Google Git
Sign in
android / platform / external / libpcap / b54d9a7d / . / rpcapd / daemon.c
blob: c77ed00fd3749572dd45f271e3bad224136331c1 [file] [log] [blame]
/*
* Copyright (c) 2002 - 2003
* NetGroup, Politecnico di Torino (Italy)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Politecnico di Torino nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "ftmacros.h"
#include <pcap.h> // for libpcap/WinPcap calls
#include <errno.h> // for the errno variable
#include <stdlib.h> // for malloc(), free(), ...
#include <string.h> // for strlen(), ...
#include <pthread.h>
#include "sockutils.h" // for socket calls
#include "rpcap-protocol.h"
#include "daemon.h"
#ifndef _WIN32 // for select() and such
#include <unistd.h>
#include <sys/time.h>
#include <sys/types.h>
#include <pwd.h> // for password management
#endif
#ifdef HAVE_GETSPNAM
#include <shadow.h> // for password management
#endif
#define RPCAP_TIMEOUT_INIT 90 /* Initial timeout for RPCAP connections (default: 90 sec) */
#define RPCAP_TIMEOUT_RUNTIME 180 /* Run-time timeout for RPCAP connections (default: 3 min) */
#define RPCAP_SUSPEND_WRONGAUTH 1 /* If the authentication is wrong, stops 1 sec before accepting a new auth message */
/*
* Data for a session managed by a thread.
*/
struct session {
SOCKET sockctrl;
SOCKET sockdata;
pcap_t *fp;
unsigned int TotCapt;
};
// Locally defined functions
static int daemon_checkauth(SOCKET sockctrl, int nullAuthAllowed, char *errbuf);
static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
static int daemon_findalldevs(SOCKET sockctrl, char *errbuf);
static int daemon_opensource(SOCKET sockctrl, char *source, int srclen, uint32 plen, char *errbuf);
static struct session *daemon_startcapture(SOCKET sockctrl, pthread_t *threaddata, char *source, int active,
struct rpcap_sampling *samp_param, uint32 plen, char *errbuf);
static int daemon_endcapture(struct session *session, pthread_t *threaddata, char *errbuf);
static int daemon_updatefilter(struct session *session, uint32 plen);
static int daemon_unpackapplyfilter(struct session *session, uint32 *totread, uint32 *plen, char *errbuf);
static int daemon_getstats(struct session *session);
static int daemon_getstatsnopcap(SOCKET sockctrl, unsigned int ifdrops, unsigned int ifrecv,
unsigned int krnldrop, unsigned int svrcapt, char *errbuf);
static int daemon_setsampling(SOCKET sockctrl, struct rpcap_sampling *samp_param, int plen, char *errbuf);
static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
static void *daemon_thrdatamain(void *ptr);
/*!
\brief Main serving function
This function is the one which does the job. It is the main() of the child
thread, which is created as soon as a new connection is accepted.
\param ptr: a void pointer that keeps the reference of the 'pthread_chain'
value corrisponding to this thread. This variable is casted into a 'pthread_chain'
value in order to retrieve the socket we're currently using, the thread ID, and
some pointers to the previous and next elements into this struct.
\return None.
*/
void daemon_serviceloop(void *ptr)
{
char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
char source[PCAP_BUF_SIZE]; // keeps the string that contains the interface to open
struct rpcap_header header; // RPCAP message general header
struct session *session = NULL; // struct session main variable
struct daemon_slpars *pars; // parameters related to the present daemon loop
pthread_t threaddata = 0; // handle to the 'read from daemon and send to client' thread
unsigned int ifdrops, ifrecv, krnldrop, svrcapt; // needed to save the values of the statistics
struct rpcap_sampling samp_param; // in case sampling has been requested
// Structures needed for the select() call
fd_set rfds; // set of socket descriptors we have to check
struct timeval tv; // maximum time the select() can block waiting for data
int retval; // select() return value
pars = (struct daemon_slpars *) ptr;
*errbuf = 0; // Initialize errbuf
// If we're in active mode, this is not a separate thread
if (! pars->isactive)
{
// Modify thread params so that it can be killed at any time
if (pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL))
goto end;
if (pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL))
goto end;
}
auth_again:
// If we're in active mode, we have to check for the initial timeout
if (!pars->isactive)
{
FD_ZERO(&rfds);
// We do not have to block here
tv.tv_sec = RPCAP_TIMEOUT_INIT;
tv.tv_usec = 0;
FD_SET(pars->sockctrl, &rfds);
retval = select(pars->sockctrl + 1, &rfds, NULL, NULL, &tv);
if (retval == -1)
{
sock_geterror("select(): ", errbuf, PCAP_ERRBUF_SIZE);
rpcap_senderror(pars->sockctrl, errbuf, PCAP_ERR_NETW, NULL);
goto end;
}
// The timeout has expired
// So, this was a fake connection. Drop it down
if (retval == 0)
{
rpcap_senderror(pars->sockctrl, "The RPCAP initial timeout has expired", PCAP_ERR_INITTIMEOUT, NULL);
goto end;
}
}
retval = daemon_checkauth(pars->sockctrl, pars->nullAuthAllowed, errbuf);
if (retval)
{
// the other user requested to close the connection
// It can be also the case of 'active mode', in which this host is not
// allowed to connect to the other peer; in that case, it drops down the connection
if (retval == -3)
goto end;
// It can be an authentication failure or an unrecoverable error
rpcap_senderror(pars->sockctrl, errbuf, PCAP_ERR_AUTH, NULL);
// authentication error
if (retval == -2)
{
// suspend for 1 sec
// WARNING: this day is inserted only in this point; if the user drops down the connection
// and it connects again, this suspension time does not have any effects.
pthread_suspend(RPCAP_SUSPEND_WRONGAUTH*1000);
goto auth_again;
}
// Unrecoverable error
if (retval == -1)
goto end;
}
while (1)
{
errbuf[0] = 0; // clear errbuf
// Avoid zombies connections; check if the connection is opens but no commands are performed
// from more than RPCAP_TIMEOUT_RUNTIME
// Conditions:
// - I have to be in normal mode (no active mode)
// - if the device is open, I don't have to be in the middle of a capture (session->sockdata)
// - if the device is closed, I have always to check if a new command arrives
//
// Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
// sockdata is 0
if ((!pars->isactive) && ((session == NULL) || ((session != NULL) && (session->sockdata == 0))))
{
// Check for the initial timeout
FD_ZERO(&rfds);
// We do not have to block here
tv.tv_sec = RPCAP_TIMEOUT_RUNTIME;
tv.tv_usec = 0;
FD_SET(pars->sockctrl, &rfds);
retval = select(pars->sockctrl + 1, &rfds, NULL, NULL, &tv);
if (retval == -1)
{
sock_geterror("select(): ", errbuf, PCAP_ERRBUF_SIZE);
rpcap_senderror(pars->sockctrl, errbuf, PCAP_ERR_NETW, NULL);
goto end;
}
// The timeout has expired
// So, this was a fake connection. Drop it down
if (retval == 0)
{
SOCK_ASSERT("The RPCAP runtime timeout has expired", 1);
rpcap_senderror(pars->sockctrl, "The RPCAP runtime timeout has expired", PCAP_ERR_RUNTIMETIMEOUT, NULL);
goto end;
}
}
if (sock_recv(pars->sockctrl, (char *) &header, sizeof(struct rpcap_header), SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto end;
// Checks if the message is correct
// In case it is wrong, it discard the data
retval = rpcap_checkmsg(errbuf, pars->sockctrl, &header,
RPCAP_MSG_FINDALLIF_REQ,
RPCAP_MSG_OPEN_REQ,
RPCAP_MSG_STARTCAP_REQ,
RPCAP_MSG_UPDATEFILTER_REQ,
RPCAP_MSG_STATS_REQ,
RPCAP_MSG_ENDCAP_REQ,
RPCAP_MSG_SETSAMPLING_REQ,
RPCAP_MSG_CLOSE,
RPCAP_MSG_ERROR,
0);
switch (retval)
{
case -3: // Unrecoverable network error
goto end; // Do nothing; just exit from findalldevs; the error code is already into the errbuf
case -2: // The other endpoint send a message that is not allowed here
{
rpcap_senderror(pars->sockctrl, "The RPCAP daemon received a message that is not valid", PCAP_ERR_WRONGMSG, errbuf);
}
case -1: // The other endpoint has a version number that is not compatible with our
{
rpcap_senderror(pars->sockctrl, "RPCAP version number mismatch", PCAP_ERR_WRONGVER, errbuf);
}
break;
case RPCAP_MSG_FINDALLIF_REQ:
{
// Checks that the header does not contain other data; if so, discard it
if (ntohl(header.plen))
sock_discard(pars->sockctrl, ntohl(header.plen), errbuf, PCAP_ERRBUF_SIZE);
if (daemon_findalldevs(pars->sockctrl, errbuf))
SOCK_ASSERT(errbuf, 1);
break;
};
case RPCAP_MSG_OPEN_REQ:
{
retval = daemon_opensource(pars->sockctrl, source, sizeof(source), ntohl(header.plen), errbuf);
if (retval == -1)
SOCK_ASSERT(errbuf, 1);
break;
};
case RPCAP_MSG_SETSAMPLING_REQ:
{
retval = daemon_setsampling(pars->sockctrl, &samp_param, ntohl(header.plen), errbuf);
if (retval == -1)
SOCK_ASSERT(errbuf, 1);
break;
};
case RPCAP_MSG_STARTCAP_REQ:
{
session = daemon_startcapture(pars->sockctrl, &threaddata, source, pars->isactive, &samp_param, ntohl(header.plen), errbuf);
if (session == NULL)
SOCK_ASSERT(errbuf, 1);
break;
};
case RPCAP_MSG_UPDATEFILTER_REQ:
{
if (session)
{
if (daemon_updatefilter(session, ntohl(header.plen)))
SOCK_ASSERT(pcap_geterr(session->fp), 1);
}
else
{
rpcap_senderror(pars->sockctrl, "Device not opened. Cannot update filter", PCAP_ERR_UPDATEFILTER, errbuf);
}
break;
};
case RPCAP_MSG_STATS_REQ:
{
// Checks that the header does not contain other data; if so, discard it
if (ntohl(header.plen))
sock_discard(pars->sockctrl, ntohl(header.plen), errbuf, PCAP_ERRBUF_SIZE);
if (session && session->fp)
{
if (daemon_getstats(session))
SOCK_ASSERT(pcap_geterr(session->fp), 1);
}
else
{
SOCK_ASSERT("GetStats: this call shouldn't be allowed here", 1);
if (daemon_getstatsnopcap(pars->sockctrl, ifdrops, ifrecv, krnldrop, svrcapt, errbuf))
SOCK_ASSERT(errbuf, 1);
// we have to keep compatibility with old applications, which ask for statistics
// also when the capture has already stopped
// rpcap_senderror(pars->sockctrl, "Device not opened. Cannot get statistics", PCAP_ERR_GETSTATS, errbuf);
}
break;
};
case RPCAP_MSG_ENDCAP_REQ: // The other endpoint close the current capture session
{
if (session && session->fp)
{
struct pcap_stat stats;
// Save statistics (we can need them in the future)
if (pcap_stats(session->fp, &stats))
{
ifdrops = stats.ps_ifdrop;
ifrecv = stats.ps_recv;
krnldrop = stats.ps_drop;
svrcapt = session->TotCapt;
}
else
ifdrops = ifrecv = krnldrop = svrcapt = 0;
if (daemon_endcapture(session, &threaddata, errbuf))
SOCK_ASSERT(pcap_geterr(session->fp), 1);
free(session);
session = NULL;
}
else
{
rpcap_senderror(pars->sockctrl, "Device not opened. Cannot close the capture", PCAP_ERR_ENDCAPTURE, errbuf);
}
break;
};
case RPCAP_MSG_CLOSE: // The other endpoint close the pcap session
{
// signal to the main that the user closed the control connection
// This is used only in case of active mode
pars->activeclose = 1;
SOCK_ASSERT("The other end system asked to close the connection.", 1);
goto end;
break;
};
case RPCAP_MSG_ERROR: // The other endpoint reported an error
{
// Do nothing; just exit; the error code is already into the errbuf
SOCK_ASSERT(errbuf, 1);
break;
};
default:
{
SOCK_ASSERT("Internal error.", 1);
break;
};
}
}
end:
// The child thread is about to end
// perform pcap_t cleanup, in case it has not been done
if (session)
{
if (threaddata)
{
pthread_cancel(threaddata);
threaddata = 0;
}
if (session->sockdata)
{
sock_close(session->sockdata, NULL, 0);
session->sockdata = 0;
}
pcap_close(session->fp);
free(session);
session = NULL;
}
// Print message and exit
SOCK_ASSERT("I'm exiting from the child loop", 1);
SOCK_ASSERT(errbuf, 1);
if (!pars->isactive)
{
if (pars->sockctrl)
sock_close(pars->sockctrl, NULL, 0);
free(pars);
#ifdef _WIN32
pthread_exit(0);
#endif
}
}
/*!
\brief It checks if the authentication credentials supplied by the user are valid.
This function is called each time the rpcap daemon starts a new serving thread.
It reads the authentication message from the network and it checks that the
user information are valid.
\param sockctrl: the socket if of the control connection.
\param nullAuthAllowed: '1' if the NULL authentication is allowed.
\param errbuf: a user-allocated buffer in which the error message (if one) has to be written.
\return '0' if everything is fine, '-1' if an unrecoverable error occurred.
The error message is returned in the 'errbuf' variable.
'-2' is returned in case the authentication failed or in case of a recoverable error (like
wrong version). In that case, 'errbuf' keeps the reason of the failure. This provides
a way to know that the connection does not have to be closed.
In case the message is a 'CLOSE' or an 'ERROR', it returns -3. The error can be due to a
connection refusal in active mode, since this host cannot be allowed to connect to the remote
peer.
*/
int daemon_checkauth(SOCKET sockctrl, int nullAuthAllowed, char *errbuf)
{
struct rpcap_header header; // RPCAP message general header
int retval; // generic return value
uint32 totread = 0; // number of bytes of the payload read from the socket
int nread;
struct rpcap_auth auth; // RPCAP authentication header
unsigned int plen; // length of the payload
int retcode; // the value we have to return to the caller
if (sock_recv(sockctrl, (char *) &header, sizeof(struct rpcap_header), SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
plen = ntohl(header.plen);
retval = rpcap_checkmsg(errbuf, sockctrl, &header,
RPCAP_MSG_AUTH_REQ,
RPCAP_MSG_CLOSE,
0);
if (retval != RPCAP_MSG_AUTH_REQ)
{
switch (retval)
{
case -3: // Unrecoverable network error
return -1; // Do nothing; just exit; the error code is already into the errbuf
case -2: // The other endpoint send a message that is not allowed here
case -1: // The other endpoint has a version number that is not compatible with our
return -2;
case RPCAP_MSG_CLOSE:
{
// Check if all the data has been read; if not, discard the data in excess
if (ntohl(header.plen))
{
if (sock_discard(sockctrl, ntohl(header.plen), NULL, 0))
return -1;
}
return -3;
};
case RPCAP_MSG_ERROR:
return -3;
default:
{
SOCK_ASSERT("Internal error.", 1);
retcode = -2;
goto error;
};
}
}
// If it comes here, it means that we have an authentication request message
nread = sock_recv(sockctrl, (char *) &auth, sizeof(struct rpcap_auth),
SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE);
if (nread == -1)
{
retcode = -1;
goto error;
}
totread += nread;
switch (ntohs(auth.type))
{
case RPCAP_RMTAUTH_NULL:
{
if (!nullAuthAllowed)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed; NULL authentication not permitted.");
retcode = -2;
goto error;
}
break;
}
case RPCAP_RMTAUTH_PWD:
{
char *username, *passwd;
int usernamelen, passwdlen;
usernamelen = ntohs(auth.slen1);
passwdlen = ntohs(auth.slen2);
username = (char *) malloc (usernamelen + 1);
passwd = (char *) malloc (passwdlen + 1);
if ((username == NULL) || (passwd == NULL))
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc() failed: %s", pcap_strerror(errno));
retcode = -1;
goto error;
}
nread = sock_recv(sockctrl, username, usernamelen,
SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE);
if (nread == -1)
{
free(username);
free(passwd);
retcode = -1;
goto error;
}
totread += nread;
nread = sock_recv(sockctrl, passwd, passwdlen,
SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE);
if (nread == -1)
{
free(username);
free(passwd);
retcode = -1;
goto error;
}
totread += nread;
username[usernamelen] = 0;
passwd[passwdlen] = 0;
if (daemon_AuthUserPwd(username, passwd, errbuf))
{
free(username);
free(passwd);
retcode = -2;
goto error;
}
free(username);
free(passwd);
break;
}
default:
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication type not recognized.");
retcode = -2;
goto error;
}
// Check if all the data has been read; if not, discard the data in excess
if (totread != plen)
{
if (sock_discard(sockctrl, plen - totread, NULL, 0))
{
retcode = -1;
goto error;
}
}
rpcap_createhdr(&header, RPCAP_MSG_AUTH_REPLY, 0, 0);
// Send the ok message back
if (sock_send(sockctrl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
{
retcode = -1;
goto error;
}
return 0;
error:
// Check if all the data has been read; if not, discard the data in excess
if (totread != plen)
sock_discard(sockctrl, plen - totread, NULL, 0);
return retcode;
}
int daemon_AuthUserPwd(char *username, char *password, char *errbuf)
{
#ifdef _WIN32
/*
* Warning: the user which launches the process must have the
* SE_TCB_NAME right.
* This corresponds to have the "Act as part of the Operating System"
* turned on (administrative tools, local security settings, local
* policies, user right assignment)
* However, it seems to me that if you run it as a service, this
* right should be provided by default.
*/
HANDLE Token;
if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
{
int error;
error = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
PCAP_ERRBUF_SIZE, NULL);
return -1;
}
// This call should change the current thread to the selected user.
// I didn't test it.
if (ImpersonateLoggedOnUser(Token) == 0)
{
int error;
error = GetLastError();
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
PCAP_ERRBUF_SIZE, NULL);
CloseHandle(Token);
return -1;
}
CloseHandle(Token);
return 0;
#else
/*
* See
*
* http://www.unixpapa.com/incnote/passwd.html
*
* We use the Solaris/Linux shadow password authentication if
* we have getspnam(), otherwise we just do traditional
* authentication, which, on some platforms, might work, even
* with shadow passwords, if we're running as root. Traditional
* authenticaion won't work if we're not running as root, as
* I think these days all UN*Xes either won't return the password
* at all with getpwnam() or will only do so if you're root.
*
* XXX - perhaps what we *should* be using is PAM, if we have
* it. That might hide all the details of username/password
* authentication, whether it's done with a visible-to-root-
* only password database or some other authentication mechanism,
* behind its API.
*/
struct passwd *user;
char *user_password;
#ifdef HAVE_GETSPNAM
struct spwd *usersp;
#endif
// This call is needed to get the uid
if ((user = getpwnam(username)) == NULL)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: no such user");
return -1;
}
#ifdef HAVE_GETSPNAM
// This call is needed to get the password; otherwise 'x' is returned
if ((usersp = getspnam(username)) == NULL)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: no such user");
return -1;
}
user_password = usersp->sp_pwdp;
#else
/*
* XXX - what about other platforms?
* The unixpapa.com page claims this Just Works on *BSD if you're
* running as root - it's from 2000, so it doesn't indicate whether
* macOS (which didn't come out until 2001, under the name Mac OS
* X) behaves like the *BSDs or not, and might also work on AIX.
* HP-UX does something else.
*
* Again, hopefully PAM hides all that.
*/
user_password = user->pw_passwd;
#endif
if (strcmp(user_password, (char *) crypt(password, user_password)) != 0)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: password incorrect");
return -1;
}
if (setuid(user->pw_uid))
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s", pcap_strerror(errno));
return -1;
}
/* if (setgid(user->pw_gid))
{
SOCK_ASSERT("setgid failed", 1);
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s", pcap_strerror(errno));
return -1;
}
*/
return 0;
#endif
}
// PORTING WARNING We assume u_int is a 32bit value
int daemon_findalldevs(SOCKET sockctrl, char *errbuf)
{
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx = 0; // index which keeps the number of bytes currently buffered
pcap_if_t *alldevs; // pointer to the header of the interface chain
pcap_if_t *d; // temp pointer needed to scan the interface chain
uint16 plen = 0; // length of the payload of this message
struct pcap_addr *address; // pcap structure that keeps a network address of an interface
struct rpcap_findalldevs_if *findalldevs_if;// rpcap structure that packet all the data of an interface together
uint16 nif = 0; // counts the number of interface listed
// Retrieve the device list
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
rpcap_senderror(sockctrl, errbuf, PCAP_ERR_FINDALLIF, NULL);
return -1;
}
if (alldevs == NULL)
{
rpcap_senderror(sockctrl,
"No interfaces found! Make sure libpcap/WinPcap is properly installed"
" and you have the right to access to the remote device.",
PCAP_ERR_NOREMOTEIF,
errbuf);
return -1;
}
// checks the number of interfaces and it computes the total length of the payload
for (d = alldevs; d != NULL; d = d->next)
{
nif++;
if (d->description)
plen+= strlen(d->description);
if (d->name)
plen+= strlen(d->name);
plen+= sizeof(struct rpcap_findalldevs_if);
for (address = d->addresses; address != NULL; address = address->next)
{
/*
* Send only IPv4 and IPv6 addresses over the wire.
*/
switch (address->addr->sa_family)
{
case AF_INET:
#ifdef AF_INET6
case AF_INET6:
#endif
plen+= (sizeof(struct rpcap_sockaddr) * 4);
break;
default:
break;
}
}
}
// RPCAP findalldevs command
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
rpcap_createhdr((struct rpcap_header *) sendbuf, RPCAP_MSG_FINDALLIF_REPLY, nif, plen);
// send the interface list
for (d = alldevs; d != NULL; d = d->next)
{
uint16 lname, ldescr;
findalldevs_if = (struct rpcap_findalldevs_if *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_findalldevs_if), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
memset(findalldevs_if, 0, sizeof(struct rpcap_findalldevs_if));
if (d->description) ldescr = (short) strlen(d->description);
else ldescr = 0;
if (d->name) lname = (short) strlen(d->name);
else lname = 0;
findalldevs_if->desclen = htons(ldescr);
findalldevs_if->namelen = htons(lname);
findalldevs_if->flags = htonl(d->flags);
for (address = d->addresses; address != NULL; address = address->next)
{
/*
* Send only IPv4 and IPv6 addresses over the wire.
*/
switch (address->addr->sa_family)
{
case AF_INET:
#ifdef AF_INET6
case AF_INET6:
#endif
findalldevs_if->naddr++;
break;
default:
break;
}
}
findalldevs_if->naddr = htons(findalldevs_if->naddr);
if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
if (sock_bufferize(d->description, ldescr, sendbuf, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
// send all addresses
for (address = d->addresses; address != NULL; address = address->next)
{
struct rpcap_sockaddr *sockaddr;
/*
* Send only IPv4 and IPv6 addresses over the wire.
*/
switch (address->addr->sa_family)
{
case AF_INET:
#ifdef AF_INET6
case AF_INET6:
#endif
sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
daemon_seraddr((struct sockaddr_storage *) address->addr, sockaddr);
sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
daemon_seraddr((struct sockaddr_storage *) address->netmask, sockaddr);
sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
daemon_seraddr((struct sockaddr_storage *) address->broadaddr, sockaddr);
sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
daemon_seraddr((struct sockaddr_storage *) address->dstaddr, sockaddr);
break;
default:
break;
}
}
}
// Send a final command that says "now send it!"
if (sock_send(sockctrl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
// We do no longer need the device list. Free it
pcap_freealldevs(alldevs);
// everything is fine
return 0;
}
/*
\param plen: the length of the current message (needed in order to be able
to discard excess data in the message, if present)
*/
static int daemon_opensource(SOCKET sockctrl, char *source, int srclen, uint32 plen, char *errbuf)
{
pcap_t *fp = NULL; // pcap_t main variable
uint32 totread; // number of bytes of the payload read from the socket
int nread;
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx = 0; // index which keeps the number of bytes currently buffered
struct rpcap_openreply *openreply; // open reply message
strcpy(source, PCAP_SRC_IF_STRING);
if (srclen <= (int) (strlen(PCAP_SRC_IF_STRING) + plen))
{
rpcap_senderror(sockctrl, "Source string too long", PCAP_ERR_OPEN, NULL);
return -1;
}
nread = sock_recv(sockctrl, &source[strlen(PCAP_SRC_IF_STRING)], plen,
SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE);
if (nread == -1)
return -1;
totread = nread;
// Check if all the data has been read; if not, discard the data in excess
if (totread != plen)
sock_discard(sockctrl, plen - totread, NULL, 0);
// Puts a '0' to terminate the source string
source[strlen(PCAP_SRC_IF_STRING) + plen] = 0;
// Open the selected device
// This is a fake open, since we do that only to get the needed parameters, then we close the device again
if ((fp = pcap_open_live(source,
1500 /* fake snaplen */,
0 /* no promis */,
1000 /* fake timeout */,
errbuf)) == NULL)
{
rpcap_senderror(sockctrl, errbuf, PCAP_ERR_OPEN, NULL);
return -1;
}
// Now, I can send a RPCAP open reply message
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr((struct rpcap_header *) sendbuf, RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_openreply), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
memset(openreply, 0, sizeof(struct rpcap_openreply));
openreply->linktype = htonl(pcap_datalink(fp));
openreply->tzoff = 0; /* This is always 0 for live captures */
if (sock_send(sockctrl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
// I have to close the device again, since it has been opened with wrong parameters
pcap_close(fp);
fp = NULL;
return 0;
error:
if (fp)
{
pcap_close(fp);
fp = NULL;
}
return -1;
}
/*
\param plen: the length of the current message (needed in order to be able
to discard excess data in the message, if present)
*/
static struct session *daemon_startcapture(SOCKET sockctrl, pthread_t *threaddata, char *source, int active, struct rpcap_sampling *samp_param, uint32 plen, char *errbuf)
{
char portdata[PCAP_BUF_SIZE]; // temp variable needed to derive the data port
char peerhost[PCAP_BUF_SIZE]; // temp variable needed to derive the host name of our peer
struct session *session; // saves state of session
uint32 totread; // number of bytes of the payload read from the socket
int nread;
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx = 0; // index which keeps the number of bytes currently buffered
// socket-related variables
SOCKET sockdata = 0; // socket descriptor of the data connection
struct addrinfo hints; // temp, needed to open a socket connection
struct addrinfo *addrinfo; // temp, needed to open a socket connection
struct sockaddr_storage saddr; // temp, needed to retrieve the network data port chosen on the local machine
socklen_t saddrlen; // temp, needed to retrieve the network data port chosen on the local machine
pthread_attr_t detachedAttribute; // temp, needed to set the created thread as detached
// RPCAP-related variables
struct rpcap_startcapreq startcapreq; // start capture request message
struct rpcap_startcapreply *startcapreply; // start capture reply message
int serveropen_dp; // keeps who is going to open the data connection
addrinfo = NULL;
nread = sock_recv(sockctrl, (char *) &startcapreq,
sizeof(struct rpcap_startcapreq), SOCK_RECEIVEALL_YES,
errbuf, PCAP_ERRBUF_SIZE);
if (nread == -1)
return NULL;
totread = nread;
startcapreq.flags = ntohs(startcapreq.flags);
// Create a session structure
session = malloc(sizeof(struct session));
if (session == NULL)
{
rpcap_senderror(sockctrl, "Can't allocate session structure",
PCAP_ERR_OPEN, NULL);
return NULL;
}
// Open the selected device
if ((session->fp = pcap_open(source,
ntohl(startcapreq.snaplen),
(startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_PROMISC) ? PCAP_OPENFLAG_PROMISCUOUS : 0 /* local device, other flags not needed */,
ntohl(startcapreq.read_timeout),
NULL /* local device, so no auth */,
errbuf)) == NULL)
{
rpcap_senderror(sockctrl, errbuf, PCAP_ERR_OPEN, NULL);
return NULL;
}
#if 0
// Apply sampling parameters
fp->rmt_samp.method = samp_param->method;
fp->rmt_samp.value = samp_param->value;
#endif
/*
We're in active mode if:
- we're using TCP, and the user wants us to be in active mode
- we're using UDP
*/
serveropen_dp = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_SERVEROPEN) || (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) || active;
/*
Gets the sockaddr structure referred to the other peer in the ctrl connection
We need that because:
- if we're in passive mode, we need to know the address family we want to use
(the same used for the ctrl socket)
- if we're in active mode, we need to know the network address of the other host
we want to connect to
*/
saddrlen = sizeof(struct sockaddr_storage);
if (getpeername(sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
{
sock_geterror("getpeername(): ", errbuf, PCAP_ERRBUF_SIZE);
goto error;
}
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_socktype = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_family = saddr.ss_family;
// Now we have to create a new socket to send packets
if (serveropen_dp) // Data connection is opened by the server toward the client
{
sprintf(portdata, "%d", ntohs(startcapreq.portdata));
// Get the name of the other peer (needed to connect to that specific network address)
if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
{
sock_geterror("getnameinfo(): ", errbuf, PCAP_ERRBUF_SIZE);
goto error;
}
if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errbuf, PCAP_ERRBUF_SIZE)) == -1)
goto error;
}
else // Data connection is opened by the client toward the server
{
hints.ai_flags = AI_PASSIVE;
// Let's the server socket pick up a free network port for us
if (sock_initaddress(NULL, "0", &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errbuf, PCAP_ERRBUF_SIZE)) == -1)
goto error;
// get the complete sockaddr structure used in the data connection
saddrlen = sizeof(struct sockaddr_storage);
if (getsockname(sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
{
sock_geterror("getsockname(): ", errbuf, PCAP_ERRBUF_SIZE);
goto error;
}
// Get the local port the system picked up
if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
0, portdata, sizeof(portdata), NI_NUMERICSERV))
{
sock_geterror("getnameinfo(): ", errbuf, PCAP_ERRBUF_SIZE);
goto error;
}
}
// addrinfo is no longer used
freeaddrinfo(addrinfo);
addrinfo = NULL;
session->sockctrl = sockctrl; // Needed to send an error on the ctrl connection
// Now I can set the filter
if (daemon_unpackapplyfilter(session, &totread, &plen, errbuf))
goto error;
// Now, I can send a RPCAP start capture reply message
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr((struct rpcap_header *) sendbuf, RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreply), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
memset(startcapreply, 0, sizeof(struct rpcap_startcapreply));
startcapreply->bufsize = htonl(pcap_bufsize(session->fp));
if (!serveropen_dp)
{
unsigned short port = (unsigned short)strtoul(portdata,NULL,10);
startcapreply->portdata = htons(port);
}
if (sock_send(sockctrl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if (!serveropen_dp)
{
SOCKET socktemp; // We need another socket, since we're going to accept() a connection
// Connection creation
saddrlen = sizeof(struct sockaddr_storage);
socktemp = accept(sockdata, (struct sockaddr *) &saddr, &saddrlen);
if (socktemp == -1)
{
sock_geterror("accept(): ", errbuf, PCAP_ERRBUF_SIZE);
goto error;
}
// Now that I accepted the connection, the server socket is no longer needed
sock_close(sockdata, errbuf, PCAP_ERRBUF_SIZE);
sockdata = socktemp;
}
session->sockdata = sockdata;
/* GV we need this to create the thread as detached. */
/* GV otherwise, the thread handle is not destroyed */
pthread_attr_init(&detachedAttribute);
pthread_attr_setdetachstate(&detachedAttribute, PTHREAD_CREATE_DETACHED);
// Now we have to create a new thread to receive packets
if (pthread_create(threaddata, &detachedAttribute, daemon_thrdatamain, (void *) session))
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
pthread_attr_destroy(&detachedAttribute);
goto error;
}
pthread_attr_destroy(&detachedAttribute);
// Check if all the data has been read; if not, discard the data in excess
if (totread != plen)
sock_discard(sockctrl, plen - totread, NULL, 0);
return session;
error:
rpcap_senderror(sockctrl, errbuf, PCAP_ERR_STARTCAPTURE, NULL);
if (addrinfo)
freeaddrinfo(addrinfo);
if (threaddata)
pthread_cancel(*threaddata);
if (sockdata)
sock_close(sockdata, NULL, 0);
// Check if all the data has been read; if not, discard the data in excess
if (totread != plen)
sock_discard(sockctrl, plen - totread, NULL, 0);
if (session->fp)
{
pcap_close(session->fp);
}
free(session);
return NULL;
}
static int daemon_endcapture(struct session *session, pthread_t *threaddata, char *errbuf)
{
struct rpcap_header header;
if (threaddata)
{
pthread_cancel(*threaddata);
threaddata = 0;
}
if (session->sockdata)
{
sock_close(session->sockdata, NULL, 0);
session->sockdata = 0;
}
pcap_close(session->fp);
rpcap_createhdr(&header, RPCAP_MSG_ENDCAP_REPLY, 0, 0);
if (sock_send(session->sockctrl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
return 0;
}
static int daemon_unpackapplyfilter(struct session *session, uint32 *totread, uint32 *plen, char *errbuf)
{
int nread;
struct rpcap_filter filter;
struct rpcap_filterbpf_insn insn;
struct bpf_insn *bf_insn;
struct bpf_program bf_prog;
unsigned int i;
nread = sock_recv(session->sockctrl, (char *) &filter,
sizeof(struct rpcap_filter), SOCK_RECEIVEALL_YES,
errbuf, PCAP_ERRBUF_SIZE);
if (nread == -1)
{
// to avoid blocking on the sock_discard()
*plen = *totread;
return -1;
}
*totread += nread;
bf_prog.bf_len = ntohl(filter.nitems);
if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
return -1;
}
bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
if (bf_insn == NULL)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc() failed: %s", pcap_strerror(errno));
return -1;
}
bf_prog.bf_insns = bf_insn;
for (i = 0; i < bf_prog.bf_len; i++)
{
nread = sock_recv(session->sockctrl, (char *) &insn,
sizeof(struct rpcap_filterbpf_insn), SOCK_RECEIVEALL_YES,
errbuf, PCAP_ERRBUF_SIZE);
if (nread == -1)
return -1;
*totread += nread;
bf_insn->code = ntohs(insn.code);
bf_insn->jf = insn.jf;
bf_insn->jt = insn.jt;
bf_insn->k = ntohl(insn.k);
bf_insn++;
}
if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
return -1;
}
if (pcap_setfilter(session->fp, &bf_prog))
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
return -1;
}
return 0;
}
int daemon_updatefilter(struct session *session, uint32 plen)
{
struct rpcap_header header; // keeps the answer to the updatefilter command
unsigned int nread;
nread = 0;
if (daemon_unpackapplyfilter(session, &nread, &plen, pcap_geterr(session->fp)))
goto error;
// Check if all the data has been read; if not, discard the data in excess
if (nread != plen)
{
if (sock_discard(session->sockctrl, plen - nread, NULL, 0))
{
nread = plen; // just to avoid to call discard again in the 'error' section
goto error;
}
}
// A response is needed, otherwise the other host does not know that everything went well
rpcap_createhdr(&header, RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0);
if (sock_send(session->sockctrl, (char *) &header, sizeof (struct rpcap_header), pcap_geterr(session->fp), PCAP_ERRBUF_SIZE))
goto error;
return 0;
error:
if (nread != plen)
sock_discard(session->sockctrl, plen - nread, NULL, 0);
rpcap_senderror(session->sockctrl, pcap_geterr(session->fp), PCAP_ERR_UPDATEFILTER, NULL);
return -1;
}
/*!
\brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
*/
int daemon_setsampling(SOCKET sockctrl, struct rpcap_sampling *samp_param, int plen, char *errbuf)
{
struct rpcap_header header;
struct rpcap_sampling rpcap_samp;
int nread; // number of bytes of the payload read from the socket
if ((nread = sock_recv(sockctrl, (char *) &rpcap_samp, sizeof(struct rpcap_sampling),
SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE)) == -1)
goto error;
// Save these settings in the pcap_t
samp_param->method = rpcap_samp.method;
samp_param->value = ntohl(rpcap_samp.value);
// A response is needed, otherwise the other host does not know that everything went well
rpcap_createhdr(&header, RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
if (sock_send(sockctrl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE))
goto error;
if (nread != plen)
sock_discard(sockctrl, plen - nread, NULL, 0);
return 0;
error:
if (nread != plen)
sock_discard(sockctrl, plen - nread, NULL, 0);
rpcap_senderror(sockctrl, errbuf, PCAP_ERR_SETSAMPLING, NULL);
return -1;
}
int daemon_getstats(struct session *session)
{
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx = 0; // index which keeps the number of bytes currently buffered
struct pcap_stat stats; // local statistics
struct rpcap_stats *netstats; // statistics sent on the network
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, pcap_geterr(session->fp), PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr((struct rpcap_header *) sendbuf, RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_stats), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, pcap_geterr(session->fp), PCAP_ERRBUF_SIZE) == -1)
goto error;
if (pcap_stats(session->fp, &stats))
goto error;
netstats->ifdrop = htonl(stats.ps_ifdrop);
netstats->ifrecv = htonl(stats.ps_recv);
netstats->krnldrop = htonl(stats.ps_drop);
netstats->svrcapt = htonl(session->TotCapt);
// Send the packet
if (sock_send(session->sockctrl, sendbuf, sendbufidx, pcap_geterr(session->fp), PCAP_ERRBUF_SIZE) == -1)
goto error;
return 0;
error:
rpcap_senderror(session->sockctrl, pcap_geterr(session->fp), PCAP_ERR_GETSTATS, NULL);
return -1;
}
int daemon_getstatsnopcap(SOCKET sockctrl, unsigned int ifdrops, unsigned int ifrecv,
unsigned int krnldrop, unsigned int svrcapt, char *errbuf)
{
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx = 0; // index which keeps the number of bytes currently buffered
struct rpcap_stats *netstats; // statistics sent on the network
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr((struct rpcap_header *) sendbuf, RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_stats), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
netstats->ifdrop = htonl(ifdrops);
netstats->ifrecv = htonl(ifrecv);
netstats->krnldrop = htonl(krnldrop);
netstats->svrcapt = htonl(svrcapt);
// Send the packet
if (sock_send(sockctrl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
return 0;
error:
rpcap_senderror(sockctrl, errbuf, PCAP_ERR_GETSTATS, NULL);
return -1;
}
void *daemon_thrdatamain(void *ptr)
{
char errbuf[PCAP_ERRBUF_SIZE + 1]; // error buffer
struct session *session; // pointer to the struct session for this session
int retval; // general variable used to keep the return value of other functions
struct rpcap_pkthdr *net_pkt_header;// header of the packet
struct pcap_pkthdr *pkt_header; // pointer to the buffer that contains the header of the current packet
u_char *pkt_data; // pointer to the buffer that contains the current packet
char *sendbuf; // temporary buffer in which data to be sent is buffered
int sendbufidx; // index which keeps the number of bytes currently buffered
session = (struct session *) ptr;
session->TotCapt = 0; // counter which is incremented each time a packet is received
// Initialize errbuf
memset(errbuf, 0, sizeof(errbuf));
// Some platforms (e.g. Win32) allow creating a static variable with this size
// However, others (e.g. BSD) do not, so we're forced to allocate this buffer dynamically
sendbuf = (char *) malloc (sizeof(char) * RPCAP_NETBUF_SIZE);
if (sendbuf == NULL)
{
snprintf(errbuf, sizeof(errbuf) - 1, "Unable to create the buffer for this child thread");
goto error;
}
// Modify thread params so that it can be killed at any time
if (pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL))
goto error;
if (pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL))
goto error;
// Retrieve the packets
while ((retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data)) >= 0) // cast to avoid a compiler warning
{
if (retval == 0) // Read timeout elapsed
continue;
sendbufidx = 0;
// Bufferize the general header
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr((struct rpcap_header *) sendbuf, RPCAP_MSG_PACKET, 0,
(uint16) (sizeof(struct rpcap_pkthdr) + pkt_header->caplen));
net_pkt_header = (struct rpcap_pkthdr *) &sendbuf[sendbufidx];
// Bufferize the pkt header
if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
net_pkt_header->caplen = htonl(pkt_header->caplen);
net_pkt_header->len = htonl(pkt_header->len);
net_pkt_header->npkt = htonl(++(session->TotCapt));
net_pkt_header->timestamp_sec = htonl(pkt_header->ts.tv_sec);
net_pkt_header->timestamp_usec = htonl(pkt_header->ts.tv_usec);
// Bufferize the pkt data
if (sock_bufferize((char *) pkt_data, pkt_header->caplen, sendbuf, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
// Send the packet
if (sock_send(session->sockdata, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
}
if (retval == -1)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
rpcap_senderror(session->sockctrl, errbuf, PCAP_ERR_READEX, NULL);
goto error;
}
error:
SOCK_ASSERT(errbuf, 1);
closesocket(session->sockdata);
session->sockdata = 0;
free(sendbuf);
return NULL;
}
/*!
\brief It serializes a network address.
It accepts a 'sockaddr_storage' structure as input, and it converts it appropriately into a format
that can be used to be sent on the network. Basically, it applies all the hton()
conversion required to the input variable.
\param sockaddrin: a 'sockaddr_storage' pointer to the variable that has to be
serialized. This variable can be both a 'sockaddr_in' and 'sockaddr_in6'.
\param sockaddrout: an 'rpcap_sockaddr' pointer to the variable that will contain
the serialized data. This variable has to be allocated by the user.
\return None
\warning This function supports only AF_INET and AF_INET6 address families.
*/
void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout)
{
memset(sockaddrout, 0, sizeof(struct sockaddr_storage));
// There can be the case in which the sockaddrin is not available
if (sockaddrin == NULL) return;
// Warning: we support only AF_INET and AF_INET6
switch (sockaddrin->ss_family)
{
case AF_INET:
{
struct sockaddr_in *sockaddrin_ipv4;
struct rpcap_sockaddr_in *sockaddrout_ipv4;
sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
sockaddrout_ipv4 = (struct rpcap_sockaddr_in *) sockaddrout;
sockaddrout_ipv4->family = htons(RPCAP_AF_INET);
sockaddrout_ipv4->port = htons(sockaddrin_ipv4->sin_port);
memcpy(&sockaddrout_ipv4->addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4->addr));
memset(sockaddrout_ipv4->zero, 0, sizeof(sockaddrout_ipv4->zero));
break;
}
#ifdef AF_INET6
case AF_INET6:
{
struct sockaddr_in6 *sockaddrin_ipv6;
struct rpcap_sockaddr_in6 *sockaddrout_ipv6;
sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
sockaddrout_ipv6 = (struct rpcap_sockaddr_in6 *) sockaddrout;
sockaddrout_ipv6->family = htons(RPCAP_AF_INET6);
sockaddrout_ipv6->port = htons(sockaddrin_ipv6->sin6_port);
sockaddrout_ipv6->flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
memcpy(&sockaddrout_ipv6->addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6->addr));
sockaddrout_ipv6->scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
break;
}
#endif
}
}
/*!
\brief Suspends a pthread for msec milliseconds.
This function is provided since pthreads do not have a suspend() call.
*/
void pthread_suspend(int msec)
{
#ifdef _WIN32
Sleep(msec);
#else
struct timespec abstime;
struct timeval now;
pthread_cond_t cond;
pthread_mutex_t mutex;
pthread_mutexattr_t attr;
pthread_mutexattr_init(&attr);
pthread_mutex_init(&mutex, &attr);
pthread_mutex_lock(&mutex);
pthread_cond_init(&cond, NULL);
gettimeofday(&now, NULL);
abstime.tv_sec = now.tv_sec + msec/1000;
abstime.tv_nsec = now.tv_usec * 1000 + (msec%1000) * 1000 * 1000;
pthread_cond_timedwait(&cond, &mutex, &abstime);
pthread_mutex_destroy(&mutex);
pthread_cond_destroy(&cond);
#endif
}