1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
#!/bin/sh -euf
# Copyright 2016 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
# Utility script to wrap `tcpdump`, so that this script can be called with
# `sudo` without allowing MAAS access to read arbitrary network traffic.
# This script is designed to be as minimal as possible, to prevent arbitrary
# code execution.
if [ $# -ne 1 ]; then
echo "Write DHCP traffic to stdout using tcpdump's binary PCAP format." >&2
echo "" >&2
echo "Usage:" >&2
echo " $0 <interface>" >&2
exit 32
fi
exec /usr/sbin/tcpdump --interface "$1" --no-promiscuous-mode \
--packet-buffered --immediate-mode --snapshot-length=1500 -n -w - \
"(port 67 or port 68) or (vlan and (port 67 or port 68))"
|