puiblish fix, removed debug echo

.gitignore

@@ -1,5 +1,7 @@
 *~
 *.o
+*.gz
 pcapmirror
 debian/debhelper-build-stamp
 debian/pcapmirror.substvars
+debian/files

.gitlab-ci.yml

@@ -1,18 +1,21 @@
 
 stages:
   - build
+  - publish
+  
   
 variables:
   DEBIAN_FRONTEND: noninteractive
 
 build-bookworm:
   stage: build
+  needs: []
   only:
     - tags
   tags:
     - bookworm
   script:
-    - tar -czf ../pcapmirror_0.2.orig.tar.gz --exclude=debian .
+    - tar -czf ../pcapmirror_0.3.orig.tar.gz --exclude=debian .
     - apt-get update && apt-get install -y libpcap-dev
     - dpkg-buildpackage -uc -us
     - mkdir -p build
@@ -20,21 +23,32 @@ build-bookworm:
 
   artifacts:
     paths:
-      - build/*.deb
-      - build/*.dsc
-      - build/*.tar.xz
-      - build/*.changes
-      - build/*.buildinfo
-      - build/*.diff.gz
+      - build
+
+publish-bookworm:
+  stage: publish
+  needs:
+    - build-bookworm
+  dependencies:
+    - build-bookworm
+  only:
+    - tags
+  tags:
+    - bookworm
+  script:
+    - apt-get update && apt-get install -y curl
+    - ls -la build
+    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build/pcapmirror_0.3-1_amd64.deb ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/pcapmirror/bookworm/pcapmirror_0.3-1_amd64.deb'
 
 build-sid:
   stage: build
+  needs: []
   only:
     - tags
   tags:
     - sid
   script:
-    - tar -czf ../pcapmirror_0.2.orig.tar.gz --exclude=debian .
+    - tar -czf ../pcapmirror_0.3.orig.tar.gz --exclude=debian .
     - apt-get update && apt-get install -y libpcap-dev
     - dpkg-buildpackage -uc -us
     - mkdir -p build
@@ -42,9 +56,157 @@ build-sid:
 
   artifacts:
     paths:
-      - build/*.deb
-      - build/*.dsc
-      - build/*.tar.xz
-      - build/*.changes
-      - build/*.buildinfo
-      - build/*.diff.gz
+      - build
+
+publish-sid:
+  stage: publish
+  needs:
+    - build-sid
+  dependencies:
+    - build-sid
+  only:
+    - tags
+  tags:
+    - bookworm
+  script:
+    - apt-get update && apt-get install -y curl
+    - ls -la build
+    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build/pcapmirror_0.3-1_amd64.deb ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/pcapmirror/sid/pcapmirror_0.3-1_amd64.deb'
+
+build-rocky9:
+  stage: build
+  needs: []
+  only:
+    - tags
+  tags:
+    - rocky9
+  script:
+    - dnf install -y libpcap-devel
+    - mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
+    - tar -czf /root/rpmbuild/SOURCES/pcapmirror-v0.3.tar.gz --exclude=debian --exclude=.git .
+    - cp -r * /root/rpmbuild/BUILD
+    - rpmbuild -ba pcapmirror.spec
+    - mkdir -p build
+    - mv /root/rpmbuild/RPMS/x86_64/pcapmirror*.* build/
+    - mv /root/rpmbuild/SRPMS/pcapmirror*.* build/
+
+  artifacts:
+    paths:
+      - build
+
+publish-rocky9:
+  stage: publish
+  needs:
+    - build-rocky9
+  dependencies:
+    - build-rocky9
+  only:
+    - tags
+  tags:
+    - bookworm
+  script:
+    - apt-get update && apt-get install -y curl
+    - ls -la build
+    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build/pcapmirror-0.3-*.el9.x86_64.rpm ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/pcapmirror/rockylinux9/pcapmirror-0.3-1.el8.x86_64.rpm'
+
+build-rocky8:
+  stage: build
+  needs: []
+  only:
+    - tags
+  tags:
+    - rocky8
+  script:
+    - dnf install -y libpcap-devel
+    - mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
+    - tar -czf /root/rpmbuild/SOURCES/pcapmirror-v0.3.tar.gz --exclude=debian --exclude=.git .
+    - cp -r * /root/rpmbuild/BUILD
+    - rpmbuild -ba pcapmirror.spec
+    - mkdir -p build
+    - mv /root/rpmbuild/RPMS/x86_64/pcapmirror*.* build/
+    - mv /root/rpmbuild/SRPMS/pcapmirror*.* build/
+
+  artifacts:
+    paths:
+      - build
+
+publish-rocky8:
+  stage: publish
+  needs:
+    - build-rocky8
+  dependencies:
+    - build-rocky8
+  only:
+    - tags
+  tags:
+    - bookworm
+  script:
+    - apt-get update && apt-get install -y curl
+    - ls -la build
+    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build/pcapmirror-0.3-*.el8.x86_64.rpm ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/pcapmirror/rockylinux8/pcapmirror-0.3-1.el8.x86_64.rpm'
+
+build-pios12:
+  stage: build
+  needs: []
+  only:
+    - tags
+  tags:
+    - pios12
+  script:
+    - tar -czf ../pcapmirror_0.3.orig.tar.gz --exclude=debian .
+    - apt-get update && apt-get install -y libpcap-dev
+    - dpkg-buildpackage -uc -us
+    - mkdir -p build
+    - mv ../pcapmirror*.* build/
+
+  artifacts:
+    paths:
+      - build
+
+publish-pios12:
+  stage: publish
+  needs:
+    - build-pios12
+  dependencies:
+    - build-pios12
+  only:
+    - tags
+  tags:
+    - bookworm
+  script:
+    - apt-get update && apt-get install -y curl
+    - ls -la build
+    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build/pcapmirror_0.3-1_armhf.deb ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/pcapmirror/bookworm/pcapmirror_0.3-1_armhf.deb'
+
+build-pios12-64:
+  stage: build
+  needs: []
+  only:
+    - tags
+  tags:
+    - pios12-64
+  script:
+    - tar -czf ../pcapmirror_0.3.orig.tar.gz --exclude=debian .
+    - apt-get update && apt-get install -y libpcap-dev
+    - dpkg-buildpackage -uc -us
+    - mkdir -p build
+    - mv ../pcapmirror*.* build/
+
+  artifacts:
+    paths:
+      - build
+
+publish-pios12-64:
+  stage: publish
+  needs:
+    - build-pios12-64
+  dependencies:
+    - build-pios12-64
+  only:
+    - tags
+  tags:
+    - bookworm
+  script:
+    - apt-get update && apt-get install -y curl
+    - ls -la build
+    - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build/pcapmirror_0.3-1_arm64.deb ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/pcapmirror/bookworm/pcapmirror_0.3-1_arm64.deb'

Makefile

@@ -22,7 +22,7 @@ TARGET = pcapmirror
 PREFIX = /usr
 
 # Default rule
-all: $(TARGET)
+all: $(TARGET) man
 
 # Create executable
 $(TARGET): $(OBJS)
@@ -32,6 +32,9 @@ $(TARGET): $(OBJS)
 %.o: %.c
 		$(CC) $(CFLAGS) -c $< -o $@
 
+man:
+	gzip -9 -c pcapmirror.8 > pcapmirror.8.gz
+
 # Clean up object files and executable
 clean:
 		rm -f -f $(OBJS) $(TARGET)
@@ -39,11 +42,14 @@ clean:
 # Install the executable
 install: $(TARGET)
 		mkdir -p $(DESTDIR)$(PREFIX)/bin
-		install -D  $(TARGET) $(DESTDIR)$(PREFIX)/bin/$(TARGET)
+		install -D $(TARGET) $(DESTDIR)$(PREFIX)/bin/$(TARGET)
+		install -D $(TARGET).8 $(DESTDIR)$(PREFIX)/share/man/man8/$(TARGET).8
+		
 
 # Uninstall the executable
 uninstall:
 		rm -f $(TARGET) $(DESTDIR)$(PREFIX)/bin/$(TARGET)
+		rm -f $(TARGET).8.gz $(DESTDIR)$(PREFIX)/share/man/man8/$(TARGET).8.gz
 
 # Run the executable (example)
 run: $(TARGET)

README.md

@@ -1,4 +1,7 @@
+
 # pcapmirror
+![pcapmirror logo](logo/pcapmirror_logo_small.png)
+
 pcapmirror is a command-line tool for capturing network traffic and mirroring it to a remote destination using [TZSP encapsulation](https://en.wikipedia.org/wiki/TZSP). It leverages the `libpcap` library for packet capture and provides options for filtering traffic based on BPF syntax. This tool is useful for network monitoring, intrusion detection, and remote packet analysis.
 
 ## Usage
@@ -9,12 +12,14 @@ pcapmirror [options]
 
 ### Options:
 
-* -i <interface>: Specify the capture interface (e.g., eth0).
-* -f <filter>: Specify the capture filter in BPF syntax (e.g., tcp port 80).
-* -r <ip_address>: Specify the destination IP address (required).
-* -p <port>: Specify the destination port (default: 37008).
-* -v: Enable verbose mode (prints packet information).
-* -h: Show this help message.
+* -i <interface> Specify the capture interface
+* -f <filter> Specify the capture filter (BPF syntax)
+* -r <host/ipv4/ipv6> Specify the destination host (required)
+* -p <port> Specify the destination port (default: 37008)
+* -4 Force IPv4 host lookup
+* -6 Force IPv6 host lookup
+* -v Enable verbose mode
+* -h Show this help message
 
 ### Example:
 
@@ -45,7 +50,7 @@ make install
 
 This will copy the pcapmirror executable to bin. You may need to adjust the PREFIX variable in the Makefile if you want to install it to a different location.
 
-Dependencies
+### Dependencies
 libpcap: You need to have libpcap installed on your system. On Debian/Ubuntu systems, you can install it using:
 ```bash
 sudo apt-get install libpcap-dev
@@ -57,7 +62,7 @@ sudo yum install libpcap-devel
 ```
 ## Build debian package
 
-If you have never built a debian pakage you probably need debhelper:
+If you have never built a debian package you probably need debhelper:
 ```bash
 sudo apt-get install debhelper
 ```

debian/changelog

@@ -1,3 +1,9 @@
+pcapmirror (0.3-1) unstable; urgency=medium
+
+  * added manpage
+
+ -- Matthias Cramer <cramer@freestone.net>  Fri, 21 Mar 2025 16:00:05 +0100
+
 pcapmirror (0.2-1) unstable; urgency=medium
 
   * First Debian package

debian/files

@@ -1,3 +0,0 @@
-pcapmirror-dbgsym_0.2-1_amd64.deb debug optional automatic=yes
-pcapmirror_0.2-1_amd64.buildinfo net optional
-pcapmirror_0.2-1_amd64.deb net optional

debian/install

@@ -1 +1,2 @@
-pcapmirror /usr/bin
+pcapmirror /usr/bin
+pcapmirror.8 /usr/share/man/man8

main.c

@@ -13,13 +13,9 @@ Copyright (c) 2025, Matthias Cramer, cramer@freestone.net
 #include <string.h>
 #include <sys/socket.h>
 #include <netdb.h>
+#include <netinet/in.h>
 #include <unistd.h>
-
-#define ENABLE_IPV6
-
-#ifdef ENABLE_IPV6
-#include <netinet/ip6.h> // Include for IPv6 header definition
-#endif
+#include <netinet/ip6.h>
 
 #define DEFAULT_DEST_PORT 37008 // Default TZSP port
 #define TZSP_ENCAP_LEN 4       // Length of TZSP encapsulation header
@@ -48,12 +44,14 @@ int is_little_endian() {
 void print_usage(const char *program_name) {
     printf("Usage: %s [options]\n", program_name);
     printf("Options:\n");
-    printf("  -i <interface>  Specify the capture interface\n");
-    printf("  -f <filter>     Specify the capture filter (BPF syntax)\n");
-    printf("  -r <ip_address> Specify the destination IP address (required)\n");
-    printf("  -p <port>       Specify the destination port (default: %d)\n", DEFAULT_DEST_PORT);
-    printf("  -v              Enable verbose mode\n");
-    printf("  -h              Show this help message\n");
+    printf("  -i <interface>       Specify the capture interface\n");
+    printf("  -f <filter>          Specify the capture filter (BPF syntax)\n");
+    printf("  -r <host/ipv4/ipv6>  Specify the destination host (required)\n");
+    printf("  -p <port>            Specify the destination port (default: %d)\n", DEFAULT_DEST_PORT);
+    printf("  -4                   Force IPv4 host lookup\n");
+    printf("  -6                   Force IPv6 host lookup\n");
+    printf("  -v                   Enable verbose mode\n");
+    printf("  -h                   Show this help message\n");
     printf("Example:\n");
     printf("  %s -i eth0 -f 'tcp port 80' -v -r 192.168.1.100 -p 47008\n", program_name);
 }
@@ -63,14 +61,17 @@ int main(int argc, char *argv[]) {
     char errbuf[PCAP_ERRBUF_SIZE];
     char *filter_exp = "tcp port 8088"; // Default filter
     char *dev_name = NULL; // Device name
-    char *dest_ip = NULL; // Destination IP, no default value
+    char *mirror_host = NULL; // Destination IP, no default value
     int dest_port = DEFAULT_DEST_PORT; // Destination port, default value
     int i;
     int verbose = 0; // Verbose flag, default is false
+    int force_ipv4 = 0; // Flag to force IPv4 lookup
+    int force_ipv6 = 0; // Flag to force IPv6 lookup
 
     // Socket variables
     int sockfd;
-    struct sockaddr_in dest_addr;
+    struct addrinfo hints, *res;
+    struct sockaddr_storage dest_addr; // Declare dest_addr
 
     // Check if no arguments are given or if help is requested
     if (argc == 1 || (argc == 2 && strcmp(argv[1], "-h") == 0)) {
@@ -78,18 +79,6 @@ int main(int argc, char *argv[]) {
         return 0;
     }
 
-    // Create UDP socket
-    if ((sockfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
-        perror("socket");
-        return 1;
-    }
-
-    // Set destination address
-    memset(&dest_addr, 0, sizeof(dest_addr));
-    dest_addr.sin_family = AF_INET;
-    dest_addr.sin_addr.s_addr = inet_addr("127.0.0.1"); // Default to localhost
-    dest_addr.sin_port = htons(dest_port);
-
     // Parse command-line arguments
     for (i = 1; i < argc; i++) {
         if (strcmp(argv[i], "-f") == 0 && i + 1 < argc) {
@@ -104,27 +93,77 @@ int main(int argc, char *argv[]) {
             print_usage(argv[0]);
             return 0;
         } else if (strcmp(argv[i], "-r") == 0 && i + 1 < argc) {
-            dest_ip = argv[i + 1]; // Set destination IP from command line
+            mirror_host = argv[i + 1]; // Set destination IP from command line
             i++; // Skip the IP value
         } else if (strcmp(argv[i], "-p") == 0 && i + 1 < argc) {
             dest_port = atoi(argv[i + 1]); // Set destination port from command line
             i++; // Skip the port value
+        } else if (strcmp(argv[i], "-4") == 0) {
+            force_ipv4 = 1; // Force IPv4 lookup
+        } else if (strcmp(argv[i], "-6") == 0) {
+            force_ipv6 = 1; // Force IPv6 lookup
         }
     }
 
     // Check if destination IP is provided
-    if (dest_ip == NULL) {
+    if (mirror_host == NULL) {
         fprintf(stderr, "Error: Destination IP address is required.\n");
         print_usage(argv[0]);
         return 1;
     }
 
-    if (inet_pton(AF_INET, dest_ip, &dest_addr.sin_addr) <= 0) {
-        perror("inet_pton");
+    // Resolve the destination address
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = AF_UNSPEC; // Allow IPv4 or IPv6
+    hints.ai_socktype = SOCK_DGRAM; // Datagram socket
+
+    if (force_ipv4) {
+        hints.ai_family = AF_INET; // Force IPv4
+    } else if (force_ipv6) {
+        hints.ai_family = AF_INET6; // Force IPv6
+    }
+
+    if (getaddrinfo(mirror_host, NULL, &hints, &res) != 0) {
+        perror("getaddrinfo");
         return 1;
     }
 
-    dest_addr.sin_port = htons(dest_port); // Set the port
+    // Create UDP socket
+    sockfd = socket(res->ai_family, SOCK_DGRAM, 0);
+    if (sockfd == -1) {
+        perror("socket");
+        freeaddrinfo(res);
+        return 1;
+    }
+
+    // Set the destination address
+    if (res->ai_family == AF_INET) {
+        struct sockaddr_in *ipv4 = (struct sockaddr_in *)res->ai_addr;
+        ipv4->sin_port = htons(dest_port);
+        memcpy(&dest_addr, ipv4, sizeof(struct sockaddr_in));
+    } else if (res->ai_family == AF_INET6) {
+        struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *)res->ai_addr;
+        ipv6->sin6_port = htons(dest_port);
+        memcpy(&dest_addr, ipv6, sizeof(struct sockaddr_in6));
+    }
+
+    // Resolve the destination IP address
+    char resolved_ip[INET6_ADDRSTRLEN];
+    if (res->ai_family == AF_INET) {
+        struct sockaddr_in *ipv4 = (struct sockaddr_in *)res->ai_addr;
+        inet_ntop(AF_INET, &(ipv4->sin_addr), resolved_ip, INET6_ADDRSTRLEN);
+    } else if (res->ai_family == AF_INET6) {
+        struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *)res->ai_addr;
+        inet_ntop(AF_INET6, &(ipv6->sin6_addr), resolved_ip, INET6_ADDRSTRLEN);
+    }
+
+    // Free the address info
+    freeaddrinfo(res);
+
+    printf("Using interface: %s\n", dev_name);
+    printf("Using filter: %s\n", filter_exp);
+    printf("Resolved Destination IP: %s\n", resolved_ip);
+    printf("Destination Port: %d\n", dest_port);
 
     // If no interface is specified, find all devices
     if (dev_name == NULL) {
@@ -195,17 +234,10 @@ int main(int argc, char *argv[]) {
     struct pcap_pkthdr header;
     const u_char *packet;
     char source_ip_str[INET6_ADDRSTRLEN], dest_ip_str[INET6_ADDRSTRLEN];
-    struct ip *ip_header;
-#ifdef ENABLE_IPV6
-    struct ip6_hdr *ip6_header;
-#endif
+    struct ip *ip_header; // Declare ip4_header
+    struct ip6_hdr *ip6_header; // Declare ip6_header
     int ip_protocol = 0;
 
-    printf("Using interface: %s\n", dev_name);
-    printf("Using filter: %s\n", filter_exp);
-    printf("Destination IP: %s\n", dest_ip);
-    printf("Destination Port: %d\n", dest_port);
-
     while (1) {
         packet = pcap_next(handle, &header);
         if (packet == NULL)
@@ -225,9 +257,7 @@ int main(int argc, char *argv[]) {
                 printf("IPv4 Packet: %s -> %s, IP Protocol: %d\n",
                        source_ip_str, dest_ip_str, ip_header->ip_p);
             }
-        }
-#ifdef ENABLE_IPV6
-         else if (ip_protocol == 6) {
+        } else if (ip_protocol == 6) {
             // IPv6
             ip6_header = (struct ip6_hdr*)(packet + ETHERNET_HEADER_LENGTH);
             inet_ntop(AF_INET6, &(ip6_header->ip6_src), source_ip_str, INET6_ADDRSTRLEN);
@@ -237,9 +267,7 @@ int main(int argc, char *argv[]) {
                 printf("IPv6 Packet: %s -> %s, Next Header: %d\n",
                        source_ip_str, dest_ip_str, ip6_header->ip6_nxt);
             }
-        }
-#endif
-         else {
+        } else {
             printf("Non-IP Packet\n");
             continue;
         }

pcapmirror.8

@@ -0,0 +1,58 @@
+.TH PCAPMIRROR 1 "March 22, 2025" "pcapmirror 0.3" "User Commands"
+.SH NAME
+pcapmirror \- A command-line tool for capturing and mirroring network traffic
+
+.SH SYNOPSIS
+.B pcapmirror
+[\fIoptions\fR]
+
+.SH DESCRIPTION
+.B pcapmirror
+is a command-line tool for capturing network traffic and mirroring it to a remote destination using TZSP encapsulation. It leverages the \fBlibpcap\fR library for packet capture and provides options for filtering traffic based on BPF syntax. This tool is useful for network monitoring, intrusion detection, and remote packet analysis.
+
+.SH OPTIONS
+.TP
+.B \-i \fIinterface\fR
+Specify the capture interface (e.g., eth0).
+.TP
+.B \-f \fIfilter\fR
+Specify the capture filter in BPF syntax (e.g., tcp port 80).
+.TP
+.B \-r \fIhost/ipv4/ipv6\fR
+Specify the destination host (required).
+.TP
+.B \-p \fIport\fR
+Specify the destination port (default: 37008).
+.TP
+.B \-4
+Force IPv4 host lookup.
+.TP
+.B \-6
+Force IPv6 host lookup.
+.TP
+.B \-v
+Enable verbose mode (prints packet information).
+.TP
+.B \-h
+Show this help message.
+
+.SH EXAMPLES
+To capture traffic on the eth0 interface, filter for TCP port 80, and send it to the destination, use the following command:
+
+.EX
+sudo pcapmirror -i eth0 -f "tcp port 80" -r 192.168.1.100 -p 47008 -v
+.EE
+
+.SH USAGE WITH WIRESHARK
+With this tool, you can mirror traffic directly to a running Wireshark.
+
+To avoid capturing traffic from your own monitoring machine, configure Wireshark with a capture filter of udp port 37008 or udp dst port 37008. Also, verify that your firewall permits this UDP traffic.
+
+.SH SEE ALSO
+.BR bpf (2), tcpdump (1), wireshark (1), pcap (3)
+
+.SH AUTHOR
+Matthias Cramer <cramer@freestone.net>
+
+.SH COPYRIGHT
+Copyright (c) 2025, Matthias Cramer. All rights reserved.

pcapmirror.spec

@@ -0,0 +1,32 @@
+Name:     pcapmirror
+Version:  0.3
+Release:  %(perl -e 'print time()')%{?dist}
+Summary:  A simple packet capture mirror
+License:  BSD 3-Clause License
+URL:      https://git.freestone.net/cramer/pcapmirror
+Source:   https://git.freestone.net/cramer/pcapmirror/-/archive/v%version/pcapmirror-v%version.tar.gz
+BuildRequires:   gcc
+BuildRequires:   make
+BuildRequires:   libpcap-devel
+
+%description
+pcapmirror is a command-line tool for capturing and mirroring network traffic using TZSP encapsulation. It leverages the `libpcap` library for packet capture and supports BPF syntax for filtering traffic.
+
+%build
+%make_build
+
+%install
+%make_install
+
+%files
+%{_bindir}/pcapmirror
+%{_mandir}/man8/pcapmirror.8.gz
+%license LICENSE
+%doc README.md
+
+
+%changelog
+* Sat Mar 22 2025 Matthias Cramer <cramer@freesone.net> 0.3-1
+- added manpage
+* Sat Mar 22 2025 Matthias Cramer <cramer@freesone.net> 0.2-1
+- Initial release of pcapmirror