]> The Tcpdump Group git mirrors - libpcap/blob - rpcapd/daemon.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Initialize most of the pars structure before we use it.
[libpcap] / rpcapd / daemon.c
1 /*
2 * Copyright (c) 2002 - 2003
3 * NetGroup, Politecnico di Torino (Italy)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #ifdef HAVE_CONFIG_H
33 #include <config.h>
34 #endif
35
36 #include "ftmacros.h"
37 #include "varattrs.h"
38
39 #include <errno.h> // for the errno variable
40 #include <stdlib.h> // for malloc(), free(), ...
41 #include <string.h> // for strlen(), ...
42 #include <limits.h> // for INT_MAX
43
44 #ifdef _WIN32
45 #include <process.h> // for threads
46 #else
47 #include <unistd.h>
48 #include <pthread.h>
49 #include <sys/time.h>
50 #include <sys/types.h> // for select() and such
51 #include <pwd.h> // for password management
52 #endif
53
54 #ifdef HAVE_GETSPNAM
55 #include <shadow.h> // for password management
56 #endif
57
58 #include <pcap.h> // for libpcap/WinPcap calls
59
60 #include "fmtutils.h"
61 #include "sockutils.h" // for socket calls
62 #include "portability.h"
63 #include "rpcap-protocol.h"
64 #include "daemon.h"
65 #include "log.h"
66
67 #ifdef HAVE_OPENSSL
68 #include <openssl/ssl.h>
69 #include "sslutils.h"
70 #endif
71
72 #define RPCAP_TIMEOUT_INIT 90 /* Initial timeout for RPCAP connections (default: 90 sec) */
73 #define RPCAP_TIMEOUT_RUNTIME 180 /* Run-time timeout for RPCAP connections (default: 3 min) */
74 #define RPCAP_SUSPEND_WRONGAUTH 1 /* If the authentication is wrong, stops 1 sec before accepting a new auth message */
75
76 // Parameters for the service loop.
77 struct daemon_slpars
78 {
79 SOCKET sockctrl_in; //!< SOCKET ID of the input side of the control connection
80 SOCKET sockctrl_out; //!< SOCKET ID of the output side of the control connection
81 SSL *ssl; //!< Optional SSL handler for the controlling sockets
82 uint8 protocol_version; //!< negotiated protocol version
83 int isactive; //!< Not null if the daemon has to run in active mode
84 int nullAuthAllowed; //!< '1' if we permit NULL authentication, '0' otherwise
85 };
86
87 /*
88 * Data for a session managed by a thread.
89 */
90 struct session {
91 SOCKET sockctrl_out;
92 SOCKET sockdata;
93 SSL *ctrl_ssl, *data_ssl; // optional SSL handlers for sockctrl_out and sockdata.
94 uint8 protocol_version;
95 pcap_t *fp;
96 unsigned int TotCapt;
97 };
98
99 //
100 // Structure to refer to a thread.
101 // It includes both a Boolean indicating whether we *have* a thread,
102 // and a platform-dependent (UN*X vs. Windows) identifier for the
103 // thread; on Windows, we could use an invalid handle to indicate
104 // that we don't have a thread, but there *is* no portable "no thread"
105 // value for a pthread_t on UN*X.
106 //
107 struct thread_handle {
108 int have_thread;
109 #ifdef _WIN32
110 HANDLE thread;
111 #else
112 pthread_t thread;
113 #endif
114 };
115
116 // Locally defined functions
117 static int daemon_msg_err(SOCKET sockctrl_in, SSL *, uint32 plen);
118 static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen);
119 static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
120
121 static int daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen);
122
123 static int daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_t sourcelen);
124 static int daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, struct thread_handle *threaddata, char *source, struct session **sessionp, struct rpcap_sampling *samp_param, int uses_ssl);
125 static int daemon_msg_endcap_req(struct daemon_slpars *pars, struct session *session, struct thread_handle *threaddata);
126
127 static int daemon_msg_updatefilter_req(struct daemon_slpars *pars, struct session *session, uint32 plen);
128 static int daemon_unpackapplyfilter(SOCKET sockctrl_in, SSL *, struct session *session, uint32 *plenp, char *errbuf);
129
130 static int daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32 plen, struct pcap_stat *stats, unsigned int svrcapt);
131
132 static int daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap_sampling *samp_param);
133
134 static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
135 #ifdef _WIN32
136 static unsigned __stdcall daemon_thrdatamain(void *ptr);
137 #else
138 static void *daemon_thrdatamain(void *ptr);
139 #endif
140
141 static int rpcapd_recv_msg_header(SOCKET sock, SSL *, struct rpcap_header *headerp);
142 static int rpcapd_recv(SOCKET sock, SSL *, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf);
143 static int rpcapd_discard(SOCKET sock, SSL *, uint32 len);
144 static void session_close(struct session *);
145
146 int
147 daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out,
148 int isactive, char *passiveClients, int nullAuthAllowed, int uses_ssl)
149 {
150 struct daemon_slpars pars; // service loop parameters
151 char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
152 char errmsgbuf[PCAP_ERRBUF_SIZE + 1]; // buffer for errors to send to the client
153 int host_port_ok;
154 SSL *ssl = NULL;
155 int nrecv;
156 struct rpcap_header header; // RPCAP message general header
157 uint32 plen; // payload length from header
158 int authenticated = 0; // 1 if the client has successfully authenticated
159 char source[PCAP_BUF_SIZE+1]; // keeps the string that contains the interface to open
160 int got_source = 0; // 1 if we've gotten the source from an open request
161 struct session *session = NULL; // struct session main variable
162 const char *msg_type_string; // string for message type
163 int client_told_us_to_close = 0; // 1 if the client told us to close the capture
164
165 struct thread_handle threaddata; // 'read from daemon and send to client' thread
166
167 // needed to save the values of the statistics
168 struct pcap_stat stats;
169 unsigned int svrcapt;
170
171 struct rpcap_sampling samp_param; // in case sampling has been requested
172
173 // Structures needed for the select() call
174 fd_set rfds; // set of socket descriptors we have to check
175 struct timeval tv; // maximum time the select() can block waiting for data
176 int retval; // select() return value
177
178 // We don't have a thread yet.
179 threaddata.have_thread = 0;
180 //
181 // We *shouldn't* have to initialize the thread indicator
182 // itself, because the compiler *should* realize that we
183 // only use this if have_thread isn't 0, but we *do* have
184 // to do it, because not all compilers *do* realize that.
185 //
186 // There is no "invalid thread handle" value for a UN*X
187 // pthread_t, so we just zero it out.
188 //
189 #ifdef _WIN32
190 threaddata.thread = INVALID_HANDLE_VALUE;
191 #else
192 memset(&threaddata.thread, 0, sizeof(threaddata.thread));
193 #endif
194
195 *errbuf = 0; // Initialize errbuf
196
197 // Set parameters structure
198 pars.sockctrl_in = sockctrl_in;
199 pars.sockctrl_out = sockctrl_out;
200 pars.protocol_version = 0; // not yet known
201 pars.isactive = isactive; // active mode
202 pars.nullAuthAllowed = nullAuthAllowed;
203
204 #ifdef HAVE_OPENSSL
205 //
206 // We have to upgrade to TLS as soon as possible, so that the
207 // whole protocol goes through the encrypted tunnel, including
208 // early error messages.
209 //
210 // Even in active mode, the other end has to initiate the TLS
211 // handshake as we still are the server as far as TLS is concerned,
212 // so we don't check isactive.
213 //
214 if (uses_ssl)
215 {
216 ssl = ssl_promotion_rw(1, pars.sockctrl_in, pars.sockctrl_out, errbuf, PCAP_ERRBUF_SIZE);
217 if (! ssl)
218 {
219 rpcapd_log(LOGPRIO_ERROR, "TLS handshake on control connection failed: %s",
220 errbuf);
221 goto end;
222 }
223 }
224 #endif
225 pars.ssl = ssl;
226
227 //
228 // We have a connection.
229 //
230 // If it's a passive mode connection, check whether the connecting
231 // host is among the ones allowed.
232 //
233 // In either case, we were handed a copy of the host list; free it
234 // as soon as we're done with it.
235 //
236 if (pars.isactive)
237 {
238 // Nothing to do.
239 free(passiveClients);
240 passiveClients = NULL;
241 }
242 else
243 {
244 struct sockaddr_storage from;
245 socklen_t fromlen;
246
247 //
248 // Get the address of the other end of the connection.
249 //
250 fromlen = sizeof(struct sockaddr_storage);
251 if (getpeername(pars.sockctrl_in, (struct sockaddr *)&from,
252 &fromlen) == -1)
253 {
254 sock_geterror("getpeername(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
255 if (rpcap_senderror(pars.sockctrl_out, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
256 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
257 goto end;
258 }
259
260 //
261 // Are they in the list of host/port combinations we allow?
262 //
263 host_port_ok = (sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE) == 0);
264 free(passiveClients);
265 passiveClients = NULL;
266 if (!host_port_ok)
267 {
268 //
269 // Sorry, you're not on the guest list.
270 //
271 if (rpcap_senderror(pars.sockctrl_out, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1)
272 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
273 goto end;
274 }
275 }
276
277 //
278 // The client must first authenticate; loop until they send us a
279 // message with a version we support and credentials we accept,
280 // they send us a close message indicating that they're giving up,
281 // or we get a network error or other fatal error.
282 //
283 while (!authenticated)
284 {
285 //
286 // If we're in active mode, we have to check for the
287 // initial timeout.
288 //
289 // XXX - do this on *every* trip through the loop?
290 //
291 if (!pars.isactive)
292 {
293 FD_ZERO(&rfds);
294 // We do not have to block here
295 tv.tv_sec = RPCAP_TIMEOUT_INIT;
296 tv.tv_usec = 0;
297
298 FD_SET(pars.sockctrl_in, &rfds);
299
300 retval = select((int)pars.sockctrl_in + 1, &rfds, NULL, NULL, &tv);
301 if (retval == -1)
302 {
303 sock_geterror("select failed: ", errmsgbuf, PCAP_ERRBUF_SIZE);
304 if (rpcap_senderror(pars.sockctrl_out, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
305 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
306 goto end;
307 }
308
309 // The timeout has expired
310 // So, this was a fake connection. Drop it down
311 if (retval == 0)
312 {
313 if (rpcap_senderror(pars.sockctrl_out, pars.ssl, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1)
314 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
315 goto end;
316 }
317 }
318
319 //
320 // Read the message header from the client.
321 //
322 nrecv = rpcapd_recv_msg_header(pars.sockctrl_in, pars.ssl, &header);
323 if (nrecv == -1)
324 {
325 // Fatal error.
326 goto end;
327 }
328 if (nrecv == -2)
329 {
330 // Client closed the connection.
331 goto end;
332 }
333
334 plen = header.plen;
335
336 //
337 // Did the client specify a version we can handle?
338 //
339 if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
340 {
341 //
342 // Tell them it's not a valid protocol version.
343 //
344 uint8 reply_version;
345
346 //
347 // If RPCAP_MIN_VERSION is 0, no version is too
348 // old, as the oldest supported version is 0,
349 // and there are no negative versions.
350 //
351 #if RPCAP_MIN_VERSION != 0
352 if (header.ver < RPCAP_MIN_VERSION)
353 {
354 //
355 // Their maximum version is too old;
356 // there *is* no version we can both
357 // handle, and they might reject
358 // an error with a version they don't
359 // understand, so reply with the
360 // version they sent. That may
361 // make them retry with that version,
362 // but they'll give up on that
363 // failure.
364 //
365 reply_version = header.ver;
366 }
367 else
368 #endif
369 {
370 //
371 // Their maximum version is too new,
372 // but they might be able to handle
373 // *our* maximum version, so reply
374 // with that version.
375 //
376 reply_version = RPCAP_MAX_VERSION;
377 }
378 if (rpcap_senderror(pars.sockctrl_out, pars.ssl, reply_version,
379 PCAP_ERR_WRONGVER, "RPCAP version number mismatch",
380 errbuf) == -1)
381 {
382 // That failed; log a message and give up.
383 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
384 goto end;
385 }
386
387 // Discard the rest of the message.
388 if (rpcapd_discard(pars.sockctrl_in, pars.ssl, plen) == -1)
389 {
390 // Network error.
391 goto end;
392 }
393
394 // Let them try again.
395 continue;
396 }
397
398 //
399 // OK, we use the version the client specified.
400 //
401 pars.protocol_version = header.ver;
402
403 switch (header.type)
404 {
405 case RPCAP_MSG_AUTH_REQ:
406 retval = daemon_msg_auth_req(&pars, plen);
407 if (retval == -1)
408 {
409 // Fatal error; a message has
410 // been logged, so just give up.
411 goto end;
412 }
413 if (retval == -2)
414 {
415 // Non-fatal error; we sent back
416 // an error message, so let them
417 // try again.
418 continue;
419 }
420
421 // OK, we're authenticated; we sent back
422 // a reply, so start serving requests.
423 authenticated = 1;
424 break;
425
426 case RPCAP_MSG_CLOSE:
427 //
428 // The client is giving up.
429 // Discard the rest of the message, if
430 // there is anything more.
431 //
432 (void)rpcapd_discard(pars.sockctrl_in, pars.ssl, plen);
433 // We're done with this client.
434 goto end;
435
436 case RPCAP_MSG_ERROR:
437 // Log this and close the connection?
438 // XXX - is this what happens in active
439 // mode, where *we* initiate the
440 // connection, and the client gives us
441 // an error message rather than a "let
442 // me log in" message, indicating that
443 // we're not allowed to connect to them?
444 (void)daemon_msg_err(pars.sockctrl_in, pars.ssl, plen);
445 goto end;
446
447 case RPCAP_MSG_FINDALLIF_REQ:
448 case RPCAP_MSG_OPEN_REQ:
449 case RPCAP_MSG_STARTCAP_REQ:
450 case RPCAP_MSG_UPDATEFILTER_REQ:
451 case RPCAP_MSG_STATS_REQ:
452 case RPCAP_MSG_ENDCAP_REQ:
453 case RPCAP_MSG_SETSAMPLING_REQ:
454 //
455 // These requests can't be sent until
456 // the client is authenticated.
457 //
458 msg_type_string = rpcap_msg_type_string(header.type);
459 if (msg_type_string != NULL)
460 {
461 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string);
462 }
463 else
464 {
465 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type);
466 }
467 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
468 pars.protocol_version, PCAP_ERR_WRONGMSG,
469 errmsgbuf, errbuf) == -1)
470 {
471 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
472 goto end;
473 }
474 // Discard the rest of the message.
475 if (rpcapd_discard(pars.sockctrl_in, pars.ssl, plen) == -1)
476 {
477 // Network error.
478 goto end;
479 }
480 break;
481
482 case RPCAP_MSG_PACKET:
483 case RPCAP_MSG_FINDALLIF_REPLY:
484 case RPCAP_MSG_OPEN_REPLY:
485 case RPCAP_MSG_STARTCAP_REPLY:
486 case RPCAP_MSG_UPDATEFILTER_REPLY:
487 case RPCAP_MSG_AUTH_REPLY:
488 case RPCAP_MSG_STATS_REPLY:
489 case RPCAP_MSG_ENDCAP_REPLY:
490 case RPCAP_MSG_SETSAMPLING_REPLY:
491 //
492 // These are server-to-client messages.
493 //
494 msg_type_string = rpcap_msg_type_string(header.type);
495 if (msg_type_string != NULL)
496 {
497 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
498 }
499 else
500 {
501 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
502 }
503 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
504 pars.protocol_version, PCAP_ERR_WRONGMSG,
505 errmsgbuf, errbuf) == -1)
506 {
507 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
508 goto end;
509 }
510 // Discard the rest of the message.
511 if (rpcapd_discard(pars.sockctrl_in, pars.ssl, plen) == -1)
512 {
513 // Fatal error.
514 goto end;
515 }
516 break;
517
518 default:
519 //
520 // Unknown message type.
521 //
522 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
523 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
524 pars.protocol_version, PCAP_ERR_WRONGMSG,
525 errmsgbuf, errbuf) == -1)
526 {
527 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
528 goto end;
529 }
530 // Discard the rest of the message.
531 if (rpcapd_discard(pars.sockctrl_in, pars.ssl, plen) == -1)
532 {
533 // Fatal error.
534 goto end;
535 }
536 break;
537 }
538 }
539
540 //
541 // OK, the client has authenticated itself, and we can start
542 // processing regular requests from it.
543 //
544
545 //
546 // We don't have any statistics yet.
547 //
548 stats.ps_ifdrop = 0;
549 stats.ps_recv = 0;
550 stats.ps_drop = 0;
551 svrcapt = 0;
552
553 //
554 // Service requests.
555 //
556 for (;;)
557 {
558 errbuf[0] = 0; // clear errbuf
559
560 // Avoid zombies connections; check if the connection is opens but no commands are performed
561 // from more than RPCAP_TIMEOUT_RUNTIME
562 // Conditions:
563 // - I have to be in normal mode (no active mode)
564 // - if the device is open, I don't have to be in the middle of a capture (session->sockdata)
565 // - if the device is closed, I have always to check if a new command arrives
566 //
567 // Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
568 // sockdata is 0
569 if ((!pars.isactive) && ((session == NULL) || ((session != NULL) && (session->sockdata == 0))))
570 {
571 // Check for the initial timeout
572 FD_ZERO(&rfds);
573 // We do not have to block here
574 tv.tv_sec = RPCAP_TIMEOUT_RUNTIME;
575 tv.tv_usec = 0;
576
577 FD_SET(pars.sockctrl_in, &rfds);
578
579 retval = select((int)pars.sockctrl_in + 1, &rfds, NULL, NULL, &tv);
580 if (retval == -1)
581 {
582 sock_geterror("select failed: ", errmsgbuf, PCAP_ERRBUF_SIZE);
583 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
584 pars.protocol_version, PCAP_ERR_NETW,
585 errmsgbuf, errbuf) == -1)
586 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
587 goto end;
588 }
589
590 // The timeout has expired
591 // So, this was a fake connection. Drop it down
592 if (retval == 0)
593 {
594 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
595 pars.protocol_version,
596 PCAP_ERR_INITTIMEOUT,
597 "The RPCAP initial timeout has expired",
598 errbuf) == -1)
599 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
600 goto end;
601 }
602 }
603
604 //
605 // Read the message header from the client.
606 //
607 nrecv = rpcapd_recv_msg_header(pars.sockctrl_in, pars.ssl, &header);
608 if (nrecv == -1)
609 {
610 // Fatal error.
611 goto end;
612 }
613 if (nrecv == -2)
614 {
615 // Client closed the connection.
616 goto end;
617 }
618
619 plen = header.plen;
620
621 //
622 // Did the client specify the version we negotiated?
623 //
624 // For now, there's only one version.
625 //
626 if (header.ver != pars.protocol_version)
627 {
628 //
629 // Tell them it's not the negotiated version.
630 // Send the error message with their version,
631 // so they don't reject it as having the wrong
632 // version.
633 //
634 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
635 header.ver, PCAP_ERR_WRONGVER,
636 "RPCAP version in message isn't the negotiated version",
637 errbuf) == -1)
638 {
639 // That failed; log a message and give up.
640 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
641 goto end;
642 }
643
644 // Discard the rest of the message.
645 (void)rpcapd_discard(pars.sockctrl_in, pars.ssl, plen);
646 // Give up on them.
647 goto end;
648 }
649
650 switch (header.type)
651 {
652 case RPCAP_MSG_ERROR: // The other endpoint reported an error
653 {
654 (void)daemon_msg_err(pars.sockctrl_in, pars.ssl, plen);
655 // Do nothing; just exit; the error code is already into the errbuf
656 // XXX - actually exit....
657 break;
658 }
659
660 case RPCAP_MSG_FINDALLIF_REQ:
661 {
662 if (daemon_msg_findallif_req(&pars, plen) == -1)
663 {
664 // Fatal error; a message has
665 // been logged, so just give up.
666 goto end;
667 }
668 break;
669 }
670
671 case RPCAP_MSG_OPEN_REQ:
672 {
673 //
674 // Process the open request, and keep
675 // the source from it, for use later
676 // when the capture is started.
677 //
678 // XXX - we don't care if the client sends
679 // us multiple open requests, the last
680 // one wins.
681 //
682 retval = daemon_msg_open_req(&pars, plen, source, sizeof(source));
683 if (retval == -1)
684 {
685 // Fatal error; a message has
686 // been logged, so just give up.
687 goto end;
688 }
689 got_source = 1;
690 break;
691 }
692
693 case RPCAP_MSG_STARTCAP_REQ:
694 {
695 if (!got_source)
696 {
697 // They never told us what device
698 // to capture on!
699 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
700 pars.protocol_version,
701 PCAP_ERR_STARTCAPTURE,
702 "No capture device was specified",
703 errbuf) == -1)
704 {
705 // Fatal error; log an
706 // error and give up.
707 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
708 goto end;
709 }
710 if (rpcapd_discard(pars.sockctrl_in, pars.ssl, plen) == -1)
711 {
712 goto end;
713 }
714 break;
715 }
716
717 if (daemon_msg_startcap_req(&pars, plen, &threaddata, source, &session, &samp_param, uses_ssl) == -1)
718 {
719 // Fatal error; a message has
720 // been logged, so just give up.
721 goto end;
722 }
723 break;
724 }
725
726 case RPCAP_MSG_UPDATEFILTER_REQ:
727 {
728 if (session)
729 {
730 if (daemon_msg_updatefilter_req(&pars, session, plen) == -1)
731 {
732 // Fatal error; a message has
733 // been logged, so just give up.
734 goto end;
735 }
736 }
737 else
738 {
739 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
740 pars.protocol_version,
741 PCAP_ERR_UPDATEFILTER,
742 "Device not opened. Cannot update filter",
743 errbuf) == -1)
744 {
745 // That failed; log a message and give up.
746 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
747 goto end;
748 }
749 }
750 break;
751 }
752
753 case RPCAP_MSG_CLOSE: // The other endpoint close the pcap session
754 {
755 //
756 // Indicate to our caller that the client
757 // closed the control connection.
758 // This is used only in case of active mode.
759 //
760 client_told_us_to_close = 1;
761 rpcapd_log(LOGPRIO_DEBUG, "The other end system asked to close the connection.");
762 goto end;
763 }
764
765 case RPCAP_MSG_STATS_REQ:
766 {
767 if (daemon_msg_stats_req(&pars, session, plen, &stats, svrcapt) == -1)
768 {
769 // Fatal error; a message has
770 // been logged, so just give up.
771 goto end;
772 }
773 break;
774 }
775
776 case RPCAP_MSG_ENDCAP_REQ: // The other endpoint close the current capture session
777 {
778 if (session)
779 {
780 // Save statistics (we can need them in the future)
781 if (pcap_stats(session->fp, &stats))
782 {
783 svrcapt = session->TotCapt;
784 }
785 else
786 {
787 stats.ps_ifdrop = 0;
788 stats.ps_recv = 0;
789 stats.ps_drop = 0;
790 svrcapt = 0;
791 }
792
793 if (daemon_msg_endcap_req(&pars, session, &threaddata) == -1)
794 {
795 free(session);
796 session = NULL;
797 // Fatal error; a message has
798 // been logged, so just give up.
799 goto end;
800 }
801 free(session);
802 session = NULL;
803 }
804 else
805 {
806 rpcap_senderror(pars.sockctrl_out, pars.ssl,
807 pars.protocol_version,
808 PCAP_ERR_ENDCAPTURE,
809 "Device not opened. Cannot close the capture",
810 errbuf);
811 }
812 break;
813 }
814
815 case RPCAP_MSG_SETSAMPLING_REQ:
816 {
817 if (daemon_msg_setsampling_req(&pars, plen, &samp_param) == -1)
818 {
819 // Fatal error; a message has
820 // been logged, so just give up.
821 goto end;
822 }
823 break;
824 }
825
826 case RPCAP_MSG_AUTH_REQ:
827 {
828 //
829 // We're already authenticated; you don't
830 // get to reauthenticate.
831 //
832 rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed");
833 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
834 pars.protocol_version,
835 PCAP_ERR_WRONGMSG,
836 "RPCAP_MSG_AUTH_REQ request sent after authentication was completed",
837 errbuf) == -1)
838 {
839 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
840 goto end;
841 }
842 // Discard the rest of the message.
843 if (rpcapd_discard(pars.sockctrl_in, pars.ssl, plen) == -1)
844 {
845 // Fatal error.
846 goto end;
847 }
848 goto end;
849
850 case RPCAP_MSG_PACKET:
851 case RPCAP_MSG_FINDALLIF_REPLY:
852 case RPCAP_MSG_OPEN_REPLY:
853 case RPCAP_MSG_STARTCAP_REPLY:
854 case RPCAP_MSG_UPDATEFILTER_REPLY:
855 case RPCAP_MSG_AUTH_REPLY:
856 case RPCAP_MSG_STATS_REPLY:
857 case RPCAP_MSG_ENDCAP_REPLY:
858 case RPCAP_MSG_SETSAMPLING_REPLY:
859 //
860 // These are server-to-client messages.
861 //
862 msg_type_string = rpcap_msg_type_string(header.type);
863 if (msg_type_string != NULL)
864 {
865 rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string);
866 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
867 }
868 else
869 {
870 rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type);
871 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
872 }
873 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
874 pars.protocol_version, PCAP_ERR_WRONGMSG,
875 errmsgbuf, errbuf) == -1)
876 {
877 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
878 goto end;
879 }
880 // Discard the rest of the message.
881 if (rpcapd_discard(pars.sockctrl_in, pars.ssl, plen) == -1)
882 {
883 // Fatal error.
884 goto end;
885 }
886 goto end;
887
888 default:
889 //
890 // Unknown message type.
891 //
892 rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type);
893 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
894 if (rpcap_senderror(pars.sockctrl_out, pars.ssl,
895 pars.protocol_version, PCAP_ERR_WRONGMSG,
896 errbuf, errmsgbuf) == -1)
897 {
898 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
899 goto end;
900 }
901 // Discard the rest of the message.
902 if (rpcapd_discard(pars.sockctrl_in, pars.ssl, plen) == -1)
903 {
904 // Fatal error.
905 goto end;
906 }
907 goto end;
908 }
909 }
910 }
911
912 end:
913 // The child thread is about to end
914
915 // perform pcap_t cleanup, in case it has not been done
916 if (session)
917 {
918 if (threaddata.have_thread)
919 {
920 #ifdef _WIN32
921 //
922 // Tell the data connection thread main capture
923 // loop to break out of that loop.
924 //
925 pcap_breakloop(session->fp);
926
927 //
928 // If it's currently blocked waiting for packets
929 // to arrive, try to wake it up, so it can see
930 // the "break out of the loop" indication.
931 //
932 SetEvent(pcap_getevent(session->fp));
933
934 //
935 // Wait for the thread to exit, so we don't close
936 // sockets out from under it.
937 //
938 // XXX - have a timeout, so we don't wait forever?
939 //
940 WaitForSingleObject(threaddata.thread, INFINITE);
941
942 //
943 // Release the thread handle, as we're done with
944 // it.
945 //
946 CloseHandle(threaddata.thread);
947 #else
948 pthread_cancel(threaddata.thread);
949 #endif
950 threaddata.have_thread = 0;
951 }
952
953 session_close(session);
954 free(session);
955 session = NULL;
956 }
957
958 #ifdef HAVE_OPENSSL
959 if (ssl)
960 {
961 SSL_free(ssl);
962 }
963 #endif
964
965 // Print message and return
966 rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop");
967 rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf);
968
969 return client_told_us_to_close;
970 }
971
972 /*
973 * This handles the RPCAP_MSG_ERR message.
974 */
975 static int
976 daemon_msg_err(SOCKET sockctrl_in, SSL *ssl, uint32 plen)
977 {
978 char errbuf[PCAP_ERRBUF_SIZE];
979 char remote_errbuf[PCAP_ERRBUF_SIZE];
980
981 if (plen >= PCAP_ERRBUF_SIZE)
982 {
983 /*
984 * Message is too long; just read as much of it as we
985 * can into the buffer provided, and discard the rest.
986 */
987 if (sock_recv(sockctrl_in, ssl, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
988 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
989 PCAP_ERRBUF_SIZE) == -1)
990 {
991 // Network error.
992 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
993 return -1;
994 }
995 if (rpcapd_discard(sockctrl_in, ssl, plen - (PCAP_ERRBUF_SIZE - 1)) == -1)
996 {
997 // Network error.
998 return -1;
999 }
1000
1001 /*
1002 * Null-terminate it.
1003 */
1004 remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0';
1005 }
1006 else if (plen == 0)
1007 {
1008 /* Empty error string. */
1009 remote_errbuf[0] = '\0';
1010 }
1011 else
1012 {
1013 if (sock_recv(sockctrl_in, ssl, remote_errbuf, plen,
1014 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
1015 PCAP_ERRBUF_SIZE) == -1)
1016 {
1017 // Network error.
1018 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1019 return -1;
1020 }
1021
1022 /*
1023 * Null-terminate it.
1024 */
1025 remote_errbuf[plen] = '\0';
1026 }
1027 // Log the message
1028 rpcapd_log(LOGPRIO_ERROR, "Error from client: %s", remote_errbuf);
1029 return 0;
1030 }
1031
1032 /*
1033 * This handles the RPCAP_MSG_AUTH_REQ message.
1034 * It checks if the authentication credentials supplied by the user are valid.
1035 *
1036 * This function is called if the daemon receives a RPCAP_MSG_AUTH_REQ
1037 * message in its authentication loop. It reads the body of the
1038 * authentication message from the network and checks whether the
1039 * credentials are valid.
1040 *
1041 * \param sockctrl: the socket for the control connection.
1042 *
1043 * \param nullAuthAllowed: '1' if the NULL authentication is allowed.
1044 *
1045 * \param errbuf: a user-allocated buffer in which the error message
1046 * (if one) has to be written. It must be at least PCAP_ERRBUF_SIZE
1047 * bytes long.
1048 *
1049 * \return '0' if everything is fine, '-1' if an unrecoverable error occurred,
1050 * or '-2' if the authentication failed. For errors, an error message is
1051 * returned in the 'errbuf' variable; this gives a message for the
1052 * unrecoverable error or for the authentication failure.
1053 */
1054 static int
1055 daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
1056 {
1057 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1058 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1059 struct rpcap_header header; // RPCAP message general header
1060 int status;
1061 struct rpcap_auth auth; // RPCAP authentication header
1062
1063 status = rpcapd_recv(pars->sockctrl_in, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf);
1064 if (status == -1)
1065 {
1066 return -1;
1067 }
1068 if (status == -2)
1069 {
1070 goto error;
1071 }
1072
1073 switch (ntohs(auth.type))
1074 {
1075 case RPCAP_RMTAUTH_NULL:
1076 {
1077 if (!pars->nullAuthAllowed)
1078 {
1079 // Send the client an error reply.
1080 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Authentication failed; NULL authentication not permitted.");
1081 goto error;
1082 }
1083 break;
1084 }
1085
1086 case RPCAP_RMTAUTH_PWD:
1087 {
1088 char *username, *passwd;
1089 uint32 usernamelen, passwdlen;
1090
1091 usernamelen = ntohs(auth.slen1);
1092 username = (char *) malloc (usernamelen + 1);
1093 if (username == NULL)
1094 {
1095 pcap_fmt_errmsg_for_errno(errmsgbuf,
1096 PCAP_ERRBUF_SIZE, errno, "malloc() failed");
1097 goto error;
1098 }
1099 status = rpcapd_recv(pars->sockctrl_in, pars->ssl, username, usernamelen, &plen, errmsgbuf);
1100 if (status == -1)
1101 {
1102 free(username);
1103 return -1;
1104 }
1105 if (status == -2)
1106 {
1107 free(username);
1108 goto error;
1109 }
1110 username[usernamelen] = '\0';
1111
1112 passwdlen = ntohs(auth.slen2);
1113 passwd = (char *) malloc (passwdlen + 1);
1114 if (passwd == NULL)
1115 {
1116 pcap_fmt_errmsg_for_errno(errmsgbuf,
1117 PCAP_ERRBUF_SIZE, errno, "malloc() failed");
1118 free(username);
1119 goto error;
1120 }
1121 status = rpcapd_recv(pars->sockctrl_in, pars->ssl, passwd, passwdlen, &plen, errmsgbuf);
1122 if (status == -1)
1123 {
1124 free(username);
1125 free(passwd);
1126 return -1;
1127 }
1128 if (status == -2)
1129 {
1130 free(username);
1131 free(passwd);
1132 goto error;
1133 }
1134 passwd[passwdlen] = '\0';
1135
1136 if (daemon_AuthUserPwd(username, passwd, errmsgbuf))
1137 {
1138 //
1139 // Authentication failed. Let the client
1140 // know.
1141 //
1142 free(username);
1143 free(passwd);
1144 if (rpcap_senderror(pars->sockctrl_out, pars->ssl,
1145 pars->protocol_version,
1146 PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1)
1147 {
1148 // That failed; log a message and give up.
1149 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1150 return -1;
1151 }
1152
1153 //
1154 // Suspend for 1 second, so that they can't
1155 // hammer us with repeated tries with an
1156 // attack such as a dictionary attack.
1157 //
1158 // WARNING: this delay is inserted only
1159 // at this point; if the client closes the
1160 // connection and reconnects, the suspension
1161 // time does not have any effect.
1162 //
1163 sleep_secs(RPCAP_SUSPEND_WRONGAUTH);
1164 goto error_noreply;
1165 }
1166
1167 free(username);
1168 free(passwd);
1169 break;
1170 }
1171
1172 default:
1173 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Authentication type not recognized.");
1174 goto error;
1175 }
1176
1177 // The authentication succeeded; let the client know.
1178 rpcap_createhdr(&header, pars->protocol_version, RPCAP_MSG_AUTH_REPLY, 0, 0);
1179
1180 // Send the ok message back
1181 if (sock_send(pars->sockctrl_out, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
1182 {
1183 // That failed; log a messsage and give up.
1184 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1185 return -1;
1186 }
1187
1188 // Check if all the data has been read; if not, discard the data in excess
1189 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
1190 {
1191 return -1;
1192 }
1193
1194 return 0;
1195
1196 error:
1197 if (rpcap_senderror(pars->sockctrl_out, pars->ssl, pars->protocol_version,
1198 PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1)
1199 {
1200 // That failed; log a message and give up.
1201 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1202 return -1;
1203 }
1204
1205 error_noreply:
1206 // Check if all the data has been read; if not, discard the data in excess
1207 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
1208 {
1209 return -1;
1210 }
1211
1212 return -2;
1213 }
1214
1215 static int
1216 daemon_AuthUserPwd(char *username, char *password, char *errbuf)
1217 {
1218 #ifdef _WIN32
1219 /*
1220 * Warning: the user which launches the process must have the
1221 * SE_TCB_NAME right.
1222 * This corresponds to have the "Act as part of the Operating System"
1223 * turned on (administrative tools, local security settings, local
1224 * policies, user right assignment)
1225 * However, it seems to me that if you run it as a service, this
1226 * right should be provided by default.
1227 */
1228 HANDLE Token;
1229 if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
1230 {
1231 int error;
1232
1233 error = GetLastError();
1234 FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
1235 PCAP_ERRBUF_SIZE, NULL);
1236
1237 return -1;
1238 }
1239
1240 // This call should change the current thread to the selected user.
1241 // I didn't test it.
1242 if (ImpersonateLoggedOnUser(Token) == 0)
1243 {
1244 int error;
1245
1246 error = GetLastError();
1247 FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
1248 PCAP_ERRBUF_SIZE, NULL);
1249
1250 CloseHandle(Token);
1251 return -1;
1252 }
1253
1254 CloseHandle(Token);
1255 return 0;
1256
1257 #else
1258 /*
1259 * See
1260 *
1261 * http://www.unixpapa.com/incnote/passwd.html
1262 *
1263 * We use the Solaris/Linux shadow password authentication if
1264 * we have getspnam(), otherwise we just do traditional
1265 * authentication, which, on some platforms, might work, even
1266 * with shadow passwords, if we're running as root. Traditional
1267 * authenticaion won't work if we're not running as root, as
1268 * I think these days all UN*Xes either won't return the password
1269 * at all with getpwnam() or will only do so if you're root.
1270 *
1271 * XXX - perhaps what we *should* be using is PAM, if we have
1272 * it. That might hide all the details of username/password
1273 * authentication, whether it's done with a visible-to-root-
1274 * only password database or some other authentication mechanism,
1275 * behind its API.
1276 */
1277 struct passwd *user;
1278 char *user_password;
1279 #ifdef HAVE_GETSPNAM
1280 struct spwd *usersp;
1281 #endif
1282
1283 // This call is needed to get the uid
1284 if ((user = getpwnam(username)) == NULL)
1285 {
1286 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: no such user");
1287 return -1;
1288 }
1289
1290 #ifdef HAVE_GETSPNAM
1291 // This call is needed to get the password; otherwise 'x' is returned
1292 if ((usersp = getspnam(username)) == NULL)
1293 {
1294 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: no such user");
1295 return -1;
1296 }
1297 user_password = usersp->sp_pwdp;
1298 #else
1299 /*
1300 * XXX - what about other platforms?
1301 * The unixpapa.com page claims this Just Works on *BSD if you're
1302 * running as root - it's from 2000, so it doesn't indicate whether
1303 * macOS (which didn't come out until 2001, under the name Mac OS
1304 * X) behaves like the *BSDs or not, and might also work on AIX.
1305 * HP-UX does something else.
1306 *
1307 * Again, hopefully PAM hides all that.
1308 */
1309 user_password = user->pw_passwd;
1310 #endif
1311
1312 if (strcmp(user_password, (char *) crypt(password, user_password)) != 0)
1313 {
1314 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: password incorrect");
1315 return -1;
1316 }
1317
1318 if (setuid(user->pw_uid))
1319 {
1320 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1321 errno, "setuid");
1322 return -1;
1323 }
1324
1325 /* if (setgid(user->pw_gid))
1326 {
1327 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1328 errno, "setgid");
1329 return -1;
1330 }
1331 */
1332 return 0;
1333
1334 #endif
1335
1336 }
1337
1338 static int
1339 daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
1340 {
1341 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1342 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1343 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1344 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1345 pcap_if_t *alldevs = NULL; // pointer to the header of the interface chain
1346 pcap_if_t *d; // temp pointer needed to scan the interface chain
1347 struct pcap_addr *address; // pcap structure that keeps a network address of an interface
1348 struct rpcap_findalldevs_if *findalldevs_if;// rpcap structure that packet all the data of an interface together
1349 uint16 nif = 0; // counts the number of interface listed
1350
1351 // Discard the rest of the message; there shouldn't be any payload.
1352 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
1353 {
1354 // Network error.
1355 return -1;
1356 }
1357
1358 // Retrieve the device list
1359 if (pcap_findalldevs(&alldevs, errmsgbuf) == -1)
1360 goto error;
1361
1362 if (alldevs == NULL)
1363 {
1364 if (rpcap_senderror(pars->sockctrl_out, pars->ssl, pars->protocol_version,
1365 PCAP_ERR_NOREMOTEIF,
1366 "No interfaces found! Make sure libpcap/WinPcap is properly installed"
1367 " and you have the right to access to the remote device.",
1368 errbuf) == -1)
1369 {
1370 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1371 return -1;
1372 }
1373 return 0;
1374 }
1375
1376 // checks the number of interfaces and it computes the total length of the payload
1377 for (d = alldevs; d != NULL; d = d->next)
1378 {
1379 nif++;
1380
1381 if (d->description)
1382 plen+= strlen(d->description);
1383 if (d->name)
1384 plen+= strlen(d->name);
1385
1386 plen+= sizeof(struct rpcap_findalldevs_if);
1387
1388 for (address = d->addresses; address != NULL; address = address->next)
1389 {
1390 /*
1391 * Send only IPv4 and IPv6 addresses over the wire.
1392 */
1393 switch (address->addr->sa_family)
1394 {
1395 case AF_INET:
1396 #ifdef AF_INET6
1397 case AF_INET6:
1398 #endif
1399 plen+= (sizeof(struct rpcap_sockaddr) * 4);
1400 break;
1401
1402 default:
1403 break;
1404 }
1405 }
1406 }
1407
1408 // RPCAP findalldevs command
1409 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
1410 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf,
1411 PCAP_ERRBUF_SIZE) == -1)
1412 goto error;
1413
1414 rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
1415 RPCAP_MSG_FINDALLIF_REPLY, nif, plen);
1416
1417 // send the interface list
1418 for (d = alldevs; d != NULL; d = d->next)
1419 {
1420 uint16 lname, ldescr;
1421
1422 findalldevs_if = (struct rpcap_findalldevs_if *) &sendbuf[sendbufidx];
1423
1424 if (sock_bufferize(NULL, sizeof(struct rpcap_findalldevs_if), NULL,
1425 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1426 goto error;
1427
1428 memset(findalldevs_if, 0, sizeof(struct rpcap_findalldevs_if));
1429
1430 if (d->description) ldescr = (short) strlen(d->description);
1431 else ldescr = 0;
1432 if (d->name) lname = (short) strlen(d->name);
1433 else lname = 0;
1434
1435 findalldevs_if->desclen = htons(ldescr);
1436 findalldevs_if->namelen = htons(lname);
1437 findalldevs_if->flags = htonl(d->flags);
1438
1439 for (address = d->addresses; address != NULL; address = address->next)
1440 {
1441 /*
1442 * Send only IPv4 and IPv6 addresses over the wire.
1443 */
1444 switch (address->addr->sa_family)
1445 {
1446 case AF_INET:
1447 #ifdef AF_INET6
1448 case AF_INET6:
1449 #endif
1450 findalldevs_if->naddr++;
1451 break;
1452
1453 default:
1454 break;
1455 }
1456 }
1457 findalldevs_if->naddr = htons(findalldevs_if->naddr);
1458
1459 if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
1460 RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1461 PCAP_ERRBUF_SIZE) == -1)
1462 goto error;
1463
1464 if (sock_bufferize(d->description, ldescr, sendbuf, &sendbufidx,
1465 RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1466 PCAP_ERRBUF_SIZE) == -1)
1467 goto error;
1468
1469 // send all addresses
1470 for (address = d->addresses; address != NULL; address = address->next)
1471 {
1472 struct rpcap_sockaddr *sockaddr;
1473
1474 /*
1475 * Send only IPv4 and IPv6 addresses over the wire.
1476 */
1477 switch (address->addr->sa_family)
1478 {
1479 case AF_INET:
1480 #ifdef AF_INET6
1481 case AF_INET6:
1482 #endif
1483 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1484 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1485 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1486 goto error;
1487 daemon_seraddr((struct sockaddr_storage *) address->addr, sockaddr);
1488
1489 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1490 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1491 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1492 goto error;
1493 daemon_seraddr((struct sockaddr_storage *) address->netmask, sockaddr);
1494
1495 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1496 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1497 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1498 goto error;
1499 daemon_seraddr((struct sockaddr_storage *) address->broadaddr, sockaddr);
1500
1501 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1502 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1503 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1504 goto error;
1505 daemon_seraddr((struct sockaddr_storage *) address->dstaddr, sockaddr);
1506 break;
1507
1508 default:
1509 break;
1510 }
1511 }
1512 }
1513
1514 // We no longer need the device list. Free it.
1515 pcap_freealldevs(alldevs);
1516
1517 // Send a final command that says "now send it!"
1518 if (sock_send(pars->sockctrl_out, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1519 {
1520 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1521 return -1;
1522 }
1523
1524 return 0;
1525
1526 error:
1527 if (alldevs)
1528 pcap_freealldevs(alldevs);
1529
1530 if (rpcap_senderror(pars->sockctrl_out, pars->ssl, pars->protocol_version,
1531 PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1)
1532 {
1533 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1534 return -1;
1535 }
1536 return 0;
1537 }
1538
1539 /*
1540 \param plen: the length of the current message (needed in order to be able
1541 to discard excess data in the message, if present)
1542 */
1543 static int
1544 daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_t sourcelen)
1545 {
1546 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1547 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1548 pcap_t *fp; // pcap_t main variable
1549 int nread;
1550 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1551 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1552 struct rpcap_openreply *openreply; // open reply message
1553
1554 if (plen > sourcelen - 1)
1555 {
1556 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long");
1557 goto error;
1558 }
1559
1560 nread = sock_recv(pars->sockctrl_in, pars->ssl, source, plen,
1561 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
1562 if (nread == -1)
1563 {
1564 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1565 return -1;
1566 }
1567 source[nread] = '\0';
1568 plen -= nread;
1569
1570 // XXX - make sure it's *not* a URL; we don't support opening
1571 // remote devices here.
1572
1573 // Open the selected device
1574 // This is a fake open, since we do that only to get the needed parameters, then we close the device again
1575 if ((fp = pcap_open_live(source,
1576 1500 /* fake snaplen */,
1577 0 /* no promis */,
1578 1000 /* fake timeout */,
1579 errmsgbuf)) == NULL)
1580 goto error;
1581
1582 // Now, I can send a RPCAP open reply message
1583 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1584 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1585 goto error;
1586
1587 rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
1588 RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
1589
1590 openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
1591
1592 if (sock_bufferize(NULL, sizeof(struct rpcap_openreply), NULL, &sendbufidx,
1593 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1594 goto error;
1595
1596 memset(openreply, 0, sizeof(struct rpcap_openreply));
1597 openreply->linktype = htonl(pcap_datalink(fp));
1598
1599 // We're done with the pcap_t.
1600 pcap_close(fp);
1601
1602 // Send the reply.
1603 if (sock_send(pars->sockctrl_out, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1604 {
1605 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1606 return -1;
1607 }
1608 return 0;
1609
1610 error:
1611 if (rpcap_senderror(pars->sockctrl_out, pars->ssl, pars->protocol_version,
1612 PCAP_ERR_OPEN, errmsgbuf, errbuf) == -1)
1613 {
1614 // That failed; log a message and give up.
1615 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1616 return -1;
1617 }
1618
1619 // Check if all the data has been read; if not, discard the data in excess
1620 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
1621 {
1622 return -1;
1623 }
1624 return 0;
1625 }
1626
1627 /*
1628 \param plen: the length of the current message (needed in order to be able
1629 to discard excess data in the message, if present)
1630 */
1631 static int
1632 daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, struct thread_handle *threaddata, char *source, struct session **sessionp, struct rpcap_sampling *samp_param _U_, int uses_ssl)
1633 {
1634 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1635 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1636 char portdata[PCAP_BUF_SIZE]; // temp variable needed to derive the data port
1637 char peerhost[PCAP_BUF_SIZE]; // temp variable needed to derive the host name of our peer
1638 struct session *session = NULL; // saves state of session
1639 int status;
1640 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1641 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1642
1643 // socket-related variables
1644 SOCKET sockdata = INVALID_SOCKET; // socket descriptor of the data connection
1645 struct addrinfo hints; // temp, needed to open a socket connection
1646 struct addrinfo *addrinfo; // temp, needed to open a socket connection
1647 struct sockaddr_storage saddr; // temp, needed to retrieve the network data port chosen on the local machine
1648 socklen_t saddrlen; // temp, needed to retrieve the network data port chosen on the local machine
1649 int ret; // return value from functions
1650
1651 #ifndef _WIN32
1652 pthread_attr_t detachedAttribute; // temp, needed to set the created thread as detached
1653 #endif
1654
1655 // RPCAP-related variables
1656 struct rpcap_startcapreq startcapreq; // start capture request message
1657 struct rpcap_startcapreply *startcapreply; // start capture reply message
1658 int serveropen_dp; // keeps who is going to open the data connection
1659
1660 addrinfo = NULL;
1661
1662 status = rpcapd_recv(pars->sockctrl_in, pars->ssl, (char *) &startcapreq,
1663 sizeof(struct rpcap_startcapreq), &plen, errmsgbuf);
1664 if (status == -1)
1665 {
1666 goto fatal_error;
1667 }
1668 if (status == -2)
1669 {
1670 goto error;
1671 }
1672
1673 startcapreq.flags = ntohs(startcapreq.flags);
1674
1675 // Check that the client does not ask for UDP is the server has been asked
1676 // to enforce encryption, as SSL is not supported yet with UDP:
1677 if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM))
1678 {
1679 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
1680 "SSL not supported with UDP forward of remote packets");
1681 goto error;
1682 }
1683
1684 // Create a session structure
1685 session = malloc(sizeof(struct session));
1686 if (session == NULL)
1687 {
1688 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure");
1689 goto error;
1690 }
1691
1692 session->ctrl_ssl = session->data_ssl = NULL;
1693
1694 // Open the selected device
1695 if ((session->fp = pcap_open_live(source,
1696 ntohl(startcapreq.snaplen),
1697 (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_PROMISC) ? 1 : 0 /* local device, other flags not needed */,
1698 ntohl(startcapreq.read_timeout),
1699 errmsgbuf)) == NULL)
1700 goto error;
1701
1702 #if 0
1703 // Apply sampling parameters
1704 fp->rmt_samp.method = samp_param->method;
1705 fp->rmt_samp.value = samp_param->value;
1706 #endif
1707
1708 /*
1709 We're in active mode if:
1710 - we're using TCP, and the user wants us to be in active mode
1711 - we're using UDP
1712 */
1713 serveropen_dp = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_SERVEROPEN) || (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) || pars->isactive;
1714
1715 /*
1716 Gets the sockaddr structure referred to the other peer in the ctrl connection
1717
1718 We need that because:
1719 - if we're in passive mode, we need to know the address family we want to use
1720 (the same used for the ctrl socket)
1721 - if we're in active mode, we need to know the network address of the other host
1722 we want to connect to
1723 */
1724 saddrlen = sizeof(struct sockaddr_storage);
1725 if (getpeername(pars->sockctrl_in, (struct sockaddr *) &saddr, &saddrlen) == -1)
1726 {
1727 sock_geterror("getpeername(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
1728 goto error;
1729 }
1730
1731 memset(&hints, 0, sizeof(struct addrinfo));
1732 hints.ai_socktype = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) ? SOCK_DGRAM : SOCK_STREAM;
1733 hints.ai_family = saddr.ss_family;
1734
1735 // Now we have to create a new socket to send packets
1736 if (serveropen_dp) // Data connection is opened by the server toward the client
1737 {
1738 pcap_snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata));
1739
1740 // Get the name of the other peer (needed to connect to that specific network address)
1741 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
1742 sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
1743 {
1744 sock_geterror("getnameinfo(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
1745 goto error;
1746 }
1747
1748 if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1749 goto error;
1750
1751 if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
1752 goto error;
1753 }
1754 else // Data connection is opened by the client toward the server
1755 {
1756 hints.ai_flags = AI_PASSIVE;
1757
1758 // Let's the server socket pick up a free network port for us
1759 if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1760 goto error;
1761
1762 if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
1763 goto error;
1764
1765 // get the complete sockaddr structure used in the data connection
1766 saddrlen = sizeof(struct sockaddr_storage);
1767 if (getsockname(sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
1768 {
1769 sock_geterror("getsockname(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
1770 goto error;
1771 }
1772
1773 // Get the local port the system picked up
1774 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
1775 0, portdata, sizeof(portdata), NI_NUMERICSERV))
1776 {
1777 sock_geterror("getnameinfo(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
1778 goto error;
1779 }
1780 }
1781
1782 // addrinfo is no longer used
1783 freeaddrinfo(addrinfo);
1784 addrinfo = NULL;
1785
1786 // Needed to send an error on the ctrl connection
1787 session->sockctrl_out = pars->sockctrl_out;
1788 session->ctrl_ssl = pars->ssl;
1789 session->protocol_version = pars->protocol_version;
1790
1791 // Now I can set the filter
1792 ret = daemon_unpackapplyfilter(pars->sockctrl_in, pars->ssl, session, &plen, errmsgbuf);
1793 if (ret == -1)
1794 {
1795 // Fatal error. A message has been logged; just give up.
1796 goto fatal_error;
1797 }
1798 if (ret == -2)
1799 {
1800 // Non-fatal error. Send an error message to the client.
1801 goto error;
1802 }
1803
1804 // Now, I can send a RPCAP start capture reply message
1805 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1806 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1807 goto error;
1808
1809 rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
1810 RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
1811
1812 startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
1813
1814 if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreply), NULL,
1815 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1816 goto error;
1817
1818 memset(startcapreply, 0, sizeof(struct rpcap_startcapreply));
1819 startcapreply->bufsize = htonl(pcap_bufsize(session->fp));
1820
1821 if (!serveropen_dp)
1822 {
1823 unsigned short port = (unsigned short)strtoul(portdata,NULL,10);
1824 startcapreply->portdata = htons(port);
1825 }
1826
1827 if (sock_send(pars->sockctrl_out, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1828 {
1829 // That failed; log a message and give up.
1830 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1831 goto fatal_error;
1832 }
1833
1834 if (!serveropen_dp)
1835 {
1836 SOCKET socktemp; // We need another socket, since we're going to accept() a connection
1837
1838 // Connection creation
1839 saddrlen = sizeof(struct sockaddr_storage);
1840
1841 socktemp = accept(sockdata, (struct sockaddr *) &saddr, &saddrlen);
1842
1843 if (socktemp == INVALID_SOCKET)
1844 {
1845 sock_geterror("accept(): ", errbuf, PCAP_ERRBUF_SIZE);
1846 rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s",
1847 errbuf);
1848 goto error;
1849 }
1850
1851 // Now that I accepted the connection, the server socket is no longer needed
1852 sock_close(sockdata, NULL, 0);
1853 sockdata = socktemp;
1854 }
1855
1856 SSL *ssl = NULL;
1857 if (uses_ssl)
1858 {
1859 #ifdef HAVE_OPENSSL
1860 /* In both active or passive cases, wait for the client to initiate the
1861 * TLS handshake. Yes during that time the control socket will not be
1862 * served, but the same was true from the above call to accept(). */
1863 ssl = ssl_promotion(1, sockdata, errbuf, PCAP_ERRBUF_SIZE);
1864 if (! ssl)
1865 {
1866 rpcapd_log(LOGPRIO_ERROR, "TLS handshake failed: %s", errbuf);
1867 goto error;
1868 }
1869 #endif
1870 }
1871 session->data_ssl = ssl;
1872 session->sockdata = sockdata;
1873
1874 // Now we have to create a new thread to receive packets
1875 #ifdef _WIN32
1876 threaddata->thread = (HANDLE)_beginthreadex(NULL, 0, daemon_thrdatamain,
1877 (void *) session, 0, NULL);
1878 if (threaddata->thread == 0)
1879 {
1880 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
1881 goto error;
1882 }
1883 #else
1884 /* GV we need this to create the thread as detached. */
1885 /* GV otherwise, the thread handle is not destroyed */
1886 pthread_attr_init(&detachedAttribute);
1887 pthread_attr_setdetachstate(&detachedAttribute, PTHREAD_CREATE_DETACHED);
1888 ret = pthread_create(&threaddata->thread, &detachedAttribute,
1889 daemon_thrdatamain, (void *) session);
1890 if (ret != 0)
1891 {
1892 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1893 ret, "Error creating the data thread");
1894 pthread_attr_destroy(&detachedAttribute);
1895 goto error;
1896 }
1897 pthread_attr_destroy(&detachedAttribute);
1898 #endif
1899 threaddata->have_thread = 1;
1900
1901 // Check if all the data has been read; if not, discard the data in excess
1902 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
1903 goto fatal_error;
1904
1905 *sessionp = session;
1906 return 0;
1907
1908 error:
1909 //
1910 // Not a fatal error, so send the client an error message and
1911 // keep serving client requests.
1912 //
1913 *sessionp = NULL;
1914
1915 if (addrinfo)
1916 freeaddrinfo(addrinfo);
1917
1918 if (threaddata->have_thread)
1919 {
1920 #ifdef _WIN32
1921 if (session->fp)
1922 {
1923 pcap_breakloop(session->fp);
1924 SetEvent(pcap_getevent(session->fp));
1925 }
1926 CloseHandle(threaddata->thread);
1927 #else
1928 pthread_cancel(threaddata->thread);
1929 #endif
1930 threaddata->have_thread = 0;
1931 }
1932
1933 if (sockdata != INVALID_SOCKET)
1934 sock_close(sockdata, NULL, 0);
1935
1936 if (session)
1937 {
1938 if (session->fp)
1939 pcap_close(session->fp);
1940 #ifdef HAVE_OPENSSL
1941 if (session->ctrl_ssl)
1942 SSL_free(session->ctrl_ssl);
1943 if (session->data_ssl)
1944 SSL_free(session->data_ssl);
1945 #endif
1946 free(session);
1947 }
1948
1949 if (rpcap_senderror(pars->sockctrl_out, pars->ssl, pars->protocol_version,
1950 PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1)
1951 {
1952 // That failed; log a message and give up.
1953 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1954 return -1;
1955 }
1956
1957 // Check if all the data has been read; if not, discard the data in excess
1958 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
1959 {
1960 // Network error.
1961 return -1;
1962 }
1963
1964 return 0;
1965
1966 fatal_error:
1967 //
1968 // Fatal network error, so don't try to communicate with
1969 // the client, just give up.
1970 //
1971 *sessionp = NULL;
1972
1973 if (threaddata->have_thread)
1974 {
1975 #ifdef _WIN32
1976 if (session && session->fp)
1977 {
1978 //
1979 // Tell the data connection thread main capture
1980 // loop to break out of that loop.
1981 //
1982 pcap_breakloop(session->fp);
1983
1984 //
1985 // If it's currently blocked waiting for packets
1986 // to arrive, try to wake it up, so it can see
1987 // the "break out of the loop" indication.
1988 //
1989 SetEvent(pcap_getevent(session->fp));
1990 }
1991
1992 //
1993 // Wait for the thread to exit, so we don't close
1994 // sockets out from under it.
1995 //
1996 // XXX - have a timeout, so we don't wait forever?
1997 //
1998 WaitForSingleObject(threaddata->thread, INFINITE);
1999
2000 //
2001 // Release the thread handle, as we're done with
2002 // it.
2003 //
2004 CloseHandle(threaddata->thread);
2005 #else
2006 pthread_cancel(threaddata->thread);
2007 #endif
2008 threaddata->have_thread = 0;
2009 }
2010
2011 if (sockdata != INVALID_SOCKET)
2012 sock_close(sockdata, NULL, 0);
2013
2014 if (session)
2015 {
2016 if (session->fp)
2017 pcap_close(session->fp);
2018 #ifdef HAVE_OPENSSL
2019 if (session->ctrl_ssl)
2020 SSL_free(session->ctrl_ssl);
2021 if (session->data_ssl)
2022 SSL_free(session->data_ssl);
2023 #endif
2024 free(session);
2025 }
2026
2027 return -1;
2028 }
2029
2030 static int
2031 daemon_msg_endcap_req(struct daemon_slpars *pars, struct session *session, struct thread_handle *threaddata)
2032 {
2033 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2034 struct rpcap_header header;
2035
2036 if (threaddata->have_thread)
2037 {
2038 #ifdef _WIN32
2039 //
2040 // Tell the data connection thread main capture loop to
2041 // break out of that loop.
2042 //
2043 pcap_breakloop(session->fp);
2044
2045 //
2046 // If it's currently blocked waiting for packets to
2047 // arrive, try to wake it up, so it can see the "break
2048 // out of the loop" indication.
2049 //
2050 SetEvent(pcap_getevent(session->fp));
2051
2052 //
2053 // Wait for the thread to exit, so we don't close
2054 // sockets out from under it.
2055 //
2056 // XXX - have a timeout, so we don't wait forever?
2057 //
2058 WaitForSingleObject(threaddata->thread, INFINITE);
2059
2060 //
2061 // Release the thread handle, as we're done with
2062 // it.
2063 //
2064 CloseHandle(threaddata->thread);
2065 #else
2066 pthread_cancel(threaddata->thread);
2067 #endif
2068 threaddata->have_thread = 0;
2069 }
2070
2071 session_close(session);
2072
2073 rpcap_createhdr(&header, pars->protocol_version,
2074 RPCAP_MSG_ENDCAP_REPLY, 0, 0);
2075
2076 if (sock_send(pars->sockctrl_out, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
2077 {
2078 // That failed; log a message and give up.
2079 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2080 return -1;
2081 }
2082
2083 return 0;
2084 }
2085
2086 static int
2087 daemon_unpackapplyfilter(SOCKET sockctrl_in, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf)
2088 {
2089 int status;
2090 struct rpcap_filter filter;
2091 struct rpcap_filterbpf_insn insn;
2092 struct bpf_insn *bf_insn;
2093 struct bpf_program bf_prog;
2094 unsigned int i;
2095
2096 status = rpcapd_recv(sockctrl_in, ctrl_ssl, (char *) &filter,
2097 sizeof(struct rpcap_filter), plenp, errmsgbuf);
2098 if (status == -1)
2099 {
2100 return -1;
2101 }
2102 if (status == -2)
2103 {
2104 return -2;
2105 }
2106
2107 bf_prog.bf_len = ntohl(filter.nitems);
2108
2109 if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
2110 {
2111 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
2112 return -2;
2113 }
2114
2115 bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
2116 if (bf_insn == NULL)
2117 {
2118 pcap_fmt_errmsg_for_errno(errmsgbuf, PCAP_ERRBUF_SIZE,
2119 errno, "malloc() failed");
2120 return -2;
2121 }
2122
2123 bf_prog.bf_insns = bf_insn;
2124
2125 for (i = 0; i < bf_prog.bf_len; i++)
2126 {
2127 status = rpcapd_recv(sockctrl_in, ctrl_ssl, (char *) &insn,
2128 sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf);
2129 if (status == -1)
2130 {
2131 return -1;
2132 }
2133 if (status == -2)
2134 {
2135 return -2;
2136 }
2137
2138 bf_insn->code = ntohs(insn.code);
2139 bf_insn->jf = insn.jf;
2140 bf_insn->jt = insn.jt;
2141 bf_insn->k = ntohl(insn.k);
2142
2143 bf_insn++;
2144 }
2145
2146 //
2147 // XXX - pcap_setfilter() should do the validation for us.
2148 //
2149 if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
2150 {
2151 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
2152 return -2;
2153 }
2154
2155 if (pcap_setfilter(session->fp, &bf_prog))
2156 {
2157 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
2158 return -2;
2159 }
2160
2161 return 0;
2162 }
2163
2164 static int
2165 daemon_msg_updatefilter_req(struct daemon_slpars *pars, struct session *session, uint32 plen)
2166 {
2167 char errbuf[PCAP_ERRBUF_SIZE];
2168 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
2169 int ret; // status of daemon_unpackapplyfilter()
2170 struct rpcap_header header; // keeps the answer to the updatefilter command
2171
2172 ret = daemon_unpackapplyfilter(pars->sockctrl_in, pars->ssl, session, &plen, errmsgbuf);
2173 if (ret == -1)
2174 {
2175 // Fatal error. A message has been logged; just give up.
2176 return -1;
2177 }
2178 if (ret == -2)
2179 {
2180 // Non-fatal error. Send an error reply to the client.
2181 goto error;
2182 }
2183
2184 // Check if all the data has been read; if not, discard the data in excess
2185 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
2186 {
2187 // Network error.
2188 return -1;
2189 }
2190
2191 // A response is needed, otherwise the other host does not know that everything went well
2192 rpcap_createhdr(&header, pars->protocol_version,
2193 RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0);
2194
2195 if (sock_send(pars->sockctrl_out, pars->ssl, (char *) &header, sizeof (struct rpcap_header), pcap_geterr(session->fp), PCAP_ERRBUF_SIZE))
2196 {
2197 // That failed; log a messsage and give up.
2198 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2199 return -1;
2200 }
2201
2202 return 0;
2203
2204 error:
2205 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
2206 {
2207 return -1;
2208 }
2209 rpcap_senderror(pars->sockctrl_out, pars->ssl, pars->protocol_version,
2210 PCAP_ERR_UPDATEFILTER, errmsgbuf, NULL);
2211
2212 return 0;
2213 }
2214
2215 /*!
2216 \brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
2217 */
2218 static int
2219 daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap_sampling *samp_param)
2220 {
2221 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2222 char errmsgbuf[PCAP_ERRBUF_SIZE];
2223 struct rpcap_header header;
2224 struct rpcap_sampling rpcap_samp;
2225 int status;
2226
2227 status = rpcapd_recv(pars->sockctrl_in, pars->ssl, (char *) &rpcap_samp, sizeof(struct rpcap_sampling), &plen, errmsgbuf);
2228 if (status == -1)
2229 {
2230 return -1;
2231 }
2232 if (status == -2)
2233 {
2234 goto error;
2235 }
2236
2237 // Save these settings in the pcap_t
2238 samp_param->method = rpcap_samp.method;
2239 samp_param->value = ntohl(rpcap_samp.value);
2240
2241 // A response is needed, otherwise the other host does not know that everything went well
2242 rpcap_createhdr(&header, pars->protocol_version,
2243 RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
2244
2245 if (sock_send(pars->sockctrl_out, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
2246 {
2247 // That failed; log a messsage and give up.
2248 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2249 return -1;
2250 }
2251
2252 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
2253 {
2254 return -1;
2255 }
2256
2257 return 0;
2258
2259 error:
2260 if (rpcap_senderror(pars->sockctrl_out, pars->ssl, pars->protocol_version,
2261 PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1)
2262 {
2263 // That failed; log a message and give up.
2264 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2265 return -1;
2266 }
2267
2268 // Check if all the data has been read; if not, discard the data in excess
2269 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
2270 {
2271 return -1;
2272 }
2273
2274 return 0;
2275 }
2276
2277 static int
2278 daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32 plen, struct pcap_stat *stats, unsigned int svrcapt)
2279 {
2280 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2281 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
2282 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
2283 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
2284 struct rpcap_stats *netstats; // statistics sent on the network
2285
2286 // Checks that the header does not contain other data; if so, discard it
2287 if (rpcapd_discard(pars->sockctrl_in, pars->ssl, plen) == -1)
2288 {
2289 // Network error.
2290 return -1;
2291 }
2292
2293 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2294 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2295 goto error;
2296
2297 rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
2298 RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
2299
2300 netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
2301
2302 if (sock_bufferize(NULL, sizeof(struct rpcap_stats), NULL,
2303 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2304 goto error;
2305
2306 if (session && session->fp)
2307 {
2308 if (pcap_stats(session->fp, stats) == -1)
2309 {
2310 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp));
2311 goto error;
2312 }
2313
2314 netstats->ifdrop = htonl(stats->ps_ifdrop);
2315 netstats->ifrecv = htonl(stats->ps_recv);
2316 netstats->krnldrop = htonl(stats->ps_drop);
2317 netstats->svrcapt = htonl(session->TotCapt);
2318 }
2319 else
2320 {
2321 // We have to keep compatibility with old applications,
2322 // which ask for statistics also when the capture has
2323 // already stopped.
2324 netstats->ifdrop = htonl(stats->ps_ifdrop);
2325 netstats->ifrecv = htonl(stats->ps_recv);
2326 netstats->krnldrop = htonl(stats->ps_drop);
2327 netstats->svrcapt = htonl(svrcapt);
2328 }
2329
2330 // Send the packet
2331 if (sock_send(pars->sockctrl_out, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
2332 {
2333 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2334 return -1;
2335 }
2336
2337 return 0;
2338
2339 error:
2340 rpcap_senderror(pars->sockctrl_out, pars->ssl, pars->protocol_version,
2341 PCAP_ERR_GETSTATS, errmsgbuf, NULL);
2342 return 0;
2343 }
2344
2345 #ifdef _WIN32
2346 static unsigned __stdcall
2347 #else
2348 static void *
2349 #endif
2350 daemon_thrdatamain(void *ptr)
2351 {
2352 char errbuf[PCAP_ERRBUF_SIZE + 1]; // error buffer
2353 struct session *session; // pointer to the struct session for this session
2354 int retval; // general variable used to keep the return value of other functions
2355 struct rpcap_pkthdr *net_pkt_header;// header of the packet
2356 struct pcap_pkthdr *pkt_header; // pointer to the buffer that contains the header of the current packet
2357 u_char *pkt_data; // pointer to the buffer that contains the current packet
2358 size_t sendbufsize; // size for the send buffer
2359 char *sendbuf; // temporary buffer in which data to be sent is buffered
2360 int sendbufidx; // index which keeps the number of bytes currently buffered
2361 int status;
2362
2363 session = (struct session *) ptr;
2364
2365 session->TotCapt = 0; // counter which is incremented each time a packet is received
2366
2367 // Initialize errbuf
2368 memset(errbuf, 0, sizeof(errbuf));
2369
2370 //
2371 // We need a buffer large enough to hold a buffer large enough
2372 // for a maximum-size packet for this pcap_t.
2373 //
2374 if (pcap_snapshot(session->fp) < 0)
2375 {
2376 //
2377 // The snapshot length is negative.
2378 // This "should not happen".
2379 //
2380 rpcapd_log(LOGPRIO_ERROR,
2381 "Unable to allocate the buffer for this child thread: snapshot length of %d is negative",
2382 pcap_snapshot(session->fp));
2383 sendbuf = NULL; // we can't allocate a buffer, so nothing to free
2384 goto error;
2385 }
2386 //
2387 // size_t is unsigned, and the result of pcap_snapshot() is signed;
2388 // on no platform that we support is int larger than size_t.
2389 // This means that, unless the extra information we prepend to
2390 // a maximum-sized packet is impossibly large, the sum of the
2391 // snapshot length and the size of that extra information will
2392 // fit in a size_t.
2393 //
2394 // So we don't need to make sure that sendbufsize will overflow.
2395 //
2396 // However, we *do* need to make sure its value fits in an int,
2397 // because sock_send() can't send more than INT_MAX bytes (it could
2398 // do so on 64-bit UN*Xes, but can't do so on Windows, not even
2399 // 64-bit Windows, as the send() buffer size argument is an int
2400 // in Winsock).
2401 //
2402 sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp);
2403 if (sendbufsize > INT_MAX)
2404 {
2405 rpcapd_log(LOGPRIO_ERROR,
2406 "Buffer size for this child thread would be larger than %d",
2407 INT_MAX);
2408 sendbuf = NULL; // we haven't allocated a buffer, so nothing to free
2409 goto error;
2410 }
2411 sendbuf = (char *) malloc (sendbufsize);
2412 if (sendbuf == NULL)
2413 {
2414 rpcapd_log(LOGPRIO_ERROR,
2415 "Unable to allocate the buffer for this child thread");
2416 goto error;
2417 }
2418
2419 #ifndef _WIN32
2420 // Modify thread params so that it can be killed at any time
2421 retval = pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
2422 if (retval != 0)
2423 {
2424 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2425 retval, "pthread_setcancelstate");
2426 rpcapd_log(LOGPRIO_ERROR,
2427 "Can't set cancel state on data thread: %s", errbuf);
2428 goto error;
2429 }
2430 retval = pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
2431 if (retval != 0)
2432 {
2433 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2434 retval, "pthread_setcanceltype");
2435 rpcapd_log(LOGPRIO_ERROR,
2436 "Can't set cancel type on data thread: %s", errbuf);
2437 goto error;
2438 }
2439 #endif
2440
2441 // Retrieve the packets
2442 while ((retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data)) >= 0) // cast to avoid a compiler warning
2443 {
2444 if (retval == 0) // Read timeout elapsed
2445 continue;
2446
2447 sendbufidx = 0;
2448
2449 // Bufferize the general header
2450 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2451 &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
2452 PCAP_ERRBUF_SIZE) == -1)
2453 {
2454 rpcapd_log(LOGPRIO_ERROR,
2455 "sock_bufferize() error sending packet message: %s",
2456 errbuf);
2457 goto error;
2458 }
2459
2460 rpcap_createhdr((struct rpcap_header *) sendbuf,
2461 session->protocol_version, RPCAP_MSG_PACKET, 0,
2462 (uint16) (sizeof(struct rpcap_pkthdr) + pkt_header->caplen));
2463
2464 net_pkt_header = (struct rpcap_pkthdr *) &sendbuf[sendbufidx];
2465
2466 // Bufferize the pkt header
2467 if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL,
2468 &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
2469 PCAP_ERRBUF_SIZE) == -1)
2470 {
2471 rpcapd_log(LOGPRIO_ERROR,
2472 "sock_bufferize() error sending packet message: %s",
2473 errbuf);
2474 goto error;
2475 }
2476
2477 net_pkt_header->caplen = htonl(pkt_header->caplen);
2478 net_pkt_header->len = htonl(pkt_header->len);
2479 net_pkt_header->npkt = htonl(++(session->TotCapt));
2480 //
2481 // This protocol needs to be updated with a new version
2482 // before 2038-01-19 03:14:07 UTC.
2483 //
2484 net_pkt_header->timestamp_sec = htonl((uint32)pkt_header->ts.tv_sec);
2485 net_pkt_header->timestamp_usec = htonl((uint32)pkt_header->ts.tv_usec);
2486
2487 // Bufferize the pkt data
2488 if (sock_bufferize((char *) pkt_data, pkt_header->caplen,
2489 sendbuf, &sendbufidx, (int)sendbufsize, SOCKBUF_BUFFERIZE,
2490 errbuf, PCAP_ERRBUF_SIZE) == -1)
2491 {
2492 rpcapd_log(LOGPRIO_ERROR,
2493 "sock_bufferize() error sending packet message: %s",
2494 errbuf);
2495 goto error;
2496 }
2497
2498 // Send the packet
2499 // If the client dropped the connection, don't report an
2500 // error, just quit.
2501 status = sock_send(session->sockdata, session->data_ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE);
2502 if (status < 0)
2503 {
2504 if (status == -1)
2505 {
2506 //
2507 // Error other than "client closed the
2508 // connection out from under us"; report
2509 // it.
2510 //
2511 rpcapd_log(LOGPRIO_ERROR,
2512 "Send of packet to client failed: %s",
2513 errbuf);
2514 }
2515
2516 //
2517 // Give up in either case.
2518 //
2519 goto error;
2520 }
2521 }
2522
2523 if (retval == -1)
2524 {
2525 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
2526 rpcap_senderror(session->sockctrl_out, session->ctrl_ssl, session->protocol_version,
2527 PCAP_ERR_READEX, errbuf, NULL);
2528 goto error;
2529 }
2530
2531 error:
2532 session_close(session);
2533
2534 free(sendbuf);
2535
2536 return 0;
2537 }
2538
2539 /*!
2540 \brief It serializes a network address.
2541
2542 It accepts a 'sockaddr_storage' structure as input, and it converts it appropriately into a format
2543 that can be used to be sent on the network. Basically, it applies all the hton()
2544 conversion required to the input variable.
2545
2546 \param sockaddrin a 'sockaddr_storage' pointer to the variable that has to be
2547 serialized. This variable can be both a 'sockaddr_in' and 'sockaddr_in6'.
2548
2549 \param sockaddrout an 'rpcap_sockaddr' pointer to the variable that will contain
2550 the serialized data. This variable has to be allocated by the user.
2551
2552 \warning This function supports only AF_INET and AF_INET6 address families.
2553 */
2554 static void
2555 daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout)
2556 {
2557 memset(sockaddrout, 0, sizeof(struct sockaddr_storage));
2558
2559 // There can be the case in which the sockaddrin is not available
2560 if (sockaddrin == NULL) return;
2561
2562 // Warning: we support only AF_INET and AF_INET6
2563 switch (sockaddrin->ss_family)
2564 {
2565 case AF_INET:
2566 {
2567 struct sockaddr_in *sockaddrin_ipv4;
2568 struct rpcap_sockaddr_in *sockaddrout_ipv4;
2569
2570 sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
2571 sockaddrout_ipv4 = (struct rpcap_sockaddr_in *) sockaddrout;
2572 sockaddrout_ipv4->family = htons(RPCAP_AF_INET);
2573 sockaddrout_ipv4->port = htons(sockaddrin_ipv4->sin_port);
2574 memcpy(&sockaddrout_ipv4->addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4->addr));
2575 memset(sockaddrout_ipv4->zero, 0, sizeof(sockaddrout_ipv4->zero));
2576 break;
2577 }
2578
2579 #ifdef AF_INET6
2580 case AF_INET6:
2581 {
2582 struct sockaddr_in6 *sockaddrin_ipv6;
2583 struct rpcap_sockaddr_in6 *sockaddrout_ipv6;
2584
2585 sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
2586 sockaddrout_ipv6 = (struct rpcap_sockaddr_in6 *) sockaddrout;
2587 sockaddrout_ipv6->family = htons(RPCAP_AF_INET6);
2588 sockaddrout_ipv6->port = htons(sockaddrin_ipv6->sin6_port);
2589 sockaddrout_ipv6->flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
2590 memcpy(&sockaddrout_ipv6->addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6->addr));
2591 sockaddrout_ipv6->scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
2592 break;
2593 }
2594 #endif
2595 }
2596 }
2597
2598
2599 /*!
2600 \brief Suspends a thread for secs seconds.
2601 */
2602 void sleep_secs(int secs)
2603 {
2604 #ifdef _WIN32
2605 Sleep(secs*1000);
2606 #else
2607 unsigned secs_remaining;
2608
2609 if (secs <= 0)
2610 return;
2611 secs_remaining = secs;
2612 while (secs_remaining != 0)
2613 secs_remaining = sleep(secs_remaining);
2614 #endif
2615 }
2616
2617 /*
2618 * Read the header of a message.
2619 */
2620 static int
2621 rpcapd_recv_msg_header(SOCKET sock, SSL *ssl, struct rpcap_header *headerp)
2622 {
2623 int nread;
2624 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2625
2626 nread = sock_recv(sock, ssl, (char *) headerp, sizeof(struct rpcap_header),
2627 SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, errbuf, PCAP_ERRBUF_SIZE);
2628 if (nread == -1)
2629 {
2630 // Network error.
2631 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2632 return -1;
2633 }
2634 if (nread == 0)
2635 {
2636 // Immediate EOF; that's treated like a close message.
2637 return -2;
2638 }
2639 headerp->plen = ntohl(headerp->plen);
2640 return 0;
2641 }
2642
2643 /*
2644 * Read data from a message.
2645 * If we're trying to read more data that remains, puts an error
2646 * message into errmsgbuf and returns -2. Otherwise, tries to read
2647 * the data and, if that succeeds, subtracts the amount read from
2648 * the number of bytes of data that remains.
2649 * Returns 0 on success, logs a message and returns -1 on a network
2650 * error.
2651 */
2652 static int
2653 rpcapd_recv(SOCKET sock, SSL *ssl, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf)
2654 {
2655 int nread;
2656 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2657
2658 if (toread > *plen)
2659 {
2660 // Tell the client and continue.
2661 pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
2662 return -2;
2663 }
2664 nread = sock_recv(sock, ssl, buffer, toread,
2665 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
2666 if (nread == -1)
2667 {
2668 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2669 return -1;
2670 }
2671 *plen -= nread;
2672 return 0;
2673 }
2674
2675 /*
2676 * Discard data from a connection.
2677 * Mostly used to discard wrong-sized messages.
2678 * Returns 0 on success, logs a message and returns -1 on a network
2679 * error.
2680 */
2681 static int
2682 rpcapd_discard(SOCKET sock, SSL *ssl, uint32 len)
2683 {
2684 char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
2685
2686 if (len != 0)
2687 {
2688 if (sock_discard(sock, ssl, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
2689 {
2690 // Network error.
2691 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2692 return -1;
2693 }
2694 }
2695 return 0;
2696 }
2697
2698 /*
2699 * Close the socket associated with the session, the optional SSL handle,
2700 * and the underlying packet capture handle. We of course do not touch
2701 * the controlling socket that's also copied into the session.
2702 */
2703 static void session_close(struct session *session)
2704 {
2705 #ifdef HAVE_OPENSSL
2706 if (session->data_ssl)
2707 {
2708 SSL_free(session->data_ssl); // Must happen *before* the socket is closed
2709 session->data_ssl = NULL;
2710 }
2711 #endif
2712
2713 if (session->sockdata)
2714 {
2715 sock_close(session->sockdata, NULL, 0);
2716 session->sockdata = 0;
2717 }
2718
2719 pcap_close(session->fp);
2720 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism