有没有人知道如何将以下表达式正确地包含在变量中并将其用作tcpdump cmdline?
filter="-i eth0 tcp[13] & 8 == 8"
并像这样使用它:
`tcpdump $filter`
问题在于shell会根据“,”,\的使用方式不同地扩展此表达式,但无论如何,参数仍未正确传递给execve(),并且每次运行时tcpdump基本上都会返回错误。想法?以下是我测试它的方式:
root@mikePL:~/myConfig/scripts# filter="-i eth0 tcp[13] & 8 == 8"
root@mikePL:~/myConfig/scripts# echo "$filter"
-i eth0 tcp[13] & 8 == 8
root@mikePL:~/myConfig/scripts# filter="-i eth0 tcp[13] & 8 == 8"
root@mikePL:~/myConfig/scripts# echo $filter
-i eth0 & 8 == 8
root@mikePL:~/myConfig/scripts# strace tcpdump "$filter" |& grep -iE '^execve'
execve("/usr/sbin/tcpdump", ["tcpdump", "-i eth0 tcp[13] & 8 == 8"], [/* 16 vars */]) = 0 #doesn't work, everything passed as a single argument
root@mikePL:~/myConfig/scripts# strace tcpdump $filter |& grep -iE '^execve'
execve("/usr/sbin/tcpdump", ["tcpdump", "-i", "eth0", "&", "8", "==", "8"], [/* 16 vars */]) = 0 #missing tcp flags and each part of string delimited with space is treated as a separate argument
root@mikePL:~/myConfig/scripts# filter="-i eth0 tcp\[13\] \& 8 \=\= 8"
root@mikePL:~/myConfig/scripts# echo $filter
-i eth0 tcp\[13\] \& 8 \=\= 8
root@mikePL:~/myConfig/scripts# strace tcpdump $filter |& grep -iE '^execve'
execve("/usr/sbin/tcpdump", ["tcpdump", "-i", "eth0", "tcp\\[13\\]", "\\&", "8", "\\=\\=", "8"], [/* 16 vars */]) = 0 #tcpdump escapes our escapes?!
root@mikePL:~/myConfig/scripts# strace tcpdump -i eth0 'tcp[13] & 8 == 8' |& grep -iE '^execve'
execve("/usr/sbin/tcpdump", ["tcpdump", "-i", "eth0", "tcp[13] & 8 == 8"], [/* 16 vars */]) = 0 # this is how it should look like
目前我正在为tcpdump编写一个CLI界面,我认为一切都已被覆盖,但后来我意识到伯克利过滤器是例如由于上述问题,'[]'必须使用不起作用。
任何提示都将不胜感激。