]> The Tcpdump Group git mirrors - libpcap/blob - pcap-rpcap.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Use compiler tests to determine how to define _U_.
[libpcap] / pcap-rpcap.c
1 /*
2 * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
3 * Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16 * nor the names of its contributors may be used to endorse or promote
17 * products derived from this software without specific prior written
18 * permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include <config.h>
36 #endif
37
38 #include <string.h> /* for strlen(), ... */
39 #include <stdlib.h> /* for malloc(), free(), ... */
40 #include <stdarg.h> /* for functions with variable number of arguments */
41 #include <errno.h> /* for the errno variable */
42 #include "sockutils.h"
43 #include "pcap-int.h"
44 #include "rpcap-protocol.h"
45 #include "pcap-rpcap.h"
46
47 /*
48 * This file contains the pcap module for capturing from a remote machine's
49 * interfaces using the RPCAP protocol.
50 *
51 * WARNING: All the RPCAP functions that are allowed to return a buffer
52 * containing the error description can return max PCAP_ERRBUF_SIZE characters.
53 * However there is no guarantees that the string will be zero-terminated.
54 * Best practice is to define the errbuf variable as a char of size
55 * 'PCAP_ERRBUF_SIZE+1' and to insert manually a NULL character at the end
56 * of the buffer. This will guarantee that no buffer overflows occur even
57 * if we use the printf() to show the error on the screen.
58 *
59 * XXX - actually, null-terminating the error string is part of the
60 * contract for the pcap API; if there's any place in the pcap code
61 * that doesn't guarantee null-termination, even at the expense of
62 * cutting the message short, that's a bug and needs to be fixed.
63 */
64
65 #define PCAP_STATS_STANDARD 0 /* Used by pcap_stats_rpcap to see if we want standard or extended statistics */
66 #ifdef _WIN32
67 #define PCAP_STATS_EX 1 /* Used by pcap_stats_rpcap to see if we want standard or extended statistics */
68 #endif
69
70 /*
71 * \brief Keeps a list of all the opened connections in the active mode.
72 *
73 * This structure defines a linked list of items that are needed to keep the info required to
74 * manage the active mode.
75 * In other words, when a new connection in active mode starts, this structure is updated so that
76 * it reflects the list of active mode connections currently opened.
77 * This structure is required by findalldevs() and open_remote() to see if they have to open a new
78 * control connection toward the host, or they already have a control connection in place.
79 */
80 struct activehosts
81 {
82 struct sockaddr_storage host;
83 SOCKET sockctrl;
84 uint8 protocol_version;
85 struct activehosts *next;
86 };
87
88 /* Keeps a list of all the opened connections in the active mode. */
89 static struct activehosts *activeHosts;
90
91 /*
92 * Keeps the main socket identifier when we want to accept a new remote
93 * connection (active mode only).
94 * See the documentation of pcap_remoteact_accept() and
95 * pcap_remoteact_cleanup() for more details.
96 */
97 static SOCKET sockmain;
98
99 /*
100 * Private data for capturing remotely using the rpcap protocol.
101 */
102 struct pcap_rpcap {
103 /*
104 * This is '1' if we're the network client; it is needed by several
105 * functions (such as pcap_setfilter()) to know whether they have
106 * to use the socket or have to open the local adapter.
107 */
108 int rmt_clientside;
109
110 SOCKET rmt_sockctrl; /* socket ID of the socket used for the control connection */
111 SOCKET rmt_sockdata; /* socket ID of the socket used for the data connection */
112 int rmt_flags; /* we have to save flags, since they are passed by the pcap_open_live(), but they are used by the pcap_startcapture() */
113 int rmt_capstarted; /* 'true' if the capture is already started (needed to knoe if we have to call the pcap_startcapture() */
114 char *currentfilter; /* Pointer to a buffer (allocated at run-time) that stores the current filter. Needed when flag PCAP_OPENFLAG_NOCAPTURE_RPCAP is turned on. */
115
116 uint8 protocol_version; /* negotiated protocol version */
117
118 unsigned int TotNetDrops; /* keeps the number of packets that have been dropped by the network */
119
120 /*
121 * This keeps the number of packets that have been received by the
122 * application.
123 *
124 * Packets dropped by the kernel buffer are not counted in this
125 * variable. It is always equal to (TotAccepted - TotDrops),
126 * except for the case of remote capture, in which we have also
127 * packets in flight, i.e. that have been transmitted by the remote
128 * host, but that have not been received (yet) from the client.
129 * In this case, (TotAccepted - TotDrops - TotNetDrops) gives a
130 * wrong result, since this number does not corresponds always to
131 * the number of packet received by the application. For this reason,
132 * in the remote capture we need another variable that takes into
133 * account of the number of packets actually received by the
134 * application.
135 */
136 unsigned int TotCapt;
137
138 struct pcap_stat stat;
139 /* XXX */
140 struct pcap *next; /* list of open pcaps that need stuff cleared on close */
141 };
142
143 /****************************************************
144 * *
145 * Locally defined functions *
146 * *
147 ****************************************************/
148 static struct pcap_stat *rpcap_stats_rpcap(pcap_t *p, struct pcap_stat *ps, int mode);
149 static int pcap_pack_bpffilter(pcap_t *fp, char *sendbuf, int *sendbufidx, struct bpf_program *prog);
150 static int pcap_createfilter_norpcappkt(pcap_t *fp, struct bpf_program *prog);
151 static int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog);
152 static void pcap_save_current_filter_rpcap(pcap_t *fp, const char *filter);
153 static int pcap_setfilter_rpcap(pcap_t *fp, struct bpf_program *prog);
154 static int pcap_setsampling_remote(pcap_t *fp);
155 static int pcap_startcapture_remote(pcap_t *fp);
156 static int rpcap_sendauth(SOCKET sock, uint8 *ver, struct pcap_rmtauth *auth, char *errbuf);
157 static int rpcap_recv_msg_header(SOCKET sock, struct rpcap_header *header, char *errbuf);
158 static int rpcap_check_msg_ver(SOCKET sock, uint8 expected_ver, struct rpcap_header *header, char *errbuf);
159 static int rpcap_check_msg_type(SOCKET sock, uint8 request_type, struct rpcap_header *header, uint16 *errcode, char *errbuf);
160 static int rpcap_process_msg_header(SOCKET sock, uint8 ver, uint8 request_type, struct rpcap_header *header, char *errbuf);
161 static int rpcap_recv(SOCKET sock, void *buffer, size_t toread, uint32 *plen, char *errbuf);
162 static void rpcap_msg_err(SOCKET sockctrl, uint32 plen, char *remote_errbuf);
163 static int rpcap_discard(SOCKET sock, uint32 len, char *errbuf);
164 static int rpcap_read_packet_msg(SOCKET sock, pcap_t *p, size_t size);
165
166 /****************************************************
167 * *
168 * Function bodies *
169 * *
170 ****************************************************/
171
172 /*
173 * This function translates (i.e. de-serializes) a 'rpcap_sockaddr'
174 * structure from the network byte order to a 'sockaddr_in" or
175 * 'sockaddr_in6' structure in the host byte order.
176 *
177 * It accepts an 'rpcap_sockaddr' structure as it is received from the
178 * network, and checks the address family field against various values
179 * to see whether it looks like an IPv4 address, an IPv6 address, or
180 * neither of those. It checks for multiple values in order to try
181 * to handle older rpcap daemons that sent the native OS's 'sockaddr_in'
182 * or 'sockaddr_in6' structures over the wire with some members
183 * byte-swapped, and to handle the fact that AF_INET6 has different
184 * values on different OSes.
185 *
186 * For IPv4 addresses, it converts the address family to host byte
187 * order from network byte order and puts it into the structure,
188 * sets the length if a sockaddr structure has a length, converts the
189 * port number to host byte order from network byte order and puts
190 * it into the structure, copies over the IPv4 address, and zeroes
191 * out the zero padding.
192 *
193 * For IPv6 addresses, it converts the address family to host byte
194 * order from network byte order and puts it into the structure,
195 * sets the length if a sockaddr structure has a length, converts the
196 * port number and flow information to host byte order from network
197 * byte order and puts them into the structure, copies over the IPv6
198 * address, and converts the scope ID to host byte order from network
199 * byte order and puts it into the structure.
200 *
201 * The function will allocate the 'sockaddrout' variable according to the
202 * address family in use. In case the address does not belong to the
203 * AF_INET nor AF_INET6 families, 'sockaddrout' is not allocated and a
204 * NULL pointer is returned. This usually happens because that address
205 * does not exist on the other host, or is of an address family other
206 * than AF_INET or AF_INET6, so the RPCAP daemon sent a 'sockaddr_storage'
207 * structure containing all 'zero' values.
208 *
209 * Older RPCAPDs sent the addresses over the wire in the OS's native
210 * structure format. For most OSes, this looks like the over-the-wire
211 * format, but might have a different value for AF_INET6 than the value
212 * on the machine receiving the reply. For OSes with the newer BSD-style
213 * sockaddr structures, this has, instead of a 2-byte address family,
214 * a 1-byte structure length followed by a 1-byte address family. The
215 * RPCAPD code would put the address family in network byte order before
216 * sending it; that would set it to 0 on a little-endian machine, as
217 * htons() of any value between 1 and 255 would result in a value > 255,
218 * with its lower 8 bits zero, so putting that back into a 1-byte field
219 * would set it to 0.
220 *
221 * Therefore, for older RPCAPDs running on an OS with newer BSD-style
222 * sockaddr structures, the family field, if treated as a big-endian
223 * (network byte order) 16-bit field, would be:
224 *
225 * (length << 8) | family if sent by a big-endian machine
226 * (length << 8) if sent by a little-endian machine
227 *
228 * For current RPCAPDs, and for older RPCAPDs running on an OS with
229 * older BSD-style sockaddr structures, the family field, if treated
230 * as a big-endian 16-bit field, would just contain the family.
231 *
232 * \param sockaddrin: a 'rpcap_sockaddr' pointer to the variable that has
233 * to be de-serialized.
234 *
235 * \param sockaddrout: a 'sockaddr_storage' pointer to the variable that will contain
236 * the de-serialized data. The structure returned can be either a 'sockaddr_in' or 'sockaddr_in6'.
237 * This variable will be allocated automatically inside this function.
238 *
239 * \param errbuf: a pointer to a user-allocated buffer (of size PCAP_ERRBUF_SIZE)
240 * that will contain the error message (in case there is one).
241 *
242 * \return '0' if everything is fine, '-1' if some errors occurred. Basically, the error
243 * can be only the fact that the malloc() failed to allocate memory.
244 * The error message is returned in the 'errbuf' variable, while the deserialized address
245 * is returned into the 'sockaddrout' variable.
246 *
247 * \warning This function supports only AF_INET and AF_INET6 address families.
248 *
249 * \warning The sockaddrout (if not NULL) must be deallocated by the user.
250 */
251
252 /*
253 * Possible IPv4 family values other than the designated over-the-wire value,
254 * which is 2 (because everybody uses 2 for AF_INET4).
255 */
256 #define SOCKADDR_IN_LEN 16 /* length of struct sockaddr_in */
257 #define SOCKADDR_IN6_LEN 28 /* length of struct sockaddr_in6 */
258 #define NEW_BSD_AF_INET_BE ((SOCKADDR_IN_LEN << 8) | 2)
259 #define NEW_BSD_AF_INET_LE (SOCKADDR_IN_LEN << 8)
260
261 /*
262 * Possible IPv6 family values other than the designated over-the-wire value,
263 * which is 23 (because that's what Windows uses, and most RPCAP servers
264 * out there are probably running Windows, as WinPcap includes the server
265 * but few if any UN*Xes build and ship it).
266 *
267 * The new BSD sockaddr structure format was in place before 4.4-Lite, so
268 * all the free-software BSDs use it.
269 */
270 #define NEW_BSD_AF_INET6_BSD_BE ((SOCKADDR_IN6_LEN << 8) | 24) /* NetBSD, OpenBSD, BSD/OS */
271 #define NEW_BSD_AF_INET6_FREEBSD_BE ((SOCKADDR_IN6_LEN << 8) | 28) /* FreeBSD, DragonFly BSD */
272 #define NEW_BSD_AF_INET6_DARWIN_BE ((SOCKADDR_IN6_LEN << 8) | 30) /* macOS, iOS, anything else Darwin-based */
273 #define NEW_BSD_AF_INET6_LE (SOCKADDR_IN6_LEN << 8)
274 #define LINUX_AF_INET6 10
275 #define HPUX_AF_INET6 22
276 #define AIX_AF_INET6 24
277 #define SOLARIS_AF_INET6 26
278
279 static int
280 rpcap_deseraddr(struct rpcap_sockaddr *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf)
281 {
282 /* Warning: we support only AF_INET and AF_INET6 */
283 switch (ntohs(sockaddrin->family))
284 {
285 case RPCAP_AF_INET:
286 case NEW_BSD_AF_INET_BE:
287 case NEW_BSD_AF_INET_LE:
288 {
289 struct rpcap_sockaddr_in *sockaddrin_ipv4;
290 struct sockaddr_in *sockaddrout_ipv4;
291
292 (*sockaddrout) = (struct sockaddr_storage *) malloc(sizeof(struct sockaddr_in));
293 if ((*sockaddrout) == NULL)
294 {
295 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
296 errno, "malloc() failed");
297 return -1;
298 }
299 sockaddrin_ipv4 = (struct rpcap_sockaddr_in *) sockaddrin;
300 sockaddrout_ipv4 = (struct sockaddr_in *) (*sockaddrout);
301 sockaddrout_ipv4->sin_family = AF_INET;
302 sockaddrout_ipv4->sin_port = ntohs(sockaddrin_ipv4->port);
303 memcpy(&sockaddrout_ipv4->sin_addr, &sockaddrin_ipv4->addr, sizeof(sockaddrout_ipv4->sin_addr));
304 memset(sockaddrout_ipv4->sin_zero, 0, sizeof(sockaddrout_ipv4->sin_zero));
305 break;
306 }
307
308 #ifdef AF_INET6
309 case RPCAP_AF_INET6:
310 case NEW_BSD_AF_INET6_BSD_BE:
311 case NEW_BSD_AF_INET6_FREEBSD_BE:
312 case NEW_BSD_AF_INET6_DARWIN_BE:
313 case NEW_BSD_AF_INET6_LE:
314 case LINUX_AF_INET6:
315 case HPUX_AF_INET6:
316 case AIX_AF_INET6:
317 case SOLARIS_AF_INET6:
318 {
319 struct rpcap_sockaddr_in6 *sockaddrin_ipv6;
320 struct sockaddr_in6 *sockaddrout_ipv6;
321
322 (*sockaddrout) = (struct sockaddr_storage *) malloc(sizeof(struct sockaddr_in6));
323 if ((*sockaddrout) == NULL)
324 {
325 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
326 errno, "malloc() failed");
327 return -1;
328 }
329 sockaddrin_ipv6 = (struct rpcap_sockaddr_in6 *) sockaddrin;
330 sockaddrout_ipv6 = (struct sockaddr_in6 *) (*sockaddrout);
331 sockaddrout_ipv6->sin6_family = AF_INET6;
332 sockaddrout_ipv6->sin6_port = ntohs(sockaddrin_ipv6->port);
333 sockaddrout_ipv6->sin6_flowinfo = ntohl(sockaddrin_ipv6->flowinfo);
334 memcpy(&sockaddrout_ipv6->sin6_addr, &sockaddrin_ipv6->addr, sizeof(sockaddrout_ipv6->sin6_addr));
335 sockaddrout_ipv6->sin6_scope_id = ntohl(sockaddrin_ipv6->scope_id);
336 break;
337 }
338 #endif
339
340 default:
341 /*
342 * It is neither AF_INET nor AF_INET6 (or, if the OS doesn't
343 * support AF_INET6, it's not AF_INET).
344 */
345 *sockaddrout = NULL;
346 break;
347 }
348 return 0;
349 }
350
351 /*
352 * This function reads a packet from the network socket. It does not
353 * deliver the packet to a pcap_dispatch()/pcap_loop() callback (hence
354 * the "nocb" string into its name).
355 *
356 * This function is called by pcap_read_rpcap().
357 *
358 * WARNING: By choice, this function does not make use of semaphores. A smarter
359 * implementation should put a semaphore into the data thread, and a signal will
360 * be raised as soon as there is data into the socket buffer.
361 * However this is complicated and it does not bring any advantages when reading
362 * from the network, in which network delays can be much more important than
363 * these optimizations. Therefore, we chose the following approach:
364 * - the 'timeout' chosen by the user is split in two (half on the server side,
365 * with the usual meaning, and half on the client side)
366 * - this function checks for packets; if there are no packets, it waits for
367 * timeout/2 and then it checks again. If packets are still missing, it returns,
368 * otherwise it reads packets.
369 */
370 static int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr *pkt_header, u_char **pkt_data)
371 {
372 struct pcap_rpcap *pr = p->priv; /* structure used when doing a remote live capture */
373 struct rpcap_header *header; /* general header according to the RPCAP format */
374 struct rpcap_pkthdr *net_pkt_header; /* header of the packet, from the message */
375 u_char *net_pkt_data; /* packet data from the message */
376 uint32 plen;
377 int retval; /* generic return value */
378 int msglen;
379
380 /* Structures needed for the select() call */
381 struct timeval tv; /* maximum time the select() can block waiting for data */
382 fd_set rfds; /* set of socket descriptors we have to check */
383
384 /*
385 * Define the packet buffer timeout, to be used in the select()
386 * 'timeout', in pcap_t, is in milliseconds; we have to convert it into sec and microsec
387 */
388 tv.tv_sec = p->opt.timeout / 1000;
389 tv.tv_usec = (p->opt.timeout - tv.tv_sec * 1000) * 1000;
390
391 /* Watch out sockdata to see if it has input */
392 FD_ZERO(&rfds);
393
394 /*
395 * 'fp->rmt_sockdata' has always to be set before calling the select(),
396 * since it is cleared by the select()
397 */
398 FD_SET(pr->rmt_sockdata, &rfds);
399
400 retval = select((int) pr->rmt_sockdata + 1, &rfds, NULL, NULL, &tv);
401 if (retval == -1)
402 {
403 #ifndef _WIN32
404 if (errno == EINTR)
405 {
406 /* Interrupted. */
407 return 0;
408 }
409 #endif
410 sock_geterror("select(): ", p->errbuf, PCAP_ERRBUF_SIZE);
411 return -1;
412 }
413
414 /* There is no data waiting, so return '0' */
415 if (retval == 0)
416 return 0;
417
418 /*
419 * We have to define 'header' as a pointer to a larger buffer,
420 * because in case of UDP we have to read all the message within a single call
421 */
422 header = (struct rpcap_header *) p->buffer;
423 net_pkt_header = (struct rpcap_pkthdr *) ((char *)p->buffer + sizeof(struct rpcap_header));
424 net_pkt_data = (u_char *)p->buffer + sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr);
425
426 if (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP)
427 {
428 /* Read the entire message from the network */
429 msglen = sock_recv_dgram(pr->rmt_sockdata, p->buffer,
430 p->bufsize, p->errbuf, PCAP_ERRBUF_SIZE);
431 if (msglen == -1)
432 {
433 /* Network error. */
434 return -1;
435 }
436 if (msglen == -3)
437 {
438 /* Interrupted receive. */
439 return 0;
440 }
441 if ((size_t)msglen < sizeof(struct rpcap_header))
442 {
443 /*
444 * Message is shorter than an rpcap header.
445 */
446 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
447 "UDP packet message is shorter than an rpcap header");
448 return -1;
449 }
450 plen = ntohl(header->plen);
451 if ((size_t)msglen < sizeof(struct rpcap_header) + plen)
452 {
453 /*
454 * Message is shorter than the header claims it
455 * is.
456 */
457 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
458 "UDP packet message is shorter than its rpcap header claims");
459 return -1;
460 }
461 }
462 else
463 {
464 int status;
465
466 if ((size_t)p->cc < sizeof(struct rpcap_header))
467 {
468 /*
469 * We haven't read any of the packet header yet.
470 * The size we should get is the size of the
471 * packet header.
472 */
473 status = rpcap_read_packet_msg(pr->rmt_sockdata, p,
474 sizeof(struct rpcap_header));
475 if (status == -1)
476 {
477 /* Network error. */
478 return -1;
479 }
480 if (status == -3)
481 {
482 /* Interrupted receive. */
483 return 0;
484 }
485 }
486
487 /*
488 * We have the header, so we know how long the
489 * message payload is. The size we should get
490 * is the size of the packet header plus the
491 * size of the payload.
492 */
493 plen = ntohl(header->plen);
494 if (plen > p->bufsize - sizeof(struct rpcap_header))
495 {
496 /*
497 * This is bigger than the largest
498 * record we'd expect. (We do it by
499 * subtracting in order to avoid an
500 * overflow.)
501 */
502 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
503 "Server sent us a message larger than the largest expected packet message");
504 return -1;
505 }
506 status = rpcap_read_packet_msg(pr->rmt_sockdata, p,
507 sizeof(struct rpcap_header) + plen);
508 if (status == -1)
509 {
510 /* Network error. */
511 return -1;
512 }
513 if (status == -3)
514 {
515 /* Interrupted receive. */
516 return 0;
517 }
518
519 /*
520 * We have the entire message; reset the buffer pointer
521 * and count, as the next read should start a new
522 * message.
523 */
524 p->bp = p->buffer;
525 p->cc = 0;
526 }
527
528 /*
529 * We have the entire message.
530 */
531 header->plen = plen;
532
533 /*
534 * Did the server specify the version we negotiated?
535 */
536 if (rpcap_check_msg_ver(pr->rmt_sockdata, pr->protocol_version,
537 header, p->errbuf) == -1)
538 {
539 return 0; /* Return 'no packets received' */
540 }
541
542 /*
543 * Is this a RPCAP_MSG_PACKET message?
544 */
545 if (header->type != RPCAP_MSG_PACKET)
546 {
547 return 0; /* Return 'no packets received' */
548 }
549
550 if (ntohl(net_pkt_header->caplen) > plen)
551 {
552 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
553 "Packet's captured data goes past the end of the received packet message.");
554 return -1;
555 }
556
557 /* Fill in packet header */
558 pkt_header->caplen = ntohl(net_pkt_header->caplen);
559 pkt_header->len = ntohl(net_pkt_header->len);
560 pkt_header->ts.tv_sec = ntohl(net_pkt_header->timestamp_sec);
561 pkt_header->ts.tv_usec = ntohl(net_pkt_header->timestamp_usec);
562
563 /* Supply a pointer to the beginning of the packet data */
564 *pkt_data = net_pkt_data;
565
566 /*
567 * I don't update the counter of the packets dropped by the network since we're using TCP,
568 * therefore no packets are dropped. Just update the number of packets received correctly
569 */
570 pr->TotCapt++;
571
572 if (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP)
573 {
574 unsigned int npkt;
575
576 /* We're using UDP, so we need to update the counter of the packets dropped by the network */
577 npkt = ntohl(net_pkt_header->npkt);
578
579 if (pr->TotCapt != npkt)
580 {
581 pr->TotNetDrops += (npkt - pr->TotCapt);
582 pr->TotCapt = npkt;
583 }
584 }
585
586 /* Packet read successfully */
587 return 1;
588 }
589
590 /*
591 * This function reads a packet from the network socket.
592 *
593 * This function relies on the pcap_read_nocb_remote to deliver packets. The
594 * difference, here, is that as soon as a packet is read, it is delivered
595 * to the application by means of a callback function.
596 */
597 static int pcap_read_rpcap(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
598 {
599 struct pcap_rpcap *pr = p->priv; /* structure used when doing a remote live capture */
600 struct pcap_pkthdr pkt_header;
601 u_char *pkt_data;
602 int n = 0;
603 int ret;
604
605 /*
606 * If this is client-side, and we haven't already started
607 * the capture, start it now.
608 */
609 if (pr->rmt_clientside)
610 {
611 /* We are on an remote capture */
612 if (!pr->rmt_capstarted)
613 {
614 /*
615 * The capture isn't started yet, so try to
616 * start it.
617 */
618 if (pcap_startcapture_remote(p))
619 return -1;
620 }
621 }
622
623 while (n < cnt || PACKET_COUNT_IS_UNLIMITED(cnt))
624 {
625 /*
626 * Has "pcap_breakloop()" been called?
627 */
628 if (p->break_loop) {
629 /*
630 * Yes - clear the flag that indicates that it
631 * has, and return PCAP_ERROR_BREAK to indicate
632 * that we were told to break out of the loop.
633 */
634 p->break_loop = 0;
635 return (PCAP_ERROR_BREAK);
636 }
637
638 /*
639 * Read some packets.
640 */
641 ret = pcap_read_nocb_remote(p, &pkt_header, &pkt_data);
642 if (ret == 1)
643 {
644 /*
645 * We got a packet. Hand it to the callback
646 * and count it so we can return the count.
647 */
648 (*callback)(user, &pkt_header, pkt_data);
649 n++;
650 }
651 else if (ret == -1)
652 {
653 /* Error. */
654 return ret;
655 }
656 else
657 {
658 /*
659 * No packet; this could mean that we timed
660 * out, or that we got interrupted, or that
661 * we got a bad packet.
662 *
663 * Were we told to break out of the loop?
664 */
665 if (p->break_loop) {
666 /*
667 * Yes.
668 */
669 p->break_loop = 0;
670 return (PCAP_ERROR_BREAK);
671 }
672 /* No - return the number of packets we've processed. */
673 return n;
674 }
675 }
676 return n;
677 }
678
679 /*
680 * This function sends a CLOSE command to the capture server.
681 *
682 * It is called when the user calls pcap_close(). It sends a command
683 * to our peer that says 'ok, let's stop capturing'.
684 *
685 * WARNING: Since we're closing the connection, we do not check for errors.
686 */
687 static void pcap_cleanup_rpcap(pcap_t *fp)
688 {
689 struct pcap_rpcap *pr = fp->priv; /* structure used when doing a remote live capture */
690 struct rpcap_header header; /* header of the RPCAP packet */
691 struct activehosts *temp; /* temp var needed to scan the host list chain, to detect if we're in active mode */
692 int active = 0; /* active mode or not? */
693
694 /* detect if we're in active mode */
695 temp = activeHosts;
696 while (temp)
697 {
698 if (temp->sockctrl == pr->rmt_sockctrl)
699 {
700 active = 1;
701 break;
702 }
703 temp = temp->next;
704 }
705
706 if (!active)
707 {
708 rpcap_createhdr(&header, pr->protocol_version,
709 RPCAP_MSG_CLOSE, 0, 0);
710
711 /*
712 * Send the close request; don't report any errors, as
713 * we're closing this pcap_t, and have no place to report
714 * the error.
715 */
716 (void)sock_send(pr->rmt_sockctrl, (char *)&header,
717 sizeof(struct rpcap_header), NULL, 0);
718 }
719 else
720 {
721 rpcap_createhdr(&header, pr->protocol_version,
722 RPCAP_MSG_ENDCAP_REQ, 0, 0);
723
724 /*
725 * Send the end capture request; don't report any errors,
726 * as we're closing this pcap_t, and have no place to
727 * report the error.
728 */
729 if (sock_send(pr->rmt_sockctrl, (char *)&header,
730 sizeof(struct rpcap_header), NULL, 0) == 0)
731 {
732 /*
733 * Wait for the answer; don't report any errors,
734 * as we're closing this pcap_t, and have no
735 * place to report the error.
736 */
737 if (rpcap_process_msg_header(pr->rmt_sockctrl,
738 pr->protocol_version, RPCAP_MSG_ENDCAP_REQ,
739 &header, NULL) == 0)
740 {
741 (void)rpcap_discard(pr->rmt_sockctrl,
742 header.plen, NULL);
743 }
744 }
745 }
746
747 if (pr->rmt_sockdata)
748 {
749 sock_close(pr->rmt_sockdata, NULL, 0);
750 pr->rmt_sockdata = 0;
751 }
752
753 if ((!active) && (pr->rmt_sockctrl))
754 sock_close(pr->rmt_sockctrl, NULL, 0);
755
756 pr->rmt_sockctrl = 0;
757
758 if (pr->currentfilter)
759 {
760 free(pr->currentfilter);
761 pr->currentfilter = NULL;
762 }
763
764 /* To avoid inconsistencies in the number of sock_init() */
765 sock_cleanup();
766 }
767
768 /*
769 * This function retrieves network statistics from our peer;
770 * it provides only the standard statistics.
771 */
772 static int pcap_stats_rpcap(pcap_t *p, struct pcap_stat *ps)
773 {
774 struct pcap_stat *retval;
775
776 retval = rpcap_stats_rpcap(p, ps, PCAP_STATS_STANDARD);
777
778 if (retval)
779 return 0;
780 else
781 return -1;
782 }
783
784 #ifdef _WIN32
785 /*
786 * This function retrieves network statistics from our peer;
787 * it provides the additional statistics supported by pcap_stats_ex().
788 */
789 static struct pcap_stat *pcap_stats_ex_rpcap(pcap_t *p, int *pcap_stat_size)
790 {
791 *pcap_stat_size = sizeof (p->stat);
792
793 /* PCAP_STATS_EX (third param) means 'extended pcap_stats()' */
794 return (rpcap_stats_rpcap(p, &(p->stat), PCAP_STATS_EX));
795 }
796 #endif
797
798 /*
799 * This function retrieves network statistics from our peer. It
800 * is used by the two previous functions.
801 *
802 * It can be called in two modes:
803 * - PCAP_STATS_STANDARD: if we want just standard statistics (i.e.,
804 * for pcap_stats())
805 * - PCAP_STATS_EX: if we want extended statistics (i.e., for
806 * pcap_stats_ex())
807 *
808 * This 'mode' parameter is needed because in pcap_stats() the variable that
809 * keeps the statistics is allocated by the user. On Windows, this structure
810 * has been extended in order to keep new stats. However, if the user has a
811 * smaller structure and it passes it to pcap_stats(), this function will
812 * try to fill in more data than the size of the structure, so that memory
813 * after the structure will be overwritten.
814 *
815 * So, we need to know it we have to copy just the standard fields, or the
816 * extended fields as well.
817 *
818 * In case we want to copy the extended fields as well, the problem of
819 * memory overflow no longer exists because the structure that's filled
820 * in is part of the pcap_t, so that it can be guaranteed to be large
821 * enough for the additional statistics.
822 *
823 * \param p: the pcap_t structure related to the current instance.
824 *
825 * \param ps: a pointer to a 'pcap_stat' structure, needed for compatibility
826 * with pcap_stat(), where the structure is allocated by the user. In case
827 * of pcap_stats_ex(), this structure and the function return value point
828 * to the same variable.
829 *
830 * \param mode: one of PCAP_STATS_STANDARD or PCAP_STATS_EX.
831 *
832 * \return The structure that keeps the statistics, or NULL in case of error.
833 * The error string is placed in the pcap_t structure.
834 */
835 static struct pcap_stat *rpcap_stats_rpcap(pcap_t *p, struct pcap_stat *ps, int mode)
836 {
837 struct pcap_rpcap *pr = p->priv; /* structure used when doing a remote live capture */
838 struct rpcap_header header; /* header of the RPCAP packet */
839 struct rpcap_stats netstats; /* statistics sent on the network */
840 uint32 plen; /* data remaining in the message */
841
842 /*
843 * If the capture has not yet started, we cannot request statistics
844 * for the capture from our peer, so we return 0 for all statistics,
845 * as nothing's been seen yet.
846 */
847 if (!pr->rmt_capstarted)
848 {
849 ps->ps_drop = 0;
850 ps->ps_ifdrop = 0;
851 ps->ps_recv = 0;
852 #if defined(_WIN32) && defined(ENABLE_REMOTE)
853 if (mode == PCAP_STATS_EX)
854 {
855 ps->ps_capt = 0;
856 ps->ps_sent = 0;
857 ps->ps_netdrop = 0;
858 }
859 #endif /* _WIN32 && ENABLE_REMOTE */
860
861 return ps;
862 }
863
864 rpcap_createhdr(&header, pr->protocol_version,
865 RPCAP_MSG_STATS_REQ, 0, 0);
866
867 /* Send the PCAP_STATS command */
868 if (sock_send(pr->rmt_sockctrl, (char *)&header,
869 sizeof(struct rpcap_header), p->errbuf, PCAP_ERRBUF_SIZE) < 0)
870 return NULL; /* Unrecoverable network error */
871
872 /* Receive and process the reply message header. */
873 if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->protocol_version,
874 RPCAP_MSG_STATS_REQ, &header, p->errbuf) == -1)
875 return NULL; /* Error */
876
877 plen = header.plen;
878
879 /* Read the reply body */
880 if (rpcap_recv(pr->rmt_sockctrl, (char *)&netstats,
881 sizeof(struct rpcap_stats), &plen, p->errbuf) == -1)
882 goto error;
883
884 ps->ps_drop = ntohl(netstats.krnldrop);
885 ps->ps_ifdrop = ntohl(netstats.ifdrop);
886 ps->ps_recv = ntohl(netstats.ifrecv);
887 #if defined(_WIN32) && defined(ENABLE_REMOTE)
888 if (mode == PCAP_STATS_EX)
889 {
890 ps->ps_capt = pr->TotCapt;
891 ps->ps_netdrop = pr->TotNetDrops;
892 ps->ps_sent = ntohl(netstats.svrcapt);
893 }
894 #endif /* _WIN32 && ENABLE_REMOTE */
895
896 /* Discard the rest of the message. */
897 if (rpcap_discard(pr->rmt_sockctrl, plen, p->errbuf) == -1)
898 goto error;
899
900 return ps;
901
902 error:
903 /*
904 * Discard the rest of the message.
905 * We already reported an error; if this gets an error, just
906 * drive on.
907 */
908 (void)rpcap_discard(pr->rmt_sockctrl, plen, NULL);
909
910 return NULL;
911 }
912
913 /*
914 * This function returns the entry in the list of active hosts for this
915 * active connection (active mode only), or NULL if there is no
916 * active connection or an error occurred. It is just for internal
917 * use.
918 *
919 * \param host: a string that keeps the host name of the host for which we
920 * want to get the socket ID for that active connection.
921 *
922 * \param error: a pointer to an int that is set to 1 if an error occurred
923 * and 0 otherwise.
924 *
925 * \param errbuf: a pointer to a user-allocated buffer (of size
926 * PCAP_ERRBUF_SIZE) that will contain the error message (in case
927 * there is one).
928 *
929 * \return the entry for this host in the list of active connections
930 * if found, NULL if it's not found or there's an error.
931 */
932 static struct activehosts *
933 rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
934 {
935 struct activehosts *temp; /* temp var needed to scan the host list chain */
936 struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */
937 int retval;
938
939 /* retrieve the network address corresponding to 'host' */
940 addrinfo = NULL;
941 memset(&hints, 0, sizeof(struct addrinfo));
942 hints.ai_family = PF_UNSPEC;
943 hints.ai_socktype = SOCK_STREAM;
944
945 retval = getaddrinfo(host, "0", &hints, &addrinfo);
946 if (retval != 0)
947 {
948 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "getaddrinfo() %s",
949 gai_strerror(retval));
950 *error = 1;
951 return NULL;
952 }
953
954 temp = activeHosts;
955
956 while (temp)
957 {
958 ai_next = addrinfo;
959 while (ai_next)
960 {
961 if (sock_cmpaddr(&temp->host, (struct sockaddr_storage *) ai_next->ai_addr) == 0)
962 {
963 *error = 0;
964 freeaddrinfo(addrinfo);
965 return temp;
966 }
967
968 ai_next = ai_next->ai_next;
969 }
970 temp = temp->next;
971 }
972
973 if (addrinfo)
974 freeaddrinfo(addrinfo);
975
976 /*
977 * The host for which you want to get the socket ID does not have an
978 * active connection.
979 */
980 *error = 0;
981 return NULL;
982 }
983
984 /*
985 * This function starts a remote capture.
986 *
987 * This function is required since the RPCAP protocol decouples the 'open'
988 * from the 'start capture' functions.
989 * This function takes all the parameters needed (which have been stored
990 * into the pcap_t structure) and sends them to the server.
991 *
992 * \param fp: the pcap_t descriptor of the device currently open.
993 *
994 * \return '0' if everything is fine, '-1' otherwise. The error message
995 * (if one) is returned into the 'errbuf' field of the pcap_t structure.
996 */
997 static int pcap_startcapture_remote(pcap_t *fp)
998 {
999 struct pcap_rpcap *pr = fp->priv; /* structure used when doing a remote live capture */
1000 char sendbuf[RPCAP_NETBUF_SIZE]; /* temporary buffer in which data to be sent is buffered */
1001 int sendbufidx = 0; /* index which keeps the number of bytes currently buffered */
1002 char portdata[PCAP_BUF_SIZE]; /* temp variable needed to keep the network port for the data connection */
1003 uint32 plen;
1004 int active = 0; /* '1' if we're in active mode */
1005 struct activehosts *temp; /* temp var needed to scan the host list chain, to detect if we're in active mode */
1006 char host[INET6_ADDRSTRLEN + 1]; /* numeric name of the other host */
1007
1008 /* socket-related variables*/
1009 struct addrinfo hints; /* temp, needed to open a socket connection */
1010 struct addrinfo *addrinfo; /* temp, needed to open a socket connection */
1011 SOCKET sockdata = 0; /* socket descriptor of the data connection */
1012 struct sockaddr_storage saddr; /* temp, needed to retrieve the network data port chosen on the local machine */
1013 socklen_t saddrlen; /* temp, needed to retrieve the network data port chosen on the local machine */
1014 int ai_family; /* temp, keeps the address family used by the control connection */
1015
1016 /* RPCAP-related variables*/
1017 struct rpcap_header header; /* header of the RPCAP packet */
1018 struct rpcap_startcapreq *startcapreq; /* start capture request message */
1019 struct rpcap_startcapreply startcapreply; /* start capture reply message */
1020
1021 /* Variables related to the buffer setting */
1022 int res;
1023 socklen_t itemp;
1024 int sockbufsize = 0;
1025 uint32 server_sockbufsize;
1026
1027 /*
1028 * Let's check if sampling has been required.
1029 * If so, let's set it first
1030 */
1031 if (pcap_setsampling_remote(fp) != 0)
1032 return -1;
1033
1034 /* detect if we're in active mode */
1035 temp = activeHosts;
1036 while (temp)
1037 {
1038 if (temp->sockctrl == pr->rmt_sockctrl)
1039 {
1040 active = 1;
1041 break;
1042 }
1043 temp = temp->next;
1044 }
1045
1046 addrinfo = NULL;
1047
1048 /*
1049 * Gets the complete sockaddr structure used in the ctrl connection
1050 * This is needed to get the address family of the control socket
1051 * Tip: I cannot save the ai_family of the ctrl sock in the pcap_t struct,
1052 * since the ctrl socket can already be open in case of active mode;
1053 * so I would have to call getpeername() anyway
1054 */
1055 saddrlen = sizeof(struct sockaddr_storage);
1056 if (getpeername(pr->rmt_sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
1057 {
1058 sock_geterror("getsockname(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1059 goto error_nodiscard;
1060 }
1061 ai_family = ((struct sockaddr_storage *) &saddr)->ss_family;
1062
1063 /* Get the numeric address of the remote host we are connected to */
1064 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, host,
1065 sizeof(host), NULL, 0, NI_NUMERICHOST))
1066 {
1067 sock_geterror("getnameinfo(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1068 goto error_nodiscard;
1069 }
1070
1071 /*
1072 * Data connection is opened by the server toward the client if:
1073 * - we're using TCP, and the user wants us to be in active mode
1074 * - we're using UDP
1075 */
1076 if ((active) || (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
1077 {
1078 /*
1079 * We have to create a new socket to receive packets
1080 * We have to do that immediately, since we have to tell the other
1081 * end which network port we picked up
1082 */
1083 memset(&hints, 0, sizeof(struct addrinfo));
1084 /* TEMP addrinfo is NULL in case of active */
1085 hints.ai_family = ai_family; /* Use the same address family of the control socket */
1086 hints.ai_socktype = (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP) ? SOCK_DGRAM : SOCK_STREAM;
1087 hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */
1088
1089 /* Let's the server pick up a free network port for us */
1090 if (sock_initaddress(NULL, "0", &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
1091 goto error_nodiscard;
1092
1093 if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER,
1094 1 /* max 1 connection in queue */, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
1095 goto error_nodiscard;
1096
1097 /* addrinfo is no longer used */
1098 freeaddrinfo(addrinfo);
1099 addrinfo = NULL;
1100
1101 /* get the complete sockaddr structure used in the data connection */
1102 saddrlen = sizeof(struct sockaddr_storage);
1103 if (getsockname(sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
1104 {
1105 sock_geterror("getsockname(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1106 goto error_nodiscard;
1107 }
1108
1109 /* Get the local port the system picked up */
1110 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
1111 0, portdata, sizeof(portdata), NI_NUMERICSERV))
1112 {
1113 sock_geterror("getnameinfo(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1114 goto error_nodiscard;
1115 }
1116 }
1117
1118 /*
1119 * Now it's time to start playing with the RPCAP protocol
1120 * RPCAP start capture command: create the request message
1121 */
1122 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
1123 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1124 goto error_nodiscard;
1125
1126 rpcap_createhdr((struct rpcap_header *) sendbuf,
1127 pr->protocol_version, RPCAP_MSG_STARTCAP_REQ, 0,
1128 sizeof(struct rpcap_startcapreq) + sizeof(struct rpcap_filter) + fp->fcode.bf_len * sizeof(struct rpcap_filterbpf_insn));
1129
1130 /* Fill the structure needed to open an adapter remotely */
1131 startcapreq = (struct rpcap_startcapreq *) &sendbuf[sendbufidx];
1132
1133 if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreq), NULL,
1134 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1135 goto error_nodiscard;
1136
1137 memset(startcapreq, 0, sizeof(struct rpcap_startcapreq));
1138
1139 /* By default, apply half the timeout on one side, half of the other */
1140 fp->opt.timeout = fp->opt.timeout / 2;
1141 startcapreq->read_timeout = htonl(fp->opt.timeout);
1142
1143 /* portdata on the openreq is meaningful only if we're in active mode */
1144 if ((active) || (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
1145 {
1146 sscanf(portdata, "%d", (int *)&(startcapreq->portdata)); /* cast to avoid a compiler warning */
1147 startcapreq->portdata = htons(startcapreq->portdata);
1148 }
1149
1150 startcapreq->snaplen = htonl(fp->snapshot);
1151 startcapreq->flags = 0;
1152
1153 if (pr->rmt_flags & PCAP_OPENFLAG_PROMISCUOUS)
1154 startcapreq->flags |= RPCAP_STARTCAPREQ_FLAG_PROMISC;
1155 if (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP)
1156 startcapreq->flags |= RPCAP_STARTCAPREQ_FLAG_DGRAM;
1157 if (active)
1158 startcapreq->flags |= RPCAP_STARTCAPREQ_FLAG_SERVEROPEN;
1159
1160 startcapreq->flags = htons(startcapreq->flags);
1161
1162 /* Pack the capture filter */
1163 if (pcap_pack_bpffilter(fp, &sendbuf[sendbufidx], &sendbufidx, &fp->fcode))
1164 goto error_nodiscard;
1165
1166 if (sock_send(pr->rmt_sockctrl, sendbuf, sendbufidx, fp->errbuf,
1167 PCAP_ERRBUF_SIZE) < 0)
1168 goto error_nodiscard;
1169
1170 /* Receive and process the reply message header. */
1171 if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->protocol_version,
1172 RPCAP_MSG_STARTCAP_REQ, &header, fp->errbuf) == -1)
1173 goto error_nodiscard;
1174
1175 plen = header.plen;
1176
1177 if (rpcap_recv(pr->rmt_sockctrl, (char *)&startcapreply,
1178 sizeof(struct rpcap_startcapreply), &plen, fp->errbuf) == -1)
1179 goto error;
1180
1181 /*
1182 * In case of UDP data stream, the connection is always opened by the daemon
1183 * So, this case is already covered by the code above.
1184 * Now, we have still to handle TCP connections, because:
1185 * - if we're in active mode, we have to wait for a remote connection
1186 * - if we're in passive more, we have to start a connection
1187 *
1188 * We have to do he job in two steps because in case we're opening a TCP connection, we have
1189 * to tell the port we're using to the remote side; in case we're accepting a TCP
1190 * connection, we have to wait this info from the remote side.
1191 */
1192 if (!(pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
1193 {
1194 if (!active)
1195 {
1196 memset(&hints, 0, sizeof(struct addrinfo));
1197 hints.ai_family = ai_family; /* Use the same address family of the control socket */
1198 hints.ai_socktype = (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP) ? SOCK_DGRAM : SOCK_STREAM;
1199 pcap_snprintf(portdata, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));
1200
1201 /* Let's the server pick up a free network port for us */
1202 if (sock_initaddress(host, portdata, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
1203 goto error;
1204
1205 if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
1206 goto error;
1207
1208 /* addrinfo is no longer used */
1209 freeaddrinfo(addrinfo);
1210 addrinfo = NULL;
1211 }
1212 else
1213 {
1214 SOCKET socktemp; /* We need another socket, since we're going to accept() a connection */
1215
1216 /* Connection creation */
1217 saddrlen = sizeof(struct sockaddr_storage);
1218
1219 socktemp = accept(sockdata, (struct sockaddr *) &saddr, &saddrlen);
1220
1221 if (socktemp == INVALID_SOCKET)
1222 {
1223 sock_geterror("accept(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1224 goto error;
1225 }
1226
1227 /* Now that I accepted the connection, the server socket is no longer needed */
1228 sock_close(sockdata, fp->errbuf, PCAP_ERRBUF_SIZE);
1229 sockdata = socktemp;
1230 }
1231 }
1232
1233 /* Let's save the socket of the data connection */
1234 pr->rmt_sockdata = sockdata;
1235
1236 /*
1237 * Set the size of the socket buffer for the data socket.
1238 * It has the same size as the local capture buffer used
1239 * on the other side of the connection.
1240 */
1241 server_sockbufsize = ntohl(startcapreply.bufsize);
1242
1243 /* Let's get the actual size of the socket buffer */
1244 itemp = sizeof(sockbufsize);
1245
1246 res = getsockopt(sockdata, SOL_SOCKET, SO_RCVBUF, (char *)&sockbufsize, &itemp);
1247 if (res == -1)
1248 {
1249 sock_geterror("pcap_startcapture_remote()", fp->errbuf, PCAP_ERRBUF_SIZE);
1250 SOCK_ASSERT(fp->errbuf, 1);
1251 }
1252
1253 /*
1254 * Warning: on some kernels (e.g. Linux), the size of the user
1255 * buffer does not take into account the pcap_header and such,
1256 * and it is set equal to the snaplen.
1257 *
1258 * In my view, this is wrong (the meaning of the bufsize became
1259 * a bit strange). So, here bufsize is the whole size of the
1260 * user buffer. In case the bufsize returned is too small,
1261 * let's adjust it accordingly.
1262 */
1263 if (server_sockbufsize <= (u_int) fp->snapshot)
1264 server_sockbufsize += sizeof(struct pcap_pkthdr);
1265
1266 /* if the current socket buffer is smaller than the desired one */
1267 if ((u_int) sockbufsize < server_sockbufsize)
1268 {
1269 /*
1270 * Loop until the buffer size is OK or the original
1271 * socket buffer size is larger than this one.
1272 */
1273 while (1)
1274 {
1275 res = setsockopt(sockdata, SOL_SOCKET, SO_RCVBUF,
1276 (char *)&(server_sockbufsize),
1277 sizeof(server_sockbufsize));
1278
1279 if (res == 0)
1280 break;
1281
1282 /*
1283 * If something goes wrong, halve the buffer size
1284 * (checking that it does not become smaller than
1285 * the current one).
1286 */
1287 server_sockbufsize /= 2;
1288
1289 if ((u_int) sockbufsize >= server_sockbufsize)
1290 {
1291 server_sockbufsize = sockbufsize;
1292 break;
1293 }
1294 }
1295 }
1296
1297 /*
1298 * Let's allocate the packet; this is required in order to put
1299 * the packet somewhere when extracting data from the socket.
1300 * Since buffering has already been done in the socket buffer,
1301 * here we need just a buffer whose size is equal to the
1302 * largest possible packet message for the snapshot size,
1303 * namely the length of the message header plus the length
1304 * of the packet header plus the snapshot length.
1305 */
1306 fp->bufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + fp->snapshot;
1307
1308 fp->buffer = (u_char *)malloc(fp->bufsize);
1309 if (fp->buffer == NULL)
1310 {
1311 pcap_fmt_errmsg_for_errno(fp->errbuf, PCAP_ERRBUF_SIZE,
1312 errno, "malloc");
1313 goto error;
1314 }
1315
1316 /*
1317 * The buffer is currently empty.
1318 */
1319 fp->bp = fp->buffer;
1320 fp->cc = 0;
1321
1322 /* Discard the rest of the message. */
1323 if (rpcap_discard(pr->rmt_sockctrl, plen, fp->errbuf) == -1)
1324 goto error;
1325
1326 /*
1327 * In case the user does not want to capture RPCAP packets, let's update the filter
1328 * We have to update it here (instead of sending it into the 'StartCapture' message
1329 * because when we generate the 'start capture' we do not know (yet) all the ports
1330 * we're currently using.
1331 */
1332 if (pr->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP)
1333 {
1334 struct bpf_program fcode;
1335
1336 if (pcap_createfilter_norpcappkt(fp, &fcode) == -1)
1337 goto error;
1338
1339 /* We cannot use 'pcap_setfilter_rpcap' because formally the capture has not been started yet */
1340 /* (the 'pr->rmt_capstarted' variable will be updated some lines below) */
1341 if (pcap_updatefilter_remote(fp, &fcode) == -1)
1342 goto error;
1343
1344 pcap_freecode(&fcode);
1345 }
1346
1347 pr->rmt_capstarted = 1;
1348 return 0;
1349
1350 error:
1351 /*
1352 * When the connection has been established, we have to close it. So, at the
1353 * beginning of this function, if an error occur we return immediately with
1354 * a return NULL; when the connection is established, we have to come here
1355 * ('goto error;') in order to close everything properly.
1356 */
1357
1358 /*
1359 * Discard the rest of the message.
1360 * We already reported an error; if this gets an error, just
1361 * drive on.
1362 */
1363 (void)rpcap_discard(pr->rmt_sockctrl, plen, NULL);
1364
1365 error_nodiscard:
1366 if ((sockdata) && (sockdata != -1)) /* we can be here because sockdata said 'error' */
1367 sock_close(sockdata, NULL, 0);
1368
1369 if (!active)
1370 sock_close(pr->rmt_sockctrl, NULL, 0);
1371
1372 /*
1373 * We do not have to call pcap_close() here, because this function is always called
1374 * by the user in case something bad happens
1375 */
1376 #if 0
1377 if (fp)
1378 {
1379 pcap_close(fp);
1380 fp= NULL;
1381 }
1382 #endif
1383
1384 return -1;
1385 }
1386
1387 /*
1388 * This function takes a bpf program and sends it to the other host.
1389 *
1390 * This function can be called in two cases:
1391 * - pcap_startcapture_remote() is called (we have to send the filter
1392 * along with the 'start capture' command)
1393 * - we want to udpate the filter during a capture (i.e. pcap_setfilter()
1394 * after the capture has been started)
1395 *
1396 * This function serializes the filter into the sending buffer ('sendbuf',
1397 * passed as a parameter) and return back. It does not send anything on
1398 * the network.
1399 *
1400 * \param fp: the pcap_t descriptor of the device currently opened.
1401 *
1402 * \param sendbuf: the buffer on which the serialized data has to copied.
1403 *
1404 * \param sendbufidx: it is used to return the abounf of bytes copied into the buffer.
1405 *
1406 * \param prog: the bpf program we have to copy.
1407 *
1408 * \return '0' if everything is fine, '-1' otherwise. The error message (if one)
1409 * is returned into the 'errbuf' field of the pcap_t structure.
1410 */
1411 static int pcap_pack_bpffilter(pcap_t *fp, char *sendbuf, int *sendbufidx, struct bpf_program *prog)
1412 {
1413 struct rpcap_filter *filter;
1414 struct rpcap_filterbpf_insn *insn;
1415 struct bpf_insn *bf_insn;
1416 struct bpf_program fake_prog; /* To be used just in case the user forgot to set a filter */
1417 unsigned int i;
1418
1419 if (prog->bf_len == 0) /* No filters have been specified; so, let's apply a "fake" filter */
1420 {
1421 if (pcap_compile(fp, &fake_prog, NULL /* buffer */, 1, 0) == -1)
1422 return -1;
1423
1424 prog = &fake_prog;
1425 }
1426
1427 filter = (struct rpcap_filter *) sendbuf;
1428
1429 if (sock_bufferize(NULL, sizeof(struct rpcap_filter), NULL, sendbufidx,
1430 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1431 return -1;
1432
1433 filter->filtertype = htons(RPCAP_UPDATEFILTER_BPF);
1434 filter->nitems = htonl((int32)prog->bf_len);
1435
1436 if (sock_bufferize(NULL, prog->bf_len * sizeof(struct rpcap_filterbpf_insn),
1437 NULL, sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1438 return -1;
1439
1440 insn = (struct rpcap_filterbpf_insn *) (filter + 1);
1441 bf_insn = prog->bf_insns;
1442
1443 for (i = 0; i < prog->bf_len; i++)
1444 {
1445 insn->code = htons(bf_insn->code);
1446 insn->jf = bf_insn->jf;
1447 insn->jt = bf_insn->jt;
1448 insn->k = htonl(bf_insn->k);
1449
1450 insn++;
1451 bf_insn++;
1452 }
1453
1454 return 0;
1455 }
1456
1457 /*
1458 * This function updates a filter on a remote host.
1459 *
1460 * It is called when the user wants to update a filter.
1461 * In case we're capturing from the network, it sends the filter to our
1462 * peer.
1463 * This function is *not* called automatically when the user calls
1464 * pcap_setfilter().
1465 * There will be two cases:
1466 * - the capture has been started: in this case, pcap_setfilter_rpcap()
1467 * calls pcap_updatefilter_remote()
1468 * - the capture has not started yet: in this case, pcap_setfilter_rpcap()
1469 * stores the filter into the pcap_t structure, and then the filter is
1470 * sent with pcap_startcap().
1471 *
1472 * WARNING This function *does not* clear the packet currently into the
1473 * buffers. Therefore, the user has to expect to receive some packets
1474 * that are related to the previous filter. If you want to discard all
1475 * the packets before applying a new filter, you have to close the
1476 * current capture session and start a new one.
1477 *
1478 * XXX - we really should have pcap_setfilter() always discard packets
1479 * received with the old filter, and have a separate pcap_setfilter_noflush()
1480 * function that doesn't discard any packets.
1481 */
1482 static int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog)
1483 {
1484 struct pcap_rpcap *pr = fp->priv; /* structure used when doing a remote live capture */
1485 char sendbuf[RPCAP_NETBUF_SIZE]; /* temporary buffer in which data to be sent is buffered */
1486 int sendbufidx = 0; /* index which keeps the number of bytes currently buffered */
1487 struct rpcap_header header; /* To keep the reply message */
1488
1489 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1490 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1491 return -1;
1492
1493 rpcap_createhdr((struct rpcap_header *) sendbuf,
1494 pr->protocol_version, RPCAP_MSG_UPDATEFILTER_REQ, 0,
1495 sizeof(struct rpcap_filter) + prog->bf_len * sizeof(struct rpcap_filterbpf_insn));
1496
1497 if (pcap_pack_bpffilter(fp, &sendbuf[sendbufidx], &sendbufidx, prog))
1498 return -1;
1499
1500 if (sock_send(pr->rmt_sockctrl, sendbuf, sendbufidx, fp->errbuf,
1501 PCAP_ERRBUF_SIZE) < 0)
1502 return -1;
1503
1504 /* Receive and process the reply message header. */
1505 if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->protocol_version,
1506 RPCAP_MSG_UPDATEFILTER_REQ, &header, fp->errbuf) == -1)
1507 return -1;
1508
1509 /*
1510 * It shouldn't have any contents; discard it if it does.
1511 */
1512 if (rpcap_discard(pr->rmt_sockctrl, header.plen, fp->errbuf) == -1)
1513 return -1;
1514
1515 return 0;
1516 }
1517
1518 static void
1519 pcap_save_current_filter_rpcap(pcap_t *fp, const char *filter)
1520 {
1521 struct pcap_rpcap *pr = fp->priv; /* structure used when doing a remote live capture */
1522
1523 /*
1524 * Check if:
1525 * - We are on an remote capture
1526 * - we do not want to capture RPCAP traffic
1527 *
1528 * If so, we have to save the current filter, because we have to
1529 * add some piece of stuff later
1530 */
1531 if (pr->rmt_clientside &&
1532 (pr->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP))
1533 {
1534 if (pr->currentfilter)
1535 free(pr->currentfilter);
1536
1537 if (filter == NULL)
1538 filter = "";
1539
1540 pr->currentfilter = strdup(filter);
1541 }
1542 }
1543
1544 /*
1545 * This function sends a filter to a remote host.
1546 *
1547 * This function is called when the user wants to set a filter.
1548 * It sends the filter to our peer.
1549 * This function is called automatically when the user calls pcap_setfilter().
1550 *
1551 * Parameters and return values are exactly the same of pcap_setfilter().
1552 */
1553 static int pcap_setfilter_rpcap(pcap_t *fp, struct bpf_program *prog)
1554 {
1555 struct pcap_rpcap *pr = fp->priv; /* structure used when doing a remote live capture */
1556
1557 if (!pr->rmt_capstarted)
1558 {
1559 /* copy filter into the pcap_t structure */
1560 if (install_bpf_program(fp, prog) == -1)
1561 return -1;
1562 return 0;
1563 }
1564
1565 /* we have to update a filter during run-time */
1566 if (pcap_updatefilter_remote(fp, prog))
1567 return -1;
1568
1569 return 0;
1570 }
1571
1572 /*
1573 * This function updates the current filter in order not to capture rpcap
1574 * packets.
1575 *
1576 * This function is called *only* when the user wants exclude RPCAP packets
1577 * related to the current session from the captured packets.
1578 *
1579 * \return '0' if everything is fine, '-1' otherwise. The error message (if one)
1580 * is returned into the 'errbuf' field of the pcap_t structure.
1581 */
1582 static int pcap_createfilter_norpcappkt(pcap_t *fp, struct bpf_program *prog)
1583 {
1584 struct pcap_rpcap *pr = fp->priv; /* structure used when doing a remote live capture */
1585 int RetVal = 0;
1586
1587 /* We do not want to capture our RPCAP traffic. So, let's update the filter */
1588 if (pr->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP)
1589 {
1590 struct sockaddr_storage saddr; /* temp, needed to retrieve the network data port chosen on the local machine */
1591 socklen_t saddrlen; /* temp, needed to retrieve the network data port chosen on the local machine */
1592 char myaddress[128];
1593 char myctrlport[128];
1594 char mydataport[128];
1595 char peeraddress[128];
1596 char peerctrlport[128];
1597 char *newfilter;
1598 const int newstringsize = 1024;
1599 size_t currentfiltersize;
1600
1601 /* Get the name/port of our peer */
1602 saddrlen = sizeof(struct sockaddr_storage);
1603 if (getpeername(pr->rmt_sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
1604 {
1605 sock_geterror("getpeername(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1606 return -1;
1607 }
1608
1609 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peeraddress,
1610 sizeof(peeraddress), peerctrlport, sizeof(peerctrlport), NI_NUMERICHOST | NI_NUMERICSERV))
1611 {
1612 sock_geterror("getnameinfo(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1613 return -1;
1614 }
1615
1616 /* We cannot check the data port, because this is available only in case of TCP sockets */
1617 /* Get the name/port of the current host */
1618 if (getsockname(pr->rmt_sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
1619 {
1620 sock_geterror("getsockname(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1621 return -1;
1622 }
1623
1624 /* Get the local port the system picked up */
1625 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, myaddress,
1626 sizeof(myaddress), myctrlport, sizeof(myctrlport), NI_NUMERICHOST | NI_NUMERICSERV))
1627 {
1628 sock_geterror("getnameinfo(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1629 return -1;
1630 }
1631
1632 /* Let's now check the data port */
1633 if (getsockname(pr->rmt_sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
1634 {
1635 sock_geterror("getsockname(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1636 return -1;
1637 }
1638
1639 /* Get the local port the system picked up */
1640 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL, 0, mydataport, sizeof(mydataport), NI_NUMERICSERV))
1641 {
1642 sock_geterror("getnameinfo(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
1643 return -1;
1644 }
1645
1646 currentfiltersize = pr->currentfilter ? strlen(pr->currentfilter) : 0;
1647
1648 newfilter = (char *)malloc(currentfiltersize + newstringsize + 1);
1649
1650 if (currentfiltersize)
1651 {
1652 pcap_snprintf(newfilter, currentfiltersize + newstringsize,
1653 "(%s) and not (host %s and host %s and port %s and port %s) and not (host %s and host %s and port %s)",
1654 pr->currentfilter, myaddress, peeraddress, myctrlport, peerctrlport, myaddress, peeraddress, mydataport);
1655 }
1656 else
1657 {
1658 pcap_snprintf(newfilter, currentfiltersize + newstringsize,
1659 "not (host %s and host %s and port %s and port %s) and not (host %s and host %s and port %s)",
1660 myaddress, peeraddress, myctrlport, peerctrlport, myaddress, peeraddress, mydataport);
1661 }
1662
1663 newfilter[currentfiltersize + newstringsize] = 0;
1664
1665 /*
1666 * This is only an hack to prevent the save_current_filter
1667 * routine, which will be called when we call pcap_compile(),
1668 * from saving the modified filter.
1669 */
1670 pr->rmt_clientside = 0;
1671
1672 if (pcap_compile(fp, prog, newfilter, 1, 0) == -1)
1673 RetVal = -1;
1674
1675 /* Undo the hack. */
1676 pr->rmt_clientside = 1;
1677
1678 free(newfilter);
1679 }
1680
1681 return RetVal;
1682 }
1683
1684 /*
1685 * This function sets sampling parameters in the remote host.
1686 *
1687 * It is called when the user wants to set activate sampling on the
1688 * remote host.
1689 *
1690 * Sampling parameters are defined into the 'pcap_t' structure.
1691 *
1692 * \param p: the pcap_t descriptor of the device currently opened.
1693 *
1694 * \return '0' if everything is OK, '-1' is something goes wrong. The
1695 * error message is returned in the 'errbuf' member of the pcap_t structure.
1696 */
1697 static int pcap_setsampling_remote(pcap_t *fp)
1698 {
1699 struct pcap_rpcap *pr = fp->priv; /* structure used when doing a remote live capture */
1700 char sendbuf[RPCAP_NETBUF_SIZE];/* temporary buffer in which data to be sent is buffered */
1701 int sendbufidx = 0; /* index which keeps the number of bytes currently buffered */
1702 struct rpcap_header header; /* To keep the reply message */
1703 struct rpcap_sampling *sampling_pars; /* Structure that is needed to send sampling parameters to the remote host */
1704
1705 /* If no samping is requested, return 'ok' */
1706 if (fp->rmt_samp.method == PCAP_SAMP_NOSAMP)
1707 return 0;
1708
1709 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
1710 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1711 return -1;
1712
1713 rpcap_createhdr((struct rpcap_header *) sendbuf,
1714 pr->protocol_version, RPCAP_MSG_SETSAMPLING_REQ, 0,
1715 sizeof(struct rpcap_sampling));
1716
1717 /* Fill the structure needed to open an adapter remotely */
1718 sampling_pars = (struct rpcap_sampling *) &sendbuf[sendbufidx];
1719
1720 if (sock_bufferize(NULL, sizeof(struct rpcap_sampling), NULL,
1721 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1722 return -1;
1723
1724 memset(sampling_pars, 0, sizeof(struct rpcap_sampling));
1725
1726 sampling_pars->method = fp->rmt_samp.method;
1727 sampling_pars->value = htonl(fp->rmt_samp.value);
1728
1729 if (sock_send(pr->rmt_sockctrl, sendbuf, sendbufidx, fp->errbuf,
1730 PCAP_ERRBUF_SIZE) < 0)
1731 return -1;
1732
1733 /* Receive and process the reply message header. */
1734 if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->protocol_version,
1735 RPCAP_MSG_SETSAMPLING_REQ, &header, fp->errbuf) == -1)
1736 return -1;
1737
1738 /*
1739 * It shouldn't have any contents; discard it if it does.
1740 */
1741 if (rpcap_discard(pr->rmt_sockctrl, header.plen, fp->errbuf) == -1)
1742 return -1;
1743
1744 return 0;
1745 }
1746
1747 /*********************************************************
1748 * *
1749 * Miscellaneous functions *
1750 * *
1751 *********************************************************/
1752
1753 /*
1754 * This function performs authentication and protocol version
1755 * negotiation. It first tries to authenticate with the maximum
1756 * version we support and, if that fails with an "I don't support
1757 * that version" error from the server, and the version number in
1758 * the reply from the server is one we support, tries again with
1759 * that version.
1760 *
1761 * \param sock: the socket we are currently using.
1762 *
1763 * \param ver: pointer to variable holding protocol version number to send
1764 * and to set to the protocol version number in the reply.
1765 *
1766 * \param auth: authentication parameters that have to be sent.
1767 *
1768 * \param errbuf: a pointer to a user-allocated buffer (of size
1769 * PCAP_ERRBUF_SIZE) that will contain the error message (in case there
1770 * is one). It could be a network problem or the fact that the authorization
1771 * failed.
1772 *
1773 * \return '0' if everything is fine, '-1' for an error. For errors,
1774 * an error message string is returned in the 'errbuf' variable.
1775 */
1776 static int rpcap_doauth(SOCKET sockctrl, uint8 *ver, struct pcap_rmtauth *auth, char *errbuf)
1777 {
1778 int status;
1779
1780 /*
1781 * Send authentication to the remote machine.
1782 *
1783 * First try with the maximum version number we support.
1784 */
1785 *ver = RPCAP_MAX_VERSION;
1786 status = rpcap_sendauth(sockctrl, ver, auth, errbuf);
1787 if (status == 0)
1788 {
1789 //
1790 // Success.
1791 //
1792 return 0;
1793 }
1794 if (status == -1)
1795 {
1796 /* Unrecoverable error. */
1797 return -1;
1798 }
1799
1800 /*
1801 * The server doesn't support the version we used in the initial
1802 * message, and it sent us back a reply either with the maximum
1803 * version they do support, or with the version we sent, and we
1804 * support that version. *ver has been set to that version; try
1805 * authenticating again with that version.
1806 */
1807 status = rpcap_sendauth(sockctrl, ver, auth, errbuf);
1808 if (status == 0)
1809 {
1810 //
1811 // Success.
1812 //
1813 return 0;
1814 }
1815 if (status == -1)
1816 {
1817 /* Unrecoverable error. */
1818 return -1;
1819 }
1820 if (status == -2)
1821 {
1822 /*
1823 * The server doesn't support that version, which
1824 * means there is no version we both support, so
1825 * this is a fatal error.
1826 */
1827 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "The server doesn't support any protocol version that we support");
1828 return -1;
1829 }
1830 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "rpcap_sendauth() returned %d", status);
1831 return -1;
1832 }
1833
1834 /*
1835 * This function sends the authentication message.
1836 *
1837 * It sends the authentication parameters on the control socket.
1838 * It is required in order to open the connection with the other end party.
1839 *
1840 * \param sock: the socket we are currently using.
1841 *
1842 * \param ver: pointer to variable holding protocol version number to send
1843 * and to set to the protocol version number in the reply.
1844 *
1845 * \param auth: authentication parameters that have to be sent.
1846 *
1847 * \param errbuf: a pointer to a user-allocated buffer (of size
1848 * PCAP_ERRBUF_SIZE) that will contain the error message (in case there
1849 * is one). It could be a network problem or the fact that the authorization
1850 * failed.
1851 *
1852 * \return '0' if everything is fine, '-2' if the server didn't reply with
1853 * the protocol version we requested but replied with a version we do
1854 * support, or '-1' for other errors. For errors, an error message string
1855 * is returned in the 'errbuf' variable.
1856 */
1857 static int rpcap_sendauth(SOCKET sock, uint8 *ver, struct pcap_rmtauth *auth, char *errbuf)
1858 {
1859 char sendbuf[RPCAP_NETBUF_SIZE]; /* temporary buffer in which data that has to be sent is buffered */
1860 int sendbufidx = 0; /* index which keeps the number of bytes currently buffered */
1861 uint16 length; /* length of the payload of this message */
1862 uint16 errcode;
1863 struct rpcap_auth *rpauth;
1864 uint16 auth_type;
1865 struct rpcap_header header;
1866 size_t str_length;
1867
1868 if (auth)
1869 {
1870 auth_type = auth->type;
1871
1872 switch (auth->type)
1873 {
1874 case RPCAP_RMTAUTH_NULL:
1875 length = sizeof(struct rpcap_auth);
1876 break;
1877
1878 case RPCAP_RMTAUTH_PWD:
1879 length = sizeof(struct rpcap_auth);
1880 if (auth->username)
1881 {
1882 str_length = strlen(auth->username);
1883 if (str_length > 65535)
1884 {
1885 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "User name is too long (> 65535 bytes)");
1886 return -1;
1887 }
1888 length += (uint16)str_length;
1889 }
1890 if (auth->password)
1891 {
1892 str_length = strlen(auth->password);
1893 if (str_length > 65535)
1894 {
1895 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Password is too long (> 65535 bytes)");
1896 return -1;
1897 }
1898 length += (uint16)str_length;
1899 }
1900 break;
1901
1902 default:
1903 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication type not recognized.");
1904 return -1;
1905 }
1906 }
1907 else
1908 {
1909 auth_type = RPCAP_RMTAUTH_NULL;
1910 length = sizeof(struct rpcap_auth);
1911 }
1912
1913
1914 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
1915 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE))
1916 return -1;
1917
1918 rpcap_createhdr((struct rpcap_header *) sendbuf, *ver,
1919 RPCAP_MSG_AUTH_REQ, 0, length);
1920
1921 rpauth = (struct rpcap_auth *) &sendbuf[sendbufidx];
1922
1923 if (sock_bufferize(NULL, sizeof(struct rpcap_auth), NULL,
1924 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE))
1925 return -1;
1926
1927 memset(rpauth, 0, sizeof(struct rpcap_auth));
1928
1929 rpauth->type = htons(auth_type);
1930
1931 if (auth_type == RPCAP_RMTAUTH_PWD)
1932 {
1933 if (auth->username)
1934 rpauth->slen1 = (uint16)strlen(auth->username);
1935 else
1936 rpauth->slen1 = 0;
1937
1938 if (sock_bufferize(auth->username, rpauth->slen1, sendbuf,
1939 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE))
1940 return -1;
1941
1942 if (auth->password)
1943 rpauth->slen2 = (uint16)strlen(auth->password);
1944 else
1945 rpauth->slen2 = 0;
1946
1947 if (sock_bufferize(auth->password, rpauth->slen2, sendbuf,
1948 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE))
1949 return -1;
1950
1951 rpauth->slen1 = htons(rpauth->slen1);
1952 rpauth->slen2 = htons(rpauth->slen2);
1953 }
1954
1955 if (sock_send(sock, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) < 0)
1956 return -1;
1957
1958 /* Receive the reply */
1959 if (rpcap_recv_msg_header(sock, &header, errbuf) == -1)
1960 return -1;
1961
1962 if (rpcap_check_msg_type(sock, RPCAP_MSG_AUTH_REQ, &header,
1963 &errcode, errbuf) == -1)
1964 {
1965 /* Error message - or something else, which is a protocol error. */
1966 if (header.type == RPCAP_MSG_ERROR &&
1967 errcode == PCAP_ERR_WRONGVER)
1968 {
1969 /*
1970 * The server didn't support the version we sent,
1971 * and replied with the maximum version it supports
1972 * if our version was too big or with the version
1973 * we sent if out version was too small.
1974 *
1975 * Do we also support it?
1976 */
1977 if (header.ver < RPCAP_MIN_VERSION ||
1978 header.ver > RPCAP_MAX_VERSION)
1979 {
1980 /*
1981 * No, so there's no version we both support.
1982 * This is an unrecoverable error.
1983 */
1984 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "The server doesn't support any protocol version that we support");
1985 return -1;
1986 }
1987
1988 /*
1989 * OK, use that version, and tell our caller to
1990 * try again.
1991 */
1992 *ver = header.ver;
1993 return -2;
1994 }
1995
1996 /*
1997 * Other error - unrecoverable.
1998 */
1999 return -1;
2000 }
2001
2002 /*
2003 * OK, it's an authentication reply, so they're OK with the
2004 * protocol version we sent.
2005 *
2006 * Discard the rest of it.
2007 */
2008 if (rpcap_discard(sock, header.plen, errbuf) == -1)
2009 return -1;
2010
2011 return 0;
2012 }
2013
2014 /* We don't currently support non-blocking mode. */
2015 static int
2016 pcap_getnonblock_rpcap(pcap_t *p)
2017 {
2018 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2019 "Non-blocking mode isn't supported for capturing remotely with rpcap");
2020 return (-1);
2021 }
2022
2023 static int
2024 pcap_setnonblock_rpcap(pcap_t *p, int nonblock _U_)
2025 {
2026 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2027 "Non-blocking mode isn't supported for capturing remotely with rpcap");
2028 return (-1);
2029 }
2030
2031 /*
2032 * This function opens a remote adapter by opening an RPCAP connection and
2033 * so on.
2034 *
2035 * It does the job of pcap_open_live() for a remote interface; it's called
2036 * by pcap_open() for remote interfaces.
2037 *
2038 * We do not start the capture until pcap_startcapture_remote() is called.
2039 *
2040 * This is because, when doing a remote capture, we cannot start capturing
2041 * data as soon as the 'open adapter' command is sent. Suppose the remote
2042 * adapter is already overloaded; if we start a capture (which, by default,
2043 * has a NULL filter) the new traffic can saturate the network.
2044 *
2045 * Instead, we want to "open" the adapter, then send a "start capture"
2046 * command only when we're ready to start the capture.
2047 * This function does this job: it sends an "open adapter" command
2048 * (according to the RPCAP protocol), but it does not start the capture.
2049 *
2050 * Since the other libpcap functions do not share this way of life, we
2051 * have to do some dirty things in order to make everything work.
2052 *
2053 * \param source: see pcap_open().
2054 * \param snaplen: see pcap_open().
2055 * \param flags: see pcap_open().
2056 * \param read_timeout: see pcap_open().
2057 * \param auth: see pcap_open().
2058 * \param errbuf: see pcap_open().
2059 *
2060 * \return a pcap_t pointer in case of success, NULL otherwise. In case of
2061 * success, the pcap_t pointer can be used as a parameter to the following
2062 * calls (pcap_compile() and so on). In case of problems, errbuf contains
2063 * a text explanation of error.
2064 *
2065 * WARNING: In case we call pcap_compile() and the capture has not yet
2066 * been started, the filter will be saved into the pcap_t structure,
2067 * and it will be sent to the other host later (when
2068 * pcap_startcapture_remote() is called).
2069 */
2070 pcap_t *pcap_open_rpcap(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf)
2071 {
2072 pcap_t *fp;
2073 char *source_str;
2074 struct pcap_rpcap *pr; /* structure used when doing a remote live capture */
2075 char host[PCAP_BUF_SIZE], ctrlport[PCAP_BUF_SIZE], iface[PCAP_BUF_SIZE];
2076 struct activehosts *activeconn; /* active connection, if there is one */
2077 int error; /* '1' if rpcap_remoteact_getsock returned an error */
2078 SOCKET sockctrl;
2079 uint8 protocol_version; /* negotiated protocol version */
2080 int active;
2081 uint32 plen;
2082 char sendbuf[RPCAP_NETBUF_SIZE]; /* temporary buffer in which data to be sent is buffered */
2083 int sendbufidx = 0; /* index which keeps the number of bytes currently buffered */
2084 int retval; /* store the return value of the functions */
2085
2086 /* RPCAP-related variables */
2087 struct rpcap_header header; /* header of the RPCAP packet */
2088 struct rpcap_openreply openreply; /* open reply message */
2089
2090 fp = pcap_create_common(errbuf, sizeof (struct pcap_rpcap));
2091 if (fp == NULL)
2092 {
2093 return NULL;
2094 }
2095 source_str = strdup(source);
2096 if (source_str == NULL) {
2097 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2098 errno, "malloc");
2099 return NULL;
2100 }
2101
2102 /*
2103 * Turn a negative snapshot value (invalid), a snapshot value of
2104 * 0 (unspecified), or a value bigger than the normal maximum
2105 * value, into the maximum allowed value.
2106 *
2107 * If some application really *needs* a bigger snapshot
2108 * length, we should just increase MAXIMUM_SNAPLEN.
2109 *
2110 * XXX - should we leave this up to the remote server to
2111 * do?
2112 */
2113 if (snaplen <= 0 || snaplen > MAXIMUM_SNAPLEN)
2114 snaplen = MAXIMUM_SNAPLEN;
2115
2116 fp->opt.device = source_str;
2117 fp->snapshot = snaplen;
2118 fp->opt.timeout = read_timeout;
2119 pr = fp->priv;
2120 pr->rmt_flags = flags;
2121
2122 /*
2123 * determine the type of the source (NULL, file, local, remote)
2124 * You must have a valid source string even if we're in active mode, because otherwise
2125 * the call to the following function will fail.
2126 */
2127 if (pcap_parsesrcstr(fp->opt.device, &retval, host, ctrlport, iface, errbuf) == -1)
2128 {
2129 pcap_close(fp);
2130 return NULL;
2131 }
2132
2133 if (retval != PCAP_SRC_IFREMOTE)
2134 {
2135 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "This function is able to open only remote interfaces");
2136 pcap_close(fp);
2137 return NULL;
2138 }
2139
2140 /*
2141 * Warning: this call can be the first one called by the user.
2142 * For this reason, we have to initialize the WinSock support.
2143 */
2144 if (sock_init(errbuf, PCAP_ERRBUF_SIZE) == -1)
2145 {
2146 pcap_close(fp);
2147 return NULL;
2148 }
2149
2150 /* Check for active mode */
2151 activeconn = rpcap_remoteact_getsock(host, &error, errbuf);
2152 if (activeconn != NULL)
2153 {
2154 sockctrl = activeconn->sockctrl;
2155 protocol_version = activeconn->protocol_version;
2156 active = 1;
2157 }
2158 else
2159 {
2160 struct addrinfo hints; /* temp, needed to open a socket connection */
2161 struct addrinfo *addrinfo; /* temp, needed to open a socket connection */
2162
2163 if (error)
2164 {
2165 /*
2166 * Call failed.
2167 */
2168 pcap_close(fp);
2169 return NULL;
2170 }
2171
2172 /*
2173 * We're not in active mode; let's try to open a new
2174 * control connection.
2175 */
2176 memset(&hints, 0, sizeof(struct addrinfo));
2177 hints.ai_family = PF_UNSPEC;
2178 hints.ai_socktype = SOCK_STREAM;
2179
2180 if (ctrlport[0] == 0)
2181 {
2182 /* the user chose not to specify the port */
2183 if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
2184 {
2185 pcap_close(fp);
2186 return NULL;
2187 }
2188 }
2189 else
2190 {
2191 if (sock_initaddress(host, ctrlport, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
2192 {
2193 pcap_close(fp);
2194 return NULL;
2195 }
2196 }
2197
2198 if ((sockctrl = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2199 {
2200 freeaddrinfo(addrinfo);
2201 pcap_close(fp);
2202 return NULL;
2203 }
2204
2205 /* addrinfo is no longer used */
2206 freeaddrinfo(addrinfo);
2207
2208 if (rpcap_doauth(sockctrl, &protocol_version, auth, errbuf) == -1)
2209 {
2210 sock_close(sockctrl, NULL, 0);
2211 pcap_close(fp);
2212 return NULL;
2213 }
2214 active = 0;
2215 }
2216
2217 /*
2218 * Now it's time to start playing with the RPCAP protocol
2219 * RPCAP open command: create the request message
2220 */
2221 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2222 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE))
2223 goto error_nodiscard;
2224
2225 rpcap_createhdr((struct rpcap_header *) sendbuf, protocol_version,
2226 RPCAP_MSG_OPEN_REQ, 0, (uint32) strlen(iface));
2227
2228 if (sock_bufferize(iface, (int) strlen(iface), sendbuf, &sendbufidx,
2229 RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE))
2230 goto error_nodiscard;
2231
2232 if (sock_send(sockctrl, sendbuf, sendbufidx, errbuf,
2233 PCAP_ERRBUF_SIZE) < 0)
2234 goto error_nodiscard;
2235
2236 /* Receive and process the reply message header. */
2237 if (rpcap_process_msg_header(sockctrl, protocol_version,
2238 RPCAP_MSG_OPEN_REQ, &header, errbuf) == -1)
2239 goto error_nodiscard;
2240 plen = header.plen;
2241
2242 /* Read the reply body */
2243 if (rpcap_recv(sockctrl, (char *)&openreply,
2244 sizeof(struct rpcap_openreply), &plen, errbuf) == -1)
2245 goto error;
2246
2247 /* Discard the rest of the message, if there is any. */
2248 if (rpcap_discard(pr->rmt_sockctrl, plen, errbuf) == -1)
2249 goto error_nodiscard;
2250
2251 /* Set proper fields into the pcap_t struct */
2252 fp->linktype = ntohl(openreply.linktype);
2253 fp->tzoff = ntohl(openreply.tzoff);
2254 pr->rmt_sockctrl = sockctrl;
2255 pr->protocol_version = protocol_version;
2256 pr->rmt_clientside = 1;
2257
2258 /* This code is duplicated from the end of this function */
2259 fp->read_op = pcap_read_rpcap;
2260 fp->save_current_filter_op = pcap_save_current_filter_rpcap;
2261 fp->setfilter_op = pcap_setfilter_rpcap;
2262 fp->getnonblock_op = pcap_getnonblock_rpcap;
2263 fp->setnonblock_op = pcap_setnonblock_rpcap;
2264 fp->stats_op = pcap_stats_rpcap;
2265 #ifdef _WIN32
2266 fp->stats_ex_op = pcap_stats_ex_rpcap;
2267 #endif
2268 fp->cleanup_op = pcap_cleanup_rpcap;
2269
2270 fp->activated = 1;
2271 return fp;
2272
2273 error:
2274 /*
2275 * When the connection has been established, we have to close it. So, at the
2276 * beginning of this function, if an error occur we return immediately with
2277 * a return NULL; when the connection is established, we have to come here
2278 * ('goto error;') in order to close everything properly.
2279 */
2280
2281 /*
2282 * Discard the rest of the message.
2283 * We already reported an error; if this gets an error, just
2284 * drive on.
2285 */
2286 (void)rpcap_discard(pr->rmt_sockctrl, plen, NULL);
2287
2288 error_nodiscard:
2289 if (!active)
2290 sock_close(sockctrl, NULL, 0);
2291
2292 pcap_close(fp);
2293 return NULL;
2294 }
2295
2296 /* String identifier to be used in the pcap_findalldevs_ex() */
2297 #define PCAP_TEXT_SOURCE_ADAPTER "Network adapter"
2298 /* String identifier to be used in the pcap_findalldevs_ex() */
2299 #define PCAP_TEXT_SOURCE_ON_REMOTE_HOST "on remote node"
2300
2301 static void
2302 freeaddr(struct pcap_addr *addr)
2303 {
2304 free(addr->addr);
2305 free(addr->netmask);
2306 free(addr->broadaddr);
2307 free(addr->dstaddr);
2308 free(addr);
2309 }
2310
2311 int
2312 pcap_findalldevs_ex_remote(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf)
2313 {
2314 struct activehosts *activeconn; /* active connection, if there is one */
2315 int error; /* '1' if rpcap_remoteact_getsock returned an error */
2316 uint8 protocol_version; /* protocol version */
2317 SOCKET sockctrl; /* socket descriptor of the control connection */
2318 uint32 plen;
2319 struct rpcap_header header; /* structure that keeps the general header of the rpcap protocol */
2320 int i, j; /* temp variables */
2321 int nif; /* Number of interfaces listed */
2322 int active; /* 'true' if we the other end-party is in active mode */
2323 int type;
2324 char host[PCAP_BUF_SIZE], port[PCAP_BUF_SIZE];
2325 char tmpstring[PCAP_BUF_SIZE + 1]; /* Needed to convert names and descriptions from 'old' syntax to the 'new' one */
2326 pcap_if_t *lastdev; /* Last device in the pcap_if_t list */
2327 pcap_if_t *dev; /* Device we're adding to the pcap_if_t list */
2328
2329 /* List starts out empty. */
2330 (*alldevs) = NULL;
2331 lastdev = NULL;
2332
2333 /* Retrieve the needed data for getting adapter list */
2334 if (pcap_parsesrcstr(source, &type, host, port, NULL, errbuf) == -1)
2335 return -1;
2336
2337 /* Warning: this call can be the first one called by the user. */
2338 /* For this reason, we have to initialize the WinSock support. */
2339 if (sock_init(errbuf, PCAP_ERRBUF_SIZE) == -1)
2340 return -1;
2341
2342 /* Check for active mode */
2343 activeconn = rpcap_remoteact_getsock(host, &error, errbuf);
2344 if (activeconn != NULL)
2345 {
2346 sockctrl = activeconn->sockctrl;
2347 protocol_version = activeconn->protocol_version;
2348 active = 1;
2349 }
2350 else
2351 {
2352 struct addrinfo hints; /* temp variable needed to resolve hostnames into to socket representation */
2353 struct addrinfo *addrinfo; /* temp variable needed to resolve hostnames into to socket representation */
2354
2355 if (error)
2356 {
2357 /*
2358 * Call failed.
2359 */
2360 return -1;
2361 }
2362
2363 /*
2364 * We're not in active mode; let's try to open a new
2365 * control connection.
2366 */
2367 memset(&hints, 0, sizeof(struct addrinfo));
2368 hints.ai_family = PF_UNSPEC;
2369 hints.ai_socktype = SOCK_STREAM;
2370
2371 if (port[0] == 0)
2372 {
2373 /* the user chose not to specify the port */
2374 if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
2375 return -1;
2376 }
2377 else
2378 {
2379 if (sock_initaddress(host, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
2380 return -1;
2381 }
2382
2383 if ((sockctrl = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2384 {
2385 freeaddrinfo(addrinfo);
2386 return -1;
2387 }
2388
2389 /* addrinfo is no longer used */
2390 freeaddrinfo(addrinfo);
2391 addrinfo = NULL;
2392
2393 if (rpcap_doauth(sockctrl, &protocol_version, auth, errbuf) == -1)
2394 {
2395 sock_close(sockctrl, NULL, 0);
2396 return -1;
2397 }
2398 active = 0;
2399 }
2400
2401 /* RPCAP findalldevs command */
2402 rpcap_createhdr(&header, protocol_version, RPCAP_MSG_FINDALLIF_REQ,
2403 0, 0);
2404
2405 if (sock_send(sockctrl, (char *)&header, sizeof(struct rpcap_header),
2406 errbuf, PCAP_ERRBUF_SIZE) < 0)
2407 goto error_nodiscard;
2408
2409 /* Receive and process the reply message header. */
2410 if (rpcap_process_msg_header(sockctrl, protocol_version,
2411 RPCAP_MSG_FINDALLIF_REQ, &header, errbuf) == -1)
2412 goto error_nodiscard;
2413
2414 plen = header.plen;
2415
2416 /* read the number of interfaces */
2417 nif = ntohs(header.value);
2418
2419 /* loop until all interfaces have been received */
2420 for (i = 0; i < nif; i++)
2421 {
2422 struct rpcap_findalldevs_if findalldevs_if;
2423 char tmpstring2[PCAP_BUF_SIZE + 1]; /* Needed to convert names and descriptions from 'old' syntax to the 'new' one */
2424 size_t stringlen;
2425 struct pcap_addr *addr, *prevaddr;
2426
2427 tmpstring2[PCAP_BUF_SIZE] = 0;
2428
2429 /* receive the findalldevs structure from remote host */
2430 if (rpcap_recv(sockctrl, (char *)&findalldevs_if,
2431 sizeof(struct rpcap_findalldevs_if), &plen, errbuf) == -1)
2432 goto error;
2433
2434 findalldevs_if.namelen = ntohs(findalldevs_if.namelen);
2435 findalldevs_if.desclen = ntohs(findalldevs_if.desclen);
2436 findalldevs_if.naddr = ntohs(findalldevs_if.naddr);
2437
2438 /* allocate the main structure */
2439 dev = (pcap_if_t *)malloc(sizeof(pcap_if_t));
2440 if (dev == NULL)
2441 {
2442 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2443 errno, "malloc() failed");
2444 goto error;
2445 }
2446
2447 /* Initialize the structure to 'zero' */
2448 memset(dev, 0, sizeof(pcap_if_t));
2449
2450 /* Append it to the list. */
2451 if (lastdev == NULL)
2452 {
2453 /*
2454 * List is empty, so it's also the first device.
2455 */
2456 *alldevs = dev;
2457 }
2458 else
2459 {
2460 /*
2461 * Append after the last device.
2462 */
2463 lastdev->next = dev;
2464 }
2465 /* It's now the last device. */
2466 lastdev = dev;
2467
2468 /* allocate mem for name and description */
2469 if (findalldevs_if.namelen)
2470 {
2471
2472 if (findalldevs_if.namelen >= sizeof(tmpstring))
2473 {
2474 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Interface name too long");
2475 goto error;
2476 }
2477
2478 /* Retrieve adapter name */
2479 if (rpcap_recv(sockctrl, tmpstring,
2480 findalldevs_if.namelen, &plen, errbuf) == -1)
2481 goto error;
2482
2483 tmpstring[findalldevs_if.namelen] = 0;
2484
2485 /* Create the new device identifier */
2486 if (pcap_createsrcstr(tmpstring2, PCAP_SRC_IFREMOTE, host, port, tmpstring, errbuf) == -1)
2487 return -1;
2488
2489 stringlen = strlen(tmpstring2);
2490
2491 dev->name = (char *)malloc(stringlen + 1);
2492 if (dev->name == NULL)
2493 {
2494 pcap_fmt_errmsg_for_errno(errbuf,
2495 PCAP_ERRBUF_SIZE, errno, "malloc() failed");
2496 goto error;
2497 }
2498
2499 /* Copy the new device name into the correct memory location */
2500 strlcpy(dev->name, tmpstring2, stringlen + 1);
2501 }
2502
2503 if (findalldevs_if.desclen)
2504 {
2505 if (findalldevs_if.desclen >= sizeof(tmpstring))
2506 {
2507 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Interface description too long");
2508 goto error;
2509 }
2510
2511 /* Retrieve adapter description */
2512 if (rpcap_recv(sockctrl, tmpstring,
2513 findalldevs_if.desclen, &plen, errbuf) == -1)
2514 goto error;
2515
2516 tmpstring[findalldevs_if.desclen] = 0;
2517
2518 pcap_snprintf(tmpstring2, sizeof(tmpstring2) - 1, "%s '%s' %s %s", PCAP_TEXT_SOURCE_ADAPTER,
2519 tmpstring, PCAP_TEXT_SOURCE_ON_REMOTE_HOST, host);
2520
2521 stringlen = strlen(tmpstring2);
2522
2523 dev->description = (char *)malloc(stringlen + 1);
2524
2525 if (dev->description == NULL)
2526 {
2527 pcap_fmt_errmsg_for_errno(errbuf,
2528 PCAP_ERRBUF_SIZE, errno, "malloc() failed");
2529 goto error;
2530 }
2531
2532 /* Copy the new device description into the correct memory location */
2533 strlcpy(dev->description, tmpstring2, stringlen + 1);
2534 }
2535
2536 dev->flags = ntohl(findalldevs_if.flags);
2537
2538 prevaddr = NULL;
2539 /* loop until all addresses have been received */
2540 for (j = 0; j < findalldevs_if.naddr; j++)
2541 {
2542 struct rpcap_findalldevs_ifaddr ifaddr;
2543
2544 /* Retrieve the interface addresses */
2545 if (rpcap_recv(sockctrl, (char *)&ifaddr,
2546 sizeof(struct rpcap_findalldevs_ifaddr),
2547 &plen, errbuf) == -1)
2548 goto error;
2549
2550 /*
2551 * Deserialize all the address components.
2552 */
2553 addr = (struct pcap_addr *) malloc(sizeof(struct pcap_addr));
2554 if (addr == NULL)
2555 {
2556 pcap_fmt_errmsg_for_errno(errbuf,
2557 PCAP_ERRBUF_SIZE, errno, "malloc() failed");
2558 goto error;
2559 }
2560 addr->next = NULL;
2561 addr->addr = NULL;
2562 addr->netmask = NULL;
2563 addr->broadaddr = NULL;
2564 addr->dstaddr = NULL;
2565
2566 if (rpcap_deseraddr(&ifaddr.addr,
2567 (struct sockaddr_storage **) &addr->addr, errbuf) == -1)
2568 {
2569 freeaddr(addr);
2570 goto error;
2571 }
2572 if (rpcap_deseraddr(&ifaddr.netmask,
2573 (struct sockaddr_storage **) &addr->netmask, errbuf) == -1)
2574 {
2575 freeaddr(addr);
2576 goto error;
2577 }
2578 if (rpcap_deseraddr(&ifaddr.broadaddr,
2579 (struct sockaddr_storage **) &addr->broadaddr, errbuf) == -1)
2580 {
2581 freeaddr(addr);
2582 goto error;
2583 }
2584 if (rpcap_deseraddr(&ifaddr.dstaddr,
2585 (struct sockaddr_storage **) &addr->dstaddr, errbuf) == -1)
2586 {
2587 freeaddr(addr);
2588 goto error;
2589 }
2590
2591 if ((addr->addr == NULL) && (addr->netmask == NULL) &&
2592 (addr->broadaddr == NULL) && (addr->dstaddr == NULL))
2593 {
2594 /*
2595 * None of the addresses are IPv4 or IPv6
2596 * addresses, so throw this entry away.
2597 */
2598 free(addr);
2599 }
2600 else
2601 {
2602 /*
2603 * Add this entry to the list.
2604 */
2605 if (prevaddr == NULL)
2606 {
2607 dev->addresses = addr;
2608 }
2609 else
2610 {
2611 prevaddr->next = addr;
2612 }
2613 prevaddr = addr;
2614 }
2615 }
2616 }
2617
2618 /* Discard the rest of the message. */
2619 if (rpcap_discard(sockctrl, plen, errbuf) == 1)
2620 return -1;
2621
2622 /* Control connection has to be closed only in case the remote machine is in passive mode */
2623 if (!active)
2624 {
2625 /* DO not send RPCAP_CLOSE, since we did not open a pcap_t; no need to free resources */
2626 if (sock_close(sockctrl, errbuf, PCAP_ERRBUF_SIZE))
2627 return -1;
2628 }
2629
2630 /* To avoid inconsistencies in the number of sock_init() */
2631 sock_cleanup();
2632
2633 return 0;
2634
2635 error:
2636 /*
2637 * In case there has been an error, I don't want to overwrite it with a new one
2638 * if the following call fails. I want to return always the original error.
2639 *
2640 * Take care: this connection can already be closed when we try to close it.
2641 * This happens because a previous error in the rpcapd, which requested to
2642 * closed the connection. In that case, we already recognized that into the
2643 * rpspck_isheaderok() and we already acknowledged the closing.
2644 * In that sense, this call is useless here (however it is needed in case
2645 * the client generates the error).
2646 *
2647 * Checks if all the data has been read; if not, discard the data in excess
2648 */
2649 (void) rpcap_discard(sockctrl, plen, NULL);
2650
2651 error_nodiscard:
2652 /* Control connection has to be closed only in case the remote machine is in passive mode */
2653 if (!active)
2654 sock_close(sockctrl, NULL, 0);
2655
2656 /* To avoid inconsistencies in the number of sock_init() */
2657 sock_cleanup();
2658
2659 /* Free whatever interfaces we've allocated. */
2660 pcap_freealldevs(*alldevs);
2661
2662 return -1;
2663 }
2664
2665 /*
2666 * Active mode routines.
2667 *
2668 * The old libpcap API is somewhat ugly, and makes active mode difficult
2669 * to implement; we provide some APIs for it that work only with rpcap.
2670 */
2671
2672 SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf)
2673 {
2674 /* socket-related variables */
2675 struct addrinfo hints; /* temporary struct to keep settings needed to open the new socket */
2676 struct addrinfo *addrinfo; /* keeps the addrinfo chain; required to open a new socket */
2677 struct sockaddr_storage from; /* generic sockaddr_storage variable */
2678 socklen_t fromlen; /* keeps the length of the sockaddr_storage variable */
2679 SOCKET sockctrl; /* keeps the main socket identifier */
2680 uint8 protocol_version; /* negotiated protocol version */
2681 struct activehosts *temp, *prev; /* temp var needed to scan he host list chain */
2682
2683 *connectinghost = 0; /* just in case */
2684
2685 /* Prepare to open a new server socket */
2686 memset(&hints, 0, sizeof(struct addrinfo));
2687 /* WARNING Currently it supports only ONE socket family among ipv4 and IPv6 */
2688 hints.ai_family = AF_INET; /* PF_UNSPEC to have both IPv4 and IPv6 server */
2689 hints.ai_flags = AI_PASSIVE; /* Ready to a bind() socket */
2690 hints.ai_socktype = SOCK_STREAM;
2691
2692 /* Warning: this call can be the first one called by the user. */
2693 /* For this reason, we have to initialize the WinSock support. */
2694 if (sock_init(errbuf, PCAP_ERRBUF_SIZE) == -1)
2695 return -1;
2696
2697 /* Do the work */
2698 if ((port == NULL) || (port[0] == 0))
2699 {
2700 if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
2701 {
2702 SOCK_ASSERT(errbuf, 1);
2703 return -2;
2704 }
2705 }
2706 else
2707 {
2708 if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
2709 {
2710 SOCK_ASSERT(errbuf, 1);
2711 return -2;
2712 }
2713 }
2714
2715
2716 if ((sockmain = sock_open(addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2717 {
2718 SOCK_ASSERT(errbuf, 1);
2719 freeaddrinfo(addrinfo);
2720 return -2;
2721 }
2722 freeaddrinfo(addrinfo);
2723
2724 /* Connection creation */
2725 fromlen = sizeof(struct sockaddr_storage);
2726
2727 sockctrl = accept(sockmain, (struct sockaddr *) &from, &fromlen);
2728
2729 /* We're not using sock_close, since we do not want to send a shutdown */
2730 /* (which is not allowed on a non-connected socket) */
2731 closesocket(sockmain);
2732 sockmain = 0;
2733
2734 if (sockctrl == INVALID_SOCKET)
2735 {
2736 sock_geterror("accept(): ", errbuf, PCAP_ERRBUF_SIZE);
2737 return -2;
2738 }
2739
2740 /* Get the numeric for of the name of the connecting host */
2741 if (getnameinfo((struct sockaddr *) &from, fromlen, connectinghost, RPCAP_HOSTLIST_SIZE, NULL, 0, NI_NUMERICHOST))
2742 {
2743 sock_geterror("getnameinfo(): ", errbuf, PCAP_ERRBUF_SIZE);
2744 rpcap_senderror(sockctrl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
2745 sock_close(sockctrl, NULL, 0);
2746 return -1;
2747 }
2748
2749 /* checks if the connecting host is among the ones allowed */
2750 if (sock_check_hostlist((char *)hostlist, RPCAP_HOSTLIST_SEP, &from, errbuf, PCAP_ERRBUF_SIZE) < 0)
2751 {
2752 rpcap_senderror(sockctrl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
2753 sock_close(sockctrl, NULL, 0);
2754 return -1;
2755 }
2756
2757 /*
2758 * Send authentication to the remote machine.
2759 */
2760 if (rpcap_doauth(sockctrl, &protocol_version, auth, errbuf) == -1)
2761 {
2762 /* Unrecoverable error. */
2763 rpcap_senderror(sockctrl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
2764 sock_close(sockctrl, NULL, 0);
2765 return -3;
2766 }
2767
2768 /* Checks that this host does not already have a cntrl connection in place */
2769
2770 /* Initialize pointers */
2771 temp = activeHosts;
2772 prev = NULL;
2773
2774 while (temp)
2775 {
2776 /* This host already has an active connection in place, so I don't have to update the host list */
2777 if (sock_cmpaddr(&temp->host, &from) == 0)
2778 return sockctrl;
2779
2780 prev = temp;
2781 temp = temp->next;
2782 }
2783
2784 /* The host does not exist in the list; so I have to update the list */
2785 if (prev)
2786 {
2787 prev->next = (struct activehosts *) malloc(sizeof(struct activehosts));
2788 temp = prev->next;
2789 }
2790 else
2791 {
2792 activeHosts = (struct activehosts *) malloc(sizeof(struct activehosts));
2793 temp = activeHosts;
2794 }
2795
2796 if (temp == NULL)
2797 {
2798 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2799 errno, "malloc() failed");
2800 rpcap_senderror(sockctrl, protocol_version, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
2801 sock_close(sockctrl, NULL, 0);
2802 return -1;
2803 }
2804
2805 memcpy(&temp->host, &from, fromlen);
2806 temp->sockctrl = sockctrl;
2807 temp->protocol_version = protocol_version;
2808 temp->next = NULL;
2809
2810 return sockctrl;
2811 }
2812
2813 int pcap_remoteact_close(const char *host, char *errbuf)
2814 {
2815 struct activehosts *temp, *prev; /* temp var needed to scan the host list chain */
2816 struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */
2817 int retval;
2818
2819 temp = activeHosts;
2820 prev = NULL;
2821
2822 /* retrieve the network address corresponding to 'host' */
2823 addrinfo = NULL;
2824 memset(&hints, 0, sizeof(struct addrinfo));
2825 hints.ai_family = PF_UNSPEC;
2826 hints.ai_socktype = SOCK_STREAM;
2827
2828 retval = getaddrinfo(host, "0", &hints, &addrinfo);
2829 if (retval != 0)
2830 {
2831 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "getaddrinfo() %s", gai_strerror(retval));
2832 return -1;
2833 }
2834
2835 while (temp)
2836 {
2837 ai_next = addrinfo;
2838 while (ai_next)
2839 {
2840 if (sock_cmpaddr(&temp->host, (struct sockaddr_storage *) ai_next->ai_addr) == 0)
2841 {
2842 struct rpcap_header header;
2843 int status = 0;
2844
2845 /* Close this connection */
2846 rpcap_createhdr(&header, temp->protocol_version,
2847 RPCAP_MSG_CLOSE, 0, 0);
2848
2849 /*
2850 * Don't check for errors, since we're
2851 * just cleaning up.
2852 */
2853 if (sock_send(temp->sockctrl,
2854 (char *)&header,
2855 sizeof(struct rpcap_header), errbuf,
2856 PCAP_ERRBUF_SIZE) < 0)
2857 {
2858 /*
2859 * Let that error be the one we
2860 * report.
2861 */
2862 (void)sock_close(temp->sockctrl, NULL,
2863 0);
2864 status = -1;
2865 }
2866 else
2867 {
2868 if (sock_close(temp->sockctrl, errbuf,
2869 PCAP_ERRBUF_SIZE) == -1)
2870 status = -1;
2871 }
2872
2873 /*
2874 * Remove the host from the list of active
2875 * hosts.
2876 */
2877 if (prev)
2878 prev->next = temp->next;
2879 else
2880 activeHosts = temp->next;
2881
2882 freeaddrinfo(addrinfo);
2883
2884 free(temp);
2885
2886 /* To avoid inconsistencies in the number of sock_init() */
2887 sock_cleanup();
2888
2889 return status;
2890 }
2891
2892 ai_next = ai_next->ai_next;
2893 }
2894 prev = temp;
2895 temp = temp->next;
2896 }
2897
2898 if (addrinfo)
2899 freeaddrinfo(addrinfo);
2900
2901 /* To avoid inconsistencies in the number of sock_init() */
2902 sock_cleanup();
2903
2904 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "The host you want to close the active connection is not known");
2905 return -1;
2906 }
2907
2908 void pcap_remoteact_cleanup(void)
2909 {
2910 /* Very dirty, but it works */
2911 if (sockmain)
2912 {
2913 closesocket(sockmain);
2914
2915 /* To avoid inconsistencies in the number of sock_init() */
2916 sock_cleanup();
2917 }
2918
2919 }
2920
2921 int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf)
2922 {
2923 struct activehosts *temp; /* temp var needed to scan the host list chain */
2924 size_t len;
2925 char hoststr[RPCAP_HOSTLIST_SIZE + 1];
2926
2927 temp = activeHosts;
2928
2929 len = 0;
2930 *hostlist = 0;
2931
2932 while (temp)
2933 {
2934 /*int sock_getascii_addrport(const struct sockaddr_storage *sockaddr, char *address, int addrlen, char *port, int portlen, int flags, char *errbuf, int errbuflen) */
2935
2936 /* Get the numeric form of the name of the connecting host */
2937 if (sock_getascii_addrport((struct sockaddr_storage *) &temp->host, hoststr,
2938 RPCAP_HOSTLIST_SIZE, NULL, 0, NI_NUMERICHOST, errbuf, PCAP_ERRBUF_SIZE) != -1)
2939 /* if (getnameinfo( (struct sockaddr *) &temp->host, sizeof (struct sockaddr_storage), hoststr, */
2940 /* RPCAP_HOSTLIST_SIZE, NULL, 0, NI_NUMERICHOST) ) */
2941 {
2942 /* sock_geterror("getnameinfo(): ", errbuf, PCAP_ERRBUF_SIZE); */
2943 return -1;
2944 }
2945
2946 len = len + strlen(hoststr) + 1 /* the separator */;
2947
2948 if ((size < 0) || (len >= (size_t)size))
2949 {
2950 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "The string you provided is not able to keep "
2951 "the hostnames for all the active connections");
2952 return -1;
2953 }
2954
2955 strlcat(hostlist, hoststr, PCAP_ERRBUF_SIZE);
2956 hostlist[len - 1] = sep;
2957 hostlist[len] = 0;
2958
2959 temp = temp->next;
2960 }
2961
2962 return 0;
2963 }
2964
2965 /*
2966 * Receive the header of a message.
2967 */
2968 static int rpcap_recv_msg_header(SOCKET sock, struct rpcap_header *header, char *errbuf)
2969 {
2970 int nrecv;
2971
2972 nrecv = sock_recv(sock, (char *) header, sizeof(struct rpcap_header),
2973 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
2974 PCAP_ERRBUF_SIZE);
2975 if (nrecv == -1)
2976 {
2977 /* Network error. */
2978 return -1;
2979 }
2980 header->plen = ntohl(header->plen);
2981 return 0;
2982 }
2983
2984 /*
2985 * Make sure the protocol version of a received message is what we were
2986 * expecting.
2987 */
2988 static int rpcap_check_msg_ver(SOCKET sock, uint8 expected_ver, struct rpcap_header *header, char *errbuf)
2989 {
2990 /*
2991 * Did the server specify the version we negotiated?
2992 */
2993 if (header->ver != expected_ver)
2994 {
2995 /*
2996 * Discard the rest of the message.
2997 */
2998 if (rpcap_discard(sock, header->plen, errbuf) == -1)
2999 return -1;
3000
3001 /*
3002 * Tell our caller that it's not the negotiated version.
3003 */
3004 if (errbuf != NULL)
3005 {
3006 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
3007 "Server sent us a message with version %u when we were expecting %u",
3008 header->ver, expected_ver);
3009 }
3010 return -1;
3011 }
3012 return 0;
3013 }
3014
3015 /*
3016 * Check the message type of a received message, which should either be
3017 * the expected message type or RPCAP_MSG_ERROR.
3018 */
3019 static int rpcap_check_msg_type(SOCKET sock, uint8 request_type, struct rpcap_header *header, uint16 *errcode, char *errbuf)
3020 {
3021 const char *request_type_string;
3022 const char *msg_type_string;
3023
3024 /*
3025 * What type of message is it?
3026 */
3027 if (header->type == RPCAP_MSG_ERROR)
3028 {
3029 /*
3030 * The server reported an error.
3031 * Hand that error back to our caller.
3032 */
3033 *errcode = ntohs(header->value);
3034 rpcap_msg_err(sock, header->plen, errbuf);
3035 return -1;
3036 }
3037
3038 *errcode = 0;
3039
3040 /*
3041 * For a given request type value, the expected reply type value
3042 * is the request type value with ORed with RPCAP_MSG_IS_REPLY.
3043 */
3044 if (header->type != (request_type | RPCAP_MSG_IS_REPLY))
3045 {
3046 /*
3047 * This isn't a reply to the request we sent.
3048 */
3049
3050 /*
3051 * Discard the rest of the message.
3052 */
3053 if (rpcap_discard(sock, header->plen, errbuf) == -1)
3054 return -1;
3055
3056 /*
3057 * Tell our caller about it.
3058 */
3059 request_type_string = rpcap_msg_type_string(request_type);
3060 msg_type_string = rpcap_msg_type_string(header->type);
3061 if (errbuf != NULL)
3062 {
3063 if (request_type_string == NULL)
3064 {
3065 /* This should not happen. */
3066 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
3067 "rpcap_check_msg_type called for request message with type %u",
3068 request_type);
3069 return -1;
3070 }
3071 if (msg_type_string != NULL)
3072 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
3073 "%s message received in response to a %s message",
3074 msg_type_string, request_type_string);
3075 else
3076 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
3077 "Message of unknown type %u message received in response to a %s request",
3078 header->type, request_type_string);
3079 }
3080 return -1;
3081 }
3082
3083 return 0;
3084 }
3085
3086 /*
3087 * Receive and process the header of a message.
3088 */
3089 static int rpcap_process_msg_header(SOCKET sock, uint8 expected_ver, uint8 request_type, struct rpcap_header *header, char *errbuf)
3090 {
3091 uint16 errcode;
3092
3093 if (rpcap_recv_msg_header(sock, header, errbuf) == -1)
3094 {
3095 /* Network error. */
3096 return -1;
3097 }
3098
3099 /*
3100 * Did the server specify the version we negotiated?
3101 */
3102 if (rpcap_check_msg_ver(sock, expected_ver, header, errbuf) == -1)
3103 return -1;
3104
3105 /*
3106 * Check the message type.
3107 */
3108 return rpcap_check_msg_type(sock, request_type, header,
3109 &errcode, errbuf);
3110 }
3111
3112 /*
3113 * Read data from a message.
3114 * If we're trying to read more data that remains, puts an error
3115 * message into errmsgbuf and returns -2. Otherwise, tries to read
3116 * the data and, if that succeeds, subtracts the amount read from
3117 * the number of bytes of data that remains.
3118 * Returns 0 on success, logs a message and returns -1 on a network
3119 * error.
3120 */
3121 static int rpcap_recv(SOCKET sock, void *buffer, size_t toread, uint32 *plen, char *errbuf)
3122 {
3123 int nread;
3124
3125 if (toread > *plen)
3126 {
3127 /* The server sent us a bad message */
3128 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
3129 return -1;
3130 }
3131 nread = sock_recv(sock, buffer, toread,
3132 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
3133 if (nread == -1)
3134 {
3135 return -1;
3136 }
3137 *plen -= nread;
3138 return 0;
3139 }
3140
3141 /*
3142 * This handles the RPCAP_MSG_ERROR message.
3143 */
3144 static void rpcap_msg_err(SOCKET sockctrl, uint32 plen, char *remote_errbuf)
3145 {
3146 char errbuf[PCAP_ERRBUF_SIZE];
3147
3148 if (plen >= PCAP_ERRBUF_SIZE)
3149 {
3150 /*
3151 * Message is too long; just read as much of it as we
3152 * can into the buffer provided, and discard the rest.
3153 */
3154 if (sock_recv(sockctrl, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
3155 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
3156 PCAP_ERRBUF_SIZE) == -1)
3157 {
3158 // Network error.
3159 pcap_snprintf(remote_errbuf, PCAP_ERRBUF_SIZE, "Read of error message from client failed: %s", errbuf);
3160 return;
3161 }
3162
3163 /*
3164 * Null-terminate it.
3165 */
3166 remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0';
3167
3168 /*
3169 * Throw away the rest.
3170 */
3171 (void)rpcap_discard(sockctrl, plen - (PCAP_ERRBUF_SIZE - 1), remote_errbuf);
3172 }
3173 else if (plen == 0)
3174 {
3175 /* Empty error string. */
3176 remote_errbuf[0] = '\0';
3177 }
3178 else
3179 {
3180 if (sock_recv(sockctrl, remote_errbuf, plen,
3181 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
3182 PCAP_ERRBUF_SIZE) == -1)
3183 {
3184 // Network error.
3185 pcap_snprintf(remote_errbuf, PCAP_ERRBUF_SIZE, "Read of error message from client failed: %s", errbuf);
3186 return;
3187 }
3188
3189 /*
3190 * Null-terminate it.
3191 */
3192 remote_errbuf[plen] = '\0';
3193 }
3194 }
3195
3196 /*
3197 * Discard data from a connection.
3198 * Mostly used to discard wrong-sized messages.
3199 * Returns 0 on success, logs a message and returns -1 on a network
3200 * error.
3201 */
3202 static int rpcap_discard(SOCKET sock, uint32 len, char *errbuf)
3203 {
3204 if (len != 0)
3205 {
3206 if (sock_discard(sock, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
3207 {
3208 // Network error.
3209 return -1;
3210 }
3211 }
3212 return 0;
3213 }
3214
3215 /*
3216 * Read bytes into the pcap_t's buffer until we have the specified
3217 * number of bytes read or we get an error or interrupt indication.
3218 */
3219 static int rpcap_read_packet_msg(SOCKET sock, pcap_t *p, size_t size)
3220 {
3221 u_char *bp;
3222 int cc;
3223 int bytes_read;
3224
3225 bp = p->bp;
3226 cc = p->cc;
3227
3228 /*
3229 * Loop until we have the amount of data requested or we get
3230 * an error or interrupt.
3231 */
3232 while ((size_t)cc < size)
3233 {
3234 /*
3235 * We haven't read all of the packet header yet.
3236 * Read what remains, which could be all of it.
3237 */
3238 bytes_read = sock_recv(sock, bp, size - cc,
3239 SOCK_RECEIVEALL_NO|SOCK_EOF_IS_ERROR, p->errbuf,
3240 PCAP_ERRBUF_SIZE);
3241 if (bytes_read == -1)
3242 {
3243 /*
3244 * Network error. Update the read pointer and
3245 * byte count, and return an error indication.
3246 */
3247 p->bp = bp;
3248 p->cc = cc;
3249 return -1;
3250 }
3251 if (bytes_read == -3)
3252 {
3253 /*
3254 * Interrupted receive. Update the read
3255 * pointer and byte count, and return
3256 * an interrupted indication.
3257 */
3258 p->bp = bp;
3259 p->cc = cc;
3260 return -3;
3261 }
3262 if (bytes_read == 0)
3263 {
3264 /*
3265 * EOF - server terminated the connection.
3266 * Update the read pointer and byte count, and
3267 * return an error indication.
3268 */
3269 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3270 "The server terminated the connection.");
3271 return -1;
3272 }
3273 bp += bytes_read;
3274 cc += bytes_read;
3275 }
3276 p->bp = bp;
3277 p->cc = cc;
3278 return 0;
3279 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism