diff options
author | Dario Lombardo <lomato@gmail.com> | 2017-11-22 10:18:25 +0100 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2017-11-22 15:16:24 +0000 |
commit | c58aed9b73d8989ef82145626e1701769b21e705 (patch) | |
tree | 10fec0823210fe2079f48962d3583afd6cb2a777 | |
parent | 36372a2465c94784240ba8c38b53b4eedb234868 (diff) |
sshdump: add option to prevent promiscuous mode.
Bug: 14237
Change-Id: I5cecca8ed638c3935c7c77e3a304e4b0527d7fa3
Reviewed-on: https://code.wireshark.org/review/24530
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
-rw-r--r-- | extcap/sshdump.c | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/extcap/sshdump.c b/extcap/sshdump.c index 7337d7a43d..d5febf7100 100644 --- a/extcap/sshdump.c +++ b/extcap/sshdump.c @@ -45,7 +45,8 @@ enum { OPT_SSHKEY, OPT_SSHKEY_PASSPHRASE, OPT_REMOTE_COUNT, - OPT_REMOTE_SUDO + OPT_REMOTE_SUDO, + OPT_REMOTE_NOPROM }; static struct option longopts[] = { @@ -55,6 +56,7 @@ static struct option longopts[] = { SSH_BASE_OPTIONS, { "remote-capture-command", required_argument, NULL, OPT_REMOTE_CAPTURE_COMMAND}, { "remote-sudo", required_argument, NULL, OPT_REMOTE_SUDO }, + { "remote-noprom", no_argument, NULL, OPT_REMOTE_NOPROM }, { 0, 0, 0, 0} }; @@ -113,8 +115,8 @@ static char* local_interfaces_to_filter(const guint16 remote_port) return filter; } -static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command, const gboolean use_sudo, const char* iface, - const char* cfilter, const guint32 count) +static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command, const gboolean use_sudo, gboolean noprom, + const char* iface, const char* cfilter, const guint32 count) { gchar* cmdline; ssh_channel channel; @@ -150,8 +152,12 @@ static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command if (count > 0) count_str = g_strdup_printf("-c %u", count); - cmdline = g_strdup_printf("%s tcpdump -U -i %s -w - %s %s", use_sudo ? "sudo" : "", quoted_iface, - count_str ? count_str : "", quoted_filter); + cmdline = g_strdup_printf("%s tcpdump -U -i %s %s -w - %s %s", + use_sudo ? "sudo" : "", + quoted_iface, + noprom ? "-p" : "", + count_str ? count_str : "", + quoted_filter); } g_debug("Running: %s", cmdline); @@ -172,7 +178,7 @@ static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command static int ssh_open_remote_connection(const char* hostname, const unsigned int port, const char* username, const char* password, const char* sshkey, const char* sshkey_passphrase, const char* iface, const char* cfilter, const char* capture_command, - const gboolean use_sudo, const guint32 count, const char* fifo) + const gboolean use_sudo, gboolean noprom, const guint32 count, const char* fifo) { ssh_session sshs = NULL; ssh_channel channel = NULL; @@ -196,7 +202,7 @@ static int ssh_open_remote_connection(const char* hostname, const unsigned int p goto cleanup; } - channel = run_ssh_command(sshs, capture_command, use_sudo, iface, cfilter, count); + channel = run_ssh_command(sshs, capture_command, use_sudo, noprom, iface, cfilter, count); if (!channel) { g_warning("Can't run ssh command"); @@ -285,6 +291,8 @@ static int list_config(char *interface, unsigned int remote_port) "{type=string}{tooltip=The remote command used to capture}\n", inc++); printf("arg {number=%u}{call=--remote-sudo}{display=Use sudo on the remote machine}" "{type=boolean}{tooltip=Prepend the capture command with sudo on the remote machine}\n", inc++); + printf("arg {number=%u}{call=--remote-noprom}{display=No promiscuous mode}" + "{type=boolflag}{tooltip=Don't use promiscuous mode on the remote machine}\n", inc++); printf("arg {number=%u}{call=--remote-filter}{display=Remote capture filter}" "{type=string}{tooltip=The remote capture filter}", inc++); if (ipfilter) @@ -330,10 +338,11 @@ int main(int argc, char **argv) char* remote_filter = NULL; guint32 count = 0; int ret = EXIT_FAILURE; - extcap_parameters * extcap_conf = g_new0(extcap_parameters, 1); + extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1); char* help_url; char* help_header = NULL; gboolean use_sudo = FALSE; + gboolean noprom = FALSE; #ifdef _WIN32 WSADATA wsaData; @@ -368,6 +377,7 @@ int main(int argc, char **argv) extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface (default: eth0)"); extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command"); extcap_help_add_option(extcap_conf, "--remote-sudo yes", "use sudo on the remote machine to capture"); + extcap_help_add_option(extcap_conf, "--remote-noprom", "don't use promiscuous mode on the remote machine"); extcap_help_add_option(extcap_conf, "--remote-filter <filter>", "a filter for remote capture (default: don't " "listen on local interfaces IPs)"); extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of packets to capture"); @@ -454,6 +464,10 @@ int main(int argc, char **argv) } break; + case OPT_REMOTE_NOPROM: + noprom = TRUE; + break; + case ':': /* missing option argument */ g_warning("Option '%s' requires an argument", argv[optind - 1]); @@ -502,7 +516,7 @@ int main(int argc, char **argv) filter = concat_filters(extcap_conf->capture_filter, remote_filter); ret = ssh_open_remote_connection(remote_host, remote_port, remote_username, remote_password, sshkey, sshkey_passphrase, remote_interface, - filter, remote_capture_command, use_sudo, count, extcap_conf->fifo); + filter, remote_capture_command, use_sudo, noprom, count, extcap_conf->fifo); g_free(filter); } else { g_debug("You should not come here... maybe some parameter missing?"); |