search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dcerpc-netlogon: all netr_LogonControl[2[Ex]] calls have the same reply values
[wireshark-sm.git] / extcap / sshdump.c
blob8da2bb37874db35e8bc6ba3fd446f553592f3b6a
1 /* sshdump.c
2 * sshdump is extcap tool used to capture data using a remote ssh host
3 *
4 * Copyright 2015, Dario Lombardo
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * SPDX-License-Identifier: GPL-2.0-or-later
11 */
12
13 #include "config.h"
14 #define WS_LOG_DOMAIN "sshdump"
15
16 #include <extcap/extcap-base.h>
17 #include <extcap/ssh-base.h>
18 #include <wsutil/interface.h>
19 #include <wsutil/file_util.h>
20 #include <wsutil/strtoi.h>
21 #include <wsutil/filesystem.h>
22 #include <wsutil/privileges.h>
23 #include <wsutil/please_report_bug.h>
24 #include <wsutil/wslog.h>
25
26 #include <errno.h>
27 #include <string.h>
28 #include <fcntl.h>
29
30 #include <cli_main.h>
31
32 static char* sshdump_extcap_interface;
33 #ifdef _WIN32
34 #define DEFAULT_SSHDUMP_EXTCAP_INTERFACE "sshdump.exe"
35 #else
36 #define DEFAULT_SSHDUMP_EXTCAP_INTERFACE "sshdump"
37 #endif
38
39 #define SSHDUMP_VERSION_MAJOR "1"
40 #define SSHDUMP_VERSION_MINOR "2"
41 #define SSHDUMP_VERSION_RELEASE "0"
42
43 #define SSH_READ_BLOCK_SIZE 256
44
45 enum {
46 EXTCAP_BASE_OPTIONS_ENUM,
47 OPT_HELP,
48 OPT_VERSION,
49 OPT_REMOTE_HOST,
50 OPT_REMOTE_PORT,
51 OPT_REMOTE_USERNAME,
52 OPT_REMOTE_PASSWORD,
53 OPT_REMOTE_INTERFACE,
54 OPT_REMOTE_CAPTURE_COMMAND_SELECT,
55 OPT_REMOTE_CAPTURE_COMMAND,
56 OPT_REMOTE_FILTER,
57 OPT_SSHKEY,
58 OPT_SSHKEY_PASSPHRASE,
59 OPT_PROXYCOMMAND,
60 OPT_SSH_SHA1,
61 OPT_REMOTE_COUNT,
62 OPT_REMOTE_SUDO, // Deprecated
63 OPT_REMOTE_PRIV,
64 OPT_REMOTE_PRIV_USER,
65 OPT_REMOTE_NOPROM
66 };
67
68 static const struct ws_option longopts[] = {
69 EXTCAP_BASE_OPTIONS,
70 { "help", ws_no_argument, NULL, OPT_HELP},
71 { "version", ws_no_argument, NULL, OPT_VERSION},
72 SSH_BASE_OPTIONS,
73 { "remote-capture-command-select", ws_required_argument, NULL, OPT_REMOTE_CAPTURE_COMMAND_SELECT},
74 { "remote-capture-command", ws_required_argument, NULL, OPT_REMOTE_CAPTURE_COMMAND},
75 { "remote-sudo", ws_no_argument, NULL, OPT_REMOTE_SUDO }, // Deprecated
76 { "remote-priv", ws_required_argument, NULL, OPT_REMOTE_PRIV },
77 { "remote-priv-user", ws_required_argument, NULL, OPT_REMOTE_PRIV_USER },
78 { "remote-noprom", ws_no_argument, NULL, OPT_REMOTE_NOPROM },
79 { 0, 0, 0, 0}
80 };
81
82 static char* interfaces_list_to_filter(GSList* if_list, unsigned int remote_port);
83
84 static int ssh_loop_read(ssh_channel channel, FILE* fp)
85 {
86 int nbytes;
87 int ret = EXIT_SUCCESS;
88 char buffer[SSH_READ_BLOCK_SIZE];
89
90 /* read from stdin until data are available */
91 while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) {
92 nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE, 0);
93 if (nbytes < 0) {
94 ws_warning("Error reading from channel");
95 goto end;
96 }
97 if (nbytes == 0) {
98 break;
99 }
100 if (fwrite(buffer, 1, nbytes, fp) != (unsigned)nbytes) {
101 ws_warning("Error writing to fifo");
102 ret = EXIT_FAILURE;
103 goto end;
104 }
105 fflush(fp);
106 }
107
108 /* read loop finished... maybe something wrong happened. Read from stderr */
109 while (ssh_channel_is_open(channel) && !ssh_channel_is_eof(channel)) {
110 nbytes = ssh_channel_read(channel, buffer, SSH_READ_BLOCK_SIZE, 1);
111 if (nbytes < 0) {
112 ws_warning("Error reading from channel");
113 goto end;
114 }
115 if (fwrite(buffer, 1, nbytes, stderr) != (unsigned)nbytes) {
116 ws_warning("Error writing to stderr");
117 break;
118 }
119 }
120
121 end:
122 if (ssh_channel_send_eof(channel) != SSH_OK) {
123 ws_warning("Error sending EOF in ssh channel");
124 ret = EXIT_FAILURE;
125 }
126 return ret;
127 }
128
129 static char* local_interfaces_to_filter(const uint16_t remote_port)
130 {
131 GSList* interfaces = local_interfaces_to_list();
132 char* filter = interfaces_list_to_filter(interfaces, remote_port);
133 g_slist_free_full(interfaces, g_free);
134 return filter;
135 }
136
137 static ssh_channel run_ssh_command(ssh_session sshs, const char* capture_command_select,
138 const char* capture_command, const char* privilege, bool noprom,
139 const char* iface, const char* cfilter, const uint32_t count)
140 {
141 char* cmdline = NULL;
142 ssh_channel channel;
143 char** ifaces_array = NULL;
144 int ifaces_array_num = 0;
145 GString *ifaces_string;
146 char *ifaces = NULL;
147 char* quoted_iface = NULL;
148 char* quoted_filter = NULL;
149 char* count_str = NULL;
150 unsigned int remote_port = 22;
151
152 channel = ssh_channel_new(sshs);
153 if (!channel) {
154 ws_warning("Can't create channel");
155 return NULL;
156 }
157
158 if (ssh_channel_open_session(channel) != SSH_OK) {
159 ws_warning("Can't open session");
160 ssh_channel_free(channel);
161 return NULL;
162 }
163
164 ssh_options_get_port(sshs, &remote_port);
165
166 if (capture_command_select == NULL || !g_strcmp0(capture_command_select, "other")) {
167 if (capture_command && *capture_command) {
168 cmdline = g_strdup(capture_command);
169 ws_debug("Remote capture command has disabled other options");
170 } else {
171 capture_command_select = "tcpdump";
172 }
173 }
174
175 /* escape parameters to go save with the shell */
176 if (!g_strcmp0(capture_command_select, "tcpdump")) {
177 quoted_iface = iface ? g_shell_quote(iface) : NULL;
178 quoted_filter = g_shell_quote(cfilter ? cfilter : "");
179 if (count > 0)
180 count_str = ws_strdup_printf("-c %u", count);
181
182 cmdline = ws_strdup_printf("%s tcpdump -U %s%s %s -w - %s %s",
183 privilege,
184 quoted_iface ? "-i " : "",
185 quoted_iface ? quoted_iface : "",
186 noprom ? "-p" : "",
187 count_str ? count_str : "",
188 quoted_filter);
189 } else if (!g_strcmp0(capture_command_select, "dumpcap")) {
190 if (iface) {
191 ifaces_array = g_strsplit(iface, " ", -1);
192 ifaces_string = g_string_new(NULL);
193 while (ifaces_array[ifaces_array_num])
194 {
195 quoted_iface = g_shell_quote(ifaces_array[ifaces_array_num]);
196 g_string_append_printf(ifaces_string, "-i %s ", quoted_iface);
197 ifaces_array_num++;
198 }
199 ifaces = g_string_free(ifaces_string, FALSE);
200 }
201 quoted_filter = g_shell_quote(cfilter ? cfilter : "");
202 if (count > 0)
203 count_str = ws_strdup_printf("-c %u", count);
204
205 cmdline = ws_strdup_printf("%s dumpcap %s %s -w - %s -f %s",
206 privilege,
207 noprom ? "-p" : "",
208 ifaces ? ifaces : "",
209 count_str ? count_str : "",
210 quoted_filter);
211
212 g_free(ifaces);
213 g_strfreev(ifaces_array);
214 }
215
216 ws_debug("Running: %s", cmdline);
217 if (ssh_channel_request_exec(channel, cmdline) != SSH_OK) {
218 ws_warning("Can't request exec");
219 ssh_channel_close(channel);
220 ssh_channel_free(channel);
221 channel = NULL;
222 }
223
224 g_free(quoted_iface);
225 g_free(quoted_filter);
226 g_free(cmdline);
227 g_free(count_str);
228
229 return channel;
230 }
231
232 static int ssh_open_remote_connection(const ssh_params_t* params, const char* iface, const char* cfilter,
233 const char* capture_command_select, const char* capture_command, const char* privilege,
234 bool noprom, const uint32_t count, const char* fifo)
235 {
236 ssh_session sshs = NULL;
237 ssh_channel channel = NULL;
238 FILE* fp = stdout;
239 int ret = EXIT_FAILURE;
240 char* err_info = NULL;
241
242 if (g_strcmp0(fifo, "-")) {
243 /* Open or create the output file */
244 fp = fopen(fifo, "wb");
245 if (fp == NULL) {
246 ws_warning("Error creating output file: %s (%s)", fifo, g_strerror(errno));
247 return EXIT_FAILURE;
248 }
249 }
250
251 sshs = create_ssh_connection(params, &err_info);
252
253 if (!sshs) {
254 ws_warning("Error creating connection.");
255 goto cleanup;
256 }
257
258 channel = run_ssh_command(sshs, capture_command_select, capture_command, privilege, noprom, iface, cfilter, count);
259
260 if (!channel) {
261 ws_warning("Can't run ssh command.");
262 goto cleanup;
263 }
264
265 /* read from channel and write into fp */
266 if (ssh_loop_read(channel, fp) != EXIT_SUCCESS) {
267 ws_warning("Error in read loop.");
268 ret = EXIT_FAILURE;
269 goto cleanup;
270 }
271
272 ret = EXIT_SUCCESS;
273 cleanup:
274 if (err_info)
275 ws_warning("%s", err_info);
276 g_free(err_info);
277
278 /* clean up and exit */
279 ssh_cleanup(&sshs, &channel);
280
281 if (g_strcmp0(fifo, "-"))
282 fclose(fp);
283 return ret;
284 }
285
286 static char* interfaces_list_to_filter(GSList* interfaces, unsigned int remote_port)
287 {
288 GString* filter = g_string_new(NULL);
289 GSList* cur;
290
291 // If no port is given, assume the default one. This might not be
292 // correct if the port is looked up from the ssh config file, but it is
293 // better than nothing.
294 if (remote_port == 0) {
295 remote_port = 22;
296 }
297
298 if (!interfaces) {
299 g_string_append_printf(filter, "not port %u", remote_port);
300 } else {
301 g_string_append_printf(filter, "not ((host %s", (char*)interfaces->data);
302 cur = g_slist_next(interfaces);
303 while (cur) {
304 g_string_append_printf(filter, " or host %s", (char*)cur->data);
305 cur = g_slist_next(cur);
306 }
307 g_string_append_printf(filter, ") and port %u)", remote_port);
308 }
309 return g_string_free(filter, FALSE);
310 }
311
312 static int list_config(char *interface, unsigned int remote_port)
313 {
314 unsigned inc = 0;
315 char* ipfilter;
316
317 if (!interface) {
318 ws_warning("ERROR: No interface specified.");
319 return EXIT_FAILURE;
320 }
321
322 if (g_strcmp0(interface, sshdump_extcap_interface)) {
323 ws_warning("ERROR: interface must be %s", sshdump_extcap_interface);
324 return EXIT_FAILURE;
325 }
326
327 ipfilter = local_interfaces_to_filter(remote_port);
328
329 printf("arg {number=%u}{call=--remote-host}{display=Remote SSH server address}"
330 "{type=string}{tooltip=The remote SSH host. It can be both "
331 "an IP address or a hostname}{required=true}{group=Server}\n", inc++);
332 printf("arg {number=%u}{call=--remote-port}{display=Remote SSH server port}"
333 "{type=unsigned}{default=22}{tooltip=The remote SSH host port (1-65535)}"
334 "{range=1,65535}{group=Server}\n", inc++);
335 printf("arg {number=%u}{call=--remote-username}{display=Remote SSH server username}"
336 "{type=string}{tooltip=The remote SSH username. If not provided, "
337 "the current user will be used}{group=Authentication}\n", inc++);
338 printf("arg {number=%u}{call=--remote-password}{display=Remote SSH server password}"
339 "{type=password}{tooltip=The SSH password, used when other methods (SSH agent "
340 "or key files) are unavailable.}{group=Authentication}\n", inc++);
341 printf("arg {number=%u}{call=--sshkey}{display=Path to SSH private key}"
342 "{type=fileselect}{tooltip=The path on the local filesystem of the private SSH key (OpenSSH format)}"
343 "{mustexist=true}{group=Authentication}\n", inc++);
344 printf("arg {number=%u}{call=--sshkey-passphrase}{display=SSH key passphrase}"
345 "{type=password}{tooltip=Passphrase to unlock the SSH private key}{group=Authentication}\n",
346 inc++);
347 printf("arg {number=%u}{call=--proxycommand}{display=ProxyCommand}"
348 "{type=string}{tooltip=The command to use as proxy for the SSH connection}"
349 "{group=Authentication}\n", inc++);
350 printf("arg {number=%u}{call=--ssh-sha1}{display=Support SHA-1 keys (deprecated)}"
351 "{type=boolflag}{tooltip=Support keys and key exchange algorithms using SHA-1 (deprecated)}{group=Authentication}"
352 "\n", inc++);
353 printf("arg {number=%u}{call=--remote-interface}{display=Remote interface}"
354 "{type=string}{tooltip=The remote network interface used for capture"
355 "}{group=Capture}\n", inc++);
356 printf("arg {number=%u}{call=--remote-capture-command-select}{display=Remote capture command selection}"
357 "{type=radio}{tooltip=The remote capture command to build a command line for}{group=Capture}\n", inc);
358 printf("value {arg=%u}{value=dumpcap}{display=dumpcap}\n", inc);
359 printf("value {arg=%u}{value=tcpdump}{display=tcpdump}{default=true}\n", inc);
360 printf("value {arg=%u}{value=other}{display=Other:}\n", inc++);
361 printf("arg {number=%u}{call=--remote-capture-command}{display=Remote capture command}"
362 "{type=string}{tooltip=The remote command used to capture}{group=Capture}\n", inc++);
363 // Deprecated
364 //printf("arg {number=%u}{call=--remote-sudo}{display=Use sudo on the remote machine}"
365 // "{type=boolflag}{tooltip=Prepend the capture command with sudo on the remote machine}"
366 // "{group=Capture}\n", inc++);
367 printf("arg {number=%u}{call=--remote-priv}{display=Gain capture privilege on the remote machine}"
368 "{type=radio}{tooltip=Optionally prepend the capture command with sudo or doas on the remote machine}"
369 "{group=Capture}\n", inc);
370 printf("value {arg=%u}{value=none}{display=none}{default=true}\n", inc);
371 printf("value {arg=%u}{value=sudo}{display=sudo}\n", inc);
372 printf("value {arg=%u}{value=doas -n}{display=doas}\n", inc++);
373 printf("arg {number=%u}{call=--remote-priv-user}{display=Privileged user name for sudo or doas}"
374 "{type=string}{tooltip=User name of privileged user to execute the capture command on the remote machine}"
375 "{group=Capture}\n", inc++);
376 printf("arg {number=%u}{call=--remote-noprom}{display=No promiscuous mode}"
377 "{type=boolflag}{tooltip=Don't use promiscuous mode on the remote machine}{group=Capture}"
378 "\n", inc++);
379 printf("arg {number=%u}{call=--remote-filter}{display=Remote capture filter}{type=string}"
380 "{tooltip=The remote capture filter}", inc++);
381 if (ipfilter)
382 printf("{default=%s}", ipfilter);
383 printf("{group=Capture}\n");
384 printf("arg {number=%u}{call=--remote-count}{display=Packets to capture}"
385 "{type=unsigned}{default=0}{tooltip=The number of remote packets to capture. (Default: inf)}"
386 "{group=Capture}\n", inc++);
387
388 extcap_config_debug(&inc);
389
390 g_free(ipfilter);
391
392 return EXIT_SUCCESS;
393 }
394
395 static char* concat_filters(const char* extcap_filter, const char* remote_filter)
396 {
397 if (!extcap_filter && remote_filter)
398 return g_strdup(remote_filter);
399
400 if (!remote_filter && extcap_filter)
401 return g_strdup(extcap_filter);
402
403 if (!remote_filter && !extcap_filter)
404 return NULL;
405
406 return ws_strdup_printf("(%s) and (%s)", extcap_filter, remote_filter);
407 }
408
409 int main(int argc, char *argv[])
410 {
411 char* err_msg;
412 int result;
413 int option_idx = 0;
414 ssh_params_t* ssh_params = ssh_params_new();
415 char* remote_interface = NULL;
416 char* remote_capture_command_select = NULL;
417 char* remote_capture_command = NULL;
418 char* remote_filter = NULL;
419 uint32_t count = 0;
420 int ret = EXIT_FAILURE;
421 extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1);
422 char* help_url;
423 char* help_header = NULL;
424 char* priv = NULL;
425 char* priv_user = NULL;
426 bool noprom = false;
427 char* interface_description = g_strdup("SSH remote capture");
428
429 /* Initialize log handler early so we can have proper logging during startup. */
430 extcap_log_init("sshdump");
431
432 sshdump_extcap_interface = g_path_get_basename(argv[0]);
433
434 /*
435 * Get credential information for later use.
436 */
437 init_process_policies();
438
439 /*
440 * Attempt to get the pathname of the directory containing the
441 * executable file.
442 */
443 err_msg = configuration_init(argv[0], NULL);
444 if (err_msg != NULL) {
445 ws_warning("Can't get pathname of directory containing the extcap program: %s.",
446 err_msg);
447 g_free(err_msg);
448 }
449
450 help_url = data_file_url("sshdump.html");
451 extcap_base_set_util_info(extcap_conf, argv[0], SSHDUMP_VERSION_MAJOR, SSHDUMP_VERSION_MINOR,
452 SSHDUMP_VERSION_RELEASE, help_url);
453 g_free(help_url);
454 add_libssh_info(extcap_conf);
455 if (g_strcmp0(sshdump_extcap_interface, DEFAULT_SSHDUMP_EXTCAP_INTERFACE)) {
456 char* temp = interface_description;
457 interface_description = ws_strdup_printf("%s, custom version", interface_description);
458 g_free(temp);
459 }
460 extcap_base_register_interface(extcap_conf, sshdump_extcap_interface, interface_description, 147, "Remote capture dependent DLT");
461 g_free(interface_description);
462
463 help_header = ws_strdup_printf(
464 " %s --extcap-interfaces\n"
465 " %s --extcap-interface=%s --extcap-dlts\n"
466 " %s --extcap-interface=%s --extcap-config\n"
467 " %s --extcap-interface=%s --remote-host myhost --remote-port 22222 "
468 "--remote-username myuser --remote-interface eth2 --remote-capture-command 'tcpdump -U -i eth0 -w -' "
469 "--fifo=FILENAME --capture\n", argv[0], argv[0], sshdump_extcap_interface, argv[0],
470 sshdump_extcap_interface, argv[0], sshdump_extcap_interface);
471 extcap_help_add_header(extcap_conf, help_header);
472 g_free(help_header);
473 extcap_help_add_option(extcap_conf, "--help", "print this help");
474 extcap_help_add_option(extcap_conf, "--version", "print the version");
475 extcap_help_add_option(extcap_conf, "--remote-host <host>", "the remote SSH host");
476 extcap_help_add_option(extcap_conf, "--remote-port <port>", "the remote SSH port");
477 extcap_help_add_option(extcap_conf, "--remote-username <username>", "the remote SSH username");
478 extcap_help_add_option(extcap_conf, "--remote-password <password>", "the remote SSH password. If not specified, ssh-agent and ssh-key are used");
479 extcap_help_add_option(extcap_conf, "--sshkey <private key path>", "the path of the SSH key (OpenSSH format)");
480 extcap_help_add_option(extcap_conf, "--sshkey-passphrase <private key passphrase>", "the passphrase to unlock private SSH key");
481 extcap_help_add_option(extcap_conf, "--proxycommand <proxy command>", "the command to use as proxy for the SSH connection");
482 extcap_help_add_option(extcap_conf, "--ssh-sha1", "support keys and key exchange using SHA-1 (deprecated)");
483 extcap_help_add_option(extcap_conf, "--remote-interface <iface>", "the remote capture interface");
484 extcap_help_add_option(extcap_conf, "--remote-capture-command-select <selection>", "dumpcap, tcpdump or other remote capture command");
485 extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command");
486 //extcap_help_add_option(extcap_conf, "--remote-sudo", "use sudo on the remote machine to capture"); // Deprecated
487 extcap_help_add_option(extcap_conf, "--remote-priv <selection>", "none, sudo or doas");
488 extcap_help_add_option(extcap_conf, "--remote-priv-user <username>", "privileged user name");
489 extcap_help_add_option(extcap_conf, "--remote-noprom", "don't use promiscuous mode on the remote machine");
490 extcap_help_add_option(extcap_conf, "--remote-filter <filter>", "a filter for remote capture (default: don't listen on local interfaces IPs)");
491 extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of packets to capture");
492
493 ws_opterr = 0;
494 ws_optind = 0;
495
496 if (argc == 1) {
497 extcap_help_print(extcap_conf);
498 goto end;
499 }
500
501 while ((result = ws_getopt_long(argc, argv, ":", longopts, &option_idx)) != -1) {
502
503 switch (result) {
504
505 case OPT_HELP:
506 extcap_help_print(extcap_conf);
507 ret = EXIT_SUCCESS;
508 goto end;
509
510 case OPT_VERSION:
511 extcap_version_print(extcap_conf);
512 ret = EXIT_SUCCESS;
513 goto end;
514
515 case OPT_REMOTE_HOST:
516 g_free(ssh_params->host);
517 ssh_params->host = g_strdup(ws_optarg);
518 break;
519
520 case OPT_REMOTE_PORT:
521 if (!ws_strtou16(ws_optarg, NULL, &ssh_params->port) || ssh_params->port == 0) {
522 ws_warning("Invalid port: %s", ws_optarg);
523 goto end;
524 }
525 break;
526
527 case OPT_REMOTE_USERNAME:
528 g_free(ssh_params->username);
529 ssh_params->username = g_strdup(ws_optarg);
530 break;
531
532 case OPT_REMOTE_PASSWORD:
533 g_free(ssh_params->password);
534 ssh_params->password = g_strdup(ws_optarg);
535 memset(ws_optarg, 'X', strlen(ws_optarg));
536 break;
537
538 case OPT_SSHKEY:
539 g_free(ssh_params->sshkey_path);
540 ssh_params->sshkey_path = g_strdup(ws_optarg);
541 break;
542
543 case OPT_SSHKEY_PASSPHRASE:
544 g_free(ssh_params->sshkey_passphrase);
545 ssh_params->sshkey_passphrase = g_strdup(ws_optarg);
546 memset(ws_optarg, 'X', strlen(ws_optarg));
547 break;
548
549 case OPT_PROXYCOMMAND:
550 g_free(ssh_params->proxycommand);
551 ssh_params->proxycommand = g_strdup(ws_optarg);
552 break;
553
554 case OPT_SSH_SHA1:
555 ssh_params->ssh_sha1 = true;
556 break;
557
558 case OPT_REMOTE_INTERFACE:
559 g_free(remote_interface);
560 remote_interface = g_strdup(ws_optarg);
561 break;
562
563 case OPT_REMOTE_CAPTURE_COMMAND_SELECT:
564 g_free(remote_capture_command_select);
565 remote_capture_command_select = g_strdup(ws_optarg);
566 break;
567
568 case OPT_REMOTE_CAPTURE_COMMAND:
569 g_free(remote_capture_command);
570 remote_capture_command = g_strdup(ws_optarg);
571 break;
572
573 case OPT_REMOTE_SUDO:
574 // Deprecated
575 g_free(priv);
576 priv = g_strdup("sudo");
577 break;
578
579 case OPT_REMOTE_PRIV:
580 g_free(priv);
581 priv = g_strdup(ws_optarg);
582 break;
583
584 case OPT_REMOTE_PRIV_USER:
585 g_free(priv_user);
586 priv_user = g_strdup(ws_optarg);
587 break;
588
589 case OPT_REMOTE_FILTER:
590 g_free(remote_filter);
591 remote_filter = g_strdup(ws_optarg);
592 break;
593
594 case OPT_REMOTE_COUNT:
595 if (!ws_strtou32(ws_optarg, NULL, &count)) {
596 ws_warning("Invalid value for count: %s", ws_optarg);
597 goto end;
598 }
599 break;
600
601 case OPT_REMOTE_NOPROM:
602 noprom = true;
603 break;
604
605 case ':':
606 /* missing option argument */
607 ws_warning("Option '%s' requires an argument", argv[ws_optind - 1]);
608 break;
609
610 default:
611 if (!extcap_base_parse_options(extcap_conf, result - EXTCAP_OPT_LIST_INTERFACES, ws_optarg)) {
612 ws_warning("Invalid option: %s", argv[ws_optind - 1]);
613 goto end;
614 }
615 }
616 }
617
618 extcap_cmdline_debug(argv, argc);
619
620 if (extcap_base_handle_interface(extcap_conf)) {
621 ret = EXIT_SUCCESS;
622 goto end;
623 }
624
625 if (extcap_conf->show_config) {
626 ret = list_config(extcap_conf->interface, ssh_params->port);
627 goto end;
628 }
629
630 err_msg = ws_init_sockets();
631 if (err_msg != NULL) {
632 ws_warning("ERROR: %s", err_msg);
633 g_free(err_msg);
634 ws_warning("%s", please_report_bug());
635 goto end;
636 }
637
638 if (extcap_conf->capture) {
639 char* filter;
640 char* privilege;
641
642 if (!ssh_params->host) {
643 ws_warning("Missing parameter: --remote-host");
644 goto end;
645 }
646
647 if ((priv) && g_strcmp0(priv, "none") && strlen(g_strstrip(priv))) {
648 if ((priv_user) && strlen(g_strstrip(priv_user)))
649 /* Both sudo and doas use the same command line option */
650 privilege = g_strconcat(priv, " -u ", priv_user, NULL);
651 else
652 privilege = g_strdup(priv);
653 } else {
654 privilege = g_strdup("");
655 }
656
657 // This may result in the use of a different port number than was given in
658 // the default filter string, as presented in the config dialog. The default
659 // given is always using the default SSH port since there's no remote SSH port
660 // given on the command line to get the extcap arguments.
661 // However the remote SSH port used here is the one given on the command line
662 // when the capture us started, which is the intended one.
663 // And this is only happening when no remote filter is specified on the command
664 // line to start the capture.
665 if (remote_filter == NULL)
666 remote_filter = local_interfaces_to_filter(ssh_params->port);
667 filter = concat_filters(extcap_conf->capture_filter, remote_filter);
668 ssh_params_set_log_level(ssh_params, extcap_conf->debug);
669 ret = ssh_open_remote_connection(ssh_params, remote_interface,
670 filter, remote_capture_command_select, remote_capture_command,
671 privilege, noprom, count, extcap_conf->fifo);
672 g_free(filter);
673 g_free(privilege);
674 } else {
675 ws_debug("You should not come here... maybe some parameter missing?");
676 ret = EXIT_FAILURE;
677 }
678
679 end:
680 /* clean up stuff */
681 ssh_params_free(ssh_params);
682 g_free(remote_capture_command_select);
683 g_free(remote_capture_command);
684 g_free(remote_interface);
685 g_free(remote_filter);
686 g_free(priv);
687 g_free(priv_user);
688 extcap_base_cleanup(&extcap_conf);
689 return ret;
690 }
691
692 /*
693 * Editor modelines - https://www.wireshark.org/tools/modelines.html
694 *
695 * Local variables:
696 * c-basic-offset: 8
697 * tab-width: 8
698 * indent-tabs-mode: t
699 * End:
700 *
701 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
702 * :indentSize=8:tabSize=8:noTabs=false:
703 */
Metzes wireshark repo