1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
--- arpd.orig/arpd.c 2003-02-09 05:20:40.000000000 +0100
+++ arpd/arpd.c 2014-03-16 08:11:53.000000000 +0100
@@ -70,7 +70,7 @@ static int arpd_sig;
static void
usage(void)
{
- fprintf(stderr, "Usage: arpd [-d] [-i interface] [net]\n");
+ fprintf(stderr, "Usage: arpd [-d] [-i interface] [-a 'pcap_expr'] [{host|net|range} ...]\n");
exit(1);
}
@@ -182,7 +182,7 @@ arpd_expandips(int naddresses, char **ad
}
static void
-arpd_init(char *dev, int naddresses, char **addresses)
+arpd_init(char *dev, char *and_pcap_exp, int naddresses, char **addresses)
{
struct bpf_program fcode;
char filter[1024], ebuf[PCAP_ERRBUF_SIZE], *dst;
@@ -214,9 +214,13 @@ arpd_init(char *dev, int naddresses, cha
errx(1, "bad interface configuration: not IP or Ethernet");
arpd_ifent.intf_addr.addr_bits = IP_ADDR_BITS;
- snprintf(filter, sizeof(filter), "arp %s%s%s and not ether src %s",
+ snprintf(filter, sizeof(filter), "arp %s%s%s and not ether src %s%s%s%s",
dst ? "and (" : "", dst ? dst : "", dst ? ")" : "",
- addr_ntoa(&arpd_ifent.intf_link_addr));
+ addr_ntoa(&arpd_ifent.intf_link_addr),
+ and_pcap_exp ? " and (" : "",
+ and_pcap_exp ? and_pcap_exp : "",
+ and_pcap_exp ? ")" : ""
+ );
if ((arpd_pcap = pcap_open_live(dev, 128, 0, 500, ebuf)) == NULL)
errx(1, "pcap_open_live: %s", ebuf);
@@ -265,7 +269,7 @@ arpd_send(eth_t *eth, int op,
spa->addr_ip, tha->addr_eth, tpa->addr_ip);
if (op == ARP_OP_REQUEST) {
- syslog(LOG_DEBUG, __FUNCTION__ ": who-has %s tell %s",
+ syslog(LOG_DEBUG, "%s: who-has %s tell %s", __FUNCTION__,
addr_ntoa(tpa), addr_ntoa(spa));
} else if (op == ARP_OP_REPLY) {
syslog(LOG_INFO, "arp reply %s is-at %s",
@@ -282,7 +286,7 @@ arpd_lookup(struct addr *addr)
int error;
if (addr_cmp(addr, &arpd_ifent.intf_addr) == 0) {
- syslog(LOG_DEBUG, __FUNCTION__ ": %s at %s",
+ syslog(LOG_DEBUG, "%s: %s at %s", __FUNCTION__,
addr_ntoa(addr), addr_ntoa(&arpd_ifent.intf_link_addr));
return (0);
}
@@ -291,10 +295,10 @@ arpd_lookup(struct addr *addr)
error = arp_get(arpd_arp, &arpent);
if (error == -1) {
- syslog(LOG_DEBUG, __FUNCTION__ ": no entry for %s",
+ syslog(LOG_DEBUG, "%s: no entry for %s", __FUNCTION__,
addr_ntoa(addr));
} else {
- syslog(LOG_DEBUG, __FUNCTION__ ": %s at %s",
+ syslog(LOG_DEBUG, "%s: %s at %s", __FUNCTION__,
addr_ntoa(addr), addr_ntoa(&arpent.arp_ha));
}
return (error);
@@ -423,7 +427,7 @@ arpd_recv_cb(u_char *u, const struct pca
if ((req = SPLAY_FIND(tree, &arpd_reqs, &tmp)) != NULL) {
addr_pack(&src.arp_ha, ADDR_TYPE_ETH, ETH_ADDR_BITS,
ethip->ar_sha, ETH_ADDR_LEN);
- syslog(LOG_DEBUG, __FUNCTION__ ": %s at %s",
+ syslog(LOG_DEBUG, "%s: %s at %s", __FUNCTION__,
addr_ntoa(&req->pa), addr_ntoa(&src.arp_ha));
/* This address is claimed */
@@ -445,9 +449,6 @@ arpd_recv(int fd, short type, void *ev)
void
terminate_handler(int sig)
{
- extern int event_gotsig;
-
- event_gotsig = 1;
arpd_sig = sig;
}
@@ -464,15 +465,14 @@ int
main(int argc, char *argv[])
{
struct event recv_ev;
- extern int (*event_sigcb)(void);
- char *dev;
+ char *dev, *and_pcap_exp;
int c, debug;
FILE *fp;
dev = NULL;
debug = 0;
- while ((c = getopt(argc, argv, "di:h?")) != -1) {
+ while ((c = getopt(argc, argv, "a:di:h?")) != -1) {
switch (c) {
case 'd':
debug = 1;
@@ -480,6 +480,9 @@ main(int argc, char *argv[])
case 'i':
dev = optarg;
break;
+ case 'a':
+ and_pcap_exp = optarg;
+ break;
default:
usage();
break;
@@ -489,9 +492,9 @@ main(int argc, char *argv[])
argv += optind;
if (argc == 0)
- arpd_init(dev, 0, NULL);
+ arpd_init(dev, and_pcap_exp, 0, NULL);
else
- arpd_init(dev, argc, argv);
+ arpd_init(dev, and_pcap_exp, argc, argv);
if ((fp = fopen(PIDFILE, "w")) == NULL)
err(1, "fopen");
@@ -524,7 +527,6 @@ main(int argc, char *argv[])
perror("signal");
return (-1);
}
- event_sigcb = arpd_signal;
event_dispatch();
|