Date: Thu, 26 Jul 2012 11:25:49 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: m s <mah.s.369@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: tcpdump in freebsd Message-ID: <20120726092549.GA3153@insomnia.benzedrine.cx> In-Reply-To: <CAJJwNVJ1sj-j=Rrb7PHU6%2Bb-hrm3WqRgWyN-2XpH-qTme_SOfg@mail.gmail.com> References: <CAJJwNVJ1sj-j=Rrb7PHU6%2Bb-hrm3WqRgWyN-2XpH-qTme_SOfg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Thu, Jul 26, 2012 at 08:35:29AM +0000, m s wrote:
> hi all. I want to use tcpdump just for input or just for outout
> packet.isthis possible ? if no is there any other command that do
> this?
If filtering by source MAC (or IP) is not enough, you can patch tcpdump
to hack in '-a in|out' using pcap_setdirection().
HTH,
Daniel
--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="tcpdump.diff"
Index: contrib/tcpdump/tcpdump.1
===================================================================
RCS file: /home/ncvs/src/contrib/tcpdump/Attic/tcpdump.1,v
retrieving revision 1.19.2.1.8.1
diff -u -r1.19.2.1.8.1 tcpdump.1
--- contrib/tcpdump/tcpdump.1   3 Mar 2012 06:15:13 -0000       1.19.2.1.8.1
+++ contrib/tcpdump/tcpdump.1   26 Jul 2012 09:16:17 -0000
@@ -33,6 +33,12 @@
 [
 .B \-AdDefIKlLnNOpqRStuUvxX
 ] [
+.B \-a
+.I direction
+]
+.br
+.ti +8
+[
 .B \-B
 .I buffer_size
 ] [
@@ -194,6 +200,9 @@
 special privileges.
 .SH OPTIONS
 .TP
+.B \-a
+Print only packets matching \fIdirection\fP, \fBin\fP or \fBout\fP.
+.TP
 .B \-A
 Print each packet (minus its link level header) in ASCII.  Handy for
 capturing web pages.
Index: contrib/tcpdump/tcpdump.c
===================================================================
RCS file: /home/ncvs/src/contrib/tcpdump/tcpdump.c,v
retrieving revision 1.14.2.1.8.1
diff -u -r1.14.2.1.8.1 tcpdump.c
--- contrib/tcpdump/tcpdump.c   3 Mar 2012 06:15:13 -0000       1.14.2.1.8.1
+++ contrib/tcpdump/tcpdump.c   26 Jul 2012 09:03:27 -0000
@@ -295,6 +298,7 @@
 }
 static pcap_t *pd;
+static pcap_direction_t aflag = PCAP_D_INOUT;
 extern int optind;
 extern int opterr;
@@ -537,11 +541,16 @@
        opterr = 0;
        while (
-           (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1)
+           (op = getopt(argc, argv, "a:A" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1)
                switch (op) {
                case 'a':
-                       /* compatibility for old -a */
+                       if (!strcmp(optarg, "in"))
+                               aflag = PCAP_D_IN;
+                       else if (!strcmp(optarg, "out"))
+                               aflag = PCAP_D_OUT;
+                       else
+                               error("invalid direction %s", optarg);
                        break;
                case 'A':
@@ -1023,6 +1032,12 @@
                else if (*ebuf)
                        warning("%s", ebuf);
 #endif /* HAVE_PCAP_CREATE */
+               if (aflag != PCAP_D_INOUT) {
+                       status = pcap_setdirection(pd, aflag);
+                       if (status != 0)
+                               error("%s: pcap_setdirection failed: %s",
+                                   device, pcap_statustostr(status));
+               }
                /*
                 * Let user own process after socket has been opened.
                 */
--IJpNTDwzlM2Ie8A6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120726092549.GA3153>
