]> The Tcpdump Group git mirrors - libpcap/blobdiff - rpcapd/daemon.c
projects / libpcap / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21
[libpcap] / rpcapd / daemon.c
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
old mode 100755 (executable)
new mode 100644 (file)
index a0acd4a..9b0f828
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -34,16 +34,19 @@
 #endif
 
 #include "ftmacros.h"
 #endif
 
 #include "ftmacros.h"
+#include "varattrs.h"
 
 #include <errno.h>             // for the errno variable
 #include <stdlib.h>            // for malloc(), free(), ...
 #include <string.h>            // for strlen(), ...
 
 #include <errno.h>             // for the errno variable
 #include <stdlib.h>            // for malloc(), free(), ...
 #include <string.h>            // for strlen(), ...
+#include <limits.h>            // for INT_MAX
 
 #ifdef _WIN32
   #include <process.h>         // for threads
 #else
   #include <unistd.h>
   #include <pthread.h>
 
 #ifdef _WIN32
   #include <process.h>         // for threads
 #else
   #include <unistd.h>
   #include <pthread.h>
+  #include <signal.h>
   #include <sys/time.h>
   #include <sys/types.h>       // for select() and such
   #include <pwd.h>             // for password management
   #include <sys/time.h>
   #include <sys/types.h>       // for select() and such
   #include <pwd.h>             // for password management
@@ -62,88 +65,176 @@
 #include "daemon.h"
 #include "log.h"
 
 #include "daemon.h"
 #include "log.h"
 
-#define RPCAP_TIMEOUT_INIT 90          /* Initial timeout for RPCAP connections (default: 90 sec) */
-#define RPCAP_TIMEOUT_RUNTIME 180      /* Run-time timeout for RPCAP connections (default: 3 min) */
-#define RPCAP_SUSPEND_WRONGAUTH 1      /* If the authentication is wrong, stops 1 sec before accepting a new auth message */
+#ifdef HAVE_OPENSSL
+#include <openssl/ssl.h>
+#include "sslutils.h"
+#endif
+
+//
+// Timeout, in seconds, when we're waiting for a client to send us an
+// authentication request; if they don't send us a request within that
+// interval, we drop the connection, so we don't stay stuck forever.
+//
+#define RPCAP_TIMEOUT_INIT 90
+
+//
+// Timeout, in seconds, when we're waiting for an authenticated client
+// to send us a request, if a capture isn't in progress; if they don't
+// send us a request within that interval, we drop the connection, so
+// we don't stay stuck forever.
+//
+#define RPCAP_TIMEOUT_RUNTIME 180
+
+//
+// Time, in seconds, that we wait after a failed authentication attempt
+// before processing the next request; this prevents a client from
+// rapidly trying different accounts or passwords.
+//
+#define RPCAP_SUSPEND_WRONGAUTH 1
 
 // Parameters for the service loop.
 struct daemon_slpars
 {
 
 // Parameters for the service loop.
 struct daemon_slpars
 {
-       SOCKET sockctrl_in;     //!< SOCKET ID of the input side of the control connection
-       SOCKET sockctrl_out;    //!< SOCKET ID of the output side of the control connection
-       uint8 protocol_version; //!< negotiated protocol version
+       SOCKET sockctrl;        //!< SOCKET ID of the control connection
+       SSL *ssl;               //!< Optional SSL handler for the controlling sockets
        int isactive;           //!< Not null if the daemon has to run in active mode
        int nullAuthAllowed;    //!< '1' if we permit NULL authentication, '0' otherwise
 };
 
        int isactive;           //!< Not null if the daemon has to run in active mode
        int nullAuthAllowed;    //!< '1' if we permit NULL authentication, '0' otherwise
 };
 
-/*
- * Data for a session managed by a thread.
- */
+//
+// Data for a session managed by a thread.
+// It includes both a Boolean indicating whether we *have* a thread,
+// and a platform-dependent (UN*X vs. Windows) identifier for the
+// thread; on Windows, we could use an invalid handle to indicate
+// that we don't have a thread, but there *is* no portable "no thread"
+// value for a pthread_t on UN*X.
+//
 struct session {
 struct session {
-       SOCKET sockctrl_out;
+       SOCKET sockctrl;
        SOCKET sockdata;
        SOCKET sockdata;
+       SSL *ctrl_ssl, *data_ssl; // optional SSL handlers for sockctrl and sockdata.
        uint8 protocol_version;
        pcap_t *fp;
        unsigned int TotCapt;
        uint8 protocol_version;
        pcap_t *fp;
        unsigned int TotCapt;
+       int     have_thread;
+#ifdef _WIN32
+       HANDLE thread;
+#else
+       pthread_t thread;
+#endif
 };
 
 // Locally defined functions
 };
 
 // Locally defined functions
-static int daemon_msg_err(SOCKET sockctrl_in, uint32 plen);
+static int daemon_msg_err(SOCKET sockctrl, SSL *, uint32 plen);
 static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen);
 static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
 
 static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen);
 static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
 
-static int daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen);
+static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars,
+    uint32 plen);
 
 
-static int daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_t sourcelen);
-#ifdef _WIN32
-static int daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_thread, HANDLE *threaddata, char *source, struct session **sessionp, struct rpcap_sampling *samp_param);
-static int daemon_msg_endcap_req(struct daemon_slpars *pars, struct session *session, int *have_thread, HANDLE threaddata);
-#else
-static int daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_thread, pthread_t *threaddata, char *source, struct session **sessionp, struct rpcap_sampling *samp_param);
-static int daemon_msg_endcap_req(struct daemon_slpars *pars, struct session *session, int *have_thread, pthread_t threaddata);
-#endif
+static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars,
+    uint32 plen, char *source, size_t sourcelen);
+static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars,
+    uint32 plen, char *source, struct session **sessionp,
+    struct rpcap_sampling *samp_param, int uses_ssl);
+static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session);
 
 
-static int daemon_msg_updatefilter_req(struct daemon_slpars *pars, struct session *session, uint32 plen);
-static int daemon_unpackapplyfilter(SOCKET sockctrl_in, struct session *session, uint32 *plenp, char *errbuf);
+static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session, uint32 plen);
+static int daemon_unpackapplyfilter(SOCKET sockctrl, SSL *, struct session *session, uint32 *plenp, char *errbuf);
 
 
-static int daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32 plen, struct pcap_stat *stats, unsigned int svrcapt);
+static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session, uint32 plen, struct pcap_stat *stats,
+    unsigned int svrcapt);
 
 
-static int daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap_sampling *samp_param);
+static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars,
+    uint32 plen, struct rpcap_sampling *samp_param);
 
 static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
 #ifdef _WIN32
 static unsigned __stdcall daemon_thrdatamain(void *ptr);
 #else
 static void *daemon_thrdatamain(void *ptr);
 
 static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
 #ifdef _WIN32
 static unsigned __stdcall daemon_thrdatamain(void *ptr);
 #else
 static void *daemon_thrdatamain(void *ptr);
+static void noop_handler(int sign);
+#endif
+
+static int rpcapd_recv_msg_header(SOCKET sock, SSL *, struct rpcap_header *headerp);
+static int rpcapd_recv(SOCKET sock, SSL *, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf);
+static int rpcapd_discard(SOCKET sock, SSL *, uint32 len);
+static void session_close(struct session *);
+
+//
+// TLS record layer header; used when processing the first message from
+// the client, in case we aren't doing TLS but they are.
+//
+struct tls_record_header {
+       uint8 type;             // ContentType - will be 22, for Handshake
+       uint8 version_major;    // TLS protocol major version
+       uint8 version_injor;    // TLS protocol minor version
+       // This is *not* aligned on a 2-byte boundary; we just
+       // declare it as two bytes.  Don't assume any particular
+       // compiler's mechanism for saying "packed"!
+       uint8 length_hi;        // Upper 8 bits of payload length
+       uint8 length_lo;        // Low 8 bits of payload length
+};
+
+#define TLS_RECORD_HEADER_LEN  5       // Don't use sizeof in case it's padded
+
+#define TLS_RECORD_TYPE_ALERT          21
+#define TLS_RECORD_TYPE_HANDSHAKE      22
+
+//
+// TLS alert message.
+//
+struct tls_alert {
+       uint8 alert_level;
+       uint8 alert_description;
+};
+
+#define TLS_ALERT_LEN                  2
+
+#define TLS_ALERT_LEVEL_FATAL          2
+#define TLS_ALERT_HANDSHAKE_FAILURE    40
+
+static int is_url(const char *source);
+
+/*
+ * Maximum sizes for fixed-bit-width values.
+ */
+#ifndef UINT16_MAX
+#define UINT16_MAX     65535U
 #endif
 
 #endif
 
-static int rpcapd_recv_msg_header(SOCKET sock, struct rpcap_header *headerp);
-static int rpcapd_recv(SOCKET sock, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf);
-static int rpcapd_discard(SOCKET sock, uint32 len);
+#ifndef UINT32_MAX
+#define UINT32_MAX     4294967295U
+#endif
 
 int
 
 int
-daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nullAuthAllowed)
+daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
+    int nullAuthAllowed, int uses_ssl)
 {
 {
+       uint8 first_octet;
+       struct tls_record_header tls_header;
+       struct tls_alert tls_alert;
        struct daemon_slpars pars;              // service loop parameters
        char errbuf[PCAP_ERRBUF_SIZE + 1];      // keeps the error string, prior to be printed
        char errmsgbuf[PCAP_ERRBUF_SIZE + 1];   // buffer for errors to send to the client
        struct daemon_slpars pars;              // service loop parameters
        char errbuf[PCAP_ERRBUF_SIZE + 1];      // keeps the error string, prior to be printed
        char errmsgbuf[PCAP_ERRBUF_SIZE + 1];   // buffer for errors to send to the client
+       int host_port_check_status;
+       SSL *ssl = NULL;
        int nrecv;
        struct rpcap_header header;             // RPCAP message general header
        uint32 plen;                            // payload length from header
        int authenticated = 0;                  // 1 if the client has successfully authenticated
        char source[PCAP_BUF_SIZE+1];           // keeps the string that contains the interface to open
        int got_source = 0;                     // 1 if we've gotten the source from an open request
        int nrecv;
        struct rpcap_header header;             // RPCAP message general header
        uint32 plen;                            // payload length from header
        int authenticated = 0;                  // 1 if the client has successfully authenticated
        char source[PCAP_BUF_SIZE+1];           // keeps the string that contains the interface to open
        int got_source = 0;                     // 1 if we've gotten the source from an open request
+#ifndef _WIN32
+       struct sigaction action;
+#endif
        struct session *session = NULL;         // struct session main variable
        const char *msg_type_string;            // string for message type
        int client_told_us_to_close = 0;        // 1 if the client told us to close the capture
 
        struct session *session = NULL;         // struct session main variable
        const char *msg_type_string;            // string for message type
        int client_told_us_to_close = 0;        // 1 if the client told us to close the capture
 
-       int have_thread = 0;                    // 1 if threaddata refers to a thread we've created
-#ifdef _WIN32
-       HANDLE threaddata;                      // handle to the 'read from daemon and send to client' thread
-#else
-       pthread_t threaddata;                   // handle to the 'read from daemon and send to client' thread
-#endif
-
        // needed to save the values of the statistics
        struct pcap_stat stats;
        unsigned int svrcapt;
        // needed to save the values of the statistics
        struct pcap_stat stats;
        unsigned int svrcapt;
@@ -155,14 +246,256 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
        struct timeval tv;                      // maximum time the select() can block waiting for data
        int retval;                             // select() return value
 
        struct timeval tv;                      // maximum time the select() can block waiting for data
        int retval;                             // select() return value
 
+       *errbuf = 0;    // Initialize errbuf
+
+       //
+       // Peek into the socket to determine whether the client sent us
+       // a TLS handshake message or a non-TLS rpcapd message.
+       //
+       // The first byte of an rpcapd request is the version number;
+       // the first byte of a TLS handshake message is 22.  The
+       // first request to an rpcapd server must be an authentication
+       // request or a close request, and must have a version number
+       // of 0, so it will be possible to distinguish between an
+       // initial plaintext request to a server and an initial TLS
+       // handshake message.
+       //
+       nrecv = sock_recv(sockctrl, NULL, (char *)&first_octet, 1,
+           SOCK_EOF_ISNT_ERROR|SOCK_MSG_PEEK, errbuf, PCAP_ERRBUF_SIZE);
+       if (nrecv == -1)
+       {
+               // Fatal error.
+               rpcapd_log(LOGPRIO_ERROR, "Peek from client failed: %s", errbuf);
+               goto end;
+       }
+       if (nrecv == 0)
+       {
+               // Client closed the connection.
+               goto end;
+       }
+
+#ifdef HAVE_OPENSSL
+       //
+       // We have to upgrade to TLS as soon as possible, so that the
+       // whole protocol goes through the encrypted tunnel, including
+       // early error messages.
+       //
+       // Even in active mode, the other end has to initiate the TLS
+       // handshake as we still are the server as far as TLS is concerned,
+       // so we don't check isactive.
+       //
+       if (uses_ssl)
+       {
+               //
+               // We're expecting a TLS handshake message.  If this
+               // isn't one, assume it's a non-TLS rpcapd message.
+               //
+               // The first octet of a TLS handshake is
+               // TLS_RECORD_TYPE_HANDSHAKE.
+               //
+               if (first_octet != TLS_RECORD_TYPE_HANDSHAKE)
+               {
+                       //
+                       // We assume this is a non-TLS rpcapd message.
+                       //
+                       // Read the message header from the client.
+                       //
+                       nrecv = rpcapd_recv_msg_header(sockctrl, NULL, &header);
+                       if (nrecv == -1)
+                       {
+                               // Fatal error.
+                               goto end;
+                       }
+                       if (nrecv == -2)
+                       {
+                               // Client closed the connection.
+                               goto end;
+                       }
+                       plen = header.plen;
+
+                       // Discard the rest of the message.
+                       if (rpcapd_discard(sockctrl, NULL, plen) == -1)
+                       {
+                               // Network error.
+                               goto end;
+                       }
+
+                       //
+                       // Send an authentication error, indicating
+                       // that we require TLS.
+                       //
+                       if (rpcap_senderror(sockctrl, NULL, header.ver,
+                           PCAP_ERR_TLS_REQUIRED,
+                           "TLS is required by this server", errbuf) == -1)
+                       {
+                               // That failed; log a message and give up.
+                               rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                               goto end;
+                       }
+
+                       // Shut the session down.
+                       goto end;
+               }
+               ssl = ssl_promotion(1, sockctrl, errbuf, PCAP_ERRBUF_SIZE);
+               if (! ssl)
+               {
+                       rpcapd_log(LOGPRIO_ERROR, "TLS handshake on control connection failed: %s",
+                           errbuf);
+                       goto end;
+               }
+       }
+       else
+#endif
+       {
+               //
+               // We're expecting a non-TLS rpcapd message.  If this
+               // looks, instead, like a TLS handshake message, send
+               // a TLS handshake_failed alert.
+               //
+               // The first octet of a TLS handshake is
+               // TLS_RECORD_TYPE_HANDSHAKE.
+               //
+               if (first_octet == TLS_RECORD_TYPE_HANDSHAKE)
+               {
+                       //
+                       // TLS handshake.
+                       // Read the record header.
+                       //
+                       nrecv = sock_recv(sockctrl, ssl, (char *) &tls_header,
+                           sizeof tls_header, SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR,
+                           errbuf, PCAP_ERRBUF_SIZE);
+                       if (nrecv == -1)
+                       {
+                               // Network error.
+                               rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
+                               goto end;
+                       }
+                       if (nrecv == 0)
+                       {
+                               // Immediate EOF
+                               goto end;
+                       }
+                       plen = (tls_header.length_hi << 8U) | tls_header.length_lo;
+
+                       // Discard the rest of the message.
+                       if (rpcapd_discard(sockctrl, NULL, plen) == -1)
+                       {
+                               // Network error.
+                               goto end;
+                       }
+
+                       //
+                       // Send a TLS handshake failure alert.
+                       // Use the same version the client sent us.
+                       //
+                       tls_header.type = TLS_RECORD_TYPE_ALERT;
+                       tls_header.length_hi = 0;
+                       tls_header.length_lo = TLS_ALERT_LEN;
+
+                       if (sock_send(sockctrl, NULL, (char *) &tls_header,
+                           TLS_RECORD_HEADER_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
+                       {
+                               // That failed; log a message and give up.
+                               rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                               goto end;
+                       }
+
+                       tls_alert.alert_level = TLS_ALERT_LEVEL_FATAL;
+                       tls_alert.alert_description = TLS_ALERT_HANDSHAKE_FAILURE;
+                       if (sock_send(sockctrl, NULL, (char *) &tls_alert,
+                           TLS_ALERT_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
+                       {
+                               // That failed; log a message and give up.
+                               rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                               goto end;
+                       }
+                       //
+                       // Give up anyway.
+                       //
+                       goto end;
+               }
+       }
+
        // Set parameters structure
        // Set parameters structure
-       pars.sockctrl_in = sockctrl_in;
-       pars.sockctrl_out = sockctrl_out;
-       pars.protocol_version = 0;              // not yet known
+       pars.sockctrl = sockctrl;
+       pars.ssl = ssl;
        pars.isactive = isactive;               // active mode
        pars.nullAuthAllowed = nullAuthAllowed;
 
        pars.isactive = isactive;               // active mode
        pars.nullAuthAllowed = nullAuthAllowed;
 
-       *errbuf = 0;    // Initialize errbuf
+       //
+       // We have a connection.
+       //
+       // If it's a passive mode connection, check whether the connecting
+       // host is among the ones allowed.
+       //
+       // In either case, we were handed a copy of the host list; free it
+       // as soon as we're done with it.
+       //
+       if (pars.isactive)
+       {
+               // Nothing to do.
+               free(passiveClients);
+               passiveClients = NULL;
+       }
+       else
+       {
+               struct sockaddr_storage from;
+               socklen_t fromlen;
+
+               //
+               // Get the address of the other end of the connection.
+               //
+               fromlen = sizeof(struct sockaddr_storage);
+               if (getpeername(pars.sockctrl, (struct sockaddr *)&from,
+                   &fromlen) == -1)
+               {
+                       sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                           "getpeername() failed");
+                       if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
+                               rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                       goto end;
+               }
+
+               //
+               // Are they in the list of host/port combinations we allow?
+               //
+               host_port_check_status = sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE);
+               free(passiveClients);
+               passiveClients = NULL;
+               if (host_port_check_status < 0)
+               {
+                       if (host_port_check_status == -2) {
+                               //
+                               // We got an error; log it.
+                               //
+                               rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
+                       }
+
+                       //
+                       // Sorry, we can't let you in.
+                       //
+                       if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1)
+                               rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                       goto end;
+               }
+       }
+
+#ifndef _WIN32
+       //
+       // Catch SIGUSR1, but do nothing.  We use it to interrupt the
+       // capture thread to break it out of a loop in which it's
+       // blocked waiting for packets to arrive.
+       //
+       // We don't want interrupted system calls to restart, so that
+       // the read routine for the pcap_t gets EINTR rather than
+       // restarting if it's blocked in a system call.
+       //
+       memset(&action, 0, sizeof (action));
+       action.sa_handler = noop_handler;
+       action.sa_flags = 0;
+       sigemptyset(&action.sa_mask);
+       sigaction(SIGUSR1, &action, NULL);
+#endif
 
        //
        // The client must first authenticate; loop until they send us a
 
        //
        // The client must first authenticate; loop until they send us a
@@ -173,10 +506,11 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
        while (!authenticated)
        {
                //
        while (!authenticated)
        {
                //
-               // If we're in active mode, we have to check for the
-               // initial timeout.
-               //
-               // XXX - do this on *every* trip through the loop?
+               // If we're not in active mode, we use select(), with a
+               // timeout, to wait for an authentication request; if
+               // the timeout expires, we drop the connection, so that
+               // a client can't just connect to us and leave us
+               // waiting forever.
                //
                if (!pars.isactive)
                {
                //
                if (!pars.isactive)
                {
@@ -185,13 +519,14 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                        tv.tv_sec = RPCAP_TIMEOUT_INIT;
                        tv.tv_usec = 0;
 
                        tv.tv_sec = RPCAP_TIMEOUT_INIT;
                        tv.tv_usec = 0;
 
-                       FD_SET(pars.sockctrl_in, &rfds);
+                       FD_SET(pars.sockctrl, &rfds);
 
 
-                       retval = select(pars.sockctrl_in + 1, &rfds, NULL, NULL, &tv);
+                       retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
                        if (retval == -1)
                        {
                        if (retval == -1)
                        {
-                               sock_geterror("select failed: ", errmsgbuf, PCAP_ERRBUF_SIZE);
-                               if (rpcap_senderror(pars.sockctrl_out, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
+                               sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                                   "select() failed");
+                               if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                goto end;
                        }
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                goto end;
                        }
@@ -200,7 +535,7 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                        // So, this was a fake connection. Drop it down
                        if (retval == 0)
                        {
                        // So, this was a fake connection. Drop it down
                        if (retval == 0)
                        {
-                               if (rpcap_senderror(pars.sockctrl_out, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1)
+                               if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                goto end;
                        }
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                goto end;
                        }
@@ -209,7 +544,7 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                //
                // Read the message header from the client.
                //
                //
                // Read the message header from the client.
                //
-               nrecv = rpcapd_recv_msg_header(pars.sockctrl_in, &header);
+               nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
                if (nrecv == -1)
                {
                        // Fatal error.
                if (nrecv == -1)
                {
                        // Fatal error.
@@ -224,49 +559,17 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                plen = header.plen;
 
                //
                plen = header.plen;
 
                //
-               // Did the client specify a version we can handle?
+               // While we're in the authentication pharse, all requests
+               // must use version 0.
                //
                //
-               if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
+               if (header.ver != 0)
                {
                        //
                {
                        //
-                       // Tell them it's not a valid protocol version.
-                       //
-                       uint8 reply_version;
-
-                       //
-                       // If RPCAP_MIN_VERSION is 0, no version is too
-                       // old, as the oldest supported version is 0,
-                       // and there are no negative versions.
+                       // Send it back to them with their version.
                        //
                        //
-#if RPCAP_MIN_VERSION != 0
-                       if (header.ver < RPCAP_MIN_VERSION)
-                       {
-                               //
-                               // Their maximum version is too old;
-                               // there *is* no version we can both
-                               // handle, and they might reject
-                               // an error with a version they don't
-                               // understand, so reply with the
-                               // version they sent.  That may
-                               // make them retry with that version,
-                               // but they'll give up on that
-                               // failure.
-                               //
-                               reply_version = header.ver;
-                       }
-                       else
-#endif
-                       {
-                               //
-                               // Their maximum version is too new,
-                               // but they might be able to handle
-                               // *our* maximum version, so reply
-                               // with that version.
-                               // 
-                               reply_version = RPCAP_MAX_VERSION;
-                       }
-                       if (rpcap_senderror(pars.sockctrl_out, reply_version,
-                           PCAP_ERR_WRONGVER, "RPCAP version number mismatch",
+                       if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver,
+                           PCAP_ERR_WRONGVER,
+                           "RPCAP version in requests in the authentication phase must be 0",
                            errbuf) == -1)
                        {
                                // That failed; log a message and give up.
                            errbuf) == -1)
                        {
                                // That failed; log a message and give up.
@@ -274,22 +577,12 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                goto end;
                        }
 
                                goto end;
                        }
 
-                       // Discard the rest of the message.
-                       if (rpcapd_discard(pars.sockctrl_in, plen) == -1)
-                       {
-                               // Network error.
-                               goto end;
-                       }
-
-                       // Let them try again.
-                       continue;
+                       // Discard the rest of the message and drop the
+                       // connection.
+                       (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
+                       goto end;
                }
 
                }
 
-               //
-               // OK, we use the version the client specified.
-               //
-               pars.protocol_version = header.ver;
-
                switch (header.type)
                {
                        case RPCAP_MSG_AUTH_REQ:
                switch (header.type)
                {
                        case RPCAP_MSG_AUTH_REQ:
@@ -319,7 +612,7 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                // Discard the rest of the message, if
                                // there is anything more.
                                //
                                // Discard the rest of the message, if
                                // there is anything more.
                                //
-                               (void)rpcapd_discard(pars.sockctrl_in, plen);
+                               (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
                                // We're done with this client.
                                goto end;
 
                                // We're done with this client.
                                goto end;
 
@@ -331,7 +624,7 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                // an error message rather than a "let
                                // me log in" message, indicating that
                                // we're not allowed to connect to them?
                                // an error message rather than a "let
                                // me log in" message, indicating that
                                // we're not allowed to connect to them?
-                               (void)daemon_msg_err(pars.sockctrl_in, plen);
+                               (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
                                goto end;
 
                        case RPCAP_MSG_FINDALLIF_REQ:
                                goto end;
 
                        case RPCAP_MSG_FINDALLIF_REQ:
@@ -348,21 +641,21 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                msg_type_string = rpcap_msg_type_string(header.type);
                                if (msg_type_string != NULL)
                                {
                                msg_type_string = rpcap_msg_type_string(header.type);
                                if (msg_type_string != NULL)
                                {
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string);
                                }
                                else
                                {
                                }
                                else
                                {
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type);
                                }
                                }
-                               if (rpcap_senderror(pars.sockctrl_out,
-                                   pars.protocol_version, PCAP_ERR_WRONGMSG,
+                               if (rpcap_senderror(pars.sockctrl, pars.ssl,
+                                   header.ver, PCAP_ERR_WRONGMSG,
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                        goto end;
                                }
                                // Discard the rest of the message.
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                        goto end;
                                }
                                // Discard the rest of the message.
-                               if (rpcapd_discard(pars.sockctrl_in, plen) == -1)
+                               if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
                                {
                                        // Network error.
                                        goto end;
                                {
                                        // Network error.
                                        goto end;
@@ -384,21 +677,21 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                msg_type_string = rpcap_msg_type_string(header.type);
                                if (msg_type_string != NULL)
                                {
                                msg_type_string = rpcap_msg_type_string(header.type);
                                if (msg_type_string != NULL)
                                {
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
                                }
                                else
                                {
                                }
                                else
                                {
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
                                }
                                }
-                               if (rpcap_senderror(pars.sockctrl_out,
-                                   pars.protocol_version, PCAP_ERR_WRONGMSG,
+                               if (rpcap_senderror(pars.sockctrl, pars.ssl,
+                                   header.ver, PCAP_ERR_WRONGMSG,
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                        goto end;
                                }
                                // Discard the rest of the message.
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                        goto end;
                                }
                                // Discard the rest of the message.
-                               if (rpcapd_discard(pars.sockctrl_in, plen) == -1)
+                               if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
                                {
                                        // Fatal error.
                                        goto end;
                                {
                                        // Fatal error.
                                        goto end;
@@ -409,16 +702,16 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                //
                                // Unknown message type.
                                //
                                //
                                // Unknown message type.
                                //
-                               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
-                               if (rpcap_senderror(pars.sockctrl_out,
-                                   pars.protocol_version, PCAP_ERR_WRONGMSG,
+                               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
+                               if (rpcap_senderror(pars.sockctrl, pars.ssl,
+                                   header.ver, PCAP_ERR_WRONGMSG,
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                        goto end;
                                }
                                // Discard the rest of the message.
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                        goto end;
                                }
                                // Discard the rest of the message.
-                               if (rpcapd_discard(pars.sockctrl_in, plen) == -1)
+                               if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
                                {
                                        // Fatal error.
                                        goto end;
                                {
                                        // Fatal error.
                                        goto end;
@@ -456,7 +749,7 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                //
                // Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
                //  sockdata is 0
                //
                // Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
                //  sockdata is 0
-               if ((!pars.isactive) &&  ((session == NULL) || ((session != NULL) && (session->sockdata == 0))))
+               if ((!pars.isactive) && (session == NULL || session->sockdata == 0))
                {
                        // Check for the initial timeout
                        FD_ZERO(&rfds);
                {
                        // Check for the initial timeout
                        FD_ZERO(&rfds);
@@ -464,14 +757,18 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                        tv.tv_sec = RPCAP_TIMEOUT_RUNTIME;
                        tv.tv_usec = 0;
 
                        tv.tv_sec = RPCAP_TIMEOUT_RUNTIME;
                        tv.tv_usec = 0;
 
-                       FD_SET(pars.sockctrl_in, &rfds);
-
-                       retval = select(pars.sockctrl_in + 1, &rfds, NULL, NULL, &tv);
+                       FD_SET(pars.sockctrl, &rfds);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+                       retval = 1;
+#else
+                       retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
+#endif
                        if (retval == -1)
                        {
                        if (retval == -1)
                        {
-                               sock_geterror("select failed: ", errmsgbuf, PCAP_ERRBUF_SIZE);
-                               if (rpcap_senderror(pars.sockctrl_out,
-                                   pars.protocol_version, PCAP_ERR_NETW,
+                               sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                                   "select() failed");
+                               if (rpcap_senderror(pars.sockctrl, pars.ssl,
+                                   0, PCAP_ERR_NETW,
                                    errmsgbuf, errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                goto end;
                                    errmsgbuf, errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                goto end;
@@ -481,9 +778,8 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                        // So, this was a fake connection. Drop it down
                        if (retval == 0)
                        {
                        // So, this was a fake connection. Drop it down
                        if (retval == 0)
                        {
-                               if (rpcap_senderror(pars.sockctrl_out,
-                                   pars.protocol_version,
-                                   PCAP_ERR_INITTIMEOUT,
+                               if (rpcap_senderror(pars.sockctrl, pars.ssl,
+                                   0, PCAP_ERR_INITTIMEOUT,
                                    "The RPCAP initial timeout has expired",
                                    errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                    "The RPCAP initial timeout has expired",
                                    errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -494,7 +790,7 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                //
                // Read the message header from the client.
                //
                //
                // Read the message header from the client.
                //
-               nrecv = rpcapd_recv_msg_header(pars.sockctrl_in, &header);
+               nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
                if (nrecv == -1)
                {
                        // Fatal error.
                if (nrecv == -1)
                {
                        // Fatal error.
@@ -509,21 +805,20 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                plen = header.plen;
 
                //
                plen = header.plen;
 
                //
-               // Did the client specify the version we negotiated?
+               // Did the client specify a protocol version that we
+               // support?
                //
                //
-               // For now, there's only one version.
-               //
-               if (header.ver != pars.protocol_version)
+               if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
                {
                        //
                {
                        //
-                       // Tell them it's not the negotiated version.
+                       // Tell them it's not a supported version.
                        // Send the error message with their version,
                        // so they don't reject it as having the wrong
                        // version.
                        //
                        // Send the error message with their version,
                        // so they don't reject it as having the wrong
                        // version.
                        //
-                       if (rpcap_senderror(pars.sockctrl_out,
+                       if (rpcap_senderror(pars.sockctrl, pars.ssl,
                            header.ver, PCAP_ERR_WRONGVER,
                            header.ver, PCAP_ERR_WRONGVER,
-                           "RPCAP version in message isn't the negotiated version",
+                           "RPCAP version in message isn't supported by the server",
                            errbuf) == -1)
                        {
                                // That failed; log a message and give up.
                            errbuf) == -1)
                        {
                                // That failed; log a message and give up.
@@ -532,7 +827,7 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                        }
 
                        // Discard the rest of the message.
                        }
 
                        // Discard the rest of the message.
-                       (void)rpcapd_discard(pars.sockctrl_in, plen);
+                       (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
                        // Give up on them.
                        goto end;
                }
                        // Give up on them.
                        goto end;
                }
@@ -541,7 +836,7 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                {
                        case RPCAP_MSG_ERROR:           // The other endpoint reported an error
                        {
                {
                        case RPCAP_MSG_ERROR:           // The other endpoint reported an error
                        {
-                               (void)daemon_msg_err(pars.sockctrl_in, plen);
+                               (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
                                // Do nothing; just exit; the error code is already into the errbuf
                                // XXX - actually exit....
                                break;
                                // Do nothing; just exit; the error code is already into the errbuf
                                // XXX - actually exit....
                                break;
@@ -549,7 +844,7 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
 
                        case RPCAP_MSG_FINDALLIF_REQ:
                        {
 
                        case RPCAP_MSG_FINDALLIF_REQ:
                        {
-                               if (daemon_msg_findallif_req(&pars, plen) == -1)
+                               if (daemon_msg_findallif_req(header.ver, &pars, plen) == -1)
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
@@ -569,7 +864,8 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                // us multiple open requests, the last
                                // one wins.
                                //
                                // us multiple open requests, the last
                                // one wins.
                                //
-                               retval = daemon_msg_open_req(&pars, plen, source, sizeof(source));
+                               retval = daemon_msg_open_req(header.ver, &pars,
+                                   plen, source, sizeof(source));
                                if (retval == -1)
                                {
                                        // Fatal error; a message has
                                if (retval == -1)
                                {
                                        // Fatal error; a message has
@@ -586,8 +882,8 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                {
                                        // They never told us what device
                                        // to capture on!
                                {
                                        // They never told us what device
                                        // to capture on!
-                                       if (rpcap_senderror(pars.sockctrl_out,
-                                           pars.protocol_version,
+                                       if (rpcap_senderror(pars.sockctrl, pars.ssl,
+                                           header.ver,
                                            PCAP_ERR_STARTCAPTURE,
                                            "No capture device was specified",
                                            errbuf) == -1)
                                            PCAP_ERR_STARTCAPTURE,
                                            "No capture device was specified",
                                            errbuf) == -1)
@@ -597,14 +893,16 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                                goto end;
                                        }
                                                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                                goto end;
                                        }
-                                       if (rpcapd_discard(pars.sockctrl_in, plen) == -1)
+                                       if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
                                        {
                                                goto end;
                                        }
                                        break;
                                }
 
                                        {
                                                goto end;
                                        }
                                        break;
                                }
 
-                               if (daemon_msg_startcap_req(&pars, plen, &have_thread, &threaddata, source, &session, &samp_param) == -1)
+                               if (daemon_msg_startcap_req(header.ver, &pars,
+                                   plen, source, &session, &samp_param,
+                                   uses_ssl) == -1)
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
@@ -617,7 +915,8 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                        {
                                if (session)
                                {
                        {
                                if (session)
                                {
-                                       if (daemon_msg_updatefilter_req(&pars, session, plen) == -1)
+                                       if (daemon_msg_updatefilter_req(header.ver,
+                                           &pars, session, plen) == -1)
                                        {
                                                // Fatal error; a message has
                                                // been logged, so just give up.
                                        {
                                                // Fatal error; a message has
                                                // been logged, so just give up.
@@ -626,8 +925,8 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                }
                                else
                                {
                                }
                                else
                                {
-                                       if (rpcap_senderror(pars.sockctrl_out,
-                                           pars.protocol_version,
+                                       if (rpcap_senderror(pars.sockctrl, pars.ssl,
+                                           header.ver,
                                            PCAP_ERR_UPDATEFILTER,
                                            "Device not opened. Cannot update filter",
                                            errbuf) == -1)
                                            PCAP_ERR_UPDATEFILTER,
                                            "Device not opened. Cannot update filter",
                                            errbuf) == -1)
@@ -648,13 +947,14 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                // This is used only in case of active mode.
                                //
                                client_told_us_to_close = 1;
                                // This is used only in case of active mode.
                                //
                                client_told_us_to_close = 1;
-                               SOCK_MESSAGE("The other end system asked to close the connection.");
+                               rpcapd_log(LOGPRIO_DEBUG, "The other end system asked to close the connection.");
                                goto end;
                        }
 
                        case RPCAP_MSG_STATS_REQ:
                        {
                                goto end;
                        }
 
                        case RPCAP_MSG_STATS_REQ:
                        {
-                               if (daemon_msg_stats_req(&pars, session, plen, &stats, svrcapt) == -1)
+                               if (daemon_msg_stats_req(header.ver, &pars,
+                                   session, plen, &stats, svrcapt) == -1)
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
@@ -680,7 +980,8 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                                svrcapt = 0;
                                        }
 
                                                svrcapt = 0;
                                        }
 
-                                       if (daemon_msg_endcap_req(&pars, session, &have_thread, threaddata) == -1)
+                                       if (daemon_msg_endcap_req(header.ver,
+                                           &pars, session) == -1)
                                        {
                                                free(session);
                                                session = NULL;
                                        {
                                                free(session);
                                                session = NULL;
@@ -693,8 +994,8 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                }
                                else
                                {
                                }
                                else
                                {
-                                       rpcap_senderror(pars.sockctrl_out,
-                                           pars.protocol_version,
+                                       rpcap_senderror(pars.sockctrl, pars.ssl,
+                                           header.ver,
                                            PCAP_ERR_ENDCAPTURE,
                                            "Device not opened. Cannot close the capture",
                                            errbuf);
                                            PCAP_ERR_ENDCAPTURE,
                                            "Device not opened. Cannot close the capture",
                                            errbuf);
@@ -704,7 +1005,8 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
 
                        case RPCAP_MSG_SETSAMPLING_REQ:
                        {
 
                        case RPCAP_MSG_SETSAMPLING_REQ:
                        {
-                               if (daemon_msg_setsampling_req(&pars, plen, &samp_param) == -1)
+                               if (daemon_msg_setsampling_req(header.ver,
+                                   &pars, plen, &samp_param) == -1)
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
@@ -720,8 +1022,8 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                // get to reauthenticate.
                                //
                                rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed");
                                // get to reauthenticate.
                                //
                                rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed");
-                               if (rpcap_senderror(pars.sockctrl_out,
-                                   pars.protocol_version,
+                               if (rpcap_senderror(pars.sockctrl, pars.ssl,
+                                   header.ver,
                                    PCAP_ERR_WRONGMSG,
                                    "RPCAP_MSG_AUTH_REQ request sent after authentication was completed",
                                    errbuf) == -1)
                                    PCAP_ERR_WRONGMSG,
                                    "RPCAP_MSG_AUTH_REQ request sent after authentication was completed",
                                    errbuf) == -1)
@@ -730,7 +1032,7 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                        goto end;
                                }
                                // Discard the rest of the message.
                                        goto end;
                                }
                                // Discard the rest of the message.
-                               if (rpcapd_discard(pars.sockctrl_in, plen) == -1)
+                               if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
                                {
                                        // Fatal error.
                                        goto end;
                                {
                                        // Fatal error.
                                        goto end;
@@ -753,22 +1055,22 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                if (msg_type_string != NULL)
                                {
                                        rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string);
                                if (msg_type_string != NULL)
                                {
                                        rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string);
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
                                }
                                else
                                {
                                        rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type);
                                }
                                else
                                {
                                        rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type);
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
                                }
                                }
-                               if (rpcap_senderror(pars.sockctrl_out,
-                                   pars.protocol_version, PCAP_ERR_WRONGMSG,
+                               if (rpcap_senderror(pars.sockctrl, pars.ssl,
+                                   header.ver, PCAP_ERR_WRONGMSG,
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                        goto end;
                                }
                                // Discard the rest of the message.
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                        goto end;
                                }
                                // Discard the rest of the message.
-                               if (rpcapd_discard(pars.sockctrl_in, plen) == -1)
+                               if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
                                {
                                        // Fatal error.
                                        goto end;
                                {
                                        // Fatal error.
                                        goto end;
@@ -780,16 +1082,16 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
                                // Unknown message type.
                                //
                                rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type);
                                // Unknown message type.
                                //
                                rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type);
-                               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
-                               if (rpcap_senderror(pars.sockctrl_out,
-                                   pars.protocol_version, PCAP_ERR_WRONGMSG,
+                               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
+                               if (rpcap_senderror(pars.sockctrl, pars.ssl,
+                                   header.ver, PCAP_ERR_WRONGMSG,
                                    errbuf, errmsgbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                        goto end;
                                }
                                // Discard the rest of the message.
                                    errbuf, errmsgbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                        goto end;
                                }
                                // Discard the rest of the message.
-                               if (rpcapd_discard(pars.sockctrl_in, plen) == -1)
+                               if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
                                {
                                        // Fatal error.
                                        goto end;
                                {
                                        // Fatal error.
                                        goto end;
@@ -800,58 +1102,34 @@ daemon_serviceloop(SOCKET sockctrl_in, SOCKET sockctrl_out, int isactive, int nu
        }
 
 end:
        }
 
 end:
-       // The child thread is about to end
-
-       // perform pcap_t cleanup, in case it has not been done
+       // The service loop is finishing up.
+       // If we have a capture session running, close it.
        if (session)
        {
        if (session)
        {
-               if (have_thread)
-               {
-#ifdef _WIN32
-                       //
-                       // Tell the data connection thread main capture
-                       // loop to break out of that loop.
-                       //
-                       pcap_breakloop(session->fp);
-
-                       //
-                       // If it's currently blocked waiting for packets
-                       // to arrive, try to wake it up, so it can see
-                       // the "break out of the loop" indication.
-                       //
-                       SetEvent(pcap_getevent(session->fp));
-
-                       //
-                       // Wait for the thread to exit, so we don't close
-                       // sockets out from under it.
-                       //
-                       // XXX - have a timeout, so we don't wait forever?
-                       //
-                       WaitForSingleObject(threaddata, INFINITE);
-
-                       //
-                       // Release the thread handle, as we're done with
-                       // it.
-                       //
-                       CloseHandle(threaddata);
-#else
-                       pthread_cancel(threaddata);
-#endif
-                       have_thread = 0;
-               }
-               if (session->sockdata)
-               {
-                       sock_close(session->sockdata, NULL, 0);
-                       session->sockdata = 0;
-               }
-               pcap_close(session->fp);
+               session_close(session);
                free(session);
                session = NULL;
        }
 
                free(session);
                session = NULL;
        }
 
+       if (passiveClients) {
+               free(passiveClients);
+       }
+       //
+       // Finish using the SSL handle for the control socket, if we
+       // have an SSL connection, and close the control socket.
+       //
+#ifdef HAVE_OPENSSL
+       if (ssl)
+       {
+               // Finish using the SSL handle for the socket.
+               // This must be done *before* the socket is closed.
+               ssl_finish(ssl);
+       }
+#endif
+       sock_close(sockctrl, NULL, 0);
+
        // Print message and return
        // Print message and return
-       SOCK_MESSAGE("I'm exiting from the child loop");
-       SOCK_MESSAGE(errbuf);
+       rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop");
 
        return client_told_us_to_close;
 }
 
        return client_told_us_to_close;
 }
@@ -860,7 +1138,7 @@ end:
  * This handles the RPCAP_MSG_ERR message.
  */
 static int
  * This handles the RPCAP_MSG_ERR message.
  */
 static int
-daemon_msg_err(SOCKET sockctrl_in, uint32 plen)
+daemon_msg_err(SOCKET sockctrl, SSL *ssl, uint32 plen)
 {
        char errbuf[PCAP_ERRBUF_SIZE];
        char remote_errbuf[PCAP_ERRBUF_SIZE];
 {
        char errbuf[PCAP_ERRBUF_SIZE];
        char remote_errbuf[PCAP_ERRBUF_SIZE];
@@ -871,7 +1149,7 @@ daemon_msg_err(SOCKET sockctrl_in, uint32 plen)
                 * Message is too long; just read as much of it as we
                 * can into the buffer provided, and discard the rest.
                 */
                 * Message is too long; just read as much of it as we
                 * can into the buffer provided, and discard the rest.
                 */
-               if (sock_recv(sockctrl_in, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
+               if (sock_recv(sockctrl, ssl, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
                    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
                    PCAP_ERRBUF_SIZE) == -1)
                {
                    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
                    PCAP_ERRBUF_SIZE) == -1)
                {
@@ -879,7 +1157,7 @@ daemon_msg_err(SOCKET sockctrl_in, uint32 plen)
                        rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
                        return -1;
                }
                        rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
                        return -1;
                }
-               if (rpcapd_discard(sockctrl_in, plen - (PCAP_ERRBUF_SIZE - 1)) == -1)
+               if (rpcapd_discard(sockctrl, ssl, plen - (PCAP_ERRBUF_SIZE - 1)) == -1)
                {
                        // Network error.
                        return -1;
                {
                        // Network error.
                        return -1;
@@ -897,7 +1175,7 @@ daemon_msg_err(SOCKET sockctrl_in, uint32 plen)
        }
        else
        {
        }
        else
        {
-               if (sock_recv(sockctrl_in, remote_errbuf, plen,
+               if (sock_recv(sockctrl, ssl, remote_errbuf, plen,
                    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
                    PCAP_ERRBUF_SIZE) == -1)
                {
                    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
                    PCAP_ERRBUF_SIZE) == -1)
                {
@@ -943,11 +1221,13 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
-       struct rpcap_header header;             // RPCAP message general header
        int status;
        struct rpcap_auth auth;                 // RPCAP authentication header
        int status;
        struct rpcap_auth auth;                 // RPCAP authentication header
+       char sendbuf[RPCAP_NETBUF_SIZE];        // temporary buffer in which data to be sent is buffered
+       int sendbufidx = 0;                     // index which keeps the number of bytes currently buffered
+       struct rpcap_authreply *authreply;      // authentication reply message
 
 
-       status = rpcapd_recv(pars->sockctrl_in, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf);
+       status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf);
        if (status == -1)
        {
                return -1;
        if (status == -1)
        {
                return -1;
@@ -964,8 +1244,16 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
                        if (!pars->nullAuthAllowed)
                        {
                                // Send the client an error reply.
                        if (!pars->nullAuthAllowed)
                        {
                                // Send the client an error reply.
-                               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Authentication failed; NULL authentication not permitted.");
-                               goto error;
+                               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
+                                   "Authentication failed; NULL authentication not permitted.");
+                               if (rpcap_senderror(pars->sockctrl, pars->ssl,
+                                   0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
+                               {
+                                       // That failed; log a message and give up.
+                                       rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                                       return -1;
+                               }
+                               goto error_noreply;
                        }
                        break;
                }
                        }
                        break;
                }
@@ -983,7 +1271,7 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
                                    PCAP_ERRBUF_SIZE, errno, "malloc() failed");
                                goto error;
                        }
                                    PCAP_ERRBUF_SIZE, errno, "malloc() failed");
                                goto error;
                        }
-                       status = rpcapd_recv(pars->sockctrl_in, username, usernamelen, &plen, errmsgbuf);
+                       status = rpcapd_recv(pars->sockctrl, pars->ssl, username, usernamelen, &plen, errmsgbuf);
                        if (status == -1)
                        {
                                free(username);
                        if (status == -1)
                        {
                                free(username);
@@ -1005,7 +1293,7 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
                                free(username);
                                goto error;
                        }
                                free(username);
                                goto error;
                        }
-                       status = rpcapd_recv(pars->sockctrl_in, passwd, passwdlen, &plen, errmsgbuf);
+                       status = rpcapd_recv(pars->sockctrl, pars->ssl, passwd, passwdlen, &plen, errmsgbuf);
                        if (status == -1)
                        {
                                free(username);
                        if (status == -1)
                        {
                                free(username);
@@ -1028,9 +1316,8 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
                                //
                                free(username);
                                free(passwd);
                                //
                                free(username);
                                free(passwd);
-                               if (rpcap_senderror(pars->sockctrl_out,
-                                   pars->protocol_version,
-                                   PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1)
+                               if (rpcap_senderror(pars->sockctrl, pars->ssl,
+                                   0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
                                {
                                        // That failed; log a message and give up.
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                {
                                        // That failed; log a message and give up.
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -1057,23 +1344,54 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
                        }
 
                default:
                        }
 
                default:
-                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Authentication type not recognized.");
-                       goto error;
+                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
+                           "Authentication type not recognized.");
+                       if (rpcap_senderror(pars->sockctrl, pars->ssl,
+                           0, PCAP_ERR_AUTH_TYPE_NOTSUP, errmsgbuf, errbuf) == -1)
+                       {
+                               // That failed; log a message and give up.
+                               rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                               return -1;
+                       }
+                       goto error_noreply;
        }
 
        // The authentication succeeded; let the client know.
        }
 
        // The authentication succeeded; let the client know.
-       rpcap_createhdr(&header, pars->protocol_version, RPCAP_MSG_AUTH_REPLY, 0, 0);
+       if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
+           RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
+               goto error;
+
+       rpcap_createhdr((struct rpcap_header *) sendbuf, 0,
+           RPCAP_MSG_AUTH_REPLY, 0, sizeof(struct rpcap_authreply));
 
 
-       // Send the ok message back
-       if (sock_send(pars->sockctrl_out, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
+       authreply = (struct rpcap_authreply *) &sendbuf[sendbufidx];
+
+       if (sock_bufferize(NULL, sizeof(struct rpcap_authreply), NULL, &sendbufidx,
+           RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
+               goto error;
+
+       //
+       // Indicate to our peer what versions we support and what our
+       // version of the byte-order magic is (which will tell the
+       // client whether our byte order differs from theirs, in which
+       // case they will need to byte-swap some fields in some
+       // link-layer types' headers).
+       //
+       memset(authreply, 0, sizeof(struct rpcap_authreply));
+       authreply->minvers = RPCAP_MIN_VERSION;
+       authreply->maxvers = RPCAP_MAX_VERSION;
+       authreply->byte_order_magic = RPCAP_BYTE_ORDER_MAGIC;
+
+       // Send the reply.
+       if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
        {
-               // That failed; log a messsage and give up.
+               // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
 
        // Check if all the data has been read; if not, discard the data in excess
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
 
        // Check if all the data has been read; if not, discard the data in excess
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
        {
                return -1;
        }
        {
                return -1;
        }
@@ -1081,8 +1399,8 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
        return 0;
 
 error:
        return 0;
 
 error:
-       if (rpcap_senderror(pars->sockctrl_out, pars->protocol_version,
-           PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1)
+       if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH,
+           errmsgbuf, errbuf) == -1)
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -1091,7 +1409,7 @@ error:
 
 error_noreply:
        // Check if all the data has been read; if not, discard the data in excess
 
 error_noreply:
        // Check if all the data has been read; if not, discard the data in excess
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
        {
                return -1;
        }
        {
                return -1;
        }
@@ -1111,16 +1429,32 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
         * policies, user right assignment)
         * However, it seems to me that if you run it as a service, this
         * right should be provided by default.
         * policies, user right assignment)
         * However, it seems to me that if you run it as a service, this
         * right should be provided by default.
+        *
+        * XXX - hopefully, this returns errors such as ERROR_LOGON_FAILURE,
+        * which merely indicates that the user name or password is
+        * incorrect, not whether it's the user name or the password
+        * that's incorrect, so a client that's trying to brute-force
+        * accounts doesn't know whether it's the user name or the
+        * password that's incorrect, so it doesn't know whether to
+        * stop trying to log in with a given user name and move on
+        * to another user name.
         */
         */
+       DWORD error;
        HANDLE Token;
        HANDLE Token;
+       char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to log
+
        if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
        {
        if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
        {
-               int error;
-
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
                error = GetLastError();
                error = GetLastError();
-               FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
-                       PCAP_ERRBUF_SIZE, NULL);
-
+               if (error != ERROR_LOGON_FAILURE)
+               {
+                       // Some error other than an authentication error;
+                       // log it.
+                       pcap_fmt_errmsg_for_win32_err(errmsgbuf,
+                           PCAP_ERRBUF_SIZE, error, "LogonUser() failed");
+                       rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
+               }
                return -1;
        }
 
                return -1;
        }
 
@@ -1128,12 +1462,10 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
        // I didn't test it.
        if (ImpersonateLoggedOnUser(Token) == 0)
        {
        // I didn't test it.
        if (ImpersonateLoggedOnUser(Token) == 0)
        {
-               int error;
-
-               error = GetLastError();
-               FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
-                       PCAP_ERRBUF_SIZE, NULL);
-
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
+               pcap_fmt_errmsg_for_win32_err(errmsgbuf, PCAP_ERRBUF_SIZE,
+                   GetLastError(), "ImpersonateLoggedOnUser() failed");
+               rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
                CloseHandle(Token);
                return -1;
        }
                CloseHandle(Token);
                return -1;
        }
@@ -1145,7 +1477,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
        /*
         * See
         *
        /*
         * See
         *
-        *      http://www.unixpapa.com/incnote/passwd.html
+        *      https://www.unixpapa.com/incnote/passwd.html
         *
         * We use the Solaris/Linux shadow password authentication if
         * we have getspnam(), otherwise we just do traditional
         *
         * We use the Solaris/Linux shadow password authentication if
         * we have getspnam(), otherwise we just do traditional
@@ -1161,16 +1493,18 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
         * only password database or some other authentication mechanism,
         * behind its API.
         */
         * only password database or some other authentication mechanism,
         * behind its API.
         */
+       int error;
        struct passwd *user;
        char *user_password;
 #ifdef HAVE_GETSPNAM
        struct spwd *usersp;
 #endif
        struct passwd *user;
        char *user_password;
 #ifdef HAVE_GETSPNAM
        struct spwd *usersp;
 #endif
+       char *crypt_password;
 
        // This call is needed to get the uid
        if ((user = getpwnam(username)) == NULL)
        {
 
        // This call is needed to get the uid
        if ((user = getpwnam(username)) == NULL)
        {
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: no such user");
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
                return -1;
        }
 
                return -1;
        }
 
@@ -1178,7 +1512,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
        // This call is needed to get the password; otherwise 'x' is returned
        if ((usersp = getspnam(username)) == NULL)
        {
        // This call is needed to get the password; otherwise 'x' is returned
        if ((usersp = getspnam(username)) == NULL)
        {
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: no such user");
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
                return -1;
        }
        user_password = usersp->sp_pwdp;
                return -1;
        }
        user_password = usersp->sp_pwdp;
@@ -1196,23 +1530,52 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
        user_password = user->pw_passwd;
 #endif
 
        user_password = user->pw_passwd;
 #endif
 
-       if (strcmp(user_password, (char *) crypt(password, user_password)) != 0)
+       //
+       // The Single UNIX Specification says that if crypt() fails it
+       // sets errno, but some implementatons that haven't been run
+       // through the SUS test suite might not do so.
+       //
+       errno = 0;
+       crypt_password = crypt(password, user_password);
+       if (crypt_password == NULL)
+       {
+               error = errno;
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
+               if (error == 0)
+               {
+                       // It didn't set errno.
+                       rpcapd_log(LOGPRIO_ERROR, "crypt() failed");
+               }
+               else
+               {
+                       rpcapd_log(LOGPRIO_ERROR, "crypt() failed: %s",
+                           strerror(error));
+               }
+               return -1;
+       }
+       if (strcmp(user_password, crypt_password) != 0)
        {
        {
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: password incorrect");
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
                return -1;
        }
 
        if (setuid(user->pw_uid))
        {
                return -1;
        }
 
        if (setuid(user->pw_uid))
        {
+               error = errno;
                pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
                pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
-                   errno, "setuid");
+                   error, "setuid");
+               rpcapd_log(LOGPRIO_ERROR, "setuid() failed: %s",
+                   strerror(error));
                return -1;
        }
 
 /*     if (setgid(user->pw_gid))
        {
                return -1;
        }
 
 /*     if (setgid(user->pw_gid))
        {
+               error = errno;
                pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
                    errno, "setgid");
                pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
                    errno, "setgid");
+               rpcapd_log(LOGPRIO_ERROR, "setgid() failed: %s",
+                   strerror(error));
                return -1;
        }
 */
                return -1;
        }
 */
@@ -1222,8 +1585,23 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
 
 }
 
 
 }
 
+/*
+ * Make sure that the reply length won't overflow 32 bits if we add the
+ * specified amount to it.  If it won't, add that amount to it.
+ *
+ * We check whether replylen + itemlen > UINT32_MAX, but subtract itemlen
+ * from both sides, to prevent overflow.
+ */
+#define CHECK_AND_INCREASE_REPLY_LEN(itemlen) \
+       if (replylen > UINT32_MAX - (itemlen)) { \
+               pcap_strlcpy(errmsgbuf, "Reply length doesn't fit in 32 bits", \
+                   sizeof (errmsgbuf)); \
+               goto error; \
+       } \
+       replylen += (uint32)(itemlen)
+
 static int
 static int
-daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
+daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
@@ -1232,11 +1610,11 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
        pcap_if_t *alldevs = NULL;              // pointer to the header of the interface chain
        pcap_if_t *d;                           // temp pointer needed to scan the interface chain
        struct pcap_addr *address;              // pcap structure that keeps a network address of an interface
        pcap_if_t *alldevs = NULL;              // pointer to the header of the interface chain
        pcap_if_t *d;                           // temp pointer needed to scan the interface chain
        struct pcap_addr *address;              // pcap structure that keeps a network address of an interface
-       struct rpcap_findalldevs_if *findalldevs_if;// rpcap structure that packet all the data of an interface together
+       uint32 replylen;                        // length of reply payload
        uint16 nif = 0;                         // counts the number of interface listed
 
        // Discard the rest of the message; there shouldn't be any payload.
        uint16 nif = 0;                         // counts the number of interface listed
 
        // Discard the rest of the message; there shouldn't be any payload.
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
        {
                // Network error.
                return -1;
        {
                // Network error.
                return -1;
@@ -1248,7 +1626,7 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
 
        if (alldevs == NULL)
        {
 
        if (alldevs == NULL)
        {
-               if (rpcap_senderror(pars->sockctrl_out, pars->protocol_version,
+               if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
                        PCAP_ERR_NOREMOTEIF,
                        "No interfaces found! Make sure libpcap/WinPcap is properly installed"
                        " and you have the right to access to the remote device.",
                        PCAP_ERR_NOREMOTEIF,
                        "No interfaces found! Make sure libpcap/WinPcap is properly installed"
                        " and you have the right to access to the remote device.",
@@ -1260,18 +1638,37 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
                return 0;
        }
 
                return 0;
        }
 
-       // checks the number of interfaces and it computes the total length of the payload
+       // This checks the number of interfaces and computes the total
+       // length of the payload.
+       replylen = 0;
        for (d = alldevs; d != NULL; d = d->next)
        {
                nif++;
 
        for (d = alldevs; d != NULL; d = d->next)
        {
                nif++;
 
-               if (d->description)
-                       plen+= strlen(d->description);
-               if (d->name)
-                       plen+= strlen(d->name);
+               if (d->description) {
+                       size_t stringlen = strlen(d->description);
+                       if (stringlen > UINT16_MAX) {
+                               pcap_strlcpy(errmsgbuf,
+                                   "Description length doesn't fit in 16 bits",
+                                   sizeof (errmsgbuf));
+                               goto error;
+                       }
+                       CHECK_AND_INCREASE_REPLY_LEN(stringlen);
+               }
+               if (d->name) {
+                       size_t stringlen = strlen(d->name);
+                       if (stringlen > UINT16_MAX) {
+                               pcap_strlcpy(errmsgbuf,
+                                   "Name length doesn't fit in 16 bits",
+                                   sizeof (errmsgbuf));
+                               goto error;
+                       }
+                       CHECK_AND_INCREASE_REPLY_LEN(stringlen);
+               }
 
 
-               plen+= sizeof(struct rpcap_findalldevs_if);
+               CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_findalldevs_if));
 
 
+               uint16_t naddrs = 0;
                for (address = d->addresses; address != NULL; address = address->next)
                {
                        /*
                for (address = d->addresses; address != NULL; address = address->next)
                {
                        /*
@@ -1283,7 +1680,14 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
 #ifdef AF_INET6
                        case AF_INET6:
 #endif
 #ifdef AF_INET6
                        case AF_INET6:
 #endif
-                               plen+= (sizeof(struct rpcap_sockaddr) * 4);
+                               CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_sockaddr) * 4);
+                               if (naddrs == UINT16_MAX) {
+                                       pcap_strlcpy(errmsgbuf,
+                                           "Number of interfaces doesn't fit in 16 bits",
+                                           sizeof (errmsgbuf));
+                                       goto error;
+                               }
+                               naddrs++;
                                break;
 
                        default:
                                break;
 
                        default:
@@ -1292,37 +1696,50 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
                }
        }
 
                }
        }
 
-       // RPCAP findalldevs command
+       // RPCAP findalldevs reply
        if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
            &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf,
            PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
        if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
            &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf,
            PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
-       rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
-           RPCAP_MSG_FINDALLIF_REPLY, nif, plen);
+       rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
+           RPCAP_MSG_FINDALLIF_REPLY, nif, replylen);
 
        // send the interface list
        for (d = alldevs; d != NULL; d = d->next)
        {
                uint16 lname, ldescr;
 
 
        // send the interface list
        for (d = alldevs; d != NULL; d = d->next)
        {
                uint16 lname, ldescr;
 
-               findalldevs_if = (struct rpcap_findalldevs_if *) &sendbuf[sendbufidx];
-
-               if (sock_bufferize(NULL, sizeof(struct rpcap_findalldevs_if), NULL,
-                   &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
-                       goto error;
-
-               memset(findalldevs_if, 0, sizeof(struct rpcap_findalldevs_if));
+               // Note: the findalldevs_if entries are *not* neatly
+               // aligned on 4-byte boundaries, because they're
+               // preceded by strings that aren't padded to 4-byte
+               // boundaries, so we cannot just cast output buffer
+               // boundaries to struct rpcap_findalldevs_if pointers
+               // and store into them - we must fill in a structure and
+               // then copy the structure to the buffer, as not all
+               // systems support unaligned access (some, such as
+               // SPARC, crash; others, such as Arm, may just ignore
+               // the lower-order bits).
+               struct rpcap_findalldevs_if findalldevs_if;
 
 
-               if (d->description) ldescr = (short) strlen(d->description);
-               else ldescr = 0;
-               if (d->name) lname = (short) strlen(d->name);
-               else lname = 0;
+               /*
+                * We've already established that the string lengths
+                * fit in 16 bits.
+                */
+               if (d->description)
+                       ldescr = (uint16) strlen(d->description);
+               else
+                       ldescr = 0;
+               if (d->name)
+                       lname = (uint16) strlen(d->name);
+               else
+                       lname = 0;
 
 
-               findalldevs_if->desclen = htons(ldescr);
-               findalldevs_if->namelen = htons(lname);
-               findalldevs_if->flags = htonl(d->flags);
+               findalldevs_if.desclen = htons(ldescr);
+               findalldevs_if.namelen = htons(lname);
+               findalldevs_if.flags = htonl(d->flags);
 
 
+               uint16_t naddrs = 0;
                for (address = d->addresses; address != NULL; address = address->next)
                {
                        /*
                for (address = d->addresses; address != NULL; address = address->next)
                {
                        /*
@@ -1334,14 +1751,20 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
 #ifdef AF_INET6
                        case AF_INET6:
 #endif
 #ifdef AF_INET6
                        case AF_INET6:
 #endif
-                               findalldevs_if->naddr++;
+                               naddrs++;
                                break;
 
                        default:
                                break;
                        }
                }
                                break;
 
                        default:
                                break;
                        }
                }
-               findalldevs_if->naddr = htons(findalldevs_if->naddr);
+               findalldevs_if.naddr = htons(naddrs);
+               findalldevs_if.dummy = 0;
+
+               if (sock_bufferize(&findalldevs_if, sizeof(struct rpcap_findalldevs_if), sendbuf,
+                   &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
+                   PCAP_ERRBUF_SIZE) == -1)
+                       goto error;
 
                if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
                    RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
 
                if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
                    RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
@@ -1402,7 +1825,7 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
        pcap_freealldevs(alldevs);
 
        // Send a final command that says "now send it!"
        pcap_freealldevs(alldevs);
 
        // Send a final command that says "now send it!"
-       if (sock_send(pars->sockctrl_out, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
+       if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        {
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
@@ -1413,8 +1836,8 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
 error:
        if (alldevs)
                pcap_freealldevs(alldevs);
 error:
        if (alldevs)
                pcap_freealldevs(alldevs);
-       
-       if (rpcap_senderror(pars->sockctrl_out, pars->protocol_version,
+
+       if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
            PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1)
        {
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
            PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1)
        {
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -1428,7 +1851,8 @@ error:
        to discard excess data in the message, if present)
 */
 static int
        to discard excess data in the message, if present)
 */
 static int
-daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_t sourcelen)
+daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
+    char *source, size_t sourcelen)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
@@ -1440,11 +1864,11 @@ daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_
 
        if (plen > sourcelen - 1)
        {
 
        if (plen > sourcelen - 1)
        {
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long");
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long");
                goto error;
        }
 
                goto error;
        }
 
-       nread = sock_recv(pars->sockctrl_in, source, plen,
+       nread = sock_recv(pars->sockctrl, pars->ssl, source, plen,
            SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
        if (nread == -1)
        {
            SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
        if (nread == -1)
        {
@@ -1454,14 +1878,19 @@ daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_
        source[nread] = '\0';
        plen -= nread;
 
        source[nread] = '\0';
        plen -= nread;
 
-       // XXX - make sure it's *not* a URL; we don't support opening
-       // remote devices here.
+       // Is this a URL rather than a device?
+       // If so, reject it.
+       if (is_url(source))
+       {
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string refers to a remote device");
+               goto error;
+       }
 
        // Open the selected device
        // This is a fake open, since we do that only to get the needed parameters, then we close the device again
        if ((fp = pcap_open_live(source,
                        1500 /* fake snaplen */,
 
        // Open the selected device
        // This is a fake open, since we do that only to get the needed parameters, then we close the device again
        if ((fp = pcap_open_live(source,
                        1500 /* fake snaplen */,
-                       0 /* no promis */,
+                       0 /* no promisc */,
                        1000 /* fake timeout */,
                        errmsgbuf)) == NULL)
                goto error;
                        1000 /* fake timeout */,
                        errmsgbuf)) == NULL)
                goto error;
@@ -1471,7 +1900,7 @@ daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_
            RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
            RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
-       rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
+       rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
            RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
 
        openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
            RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
 
        openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
@@ -1482,13 +1911,20 @@ daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_
 
        memset(openreply, 0, sizeof(struct rpcap_openreply));
        openreply->linktype = htonl(pcap_datalink(fp));
 
        memset(openreply, 0, sizeof(struct rpcap_openreply));
        openreply->linktype = htonl(pcap_datalink(fp));
-       openreply->tzoff = 0; /* This is always 0 for live captures */
+       /*
+        * This is always 0 for live captures; we no longer support it
+        * as something we read from capture files and supply to
+        * clients, but we have to send it over the wire, as open
+        * replies are expected to have 8 bytes of payload by
+        * existing clients.
+        */
+       openreply->tzoff = 0;
 
        // We're done with the pcap_t.
        pcap_close(fp);
 
        // Send the reply.
 
        // We're done with the pcap_t.
        pcap_close(fp);
 
        // Send the reply.
-       if (sock_send(pars->sockctrl_out, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
+       if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        {
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
@@ -1496,8 +1932,8 @@ daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_
        return 0;
 
 error:
        return 0;
 
 error:
-       if (rpcap_senderror(pars->sockctrl_out, pars->protocol_version,
-           PCAP_ERR_OPEN, errmsgbuf, errbuf) == -1)
+       if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_OPEN,
+           errmsgbuf, errbuf) == -1)
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -1505,7 +1941,7 @@ error:
        }
 
        // Check if all the data has been read; if not, discard the data in excess
        }
 
        // Check if all the data has been read; if not, discard the data in excess
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
        {
                return -1;
        }
        {
                return -1;
        }
@@ -1517,11 +1953,9 @@ error:
        to discard excess data in the message, if present)
 */
 static int
        to discard excess data in the message, if present)
 */
 static int
-#ifdef _WIN32
-daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_thread, HANDLE *threaddata, char *source, struct session **sessionp, struct rpcap_sampling *samp_param)
-#else
-daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_thread, pthread_t *threaddata, char *source, struct session **sessionp, struct rpcap_sampling *samp_param)
-#endif
+daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
+    char *source, struct session **sessionp,
+    struct rpcap_sampling *samp_param _U_, int uses_ssl)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
@@ -1533,18 +1967,12 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_threa
        int sendbufidx = 0;                     // index which keeps the number of bytes currently buffered
 
        // socket-related variables
        int sendbufidx = 0;                     // index which keeps the number of bytes currently buffered
 
        // socket-related variables
-       SOCKET sockdata = INVALID_SOCKET;       // socket descriptor of the data connection
        struct addrinfo hints;                  // temp, needed to open a socket connection
        struct addrinfo *addrinfo;              // temp, needed to open a socket connection
        struct sockaddr_storage saddr;          // temp, needed to retrieve the network data port chosen on the local machine
        socklen_t saddrlen;                     // temp, needed to retrieve the network data port chosen on the local machine
        int ret;                                // return value from functions
 
        struct addrinfo hints;                  // temp, needed to open a socket connection
        struct addrinfo *addrinfo;              // temp, needed to open a socket connection
        struct sockaddr_storage saddr;          // temp, needed to retrieve the network data port chosen on the local machine
        socklen_t saddrlen;                     // temp, needed to retrieve the network data port chosen on the local machine
        int ret;                                // return value from functions
 
-#ifdef _WIN32
-#else
-       pthread_attr_t detachedAttribute;       // temp, needed to set the created thread as detached
-#endif
-
        // RPCAP-related variables
        struct rpcap_startcapreq startcapreq;           // start capture request message
        struct rpcap_startcapreply *startcapreply;      // start capture reply message
        // RPCAP-related variables
        struct rpcap_startcapreq startcapreq;           // start capture request message
        struct rpcap_startcapreply *startcapreply;      // start capture reply message
@@ -1552,7 +1980,7 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_threa
 
        addrinfo = NULL;
 
 
        addrinfo = NULL;
 
-       status = rpcapd_recv(pars->sockctrl_in, (char *) &startcapreq,
+       status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &startcapreq,
            sizeof(struct rpcap_startcapreq), &plen, errmsgbuf);
        if (status == -1)
        {
            sizeof(struct rpcap_startcapreq), &plen, errmsgbuf);
        if (status == -1)
        {
@@ -1565,14 +1993,42 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_threa
 
        startcapreq.flags = ntohs(startcapreq.flags);
 
 
        startcapreq.flags = ntohs(startcapreq.flags);
 
+       // Check that the client does not ask for UDP is the server has been asked
+       // to enforce encryption, as SSL is not supported yet with UDP:
+       if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM))
+       {
+               snprintf(errbuf, PCAP_ERRBUF_SIZE,
+                   "SSL not supported with UDP forward of remote packets");
+               goto error;
+       }
+
        // Create a session structure
        session = malloc(sizeof(struct session));
        if (session == NULL)
        {
        // Create a session structure
        session = malloc(sizeof(struct session));
        if (session == NULL)
        {
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure");
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure");
                goto error;
        }
 
                goto error;
        }
 
+       session->sockdata = INVALID_SOCKET;
+       session->ctrl_ssl = session->data_ssl = NULL;
+       // We don't have a thread yet.
+       session->have_thread = 0;
+       //
+       // We *shouldn't* have to initialize the thread indicator
+       // itself, because the compiler *should* realize that we
+       // only use this if have_thread isn't 0, but we *do* have
+       // to do it, because not all compilers *do* realize that.
+       //
+       // There is no "invalid thread handle" value for a UN*X
+       // pthread_t, so we just zero it out.
+       //
+#ifdef _WIN32
+       session->thread = INVALID_HANDLE_VALUE;
+#else
+       memset(&session->thread, 0, sizeof(session->thread));
+#endif
+
        // Open the selected device
        if ((session->fp = pcap_open_live(source,
                        ntohl(startcapreq.snaplen),
        // Open the selected device
        if ((session->fp = pcap_open_live(source,
                        ntohl(startcapreq.snaplen),
@@ -1604,9 +2060,10 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_threa
        we want to connect to
        */
        saddrlen = sizeof(struct sockaddr_storage);
        we want to connect to
        */
        saddrlen = sizeof(struct sockaddr_storage);
-       if (getpeername(pars->sockctrl_in, (struct sockaddr *) &saddr, &saddrlen) == -1)
+       if (getpeername(pars->sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
        {
        {
-               sock_geterror("getpeername(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
+               sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                   "getpeername() failed");
                goto error;
        }
 
                goto error;
        }
 
@@ -1617,38 +2074,40 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_threa
        // Now we have to create a new socket to send packets
        if (serveropen_dp)              // Data connection is opened by the server toward the client
        {
        // Now we have to create a new socket to send packets
        if (serveropen_dp)              // Data connection is opened by the server toward the client
        {
-               pcap_snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata));
+               snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata));
 
                // Get the name of the other peer (needed to connect to that specific network address)
                if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
                                sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
                {
 
                // Get the name of the other peer (needed to connect to that specific network address)
                if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
                                sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
                {
-                       sock_geterror("getnameinfo(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
+                       sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                           "getnameinfo() failed");
                        goto error;
                }
 
                if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                        goto error;
 
                        goto error;
                }
 
                if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                        goto error;
 
-               if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
+               if ((session->sockdata = sock_open(peerhost, addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
                        goto error;
        }
        else            // Data connection is opened by the client toward the server
        {
                hints.ai_flags = AI_PASSIVE;
 
                        goto error;
        }
        else            // Data connection is opened by the client toward the server
        {
                hints.ai_flags = AI_PASSIVE;
 
-               // Let's the server socket pick up a free network port for us
-               if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
+               // Make the server socket pick up a free network port for us
+               if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                        goto error;
 
                        goto error;
 
-               if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
+               if ((session->sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
                        goto error;
 
                // get the complete sockaddr structure used in the data connection
                saddrlen = sizeof(struct sockaddr_storage);
                        goto error;
 
                // get the complete sockaddr structure used in the data connection
                saddrlen = sizeof(struct sockaddr_storage);
-               if (getsockname(sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
+               if (getsockname(session->sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
                {
                {
-                       sock_geterror("getsockname(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
+                       sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                           "getsockname() failed");
                        goto error;
                }
 
                        goto error;
                }
 
@@ -1656,7 +2115,8 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_threa
                if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
                                0, portdata, sizeof(portdata), NI_NUMERICSERV))
                {
                if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
                                0, portdata, sizeof(portdata), NI_NUMERICSERV))
                {
-                       sock_geterror("getnameinfo(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
+                       sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                           "getnameinfo() failed");
                        goto error;
                }
        }
                        goto error;
                }
        }
@@ -1666,11 +2126,12 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_threa
        addrinfo = NULL;
 
        // Needed to send an error on the ctrl connection
        addrinfo = NULL;
 
        // Needed to send an error on the ctrl connection
-       session->sockctrl_out = pars->sockctrl_out;
-       session->protocol_version = pars->protocol_version;
+       session->sockctrl = pars->sockctrl;
+       session->ctrl_ssl = pars->ssl;
+       session->protocol_version = ver;
 
        // Now I can set the filter
 
        // Now I can set the filter
-       ret = daemon_unpackapplyfilter(pars->sockctrl_in, session, &plen, errmsgbuf);
+       ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
        if (ret == -1)
        {
                // Fatal error.  A message has been logged; just give up.
        if (ret == -1)
        {
                // Fatal error.  A message has been logged; just give up.
@@ -1687,7 +2148,7 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_threa
            RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
            RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
-       rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
+       rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
            RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
 
        startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
            RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
 
        startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
@@ -1705,7 +2166,7 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_threa
                startcapreply->portdata = htons(port);
        }
 
                startcapreply->portdata = htons(port);
        }
 
-       if (sock_send(pars->sockctrl_out, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
+       if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -1719,52 +2180,62 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, int *have_threa
                // Connection creation
                saddrlen = sizeof(struct sockaddr_storage);
 
                // Connection creation
                saddrlen = sizeof(struct sockaddr_storage);
 
-               socktemp = accept(sockdata, (struct sockaddr *) &saddr, &saddrlen);
+               socktemp = accept(session->sockdata, (struct sockaddr *) &saddr, &saddrlen);
 
                if (socktemp == INVALID_SOCKET)
                {
 
                if (socktemp == INVALID_SOCKET)
                {
-                       sock_geterror("accept(): ", errbuf, PCAP_ERRBUF_SIZE);
+                       sock_geterrmsg(errbuf, PCAP_ERRBUF_SIZE,
+                          "accept() failed");
                        rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s",
                            errbuf);
                        goto error;
                }
 
                // Now that I accepted the connection, the server socket is no longer needed
                        rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s",
                            errbuf);
                        goto error;
                }
 
                // Now that I accepted the connection, the server socket is no longer needed
-               sock_close(sockdata, NULL, 0);
-               sockdata = socktemp;
+               sock_close(session->sockdata, NULL, 0);
+               session->sockdata = socktemp;
        }
 
        }
 
-       session->sockdata = sockdata;
+       SSL *ssl = NULL;
+       if (uses_ssl)
+       {
+#ifdef HAVE_OPENSSL
+               /* In both active or passive cases, wait for the client to initiate the
+                * TLS handshake. Yes during that time the control socket will not be
+                * served, but the same was true from the above call to accept(). */
+               ssl = ssl_promotion(1, session->sockdata, errbuf, PCAP_ERRBUF_SIZE);
+               if (! ssl)
+               {
+                       rpcapd_log(LOGPRIO_ERROR, "TLS handshake failed: %s", errbuf);
+                       goto error;
+               }
+#endif
+       }
+       session->data_ssl = ssl;
 
        // Now we have to create a new thread to receive packets
 #ifdef _WIN32
 
        // Now we have to create a new thread to receive packets
 #ifdef _WIN32
-       *threaddata = (HANDLE)_beginthreadex(NULL, 0, daemon_thrdatamain,
+       session->thread = (HANDLE)_beginthreadex(NULL, 0, daemon_thrdatamain,
            (void *) session, 0, NULL);
            (void *) session, 0, NULL);
-       if (*threaddata == 0)
+       if (session->thread == 0)
        {
        {
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
                goto error;
        }
 #else
                goto error;
        }
 #else
-       /* GV we need this to create the thread as detached. */
-       /* GV otherwise, the thread handle is not destroyed  */
-       pthread_attr_init(&detachedAttribute);
-       pthread_attr_setdetachstate(&detachedAttribute, PTHREAD_CREATE_DETACHED);
-       ret = pthread_create(threaddata, &detachedAttribute,
-           daemon_thrdatamain, (void *) session);
+       ret = pthread_create(&session->thread, NULL, daemon_thrdatamain,
+           (void *) session);
        if (ret != 0)
        {
                pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
                    ret, "Error creating the data thread");
        if (ret != 0)
        {
                pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
                    ret, "Error creating the data thread");
-               pthread_attr_destroy(&detachedAttribute);
                goto error;
        }
                goto error;
        }
-       pthread_attr_destroy(&detachedAttribute);
 #endif
 #endif
-       *have_thread = 1;
+       session->have_thread = 1;
 
        // Check if all the data has been read; if not, discard the data in excess
 
        // Check if all the data has been read; if not, discard the data in excess
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
                goto fatal_error;
 
        *sessionp = session;
                goto fatal_error;
 
        *sessionp = session;
@@ -1780,32 +2251,13 @@ error:
        if (addrinfo)
                freeaddrinfo(addrinfo);
 
        if (addrinfo)
                freeaddrinfo(addrinfo);
 
-       if (*have_thread)
-       {
-#ifdef _WIN32
-               if (session->fp)
-               {
-                       pcap_breakloop(session->fp);
-                       SetEvent(pcap_getevent(session->fp));
-               }
-               CloseHandle(*threaddata);
-#else
-               pthread_cancel(*threaddata);
-#endif
-               *have_thread = 0;
-       }
-
-       if (sockdata != INVALID_SOCKET)
-               sock_close(sockdata, NULL, 0);
-
        if (session)
        {
        if (session)
        {
-               if (session->fp)
-                       pcap_close(session->fp);
+               session_close(session);
                free(session);
        }
 
                free(session);
        }
 
-       if (rpcap_senderror(pars->sockctrl_out, pars->protocol_version,
+       if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
            PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1)
        {
                // That failed; log a message and give up.
            PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1)
        {
                // That failed; log a message and give up.
@@ -1814,7 +2266,7 @@ error:
        }
 
        // Check if all the data has been read; if not, discard the data in excess
        }
 
        // Check if all the data has been read; if not, discard the data in excess
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
        {
                // Network error.
                return -1;
        {
                // Network error.
                return -1;
@@ -1829,51 +2281,9 @@ fatal_error:
        //
        *sessionp = NULL;
 
        //
        *sessionp = NULL;
 
-       if (*have_thread)
-       {
-#ifdef _WIN32
-               if (session && session->fp)
-               {
-                       //
-                       // Tell the data connection thread main capture
-                       // loop to break out of that loop.
-                       //
-                       pcap_breakloop(session->fp);
-
-                       //
-                       // If it's currently blocked waiting for packets
-                       // to arrive, try to wake it up, so it can see
-                       // the "break out of the loop" indication.
-                       //
-                       SetEvent(pcap_getevent(session->fp));
-               }
-               
-               //
-               // Wait for the thread to exit, so we don't close
-               // sockets out from under it.
-               //
-               // XXX - have a timeout, so we don't wait forever?
-               //
-               WaitForSingleObject(*threaddata, INFINITE);
-
-               //
-               // Release the thread handle, as we're done with
-               // it.
-               //
-               CloseHandle(*threaddata);
-#else
-               pthread_cancel(*threaddata);
-#endif
-               *have_thread = 0;
-       }
-
-       if (sockdata != INVALID_SOCKET)
-               sock_close(sockdata, NULL, 0);
-
        if (session)
        {
        if (session)
        {
-               if (session->fp)
-                       pcap_close(session->fp);
+               session_close(session);
                free(session);
        }
 
                free(session);
        }
 
@@ -1881,61 +2291,17 @@ fatal_error:
 }
 
 static int
 }
 
 static int
-#ifdef _WIN32
-daemon_msg_endcap_req(struct daemon_slpars *pars, struct session *session, int *have_thread, HANDLE threaddata)
-#else
-daemon_msg_endcap_req(struct daemon_slpars *pars, struct session *session, int *have_thread, pthread_t threaddata)
-#endif
+daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        struct rpcap_header header;
 
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        struct rpcap_header header;
 
-       if (*have_thread)
-       {
-#ifdef _WIN32
-               //
-               // Tell the data connection thread main capture loop to
-               // break out of that loop.
-               //
-               pcap_breakloop(session->fp);
-
-               //
-               // If it's currently blocked waiting for packets to
-               // arrive, try to wake it up, so it can see the "break
-               // out of the loop" indication.
-               //
-               SetEvent(pcap_getevent(session->fp));
-               
-               //
-               // Wait for the thread to exit, so we don't close
-               // sockets out from under it.
-               //
-               // XXX - have a timeout, so we don't wait forever?
-               //
-               WaitForSingleObject(threaddata, INFINITE);
-
-               //
-               // Release the thread handle, as we're done with
-               // it.
-               //
-               CloseHandle(threaddata);
-#else
-               pthread_cancel(threaddata);
-#endif
-               *have_thread = 0;
-       }
-       if (session->sockdata)
-       {
-               sock_close(session->sockdata, NULL, 0);
-               session->sockdata = 0;
-       }
-
-       pcap_close(session->fp);
+       session_close(session);
 
 
-       rpcap_createhdr(&header, pars->protocol_version,
-           RPCAP_MSG_ENDCAP_REPLY, 0, 0);
+       rpcap_createhdr(&header, ver, RPCAP_MSG_ENDCAP_REPLY, 0, 0);
 
 
-       if (sock_send(pars->sockctrl_out, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
+       if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -1945,8 +2311,25 @@ daemon_msg_endcap_req(struct daemon_slpars *pars, struct session *session, int *
        return 0;
 }
 
        return 0;
 }
 
+//
+// We impose a limit on the filter program size, so that, on Windows,
+// where there's only one server process with multiple threads, it's
+// harder to eat all the server address space by sending larger filter
+// programs.  (This isn't an issue on UN*X, where there are multiple
+// server processes, one per client connection.)
+//
+// We pick a value that limits each filter to 64K; that value is twice
+// the in-kernel limit for Linux and 16 times the in-kernel limit for
+// *BSD and macOS.
+//
+// It also prevents an overflow on 32-bit platforms when calculating
+// the total size of the filter program.  (It's not an issue on 64-bit
+// platforms with a 64-bit size_t, as the filter size is 32 bits.)
+//
+#define RPCAP_BPF_MAXINSNS     8192
+
 static int
 static int
-daemon_unpackapplyfilter(SOCKET sockctrl_in, struct session *session, uint32 *plenp, char *errmsgbuf)
+daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf)
 {
        int status;
        struct rpcap_filter filter;
 {
        int status;
        struct rpcap_filter filter;
@@ -1955,7 +2338,7 @@ daemon_unpackapplyfilter(SOCKET sockctrl_in, struct session *session, uint32 *pl
        struct bpf_program bf_prog;
        unsigned int i;
 
        struct bpf_program bf_prog;
        unsigned int i;
 
-       status = rpcapd_recv(sockctrl_in, (char *) &filter,
+       status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &filter,
            sizeof(struct rpcap_filter), plenp, errmsgbuf);
        if (status == -1)
        {
            sizeof(struct rpcap_filter), plenp, errmsgbuf);
        if (status == -1)
        {
@@ -1970,10 +2353,17 @@ daemon_unpackapplyfilter(SOCKET sockctrl_in, struct session *session, uint32 *pl
 
        if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
        {
 
        if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
        {
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
                return -2;
        }
 
                return -2;
        }
 
+       if (bf_prog.bf_len > RPCAP_BPF_MAXINSNS)
+       {
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
+                   "Filter program is larger than the maximum size of %d instructions",
+                   RPCAP_BPF_MAXINSNS);
+               return -2;
+       }
        bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
        if (bf_insn == NULL)
        {
        bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
        if (bf_insn == NULL)
        {
@@ -1986,7 +2376,7 @@ daemon_unpackapplyfilter(SOCKET sockctrl_in, struct session *session, uint32 *pl
 
        for (i = 0; i < bf_prog.bf_len; i++)
        {
 
        for (i = 0; i < bf_prog.bf_len; i++)
        {
-               status = rpcapd_recv(sockctrl_in, (char *) &insn,
+               status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &insn,
                    sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf);
                if (status == -1)
                {
                    sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf);
                if (status == -1)
                {
@@ -2005,15 +2395,18 @@ daemon_unpackapplyfilter(SOCKET sockctrl_in, struct session *session, uint32 *pl
                bf_insn++;
        }
 
                bf_insn++;
        }
 
+       //
+       // XXX - pcap_setfilter() should do the validation for us.
+       //
        if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
        {
        if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
        {
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
                return -2;
        }
 
        if (pcap_setfilter(session->fp, &bf_prog))
        {
                return -2;
        }
 
        if (pcap_setfilter(session->fp, &bf_prog))
        {
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
                return -2;
        }
 
                return -2;
        }
 
@@ -2021,14 +2414,15 @@ daemon_unpackapplyfilter(SOCKET sockctrl_in, struct session *session, uint32 *pl
 }
 
 static int
 }
 
 static int
-daemon_msg_updatefilter_req(struct daemon_slpars *pars, struct session *session, uint32 plen)
+daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session, uint32 plen)
 {
        char errbuf[PCAP_ERRBUF_SIZE];
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
        int ret;                                // status of daemon_unpackapplyfilter()
        struct rpcap_header header;             // keeps the answer to the updatefilter command
 
 {
        char errbuf[PCAP_ERRBUF_SIZE];
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
        int ret;                                // status of daemon_unpackapplyfilter()
        struct rpcap_header header;             // keeps the answer to the updatefilter command
 
-       ret = daemon_unpackapplyfilter(pars->sockctrl_in, session, &plen, errmsgbuf);
+       ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
        if (ret == -1)
        {
                // Fatal error.  A message has been logged; just give up.
        if (ret == -1)
        {
                // Fatal error.  A message has been logged; just give up.
@@ -2041,19 +2435,18 @@ daemon_msg_updatefilter_req(struct daemon_slpars *pars, struct session *session,
        }
 
        // Check if all the data has been read; if not, discard the data in excess
        }
 
        // Check if all the data has been read; if not, discard the data in excess
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
        {
                // Network error.
                return -1;
        }
 
        // A response is needed, otherwise the other host does not know that everything went well
        {
                // Network error.
                return -1;
        }
 
        // A response is needed, otherwise the other host does not know that everything went well
-       rpcap_createhdr(&header, pars->protocol_version,
-           RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0);
+       rpcap_createhdr(&header, ver, RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0);
 
 
-       if (sock_send(pars->sockctrl_out, (char *) &header, sizeof (struct rpcap_header), pcap_geterr(session->fp), PCAP_ERRBUF_SIZE))
+       if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE))
        {
        {
-               // That failed; log a messsage and give up.
+               // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
@@ -2061,12 +2454,12 @@ daemon_msg_updatefilter_req(struct daemon_slpars *pars, struct session *session,
        return 0;
 
 error:
        return 0;
 
 error:
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
        {
                return -1;
        }
        {
                return -1;
        }
-       rpcap_senderror(pars->sockctrl_out, pars->protocol_version,
-           PCAP_ERR_UPDATEFILTER, errmsgbuf, NULL);
+       rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_UPDATEFILTER,
+           errmsgbuf, NULL);
 
        return 0;
 }
 
        return 0;
 }
@@ -2075,7 +2468,8 @@ error:
        \brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
 */
 static int
        \brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
 */
 static int
-daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap_sampling *samp_param)
+daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
+    struct rpcap_sampling *samp_param)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];
@@ -2083,7 +2477,7 @@ daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap
        struct rpcap_sampling rpcap_samp;
        int status;
 
        struct rpcap_sampling rpcap_samp;
        int status;
 
-       status = rpcapd_recv(pars->sockctrl_in, (char *) &rpcap_samp, sizeof(struct rpcap_sampling), &plen, errmsgbuf);
+       status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &rpcap_samp, sizeof(struct rpcap_sampling), &plen, errmsgbuf);
        if (status == -1)
        {
                return -1;
        if (status == -1)
        {
                return -1;
@@ -2098,17 +2492,16 @@ daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap
        samp_param->value = ntohl(rpcap_samp.value);
 
        // A response is needed, otherwise the other host does not know that everything went well
        samp_param->value = ntohl(rpcap_samp.value);
 
        // A response is needed, otherwise the other host does not know that everything went well
-       rpcap_createhdr(&header, pars->protocol_version,
-           RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
+       rpcap_createhdr(&header, ver, RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
 
 
-       if (sock_send(pars->sockctrl_out, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
+       if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
        {
-               // That failed; log a messsage and give up.
+               // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
 
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
 
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
        {
                return -1;
        }
        {
                return -1;
        }
@@ -2116,8 +2509,8 @@ daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap
        return 0;
 
 error:
        return 0;
 
 error:
-       if (rpcap_senderror(pars->sockctrl_out, pars->protocol_version,
-           PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1)
+       if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_SETSAMPLING,
+           errmsgbuf, errbuf) == -1)
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -2125,7 +2518,7 @@ error:
        }
 
        // Check if all the data has been read; if not, discard the data in excess
        }
 
        // Check if all the data has been read; if not, discard the data in excess
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
        {
                return -1;
        }
        {
                return -1;
        }
@@ -2134,7 +2527,9 @@ error:
 }
 
 static int
 }
 
 static int
-daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32 plen, struct pcap_stat *stats, unsigned int svrcapt)
+daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session, uint32 plen, struct pcap_stat *stats,
+    unsigned int svrcapt)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
@@ -2143,7 +2538,7 @@ daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32
        struct rpcap_stats *netstats;           // statistics sent on the network
 
        // Checks that the header does not contain other data; if so, discard it
        struct rpcap_stats *netstats;           // statistics sent on the network
 
        // Checks that the header does not contain other data; if so, discard it
-       if (rpcapd_discard(pars->sockctrl_in, plen) == -1)
+       if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
        {
                // Network error.
                return -1;
        {
                // Network error.
                return -1;
@@ -2153,7 +2548,7 @@ daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32
            &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
            &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
-       rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
+       rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
            RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
 
        netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
            RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
 
        netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
@@ -2166,7 +2561,7 @@ daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32
        {
                if (pcap_stats(session->fp, stats) == -1)
                {
        {
                if (pcap_stats(session->fp, stats) == -1)
                {
-                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp));
+                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp));
                        goto error;
                }
 
                        goto error;
                }
 
@@ -2187,7 +2582,7 @@ daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32
        }
 
        // Send the packet
        }
 
        // Send the packet
-       if (sock_send(pars->sockctrl_out, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
+       if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        {
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
@@ -2196,8 +2591,8 @@ daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32
        return 0;
 
 error:
        return 0;
 
 error:
-       rpcap_senderror(pars->sockctrl_out, pars->protocol_version,
-           PCAP_ERR_GETSTATS, errmsgbuf, NULL);
+       rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_GETSTATS,
+           errmsgbuf, NULL);
        return 0;
 }
 
        return 0;
 }
 
@@ -2218,6 +2613,9 @@ daemon_thrdatamain(void *ptr)
        char *sendbuf;                                          // temporary buffer in which data to be sent is buffered
        int sendbufidx;                                         // index which keeps the number of bytes currently buffered
        int status;
        char *sendbuf;                                          // temporary buffer in which data to be sent is buffered
        int sendbufidx;                                         // index which keeps the number of bytes currently buffered
        int status;
+#ifndef _WIN32
+       sigset_t sigusr1;                       // signal set with just SIGUSR1
+#endif
 
        session = (struct session *) ptr;
 
 
        session = (struct session *) ptr;
 
@@ -2230,40 +2628,82 @@ daemon_thrdatamain(void *ptr)
        // We need a buffer large enough to hold a buffer large enough
        // for a maximum-size packet for this pcap_t.
        //
        // We need a buffer large enough to hold a buffer large enough
        // for a maximum-size packet for this pcap_t.
        //
-       sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp);
-       sendbuf = (char *) malloc (sendbufsize);
-       if (sendbuf == NULL)
+       if (pcap_snapshot(session->fp) < 0)
        {
        {
+               //
+               // The snapshot length is negative.
+               // This "should not happen".
+               //
                rpcapd_log(LOGPRIO_ERROR,
                rpcapd_log(LOGPRIO_ERROR,
-                   "Unable to allocate the buffer for this child thread");
+                   "Unable to allocate the buffer for this child thread: snapshot length of %d is negative",
+                       pcap_snapshot(session->fp));
+               sendbuf = NULL; // we can't allocate a buffer, so nothing to free
                goto error;
        }
                goto error;
        }
-
-#ifndef _WIN32
-       // Modify thread params so that it can be killed at any time
-       retval = pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
-       if (retval != 0)
+       //
+       // size_t is unsigned, and the result of pcap_snapshot() is signed;
+       // on no platform that we support is int larger than size_t.
+       // This means that, unless the extra information we prepend to
+       // a maximum-sized packet is impossibly large, the sum of the
+       // snapshot length and the size of that extra information will
+       // fit in a size_t.
+       //
+       // So we don't need to make sure that sendbufsize will overflow.
+       //
+       // However, we *do* need to make sure its value fits in an int,
+       // because sock_send() can't send more than INT_MAX bytes (it could
+       // do so on 64-bit UN*Xes, but can't do so on Windows, not even
+       // 64-bit Windows, as the send() buffer size argument is an int
+       // in Winsock).
+       //
+       sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp);
+       if (sendbufsize > INT_MAX)
        {
        {
-               pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
-                   retval, "pthread_setcancelstate");
                rpcapd_log(LOGPRIO_ERROR,
                rpcapd_log(LOGPRIO_ERROR,
-                   "Can't set cancel state on data thread: %s", errbuf);
+                   "Buffer size for this child thread would be larger than %d",
+                   INT_MAX);
+               sendbuf = NULL; // we haven't allocated a buffer, so nothing to free
                goto error;
        }
                goto error;
        }
-       retval = pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
-       if (retval != 0)
+       sendbuf = (char *) malloc (sendbufsize);
+       if (sendbuf == NULL)
        {
        {
-               pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
-                   retval, "pthread_setcanceltype");
                rpcapd_log(LOGPRIO_ERROR,
                rpcapd_log(LOGPRIO_ERROR,
-                   "Can't set cancel type on data thread: %s", errbuf);
+                   "Unable to allocate the buffer for this child thread");
                goto error;
        }
                goto error;
        }
+
+#ifndef _WIN32
+       //
+       // Set the signal set to include just SIGUSR1, and block that
+       // signal; we only want it unblocked when we're reading
+       // packets - we dn't want any other system calls, such as
+       // ones being used to send to the client or to log messages,
+       // to be interrupted.
+       //
+       sigemptyset(&sigusr1);
+       sigaddset(&sigusr1, SIGUSR1);
+       pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
 #endif
 
        // Retrieve the packets
 #endif
 
        // Retrieve the packets
-       while ((retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data)) >= 0)     // cast to avoid a compiler warning
+       for (;;)
        {
        {
+#ifndef _WIN32
+               //
+               // Unblock SIGUSR1 while we might be waiting for packets.
+               //
+               pthread_sigmask(SIG_UNBLOCK, &sigusr1, NULL);
+#endif
+               retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data);   // cast to avoid a compiler warning
+#ifndef _WIN32
+               //
+               // Now block it again.
+               //
+               pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
+#endif
+               if (retval < 0)
+                       break;          // error
                if (retval == 0)        // Read timeout elapsed
                        continue;
 
                if (retval == 0)        // Read timeout elapsed
                        continue;
 
@@ -2271,7 +2711,7 @@ daemon_thrdatamain(void *ptr)
 
                // Bufferize the general header
                if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
 
                // Bufferize the general header
                if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
-                   &sendbufidx, sendbufsize, SOCKBUF_CHECKONLY, errbuf,
+                   &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
                    PCAP_ERRBUF_SIZE) == -1)
                {
                        rpcapd_log(LOGPRIO_ERROR,
                    PCAP_ERRBUF_SIZE) == -1)
                {
                        rpcapd_log(LOGPRIO_ERROR,
@@ -2288,7 +2728,7 @@ daemon_thrdatamain(void *ptr)
 
                // Bufferize the pkt header
                if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL,
 
                // Bufferize the pkt header
                if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL,
-                   &sendbufidx, sendbufsize, SOCKBUF_CHECKONLY, errbuf,
+                   &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
                    PCAP_ERRBUF_SIZE) == -1)
                {
                        rpcapd_log(LOGPRIO_ERROR,
                    PCAP_ERRBUF_SIZE) == -1)
                {
                        rpcapd_log(LOGPRIO_ERROR,
@@ -2300,12 +2740,16 @@ daemon_thrdatamain(void *ptr)
                net_pkt_header->caplen = htonl(pkt_header->caplen);
                net_pkt_header->len = htonl(pkt_header->len);
                net_pkt_header->npkt = htonl(++(session->TotCapt));
                net_pkt_header->caplen = htonl(pkt_header->caplen);
                net_pkt_header->len = htonl(pkt_header->len);
                net_pkt_header->npkt = htonl(++(session->TotCapt));
-               net_pkt_header->timestamp_sec = htonl(pkt_header->ts.tv_sec);
-               net_pkt_header->timestamp_usec = htonl(pkt_header->ts.tv_usec);
+               //
+               // This protocol needs to be updated with a new version
+               // before 2038-01-19 03:14:07 UTC.
+               //
+               net_pkt_header->timestamp_sec = htonl((uint32)pkt_header->ts.tv_sec);
+               net_pkt_header->timestamp_usec = htonl((uint32)pkt_header->ts.tv_usec);
 
                // Bufferize the pkt data
                if (sock_bufferize((char *) pkt_data, pkt_header->caplen,
 
                // Bufferize the pkt data
                if (sock_bufferize((char *) pkt_data, pkt_header->caplen,
-                   sendbuf, &sendbufidx, sendbufsize, SOCKBUF_BUFFERIZE,
+                   sendbuf, &sendbufidx, (int)sendbufsize, SOCKBUF_BUFFERIZE,
                    errbuf, PCAP_ERRBUF_SIZE) == -1)
                {
                        rpcapd_log(LOGPRIO_ERROR,
                    errbuf, PCAP_ERRBUF_SIZE) == -1)
                {
                        rpcapd_log(LOGPRIO_ERROR,
@@ -2317,7 +2761,7 @@ daemon_thrdatamain(void *ptr)
                // Send the packet
                // If the client dropped the connection, don't report an
                // error, just quit.
                // Send the packet
                // If the client dropped the connection, don't report an
                // error, just quit.
-               status = sock_send(session->sockdata, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE);
+               status = sock_send(session->sockdata, session->data_ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE);
                if (status < 0)
                {
                        if (status == -1)
                if (status < 0)
                {
                        if (status == -1)
@@ -2339,23 +2783,40 @@ daemon_thrdatamain(void *ptr)
                }
        }
 
                }
        }
 
-       if (retval == -1)
+       if (retval < 0 && retval != PCAP_ERROR_BREAK)
        {
        {
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
-               rpcap_senderror(session->sockctrl_out, session->protocol_version,
+               //
+               // Failed with an error other than "we were told to break
+               // out of the loop".
+               //
+               // The latter just means that the client told us to stop
+               // capturing, so there's no error to report.
+               //
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
+               rpcap_senderror(session->sockctrl, session->ctrl_ssl, session->protocol_version,
                    PCAP_ERR_READEX, errbuf, NULL);
                    PCAP_ERR_READEX, errbuf, NULL);
-               goto error;
        }
 
 error:
        }
 
 error:
-       closesocket(session->sockdata);
-       session->sockdata = 0;
-
+       //
+       // The main thread will clean up the session structure.
+       //
        free(sendbuf);
 
        return 0;
 }
 
        free(sendbuf);
 
        return 0;
 }
 
+#ifndef _WIN32
+//
+// Do-nothing handler for SIGUSR1; the sole purpose of SIGUSR1 is to
+// interrupt the data thread if it's blocked in a system call waiting
+// for packets to arrive.
+//
+static void noop_handler(int sign _U_)
+{
+}
+#endif
+
 /*!
        \brief It serializes a network address.
 
 /*!
        \brief It serializes a network address.
 
@@ -2380,19 +2841,25 @@ daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *socka
        if (sockaddrin == NULL) return;
 
        // Warning: we support only AF_INET and AF_INET6
        if (sockaddrin == NULL) return;
 
        // Warning: we support only AF_INET and AF_INET6
+       //
+       // Note: as noted above, the output structures are not
+       // neatly aligned on 4-byte boundaries, so we must fill
+       // in an aligned structure and then copy it to the output
+       // buffer with memcpy().
        switch (sockaddrin->ss_family)
        {
        case AF_INET:
                {
                struct sockaddr_in *sockaddrin_ipv4;
        switch (sockaddrin->ss_family)
        {
        case AF_INET:
                {
                struct sockaddr_in *sockaddrin_ipv4;
-               struct rpcap_sockaddr_in *sockaddrout_ipv4;
+               struct rpcap_sockaddr_in sockaddrout_ipv4;
 
                sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
 
                sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
-               sockaddrout_ipv4 = (struct rpcap_sockaddr_in *) sockaddrout;
-               sockaddrout_ipv4->family = htons(RPCAP_AF_INET);
-               sockaddrout_ipv4->port = htons(sockaddrin_ipv4->sin_port);
-               memcpy(&sockaddrout_ipv4->addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4->addr));
-               memset(sockaddrout_ipv4->zero, 0, sizeof(sockaddrout_ipv4->zero));
+
+               sockaddrout_ipv4.family = htons(RPCAP_AF_INET);
+               sockaddrout_ipv4.port = htons(sockaddrin_ipv4->sin_port);
+               memcpy(&sockaddrout_ipv4.addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4.addr));
+               memset(sockaddrout_ipv4.zero, 0, sizeof(sockaddrout_ipv4.zero));
+               memcpy(sockaddrout, &sockaddrout_ipv4, sizeof(struct rpcap_sockaddr_in));
                break;
                }
 
                break;
                }
 
@@ -2400,15 +2867,16 @@ daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *socka
        case AF_INET6:
                {
                struct sockaddr_in6 *sockaddrin_ipv6;
        case AF_INET6:
                {
                struct sockaddr_in6 *sockaddrin_ipv6;
-               struct rpcap_sockaddr_in6 *sockaddrout_ipv6;
+               struct rpcap_sockaddr_in6 sockaddrout_ipv6;
 
                sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
 
                sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
-               sockaddrout_ipv6 = (struct rpcap_sockaddr_in6 *) sockaddrout;
-               sockaddrout_ipv6->family = htons(RPCAP_AF_INET6);
-               sockaddrout_ipv6->port = htons(sockaddrin_ipv6->sin6_port);
-               sockaddrout_ipv6->flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
-               memcpy(&sockaddrout_ipv6->addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6->addr));
-               sockaddrout_ipv6->scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
+
+               sockaddrout_ipv6.family = htons(RPCAP_AF_INET6);
+               sockaddrout_ipv6.port = htons(sockaddrin_ipv6->sin6_port);
+               sockaddrout_ipv6.flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
+               memcpy(&sockaddrout_ipv6.addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6.addr));
+               sockaddrout_ipv6.scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
+               memcpy(sockaddrout, &sockaddrout_ipv6, sizeof(struct rpcap_sockaddr_in6));
                break;
                }
 #endif
                break;
                }
 #endif
@@ -2421,6 +2889,7 @@ daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *socka
 */
 void sleep_secs(int secs)
 {
 */
 void sleep_secs(int secs)
 {
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 #ifdef _WIN32
        Sleep(secs*1000);
 #else
 #ifdef _WIN32
        Sleep(secs*1000);
 #else
@@ -2432,18 +2901,19 @@ void sleep_secs(int secs)
        while (secs_remaining != 0)
                secs_remaining = sleep(secs_remaining);
 #endif
        while (secs_remaining != 0)
                secs_remaining = sleep(secs_remaining);
 #endif
+#endif
 }
 
 /*
  * Read the header of a message.
  */
 static int
 }
 
 /*
  * Read the header of a message.
  */
 static int
-rpcapd_recv_msg_header(SOCKET sock, struct rpcap_header *headerp)
+rpcapd_recv_msg_header(SOCKET sock, SSL *ssl, struct rpcap_header *headerp)
 {
        int nread;
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
 
 {
        int nread;
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
 
-       nread = sock_recv(sock, (char *) headerp, sizeof(struct rpcap_header),
+       nread = sock_recv(sock, ssl, (char *) headerp, sizeof(struct rpcap_header),
            SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, errbuf, PCAP_ERRBUF_SIZE);
        if (nread == -1)
        {
            SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, errbuf, PCAP_ERRBUF_SIZE);
        if (nread == -1)
        {
@@ -2470,7 +2940,7 @@ rpcapd_recv_msg_header(SOCKET sock, struct rpcap_header *headerp)
  * error.
  */
 static int
  * error.
  */
 static int
-rpcapd_recv(SOCKET sock, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf)
+rpcapd_recv(SOCKET sock, SSL *ssl, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf)
 {
        int nread;
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
 {
        int nread;
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
@@ -2478,10 +2948,10 @@ rpcapd_recv(SOCKET sock, char *buffer, size_t toread, uint32 *plen, char *errmsg
        if (toread > *plen)
        {
                // Tell the client and continue.
        if (toread > *plen)
        {
                // Tell the client and continue.
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
                return -2;
        }
                return -2;
        }
-       nread = sock_recv(sock, buffer, toread,
+       nread = sock_recv(sock, ssl, buffer, toread,
            SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
        if (nread == -1)
        {
            SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
        if (nread == -1)
        {
@@ -2499,13 +2969,13 @@ rpcapd_recv(SOCKET sock, char *buffer, size_t toread, uint32 *plen, char *errmsg
  * error.
  */
 static int
  * error.
  */
 static int
-rpcapd_discard(SOCKET sock, uint32 len)
+rpcapd_discard(SOCKET sock, SSL *ssl, uint32 len)
 {
        char errbuf[PCAP_ERRBUF_SIZE + 1];      // keeps the error string, prior to be printed
 
        if (len != 0)
        {
 {
        char errbuf[PCAP_ERRBUF_SIZE + 1];      // keeps the error string, prior to be printed
 
        if (len != 0)
        {
-               if (sock_discard(sock, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
+               if (sock_discard(sock, ssl, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
                {
                        // Network error.
                        rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
                {
                        // Network error.
                        rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
@@ -2514,3 +2984,163 @@ rpcapd_discard(SOCKET sock, uint32 len)
        }
        return 0;
 }
        }
        return 0;
 }
+
+//
+// Shut down any packet-capture thread associated with the session,
+// close the SSL handle for the data socket if we have one, close
+// the data socket if we have one, and close the underlying packet
+// capture handle if we have one.
+//
+// We do not, of course, touch the controlling socket that's also
+// copied into the session, as the service loop might still use it.
+//
+static void session_close(struct session *session)
+{
+       if (session->have_thread)
+       {
+               //
+               // Tell the data connection thread main capture loop to
+               // break out of that loop.
+               //
+               // This may be sufficient to wake up a blocked thread,
+               // but it's not guaranteed to be sufficient.
+               //
+               pcap_breakloop(session->fp);
+
+#ifdef _WIN32
+               //
+               // Set the event on which a read would block, so that,
+               // if it's currently blocked waiting for packets to
+               // arrive, it'll wake up, so it can see the "break
+               // out of the loop" indication.  (pcap_breakloop()
+               // might do this, but older versions don't.  Setting
+               // it twice should, at worst, cause an extra wakeup,
+               // which shouldn't be a problem.)
+               //
+               // XXX - what about modules other than NPF?
+               //
+               SetEvent(pcap_getevent(session->fp));
+
+               //
+               // Wait for the thread to exit, so we don't close
+               // sockets out from under it.
+               //
+               // XXX - have a timeout, so we don't wait forever?
+               //
+               WaitForSingleObject(session->thread, INFINITE);
+
+               //
+               // Release the thread handle, as we're done with
+               // it.
+               //
+               CloseHandle(session->thread);
+               session->have_thread = 0;
+               session->thread = INVALID_HANDLE_VALUE;
+#else
+               //
+               // Send a SIGUSR1 signal to the thread, so that, if
+               // it's currently blocked waiting for packets to arrive,
+               // it'll wake up (we've turned off SA_RESTART for
+               // SIGUSR1, so that the system call in which it's blocked
+               // should return EINTR rather than restarting).
+               //
+               pthread_kill(session->thread, SIGUSR1);
+
+               //
+               // Wait for the thread to exit, so we don't close
+               // sockets out from under it.
+               //
+               // XXX - have a timeout, so we don't wait forever?
+               //
+               pthread_join(session->thread, NULL);
+               session->have_thread = 0;
+               memset(&session->thread, 0, sizeof(session->thread));
+#endif
+       }
+
+#ifdef HAVE_OPENSSL
+       if (session->data_ssl)
+       {
+               // Finish using the SSL handle for the socket.
+               // This must be done *before* the socket is closed.
+               ssl_finish(session->data_ssl);
+               session->data_ssl = NULL;
+       }
+#endif
+
+       if (session->sockdata != INVALID_SOCKET)
+       {
+               sock_close(session->sockdata, NULL, 0);
+               session->sockdata = INVALID_SOCKET;
+       }
+
+       if (session->fp)
+       {
+               pcap_close(session->fp);
+               session->fp = NULL;
+       }
+}
+
+//
+// Check whether a capture source string is a URL or not.
+// This includes URLs that refer to a local device; a scheme, followed
+// by ://, followed by *another* scheme and ://, is just silly, and
+// anybody who supplies that will get an error.
+//
+static int
+is_url(const char *source)
+{
+       char *colonp;
+
+       /*
+        * RFC 3986 says:
+        *
+        *   URI         = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
+        *
+        *   hier-part   = "//" authority path-abempty
+        *               / path-absolute
+        *               / path-rootless
+        *               / path-empty
+        *
+        *   authority   = [ userinfo "@" ] host [ ":" port ]
+        *
+        *   userinfo    = *( unreserved / pct-encoded / sub-delims / ":" )
+        *
+        * Step 1: look for the ":" at the end of the scheme.
+        * A colon in the source is *NOT* sufficient to indicate that
+        * this is a URL, as interface names on some platforms might
+        * include colons (e.g., I think some Solaris interfaces
+        * might).
+        */
+       colonp = strchr(source, ':');
+       if (colonp == NULL)
+       {
+               /*
+                * The source is the device to open.  It's not a URL.
+                */
+               return (0);
+       }
+
+       /*
+        * All schemes must have "//" after them, i.e. we only support
+        * hier-part   = "//" authority path-abempty, not
+        * hier-part   = path-absolute
+        * hier-part   = path-rootless
+        * hier-part   = path-empty
+        *
+        * We need that in order to distinguish between a local device
+        * name that happens to contain a colon and a URI.
+        */
+       if (strncmp(colonp + 1, "//", 2) != 0)
+       {
+               /*
+                * The source is the device to open.  It's not a URL.
+                */
+               return (0);
+       }
+
+       /*
+        * It's a URL.
+        */
+       return (1);
+}
[mirror] the LIBpcap interface to various kernel packet capture mechanism