From ebd753ddd7c03e1774ca81eec91bfe980a07dcb7 Mon Sep 17 00:00:00 2001 From: Peter Avalos Date: Mon, 6 Jul 2009 11:18:02 -1000 Subject: [PATCH] Remove tcpslice(1). The code is fairly ancient, and if people want it they can get it from pkgsrc. --- Makefile_upgrade.inc | 3 + contrib/tcpdump/README.DRAGONFLY | 3 +- usr.sbin/ndp/Makefile | 2 +- usr.sbin/tcpdump/Makefile | 73 ++- usr.sbin/tcpdump/Makefile.inc | 5 - usr.sbin/tcpdump/{tcpdump => }/config.h | 0 usr.sbin/tcpdump/tcpdump/Makefile | 71 --- usr.sbin/tcpdump/tcpslice/Makefile | 22 - usr.sbin/tcpdump/tcpslice/gwtm2secs.c | 73 --- usr.sbin/tcpdump/tcpslice/search.c | 565 --------------------- usr.sbin/tcpdump/tcpslice/tcpslice.1 | 274 ----------- usr.sbin/tcpdump/tcpslice/tcpslice.c | 624 ------------------------ usr.sbin/tcpdump/tcpslice/tcpslice.h | 59 --- usr.sbin/tcpdump/tcpslice/util.c | 48 -- 14 files changed, 75 insertions(+), 1747 deletions(-) delete mode 100644 usr.sbin/tcpdump/Makefile.inc rename usr.sbin/tcpdump/{tcpdump => }/config.h (100%) delete mode 100644 usr.sbin/tcpdump/tcpdump/Makefile delete mode 100644 usr.sbin/tcpdump/tcpslice/Makefile delete mode 100644 usr.sbin/tcpdump/tcpslice/gwtm2secs.c delete mode 100644 usr.sbin/tcpdump/tcpslice/search.c delete mode 100644 usr.sbin/tcpdump/tcpslice/tcpslice.1 delete mode 100644 usr.sbin/tcpdump/tcpslice/tcpslice.c delete mode 100644 usr.sbin/tcpdump/tcpslice/tcpslice.h delete mode 100644 usr.sbin/tcpdump/tcpslice/util.c diff --git a/Makefile_upgrade.inc b/Makefile_upgrade.inc index 95a38713f5..b47be87c0a 100644 --- a/Makefile_upgrade.inc +++ b/Makefile_upgrade.inc @@ -1120,3 +1120,6 @@ TO_REMOVE+=/usr/bin/gcpio TO_REMOVE+=/usr/share/man/cat1/gcpio.1.gz TO_REMOVE+=/usr/share/man/man1/gcpio.1.gz TO_REMOVE+=/usr/share/info/cpio.info.gz +TO_REMOVE+=/usr/sbin/tcpslice +TO_REMOVE+=/usr/share/man/cat1/tcpslice.1.gz +TO_REMOVE+=/usr/share/man/man1/tcpslice.1.gz diff --git a/contrib/tcpdump/README.DRAGONFLY b/contrib/tcpdump/README.DRAGONFLY index c1d4aba1c2..1f764c03a5 100644 --- a/contrib/tcpdump/README.DRAGONFLY +++ b/contrib/tcpdump/README.DRAGONFLY @@ -8,5 +8,4 @@ A list of files and directories removed is in README.DELETED These sources are used in: usr.sbin/ndp/ -usr.sbin/tcpdump/tcpdump/ -usr.sbin/tcpdump/tcpslice/ +usr.sbin/tcpdump/ diff --git a/usr.sbin/ndp/Makefile b/usr.sbin/ndp/Makefile index fcdec2841c..b29a9efff1 100644 --- a/usr.sbin/ndp/Makefile +++ b/usr.sbin/ndp/Makefile @@ -22,7 +22,7 @@ MAN= ndp.8 WARNS?= 2 CFLAGS+=-DINET6 -CFLAGS+=-I. -I${.CURDIR} -I${.CURDIR}/../tcpdump/tcpdump -I${.CURDIR}/../../contrib/tcpdump +CFLAGS+=-I. -I${.CURDIR} -I${.CURDIR}/../tcpdump -I${.CURDIR}/../../contrib/tcpdump CFLAGS+= -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" diff --git a/usr.sbin/tcpdump/Makefile b/usr.sbin/tcpdump/Makefile index 0a1f253374..7070bf6a85 100644 --- a/usr.sbin/tcpdump/Makefile +++ b/usr.sbin/tcpdump/Makefile @@ -1,5 +1,72 @@ -# @(#)Makefile 0.1 (RGrimes) 4/4/93 +# $FreeBSD: src/usr.sbin/tcpdump/tcpdump/Makefile,v 1.25.2.6 2002/07/05 11:30:32 fenner Exp $ +# $DragonFly: src/usr.sbin/tcpdump/tcpdump/Makefile,v 1.13 2007/10/11 02:46:51 pavalos Exp $ -SUBDIR= tcpdump tcpslice -.include +TCPDUMP_DISTDIR?= ${.CURDIR}/../../contrib/tcpdump +.PATH: ${TCPDUMP_DISTDIR} + +PROG= tcpdump +SRCS= addrtoname.c af.c checksum.c cpack.c \ + gmpls.c oui.c gmt2local.c ipproto.c \ + nlpid.c l2vpn.c machdep.c parsenfsfh.c \ + print-802_11.c print-ap1394.c print-ah.c print-arcnet.c \ + print-aodv.c print-arp.c print-ascii.c print-atalk.c print-atm.c \ + print-beep.c print-bfd.c print-bgp.c print-bootp.c print-cdp.c \ + print-cfm.c print-chdlc.c print-cip.c print-cnfp.c \ + print-dccp.c print-decnet.c \ + print-domain.c print-dtp.c print-dvmrp.c print-enc.c print-egp.c \ + print-eap.c print-eigrp.c \ + print-esp.c print-ether.c print-fddi.c print-fr.c \ + print-gre.c print-hsrp.c print-icmp.c print-igmp.c \ + print-igrp.c print-ip.c print-ipcomp.c print-ipfc.c \ + print-ipx.c print-isakmp.c print-isoclns.c print-juniper.c print-krb.c \ + print-l2tp.c print-lane.c print-ldp.c print-llc.c print-lldp.c \ + print-lmp.c print-lspping.c print-lwapp.c \ + print-lwres.c print-mobile.c print-mpcp.c print-mpls.c print-msdp.c \ + print-nfs.c print-ntp.c print-null.c print-olsr.c print-ospf.c \ + print-pflog.c print-pgm.c print-pim.c print-ppp.c print-pppoe.c \ + print-pptp.c print-radius.c print-raw.c print-rip.c print-rrcp.c \ + print-rsvp.c print-rx.c print-sctp.c print-sflow.c \ + print-sip.c print-sl.c print-sll.c \ + print-slow.c print-snmp.c print-stp.c print-sunatm.c print-sunrpc.c \ + print-symantec.c print-syslog.c print-tcp.c print-telnet.c print-tftp.c \ + print-timed.c print-token.c print-udld.c print-udp.c print-vjc.c \ + print-vqp.c print-vrrp.c print-vtp.c \ + print-wb.c print-zephyr.c setsignal.c tcpdump.c util.c +SRCS+= print-smb.c smbutil.c version.c +CLEANFILES+= version.c + +CFLAGS+= -I${.CURDIR} -I${TCPDUMP_DISTDIR} +CFLAGS+= -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" + +CFLAGS+= -DHAVE_RES_STATE_EXT -DHAVE_NEW_RES_STATE -DUSE_GETIPNODEBY +CFLAGS+= -DHAVE_PCAP_VERSION -UHAVE_YYDEBUG -DHAVE_GETADDRINFO -DHAVE_GETNAMEINFO +CFLAGS+= -DHAVE_STRUCT_ETHER_ADDR -DHAVE_NET_PFVAR_H + +.if !defined(NOINET6) +SRCS+= print-ip6.c print-ip6opts.c print-mobility.c \ + print-ripng.c print-icmp6.c print-frag6.c print-rt6.c \ + print-ospf6.c print-dhcp6.c + +CFLAGS+= -DINET6 +.endif +.if ${MACHINE_ARCH} != "i386" +CFLAGS+= -DLBL_ALIGN +.endif + +DPADD= ${LIBL} ${LIBPCAP} +LDADD= -ll -lpcap +.if exists(../../secure) && !defined(NO_CRYPT) && !defined(NO_OPENSSL) && \ + !defined(RELEASE_CRUNCH) +DISTRIBUTION=crypto +DPADD+= ${LIBCRYPTO} +LDADD+= -lcrypto +CFLAGS+= -I${DESTDIR}/usr/include/openssl -DHAVE_LIBCRYPTO -DHAVE_OPENSSL_EVP_H +.endif +WARNS?= 3 + +version.c: ${TCPDUMP_DISTDIR}/VERSION + @rm -f $@ + sed 's/.*/char version[] = "&";/' ${TCPDUMP_DISTDIR}/VERSION > $@ + +.include diff --git a/usr.sbin/tcpdump/Makefile.inc b/usr.sbin/tcpdump/Makefile.inc deleted file mode 100644 index e01a12b7f7..0000000000 --- a/usr.sbin/tcpdump/Makefile.inc +++ /dev/null @@ -1,5 +0,0 @@ -# @(#)Makefile.inc 5.1 (Berkeley) 5/11/90 - -WARNS?= 2 - -.include "../Makefile.inc" diff --git a/usr.sbin/tcpdump/tcpdump/config.h b/usr.sbin/tcpdump/config.h similarity index 100% rename from usr.sbin/tcpdump/tcpdump/config.h rename to usr.sbin/tcpdump/config.h diff --git a/usr.sbin/tcpdump/tcpdump/Makefile b/usr.sbin/tcpdump/tcpdump/Makefile deleted file mode 100644 index 937ca100d6..0000000000 --- a/usr.sbin/tcpdump/tcpdump/Makefile +++ /dev/null @@ -1,71 +0,0 @@ -# $FreeBSD: src/usr.sbin/tcpdump/tcpdump/Makefile,v 1.25.2.6 2002/07/05 11:30:32 fenner Exp $ -# $DragonFly: src/usr.sbin/tcpdump/tcpdump/Makefile,v 1.13 2007/10/11 02:46:51 pavalos Exp $ - - -TCPDUMP_DISTDIR?= ${.CURDIR}/../../../contrib/tcpdump -.PATH: ${TCPDUMP_DISTDIR} - -PROG= tcpdump -SRCS= addrtoname.c af.c checksum.c cpack.c \ - gmpls.c oui.c gmt2local.c ipproto.c \ - nlpid.c l2vpn.c machdep.c parsenfsfh.c \ - print-802_11.c print-ap1394.c print-ah.c print-arcnet.c \ - print-aodv.c print-arp.c print-ascii.c print-atalk.c print-atm.c \ - print-beep.c print-bfd.c print-bgp.c print-bootp.c print-cdp.c \ - print-cfm.c print-chdlc.c print-cip.c print-cnfp.c \ - print-dccp.c print-decnet.c \ - print-domain.c print-dtp.c print-dvmrp.c print-enc.c print-egp.c \ - print-eap.c print-eigrp.c \ - print-esp.c print-ether.c print-fddi.c print-fr.c \ - print-gre.c print-hsrp.c print-icmp.c print-igmp.c \ - print-igrp.c print-ip.c print-ipcomp.c print-ipfc.c \ - print-ipx.c print-isakmp.c print-isoclns.c print-juniper.c print-krb.c \ - print-l2tp.c print-lane.c print-ldp.c print-llc.c print-lldp.c \ - print-lmp.c print-lspping.c print-lwapp.c \ - print-lwres.c print-mobile.c print-mpcp.c print-mpls.c print-msdp.c \ - print-nfs.c print-ntp.c print-null.c print-olsr.c print-ospf.c \ - print-pflog.c print-pgm.c print-pim.c print-ppp.c print-pppoe.c \ - print-pptp.c print-radius.c print-raw.c print-rip.c print-rrcp.c \ - print-rsvp.c print-rx.c print-sctp.c print-sflow.c \ - print-sip.c print-sl.c print-sll.c \ - print-slow.c print-snmp.c print-stp.c print-sunatm.c print-sunrpc.c \ - print-symantec.c print-syslog.c print-tcp.c print-telnet.c print-tftp.c \ - print-timed.c print-token.c print-udld.c print-udp.c print-vjc.c \ - print-vqp.c print-vrrp.c print-vtp.c \ - print-wb.c print-zephyr.c setsignal.c tcpdump.c util.c -SRCS+= print-smb.c smbutil.c version.c -CLEANFILES+= version.c - -CFLAGS+= -I${.CURDIR} -I${TCPDUMP_DISTDIR} -CFLAGS+= -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" - -CFLAGS+= -DHAVE_RES_STATE_EXT -DHAVE_NEW_RES_STATE -DUSE_GETIPNODEBY -CFLAGS+= -DHAVE_PCAP_VERSION -UHAVE_YYDEBUG -DHAVE_GETADDRINFO -DHAVE_GETNAMEINFO -CFLAGS+= -DHAVE_STRUCT_ETHER_ADDR -DHAVE_NET_PFVAR_H - -.if !defined(NOINET6) -SRCS+= print-ip6.c print-ip6opts.c print-mobility.c \ - print-ripng.c print-icmp6.c print-frag6.c print-rt6.c \ - print-ospf6.c print-dhcp6.c - -CFLAGS+= -DINET6 -.endif -.if ${MACHINE_ARCH} != "i386" -CFLAGS+= -DLBL_ALIGN -.endif - -DPADD= ${LIBL} ${LIBPCAP} -LDADD= -ll -lpcap -.if exists(../../../secure) && !defined(NO_CRYPT) && !defined(NO_OPENSSL) && \ - !defined(RELEASE_CRUNCH) -DISTRIBUTION=crypto -DPADD+= ${LIBCRYPTO} -LDADD+= -lcrypto -CFLAGS+= -I${DESTDIR}/usr/include/openssl -DHAVE_LIBCRYPTO -DHAVE_OPENSSL_EVP_H -.endif - -version.c: ${TCPDUMP_DISTDIR}/VERSION - @rm -f $@ - sed 's/.*/char version[] = "&";/' ${TCPDUMP_DISTDIR}/VERSION > $@ - -.include diff --git a/usr.sbin/tcpdump/tcpslice/Makefile b/usr.sbin/tcpdump/tcpslice/Makefile deleted file mode 100644 index e06031b25a..0000000000 --- a/usr.sbin/tcpdump/tcpslice/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# @(#)Makefile 0.1 (RWGrimes) 3/24/93 -# $FreeBSD: src/usr.sbin/tcpdump/tcpslice/Makefile,v 1.10.6.1 2001/04/25 12:11:03 ru Exp $ -# $DragonFly: src/usr.sbin/tcpdump/tcpslice/Makefile,v 1.4 2006/12/25 00:42:01 pavalos Exp $ - -PROG= tcpslice -CFLAGS+= -I. -SRCS= gwtm2secs.c search.c tcpslice.c util.c version.c version.h -CLEANFILES+= version.c version.h -DPADD+= ${LIBPCAP} -LDADD+= -lpcap - -TCPDUMP_DISTDIR?= ${.CURDIR}/../../../contrib/tcpdump - -.ORDER: version.c version.h -version.c version.h: ${TCPDUMP_DISTDIR}/VERSION - rm -f version.c ; \ - sed 's/.*/char version[] = "&";/' ${TCPDUMP_DISTDIR}/VERSION > version.c - set `sed 's/\([0-9]*\)\.\([0-9]*\).*/\1 \2/' ${TCPDUMP_DISTDIR}/VERSION` ; \ - { echo '#define VERSION_MAJOR' $$1 ; \ - echo '#define VERSION_MINOR' $$2 ; } > version.h - -.include diff --git a/usr.sbin/tcpdump/tcpslice/gwtm2secs.c b/usr.sbin/tcpdump/tcpslice/gwtm2secs.c deleted file mode 100644 index d2ae4cb460..0000000000 --- a/usr.sbin/tcpdump/tcpslice/gwtm2secs.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * $FreeBSD: src/usr.sbin/tcpdump/tcpslice/gwtm2secs.c,v 1.4 1999/08/28 05:11:32 peter Exp $ - * $DragonFly: src/usr.sbin/tcpdump/tcpslice/gwtm2secs.c,v 1.4 2005/12/05 02:40:28 swildner Exp $ - */ - -/* - * gwtm2secs.c - convert "tm" structs for Greenwich time to Unix timestamp - */ - -#include "tcpslice.h" - -static int days_in_month[] = - /* Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec */ - { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; - -#define IS_LEAP_YEAR(year) \ - (year % 4 == 0 && (year % 100 != 0 || year % 400 == 0)) - -time_t -gwtm2secs(struct tm *tm) -{ - int i, days, year; - - year = tm->tm_year; - - /* - * Allow for year being specified with either 2 digits or 4 digits. - * 2-digit years are either 19xx or 20xx - a simple heuristic - * distinguishes them, since we can't represent any time < 1970. - */ - if (year < 100) { - if (year >= 70) - year += 1900; - else - year += 2000; - } - - days = 0; - for (i = 1970; i < year; ++i) { - days += 365; - if (IS_LEAP_YEAR(i)) - ++days; - } - - for (i = 0; i < tm->tm_mon; ++i) - days += days_in_month[i]; - - if (IS_LEAP_YEAR(year) && tm->tm_mon > 1) /* 1 is February */ - ++days; - - days += tm->tm_mday - 1; /* -1 since days are numbered starting at 1 */ - - return(days * 86400 + tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec); -} diff --git a/usr.sbin/tcpdump/tcpslice/search.c b/usr.sbin/tcpdump/tcpslice/search.c deleted file mode 100644 index 1a915879a0..0000000000 --- a/usr.sbin/tcpdump/tcpslice/search.c +++ /dev/null @@ -1,565 +0,0 @@ -/* - * Copyright (c) 1990, 1991, 1992, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * $FreeBSD: src/usr.sbin/tcpdump/tcpslice/search.c,v 1.4 1999/08/28 05:11:32 peter Exp $ - * $DragonFly: src/usr.sbin/tcpdump/tcpslice/search.c,v 1.2 2003/06/17 04:30:03 dillon Exp $ - */ - -/* - * search.c - supports fast searching through tcpdump files for timestamps - */ - -#include "tcpslice.h" - - -/* Maximum number of seconds that we can conceive of a dump file spanning. */ -#define MAX_REASONABLE_FILE_SPAN (3600*24*366) /* one year */ - -/* Maximum packet length we ever expect to see. */ -#define MAX_REASONABLE_PACKET_LENGTH 65535 - -/* Size of a packet header in bytes; easier than typing the sizeof() all - * the time ... - */ -#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr )) - -extern int snaplen; - -/* The maximum size of a packet, including its header. */ -#define MAX_PACKET_SIZE (PACKET_HDR_LEN + snaplen) - -/* Number of contiguous bytes from a dumpfile in which there's guaranteed - * to be enough information to find a "definite" header if one exists - * therein. This takes 3 full packets - the first to be just misaligned - * (one byte short of a full packet), missing its timestamp; the second - * to have the legitimate timestamp; and the third to provide confirmation - * that the second is legit, making it a "definite" header. We could - * scrimp a bit here since not the entire third packet is required, but - * it doesn't seem worth it - */ -#define MAX_BYTES_FOR_DEFINITE_HEADER (3 * MAX_PACKET_SIZE) - -/* Maximum number of seconds that might reasonably separate two headers. */ -#define MAX_REASONABLE_HDR_SEPARATION (3600 * 24 * 7) /* one week */ - -/* When searching a file for a packet, if we think we're within this many - * bytes of the packet we just search linearly. Since linear searches are - * probably much faster than random ones (random ones require searching for - * the beginning of the packet, which may be unaligned in memory), we make - * this value pretty hefty. - */ -#define STRAIGHT_SCAN_THRESHOLD (100 * MAX_PACKET_SIZE) - - -/* Given a header and an acceptable first and last time stamp, returns non-zero - * if the header looks reasonable and zero otherwise. - */ -static int -reasonable_header( struct pcap_pkthdr *hdr, long first_time, long last_time ) - { - if ( last_time == 0 ) - last_time = first_time + MAX_REASONABLE_FILE_SPAN; - - return hdr->ts.tv_sec >= first_time && - hdr->ts.tv_sec <= last_time && - hdr->len > 0 && - hdr->len <= MAX_REASONABLE_PACKET_LENGTH && - hdr->caplen > 0 && - hdr->caplen <= MAX_REASONABLE_PACKET_LENGTH; - } - - -#define SWAPLONG(y) \ -((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) -#define SWAPSHORT(y) \ - ( (((y)&0xff)<<8) | (((y)&0xff00)>>8) ) - -/* Given a buffer, extracts a (properly aligned) packet header from it. */ - -static void -extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr ) - { - bcopy((char *) buf, (char *) hdr, sizeof(struct pcap_pkthdr)); - - if ( pcap_is_swapped( p ) ) - { - hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); - hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec); - hdr->len = SWAPLONG(hdr->len); - hdr->caplen = SWAPLONG(hdr->caplen); - } - - /* - * From bpf/libpcap/savefile.c: - * - * We interchanged the caplen and len fields at version 2.3, - * in order to match the bpf header layout. But unfortunately - * some files were written with version 2.3 in their headers - * but without the interchanged fields. - */ - if ( pcap_minor_version( p ) < 3 || - (pcap_minor_version( p ) == 3 && hdr->caplen > hdr->len) ) - { - int t = hdr->caplen; - hdr->caplen = hdr->len; - hdr->len = t; - } - } - - -/* Search a buffer to locate the first header within it. Return values - * are HEADER_NONE, HEADER_CLASH, HEADER_PERHAPS, and HEADER_DEFINITELY. - * The first indicates that no evidence of a header was found; the second - * that two or more possible headers were found, neither more convincing - * than the other(s); the third that exactly one "possible" header was - * found; and the fourth that exactly one "definite" header was found. - * - * Headers are detected by looking for positions in the buffer which have - * reasonable timestamps and lengths. If there is enough room in the buffer - * for another header to follow a candidate header, a check is made for - * that following header. If it is present then the header is *definite* - * (unless another "perhaps" or "definite" header is found); if not, then - * the header is discarded. If there is not enough room in the buffer for - * another header then the candidate is *perhaps* (unless another header - * is subsequently found). A "tie" between a "definite" header and a - * "perhaps" header is resolved in favor of the definite header. Any - * other tie leads to HEADER_CLASH. - * - * The buffer position of the header is returned in hdrpos_addr and - * for convenience the corresponding header in return_hdr. - * - * first_time is the earliest possible acceptable timestamp in the - * header. last_time, if non-zero, is the last such timestamp. If - * zero, then up to MAX_REASONABLE_FILE_SPAN seconds after first_time - * is acceptable. - */ - -#define HEADER_NONE 0 -#define HEADER_CLASH 1 -#define HEADER_PERHAPS 2 -#define HEADER_DEFINITELY 3 - -static int -find_header( pcap_t *p, u_char *buf, int buf_len, - long first_time, long last_time, - u_char **hdrpos_addr, struct pcap_pkthdr *return_hdr ) - { - u_char *bufptr, *bufend, *last_pos_to_try; - struct pcap_pkthdr hdr, hdr2; - int status = HEADER_NONE; - int saw_PERHAPS_clash = 0; - - /* Initially, try each buffer position to see whether it looks like - * a valid packet header. We may later restrict the positions we look - * at to avoid seeing a sequence of legitimate headers as conflicting - * with one another. - */ - bufend = buf + buf_len; - last_pos_to_try = bufend - PACKET_HDR_LEN; - - for ( bufptr = buf; bufptr < last_pos_to_try; ++bufptr ) - { - extract_header( p, bufptr, &hdr ); - - if ( reasonable_header( &hdr, first_time, last_time ) ) - { - u_char *next_header = bufptr + PACKET_HDR_LEN + hdr.caplen; - - if ( next_header + PACKET_HDR_LEN < bufend ) - { /* check for another good header */ - extract_header( p, next_header, &hdr2 ); - - if ( reasonable_header( &hdr2, hdr.ts.tv_sec, - hdr.ts.tv_sec + MAX_REASONABLE_HDR_SEPARATION ) ) - { /* a confirmed header */ - switch ( status ) - { - case HEADER_NONE: - case HEADER_PERHAPS: - status = HEADER_DEFINITELY; - *hdrpos_addr = bufptr; - *return_hdr = hdr; - - /* Make sure we don't demote this "definite" - * to a "clash" if we stumble across its - * successor. - */ - last_pos_to_try = next_header - PACKET_HDR_LEN; - break; - - case HEADER_DEFINITELY: - return HEADER_CLASH; - - default: - error( "bad status in find_header()" ); - } - } - - /* ... else the header is bogus - we've verified that it's - * not followed by a reasonable header. - */ - } - - else - { /* can't check for another good header */ - switch ( status ) - { - case HEADER_NONE: - status = HEADER_PERHAPS; - *hdrpos_addr = bufptr; - *return_hdr = hdr; - break; - - case HEADER_PERHAPS: - /* We don't immediately turn this into a - * clash because perhaps we'll later see a - * "definite" which will save us ... - */ - saw_PERHAPS_clash = 1; - break; - - case HEADER_DEFINITELY: - /* Keep the definite in preference to this one. */ - break; - - default: - error( "bad status in find_header()" ); - } - } - } - } - - if ( status == HEADER_PERHAPS && saw_PERHAPS_clash ) - status = HEADER_CLASH; - - return status; - } - - -/* Positions the sf_readfile stream such that the next sf_read() will - * read the final full packet in the file. Returns non-zero if - * successful, zero if unsuccessful. If successful, returns the - * timestamp of the last packet in last_timestamp. - * - * Note that this routine is a special case of sf_find_packet(). In - * order to use sf_find_packet(), one first must use this routine in - * order to give sf_find_packet() an upper bound on the timestamps - * present in the dump file. - */ -int -sf_find_end( pcap_t *p, struct timeval *first_timestamp, - struct timeval *last_timestamp ) - { - long first_time = first_timestamp->tv_sec; - u_int num_bytes; - u_char *buf, *bufpos, *bufend; - u_char *hdrpos; - struct pcap_pkthdr hdr, successor_hdr; - int status; - - /* Allow enough room for at least two full (untruncated) packets, - * perhaps followed by a truncated packet, so we have a shot at - * finding a "definite" header and following its chain to the - * end of the file. - */ - num_bytes = MAX_BYTES_FOR_DEFINITE_HEADER; - if ( fseek( pcap_file( p ), (long) -num_bytes, 2 ) < 0 ) - return 0; - - buf = (u_char *)malloc((u_int) num_bytes); - if ( ! buf ) - return 0; - - status = 0; - bufpos = buf; - bufend = buf + num_bytes; - - if ( fread( (char *) bufpos, num_bytes, 1, pcap_file( p ) ) != 1 ) - goto done; - - if ( find_header( p, bufpos, num_bytes, - first_time, 0L, &hdrpos, &hdr ) != HEADER_DEFINITELY ) - goto done; - - /* Okay, we have a definite header in our hands. Follow its - * chain till we find the last valid packet in the file ... - */ - for ( ; ; ) - { - /* move to the next header position */ - bufpos = hdrpos + PACKET_HDR_LEN + hdr.caplen; - - /* bufpos now points to a candidate packet, which if valid - * should replace the current packet pointed to by hdrpos as - * the last valid packet ... - */ - if ( bufpos >= bufend - PACKET_HDR_LEN ) - /* not enough room for another header */ - break; - - extract_header( p, bufpos, &successor_hdr ); - - first_time = hdr.ts.tv_sec; - if ( ! reasonable_header( &successor_hdr, first_time, 0L ) ) - /* this bodes ill - it means bufpos is perhaps a - * bogus packet header after all ... - */ - break; - - /* Note that the following test is for whether the next - * packet starts at a position > bufend, *not* for a - * position >= bufend. If this is the last packet in the - * file and there isn't a subsequent partial packet, then - * we expect the first buffer position beyond this packet - * to be just beyond the end of the buffer, i.e., at bufend - * itself. - */ - if ( bufpos + PACKET_HDR_LEN + successor_hdr.caplen > bufend ) - /* the packet is truncated */ - break; - - /* Accept this packet as fully legit. */ - hdrpos = bufpos; - hdr = successor_hdr; - } - - /* Success! Last valid packet is at hdrpos. */ - *last_timestamp = hdr.ts; - status = 1; - - /* Seek so that the next read will start at last valid packet. */ - if ( fseek( pcap_file( p ), (long) -(bufend - hdrpos), 2 ) < 0 ) - error( "final fseek() failed in sf_find_end()" ); - - done: - free( (char *) buf ); - - return status; - } - - -/* Takes two timeval's and returns the difference, tv2 - tv1, as a double. */ - -static double -timeval_diff( struct timeval *tv1, struct timeval *tv2 ) - { - double result = (tv2->tv_sec - tv1->tv_sec); - result += (tv2->tv_usec - tv1->tv_usec) / 1000000.0; - - return result; - } - - -/* Returns true if timestamp t1 is chronologically less than timestamp t2. */ - -int -sf_timestamp_less_than( struct timeval *t1, struct timeval *t2 ) - { - return t1->tv_sec < t2->tv_sec || - (t1->tv_sec == t2->tv_sec && - t1->tv_usec < t2->tv_usec); - } - - -/* Given two timestamps on either side of desired_time and their positions, - * returns the interpolated position of the desired_time packet. Returns a - * negative value if the desired_time is outside the given range. - */ - -static long -interpolated_position( struct timeval *min_time, long min_pos, - struct timeval *max_time, long max_pos, - struct timeval *desired_time ) - { - double full_span = timeval_diff( max_time, min_time ); - double desired_span = timeval_diff( desired_time, min_time ); - long full_span_pos = max_pos - min_pos; - double fractional_offset = desired_span / full_span; - - if ( fractional_offset < 0.0 || fractional_offset > 1.0 ) - return -1; - - return min_pos + (long) (fractional_offset * (double) full_span_pos); - } - - -/* Reads packets linearly until one with a time >= the given desired time - * is found; positions the dump file so that the next read will start - * at the given packet. Returns non-zero on success, 0 if an EOF was - * first encountered. - */ - -static int -read_up_to( pcap_t *p, struct timeval *desired_time ) - { - struct pcap_pkthdr hdr; - const u_char *buf; - long pos; - int status; - - for ( ; ; ) - { - struct timeval *timestamp; - - pos = ftell( pcap_file( p ) ); - buf = pcap_next( p, &hdr ); - - if ( buf == 0 ) - { - if ( feof( pcap_file( p ) ) ) - { - status = 0; - clearerr( pcap_file( p ) ); - break; - } - - error( "bad status in read_up_to()" ); - } - - timestamp = &hdr.ts; - - if ( ! sf_timestamp_less_than( timestamp, desired_time ) ) - { - status = 1; - break; - } - } - - if ( fseek( pcap_file( p ), pos, 0 ) < 0 ) - error( "fseek() failed in read_up_to()" ); - - return (status); - } - - -/* Positions the sf_readfile stream so that the next sf_read() will - * return the first packet with a time greater than or equal to - * desired_time. desired_time must be greater than min_time and less - * than max_time, which should correspond to actual packets in the - * file. min_pos is the file position (byte offset) corresponding to - * the min_time packet and max_pos is the same for the max_time packet. - * - * Returns non-zero on success, 0 if the given position is beyond max_pos. - * - * NOTE: when calling this routine, the sf_readfile stream *must* be - * already aligned so that the next call to sf_next_packet() will yield - * a valid packet. - */ - -int -sf_find_packet( pcap_t *p, - struct timeval *min_time, long min_pos, - struct timeval *max_time, long max_pos, - struct timeval *desired_time ) - { - int status = 1; - struct timeval min_time_copy, max_time_copy; - u_int num_bytes = MAX_BYTES_FOR_DEFINITE_HEADER; - int num_bytes_read; - long desired_pos, present_pos; - u_char *buf, *hdrpos; - struct pcap_pkthdr hdr; - - buf = (u_char *) malloc( num_bytes ); - if ( ! buf ) - error( "malloc() failured in sf_find_packet()" ); - - min_time_copy = *min_time; - min_time = &min_time_copy; - - max_time_copy = *max_time; - max_time = &max_time_copy; - - for ( ; ; ) /* loop until positioned correctly */ - { - desired_pos = - interpolated_position( min_time, min_pos, - max_time, max_pos, - desired_time ); - - if ( desired_pos < 0 ) - { - status = 0; - break; - } - - present_pos = ftell( pcap_file( p ) ); - - if ( present_pos <= desired_pos && - desired_pos - present_pos < STRAIGHT_SCAN_THRESHOLD ) - { /* we're close enough to just blindly read ahead */ - status = read_up_to( p, desired_time ); - break; - } - - /* Undershoot the target a little bit - it's much easier to - * then scan straight forward than to try to read backwards ... - */ - desired_pos -= STRAIGHT_SCAN_THRESHOLD / 2; - if ( desired_pos < min_pos ) - desired_pos = min_pos; - - if ( fseek( pcap_file( p ), desired_pos, 0 ) < 0 ) - error( "fseek() failed in sf_find_packet()" ); - - num_bytes_read = - fread( (char *) buf, 1, num_bytes, pcap_file( p ) ); - - if ( num_bytes_read == 0 ) - /* This shouldn't ever happen because we try to - * undershoot, unless the dump file has only a - * couple packets in it ... - */ - error( "fread() failed in sf_find_packet()" ); - - if ( find_header( p, buf, num_bytes, min_time->tv_sec, - max_time->tv_sec, &hdrpos, &hdr ) != - HEADER_DEFINITELY ) - error( "can't find header at position %ld in dump file", - desired_pos ); - - /* Correct desired_pos to reflect beginning of packet. */ - desired_pos += (hdrpos - buf); - - /* Seek to the beginning of the header. */ - if ( fseek( pcap_file( p ), desired_pos, 0 ) < 0 ) - error( "fseek() failed in sf_find_packet()" ); - - if ( sf_timestamp_less_than( &hdr.ts, desired_time ) ) - { /* too early in the file */ - *min_time = hdr.ts; - min_pos = desired_pos; - } - - else if ( sf_timestamp_less_than( desired_time, &hdr.ts ) ) - { /* too late in the file */ - *max_time = hdr.ts; - max_pos = desired_pos; - } - - else - /* got it! */ - break; - } - - free( (char *) buf ); - - return status; - } diff --git a/usr.sbin/tcpdump/tcpslice/tcpslice.1 b/usr.sbin/tcpdump/tcpslice/tcpslice.1 deleted file mode 100644 index 3bc9445ecf..0000000000 --- a/usr.sbin/tcpdump/tcpslice/tcpslice.1 +++ /dev/null @@ -1,274 +0,0 @@ -.\" Copyright (c) 1988-1990 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that: (1) source code distributions -.\" retain the above copyright notice and this paragraph in its entirety, (2) -.\" distributions including binary code include the above copyright notice and -.\" this paragraph in its entirety in the documentation or other materials -.\" provided with the distribution, and (3) all advertising materials mentioning -.\" features or use of this software display the following acknowledgement: -.\" ``This product includes software developed by the University of California, -.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of -.\" the University nor the names of its contributors may be used to endorse -.\" or promote products derived from this software without specific prior -.\" written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED -.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.\" -.\" $FreeBSD: src/usr.sbin/tcpdump/tcpslice/tcpslice.1,v 1.7.2.8 2003/03/11 22:31:33 trhodes Exp $ -.\" $DragonFly: src/usr.sbin/tcpdump/tcpslice/tcpslice.1,v 1.2 2003/06/17 04:30:03 dillon Exp $ -.\" -.Dd October 14, 1991 -.Dt TCPSLICE 1 -.Os -.Sh NAME -.Nm tcpslice -.Nd extract pieces of and/or glue together tcpdump files -.Sh SYNOPSIS -.Nm -.Op Fl dRrt -.Op Fl w Ar file -.Op Ar start-time Op end-time -.Ar -.Sh DESCRIPTION -The -.Nm -utility extracts portions of packet-trace files generated using -.Xr tcpdump 1 Ns 's -.Fl w -flag. -It can also be used to glue together several such files, as discussed -below. -.Pp -The basic operation of -.Nm -is to copy to -.Pa stdout -all packets from its input file(s) whose timestamps fall -within a given range. The starting and ending times of the range -may be specified on the command line. All ranges are inclusive. -The starting time defaults -to the time of the first packet in the first input file; we call -this the -.Em first time . -The ending time defaults to ten years after the starting time. -Thus, the command -.Nm -.Ar trace-file -simply copies -.Ar trace-file -to -.Pa stdout -(assuming the file does not include more than -ten years' worth of data). -.Pp -There are a number of ways to specify times. The first is using -Unix timestamps of the form -.Em sssssssss.uuuuuu -(this is the format specified by -.Xr tcpdump 1 Ns 's -.Fl tt -flag). -For example, -.Em 654321098.7654 -specifies 38 seconds and 765,400 microseconds -after 8:51PM PDT, Sept. 25, 1990. -.Pp -All examples in this manual are given -for PDT times, but when displaying times and interpreting times symbolically -as discussed below, -.Nm -uses the local timezone, regardless of the timezone in which the -.Xr tcpdump 1 -file was generated. The daylight-savings setting used is that which is -appropriate for the local timezone at the date in question. For example, -times associated with summer months will usually include daylight-savings -effects, and those with winter months will not. -.Pp -Times may also be specified relative -to either the -.Em first time -(when specifying a starting time) -or the starting time (when specifying an ending time) -by preceding a numeric value in seconds with a `+'. -For example, a starting time of -.Em +200 -indicates 200 seconds after the -.Em first time , -and the two arguments -.Em +200 +300 -indicate from 200 seconds after the -.Em first time -through 500 seconds after the -.Em first time . -.Pp -Times may also be specified in terms of years (y), months (m), days (d), -hours (h), minutes (m), seconds (s), and microseconds(u). For example, -the Unix timestamp 654321098.7654 discussed above could also be expressed -as -.Em 90y9m25d20h51m38s765400u . -.Pp -When specifying times using this style, fields that are omitted default -as follows. If the omitted field is a unit -.Em greater -than that of the first specified field, then its value defaults to -the corresponding value taken from either -.Em first time -(if the starting time is being specified) or the starting time -(if the ending time is being specified). -If the omitted field is a unit -.Em less -than that of the first specified field, then it defaults to zero. -For example, suppose that the input file has a -.Em first time -of the Unix timestamp mentioned above, i.e., 38 seconds and 765,400 microseconds -after 8:51PM PDT, Sept. 25, 1990. To specify 9:36PM PDT (exactly) on the -same date we could use -.Em 21h36m . -To specify a range from 9:36PM PDT through 1:54AM PDT the next day we -could use -.Em 21h36m 26d1h54m . -.Pp -Relative times can also be specified when using the -.Em ymdhmsu -format. Omitted fields then default to 0 if the unit of the field is -.Em greater -than that of the first specified field, and to the corresponding value -taken from either the -.Em first time -or the starting time if the omitted field's unit is -.Em less -than that of the first specified field. Given a -.Em first time -of the Unix timestamp mentioned above, -.Em 22h +1h10m -specifies a range from 10:00PM PDT on that date through 11:10PM PDT, and -.Em +1h +1h10m -specifies a range from 38.7654 seconds after 9:51PM PDT through 38.7654 -seconds after 11:01PM PDT. The first hour of the file could be extracted -using -.Em +0 +1h . -.Pp -Note that with the -.Em ymdhmsu -format there is an ambiguity between using -.Em m -for `month' or for `minute'. The ambiguity is resolved as follows: if an -.Em m -field is followed by a -.Em d -field then it is interpreted as specifying months; otherwise it -specifies minutes. -.Pp -If more than one input file is specified then -.Nm -first copies packets lying in the given range from the first file; it -then increases the starting time of the range to lie just beyond the -timestamp of the last packet in the first file, repeats the process -with the second file, and so on. Thus files with interleaved packets -are -.Em not -merged. For a given file, only packets that are newer than any in the -preceding files will be considered. This mechanism avoids any possibility -of a packet occurring more than once in the output. -.Sh OPTIONS -If any of -.Fl R , -.Fl r -or -.Fl t -are specified then -.Nm -reports the timestamps of the first and last packets in each input file -and exits. Only one of these three options may be specified. -.Pp -The following options are available: -.Bl -tag -width indent -.It Fl d -Dump the start and end times specified by the given range and -exit. This option is useful for checking that the given range actually -specifies the times you think it does. If one of -.Fl R , -.Fl r -or -.Fl t -has been specified then the times are dumped in the corresponding -format; otherwise, raw format -.Pq Fl R -is used. -.It Fl R -Dump the timestamps of the first and last packets in each input file -as raw timestamps (i.e., in the form -.Em sssssssss.uuuuuu ) . -.It Fl r -Same as -.Fl R -except the timestamps are dumped in human-readable format, similar -to that used by -.Xr date 1 . -.It Fl t -Same as -.Fl R -except the timestamps are dumped in -.Nm -format, i.e., in the -.Em ymdhmsu -format discussed above. -.It Fl w Ar file -Direct the output to -.Ar file -rather than -.Pa stdout . -.El -.Sh SEE ALSO -.Xr tcpdump 1 -.Sh AUTHORS -.An Vern Paxson Aq vern@ee.lbl.gov , -of Lawrence Berkeley Laboratory, University of California, Berkeley, CA. -.Sh BUGS -An input filename that beings with a digit or a `+' can be confused -with a start/end time. Such filenames can be specified with a -leading `./'; for example, specify the file `04Jul76.trace' as -`./04Jul76.trace'. -.Pp -The -.Nm -utility cannot read its input from -.Pa stdin , -since it uses random-access -to rummage through its input files. -.Pp -The -.Nm -utility refuses to write to its output if it is a terminal -(as indicated by -.Xr isatty 3 ) . -This is not a bug but a feature, -to prevent it from spraying binary data to the user's terminal. -Note that this means you must either redirect -.Pa stdout -or specify an -output file via -.Fl w . -.Pp -The -.Nm -utility will not work properly on -.Xr tcpdump 1 -files spanning more than one year; -with files containing portions of packets whose original length was -more than 65,535 bytes; nor with files containing fewer than three packets. -Such files result in -the error message: `couldn't find final packet in file'. These problems -are due to the interpolation scheme used by -.Nm -to greatly speed up its processing when dealing with large trace files. -Note that -.Nm -can efficiently extract slices from the middle of trace files of any -size, and can also work with truncated trace files (i.e., the final packet -in the file is only partially present, typically due to -.Xr tcpdump 1 -being ungracefully killed). diff --git a/usr.sbin/tcpdump/tcpslice/tcpslice.c b/usr.sbin/tcpdump/tcpslice/tcpslice.c deleted file mode 100644 index a929bb8aa9..0000000000 --- a/usr.sbin/tcpdump/tcpslice/tcpslice.c +++ /dev/null @@ -1,624 +0,0 @@ -/* - * Copyright (c) 1987-1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * @(#) Copyright (c) 1987-1990 The Regents of the University of California. All rights reserved. - * $FreeBSD: src/usr.sbin/tcpdump/tcpslice/tcpslice.c,v 1.9.2.1 2000/07/01 01:34:11 ps Exp $ - * $DragonFly: src/usr.sbin/tcpdump/tcpslice/tcpslice.c,v 1.4 2004/04/23 17:55:11 cpressey Exp $ - */ - -/* - * tcpslice - extract pieces of and/or glue together tcpdump files - */ - -#include -#include "tcpslice.h" - -int tflag = 0; /* global that util routines are sensitive to */ -int fddipad; /* XXX: libpcap needs this global */ - -/* - * Style in which to print timestamps; RAW is "secs.usecs"; READABLE is - * ala the Unix "date" tool; and PARSEABLE is tcpslice's custom format, - * designed to be easy to parse. The default is RAW. - */ -enum stamp_styles { TIMESTAMP_RAW, TIMESTAMP_READABLE, TIMESTAMP_PARSEABLE }; -enum stamp_styles timestamp_style = TIMESTAMP_RAW; - -#ifndef __DragonFly__ -extern int getopt(int argc, char **argv, char *optstring); -#endif - -int is_timestamp(char *str); -long local_time_zone(long timestamp); -struct timeval parse_time(char *time_string, struct timeval base_time); -void fill_tm(char *time_string, int is_delta, struct tm *t, time_t *usecs_addr); -void get_file_range(char filename[], pcap_t **p, - struct timeval *first_time, struct timeval *last_time); -struct timeval first_packet_time(char filename[], pcap_t **p_addr); -void extract_slice(char filename[], char write_file_name[], - struct timeval *start_time, struct timeval *stop_time); -char *timestamp_to_string(struct timeval *timestamp); -void dump_times(pcap_t **p, char filename[]); -static void usage(void); - - -pcap_dumper_t *dumper = 0; - -int -main(int argc, char **argv) -{ - int op; - int dump_flag = 0; - int report_times = 0; - char *start_time_string = 0; - char *stop_time_string = 0; - char *write_file_name = "-"; /* default is stdout */ - struct timeval first_time, start_time, stop_time; - pcap_t *pcap; - - opterr = 0; - while ((op = getopt(argc, argv, "dRrtw:")) != -1) - switch (op) { - - case 'd': - dump_flag = 1; - break; - - case 'R': - ++report_times; - timestamp_style = TIMESTAMP_RAW; - break; - - case 'r': - ++report_times; - timestamp_style = TIMESTAMP_READABLE; - break; - - case 't': - ++report_times; - timestamp_style = TIMESTAMP_PARSEABLE; - break; - - case 'w': - write_file_name = optarg; - break; - - default: - usage(); - /* NOTREACHED */ - } - - if (report_times > 1) - error("only one of -R, -r, or -t can be specified"); - - - if (optind < argc) - /* - * See if the next argument looks like a possible - * start time, and if so assume it is one. - */ - if (isdigit(argv[optind][0]) || argv[optind][0] == '+') - start_time_string = argv[optind++]; - - if (optind < argc) - if (isdigit(argv[optind][0]) || argv[optind][0] == '+') - stop_time_string = argv[optind++]; - - - if (optind >= argc) - error("at least one input file must be given"); - - - first_time = first_packet_time(argv[optind], &pcap); - pcap_close(pcap); - - - if (start_time_string) - start_time = parse_time(start_time_string, first_time); - else - start_time = first_time; - - if (stop_time_string) - stop_time = parse_time(stop_time_string, start_time); - - else { - stop_time = start_time; - stop_time.tv_sec += 86400*3660; /* + 10 years; "forever" */ - } - - - if (report_times) { - for (; optind < argc; ++optind) - dump_times(&pcap, argv[optind]); - } - - if (dump_flag) { - printf("start\t%s\nstop\t%s\n", - timestamp_to_string(&start_time), - timestamp_to_string(&stop_time)); - } - - if (!report_times && !dump_flag) { - if (!strcmp(write_file_name, "-") && - isatty(fileno(stdout))) - error("stdout is a terminal; redirect or use -w"); - - for (; optind < argc; ++optind) - extract_slice(argv[optind], write_file_name, - &start_time, &stop_time); - } - - return 0; -} - - -/* - * Returns non-zero if a string matches the format for a timestamp, - * 0 otherwise. - */ -int -is_timestamp(char *str) -{ - while (isdigit(*str) || *str == '.') - ++str; - - return *str == '\0'; -} - - -/* - * Return the correction in seconds for the local time zone with respect - * to Greenwich time. - */ -long -local_time_zone(long timestamp) -{ - struct timeval now; - struct timezone tz; - long localzone; - - if (gettimeofday(&now, &tz) < 0) - err(1, "gettimeofday"); - localzone = tz.tz_minuteswest * -60; - - if (localtime((time_t *)×tamp)->tm_isdst) - localzone += 3600; - - return localzone; -} - -/* - * Given a string specifying a time (or a time offset) and a "base time" - * from which to compute offsets and fill in defaults, returns a timeval - * containing the specified time. - */ -struct timeval -parse_time(char *time_string, struct timeval base_time) -{ - struct tm *bt = localtime((time_t *)&base_time.tv_sec); - struct tm t; - struct timeval result; - time_t usecs = 0; - int is_delta = (time_string[0] == '+'); - - if (is_delta) - ++time_string; /* skip over '+' sign */ - - if (is_timestamp(time_string)) { - /* interpret as a raw timestamp or timestamp offset */ - char *time_ptr; - - result.tv_sec = atoi(time_string); - time_ptr = strchr(time_string, '.'); - - if (time_ptr) { - /* microseconds are specified, too */ - int num_digits; - - num_digits = strlen(time_ptr + 1); - result.tv_usec = atoi(time_ptr + 1); - - /* turn 123.456 into 123 seconds plus 456000 usec */ - while (num_digits++ < 6) - result.tv_usec *= 10; - } else - result.tv_usec = 0; - - if (is_delta) { - result.tv_sec += base_time.tv_sec; - result.tv_usec += base_time.tv_usec; - - if (result.tv_usec >= 1000000) { - result.tv_usec -= 1000000; - ++result.tv_sec; - } - } - - return result; - } - - if (is_delta) { - t = *bt; - usecs = base_time.tv_usec; - } else { - /* - * Zero struct (easy way around lack of tm_gmtoff/tm_zone - * under older systems) - */ - bzero((char *)&t, sizeof(t)); - - /* - * Set values to "not set" flag so we can later identify - * and default them. - */ - t.tm_sec = t.tm_min = t.tm_hour = t.tm_mday = t.tm_mon = - t.tm_year = -1; - } - - fill_tm(time_string, is_delta, &t, &usecs); - - /* - * Now until we reach a field that was specified, fill in the - * missing fields from the base time. - */ -#define CHECK_FIELD(field_name) \ - if (t.field_name < 0) \ - t.field_name = bt->field_name; \ - else \ - break - - do { /* bogus do-while loop so "break" in CHECK_FIELD will work */ - CHECK_FIELD(tm_year); - CHECK_FIELD(tm_mon); - CHECK_FIELD(tm_mday); - CHECK_FIELD(tm_hour); - CHECK_FIELD(tm_min); - CHECK_FIELD(tm_sec); - } while (0); - - /* Set remaining unspecified fields to 0. */ -#define ZERO_FIELD_IF_NOT_SET(field_name,zero_val) \ - if (t.field_name < 0) \ - t.field_name = zero_val - - if (!is_delta) { - ZERO_FIELD_IF_NOT_SET(tm_year, 90); /* should never happen */ - ZERO_FIELD_IF_NOT_SET(tm_mon, 0); - ZERO_FIELD_IF_NOT_SET(tm_mday, 1); - ZERO_FIELD_IF_NOT_SET(tm_hour, 0); - ZERO_FIELD_IF_NOT_SET(tm_min, 0); - ZERO_FIELD_IF_NOT_SET(tm_sec, 0); - } - - result.tv_sec = gwtm2secs(&t); - result.tv_sec -= local_time_zone(result.tv_sec); - result.tv_usec = usecs; - - return result; -} - - -/* - * Fill in (or add to, if is_delta is true) the time values in the - * tm struct "t" as specified by the time specified in the string - * "time_string". "usecs_addr" is updated with the specified number - * of microseconds, if any. - */ -void -fill_tm(char *time_string, int is_delta, struct tm *t, time_t *usecs_addr) -{ - char *t_start, *t_stop, format_ch; - int val; - -#define SET_VAL(lhs,rhs) \ - if (is_delta) \ - lhs += rhs; \ - else \ - lhs = rhs - - /* - * Loop through the time string parsing one specification at - * a time. Each specification has the form - * where indicates the amount of time and - * the units. - */ - for (t_stop = t_start = time_string; *t_start; t_start = ++t_stop) { - if (!isdigit(*t_start)) - error("bad date format %s, problem starting at %s", - time_string, t_start); - - while (isdigit(*t_stop)) - ++t_stop; - if (!t_stop) - error("bad date format %s, problem starting at %s", - time_string, t_start); - - val = atoi(t_start); - - format_ch = *t_stop; - if (isupper(format_ch)) - format_ch = tolower(format_ch); - - switch (format_ch) { - case 'y': - if (val >= 1900) - val -= 1900; - else if (val < 100 && !is_delta) { - if (val < 69) /* Same hack as date */ - val += 100; - } - SET_VAL(t->tm_year, val); - break; - - case 'm': - if (strchr(t_stop+1, 'D') || - strchr(t_stop+1, 'd')) - /* it's months */ - SET_VAL(t->tm_mon, val - 1); - else /* it's minutes */ - SET_VAL(t->tm_min, val); - break; - - case 'd': - SET_VAL(t->tm_mday, val); - break; - - case 'h': - SET_VAL(t->tm_hour, val); - break; - - case 's': - SET_VAL(t->tm_sec, val); - break; - - case 'u': - SET_VAL(*usecs_addr, val); - break; - - default: - error( - "bad date format %s, problem starting at %s", - time_string, t_start); - } - } -} - - -/* - * Return in first_time and last_time the timestamps of the first and - * last packets in the given file. - */ -void -get_file_range(char filename[], pcap_t **p, - struct timeval *first_time, struct timeval *last_time) -{ - *first_time = first_packet_time(filename, p); - - if (!sf_find_end(*p, first_time, last_time)) - error("couldn't find final packet in file %s", filename); -} - -int snaplen; - -/* - * Returns the timestamp of the first packet in the given tcpdump save - * file, which as a side-effect is initialized for further save-file - * reading. - */ -struct timeval -first_packet_time(char filename[], pcap_t **p_addr) -{ - struct pcap_pkthdr hdr; - pcap_t *p; - char errbuf[PCAP_ERRBUF_SIZE]; - - p = *p_addr = pcap_open_offline(filename, errbuf); - if (p == NULL) - error("bad tcpdump file %s: %s", filename, errbuf); - - snaplen = pcap_snapshot(p); - - if (pcap_next(p, &hdr) == 0) - error("bad status reading first packet in %s", filename); - - return hdr.ts; -} - - -/* - * Extract from the given file all packets with timestamps between - * the two time values given (inclusive). These packets are written - * to the save file given by write_file_name. - * - * Upon return, start_time is adjusted to reflect a time just after - * that of the last packet written to the output. - */ -void -extract_slice(char filename[], char write_file_name[], - struct timeval *start_time, struct timeval *stop_time) -{ - long start_pos, stop_pos; - struct timeval file_start_time, file_stop_time; - struct pcap_pkthdr hdr; - pcap_t *p; - char errbuf[PCAP_ERRBUF_SIZE]; - - p = pcap_open_offline(filename, errbuf); - if (p == NULL) - error("bad tcpdump file %s: %s", filename, errbuf); - - snaplen = pcap_snapshot(p); - start_pos = ftell(pcap_file(p)); - - if (dumper == NULL) { - dumper = pcap_dump_open(p, write_file_name); - if (dumper == NULL) - error("error creating output file %s: ", - write_file_name, pcap_geterr(p)); - } - - if (pcap_next(p, &hdr) == 0) - error("error reading packet in %s: ", - filename, pcap_geterr(p)); - - file_start_time = hdr.ts; - - - if (!sf_find_end(p, &file_start_time, &file_stop_time)) - error("problems finding end packet of file %s", - filename); - - stop_pos = ftell(pcap_file(p)); - - - /* - * sf_find_packet() requires that the time it's passed as its last - * argument be in the range [min_time, max_time], so we enforce - * that constraint here. - */ - if (sf_timestamp_less_than(start_time, &file_start_time)) - *start_time = file_start_time; - - if (sf_timestamp_less_than(&file_stop_time, start_time)) - return; /* there aren't any packets of interest in the file */ - - - sf_find_packet(p, &file_start_time, start_pos, - &file_stop_time, stop_pos, - start_time); - - for (;;) { - struct timeval *timestamp; - const u_char *pkt; - - pkt = pcap_next(p, &hdr); - if (pkt == NULL) { -#ifdef notdef - int status; - if (status != SFERR_EOF) - error("bad status %d reading packet in %s", - status, filename); -#endif - break; - } - - timestamp = &hdr.ts; - - if (!sf_timestamp_less_than(timestamp, start_time)) { - /* packet is recent enough */ - if (sf_timestamp_less_than(stop_time, timestamp)) { - /* - * We've gone beyond the end of the region - * of interest ... We're done with this file. - */ - break; - } - - pcap_dump((u_char *)dumper, &hdr, pkt); - - *start_time = *timestamp; - - /* - * We know that each packet is guaranteed to have - * a unique timestamp, so we push forward the - * allowed minimum time to weed out duplicate - * packets. - */ - ++start_time->tv_usec; - } - } - - pcap_close(p); -} - - -/* - * Translates a timestamp to the time format specified by the user. - * Returns a pointer to the translation residing in a static buffer. - * There are two such buffers, which are alternated on subseqeuent - * calls, so two calls may be made to this routine without worrying - * about the results of the first call being overwritten by the - * results of the second. - */ -char * -timestamp_to_string(struct timeval *timestamp) -{ - struct tm *t; -#define NUM_BUFFERS 2 - static char buffers[NUM_BUFFERS][128]; - static int buffer_to_use = 0; - char *buf; - - buf = buffers[buffer_to_use]; - buffer_to_use = (buffer_to_use + 1) % NUM_BUFFERS; - - switch (timestamp_style) { - case TIMESTAMP_RAW: - sprintf(buf, "%lu.%06lu", timestamp->tv_sec, timestamp->tv_usec); - break; - - case TIMESTAMP_READABLE: - t = localtime((time_t *)×tamp->tv_sec); - strcpy(buf, asctime(t)); - buf[24] = '\0'; /* nuke final newline */ - break; - - case TIMESTAMP_PARSEABLE: - t = localtime((time_t *)×tamp->tv_sec); - if (t->tm_year >= 100) - t->tm_year += 1900; - sprintf(buf, "%02dy%02dm%02dd%02dh%02dm%02ds%06ldu", - t->tm_year, t->tm_mon + 1, t->tm_mday, t->tm_hour, - t->tm_min, t->tm_sec, timestamp->tv_usec); - break; - } - - return buf; -} - - -/* - * Given a tcpdump save filename, reports on the times of the first - * and last packets in the file. - */ -void -dump_times(pcap_t **p, char filename[]) -{ - struct timeval first_time, last_time; - - get_file_range(filename, p, &first_time, &last_time); - - printf("%s\t%s\t%s\n", - filename, - timestamp_to_string(&first_time), - timestamp_to_string(&last_time)); -} - -static void -usage(void) -{ - fprintf(stderr, "tcpslice for tcpdump version %d.%d\n", - VERSION_MAJOR, VERSION_MINOR); - fprintf(stderr, -"usage: tcpslice [-dRrt] [-w file] [start-time [end-time]] file ... \n"); - - exit(1); -} - diff --git a/usr.sbin/tcpdump/tcpslice/tcpslice.h b/usr.sbin/tcpdump/tcpslice/tcpslice.h deleted file mode 100644 index 14c69a7e38..0000000000 --- a/usr.sbin/tcpdump/tcpslice/tcpslice.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 1987-1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include -#include -#include -#include - -#include - -#include -#ifdef SOLARIS -#include -#endif -#ifdef __STDC__ -#include -#endif -#include -#if __STDC__ -#include -#else -#include -#endif -#include -#include - -#include "pcap.h" -#include "version.h" - - -time_t gwtm2secs( struct tm *tm ); - -int sf_find_end( struct pcap *p, struct timeval *first_timestamp, - struct timeval *last_timestamp ); -int sf_timestamp_less_than( struct timeval *t1, struct timeval *t2 ); -int sf_find_packet( struct pcap *p, - struct timeval *min_time, long min_pos, - struct timeval *max_time, long max_pos, - struct timeval *desired_time ); - -void error(const char *fmt, ...); diff --git a/usr.sbin/tcpdump/tcpslice/util.c b/usr.sbin/tcpdump/tcpslice/util.c deleted file mode 100644 index 380f00788f..0000000000 --- a/usr.sbin/tcpdump/tcpslice/util.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 1988-1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that: (1) source code distributions - * retain the above copyright notice and this paragraph in its entirety, (2) - * distributions including binary code include the above copyright notice and - * this paragraph in its entirety in the documentation or other materials - * provided with the distribution, and (3) all advertising materials mentioning - * features or use of this software display the following acknowledgement: - * ``This product includes software developed by the University of California, - * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of - * the University nor the names of its contributors may be used to endorse - * or promote products derived from this software without specific prior - * written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * $FreeBSD: src/usr.sbin/tcpdump/tcpslice/util.c,v 1.3 1999/08/28 05:11:32 peter Exp $ - * $DragonFly: src/usr.sbin/tcpdump/tcpslice/util.c,v 1.4 2005/12/05 02:40:28 swildner Exp $ - */ - -#include "tcpslice.h" - -/* VARARGS */ -void -error(const char *fmt, ...) -{ - va_list ap; - - fprintf(stderr, "tcpslice: "); -#if __STDC__ - va_start(ap, fmt); -#else - va_start(ap); -#endif - vfprintf(stderr, fmt, ap); - va_end(ap); - if (*fmt) { - fmt += strlen(fmt); - if (fmt[-1] != '\n') - fputc('\n', stderr); - } - exit(1); - /* NOTREACHED */ -} -- 2.41.0