]> The Tcpdump Group git mirrors - libpcap/blob - rpcapd/daemon.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix building without protochain support. (GH #852)
[libpcap] / rpcapd / daemon.c
1 /*
2 * Copyright (c) 2002 - 2003
3 * NetGroup, Politecnico di Torino (Italy)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #ifdef HAVE_CONFIG_H
33 #include <config.h>
34 #endif
35
36 #include "ftmacros.h"
37 #include "varattrs.h"
38
39 #include <errno.h> // for the errno variable
40 #include <stdlib.h> // for malloc(), free(), ...
41 #include <string.h> // for strlen(), ...
42 #include <limits.h> // for INT_MAX
43
44 #ifdef _WIN32
45 #include <process.h> // for threads
46 #else
47 #include <unistd.h>
48 #include <pthread.h>
49 #include <signal.h>
50 #include <sys/time.h>
51 #include <sys/types.h> // for select() and such
52 #include <pwd.h> // for password management
53 #endif
54
55 #ifdef HAVE_GETSPNAM
56 #include <shadow.h> // for password management
57 #endif
58
59 #include <pcap.h> // for libpcap/WinPcap calls
60
61 #include "fmtutils.h"
62 #include "sockutils.h" // for socket calls
63 #include "portability.h"
64 #include "rpcap-protocol.h"
65 #include "daemon.h"
66 #include "log.h"
67
68 #ifdef HAVE_OPENSSL
69 #include <openssl/ssl.h>
70 #include "sslutils.h"
71 #endif
72
73 //
74 // Timeout, in seconds, when we're waiting for a client to send us an
75 // authentication request; if they don't send us a request within that
76 // interval, we drop the connection, so we don't stay stuck forever.
77 //
78 #define RPCAP_TIMEOUT_INIT 90
79
80 //
81 // Timeout, in seconds, when we're waiting for an authenticated client
82 // to send us a request, if a capture isn't in progress; if they don't
83 // send us a request within that interval, we drop the connection, so
84 // we don't stay stuck forever.
85 //
86 #define RPCAP_TIMEOUT_RUNTIME 180
87
88 //
89 // Time, in seconds, that we wait after a failed authentication attempt
90 // before processing the next request; this prevents a client from
91 // rapidly trying different accounts or passwords.
92 //
93 #define RPCAP_SUSPEND_WRONGAUTH 1
94
95 // Parameters for the service loop.
96 struct daemon_slpars
97 {
98 SOCKET sockctrl; //!< SOCKET ID of the control connection
99 SSL *ssl; //!< Optional SSL handler for the controlling sockets
100 int isactive; //!< Not null if the daemon has to run in active mode
101 int nullAuthAllowed; //!< '1' if we permit NULL authentication, '0' otherwise
102 };
103
104 //
105 // Data for a session managed by a thread.
106 // It includes both a Boolean indicating whether we *have* a thread,
107 // and a platform-dependent (UN*X vs. Windows) identifier for the
108 // thread; on Windows, we could use an invalid handle to indicate
109 // that we don't have a thread, but there *is* no portable "no thread"
110 // value for a pthread_t on UN*X.
111 //
112 struct session {
113 SOCKET sockctrl;
114 SOCKET sockdata;
115 SSL *ctrl_ssl, *data_ssl; // optional SSL handlers for sockctrl and sockdata.
116 uint8 protocol_version;
117 pcap_t *fp;
118 unsigned int TotCapt;
119 int have_thread;
120 #ifdef _WIN32
121 HANDLE thread;
122 #else
123 pthread_t thread;
124 #endif
125 };
126
127 // Locally defined functions
128 static int daemon_msg_err(SOCKET sockctrl, SSL *, uint32 plen);
129 static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen);
130 static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
131
132 static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars,
133 uint32 plen);
134
135 static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars,
136 uint32 plen, char *source, size_t sourcelen);
137 static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars,
138 uint32 plen, char *source, struct session **sessionp,
139 struct rpcap_sampling *samp_param, int uses_ssl);
140 static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
141 struct session *session);
142
143 static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
144 struct session *session, uint32 plen);
145 static int daemon_unpackapplyfilter(SOCKET sockctrl, SSL *, struct session *session, uint32 *plenp, char *errbuf);
146
147 static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
148 struct session *session, uint32 plen, struct pcap_stat *stats,
149 unsigned int svrcapt);
150
151 static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars,
152 uint32 plen, struct rpcap_sampling *samp_param);
153
154 static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
155 #ifdef _WIN32
156 static unsigned __stdcall daemon_thrdatamain(void *ptr);
157 #else
158 static void *daemon_thrdatamain(void *ptr);
159 static void noop_handler(int sign);
160 #endif
161
162 static int rpcapd_recv_msg_header(SOCKET sock, SSL *, struct rpcap_header *headerp);
163 static int rpcapd_recv(SOCKET sock, SSL *, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf);
164 static int rpcapd_discard(SOCKET sock, SSL *, uint32 len);
165 static void session_close(struct session *);
166
167 //
168 // TLS record layer header; used when processing the first message from
169 // the client, in case we aren't doing TLS but they are.
170 //
171 struct tls_record_header {
172 uint8 type; // ContentType - will be 22, for Handshake
173 uint8 version_major; // TLS protocol major version
174 uint8 version_injor; // TLS protocol minor version
175 // This is *not* aligned on a 2-byte boundary; we just
176 // declare it as two bytes. Don't assume any particular
177 // compiler's mechanism for saying "packed"!
178 uint8 length_hi; // Upper 8 bits of payload length
179 uint8 length_lo; // Low 8 bits of payload length
180 };
181
182 #define TLS_RECORD_HEADER_LEN 5 // Don't use sizeof in case it's padded
183
184 #define TLS_RECORD_TYPE_ALERT 21
185 #define TLS_RECORD_TYPE_HANDSHAKE 22
186
187 //
188 // TLS alert message.
189 //
190 struct tls_alert {
191 uint8 alert_level;
192 uint8 alert_description;
193 };
194
195 #define TLS_ALERT_LEN 2
196
197 #define TLS_ALERT_LEVEL_FATAL 2
198 #define TLS_ALERT_HANDSHAKE_FAILURE 40
199
200 static int is_url(const char *source);
201
202 /*
203 * Maximum sizes for fixed-bit-width values.
204 */
205 #ifndef UINT16_MAX
206 #define UINT16_MAX 65535U
207 #endif
208
209 #ifndef UINT32_MAX
210 #define UINT32_MAX 4294967295U
211 #endif
212
213 int
214 daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
215 int nullAuthAllowed, int uses_ssl)
216 {
217 uint8 first_octet;
218 struct tls_record_header tls_header;
219 struct tls_alert tls_alert;
220 struct daemon_slpars pars; // service loop parameters
221 char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
222 char errmsgbuf[PCAP_ERRBUF_SIZE + 1]; // buffer for errors to send to the client
223 int host_port_check_status;
224 SSL *ssl = NULL;
225 int nrecv;
226 struct rpcap_header header; // RPCAP message general header
227 uint32 plen; // payload length from header
228 int authenticated = 0; // 1 if the client has successfully authenticated
229 char source[PCAP_BUF_SIZE+1]; // keeps the string that contains the interface to open
230 int got_source = 0; // 1 if we've gotten the source from an open request
231 #ifndef _WIN32
232 struct sigaction action;
233 #endif
234 struct session *session = NULL; // struct session main variable
235 const char *msg_type_string; // string for message type
236 int client_told_us_to_close = 0; // 1 if the client told us to close the capture
237
238 // needed to save the values of the statistics
239 struct pcap_stat stats;
240 unsigned int svrcapt;
241
242 struct rpcap_sampling samp_param; // in case sampling has been requested
243
244 // Structures needed for the select() call
245 fd_set rfds; // set of socket descriptors we have to check
246 struct timeval tv; // maximum time the select() can block waiting for data
247 int retval; // select() return value
248
249 *errbuf = 0; // Initialize errbuf
250
251 //
252 // Peek into the socket to determine whether the client sent us
253 // a TLS handshake message or a non-TLS rpcapd message.
254 //
255 // The first byte of an rpcapd request is the version number;
256 // the first byte of a TLS handshake message is 22. The
257 // first request to an rpcapd server must be an authentication
258 // request or a close request, and must have a version number
259 // of 0, so it will be possible to distinguish between an
260 // initial plaintext request to a server and an initial TLS
261 // handshake message.
262 //
263 nrecv = sock_recv(sockctrl, NULL, (char *)&first_octet, 1,
264 SOCK_EOF_ISNT_ERROR|SOCK_MSG_PEEK, errbuf, PCAP_ERRBUF_SIZE);
265 if (nrecv == -1)
266 {
267 // Fatal error.
268 rpcapd_log(LOGPRIO_ERROR, "Peek from client failed: %s", errbuf);
269 goto end;
270 }
271 if (nrecv == 0)
272 {
273 // Client closed the connection.
274 goto end;
275 }
276
277 #ifdef HAVE_OPENSSL
278 //
279 // We have to upgrade to TLS as soon as possible, so that the
280 // whole protocol goes through the encrypted tunnel, including
281 // early error messages.
282 //
283 // Even in active mode, the other end has to initiate the TLS
284 // handshake as we still are the server as far as TLS is concerned,
285 // so we don't check isactive.
286 //
287 if (uses_ssl)
288 {
289 //
290 // We're expecting a TLS handshake message. If this
291 // isn't one, assume it's a non-TLS rpcapd message.
292 //
293 // The first octet of a TLS handshake is
294 // TLS_RECORD_TYPE_HANDSHAKE.
295 //
296 if (first_octet != TLS_RECORD_TYPE_HANDSHAKE)
297 {
298 //
299 // We assume this is a non-TLS rpcapd message.
300 //
301 // Read the message header from the client.
302 //
303 nrecv = rpcapd_recv_msg_header(sockctrl, NULL, &header);
304 if (nrecv == -1)
305 {
306 // Fatal error.
307 goto end;
308 }
309 if (nrecv == -2)
310 {
311 // Client closed the connection.
312 goto end;
313 }
314 plen = header.plen;
315
316 // Discard the rest of the message.
317 if (rpcapd_discard(sockctrl, NULL, plen) == -1)
318 {
319 // Network error.
320 goto end;
321 }
322
323 //
324 // Send an authentication error, indicating
325 // that we require TLS.
326 //
327 if (rpcap_senderror(sockctrl, NULL, header.ver,
328 PCAP_ERR_TLS_REQUIRED,
329 "TLS is required by this server", errbuf) == -1)
330 {
331 // That failed; log a message and give up.
332 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
333 goto end;
334 }
335
336 // Shut the session down.
337 goto end;
338 }
339 ssl = ssl_promotion(1, sockctrl, errbuf, PCAP_ERRBUF_SIZE);
340 if (! ssl)
341 {
342 rpcapd_log(LOGPRIO_ERROR, "TLS handshake on control connection failed: %s",
343 errbuf);
344 goto end;
345 }
346 }
347 else
348 #endif
349 {
350 //
351 // We're expecting a non-TLS rpcapd message. If this
352 // looks, instead, like a TLS handshake message, send
353 // a TLS handshake_failed alert.
354 //
355 // The first octet of a TLS handshake is
356 // TLS_RECORD_TYPE_HANDSHAKE.
357 //
358 if (first_octet == TLS_RECORD_TYPE_HANDSHAKE)
359 {
360 //
361 // TLS handshake.
362 // Read the record header.
363 //
364 nrecv = sock_recv(sockctrl, ssl, (char *) &tls_header,
365 sizeof tls_header, SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR,
366 errbuf, PCAP_ERRBUF_SIZE);
367 if (nrecv == -1)
368 {
369 // Network error.
370 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
371 goto end;
372 }
373 if (nrecv == 0)
374 {
375 // Immediate EOF
376 goto end;
377 }
378 plen = (tls_header.length_hi << 8U) | tls_header.length_lo;
379
380 // Discard the rest of the message.
381 if (rpcapd_discard(sockctrl, NULL, plen) == -1)
382 {
383 // Network error.
384 goto end;
385 }
386
387 //
388 // Send a TLS handshake failure alert.
389 // Use the same version the client sent us.
390 //
391 tls_header.type = TLS_RECORD_TYPE_ALERT;
392 tls_header.length_hi = 0;
393 tls_header.length_lo = TLS_ALERT_LEN;
394
395 if (sock_send(sockctrl, NULL, (char *) &tls_header,
396 TLS_RECORD_HEADER_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
397 {
398 // That failed; log a message and give up.
399 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
400 goto end;
401 }
402
403 tls_alert.alert_level = TLS_ALERT_LEVEL_FATAL;
404 tls_alert.alert_description = TLS_ALERT_HANDSHAKE_FAILURE;
405 if (sock_send(sockctrl, NULL, (char *) &tls_alert,
406 TLS_ALERT_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
407 {
408 // That failed; log a message and give up.
409 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
410 goto end;
411 }
412 //
413 // Give up anyway.
414 //
415 goto end;
416 }
417 }
418
419 // Set parameters structure
420 pars.sockctrl = sockctrl;
421 pars.ssl = ssl;
422 pars.isactive = isactive; // active mode
423 pars.nullAuthAllowed = nullAuthAllowed;
424
425 //
426 // We have a connection.
427 //
428 // If it's a passive mode connection, check whether the connecting
429 // host is among the ones allowed.
430 //
431 // In either case, we were handed a copy of the host list; free it
432 // as soon as we're done with it.
433 //
434 if (pars.isactive)
435 {
436 // Nothing to do.
437 free(passiveClients);
438 passiveClients = NULL;
439 }
440 else
441 {
442 struct sockaddr_storage from;
443 socklen_t fromlen;
444
445 //
446 // Get the address of the other end of the connection.
447 //
448 fromlen = sizeof(struct sockaddr_storage);
449 if (getpeername(pars.sockctrl, (struct sockaddr *)&from,
450 &fromlen) == -1)
451 {
452 sock_geterror("getpeername()", errmsgbuf, PCAP_ERRBUF_SIZE);
453 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
454 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
455 goto end;
456 }
457
458 //
459 // Are they in the list of host/port combinations we allow?
460 //
461 host_port_check_status = sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE);
462 free(passiveClients);
463 passiveClients = NULL;
464 if (host_port_check_status < 0)
465 {
466 if (host_port_check_status == -2) {
467 //
468 // We got an error; log it.
469 //
470 rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
471 }
472
473 //
474 // Sorry, we can't let you in.
475 //
476 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1)
477 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
478 goto end;
479 }
480 }
481
482 #ifndef _WIN32
483 //
484 // Catch SIGUSR1, but do nothing. We use it to interrupt the
485 // capture thread to break it out of a loop in which it's
486 // blocked waiting for packets to arrive.
487 //
488 // We don't want interrupted system calls to restart, so that
489 // the read routine for the pcap_t gets EINTR rather than
490 // restarting if it's blocked in a system call.
491 //
492 memset(&action, 0, sizeof (action));
493 action.sa_handler = noop_handler;
494 action.sa_flags = 0;
495 sigemptyset(&action.sa_mask);
496 sigaction(SIGUSR1, &action, NULL);
497 #endif
498
499 //
500 // The client must first authenticate; loop until they send us a
501 // message with a version we support and credentials we accept,
502 // they send us a close message indicating that they're giving up,
503 // or we get a network error or other fatal error.
504 //
505 while (!authenticated)
506 {
507 //
508 // If we're not in active mode, we use select(), with a
509 // timeout, to wait for an authentication request; if
510 // the timeout expires, we drop the connection, so that
511 // a client can't just connect to us and leave us
512 // waiting forever.
513 //
514 if (!pars.isactive)
515 {
516 FD_ZERO(&rfds);
517 // We do not have to block here
518 tv.tv_sec = RPCAP_TIMEOUT_INIT;
519 tv.tv_usec = 0;
520
521 FD_SET(pars.sockctrl, &rfds);
522
523 retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
524 if (retval == -1)
525 {
526 sock_geterror("select() failed", errmsgbuf, PCAP_ERRBUF_SIZE);
527 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
528 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
529 goto end;
530 }
531
532 // The timeout has expired
533 // So, this was a fake connection. Drop it down
534 if (retval == 0)
535 {
536 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1)
537 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
538 goto end;
539 }
540 }
541
542 //
543 // Read the message header from the client.
544 //
545 nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
546 if (nrecv == -1)
547 {
548 // Fatal error.
549 goto end;
550 }
551 if (nrecv == -2)
552 {
553 // Client closed the connection.
554 goto end;
555 }
556
557 plen = header.plen;
558
559 //
560 // While we're in the authentication pharse, all requests
561 // must use version 0.
562 //
563 if (header.ver != 0)
564 {
565 //
566 // Send it back to them with their version.
567 //
568 if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver,
569 PCAP_ERR_WRONGVER,
570 "RPCAP version in requests in the authentication phase must be 0",
571 errbuf) == -1)
572 {
573 // That failed; log a message and give up.
574 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
575 goto end;
576 }
577
578 // Discard the rest of the message and drop the
579 // connection.
580 (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
581 goto end;
582 }
583
584 switch (header.type)
585 {
586 case RPCAP_MSG_AUTH_REQ:
587 retval = daemon_msg_auth_req(&pars, plen);
588 if (retval == -1)
589 {
590 // Fatal error; a message has
591 // been logged, so just give up.
592 goto end;
593 }
594 if (retval == -2)
595 {
596 // Non-fatal error; we sent back
597 // an error message, so let them
598 // try again.
599 continue;
600 }
601
602 // OK, we're authenticated; we sent back
603 // a reply, so start serving requests.
604 authenticated = 1;
605 break;
606
607 case RPCAP_MSG_CLOSE:
608 //
609 // The client is giving up.
610 // Discard the rest of the message, if
611 // there is anything more.
612 //
613 (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
614 // We're done with this client.
615 goto end;
616
617 case RPCAP_MSG_ERROR:
618 // Log this and close the connection?
619 // XXX - is this what happens in active
620 // mode, where *we* initiate the
621 // connection, and the client gives us
622 // an error message rather than a "let
623 // me log in" message, indicating that
624 // we're not allowed to connect to them?
625 (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
626 goto end;
627
628 case RPCAP_MSG_FINDALLIF_REQ:
629 case RPCAP_MSG_OPEN_REQ:
630 case RPCAP_MSG_STARTCAP_REQ:
631 case RPCAP_MSG_UPDATEFILTER_REQ:
632 case RPCAP_MSG_STATS_REQ:
633 case RPCAP_MSG_ENDCAP_REQ:
634 case RPCAP_MSG_SETSAMPLING_REQ:
635 //
636 // These requests can't be sent until
637 // the client is authenticated.
638 //
639 msg_type_string = rpcap_msg_type_string(header.type);
640 if (msg_type_string != NULL)
641 {
642 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string);
643 }
644 else
645 {
646 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type);
647 }
648 if (rpcap_senderror(pars.sockctrl, pars.ssl,
649 header.ver, PCAP_ERR_WRONGMSG,
650 errmsgbuf, errbuf) == -1)
651 {
652 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
653 goto end;
654 }
655 // Discard the rest of the message.
656 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
657 {
658 // Network error.
659 goto end;
660 }
661 break;
662
663 case RPCAP_MSG_PACKET:
664 case RPCAP_MSG_FINDALLIF_REPLY:
665 case RPCAP_MSG_OPEN_REPLY:
666 case RPCAP_MSG_STARTCAP_REPLY:
667 case RPCAP_MSG_UPDATEFILTER_REPLY:
668 case RPCAP_MSG_AUTH_REPLY:
669 case RPCAP_MSG_STATS_REPLY:
670 case RPCAP_MSG_ENDCAP_REPLY:
671 case RPCAP_MSG_SETSAMPLING_REPLY:
672 //
673 // These are server-to-client messages.
674 //
675 msg_type_string = rpcap_msg_type_string(header.type);
676 if (msg_type_string != NULL)
677 {
678 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
679 }
680 else
681 {
682 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
683 }
684 if (rpcap_senderror(pars.sockctrl, pars.ssl,
685 header.ver, PCAP_ERR_WRONGMSG,
686 errmsgbuf, errbuf) == -1)
687 {
688 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
689 goto end;
690 }
691 // Discard the rest of the message.
692 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
693 {
694 // Fatal error.
695 goto end;
696 }
697 break;
698
699 default:
700 //
701 // Unknown message type.
702 //
703 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
704 if (rpcap_senderror(pars.sockctrl, pars.ssl,
705 header.ver, PCAP_ERR_WRONGMSG,
706 errmsgbuf, errbuf) == -1)
707 {
708 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
709 goto end;
710 }
711 // Discard the rest of the message.
712 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
713 {
714 // Fatal error.
715 goto end;
716 }
717 break;
718 }
719 }
720
721 //
722 // OK, the client has authenticated itself, and we can start
723 // processing regular requests from it.
724 //
725
726 //
727 // We don't have any statistics yet.
728 //
729 stats.ps_ifdrop = 0;
730 stats.ps_recv = 0;
731 stats.ps_drop = 0;
732 svrcapt = 0;
733
734 //
735 // Service requests.
736 //
737 for (;;)
738 {
739 errbuf[0] = 0; // clear errbuf
740
741 // Avoid zombies connections; check if the connection is opens but no commands are performed
742 // from more than RPCAP_TIMEOUT_RUNTIME
743 // Conditions:
744 // - I have to be in normal mode (no active mode)
745 // - if the device is open, I don't have to be in the middle of a capture (session->sockdata)
746 // - if the device is closed, I have always to check if a new command arrives
747 //
748 // Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
749 // sockdata is 0
750 if ((!pars.isactive) && (session == NULL || session->sockdata == 0))
751 {
752 // Check for the initial timeout
753 FD_ZERO(&rfds);
754 // We do not have to block here
755 tv.tv_sec = RPCAP_TIMEOUT_RUNTIME;
756 tv.tv_usec = 0;
757
758 FD_SET(pars.sockctrl, &rfds);
759 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
760 retval = 1;
761 #else
762 retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
763 #endif
764 if (retval == -1)
765 {
766 sock_geterror("select() failed", errmsgbuf, PCAP_ERRBUF_SIZE);
767 if (rpcap_senderror(pars.sockctrl, pars.ssl,
768 0, PCAP_ERR_NETW,
769 errmsgbuf, errbuf) == -1)
770 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
771 goto end;
772 }
773
774 // The timeout has expired
775 // So, this was a fake connection. Drop it down
776 if (retval == 0)
777 {
778 if (rpcap_senderror(pars.sockctrl, pars.ssl,
779 0, PCAP_ERR_INITTIMEOUT,
780 "The RPCAP initial timeout has expired",
781 errbuf) == -1)
782 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
783 goto end;
784 }
785 }
786
787 //
788 // Read the message header from the client.
789 //
790 nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
791 if (nrecv == -1)
792 {
793 // Fatal error.
794 goto end;
795 }
796 if (nrecv == -2)
797 {
798 // Client closed the connection.
799 goto end;
800 }
801
802 plen = header.plen;
803
804 //
805 // Did the client specify a protocol version that we
806 // support?
807 //
808 if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
809 {
810 //
811 // Tell them it's not a supported version.
812 // Send the error message with their version,
813 // so they don't reject it as having the wrong
814 // version.
815 //
816 if (rpcap_senderror(pars.sockctrl, pars.ssl,
817 header.ver, PCAP_ERR_WRONGVER,
818 "RPCAP version in message isn't supported by the server",
819 errbuf) == -1)
820 {
821 // That failed; log a message and give up.
822 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
823 goto end;
824 }
825
826 // Discard the rest of the message.
827 (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
828 // Give up on them.
829 goto end;
830 }
831
832 switch (header.type)
833 {
834 case RPCAP_MSG_ERROR: // The other endpoint reported an error
835 {
836 (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
837 // Do nothing; just exit; the error code is already into the errbuf
838 // XXX - actually exit....
839 break;
840 }
841
842 case RPCAP_MSG_FINDALLIF_REQ:
843 {
844 if (daemon_msg_findallif_req(header.ver, &pars, plen) == -1)
845 {
846 // Fatal error; a message has
847 // been logged, so just give up.
848 goto end;
849 }
850 break;
851 }
852
853 case RPCAP_MSG_OPEN_REQ:
854 {
855 //
856 // Process the open request, and keep
857 // the source from it, for use later
858 // when the capture is started.
859 //
860 // XXX - we don't care if the client sends
861 // us multiple open requests, the last
862 // one wins.
863 //
864 retval = daemon_msg_open_req(header.ver, &pars,
865 plen, source, sizeof(source));
866 if (retval == -1)
867 {
868 // Fatal error; a message has
869 // been logged, so just give up.
870 goto end;
871 }
872 got_source = 1;
873 break;
874 }
875
876 case RPCAP_MSG_STARTCAP_REQ:
877 {
878 if (!got_source)
879 {
880 // They never told us what device
881 // to capture on!
882 if (rpcap_senderror(pars.sockctrl, pars.ssl,
883 header.ver,
884 PCAP_ERR_STARTCAPTURE,
885 "No capture device was specified",
886 errbuf) == -1)
887 {
888 // Fatal error; log an
889 // error and give up.
890 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
891 goto end;
892 }
893 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
894 {
895 goto end;
896 }
897 break;
898 }
899
900 if (daemon_msg_startcap_req(header.ver, &pars,
901 plen, source, &session, &samp_param,
902 uses_ssl) == -1)
903 {
904 // Fatal error; a message has
905 // been logged, so just give up.
906 goto end;
907 }
908 break;
909 }
910
911 case RPCAP_MSG_UPDATEFILTER_REQ:
912 {
913 if (session)
914 {
915 if (daemon_msg_updatefilter_req(header.ver,
916 &pars, session, plen) == -1)
917 {
918 // Fatal error; a message has
919 // been logged, so just give up.
920 goto end;
921 }
922 }
923 else
924 {
925 if (rpcap_senderror(pars.sockctrl, pars.ssl,
926 header.ver,
927 PCAP_ERR_UPDATEFILTER,
928 "Device not opened. Cannot update filter",
929 errbuf) == -1)
930 {
931 // That failed; log a message and give up.
932 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
933 goto end;
934 }
935 }
936 break;
937 }
938
939 case RPCAP_MSG_CLOSE: // The other endpoint close the pcap session
940 {
941 //
942 // Indicate to our caller that the client
943 // closed the control connection.
944 // This is used only in case of active mode.
945 //
946 client_told_us_to_close = 1;
947 rpcapd_log(LOGPRIO_DEBUG, "The other end system asked to close the connection.");
948 goto end;
949 }
950
951 case RPCAP_MSG_STATS_REQ:
952 {
953 if (daemon_msg_stats_req(header.ver, &pars,
954 session, plen, &stats, svrcapt) == -1)
955 {
956 // Fatal error; a message has
957 // been logged, so just give up.
958 goto end;
959 }
960 break;
961 }
962
963 case RPCAP_MSG_ENDCAP_REQ: // The other endpoint close the current capture session
964 {
965 if (session)
966 {
967 // Save statistics (we can need them in the future)
968 if (pcap_stats(session->fp, &stats))
969 {
970 svrcapt = session->TotCapt;
971 }
972 else
973 {
974 stats.ps_ifdrop = 0;
975 stats.ps_recv = 0;
976 stats.ps_drop = 0;
977 svrcapt = 0;
978 }
979
980 if (daemon_msg_endcap_req(header.ver,
981 &pars, session) == -1)
982 {
983 free(session);
984 session = NULL;
985 // Fatal error; a message has
986 // been logged, so just give up.
987 goto end;
988 }
989 free(session);
990 session = NULL;
991 }
992 else
993 {
994 rpcap_senderror(pars.sockctrl, pars.ssl,
995 header.ver,
996 PCAP_ERR_ENDCAPTURE,
997 "Device not opened. Cannot close the capture",
998 errbuf);
999 }
1000 break;
1001 }
1002
1003 case RPCAP_MSG_SETSAMPLING_REQ:
1004 {
1005 if (daemon_msg_setsampling_req(header.ver,
1006 &pars, plen, &samp_param) == -1)
1007 {
1008 // Fatal error; a message has
1009 // been logged, so just give up.
1010 goto end;
1011 }
1012 break;
1013 }
1014
1015 case RPCAP_MSG_AUTH_REQ:
1016 {
1017 //
1018 // We're already authenticated; you don't
1019 // get to reauthenticate.
1020 //
1021 rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed");
1022 if (rpcap_senderror(pars.sockctrl, pars.ssl,
1023 header.ver,
1024 PCAP_ERR_WRONGMSG,
1025 "RPCAP_MSG_AUTH_REQ request sent after authentication was completed",
1026 errbuf) == -1)
1027 {
1028 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1029 goto end;
1030 }
1031 // Discard the rest of the message.
1032 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1033 {
1034 // Fatal error.
1035 goto end;
1036 }
1037 goto end;
1038
1039 case RPCAP_MSG_PACKET:
1040 case RPCAP_MSG_FINDALLIF_REPLY:
1041 case RPCAP_MSG_OPEN_REPLY:
1042 case RPCAP_MSG_STARTCAP_REPLY:
1043 case RPCAP_MSG_UPDATEFILTER_REPLY:
1044 case RPCAP_MSG_AUTH_REPLY:
1045 case RPCAP_MSG_STATS_REPLY:
1046 case RPCAP_MSG_ENDCAP_REPLY:
1047 case RPCAP_MSG_SETSAMPLING_REPLY:
1048 //
1049 // These are server-to-client messages.
1050 //
1051 msg_type_string = rpcap_msg_type_string(header.type);
1052 if (msg_type_string != NULL)
1053 {
1054 rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string);
1055 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
1056 }
1057 else
1058 {
1059 rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type);
1060 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
1061 }
1062 if (rpcap_senderror(pars.sockctrl, pars.ssl,
1063 header.ver, PCAP_ERR_WRONGMSG,
1064 errmsgbuf, errbuf) == -1)
1065 {
1066 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1067 goto end;
1068 }
1069 // Discard the rest of the message.
1070 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1071 {
1072 // Fatal error.
1073 goto end;
1074 }
1075 goto end;
1076
1077 default:
1078 //
1079 // Unknown message type.
1080 //
1081 rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type);
1082 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
1083 if (rpcap_senderror(pars.sockctrl, pars.ssl,
1084 header.ver, PCAP_ERR_WRONGMSG,
1085 errbuf, errmsgbuf) == -1)
1086 {
1087 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1088 goto end;
1089 }
1090 // Discard the rest of the message.
1091 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1092 {
1093 // Fatal error.
1094 goto end;
1095 }
1096 goto end;
1097 }
1098 }
1099 }
1100
1101 end:
1102 // The service loop is finishing up.
1103 // If we have a capture session running, close it.
1104 if (session)
1105 {
1106 session_close(session);
1107 free(session);
1108 session = NULL;
1109 }
1110
1111 if (passiveClients) {
1112 free(passiveClients);
1113 }
1114 //
1115 // Finish using the SSL handle for the control socket, if we
1116 // have an SSL connection, and close the control socket.
1117 //
1118 #ifdef HAVE_OPENSSL
1119 if (ssl)
1120 {
1121 // Finish using the SSL handle for the socket.
1122 // This must be done *before* the socket is closed.
1123 ssl_finish(ssl);
1124 }
1125 #endif
1126 sock_close(sockctrl, NULL, 0);
1127
1128 // Print message and return
1129 rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop");
1130
1131 return client_told_us_to_close;
1132 }
1133
1134 /*
1135 * This handles the RPCAP_MSG_ERR message.
1136 */
1137 static int
1138 daemon_msg_err(SOCKET sockctrl, SSL *ssl, uint32 plen)
1139 {
1140 char errbuf[PCAP_ERRBUF_SIZE];
1141 char remote_errbuf[PCAP_ERRBUF_SIZE];
1142
1143 if (plen >= PCAP_ERRBUF_SIZE)
1144 {
1145 /*
1146 * Message is too long; just read as much of it as we
1147 * can into the buffer provided, and discard the rest.
1148 */
1149 if (sock_recv(sockctrl, ssl, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
1150 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
1151 PCAP_ERRBUF_SIZE) == -1)
1152 {
1153 // Network error.
1154 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1155 return -1;
1156 }
1157 if (rpcapd_discard(sockctrl, ssl, plen - (PCAP_ERRBUF_SIZE - 1)) == -1)
1158 {
1159 // Network error.
1160 return -1;
1161 }
1162
1163 /*
1164 * Null-terminate it.
1165 */
1166 remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0';
1167 }
1168 else if (plen == 0)
1169 {
1170 /* Empty error string. */
1171 remote_errbuf[0] = '\0';
1172 }
1173 else
1174 {
1175 if (sock_recv(sockctrl, ssl, remote_errbuf, plen,
1176 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
1177 PCAP_ERRBUF_SIZE) == -1)
1178 {
1179 // Network error.
1180 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1181 return -1;
1182 }
1183
1184 /*
1185 * Null-terminate it.
1186 */
1187 remote_errbuf[plen] = '\0';
1188 }
1189 // Log the message
1190 rpcapd_log(LOGPRIO_ERROR, "Error from client: %s", remote_errbuf);
1191 return 0;
1192 }
1193
1194 /*
1195 * This handles the RPCAP_MSG_AUTH_REQ message.
1196 * It checks if the authentication credentials supplied by the user are valid.
1197 *
1198 * This function is called if the daemon receives a RPCAP_MSG_AUTH_REQ
1199 * message in its authentication loop. It reads the body of the
1200 * authentication message from the network and checks whether the
1201 * credentials are valid.
1202 *
1203 * \param sockctrl: the socket for the control connection.
1204 *
1205 * \param nullAuthAllowed: '1' if the NULL authentication is allowed.
1206 *
1207 * \param errbuf: a user-allocated buffer in which the error message
1208 * (if one) has to be written. It must be at least PCAP_ERRBUF_SIZE
1209 * bytes long.
1210 *
1211 * \return '0' if everything is fine, '-1' if an unrecoverable error occurred,
1212 * or '-2' if the authentication failed. For errors, an error message is
1213 * returned in the 'errbuf' variable; this gives a message for the
1214 * unrecoverable error or for the authentication failure.
1215 */
1216 static int
1217 daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
1218 {
1219 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1220 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1221 int status;
1222 struct rpcap_auth auth; // RPCAP authentication header
1223 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1224 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1225 struct rpcap_authreply *authreply; // authentication reply message
1226
1227 status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf);
1228 if (status == -1)
1229 {
1230 return -1;
1231 }
1232 if (status == -2)
1233 {
1234 goto error;
1235 }
1236
1237 switch (ntohs(auth.type))
1238 {
1239 case RPCAP_RMTAUTH_NULL:
1240 {
1241 if (!pars->nullAuthAllowed)
1242 {
1243 // Send the client an error reply.
1244 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
1245 "Authentication failed; NULL authentication not permitted.");
1246 if (rpcap_senderror(pars->sockctrl, pars->ssl,
1247 0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
1248 {
1249 // That failed; log a message and give up.
1250 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1251 return -1;
1252 }
1253 goto error_noreply;
1254 }
1255 break;
1256 }
1257
1258 case RPCAP_RMTAUTH_PWD:
1259 {
1260 char *username, *passwd;
1261 uint32 usernamelen, passwdlen;
1262
1263 usernamelen = ntohs(auth.slen1);
1264 username = (char *) malloc (usernamelen + 1);
1265 if (username == NULL)
1266 {
1267 pcap_fmt_errmsg_for_errno(errmsgbuf,
1268 PCAP_ERRBUF_SIZE, errno, "malloc() failed");
1269 goto error;
1270 }
1271 status = rpcapd_recv(pars->sockctrl, pars->ssl, username, usernamelen, &plen, errmsgbuf);
1272 if (status == -1)
1273 {
1274 free(username);
1275 return -1;
1276 }
1277 if (status == -2)
1278 {
1279 free(username);
1280 goto error;
1281 }
1282 username[usernamelen] = '\0';
1283
1284 passwdlen = ntohs(auth.slen2);
1285 passwd = (char *) malloc (passwdlen + 1);
1286 if (passwd == NULL)
1287 {
1288 pcap_fmt_errmsg_for_errno(errmsgbuf,
1289 PCAP_ERRBUF_SIZE, errno, "malloc() failed");
1290 free(username);
1291 goto error;
1292 }
1293 status = rpcapd_recv(pars->sockctrl, pars->ssl, passwd, passwdlen, &plen, errmsgbuf);
1294 if (status == -1)
1295 {
1296 free(username);
1297 free(passwd);
1298 return -1;
1299 }
1300 if (status == -2)
1301 {
1302 free(username);
1303 free(passwd);
1304 goto error;
1305 }
1306 passwd[passwdlen] = '\0';
1307
1308 if (daemon_AuthUserPwd(username, passwd, errmsgbuf))
1309 {
1310 //
1311 // Authentication failed. Let the client
1312 // know.
1313 //
1314 free(username);
1315 free(passwd);
1316 if (rpcap_senderror(pars->sockctrl, pars->ssl,
1317 0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
1318 {
1319 // That failed; log a message and give up.
1320 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1321 return -1;
1322 }
1323
1324 //
1325 // Suspend for 1 second, so that they can't
1326 // hammer us with repeated tries with an
1327 // attack such as a dictionary attack.
1328 //
1329 // WARNING: this delay is inserted only
1330 // at this point; if the client closes the
1331 // connection and reconnects, the suspension
1332 // time does not have any effect.
1333 //
1334 sleep_secs(RPCAP_SUSPEND_WRONGAUTH);
1335 goto error_noreply;
1336 }
1337
1338 free(username);
1339 free(passwd);
1340 break;
1341 }
1342
1343 default:
1344 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
1345 "Authentication type not recognized.");
1346 if (rpcap_senderror(pars->sockctrl, pars->ssl,
1347 0, PCAP_ERR_AUTH_TYPE_NOTSUP, errmsgbuf, errbuf) == -1)
1348 {
1349 // That failed; log a message and give up.
1350 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1351 return -1;
1352 }
1353 goto error_noreply;
1354 }
1355
1356 // The authentication succeeded; let the client know.
1357 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1358 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1359 goto error;
1360
1361 rpcap_createhdr((struct rpcap_header *) sendbuf, 0,
1362 RPCAP_MSG_AUTH_REPLY, 0, sizeof(struct rpcap_authreply));
1363
1364 authreply = (struct rpcap_authreply *) &sendbuf[sendbufidx];
1365
1366 if (sock_bufferize(NULL, sizeof(struct rpcap_authreply), NULL, &sendbufidx,
1367 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1368 goto error;
1369
1370 //
1371 // Indicate to our peer what versions we support.
1372 //
1373 memset(authreply, 0, sizeof(struct rpcap_authreply));
1374 authreply->minvers = RPCAP_MIN_VERSION;
1375 authreply->maxvers = RPCAP_MAX_VERSION;
1376
1377 // Send the reply.
1378 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1379 {
1380 // That failed; log a message and give up.
1381 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1382 return -1;
1383 }
1384
1385 // Check if all the data has been read; if not, discard the data in excess
1386 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1387 {
1388 return -1;
1389 }
1390
1391 return 0;
1392
1393 error:
1394 if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH,
1395 errmsgbuf, errbuf) == -1)
1396 {
1397 // That failed; log a message and give up.
1398 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1399 return -1;
1400 }
1401
1402 error_noreply:
1403 // Check if all the data has been read; if not, discard the data in excess
1404 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1405 {
1406 return -1;
1407 }
1408
1409 return -2;
1410 }
1411
1412 static int
1413 daemon_AuthUserPwd(char *username, char *password, char *errbuf)
1414 {
1415 #ifdef _WIN32
1416 /*
1417 * Warning: the user which launches the process must have the
1418 * SE_TCB_NAME right.
1419 * This corresponds to have the "Act as part of the Operating System"
1420 * turned on (administrative tools, local security settings, local
1421 * policies, user right assignment)
1422 * However, it seems to me that if you run it as a service, this
1423 * right should be provided by default.
1424 *
1425 * XXX - hopefully, this returns errors such as ERROR_LOGON_FAILURE,
1426 * which merely indicates that the user name or password is
1427 * incorrect, not whether it's the user name or the password
1428 * that's incorrect, so a client that's trying to brute-force
1429 * accounts doesn't know whether it's the user name or the
1430 * password that's incorrect, so it doesn't know whether to
1431 * stop trying to log in with a given user name and move on
1432 * to another user name.
1433 */
1434 DWORD error;
1435 HANDLE Token;
1436 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to log
1437
1438 if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
1439 {
1440 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1441 error = GetLastError();
1442 if (error != ERROR_LOGON_FAILURE)
1443 {
1444 // Some error other than an authentication error;
1445 // log it.
1446 pcap_fmt_errmsg_for_win32_err(errmsgbuf,
1447 PCAP_ERRBUF_SIZE, error, "LogonUser() failed");
1448 rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
1449 }
1450 return -1;
1451 }
1452
1453 // This call should change the current thread to the selected user.
1454 // I didn't test it.
1455 if (ImpersonateLoggedOnUser(Token) == 0)
1456 {
1457 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1458 pcap_fmt_errmsg_for_win32_err(errmsgbuf, PCAP_ERRBUF_SIZE,
1459 GetLastError(), "ImpersonateLoggedOnUser() failed");
1460 rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
1461 CloseHandle(Token);
1462 return -1;
1463 }
1464
1465 CloseHandle(Token);
1466 return 0;
1467
1468 #else
1469 /*
1470 * See
1471 *
1472 * https://www.unixpapa.com/incnote/passwd.html
1473 *
1474 * We use the Solaris/Linux shadow password authentication if
1475 * we have getspnam(), otherwise we just do traditional
1476 * authentication, which, on some platforms, might work, even
1477 * with shadow passwords, if we're running as root. Traditional
1478 * authenticaion won't work if we're not running as root, as
1479 * I think these days all UN*Xes either won't return the password
1480 * at all with getpwnam() or will only do so if you're root.
1481 *
1482 * XXX - perhaps what we *should* be using is PAM, if we have
1483 * it. That might hide all the details of username/password
1484 * authentication, whether it's done with a visible-to-root-
1485 * only password database or some other authentication mechanism,
1486 * behind its API.
1487 */
1488 int error;
1489 struct passwd *user;
1490 char *user_password;
1491 #ifdef HAVE_GETSPNAM
1492 struct spwd *usersp;
1493 #endif
1494 char *crypt_password;
1495
1496 // This call is needed to get the uid
1497 if ((user = getpwnam(username)) == NULL)
1498 {
1499 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1500 return -1;
1501 }
1502
1503 #ifdef HAVE_GETSPNAM
1504 // This call is needed to get the password; otherwise 'x' is returned
1505 if ((usersp = getspnam(username)) == NULL)
1506 {
1507 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1508 return -1;
1509 }
1510 user_password = usersp->sp_pwdp;
1511 #else
1512 /*
1513 * XXX - what about other platforms?
1514 * The unixpapa.com page claims this Just Works on *BSD if you're
1515 * running as root - it's from 2000, so it doesn't indicate whether
1516 * macOS (which didn't come out until 2001, under the name Mac OS
1517 * X) behaves like the *BSDs or not, and might also work on AIX.
1518 * HP-UX does something else.
1519 *
1520 * Again, hopefully PAM hides all that.
1521 */
1522 user_password = user->pw_passwd;
1523 #endif
1524
1525 //
1526 // The Single UNIX Specification says that if crypt() fails it
1527 // sets errno, but some implementatons that haven't been run
1528 // through the SUS test suite might not do so.
1529 //
1530 errno = 0;
1531 crypt_password = crypt(password, user_password);
1532 if (crypt_password == NULL)
1533 {
1534 error = errno;
1535 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1536 if (error == 0)
1537 {
1538 // It didn't set errno.
1539 rpcapd_log(LOGPRIO_ERROR, "crypt() failed");
1540 }
1541 else
1542 {
1543 rpcapd_log(LOGPRIO_ERROR, "crypt() failed: %s",
1544 strerror(error));
1545 }
1546 return -1;
1547 }
1548 if (strcmp(user_password, crypt_password) != 0)
1549 {
1550 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1551 return -1;
1552 }
1553
1554 if (setuid(user->pw_uid))
1555 {
1556 error = errno;
1557 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1558 error, "setuid");
1559 rpcapd_log(LOGPRIO_ERROR, "setuid() failed: %s",
1560 strerror(error));
1561 return -1;
1562 }
1563
1564 /* if (setgid(user->pw_gid))
1565 {
1566 error = errno;
1567 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1568 errno, "setgid");
1569 rpcapd_log(LOGPRIO_ERROR, "setgid() failed: %s",
1570 strerror(error));
1571 return -1;
1572 }
1573 */
1574 return 0;
1575
1576 #endif
1577
1578 }
1579
1580 /*
1581 * Make sure that the reply length won't overflow 32 bits if we add the
1582 * specified amount to it. If it won't, add that amount to it.
1583 *
1584 * We check whether replylen + itemlen > UINT32_MAX, but subtract itemlen
1585 * from both sides, to prevent overflow.
1586 */
1587 #define CHECK_AND_INCREASE_REPLY_LEN(itemlen) \
1588 if (replylen > UINT32_MAX - (itemlen)) { \
1589 pcap_strlcpy(errmsgbuf, "Reply length doesn't fit in 32 bits", \
1590 sizeof (errmsgbuf)); \
1591 goto error; \
1592 } \
1593 replylen += (uint32)(itemlen)
1594
1595 static int
1596 daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen)
1597 {
1598 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1599 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1600 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1601 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1602 pcap_if_t *alldevs = NULL; // pointer to the header of the interface chain
1603 pcap_if_t *d; // temp pointer needed to scan the interface chain
1604 struct pcap_addr *address; // pcap structure that keeps a network address of an interface
1605 uint32 replylen; // length of reply payload
1606 uint16 nif = 0; // counts the number of interface listed
1607
1608 // Discard the rest of the message; there shouldn't be any payload.
1609 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1610 {
1611 // Network error.
1612 return -1;
1613 }
1614
1615 // Retrieve the device list
1616 if (pcap_findalldevs(&alldevs, errmsgbuf) == -1)
1617 goto error;
1618
1619 if (alldevs == NULL)
1620 {
1621 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
1622 PCAP_ERR_NOREMOTEIF,
1623 "No interfaces found! Make sure libpcap/WinPcap is properly installed"
1624 " and you have the right to access to the remote device.",
1625 errbuf) == -1)
1626 {
1627 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1628 return -1;
1629 }
1630 return 0;
1631 }
1632
1633 // This checks the number of interfaces and computes the total
1634 // length of the payload.
1635 replylen = 0;
1636 for (d = alldevs; d != NULL; d = d->next)
1637 {
1638 nif++;
1639
1640 if (d->description) {
1641 size_t stringlen = strlen(d->description);
1642 if (stringlen > UINT16_MAX) {
1643 pcap_strlcpy(errmsgbuf,
1644 "Description length doesn't fit in 16 bits",
1645 sizeof (errmsgbuf));
1646 goto error;
1647 }
1648 CHECK_AND_INCREASE_REPLY_LEN(stringlen);
1649 }
1650 if (d->name) {
1651 size_t stringlen = strlen(d->name);
1652 if (stringlen > UINT16_MAX) {
1653 pcap_strlcpy(errmsgbuf,
1654 "Name length doesn't fit in 16 bits",
1655 sizeof (errmsgbuf));
1656 goto error;
1657 }
1658 CHECK_AND_INCREASE_REPLY_LEN(stringlen);
1659 }
1660
1661 CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_findalldevs_if));
1662
1663 uint16_t naddrs = 0;
1664 for (address = d->addresses; address != NULL; address = address->next)
1665 {
1666 /*
1667 * Send only IPv4 and IPv6 addresses over the wire.
1668 */
1669 switch (address->addr->sa_family)
1670 {
1671 case AF_INET:
1672 #ifdef AF_INET6
1673 case AF_INET6:
1674 #endif
1675 CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_sockaddr) * 4);
1676 if (naddrs == UINT16_MAX) {
1677 pcap_strlcpy(errmsgbuf,
1678 "Number of interfaces doesn't fit in 16 bits",
1679 sizeof (errmsgbuf));
1680 goto error;
1681 }
1682 naddrs++;
1683 break;
1684
1685 default:
1686 break;
1687 }
1688 }
1689 }
1690
1691 // RPCAP findalldevs reply
1692 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
1693 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf,
1694 PCAP_ERRBUF_SIZE) == -1)
1695 goto error;
1696
1697 rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
1698 RPCAP_MSG_FINDALLIF_REPLY, nif, replylen);
1699
1700 // send the interface list
1701 for (d = alldevs; d != NULL; d = d->next)
1702 {
1703 uint16 lname, ldescr;
1704
1705 // Note: the findalldevs_if entries are *not* neatly
1706 // aligned on 4-byte boundaries, because they're
1707 // preceded by strings that aren't padded to 4-byte
1708 // boundaries, so we cannot just cast output buffer
1709 // boundaries to struct rpcap_findalldevs_if pointers
1710 // and store into them - we must fill in a structure and
1711 // then copy the structure to the buffer, as not all
1712 // systems support unaligned access (some, such as
1713 // SPARC, crash; others, such as Arm, may just ignore
1714 // the lower-order bits).
1715 struct rpcap_findalldevs_if findalldevs_if;
1716
1717 /*
1718 * We've already established that the string lengths
1719 * fit in 16 bits.
1720 */
1721 if (d->description)
1722 ldescr = (uint16) strlen(d->description);
1723 else
1724 ldescr = 0;
1725 if (d->name)
1726 lname = (uint16) strlen(d->name);
1727 else
1728 lname = 0;
1729
1730 findalldevs_if.desclen = htons(ldescr);
1731 findalldevs_if.namelen = htons(lname);
1732 findalldevs_if.flags = htonl(d->flags);
1733
1734 uint16_t naddrs = 0;
1735 for (address = d->addresses; address != NULL; address = address->next)
1736 {
1737 /*
1738 * Send only IPv4 and IPv6 addresses over the wire.
1739 */
1740 switch (address->addr->sa_family)
1741 {
1742 case AF_INET:
1743 #ifdef AF_INET6
1744 case AF_INET6:
1745 #endif
1746 naddrs++;
1747 break;
1748
1749 default:
1750 break;
1751 }
1752 }
1753 findalldevs_if.naddr = htons(naddrs);
1754 findalldevs_if.dummy = 0;
1755
1756 if (sock_bufferize(&findalldevs_if, sizeof(struct rpcap_findalldevs_if), sendbuf,
1757 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1758 PCAP_ERRBUF_SIZE) == -1)
1759 goto error;
1760
1761 if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
1762 RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1763 PCAP_ERRBUF_SIZE) == -1)
1764 goto error;
1765
1766 if (sock_bufferize(d->description, ldescr, sendbuf, &sendbufidx,
1767 RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1768 PCAP_ERRBUF_SIZE) == -1)
1769 goto error;
1770
1771 // send all addresses
1772 for (address = d->addresses; address != NULL; address = address->next)
1773 {
1774 struct rpcap_sockaddr *sockaddr;
1775
1776 /*
1777 * Send only IPv4 and IPv6 addresses over the wire.
1778 */
1779 switch (address->addr->sa_family)
1780 {
1781 case AF_INET:
1782 #ifdef AF_INET6
1783 case AF_INET6:
1784 #endif
1785 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1786 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1787 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1788 goto error;
1789 daemon_seraddr((struct sockaddr_storage *) address->addr, sockaddr);
1790
1791 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1792 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1793 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1794 goto error;
1795 daemon_seraddr((struct sockaddr_storage *) address->netmask, sockaddr);
1796
1797 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1798 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1799 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1800 goto error;
1801 daemon_seraddr((struct sockaddr_storage *) address->broadaddr, sockaddr);
1802
1803 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1804 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1805 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1806 goto error;
1807 daemon_seraddr((struct sockaddr_storage *) address->dstaddr, sockaddr);
1808 break;
1809
1810 default:
1811 break;
1812 }
1813 }
1814 }
1815
1816 // We no longer need the device list. Free it.
1817 pcap_freealldevs(alldevs);
1818
1819 // Send a final command that says "now send it!"
1820 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1821 {
1822 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1823 return -1;
1824 }
1825
1826 return 0;
1827
1828 error:
1829 if (alldevs)
1830 pcap_freealldevs(alldevs);
1831
1832 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
1833 PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1)
1834 {
1835 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1836 return -1;
1837 }
1838 return 0;
1839 }
1840
1841 /*
1842 \param plen: the length of the current message (needed in order to be able
1843 to discard excess data in the message, if present)
1844 */
1845 static int
1846 daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
1847 char *source, size_t sourcelen)
1848 {
1849 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1850 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1851 pcap_t *fp; // pcap_t main variable
1852 int nread;
1853 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1854 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1855 struct rpcap_openreply *openreply; // open reply message
1856
1857 if (plen > sourcelen - 1)
1858 {
1859 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long");
1860 goto error;
1861 }
1862
1863 nread = sock_recv(pars->sockctrl, pars->ssl, source, plen,
1864 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
1865 if (nread == -1)
1866 {
1867 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1868 return -1;
1869 }
1870 source[nread] = '\0';
1871 plen -= nread;
1872
1873 // Is this a URL rather than a device?
1874 // If so, reject it.
1875 if (is_url(source))
1876 {
1877 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string refers to a remote device");
1878 goto error;
1879 }
1880
1881 // Open the selected device
1882 // This is a fake open, since we do that only to get the needed parameters, then we close the device again
1883 if ((fp = pcap_open_live(source,
1884 1500 /* fake snaplen */,
1885 0 /* no promis */,
1886 1000 /* fake timeout */,
1887 errmsgbuf)) == NULL)
1888 goto error;
1889
1890 // Now, I can send a RPCAP open reply message
1891 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1892 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1893 goto error;
1894
1895 rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
1896 RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
1897
1898 openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
1899
1900 if (sock_bufferize(NULL, sizeof(struct rpcap_openreply), NULL, &sendbufidx,
1901 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1902 goto error;
1903
1904 memset(openreply, 0, sizeof(struct rpcap_openreply));
1905 openreply->linktype = htonl(pcap_datalink(fp));
1906 /*
1907 * This is always 0 for live captures; we no longer support it
1908 * as something we read from capture files and supply to
1909 * clients, but we have to send it over the wire, as open
1910 * replies are expected to have 8 bytes of payload by
1911 * existing clients.
1912 */
1913 openreply->tzoff = 0;
1914
1915 // We're done with the pcap_t.
1916 pcap_close(fp);
1917
1918 // Send the reply.
1919 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1920 {
1921 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1922 return -1;
1923 }
1924 return 0;
1925
1926 error:
1927 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_OPEN,
1928 errmsgbuf, errbuf) == -1)
1929 {
1930 // That failed; log a message and give up.
1931 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1932 return -1;
1933 }
1934
1935 // Check if all the data has been read; if not, discard the data in excess
1936 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1937 {
1938 return -1;
1939 }
1940 return 0;
1941 }
1942
1943 /*
1944 \param plen: the length of the current message (needed in order to be able
1945 to discard excess data in the message, if present)
1946 */
1947 static int
1948 daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
1949 char *source, struct session **sessionp,
1950 struct rpcap_sampling *samp_param _U_, int uses_ssl)
1951 {
1952 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1953 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1954 char portdata[PCAP_BUF_SIZE]; // temp variable needed to derive the data port
1955 char peerhost[PCAP_BUF_SIZE]; // temp variable needed to derive the host name of our peer
1956 struct session *session = NULL; // saves state of session
1957 int status;
1958 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1959 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1960
1961 // socket-related variables
1962 struct addrinfo hints; // temp, needed to open a socket connection
1963 struct addrinfo *addrinfo; // temp, needed to open a socket connection
1964 struct sockaddr_storage saddr; // temp, needed to retrieve the network data port chosen on the local machine
1965 socklen_t saddrlen; // temp, needed to retrieve the network data port chosen on the local machine
1966 int ret; // return value from functions
1967
1968 // RPCAP-related variables
1969 struct rpcap_startcapreq startcapreq; // start capture request message
1970 struct rpcap_startcapreply *startcapreply; // start capture reply message
1971 int serveropen_dp; // keeps who is going to open the data connection
1972
1973 addrinfo = NULL;
1974
1975 status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &startcapreq,
1976 sizeof(struct rpcap_startcapreq), &plen, errmsgbuf);
1977 if (status == -1)
1978 {
1979 goto fatal_error;
1980 }
1981 if (status == -2)
1982 {
1983 goto error;
1984 }
1985
1986 startcapreq.flags = ntohs(startcapreq.flags);
1987
1988 // Check that the client does not ask for UDP is the server has been asked
1989 // to enforce encryption, as SSL is not supported yet with UDP:
1990 if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM))
1991 {
1992 snprintf(errbuf, PCAP_ERRBUF_SIZE,
1993 "SSL not supported with UDP forward of remote packets");
1994 goto error;
1995 }
1996
1997 // Create a session structure
1998 session = malloc(sizeof(struct session));
1999 if (session == NULL)
2000 {
2001 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure");
2002 goto error;
2003 }
2004
2005 session->sockdata = INVALID_SOCKET;
2006 session->ctrl_ssl = session->data_ssl = NULL;
2007 // We don't have a thread yet.
2008 session->have_thread = 0;
2009 //
2010 // We *shouldn't* have to initialize the thread indicator
2011 // itself, because the compiler *should* realize that we
2012 // only use this if have_thread isn't 0, but we *do* have
2013 // to do it, because not all compilers *do* realize that.
2014 //
2015 // There is no "invalid thread handle" value for a UN*X
2016 // pthread_t, so we just zero it out.
2017 //
2018 #ifdef _WIN32
2019 session->thread = INVALID_HANDLE_VALUE;
2020 #else
2021 memset(&session->thread, 0, sizeof(session->thread));
2022 #endif
2023
2024 // Open the selected device
2025 if ((session->fp = pcap_open_live(source,
2026 ntohl(startcapreq.snaplen),
2027 (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_PROMISC) ? 1 : 0 /* local device, other flags not needed */,
2028 ntohl(startcapreq.read_timeout),
2029 errmsgbuf)) == NULL)
2030 goto error;
2031
2032 #if 0
2033 // Apply sampling parameters
2034 fp->rmt_samp.method = samp_param->method;
2035 fp->rmt_samp.value = samp_param->value;
2036 #endif
2037
2038 /*
2039 We're in active mode if:
2040 - we're using TCP, and the user wants us to be in active mode
2041 - we're using UDP
2042 */
2043 serveropen_dp = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_SERVEROPEN) || (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) || pars->isactive;
2044
2045 /*
2046 Gets the sockaddr structure referred to the other peer in the ctrl connection
2047
2048 We need that because:
2049 - if we're in passive mode, we need to know the address family we want to use
2050 (the same used for the ctrl socket)
2051 - if we're in active mode, we need to know the network address of the other host
2052 we want to connect to
2053 */
2054 saddrlen = sizeof(struct sockaddr_storage);
2055 if (getpeername(pars->sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
2056 {
2057 sock_geterror("getpeername()", errmsgbuf, PCAP_ERRBUF_SIZE);
2058 goto error;
2059 }
2060
2061 memset(&hints, 0, sizeof(struct addrinfo));
2062 hints.ai_socktype = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) ? SOCK_DGRAM : SOCK_STREAM;
2063 hints.ai_family = saddr.ss_family;
2064
2065 // Now we have to create a new socket to send packets
2066 if (serveropen_dp) // Data connection is opened by the server toward the client
2067 {
2068 snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata));
2069
2070 // Get the name of the other peer (needed to connect to that specific network address)
2071 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
2072 sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
2073 {
2074 sock_geterror("getnameinfo()", errmsgbuf, PCAP_ERRBUF_SIZE);
2075 goto error;
2076 }
2077
2078 if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2079 goto error;
2080
2081 if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2082 goto error;
2083 }
2084 else // Data connection is opened by the client toward the server
2085 {
2086 hints.ai_flags = AI_PASSIVE;
2087
2088 // Let's the server socket pick up a free network port for us
2089 if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2090 goto error;
2091
2092 if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2093 goto error;
2094
2095 // get the complete sockaddr structure used in the data connection
2096 saddrlen = sizeof(struct sockaddr_storage);
2097 if (getsockname(session->sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
2098 {
2099 sock_geterror("getsockname()", errmsgbuf, PCAP_ERRBUF_SIZE);
2100 goto error;
2101 }
2102
2103 // Get the local port the system picked up
2104 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
2105 0, portdata, sizeof(portdata), NI_NUMERICSERV))
2106 {
2107 sock_geterror("getnameinfo()", errmsgbuf, PCAP_ERRBUF_SIZE);
2108 goto error;
2109 }
2110 }
2111
2112 // addrinfo is no longer used
2113 freeaddrinfo(addrinfo);
2114 addrinfo = NULL;
2115
2116 // Needed to send an error on the ctrl connection
2117 session->sockctrl = pars->sockctrl;
2118 session->ctrl_ssl = pars->ssl;
2119 session->protocol_version = ver;
2120
2121 // Now I can set the filter
2122 ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
2123 if (ret == -1)
2124 {
2125 // Fatal error. A message has been logged; just give up.
2126 goto fatal_error;
2127 }
2128 if (ret == -2)
2129 {
2130 // Non-fatal error. Send an error message to the client.
2131 goto error;
2132 }
2133
2134 // Now, I can send a RPCAP start capture reply message
2135 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
2136 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2137 goto error;
2138
2139 rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
2140 RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
2141
2142 startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
2143
2144 if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreply), NULL,
2145 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2146 goto error;
2147
2148 memset(startcapreply, 0, sizeof(struct rpcap_startcapreply));
2149 startcapreply->bufsize = htonl(pcap_bufsize(session->fp));
2150
2151 if (!serveropen_dp)
2152 {
2153 unsigned short port = (unsigned short)strtoul(portdata,NULL,10);
2154 startcapreply->portdata = htons(port);
2155 }
2156
2157 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
2158 {
2159 // That failed; log a message and give up.
2160 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2161 goto fatal_error;
2162 }
2163
2164 if (!serveropen_dp)
2165 {
2166 SOCKET socktemp; // We need another socket, since we're going to accept() a connection
2167
2168 // Connection creation
2169 saddrlen = sizeof(struct sockaddr_storage);
2170
2171 socktemp = accept(session->sockdata, (struct sockaddr *) &saddr, &saddrlen);
2172
2173 if (socktemp == INVALID_SOCKET)
2174 {
2175 sock_geterror("accept()", errbuf, PCAP_ERRBUF_SIZE);
2176 rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s",
2177 errbuf);
2178 goto error;
2179 }
2180
2181 // Now that I accepted the connection, the server socket is no longer needed
2182 sock_close(session->sockdata, NULL, 0);
2183 session->sockdata = socktemp;
2184 }
2185
2186 SSL *ssl = NULL;
2187 if (uses_ssl)
2188 {
2189 #ifdef HAVE_OPENSSL
2190 /* In both active or passive cases, wait for the client to initiate the
2191 * TLS handshake. Yes during that time the control socket will not be
2192 * served, but the same was true from the above call to accept(). */
2193 ssl = ssl_promotion(1, session->sockdata, errbuf, PCAP_ERRBUF_SIZE);
2194 if (! ssl)
2195 {
2196 rpcapd_log(LOGPRIO_ERROR, "TLS handshake failed: %s", errbuf);
2197 goto error;
2198 }
2199 #endif
2200 }
2201 session->data_ssl = ssl;
2202
2203 // Now we have to create a new thread to receive packets
2204 #ifdef _WIN32
2205 session->thread = (HANDLE)_beginthreadex(NULL, 0, daemon_thrdatamain,
2206 (void *) session, 0, NULL);
2207 if (session->thread == 0)
2208 {
2209 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
2210 goto error;
2211 }
2212 #else
2213 ret = pthread_create(&session->thread, NULL, daemon_thrdatamain,
2214 (void *) session);
2215 if (ret != 0)
2216 {
2217 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2218 ret, "Error creating the data thread");
2219 goto error;
2220 }
2221 #endif
2222 session->have_thread = 1;
2223
2224 // Check if all the data has been read; if not, discard the data in excess
2225 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2226 goto fatal_error;
2227
2228 *sessionp = session;
2229 return 0;
2230
2231 error:
2232 //
2233 // Not a fatal error, so send the client an error message and
2234 // keep serving client requests.
2235 //
2236 *sessionp = NULL;
2237
2238 if (addrinfo)
2239 freeaddrinfo(addrinfo);
2240
2241 if (session)
2242 {
2243 session_close(session);
2244 free(session);
2245 }
2246
2247 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
2248 PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1)
2249 {
2250 // That failed; log a message and give up.
2251 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2252 return -1;
2253 }
2254
2255 // Check if all the data has been read; if not, discard the data in excess
2256 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2257 {
2258 // Network error.
2259 return -1;
2260 }
2261
2262 return 0;
2263
2264 fatal_error:
2265 //
2266 // Fatal network error, so don't try to communicate with
2267 // the client, just give up.
2268 //
2269 *sessionp = NULL;
2270
2271 if (session)
2272 {
2273 session_close(session);
2274 free(session);
2275 }
2276
2277 return -1;
2278 }
2279
2280 static int
2281 daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
2282 struct session *session)
2283 {
2284 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2285 struct rpcap_header header;
2286
2287 session_close(session);
2288
2289 rpcap_createhdr(&header, ver, RPCAP_MSG_ENDCAP_REPLY, 0, 0);
2290
2291 if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
2292 {
2293 // That failed; log a message and give up.
2294 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2295 return -1;
2296 }
2297
2298 return 0;
2299 }
2300
2301 //
2302 // We impose a limit on the filter program size, so that, on Windows,
2303 // where there's only one server process with multiple threads, it's
2304 // harder to eat all the server address space by sending larger filter
2305 // programs. (This isn't an issue on UN*X, where there are multiple
2306 // server processes, one per client connection.)
2307 //
2308 // We pick a value that limits each filter to 64K; that value is twice
2309 // the in-kernel limit for Linux and 16 times the in-kernel limit for
2310 // *BSD and macOS.
2311 //
2312 // It also prevents an overflow on 32-bit platforms when calculating
2313 // the total size of the filter program. (It's not an issue on 64-bit
2314 // platforms with a 64-bit size_t, as the filter size is 32 bits.)
2315 //
2316 #define RPCAP_BPF_MAXINSNS 8192
2317
2318 static int
2319 daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf)
2320 {
2321 int status;
2322 struct rpcap_filter filter;
2323 struct rpcap_filterbpf_insn insn;
2324 struct bpf_insn *bf_insn;
2325 struct bpf_program bf_prog;
2326 unsigned int i;
2327
2328 status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &filter,
2329 sizeof(struct rpcap_filter), plenp, errmsgbuf);
2330 if (status == -1)
2331 {
2332 return -1;
2333 }
2334 if (status == -2)
2335 {
2336 return -2;
2337 }
2338
2339 bf_prog.bf_len = ntohl(filter.nitems);
2340
2341 if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
2342 {
2343 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
2344 return -2;
2345 }
2346
2347 if (bf_prog.bf_len > RPCAP_BPF_MAXINSNS)
2348 {
2349 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
2350 "Filter program is larger than the maximum size of %d instructions",
2351 RPCAP_BPF_MAXINSNS);
2352 return -2;
2353 }
2354 bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
2355 if (bf_insn == NULL)
2356 {
2357 pcap_fmt_errmsg_for_errno(errmsgbuf, PCAP_ERRBUF_SIZE,
2358 errno, "malloc() failed");
2359 return -2;
2360 }
2361
2362 bf_prog.bf_insns = bf_insn;
2363
2364 for (i = 0; i < bf_prog.bf_len; i++)
2365 {
2366 status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &insn,
2367 sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf);
2368 if (status == -1)
2369 {
2370 return -1;
2371 }
2372 if (status == -2)
2373 {
2374 return -2;
2375 }
2376
2377 bf_insn->code = ntohs(insn.code);
2378 bf_insn->jf = insn.jf;
2379 bf_insn->jt = insn.jt;
2380 bf_insn->k = ntohl(insn.k);
2381
2382 bf_insn++;
2383 }
2384
2385 //
2386 // XXX - pcap_setfilter() should do the validation for us.
2387 //
2388 if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
2389 {
2390 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
2391 return -2;
2392 }
2393
2394 if (pcap_setfilter(session->fp, &bf_prog))
2395 {
2396 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
2397 return -2;
2398 }
2399
2400 return 0;
2401 }
2402
2403 static int
2404 daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
2405 struct session *session, uint32 plen)
2406 {
2407 char errbuf[PCAP_ERRBUF_SIZE];
2408 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
2409 int ret; // status of daemon_unpackapplyfilter()
2410 struct rpcap_header header; // keeps the answer to the updatefilter command
2411
2412 ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
2413 if (ret == -1)
2414 {
2415 // Fatal error. A message has been logged; just give up.
2416 return -1;
2417 }
2418 if (ret == -2)
2419 {
2420 // Non-fatal error. Send an error reply to the client.
2421 goto error;
2422 }
2423
2424 // Check if all the data has been read; if not, discard the data in excess
2425 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2426 {
2427 // Network error.
2428 return -1;
2429 }
2430
2431 // A response is needed, otherwise the other host does not know that everything went well
2432 rpcap_createhdr(&header, ver, RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0);
2433
2434 if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE))
2435 {
2436 // That failed; log a message and give up.
2437 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2438 return -1;
2439 }
2440
2441 return 0;
2442
2443 error:
2444 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2445 {
2446 return -1;
2447 }
2448 rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_UPDATEFILTER,
2449 errmsgbuf, NULL);
2450
2451 return 0;
2452 }
2453
2454 /*!
2455 \brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
2456 */
2457 static int
2458 daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
2459 struct rpcap_sampling *samp_param)
2460 {
2461 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2462 char errmsgbuf[PCAP_ERRBUF_SIZE];
2463 struct rpcap_header header;
2464 struct rpcap_sampling rpcap_samp;
2465 int status;
2466
2467 status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &rpcap_samp, sizeof(struct rpcap_sampling), &plen, errmsgbuf);
2468 if (status == -1)
2469 {
2470 return -1;
2471 }
2472 if (status == -2)
2473 {
2474 goto error;
2475 }
2476
2477 // Save these settings in the pcap_t
2478 samp_param->method = rpcap_samp.method;
2479 samp_param->value = ntohl(rpcap_samp.value);
2480
2481 // A response is needed, otherwise the other host does not know that everything went well
2482 rpcap_createhdr(&header, ver, RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
2483
2484 if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
2485 {
2486 // That failed; log a message and give up.
2487 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2488 return -1;
2489 }
2490
2491 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2492 {
2493 return -1;
2494 }
2495
2496 return 0;
2497
2498 error:
2499 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_SETSAMPLING,
2500 errmsgbuf, errbuf) == -1)
2501 {
2502 // That failed; log a message and give up.
2503 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2504 return -1;
2505 }
2506
2507 // Check if all the data has been read; if not, discard the data in excess
2508 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2509 {
2510 return -1;
2511 }
2512
2513 return 0;
2514 }
2515
2516 static int
2517 daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
2518 struct session *session, uint32 plen, struct pcap_stat *stats,
2519 unsigned int svrcapt)
2520 {
2521 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2522 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
2523 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
2524 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
2525 struct rpcap_stats *netstats; // statistics sent on the network
2526
2527 // Checks that the header does not contain other data; if so, discard it
2528 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2529 {
2530 // Network error.
2531 return -1;
2532 }
2533
2534 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2535 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2536 goto error;
2537
2538 rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
2539 RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
2540
2541 netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
2542
2543 if (sock_bufferize(NULL, sizeof(struct rpcap_stats), NULL,
2544 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2545 goto error;
2546
2547 if (session && session->fp)
2548 {
2549 if (pcap_stats(session->fp, stats) == -1)
2550 {
2551 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp));
2552 goto error;
2553 }
2554
2555 netstats->ifdrop = htonl(stats->ps_ifdrop);
2556 netstats->ifrecv = htonl(stats->ps_recv);
2557 netstats->krnldrop = htonl(stats->ps_drop);
2558 netstats->svrcapt = htonl(session->TotCapt);
2559 }
2560 else
2561 {
2562 // We have to keep compatibility with old applications,
2563 // which ask for statistics also when the capture has
2564 // already stopped.
2565 netstats->ifdrop = htonl(stats->ps_ifdrop);
2566 netstats->ifrecv = htonl(stats->ps_recv);
2567 netstats->krnldrop = htonl(stats->ps_drop);
2568 netstats->svrcapt = htonl(svrcapt);
2569 }
2570
2571 // Send the packet
2572 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
2573 {
2574 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2575 return -1;
2576 }
2577
2578 return 0;
2579
2580 error:
2581 rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_GETSTATS,
2582 errmsgbuf, NULL);
2583 return 0;
2584 }
2585
2586 #ifdef _WIN32
2587 static unsigned __stdcall
2588 #else
2589 static void *
2590 #endif
2591 daemon_thrdatamain(void *ptr)
2592 {
2593 char errbuf[PCAP_ERRBUF_SIZE + 1]; // error buffer
2594 struct session *session; // pointer to the struct session for this session
2595 int retval; // general variable used to keep the return value of other functions
2596 struct rpcap_pkthdr *net_pkt_header;// header of the packet
2597 struct pcap_pkthdr *pkt_header; // pointer to the buffer that contains the header of the current packet
2598 u_char *pkt_data; // pointer to the buffer that contains the current packet
2599 size_t sendbufsize; // size for the send buffer
2600 char *sendbuf; // temporary buffer in which data to be sent is buffered
2601 int sendbufidx; // index which keeps the number of bytes currently buffered
2602 int status;
2603 #ifndef _WIN32
2604 sigset_t sigusr1; // signal set with just SIGUSR1
2605 #endif
2606
2607 session = (struct session *) ptr;
2608
2609 session->TotCapt = 0; // counter which is incremented each time a packet is received
2610
2611 // Initialize errbuf
2612 memset(errbuf, 0, sizeof(errbuf));
2613
2614 //
2615 // We need a buffer large enough to hold a buffer large enough
2616 // for a maximum-size packet for this pcap_t.
2617 //
2618 if (pcap_snapshot(session->fp) < 0)
2619 {
2620 //
2621 // The snapshot length is negative.
2622 // This "should not happen".
2623 //
2624 rpcapd_log(LOGPRIO_ERROR,
2625 "Unable to allocate the buffer for this child thread: snapshot length of %d is negative",
2626 pcap_snapshot(session->fp));
2627 sendbuf = NULL; // we can't allocate a buffer, so nothing to free
2628 goto error;
2629 }
2630 //
2631 // size_t is unsigned, and the result of pcap_snapshot() is signed;
2632 // on no platform that we support is int larger than size_t.
2633 // This means that, unless the extra information we prepend to
2634 // a maximum-sized packet is impossibly large, the sum of the
2635 // snapshot length and the size of that extra information will
2636 // fit in a size_t.
2637 //
2638 // So we don't need to make sure that sendbufsize will overflow.
2639 //
2640 // However, we *do* need to make sure its value fits in an int,
2641 // because sock_send() can't send more than INT_MAX bytes (it could
2642 // do so on 64-bit UN*Xes, but can't do so on Windows, not even
2643 // 64-bit Windows, as the send() buffer size argument is an int
2644 // in Winsock).
2645 //
2646 sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp);
2647 if (sendbufsize > INT_MAX)
2648 {
2649 rpcapd_log(LOGPRIO_ERROR,
2650 "Buffer size for this child thread would be larger than %d",
2651 INT_MAX);
2652 sendbuf = NULL; // we haven't allocated a buffer, so nothing to free
2653 goto error;
2654 }
2655 sendbuf = (char *) malloc (sendbufsize);
2656 if (sendbuf == NULL)
2657 {
2658 rpcapd_log(LOGPRIO_ERROR,
2659 "Unable to allocate the buffer for this child thread");
2660 goto error;
2661 }
2662
2663 #ifndef _WIN32
2664 //
2665 // Set the signal set to include just SIGUSR1, and block that
2666 // signal; we only want it unblocked when we're reading
2667 // packets - we dn't want any other system calls, such as
2668 // ones being used to send to the client or to log messages,
2669 // to be interrupted.
2670 //
2671 sigemptyset(&sigusr1);
2672 sigaddset(&sigusr1, SIGUSR1);
2673 pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
2674 #endif
2675
2676 // Retrieve the packets
2677 for (;;)
2678 {
2679 #ifndef _WIN32
2680 //
2681 // Unblock SIGUSR1 while we might be waiting for packets.
2682 //
2683 pthread_sigmask(SIG_UNBLOCK, &sigusr1, NULL);
2684 #endif
2685 retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data); // cast to avoid a compiler warning
2686 #ifndef _WIN32
2687 //
2688 // Now block it again.
2689 //
2690 pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
2691 #endif
2692 if (retval < 0)
2693 break; // error
2694 if (retval == 0) // Read timeout elapsed
2695 continue;
2696
2697 sendbufidx = 0;
2698
2699 // Bufferize the general header
2700 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2701 &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
2702 PCAP_ERRBUF_SIZE) == -1)
2703 {
2704 rpcapd_log(LOGPRIO_ERROR,
2705 "sock_bufferize() error sending packet message: %s",
2706 errbuf);
2707 goto error;
2708 }
2709
2710 rpcap_createhdr((struct rpcap_header *) sendbuf,
2711 session->protocol_version, RPCAP_MSG_PACKET, 0,
2712 (uint16) (sizeof(struct rpcap_pkthdr) + pkt_header->caplen));
2713
2714 net_pkt_header = (struct rpcap_pkthdr *) &sendbuf[sendbufidx];
2715
2716 // Bufferize the pkt header
2717 if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL,
2718 &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
2719 PCAP_ERRBUF_SIZE) == -1)
2720 {
2721 rpcapd_log(LOGPRIO_ERROR,
2722 "sock_bufferize() error sending packet message: %s",
2723 errbuf);
2724 goto error;
2725 }
2726
2727 net_pkt_header->caplen = htonl(pkt_header->caplen);
2728 net_pkt_header->len = htonl(pkt_header->len);
2729 net_pkt_header->npkt = htonl(++(session->TotCapt));
2730 //
2731 // This protocol needs to be updated with a new version
2732 // before 2038-01-19 03:14:07 UTC.
2733 //
2734 net_pkt_header->timestamp_sec = htonl((uint32)pkt_header->ts.tv_sec);
2735 net_pkt_header->timestamp_usec = htonl((uint32)pkt_header->ts.tv_usec);
2736
2737 // Bufferize the pkt data
2738 if (sock_bufferize((char *) pkt_data, pkt_header->caplen,
2739 sendbuf, &sendbufidx, (int)sendbufsize, SOCKBUF_BUFFERIZE,
2740 errbuf, PCAP_ERRBUF_SIZE) == -1)
2741 {
2742 rpcapd_log(LOGPRIO_ERROR,
2743 "sock_bufferize() error sending packet message: %s",
2744 errbuf);
2745 goto error;
2746 }
2747
2748 // Send the packet
2749 // If the client dropped the connection, don't report an
2750 // error, just quit.
2751 status = sock_send(session->sockdata, session->data_ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE);
2752 if (status < 0)
2753 {
2754 if (status == -1)
2755 {
2756 //
2757 // Error other than "client closed the
2758 // connection out from under us"; report
2759 // it.
2760 //
2761 rpcapd_log(LOGPRIO_ERROR,
2762 "Send of packet to client failed: %s",
2763 errbuf);
2764 }
2765
2766 //
2767 // Give up in either case.
2768 //
2769 goto error;
2770 }
2771 }
2772
2773 if (retval < 0 && retval != PCAP_ERROR_BREAK)
2774 {
2775 //
2776 // Failed with an error other than "we were told to break
2777 // out of the loop".
2778 //
2779 // The latter just means that the client told us to stop
2780 // capturing, so there's no error to report.
2781 //
2782 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
2783 rpcap_senderror(session->sockctrl, session->ctrl_ssl, session->protocol_version,
2784 PCAP_ERR_READEX, errbuf, NULL);
2785 }
2786
2787 error:
2788 //
2789 // The main thread will clean up the session structure.
2790 //
2791 free(sendbuf);
2792
2793 return 0;
2794 }
2795
2796 #ifndef _WIN32
2797 //
2798 // Do-nothing handler for SIGUSR1; the sole purpose of SIGUSR1 is to
2799 // interrupt the data thread if it's blocked in a system call waiting
2800 // for packets to arrive.
2801 //
2802 static void noop_handler(int sign _U_)
2803 {
2804 }
2805 #endif
2806
2807 /*!
2808 \brief It serializes a network address.
2809
2810 It accepts a 'sockaddr_storage' structure as input, and it converts it appropriately into a format
2811 that can be used to be sent on the network. Basically, it applies all the hton()
2812 conversion required to the input variable.
2813
2814 \param sockaddrin a 'sockaddr_storage' pointer to the variable that has to be
2815 serialized. This variable can be both a 'sockaddr_in' and 'sockaddr_in6'.
2816
2817 \param sockaddrout an 'rpcap_sockaddr' pointer to the variable that will contain
2818 the serialized data. This variable has to be allocated by the user.
2819
2820 \warning This function supports only AF_INET and AF_INET6 address families.
2821 */
2822 static void
2823 daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout)
2824 {
2825 memset(sockaddrout, 0, sizeof(struct sockaddr_storage));
2826
2827 // There can be the case in which the sockaddrin is not available
2828 if (sockaddrin == NULL) return;
2829
2830 // Warning: we support only AF_INET and AF_INET6
2831 //
2832 // Note: as noted above, the output structures are not
2833 // neatly aligned on 4-byte boundaries, so we must fill
2834 // in an aligned structure and then copy it to the output
2835 // buffer with memcpy().
2836 switch (sockaddrin->ss_family)
2837 {
2838 case AF_INET:
2839 {
2840 struct sockaddr_in *sockaddrin_ipv4;
2841 struct rpcap_sockaddr_in sockaddrout_ipv4;
2842
2843 sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
2844
2845 sockaddrout_ipv4.family = htons(RPCAP_AF_INET);
2846 sockaddrout_ipv4.port = htons(sockaddrin_ipv4->sin_port);
2847 memcpy(&sockaddrout_ipv4.addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4.addr));
2848 memset(sockaddrout_ipv4.zero, 0, sizeof(sockaddrout_ipv4.zero));
2849 memcpy(sockaddrout, &sockaddrout_ipv4, sizeof(struct rpcap_sockaddr_in));
2850 break;
2851 }
2852
2853 #ifdef AF_INET6
2854 case AF_INET6:
2855 {
2856 struct sockaddr_in6 *sockaddrin_ipv6;
2857 struct rpcap_sockaddr_in6 sockaddrout_ipv6;
2858
2859 sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
2860
2861 sockaddrout_ipv6.family = htons(RPCAP_AF_INET6);
2862 sockaddrout_ipv6.port = htons(sockaddrin_ipv6->sin6_port);
2863 sockaddrout_ipv6.flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
2864 memcpy(&sockaddrout_ipv6.addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6.addr));
2865 sockaddrout_ipv6.scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
2866 memcpy(sockaddrout, &sockaddrout_ipv6, sizeof(struct rpcap_sockaddr_in6));
2867 break;
2868 }
2869 #endif
2870 }
2871 }
2872
2873
2874 /*!
2875 \brief Suspends a thread for secs seconds.
2876 */
2877 void sleep_secs(int secs)
2878 {
2879 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2880 #ifdef _WIN32
2881 Sleep(secs*1000);
2882 #else
2883 unsigned secs_remaining;
2884
2885 if (secs <= 0)
2886 return;
2887 secs_remaining = secs;
2888 while (secs_remaining != 0)
2889 secs_remaining = sleep(secs_remaining);
2890 #endif
2891 #endif
2892 }
2893
2894 /*
2895 * Read the header of a message.
2896 */
2897 static int
2898 rpcapd_recv_msg_header(SOCKET sock, SSL *ssl, struct rpcap_header *headerp)
2899 {
2900 int nread;
2901 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2902
2903 nread = sock_recv(sock, ssl, (char *) headerp, sizeof(struct rpcap_header),
2904 SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, errbuf, PCAP_ERRBUF_SIZE);
2905 if (nread == -1)
2906 {
2907 // Network error.
2908 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2909 return -1;
2910 }
2911 if (nread == 0)
2912 {
2913 // Immediate EOF; that's treated like a close message.
2914 return -2;
2915 }
2916 headerp->plen = ntohl(headerp->plen);
2917 return 0;
2918 }
2919
2920 /*
2921 * Read data from a message.
2922 * If we're trying to read more data that remains, puts an error
2923 * message into errmsgbuf and returns -2. Otherwise, tries to read
2924 * the data and, if that succeeds, subtracts the amount read from
2925 * the number of bytes of data that remains.
2926 * Returns 0 on success, logs a message and returns -1 on a network
2927 * error.
2928 */
2929 static int
2930 rpcapd_recv(SOCKET sock, SSL *ssl, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf)
2931 {
2932 int nread;
2933 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2934
2935 if (toread > *plen)
2936 {
2937 // Tell the client and continue.
2938 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
2939 return -2;
2940 }
2941 nread = sock_recv(sock, ssl, buffer, toread,
2942 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
2943 if (nread == -1)
2944 {
2945 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2946 return -1;
2947 }
2948 *plen -= nread;
2949 return 0;
2950 }
2951
2952 /*
2953 * Discard data from a connection.
2954 * Mostly used to discard wrong-sized messages.
2955 * Returns 0 on success, logs a message and returns -1 on a network
2956 * error.
2957 */
2958 static int
2959 rpcapd_discard(SOCKET sock, SSL *ssl, uint32 len)
2960 {
2961 char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
2962
2963 if (len != 0)
2964 {
2965 if (sock_discard(sock, ssl, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
2966 {
2967 // Network error.
2968 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2969 return -1;
2970 }
2971 }
2972 return 0;
2973 }
2974
2975 //
2976 // Shut down any packet-capture thread associated with the session,
2977 // close the SSL handle for the data socket if we have one, close
2978 // the data socket if we have one, and close the underlying packet
2979 // capture handle if we have one.
2980 //
2981 // We do not, of course, touch the controlling socket that's also
2982 // copied into the session, as the service loop might still use it.
2983 //
2984 static void session_close(struct session *session)
2985 {
2986 if (session->have_thread)
2987 {
2988 //
2989 // Tell the data connection thread main capture loop to
2990 // break out of that loop.
2991 //
2992 // This may be sufficient to wake up a blocked thread,
2993 // but it's not guaranteed to be sufficient.
2994 //
2995 pcap_breakloop(session->fp);
2996
2997 #ifdef _WIN32
2998 //
2999 // Set the event on which a read would block, so that,
3000 // if it's currently blocked waiting for packets to
3001 // arrive, it'll wake up, so it can see the "break
3002 // out of the loop" indication. (pcap_breakloop()
3003 // might do this, but older versions don't. Setting
3004 // it twice should, at worst, cause an extra wakeup,
3005 // which shouldn't be a problem.)
3006 //
3007 // XXX - what about modules other than NPF?
3008 //
3009 SetEvent(pcap_getevent(session->fp));
3010
3011 //
3012 // Wait for the thread to exit, so we don't close
3013 // sockets out from under it.
3014 //
3015 // XXX - have a timeout, so we don't wait forever?
3016 //
3017 WaitForSingleObject(session->thread, INFINITE);
3018
3019 //
3020 // Release the thread handle, as we're done with
3021 // it.
3022 //
3023 CloseHandle(session->thread);
3024 session->have_thread = 0;
3025 session->thread = INVALID_HANDLE_VALUE;
3026 #else
3027 //
3028 // Send a SIGUSR1 signal to the thread, so that, if
3029 // it's currently blocked waiting for packets to arrive,
3030 // it'll wake up (we've turned off SA_RESTART for
3031 // SIGUSR1, so that the system call in which it's blocked
3032 // should return EINTR rather than restarting).
3033 //
3034 pthread_kill(session->thread, SIGUSR1);
3035
3036 //
3037 // Wait for the thread to exit, so we don't close
3038 // sockets out from under it.
3039 //
3040 // XXX - have a timeout, so we don't wait forever?
3041 //
3042 pthread_join(session->thread, NULL);
3043 session->have_thread = 0;
3044 memset(&session->thread, 0, sizeof(session->thread));
3045 #endif
3046 }
3047
3048 #ifdef HAVE_OPENSSL
3049 if (session->data_ssl)
3050 {
3051 // Finish using the SSL handle for the socket.
3052 // This must be done *before* the socket is closed.
3053 ssl_finish(session->data_ssl);
3054 session->data_ssl = NULL;
3055 }
3056 #endif
3057
3058 if (session->sockdata != INVALID_SOCKET)
3059 {
3060 sock_close(session->sockdata, NULL, 0);
3061 session->sockdata = INVALID_SOCKET;
3062 }
3063
3064 if (session->fp)
3065 {
3066 pcap_close(session->fp);
3067 session->fp = NULL;
3068 }
3069 }
3070
3071 //
3072 // Check whether a capture source string is a URL or not.
3073 // This includes URLs that refer to a local device; a scheme, followed
3074 // by ://, followed by *another* scheme and ://, is just silly, and
3075 // anybody who supplies that will get an error.
3076 //
3077 static int
3078 is_url(const char *source)
3079 {
3080 char *colonp;
3081
3082 /*
3083 * RFC 3986 says:
3084 *
3085 * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
3086 *
3087 * hier-part = "//" authority path-abempty
3088 * / path-absolute
3089 * / path-rootless
3090 * / path-empty
3091 *
3092 * authority = [ userinfo "@" ] host [ ":" port ]
3093 *
3094 * userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
3095 *
3096 * Step 1: look for the ":" at the end of the scheme.
3097 * A colon in the source is *NOT* sufficient to indicate that
3098 * this is a URL, as interface names on some platforms might
3099 * include colons (e.g., I think some Solaris interfaces
3100 * might).
3101 */
3102 colonp = strchr(source, ':');
3103 if (colonp == NULL)
3104 {
3105 /*
3106 * The source is the device to open. It's not a URL.
3107 */
3108 return (0);
3109 }
3110
3111 /*
3112 * All schemes must have "//" after them, i.e. we only support
3113 * hier-part = "//" authority path-abempty, not
3114 * hier-part = path-absolute
3115 * hier-part = path-rootless
3116 * hier-part = path-empty
3117 *
3118 * We need that in order to distinguish between a local device
3119 * name that happens to contain a colon and a URI.
3120 */
3121 if (strncmp(colonp + 1, "//", 2) != 0)
3122 {
3123 /*
3124 * The source is the device to open. It's not a URL.
3125 */
3126 return (0);
3127 }
3128
3129 /*
3130 * It's a URL.
3131 */
3132 return (1);
3133 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism