#ifndef WIN32
/*
* If a user name was specified with "-Z", attempt to switch to
* that user's UID. This would probably be used with sudo,
* to allow tcpdump to be run in a special restricted
* account (if you just want to allow users to open capture
* devices, and can't just give users that permission,
* you'd make tcpdump set-UID or set-GID).
*
* Tcpdump doesn't necessarily write only to one savefile;
* the general only way to allow a -Z instance to write to
* savefiles as the user under whose UID it's run, rather
* than as the user specified with -Z, would thus be to switch
* to the original user ID before opening a capture file and
* then switch back to the -Z user ID after opening the savefile.
* Switching to the -Z user ID only after opening the first
* savefile doesn't handle the general case.
*/
#ifdef HAVE_CAP_NG_H
/* We are running as root and we will be writing to savefile */
if ((getuid() == 0 || geteuid() == 0) && WFileName)
{
if (username) {
/* Drop all capabilities from effective set */
capng_clear(CAPNG_EFFECTIVE);
/* Add capabilities we will need*/
capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETUID);
capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETGID);
capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_DAC_OVERRIDE);
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETUID);
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETGID);
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
capng_apply(CAPNG_SELECT_BOTH);
}
}
#endif /* HAVE_CAP_NG_H */
if (getuid() == 0 || geteuid() == 0) {
if (username || chroot_dir)
droproot(username, chroot_dir);
}
#endif /* WIN32 */
//假设这里并没有指定写文件,所以我们并不去分析这段
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
if (pcap_setfilter(pd, &fcode) < 0)
error("%s", pcap_geterr(pd));
//设置过滤器规则
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
if (WFileName)
{
pcap_dumper_t *p;
/* Do not exceed the default PATH_MAX for files. */
dumpinfo.CurrentFileName = (char *)malloc(PATH_MAX + 1);
if (dumpinfo.CurrentFileName == NULL)
error("malloc of dumpinfo.CurrentFileName");
/* We do not need numbering for dumpfiles if Cflag isn't set. */
if (Cflag != 0)
MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, WflagChars);
else
MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
#ifdef HAVE_CAP_NG_H
/* Give up capabilities, clear Effective set */
capng_clear(CAPNG_EFFECTIVE);
#endif
if (p == NULL)
error("%s", pcap_geterr(pd));
if (Cflag != 0 || Gflag != 0) {
callback = dump_packet_and_trunc;
dumpinfo.WFileName = WFileName;
dumpinfo.pd = pd;
dumpinfo.p = p;
pcap_userdata = (u_char *)&dumpinfo;
} else {
callback = dump_packet;
pcap_userdata = (u_char *)p;
}
#ifdef HAVE_PCAP_DUMP_FLUSH
if (Uflag)
pcap_dump_flush(p);
#endif
}
else
{
type = pcap_datalink(pd);
printinfo = get_print_info(type);
callback = print_packet;
pcap_userdata = (u_char *)&printinfo;
}
//如果是写入文件,当然为了方便,这里并不假设写入文件
//这里设置callback=print_packet函数