diff -r -C 3 tcpdump-2005.08.08/tcpdump.1 tcpdump-2005.08.08-Hflag-patch/tcpdump.1 *** tcpdump-2005.08.08/tcpdump.1 Mon May 2 23:27:49 2005 --- tcpdump-2005.08.08-Hflag-patch/tcpdump.1 Thu Aug 11 12:12:46 2005 *************** *** 29,35 **** .na .B tcpdump [ ! .B \-AdDeflLnNOpqRStuUvxX ] [ .B \-c .I count --- 29,35 ---- .na .B tcpdump [ ! .B \-AdDefHlLnNOpqRStuUvxX ] [ .B \-c .I count *************** *** 354,359 **** --- 354,363 ---- .B \-F Use \fIfile\fP as input for the filter expression. An additional expression given on the command line is ignored. + .TP + .B \-H + Hide packets from the current ssh session. option is ignored if the environment + variable SSH_CLIENT does not exist or is malformed. .TP .B \-i Listen on \fIinterface\fP. diff -r -C 3 tcpdump-2005.08.08/tcpdump.c tcpdump-2005.08.08-Hflag-patch/tcpdump.c *** tcpdump-2005.08.08/tcpdump.c Thu Jul 7 03:22:21 2005 --- tcpdump-2005.08.08-Hflag-patch/tcpdump.c Thu Aug 11 12:23:34 2005 *************** *** 436,441 **** --- 436,442 ---- register char *cp, *infile, *cmdbuf, *device, *RFileName, *WFileName, *WFileNameAlt; pcap_handler callback; int type; + int Hflag=0; struct bpf_program fcode; #ifndef WIN32 RETSIGTYPE (*oldhandler)(int); *************** *** 484,490 **** opterr = 0; while ( ! (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:i:lLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:YZ:")) != -1) switch (op) { case 'a': --- 485,491 ---- opterr = 0; while ( ! (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:Hi:lLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:YZ:")) != -1) switch (op) { case 'a': *************** *** 558,563 **** --- 559,568 ---- infile = optarg; break; + case 'H': /* hide my ssh packets */ + Hflag=1; + break; + case 'i': if (optarg[0] == '0' && optarg[1] == 0) error("Invalid adapter index"); *************** *** 923,928 **** --- 928,995 ---- else cmdbuf = copy_argv(&argv[optind]); + /* Hide SSH session by Pascal Gloor */ + if (Hflag) { + char *ssh_client, *ssh_host=NULL, *ssh_port=NULL; + + if((ssh_client=getenv("SSH_CLIENT"))!=NULL) { + char *sep = " "; + char *field; + + if((field = strtok(ssh_client,sep))!=NULL && strlen(field) <= 15) { + ssh_host = field; + } + + if (ssh_host!=NULL && (field=strtok(NULL,sep))!=NULL && strlen(field) <= 5 ) { + ssh_port = field; + } + } + + if (ssh_host!=NULL && ssh_port!=NULL) { + + if ( cmdbuf == NULL ) { + + /* new expression : + * not ( host ssh_host and port ssh_port and tcp ) + * worst case length == 32(text) + 1(\0) + 15(ip) + 5(port) + */ + + if((cmdbuf=malloc(52))==NULL) + error("memory allocation failure.\n"); + + sprintf(cmdbuf,"not ( host %s and port %s and tcp )",ssh_host,ssh_port); + } + else { + size_t len; + + /* modify expression : + * '( cmdbuf ) and not ( host ssh_host and port ssh_port and tcp )' + * worst case length == 41(txt) + 1(\0) + 15(ip) + 5(port) + */ + + len = strlen(cmdbuf); + + if((cmdbuf=realloc(cmdbuf,len + 62))==NULL) + error("memory allocation failure.\n"); + + /* add space for the heading '( ' */ + memmove(cmdbuf+2, cmdbuf, len+1); + cmdbuf[0] = '('; cmdbuf[1] = ' '; + len+=2; + + sprintf(cmdbuf + len, " ) and not ( host %s and port %s and tcp )",\ + ssh_host, ssh_port); + } + + (void)fprintf(stderr, \ + "current ssh session packets are ignored. (%s:%s)\n", \ + ssh_host, ssh_port); + } + else { + warning("SSH_CLIENT environment variable not found. -H disabled."); + } + } + if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) error("%s", pcap_geterr(pd)); if (dflag) { *************** *** 1394,1400 **** #endif /* WIN32 */ #endif /* HAVE_PCAP_LIB_VERSION */ (void)fprintf(stderr, ! "Usage: %s [-aAd" D_FLAG "eflLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [-c count] [ -C file_size ]\n", program_name); (void)fprintf(stderr, "\t\t[ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]\n"); (void)fprintf(stderr, --- 1461,1467 ---- #endif /* WIN32 */ #endif /* HAVE_PCAP_LIB_VERSION */ (void)fprintf(stderr, ! "Usage: %s [-aAd" D_FLAG "efHlLnNOpqRStu" U_FLAG "vxX]" B_FLAG_USAGE " [-c count] [ -C file_size ]\n", program_name); (void)fprintf(stderr, "\t\t[ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]\n"); (void)fprintf(stderr,