476,9 @@ int main(int argc, char *argv[])
|
|
|
|
|
extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface");
|
|
|
|
|
extcap_help_add_option(extcap_conf, "--remote-capture-command-select <selection>", "dumpcap, tcpdump or other remote capture command");
|
|
|
|
|
extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command");
|
|
|
|
|
extcap_help_add_option(extcap_conf, "--remote-sudo", "use sudo on the remote machine to capture");
|
|
|
|
|
//extcap_help_add_option(extcap_conf, "--remote-sudo", "use sudo on the remote machine to capture"); // Deprecated
|
|
|
|
|
extcap_help_add_option(extcap_conf, "--remote-priv <selection>", "none, sudo or doas");
|
|
|
|
|
extcap_help_add_option(extcap_conf, "--remote-priv-user <username>", "privileged user name");
|
|
|
|
|
extcap_help_add_option(extcap_conf, "--remote-noprom", "don't use promiscuous mode on the remote machine");
|
|
|
|
|
extcap_help_add_option(extcap_conf, "--remote-filter <filter>", "a filter for remote capture (default: don't listen on local interfaces IPs)");
|
|
|
|
|
extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of packets to capture");
|
|
|
|
@ -543,7 +560,19 @@ int main(int argc, char *argv[])
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case OPT_REMOTE_SUDO:
|
|
|
|
|
use_sudo = TRUE;
|
|
|
|
|
// Deprecated
|
|
|
|
|
g_free(priv);
|
|
|
|
|
priv = g_strdup("sudo");
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case OPT_REMOTE_PRIV:
|
|
|
|
|
g_free(priv);
|
|
|
|
|
priv = g_strdup(ws_optarg);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case OPT_REMOTE_PRIV_USER:
|
|
|
|
|
g_free(priv_user);
|
|
|
|
|
priv_user = g_strdup(ws_optarg);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case OPT_REMOTE_FILTER:
|
|
|
|
@ -597,17 +626,30 @@ int main(int argc, char *argv[])
|
|
|
|
|
|
|
|
|
|
if (extcap_conf->capture) {
|
|
|
|
|
char* filter;
|
|
|
|
|
char* privilege;
|
|
|
|
|
|
|
|
|
|
if (!ssh_params->host) {
|
|
|
|
|
ws_warning("Missing parameter: --remote-host");
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((priv) && g_strcmp0(priv, "none") && strlen(g_strstrip(priv))) {
|
|
|
|
|
if ((priv_user) && strlen(g_strstrip(priv_user)))
|
|
|
|
|
/* Both sudo and doas use the same command line option */
|
|
|
|
|
privilege = g_strconcat(priv, " -u ", priv_user, NULL);
|
|
|
|
|
else
|
|
|
|
|
privilege = g_strdup(priv);
|
|
|
|
|
} else {
|
|
|
|
|
privilege = g_strdup("");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
filter = concat_filters(extcap_conf->capture_filter, remote_filter);
|
|
|
|
|
ssh_params->debug = extcap_conf->debug;
|
|
|
|
|
ret = ssh_open_remote_connection(ssh_params, remote_interface,
|
|
|
|
|
filter, remote_capture_command_select, remote_capture_command,
|
|
|
|
|
use_sudo, noprom, count, extcap_conf->fifo);
|
|
|
|
|
privilege, noprom, count, extcap_conf->fifo);
|
|
|
|
|
g_free(filter);
|
|
|
|
|
g_free(privilege);
|
|
|
|
|
} else {
|
|
|
|
|
ws_debug("You should not come here... maybe some parameter missing?");
|
|
|
|
|
ret = EXIT_FAILURE;
|
|
|
|
@ -620,6 +662,8 @@ end:
|
|
|
|
|
g_free(remote_capture_command);
|
|
|
|
|
g_free(remote_interface);
|
|
|
|
|
g_free(remote_filter);
|
|
|
|
|
g_free(priv);
|
|
|
|
|
g_free(priv_user);
|
|
|
|
|
extcap_base_cleanup(&extcap_conf);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|