2 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 * Support for splitting captures into multiple files with a maximum
25 * Seth Webster <swebster@sst.ll.mit.edu>
29 static const char copyright[] _U_ =
30 "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
31 The Regents of the University of California. All rights reserved.\n";
32 static const char rcsid[] _U_ =
33 "@(#) $Header: /tcpdump/master/tcpdump/tcpdump.c,v 1.283 2008-09-25 21:45:50 guy Exp $ (LBL)";
39 * tcpdump - monitor tcp/ip traffic on an ethernet.
41 * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory.
42 * Mercilessly hacked and occasionally improved since then via the
43 * combined efforts of Van, Steve McCanne and Craig Leres of LBL.
50 #include <tcpdump-stdinc.h>
55 extern int strcasecmp (const char *__s1, const char *__s2);
73 #include <sys/resource.h>
80 #include "netdissect.h"
81 #include "interface.h"
82 #include "addrtoname.h"
84 #include "setsignal.h"
85 #include "gmt2local.h"
86 #include "pcap-missing.h"
93 #define SIGNAL_REQ_INFO SIGINFO
95 #define SIGNAL_REQ_INFO SIGUSR1
98 netdissect_options Gndo;
99 netdissect_options *gndo = &Gndo;
101 static int dflag; /* print filter code */
102 static int Lflag; /* list available data link types and exit */
103 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
104 static int Jflag; /* list available time stamp types */
106 static char *zflag = NULL; /* compress each savefile using a specified command (like gzip or bzip2) */
108 static int infodelay;
109 static int infoprint;
113 int32_t thiszone; /* seconds offset from gmt to local time */
116 static RETSIGTYPE cleanup(int);
117 static RETSIGTYPE child_cleanup(int);
118 static void usage(void) __attribute__((noreturn));
119 static void show_dlts_and_exit(const char *device, pcap_t *pd) __attribute__((noreturn));
121 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
122 static void ndo_default_print(netdissect_options *, const u_char *, u_int);
123 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
124 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
125 static void droproot(const char *, const char *);
126 static void ndo_error(netdissect_options *ndo, const char *fmt, ...)
127 __attribute__ ((noreturn, format (printf, 2, 3)));
128 static void ndo_warning(netdissect_options *ndo, const char *fmt, ...);
130 #ifdef SIGNAL_REQ_INFO
131 RETSIGTYPE requestinfo(int);
134 #if defined(USE_WIN32_MM_TIMER)
135 #include <MMsystem.h>
136 static UINT timer_id;
137 static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR);
138 #elif defined(HAVE_ALARM)
139 static void verbose_stats_dump(int sig);
142 static void info(int);
143 static u_int packets_captured;
157 static struct printer printers[] = {
158 { arcnet_if_print, DLT_ARCNET },
159 #ifdef DLT_ARCNET_LINUX
160 { arcnet_linux_if_print, DLT_ARCNET_LINUX },
162 { token_if_print, DLT_IEEE802 },
164 { lane_if_print, DLT_LANE8023 },
167 { cip_if_print, DLT_CIP },
170 { cip_if_print, DLT_ATM_CLIP },
172 { sl_if_print, DLT_SLIP },
173 #ifdef DLT_SLIP_BSDOS
174 { sl_bsdos_if_print, DLT_SLIP_BSDOS },
176 { ppp_if_print, DLT_PPP },
177 #ifdef DLT_PPP_WITHDIRECTION
178 { ppp_if_print, DLT_PPP_WITHDIRECTION },
181 { ppp_bsdos_if_print, DLT_PPP_BSDOS },
183 { fddi_if_print, DLT_FDDI },
184 { null_if_print, DLT_NULL },
186 { null_if_print, DLT_LOOP },
188 { raw_if_print, DLT_RAW },
189 { atm_if_print, DLT_ATM_RFC1483 },
191 { chdlc_if_print, DLT_C_HDLC },
194 { chdlc_if_print, DLT_HDLC },
196 #ifdef DLT_PPP_SERIAL
197 { ppp_hdlc_if_print, DLT_PPP_SERIAL },
200 { pppoe_if_print, DLT_PPP_ETHER },
203 { sll_if_print, DLT_LINUX_SLL },
205 #ifdef DLT_IEEE802_11
206 { ieee802_11_if_print, DLT_IEEE802_11},
209 { ltalk_if_print, DLT_LTALK },
211 #if defined(DLT_PFLOG) && defined(HAVE_NET_PFVAR_H)
212 { pflog_if_print, DLT_PFLOG },
215 { fr_if_print, DLT_FR },
218 { fr_if_print, DLT_FRELAY },
221 { sunatm_if_print, DLT_SUNATM },
223 #ifdef DLT_IP_OVER_FC
224 { ipfc_if_print, DLT_IP_OVER_FC },
226 #ifdef DLT_PRISM_HEADER
227 { prism_if_print, DLT_PRISM_HEADER },
229 #ifdef DLT_IEEE802_11_RADIO
230 { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
233 { enc_if_print, DLT_ENC },
235 #ifdef DLT_SYMANTEC_FIREWALL
236 { symantec_if_print, DLT_SYMANTEC_FIREWALL },
238 #ifdef DLT_APPLE_IP_OVER_IEEE1394
239 { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
241 #ifdef DLT_IEEE802_11_RADIO_AVS
242 { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
244 #ifdef DLT_JUNIPER_ATM1
245 { juniper_atm1_print, DLT_JUNIPER_ATM1 },
247 #ifdef DLT_JUNIPER_ATM2
248 { juniper_atm2_print, DLT_JUNIPER_ATM2 },
250 #ifdef DLT_JUNIPER_MFR
251 { juniper_mfr_print, DLT_JUNIPER_MFR },
253 #ifdef DLT_JUNIPER_MLFR
254 { juniper_mlfr_print, DLT_JUNIPER_MLFR },
256 #ifdef DLT_JUNIPER_MLPPP
257 { juniper_mlppp_print, DLT_JUNIPER_MLPPP },
259 #ifdef DLT_JUNIPER_PPPOE
260 { juniper_pppoe_print, DLT_JUNIPER_PPPOE },
262 #ifdef DLT_JUNIPER_PPPOE_ATM
263 { juniper_pppoe_atm_print, DLT_JUNIPER_PPPOE_ATM },
265 #ifdef DLT_JUNIPER_GGSN
266 { juniper_ggsn_print, DLT_JUNIPER_GGSN },
268 #ifdef DLT_JUNIPER_ES
269 { juniper_es_print, DLT_JUNIPER_ES },
271 #ifdef DLT_JUNIPER_MONITOR
272 { juniper_monitor_print, DLT_JUNIPER_MONITOR },
274 #ifdef DLT_JUNIPER_SERVICES
275 { juniper_services_print, DLT_JUNIPER_SERVICES },
277 #ifdef DLT_JUNIPER_ETHER
278 { juniper_ether_print, DLT_JUNIPER_ETHER },
280 #ifdef DLT_JUNIPER_PPP
281 { juniper_ppp_print, DLT_JUNIPER_PPP },
283 #ifdef DLT_JUNIPER_FRELAY
284 { juniper_frelay_print, DLT_JUNIPER_FRELAY },
286 #ifdef DLT_JUNIPER_CHDLC
287 { juniper_chdlc_print, DLT_JUNIPER_CHDLC },
290 { mfr_if_print, DLT_MFR },
292 #if defined(DLT_BLUETOOTH_HCI_H4_WITH_PHDR) && defined(HAVE_PCAP_BLUETOOTH_H)
293 { bt_if_print, DLT_BLUETOOTH_HCI_H4_WITH_PHDR},
295 #ifdef HAVE_PCAP_USB_H
297 { usb_linux_48_byte_print, DLT_USB_LINUX},
298 #endif /* DLT_USB_LINUX */
299 #ifdef DLT_USB_LINUX_MMAPPED
300 { usb_linux_64_byte_print, DLT_USB_LINUX_MMAPPED},
301 #endif /* DLT_USB_LINUX_MMAPPED */
302 #endif /* HAVE_PCAP_USB_H */
304 { raw_if_print, DLT_IPV4 },
307 { raw_if_print, DLT_IPV6 },
312 static struct ndo_printer ndo_printers[] = {
313 { ether_if_print, DLT_EN10MB },
315 { ipnet_if_print, DLT_IPNET },
317 #ifdef DLT_IEEE802_15_4
318 { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
320 #ifdef DLT_IEEE802_15_4_NOFCS
321 { ieee802_15_4_if_print, DLT_IEEE802_15_4_NOFCS },
324 { ppi_if_print, DLT_PPI },
326 #ifdef DLT_NETANALYZER
327 { netanalyzer_if_print, DLT_NETANALYZER },
329 #ifdef DLT_NETANALYZER_TRANSPARENT
330 { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
336 lookup_printer(int type)
340 for (p = printers; p->f; ++p)
349 lookup_ndo_printer(int type)
351 struct ndo_printer *p;
353 for (p = ndo_printers; p->f; ++p)
363 static int supports_monitor_mode;
370 netdissect_options *ndo;
373 if_ndo_printer ndo_printer;
380 char *CurrentFileName;
385 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
387 show_tstamp_types_and_exit(const char *device, pcap_t *pd)
390 int *tstamp_types = 0;
391 const char *tstamp_type_name;
394 n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types);
395 if (n_tstamp_types < 0)
396 error("%s", pcap_geterr(pd));
398 if (n_tstamp_types == 0) {
399 fprintf(stderr, "Time stamp type cannot be set for %s\n",
403 fprintf(stderr, "Time stamp types for %s (use option -j to set):\n",
405 for (i = 0; i < n_tstamp_types; i++) {
406 tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]);
407 if (tstamp_type_name != NULL) {
408 (void) fprintf(stderr, " %s (%s)\n", tstamp_type_name,
409 pcap_tstamp_type_val_to_description(tstamp_types[i]));
411 (void) fprintf(stderr, " %d\n", tstamp_types[i]);
414 pcap_free_tstamp_types(tstamp_types);
420 show_dlts_and_exit(const char *device, pcap_t *pd)
424 const char *dlt_name;
426 n_dlts = pcap_list_datalinks(pd, &dlts);
428 error("%s", pcap_geterr(pd));
429 else if (n_dlts == 0 || !dlts)
430 error("No data link types.");
433 * If the interface is known to support monitor mode, indicate
434 * whether these are the data link types available when not in
435 * monitor mode, if -I wasn't specified, or when in monitor mode,
436 * when -I was specified (the link-layer types available in
437 * monitor mode might be different from the ones available when
438 * not in monitor mode).
440 if (supports_monitor_mode)
441 (void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n",
443 Iflag ? "when in monitor mode" : "when not in monitor mode");
445 (void) fprintf(stderr, "Data link types for %s (use option -y to set):\n",
448 while (--n_dlts >= 0) {
449 dlt_name = pcap_datalink_val_to_name(dlts[n_dlts]);
450 if (dlt_name != NULL) {
451 (void) fprintf(stderr, " %s (%s)", dlt_name,
452 pcap_datalink_val_to_description(dlts[n_dlts]));
455 * OK, does tcpdump handle that type?
457 if (lookup_printer(dlts[n_dlts]) == NULL
458 && lookup_ndo_printer(dlts[n_dlts]) == NULL)
459 (void) fprintf(stderr, " (printing not supported)");
460 fprintf(stderr, "\n");
462 (void) fprintf(stderr, " DLT %d (printing not supported)\n",
466 pcap_free_datalinks(dlts);
471 * Set up flags that might or might not be supported depending on the
472 * version of libpcap we're using.
474 #if defined(HAVE_PCAP_CREATE) || defined(WIN32)
476 #define B_FLAG_USAGE " [ -B size ]"
477 #else /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */
480 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */
482 #ifdef HAVE_PCAP_CREATE
484 #else /* HAVE_PCAP_CREATE */
486 #endif /* HAVE_PCAP_CREATE */
488 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
490 #define j_FLAG_USAGE " [ -j tstamptype ]"
492 #else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
496 #endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
498 #ifdef HAVE_PCAP_FINDALLDEVS
499 #ifndef HAVE_PCAP_IF_T
500 #undef HAVE_PCAP_FINDALLDEVS
504 #ifdef HAVE_PCAP_FINDALLDEVS
510 #ifdef HAVE_PCAP_DUMP_FLUSH
517 /* Drop root privileges and chroot if necessary */
519 droproot(const char *username, const char *chroot_dir)
521 struct passwd *pw = NULL;
523 if (chroot_dir && !username) {
524 fprintf(stderr, "tcpdump: Chroot without dropping root is insecure\n");
528 pw = getpwnam(username);
531 if (chroot(chroot_dir) != 0 || chdir ("/") != 0) {
532 fprintf(stderr, "tcpdump: Couldn't chroot/chdir to '%.64s': %s\n",
533 chroot_dir, pcap_strerror(errno));
537 if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
538 setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
539 fprintf(stderr, "tcpdump: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
541 (unsigned long)pw->pw_uid,
542 (unsigned long)pw->pw_gid,
543 pcap_strerror(errno));
548 fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n",
571 MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
573 char *filename = malloc(NAME_MAX + 1);
575 /* Process with strftime if Gflag is set. */
579 /* Convert Gflag_time to a usable format */
580 if ((local_tm = localtime(&Gflag_time)) == NULL) {
581 error("MakeTimedFilename: localtime");
584 /* There's no good way to detect an error in strftime since a return
585 * value of 0 isn't necessarily failure.
587 strftime(filename, NAME_MAX, orig_name, local_tm);
589 strncpy(filename, orig_name, NAME_MAX);
592 if (cnt == 0 && max_chars == 0)
593 strncpy(buffer, filename, NAME_MAX + 1);
595 if (snprintf(buffer, NAME_MAX + 1, "%s%0*d", filename, max_chars, cnt) > NAME_MAX)
596 /* Report an error if the filename is too large */
597 error("too many output files or filename is too long (> %d)", NAME_MAX);
601 static int tcpdump_printf(netdissect_options *ndo _U_,
602 const char *fmt, ...)
609 ret=vfprintf(stdout, fmt, args);
616 main(int argc, char **argv)
618 register int cnt, op, i;
619 bpf_u_int32 localnet, netmask;
620 register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName;
621 pcap_handler callback;
623 struct bpf_program fcode;
625 RETSIGTYPE (*oldhandler)(int);
627 struct print_info printinfo;
628 struct dump_info dumpinfo;
629 u_char *pcap_userdata;
630 char ebuf[PCAP_ERRBUF_SIZE];
631 char *username = NULL;
632 char *chroot_dir = NULL;
633 #ifdef HAVE_PCAP_FINDALLDEVS
634 pcap_if_t *devpointer;
639 if(wsockinit() != 0) return 1;
642 jflag=-1; /* not set */
646 gndo->ndo_default_print=ndo_default_print;
647 gndo->ndo_printf=tcpdump_printf;
648 gndo->ndo_error=ndo_error;
649 gndo->ndo_warning=ndo_warning;
650 gndo->ndo_snaplen = DEFAULT_SNAPLEN;
657 if ((cp = strrchr(argv[0], '/')) != NULL)
658 program_name = cp + 1;
660 program_name = argv[0];
662 if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
670 (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1)
674 /* compatibility for old -a */
685 #if defined(HAVE_PCAP_CREATE) || defined(WIN32)
687 Bflag = atoi(optarg)*1024;
689 error("invalid packet buffer size %s", optarg);
691 #endif /* defined(HAVE_PCAP_CREATE) || defined(WIN32) */
696 error("invalid packet count %s", optarg);
700 Cflag = atoi(optarg) * 1000000;
702 error("invalid file size %s", optarg);
709 #ifdef HAVE_PCAP_FINDALLDEVS
711 if (pcap_findalldevs(&devpointer, ebuf) < 0)
714 for (i = 0; devpointer != 0; i++) {
715 printf("%d.%s", i+1, devpointer->name);
716 if (devpointer->description != NULL)
717 printf(" (%s)", devpointer->description);
719 devpointer = devpointer->next;
723 #endif /* HAVE_PCAP_FINDALLDEVS */
734 #ifndef HAVE_LIBCRYPTO
735 warning("crypto code not compiled in");
737 gndo->ndo_espsecret = optarg;
749 Gflag = atoi(optarg);
751 error("invalid number of seconds %s", optarg);
753 /* We will create one file initially. */
756 /* Grab the current time for rotation use. */
757 if ((Gflag_time = time(NULL)) == (time_t)-1) {
758 error("main: can't get current time: %s",
759 pcap_strerror(errno));
772 if (optarg[0] == '0' && optarg[1] == 0)
773 error("Invalid adapter index");
775 #ifdef HAVE_PCAP_FINDALLDEVS
777 * If the argument is a number, treat it as
778 * an index into the list of adapters, as
779 * printed by "tcpdump -D".
781 * This should be OK on UNIX systems, as interfaces
782 * shouldn't have names that begin with digits.
783 * It can be useful on Windows, where more than
784 * one interface can have the same name.
786 if ((devnum = atoi(optarg)) != 0) {
788 error("Invalid adapter index");
790 if (pcap_findalldevs(&devpointer, ebuf) < 0)
794 * Look for the devnum-th entry
795 * in the list of devices
799 i < devnum-1 && devpointer != NULL;
800 i++, devpointer = devpointer->next)
802 if (devpointer == NULL)
803 error("Invalid adapter index");
805 device = devpointer->name;
808 #endif /* HAVE_PCAP_FINDALLDEVS */
812 #ifdef HAVE_PCAP_CREATE
816 #endif /* HAVE_PCAP_CREATE */
818 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
820 jflag = pcap_tstamp_type_name_to_val(optarg);
822 error("invalid time stamp type %s", optarg);
833 * _IOLBF is the same as _IOFBF in Microsoft's C
834 * libraries; the only alternative they offer
837 * XXX - this should really be checking for MSVC++,
838 * not WIN32, if, for example, MinGW has its own
839 * C library that is more UNIX-compatible.
841 setvbuf(stdout, NULL, _IONBF, 0);
843 #ifdef HAVE_SETLINEBUF
846 setvbuf(stdout, NULL, _IOLBF, 0);
857 if (smiLoadModule(optarg) == 0) {
858 error("could not load MIB module %s", optarg);
862 (void)fprintf(stderr, "%s: ignoring option `-m %s' ",
863 program_name, optarg);
864 (void)fprintf(stderr, "(no libsmi support)\n");
869 /* TCP-MD5 shared secret */
870 #ifndef HAVE_LIBCRYPTO
871 warning("crypto code not compiled in");
894 ++suppress_default_print;
908 snaplen = strtol(optarg, &end, 0);
909 if (optarg == end || *end != '\0'
910 || snaplen < 0 || snaplen > MAXIMUM_SNAPLEN)
911 error("invalid snaplen %s", optarg);
912 else if (snaplen == 0)
913 snaplen = MAXIMUM_SNAPLEN;
926 if (strcasecmp(optarg, "vat") == 0)
928 else if (strcasecmp(optarg, "wb") == 0)
930 else if (strcasecmp(optarg, "rpc") == 0)
932 else if (strcasecmp(optarg, "rtp") == 0)
934 else if (strcasecmp(optarg, "rtcp") == 0)
935 packettype = PT_RTCP;
936 else if (strcasecmp(optarg, "snmp") == 0)
937 packettype = PT_SNMP;
938 else if (strcasecmp(optarg, "cnfp") == 0)
939 packettype = PT_CNFP;
940 else if (strcasecmp(optarg, "tftp") == 0)
941 packettype = PT_TFTP;
942 else if (strcasecmp(optarg, "aodv") == 0)
943 packettype = PT_AODV;
944 else if (strcasecmp(optarg, "carp") == 0)
945 packettype = PT_CARP;
947 error("unknown packet type `%s'", optarg);
954 #ifdef HAVE_PCAP_DUMP_FLUSH
969 Wflag = atoi(optarg);
971 error("invalid number of output files %s", optarg);
972 WflagChars = getWflagChars(Wflag);
977 ++suppress_default_print;
982 ++suppress_default_print;
986 gndo->ndo_dltname = optarg;
988 pcap_datalink_name_to_val(gndo->ndo_dltname);
989 if (gndo->ndo_dlt < 0)
990 error("invalid data link type %s", gndo->ndo_dltname);
993 #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
996 /* Undocumented flag */
997 #ifdef HAVE_PCAP_DEBUG
998 extern int pcap_debug;
1009 zflag = strdup(optarg);
1018 username = strdup(optarg);
1033 case 0: /* Default */
1034 case 4: /* Default + Date*/
1035 thiszone = gmt2local(0);
1038 case 1: /* No time stamp */
1039 case 2: /* Unix timeval style */
1040 case 3: /* Microseconds since previous packet */
1041 case 5: /* Microseconds since first packet */
1044 default: /* Not supported */
1045 error("only -t, -tt, -ttt, -tttt and -ttttt are supported");
1050 /* if run as root, prepare for chrooting */
1051 if (getuid() == 0 || geteuid() == 0) {
1052 /* future extensibility for cmd-line arguments */
1054 chroot_dir = WITH_CHROOT;
1059 /* if run as root, prepare for dropping root privileges */
1060 if (getuid() == 0 || geteuid() == 0) {
1061 /* Run with '-Z root' to restore old behaviour */
1063 username = WITH_USER;
1067 if (RFileName != NULL) {
1069 const char *dlt_name;
1073 * We don't need network access, so relinquish any set-UID
1074 * or set-GID privileges we have (if any).
1076 * We do *not* want set-UID privileges when opening a
1077 * trace file, as that might let the user read other
1078 * people's trace files (especially if we're set-UID
1081 if (setgid(getgid()) != 0 || setuid(getuid()) != 0 )
1082 fprintf(stderr, "Warning: setgid/setuid failed !\n");
1084 pd = pcap_open_offline(RFileName, ebuf);
1087 dlt = pcap_datalink(pd);
1088 dlt_name = pcap_datalink_val_to_name(dlt);
1089 if (dlt_name == NULL) {
1090 fprintf(stderr, "reading from file %s, link-type %u\n",
1094 "reading from file %s, link-type %s (%s)\n",
1095 RFileName, dlt_name,
1096 pcap_datalink_val_to_description(dlt));
1101 error("-f and -r options are incompatible");
1103 if (device == NULL) {
1104 device = pcap_lookupdev(ebuf);
1109 if(strlen(device) == 1) //we assume that an ASCII string is always longer than 1 char
1110 { //a Unicode string has a \0 as second byte (so strlen() is 1)
1111 fprintf(stderr, "%s: listening on %ws\n", program_name, device);
1115 fprintf(stderr, "%s: listening on %s\n", program_name, device);
1120 #ifdef HAVE_PCAP_CREATE
1121 pd = pcap_create(device, ebuf);
1124 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
1126 show_tstamp_types_and_exit(device, pd);
1129 * Is this an interface that supports monitor mode?
1131 if (pcap_can_set_rfmon(pd) == 1)
1132 supports_monitor_mode = 1;
1134 supports_monitor_mode = 0;
1135 status = pcap_set_snaplen(pd, snaplen);
1137 error("%s: Can't set snapshot length: %s",
1138 device, pcap_statustostr(status));
1139 status = pcap_set_promisc(pd, !pflag);
1141 error("%s: Can't set promiscuous mode: %s",
1142 device, pcap_statustostr(status));
1144 status = pcap_set_rfmon(pd, 1);
1146 error("%s: Can't set monitor mode: %s",
1147 device, pcap_statustostr(status));
1149 status = pcap_set_timeout(pd, 1000);
1151 error("%s: pcap_set_timeout failed: %s",
1152 device, pcap_statustostr(status));
1154 status = pcap_set_buffer_size(pd, Bflag);
1156 error("%s: Can't set buffer size: %s",
1157 device, pcap_statustostr(status));
1159 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
1161 status = pcap_set_tstamp_type(pd, jflag);
1163 error("%s: Can't set time stamp type: %s",
1164 device, pcap_statustostr(status));
1167 status = pcap_activate(pd);
1170 * pcap_activate() failed.
1172 cp = pcap_geterr(pd);
1173 if (status == PCAP_ERROR)
1175 else if ((status == PCAP_ERROR_NO_SUCH_DEVICE ||
1176 status == PCAP_ERROR_PERM_DENIED) &&
1178 error("%s: %s\n(%s)", device,
1179 pcap_statustostr(status), cp);
1181 error("%s: %s", device,
1182 pcap_statustostr(status));
1183 } else if (status > 0) {
1185 * pcap_activate() succeeded, but it's warning us
1186 * of a problem it had.
1188 cp = pcap_geterr(pd);
1189 if (status == PCAP_WARNING)
1191 else if (status == PCAP_WARNING_PROMISC_NOTSUP &&
1193 warning("%s: %s\n(%s)", device,
1194 pcap_statustostr(status), cp);
1196 warning("%s: %s", device,
1197 pcap_statustostr(status));
1201 pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf);
1205 warning("%s", ebuf);
1206 #endif /* HAVE_PCAP_CREATE */
1208 * Let user own process after socket has been opened.
1211 if (setgid(getgid()) != 0 || setuid(getuid()) != 0)
1212 fprintf(stderr, "Warning: setgid/setuid failed !\n");
1214 #if !defined(HAVE_PCAP_CREATE) && defined(WIN32)
1216 if(pcap_setbuff(pd, Bflag)==-1){
1217 error("%s", pcap_geterr(pd));
1219 #endif /* !defined(HAVE_PCAP_CREATE) && defined(WIN32) */
1221 show_dlts_and_exit(device, pd);
1222 if (gndo->ndo_dlt >= 0) {
1223 #ifdef HAVE_PCAP_SET_DATALINK
1224 if (pcap_set_datalink(pd, gndo->ndo_dlt) < 0)
1225 error("%s", pcap_geterr(pd));
1228 * We don't actually support changing the
1229 * data link type, so we only let them
1230 * set it to what it already is.
1232 if (gndo->ndo_dlt != pcap_datalink(pd)) {
1233 error("%s is not one of the DLTs supported by this device\n",
1237 (void)fprintf(stderr, "%s: data link type %s\n",
1238 program_name, gndo->ndo_dltname);
1239 (void)fflush(stderr);
1241 i = pcap_snapshot(pd);
1243 warning("snaplen raised from %d to %d", snaplen, i);
1246 if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
1249 warning("%s", ebuf);
1253 cmdbuf = read_infile(infile);
1255 cmdbuf = copy_argv(&argv[optind]);
1257 if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0)
1258 error("%s", pcap_geterr(pd));
1261 bpf_dump(&fcode, dflag);
1265 init_addrtoname(localnet, netmask);
1269 (void)setsignal(SIGPIPE, cleanup);
1270 (void)setsignal(SIGTERM, cleanup);
1271 (void)setsignal(SIGINT, cleanup);
1273 #if defined(HAVE_FORK) || defined(HAVE_VFORK)
1274 (void)setsignal(SIGCHLD, child_cleanup);
1276 /* Cooperate with nohup(1) */
1278 if ((oldhandler = setsignal(SIGHUP, cleanup)) != SIG_DFL)
1279 (void)setsignal(SIGHUP, oldhandler);
1284 * If a user name was specified with "-Z", attempt to switch to
1285 * that user's UID. This would probably be used with sudo,
1286 * to allow tcpdump to be run in a special restricted
1287 * account (if you just want to allow users to open capture
1288 * devices, and can't just give users that permission,
1289 * you'd make tcpdump set-UID or set-GID).
1291 * Tcpdump doesn't necessarily write only to one savefile;
1292 * the general only way to allow a -Z instance to write to
1293 * savefiles as the user under whose UID it's run, rather
1294 * than as the user specified with -Z, would thus be to switch
1295 * to the original user ID before opening a capture file and
1296 * then switch back to the -Z user ID after opening the savefile.
1297 * Switching to the -Z user ID only after opening the first
1298 * savefile doesn't handle the general case.
1300 if (getuid() == 0 || geteuid() == 0) {
1301 if (username || chroot_dir)
1302 droproot(username, chroot_dir);
1306 if (pcap_setfilter(pd, &fcode) < 0)
1307 error("%s", pcap_geterr(pd));
1310 /* Do not exceed the default NAME_MAX for files. */
1311 dumpinfo.CurrentFileName = (char *)malloc(NAME_MAX + 1);
1313 if (dumpinfo.CurrentFileName == NULL)
1314 error("malloc of dumpinfo.CurrentFileName");
1316 /* We do not need numbering for dumpfiles if Cflag isn't set. */
1318 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars);
1320 MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
1322 p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
1324 error("%s", pcap_geterr(pd));
1325 if (Cflag != 0 || Gflag != 0) {
1326 callback = dump_packet_and_trunc;
1327 dumpinfo.WFileName = WFileName;
1330 pcap_userdata = (u_char *)&dumpinfo;
1332 callback = dump_packet;
1333 pcap_userdata = (u_char *)p;
1335 #ifdef HAVE_PCAP_DUMP_FLUSH
1340 type = pcap_datalink(pd);
1341 printinfo.ndo_type = 1;
1342 printinfo.ndo = gndo;
1343 printinfo.p.ndo_printer = lookup_ndo_printer(type);
1344 if (printinfo.p.ndo_printer == NULL) {
1345 printinfo.p.printer = lookup_printer(type);
1346 printinfo.ndo_type = 0;
1347 if (printinfo.p.printer == NULL) {
1348 gndo->ndo_dltname = pcap_datalink_val_to_name(type);
1349 if (gndo->ndo_dltname != NULL)
1350 error("packet printing is not supported for link type %s: use -w",
1353 error("packet printing is not supported for link type %d: use -w", type);
1356 callback = print_packet;
1357 pcap_userdata = (u_char *)&printinfo;
1360 #ifdef SIGNAL_REQ_INFO
1362 * We can't get statistics when reading from a file rather
1363 * than capturing from a device.
1365 if (RFileName == NULL)
1366 (void)setsignal(SIGNAL_REQ_INFO, requestinfo);
1369 if (vflag > 0 && WFileName) {
1371 * When capturing to a file, "-v" means tcpdump should,
1372 * every 10 secodns, "v"erbosely report the number of
1375 #ifdef USE_WIN32_MM_TIMER
1376 /* call verbose_stats_dump() each 1000 +/-100msec */
1377 timer_id = timeSetEvent(1000, 100, verbose_stats_dump, 0, TIME_PERIODIC);
1378 setvbuf(stderr, NULL, _IONBF, 0);
1379 #elif defined(HAVE_ALARM)
1380 (void)setsignal(SIGALRM, verbose_stats_dump);
1386 if (RFileName == NULL) {
1388 const char *dlt_name;
1390 if (!vflag && !WFileName) {
1391 (void)fprintf(stderr,
1392 "%s: verbose output suppressed, use -v or -vv for full protocol decode\n",
1395 (void)fprintf(stderr, "%s: ", program_name);
1396 dlt = pcap_datalink(pd);
1397 dlt_name = pcap_datalink_val_to_name(dlt);
1398 if (dlt_name == NULL) {
1399 (void)fprintf(stderr, "listening on %s, link-type %u, capture size %u bytes\n",
1400 device, dlt, snaplen);
1402 (void)fprintf(stderr, "listening on %s, link-type %s (%s), capture size %u bytes\n",
1404 pcap_datalink_val_to_description(dlt), snaplen);
1406 (void)fflush(stderr);
1409 status = pcap_loop(pd, cnt, callback, pcap_userdata);
1410 if (WFileName == NULL) {
1412 * We're printing packets. Flush the printed output,
1413 * so it doesn't get intermingled with error output.
1417 * We got interrupted, so perhaps we didn't
1418 * manage to finish a line we were printing.
1419 * Print an extra newline, just in case.
1423 (void)fflush(stdout);
1429 (void)fprintf(stderr, "%s: pcap_loop: %s\n",
1430 program_name, pcap_geterr(pd));
1432 if (RFileName == NULL) {
1434 * We're doing a live capture. Report the capture
1440 exit(status == -1 ? 1 : 0);
1443 /* make a clean exit on interrupts */
1445 cleanup(int signo _U_)
1447 #ifdef USE_WIN32_MM_TIMER
1449 timeKillEvent(timer_id);
1451 #elif defined(HAVE_ALARM)
1455 #ifdef HAVE_PCAP_BREAKLOOP
1457 * We have "pcap_breakloop()"; use it, so that we do as little
1458 * as possible in the signal handler (it's probably not safe
1459 * to do anything with standard I/O streams in a signal handler -
1460 * the ANSI C standard doesn't say it is).
1465 * We don't have "pcap_breakloop()"; this isn't safe, but
1466 * it's the best we can do. Print the summary if we're
1467 * not reading from a savefile - i.e., if we're doing a
1468 * live capture - and exit.
1470 if (pd != NULL && pcap_file(pd) == NULL) {
1472 * We got interrupted, so perhaps we didn't
1473 * manage to finish a line we were printing.
1474 * Print an extra newline, just in case.
1477 (void)fflush(stdout);
1485 On windows, we do not use a fork, so we do not care less about
1486 waiting a child processes to die
1488 #if defined(HAVE_FORK) || defined(HAVE_VFORK)
1490 child_cleanup(int signo _U_)
1494 #endif /* HAVE_FORK && HAVE_VFORK */
1497 info(register int verbose)
1499 struct pcap_stat stat;
1502 * Older versions of libpcap didn't set ps_ifdrop on some
1503 * platforms; initialize it to 0 to handle that.
1506 if (pcap_stats(pd, &stat) < 0) {
1507 (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd));
1513 fprintf(stderr, "%s: ", program_name);
1515 (void)fprintf(stderr, "%u packet%s captured", packets_captured,
1516 PLURAL_SUFFIX(packets_captured));
1518 fputs(", ", stderr);
1521 (void)fprintf(stderr, "%u packet%s received by filter", stat.ps_recv,
1522 PLURAL_SUFFIX(stat.ps_recv));
1524 fputs(", ", stderr);
1527 (void)fprintf(stderr, "%u packet%s dropped by kernel", stat.ps_drop,
1528 PLURAL_SUFFIX(stat.ps_drop));
1529 if (stat.ps_ifdrop != 0) {
1531 fputs(", ", stderr);
1534 (void)fprintf(stderr, "%u packet%s dropped by interface\n",
1535 stat.ps_ifdrop, PLURAL_SUFFIX(stat.ps_ifdrop));
1541 #if defined(HAVE_FORK) || defined(HAVE_VFORK)
1543 compress_savefile(const char *filename)
1552 * Set to lowest priority so that this doesn't disturb the capture
1555 setpriority(PRIO_PROCESS, 0, NZERO - 1);
1557 setpriority(PRIO_PROCESS, 0, 19);
1559 if (execlp(zflag, zflag, filename, (char *)NULL) == -1)
1561 "compress_savefile:execlp(%s, %s): %s\n",
1571 #else /* HAVE_FORK && HAVE_VFORK */
1573 compress_savefile(const char *filename)
1576 "compress_savefile failed. Functionality not implemented under your system\n");
1578 #endif /* HAVE_FORK && HAVE_VFORK */
1581 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
1583 struct dump_info *dump_info;
1589 dump_info = (struct dump_info *)user;
1592 * XXX - this won't force the file to rotate on the specified time
1593 * boundary, but it will rotate on the first packet received after the
1594 * specified Gflag number of seconds. Note: if a Gflag time boundary
1595 * and a Cflag size boundary coincide, the time rotation will occur
1596 * first thereby cancelling the Cflag boundary (since the file should
1600 /* Check if it is time to rotate */
1603 /* Get the current time */
1604 if ((t = time(NULL)) == (time_t)-1) {
1605 error("dump_and_trunc_packet: can't get current_time: %s",
1606 pcap_strerror(errno));
1610 /* If the time is greater than the specified window, rotate */
1611 if (t - Gflag_time >= Gflag) {
1612 /* Update the Gflag_time */
1614 /* Update Gflag_count */
1617 * Close the current file and open a new one.
1619 pcap_dump_close(dump_info->p);
1622 * Compress the file we just closed, if the user asked for it
1625 compress_savefile(dump_info->CurrentFileName);
1628 * Check to see if we've exceeded the Wflag (when
1631 if (Cflag == 0 && Wflag > 0 && Gflag_count >= Wflag) {
1632 (void)fprintf(stderr, "Maximum file limit reached: %d\n",
1637 if (dump_info->CurrentFileName != NULL)
1638 free(dump_info->CurrentFileName);
1639 /* Allocate space for max filename + \0. */
1640 dump_info->CurrentFileName = (char *)malloc(NAME_MAX + 1);
1641 if (dump_info->CurrentFileName == NULL)
1642 error("dump_packet_and_trunc: malloc");
1644 * This is always the first file in the Cflag
1646 * We also don't need numbering if Cflag is not set.
1649 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0,
1652 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0);
1654 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
1655 if (dump_info->p == NULL)
1656 error("%s", pcap_geterr(pd));
1661 * XXX - this won't prevent capture files from getting
1662 * larger than Cflag - the last packet written to the
1663 * file could put it over Cflag.
1665 if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) {
1667 * Close the current file and open a new one.
1669 pcap_dump_close(dump_info->p);
1672 * Compress the file we just closed, if the user asked for it
1675 compress_savefile(dump_info->CurrentFileName);
1679 if (Cflag_count >= Wflag)
1682 if (dump_info->CurrentFileName != NULL)
1683 free(dump_info->CurrentFileName);
1684 dump_info->CurrentFileName = (char *)malloc(NAME_MAX + 1);
1685 if (dump_info->CurrentFileName == NULL)
1686 error("dump_packet_and_trunc: malloc");
1687 MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars);
1688 dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
1689 if (dump_info->p == NULL)
1690 error("%s", pcap_geterr(pd));
1693 pcap_dump((u_char *)dump_info->p, h, sp);
1694 #ifdef HAVE_PCAP_DUMP_FLUSH
1696 pcap_dump_flush(dump_info->p);
1705 dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
1711 pcap_dump(user, h, sp);
1712 #ifdef HAVE_PCAP_DUMP_FLUSH
1714 pcap_dump_flush((pcap_dumper_t *)user);
1723 print_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
1725 struct print_info *print_info;
1733 print_info = (struct print_info *)user;
1736 * Some printers want to check that they're not walking off the
1737 * end of the packet.
1738 * Rather than pass it all the way down, we set this global.
1740 snapend = sp + h->caplen;
1742 if(print_info->ndo_type) {
1743 hdrlen = (*print_info->p.ndo_printer)(print_info->ndo, h, sp);
1745 hdrlen = (*print_info->p.printer)(h, sp);
1750 * Print the raw packet data in hex and ASCII.
1754 * Include the link-layer header.
1756 hex_and_ascii_print("\n\t", sp, h->caplen);
1759 * Don't include the link-layer header - and if
1760 * we have nothing past the link-layer header,
1763 if (h->caplen > hdrlen)
1764 hex_and_ascii_print("\n\t", sp + hdrlen,
1765 h->caplen - hdrlen);
1769 * Print the raw packet data in hex.
1773 * Include the link-layer header.
1775 hex_print("\n\t", sp, h->caplen);
1778 * Don't include the link-layer header - and if
1779 * we have nothing past the link-layer header,
1782 if (h->caplen > hdrlen)
1783 hex_print("\n\t", sp + hdrlen,
1784 h->caplen - hdrlen);
1788 * Print the raw packet data in ASCII.
1792 * Include the link-layer header.
1794 ascii_print(sp, h->caplen);
1797 * Don't include the link-layer header - and if
1798 * we have nothing past the link-layer header,
1801 if (h->caplen > hdrlen)
1802 ascii_print(sp + hdrlen, h->caplen - hdrlen);
1815 * XXX - there should really be libpcap calls to get the version
1816 * number as a string (the string would be generated from #defines
1817 * at run time, so that it's not generated from string constants
1818 * in the library, as, on many UNIX systems, those constants would
1819 * be statically linked into the application executable image, and
1820 * would thus reflect the version of libpcap on the system on
1821 * which the application was *linked*, not the system on which it's
1824 * That routine should be documented, unlike the "version[]"
1825 * string, so that UNIX vendors providing their own libpcaps
1826 * don't omit it (as a couple of vendors have...).
1828 * Packet.dll should perhaps also export a routine to return the
1829 * version number of the Packet.dll code, to supply the
1830 * "Wpcap_version" information on Windows.
1832 char WDversion[]="current-cvs.tcpdump.org";
1833 #if !defined(HAVE_GENERATED_VERSION)
1834 char version[]="current-cvs.tcpdump.org";
1836 char pcap_version[]="current-cvs.tcpdump.org";
1837 char Wpcap_version[]="3.1";
1841 * By default, print the specified data out in hex and ASCII.
1844 ndo_default_print(netdissect_options *ndo _U_, const u_char *bp, u_int length)
1846 hex_and_ascii_print("\n\t", bp, length); /* pass on lf and identation string */
1850 default_print(const u_char *bp, u_int length)
1852 ndo_default_print(gndo, bp, length);
1855 #ifdef SIGNAL_REQ_INFO
1856 RETSIGTYPE requestinfo(int signo _U_)
1866 * Called once each second in verbose mode while dumping to file
1868 #ifdef USE_WIN32_MM_TIMER
1869 void CALLBACK verbose_stats_dump (UINT timer_id _U_, UINT msg _U_, DWORD_PTR arg _U_,
1870 DWORD_PTR dw1 _U_, DWORD_PTR dw2 _U_)
1872 struct pcap_stat stat;
1874 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0)
1875 fprintf(stderr, "Got %u\r", packets_captured);
1877 #elif defined(HAVE_ALARM)
1878 static void verbose_stats_dump(int sig _U_)
1880 struct pcap_stat stat;
1882 if (infodelay == 0 && pcap_stats(pd, &stat) >= 0)
1883 fprintf(stderr, "Got %u\r", packets_captured);
1891 extern char version[];
1892 #ifndef HAVE_PCAP_LIB_VERSION
1893 #if defined(WIN32) || defined(HAVE_PCAP_VERSION)
1894 extern char pcap_version[];
1895 #else /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */
1896 static char pcap_version[] = "unknown";
1897 #endif /* defined(WIN32) || defined(HAVE_PCAP_VERSION) */
1898 #endif /* HAVE_PCAP_LIB_VERSION */
1900 #ifdef HAVE_PCAP_LIB_VERSION
1902 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version);
1904 (void)fprintf(stderr, "%s version %s\n", program_name, version);
1906 (void)fprintf(stderr, "%s\n",pcap_lib_version());
1907 #else /* HAVE_PCAP_LIB_VERSION */
1909 (void)fprintf(stderr, "%s version %s, based on tcpdump version %s\n", program_name, WDversion, version);
1910 (void)fprintf(stderr, "WinPcap version %s, based on libpcap version %s\n",Wpcap_version, pcap_version);
1912 (void)fprintf(stderr, "%s version %s\n", program_name, version);
1913 (void)fprintf(stderr, "libpcap version %s\n", pcap_version);
1915 #endif /* HAVE_PCAP_LIB_VERSION */
1916 (void)fprintf(stderr,
1917 "Usage: %s [-aAbd" D_FLAG "efhH" I_FLAG J_FLAG "KlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [ -c count ]\n", program_name);
1918 (void)fprintf(stderr,
1919 "\t\t[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]\n");
1920 (void)fprintf(stderr,
1921 "\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ]\n");
1922 (void)fprintf(stderr,
1923 "\t\t[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]\n");
1924 (void)fprintf(stderr,
1925 "\t\t[ -W filecount ] [ -y datalinktype ] [ -z command ]\n");
1926 (void)fprintf(stderr,
1927 "\t\t[ -Z user ] [ expression ]\n");
1935 ndo_error(netdissect_options *ndo _U_, const char *fmt, ...)
1939 (void)fprintf(stderr, "%s: ", program_name);
1941 (void)vfprintf(stderr, fmt, ap);
1945 if (fmt[-1] != '\n')
1946 (void)fputc('\n', stderr);
1954 ndo_warning(netdissect_options *ndo _U_, const char *fmt, ...)
1958 (void)fprintf(stderr, "%s: WARNING: ", program_name);
1960 (void)vfprintf(stderr, fmt, ap);
1964 if (fmt[-1] != '\n')
1965 (void)fputc('\n', stderr);