 @@ -1,1206 +1,1208 @@
 /*
  * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
  *	The Regents of the University of California.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that: (1) source code distributions
  * retain the above copyright notice and this paragraph in its entirety, (2)
  * distributions including binary code include the above copyright notice and
  * this paragraph in its entirety in the documentation or other materials
  * provided with the distribution, and (3) all advertising materials mentioning
  * features or use of this software display the following acknowledgement:
  * ``This product includes software developed by the University of California,
  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
  * the University nor the names of its contributors may be used to endorse
  * or promote products derived from this software without specific prior
  * written permission.
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
  * Support for splitting captures into multiple files with a maximum
  * file size:
+ *
  * Copyright (c) 2001
  *	Seth Webster <swebster@sst.ll.mit.edu>
  */
 #include <sys/cdefs.h>
 #ifndef lint
 static const char copyright[] _U_ =
     "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
 The Regents of the University of California.  All rights reserved.\n";
-__RCSID("$NetBSD: tcpdump.c,v 1.13 2017/01/24 23:29:14 christos Exp $");
+__RCSID("$NetBSD: tcpdump.c,v 1.14 2017/01/30 13:15:43 christos Exp $");
 #endif
 /*
  * tcpdump - dump traffic on a network
+ *
  * First written in 1987 by Van Jacobson, Lawrence Berkeley Laboratory.
  * Mercilessly hacked and occasionally improved since then via the
  * combined efforts of Van, Steve McCanne and Craig Leres of LBL.
  */
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 /*
  * Mac OS X may ship pcap.h from libpcap 0.6 with a libpcap based on
  * 0.8.  That means it has pcap_findalldevs() but the header doesn't
  * define pcap_if_t, meaning that we can't actually *use* pcap_findalldevs().
  */
 #ifdef HAVE_PCAP_FINDALLDEVS
 #ifndef HAVE_PCAP_IF_T
 #undef HAVE_PCAP_FINDALLDEVS
 #endif
 #endif
 #include <netdissect-stdinc.h>
 #ifdef USE_LIBSMI
 #include <smi.h>
 #endif
 #ifdef HAVE_LIBCRYPTO
 #include <openssl/crypto.h>
 #endif
 #ifdef HAVE_GETOPT_LONG
 #include <getopt.h>
 #else
 #include "getopt_long.h"
 #endif
 /* Capsicum-specific code requires macros from <net/bpf.h>, which will fail
  * to compile if <pcap.h> has already been included; including the headers
  * in the opposite order works fine.
  */
 #ifdef HAVE_CAPSICUM
 #include <sys/capability.h>
 #include <sys/ioccom.h>
 #include <net/bpf.h>
 #include <fcntl.h>
 #include <libgen.h>
 #endif	/* HAVE_CAPSICUM */
 #include <pcap.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <limits.h>
 #include <resolv.h>
 #ifndef _WIN32
 #include <sys/wait.h>
 #include <sys/resource.h>
 #include <pwd.h>
 #include <grp.h>
 #endif /* _WIN32 */
 /* capabilities convenience library */
 /* If a code depends on HAVE_LIBCAP_NG, it depends also on HAVE_CAP_NG_H.
  * If HAVE_CAP_NG_H is not defined, undefine HAVE_LIBCAP_NG.
  * Thus, the later tests are done only on HAVE_LIBCAP_NG.
  */
 #ifdef HAVE_LIBCAP_NG
 #ifdef HAVE_CAP_NG_H
 #include <cap-ng.h>
 #else
 #undef HAVE_LIBCAP_NG
 #endif /* HAVE_CAP_NG_H */
 #endif /* HAVE_LIBCAP_NG */
 #include "netdissect.h"
 #include "interface.h"
 #include "addrtoname.h"
 #include "machdep.h"
 #include "setsignal.h"
 #include "gmt2local.h"
 #include "pcap-missing.h"
 #include "ascii_strcasecmp.h"
 #include "print.h"
 #ifndef PATH_MAX
 #define PATH_MAX 1024
 #endif
 #ifdef SIGINFO
 #define SIGNAL_REQ_INFO SIGINFO
 #elif SIGUSR1
 #define SIGNAL_REQ_INFO SIGUSR1
 #endif
 static int Cflag;			/* rotate dump files after this many bytes */
 static int Cflag_count;			/* Keep track of which file number we're writing */
 static int Dflag;			/* list available devices and exit */
 /*
  * This is exported because, in some versions of libpcap, if libpcap
  * is built with optimizer debugging code (which is *NOT* the default
  * configuration!), the library *imports*(!) a variable named dflag,
  * under the expectation that tcpdump is exporting it, to govern
  * how much debugging information to print when optimizing
  * the generated BPF code.
+ *
  * This is a horrible hack; newer versions of libpcap don't import
  * dflag but, instead, *if* built with optimizer debugging code,
  * *export* a routine to set that flag.
  */
 int dflag;				/* print filter code */
 static int Gflag;			/* rotate dump files after this many seconds */
 static int Gflag_count;			/* number of files created with Gflag rotation */
 static time_t Gflag_time;		/* The last time_t the dump file was rotated. */
 static int Lflag;			/* list available data link types and exit */
 static int Iflag;			/* rfmon (monitor) mode */
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
 static int Jflag;			/* list available time stamp types */
 #endif
 #ifdef HAVE_PCAP_SETDIRECTION
 int Qflag = -1;				/* restrict captured packet by send/receive direction */
 #endif
 static int Uflag;			/* "unbuffered" output of dump files */
 static int Wflag;			/* recycle output files after this number of files */
 static int WflagChars;
 static char *zflag = NULL;		/* compress each savefile using a specified command (like gzip or bzip2) */
 static int infodelay;
 static int infoprint;
 char *program_name;
 /* Forwards */
 static RETSIGTYPE cleanup(int);
 static RETSIGTYPE child_cleanup(int);
 static void print_version(void);
 static void print_usage(void);
 static void show_tstamp_types_and_exit(const char *device) __attribute__((noreturn));
 static void show_dlts_and_exit(const char *device) __attribute__((noreturn));
 static void print_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
 static void dump_packet_and_trunc(u_char *, const struct pcap_pkthdr *, const u_char *);
 static void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
 static void droproot(const char *, const char *);
 #ifdef SIGNAL_REQ_INFO
 RETSIGTYPE requestinfo(int);
 #endif
 #if defined(USE_WIN32_MM_TIMER)
   #include <MMsystem.h>
   static UINT timer_id;
   static void CALLBACK verbose_stats_dump(UINT, UINT, DWORD_PTR, DWORD_PTR, DWORD_PTR);
 #elif defined(HAVE_ALARM)
   static void verbose_stats_dump(int sig);
 #endif
 static void info(int);
 static u_int packets_captured;
 #ifdef HAVE_PCAP_FINDALLDEVS
 static const struct tok status_flags[] = {
 #ifdef PCAP_IF_UP
 	{ PCAP_IF_UP,       "Up"       },
 #endif
 #ifdef PCAP_IF_RUNNING
 	{ PCAP_IF_RUNNING,  "Running"  },
 #endif
 	{ PCAP_IF_LOOPBACK, "Loopback" },
 	{ 0, NULL }
 };
 #endif
 static pcap_t *pd;
 static int supports_monitor_mode;
 extern int optind;
 extern int opterr;
 extern char *optarg;
 struct dump_info {
 	char	*WFileName;
 	char	*CurrentFileName;
 	pcap_t	*pd;
 	pcap_dumper_t *p;
 #ifdef HAVE_CAPSICUM
 	int	dirfd;
 #endif
 };
 #if defined(HAVE_PCAP_SET_PARSER_DEBUG)
 /*
  * We have pcap_set_parser_debug() in libpcap; declare it (it's not declared
  * by any libpcap header, because it's a special hack, only available if
  * libpcap was configured to include it, and only intended for use by
  * libpcap developers trying to debug the parser for filter expressions).
  */
 #ifdef _WIN32
 __declspec(dllimport)
 #else /* _WIN32 */
 extern
 #endif /* _WIN32 */
 void pcap_set_parser_debug(int);
 #elif defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
 /*
  * We don't have pcap_set_parser_debug() in libpcap, but we do have
  * pcap_debug or yydebug.  Make a local version of pcap_set_parser_debug()
  * to set the flag, and define HAVE_PCAP_SET_PARSER_DEBUG.
  */
 static void
 pcap_set_parser_debug(int value)
+{
 #ifdef HAVE_PCAP_DEBUG
 	extern int pcap_debug;
 	pcap_debug = value;
 #else /* HAVE_PCAP_DEBUG */
 	extern int yydebug;
 	yydebug = value;
 #endif /* HAVE_PCAP_DEBUG */
+}
 #define HAVE_PCAP_SET_PARSER_DEBUG
 #endif
 #if defined(HAVE_PCAP_SET_OPTIMIZER_DEBUG)
 /*
  * We have pcap_set_optimizer_debug() in libpcap; declare it (it's not declared
  * by any libpcap header, because it's a special hack, only available if
  * libpcap was configured to include it, and only intended for use by
  * libpcap developers trying to debug the optimizer for filter expressions).
  */
 #ifdef _WIN32
 __declspec(dllimport)
 #else /* _WIN32 */
 extern
 #endif /* _WIN32 */
 void pcap_set_optimizer_debug(int);
 #endif
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
 static void
 show_tstamp_types_and_exit(const char *device)
+{
 	int n_tstamp_types;
 	int *tstamp_types = 0;
 	const char *tstamp_type_name;
 	int i;
 	n_tstamp_types = pcap_list_tstamp_types(pd, &tstamp_types);
 	if (n_tstamp_types < 0)
 		error("%s", pcap_geterr(pd));
 	if (n_tstamp_types == 0) {
 		fprintf(stderr, "Time stamp type cannot be set for %s\n",
 		    device);
 		exit(0);
+	}
 	fprintf(stderr, "Time stamp types for %s (use option -j to set):\n",
 	    device);
 	for (i = 0; i < n_tstamp_types; i++) {
 		tstamp_type_name = pcap_tstamp_type_val_to_name(tstamp_types[i]);
 		if (tstamp_type_name != NULL) {
 			(void) fprintf(stderr, "  %s (%s)\n", tstamp_type_name,
 			    pcap_tstamp_type_val_to_description(tstamp_types[i]));
 		} else {
 			(void) fprintf(stderr, "  %d\n", tstamp_types[i]);
+		}
+	}
 	pcap_free_tstamp_types(tstamp_types);
 	exit(0);
+}
 #endif
 static void
 show_dlts_and_exit(const char *device)
+{
 	int n_dlts, i;
 	int *dlts = 0;
 	const char *dlt_name;
 	n_dlts = pcap_list_datalinks(pd, &dlts);
 	if (n_dlts < 0)
 		error("%s", pcap_geterr(pd));
 	else if (n_dlts == 0 || !dlts)
 		error("No data link types.");
 	/*
 	 * If the interface is known to support monitor mode, indicate
 	 * whether these are the data link types available when not in
 	 * monitor mode, if -I wasn't specified, or when in monitor mode,
 	 * when -I was specified (the link-layer types available in
 	 * monitor mode might be different from the ones available when
 	 * not in monitor mode).
 	 */
 	if (supports_monitor_mode)
 		(void) fprintf(stderr, "Data link types for %s %s (use option -y to set):\n",
 		    device,
 		    Iflag ? "when in monitor mode" : "when not in monitor mode");
 	else
 		(void) fprintf(stderr, "Data link types for %s (use option -y to set):\n",
 		    device);
 	for (i = 0; i < n_dlts; i++) {
 		dlt_name = pcap_datalink_val_to_name(dlts[i]);
 		if (dlt_name != NULL) {
 			(void) fprintf(stderr, "  %s (%s)", dlt_name,
 			    pcap_datalink_val_to_description(dlts[i]));
 			/*
 			 * OK, does tcpdump handle that type?
 			 */
 			if (!has_printer(dlts[i]))
 				(void) fprintf(stderr, " (printing not supported)");
 			fprintf(stderr, "\n");
 		} else {
 			(void) fprintf(stderr, "  DLT %d (printing not supported)\n",
 			    dlts[i]);
+		}
+	}
 #ifdef HAVE_PCAP_FREE_DATALINKS
 	pcap_free_datalinks(dlts);
 #endif
 	exit(0);
+}
 #ifdef HAVE_PCAP_FINDALLDEVS
 static void
 show_devices_and_exit (void)
+{
 	pcap_if_t *dev, *devlist;
 	char ebuf[PCAP_ERRBUF_SIZE];
 	int i;
 	if (pcap_findalldevs(&devlist, ebuf) < 0)
 		error("%s", ebuf);
 	for (i = 0, dev = devlist; dev != NULL; i++, dev = dev->next) {
 		printf("%d.%s", i+1, dev->name);
 		if (dev->description != NULL)
 			printf(" (%s)", dev->description);
 		if (dev->flags != 0)
 			printf(" [%s]", bittok2str(status_flags, "none", dev->flags));
 		printf("\n");
+	}
 	pcap_freealldevs(devlist);
 	exit(0);
+}
 #endif /* HAVE_PCAP_FINDALLDEVS */
 /*
  * Short options.
+ *
  * Note that there we use all letters for short options except for g, k,
  * o, and P, and those are used by other versions of tcpdump, and we should
  * only use them for the same purposes that the other versions of tcpdump
  * use them:
+ *
  * OS X tcpdump uses -g to force non--v output for IP to be on one
  * line, making it more "g"repable;
+ *
  * OS X tcpdump uses -k tospecify that packet comments in pcap-ng files
  * should be printed;
+ *
  * OpenBSD tcpdump uses -o to indicate that OS fingerprinting should be done
  * for hosts sending TCP SYN packets;
+ *
  * OS X tcpdump uses -P to indicate that -w should write pcap-ng rather
  * than pcap files.
+ *
  * OS X tcpdump also uses -Q to specify expressions that match packet
  * metadata, including but not limited to the packet direction.
  * The expression syntax is different from a simple "in|out|inout",
  * and those expressions aren't accepted by OS X tcpdump, but the
  * equivalents would be "in" = "dir=in", "out" = "dir=out", and
  * "inout" = "dir=in or dir=out", and the parser could conceivably
  * special-case "in", "out", and "inout" as expressions for backwards
  * compatibility, so all is not (yet) lost.
  */
 /*
  * Set up flags that might or might not be supported depending on the
  * version of libpcap we're using.
  */
 #if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
 #define B_FLAG		"B:"
 #define B_FLAG_USAGE	" [ -B size ]"
 #else /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
 #define B_FLAG
 #define B_FLAG_USAGE
 #endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
 #ifdef HAVE_PCAP_CREATE
 #define I_FLAG		"I"
 #else /* HAVE_PCAP_CREATE */
 #define I_FLAG
 #endif /* HAVE_PCAP_CREATE */
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
 #define j_FLAG		"j:"
 #define j_FLAG_USAGE	" [ -j tstamptype ]"
 #define J_FLAG		"J"
 #else /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
 #define j_FLAG
 #define j_FLAG_USAGE
 #define J_FLAG
 #endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */
 #ifdef HAVE_PCAP_FINDALLDEVS
 #define D_FLAG	"D"
 #else
 #define D_FLAG
 #endif
 #ifdef HAVE_PCAP_DUMP_FLUSH
 #define U_FLAG	"U"
 #else
 #define U_FLAG
 #endif
 #ifdef HAVE_PCAP_SETDIRECTION
 #define Q_FLAG "Q:"
 #else
 #define Q_FLAG
 #endif
 #define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
 /*
  * Long options.
+ *
  * We do not currently have long options corresponding to all short
  * options; we should probably pick appropriate option names for them.
+ *
  * However, the short options where the number of times the option is
  * specified matters, such as -v and -d and -t, should probably not
  * just map to a long option, as saying
+ *
  *  tcpdump --verbose --verbose
+ *
  * doesn't make sense; it should be --verbosity={N} or something such
  * as that.
+ *
  * For long options with no corresponding short options, we define values
  * outside the range of ASCII graphic characters, make that the last
  * component of the entry for the long option, and have a case for that
  * option in the switch statement.
  */
 #define OPTION_VERSION		128
 #define OPTION_TSTAMP_PRECISION	129
 #define OPTION_IMMEDIATE_MODE	130
 static const struct option longopts[] = {
 #if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
 	{ "buffer-size", required_argument, NULL, 'B' },
 #endif
 	{ "list-interfaces", no_argument, NULL, 'D' },
 	{ "help", no_argument, NULL, 'h' },
 	{ "interface", required_argument, NULL, 'i' },
 #ifdef HAVE_PCAP_CREATE
 	{ "monitor-mode", no_argument, NULL, 'I' },
 #endif
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
 	{ "time-stamp-type", required_argument, NULL, 'j' },
 	{ "list-time-stamp-types", no_argument, NULL, 'J' },
 #endif
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
 	{ "time-stamp-precision", required_argument, NULL, OPTION_TSTAMP_PRECISION},
 #endif
 	{ "dont-verify-checksums", no_argument, NULL, 'K' },
 	{ "list-data-link-types", no_argument, NULL, 'L' },
 	{ "no-optimize", no_argument, NULL, 'O' },
 	{ "no-promiscuous-mode", no_argument, NULL, 'p' },
 #ifdef HAVE_PCAP_SETDIRECTION
 	{ "direction", required_argument, NULL, 'Q' },
 #endif
 	{ "snapshot-length", required_argument, NULL, 's' },
 	{ "absolute-tcp-sequence-numbers", no_argument, NULL, 'S' },
 #ifdef HAVE_PCAP_DUMP_FLUSH
 	{ "packet-buffered", no_argument, NULL, 'U' },
 #endif
 	{ "linktype", required_argument, NULL, 'y' },
 #ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
 	{ "immediate-mode", no_argument, NULL, OPTION_IMMEDIATE_MODE },
 #endif
 #ifdef HAVE_PCAP_SET_PARSER_DEBUG
 	{ "debug-filter-parser", no_argument, NULL, 'Y' },
 #endif
 	{ "relinquish-privileges", required_argument, NULL, 'Z' },
 	{ "number", no_argument, NULL, '#' },
 	{ "version", no_argument, NULL, OPTION_VERSION },
 	{ NULL, 0, NULL, 0 }
 };
 #ifndef _WIN32
 /* Drop root privileges and chroot if necessary */
 static void
 droproot(const char *username, const char *chroot_dir)
+{
 	struct passwd *pw = NULL;
 	if (chroot_dir && !username) {
 		fprintf(stderr, "%s: Chroot without dropping root is insecure\n",
 			program_name);
 		exit(1);
+	}
 	pw = getpwnam(username);
 	if (pw) {
 		if (initgroups(pw->pw_name, pw->pw_gid) != 0) {
 			fprintf(stderr, "tcpdump: Couldn't initgroups to "
 			    "'%.32s' gid=%lu: %s\n", pw->pw_name,
 			    (unsigned long)pw->pw_gid,
 			    pcap_strerror(errno));
 			exit(1);
+		}
 		if (chroot_dir) {
 			setprotoent(1);
 			res_init();
 			if (chroot(chroot_dir) != 0 || chdir ("/") != 0) {
 				fprintf(stderr, "%s: Couldn't chroot/chdir to '%.64s': %s\n",
 					program_name, chroot_dir, pcap_strerror(errno));
 				exit(1);
+			}
+		}
 #ifdef HAVE_LIBCAP_NG
+		{
 			int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
 			if (ret < 0) {
 				fprintf(stderr, "error : ret %d\n", ret);
 			} else {
 				fprintf(stderr, "dropped privs to %s\n", username);
+			}
+		}
 #else
 		if (initgroups(pw->pw_name, pw->pw_gid) != 0 ||
 		    setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
 			fprintf(stderr, "%s: Couldn't change to '%.32s' uid=%lu gid=%lu: %s\n",
 				program_name, username,
 				(unsigned long)pw->pw_uid,
 				(unsigned long)pw->pw_gid,
 				pcap_strerror(errno));
 			exit(1);
+		}
 		else {
 //			fprintf(stderr, "dropped privs to %s\n", username);
+		}
 #endif /* HAVE_LIBCAP_NG */
+	}
 	else {
 		fprintf(stderr, "%s: Couldn't find user '%.32s'\n",
 			program_name, username);
 		exit(1);
+	}
 #ifdef HAVE_LIBCAP_NG
 	/* We don't need CAP_SETUID and CAP_SETGID any more. */
 	capng_updatev(
 		CAPNG_DROP,
 		CAPNG_EFFECTIVE | CAPNG_PERMITTED,
 		CAP_SETUID,
 		CAP_SETGID,
 		-1);
 	capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
+}
 #endif /* _WIN32 */
 static int
 getWflagChars(int x)
+{
 	int c = 0;
 	x -= 1;
 	while (x > 0) {
 		c += 1;
 		x /= 10;
+	}
 	return c;
+}
 static void
 MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
+{
         char *filename = malloc(PATH_MAX + 1);
         if (filename == NULL)
             error("Makefilename: malloc");
         /* Process with strftime if Gflag is set. */
         if (Gflag != 0) {
           struct tm *local_tm;
           /* Convert Gflag_time to a usable format */
           if ((local_tm = localtime(&Gflag_time)) == NULL) {
                   error("MakeTimedFilename: localtime");
+          }
           /* There's no good way to detect an error in strftime since a return
            * value of 0 isn't necessarily failure.
            */
           strftime(filename, PATH_MAX, orig_name, local_tm);
         } else {
           strncpy(filename, orig_name, PATH_MAX);
+        }
 	if (cnt == 0 && max_chars == 0)
 		strncpy(buffer, filename, PATH_MAX + 1);
 	else
 		if (snprintf(buffer, PATH_MAX + 1, "%s%0*d", filename, max_chars, cnt) > PATH_MAX)
                   /* Report an error if the filename is too large */
                   error("too many output files or filename is too long (> %d)", PATH_MAX);
         free(filename);
+}
 static char *
 get_next_file(FILE *VFile, char *ptr)
+{
 	char *ret;
 	ret = fgets(ptr, PATH_MAX, VFile);
 	if (!ret)
 		return NULL;
 	if (ptr[strlen(ptr) - 1] == '\n')
 		ptr[strlen(ptr) - 1] = '\0';
 	return ret;
+}
 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
 static int
 tstamp_precision_from_string(const char *precision)
+{
 	if (strncmp(precision, "nano", strlen("nano")) == 0)
 		return PCAP_TSTAMP_PRECISION_NANO;
 	if (strncmp(precision, "micro", strlen("micro")) == 0)
 		return PCAP_TSTAMP_PRECISION_MICRO;
 	return -EINVAL;
+}
 static const char *
 tstamp_precision_to_string(int precision)
+{
 	switch (precision) {
 	case PCAP_TSTAMP_PRECISION_MICRO:
 		return "micro";
 	case PCAP_TSTAMP_PRECISION_NANO:
 		return "nano";
 	default:
 		return "unknown";
+	}
+}
 #endif
 #ifdef HAVE_CAPSICUM
 /*
  * Ensure that, on a dump file's descriptor, we have all the rights
  * necessary to make the standard I/O library work with an fdopen()ed
  * FILE * from that descriptor.
+ *
  * A long time ago, in a galaxy far far away, AT&T decided that, instead
  * of providing separate APIs for getting and setting the FD_ flags on a
  * descriptor, getting and setting the O_ flags on a descriptor, and
  * locking files, they'd throw them all into a kitchen-sink fcntl() call
  * along the lines of ioctl(), the fact that ioctl() operations are
  * largely specific to particular character devices but fcntl() operations
  * are either generic to all descriptors or generic to all descriptors for
  * regular files nonwithstanding.
+ *
  * The Capsicum people decided that fine-grained control of descriptor
  * operations was required, so that you need to grant permission for
  * reading, writing, seeking, and fcntl-ing.  The latter, courtesy of
  * AT&T's decision, means that "fcntl-ing" isn't a thing, but a motley
  * collection of things, so there are *individual* fcntls for which
  * permission needs to be granted.
+ *
  * The FreeBSD standard I/O people implemented some optimizations that
  * requires that the standard I/O routines be able to determine whether
  * the descriptor for the FILE * is open append-only or not; as that
  * descriptor could have come from an open() rather than an fopen(),
  * that requires that it be able to do an F_GETFL fcntl() to read
  * the O_ flags.
+ *
  * Tcpdump uses ftell() to determine how much data has been written
  * to a file in order to, when used with -C, determine when it's time
  * to rotate capture files.  ftell() therefore needs to do an lseek()
  * to find out the file offset and must, thanks to the aforementioned
  * optimization, also know whether the descriptor is open append-only
  * or not.
+ *
  * The net result of all the above is that we need to grant CAP_SEEK,
  * CAP_WRITE, and CAP_FCNTL with the CAP_FCNTL_GETFL subcapability.
+ *
  * Perhaps this is the universe's way of saying that either
+ *
  *	1) there needs to be an fopenat() call and a pcap_dump_openat() call
  *	   using it, so that Capsicum-capable tcpdump wouldn't need to do
  *	   an fdopen()
+ *
  * or
+ *
  *	2) there needs to be a cap_fdopen() call in the FreeBSD standard
  *	   I/O library that knows what rights are needed by the standard
  *	   I/O library, based on the open mode, and assigns them, perhaps
  *	   with an additional argument indicating, for example, whether
  *	   seeking should be allowed, so that tcpdump doesn't need to know
  *	   what the standard I/O library happens to require this week.
  */
 static void
 set_dumper_capsicum_rights(pcap_dumper_t *p)
+{
 	int fd = fileno(pcap_dump_file(p));
 	cap_rights_t rights;
 	cap_rights_init(&rights, CAP_SEEK, CAP_WRITE, CAP_FCNTL);
 	if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) {
 		error("unable to limit dump descriptor");
+	}
 	if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS) {
 		error("unable to limit dump descriptor fcntls");
+	}
+}
 #endif
 int
 main(int argc, char **argv)
+{
 	register int cnt, op, i;
 	bpf_u_int32 localnet =0 , netmask = 0;
 	int timezone_offset = 0;
 	register char *cp, *infile, *cmdbuf, *device, *RFileName, *VFileName, *WFileName;
 	pcap_handler callback;
 	int dlt;
 	const char *dlt_name;
 	struct bpf_program fcode;
 #ifndef _WIN32
 	RETSIGTYPE (*oldhandler)(int);
 #endif
 	struct dump_info dumpinfo;
 	u_char *pcap_userdata;
 	char ebuf[PCAP_ERRBUF_SIZE];
 	char VFileLine[PATH_MAX + 1];
 	char *username = NULL;
 	char *chroot_dir = NULL;
 	char *ret = NULL;
 	char *end;
 #ifdef HAVE_PCAP_FINDALLDEVS
 	pcap_if_t *dev, *devlist;
 	int devnum;
 #endif
 	int status;
 	FILE *VFile;
 #ifdef HAVE_CAPSICUM
 	cap_rights_t rights;
 	int cansandbox;
 #endif	/* HAVE_CAPSICUM */
 	int Bflag = 0;			/* buffer size */
 	int jflag = -1;			/* packet time stamp source */
 	int Oflag = 1;			/* run filter code optimizer */
 	int pflag = 0;			/* don't go promiscuous */
 	int yflag_dlt = -1;
 	const char *yflag_dlt_name = NULL;
 	netdissect_options Ndo;
 	netdissect_options *ndo = &Ndo;
 	int immediate_mode = 0;
 	memset(ndo, 0, sizeof(*ndo));
 	ndo_set_function_pointers(ndo);
 	ndo->ndo_snaplen = DEFAULT_SNAPLEN;
 	cnt = -1;
 	device = NULL;
 	infile = NULL;
 	RFileName = NULL;
 	VFileName = NULL;
 	VFile = NULL;
 	WFileName = NULL;
 	dlt = -1;
 	if ((cp = strrchr(argv[0], '/')) != NULL)
 		ndo->program_name = program_name = cp + 1;
 	else
 		ndo->program_name = program_name = argv[0];
 #ifdef _WIN32
 	if (pcap_wsockinit() != 0)
 		error("Attempting to initialize Winsock failed");
 #endif /* _WIN32 */
 	/*
 	 * On platforms where the CPU doesn't support unaligned loads,
 	 * force unaligned accesses to abort with SIGBUS, rather than
 	 * being fixed up (slowly) by the OS kernel; on those platforms,
 	 * misaligned accesses are bugs, and we want tcpdump to crash so
 	 * that the bugs are reported.
 	 */
 	if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0)
 		error("%s", ebuf);
 #ifdef USE_LIBSMI
 	smiInit("tcpdump");
 #endif
 	while (
 	    (op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1)
 		switch (op) {
 		case 'a':
 			/* compatibility for old -a */
 			break;
 		case 'A':
 			++ndo->ndo_Aflag;
 			break;
 		case 'b':
 			++ndo->ndo_bflag;
 			break;
 #if defined(HAVE_PCAP_CREATE) || defined(_WIN32)
 		case 'B':
 			Bflag = atoi(optarg)*1024;
 			if (Bflag <= 0)
 				error("invalid packet buffer size %s", optarg);
 			break;
 #endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */
 		case 'c':
 			cnt = atoi(optarg);
 			if (cnt <= 0)
 				error("invalid packet count %s", optarg);
 			break;
 		case 'C':
 			Cflag = atoi(optarg) * 1000000;
 			if (Cflag <= 0)
 				error("invalid file size %s", optarg);
 			break;
 		case 'd':
 			++dflag;
 			break;
 		case 'D':
 			Dflag++;
 			break;
 		case 'L':
 			Lflag++;
 			break;
 		case 'e':
 			++ndo->ndo_eflag;
 			break;
 		case 'E':
 #ifndef HAVE_LIBCRYPTO
 			warning("crypto code not compiled in");
 #endif
 			ndo->ndo_espsecret = optarg;
 			break;
 		case 'f':
 			++ndo->ndo_fflag;
 			break;
 		case 'F':
 			infile = optarg;
 			break;
 		case 'G':
 			Gflag = atoi(optarg);
 			if (Gflag < 0)
 				error("invalid number of seconds %s", optarg);
                         /* We will create one file initially. */
                         Gflag_count = 0;
 			/* Grab the current time for rotation use. */
 			if ((Gflag_time = time(NULL)) == (time_t)-1) {
 				error("main: can't get current time: %s",
 				    pcap_strerror(errno));
+			}
 			break;
 		case 'h':
 			print_usage();
 			exit(0);
 			break;
 		case 'H':
 			++ndo->ndo_Hflag;
 			break;
 		case 'i':
 			if (optarg[0] == '0' && optarg[1] == 0)
 				error("Invalid adapter index");
 #ifdef HAVE_PCAP_FINDALLDEVS
 			/*
 			 * If the argument is a number, treat it as
 			 * an index into the list of adapters, as
 			 * printed by "tcpdump -D".
+			 *
 			 * This should be OK on UNIX systems, as interfaces
 			 * shouldn't have names that begin with digits.
 			 * It can be useful on Windows, where more than
 			 * one interface can have the same name.
 			 */
 			devnum = strtol(optarg, &end, 10);
 			if (optarg != end && *end == '\0') {
 				if (devnum < 0)
 					error("Invalid adapter index");
 				if (pcap_findalldevs(&devlist, ebuf) < 0)
 					error("%s", ebuf);
 				/*
 				 * Look for the devnum-th entry in the
 				 * list of devices (1-based).
 				 */
 				for (i = 0, dev = devlist;
 				    i < devnum-1 && dev != NULL;
 				    i++, dev = dev->next)
+					;
 				if (dev == NULL)
 					error("Invalid adapter index");
 				device = strdup(dev->name);
 				pcap_freealldevs(devlist);
 				break;
+			}
 #endif /* HAVE_PCAP_FINDALLDEVS */
 			device = optarg;
 			break;
 #ifdef HAVE_PCAP_CREATE
 		case 'I':
 			++Iflag;
 			break;
 #endif /* HAVE_PCAP_CREATE */
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
 		case 'j':
 			jflag = pcap_tstamp_type_name_to_val(optarg);
 			if (jflag < 0)
 				error("invalid time stamp type %s", optarg);
 			break;
 		case 'J':
 			Jflag++;
 			break;
 #endif
 		case 'l':
 #ifdef _WIN32
 			/*
 			 * _IOLBF is the same as _IOFBF in Microsoft's C
 			 * libraries; the only alternative they offer
 			 * is _IONBF.
+			 *
 			 * XXX - this should really be checking for MSVC++,
 			 * not _WIN32, if, for example, MinGW has its own
 			 * C library that is more UNIX-compatible.
 			 */
 			setvbuf(stdout, NULL, _IONBF, 0);
 #else /* _WIN32 */
 #ifdef HAVE_SETLINEBUF
 			setlinebuf(stdout);
 #else
 			setvbuf(stdout, NULL, _IOLBF, 0);
 #endif
 #endif /* _WIN32 */
 			break;
 		case 'K':
 			++ndo->ndo_Kflag;
 			break;
 		case 'm':
 #ifdef USE_LIBSMI
 			if (smiLoadModule(optarg) == 0) {
 				error("could not load MIB module %s", optarg);
+			}
 			ndo->ndo_mflag = 1;
 #else
 			(void)fprintf(stderr, "%s: ignoring option `-m %s' ",
 				      program_name, optarg);
 			(void)fprintf(stderr, "(no libsmi support)\n");
 #endif
 			break;
 		case 'M':
 			/* TCP-MD5 shared secret */
 #ifndef HAVE_LIBCRYPTO
 			warning("crypto code not compiled in");
 #endif
 			ndo->ndo_sigsecret = optarg;
 			break;
 		case 'n':
 			++ndo->ndo_nflag;
 			break;
 		case 'N':
 			++ndo->ndo_Nflag;
 			break;
 		case 'O':
 			Oflag = 0;
 			break;
 		case 'p':
 			++pflag;
 			break;
 		case 'q':
 			++ndo->ndo_qflag;
 			++ndo->ndo_suppress_default_print;
 			break;
 #ifdef HAVE_PCAP_SETDIRECTION
 		case 'Q':
 			if (ascii_strcasecmp(optarg, "in") == 0)
 				Qflag = PCAP_D_IN;
 			else if (ascii_strcasecmp(optarg, "out") == 0)
 				Qflag = PCAP_D_OUT;
 			else if (ascii_strcasecmp(optarg, "inout") == 0)
 				Qflag = PCAP_D_INOUT;
 			else
 				error("unknown capture direction `%s'", optarg);
 			break;
 #endif /* HAVE_PCAP_SETDIRECTION */
 		case 'r':
 			RFileName = optarg;
 			break;
 		case 's':
 			ndo->ndo_snaplen = strtol(optarg, &end, 0);
 			if (optarg == end || *end != '\0'
 			    || ndo->ndo_snaplen < 0 || ndo->ndo_snaplen > MAXIMUM_SNAPLEN)
 				error("invalid snaplen %s", optarg);
 			else if (ndo->ndo_snaplen == 0)
 				ndo->ndo_snaplen = MAXIMUM_SNAPLEN;
 			break;
 		case 'S':
 			++ndo->ndo_Sflag;
 			break;
 		case 't':
 			++ndo->ndo_tflag;
 			break;
 		case 'T':
 			if (ascii_strcasecmp(optarg, "vat") == 0)
 				ndo->ndo_packettype = PT_VAT;
 			else if (ascii_strcasecmp(optarg, "wb") == 0)
 				ndo->ndo_packettype = PT_WB;
 			else if (ascii_strcasecmp(optarg, "rpc") == 0)
 				ndo->ndo_packettype = PT_RPC;
 			else if (ascii_strcasecmp(optarg, "rtp") == 0)
 				ndo->ndo_packettype = PT_RTP;
 			else if (ascii_strcasecmp(optarg, "rtcp") == 0)
 				ndo->ndo_packettype = PT_RTCP;
 			else if (ascii_strcasecmp(optarg, "snmp") == 0)
 				ndo->ndo_packettype = PT_SNMP;
 			else if (ascii_strcasecmp(optarg, "cnfp") == 0)
 				ndo->ndo_packettype = PT_CNFP;
 			else if (ascii_strcasecmp(optarg, "tftp") == 0)
 				ndo->ndo_packettype = PT_TFTP;
 			else if (ascii_strcasecmp(optarg, "aodv") == 0)
 				ndo->ndo_packettype = PT_AODV;
 			else if (ascii_strcasecmp(optarg, "carp") == 0)
 				ndo->ndo_packettype = PT_CARP;
 			else if (ascii_strcasecmp(optarg, "radius") == 0)
 				ndo->ndo_packettype = PT_RADIUS;
 			else if (ascii_strcasecmp(optarg, "zmtp1") == 0)
 				ndo->ndo_packettype = PT_ZMTP1;
 			else if (ascii_strcasecmp(optarg, "vxlan") == 0)
 				ndo->ndo_packettype = PT_VXLAN;
 			else if (ascii_strcasecmp(optarg, "pgm") == 0)
 				ndo->ndo_packettype = PT_PGM;
 			else if (ascii_strcasecmp(optarg, "pgm_zmtp1") == 0)
 				ndo->ndo_packettype = PT_PGM_ZMTP1;
 			else if (ascii_strcasecmp(optarg, "lmp") == 0)
 				ndo->ndo_packettype = PT_LMP;
 			else if (ascii_strcasecmp(optarg, "resp") == 0)
 				ndo->ndo_packettype = PT_RESP;
 			else
 				error("unknown packet type `%s'", optarg);
 			break;
 		case 'u':
 			++ndo->ndo_uflag;
 			break;
 #ifdef HAVE_PCAP_DUMP_FLUSH
 		case 'U':
 			++Uflag;
 			break;
 #endif
 		case 'v':
 			++ndo->ndo_vflag;
 			break;
 		case 'V':
 			VFileName = optarg;
 			break;
 		case 'w':
 			WFileName = optarg;
 			break;
 		case 'W':
 			Wflag = atoi(optarg);
 			if (Wflag <= 0)
 				error("invalid number of output files %s", optarg);
 			WflagChars = getWflagChars(Wflag);
 			break;
 		case 'x':
 			++ndo->ndo_xflag;
 			++ndo->ndo_suppress_default_print;
 			break;
 		case 'X':
 			++ndo->ndo_Xflag;
 			++ndo->ndo_suppress_default_print;
 			break;
 		case 'y':
 			yflag_dlt_name = optarg;
 			yflag_dlt =
 				pcap_datalink_name_to_val(yflag_dlt_name);
 			if (yflag_dlt < 0)
 				error("invalid data link type %s", yflag_dlt_name);
 			break;
 #ifdef HAVE_PCAP_SET_PARSER_DEBUG
 		case 'Y':
+			{
 			/* Undocumented flag */
 			pcap_set_parser_debug(1);
+			}
 			break;
 #endif
 		case 'z':
 			zflag = optarg;
 			break;
 		case 'Z':
 			username = optarg;
 			break;
 		case '#':
 			ndo->ndo_packet_number = 1;
 			break;
 		case OPTION_VERSION:
 			print_version();
 			exit(0);
 			break;