/* * Copyright (c) 2002 - 2003 * NetGroup, Politecnico di Torino (Italy) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the Politecnico di Torino nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifdef HAVE_CONFIG_H #include #endif #include "ftmacros.h" #include "varattrs.h" #include // for the errno variable #include // for malloc(), free(), ... #include // for strlen(), ... #include // for INT_MAX #ifdef _WIN32 #include // for threads #else #include #include #include #include #include // for select() and such #include // for password management #endif #ifdef HAVE_GETSPNAM #include // for password management #endif #include // for libpcap/WinPcap calls #include "fmtutils.h" #include "sockutils.h" // for socket calls #include "portability.h" #include "rpcap-protocol.h" #include "daemon.h" #include "log.h" #ifdef HAVE_OPENSSL #include #include "sslutils.h" #endif // // Timeout, in seconds, when we're waiting for a client to send us an // authentication request; if they don't send us a request within that // interval, we drop the connection, so we don't stay stuck forever. // #define RPCAP_TIMEOUT_INIT 90 // // Timeout, in seconds, when we're waiting for an authenticated client // to send us a request, if a capture isn't in progress; if they don't // send us a request within that interval, we drop the connection, so // we don't stay stuck forever. // #define RPCAP_TIMEOUT_RUNTIME 180 // // Time, in seconds, that we wait after a failed authentication attempt // before processing the next request; this prevents a client from // rapidly trying different accounts or passwords. // #define RPCAP_SUSPEND_WRONGAUTH 1 // Parameters for the service loop. struct daemon_slpars { SOCKET sockctrl; //!< SOCKET ID of the control connection SSL *ssl; //!< Optional SSL handler for the controlling sockets int isactive; //!< Not null if the daemon has to run in active mode int nullAuthAllowed; //!< '1' if we permit NULL authentication, '0' otherwise }; // // Data for a session managed by a thread. // It includes both a Boolean indicating whether we *have* a thread, // and a platform-dependent (UN*X vs. Windows) identifier for the // thread; on Windows, we could use an invalid handle to indicate // that we don't have a thread, but there *is* no portable "no thread" // value for a pthread_t on UN*X. // struct session { SOCKET sockctrl; SOCKET sockdata; SSL *ctrl_ssl, *data_ssl; // optional SSL handlers for sockctrl and sockdata. uint8 protocol_version; pcap_t *fp; unsigned int TotCapt; int have_thread; #ifdef _WIN32 HANDLE thread; #else pthread_t thread; #endif }; // Locally defined functions static int daemon_msg_err(SOCKET sockctrl, SSL *, uint32 plen); static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen); static int daemon_AuthUserPwd(char *username, char *password, char *errbuf); static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen); static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, char *source, size_t sourcelen); static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, char *source, struct session **sessionp, struct rpcap_sampling *samp_param, int uses_ssl); static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars, struct session *session); static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars, struct session *session, uint32 plen); static int daemon_unpackapplyfilter(SOCKET sockctrl, SSL *, struct session *session, uint32 *plenp, char *errbuf); static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars, struct session *session, uint32 plen, struct pcap_stat *stats, unsigned int svrcapt); static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, struct rpcap_sampling *samp_param); static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout); #ifdef _WIN32 static unsigned __stdcall daemon_thrdatamain(void *ptr); #else static void *daemon_thrdatamain(void *ptr); static void noop_handler(int sign); #endif static int rpcapd_recv_msg_header(SOCKET sock, SSL *, struct rpcap_header *headerp); static int rpcapd_recv(SOCKET sock, SSL *, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf); static int rpcapd_discard(SOCKET sock, SSL *, uint32 len); static void session_close(struct session *); // // TLS record layer header; used when processing the first message from // the client, in case we aren't doing TLS but they are. // struct tls_record_header { uint8 type; // ContentType - will be 22, for Handshake uint8 version_major; // TLS protocol major version uint8 version_injor; // TLS protocol minor version // This is *not* aligned on a 2-byte boundary; we just // declare it as two bytes. Don't assume any particular // compiler's mechanism for saying "packed"! uint8 length_hi; // Upper 8 bits of payload length uint8 length_lo; // Low 8 bits of payload length }; #define TLS_RECORD_HEADER_LEN 5 // Don't use sizeof in case it's padded #define TLS_RECORD_TYPE_ALERT 21 #define TLS_RECORD_TYPE_HANDSHAKE 22 // // TLS alert message. // struct tls_alert { uint8 alert_level; uint8 alert_description; }; #define TLS_ALERT_LEN 2 #define TLS_ALERT_LEVEL_FATAL 2 #define TLS_ALERT_HANDSHAKE_FAILURE 40 static int is_url(const char *source); /* * Maximum sizes for fixed-bit-width values. */ #ifndef UINT16_MAX #define UINT16_MAX 65535U #endif #ifndef UINT32_MAX #define UINT32_MAX 4294967295U #endif int daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients, int nullAuthAllowed, int uses_ssl) { uint8 first_octet; struct tls_record_header tls_header; struct tls_alert tls_alert; struct daemon_slpars pars; // service loop parameters char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed char errmsgbuf[PCAP_ERRBUF_SIZE + 1]; // buffer for errors to send to the client int host_port_check_status; SSL *ssl = NULL; int nrecv; struct rpcap_header header; // RPCAP message general header uint32 plen; // payload length from header int authenticated = 0; // 1 if the client has successfully authenticated char source[PCAP_BUF_SIZE+1]; // keeps the string that contains the interface to open int got_source = 0; // 1 if we've gotten the source from an open request #ifndef _WIN32 struct sigaction action; #endif struct session *session = NULL; // struct session main variable const char *msg_type_string; // string for message type int client_told_us_to_close = 0; // 1 if the client told us to close the capture // needed to save the values of the statistics struct pcap_stat stats; unsigned int svrcapt; struct rpcap_sampling samp_param; // in case sampling has been requested // Structures needed for the select() call fd_set rfds; // set of socket descriptors we have to check struct timeval tv; // maximum time the select() can block waiting for data int retval; // select() return value *errbuf = 0; // Initialize errbuf // // Peek into the socket to determine whether the client sent us // a TLS handshake message or a non-TLS rpcapd message. // // The first byte of an rpcapd request is the version number; // the first byte of a TLS handshake message is 22. The // first request to an rpcapd server must be an authentication // request or a close request, and must have a version number // of 0, so it will be possible to distinguish between an // initial plaintext request to a server and an initial TLS // handshake message. // nrecv = sock_recv(sockctrl, NULL, (char *)&first_octet, 1, SOCK_EOF_ISNT_ERROR|SOCK_MSG_PEEK, errbuf, PCAP_ERRBUF_SIZE); if (nrecv == -1) { // Fatal error. rpcapd_log(LOGPRIO_ERROR, "Peek from client failed: %s", errbuf); goto end; } if (nrecv == 0) { // Client closed the connection. goto end; } #ifdef HAVE_OPENSSL // // We have to upgrade to TLS as soon as possible, so that the // whole protocol goes through the encrypted tunnel, including // early error messages. // // Even in active mode, the other end has to initiate the TLS // handshake as we still are the server as far as TLS is concerned, // so we don't check isactive. // if (uses_ssl) { // // We're expecting a TLS handshake message. If this // isn't one, assume it's a non-TLS rpcapd message. // // The first octet of a TLS handshake is // TLS_RECORD_TYPE_HANDSHAKE. // if (first_octet != TLS_RECORD_TYPE_HANDSHAKE) { // // We assume this is a non-TLS rpcapd message. // // Read the message header from the client. // nrecv = rpcapd_recv_msg_header(sockctrl, NULL, &header); if (nrecv == -1) { // Fatal error. goto end; } if (nrecv == -2) { // Client closed the connection. goto end; } plen = header.plen; // Discard the rest of the message. if (rpcapd_discard(sockctrl, NULL, plen) == -1) { // Network error. goto end; } // // Send an authentication error, indicating // that we require TLS. // if (rpcap_senderror(sockctrl, NULL, header.ver, PCAP_ERR_TLS_REQUIRED, "TLS is required by this server", errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // Shut the session down. goto end; } ssl = ssl_promotion(1, sockctrl, errbuf, PCAP_ERRBUF_SIZE); if (! ssl) { rpcapd_log(LOGPRIO_ERROR, "TLS handshake on control connection failed: %s", errbuf); goto end; } } else #endif { // // We're expecting a non-TLS rpcapd message. If this // looks, instead, like a TLS handshake message, send // a TLS handshake_failed alert. // // The first octet of a TLS handshake is // TLS_RECORD_TYPE_HANDSHAKE. // if (first_octet == TLS_RECORD_TYPE_HANDSHAKE) { // // TLS handshake. // Read the record header. // nrecv = sock_recv(sockctrl, ssl, (char *) &tls_header, sizeof tls_header, SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, errbuf, PCAP_ERRBUF_SIZE); if (nrecv == -1) { // Network error. rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); goto end; } if (nrecv == 0) { // Immediate EOF goto end; } plen = (tls_header.length_hi << 8) | tls_header.length_lo; // Discard the rest of the message. if (rpcapd_discard(sockctrl, NULL, plen) == -1) { // Network error. goto end; } // // Send a TLS handshake failure alert. // Use the same version the client sent us. // tls_header.type = TLS_RECORD_TYPE_ALERT; tls_header.length_hi = 0; tls_header.length_lo = TLS_ALERT_LEN; if (sock_send(sockctrl, NULL, (char *) &tls_header, TLS_RECORD_HEADER_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } tls_alert.alert_level = TLS_ALERT_LEVEL_FATAL; tls_alert.alert_description = TLS_ALERT_HANDSHAKE_FAILURE; if (sock_send(sockctrl, NULL, (char *) &tls_alert, TLS_ALERT_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // // Give up anyway. // goto end; } } // Set parameters structure pars.sockctrl = sockctrl; pars.ssl = ssl; pars.isactive = isactive; // active mode pars.nullAuthAllowed = nullAuthAllowed; // // We have a connection. // // If it's a passive mode connection, check whether the connecting // host is among the ones allowed. // // In either case, we were handed a copy of the host list; free it // as soon as we're done with it. // if (pars.isactive) { // Nothing to do. free(passiveClients); passiveClients = NULL; } else { struct sockaddr_storage from; socklen_t fromlen; // // Get the address of the other end of the connection. // fromlen = sizeof(struct sockaddr_storage); if (getpeername(pars.sockctrl, (struct sockaddr *)&from, &fromlen) == -1) { sock_geterror("getpeername()", errmsgbuf, PCAP_ERRBUF_SIZE); if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1) rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // // Are they in the list of host/port combinations we allow? // host_port_check_status = sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE); free(passiveClients); passiveClients = NULL; if (host_port_check_status < 0) { if (host_port_check_status == -2) { // // We got an error; log it. // rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf); } // // Sorry, we can't let you in. // if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1) rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } } #ifndef _WIN32 // // Catch SIGUSR1, but do nothing. We use it to interrupt the // capture thread to break it out of a loop in which it's // blocked waiting for packets to arrive. // // We don't want interrupted system calls to restart, so that // the read routine for the pcap_t gets EINTR rather than // restarting if it's blocked in a system call. // memset(&action, 0, sizeof (action)); action.sa_handler = noop_handler; action.sa_flags = 0; sigemptyset(&action.sa_mask); sigaction(SIGUSR1, &action, NULL); #endif // // The client must first authenticate; loop until they send us a // message with a version we support and credentials we accept, // they send us a close message indicating that they're giving up, // or we get a network error or other fatal error. // while (!authenticated) { // // If we're not in active mode, we use select(), with a // timeout, to wait for an authentication request; if // the timeout expires, we drop the connection, so that // a client can't just connect to us and leave us // waiting forever. // if (!pars.isactive) { FD_ZERO(&rfds); // We do not have to block here tv.tv_sec = RPCAP_TIMEOUT_INIT; tv.tv_usec = 0; FD_SET(pars.sockctrl, &rfds); retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv); if (retval == -1) { sock_geterror("select() failed", errmsgbuf, PCAP_ERRBUF_SIZE); if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1) rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // The timeout has expired // So, this was a fake connection. Drop it down if (retval == 0) { if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1) rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } } // // Read the message header from the client. // nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header); if (nrecv == -1) { // Fatal error. goto end; } if (nrecv == -2) { // Client closed the connection. goto end; } plen = header.plen; // // While we're in the authentication pharse, all requests // must use version 0. // if (header.ver != 0) { // // Send it back to them with their version. // if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_WRONGVER, "RPCAP version in requests in the authentication phase must be 0", errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // Discard the rest of the message and drop the // connection. (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen); goto end; } switch (header.type) { case RPCAP_MSG_AUTH_REQ: retval = daemon_msg_auth_req(&pars, plen); if (retval == -1) { // Fatal error; a message has // been logged, so just give up. goto end; } if (retval == -2) { // Non-fatal error; we sent back // an error message, so let them // try again. continue; } // OK, we're authenticated; we sent back // a reply, so start serving requests. authenticated = 1; break; case RPCAP_MSG_CLOSE: // // The client is giving up. // Discard the rest of the message, if // there is anything more. // (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen); // We're done with this client. goto end; case RPCAP_MSG_ERROR: // Log this and close the connection? // XXX - is this what happens in active // mode, where *we* initiate the // connection, and the client gives us // an error message rather than a "let // me log in" message, indicating that // we're not allowed to connect to them? (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen); goto end; case RPCAP_MSG_FINDALLIF_REQ: case RPCAP_MSG_OPEN_REQ: case RPCAP_MSG_STARTCAP_REQ: case RPCAP_MSG_UPDATEFILTER_REQ: case RPCAP_MSG_STATS_REQ: case RPCAP_MSG_ENDCAP_REQ: case RPCAP_MSG_SETSAMPLING_REQ: // // These requests can't be sent until // the client is authenticated. // msg_type_string = rpcap_msg_type_string(header.type); if (msg_type_string != NULL) { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string); } else { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type); } if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_WRONGMSG, errmsgbuf, errbuf) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // Discard the rest of the message. if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) { // Network error. goto end; } break; case RPCAP_MSG_PACKET: case RPCAP_MSG_FINDALLIF_REPLY: case RPCAP_MSG_OPEN_REPLY: case RPCAP_MSG_STARTCAP_REPLY: case RPCAP_MSG_UPDATEFILTER_REPLY: case RPCAP_MSG_AUTH_REPLY: case RPCAP_MSG_STATS_REPLY: case RPCAP_MSG_ENDCAP_REPLY: case RPCAP_MSG_SETSAMPLING_REPLY: // // These are server-to-client messages. // msg_type_string = rpcap_msg_type_string(header.type); if (msg_type_string != NULL) { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string); } else { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type); } if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_WRONGMSG, errmsgbuf, errbuf) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // Discard the rest of the message. if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) { // Fatal error. goto end; } break; default: // // Unknown message type. // snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type); if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_WRONGMSG, errmsgbuf, errbuf) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // Discard the rest of the message. if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) { // Fatal error. goto end; } break; } } // // OK, the client has authenticated itself, and we can start // processing regular requests from it. // // // We don't have any statistics yet. // stats.ps_ifdrop = 0; stats.ps_recv = 0; stats.ps_drop = 0; svrcapt = 0; // // Service requests. // for (;;) { errbuf[0] = 0; // clear errbuf // Avoid zombies connections; check if the connection is opens but no commands are performed // from more than RPCAP_TIMEOUT_RUNTIME // Conditions: // - I have to be in normal mode (no active mode) // - if the device is open, I don't have to be in the middle of a capture (session->sockdata) // - if the device is closed, I have always to check if a new command arrives // // Be carefully: the capture can have been started, but an error occurred (so session != NULL, but // sockdata is 0 if ((!pars.isactive) && (session == NULL || session->sockdata == 0)) { // Check for the initial timeout FD_ZERO(&rfds); // We do not have to block here tv.tv_sec = RPCAP_TIMEOUT_RUNTIME; tv.tv_usec = 0; FD_SET(pars.sockctrl, &rfds); #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION retval = 1; #else retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv); #endif if (retval == -1) { sock_geterror("select() failed", errmsgbuf, PCAP_ERRBUF_SIZE); if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1) rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // The timeout has expired // So, this was a fake connection. Drop it down if (retval == 0) { if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1) rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } } // // Read the message header from the client. // nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header); if (nrecv == -1) { // Fatal error. goto end; } if (nrecv == -2) { // Client closed the connection. goto end; } plen = header.plen; // // Did the client specify a protocol version that we // support? // if (!RPCAP_VERSION_IS_SUPPORTED(header.ver)) { // // Tell them it's not a supported version. // Send the error message with their version, // so they don't reject it as having the wrong // version. // if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_WRONGVER, "RPCAP version in message isn't supported by the server", errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // Discard the rest of the message. (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen); // Give up on them. goto end; } switch (header.type) { case RPCAP_MSG_ERROR: // The other endpoint reported an error { (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen); // Do nothing; just exit; the error code is already into the errbuf // XXX - actually exit.... break; } case RPCAP_MSG_FINDALLIF_REQ: { if (daemon_msg_findallif_req(header.ver, &pars, plen) == -1) { // Fatal error; a message has // been logged, so just give up. goto end; } break; } case RPCAP_MSG_OPEN_REQ: { // // Process the open request, and keep // the source from it, for use later // when the capture is started. // // XXX - we don't care if the client sends // us multiple open requests, the last // one wins. // retval = daemon_msg_open_req(header.ver, &pars, plen, source, sizeof(source)); if (retval == -1) { // Fatal error; a message has // been logged, so just give up. goto end; } got_source = 1; break; } case RPCAP_MSG_STARTCAP_REQ: { if (!got_source) { // They never told us what device // to capture on! if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_STARTCAPTURE, "No capture device was specified", errbuf) == -1) { // Fatal error; log an // error and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) { goto end; } break; } if (daemon_msg_startcap_req(header.ver, &pars, plen, source, &session, &samp_param, uses_ssl) == -1) { // Fatal error; a message has // been logged, so just give up. goto end; } break; } case RPCAP_MSG_UPDATEFILTER_REQ: { if (session) { if (daemon_msg_updatefilter_req(header.ver, &pars, session, plen) == -1) { // Fatal error; a message has // been logged, so just give up. goto end; } } else { if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_UPDATEFILTER, "Device not opened. Cannot update filter", errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } } break; } case RPCAP_MSG_CLOSE: // The other endpoint close the pcap session { // // Indicate to our caller that the client // closed the control connection. // This is used only in case of active mode. // client_told_us_to_close = 1; rpcapd_log(LOGPRIO_DEBUG, "The other end system asked to close the connection."); goto end; } case RPCAP_MSG_STATS_REQ: { if (daemon_msg_stats_req(header.ver, &pars, session, plen, &stats, svrcapt) == -1) { // Fatal error; a message has // been logged, so just give up. goto end; } break; } case RPCAP_MSG_ENDCAP_REQ: // The other endpoint close the current capture session { if (session) { // Save statistics (we can need them in the future) if (pcap_stats(session->fp, &stats)) { svrcapt = session->TotCapt; } else { stats.ps_ifdrop = 0; stats.ps_recv = 0; stats.ps_drop = 0; svrcapt = 0; } if (daemon_msg_endcap_req(header.ver, &pars, session) == -1) { free(session); session = NULL; // Fatal error; a message has // been logged, so just give up. goto end; } free(session); session = NULL; } else { rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_ENDCAPTURE, "Device not opened. Cannot close the capture", errbuf); } break; } case RPCAP_MSG_SETSAMPLING_REQ: { if (daemon_msg_setsampling_req(header.ver, &pars, plen, &samp_param) == -1) { // Fatal error; a message has // been logged, so just give up. goto end; } break; } case RPCAP_MSG_AUTH_REQ: { // // We're already authenticated; you don't // get to reauthenticate. // rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed"); if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_WRONGMSG, "RPCAP_MSG_AUTH_REQ request sent after authentication was completed", errbuf) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // Discard the rest of the message. if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) { // Fatal error. goto end; } goto end; case RPCAP_MSG_PACKET: case RPCAP_MSG_FINDALLIF_REPLY: case RPCAP_MSG_OPEN_REPLY: case RPCAP_MSG_STARTCAP_REPLY: case RPCAP_MSG_UPDATEFILTER_REPLY: case RPCAP_MSG_AUTH_REPLY: case RPCAP_MSG_STATS_REPLY: case RPCAP_MSG_ENDCAP_REPLY: case RPCAP_MSG_SETSAMPLING_REPLY: // // These are server-to-client messages. // msg_type_string = rpcap_msg_type_string(header.type); if (msg_type_string != NULL) { rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string); snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string); } else { rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type); snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type); } if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_WRONGMSG, errmsgbuf, errbuf) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // Discard the rest of the message. if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) { // Fatal error. goto end; } goto end; default: // // Unknown message type. // rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type); snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type); if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, PCAP_ERR_WRONGMSG, errbuf, errmsgbuf) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto end; } // Discard the rest of the message. if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) { // Fatal error. goto end; } goto end; } } } end: // The service loop is finishing up. // If we have a capture session running, close it. if (session) { session_close(session); free(session); session = NULL; } if (passiveClients) { free(passiveClients); } // // Finish using the SSL handle for the control socket, if we // have an SSL connection, and close the control socket. // #ifdef HAVE_OPENSSL if (ssl) { // Finish using the SSL handle for the socket. // This must be done *before* the socket is closed. ssl_finish(ssl); } #endif sock_close(sockctrl, NULL, 0); // Print message and return rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop"); return client_told_us_to_close; } /* * This handles the RPCAP_MSG_ERR message. */ static int daemon_msg_err(SOCKET sockctrl, SSL *ssl, uint32 plen) { char errbuf[PCAP_ERRBUF_SIZE]; char remote_errbuf[PCAP_ERRBUF_SIZE]; if (plen >= PCAP_ERRBUF_SIZE) { /* * Message is too long; just read as much of it as we * can into the buffer provided, and discard the rest. */ if (sock_recv(sockctrl, ssl, remote_errbuf, PCAP_ERRBUF_SIZE - 1, SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE) == -1) { // Network error. rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); return -1; } if (rpcapd_discard(sockctrl, ssl, plen - (PCAP_ERRBUF_SIZE - 1)) == -1) { // Network error. return -1; } /* * Null-terminate it. */ remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0'; } else if (plen == 0) { /* Empty error string. */ remote_errbuf[0] = '\0'; } else { if (sock_recv(sockctrl, ssl, remote_errbuf, plen, SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE) == -1) { // Network error. rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); return -1; } /* * Null-terminate it. */ remote_errbuf[plen] = '\0'; } // Log the message rpcapd_log(LOGPRIO_ERROR, "Error from client: %s", remote_errbuf); return 0; } /* * This handles the RPCAP_MSG_AUTH_REQ message. * It checks if the authentication credentials supplied by the user are valid. * * This function is called if the daemon receives a RPCAP_MSG_AUTH_REQ * message in its authentication loop. It reads the body of the * authentication message from the network and checks whether the * credentials are valid. * * \param sockctrl: the socket for the control connection. * * \param nullAuthAllowed: '1' if the NULL authentication is allowed. * * \param errbuf: a user-allocated buffer in which the error message * (if one) has to be written. It must be at least PCAP_ERRBUF_SIZE * bytes long. * * \return '0' if everything is fine, '-1' if an unrecoverable error occurred, * or '-2' if the authentication failed. For errors, an error message is * returned in the 'errbuf' variable; this gives a message for the * unrecoverable error or for the authentication failure. */ static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen) { char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client int status; struct rpcap_auth auth; // RPCAP authentication header char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered int sendbufidx = 0; // index which keeps the number of bytes currently buffered struct rpcap_authreply *authreply; // authentication reply message status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf); if (status == -1) { return -1; } if (status == -2) { goto error; } switch (ntohs(auth.type)) { case RPCAP_RMTAUTH_NULL: { if (!pars->nullAuthAllowed) { // Send the client an error reply. snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Authentication failed; NULL authentication not permitted."); if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } goto error_noreply; } break; } case RPCAP_RMTAUTH_PWD: { char *username, *passwd; uint32 usernamelen, passwdlen; usernamelen = ntohs(auth.slen1); username = (char *) malloc (usernamelen + 1); if (username == NULL) { pcap_fmt_errmsg_for_errno(errmsgbuf, PCAP_ERRBUF_SIZE, errno, "malloc() failed"); goto error; } status = rpcapd_recv(pars->sockctrl, pars->ssl, username, usernamelen, &plen, errmsgbuf); if (status == -1) { free(username); return -1; } if (status == -2) { free(username); goto error; } username[usernamelen] = '\0'; passwdlen = ntohs(auth.slen2); passwd = (char *) malloc (passwdlen + 1); if (passwd == NULL) { pcap_fmt_errmsg_for_errno(errmsgbuf, PCAP_ERRBUF_SIZE, errno, "malloc() failed"); free(username); goto error; } status = rpcapd_recv(pars->sockctrl, pars->ssl, passwd, passwdlen, &plen, errmsgbuf); if (status == -1) { free(username); free(passwd); return -1; } if (status == -2) { free(username); free(passwd); goto error; } passwd[passwdlen] = '\0'; if (daemon_AuthUserPwd(username, passwd, errmsgbuf)) { // // Authentication failed. Let the client // know. // free(username); free(passwd); if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } // // Suspend for 1 second, so that they can't // hammer us with repeated tries with an // attack such as a dictionary attack. // // WARNING: this delay is inserted only // at this point; if the client closes the // connection and reconnects, the suspension // time does not have any effect. // sleep_secs(RPCAP_SUSPEND_WRONGAUTH); goto error_noreply; } free(username); free(passwd); break; } default: snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Authentication type not recognized."); if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH_TYPE_NOTSUP, errmsgbuf, errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } goto error_noreply; } // The authentication succeeded; let the client know. if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; rpcap_createhdr((struct rpcap_header *) sendbuf, 0, RPCAP_MSG_AUTH_REPLY, 0, sizeof(struct rpcap_authreply)); authreply = (struct rpcap_authreply *) &sendbuf[sendbufidx]; if (sock_bufferize(NULL, sizeof(struct rpcap_authreply), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; // // Indicate to our peer what versions we support. // memset(authreply, 0, sizeof(struct rpcap_authreply)); authreply->minvers = RPCAP_MIN_VERSION; authreply->maxvers = RPCAP_MAX_VERSION; // Send the reply. if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } // Check if all the data has been read; if not, discard the data in excess if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) { return -1; } return 0; error: if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } error_noreply: // Check if all the data has been read; if not, discard the data in excess if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) { return -1; } return -2; } static int daemon_AuthUserPwd(char *username, char *password, char *errbuf) { #ifdef _WIN32 /* * Warning: the user which launches the process must have the * SE_TCB_NAME right. * This corresponds to have the "Act as part of the Operating System" * turned on (administrative tools, local security settings, local * policies, user right assignment) * However, it seems to me that if you run it as a service, this * right should be provided by default. * * XXX - hopefully, this returns errors such as ERROR_LOGON_FAILURE, * which merely indicates that the user name or password is * incorrect, not whether it's the user name or the password * that's incorrect, so a client that's trying to brute-force * accounts doesn't know whether it's the user name or the * password that's incorrect, so it doesn't know whether to * stop trying to log in with a given user name and move on * to another user name. */ DWORD error; HANDLE Token; char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to log if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); error = GetLastError(); if (error != ERROR_LOGON_FAILURE) { // Some error other than an authentication error; // log it. pcap_fmt_errmsg_for_win32_err(errmsgbuf, PCAP_ERRBUF_SIZE, error, "LogonUser() failed"); rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf); } return -1; } // This call should change the current thread to the selected user. // I didn't test it. if (ImpersonateLoggedOnUser(Token) == 0) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); pcap_fmt_errmsg_for_win32_err(errmsgbuf, PCAP_ERRBUF_SIZE, GetLastError(), "ImpersonateLoggedOnUser() failed"); rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf); CloseHandle(Token); return -1; } CloseHandle(Token); return 0; #else /* * See * * https://www.unixpapa.com/incnote/passwd.html * * We use the Solaris/Linux shadow password authentication if * we have getspnam(), otherwise we just do traditional * authentication, which, on some platforms, might work, even * with shadow passwords, if we're running as root. Traditional * authenticaion won't work if we're not running as root, as * I think these days all UN*Xes either won't return the password * at all with getpwnam() or will only do so if you're root. * * XXX - perhaps what we *should* be using is PAM, if we have * it. That might hide all the details of username/password * authentication, whether it's done with a visible-to-root- * only password database or some other authentication mechanism, * behind its API. */ int error; struct passwd *user; char *user_password; #ifdef HAVE_GETSPNAM struct spwd *usersp; #endif char *crypt_password; // This call is needed to get the uid if ((user = getpwnam(username)) == NULL) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); return -1; } #ifdef HAVE_GETSPNAM // This call is needed to get the password; otherwise 'x' is returned if ((usersp = getspnam(username)) == NULL) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); return -1; } user_password = usersp->sp_pwdp; #else /* * XXX - what about other platforms? * The unixpapa.com page claims this Just Works on *BSD if you're * running as root - it's from 2000, so it doesn't indicate whether * macOS (which didn't come out until 2001, under the name Mac OS * X) behaves like the *BSDs or not, and might also work on AIX. * HP-UX does something else. * * Again, hopefully PAM hides all that. */ user_password = user->pw_passwd; #endif // // The Single UNIX Specification says that if crypt() fails it // sets errno, but some implementatons that haven't been run // through the SUS test suite might not do so. // errno = 0; crypt_password = crypt(password, user_password); if (crypt_password == NULL) { error = errno; snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); if (error == 0) { // It didn't set errno. rpcapd_log(LOGPRIO_ERROR, "crypt() failed"); } else { rpcapd_log(LOGPRIO_ERROR, "crypt() failed: %s", strerror(error)); } return -1; } if (strcmp(user_password, crypt_password) != 0) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); return -1; } if (setuid(user->pw_uid)) { error = errno; pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, error, "setuid"); rpcapd_log(LOGPRIO_ERROR, "setuid() failed: %s", strerror(error)); return -1; } /* if (setgid(user->pw_gid)) { error = errno; pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, errno, "setgid"); rpcapd_log(LOGPRIO_ERROR, "setgid() failed: %s", strerror(error)); return -1; } */ return 0; #endif } /* * Make sure that the reply length won't overflow 32 bits if we add the * specified amount to it. If it won't, add that amount to it. * * We check whether replylen + itemlen > UINT32_MAX, but subtract itemlen * from both sides, to prevent overflow. */ #define CHECK_AND_INCREASE_REPLY_LEN(itemlen) \ if (replylen > UINT32_MAX - (itemlen)) { \ pcap_strlcpy(errmsgbuf, "Reply length doesn't fit in 32 bits", \ sizeof (errmsgbuf)); \ goto error; \ } \ replylen += (uint32)(itemlen) static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen) { char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered int sendbufidx = 0; // index which keeps the number of bytes currently buffered pcap_if_t *alldevs = NULL; // pointer to the header of the interface chain pcap_if_t *d; // temp pointer needed to scan the interface chain struct pcap_addr *address; // pcap structure that keeps a network address of an interface struct rpcap_findalldevs_if *findalldevs_if;// rpcap structure that packet all the data of an interface together uint32 replylen; // length of reply payload uint16 nif = 0; // counts the number of interface listed // Discard the rest of the message; there shouldn't be any payload. if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) { // Network error. return -1; } // Retrieve the device list if (pcap_findalldevs(&alldevs, errmsgbuf) == -1) goto error; if (alldevs == NULL) { if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_NOREMOTEIF, "No interfaces found! Make sure libpcap/WinPcap is properly installed" " and you have the right to access to the remote device.", errbuf) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } return 0; } // This checks the number of interfaces and computes the total // length of the payload. replylen = 0; for (d = alldevs; d != NULL; d = d->next) { nif++; if (d->description) { size_t stringlen = strlen(d->description); if (stringlen > UINT16_MAX) { pcap_strlcpy(errmsgbuf, "Description length doesn't fit in 16 bits", sizeof (errmsgbuf)); goto error; } CHECK_AND_INCREASE_REPLY_LEN(stringlen); } if (d->name) { size_t stringlen = strlen(d->name); if (stringlen > UINT16_MAX) { pcap_strlcpy(errmsgbuf, "Name length doesn't fit in 16 bits", sizeof (errmsgbuf)); goto error; } CHECK_AND_INCREASE_REPLY_LEN(stringlen); } CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_findalldevs_if)); uint16_t naddrs = 0; for (address = d->addresses; address != NULL; address = address->next) { /* * Send only IPv4 and IPv6 addresses over the wire. */ switch (address->addr->sa_family) { case AF_INET: #ifdef AF_INET6 case AF_INET6: #endif CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_sockaddr) * 4); if (naddrs == UINT16_MAX) { pcap_strlcpy(errmsgbuf, "Number of interfaces doesn't fit in 16 bits", sizeof (errmsgbuf)); goto error; } naddrs++; break; default: break; } } } // RPCAP findalldevs reply if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; rpcap_createhdr((struct rpcap_header *) sendbuf, ver, RPCAP_MSG_FINDALLIF_REPLY, nif, replylen); // send the interface list for (d = alldevs; d != NULL; d = d->next) { uint16 lname, ldescr; findalldevs_if = (struct rpcap_findalldevs_if *) &sendbuf[sendbufidx]; if (sock_bufferize(NULL, sizeof(struct rpcap_findalldevs_if), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; memset(findalldevs_if, 0, sizeof(struct rpcap_findalldevs_if)); /* * We've already established that the string lengths * fit in 16 bits. */ if (d->description) ldescr = (uint16) strlen(d->description); else ldescr = 0; if (d->name) lname = (uint16) strlen(d->name); else lname = 0; findalldevs_if->desclen = htons(ldescr); findalldevs_if->namelen = htons(lname); findalldevs_if->flags = htonl(d->flags); for (address = d->addresses; address != NULL; address = address->next) { /* * Send only IPv4 and IPv6 addresses over the wire. */ switch (address->addr->sa_family) { case AF_INET: #ifdef AF_INET6 case AF_INET6: #endif findalldevs_if->naddr++; break; default: break; } } findalldevs_if->naddr = htons(findalldevs_if->naddr); if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; if (sock_bufferize(d->description, ldescr, sendbuf, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; // send all addresses for (address = d->addresses; address != NULL; address = address->next) { struct rpcap_sockaddr *sockaddr; /* * Send only IPv4 and IPv6 addresses over the wire. */ switch (address->addr->sa_family) { case AF_INET: #ifdef AF_INET6 case AF_INET6: #endif sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx]; if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; daemon_seraddr((struct sockaddr_storage *) address->addr, sockaddr); sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx]; if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; daemon_seraddr((struct sockaddr_storage *) address->netmask, sockaddr); sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx]; if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; daemon_seraddr((struct sockaddr_storage *) address->broadaddr, sockaddr); sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx]; if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; daemon_seraddr((struct sockaddr_storage *) address->dstaddr, sockaddr); break; default: break; } } } // We no longer need the device list. Free it. pcap_freealldevs(alldevs); // Send a final command that says "now send it!" if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } return 0; error: if (alldevs) pcap_freealldevs(alldevs); if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } return 0; } /* \param plen: the length of the current message (needed in order to be able to discard excess data in the message, if present) */ static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, char *source, size_t sourcelen) { char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client pcap_t *fp; // pcap_t main variable int nread; char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered int sendbufidx = 0; // index which keeps the number of bytes currently buffered struct rpcap_openreply *openreply; // open reply message if (plen > sourcelen - 1) { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long"); goto error; } nread = sock_recv(pars->sockctrl, pars->ssl, source, plen, SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE); if (nread == -1) { rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); return -1; } source[nread] = '\0'; plen -= nread; // Is this a URL rather than a device? // If so, reject it. if (is_url(source)) { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string refers to a remote device"); goto error; } // Open the selected device // This is a fake open, since we do that only to get the needed parameters, then we close the device again if ((fp = pcap_open_live(source, 1500 /* fake snaplen */, 0 /* no promis */, 1000 /* fake timeout */, errmsgbuf)) == NULL) goto error; // Now, I can send a RPCAP open reply message if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; rpcap_createhdr((struct rpcap_header *) sendbuf, ver, RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply)); openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx]; if (sock_bufferize(NULL, sizeof(struct rpcap_openreply), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; memset(openreply, 0, sizeof(struct rpcap_openreply)); openreply->linktype = htonl(pcap_datalink(fp)); /* * This is always 0 for live captures; we no longer support it * as something we read from capture files and supply to * clients, but we have to send it over the wire, as open * replies are expected to have 8 bytes of payload by * existing clients. */ openreply->tzoff = 0; // We're done with the pcap_t. pcap_close(fp); // Send the reply. if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } return 0; error: if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_OPEN, errmsgbuf, errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } // Check if all the data has been read; if not, discard the data in excess if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) { return -1; } return 0; } /* \param plen: the length of the current message (needed in order to be able to discard excess data in the message, if present) */ static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, char *source, struct session **sessionp, struct rpcap_sampling *samp_param _U_, int uses_ssl) { char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client char portdata[PCAP_BUF_SIZE]; // temp variable needed to derive the data port char peerhost[PCAP_BUF_SIZE]; // temp variable needed to derive the host name of our peer struct session *session = NULL; // saves state of session int status; char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered int sendbufidx = 0; // index which keeps the number of bytes currently buffered // socket-related variables struct addrinfo hints; // temp, needed to open a socket connection struct addrinfo *addrinfo; // temp, needed to open a socket connection struct sockaddr_storage saddr; // temp, needed to retrieve the network data port chosen on the local machine socklen_t saddrlen; // temp, needed to retrieve the network data port chosen on the local machine int ret; // return value from functions // RPCAP-related variables struct rpcap_startcapreq startcapreq; // start capture request message struct rpcap_startcapreply *startcapreply; // start capture reply message int serveropen_dp; // keeps who is going to open the data connection addrinfo = NULL; status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &startcapreq, sizeof(struct rpcap_startcapreq), &plen, errmsgbuf); if (status == -1) { goto fatal_error; } if (status == -2) { goto error; } startcapreq.flags = ntohs(startcapreq.flags); // Check that the client does not ask for UDP is the server has been asked // to enforce encryption, as SSL is not supported yet with UDP: if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM)) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "SSL not supported with UDP forward of remote packets"); goto error; } // Create a session structure session = malloc(sizeof(struct session)); if (session == NULL) { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure"); goto error; } session->sockdata = INVALID_SOCKET; session->ctrl_ssl = session->data_ssl = NULL; // We don't have a thread yet. session->have_thread = 0; // // We *shouldn't* have to initialize the thread indicator // itself, because the compiler *should* realize that we // only use this if have_thread isn't 0, but we *do* have // to do it, because not all compilers *do* realize that. // // There is no "invalid thread handle" value for a UN*X // pthread_t, so we just zero it out. // #ifdef _WIN32 session->thread = INVALID_HANDLE_VALUE; #else memset(&session->thread, 0, sizeof(session->thread)); #endif // Open the selected device if ((session->fp = pcap_open_live(source, ntohl(startcapreq.snaplen), (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_PROMISC) ? 1 : 0 /* local device, other flags not needed */, ntohl(startcapreq.read_timeout), errmsgbuf)) == NULL) goto error; #if 0 // Apply sampling parameters fp->rmt_samp.method = samp_param->method; fp->rmt_samp.value = samp_param->value; #endif /* We're in active mode if: - we're using TCP, and the user wants us to be in active mode - we're using UDP */ serveropen_dp = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_SERVEROPEN) || (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) || pars->isactive; /* Gets the sockaddr structure referred to the other peer in the ctrl connection We need that because: - if we're in passive mode, we need to know the address family we want to use (the same used for the ctrl socket) - if we're in active mode, we need to know the network address of the other host we want to connect to */ saddrlen = sizeof(struct sockaddr_storage); if (getpeername(pars->sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1) { sock_geterror("getpeername()", errmsgbuf, PCAP_ERRBUF_SIZE); goto error; } memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_socktype = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) ? SOCK_DGRAM : SOCK_STREAM; hints.ai_family = saddr.ss_family; // Now we have to create a new socket to send packets if (serveropen_dp) // Data connection is opened by the server toward the client { snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata)); // Get the name of the other peer (needed to connect to that specific network address) if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost, sizeof(peerhost), NULL, 0, NI_NUMERICHOST)) { sock_geterror("getnameinfo()", errmsgbuf, PCAP_ERRBUF_SIZE); goto error; } if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) goto error; } else // Data connection is opened by the client toward the server { hints.ai_flags = AI_PASSIVE; // Let's the server socket pick up a free network port for us if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) goto error; // get the complete sockaddr structure used in the data connection saddrlen = sizeof(struct sockaddr_storage); if (getsockname(session->sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1) { sock_geterror("getsockname()", errmsgbuf, PCAP_ERRBUF_SIZE); goto error; } // Get the local port the system picked up if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL, 0, portdata, sizeof(portdata), NI_NUMERICSERV)) { sock_geterror("getnameinfo()", errmsgbuf, PCAP_ERRBUF_SIZE); goto error; } } // addrinfo is no longer used freeaddrinfo(addrinfo); addrinfo = NULL; // Needed to send an error on the ctrl connection session->sockctrl = pars->sockctrl; session->ctrl_ssl = pars->ssl; session->protocol_version = ver; // Now I can set the filter ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf); if (ret == -1) { // Fatal error. A message has been logged; just give up. goto fatal_error; } if (ret == -2) { // Non-fatal error. Send an error message to the client. goto error; } // Now, I can send a RPCAP start capture reply message if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; rpcap_createhdr((struct rpcap_header *) sendbuf, ver, RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply)); startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx]; if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreply), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; memset(startcapreply, 0, sizeof(struct rpcap_startcapreply)); startcapreply->bufsize = htonl(pcap_bufsize(session->fp)); if (!serveropen_dp) { unsigned short port = (unsigned short)strtoul(portdata,NULL,10); startcapreply->portdata = htons(port); } if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); goto fatal_error; } if (!serveropen_dp) { SOCKET socktemp; // We need another socket, since we're going to accept() a connection // Connection creation saddrlen = sizeof(struct sockaddr_storage); socktemp = accept(session->sockdata, (struct sockaddr *) &saddr, &saddrlen); if (socktemp == INVALID_SOCKET) { sock_geterror("accept()", errbuf, PCAP_ERRBUF_SIZE); rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s", errbuf); goto error; } // Now that I accepted the connection, the server socket is no longer needed sock_close(session->sockdata, NULL, 0); session->sockdata = socktemp; } SSL *ssl = NULL; if (uses_ssl) { #ifdef HAVE_OPENSSL /* In both active or passive cases, wait for the client to initiate the * TLS handshake. Yes during that time the control socket will not be * served, but the same was true from the above call to accept(). */ ssl = ssl_promotion(1, session->sockdata, errbuf, PCAP_ERRBUF_SIZE); if (! ssl) { rpcapd_log(LOGPRIO_ERROR, "TLS handshake failed: %s", errbuf); goto error; } #endif } session->data_ssl = ssl; // Now we have to create a new thread to receive packets #ifdef _WIN32 session->thread = (HANDLE)_beginthreadex(NULL, 0, daemon_thrdatamain, (void *) session, 0, NULL); if (session->thread == 0) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread"); goto error; } #else ret = pthread_create(&session->thread, NULL, daemon_thrdatamain, (void *) session); if (ret != 0) { pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, ret, "Error creating the data thread"); goto error; } #endif session->have_thread = 1; // Check if all the data has been read; if not, discard the data in excess if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) goto fatal_error; *sessionp = session; return 0; error: // // Not a fatal error, so send the client an error message and // keep serving client requests. // *sessionp = NULL; if (addrinfo) freeaddrinfo(addrinfo); if (session) { session_close(session); free(session); } if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } // Check if all the data has been read; if not, discard the data in excess if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) { // Network error. return -1; } return 0; fatal_error: // // Fatal network error, so don't try to communicate with // the client, just give up. // *sessionp = NULL; if (session) { session_close(session); free(session); } return -1; } static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars, struct session *session) { char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors struct rpcap_header header; session_close(session); rpcap_createhdr(&header, ver, RPCAP_MSG_ENDCAP_REPLY, 0, 0); if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } return 0; } // // We impose a limit on the filter program size, so that, on Windows, // where there's only one server process with multiple threads, it's // harder to eat all the server address space by sending larger filter // programs. (This isn't an issue on UN*X, where there are multiple // server processes, one per client connection.) // // We pick a value that limits each filter to 64K; that value is twice // the in-kernel limit for Linux and 16 times the in-kernel limit for // *BSD and macOS. // // It also prevents an overflow on 32-bit platforms when calculating // the total size of the filter program. (It's not an issue on 64-bit // platforms with a 64-bit size_t, as the filter size is 32 bits.) // #define RPCAP_BPF_MAXINSNS 8192 static int daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf) { int status; struct rpcap_filter filter; struct rpcap_filterbpf_insn insn; struct bpf_insn *bf_insn; struct bpf_program bf_prog; unsigned int i; status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &filter, sizeof(struct rpcap_filter), plenp, errmsgbuf); if (status == -1) { return -1; } if (status == -2) { return -2; } bf_prog.bf_len = ntohl(filter.nitems); if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF) { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported"); return -2; } if (bf_prog.bf_len > RPCAP_BPF_MAXINSNS) { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Filter program is larger than the maximum size of %u instructions", RPCAP_BPF_MAXINSNS); return -2; } bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len); if (bf_insn == NULL) { pcap_fmt_errmsg_for_errno(errmsgbuf, PCAP_ERRBUF_SIZE, errno, "malloc() failed"); return -2; } bf_prog.bf_insns = bf_insn; for (i = 0; i < bf_prog.bf_len; i++) { status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &insn, sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf); if (status == -1) { return -1; } if (status == -2) { return -2; } bf_insn->code = ntohs(insn.code); bf_insn->jf = insn.jf; bf_insn->jt = insn.jt; bf_insn->k = ntohl(insn.k); bf_insn++; } // // XXX - pcap_setfilter() should do the validation for us. // if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0) { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions"); return -2; } if (pcap_setfilter(session->fp, &bf_prog)) { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp)); return -2; } return 0; } static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars, struct session *session, uint32 plen) { char errbuf[PCAP_ERRBUF_SIZE]; char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client int ret; // status of daemon_unpackapplyfilter() struct rpcap_header header; // keeps the answer to the updatefilter command ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf); if (ret == -1) { // Fatal error. A message has been logged; just give up. return -1; } if (ret == -2) { // Non-fatal error. Send an error reply to the client. goto error; } // Check if all the data has been read; if not, discard the data in excess if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) { // Network error. return -1; } // A response is needed, otherwise the other host does not know that everything went well rpcap_createhdr(&header, ver, RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0); if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), pcap_geterr(session->fp), PCAP_ERRBUF_SIZE)) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } return 0; error: if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) { return -1; } rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_UPDATEFILTER, errmsgbuf, NULL); return 0; } /*! \brief Received the sampling parameters from remote host and it stores in the pcap_t structure. */ static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, struct rpcap_sampling *samp_param) { char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors char errmsgbuf[PCAP_ERRBUF_SIZE]; struct rpcap_header header; struct rpcap_sampling rpcap_samp; int status; status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &rpcap_samp, sizeof(struct rpcap_sampling), &plen, errmsgbuf); if (status == -1) { return -1; } if (status == -2) { goto error; } // Save these settings in the pcap_t samp_param->method = rpcap_samp.method; samp_param->value = ntohl(rpcap_samp.value); // A response is needed, otherwise the other host does not know that everything went well rpcap_createhdr(&header, ver, RPCAP_MSG_SETSAMPLING_REPLY, 0, 0); if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) { return -1; } return 0; error: if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_SETSAMPLING, errmsgbuf, errbuf) == -1) { // That failed; log a message and give up. rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } // Check if all the data has been read; if not, discard the data in excess if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) { return -1; } return 0; } static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars, struct session *session, uint32 plen, struct pcap_stat *stats, unsigned int svrcapt) { char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered int sendbufidx = 0; // index which keeps the number of bytes currently buffered struct rpcap_stats *netstats; // statistics sent on the network // Checks that the header does not contain other data; if so, discard it if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) { // Network error. return -1; } if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; rpcap_createhdr((struct rpcap_header *) sendbuf, ver, RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats)); netstats = (struct rpcap_stats *) &sendbuf[sendbufidx]; if (sock_bufferize(NULL, sizeof(struct rpcap_stats), NULL, &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) goto error; if (session && session->fp) { if (pcap_stats(session->fp, stats) == -1) { snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp)); goto error; } netstats->ifdrop = htonl(stats->ps_ifdrop); netstats->ifrecv = htonl(stats->ps_recv); netstats->krnldrop = htonl(stats->ps_drop); netstats->svrcapt = htonl(session->TotCapt); } else { // We have to keep compatibility with old applications, // which ask for statistics also when the capture has // already stopped. netstats->ifdrop = htonl(stats->ps_ifdrop); netstats->ifrecv = htonl(stats->ps_recv); netstats->krnldrop = htonl(stats->ps_drop); netstats->svrcapt = htonl(svrcapt); } // Send the packet if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1) { rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); return -1; } return 0; error: rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_GETSTATS, errmsgbuf, NULL); return 0; } #ifdef _WIN32 static unsigned __stdcall #else static void * #endif daemon_thrdatamain(void *ptr) { char errbuf[PCAP_ERRBUF_SIZE + 1]; // error buffer struct session *session; // pointer to the struct session for this session int retval; // general variable used to keep the return value of other functions struct rpcap_pkthdr *net_pkt_header;// header of the packet struct pcap_pkthdr *pkt_header; // pointer to the buffer that contains the header of the current packet u_char *pkt_data; // pointer to the buffer that contains the current packet size_t sendbufsize; // size for the send buffer char *sendbuf; // temporary buffer in which data to be sent is buffered int sendbufidx; // index which keeps the number of bytes currently buffered int status; #ifndef _WIN32 sigset_t sigusr1; // signal set with just SIGUSR1 #endif session = (struct session *) ptr; session->TotCapt = 0; // counter which is incremented each time a packet is received // Initialize errbuf memset(errbuf, 0, sizeof(errbuf)); // // We need a buffer large enough to hold a buffer large enough // for a maximum-size packet for this pcap_t. // if (pcap_snapshot(session->fp) < 0) { // // The snapshot length is negative. // This "should not happen". // rpcapd_log(LOGPRIO_ERROR, "Unable to allocate the buffer for this child thread: snapshot length of %d is negative", pcap_snapshot(session->fp)); sendbuf = NULL; // we can't allocate a buffer, so nothing to free goto error; } // // size_t is unsigned, and the result of pcap_snapshot() is signed; // on no platform that we support is int larger than size_t. // This means that, unless the extra information we prepend to // a maximum-sized packet is impossibly large, the sum of the // snapshot length and the size of that extra information will // fit in a size_t. // // So we don't need to make sure that sendbufsize will overflow. // // However, we *do* need to make sure its value fits in an int, // because sock_send() can't send more than INT_MAX bytes (it could // do so on 64-bit UN*Xes, but can't do so on Windows, not even // 64-bit Windows, as the send() buffer size argument is an int // in Winsock). // sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp); if (sendbufsize > INT_MAX) { rpcapd_log(LOGPRIO_ERROR, "Buffer size for this child thread would be larger than %d", INT_MAX); sendbuf = NULL; // we haven't allocated a buffer, so nothing to free goto error; } sendbuf = (char *) malloc (sendbufsize); if (sendbuf == NULL) { rpcapd_log(LOGPRIO_ERROR, "Unable to allocate the buffer for this child thread"); goto error; } #ifndef _WIN32 // // Set the signal set to include just SIGUSR1, and block that // signal; we only want it unblocked when we're reading // packets - we dn't want any other system calls, such as // ones being used to send to the client or to log messages, // to be interrupted. // sigemptyset(&sigusr1); sigaddset(&sigusr1, SIGUSR1); pthread_sigmask(SIG_BLOCK, &sigusr1, NULL); #endif // Retrieve the packets for (;;) { #ifndef _WIN32 // // Unblock SIGUSR1 while we might be waiting for packets. // pthread_sigmask(SIG_UNBLOCK, &sigusr1, NULL); #endif retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data); // cast to avoid a compiler warning #ifndef _WIN32 // // Now block it again. // pthread_sigmask(SIG_BLOCK, &sigusr1, NULL); #endif if (retval < 0) break; // error if (retval == 0) // Read timeout elapsed continue; sendbufidx = 0; // Bufferize the general header if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1) { rpcapd_log(LOGPRIO_ERROR, "sock_bufferize() error sending packet message: %s", errbuf); goto error; } rpcap_createhdr((struct rpcap_header *) sendbuf, session->protocol_version, RPCAP_MSG_PACKET, 0, (uint16) (sizeof(struct rpcap_pkthdr) + pkt_header->caplen)); net_pkt_header = (struct rpcap_pkthdr *) &sendbuf[sendbufidx]; // Bufferize the pkt header if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL, &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1) { rpcapd_log(LOGPRIO_ERROR, "sock_bufferize() error sending packet message: %s", errbuf); goto error; } net_pkt_header->caplen = htonl(pkt_header->caplen); net_pkt_header->len = htonl(pkt_header->len); net_pkt_header->npkt = htonl(++(session->TotCapt)); // // This protocol needs to be updated with a new version // before 2038-01-19 03:14:07 UTC. // net_pkt_header->timestamp_sec = htonl((uint32)pkt_header->ts.tv_sec); net_pkt_header->timestamp_usec = htonl((uint32)pkt_header->ts.tv_usec); // Bufferize the pkt data if (sock_bufferize((char *) pkt_data, pkt_header->caplen, sendbuf, &sendbufidx, (int)sendbufsize, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE) == -1) { rpcapd_log(LOGPRIO_ERROR, "sock_bufferize() error sending packet message: %s", errbuf); goto error; } // Send the packet // If the client dropped the connection, don't report an // error, just quit. status = sock_send(session->sockdata, session->data_ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE); if (status < 0) { if (status == -1) { // // Error other than "client closed the // connection out from under us"; report // it. // rpcapd_log(LOGPRIO_ERROR, "Send of packet to client failed: %s", errbuf); } // // Give up in either case. // goto error; } } if (retval < 0 && retval != PCAP_ERROR_BREAK) { // // Failed with an error other than "we were told to break // out of the loop". // // The latter just means that the client told us to stop // capturing, so there's no error to report. // snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp)); rpcap_senderror(session->sockctrl, session->ctrl_ssl, session->protocol_version, PCAP_ERR_READEX, errbuf, NULL); } error: // // The main thread will clean up the session structure. // free(sendbuf); return 0; } #ifndef _WIN32 // // Do-nothing handler for SIGUSR1; the sole purpose of SIGUSR1 is to // interrupt the data thread if it's blocked in a system call waiting // for packets to arrive. // static void noop_handler(int sign _U_) { } #endif /*! \brief It serializes a network address. It accepts a 'sockaddr_storage' structure as input, and it converts it appropriately into a format that can be used to be sent on the network. Basically, it applies all the hton() conversion required to the input variable. \param sockaddrin a 'sockaddr_storage' pointer to the variable that has to be serialized. This variable can be both a 'sockaddr_in' and 'sockaddr_in6'. \param sockaddrout an 'rpcap_sockaddr' pointer to the variable that will contain the serialized data. This variable has to be allocated by the user. \warning This function supports only AF_INET and AF_INET6 address families. */ static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout) { memset(sockaddrout, 0, sizeof(struct sockaddr_storage)); // There can be the case in which the sockaddrin is not available if (sockaddrin == NULL) return; // Warning: we support only AF_INET and AF_INET6 switch (sockaddrin->ss_family) { case AF_INET: { struct sockaddr_in *sockaddrin_ipv4; struct rpcap_sockaddr_in *sockaddrout_ipv4; sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin; sockaddrout_ipv4 = (struct rpcap_sockaddr_in *) sockaddrout; sockaddrout_ipv4->family = htons(RPCAP_AF_INET); sockaddrout_ipv4->port = htons(sockaddrin_ipv4->sin_port); memcpy(&sockaddrout_ipv4->addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4->addr)); memset(sockaddrout_ipv4->zero, 0, sizeof(sockaddrout_ipv4->zero)); break; } #ifdef AF_INET6 case AF_INET6: { struct sockaddr_in6 *sockaddrin_ipv6; struct rpcap_sockaddr_in6 *sockaddrout_ipv6; sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin; sockaddrout_ipv6 = (struct rpcap_sockaddr_in6 *) sockaddrout; sockaddrout_ipv6->family = htons(RPCAP_AF_INET6); sockaddrout_ipv6->port = htons(sockaddrin_ipv6->sin6_port); sockaddrout_ipv6->flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo); memcpy(&sockaddrout_ipv6->addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6->addr)); sockaddrout_ipv6->scope_id = htonl(sockaddrin_ipv6->sin6_scope_id); break; } #endif } } /*! \brief Suspends a thread for secs seconds. */ void sleep_secs(int secs) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION #ifdef _WIN32 Sleep(secs*1000); #else unsigned secs_remaining; if (secs <= 0) return; secs_remaining = secs; while (secs_remaining != 0) secs_remaining = sleep(secs_remaining); #endif #endif } /* * Read the header of a message. */ static int rpcapd_recv_msg_header(SOCKET sock, SSL *ssl, struct rpcap_header *headerp) { int nread; char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors nread = sock_recv(sock, ssl, (char *) headerp, sizeof(struct rpcap_header), SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, errbuf, PCAP_ERRBUF_SIZE); if (nread == -1) { // Network error. rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); return -1; } if (nread == 0) { // Immediate EOF; that's treated like a close message. return -2; } headerp->plen = ntohl(headerp->plen); return 0; } /* * Read data from a message. * If we're trying to read more data that remains, puts an error * message into errmsgbuf and returns -2. Otherwise, tries to read * the data and, if that succeeds, subtracts the amount read from * the number of bytes of data that remains. * Returns 0 on success, logs a message and returns -1 on a network * error. */ static int rpcapd_recv(SOCKET sock, SSL *ssl, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf) { int nread; char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors if (toread > *plen) { // Tell the client and continue. snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short"); return -2; } nread = sock_recv(sock, ssl, buffer, toread, SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE); if (nread == -1) { rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); return -1; } *plen -= nread; return 0; } /* * Discard data from a connection. * Mostly used to discard wrong-sized messages. * Returns 0 on success, logs a message and returns -1 on a network * error. */ static int rpcapd_discard(SOCKET sock, SSL *ssl, uint32 len) { char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed if (len != 0) { if (sock_discard(sock, ssl, len, errbuf, PCAP_ERRBUF_SIZE) == -1) { // Network error. rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); return -1; } } return 0; } // // Shut down any packet-capture thread associated with the session, // close the SSL handle for the data socket if we have one, close // the data socket if we have one, and close the underlying packet // capture handle if we have one. // // We do not, of course, touch the controlling socket that's also // copied into the session, as the service loop might still use it. // static void session_close(struct session *session) { if (session->have_thread) { // // Tell the data connection thread main capture loop to // break out of that loop. // // This may be sufficient to wake up a blocked thread, // but it's not guaranteed to be sufficient. // pcap_breakloop(session->fp); #ifdef _WIN32 // // Set the event on which a read would block, so that, // if it's currently blocked waiting for packets to // arrive, it'll wake up, so it can see the "break // out of the loop" indication. (pcap_breakloop() // might do this, but older versions don't. Setting // it twice should, at worst, cause an extra wakeup, // which shouldn't be a problem.) // // XXX - what about modules other than NPF? // SetEvent(pcap_getevent(session->fp)); // // Wait for the thread to exit, so we don't close // sockets out from under it. // // XXX - have a timeout, so we don't wait forever? // WaitForSingleObject(session->thread, INFINITE); // // Release the thread handle, as we're done with // it. // CloseHandle(session->thread); session->have_thread = 0; session->thread = INVALID_HANDLE_VALUE; #else // // Send a SIGUSR1 signal to the thread, so that, if // it's currently blocked waiting for packets to arrive, // it'll wake up (we've turned off SA_RESTART for // SIGUSR1, so that the system call in which it's blocked // should return EINTR rather than restarting). // pthread_kill(session->thread, SIGUSR1); // // Wait for the thread to exit, so we don't close // sockets out from under it. // // XXX - have a timeout, so we don't wait forever? // pthread_join(session->thread, NULL); session->have_thread = 0; memset(&session->thread, 0, sizeof(session->thread)); #endif } #ifdef HAVE_OPENSSL if (session->data_ssl) { // Finish using the SSL handle for the socket. // This must be done *before* the socket is closed. ssl_finish(session->data_ssl); session->data_ssl = NULL; } #endif if (session->sockdata != INVALID_SOCKET) { sock_close(session->sockdata, NULL, 0); session->sockdata = INVALID_SOCKET; } if (session->fp) { pcap_close(session->fp); session->fp = NULL; } } // // Check whether a capture source string is a URL or not. // This includes URLs that refer to a local device; a scheme, followed // by ://, followed by *another* scheme and ://, is just silly, and // anybody who supplies that will get an error. // static int is_url(const char *source) { char *colonp; /* * RFC 3986 says: * * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ] * * hier-part = "//" authority path-abempty * / path-absolute * / path-rootless * / path-empty * * authority = [ userinfo "@" ] host [ ":" port ] * * userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) * * Step 1: look for the ":" at the end of the scheme. * A colon in the source is *NOT* sufficient to indicate that * this is a URL, as interface names on some platforms might * include colons (e.g., I think some Solaris interfaces * might). */ colonp = strchr(source, ':'); if (colonp == NULL) { /* * The source is the device to open. It's not a URL. */ return (0); } /* * All schemes must have "//" after them, i.e. we only support * hier-part = "//" authority path-abempty, not * hier-part = path-absolute * hier-part = path-rootless * hier-part = path-empty * * We need that in order to distinguish between a local device * name that happens to contain a colon and a URI. */ if (strncmp(colonp + 1, "//", 2) != 0) { /* * The source is the device to open. It's not a URL. */ return (0); } /* * It's a URL. */ return (1); }