libpcap  1.10.1
About: libpcap is a packet filter library used by tools like tcpdump.
  Fossies Dox: libpcap-1.10.1.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

daemon.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2002 - 2003
3  * NetGroup, Politecnico di Torino (Italy)
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the Politecnico di Torino nor the names of its
16  * contributors may be used to endorse or promote products derived from
17  * this software without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 #ifdef HAVE_CONFIG_H
33 #include <config.h>
34 #endif
35 
36 #include "ftmacros.h"
37 #include "varattrs.h"
38 
39 #include <errno.h> // for the errno variable
40 #include <stdlib.h> // for malloc(), free(), ...
41 #include <string.h> // for strlen(), ...
42 #include <limits.h> // for INT_MAX
43 
44 #ifdef _WIN32
45  #include <process.h> // for threads
46 #else
47  #include <unistd.h>
48  #include <pthread.h>
49  #include <signal.h>
50  #include <sys/time.h>
51  #include <sys/types.h> // for select() and such
52  #include <pwd.h> // for password management
53 #endif
54 
55 #ifdef HAVE_GETSPNAM
56 #include <shadow.h> // for password management
57 #endif
58 
59 #include <pcap.h> // for libpcap/WinPcap calls
60 
61 #include "fmtutils.h"
62 #include "sockutils.h" // for socket calls
63 #include "portability.h"
64 #include "rpcap-protocol.h"
65 #include "daemon.h"
66 #include "log.h"
67 
68 #ifdef HAVE_OPENSSL
69 #include <openssl/ssl.h>
70 #include "sslutils.h"
71 #endif
72 
73 //
74 // Timeout, in seconds, when we're waiting for a client to send us an
75 // authentication request; if they don't send us a request within that
76 // interval, we drop the connection, so we don't stay stuck forever.
77 //
78 #define RPCAP_TIMEOUT_INIT 90
79 
80 //
81 // Timeout, in seconds, when we're waiting for an authenticated client
82 // to send us a request, if a capture isn't in progress; if they don't
83 // send us a request within that interval, we drop the connection, so
84 // we don't stay stuck forever.
85 //
86 #define RPCAP_TIMEOUT_RUNTIME 180
87 
88 //
89 // Time, in seconds, that we wait after a failed authentication attempt
90 // before processing the next request; this prevents a client from
91 // rapidly trying different accounts or passwords.
92 //
93 #define RPCAP_SUSPEND_WRONGAUTH 1
94 
95 // Parameters for the service loop.
97 {
98  SOCKET sockctrl; //!< SOCKET ID of the control connection
99  SSL *ssl; //!< Optional SSL handler for the controlling sockets
100  int isactive; //!< Not null if the daemon has to run in active mode
101  int nullAuthAllowed; //!< '1' if we permit NULL authentication, '0' otherwise
102 };
103 
104 //
105 // Data for a session managed by a thread.
106 // It includes both a Boolean indicating whether we *have* a thread,
107 // and a platform-dependent (UN*X vs. Windows) identifier for the
108 // thread; on Windows, we could use an invalid handle to indicate
109 // that we don't have a thread, but there *is* no portable "no thread"
110 // value for a pthread_t on UN*X.
111 //
112 struct session {
115  SSL *ctrl_ssl, *data_ssl; // optional SSL handlers for sockctrl and sockdata.
118  unsigned int TotCapt;
120 #ifdef _WIN32
121  HANDLE thread;
122 #else
123  pthread_t thread;
124 #endif
125 };
126 
127 // Locally defined functions
128 static int daemon_msg_err(SOCKET sockctrl, SSL *, uint32 plen);
129 static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen);
130 static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
131 
132 static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars,
133  uint32 plen);
134 
135 static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars,
136  uint32 plen, char *source, size_t sourcelen);
137 static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars,
138  uint32 plen, char *source, struct session **sessionp,
139  struct rpcap_sampling *samp_param, int uses_ssl);
140 static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
141  struct session *session);
142 
143 static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
144  struct session *session, uint32 plen);
145 static int daemon_unpackapplyfilter(SOCKET sockctrl, SSL *, struct session *session, uint32 *plenp, char *errbuf);
146 
147 static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
148  struct session *session, uint32 plen, struct pcap_stat *stats,
149  unsigned int svrcapt);
150 
151 static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars,
152  uint32 plen, struct rpcap_sampling *samp_param);
153 
154 static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
155 #ifdef _WIN32
156 static unsigned __stdcall daemon_thrdatamain(void *ptr);
157 #else
158 static void *daemon_thrdatamain(void *ptr);
159 static void noop_handler(int sign);
160 #endif
161 
162 static int rpcapd_recv_msg_header(SOCKET sock, SSL *, struct rpcap_header *headerp);
163 static int rpcapd_recv(SOCKET sock, SSL *, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf);
164 static int rpcapd_discard(SOCKET sock, SSL *, uint32 len);
165 static void session_close(struct session *);
166 
167 //
168 // TLS record layer header; used when processing the first message from
169 // the client, in case we aren't doing TLS but they are.
170 //
172  uint8 type; // ContentType - will be 22, for Handshake
173  uint8 version_major; // TLS protocol major version
174  uint8 version_injor; // TLS protocol minor version
175  // This is *not* aligned on a 2-byte boundary; we just
176  // declare it as two bytes. Don't assume any particular
177  // compiler's mechanism for saying "packed"!
178  uint8 length_hi; // Upper 8 bits of payload length
179  uint8 length_lo; // Low 8 bits of payload length
180 };
181 
182 #define TLS_RECORD_HEADER_LEN 5 // Don't use sizeof in case it's padded
183 
184 #define TLS_RECORD_TYPE_ALERT 21
185 #define TLS_RECORD_TYPE_HANDSHAKE 22
186 
187 //
188 // TLS alert message.
189 //
190 struct tls_alert {
193 };
194 
195 #define TLS_ALERT_LEN 2
196 
197 #define TLS_ALERT_LEVEL_FATAL 2
198 #define TLS_ALERT_HANDSHAKE_FAILURE 40
199 
200 static int is_url(const char *source);
201 
202 /*
203  * Maximum sizes for fixed-bit-width values.
204  */
205 #ifndef UINT16_MAX
206 #define UINT16_MAX 65535U
207 #endif
208 
209 #ifndef UINT32_MAX
210 #define UINT32_MAX 4294967295U
211 #endif
212 
213 int
214 daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
215  int nullAuthAllowed, int uses_ssl)
216 {
217  uint8 first_octet;
218  struct tls_record_header tls_header;
219  struct tls_alert tls_alert;
220  struct daemon_slpars pars; // service loop parameters
221  char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
222  char errmsgbuf[PCAP_ERRBUF_SIZE + 1]; // buffer for errors to send to the client
223  int host_port_check_status;
224  SSL *ssl = NULL;
225  int nrecv;
226  struct rpcap_header header; // RPCAP message general header
227  uint32 plen; // payload length from header
228  int authenticated = 0; // 1 if the client has successfully authenticated
229  char source[PCAP_BUF_SIZE+1]; // keeps the string that contains the interface to open
230  int got_source = 0; // 1 if we've gotten the source from an open request
231 #ifndef _WIN32
232  struct sigaction action;
233 #endif
234  struct session *session = NULL; // struct session main variable
235  const char *msg_type_string; // string for message type
236  int client_told_us_to_close = 0; // 1 if the client told us to close the capture
237 
238  // needed to save the values of the statistics
239  struct pcap_stat stats;
240  unsigned int svrcapt;
241 
242  struct rpcap_sampling samp_param; // in case sampling has been requested
243 
244  // Structures needed for the select() call
245  fd_set rfds; // set of socket descriptors we have to check
246  struct timeval tv; // maximum time the select() can block waiting for data
247  int retval; // select() return value
248 
249  *errbuf = 0; // Initialize errbuf
250 
251  //
252  // Peek into the socket to determine whether the client sent us
253  // a TLS handshake message or a non-TLS rpcapd message.
254  //
255  // The first byte of an rpcapd request is the version number;
256  // the first byte of a TLS handshake message is 22. The
257  // first request to an rpcapd server must be an authentication
258  // request or a close request, and must have a version number
259  // of 0, so it will be possible to distinguish between an
260  // initial plaintext request to a server and an initial TLS
261  // handshake message.
262  //
263  nrecv = sock_recv(sockctrl, NULL, (char *)&first_octet, 1,
265  if (nrecv == -1)
266  {
267  // Fatal error.
268  rpcapd_log(LOGPRIO_ERROR, "Peek from client failed: %s", errbuf);
269  goto end;
270  }
271  if (nrecv == 0)
272  {
273  // Client closed the connection.
274  goto end;
275  }
276 
277 #ifdef HAVE_OPENSSL
278  //
279  // We have to upgrade to TLS as soon as possible, so that the
280  // whole protocol goes through the encrypted tunnel, including
281  // early error messages.
282  //
283  // Even in active mode, the other end has to initiate the TLS
284  // handshake as we still are the server as far as TLS is concerned,
285  // so we don't check isactive.
286  //
287  if (uses_ssl)
288  {
289  //
290  // We're expecting a TLS handshake message. If this
291  // isn't one, assume it's a non-TLS rpcapd message.
292  //
293  // The first octet of a TLS handshake is
294  // TLS_RECORD_TYPE_HANDSHAKE.
295  //
296  if (first_octet != TLS_RECORD_TYPE_HANDSHAKE)
297  {
298  //
299  // We assume this is a non-TLS rpcapd message.
300  //
301  // Read the message header from the client.
302  //
303  nrecv = rpcapd_recv_msg_header(sockctrl, NULL, &header);
304  if (nrecv == -1)
305  {
306  // Fatal error.
307  goto end;
308  }
309  if (nrecv == -2)
310  {
311  // Client closed the connection.
312  goto end;
313  }
314  plen = header.plen;
315 
316  // Discard the rest of the message.
317  if (rpcapd_discard(sockctrl, NULL, plen) == -1)
318  {
319  // Network error.
320  goto end;
321  }
322 
323  //
324  // Send an authentication error, indicating
325  // that we require TLS.
326  //
327  if (rpcap_senderror(sockctrl, NULL, header.ver,
329  "TLS is required by this server", errbuf) == -1)
330  {
331  // That failed; log a message and give up.
332  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
333  goto end;
334  }
335 
336  // Shut the session down.
337  goto end;
338  }
339  ssl = ssl_promotion(1, sockctrl, errbuf, PCAP_ERRBUF_SIZE);
340  if (! ssl)
341  {
342  rpcapd_log(LOGPRIO_ERROR, "TLS handshake on control connection failed: %s",
343  errbuf);
344  goto end;
345  }
346  }
347  else
348 #endif
349  {
350  //
351  // We're expecting a non-TLS rpcapd message. If this
352  // looks, instead, like a TLS handshake message, send
353  // a TLS handshake_failed alert.
354  //
355  // The first octet of a TLS handshake is
356  // TLS_RECORD_TYPE_HANDSHAKE.
357  //
358  if (first_octet == TLS_RECORD_TYPE_HANDSHAKE)
359  {
360  //
361  // TLS handshake.
362  // Read the record header.
363  //
364  nrecv = sock_recv(sockctrl, ssl, (char *) &tls_header,
365  sizeof tls_header, SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR,
366  errbuf, PCAP_ERRBUF_SIZE);
367  if (nrecv == -1)
368  {
369  // Network error.
370  rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
371  goto end;
372  }
373  if (nrecv == 0)
374  {
375  // Immediate EOF
376  goto end;
377  }
378  plen = (tls_header.length_hi << 8U) | tls_header.length_lo;
379 
380  // Discard the rest of the message.
381  if (rpcapd_discard(sockctrl, NULL, plen) == -1)
382  {
383  // Network error.
384  goto end;
385  }
386 
387  //
388  // Send a TLS handshake failure alert.
389  // Use the same version the client sent us.
390  //
391  tls_header.type = TLS_RECORD_TYPE_ALERT;
392  tls_header.length_hi = 0;
393  tls_header.length_lo = TLS_ALERT_LEN;
394 
395  if (sock_send(sockctrl, NULL, (char *) &tls_header,
396  TLS_RECORD_HEADER_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
397  {
398  // That failed; log a message and give up.
399  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
400  goto end;
401  }
402 
405  if (sock_send(sockctrl, NULL, (char *) &tls_alert,
406  TLS_ALERT_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
407  {
408  // That failed; log a message and give up.
409  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
410  goto end;
411  }
412  //
413  // Give up anyway.
414  //
415  goto end;
416  }
417  }
418 
419  // Set parameters structure
420  pars.sockctrl = sockctrl;
421  pars.ssl = ssl;
422  pars.isactive = isactive; // active mode
424 
425  //
426  // We have a connection.
427  //
428  // If it's a passive mode connection, check whether the connecting
429  // host is among the ones allowed.
430  //
431  // In either case, we were handed a copy of the host list; free it
432  // as soon as we're done with it.
433  //
434  if (pars.isactive)
435  {
436  // Nothing to do.
437  free(passiveClients);
438  passiveClients = NULL;
439  }
440  else
441  {
442  struct sockaddr_storage from;
443  socklen_t fromlen;
444 
445  //
446  // Get the address of the other end of the connection.
447  //
448  fromlen = sizeof(struct sockaddr_storage);
449  if (getpeername(pars.sockctrl, (struct sockaddr *)&from,
450  &fromlen) == -1)
451  {
452  sock_geterror("getpeername()", errmsgbuf, PCAP_ERRBUF_SIZE);
453  if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
454  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
455  goto end;
456  }
457 
458  //
459  // Are they in the list of host/port combinations we allow?
460  //
461  host_port_check_status = sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE);
462  free(passiveClients);
463  passiveClients = NULL;
464  if (host_port_check_status < 0)
465  {
466  if (host_port_check_status == -2) {
467  //
468  // We got an error; log it.
469  //
470  rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
471  }
472 
473  //
474  // Sorry, we can't let you in.
475  //
476  if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1)
477  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
478  goto end;
479  }
480  }
481 
482 #ifndef _WIN32
483  //
484  // Catch SIGUSR1, but do nothing. We use it to interrupt the
485  // capture thread to break it out of a loop in which it's
486  // blocked waiting for packets to arrive.
487  //
488  // We don't want interrupted system calls to restart, so that
489  // the read routine for the pcap_t gets EINTR rather than
490  // restarting if it's blocked in a system call.
491  //
492  memset(&action, 0, sizeof (action));
493  action.sa_handler = noop_handler;
494  action.sa_flags = 0;
495  sigemptyset(&action.sa_mask);
496  sigaction(SIGUSR1, &action, NULL);
497 #endif
498 
499  //
500  // The client must first authenticate; loop until they send us a
501  // message with a version we support and credentials we accept,
502  // they send us a close message indicating that they're giving up,
503  // or we get a network error or other fatal error.
504  //
505  while (!authenticated)
506  {
507  //
508  // If we're not in active mode, we use select(), with a
509  // timeout, to wait for an authentication request; if
510  // the timeout expires, we drop the connection, so that
511  // a client can't just connect to us and leave us
512  // waiting forever.
513  //
514  if (!pars.isactive)
515  {
516  FD_ZERO(&rfds);
517  // We do not have to block here
518  tv.tv_sec = RPCAP_TIMEOUT_INIT;
519  tv.tv_usec = 0;
520 
521  FD_SET(pars.sockctrl, &rfds);
522 
523  retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
524  if (retval == -1)
525  {
526  sock_geterror("select() failed", errmsgbuf, PCAP_ERRBUF_SIZE);
527  if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
528  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
529  goto end;
530  }
531 
532  // The timeout has expired
533  // So, this was a fake connection. Drop it down
534  if (retval == 0)
535  {
536  if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1)
537  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
538  goto end;
539  }
540  }
541 
542  //
543  // Read the message header from the client.
544  //
545  nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
546  if (nrecv == -1)
547  {
548  // Fatal error.
549  goto end;
550  }
551  if (nrecv == -2)
552  {
553  // Client closed the connection.
554  goto end;
555  }
556 
557  plen = header.plen;
558 
559  //
560  // While we're in the authentication pharse, all requests
561  // must use version 0.
562  //
563  if (header.ver != 0)
564  {
565  //
566  // Send it back to them with their version.
567  //
568  if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver,
570  "RPCAP version in requests in the authentication phase must be 0",
571  errbuf) == -1)
572  {
573  // That failed; log a message and give up.
574  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
575  goto end;
576  }
577 
578  // Discard the rest of the message and drop the
579  // connection.
580  (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
581  goto end;
582  }
583 
584  switch (header.type)
585  {
586  case RPCAP_MSG_AUTH_REQ:
587  retval = daemon_msg_auth_req(&pars, plen);
588  if (retval == -1)
589  {
590  // Fatal error; a message has
591  // been logged, so just give up.
592  goto end;
593  }
594  if (retval == -2)
595  {
596  // Non-fatal error; we sent back
597  // an error message, so let them
598  // try again.
599  continue;
600  }
601 
602  // OK, we're authenticated; we sent back
603  // a reply, so start serving requests.
604  authenticated = 1;
605  break;
606 
607  case RPCAP_MSG_CLOSE:
608  //
609  // The client is giving up.
610  // Discard the rest of the message, if
611  // there is anything more.
612  //
613  (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
614  // We're done with this client.
615  goto end;
616 
617  case RPCAP_MSG_ERROR:
618  // Log this and close the connection?
619  // XXX - is this what happens in active
620  // mode, where *we* initiate the
621  // connection, and the client gives us
622  // an error message rather than a "let
623  // me log in" message, indicating that
624  // we're not allowed to connect to them?
625  (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
626  goto end;
627 
629  case RPCAP_MSG_OPEN_REQ:
632  case RPCAP_MSG_STATS_REQ:
635  //
636  // These requests can't be sent until
637  // the client is authenticated.
638  //
639  msg_type_string = rpcap_msg_type_string(header.type);
640  if (msg_type_string != NULL)
641  {
642  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string);
643  }
644  else
645  {
646  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type);
647  }
648  if (rpcap_senderror(pars.sockctrl, pars.ssl,
649  header.ver, PCAP_ERR_WRONGMSG,
650  errmsgbuf, errbuf) == -1)
651  {
652  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
653  goto end;
654  }
655  // Discard the rest of the message.
656  if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
657  {
658  // Network error.
659  goto end;
660  }
661  break;
662 
663  case RPCAP_MSG_PACKET:
672  //
673  // These are server-to-client messages.
674  //
675  msg_type_string = rpcap_msg_type_string(header.type);
676  if (msg_type_string != NULL)
677  {
678  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
679  }
680  else
681  {
682  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
683  }
684  if (rpcap_senderror(pars.sockctrl, pars.ssl,
685  header.ver, PCAP_ERR_WRONGMSG,
686  errmsgbuf, errbuf) == -1)
687  {
688  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
689  goto end;
690  }
691  // Discard the rest of the message.
692  if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
693  {
694  // Fatal error.
695  goto end;
696  }
697  break;
698 
699  default:
700  //
701  // Unknown message type.
702  //
703  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
704  if (rpcap_senderror(pars.sockctrl, pars.ssl,
705  header.ver, PCAP_ERR_WRONGMSG,
706  errmsgbuf, errbuf) == -1)
707  {
708  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
709  goto end;
710  }
711  // Discard the rest of the message.
712  if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
713  {
714  // Fatal error.
715  goto end;
716  }
717  break;
718  }
719  }
720 
721  //
722  // OK, the client has authenticated itself, and we can start
723  // processing regular requests from it.
724  //
725 
726  //
727  // We don't have any statistics yet.
728  //
729  stats.ps_ifdrop = 0;
730  stats.ps_recv = 0;
731  stats.ps_drop = 0;
732  svrcapt = 0;
733 
734  //
735  // Service requests.
736  //
737  for (;;)
738  {
739  errbuf[0] = 0; // clear errbuf
740 
741  // Avoid zombies connections; check if the connection is opens but no commands are performed
742  // from more than RPCAP_TIMEOUT_RUNTIME
743  // Conditions:
744  // - I have to be in normal mode (no active mode)
745  // - if the device is open, I don't have to be in the middle of a capture (session->sockdata)
746  // - if the device is closed, I have always to check if a new command arrives
747  //
748  // Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
749  // sockdata is 0
750  if ((!pars.isactive) && (session == NULL || session->sockdata == 0))
751  {
752  // Check for the initial timeout
753  FD_ZERO(&rfds);
754  // We do not have to block here
755  tv.tv_sec = RPCAP_TIMEOUT_RUNTIME;
756  tv.tv_usec = 0;
757 
758  FD_SET(pars.sockctrl, &rfds);
759 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
760  retval = 1;
761 #else
762  retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
763 #endif
764  if (retval == -1)
765  {
766  sock_geterror("select() failed", errmsgbuf, PCAP_ERRBUF_SIZE);
767  if (rpcap_senderror(pars.sockctrl, pars.ssl,
768  0, PCAP_ERR_NETW,
769  errmsgbuf, errbuf) == -1)
770  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
771  goto end;
772  }
773 
774  // The timeout has expired
775  // So, this was a fake connection. Drop it down
776  if (retval == 0)
777  {
778  if (rpcap_senderror(pars.sockctrl, pars.ssl,
780  "The RPCAP initial timeout has expired",
781  errbuf) == -1)
782  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
783  goto end;
784  }
785  }
786 
787  //
788  // Read the message header from the client.
789  //
790  nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
791  if (nrecv == -1)
792  {
793  // Fatal error.
794  goto end;
795  }
796  if (nrecv == -2)
797  {
798  // Client closed the connection.
799  goto end;
800  }
801 
802  plen = header.plen;
803 
804  //
805  // Did the client specify a protocol version that we
806  // support?
807  //
808  if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
809  {
810  //
811  // Tell them it's not a supported version.
812  // Send the error message with their version,
813  // so they don't reject it as having the wrong
814  // version.
815  //
816  if (rpcap_senderror(pars.sockctrl, pars.ssl,
817  header.ver, PCAP_ERR_WRONGVER,
818  "RPCAP version in message isn't supported by the server",
819  errbuf) == -1)
820  {
821  // That failed; log a message and give up.
822  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
823  goto end;
824  }
825 
826  // Discard the rest of the message.
827  (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
828  // Give up on them.
829  goto end;
830  }
831 
832  switch (header.type)
833  {
834  case RPCAP_MSG_ERROR: // The other endpoint reported an error
835  {
836  (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
837  // Do nothing; just exit; the error code is already into the errbuf
838  // XXX - actually exit....
839  break;
840  }
841 
843  {
844  if (daemon_msg_findallif_req(header.ver, &pars, plen) == -1)
845  {
846  // Fatal error; a message has
847  // been logged, so just give up.
848  goto end;
849  }
850  break;
851  }
852 
853  case RPCAP_MSG_OPEN_REQ:
854  {
855  //
856  // Process the open request, and keep
857  // the source from it, for use later
858  // when the capture is started.
859  //
860  // XXX - we don't care if the client sends
861  // us multiple open requests, the last
862  // one wins.
863  //
864  retval = daemon_msg_open_req(header.ver, &pars,
865  plen, source, sizeof(source));
866  if (retval == -1)
867  {
868  // Fatal error; a message has
869  // been logged, so just give up.
870  goto end;
871  }
872  got_source = 1;
873  break;
874  }
875 
877  {
878  if (!got_source)
879  {
880  // They never told us what device
881  // to capture on!
882  if (rpcap_senderror(pars.sockctrl, pars.ssl,
883  header.ver,
885  "No capture device was specified",
886  errbuf) == -1)
887  {
888  // Fatal error; log an
889  // error and give up.
890  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
891  goto end;
892  }
893  if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
894  {
895  goto end;
896  }
897  break;
898  }
899 
900  if (daemon_msg_startcap_req(header.ver, &pars,
901  plen, source, &session, &samp_param,
902  uses_ssl) == -1)
903  {
904  // Fatal error; a message has
905  // been logged, so just give up.
906  goto end;
907  }
908  break;
909  }
910 
912  {
913  if (session)
914  {
915  if (daemon_msg_updatefilter_req(header.ver,
916  &pars, session, plen) == -1)
917  {
918  // Fatal error; a message has
919  // been logged, so just give up.
920  goto end;
921  }
922  }
923  else
924  {
925  if (rpcap_senderror(pars.sockctrl, pars.ssl,
926  header.ver,
928  "Device not opened. Cannot update filter",
929  errbuf) == -1)
930  {
931  // That failed; log a message and give up.
932  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
933  goto end;
934  }
935  }
936  break;
937  }
938 
939  case RPCAP_MSG_CLOSE: // The other endpoint close the pcap session
940  {
941  //
942  // Indicate to our caller that the client
943  // closed the control connection.
944  // This is used only in case of active mode.
945  //
946  client_told_us_to_close = 1;
947  rpcapd_log(LOGPRIO_DEBUG, "The other end system asked to close the connection.");
948  goto end;
949  }
950 
951  case RPCAP_MSG_STATS_REQ:
952  {
953  if (daemon_msg_stats_req(header.ver, &pars,
954  session, plen, &stats, svrcapt) == -1)
955  {
956  // Fatal error; a message has
957  // been logged, so just give up.
958  goto end;
959  }
960  break;
961  }
962 
963  case RPCAP_MSG_ENDCAP_REQ: // The other endpoint close the current capture session
964  {
965  if (session)
966  {
967  // Save statistics (we can need them in the future)
968  if (pcap_stats(session->fp, &stats))
969  {
970  svrcapt = session->TotCapt;
971  }
972  else
973  {
974  stats.ps_ifdrop = 0;
975  stats.ps_recv = 0;
976  stats.ps_drop = 0;
977  svrcapt = 0;
978  }
979 
980  if (daemon_msg_endcap_req(header.ver,
981  &pars, session) == -1)
982  {
983  free(session);
984  session = NULL;
985  // Fatal error; a message has
986  // been logged, so just give up.
987  goto end;
988  }
989  free(session);
990  session = NULL;
991  }
992  else
993  {
994  rpcap_senderror(pars.sockctrl, pars.ssl,
995  header.ver,
997  "Device not opened. Cannot close the capture",
998  errbuf);
999  }
1000  break;
1001  }
1002 
1004  {
1005  if (daemon_msg_setsampling_req(header.ver,
1006  &pars, plen, &samp_param) == -1)
1007  {
1008  // Fatal error; a message has
1009  // been logged, so just give up.
1010  goto end;
1011  }
1012  break;
1013  }
1014 
1015  case RPCAP_MSG_AUTH_REQ:
1016  {
1017  //
1018  // We're already authenticated; you don't
1019  // get to reauthenticate.
1020  //
1021  rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed");
1022  if (rpcap_senderror(pars.sockctrl, pars.ssl,
1023  header.ver,
1025  "RPCAP_MSG_AUTH_REQ request sent after authentication was completed",
1026  errbuf) == -1)
1027  {
1028  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1029  goto end;
1030  }
1031  // Discard the rest of the message.
1032  if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1033  {
1034  // Fatal error.
1035  goto end;
1036  }
1037  goto end;
1038 
1039  case RPCAP_MSG_PACKET:
1041  case RPCAP_MSG_OPEN_REPLY:
1044  case RPCAP_MSG_AUTH_REPLY:
1045  case RPCAP_MSG_STATS_REPLY:
1048  //
1049  // These are server-to-client messages.
1050  //
1051  msg_type_string = rpcap_msg_type_string(header.type);
1052  if (msg_type_string != NULL)
1053  {
1054  rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string);
1055  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
1056  }
1057  else
1058  {
1059  rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type);
1060  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
1061  }
1062  if (rpcap_senderror(pars.sockctrl, pars.ssl,
1063  header.ver, PCAP_ERR_WRONGMSG,
1064  errmsgbuf, errbuf) == -1)
1065  {
1066  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1067  goto end;
1068  }
1069  // Discard the rest of the message.
1070  if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1071  {
1072  // Fatal error.
1073  goto end;
1074  }
1075  goto end;
1076 
1077  default:
1078  //
1079  // Unknown message type.
1080  //
1081  rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type);
1082  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
1083  if (rpcap_senderror(pars.sockctrl, pars.ssl,
1084  header.ver, PCAP_ERR_WRONGMSG,
1085  errbuf, errmsgbuf) == -1)
1086  {
1087  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1088  goto end;
1089  }
1090  // Discard the rest of the message.
1091  if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1092  {
1093  // Fatal error.
1094  goto end;
1095  }
1096  goto end;
1097  }
1098  }
1099  }
1100 
1101 end:
1102  // The service loop is finishing up.
1103  // If we have a capture session running, close it.
1104  if (session)
1105  {
1107  free(session);
1108  session = NULL;
1109  }
1110 
1111  if (passiveClients) {
1112  free(passiveClients);
1113  }
1114  //
1115  // Finish using the SSL handle for the control socket, if we
1116  // have an SSL connection, and close the control socket.
1117  //
1118 #ifdef HAVE_OPENSSL
1119  if (ssl)
1120  {
1121  // Finish using the SSL handle for the socket.
1122  // This must be done *before* the socket is closed.
1123  ssl_finish(ssl);
1124  }
1125 #endif
1126  sock_close(sockctrl, NULL, 0);
1127 
1128  // Print message and return
1129  rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop");
1130 
1131  return client_told_us_to_close;
1132 }
1133 
1134 /*
1135  * This handles the RPCAP_MSG_ERR message.
1136  */
1137 static int
1138 daemon_msg_err(SOCKET sockctrl, SSL *ssl, uint32 plen)
1139 {
1140  char errbuf[PCAP_ERRBUF_SIZE];
1141  char remote_errbuf[PCAP_ERRBUF_SIZE];
1142 
1143  if (plen >= PCAP_ERRBUF_SIZE)
1144  {
1145  /*
1146  * Message is too long; just read as much of it as we
1147  * can into the buffer provided, and discard the rest.
1148  */
1149  if (sock_recv(sockctrl, ssl, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
1151  PCAP_ERRBUF_SIZE) == -1)
1152  {
1153  // Network error.
1154  rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1155  return -1;
1156  }
1157  if (rpcapd_discard(sockctrl, ssl, plen - (PCAP_ERRBUF_SIZE - 1)) == -1)
1158  {
1159  // Network error.
1160  return -1;
1161  }
1162 
1163  /*
1164  * Null-terminate it.
1165  */
1166  remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0';
1167  }
1168  else if (plen == 0)
1169  {
1170  /* Empty error string. */
1171  remote_errbuf[0] = '\0';
1172  }
1173  else
1174  {
1175  if (sock_recv(sockctrl, ssl, remote_errbuf, plen,
1177  PCAP_ERRBUF_SIZE) == -1)
1178  {
1179  // Network error.
1180  rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1181  return -1;
1182  }
1183 
1184  /*
1185  * Null-terminate it.
1186  */
1187  remote_errbuf[plen] = '\0';
1188  }
1189  // Log the message
1190  rpcapd_log(LOGPRIO_ERROR, "Error from client: %s", remote_errbuf);
1191  return 0;
1192 }
1193 
1194 /*
1195  * This handles the RPCAP_MSG_AUTH_REQ message.
1196  * It checks if the authentication credentials supplied by the user are valid.
1197  *
1198  * This function is called if the daemon receives a RPCAP_MSG_AUTH_REQ
1199  * message in its authentication loop. It reads the body of the
1200  * authentication message from the network and checks whether the
1201  * credentials are valid.
1202  *
1203  * \param sockctrl: the socket for the control connection.
1204  *
1205  * \param nullAuthAllowed: '1' if the NULL authentication is allowed.
1206  *
1207  * \param errbuf: a user-allocated buffer in which the error message
1208  * (if one) has to be written. It must be at least PCAP_ERRBUF_SIZE
1209  * bytes long.
1210  *
1211  * \return '0' if everything is fine, '-1' if an unrecoverable error occurred,
1212  * or '-2' if the authentication failed. For errors, an error message is
1213  * returned in the 'errbuf' variable; this gives a message for the
1214  * unrecoverable error or for the authentication failure.
1215  */
1216 static int
1218 {
1219  char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1220  char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1221  int status;
1222  struct rpcap_auth auth; // RPCAP authentication header
1223  char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1224  int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1225  struct rpcap_authreply *authreply; // authentication reply message
1226 
1227  status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf);
1228  if (status == -1)
1229  {
1230  return -1;
1231  }
1232  if (status == -2)
1233  {
1234  goto error;
1235  }
1236 
1237  switch (ntohs(auth.type))
1238  {
1239  case RPCAP_RMTAUTH_NULL:
1240  {
1241  if (!pars->nullAuthAllowed)
1242  {
1243  // Send the client an error reply.
1244  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
1245  "Authentication failed; NULL authentication not permitted.");
1246  if (rpcap_senderror(pars->sockctrl, pars->ssl,
1247  0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
1248  {
1249  // That failed; log a message and give up.
1250  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1251  return -1;
1252  }
1253  goto error_noreply;
1254  }
1255  break;
1256  }
1257 
1258  case RPCAP_RMTAUTH_PWD:
1259  {
1260  char *username, *passwd;
1261  uint32 usernamelen, passwdlen;
1262 
1263  usernamelen = ntohs(auth.slen1);
1264  username = (char *) malloc (usernamelen + 1);
1265  if (username == NULL)
1266  {
1267  pcap_fmt_errmsg_for_errno(errmsgbuf,
1268  PCAP_ERRBUF_SIZE, errno, "malloc() failed");
1269  goto error;
1270  }
1271  status = rpcapd_recv(pars->sockctrl, pars->ssl, username, usernamelen, &plen, errmsgbuf);
1272  if (status == -1)
1273  {
1274  free(username);
1275  return -1;
1276  }
1277  if (status == -2)
1278  {
1279  free(username);
1280  goto error;
1281  }
1282  username[usernamelen] = '\0';
1283 
1284  passwdlen = ntohs(auth.slen2);
1285  passwd = (char *) malloc (passwdlen + 1);
1286  if (passwd == NULL)
1287  {
1288  pcap_fmt_errmsg_for_errno(errmsgbuf,
1289  PCAP_ERRBUF_SIZE, errno, "malloc() failed");
1290  free(username);
1291  goto error;
1292  }
1293  status = rpcapd_recv(pars->sockctrl, pars->ssl, passwd, passwdlen, &plen, errmsgbuf);
1294  if (status == -1)
1295  {
1296  free(username);
1297  free(passwd);
1298  return -1;
1299  }
1300  if (status == -2)
1301  {
1302  free(username);
1303  free(passwd);
1304  goto error;
1305  }
1306  passwd[passwdlen] = '\0';
1307 
1308  if (daemon_AuthUserPwd(username, passwd, errmsgbuf))
1309  {
1310  //
1311  // Authentication failed. Let the client
1312  // know.
1313  //
1314  free(username);
1315  free(passwd);
1316  if (rpcap_senderror(pars->sockctrl, pars->ssl,
1317  0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
1318  {
1319  // That failed; log a message and give up.
1320  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1321  return -1;
1322  }
1323 
1324  //
1325  // Suspend for 1 second, so that they can't
1326  // hammer us with repeated tries with an
1327  // attack such as a dictionary attack.
1328  //
1329  // WARNING: this delay is inserted only
1330  // at this point; if the client closes the
1331  // connection and reconnects, the suspension
1332  // time does not have any effect.
1333  //
1335  goto error_noreply;
1336  }
1337 
1338  free(username);
1339  free(passwd);
1340  break;
1341  }
1342 
1343  default:
1344  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
1345  "Authentication type not recognized.");
1346  if (rpcap_senderror(pars->sockctrl, pars->ssl,
1347  0, PCAP_ERR_AUTH_TYPE_NOTSUP, errmsgbuf, errbuf) == -1)
1348  {
1349  // That failed; log a message and give up.
1350  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1351  return -1;
1352  }
1353  goto error_noreply;
1354  }
1355 
1356  // The authentication succeeded; let the client know.
1357  if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1359  goto error;
1360 
1361  rpcap_createhdr((struct rpcap_header *) sendbuf, 0,
1362  RPCAP_MSG_AUTH_REPLY, 0, sizeof(struct rpcap_authreply));
1363 
1364  authreply = (struct rpcap_authreply *) &sendbuf[sendbufidx];
1365 
1366  if (sock_bufferize(NULL, sizeof(struct rpcap_authreply), NULL, &sendbufidx,
1368  goto error;
1369 
1370  //
1371  // Indicate to our peer what versions we support.
1372  //
1373  memset(authreply, 0, sizeof(struct rpcap_authreply));
1374  authreply->minvers = RPCAP_MIN_VERSION;
1375  authreply->maxvers = RPCAP_MAX_VERSION;
1376 
1377  // Send the reply.
1378  if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1379  {
1380  // That failed; log a message and give up.
1381  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1382  return -1;
1383  }
1384 
1385  // Check if all the data has been read; if not, discard the data in excess
1386  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1387  {
1388  return -1;
1389  }
1390 
1391  return 0;
1392 
1393 error:
1394  if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH,
1395  errmsgbuf, errbuf) == -1)
1396  {
1397  // That failed; log a message and give up.
1398  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1399  return -1;
1400  }
1401 
1402 error_noreply:
1403  // Check if all the data has been read; if not, discard the data in excess
1404  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1405  {
1406  return -1;
1407  }
1408 
1409  return -2;
1410 }
1411 
1412 static int
1413 daemon_AuthUserPwd(char *username, char *password, char *errbuf)
1414 {
1415 #ifdef _WIN32
1416  /*
1417  * Warning: the user which launches the process must have the
1418  * SE_TCB_NAME right.
1419  * This corresponds to have the "Act as part of the Operating System"
1420  * turned on (administrative tools, local security settings, local
1421  * policies, user right assignment)
1422  * However, it seems to me that if you run it as a service, this
1423  * right should be provided by default.
1424  *
1425  * XXX - hopefully, this returns errors such as ERROR_LOGON_FAILURE,
1426  * which merely indicates that the user name or password is
1427  * incorrect, not whether it's the user name or the password
1428  * that's incorrect, so a client that's trying to brute-force
1429  * accounts doesn't know whether it's the user name or the
1430  * password that's incorrect, so it doesn't know whether to
1431  * stop trying to log in with a given user name and move on
1432  * to another user name.
1433  */
1434  DWORD error;
1435  HANDLE Token;
1436  char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to log
1437 
1438  if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
1439  {
1440  snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1441  error = GetLastError();
1442  if (error != ERROR_LOGON_FAILURE)
1443  {
1444  // Some error other than an authentication error;
1445  // log it.
1446  pcap_fmt_errmsg_for_win32_err(errmsgbuf,
1447  PCAP_ERRBUF_SIZE, error, "LogonUser() failed");
1448  rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
1449  }
1450  return -1;
1451  }
1452 
1453  // This call should change the current thread to the selected user.
1454  // I didn't test it.
1455  if (ImpersonateLoggedOnUser(Token) == 0)
1456  {
1457  snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1458  pcap_fmt_errmsg_for_win32_err(errmsgbuf, PCAP_ERRBUF_SIZE,
1459  GetLastError(), "ImpersonateLoggedOnUser() failed");
1460  rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
1461  CloseHandle(Token);
1462  return -1;
1463  }
1464 
1465  CloseHandle(Token);
1466  return 0;
1467 
1468 #else
1469  /*
1470  * See
1471  *
1472  * https://www.unixpapa.com/incnote/passwd.html
1473  *
1474  * We use the Solaris/Linux shadow password authentication if
1475  * we have getspnam(), otherwise we just do traditional
1476  * authentication, which, on some platforms, might work, even
1477  * with shadow passwords, if we're running as root. Traditional
1478  * authenticaion won't work if we're not running as root, as
1479  * I think these days all UN*Xes either won't return the password
1480  * at all with getpwnam() or will only do so if you're root.
1481  *
1482  * XXX - perhaps what we *should* be using is PAM, if we have
1483  * it. That might hide all the details of username/password
1484  * authentication, whether it's done with a visible-to-root-
1485  * only password database or some other authentication mechanism,
1486  * behind its API.
1487  */
1488  int error;
1489  struct passwd *user;
1490  char *user_password;
1491 #ifdef HAVE_GETSPNAM
1492  struct spwd *usersp;
1493 #endif
1494  char *crypt_password;
1495 
1496  // This call is needed to get the uid
1497  if ((user = getpwnam(username)) == NULL)
1498  {
1499  snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1500  return -1;
1501  }
1502 
1503 #ifdef HAVE_GETSPNAM
1504  // This call is needed to get the password; otherwise 'x' is returned
1505  if ((usersp = getspnam(username)) == NULL)
1506  {
1507  snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1508  return -1;
1509  }
1510  user_password = usersp->sp_pwdp;
1511 #else
1512  /*
1513  * XXX - what about other platforms?
1514  * The unixpapa.com page claims this Just Works on *BSD if you're
1515  * running as root - it's from 2000, so it doesn't indicate whether
1516  * macOS (which didn't come out until 2001, under the name Mac OS
1517  * X) behaves like the *BSDs or not, and might also work on AIX.
1518  * HP-UX does something else.
1519  *
1520  * Again, hopefully PAM hides all that.
1521  */
1522  user_password = user->pw_passwd;
1523 #endif
1524 
1525  //
1526  // The Single UNIX Specification says that if crypt() fails it
1527  // sets errno, but some implementatons that haven't been run
1528  // through the SUS test suite might not do so.
1529  //
1530  errno = 0;
1531  crypt_password = crypt(password, user_password);
1532  if (crypt_password == NULL)
1533  {
1534  error = errno;
1535  snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1536  if (error == 0)
1537  {
1538  // It didn't set errno.
1539  rpcapd_log(LOGPRIO_ERROR, "crypt() failed");
1540  }
1541  else
1542  {
1543  rpcapd_log(LOGPRIO_ERROR, "crypt() failed: %s",
1544  strerror(error));
1545  }
1546  return -1;
1547  }
1548  if (strcmp(user_password, crypt_password) != 0)
1549  {
1550  snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1551  return -1;
1552  }
1553 
1554  if (setuid(user->pw_uid))
1555  {
1556  error = errno;
1558  error, "setuid");
1559  rpcapd_log(LOGPRIO_ERROR, "setuid() failed: %s",
1560  strerror(error));
1561  return -1;
1562  }
1563 
1564 /* if (setgid(user->pw_gid))
1565  {
1566  error = errno;
1567  pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1568  errno, "setgid");
1569  rpcapd_log(LOGPRIO_ERROR, "setgid() failed: %s",
1570  strerror(error));
1571  return -1;
1572  }
1573 */
1574  return 0;
1575 
1576 #endif
1577 
1578 }
1579 
1580 /*
1581  * Make sure that the reply length won't overflow 32 bits if we add the
1582  * specified amount to it. If it won't, add that amount to it.
1583  *
1584  * We check whether replylen + itemlen > UINT32_MAX, but subtract itemlen
1585  * from both sides, to prevent overflow.
1586  */
1587 #define CHECK_AND_INCREASE_REPLY_LEN(itemlen) \
1588  if (replylen > UINT32_MAX - (itemlen)) { \
1589  pcap_strlcpy(errmsgbuf, "Reply length doesn't fit in 32 bits", \
1590  sizeof (errmsgbuf)); \
1591  goto error; \
1592  } \
1593  replylen += (uint32)(itemlen)
1594 
1595 static int
1597 {
1598  char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1599  char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1600  char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1601  int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1602  pcap_if_t *alldevs = NULL; // pointer to the header of the interface chain
1603  pcap_if_t *d; // temp pointer needed to scan the interface chain
1604  struct pcap_addr *address; // pcap structure that keeps a network address of an interface
1605  struct rpcap_findalldevs_if *findalldevs_if;// rpcap structure that packet all the data of an interface together
1606  uint32 replylen; // length of reply payload
1607  uint16 nif = 0; // counts the number of interface listed
1608 
1609  // Discard the rest of the message; there shouldn't be any payload.
1610  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1611  {
1612  // Network error.
1613  return -1;
1614  }
1615 
1616  // Retrieve the device list
1617  if (pcap_findalldevs(&alldevs, errmsgbuf) == -1)
1618  goto error;
1619 
1620  if (alldevs == NULL)
1621  {
1622  if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
1624  "No interfaces found! Make sure libpcap/WinPcap is properly installed"
1625  " and you have the right to access to the remote device.",
1626  errbuf) == -1)
1627  {
1628  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1629  return -1;
1630  }
1631  return 0;
1632  }
1633 
1634  // This checks the number of interfaces and computes the total
1635  // length of the payload.
1636  replylen = 0;
1637  for (d = alldevs; d != NULL; d = d->next)
1638  {
1639  nif++;
1640 
1641  if (d->description) {
1642  size_t stringlen = strlen(d->description);
1643  if (stringlen > UINT16_MAX) {
1644  pcap_strlcpy(errmsgbuf,
1645  "Description length doesn't fit in 16 bits",
1646  sizeof (errmsgbuf));
1647  goto error;
1648  }
1649  CHECK_AND_INCREASE_REPLY_LEN(stringlen);
1650  }
1651  if (d->name) {
1652  size_t stringlen = strlen(d->name);
1653  if (stringlen > UINT16_MAX) {
1654  pcap_strlcpy(errmsgbuf,
1655  "Name length doesn't fit in 16 bits",
1656  sizeof (errmsgbuf));
1657  goto error;
1658  }
1659  CHECK_AND_INCREASE_REPLY_LEN(stringlen);
1660  }
1661 
1663 
1664  uint16_t naddrs = 0;
1665  for (address = d->addresses; address != NULL; address = address->next)
1666  {
1667  /*
1668  * Send only IPv4 and IPv6 addresses over the wire.
1669  */
1670  switch (address->addr->sa_family)
1671  {
1672  case AF_INET:
1673 #ifdef AF_INET6
1674  case AF_INET6:
1675 #endif
1676  CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_sockaddr) * 4);
1677  if (naddrs == UINT16_MAX) {
1678  pcap_strlcpy(errmsgbuf,
1679  "Number of interfaces doesn't fit in 16 bits",
1680  sizeof (errmsgbuf));
1681  goto error;
1682  }
1683  naddrs++;
1684  break;
1685 
1686  default:
1687  break;
1688  }
1689  }
1690  }
1691 
1692  // RPCAP findalldevs reply
1693  if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
1694  &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf,
1695  PCAP_ERRBUF_SIZE) == -1)
1696  goto error;
1697 
1698  rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
1699  RPCAP_MSG_FINDALLIF_REPLY, nif, replylen);
1700 
1701  // send the interface list
1702  for (d = alldevs; d != NULL; d = d->next)
1703  {
1704  uint16 lname, ldescr;
1705 
1706  findalldevs_if = (struct rpcap_findalldevs_if *) &sendbuf[sendbufidx];
1707 
1708  if (sock_bufferize(NULL, sizeof(struct rpcap_findalldevs_if), NULL,
1709  &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1710  goto error;
1711 
1712  memset(findalldevs_if, 0, sizeof(struct rpcap_findalldevs_if));
1713 
1714  /*
1715  * We've already established that the string lengths
1716  * fit in 16 bits.
1717  */
1718  if (d->description)
1719  ldescr = (uint16) strlen(d->description);
1720  else
1721  ldescr = 0;
1722  if (d->name)
1723  lname = (uint16) strlen(d->name);
1724  else
1725  lname = 0;
1726 
1727  findalldevs_if->desclen = htons(ldescr);
1728  findalldevs_if->namelen = htons(lname);
1729  findalldevs_if->flags = htonl(d->flags);
1730 
1731  for (address = d->addresses; address != NULL; address = address->next)
1732  {
1733  /*
1734  * Send only IPv4 and IPv6 addresses over the wire.
1735  */
1736  switch (address->addr->sa_family)
1737  {
1738  case AF_INET:
1739 #ifdef AF_INET6
1740  case AF_INET6:
1741 #endif
1742  findalldevs_if->naddr++;
1743  break;
1744 
1745  default:
1746  break;
1747  }
1748  }
1749  findalldevs_if->naddr = htons(findalldevs_if->naddr);
1750 
1751  if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
1753  PCAP_ERRBUF_SIZE) == -1)
1754  goto error;
1755 
1756  if (sock_bufferize(d->description, ldescr, sendbuf, &sendbufidx,
1758  PCAP_ERRBUF_SIZE) == -1)
1759  goto error;
1760 
1761  // send all addresses
1762  for (address = d->addresses; address != NULL; address = address->next)
1763  {
1764  struct rpcap_sockaddr *sockaddr;
1765 
1766  /*
1767  * Send only IPv4 and IPv6 addresses over the wire.
1768  */
1769  switch (address->addr->sa_family)
1770  {
1771  case AF_INET:
1772 #ifdef AF_INET6
1773  case AF_INET6:
1774 #endif
1775  sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1776  if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1777  &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1778  goto error;
1779  daemon_seraddr((struct sockaddr_storage *) address->addr, sockaddr);
1780 
1781  sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1782  if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1783  &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1784  goto error;
1785  daemon_seraddr((struct sockaddr_storage *) address->netmask, sockaddr);
1786 
1787  sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1788  if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1789  &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1790  goto error;
1791  daemon_seraddr((struct sockaddr_storage *) address->broadaddr, sockaddr);
1792 
1793  sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1794  if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1795  &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1796  goto error;
1797  daemon_seraddr((struct sockaddr_storage *) address->dstaddr, sockaddr);
1798  break;
1799 
1800  default:
1801  break;
1802  }
1803  }
1804  }
1805 
1806  // We no longer need the device list. Free it.
1807  pcap_freealldevs(alldevs);
1808 
1809  // Send a final command that says "now send it!"
1810  if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1811  {
1812  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1813  return -1;
1814  }
1815 
1816  return 0;
1817 
1818 error:
1819  if (alldevs)
1820  pcap_freealldevs(alldevs);
1821 
1822  if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
1823  PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1)
1824  {
1825  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1826  return -1;
1827  }
1828  return 0;
1829 }
1830 
1831 /*
1832  \param plen: the length of the current message (needed in order to be able
1833  to discard excess data in the message, if present)
1834 */
1835 static int
1837  char *source, size_t sourcelen)
1838 {
1839  char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1840  char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1841  pcap_t *fp; // pcap_t main variable
1842  int nread;
1843  char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1844  int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1845  struct rpcap_openreply *openreply; // open reply message
1846 
1847  if (plen > sourcelen - 1)
1848  {
1849  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long");
1850  goto error;
1851  }
1852 
1853  nread = sock_recv(pars->sockctrl, pars->ssl, source, plen,
1855  if (nread == -1)
1856  {
1857  rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1858  return -1;
1859  }
1860  source[nread] = '\0';
1861  plen -= nread;
1862 
1863  // Is this a URL rather than a device?
1864  // If so, reject it.
1865  if (is_url(source))
1866  {
1867  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string refers to a remote device");
1868  goto error;
1869  }
1870 
1871  // Open the selected device
1872  // This is a fake open, since we do that only to get the needed parameters, then we close the device again
1873  if ((fp = pcap_open_live(source,
1874  1500 /* fake snaplen */,
1875  0 /* no promis */,
1876  1000 /* fake timeout */,
1877  errmsgbuf)) == NULL)
1878  goto error;
1879 
1880  // Now, I can send a RPCAP open reply message
1881  if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1883  goto error;
1884 
1885  rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
1886  RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
1887 
1888  openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
1889 
1890  if (sock_bufferize(NULL, sizeof(struct rpcap_openreply), NULL, &sendbufidx,
1892  goto error;
1893 
1894  memset(openreply, 0, sizeof(struct rpcap_openreply));
1895  openreply->linktype = htonl(pcap_datalink(fp));
1896  /*
1897  * This is always 0 for live captures; we no longer support it
1898  * as something we read from capture files and supply to
1899  * clients, but we have to send it over the wire, as open
1900  * replies are expected to have 8 bytes of payload by
1901  * existing clients.
1902  */
1903  openreply->tzoff = 0;
1904 
1905  // We're done with the pcap_t.
1906  pcap_close(fp);
1907 
1908  // Send the reply.
1909  if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1910  {
1911  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1912  return -1;
1913  }
1914  return 0;
1915 
1916 error:
1917  if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_OPEN,
1918  errmsgbuf, errbuf) == -1)
1919  {
1920  // That failed; log a message and give up.
1921  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1922  return -1;
1923  }
1924 
1925  // Check if all the data has been read; if not, discard the data in excess
1926  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1927  {
1928  return -1;
1929  }
1930  return 0;
1931 }
1932 
1933 /*
1934  \param plen: the length of the current message (needed in order to be able
1935  to discard excess data in the message, if present)
1936 */
1937 static int
1939  char *source, struct session **sessionp,
1940  struct rpcap_sampling *samp_param _U_, int uses_ssl)
1941 {
1942  char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1943  char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1944  char portdata[PCAP_BUF_SIZE]; // temp variable needed to derive the data port
1945  char peerhost[PCAP_BUF_SIZE]; // temp variable needed to derive the host name of our peer
1946  struct session *session = NULL; // saves state of session
1947  int status;
1948  char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1949  int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1950 
1951  // socket-related variables
1952  struct addrinfo hints; // temp, needed to open a socket connection
1953  struct addrinfo *addrinfo; // temp, needed to open a socket connection
1954  struct sockaddr_storage saddr; // temp, needed to retrieve the network data port chosen on the local machine
1955  socklen_t saddrlen; // temp, needed to retrieve the network data port chosen on the local machine
1956  int ret; // return value from functions
1957 
1958  // RPCAP-related variables
1959  struct rpcap_startcapreq startcapreq; // start capture request message
1960  struct rpcap_startcapreply *startcapreply; // start capture reply message
1961  int serveropen_dp; // keeps who is going to open the data connection
1962 
1963  addrinfo = NULL;
1964 
1965  status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &startcapreq,
1966  sizeof(struct rpcap_startcapreq), &plen, errmsgbuf);
1967  if (status == -1)
1968  {
1969  goto fatal_error;
1970  }
1971  if (status == -2)
1972  {
1973  goto error;
1974  }
1975 
1976  startcapreq.flags = ntohs(startcapreq.flags);
1977 
1978  // Check that the client does not ask for UDP is the server has been asked
1979  // to enforce encryption, as SSL is not supported yet with UDP:
1980  if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM))
1981  {
1982  snprintf(errbuf, PCAP_ERRBUF_SIZE,
1983  "SSL not supported with UDP forward of remote packets");
1984  goto error;
1985  }
1986 
1987  // Create a session structure
1988  session = malloc(sizeof(struct session));
1989  if (session == NULL)
1990  {
1991  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure");
1992  goto error;
1993  }
1994 
1996  session->ctrl_ssl = session->data_ssl = NULL;
1997  // We don't have a thread yet.
1998  session->have_thread = 0;
1999  //
2000  // We *shouldn't* have to initialize the thread indicator
2001  // itself, because the compiler *should* realize that we
2002  // only use this if have_thread isn't 0, but we *do* have
2003  // to do it, because not all compilers *do* realize that.
2004  //
2005  // There is no "invalid thread handle" value for a UN*X
2006  // pthread_t, so we just zero it out.
2007  //
2008 #ifdef _WIN32
2009  session->thread = INVALID_HANDLE_VALUE;
2010 #else
2011  memset(&session->thread, 0, sizeof(session->thread));
2012 #endif
2013 
2014  // Open the selected device
2015  if ((session->fp = pcap_open_live(source,
2016  ntohl(startcapreq.snaplen),
2017  (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_PROMISC) ? 1 : 0 /* local device, other flags not needed */,
2018  ntohl(startcapreq.read_timeout),
2019  errmsgbuf)) == NULL)
2020  goto error;
2021 
2022 #if 0
2023  // Apply sampling parameters
2024  fp->rmt_samp.method = samp_param->method;
2025  fp->rmt_samp.value = samp_param->value;
2026 #endif
2027 
2028  /*
2029  We're in active mode if:
2030  - we're using TCP, and the user wants us to be in active mode
2031  - we're using UDP
2032  */
2033  serveropen_dp = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_SERVEROPEN) || (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) || pars->isactive;
2034 
2035  /*
2036  Gets the sockaddr structure referred to the other peer in the ctrl connection
2037 
2038  We need that because:
2039  - if we're in passive mode, we need to know the address family we want to use
2040  (the same used for the ctrl socket)
2041  - if we're in active mode, we need to know the network address of the other host
2042  we want to connect to
2043  */
2044  saddrlen = sizeof(struct sockaddr_storage);
2045  if (getpeername(pars->sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
2046  {
2047  sock_geterror("getpeername()", errmsgbuf, PCAP_ERRBUF_SIZE);
2048  goto error;
2049  }
2050 
2051  memset(&hints, 0, sizeof(struct addrinfo));
2052  hints.ai_socktype = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) ? SOCK_DGRAM : SOCK_STREAM;
2053  hints.ai_family = saddr.ss_family;
2054 
2055  // Now we have to create a new socket to send packets
2056  if (serveropen_dp) // Data connection is opened by the server toward the client
2057  {
2058  snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata));
2059 
2060  // Get the name of the other peer (needed to connect to that specific network address)
2061  if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
2062  sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
2063  {
2064  sock_geterror("getnameinfo()", errmsgbuf, PCAP_ERRBUF_SIZE);
2065  goto error;
2066  }
2067 
2068  if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2069  goto error;
2070 
2071  if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2072  goto error;
2073  }
2074  else // Data connection is opened by the client toward the server
2075  {
2076  hints.ai_flags = AI_PASSIVE;
2077 
2078  // Let's the server socket pick up a free network port for us
2079  if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2080  goto error;
2081 
2082  if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2083  goto error;
2084 
2085  // get the complete sockaddr structure used in the data connection
2086  saddrlen = sizeof(struct sockaddr_storage);
2087  if (getsockname(session->sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
2088  {
2089  sock_geterror("getsockname()", errmsgbuf, PCAP_ERRBUF_SIZE);
2090  goto error;
2091  }
2092 
2093  // Get the local port the system picked up
2094  if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
2095  0, portdata, sizeof(portdata), NI_NUMERICSERV))
2096  {
2097  sock_geterror("getnameinfo()", errmsgbuf, PCAP_ERRBUF_SIZE);
2098  goto error;
2099  }
2100  }
2101 
2102  // addrinfo is no longer used
2103  freeaddrinfo(addrinfo);
2104  addrinfo = NULL;
2105 
2106  // Needed to send an error on the ctrl connection
2107  session->sockctrl = pars->sockctrl;
2108  session->ctrl_ssl = pars->ssl;
2109  session->protocol_version = ver;
2110 
2111  // Now I can set the filter
2112  ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
2113  if (ret == -1)
2114  {
2115  // Fatal error. A message has been logged; just give up.
2116  goto fatal_error;
2117  }
2118  if (ret == -2)
2119  {
2120  // Non-fatal error. Send an error message to the client.
2121  goto error;
2122  }
2123 
2124  // Now, I can send a RPCAP start capture reply message
2125  if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
2127  goto error;
2128 
2129  rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
2130  RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
2131 
2132  startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
2133 
2134  if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreply), NULL,
2135  &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2136  goto error;
2137 
2138  memset(startcapreply, 0, sizeof(struct rpcap_startcapreply));
2139  startcapreply->bufsize = htonl(pcap_bufsize(session->fp));
2140 
2141  if (!serveropen_dp)
2142  {
2143  unsigned short port = (unsigned short)strtoul(portdata,NULL,10);
2144  startcapreply->portdata = htons(port);
2145  }
2146 
2147  if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
2148  {
2149  // That failed; log a message and give up.
2150  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2151  goto fatal_error;
2152  }
2153 
2154  if (!serveropen_dp)
2155  {
2156  SOCKET socktemp; // We need another socket, since we're going to accept() a connection
2157 
2158  // Connection creation
2159  saddrlen = sizeof(struct sockaddr_storage);
2160 
2161  socktemp = accept(session->sockdata, (struct sockaddr *) &saddr, &saddrlen);
2162 
2163  if (socktemp == INVALID_SOCKET)
2164  {
2165  sock_geterror("accept()", errbuf, PCAP_ERRBUF_SIZE);
2166  rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s",
2167  errbuf);
2168  goto error;
2169  }
2170 
2171  // Now that I accepted the connection, the server socket is no longer needed
2172  sock_close(session->sockdata, NULL, 0);
2173  session->sockdata = socktemp;
2174  }
2175 
2176  SSL *ssl = NULL;
2177  if (uses_ssl)
2178  {
2179 #ifdef HAVE_OPENSSL
2180  /* In both active or passive cases, wait for the client to initiate the
2181  * TLS handshake. Yes during that time the control socket will not be
2182  * served, but the same was true from the above call to accept(). */
2183  ssl = ssl_promotion(1, session->sockdata, errbuf, PCAP_ERRBUF_SIZE);
2184  if (! ssl)
2185  {
2186  rpcapd_log(LOGPRIO_ERROR, "TLS handshake failed: %s", errbuf);
2187  goto error;
2188  }
2189 #endif
2190  }
2191  session->data_ssl = ssl;
2192 
2193  // Now we have to create a new thread to receive packets
2194 #ifdef _WIN32
2195  session->thread = (HANDLE)_beginthreadex(NULL, 0, daemon_thrdatamain,
2196  (void *) session, 0, NULL);
2197  if (session->thread == 0)
2198  {
2199  snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
2200  goto error;
2201  }
2202 #else
2203  ret = pthread_create(&session->thread, NULL, daemon_thrdatamain,
2204  (void *) session);
2205  if (ret != 0)
2206  {
2208  ret, "Error creating the data thread");
2209  goto error;
2210  }
2211 #endif
2212  session->have_thread = 1;
2213 
2214  // Check if all the data has been read; if not, discard the data in excess
2215  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2216  goto fatal_error;
2217 
2218  *sessionp = session;
2219  return 0;
2220 
2221 error:
2222  //
2223  // Not a fatal error, so send the client an error message and
2224  // keep serving client requests.
2225  //
2226  *sessionp = NULL;
2227 
2228  if (addrinfo)
2229  freeaddrinfo(addrinfo);
2230 
2231  if (session)
2232  {
2234  free(session);
2235  }
2236 
2237  if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
2238  PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1)
2239  {
2240  // That failed; log a message and give up.
2241  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2242  return -1;
2243  }
2244 
2245  // Check if all the data has been read; if not, discard the data in excess
2246  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2247  {
2248  // Network error.
2249  return -1;
2250  }
2251 
2252  return 0;
2253 
2254 fatal_error:
2255  //
2256  // Fatal network error, so don't try to communicate with
2257  // the client, just give up.
2258  //
2259  *sessionp = NULL;
2260 
2261  if (session)
2262  {
2264  free(session);
2265  }
2266 
2267  return -1;
2268 }
2269 
2270 static int
2272  struct session *session)
2273 {
2274  char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2275  struct rpcap_header header;
2276 
2278 
2279  rpcap_createhdr(&header, ver, RPCAP_MSG_ENDCAP_REPLY, 0, 0);
2280 
2281  if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
2282  {
2283  // That failed; log a message and give up.
2284  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2285  return -1;
2286  }
2287 
2288  return 0;
2289 }
2290 
2291 //
2292 // We impose a limit on the filter program size, so that, on Windows,
2293 // where there's only one server process with multiple threads, it's
2294 // harder to eat all the server address space by sending larger filter
2295 // programs. (This isn't an issue on UN*X, where there are multiple
2296 // server processes, one per client connection.)
2297 //
2298 // We pick a value that limits each filter to 64K; that value is twice
2299 // the in-kernel limit for Linux and 16 times the in-kernel limit for
2300 // *BSD and macOS.
2301 //
2302 // It also prevents an overflow on 32-bit platforms when calculating
2303 // the total size of the filter program. (It's not an issue on 64-bit
2304 // platforms with a 64-bit size_t, as the filter size is 32 bits.)
2305 //
2306 #define RPCAP_BPF_MAXINSNS 8192
2307 
2308 static int
2309 daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf)
2310 {
2311  int status;
2312  struct rpcap_filter filter;
2313  struct rpcap_filterbpf_insn insn;
2314  struct bpf_insn *bf_insn;
2315  struct bpf_program bf_prog;
2316  unsigned int i;
2317 
2318  status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &filter,
2319  sizeof(struct rpcap_filter), plenp, errmsgbuf);
2320  if (status == -1)
2321  {
2322  return -1;
2323  }
2324  if (status == -2)
2325  {
2326  return -2;
2327  }
2328 
2329  bf_prog.bf_len = ntohl(filter.nitems);
2330 
2331  if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
2332  {
2333  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
2334  return -2;
2335  }
2336 
2337  if (bf_prog.bf_len > RPCAP_BPF_MAXINSNS)
2338  {
2339  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
2340  "Filter program is larger than the maximum size of %u instructions",
2342  return -2;
2343  }
2344  bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
2345  if (bf_insn == NULL)
2346  {
2348  errno, "malloc() failed");
2349  return -2;
2350  }
2351 
2352  bf_prog.bf_insns = bf_insn;
2353 
2354  for (i = 0; i < bf_prog.bf_len; i++)
2355  {
2356  status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &insn,
2357  sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf);
2358  if (status == -1)
2359  {
2360  return -1;
2361  }
2362  if (status == -2)
2363  {
2364  return -2;
2365  }
2366 
2367  bf_insn->code = ntohs(insn.code);
2368  bf_insn->jf = insn.jf;
2369  bf_insn->jt = insn.jt;
2370  bf_insn->k = ntohl(insn.k);
2371 
2372  bf_insn++;
2373  }
2374 
2375  //
2376  // XXX - pcap_setfilter() should do the validation for us.
2377  //
2378  if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
2379  {
2380  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
2381  return -2;
2382  }
2383 
2384  if (pcap_setfilter(session->fp, &bf_prog))
2385  {
2386  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
2387  return -2;
2388  }
2389 
2390  return 0;
2391 }
2392 
2393 static int
2395  struct session *session, uint32 plen)
2396 {
2397  char errbuf[PCAP_ERRBUF_SIZE];
2398  char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
2399  int ret; // status of daemon_unpackapplyfilter()
2400  struct rpcap_header header; // keeps the answer to the updatefilter command
2401 
2402  ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
2403  if (ret == -1)
2404  {
2405  // Fatal error. A message has been logged; just give up.
2406  return -1;
2407  }
2408  if (ret == -2)
2409  {
2410  // Non-fatal error. Send an error reply to the client.
2411  goto error;
2412  }
2413 
2414  // Check if all the data has been read; if not, discard the data in excess
2415  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2416  {
2417  // Network error.
2418  return -1;
2419  }
2420 
2421  // A response is needed, otherwise the other host does not know that everything went well
2423 
2424  if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE))
2425  {
2426  // That failed; log a message and give up.
2427  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2428  return -1;
2429  }
2430 
2431  return 0;
2432 
2433 error:
2434  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2435  {
2436  return -1;
2437  }
2439  errmsgbuf, NULL);
2440 
2441  return 0;
2442 }
2443 
2444 /*!
2445  \brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
2446 */
2447 static int
2449  struct rpcap_sampling *samp_param)
2450 {
2451  char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2452  char errmsgbuf[PCAP_ERRBUF_SIZE];
2453  struct rpcap_header header;
2454  struct rpcap_sampling rpcap_samp;
2455  int status;
2456 
2457  status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &rpcap_samp, sizeof(struct rpcap_sampling), &plen, errmsgbuf);
2458  if (status == -1)
2459  {
2460  return -1;
2461  }
2462  if (status == -2)
2463  {
2464  goto error;
2465  }
2466 
2467  // Save these settings in the pcap_t
2468  samp_param->method = rpcap_samp.method;
2469  samp_param->value = ntohl(rpcap_samp.value);
2470 
2471  // A response is needed, otherwise the other host does not know that everything went well
2472  rpcap_createhdr(&header, ver, RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
2473 
2474  if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
2475  {
2476  // That failed; log a message and give up.
2477  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2478  return -1;
2479  }
2480 
2481  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2482  {
2483  return -1;
2484  }
2485 
2486  return 0;
2487 
2488 error:
2489  if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_SETSAMPLING,
2490  errmsgbuf, errbuf) == -1)
2491  {
2492  // That failed; log a message and give up.
2493  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2494  return -1;
2495  }
2496 
2497  // Check if all the data has been read; if not, discard the data in excess
2498  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2499  {
2500  return -1;
2501  }
2502 
2503  return 0;
2504 }
2505 
2506 static int
2508  struct session *session, uint32 plen, struct pcap_stat *stats,
2509  unsigned int svrcapt)
2510 {
2511  char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2512  char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
2513  char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
2514  int sendbufidx = 0; // index which keeps the number of bytes currently buffered
2515  struct rpcap_stats *netstats; // statistics sent on the network
2516 
2517  // Checks that the header does not contain other data; if so, discard it
2518  if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2519  {
2520  // Network error.
2521  return -1;
2522  }
2523 
2524  if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2525  &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2526  goto error;
2527 
2528  rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
2529  RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
2530 
2531  netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
2532 
2533  if (sock_bufferize(NULL, sizeof(struct rpcap_stats), NULL,
2534  &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2535  goto error;
2536 
2537  if (session && session->fp)
2538  {
2539  if (pcap_stats(session->fp, stats) == -1)
2540  {
2541  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp));
2542  goto error;
2543  }
2544 
2545  netstats->ifdrop = htonl(stats->ps_ifdrop);
2546  netstats->ifrecv = htonl(stats->ps_recv);
2547  netstats->krnldrop = htonl(stats->ps_drop);
2548  netstats->svrcapt = htonl(session->TotCapt);
2549  }
2550  else
2551  {
2552  // We have to keep compatibility with old applications,
2553  // which ask for statistics also when the capture has
2554  // already stopped.
2555  netstats->ifdrop = htonl(stats->ps_ifdrop);
2556  netstats->ifrecv = htonl(stats->ps_recv);
2557  netstats->krnldrop = htonl(stats->ps_drop);
2558  netstats->svrcapt = htonl(svrcapt);
2559  }
2560 
2561  // Send the packet
2562  if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
2563  {
2564  rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2565  return -1;
2566  }
2567 
2568  return 0;
2569 
2570 error:
2571  rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_GETSTATS,
2572  errmsgbuf, NULL);
2573  return 0;
2574 }
2575 
2576 #ifdef _WIN32
2577 static unsigned __stdcall
2578 #else
2579 static void *
2580 #endif
2582 {
2583  char errbuf[PCAP_ERRBUF_SIZE + 1]; // error buffer
2584  struct session *session; // pointer to the struct session for this session
2585  int retval; // general variable used to keep the return value of other functions
2586  struct rpcap_pkthdr *net_pkt_header;// header of the packet
2587  struct pcap_pkthdr *pkt_header; // pointer to the buffer that contains the header of the current packet
2588  u_char *pkt_data; // pointer to the buffer that contains the current packet
2589  size_t sendbufsize; // size for the send buffer
2590  char *sendbuf; // temporary buffer in which data to be sent is buffered
2591  int sendbufidx; // index which keeps the number of bytes currently buffered
2592  int status;
2593 #ifndef _WIN32
2594  sigset_t sigusr1; // signal set with just SIGUSR1
2595 #endif
2596 
2597  session = (struct session *) ptr;
2598 
2599  session->TotCapt = 0; // counter which is incremented each time a packet is received
2600 
2601  // Initialize errbuf
2602  memset(errbuf, 0, sizeof(errbuf));
2603 
2604  //
2605  // We need a buffer large enough to hold a buffer large enough
2606  // for a maximum-size packet for this pcap_t.
2607  //
2608  if (pcap_snapshot(session->fp) < 0)
2609  {
2610  //
2611  // The snapshot length is negative.
2612  // This "should not happen".
2613  //
2615  "Unable to allocate the buffer for this child thread: snapshot length of %d is negative",
2617  sendbuf = NULL; // we can't allocate a buffer, so nothing to free
2618  goto error;
2619  }
2620  //
2621  // size_t is unsigned, and the result of pcap_snapshot() is signed;
2622  // on no platform that we support is int larger than size_t.
2623  // This means that, unless the extra information we prepend to
2624  // a maximum-sized packet is impossibly large, the sum of the
2625  // snapshot length and the size of that extra information will
2626  // fit in a size_t.
2627  //
2628  // So we don't need to make sure that sendbufsize will overflow.
2629  //
2630  // However, we *do* need to make sure its value fits in an int,
2631  // because sock_send() can't send more than INT_MAX bytes (it could
2632  // do so on 64-bit UN*Xes, but can't do so on Windows, not even
2633  // 64-bit Windows, as the send() buffer size argument is an int
2634  // in Winsock).
2635  //
2636  sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp);
2637  if (sendbufsize > INT_MAX)
2638  {
2640  "Buffer size for this child thread would be larger than %d",
2641  INT_MAX);
2642  sendbuf = NULL; // we haven't allocated a buffer, so nothing to free
2643  goto error;
2644  }
2645  sendbuf = (char *) malloc (sendbufsize);
2646  if (sendbuf == NULL)
2647  {
2649  "Unable to allocate the buffer for this child thread");
2650  goto error;
2651  }
2652 
2653 #ifndef _WIN32
2654  //
2655  // Set the signal set to include just SIGUSR1, and block that
2656  // signal; we only want it unblocked when we're reading
2657  // packets - we dn't want any other system calls, such as
2658  // ones being used to send to the client or to log messages,
2659  // to be interrupted.
2660  //
2661  sigemptyset(&sigusr1);
2662  sigaddset(&sigusr1, SIGUSR1);
2663  pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
2664 #endif
2665 
2666  // Retrieve the packets
2667  for (;;)
2668  {
2669 #ifndef _WIN32
2670  //
2671  // Unblock SIGUSR1 while we might be waiting for packets.
2672  //
2673  pthread_sigmask(SIG_UNBLOCK, &sigusr1, NULL);
2674 #endif
2675  retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data); // cast to avoid a compiler warning
2676 #ifndef _WIN32
2677  //
2678  // Now block it again.
2679  //
2680  pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
2681 #endif
2682  if (retval < 0)
2683  break; // error
2684  if (retval == 0) // Read timeout elapsed
2685  continue;
2686 
2687  sendbufidx = 0;
2688 
2689  // Bufferize the general header
2690  if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2691  &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
2692  PCAP_ERRBUF_SIZE) == -1)
2693  {
2695  "sock_bufferize() error sending packet message: %s",
2696  errbuf);
2697  goto error;
2698  }
2699 
2700  rpcap_createhdr((struct rpcap_header *) sendbuf,
2702  (uint16) (sizeof(struct rpcap_pkthdr) + pkt_header->caplen));
2703 
2704  net_pkt_header = (struct rpcap_pkthdr *) &sendbuf[sendbufidx];
2705 
2706  // Bufferize the pkt header
2707  if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL,
2708  &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
2709  PCAP_ERRBUF_SIZE) == -1)
2710  {
2712  "sock_bufferize() error sending packet message: %s",
2713  errbuf);
2714  goto error;
2715  }
2716 
2717  net_pkt_header->caplen = htonl(pkt_header->caplen);
2718  net_pkt_header->len = htonl(pkt_header->len);
2719  net_pkt_header->npkt = htonl(++(session->TotCapt));
2720  //
2721  // This protocol needs to be updated with a new version
2722  // before 2038-01-19 03:14:07 UTC.
2723  //
2724  net_pkt_header->timestamp_sec = htonl((uint32)pkt_header->ts.tv_sec);
2725  net_pkt_header->timestamp_usec = htonl((uint32)pkt_header->ts.tv_usec);
2726 
2727  // Bufferize the pkt data
2728  if (sock_bufferize((char *) pkt_data, pkt_header->caplen,
2729  sendbuf, &sendbufidx, (int)sendbufsize, SOCKBUF_BUFFERIZE,
2730  errbuf, PCAP_ERRBUF_SIZE) == -1)
2731  {
2733  "sock_bufferize() error sending packet message: %s",
2734  errbuf);
2735  goto error;
2736  }
2737 
2738  // Send the packet
2739  // If the client dropped the connection, don't report an
2740  // error, just quit.
2741  status = sock_send(session->sockdata, session->data_ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE);
2742  if (status < 0)
2743  {
2744  if (status == -1)
2745  {
2746  //
2747  // Error other than "client closed the
2748  // connection out from under us"; report
2749  // it.
2750  //
2752  "Send of packet to client failed: %s",
2753  errbuf);
2754  }
2755 
2756  //
2757  // Give up in either case.
2758  //
2759  goto error;
2760  }
2761  }
2762 
2763  if (retval < 0 && retval != PCAP_ERROR_BREAK)
2764  {
2765  //
2766  // Failed with an error other than "we were told to break
2767  // out of the loop".
2768  //
2769  // The latter just means that the client told us to stop
2770  // capturing, so there's no error to report.
2771  //
2772  snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
2774  PCAP_ERR_READEX, errbuf, NULL);
2775  }
2776 
2777 error:
2778  //
2779  // The main thread will clean up the session structure.
2780  //
2781  free(sendbuf);
2782 
2783  return 0;
2784 }
2785 
2786 #ifndef _WIN32
2787 //
2788 // Do-nothing handler for SIGUSR1; the sole purpose of SIGUSR1 is to
2789 // interrupt the data thread if it's blocked in a system call waiting
2790 // for packets to arrive.
2791 //
2792 static void noop_handler(int sign _U_)
2793 {
2794 }
2795 #endif
2796 
2797 /*!
2798  \brief It serializes a network address.
2799 
2800  It accepts a 'sockaddr_storage' structure as input, and it converts it appropriately into a format
2801  that can be used to be sent on the network. Basically, it applies all the hton()
2802  conversion required to the input variable.
2803 
2804  \param sockaddrin a 'sockaddr_storage' pointer to the variable that has to be
2805  serialized. This variable can be both a 'sockaddr_in' and 'sockaddr_in6'.
2806 
2807  \param sockaddrout an 'rpcap_sockaddr' pointer to the variable that will contain
2808  the serialized data. This variable has to be allocated by the user.
2809 
2810  \warning This function supports only AF_INET and AF_INET6 address families.
2811 */
2812 static void
2813 daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout)
2814 {
2815  memset(sockaddrout, 0, sizeof(struct sockaddr_storage));
2816 
2817  // There can be the case in which the sockaddrin is not available
2818  if (sockaddrin == NULL) return;
2819 
2820  // Warning: we support only AF_INET and AF_INET6
2821  switch (sockaddrin->ss_family)
2822  {
2823  case AF_INET:
2824  {
2825  struct sockaddr_in *sockaddrin_ipv4;
2826  struct rpcap_sockaddr_in *sockaddrout_ipv4;
2827 
2828  sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
2829  sockaddrout_ipv4 = (struct rpcap_sockaddr_in *) sockaddrout;
2830  sockaddrout_ipv4->family = htons(RPCAP_AF_INET);
2831  sockaddrout_ipv4->port = htons(sockaddrin_ipv4->sin_port);
2832  memcpy(&sockaddrout_ipv4->addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4->addr));
2833  memset(sockaddrout_ipv4->zero, 0, sizeof(sockaddrout_ipv4->zero));
2834  break;
2835  }
2836 
2837 #ifdef AF_INET6
2838  case AF_INET6:
2839  {
2840  struct sockaddr_in6 *sockaddrin_ipv6;
2841  struct rpcap_sockaddr_in6 *sockaddrout_ipv6;
2842 
2843  sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
2844  sockaddrout_ipv6 = (struct rpcap_sockaddr_in6 *) sockaddrout;
2845  sockaddrout_ipv6->family = htons(RPCAP_AF_INET6);
2846  sockaddrout_ipv6->port = htons(sockaddrin_ipv6->sin6_port);
2847  sockaddrout_ipv6->flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
2848  memcpy(&sockaddrout_ipv6->addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6->addr));
2849  sockaddrout_ipv6->scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
2850  break;
2851  }
2852 #endif
2853  }
2854 }
2855 
2856 
2857 /*!
2858  \brief Suspends a thread for secs seconds.
2859 */
2860 void sleep_secs(int secs)
2861 {
2862 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2863 #ifdef _WIN32
2864  Sleep(secs*1000);
2865 #else
2866  unsigned secs_remaining;
2867 
2868  if (secs <= 0)
2869  return;
2870  secs_remaining = secs;
2871  while (secs_remaining != 0)
2872  secs_remaining = sleep(secs_remaining);
2873 #endif
2874 #endif
2875 }
2876 
2877 /*
2878  * Read the header of a message.
2879  */
2880 static int
2881 rpcapd_recv_msg_header(SOCKET sock, SSL *ssl, struct rpcap_header *headerp)
2882 {
2883  int nread;
2884  char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2885 
2886  nread = sock_recv(sock, ssl, (char *) headerp, sizeof(struct rpcap_header),
2888  if (nread == -1)
2889  {
2890  // Network error.
2891  rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2892  return -1;
2893  }
2894  if (nread == 0)
2895  {
2896  // Immediate EOF; that's treated like a close message.
2897  return -2;
2898  }
2899  headerp->plen = ntohl(headerp->plen);
2900  return 0;
2901 }
2902 
2903 /*
2904  * Read data from a message.
2905  * If we're trying to read more data that remains, puts an error
2906  * message into errmsgbuf and returns -2. Otherwise, tries to read
2907  * the data and, if that succeeds, subtracts the amount read from
2908  * the number of bytes of data that remains.
2909  * Returns 0 on success, logs a message and returns -1 on a network
2910  * error.
2911  */
2912 static int
2913 rpcapd_recv(SOCKET sock, SSL *ssl, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf)
2914 {
2915  int nread;
2916  char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2917 
2918  if (toread > *plen)
2919  {
2920  // Tell the client and continue.
2921  snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
2922  return -2;
2923  }
2924  nread = sock_recv(sock, ssl, buffer, toread,
2926  if (nread == -1)
2927  {
2928  rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2929  return -1;
2930  }
2931  *plen -= nread;
2932  return 0;
2933 }
2934 
2935 /*
2936  * Discard data from a connection.
2937  * Mostly used to discard wrong-sized messages.
2938  * Returns 0 on success, logs a message and returns -1 on a network
2939  * error.
2940  */
2941 static int
2943 {
2944  char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
2945 
2946  if (len != 0)
2947  {
2948  if (sock_discard(sock, ssl, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
2949  {
2950  // Network error.
2951  rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2952  return -1;
2953  }
2954  }
2955  return 0;
2956 }
2957 
2958 //
2959 // Shut down any packet-capture thread associated with the session,
2960 // close the SSL handle for the data socket if we have one, close
2961 // the data socket if we have one, and close the underlying packet
2962 // capture handle if we have one.
2963 //
2964 // We do not, of course, touch the controlling socket that's also
2965 // copied into the session, as the service loop might still use it.
2966 //
2967 static void session_close(struct session *session)
2968 {
2969  if (session->have_thread)
2970  {
2971  //
2972  // Tell the data connection thread main capture loop to
2973  // break out of that loop.
2974  //
2975  // This may be sufficient to wake up a blocked thread,
2976  // but it's not guaranteed to be sufficient.
2977  //
2979 
2980 #ifdef _WIN32
2981  //
2982  // Set the event on which a read would block, so that,
2983  // if it's currently blocked waiting for packets to
2984  // arrive, it'll wake up, so it can see the "break
2985  // out of the loop" indication. (pcap_breakloop()
2986  // might do this, but older versions don't. Setting
2987  // it twice should, at worst, cause an extra wakeup,
2988  // which shouldn't be a problem.)
2989  //
2990  // XXX - what about modules other than NPF?
2991  //
2992  SetEvent(pcap_getevent(session->fp));
2993 
2994  //
2995  // Wait for the thread to exit, so we don't close
2996  // sockets out from under it.
2997  //
2998  // XXX - have a timeout, so we don't wait forever?
2999  //
3000  WaitForSingleObject(session->thread, INFINITE);
3001 
3002  //
3003  // Release the thread handle, as we're done with
3004  // it.
3005  //
3006  CloseHandle(session->thread);
3007  session->have_thread = 0;
3008  session->thread = INVALID_HANDLE_VALUE;
3009 #else
3010  //
3011  // Send a SIGUSR1 signal to the thread, so that, if
3012  // it's currently blocked waiting for packets to arrive,
3013  // it'll wake up (we've turned off SA_RESTART for
3014  // SIGUSR1, so that the system call in which it's blocked
3015  // should return EINTR rather than restarting).
3016  //
3017  pthread_kill(session->thread, SIGUSR1);
3018 
3019  //
3020  // Wait for the thread to exit, so we don't close
3021  // sockets out from under it.
3022  //
3023  // XXX - have a timeout, so we don't wait forever?
3024  //
3025  pthread_join(session->thread, NULL);
3026  session->have_thread = 0;
3027  memset(&session->thread, 0, sizeof(session->thread));
3028 #endif
3029  }
3030 
3031 #ifdef HAVE_OPENSSL
3032  if (session->data_ssl)
3033  {
3034  // Finish using the SSL handle for the socket.
3035  // This must be done *before* the socket is closed.
3036  ssl_finish(session->data_ssl);
3037  session->data_ssl = NULL;
3038  }
3039 #endif
3040 
3042  {
3043  sock_close(session->sockdata, NULL, 0);
3045  }
3046 
3047  if (session->fp)
3048  {
3049  pcap_close(session->fp);
3050  session->fp = NULL;
3051  }
3052 }
3053 
3054 //
3055 // Check whether a capture source string is a URL or not.
3056 // This includes URLs that refer to a local device; a scheme, followed
3057 // by ://, followed by *another* scheme and ://, is just silly, and
3058 // anybody who supplies that will get an error.
3059 //
3060 static int
3061 is_url(const char *source)
3062 {
3063  char *colonp;
3064 
3065  /*
3066  * RFC 3986 says:
3067  *
3068  * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
3069  *
3070  * hier-part = "//" authority path-abempty
3071  * / path-absolute
3072  * / path-rootless
3073  * / path-empty
3074  *
3075  * authority = [ userinfo "@" ] host [ ":" port ]
3076  *
3077  * userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
3078  *
3079  * Step 1: look for the ":" at the end of the scheme.
3080  * A colon in the source is *NOT* sufficient to indicate that
3081  * this is a URL, as interface names on some platforms might
3082  * include colons (e.g., I think some Solaris interfaces
3083  * might).
3084  */
3085  colonp = strchr(source, ':');
3086  if (colonp == NULL)
3087  {
3088  /*
3089  * The source is the device to open. It's not a URL.
3090  */
3091  return (0);
3092  }
3093 
3094  /*
3095  * All schemes must have "//" after them, i.e. we only support
3096  * hier-part = "//" authority path-abempty, not
3097  * hier-part = path-absolute
3098  * hier-part = path-rootless
3099  * hier-part = path-empty
3100  *
3101  * We need that in order to distinguish between a local device
3102  * name that happens to contain a colon and a URI.
3103  */
3104  if (strncmp(colonp + 1, "//", 2) != 0)
3105  {
3106  /*
3107  * The source is the device to open. It's not a URL.
3108  */
3109  return (0);
3110  }
3111 
3112  /*
3113  * It's a URL.
3114  */
3115  return (1);
3116 }
int bpf_validate(const struct bpf_insn *f, int len)
Definition: bpf_filter.c:543
static void error(const char *,...)
int nullAuthAllowed
'1' if we permit NULL authentication, '0' otherwise
Definition: rpcapd.c:82
static int rpcapd_recv(int sock, void const *, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf)
Definition: daemon.c:2913
static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars, struct session *session, uint32 plen)
Definition: daemon.c:2394
#define TLS_RECORD_TYPE_ALERT
Definition: daemon.c:184
#define RPCAP_TIMEOUT_RUNTIME
Definition: daemon.c:86
static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, char *source, struct session **sessionp, struct rpcap_sampling *samp_param, int uses_ssl)
Definition: daemon.c:1938
#define TLS_RECORD_HEADER_LEN
Definition: daemon.c:182
static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, char *source, size_t sourcelen)
Definition: daemon.c:1836
static int rpcapd_recv_msg_header(int sock, void const *, struct rpcap_header *headerp)
Definition: daemon.c:2881
int daemon_serviceloop(int sockctrl, int isactive, char *passiveClients, int nullAuthAllowed, int uses_ssl)
Definition: daemon.c:214
static void noop_handler(int sign)
Definition: daemon.c:2792
#define TLS_ALERT_LEN
Definition: daemon.c:195
#define UINT16_MAX
Definition: daemon.c:206
#define RPCAP_BPF_MAXINSNS
Definition: daemon.c:2306
#define RPCAP_SUSPEND_WRONGAUTH
Definition: daemon.c:93
static int rpcapd_discard(int sock, void const *, uint32 len)
Definition: daemon.c:2942
#define TLS_ALERT_LEVEL_FATAL
Definition: daemon.c:197
#define CHECK_AND_INCREASE_REPLY_LEN(itemlen)
Definition: daemon.c:1587
static int daemon_msg_err(int sockctrl, void const *, uint32 plen)
Definition: daemon.c:1138
void sleep_secs(int secs)
Suspends a thread for secs seconds.
Definition: daemon.c:2860
#define TLS_ALERT_HANDSHAKE_FAILURE
Definition: daemon.c:198
static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout)
It serializes a network address.
Definition: daemon.c:2813
#define TLS_RECORD_TYPE_HANDSHAKE
Definition: daemon.c:185
static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen)
Definition: daemon.c:1596
static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, struct rpcap_sampling *samp_param)
Received the sampling parameters from remote host and it stores in the pcap_t structure.
Definition: daemon.c:2448
static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
Definition: daemon.c:1217
static void session_close(struct session *)
Definition: daemon.c:2967
#define RPCAP_TIMEOUT_INIT
Definition: daemon.c:78
static int daemon_unpackapplyfilter(int sockctrl, void const *, struct session *session, uint32 *plenp, char *errbuf)
Definition: daemon.c:2309
static int is_url(const char *source)
Definition: daemon.c:3061
static void * daemon_thrdatamain(void *ptr)
Definition: daemon.c:2581
static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars, struct session *session, uint32 plen, struct pcap_stat *stats, unsigned int svrcapt)
Definition: daemon.c:2507
static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars, struct session *session)
Definition: daemon.c:2271
static int daemon_AuthUserPwd(char *username, char *password, char *errbuf)
Definition: daemon.c:1413
void pcap_fmt_errmsg_for_errno(char *errbuf, size_t errbuflen, int errnum, const char *fmt,...)
Definition: fmtutils.c:269
void rpcapd_log(log_priority priority, const char *message,...)
Definition: log.c:244
@ LOGPRIO_INFO
Definition: log.h:28
@ LOGPRIO_DEBUG
Definition: log.h:27
@ LOGPRIO_ERROR
Definition: log.h:30
int snprintf(char *, size_t, const char *,...)
char * strerror(int)
int getsockname(int, struct sockaddr *, int *)
int getpeername(int, struct sockaddr *, int *)
int accept(int, struct sockaddr *, int *)
int select(int, fd_set *, fd_set *, fd_set *, struct timeval *)
char * crypt(const char *, const char *)
#define _U_
Definition: pcap-dos.h:93
unsigned long DWORD
Definition: pcap-dos.h:18
int errno
int socklen_t
Definition: pcap-linux.c:168
void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length)
#define RPCAP_NETBUF_SIZE
int rpcap_senderror(int sock, char *error, unsigned short errcode, char *errbuf)
#define PCAP_ERROR_BREAK
Definition: pcap.h:340
#define RPCAP_RMTAUTH_PWD
Definition: pcap.h:1021
#define PCAP_BUF_SIZE
Definition: pcap.h:869
#define PCAP_ERRBUF_SIZE
Definition: pcap.h:152
#define RPCAP_RMTAUTH_NULL
Definition: pcap.h:1007
void pcap_breakloop(pcap_t *p)
Definition: pcap.c:2921
void pcap_freealldevs(pcap_if_t *alldevs)
Definition: pcap.c:1431
int pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, const u_char **pkt_data)
Definition: pcap.c:602
int pcap_datalink(pcap_t *p)
Definition: pcap.c:2927
int pcap_bufsize(pcap_t *p)
Definition: pcap.c:3443
int pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
Definition: pcap.c:711
char * pcap_geterr(pcap_t *p)
Definition: pcap.c:3505
pcap_t * pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf)
Definition: pcap.c:2762
void pcap_close(pcap_t *p)
Definition: pcap.c:4065
int pcap_stats(pcap_t *p, struct pcap_stat *ps)
Definition: pcap.c:3736
int pcap_snapshot(pcap_t *p)
Definition: pcap.c:3411
int pcap_setfilter(pcap_t *p, struct bpf_program *fp)
Definition: pcap.c:3695
const char * rpcap_msg_type_string(uint8 type)
unsigned short uint16
#define RPCAP_MSG_STARTCAP_REQ
#define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN
unsigned int uint32
#define RPCAP_MSG_STARTCAP_REPLY
#define PCAP_ERR_STARTCAPTURE
#define PCAP_ERR_WRONGVER
#define PCAP_ERR_NETW
#define RPCAP_AF_INET
#define RPCAP_MSG_STATS_REQ
#define RPCAP_MSG_ENDCAP_REPLY
#define RPCAP_MSG_SETSAMPLING_REQ
#define RPCAP_VERSION_IS_SUPPORTED(v)
#define PCAP_ERR_OPEN
#define RPCAP_STARTCAPREQ_FLAG_PROMISC
#define RPCAP_MSG_STATS_REPLY
#define RPCAP_STARTCAPREQ_FLAG_DGRAM
#define RPCAP_MAX_VERSION
#define PCAP_ERR_INITTIMEOUT
#define RPCAP_MSG_AUTH_REPLY
#define RPCAP_MSG_SETSAMPLING_REPLY
#define PCAP_ERR_AUTH
#define RPCAP_AF_INET6
#define RPCAP_MIN_VERSION
#define PCAP_ERR_READEX
#define PCAP_ERR_AUTH_FAILED
#define PCAP_ERR_ENDCAPTURE
#define RPCAP_MSG_OPEN_REPLY
#define PCAP_ERR_HOSTNOAUTH
#define RPCAP_MSG_UPDATEFILTER_REQ
#define RPCAP_MSG_AUTH_REQ
#define RPCAP_HOSTLIST_SEP
#define PCAP_ERR_AUTH_TYPE_NOTSUP
#define PCAP_ERR_NOREMOTEIF
#define RPCAP_MSG_PACKET
#define RPCAP_MSG_CLOSE
#define PCAP_ERR_WRONGMSG
#define RPCAP_MSG_FINDALLIF_REPLY
#define RPCAP_MSG_FINDALLIF_REQ
#define RPCAP_UPDATEFILTER_BPF
#define RPCAP_MSG_OPEN_REQ
#define RPCAP_MSG_ENDCAP_REQ
#define PCAP_ERR_SETSAMPLING
unsigned char uint8
#define PCAP_ERR_FINDALLIF
#define PCAP_ERR_UPDATEFILTER
#define PCAP_ERR_TLS_REQUIRED
#define RPCAP_MSG_ERROR
#define RPCAP_MSG_UPDATEFILTER_REPLY
#define PCAP_ERR_GETSTATS
static char address[2048+1]
keeps the network address (either numeric or literal) to bind to
Definition: rpcapd.c:87
static int uses_ssl
'1' to use TLS over the data socket
Definition: rpcapd.c:94
static char port[2048+1]
keeps the network port to bind to
Definition: rpcapd.c:88
#define INVALID_SOCKET
In Winsock, the error return if socket() fails is INVALID_SOCKET; in UN*X, it's -1....
Definition: socket.h:80
#define SOCKET
In Winsock, a socket handle is of type SOCKET; in UN*X, it's a file descriptor, and therefore a signe...
Definition: socket.h:70
int sock_discard(int sock, void const *ssl, int size, char *errbuf, int errbuflen)
Definition: sockutils.c:1256
int sock_check_hostlist(char *hostlist, const char *sep, struct sockaddr_storage *from, char *errbuf, int errbuflen)
Definition: sockutils.c:1319
void sock_geterror(const char *caller, char *errbuf, int errbuflen)
Definition: sockutils.c:184
int sock_initaddress(const char *host, const char *port, struct addrinfo *hints, struct addrinfo **addrinfo, char *errbuf, int errbuflen)
Definition: sockutils.c:718
int sock_bufferize(const char *buffer, int size, char *tempbuf, int *offset, int totsize, int checkonly, char *errbuf, int errbuflen)
Definition: sockutils.c:939
int sock_close(int sock, char *errbuf, int errbuflen)
Definition: sockutils.c:510
int sock_send(int sock, void const *ssl, const char *buffer, size_t size, char *errbuf, int errbuflen)
Definition: sockutils.c:799
int sock_recv(int sock, void const *ssl, void *buffer, size_t size, int flags, char *errbuf, int errbuflen)
Definition: sockutils.c:1002
int sock_open(struct addrinfo *addrinfo, int server, int nconn, char *errbuf, int errbuflen)
Definition: sockutils.c:315
#define SOCKOPEN_CLIENT
Definition: sockutils.h:96
#define SOCKOPEN_SERVER
Definition: sockutils.h:98
#define SOCK_EOF_ISNT_ERROR
Definition: sockutils.h:106
#define SOCKBUF_CHECKONLY
Definition: sockutils.h:91
#define SOCK_MSG_PEEK
Definition: sockutils.h:109
#define SOCK_RECEIVEALL_YES
Definition: sockutils.h:104
#define SOCKBUF_BUFFERIZE
Definition: sockutils.h:93
#define SOCK_EOF_IS_ERROR
Definition: sockutils.h:107
#define SSL
Definition: sslutils.h:59
size_t pcap_strlcpy(char *restrict dst, const char *restrict src, size_t dsize)
Definition: strlcpy.c:34
Definition: bpf.h:245
bpf_u_int32 k
Definition: bpf.h:249
u_short code
Definition: bpf.h:246
u_char jf
Definition: bpf.h:248
u_char jt
Definition: bpf.h:247
struct bpf_insn * bf_insns
Definition: bpf.h:119
u_int bf_len
Definition: bpf.h:118
void const * ssl
Optional SSL handler for the controlling sockets.
Definition: daemon.c:99
int sockctrl
SOCKET ID of the control connection.
Definition: daemon.c:98
int isactive
Not null if the daemon has to run in active mode.
Definition: daemon.c:100
int nullAuthAllowed
'1' if we permit NULL authentication, '0' otherwise
Definition: daemon.c:101
Definition: pcap.h:301
char * name
Definition: pcap.h:303
bpf_u_int32 flags
Definition: pcap.h:306
struct pcap_if * next
Definition: pcap.h:302
char * description
Definition: pcap.h:304
struct pcap_addr * addresses
Definition: pcap.h:305
bpf_u_int32 caplen
Definition: pcap.h:247
struct timeval ts
Definition: pcap.h:246
bpf_u_int32 len
Definition: pcap.h:248
u_int ps_drop
Definition: pcap.h:256
u_int ps_recv
Definition: pcap.h:255
u_int ps_ifdrop
Definition: pcap.h:257
Definition: pcap-int.h:200
uint32 timestamp_usec
uint32 timestamp_sec
void const * data_ssl
Definition: daemon.c:115
pthread_t thread
Definition: daemon.c:123
int have_thread
Definition: daemon.c:119
int sockctrl
Definition: daemon.c:113
pcap_t * fp
Definition: daemon.c:117
uint8 protocol_version
Definition: daemon.c:116
void const * ctrl_ssl
Definition: daemon.c:115
int sockdata
Definition: daemon.c:114
unsigned int TotCapt
Definition: daemon.c:118
uint8 alert_description
Definition: daemon.c:192
uint8 alert_level
Definition: daemon.c:191
uint8 version_major
Definition: daemon.c:173
uint8 length_lo
Definition: daemon.c:179
uint8 version_injor
Definition: daemon.c:174
uint8 length_hi
Definition: daemon.c:178