sshdump: add option to prevent promiscuous mode.
Bug: 14237 Change-Id: I5cecca8ed638c3935c7c77e3a304e4b0527d7fa3 Reviewed-on: https://code.wireshark.org/review/24530 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Dario Lombardo
Michael Mann
parent
36372a2465
commit
c58aed9b73
|
|
@ -45,7 +45,8 @@ enum {
|
|||
OPT_SSHKEY,
|
||||
OPT_SSHKEY_PASSPHRASE,
|
||||
OPT_REMOTE_COUNT,
|
||||
OPT_REMOTE_SUDO
|
||||
OPT_REMOTE_SUDO,
|
||||
OPT_REMOTE_NOPROM
|
||||
};
|
||||
|
||||
static struct option longopts[] = {
|
||||
|
|
@ -55,6 +56,7 @@ static struct option longopts[] = {
|
|||
SSH_BASE_OPTIONS,
|
||||
{ "remote-capture-command", required_argument, NULL, OPT_REMOTE_CAPTURE_COMMAND},
|
||||
{ "remote-sudo", required_argument, NULL, OPT_REMOTE_SUDO },
|
||||
{ "remote-noprom", no_argument, NULL, OPT_REMOTE_NOPROM },
|
||||
{ 0, 0, 0, 0}
|
||||
};
|
||||
|
||||
|
|
@ -113,8 +115,8 @@ static char* local_interfaces_to_filter(const guint16 remote_port)
|
|||
return filter;
|
||||
}
|
||||
|
||||
static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command, const gboolean use_sudo, const char* iface,
|
||||
const char* cfilter, const guint32 count)
|
||||
static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command, const gboolean use_sudo, gboolean noprom,
|
||||
const char* iface, const char* cfilter, const guint32 count)
|
||||
{
|
||||
gchar* cmdline;
|
||||
ssh_channel channel;
|
||||
|
|
@ -150,8 +152,12 @@ static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command
|
|||
if (count > 0)
|
||||
count_str = g_strdup_printf("-c %u", count);
|
||||
|
||||
cmdline = g_strdup_printf("%s tcpdump -U -i %s -w - %s %s", use_sudo ? "sudo" : "", quoted_iface,
|
||||
count_str ? count_str : "", quoted_filter);
|
||||
cmdline = g_strdup_printf("%s tcpdump -U -i %s %s -w - %s %s",
|
||||
use_sudo ? "sudo" : "",
|
||||
quoted_iface,
|
||||
noprom ? "-p" : "",
|
||||
count_str ? count_str : "",
|
||||
quoted_filter);
|
||||
}
|
||||
|
||||
g_debug("Running: %s", cmdline);
|
||||
|
|
@ -172,7 +178,7 @@ static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command
|
|||
|
||||
static int ssh_open_remote_connection(const char* hostname, const unsigned int port, const char* username, const char* password,
|
||||
const char* sshkey, const char* sshkey_passphrase, const char* iface, const char* cfilter, const char* capture_command,
|
||||
const gboolean use_sudo, const guint32 count, const char* fifo)
|
||||
const gboolean use_sudo, gboolean noprom, const guint32 count, const char* fifo)
|
||||
{
|
||||
ssh_session sshs = NULL;
|
||||
ssh_channel channel = NULL;
|
||||
|
|
@ -196,7 +202,7 @@ static int ssh_open_remote_connection(const char* hostname, const unsigned int p
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
channel = run_ssh_command(sshs, capture_command, use_sudo, iface, cfilter, count);
|
||||
channel = run_ssh_command(sshs, capture_command, use_sudo, noprom, iface, cfilter, count);
|
||||
|
||||
if (!channel) {
|
||||
g_warning("Can't run ssh command");
|
||||
|
|
@ -285,6 +291,8 @@ static int list_config(char *interface, unsigned int remote_port)
|
|||
"{type=string}{tooltip=The remote command used to capture}\n", inc++);
|
||||
printf("arg {number=%u}{call=--remote-sudo}{display=Use sudo on the remote machine}"
|
||||
"{type=boolean}{tooltip=Prepend the capture command with sudo on the remote machine}\n", inc++);
|
||||
printf("arg {number=%u}{call=--remote-noprom}{display=No promiscuous mode}"
|
||||
"{type=boolflag}{tooltip=Don't use promiscuous mode on the remote machine}\n", inc++);
|
||||
printf("arg {number=%u}{call=--remote-filter}{display=Remote capture filter}"
|
||||
"{type=string}{tooltip=The remote capture filter}", inc++);
|
||||
if (ipfilter)
|
||||
|
|
@ -330,10 +338,11 @@ int main(int argc, char **argv)
|
|||
char* remote_filter = NULL;
|
||||
guint32 count = 0;
|
||||
int ret = EXIT_FAILURE;
|
||||
extcap_parameters * extcap_conf = g_new0(extcap_parameters, 1);
|
||||
extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1);
|
||||
char* help_url;
|
||||
char* help_header = NULL;
|
||||
gboolean use_sudo = FALSE;
|
||||
gboolean noprom = FALSE;
|
||||
|
||||
#ifdef _WIN32
|
||||
WSADATA wsaData;
|
||||
|
|
@ -368,6 +377,7 @@ int main(int argc, char **argv)
|
|||
extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface (default: eth0)");
|
||||
extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command");
|
||||
extcap_help_add_option(extcap_conf, "--remote-sudo yes", "use sudo on the remote machine to capture");
|
||||
extcap_help_add_option(extcap_conf, "--remote-noprom", "don't use promiscuous mode on the remote machine");
|
||||
extcap_help_add_option(extcap_conf, "--remote-filter <filter>", "a filter for remote capture (default: don't "
|
||||
"listen on local interfaces IPs)");
|
||||
extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of packets to capture");
|
||||
|
|
@ -454,6 +464,10 @@ int main(int argc, char **argv)
|
|||
}
|
||||
break;
|
||||
|
||||
case OPT_REMOTE_NOPROM:
|
||||
noprom = TRUE;
|
||||
break;
|
||||
|
||||
case ':':
|
||||
/* missing option argument */
|
||||
g_warning("Option '%s' requires an argument", argv[optind - 1]);
|
||||
|
|
@ -502,7 +516,7 @@ int main(int argc, char **argv)
|
|||
filter = concat_filters(extcap_conf->capture_filter, remote_filter);
|
||||
ret = ssh_open_remote_connection(remote_host, remote_port, remote_username,
|
||||
remote_password, sshkey, sshkey_passphrase, remote_interface,
|
||||
filter, remote_capture_command, use_sudo, count, extcap_conf->fifo);
|
||||
filter, remote_capture_command, use_sudo, noprom, count, extcap_conf->fifo);
|
||||
g_free(filter);
|
||||
} else {
|
||||
g_debug("You should not come here... maybe some parameter missing?");
|
||||
|
|
|
|||
Loading…
Reference in New Issue