Google Git
Sign in
android / platform / external / libpcap / b85eadb572fbe8ac1878fa75142b990863f1b30f / . / rpcapd / daemon.c
blob: 620dec313d4befe85f9253f2d8a41b0329d05baf [file] [log] [blame]
/*
* Copyright (c) 2002 - 2003
* NetGroup, Politecnico di Torino (Italy)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Politecnico di Torino nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "ftmacros.h"
#include "varattrs.h"
#include <errno.h> // for the errno variable
#include <stdlib.h> // for malloc(), free(), ...
#include <string.h> // for strlen(), ...
#include <limits.h> // for INT_MAX
#ifdef _WIN32
#include <process.h> // for threads
#else
#include <unistd.h>
#include <pthread.h>
#include <signal.h>
#include <sys/time.h>
#include <sys/types.h> // for select() and such
#include <pwd.h> // for password management
#endif
#ifdef HAVE_GETSPNAM
#include <shadow.h> // for password management
#endif
#include <pcap.h> // for libpcap/WinPcap calls
#include "fmtutils.h"
#include "sockutils.h" // for socket calls
#include "portability.h"
#include "rpcap-protocol.h"
#include "daemon.h"
#include "log.h"
#ifdef HAVE_OPENSSL
#include <openssl/ssl.h>
#include "sslutils.h"
#endif
//
// Timeout, in seconds, when we're waiting for a client to send us an
// authentication request; if they don't send us a request within that
// interval, we drop the connection, so we don't stay stuck forever.
//
#define RPCAP_TIMEOUT_INIT 90
//
// Timeout, in seconds, when we're waiting for an authenticated client
// to send us a request, if a capture isn't in progress; if they don't
// send us a request within that interval, we drop the connection, so
// we don't stay stuck forever.
//
#define RPCAP_TIMEOUT_RUNTIME 180
//
// Time, in seconds, that we wait after a failed authentication attempt
// before processing the next request; this prevents a client from
// rapidly trying different accounts or passwords.
//
#define RPCAP_SUSPEND_WRONGAUTH 1
// Parameters for the service loop.
struct daemon_slpars
{
SOCKET sockctrl; //!< SOCKET ID of the control connection
SSL *ssl; //!< Optional SSL handler for the controlling sockets
int isactive; //!< Not null if the daemon has to run in active mode
int nullAuthAllowed; //!< '1' if we permit NULL authentication, '0' otherwise
};
//
// Data for a session managed by a thread.
// It includes both a Boolean indicating whether we *have* a thread,
// and a platform-dependent (UN*X vs. Windows) identifier for the
// thread; on Windows, we could use an invalid handle to indicate
// that we don't have a thread, but there *is* no portable "no thread"
// value for a pthread_t on UN*X.
//
struct session {
SOCKET sockctrl;
SOCKET sockdata;
SSL *ctrl_ssl, *data_ssl; // optional SSL handlers for sockctrl and sockdata.
uint8 protocol_version;
pcap_t *fp;
unsigned int TotCapt;
int have_thread;
#ifdef _WIN32
HANDLE thread;
#else
pthread_t thread;
#endif
};
// Locally defined functions
static int daemon_msg_err(SOCKET sockctrl, SSL *, uint32 plen);
static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen);
static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars,
uint32 plen);
static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars,
uint32 plen, char *source, size_t sourcelen);
static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars,
uint32 plen, char *source, struct session **sessionp,
struct rpcap_sampling *samp_param, int uses_ssl);
static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
struct session *session);
static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
struct session *session, uint32 plen);
static int daemon_unpackapplyfilter(SOCKET sockctrl, SSL *, struct session *session, uint32 *plenp, char *errbuf);
static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
struct session *session, uint32 plen, struct pcap_stat *stats,
unsigned int svrcapt);
static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars,
uint32 plen, struct rpcap_sampling *samp_param);
static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
#ifdef _WIN32
static unsigned __stdcall daemon_thrdatamain(void *ptr);
#else
static void *daemon_thrdatamain(void *ptr);
static void noop_handler(int sign);
#endif
static int rpcapd_recv_msg_header(SOCKET sock, SSL *, struct rpcap_header *headerp);
static int rpcapd_recv(SOCKET sock, SSL *, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf);
static int rpcapd_discard(SOCKET sock, SSL *, uint32 len);
static void session_close(struct session *);
//
// TLS record layer header; used when processing the first message from
// the client, in case we aren't doing TLS but they are.
//
struct tls_record_header {
uint8 type; // ContentType - will be 22, for Handshake
uint8 version_major; // TLS protocol major version
uint8 version_injor; // TLS protocol minor version
// This is *not* aligned on a 2-byte boundary; we just
// declare it as two bytes. Don't assume any particular
// compiler's mechanism for saying "packed"!
uint8 length_hi; // Upper 8 bits of payload length
uint8 length_lo; // Low 8 bits of payload length
};
#define TLS_RECORD_HEADER_LEN 5 // Don't use sizeof in case it's padded
#define TLS_RECORD_TYPE_ALERT 21
#define TLS_RECORD_TYPE_HANDSHAKE 22
//
// TLS alert message.
//
struct tls_alert {
uint8 alert_level;
uint8 alert_description;
};
#define TLS_ALERT_LEN 2
#define TLS_ALERT_LEVEL_FATAL 2
#define TLS_ALERT_HANDSHAKE_FAILURE 40
static int is_url(const char *source);
/*
* Maximum sizes for fixed-bit-width values.
*/
#ifndef UINT16_MAX
#define UINT16_MAX 65535U
#endif
#ifndef UINT32_MAX
#define UINT32_MAX 4294967295U
#endif
int
daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
int nullAuthAllowed, int uses_ssl)
{
uint8 first_octet;
struct tls_record_header tls_header;
struct tls_alert tls_alert;
struct daemon_slpars pars; // service loop parameters
char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
char errmsgbuf[PCAP_ERRBUF_SIZE + 1]; // buffer for errors to send to the client
int host_port_check_status;
SSL *ssl = NULL;
int nrecv;
struct rpcap_header header; // RPCAP message general header
uint32 plen; // payload length from header
int authenticated = 0; // 1 if the client has successfully authenticated
char source[PCAP_BUF_SIZE+1]; // keeps the string that contains the interface to open
int got_source = 0; // 1 if we've gotten the source from an open request
#ifndef _WIN32
struct sigaction action;
#endif
struct session *session = NULL; // struct session main variable
const char *msg_type_string; // string for message type
int client_told_us_to_close = 0; // 1 if the client told us to close the capture
// needed to save the values of the statistics
struct pcap_stat stats;
unsigned int svrcapt;
struct rpcap_sampling samp_param; // in case sampling has been requested
// Structures needed for the select() call
fd_set rfds; // set of socket descriptors we have to check
struct timeval tv; // maximum time the select() can block waiting for data
int retval; // select() return value
*errbuf = 0; // Initialize errbuf
//
// Peek into the socket to determine whether the client sent us
// a TLS handshake message or a non-TLS rpcapd message.
//
// The first byte of an rpcapd request is the version number;
// the first byte of a TLS handshake message is 22. The
// first request to an rpcapd server must be an authentication
// request or a close request, and must have a version number
// of 0, so it will be possible to distinguish between an
// initial plaintext request to a server and an initial TLS
// handshake message.
//
nrecv = sock_recv(sockctrl, NULL, (char *)&first_octet, 1,
SOCK_EOF_ISNT_ERROR|SOCK_MSG_PEEK, errbuf, PCAP_ERRBUF_SIZE);
if (nrecv == -1)
{
// Fatal error.
rpcapd_log(LOGPRIO_ERROR, "Peek from client failed: %s", errbuf);
goto end;
}
if (nrecv == 0)
{
// Client closed the connection.
goto end;
}
#ifdef HAVE_OPENSSL
//
// We have to upgrade to TLS as soon as possible, so that the
// whole protocol goes through the encrypted tunnel, including
// early error messages.
//
// Even in active mode, the other end has to initiate the TLS
// handshake as we still are the server as far as TLS is concerned,
// so we don't check isactive.
//
if (uses_ssl)
{
//
// We're expecting a TLS handshake message. If this
// isn't one, assume it's a non-TLS rpcapd message.
//
// The first octet of a TLS handshake is
// TLS_RECORD_TYPE_HANDSHAKE.
//
if (first_octet != TLS_RECORD_TYPE_HANDSHAKE)
{
//
// We assume this is a non-TLS rpcapd message.
//
// Read the message header from the client.
//
nrecv = rpcapd_recv_msg_header(sockctrl, NULL, &header);
if (nrecv == -1)
{
// Fatal error.
goto end;
}
if (nrecv == -2)
{
// Client closed the connection.
goto end;
}
plen = header.plen;
// Discard the rest of the message.
if (rpcapd_discard(sockctrl, NULL, plen) == -1)
{
// Network error.
goto end;
}
//
// Send an authentication error, indicating
// that we require TLS.
//
if (rpcap_senderror(sockctrl, NULL, header.ver,
PCAP_ERR_TLS_REQUIRED,
"TLS is required by this server", errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// Shut the session down.
goto end;
}
ssl = ssl_promotion(1, sockctrl, errbuf, PCAP_ERRBUF_SIZE);
if (! ssl)
{
rpcapd_log(LOGPRIO_ERROR, "TLS handshake on control connection failed: %s",
errbuf);
goto end;
}
}
else
#endif
{
//
// We're expecting a non-TLS rpcapd message. If this
// looks, instead, like a TLS handshake message, send
// a TLS handshake_failed alert.
//
// The first octet of a TLS handshake is
// TLS_RECORD_TYPE_HANDSHAKE.
//
if (first_octet == TLS_RECORD_TYPE_HANDSHAKE)
{
//
// TLS handshake.
// Read the record header.
//
nrecv = sock_recv(sockctrl, ssl, (char *) &tls_header,
sizeof tls_header, SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR,
errbuf, PCAP_ERRBUF_SIZE);
if (nrecv == -1)
{
// Network error.
rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
goto end;
}
if (nrecv == 0)
{
// Immediate EOF
goto end;
}
plen = (tls_header.length_hi << 8) | tls_header.length_lo;
// Discard the rest of the message.
if (rpcapd_discard(sockctrl, NULL, plen) == -1)
{
// Network error.
goto end;
}
//
// Send a TLS handshake failure alert.
// Use the same version the client sent us.
//
tls_header.type = TLS_RECORD_TYPE_ALERT;
tls_header.length_hi = 0;
tls_header.length_lo = TLS_ALERT_LEN;
if (sock_send(sockctrl, NULL, (char *) &tls_header,
TLS_RECORD_HEADER_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
tls_alert.alert_level = TLS_ALERT_LEVEL_FATAL;
tls_alert.alert_description = TLS_ALERT_HANDSHAKE_FAILURE;
if (sock_send(sockctrl, NULL, (char *) &tls_alert,
TLS_ALERT_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
//
// Give up anyway.
//
goto end;
}
}
// Set parameters structure
pars.sockctrl = sockctrl;
pars.ssl = ssl;
pars.isactive = isactive; // active mode
pars.nullAuthAllowed = nullAuthAllowed;
//
// We have a connection.
//
// If it's a passive mode connection, check whether the connecting
// host is among the ones allowed.
//
// In either case, we were handed a copy of the host list; free it
// as soon as we're done with it.
//
if (pars.isactive)
{
// Nothing to do.
free(passiveClients);
passiveClients = NULL;
}
else
{
struct sockaddr_storage from;
socklen_t fromlen;
//
// Get the address of the other end of the connection.
//
fromlen = sizeof(struct sockaddr_storage);
if (getpeername(pars.sockctrl, (struct sockaddr *)&from,
&fromlen) == -1)
{
sock_geterror("getpeername()", errmsgbuf, PCAP_ERRBUF_SIZE);
if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
//
// Are they in the list of host/port combinations we allow?
//
host_port_check_status = sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE);
free(passiveClients);
passiveClients = NULL;
if (host_port_check_status < 0)
{
if (host_port_check_status == -2) {
//
// We got an error; log it.
//
rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
}
//
// Sorry, we can't let you in.
//
if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1)
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
}
#ifndef _WIN32
//
// Catch SIGUSR1, but do nothing. We use it to interrupt the
// capture thread to break it out of a loop in which it's
// blocked waiting for packets to arrive.
//
// We don't want interrupted system calls to restart, so that
// the read routine for the pcap_t gets EINTR rather than
// restarting if it's blocked in a system call.
//
memset(&action, 0, sizeof (action));
action.sa_handler = noop_handler;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
sigaction(SIGUSR1, &action, NULL);
#endif
//
// The client must first authenticate; loop until they send us a
// message with a version we support and credentials we accept,
// they send us a close message indicating that they're giving up,
// or we get a network error or other fatal error.
//
while (!authenticated)
{
//
// If we're not in active mode, we use select(), with a
// timeout, to wait for an authentication request; if
// the timeout expires, we drop the connection, so that
// a client can't just connect to us and leave us
// waiting forever.
//
if (!pars.isactive)
{
FD_ZERO(&rfds);
// We do not have to block here
tv.tv_sec = RPCAP_TIMEOUT_INIT;
tv.tv_usec = 0;
FD_SET(pars.sockctrl, &rfds);
retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
if (retval == -1)
{
sock_geterror("select() failed", errmsgbuf, PCAP_ERRBUF_SIZE);
if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// The timeout has expired
// So, this was a fake connection. Drop it down
if (retval == 0)
{
if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1)
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
}
//
// Read the message header from the client.
//
nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
if (nrecv == -1)
{
// Fatal error.
goto end;
}
if (nrecv == -2)
{
// Client closed the connection.
goto end;
}
plen = header.plen;
//
// While we're in the authentication pharse, all requests
// must use version 0.
//
if (header.ver != 0)
{
//
// Send it back to them with their version.
//
if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver,
PCAP_ERR_WRONGVER,
"RPCAP version in requests in the authentication phase must be 0",
errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// Discard the rest of the message and drop the
// connection.
(void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
goto end;
}
switch (header.type)
{
case RPCAP_MSG_AUTH_REQ:
retval = daemon_msg_auth_req(&pars, plen);
if (retval == -1)
{
// Fatal error; a message has
// been logged, so just give up.
goto end;
}
if (retval == -2)
{
// Non-fatal error; we sent back
// an error message, so let them
// try again.
continue;
}
// OK, we're authenticated; we sent back
// a reply, so start serving requests.
authenticated = 1;
break;
case RPCAP_MSG_CLOSE:
//
// The client is giving up.
// Discard the rest of the message, if
// there is anything more.
//
(void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
// We're done with this client.
goto end;
case RPCAP_MSG_ERROR:
// Log this and close the connection?
// XXX - is this what happens in active
// mode, where *we* initiate the
// connection, and the client gives us
// an error message rather than a "let
// me log in" message, indicating that
// we're not allowed to connect to them?
(void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
goto end;
case RPCAP_MSG_FINDALLIF_REQ:
case RPCAP_MSG_OPEN_REQ:
case RPCAP_MSG_STARTCAP_REQ:
case RPCAP_MSG_UPDATEFILTER_REQ:
case RPCAP_MSG_STATS_REQ:
case RPCAP_MSG_ENDCAP_REQ:
case RPCAP_MSG_SETSAMPLING_REQ:
//
// These requests can't be sent until
// the client is authenticated.
//
msg_type_string = rpcap_msg_type_string(header.type);
if (msg_type_string != NULL)
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string);
}
else
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type);
}
if (rpcap_senderror(pars.sockctrl, pars.ssl,
header.ver, PCAP_ERR_WRONGMSG,
errmsgbuf, errbuf) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// Discard the rest of the message.
if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
{
// Network error.
goto end;
}
break;
case RPCAP_MSG_PACKET:
case RPCAP_MSG_FINDALLIF_REPLY:
case RPCAP_MSG_OPEN_REPLY:
case RPCAP_MSG_STARTCAP_REPLY:
case RPCAP_MSG_UPDATEFILTER_REPLY:
case RPCAP_MSG_AUTH_REPLY:
case RPCAP_MSG_STATS_REPLY:
case RPCAP_MSG_ENDCAP_REPLY:
case RPCAP_MSG_SETSAMPLING_REPLY:
//
// These are server-to-client messages.
//
msg_type_string = rpcap_msg_type_string(header.type);
if (msg_type_string != NULL)
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
}
else
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
}
if (rpcap_senderror(pars.sockctrl, pars.ssl,
header.ver, PCAP_ERR_WRONGMSG,
errmsgbuf, errbuf) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// Discard the rest of the message.
if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
{
// Fatal error.
goto end;
}
break;
default:
//
// Unknown message type.
//
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
if (rpcap_senderror(pars.sockctrl, pars.ssl,
header.ver, PCAP_ERR_WRONGMSG,
errmsgbuf, errbuf) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// Discard the rest of the message.
if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
{
// Fatal error.
goto end;
}
break;
}
}
//
// OK, the client has authenticated itself, and we can start
// processing regular requests from it.
//
//
// We don't have any statistics yet.
//
stats.ps_ifdrop = 0;
stats.ps_recv = 0;
stats.ps_drop = 0;
svrcapt = 0;
//
// Service requests.
//
for (;;)
{
errbuf[0] = 0; // clear errbuf
// Avoid zombies connections; check if the connection is opens but no commands are performed
// from more than RPCAP_TIMEOUT_RUNTIME
// Conditions:
// - I have to be in normal mode (no active mode)
// - if the device is open, I don't have to be in the middle of a capture (session->sockdata)
// - if the device is closed, I have always to check if a new command arrives
//
// Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
// sockdata is 0
if ((!pars.isactive) && (session == NULL || session->sockdata == 0))
{
// Check for the initial timeout
FD_ZERO(&rfds);
// We do not have to block here
tv.tv_sec = RPCAP_TIMEOUT_RUNTIME;
tv.tv_usec = 0;
FD_SET(pars.sockctrl, &rfds);
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
retval = 1;
#else
retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
#endif
if (retval == -1)
{
sock_geterror("select() failed", errmsgbuf, PCAP_ERRBUF_SIZE);
if (rpcap_senderror(pars.sockctrl, pars.ssl,
0, PCAP_ERR_NETW,
errmsgbuf, errbuf) == -1)
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// The timeout has expired
// So, this was a fake connection. Drop it down
if (retval == 0)
{
if (rpcap_senderror(pars.sockctrl, pars.ssl,
0, PCAP_ERR_INITTIMEOUT,
"The RPCAP initial timeout has expired",
errbuf) == -1)
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
}
//
// Read the message header from the client.
//
nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
if (nrecv == -1)
{
// Fatal error.
goto end;
}
if (nrecv == -2)
{
// Client closed the connection.
goto end;
}
plen = header.plen;
//
// Did the client specify a protocol version that we
// support?
//
if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
{
//
// Tell them it's not a supported version.
// Send the error message with their version,
// so they don't reject it as having the wrong
// version.
//
if (rpcap_senderror(pars.sockctrl, pars.ssl,
header.ver, PCAP_ERR_WRONGVER,
"RPCAP version in message isn't supported by the server",
errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// Discard the rest of the message.
(void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
// Give up on them.
goto end;
}
switch (header.type)
{
case RPCAP_MSG_ERROR: // The other endpoint reported an error
{
(void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
// Do nothing; just exit; the error code is already into the errbuf
// XXX - actually exit....
break;
}
case RPCAP_MSG_FINDALLIF_REQ:
{
if (daemon_msg_findallif_req(header.ver, &pars, plen) == -1)
{
// Fatal error; a message has
// been logged, so just give up.
goto end;
}
break;
}
case RPCAP_MSG_OPEN_REQ:
{
//
// Process the open request, and keep
// the source from it, for use later
// when the capture is started.
//
// XXX - we don't care if the client sends
// us multiple open requests, the last
// one wins.
//
retval = daemon_msg_open_req(header.ver, &pars,
plen, source, sizeof(source));
if (retval == -1)
{
// Fatal error; a message has
// been logged, so just give up.
goto end;
}
got_source = 1;
break;
}
case RPCAP_MSG_STARTCAP_REQ:
{
if (!got_source)
{
// They never told us what device
// to capture on!
if (rpcap_senderror(pars.sockctrl, pars.ssl,
header.ver,
PCAP_ERR_STARTCAPTURE,
"No capture device was specified",
errbuf) == -1)
{
// Fatal error; log an
// error and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
{
goto end;
}
break;
}
if (daemon_msg_startcap_req(header.ver, &pars,
plen, source, &session, &samp_param,
uses_ssl) == -1)
{
// Fatal error; a message has
// been logged, so just give up.
goto end;
}
break;
}
case RPCAP_MSG_UPDATEFILTER_REQ:
{
if (session)
{
if (daemon_msg_updatefilter_req(header.ver,
&pars, session, plen) == -1)
{
// Fatal error; a message has
// been logged, so just give up.
goto end;
}
}
else
{
if (rpcap_senderror(pars.sockctrl, pars.ssl,
header.ver,
PCAP_ERR_UPDATEFILTER,
"Device not opened. Cannot update filter",
errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
}
break;
}
case RPCAP_MSG_CLOSE: // The other endpoint close the pcap session
{
//
// Indicate to our caller that the client
// closed the control connection.
// This is used only in case of active mode.
//
client_told_us_to_close = 1;
rpcapd_log(LOGPRIO_DEBUG, "The other end system asked to close the connection.");
goto end;
}
case RPCAP_MSG_STATS_REQ:
{
if (daemon_msg_stats_req(header.ver, &pars,
session, plen, &stats, svrcapt) == -1)
{
// Fatal error; a message has
// been logged, so just give up.
goto end;
}
break;
}
case RPCAP_MSG_ENDCAP_REQ: // The other endpoint close the current capture session
{
if (session)
{
// Save statistics (we can need them in the future)
if (pcap_stats(session->fp, &stats))
{
svrcapt = session->TotCapt;
}
else
{
stats.ps_ifdrop = 0;
stats.ps_recv = 0;
stats.ps_drop = 0;
svrcapt = 0;
}
if (daemon_msg_endcap_req(header.ver,
&pars, session) == -1)
{
free(session);
session = NULL;
// Fatal error; a message has
// been logged, so just give up.
goto end;
}
free(session);
session = NULL;
}
else
{
rpcap_senderror(pars.sockctrl, pars.ssl,
header.ver,
PCAP_ERR_ENDCAPTURE,
"Device not opened. Cannot close the capture",
errbuf);
}
break;
}
case RPCAP_MSG_SETSAMPLING_REQ:
{
if (daemon_msg_setsampling_req(header.ver,
&pars, plen, &samp_param) == -1)
{
// Fatal error; a message has
// been logged, so just give up.
goto end;
}
break;
}
case RPCAP_MSG_AUTH_REQ:
{
//
// We're already authenticated; you don't
// get to reauthenticate.
//
rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed");
if (rpcap_senderror(pars.sockctrl, pars.ssl,
header.ver,
PCAP_ERR_WRONGMSG,
"RPCAP_MSG_AUTH_REQ request sent after authentication was completed",
errbuf) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// Discard the rest of the message.
if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
{
// Fatal error.
goto end;
}
goto end;
case RPCAP_MSG_PACKET:
case RPCAP_MSG_FINDALLIF_REPLY:
case RPCAP_MSG_OPEN_REPLY:
case RPCAP_MSG_STARTCAP_REPLY:
case RPCAP_MSG_UPDATEFILTER_REPLY:
case RPCAP_MSG_AUTH_REPLY:
case RPCAP_MSG_STATS_REPLY:
case RPCAP_MSG_ENDCAP_REPLY:
case RPCAP_MSG_SETSAMPLING_REPLY:
//
// These are server-to-client messages.
//
msg_type_string = rpcap_msg_type_string(header.type);
if (msg_type_string != NULL)
{
rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string);
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
}
else
{
rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type);
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
}
if (rpcap_senderror(pars.sockctrl, pars.ssl,
header.ver, PCAP_ERR_WRONGMSG,
errmsgbuf, errbuf) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// Discard the rest of the message.
if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
{
// Fatal error.
goto end;
}
goto end;
default:
//
// Unknown message type.
//
rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type);
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
if (rpcap_senderror(pars.sockctrl, pars.ssl,
header.ver, PCAP_ERR_WRONGMSG,
errbuf, errmsgbuf) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto end;
}
// Discard the rest of the message.
if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
{
// Fatal error.
goto end;
}
goto end;
}
}
}
end:
// The service loop is finishing up.
// If we have a capture session running, close it.
if (session)
{
session_close(session);
free(session);
session = NULL;
}
if (passiveClients) {
free(passiveClients);
}
//
// Finish using the SSL handle for the control socket, if we
// have an SSL connection, and close the control socket.
//
#ifdef HAVE_OPENSSL
if (ssl)
{
// Finish using the SSL handle for the socket.
// This must be done *before* the socket is closed.
ssl_finish(ssl);
}
#endif
sock_close(sockctrl, NULL, 0);
// Print message and return
rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop");
return client_told_us_to_close;
}
/*
* This handles the RPCAP_MSG_ERR message.
*/
static int
daemon_msg_err(SOCKET sockctrl, SSL *ssl, uint32 plen)
{
char errbuf[PCAP_ERRBUF_SIZE];
char remote_errbuf[PCAP_ERRBUF_SIZE];
if (plen >= PCAP_ERRBUF_SIZE)
{
/*
* Message is too long; just read as much of it as we
* can into the buffer provided, and discard the rest.
*/
if (sock_recv(sockctrl, ssl, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
PCAP_ERRBUF_SIZE) == -1)
{
// Network error.
rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
return -1;
}
if (rpcapd_discard(sockctrl, ssl, plen - (PCAP_ERRBUF_SIZE - 1)) == -1)
{
// Network error.
return -1;
}
/*
* Null-terminate it.
*/
remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0';
}
else if (plen == 0)
{
/* Empty error string. */
remote_errbuf[0] = '\0';
}
else
{
if (sock_recv(sockctrl, ssl, remote_errbuf, plen,
SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
PCAP_ERRBUF_SIZE) == -1)
{
// Network error.
rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
return -1;
}
/*
* Null-terminate it.
*/
remote_errbuf[plen] = '\0';
}
// Log the message
rpcapd_log(LOGPRIO_ERROR, "Error from client: %s", remote_errbuf);
return 0;
}
/*
* This handles the RPCAP_MSG_AUTH_REQ message.
* It checks if the authentication credentials supplied by the user are valid.
*
* This function is called if the daemon receives a RPCAP_MSG_AUTH_REQ
* message in its authentication loop. It reads the body of the
* authentication message from the network and checks whether the
* credentials are valid.
*
* \param sockctrl: the socket for the control connection.
*
* \param nullAuthAllowed: '1' if the NULL authentication is allowed.
*
* \param errbuf: a user-allocated buffer in which the error message
* (if one) has to be written. It must be at least PCAP_ERRBUF_SIZE
* bytes long.
*
* \return '0' if everything is fine, '-1' if an unrecoverable error occurred,
* or '-2' if the authentication failed. For errors, an error message is
* returned in the 'errbuf' variable; this gives a message for the
* unrecoverable error or for the authentication failure.
*/
static int
daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
{
char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
int status;
struct rpcap_auth auth; // RPCAP authentication header
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx = 0; // index which keeps the number of bytes currently buffered
struct rpcap_authreply *authreply; // authentication reply message
status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf);
if (status == -1)
{
return -1;
}
if (status == -2)
{
goto error;
}
switch (ntohs(auth.type))
{
case RPCAP_RMTAUTH_NULL:
{
if (!pars->nullAuthAllowed)
{
// Send the client an error reply.
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
"Authentication failed; NULL authentication not permitted.");
if (rpcap_senderror(pars->sockctrl, pars->ssl,
0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
goto error_noreply;
}
break;
}
case RPCAP_RMTAUTH_PWD:
{
char *username, *passwd;
uint32 usernamelen, passwdlen;
usernamelen = ntohs(auth.slen1);
username = (char *) malloc (usernamelen + 1);
if (username == NULL)
{
pcap_fmt_errmsg_for_errno(errmsgbuf,
PCAP_ERRBUF_SIZE, errno, "malloc() failed");
goto error;
}
status = rpcapd_recv(pars->sockctrl, pars->ssl, username, usernamelen, &plen, errmsgbuf);
if (status == -1)
{
free(username);
return -1;
}
if (status == -2)
{
free(username);
goto error;
}
username[usernamelen] = '\0';
passwdlen = ntohs(auth.slen2);
passwd = (char *) malloc (passwdlen + 1);
if (passwd == NULL)
{
pcap_fmt_errmsg_for_errno(errmsgbuf,
PCAP_ERRBUF_SIZE, errno, "malloc() failed");
free(username);
goto error;
}
status = rpcapd_recv(pars->sockctrl, pars->ssl, passwd, passwdlen, &plen, errmsgbuf);
if (status == -1)
{
free(username);
free(passwd);
return -1;
}
if (status == -2)
{
free(username);
free(passwd);
goto error;
}
passwd[passwdlen] = '\0';
if (daemon_AuthUserPwd(username, passwd, errmsgbuf))
{
//
// Authentication failed. Let the client
// know.
//
free(username);
free(passwd);
if (rpcap_senderror(pars->sockctrl, pars->ssl,
0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
//
// Suspend for 1 second, so that they can't
// hammer us with repeated tries with an
// attack such as a dictionary attack.
//
// WARNING: this delay is inserted only
// at this point; if the client closes the
// connection and reconnects, the suspension
// time does not have any effect.
//
sleep_secs(RPCAP_SUSPEND_WRONGAUTH);
goto error_noreply;
}
free(username);
free(passwd);
break;
}
default:
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
"Authentication type not recognized.");
if (rpcap_senderror(pars->sockctrl, pars->ssl,
0, PCAP_ERR_AUTH_TYPE_NOTSUP, errmsgbuf, errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
goto error_noreply;
}
// The authentication succeeded; let the client know.
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr((struct rpcap_header *) sendbuf, 0,
RPCAP_MSG_AUTH_REPLY, 0, sizeof(struct rpcap_authreply));
authreply = (struct rpcap_authreply *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_authreply), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
//
// Indicate to our peer what versions we support.
//
memset(authreply, 0, sizeof(struct rpcap_authreply));
authreply->minvers = RPCAP_MIN_VERSION;
authreply->maxvers = RPCAP_MAX_VERSION;
// Send the reply.
if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
// Check if all the data has been read; if not, discard the data in excess
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
{
return -1;
}
return 0;
error:
if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH,
errmsgbuf, errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
error_noreply:
// Check if all the data has been read; if not, discard the data in excess
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
{
return -1;
}
return -2;
}
static int
daemon_AuthUserPwd(char *username, char *password, char *errbuf)
{
#ifdef _WIN32
/*
* Warning: the user which launches the process must have the
* SE_TCB_NAME right.
* This corresponds to have the "Act as part of the Operating System"
* turned on (administrative tools, local security settings, local
* policies, user right assignment)
* However, it seems to me that if you run it as a service, this
* right should be provided by default.
*
* XXX - hopefully, this returns errors such as ERROR_LOGON_FAILURE,
* which merely indicates that the user name or password is
* incorrect, not whether it's the user name or the password
* that's incorrect, so a client that's trying to brute-force
* accounts doesn't know whether it's the user name or the
* password that's incorrect, so it doesn't know whether to
* stop trying to log in with a given user name and move on
* to another user name.
*/
DWORD error;
HANDLE Token;
char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to log
if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
error = GetLastError();
if (error != ERROR_LOGON_FAILURE)
{
// Some error other than an authentication error;
// log it.
pcap_fmt_errmsg_for_win32_err(errmsgbuf,
PCAP_ERRBUF_SIZE, error, "LogonUser() failed");
rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
}
return -1;
}
// This call should change the current thread to the selected user.
// I didn't test it.
if (ImpersonateLoggedOnUser(Token) == 0)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
pcap_fmt_errmsg_for_win32_err(errmsgbuf, PCAP_ERRBUF_SIZE,
GetLastError(), "ImpersonateLoggedOnUser() failed");
rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
CloseHandle(Token);
return -1;
}
CloseHandle(Token);
return 0;
#else
/*
* See
*
* https://www.unixpapa.com/incnote/passwd.html
*
* We use the Solaris/Linux shadow password authentication if
* we have getspnam(), otherwise we just do traditional
* authentication, which, on some platforms, might work, even
* with shadow passwords, if we're running as root. Traditional
* authenticaion won't work if we're not running as root, as
* I think these days all UN*Xes either won't return the password
* at all with getpwnam() or will only do so if you're root.
*
* XXX - perhaps what we *should* be using is PAM, if we have
* it. That might hide all the details of username/password
* authentication, whether it's done with a visible-to-root-
* only password database or some other authentication mechanism,
* behind its API.
*/
int error;
struct passwd *user;
char *user_password;
#ifdef HAVE_GETSPNAM
struct spwd *usersp;
#endif
char *crypt_password;
// This call is needed to get the uid
if ((user = getpwnam(username)) == NULL)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
return -1;
}
#ifdef HAVE_GETSPNAM
// This call is needed to get the password; otherwise 'x' is returned
if ((usersp = getspnam(username)) == NULL)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
return -1;
}
user_password = usersp->sp_pwdp;
#else
/*
* XXX - what about other platforms?
* The unixpapa.com page claims this Just Works on *BSD if you're
* running as root - it's from 2000, so it doesn't indicate whether
* macOS (which didn't come out until 2001, under the name Mac OS
* X) behaves like the *BSDs or not, and might also work on AIX.
* HP-UX does something else.
*
* Again, hopefully PAM hides all that.
*/
user_password = user->pw_passwd;
#endif
//
// The Single UNIX Specification says that if crypt() fails it
// sets errno, but some implementatons that haven't been run
// through the SUS test suite might not do so.
//
errno = 0;
crypt_password = crypt(password, user_password);
if (crypt_password == NULL)
{
error = errno;
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
if (error == 0)
{
// It didn't set errno.
rpcapd_log(LOGPRIO_ERROR, "crypt() failed");
}
else
{
rpcapd_log(LOGPRIO_ERROR, "crypt() failed: %s",
strerror(error));
}
return -1;
}
if (strcmp(user_password, crypt_password) != 0)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
return -1;
}
if (setuid(user->pw_uid))
{
error = errno;
pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
error, "setuid");
rpcapd_log(LOGPRIO_ERROR, "setuid() failed: %s",
strerror(error));
return -1;
}
/* if (setgid(user->pw_gid))
{
error = errno;
pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
errno, "setgid");
rpcapd_log(LOGPRIO_ERROR, "setgid() failed: %s",
strerror(error));
return -1;
}
*/
return 0;
#endif
}
/*
* Make sure that the reply length won't overflow 32 bits if we add the
* specified amount to it. If it won't, add that amount to it.
*
* We check whether replylen + itemlen > UINT32_MAX, but subtract itemlen
* from both sides, to prevent overflow.
*/
#define CHECK_AND_INCREASE_REPLY_LEN(itemlen) \
if (replylen > UINT32_MAX - (itemlen)) { \
pcap_strlcpy(errmsgbuf, "Reply length doesn't fit in 32 bits", \
sizeof (errmsgbuf)); \
goto error; \
} \
replylen += (uint32)(itemlen)
static int
daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen)
{
char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx = 0; // index which keeps the number of bytes currently buffered
pcap_if_t *alldevs = NULL; // pointer to the header of the interface chain
pcap_if_t *d; // temp pointer needed to scan the interface chain
struct pcap_addr *address; // pcap structure that keeps a network address of an interface
struct rpcap_findalldevs_if *findalldevs_if;// rpcap structure that packet all the data of an interface together
uint32 replylen; // length of reply payload
uint16 nif = 0; // counts the number of interface listed
// Discard the rest of the message; there shouldn't be any payload.
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
{
// Network error.
return -1;
}
// Retrieve the device list
if (pcap_findalldevs(&alldevs, errmsgbuf) == -1)
goto error;
if (alldevs == NULL)
{
if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
PCAP_ERR_NOREMOTEIF,
"No interfaces found! Make sure libpcap/WinPcap is properly installed"
" and you have the right to access to the remote device.",
errbuf) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
return 0;
}
// This checks the number of interfaces and computes the total
// length of the payload.
replylen = 0;
for (d = alldevs; d != NULL; d = d->next)
{
nif++;
if (d->description) {
size_t stringlen = strlen(d->description);
if (stringlen > UINT16_MAX) {
pcap_strlcpy(errmsgbuf,
"Description length doesn't fit in 16 bits",
sizeof (errmsgbuf));
goto error;
}
CHECK_AND_INCREASE_REPLY_LEN(stringlen);
}
if (d->name) {
size_t stringlen = strlen(d->name);
if (stringlen > UINT16_MAX) {
pcap_strlcpy(errmsgbuf,
"Name length doesn't fit in 16 bits",
sizeof (errmsgbuf));
goto error;
}
CHECK_AND_INCREASE_REPLY_LEN(stringlen);
}
CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_findalldevs_if));
uint16_t naddrs = 0;
for (address = d->addresses; address != NULL; address = address->next)
{
/*
* Send only IPv4 and IPv6 addresses over the wire.
*/
switch (address->addr->sa_family)
{
case AF_INET:
#ifdef AF_INET6
case AF_INET6:
#endif
CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_sockaddr) * 4);
if (naddrs == UINT16_MAX) {
pcap_strlcpy(errmsgbuf,
"Number of interfaces doesn't fit in 16 bits",
sizeof (errmsgbuf));
goto error;
}
naddrs++;
break;
default:
break;
}
}
}
// RPCAP findalldevs reply
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf,
PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
RPCAP_MSG_FINDALLIF_REPLY, nif, replylen);
// send the interface list
for (d = alldevs; d != NULL; d = d->next)
{
uint16 lname, ldescr;
findalldevs_if = (struct rpcap_findalldevs_if *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_findalldevs_if), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
memset(findalldevs_if, 0, sizeof(struct rpcap_findalldevs_if));
/*
* We've already established that the string lengths
* fit in 16 bits.
*/
if (d->description)
ldescr = (uint16) strlen(d->description);
else
ldescr = 0;
if (d->name)
lname = (uint16) strlen(d->name);
else
lname = 0;
findalldevs_if->desclen = htons(ldescr);
findalldevs_if->namelen = htons(lname);
findalldevs_if->flags = htonl(d->flags);
for (address = d->addresses; address != NULL; address = address->next)
{
/*
* Send only IPv4 and IPv6 addresses over the wire.
*/
switch (address->addr->sa_family)
{
case AF_INET:
#ifdef AF_INET6
case AF_INET6:
#endif
findalldevs_if->naddr++;
break;
default:
break;
}
}
findalldevs_if->naddr = htons(findalldevs_if->naddr);
if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
PCAP_ERRBUF_SIZE) == -1)
goto error;
if (sock_bufferize(d->description, ldescr, sendbuf, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
PCAP_ERRBUF_SIZE) == -1)
goto error;
// send all addresses
for (address = d->addresses; address != NULL; address = address->next)
{
struct rpcap_sockaddr *sockaddr;
/*
* Send only IPv4 and IPv6 addresses over the wire.
*/
switch (address->addr->sa_family)
{
case AF_INET:
#ifdef AF_INET6
case AF_INET6:
#endif
sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
daemon_seraddr((struct sockaddr_storage *) address->addr, sockaddr);
sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
daemon_seraddr((struct sockaddr_storage *) address->netmask, sockaddr);
sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
daemon_seraddr((struct sockaddr_storage *) address->broadaddr, sockaddr);
sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
daemon_seraddr((struct sockaddr_storage *) address->dstaddr, sockaddr);
break;
default:
break;
}
}
}
// We no longer need the device list. Free it.
pcap_freealldevs(alldevs);
// Send a final command that says "now send it!"
if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
return 0;
error:
if (alldevs)
pcap_freealldevs(alldevs);
if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
return 0;
}
/*
\param plen: the length of the current message (needed in order to be able
to discard excess data in the message, if present)
*/
static int
daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
char *source, size_t sourcelen)
{
char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
pcap_t *fp; // pcap_t main variable
int nread;
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx = 0; // index which keeps the number of bytes currently buffered
struct rpcap_openreply *openreply; // open reply message
if (plen > sourcelen - 1)
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long");
goto error;
}
nread = sock_recv(pars->sockctrl, pars->ssl, source, plen,
SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
if (nread == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
return -1;
}
source[nread] = '\0';
plen -= nread;
// Is this a URL rather than a device?
// If so, reject it.
if (is_url(source))
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string refers to a remote device");
goto error;
}
// Open the selected device
// This is a fake open, since we do that only to get the needed parameters, then we close the device again
if ((fp = pcap_open_live(source,
1500 /* fake snaplen */,
0 /* no promis */,
1000 /* fake timeout */,
errmsgbuf)) == NULL)
goto error;
// Now, I can send a RPCAP open reply message
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_openreply), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
memset(openreply, 0, sizeof(struct rpcap_openreply));
openreply->linktype = htonl(pcap_datalink(fp));
/*
* This is always 0 for live captures; we no longer support it
* as something we read from capture files and supply to
* clients, but we have to send it over the wire, as open
* replies are expected to have 8 bytes of payload by
* existing clients.
*/
openreply->tzoff = 0;
// We're done with the pcap_t.
pcap_close(fp);
// Send the reply.
if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
return 0;
error:
if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_OPEN,
errmsgbuf, errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
// Check if all the data has been read; if not, discard the data in excess
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
{
return -1;
}
return 0;
}
/*
\param plen: the length of the current message (needed in order to be able
to discard excess data in the message, if present)
*/
static int
daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
char *source, struct session **sessionp,
struct rpcap_sampling *samp_param _U_, int uses_ssl)
{
char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
char portdata[PCAP_BUF_SIZE]; // temp variable needed to derive the data port
char peerhost[PCAP_BUF_SIZE]; // temp variable needed to derive the host name of our peer
struct session *session = NULL; // saves state of session
int status;
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx = 0; // index which keeps the number of bytes currently buffered
// socket-related variables
struct addrinfo hints; // temp, needed to open a socket connection
struct addrinfo *addrinfo; // temp, needed to open a socket connection
struct sockaddr_storage saddr; // temp, needed to retrieve the network data port chosen on the local machine
socklen_t saddrlen; // temp, needed to retrieve the network data port chosen on the local machine
int ret; // return value from functions
// RPCAP-related variables
struct rpcap_startcapreq startcapreq; // start capture request message
struct rpcap_startcapreply *startcapreply; // start capture reply message
int serveropen_dp; // keeps who is going to open the data connection
addrinfo = NULL;
status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &startcapreq,
sizeof(struct rpcap_startcapreq), &plen, errmsgbuf);
if (status == -1)
{
goto fatal_error;
}
if (status == -2)
{
goto error;
}
startcapreq.flags = ntohs(startcapreq.flags);
// Check that the client does not ask for UDP is the server has been asked
// to enforce encryption, as SSL is not supported yet with UDP:
if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM))
{
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"SSL not supported with UDP forward of remote packets");
goto error;
}
// Create a session structure
session = malloc(sizeof(struct session));
if (session == NULL)
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure");
goto error;
}
session->sockdata = INVALID_SOCKET;
session->ctrl_ssl = session->data_ssl = NULL;
// We don't have a thread yet.
session->have_thread = 0;
//
// We *shouldn't* have to initialize the thread indicator
// itself, because the compiler *should* realize that we
// only use this if have_thread isn't 0, but we *do* have
// to do it, because not all compilers *do* realize that.
//
// There is no "invalid thread handle" value for a UN*X
// pthread_t, so we just zero it out.
//
#ifdef _WIN32
session->thread = INVALID_HANDLE_VALUE;
#else
memset(&session->thread, 0, sizeof(session->thread));
#endif
// Open the selected device
if ((session->fp = pcap_open_live(source,
ntohl(startcapreq.snaplen),
(startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_PROMISC) ? 1 : 0 /* local device, other flags not needed */,
ntohl(startcapreq.read_timeout),
errmsgbuf)) == NULL)
goto error;
#if 0
// Apply sampling parameters
fp->rmt_samp.method = samp_param->method;
fp->rmt_samp.value = samp_param->value;
#endif
/*
We're in active mode if:
- we're using TCP, and the user wants us to be in active mode
- we're using UDP
*/
serveropen_dp = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_SERVEROPEN) || (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) || pars->isactive;
/*
Gets the sockaddr structure referred to the other peer in the ctrl connection
We need that because:
- if we're in passive mode, we need to know the address family we want to use
(the same used for the ctrl socket)
- if we're in active mode, we need to know the network address of the other host
we want to connect to
*/
saddrlen = sizeof(struct sockaddr_storage);
if (getpeername(pars->sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
{
sock_geterror("getpeername()", errmsgbuf, PCAP_ERRBUF_SIZE);
goto error;
}
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_socktype = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_family = saddr.ss_family;
// Now we have to create a new socket to send packets
if (serveropen_dp) // Data connection is opened by the server toward the client
{
snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata));
// Get the name of the other peer (needed to connect to that specific network address)
if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
{
sock_geterror("getnameinfo()", errmsgbuf, PCAP_ERRBUF_SIZE);
goto error;
}
if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
goto error;
}
else // Data connection is opened by the client toward the server
{
hints.ai_flags = AI_PASSIVE;
// Let's the server socket pick up a free network port for us
if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
goto error;
// get the complete sockaddr structure used in the data connection
saddrlen = sizeof(struct sockaddr_storage);
if (getsockname(session->sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
{
sock_geterror("getsockname()", errmsgbuf, PCAP_ERRBUF_SIZE);
goto error;
}
// Get the local port the system picked up
if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
0, portdata, sizeof(portdata), NI_NUMERICSERV))
{
sock_geterror("getnameinfo()", errmsgbuf, PCAP_ERRBUF_SIZE);
goto error;
}
}
// addrinfo is no longer used
freeaddrinfo(addrinfo);
addrinfo = NULL;
// Needed to send an error on the ctrl connection
session->sockctrl = pars->sockctrl;
session->ctrl_ssl = pars->ssl;
session->protocol_version = ver;
// Now I can set the filter
ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
if (ret == -1)
{
// Fatal error. A message has been logged; just give up.
goto fatal_error;
}
if (ret == -2)
{
// Non-fatal error. Send an error message to the client.
goto error;
}
// Now, I can send a RPCAP start capture reply message
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreply), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
memset(startcapreply, 0, sizeof(struct rpcap_startcapreply));
startcapreply->bufsize = htonl(pcap_bufsize(session->fp));
if (!serveropen_dp)
{
unsigned short port = (unsigned short)strtoul(portdata,NULL,10);
startcapreply->portdata = htons(port);
}
if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
goto fatal_error;
}
if (!serveropen_dp)
{
SOCKET socktemp; // We need another socket, since we're going to accept() a connection
// Connection creation
saddrlen = sizeof(struct sockaddr_storage);
socktemp = accept(session->sockdata, (struct sockaddr *) &saddr, &saddrlen);
if (socktemp == INVALID_SOCKET)
{
sock_geterror("accept()", errbuf, PCAP_ERRBUF_SIZE);
rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s",
errbuf);
goto error;
}
// Now that I accepted the connection, the server socket is no longer needed
sock_close(session->sockdata, NULL, 0);
session->sockdata = socktemp;
}
SSL *ssl = NULL;
if (uses_ssl)
{
#ifdef HAVE_OPENSSL
/* In both active or passive cases, wait for the client to initiate the
* TLS handshake. Yes during that time the control socket will not be
* served, but the same was true from the above call to accept(). */
ssl = ssl_promotion(1, session->sockdata, errbuf, PCAP_ERRBUF_SIZE);
if (! ssl)
{
rpcapd_log(LOGPRIO_ERROR, "TLS handshake failed: %s", errbuf);
goto error;
}
#endif
}
session->data_ssl = ssl;
// Now we have to create a new thread to receive packets
#ifdef _WIN32
session->thread = (HANDLE)_beginthreadex(NULL, 0, daemon_thrdatamain,
(void *) session, 0, NULL);
if (session->thread == 0)
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
goto error;
}
#else
ret = pthread_create(&session->thread, NULL, daemon_thrdatamain,
(void *) session);
if (ret != 0)
{
pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
ret, "Error creating the data thread");
goto error;
}
#endif
session->have_thread = 1;
// Check if all the data has been read; if not, discard the data in excess
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
goto fatal_error;
*sessionp = session;
return 0;
error:
//
// Not a fatal error, so send the client an error message and
// keep serving client requests.
//
*sessionp = NULL;
if (addrinfo)
freeaddrinfo(addrinfo);
if (session)
{
session_close(session);
free(session);
}
if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
// Check if all the data has been read; if not, discard the data in excess
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
{
// Network error.
return -1;
}
return 0;
fatal_error:
//
// Fatal network error, so don't try to communicate with
// the client, just give up.
//
*sessionp = NULL;
if (session)
{
session_close(session);
free(session);
}
return -1;
}
static int
daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
struct session *session)
{
char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
struct rpcap_header header;
session_close(session);
rpcap_createhdr(&header, ver, RPCAP_MSG_ENDCAP_REPLY, 0, 0);
if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
return 0;
}
//
// We impose a limit on the filter program size, so that, on Windows,
// where there's only one server process with multiple threads, it's
// harder to eat all the server address space by sending larger filter
// programs. (This isn't an issue on UN*X, where there are multiple
// server processes, one per client connection.)
//
// We pick a value that limits each filter to 64K; that value is twice
// the in-kernel limit for Linux and 16 times the in-kernel limit for
// *BSD and macOS.
//
// It also prevents an overflow on 32-bit platforms when calculating
// the total size of the filter program. (It's not an issue on 64-bit
// platforms with a 64-bit size_t, as the filter size is 32 bits.)
//
#define RPCAP_BPF_MAXINSNS 8192
static int
daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf)
{
int status;
struct rpcap_filter filter;
struct rpcap_filterbpf_insn insn;
struct bpf_insn *bf_insn;
struct bpf_program bf_prog;
unsigned int i;
status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &filter,
sizeof(struct rpcap_filter), plenp, errmsgbuf);
if (status == -1)
{
return -1;
}
if (status == -2)
{
return -2;
}
bf_prog.bf_len = ntohl(filter.nitems);
if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
return -2;
}
if (bf_prog.bf_len > RPCAP_BPF_MAXINSNS)
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
"Filter program is larger than the maximum size of %u instructions",
RPCAP_BPF_MAXINSNS);
return -2;
}
bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
if (bf_insn == NULL)
{
pcap_fmt_errmsg_for_errno(errmsgbuf, PCAP_ERRBUF_SIZE,
errno, "malloc() failed");
return -2;
}
bf_prog.bf_insns = bf_insn;
for (i = 0; i < bf_prog.bf_len; i++)
{
status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &insn,
sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf);
if (status == -1)
{
return -1;
}
if (status == -2)
{
return -2;
}
bf_insn->code = ntohs(insn.code);
bf_insn->jf = insn.jf;
bf_insn->jt = insn.jt;
bf_insn->k = ntohl(insn.k);
bf_insn++;
}
//
// XXX - pcap_setfilter() should do the validation for us.
//
if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
return -2;
}
if (pcap_setfilter(session->fp, &bf_prog))
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
return -2;
}
return 0;
}
static int
daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
struct session *session, uint32 plen)
{
char errbuf[PCAP_ERRBUF_SIZE];
char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
int ret; // status of daemon_unpackapplyfilter()
struct rpcap_header header; // keeps the answer to the updatefilter command
ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
if (ret == -1)
{
// Fatal error. A message has been logged; just give up.
return -1;
}
if (ret == -2)
{
// Non-fatal error. Send an error reply to the client.
goto error;
}
// Check if all the data has been read; if not, discard the data in excess
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
{
// Network error.
return -1;
}
// A response is needed, otherwise the other host does not know that everything went well
rpcap_createhdr(&header, ver, RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0);
if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), pcap_geterr(session->fp), PCAP_ERRBUF_SIZE))
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
return 0;
error:
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
{
return -1;
}
rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_UPDATEFILTER,
errmsgbuf, NULL);
return 0;
}
/*!
\brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
*/
static int
daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
struct rpcap_sampling *samp_param)
{
char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
char errmsgbuf[PCAP_ERRBUF_SIZE];
struct rpcap_header header;
struct rpcap_sampling rpcap_samp;
int status;
status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &rpcap_samp, sizeof(struct rpcap_sampling), &plen, errmsgbuf);
if (status == -1)
{
return -1;
}
if (status == -2)
{
goto error;
}
// Save these settings in the pcap_t
samp_param->method = rpcap_samp.method;
samp_param->value = ntohl(rpcap_samp.value);
// A response is needed, otherwise the other host does not know that everything went well
rpcap_createhdr(&header, ver, RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
{
return -1;
}
return 0;
error:
if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_SETSAMPLING,
errmsgbuf, errbuf) == -1)
{
// That failed; log a message and give up.
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
// Check if all the data has been read; if not, discard the data in excess
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
{
return -1;
}
return 0;
}
static int
daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
struct session *session, uint32 plen, struct pcap_stat *stats,
unsigned int svrcapt)
{
char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx = 0; // index which keeps the number of bytes currently buffered
struct rpcap_stats *netstats; // statistics sent on the network
// Checks that the header does not contain other data; if so, discard it
if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
{
// Network error.
return -1;
}
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct rpcap_stats), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if (session && session->fp)
{
if (pcap_stats(session->fp, stats) == -1)
{
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp));
goto error;
}
netstats->ifdrop = htonl(stats->ps_ifdrop);
netstats->ifrecv = htonl(stats->ps_recv);
netstats->krnldrop = htonl(stats->ps_drop);
netstats->svrcapt = htonl(session->TotCapt);
}
else
{
// We have to keep compatibility with old applications,
// which ask for statistics also when the capture has
// already stopped.
netstats->ifdrop = htonl(stats->ps_ifdrop);
netstats->ifrecv = htonl(stats->ps_recv);
netstats->krnldrop = htonl(stats->ps_drop);
netstats->svrcapt = htonl(svrcapt);
}
// Send the packet
if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
return -1;
}
return 0;
error:
rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_GETSTATS,
errmsgbuf, NULL);
return 0;
}
#ifdef _WIN32
static unsigned __stdcall
#else
static void *
#endif
daemon_thrdatamain(void *ptr)
{
char errbuf[PCAP_ERRBUF_SIZE + 1]; // error buffer
struct session *session; // pointer to the struct session for this session
int retval; // general variable used to keep the return value of other functions
struct rpcap_pkthdr *net_pkt_header;// header of the packet
struct pcap_pkthdr *pkt_header; // pointer to the buffer that contains the header of the current packet
u_char *pkt_data; // pointer to the buffer that contains the current packet
size_t sendbufsize; // size for the send buffer
char *sendbuf; // temporary buffer in which data to be sent is buffered
int sendbufidx; // index which keeps the number of bytes currently buffered
int status;
#ifndef _WIN32
sigset_t sigusr1; // signal set with just SIGUSR1
#endif
session = (struct session *) ptr;
session->TotCapt = 0; // counter which is incremented each time a packet is received
// Initialize errbuf
memset(errbuf, 0, sizeof(errbuf));
//
// We need a buffer large enough to hold a buffer large enough
// for a maximum-size packet for this pcap_t.
//
if (pcap_snapshot(session->fp) < 0)
{
//
// The snapshot length is negative.
// This "should not happen".
//
rpcapd_log(LOGPRIO_ERROR,
"Unable to allocate the buffer for this child thread: snapshot length of %d is negative",
pcap_snapshot(session->fp));
sendbuf = NULL; // we can't allocate a buffer, so nothing to free
goto error;
}
//
// size_t is unsigned, and the result of pcap_snapshot() is signed;
// on no platform that we support is int larger than size_t.
// This means that, unless the extra information we prepend to
// a maximum-sized packet is impossibly large, the sum of the
// snapshot length and the size of that extra information will
// fit in a size_t.
//
// So we don't need to make sure that sendbufsize will overflow.
//
// However, we *do* need to make sure its value fits in an int,
// because sock_send() can't send more than INT_MAX bytes (it could
// do so on 64-bit UN*Xes, but can't do so on Windows, not even
// 64-bit Windows, as the send() buffer size argument is an int
// in Winsock).
//
sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp);
if (sendbufsize > INT_MAX)
{
rpcapd_log(LOGPRIO_ERROR,
"Buffer size for this child thread would be larger than %d",
INT_MAX);
sendbuf = NULL; // we haven't allocated a buffer, so nothing to free
goto error;
}
sendbuf = (char *) malloc (sendbufsize);
if (sendbuf == NULL)
{
rpcapd_log(LOGPRIO_ERROR,
"Unable to allocate the buffer for this child thread");
goto error;
}
#ifndef _WIN32
//
// Set the signal set to include just SIGUSR1, and block that
// signal; we only want it unblocked when we're reading
// packets - we dn't want any other system calls, such as
// ones being used to send to the client or to log messages,
// to be interrupted.
//
sigemptyset(&sigusr1);
sigaddset(&sigusr1, SIGUSR1);
pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
#endif
// Retrieve the packets
for (;;)
{
#ifndef _WIN32
//
// Unblock SIGUSR1 while we might be waiting for packets.
//
pthread_sigmask(SIG_UNBLOCK, &sigusr1, NULL);
#endif
retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data); // cast to avoid a compiler warning
#ifndef _WIN32
//
// Now block it again.
//
pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
#endif
if (retval < 0)
break; // error
if (retval == 0) // Read timeout elapsed
continue;
sendbufidx = 0;
// Bufferize the general header
if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
&sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
PCAP_ERRBUF_SIZE) == -1)
{
rpcapd_log(LOGPRIO_ERROR,
"sock_bufferize() error sending packet message: %s",
errbuf);
goto error;
}
rpcap_createhdr((struct rpcap_header *) sendbuf,
session->protocol_version, RPCAP_MSG_PACKET, 0,
(uint16) (sizeof(struct rpcap_pkthdr) + pkt_header->caplen));
net_pkt_header = (struct rpcap_pkthdr *) &sendbuf[sendbufidx];
// Bufferize the pkt header
if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL,
&sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
PCAP_ERRBUF_SIZE) == -1)
{
rpcapd_log(LOGPRIO_ERROR,
"sock_bufferize() error sending packet message: %s",
errbuf);
goto error;
}
net_pkt_header->caplen = htonl(pkt_header->caplen);
net_pkt_header->len = htonl(pkt_header->len);
net_pkt_header->npkt = htonl(++(session->TotCapt));
//
// This protocol needs to be updated with a new version
// before 2038-01-19 03:14:07 UTC.
//
net_pkt_header->timestamp_sec = htonl((uint32)pkt_header->ts.tv_sec);
net_pkt_header->timestamp_usec = htonl((uint32)pkt_header->ts.tv_usec);
// Bufferize the pkt data
if (sock_bufferize((char *) pkt_data, pkt_header->caplen,
sendbuf, &sendbufidx, (int)sendbufsize, SOCKBUF_BUFFERIZE,
errbuf, PCAP_ERRBUF_SIZE) == -1)
{
rpcapd_log(LOGPRIO_ERROR,
"sock_bufferize() error sending packet message: %s",
errbuf);
goto error;
}
// Send the packet
// If the client dropped the connection, don't report an
// error, just quit.
status = sock_send(session->sockdata, session->data_ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE);
if (status < 0)
{
if (status == -1)
{
//
// Error other than "client closed the
// connection out from under us"; report
// it.
//
rpcapd_log(LOGPRIO_ERROR,
"Send of packet to client failed: %s",
errbuf);
}
//
// Give up in either case.
//
goto error;
}
}
if (retval < 0 && retval != PCAP_ERROR_BREAK)
{
//
// Failed with an error other than "we were told to break
// out of the loop".
//
// The latter just means that the client told us to stop
// capturing, so there's no error to report.
//
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
rpcap_senderror(session->sockctrl, session->ctrl_ssl, session->protocol_version,
PCAP_ERR_READEX, errbuf, NULL);
}
error:
//
// The main thread will clean up the session structure.
//
free(sendbuf);
return 0;
}
#ifndef _WIN32
//
// Do-nothing handler for SIGUSR1; the sole purpose of SIGUSR1 is to
// interrupt the data thread if it's blocked in a system call waiting
// for packets to arrive.
//
static void noop_handler(int sign _U_)
{
}
#endif
/*!
\brief It serializes a network address.
It accepts a 'sockaddr_storage' structure as input, and it converts it appropriately into a format
that can be used to be sent on the network. Basically, it applies all the hton()
conversion required to the input variable.
\param sockaddrin a 'sockaddr_storage' pointer to the variable that has to be
serialized. This variable can be both a 'sockaddr_in' and 'sockaddr_in6'.
\param sockaddrout an 'rpcap_sockaddr' pointer to the variable that will contain
the serialized data. This variable has to be allocated by the user.
\warning This function supports only AF_INET and AF_INET6 address families.
*/
static void
daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout)
{
memset(sockaddrout, 0, sizeof(struct sockaddr_storage));
// There can be the case in which the sockaddrin is not available
if (sockaddrin == NULL) return;
// Warning: we support only AF_INET and AF_INET6
switch (sockaddrin->ss_family)
{
case AF_INET:
{
struct sockaddr_in *sockaddrin_ipv4;
struct rpcap_sockaddr_in *sockaddrout_ipv4;
sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
sockaddrout_ipv4 = (struct rpcap_sockaddr_in *) sockaddrout;
sockaddrout_ipv4->family = htons(RPCAP_AF_INET);
sockaddrout_ipv4->port = htons(sockaddrin_ipv4->sin_port);
memcpy(&sockaddrout_ipv4->addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4->addr));
memset(sockaddrout_ipv4->zero, 0, sizeof(sockaddrout_ipv4->zero));
break;
}
#ifdef AF_INET6
case AF_INET6:
{
struct sockaddr_in6 *sockaddrin_ipv6;
struct rpcap_sockaddr_in6 *sockaddrout_ipv6;
sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
sockaddrout_ipv6 = (struct rpcap_sockaddr_in6 *) sockaddrout;
sockaddrout_ipv6->family = htons(RPCAP_AF_INET6);
sockaddrout_ipv6->port = htons(sockaddrin_ipv6->sin6_port);
sockaddrout_ipv6->flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
memcpy(&sockaddrout_ipv6->addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6->addr));
sockaddrout_ipv6->scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
break;
}
#endif
}
}
/*!
\brief Suspends a thread for secs seconds.
*/
void sleep_secs(int secs)
{
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
#ifdef _WIN32
Sleep(secs*1000);
#else
unsigned secs_remaining;
if (secs <= 0)
return;
secs_remaining = secs;
while (secs_remaining != 0)
secs_remaining = sleep(secs_remaining);
#endif
#endif
}
/*
* Read the header of a message.
*/
static int
rpcapd_recv_msg_header(SOCKET sock, SSL *ssl, struct rpcap_header *headerp)
{
int nread;
char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
nread = sock_recv(sock, ssl, (char *) headerp, sizeof(struct rpcap_header),
SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, errbuf, PCAP_ERRBUF_SIZE);
if (nread == -1)
{
// Network error.
rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
return -1;
}
if (nread == 0)
{
// Immediate EOF; that's treated like a close message.
return -2;
}
headerp->plen = ntohl(headerp->plen);
return 0;
}
/*
* Read data from a message.
* If we're trying to read more data that remains, puts an error
* message into errmsgbuf and returns -2. Otherwise, tries to read
* the data and, if that succeeds, subtracts the amount read from
* the number of bytes of data that remains.
* Returns 0 on success, logs a message and returns -1 on a network
* error.
*/
static int
rpcapd_recv(SOCKET sock, SSL *ssl, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf)
{
int nread;
char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
if (toread > *plen)
{
// Tell the client and continue.
snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
return -2;
}
nread = sock_recv(sock, ssl, buffer, toread,
SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
if (nread == -1)
{
rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
return -1;
}
*plen -= nread;
return 0;
}
/*
* Discard data from a connection.
* Mostly used to discard wrong-sized messages.
* Returns 0 on success, logs a message and returns -1 on a network
* error.
*/
static int
rpcapd_discard(SOCKET sock, SSL *ssl, uint32 len)
{
char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
if (len != 0)
{
if (sock_discard(sock, ssl, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
{
// Network error.
rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
return -1;
}
}
return 0;
}
//
// Shut down any packet-capture thread associated with the session,
// close the SSL handle for the data socket if we have one, close
// the data socket if we have one, and close the underlying packet
// capture handle if we have one.
//
// We do not, of course, touch the controlling socket that's also
// copied into the session, as the service loop might still use it.
//
static void session_close(struct session *session)
{
if (session->have_thread)
{
//
// Tell the data connection thread main capture loop to
// break out of that loop.
//
// This may be sufficient to wake up a blocked thread,
// but it's not guaranteed to be sufficient.
//
pcap_breakloop(session->fp);
#ifdef _WIN32
//
// Set the event on which a read would block, so that,
// if it's currently blocked waiting for packets to
// arrive, it'll wake up, so it can see the "break
// out of the loop" indication. (pcap_breakloop()
// might do this, but older versions don't. Setting
// it twice should, at worst, cause an extra wakeup,
// which shouldn't be a problem.)
//
// XXX - what about modules other than NPF?
//
SetEvent(pcap_getevent(session->fp));
//
// Wait for the thread to exit, so we don't close
// sockets out from under it.
//
// XXX - have a timeout, so we don't wait forever?
//
WaitForSingleObject(session->thread, INFINITE);
//
// Release the thread handle, as we're done with
// it.
//
CloseHandle(session->thread);
session->have_thread = 0;
session->thread = INVALID_HANDLE_VALUE;
#else
//
// Send a SIGUSR1 signal to the thread, so that, if
// it's currently blocked waiting for packets to arrive,
// it'll wake up (we've turned off SA_RESTART for
// SIGUSR1, so that the system call in which it's blocked
// should return EINTR rather than restarting).
//
pthread_kill(session->thread, SIGUSR1);
//
// Wait for the thread to exit, so we don't close
// sockets out from under it.
//
// XXX - have a timeout, so we don't wait forever?
//
pthread_join(session->thread, NULL);
session->have_thread = 0;
memset(&session->thread, 0, sizeof(session->thread));
#endif
}
#ifdef HAVE_OPENSSL
if (session->data_ssl)
{
// Finish using the SSL handle for the socket.
// This must be done *before* the socket is closed.
ssl_finish(session->data_ssl);
session->data_ssl = NULL;
}
#endif
if (session->sockdata != INVALID_SOCKET)
{
sock_close(session->sockdata, NULL, 0);
session->sockdata = INVALID_SOCKET;
}
if (session->fp)
{
pcap_close(session->fp);
session->fp = NULL;
}
}
//
// Check whether a capture source string is a URL or not.
// This includes URLs that refer to a local device; a scheme, followed
// by ://, followed by *another* scheme and ://, is just silly, and
// anybody who supplies that will get an error.
//
static int
is_url(const char *source)
{
char *colonp;
/*
* RFC 3986 says:
*
* URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
*
* hier-part = "//" authority path-abempty
* / path-absolute
* / path-rootless
* / path-empty
*
* authority = [ userinfo "@" ] host [ ":" port ]
*
* userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
*
* Step 1: look for the ":" at the end of the scheme.
* A colon in the source is *NOT* sufficient to indicate that
* this is a URL, as interface names on some platforms might
* include colons (e.g., I think some Solaris interfaces
* might).
*/
colonp = strchr(source, ':');
if (colonp == NULL)
{
/*
* The source is the device to open. It's not a URL.
*/
return (0);
}
/*
* All schemes must have "//" after them, i.e. we only support
* hier-part = "//" authority path-abempty, not
* hier-part = path-absolute
* hier-part = path-rootless
* hier-part = path-empty
*
* We need that in order to distinguish between a local device
* name that happens to contain a colon and a URI.
*/
if (strncmp(colonp + 1, "//", 2) != 0)
{
/*
* The source is the device to open. It's not a URL.
*/
return (0);
}
/*
* It's a URL.
*/
return (1);
}