xref: /freebsd/contrib/libpcap/pcap-rpcap.c (revision 2e3f49888ec8851bafb22011533217487764fdb0)
1 /*
2  * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
3  * Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16  * nor the names of its contributors may be used to endorse or promote
17  * products derived from this software without specific prior written
18  * permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  *
32  */
33 
34 #ifdef HAVE_CONFIG_H
35 #include <config.h>
36 #endif
37 
38 #include "ftmacros.h"
39 #include "diag-control.h"
40 
41 #include <string.h>		/* for strlen(), ... */
42 #include <stdlib.h>		/* for malloc(), free(), ... */
43 #include <stdarg.h>		/* for functions with variable number of arguments */
44 #include <errno.h>		/* for the errno variable */
45 #include <limits.h>		/* for INT_MAX */
46 #include "sockutils.h"
47 #include "pcap-int.h"
48 #include "pcap-util.h"
49 #include "rpcap-protocol.h"
50 #include "pcap-rpcap.h"
51 
52 #ifdef _WIN32
53 #include "charconv.h"		/* for utf_8_to_acp_truncated() */
54 #endif
55 
56 #ifdef HAVE_OPENSSL
57 #include "sslutils.h"
58 #endif
59 
60 /*
61  * This file contains the pcap module for capturing from a remote machine's
62  * interfaces using the RPCAP protocol.
63  *
64  * WARNING: All the RPCAP functions that are allowed to return a buffer
65  * containing the error description can return max PCAP_ERRBUF_SIZE characters.
66  * However there is no guarantees that the string will be zero-terminated.
67  * Best practice is to define the errbuf variable as a char of size
68  * 'PCAP_ERRBUF_SIZE+1' and to insert manually a NULL character at the end
69  * of the buffer. This will guarantee that no buffer overflows occur even
70  * if we use the printf() to show the error on the screen.
71  *
72  * XXX - actually, null-terminating the error string is part of the
73  * contract for the pcap API; if there's any place in the pcap code
74  * that doesn't guarantee null-termination, even at the expense of
75  * cutting the message short, that's a bug and needs to be fixed.
76  */
77 
78 #define PCAP_STATS_STANDARD	0	/* Used by pcap_stats_rpcap to see if we want standard or extended statistics */
79 #ifdef _WIN32
80 #define PCAP_STATS_EX		1	/* Used by pcap_stats_rpcap to see if we want standard or extended statistics */
81 #endif
82 
83 /*
84  * \brief Keeps a list of all the opened connections in the active mode.
85  *
86  * This structure defines a linked list of items that are needed to keep the info required to
87  * manage the active mode.
88  * In other words, when a new connection in active mode starts, this structure is updated so that
89  * it reflects the list of active mode connections currently opened.
90  * This structure is required by findalldevs() and open_remote() to see if they have to open a new
91  * control connection toward the host, or they already have a control connection in place.
92  */
93 struct activehosts
94 {
95 	struct sockaddr_storage host;
96 	SOCKET sockctrl;
97 	SSL *ssl;
98 	uint8 protocol_version;
99 	int byte_swapped;
100 	struct activehosts *next;
101 };
102 
103 /* Keeps a list of all the opened connections in the active mode. */
104 static struct activehosts *activeHosts;
105 
106 /*
107  * Keeps the main socket identifier when we want to accept a new remote
108  * connection (active mode only).
109  * See the documentation of pcap_remoteact_accept() and
110  * pcap_remoteact_cleanup() for more details.
111  */
112 static SOCKET sockmain;
113 static SSL *ssl_main;
114 
115 /*
116  * Private data for capturing remotely using the rpcap protocol.
117  */
118 struct pcap_rpcap {
119 	/*
120 	 * This is '1' if we're the network client; it is needed by several
121 	 * functions (such as pcap_setfilter()) to know whether they have
122 	 * to use the socket or have to open the local adapter.
123 	 */
124 	int rmt_clientside;
125 
126 	SOCKET rmt_sockctrl;		/* socket ID of the socket used for the control connection */
127 	SOCKET rmt_sockdata;		/* socket ID of the socket used for the data connection */
128 	SSL *ctrl_ssl, *data_ssl;	/* optional transport of rmt_sockctrl and rmt_sockdata via TLS */
129 	int rmt_flags;			/* we have to save flags, since they are passed by the pcap_open_live(), but they are used by the pcap_startcapture() */
130 	int rmt_capstarted;		/* 'true' if the capture is already started (needed to knoe if we have to call the pcap_startcapture() */
131 	char *currentfilter;		/* Pointer to a buffer (allocated at run-time) that stores the current filter. Needed when flag PCAP_OPENFLAG_NOCAPTURE_RPCAP is turned on. */
132 
133 	uint8 protocol_version;		/* negotiated protocol version */
134 	uint8 uses_ssl;				/* User asked for rpcaps scheme */
135 	int byte_swapped;		/* Server byte order is swapped from ours */
136 
137 	unsigned int TotNetDrops;	/* keeps the number of packets that have been dropped by the network */
138 
139 	/*
140 	 * This keeps the number of packets that have been received by the
141 	 * application.
142 	 *
143 	 * Packets dropped by the kernel buffer are not counted in this
144 	 * variable. It is always equal to (TotAccepted - TotDrops),
145 	 * except for the case of remote capture, in which we have also
146 	 * packets in flight, i.e. that have been transmitted by the remote
147 	 * host, but that have not been received (yet) from the client.
148 	 * In this case, (TotAccepted - TotDrops - TotNetDrops) gives a
149 	 * wrong result, since this number does not corresponds always to
150 	 * the number of packet received by the application. For this reason,
151 	 * in the remote capture we need another variable that takes into
152 	 * account of the number of packets actually received by the
153 	 * application.
154 	 */
155 	unsigned int TotCapt;
156 
157 	struct pcap_stat stat;
158 	/* XXX */
159 	struct pcap *next;		/* list of open pcaps that need stuff cleared on close */
160 };
161 
162 /****************************************************
163  *                                                  *
164  * Locally defined functions                        *
165  *                                                  *
166  ****************************************************/
167 static struct pcap_stat *rpcap_stats_rpcap(pcap_t *p, struct pcap_stat *ps, int mode);
168 static int pcap_pack_bpffilter(pcap_t *fp, char *sendbuf, int *sendbufidx, struct bpf_program *prog);
169 static int pcap_createfilter_norpcappkt(pcap_t *fp, struct bpf_program *prog);
170 static int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog);
171 static void pcap_save_current_filter_rpcap(pcap_t *fp, const char *filter);
172 static int pcap_setfilter_rpcap(pcap_t *fp, struct bpf_program *prog);
173 static int pcap_setsampling_remote(pcap_t *fp);
174 static int pcap_startcapture_remote(pcap_t *fp);
175 static int rpcap_recv_msg_header(SOCKET sock, SSL *, struct rpcap_header *header, char *errbuf);
176 static int rpcap_check_msg_ver(SOCKET sock, SSL *, uint8 expected_ver, struct rpcap_header *header, char *errbuf);
177 static int rpcap_check_msg_type(SOCKET sock, SSL *, uint8 request_type, struct rpcap_header *header, uint16 *errcode, char *errbuf);
178 static int rpcap_process_msg_header(SOCKET sock, SSL *, uint8 ver, uint8 request_type, struct rpcap_header *header, char *errbuf);
179 static int rpcap_recv(SOCKET sock, SSL *, void *buffer, size_t toread, uint32 *plen, char *errbuf);
180 static void rpcap_msg_err(SOCKET sockctrl, SSL *, uint32 plen, char *remote_errbuf);
181 static int rpcap_discard(SOCKET sock, SSL *, uint32 len, char *errbuf);
182 static int rpcap_read_packet_msg(struct pcap_rpcap const *, pcap_t *p, size_t size);
183 
184 /****************************************************
185  *                                                  *
186  * Function bodies                                  *
187  *                                                  *
188  ****************************************************/
189 
190 /*
191  * This function translates (i.e. de-serializes) a 'rpcap_sockaddr'
192  * structure from the network byte order to a 'sockaddr_in" or
193  * 'sockaddr_in6' structure in the host byte order.
194  *
195  * It accepts an 'rpcap_sockaddr' structure as it is received from the
196  * network, and checks the address family field against various values
197  * to see whether it looks like an IPv4 address, an IPv6 address, or
198  * neither of those.  It checks for multiple values in order to try
199  * to handle older rpcap daemons that sent the native OS's 'sockaddr_in'
200  * or 'sockaddr_in6' structures over the wire with some members
201  * byte-swapped, and to handle the fact that AF_INET6 has different
202  * values on different OSes.
203  *
204  * For IPv4 addresses, it converts the address family to host byte
205  * order from network byte order and puts it into the structure,
206  * sets the length if a sockaddr structure has a length, converts the
207  * port number to host byte order from network byte order and puts
208  * it into the structure, copies over the IPv4 address, and zeroes
209  * out the zero padding.
210  *
211  * For IPv6 addresses, it converts the address family to host byte
212  * order from network byte order and puts it into the structure,
213  * sets the length if a sockaddr structure has a length, converts the
214  * port number and flow information to host byte order from network
215  * byte order and puts them into the structure, copies over the IPv6
216  * address, and converts the scope ID to host byte order from network
217  * byte order and puts it into the structure.
218  *
219  * The function will allocate the 'sockaddrout' variable according to the
220  * address family in use. In case the address does not belong to the
221  * AF_INET nor AF_INET6 families, 'sockaddrout' is not allocated and a
222  * NULL pointer is returned.  This usually happens because that address
223  * does not exist on the other host, or is of an address family other
224  * than AF_INET or AF_INET6, so the RPCAP daemon sent a 'sockaddr_storage'
225  * structure containing all 'zero' values.
226  *
227  * Older RPCAPDs sent the addresses over the wire in the OS's native
228  * structure format.  For most OSes, this looks like the over-the-wire
229  * format, but might have a different value for AF_INET6 than the value
230  * on the machine receiving the reply.  For OSes with the newer BSD-style
231  * sockaddr structures, this has, instead of a 2-byte address family,
232  * a 1-byte structure length followed by a 1-byte address family.  The
233  * RPCAPD code would put the address family in network byte order before
234  * sending it; that would set it to 0 on a little-endian machine, as
235  * htons() of any value between 1 and 255 would result in a value > 255,
236  * with its lower 8 bits zero, so putting that back into a 1-byte field
237  * would set it to 0.
238  *
239  * Therefore, for older RPCAPDs running on an OS with newer BSD-style
240  * sockaddr structures, the family field, if treated as a big-endian
241  * (network byte order) 16-bit field, would be:
242  *
243  *	(length << 8) | family if sent by a big-endian machine
244  *	(length << 8) if sent by a little-endian machine
245  *
246  * For current RPCAPDs, and for older RPCAPDs running on an OS with
247  * older BSD-style sockaddr structures, the family field, if treated
248  * as a big-endian 16-bit field, would just contain the family.
249  *
250  * \param sockaddrin: a 'rpcap_sockaddr' pointer to the variable that has
251  * to be de-serialized.
252  *
253  * \param sockaddrout: a 'sockaddr_storage' pointer to the variable that will contain
254  * the de-serialized data. The structure returned can be either a 'sockaddr_in' or 'sockaddr_in6'.
255  * This variable will be allocated automatically inside this function.
256  *
257  * \param errbuf: a pointer to a user-allocated buffer (of size PCAP_ERRBUF_SIZE)
258  * that will contain the error message (in case there is one).
259  *
260  * \return '0' if everything is fine, '-1' if some errors occurred. Basically, the error
261  * can be only the fact that the malloc() failed to allocate memory.
262  * The error message is returned in the 'errbuf' variable, while the deserialized address
263  * is returned into the 'sockaddrout' variable.
264  *
265  * \warning This function supports only AF_INET and AF_INET6 address families.
266  *
267  * \warning The sockaddrout (if not NULL) must be deallocated by the user.
268  */
269 
270 /*
271  * Possible IPv4 family values other than the designated over-the-wire value,
272  * which is 2 (because everybody uses 2 for AF_INET4).
273  */
274 #define SOCKADDR_IN_LEN		16	/* length of struct sockaddr_in */
275 #define SOCKADDR_IN6_LEN	28	/* length of struct sockaddr_in6 */
276 #define NEW_BSD_AF_INET_BE	((SOCKADDR_IN_LEN << 8) | 2)
277 #define NEW_BSD_AF_INET_LE	(SOCKADDR_IN_LEN << 8)
278 
279 /*
280  * Possible IPv6 family values other than the designated over-the-wire value,
281  * which is 23 (because that's what Windows uses, and most RPCAP servers
282  * out there are probably running Windows, as WinPcap includes the server
283  * but few if any UN*Xes build and ship it).
284  *
285  * The new BSD sockaddr structure format was in place before 4.4-Lite, so
286  * all the free-software BSDs use it.
287  */
288 #define NEW_BSD_AF_INET6_BSD_BE		((SOCKADDR_IN6_LEN << 8) | 24)	/* NetBSD, OpenBSD, BSD/OS */
289 #define NEW_BSD_AF_INET6_FREEBSD_BE	((SOCKADDR_IN6_LEN << 8) | 28)	/* FreeBSD, DragonFly BSD */
290 #define NEW_BSD_AF_INET6_DARWIN_BE	((SOCKADDR_IN6_LEN << 8) | 30)	/* macOS, iOS, anything else Darwin-based */
291 #define NEW_BSD_AF_INET6_LE		(SOCKADDR_IN6_LEN << 8)
292 #define LINUX_AF_INET6			10
293 #define HPUX_AF_INET6			22
294 #define AIX_AF_INET6			24
295 #define SOLARIS_AF_INET6		26
296 
297 static int
298 rpcap_deseraddr(struct rpcap_sockaddr *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf)
299 {
300 	/* Warning: we support only AF_INET and AF_INET6 */
301 	switch (ntohs(sockaddrin->family))
302 	{
303 	case RPCAP_AF_INET:
304 	case NEW_BSD_AF_INET_BE:
305 	case NEW_BSD_AF_INET_LE:
306 		{
307 		struct rpcap_sockaddr_in *sockaddrin_ipv4;
308 		struct sockaddr_in *sockaddrout_ipv4;
309 
310 		(*sockaddrout) = (struct sockaddr_storage *) malloc(sizeof(struct sockaddr_in));
311 		if ((*sockaddrout) == NULL)
312 		{
313 			pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
314 			    errno, "malloc() failed");
315 			return -1;
316 		}
317 		sockaddrin_ipv4 = (struct rpcap_sockaddr_in *) sockaddrin;
318 		sockaddrout_ipv4 = (struct sockaddr_in *) (*sockaddrout);
319 		sockaddrout_ipv4->sin_family = AF_INET;
320 		sockaddrout_ipv4->sin_port = ntohs(sockaddrin_ipv4->port);
321 		memcpy(&sockaddrout_ipv4->sin_addr, &sockaddrin_ipv4->addr, sizeof(sockaddrout_ipv4->sin_addr));
322 		memset(sockaddrout_ipv4->sin_zero, 0, sizeof(sockaddrout_ipv4->sin_zero));
323 		break;
324 		}
325 
326 #ifdef AF_INET6
327 	case RPCAP_AF_INET6:
328 	case NEW_BSD_AF_INET6_BSD_BE:
329 	case NEW_BSD_AF_INET6_FREEBSD_BE:
330 	case NEW_BSD_AF_INET6_DARWIN_BE:
331 	case NEW_BSD_AF_INET6_LE:
332 	case LINUX_AF_INET6:
333 	case HPUX_AF_INET6:
334 	case AIX_AF_INET6:
335 	case SOLARIS_AF_INET6:
336 		{
337 		struct rpcap_sockaddr_in6 *sockaddrin_ipv6;
338 		struct sockaddr_in6 *sockaddrout_ipv6;
339 
340 		(*sockaddrout) = (struct sockaddr_storage *) malloc(sizeof(struct sockaddr_in6));
341 		if ((*sockaddrout) == NULL)
342 		{
343 			pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
344 			    errno, "malloc() failed");
345 			return -1;
346 		}
347 		sockaddrin_ipv6 = (struct rpcap_sockaddr_in6 *) sockaddrin;
348 		sockaddrout_ipv6 = (struct sockaddr_in6 *) (*sockaddrout);
349 		sockaddrout_ipv6->sin6_family = AF_INET6;
350 		sockaddrout_ipv6->sin6_port = ntohs(sockaddrin_ipv6->port);
351 		sockaddrout_ipv6->sin6_flowinfo = ntohl(sockaddrin_ipv6->flowinfo);
352 		memcpy(&sockaddrout_ipv6->sin6_addr, &sockaddrin_ipv6->addr, sizeof(sockaddrout_ipv6->sin6_addr));
353 		sockaddrout_ipv6->sin6_scope_id = ntohl(sockaddrin_ipv6->scope_id);
354 		break;
355 		}
356 #endif
357 
358 	default:
359 		/*
360 		 * It is neither AF_INET nor AF_INET6 (or, if the OS doesn't
361 		 * support AF_INET6, it's not AF_INET).
362 		 */
363 		*sockaddrout = NULL;
364 		break;
365 	}
366 	return 0;
367 }
368 
369 /*
370  * This function reads a packet from the network socket.  It does not
371  * deliver the packet to a pcap_dispatch()/pcap_loop() callback (hence
372  * the "nocb" string into its name).
373  *
374  * This function is called by pcap_read_rpcap().
375  *
376  * WARNING: By choice, this function does not make use of semaphores. A smarter
377  * implementation should put a semaphore into the data thread, and a signal will
378  * be raised as soon as there is data into the socket buffer.
379  * However this is complicated and it does not bring any advantages when reading
380  * from the network, in which network delays can be much more important than
381  * these optimizations. Therefore, we chose the following approach:
382  * - the 'timeout' chosen by the user is split in two (half on the server side,
383  * with the usual meaning, and half on the client side)
384  * - this function checks for packets; if there are no packets, it waits for
385  * timeout/2 and then it checks again. If packets are still missing, it returns,
386  * otherwise it reads packets.
387  */
388 static int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr *pkt_header, u_char **pkt_data)
389 {
390 	struct pcap_rpcap *pr = p->priv;	/* structure used when doing a remote live capture */
391 	struct rpcap_header *header;		/* general header according to the RPCAP format */
392 	struct rpcap_pkthdr *net_pkt_header;	/* header of the packet, from the message */
393 	u_char *net_pkt_data;			/* packet data from the message */
394 	uint32 plen;
395 	int retval = 0;				/* generic return value */
396 	int msglen;
397 
398 	/* Structures needed for the select() call */
399 	struct timeval tv;			/* maximum time the select() can block waiting for data */
400 	fd_set rfds;				/* set of socket descriptors we have to check */
401 
402 	/*
403 	 * Define the packet buffer timeout, to be used in the select()
404 	 * 'timeout', in pcap_t, is in milliseconds; we have to convert it into sec and microsec
405 	 */
406 	tv.tv_sec = p->opt.timeout / 1000;
407 	tv.tv_usec = (suseconds_t)((p->opt.timeout - tv.tv_sec * 1000) * 1000);
408 
409 #ifdef HAVE_OPENSSL
410 	/* Check if we still have bytes available in the last decoded TLS record.
411 	 * If that's the case, we know SSL_read will not block. */
412 	retval = pr->data_ssl && SSL_pending(pr->data_ssl) > 0;
413 #endif
414 	if (! retval)
415 	{
416 		/* Watch out sockdata to see if it has input */
417 		FD_ZERO(&rfds);
418 
419 		/*
420 		 * 'fp->rmt_sockdata' has always to be set before calling the select(),
421 		 * since it is cleared by the select()
422 		 */
423 		FD_SET(pr->rmt_sockdata, &rfds);
424 
425 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
426 		retval = 1;
427 #else
428 		retval = select((int) pr->rmt_sockdata + 1, &rfds, NULL, NULL, &tv);
429 #endif
430 
431 		if (retval == -1)
432 		{
433 #ifndef _WIN32
434 			if (errno == EINTR)
435 			{
436 				/* Interrupted. */
437 				return 0;
438 			}
439 #endif
440 			sock_geterrmsg(p->errbuf, PCAP_ERRBUF_SIZE,
441 			    "select() failed");
442 			return -1;
443 		}
444 	}
445 
446 	/* There is no data waiting, so return '0' */
447 	if (retval == 0)
448 		return 0;
449 
450 	/*
451 	 * We have to define 'header' as a pointer to a larger buffer,
452 	 * because in case of UDP we have to read all the message within a single call
453 	 */
454 	header = (struct rpcap_header *) p->buffer;
455 	net_pkt_header = (struct rpcap_pkthdr *) ((char *)p->buffer + sizeof(struct rpcap_header));
456 	net_pkt_data = (u_char *)p->buffer + sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr);
457 
458 	if (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP)
459 	{
460 		/* Read the entire message from the network */
461 		msglen = sock_recv_dgram(pr->rmt_sockdata, pr->data_ssl, p->buffer,
462 		    p->bufsize, p->errbuf, PCAP_ERRBUF_SIZE);
463 		if (msglen == -1)
464 		{
465 			/* Network error. */
466 			return -1;
467 		}
468 		if (msglen == -3)
469 		{
470 			/* Interrupted receive. */
471 			return 0;
472 		}
473 		if ((size_t)msglen < sizeof(struct rpcap_header))
474 		{
475 			/*
476 			 * Message is shorter than an rpcap header.
477 			 */
478 			snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
479 			    "UDP packet message is shorter than an rpcap header");
480 			return -1;
481 		}
482 		plen = ntohl(header->plen);
483 		if ((size_t)msglen < sizeof(struct rpcap_header) + plen)
484 		{
485 			/*
486 			 * Message is shorter than the header claims it
487 			 * is.
488 			 */
489 			snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
490 			    "UDP packet message is shorter than its rpcap header claims");
491 			return -1;
492 		}
493 	}
494 	else
495 	{
496 		int status;
497 
498 		if ((size_t)p->cc < sizeof(struct rpcap_header))
499 		{
500 			/*
501 			 * We haven't read any of the packet header yet.
502 			 * The size we should get is the size of the
503 			 * packet header.
504 			 */
505 			status = rpcap_read_packet_msg(pr, p, sizeof(struct rpcap_header));
506 			if (status == -1)
507 			{
508 				/* Network error. */
509 				return -1;
510 			}
511 			if (status == -3)
512 			{
513 				/* Interrupted receive. */
514 				return 0;
515 			}
516 		}
517 
518 		/*
519 		 * We have the header, so we know how long the
520 		 * message payload is.  The size we should get
521 		 * is the size of the packet header plus the
522 		 * size of the payload.
523 		 */
524 		plen = ntohl(header->plen);
525 		if (plen > p->bufsize - sizeof(struct rpcap_header))
526 		{
527 			/*
528 			 * This is bigger than the largest
529 			 * record we'd expect.  (We do it by
530 			 * subtracting in order to avoid an
531 			 * overflow.)
532 			 */
533 			snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
534 			    "Server sent us a message larger than the largest expected packet message");
535 			return -1;
536 		}
537 		status = rpcap_read_packet_msg(pr, p, sizeof(struct rpcap_header) + plen);
538 		if (status == -1)
539 		{
540 			/* Network error. */
541 			return -1;
542 		}
543 		if (status == -3)
544 		{
545 			/* Interrupted receive. */
546 			return 0;
547 		}
548 
549 		/*
550 		 * We have the entire message; reset the buffer pointer
551 		 * and count, as the next read should start a new
552 		 * message.
553 		 */
554 		p->bp = p->buffer;
555 		p->cc = 0;
556 	}
557 
558 	/*
559 	 * We have the entire message.
560 	 */
561 	header->plen = plen;
562 
563 	/*
564 	 * Did the server specify the version we negotiated?
565 	 */
566 	if (rpcap_check_msg_ver(pr->rmt_sockdata, pr->data_ssl, pr->protocol_version,
567 	    header, p->errbuf) == -1)
568 	{
569 		return 0;	/* Return 'no packets received' */
570 	}
571 
572 	/*
573 	 * Is this a RPCAP_MSG_PACKET message?
574 	 */
575 	if (header->type != RPCAP_MSG_PACKET)
576 	{
577 		return 0;	/* Return 'no packets received' */
578 	}
579 
580 	if (ntohl(net_pkt_header->caplen) > plen)
581 	{
582 		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
583 		    "Packet's captured data goes past the end of the received packet message.");
584 		return -1;
585 	}
586 
587 	/* Fill in packet header */
588 	pkt_header->caplen = ntohl(net_pkt_header->caplen);
589 	pkt_header->len = ntohl(net_pkt_header->len);
590 	pkt_header->ts.tv_sec = ntohl(net_pkt_header->timestamp_sec);
591 	pkt_header->ts.tv_usec = ntohl(net_pkt_header->timestamp_usec);
592 
593 	/* Supply a pointer to the beginning of the packet data */
594 	*pkt_data = net_pkt_data;
595 
596 	/*
597 	 * I don't update the counter of the packets dropped by the network since we're using TCP,
598 	 * therefore no packets are dropped. Just update the number of packets received correctly
599 	 */
600 	pr->TotCapt++;
601 
602 	if (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP)
603 	{
604 		unsigned int npkt;
605 
606 		/* We're using UDP, so we need to update the counter of the packets dropped by the network */
607 		npkt = ntohl(net_pkt_header->npkt);
608 
609 		if (pr->TotCapt != npkt)
610 		{
611 			pr->TotNetDrops += (npkt - pr->TotCapt);
612 			pr->TotCapt = npkt;
613 		}
614 	}
615 
616 	/* Packet read successfully */
617 	return 1;
618 }
619 
620 /*
621  * This function reads a packet from the network socket.
622  *
623  * This function relies on the pcap_read_nocb_remote to deliver packets. The
624  * difference, here, is that as soon as a packet is read, it is delivered
625  * to the application by means of a callback function.
626  */
627 static int pcap_read_rpcap(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
628 {
629 	struct pcap_rpcap *pr = p->priv;	/* structure used when doing a remote live capture */
630 	struct pcap_pkthdr pkt_header;
631 	u_char *pkt_data;
632 	int n = 0;
633 	int ret;
634 
635 	/*
636 	 * If this is client-side, and we haven't already started
637 	 * the capture, start it now.
638 	 */
639 	if (pr->rmt_clientside)
640 	{
641 		/* We are on an remote capture */
642 		if (!pr->rmt_capstarted)
643 		{
644 			/*
645 			 * The capture isn't started yet, so try to
646 			 * start it.
647 			 */
648 			if (pcap_startcapture_remote(p))
649 				return -1;
650 		}
651 	}
652 
653 	/*
654 	 * This can conceivably process more than INT_MAX packets,
655 	 * which would overflow the packet count, causing it either
656 	 * to look like a negative number, and thus cause us to
657 	 * return a value that looks like an error, or overflow
658 	 * back into positive territory, and thus cause us to
659 	 * return a too-low count.
660 	 *
661 	 * Therefore, if the packet count is unlimited, we clip
662 	 * it at INT_MAX; this routine is not expected to
663 	 * process packets indefinitely, so that's not an issue.
664 	 */
665 	if (PACKET_COUNT_IS_UNLIMITED(cnt))
666 		cnt = INT_MAX;
667 
668 	while (n < cnt || PACKET_COUNT_IS_UNLIMITED(cnt))
669 	{
670 		/*
671 		 * Has "pcap_breakloop()" been called?
672 		 */
673 		if (p->break_loop) {
674 			/*
675 			 * Yes - clear the flag that indicates that it
676 			 * has, and return PCAP_ERROR_BREAK to indicate
677 			 * that we were told to break out of the loop.
678 			 */
679 			p->break_loop = 0;
680 			return (PCAP_ERROR_BREAK);
681 		}
682 
683 		/*
684 		 * Read some packets.
685 		 */
686 		ret = pcap_read_nocb_remote(p, &pkt_header, &pkt_data);
687 		if (ret == 1)
688 		{
689 			/*
690 			 * We got a packet.
691 			 *
692 			 * Do whatever post-processing is necessary, hand
693 			 * it to the callback, and count it so we can
694 			 * return the count.
695 			 */
696 			pcap_post_process(p->linktype, pr->byte_swapped,
697 			    &pkt_header, pkt_data);
698 			(*callback)(user, &pkt_header, pkt_data);
699 			n++;
700 		}
701 		else if (ret == -1)
702 		{
703 			/* Error. */
704 			return ret;
705 		}
706 		else
707 		{
708 			/*
709 			 * No packet; this could mean that we timed
710 			 * out, or that we got interrupted, or that
711 			 * we got a bad packet.
712 			 *
713 			 * Were we told to break out of the loop?
714 			 */
715 			if (p->break_loop) {
716 				/*
717 				 * Yes.
718 				 */
719 				p->break_loop = 0;
720 				return (PCAP_ERROR_BREAK);
721 			}
722 			/* No - return the number of packets we've processed. */
723 			return n;
724 		}
725 	}
726 	return n;
727 }
728 
729 /*
730  * This function sends a CLOSE command to the capture server if we're in
731  * passive mode and an ENDCAP command to the capture server if we're in
732  * active mode.
733  *
734  * It is called when the user calls pcap_close().  It sends a command
735  * to our peer that says 'ok, let's stop capturing'.
736  *
737  * WARNING: Since we're closing the connection, we do not check for errors.
738  */
739 static void pcap_cleanup_rpcap(pcap_t *fp)
740 {
741 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
742 	struct rpcap_header header;		/* header of the RPCAP packet */
743 	struct activehosts *temp;		/* temp var needed to scan the host list chain, to detect if we're in active mode */
744 	int active = 0;				/* active mode or not? */
745 
746 	/* detect if we're in active mode */
747 	temp = activeHosts;
748 	while (temp)
749 	{
750 		if (temp->sockctrl == pr->rmt_sockctrl)
751 		{
752 			active = 1;
753 			break;
754 		}
755 		temp = temp->next;
756 	}
757 
758 	if (!active)
759 	{
760 		rpcap_createhdr(&header, pr->protocol_version,
761 		    RPCAP_MSG_CLOSE, 0, 0);
762 
763 		/*
764 		 * Send the close request; don't report any errors, as
765 		 * we're closing this pcap_t, and have no place to report
766 		 * the error.  No reply is sent to this message.
767 		 */
768 		(void)sock_send(pr->rmt_sockctrl, pr->ctrl_ssl, (char *)&header,
769 		    sizeof(struct rpcap_header), NULL, 0);
770 	}
771 	else
772 	{
773 		rpcap_createhdr(&header, pr->protocol_version,
774 		    RPCAP_MSG_ENDCAP_REQ, 0, 0);
775 
776 		/*
777 		 * Send the end capture request; don't report any errors,
778 		 * as we're closing this pcap_t, and have no place to
779 		 * report the error.
780 		 */
781 		if (sock_send(pr->rmt_sockctrl, pr->ctrl_ssl, (char *)&header,
782 		    sizeof(struct rpcap_header), NULL, 0) == 0)
783 		{
784 			/*
785 			 * Wait for the answer; don't report any errors,
786 			 * as we're closing this pcap_t, and have no
787 			 * place to report the error.
788 			 */
789 			if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->ctrl_ssl,
790 			    pr->protocol_version, RPCAP_MSG_ENDCAP_REQ,
791 			    &header, NULL) == 0)
792 			{
793 				(void)rpcap_discard(pr->rmt_sockctrl, pr->ctrl_ssl,
794 				    header.plen, NULL);
795 			}
796 		}
797 	}
798 
799 	if (pr->rmt_sockdata)
800 	{
801 #ifdef HAVE_OPENSSL
802 		if (pr->data_ssl)
803 		{
804 			// Finish using the SSL handle for the data socket.
805 			// This must be done *before* the socket is closed.
806 			ssl_finish(pr->data_ssl);
807 			pr->data_ssl = NULL;
808 		}
809 #endif
810 		sock_close(pr->rmt_sockdata, NULL, 0);
811 		pr->rmt_sockdata = 0;
812 	}
813 
814 	if ((!active) && (pr->rmt_sockctrl))
815 	{
816 #ifdef HAVE_OPENSSL
817 		if (pr->ctrl_ssl)
818 		{
819 			// Finish using the SSL handle for the control socket.
820 			// This must be done *before* the socket is closed.
821 			ssl_finish(pr->ctrl_ssl);
822 			pr->ctrl_ssl = NULL;
823 		}
824 #endif
825 		sock_close(pr->rmt_sockctrl, NULL, 0);
826 	}
827 
828 	pr->rmt_sockctrl = 0;
829 	pr->ctrl_ssl = NULL;
830 
831 	if (pr->currentfilter)
832 	{
833 		free(pr->currentfilter);
834 		pr->currentfilter = NULL;
835 	}
836 
837 	pcap_cleanup_live_common(fp);
838 
839 	/* To avoid inconsistencies in the number of sock_init() */
840 	sock_cleanup();
841 }
842 
843 /*
844  * This function retrieves network statistics from our peer;
845  * it provides only the standard statistics.
846  */
847 static int pcap_stats_rpcap(pcap_t *p, struct pcap_stat *ps)
848 {
849 	struct pcap_stat *retval;
850 
851 	retval = rpcap_stats_rpcap(p, ps, PCAP_STATS_STANDARD);
852 
853 	if (retval)
854 		return 0;
855 	else
856 		return -1;
857 }
858 
859 #ifdef _WIN32
860 /*
861  * This function retrieves network statistics from our peer;
862  * it provides the additional statistics supported by pcap_stats_ex().
863  */
864 static struct pcap_stat *pcap_stats_ex_rpcap(pcap_t *p, int *pcap_stat_size)
865 {
866 	*pcap_stat_size = sizeof (p->stat);
867 
868 	/* PCAP_STATS_EX (third param) means 'extended pcap_stats()' */
869 	return (rpcap_stats_rpcap(p, &(p->stat), PCAP_STATS_EX));
870 }
871 #endif
872 
873 /*
874  * This function retrieves network statistics from our peer.  It
875  * is used by the two previous functions.
876  *
877  * It can be called in two modes:
878  * - PCAP_STATS_STANDARD: if we want just standard statistics (i.e.,
879  *   for pcap_stats())
880  * - PCAP_STATS_EX: if we want extended statistics (i.e., for
881  *   pcap_stats_ex())
882  *
883  * This 'mode' parameter is needed because in pcap_stats() the variable that
884  * keeps the statistics is allocated by the user. On Windows, this structure
885  * has been extended in order to keep new stats. However, if the user has a
886  * smaller structure and it passes it to pcap_stats(), this function will
887  * try to fill in more data than the size of the structure, so that memory
888  * after the structure will be overwritten.
889  *
890  * So, we need to know it we have to copy just the standard fields, or the
891  * extended fields as well.
892  *
893  * In case we want to copy the extended fields as well, the problem of
894  * memory overflow no longer exists because the structure that's filled
895  * in is part of the pcap_t, so that it can be guaranteed to be large
896  * enough for the additional statistics.
897  *
898  * \param p: the pcap_t structure related to the current instance.
899  *
900  * \param ps: a pointer to a 'pcap_stat' structure, needed for compatibility
901  * with pcap_stat(), where the structure is allocated by the user. In case
902  * of pcap_stats_ex(), this structure and the function return value point
903  * to the same variable.
904  *
905  * \param mode: one of PCAP_STATS_STANDARD or PCAP_STATS_EX.
906  *
907  * \return The structure that keeps the statistics, or NULL in case of error.
908  * The error string is placed in the pcap_t structure.
909  */
910 static struct pcap_stat *rpcap_stats_rpcap(pcap_t *p, struct pcap_stat *ps, int mode)
911 {
912 	struct pcap_rpcap *pr = p->priv;	/* structure used when doing a remote live capture */
913 	struct rpcap_header header;		/* header of the RPCAP packet */
914 	struct rpcap_stats netstats;		/* statistics sent on the network */
915 	uint32 plen;				/* data remaining in the message */
916 
917 #ifdef _WIN32
918 	if (mode != PCAP_STATS_STANDARD && mode != PCAP_STATS_EX)
919 #else
920 	if (mode != PCAP_STATS_STANDARD)
921 #endif
922 	{
923 		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
924 		    "Invalid stats mode %d", mode);
925 		return NULL;
926 	}
927 
928 	/*
929 	 * If the capture has not yet started, we cannot request statistics
930 	 * for the capture from our peer, so we return 0 for all statistics,
931 	 * as nothing's been seen yet.
932 	 */
933 	if (!pr->rmt_capstarted)
934 	{
935 		ps->ps_drop = 0;
936 		ps->ps_ifdrop = 0;
937 		ps->ps_recv = 0;
938 #ifdef _WIN32
939 		if (mode == PCAP_STATS_EX)
940 		{
941 			ps->ps_capt = 0;
942 			ps->ps_sent = 0;
943 			ps->ps_netdrop = 0;
944 		}
945 #endif /* _WIN32 */
946 
947 		return ps;
948 	}
949 
950 	rpcap_createhdr(&header, pr->protocol_version,
951 	    RPCAP_MSG_STATS_REQ, 0, 0);
952 
953 	/* Send the PCAP_STATS command */
954 	if (sock_send(pr->rmt_sockctrl, pr->ctrl_ssl, (char *)&header,
955 	    sizeof(struct rpcap_header), p->errbuf, PCAP_ERRBUF_SIZE) < 0)
956 		return NULL;		/* Unrecoverable network error */
957 
958 	/* Receive and process the reply message header. */
959 	if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->ctrl_ssl, pr->protocol_version,
960 	    RPCAP_MSG_STATS_REQ, &header, p->errbuf) == -1)
961 		return NULL;		/* Error */
962 
963 	plen = header.plen;
964 
965 	/* Read the reply body */
966 	if (rpcap_recv(pr->rmt_sockctrl, pr->ctrl_ssl, (char *)&netstats,
967 	    sizeof(struct rpcap_stats), &plen, p->errbuf) == -1)
968 		goto error;
969 
970 	ps->ps_drop = ntohl(netstats.krnldrop);
971 	ps->ps_ifdrop = ntohl(netstats.ifdrop);
972 	ps->ps_recv = ntohl(netstats.ifrecv);
973 #ifdef _WIN32
974 	if (mode == PCAP_STATS_EX)
975 	{
976 		ps->ps_capt = pr->TotCapt;
977 		ps->ps_netdrop = pr->TotNetDrops;
978 		ps->ps_sent = ntohl(netstats.svrcapt);
979 	}
980 #endif /* _WIN32 */
981 
982 	/* Discard the rest of the message. */
983 	if (rpcap_discard(pr->rmt_sockctrl, pr->ctrl_ssl, plen, p->errbuf) == -1)
984 		goto error_nodiscard;
985 
986 	return ps;
987 
988 error:
989 	/*
990 	 * Discard the rest of the message.
991 	 * We already reported an error; if this gets an error, just
992 	 * drive on.
993 	 */
994 	(void)rpcap_discard(pr->rmt_sockctrl, pr->ctrl_ssl, plen, NULL);
995 
996 error_nodiscard:
997 	return NULL;
998 }
999 
1000 /*
1001  * This function returns the entry in the list of active hosts for this
1002  * active connection (active mode only), or NULL if there is no
1003  * active connection or an error occurred.  It is just for internal
1004  * use.
1005  *
1006  * \param host: a string that keeps the host name of the host for which we
1007  * want to get the socket ID for that active connection.
1008  *
1009  * \param error: a pointer to an int that is set to 1 if an error occurred
1010  * and 0 otherwise.
1011  *
1012  * \param errbuf: a pointer to a user-allocated buffer (of size
1013  * PCAP_ERRBUF_SIZE) that will contain the error message (in case
1014  * there is one).
1015  *
1016  * \return the entry for this host in the list of active connections
1017  * if found, NULL if it's not found or there's an error.
1018  */
1019 static struct activehosts *
1020 rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
1021 {
1022 	struct activehosts *temp;			/* temp var needed to scan the host list chain */
1023 	struct addrinfo hints, *addrinfo, *ai_next;	/* temp var needed to translate between hostname to its address */
1024 	int retval;
1025 
1026 	/* retrieve the network address corresponding to 'host' */
1027 	addrinfo = NULL;
1028 	memset(&hints, 0, sizeof(struct addrinfo));
1029 	hints.ai_family = PF_UNSPEC;
1030 	hints.ai_socktype = SOCK_STREAM;
1031 
1032 	retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
1033 	    PCAP_ERRBUF_SIZE);
1034 	if (retval != 0)
1035 	{
1036 		*error = 1;
1037 		return NULL;
1038 	}
1039 
1040 	temp = activeHosts;
1041 
1042 	while (temp)
1043 	{
1044 		ai_next = addrinfo;
1045 		while (ai_next)
1046 		{
1047 			if (sock_cmpaddr(&temp->host, (struct sockaddr_storage *) ai_next->ai_addr) == 0)
1048 			{
1049 				*error = 0;
1050 				freeaddrinfo(addrinfo);
1051 				return temp;
1052 			}
1053 
1054 			ai_next = ai_next->ai_next;
1055 		}
1056 		temp = temp->next;
1057 	}
1058 
1059 	if (addrinfo)
1060 		freeaddrinfo(addrinfo);
1061 
1062 	/*
1063 	 * The host for which you want to get the socket ID does not have an
1064 	 * active connection.
1065 	 */
1066 	*error = 0;
1067 	return NULL;
1068 }
1069 
1070 /*
1071  * This function starts a remote capture.
1072  *
1073  * This function is required since the RPCAP protocol decouples the 'open'
1074  * from the 'start capture' functions.
1075  * This function takes all the parameters needed (which have been stored
1076  * into the pcap_t structure) and sends them to the server.
1077  *
1078  * \param fp: the pcap_t descriptor of the device currently open.
1079  *
1080  * \return '0' if everything is fine, '-1' otherwise. The error message
1081  * (if one) is returned into the 'errbuf' field of the pcap_t structure.
1082  */
1083 static int pcap_startcapture_remote(pcap_t *fp)
1084 {
1085 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
1086 	char sendbuf[RPCAP_NETBUF_SIZE];	/* temporary buffer in which data to be sent is buffered */
1087 	int sendbufidx = 0;			/* index which keeps the number of bytes currently buffered */
1088 	uint16 portdata = 0;			/* temp variable needed to keep the network port for the data connection */
1089 	uint32 plen;
1090 	int active = 0;				/* '1' if we're in active mode */
1091 	struct activehosts *temp;		/* temp var needed to scan the host list chain, to detect if we're in active mode */
1092 	char host[INET6_ADDRSTRLEN + 1];	/* numeric name of the other host */
1093 
1094 	/* socket-related variables*/
1095 	struct addrinfo hints;			/* temp, needed to open a socket connection */
1096 	struct addrinfo *addrinfo;		/* temp, needed to open a socket connection */
1097 	SOCKET sockdata = 0;			/* socket descriptor of the data connection */
1098 	struct sockaddr_storage saddr;		/* temp, needed to retrieve the network data port chosen on the local machine */
1099 	socklen_t saddrlen;			/* temp, needed to retrieve the network data port chosen on the local machine */
1100 	int ai_family;				/* temp, keeps the address family used by the control connection */
1101 	struct sockaddr_in *sin4;
1102 	struct sockaddr_in6 *sin6;
1103 
1104 	/* RPCAP-related variables*/
1105 	struct rpcap_header header;			/* header of the RPCAP packet */
1106 	struct rpcap_startcapreq *startcapreq;		/* start capture request message */
1107 	struct rpcap_startcapreply startcapreply;	/* start capture reply message */
1108 
1109 	/* Variables related to the buffer setting */
1110 	int res;
1111 	socklen_t itemp;
1112 	int sockbufsize = 0;
1113 	uint32 server_sockbufsize;
1114 
1115 	// Take the opportunity to clear pr->data_ssl before any goto error,
1116 	// as it seems p->priv is not zeroed after its malloced.
1117 	// XXX - it now should be, as it's allocated by pcap_alloc_pcap_t(),
1118 	// which does a calloc().
1119 	pr->data_ssl = NULL;
1120 
1121 	/*
1122 	 * Let's check if sampling has been required.
1123 	 * If so, let's set it first
1124 	 */
1125 	if (pcap_setsampling_remote(fp) != 0)
1126 		return -1;
1127 
1128 	/* detect if we're in active mode */
1129 	temp = activeHosts;
1130 	while (temp)
1131 	{
1132 		if (temp->sockctrl == pr->rmt_sockctrl)
1133 		{
1134 			active = 1;
1135 			break;
1136 		}
1137 		temp = temp->next;
1138 	}
1139 
1140 	addrinfo = NULL;
1141 
1142 	/*
1143 	 * Gets the complete sockaddr structure used in the ctrl connection
1144 	 * This is needed to get the address family of the control socket
1145 	 * Tip: I cannot save the ai_family of the ctrl sock in the pcap_t struct,
1146 	 * since the ctrl socket can already be open in case of active mode;
1147 	 * so I would have to call getpeername() anyway
1148 	 */
1149 	saddrlen = sizeof(struct sockaddr_storage);
1150 	if (getpeername(pr->rmt_sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
1151 	{
1152 		sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1153 		    "getsockname() failed");
1154 		goto error_nodiscard;
1155 	}
1156 	ai_family = ((struct sockaddr_storage *) &saddr)->ss_family;
1157 
1158 	/* Get the numeric address of the remote host we are connected to */
1159 	if (getnameinfo((struct sockaddr *) &saddr, saddrlen, host,
1160 		sizeof(host), NULL, 0, NI_NUMERICHOST))
1161 	{
1162 		sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1163 		    "getnameinfo() failed");
1164 		goto error_nodiscard;
1165 	}
1166 
1167 	/*
1168 	 * Data connection is opened by the server toward the client if:
1169 	 * - we're using TCP, and the user wants us to be in active mode
1170 	 * - we're using UDP
1171 	 */
1172 	if ((active) || (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
1173 	{
1174 		/*
1175 		 * We have to create a new socket to receive packets
1176 		 * We have to do that immediately, since we have to tell the other
1177 		 * end which network port we picked up
1178 		 */
1179 		memset(&hints, 0, sizeof(struct addrinfo));
1180 		/* TEMP addrinfo is NULL in case of active */
1181 		hints.ai_family = ai_family;	/* Use the same address family of the control socket */
1182 		hints.ai_socktype = (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP) ? SOCK_DGRAM : SOCK_STREAM;
1183 		hints.ai_flags = AI_PASSIVE;	/* Data connection is opened by the server toward the client */
1184 
1185 		/* Let's the server pick up a free network port for us */
1186 		if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
1187 			goto error_nodiscard;
1188 
1189 		if ((sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER,
1190 			1 /* max 1 connection in queue */, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
1191 			goto error_nodiscard;
1192 
1193 		/* addrinfo is no longer used */
1194 		freeaddrinfo(addrinfo);
1195 		addrinfo = NULL;
1196 
1197 		/* get the complete sockaddr structure used in the data connection */
1198 		saddrlen = sizeof(struct sockaddr_storage);
1199 		if (getsockname(sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
1200 		{
1201 			sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1202 			    "getsockname() failed");
1203 			goto error_nodiscard;
1204 		}
1205 
1206 		switch (saddr.ss_family) {
1207 
1208 		case AF_INET:
1209 			sin4 = (struct sockaddr_in *)&saddr;
1210 			portdata = sin4->sin_port;
1211 			break;
1212 
1213 		case AF_INET6:
1214 			sin6 = (struct sockaddr_in6 *)&saddr;
1215 			portdata = sin6->sin6_port;
1216 			break;
1217 
1218 		default:
1219 			snprintf(fp->errbuf, PCAP_ERRBUF_SIZE,
1220 			    "Local address has unknown address family %u",
1221 			    saddr.ss_family);
1222 			goto error_nodiscard;
1223 		}
1224 	}
1225 
1226 	/*
1227 	 * Now it's time to start playing with the RPCAP protocol
1228 	 * RPCAP start capture command: create the request message
1229 	 */
1230 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
1231 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1232 		goto error_nodiscard;
1233 
1234 	rpcap_createhdr((struct rpcap_header *) sendbuf,
1235 	    pr->protocol_version, RPCAP_MSG_STARTCAP_REQ, 0,
1236 	    sizeof(struct rpcap_startcapreq) + sizeof(struct rpcap_filter) + fp->fcode.bf_len * sizeof(struct rpcap_filterbpf_insn));
1237 
1238 	/* Fill the structure needed to open an adapter remotely */
1239 	startcapreq = (struct rpcap_startcapreq *) &sendbuf[sendbufidx];
1240 
1241 	if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreq), NULL,
1242 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1243 		goto error_nodiscard;
1244 
1245 	memset(startcapreq, 0, sizeof(struct rpcap_startcapreq));
1246 
1247 	/* By default, apply half the timeout on one side, half of the other */
1248 	fp->opt.timeout = fp->opt.timeout / 2;
1249 	startcapreq->read_timeout = htonl(fp->opt.timeout);
1250 
1251 	/* portdata on the openreq is meaningful only if we're in active mode */
1252 	if ((active) || (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
1253 	{
1254 		startcapreq->portdata = portdata;
1255 	}
1256 
1257 	startcapreq->snaplen = htonl(fp->snapshot);
1258 	startcapreq->flags = 0;
1259 
1260 	if (pr->rmt_flags & PCAP_OPENFLAG_PROMISCUOUS)
1261 		startcapreq->flags |= RPCAP_STARTCAPREQ_FLAG_PROMISC;
1262 	if (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP)
1263 		startcapreq->flags |= RPCAP_STARTCAPREQ_FLAG_DGRAM;
1264 	if (active)
1265 		startcapreq->flags |= RPCAP_STARTCAPREQ_FLAG_SERVEROPEN;
1266 
1267 	startcapreq->flags = htons(startcapreq->flags);
1268 
1269 	/* Pack the capture filter */
1270 	if (pcap_pack_bpffilter(fp, &sendbuf[sendbufidx], &sendbufidx, &fp->fcode))
1271 		goto error_nodiscard;
1272 
1273 	if (sock_send(pr->rmt_sockctrl, pr->ctrl_ssl, sendbuf, sendbufidx, fp->errbuf,
1274 	    PCAP_ERRBUF_SIZE) < 0)
1275 		goto error_nodiscard;
1276 
1277 	/* Receive and process the reply message header. */
1278 	if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->ctrl_ssl, pr->protocol_version,
1279 	    RPCAP_MSG_STARTCAP_REQ, &header, fp->errbuf) == -1)
1280 		goto error_nodiscard;
1281 
1282 	plen = header.plen;
1283 
1284 	if (rpcap_recv(pr->rmt_sockctrl, pr->ctrl_ssl, (char *)&startcapreply,
1285 	    sizeof(struct rpcap_startcapreply), &plen, fp->errbuf) == -1)
1286 		goto error;
1287 
1288 	/*
1289 	 * In case of UDP data stream, the connection is always opened by the daemon
1290 	 * So, this case is already covered by the code above.
1291 	 * Now, we have still to handle TCP connections, because:
1292 	 * - if we're in active mode, we have to wait for a remote connection
1293 	 * - if we're in passive more, we have to start a connection
1294 	 *
1295 	 * We have to do he job in two steps because in case we're opening a TCP connection, we have
1296 	 * to tell the port we're using to the remote side; in case we're accepting a TCP
1297 	 * connection, we have to wait this info from the remote side.
1298 	 */
1299 	if (!(pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
1300 	{
1301 		if (!active)
1302 		{
1303 			char portstring[PCAP_BUF_SIZE];
1304 
1305 			memset(&hints, 0, sizeof(struct addrinfo));
1306 			hints.ai_family = ai_family;		/* Use the same address family of the control socket */
1307 			hints.ai_socktype = (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP) ? SOCK_DGRAM : SOCK_STREAM;
1308 			snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));
1309 
1310 			/* Let's the server pick up a free network port for us */
1311 			if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
1312 				goto error;
1313 
1314 			if ((sockdata = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
1315 				goto error;
1316 
1317 			/* addrinfo is no longer used */
1318 			freeaddrinfo(addrinfo);
1319 			addrinfo = NULL;
1320 		}
1321 		else
1322 		{
1323 			SOCKET socktemp;	/* We need another socket, since we're going to accept() a connection */
1324 
1325 			/* Connection creation */
1326 			saddrlen = sizeof(struct sockaddr_storage);
1327 
1328 			socktemp = accept(sockdata, (struct sockaddr *) &saddr, &saddrlen);
1329 
1330 			if (socktemp == INVALID_SOCKET)
1331 			{
1332 				sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1333 				    "accept() failed");
1334 				goto error;
1335 			}
1336 
1337 			/* Now that I accepted the connection, the server socket is no longer needed */
1338 			sock_close(sockdata, fp->errbuf, PCAP_ERRBUF_SIZE);
1339 			sockdata = socktemp;
1340 		}
1341 	}
1342 
1343 	/* Let's save the socket of the data connection */
1344 	pr->rmt_sockdata = sockdata;
1345 
1346 #ifdef HAVE_OPENSSL
1347 	if (pr->uses_ssl)
1348 	{
1349 		pr->data_ssl = ssl_promotion(0, sockdata, fp->errbuf, PCAP_ERRBUF_SIZE);
1350 		if (! pr->data_ssl) goto error;
1351 	}
1352 #endif
1353 
1354 	/*
1355 	 * Set the size of the socket buffer for the data socket.
1356 	 * It has the same size as the local capture buffer used
1357 	 * on the other side of the connection.
1358 	 */
1359 	server_sockbufsize = ntohl(startcapreply.bufsize);
1360 
1361 	/* Let's get the actual size of the socket buffer */
1362 	itemp = sizeof(sockbufsize);
1363 
1364 	res = getsockopt(sockdata, SOL_SOCKET, SO_RCVBUF, (char *)&sockbufsize, &itemp);
1365 	if (res == -1)
1366 	{
1367 		sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1368 		    "pcap_startcapture_remote(): getsockopt() failed");
1369 		goto error;
1370 	}
1371 
1372 	/*
1373 	 * Warning: on some kernels (e.g. Linux), the size of the user
1374 	 * buffer does not take into account the pcap_header and such,
1375 	 * and it is set equal to the snaplen.
1376 	 *
1377 	 * In my view, this is wrong (the meaning of the bufsize became
1378 	 * a bit strange).  So, here bufsize is the whole size of the
1379 	 * user buffer.  In case the bufsize returned is too small,
1380 	 * let's adjust it accordingly.
1381 	 */
1382 	if (server_sockbufsize <= (u_int) fp->snapshot)
1383 		server_sockbufsize += sizeof(struct pcap_pkthdr);
1384 
1385 	/* if the current socket buffer is smaller than the desired one */
1386 	if ((u_int) sockbufsize < server_sockbufsize)
1387 	{
1388 		/*
1389 		 * Loop until the buffer size is OK or the original
1390 		 * socket buffer size is larger than this one.
1391 		 */
1392 		for (;;)
1393 		{
1394 			res = setsockopt(sockdata, SOL_SOCKET, SO_RCVBUF,
1395 			    (char *)&(server_sockbufsize),
1396 			    sizeof(server_sockbufsize));
1397 
1398 			if (res == 0)
1399 				break;
1400 
1401 			/*
1402 			 * If something goes wrong, halve the buffer size
1403 			 * (checking that it does not become smaller than
1404 			 * the current one).
1405 			 */
1406 			server_sockbufsize /= 2;
1407 
1408 			if ((u_int) sockbufsize >= server_sockbufsize)
1409 			{
1410 				server_sockbufsize = sockbufsize;
1411 				break;
1412 			}
1413 		}
1414 	}
1415 
1416 	/*
1417 	 * Let's allocate the packet; this is required in order to put
1418 	 * the packet somewhere when extracting data from the socket.
1419 	 * Since buffering has already been done in the socket buffer,
1420 	 * here we need just a buffer whose size is equal to the
1421 	 * largest possible packet message for the snapshot size,
1422 	 * namely the length of the message header plus the length
1423 	 * of the packet header plus the snapshot length.
1424 	 */
1425 	fp->bufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + fp->snapshot;
1426 
1427 	fp->buffer = (u_char *)malloc(fp->bufsize);
1428 	if (fp->buffer == NULL)
1429 	{
1430 		pcap_fmt_errmsg_for_errno(fp->errbuf, PCAP_ERRBUF_SIZE,
1431 		    errno, "malloc");
1432 		goto error;
1433 	}
1434 
1435 	/*
1436 	 * The buffer is currently empty.
1437 	 */
1438 	fp->bp = fp->buffer;
1439 	fp->cc = 0;
1440 
1441 	/* Discard the rest of the message. */
1442 	if (rpcap_discard(pr->rmt_sockctrl, pr->ctrl_ssl, plen, fp->errbuf) == -1)
1443 		goto error_nodiscard;
1444 
1445 	/*
1446 	 * In case the user does not want to capture RPCAP packets, let's update the filter
1447 	 * We have to update it here (instead of sending it into the 'StartCapture' message
1448 	 * because when we generate the 'start capture' we do not know (yet) all the ports
1449 	 * we're currently using.
1450 	 */
1451 	if (pr->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP)
1452 	{
1453 		struct bpf_program fcode;
1454 
1455 		if (pcap_createfilter_norpcappkt(fp, &fcode) == -1)
1456 			goto error;
1457 
1458 		/* We cannot use 'pcap_setfilter_rpcap' because formally the capture has not been started yet */
1459 		/* (the 'pr->rmt_capstarted' variable will be updated some lines below) */
1460 		if (pcap_updatefilter_remote(fp, &fcode) == -1)
1461 			goto error;
1462 
1463 		pcap_freecode(&fcode);
1464 	}
1465 
1466 	pr->rmt_capstarted = 1;
1467 	return 0;
1468 
1469 error:
1470 	/*
1471 	 * When the connection has been established, we have to close it. So, at the
1472 	 * beginning of this function, if an error occur we return immediately with
1473 	 * a return NULL; when the connection is established, we have to come here
1474 	 * ('goto error;') in order to close everything properly.
1475 	 */
1476 
1477 	/*
1478 	 * Discard the rest of the message.
1479 	 * We already reported an error; if this gets an error, just
1480 	 * drive on.
1481 	 */
1482 	(void)rpcap_discard(pr->rmt_sockctrl, pr->ctrl_ssl, plen, NULL);
1483 
1484 error_nodiscard:
1485 #ifdef HAVE_OPENSSL
1486 	if (pr->data_ssl)
1487 	{
1488 		// Finish using the SSL handle for the data socket.
1489 		// This must be done *before* the socket is closed.
1490 		ssl_finish(pr->data_ssl);
1491 		pr->data_ssl = NULL;
1492 	}
1493 #endif
1494 
1495 	/* we can be here because sockdata said 'error' */
1496 	if ((sockdata != 0) && (sockdata != INVALID_SOCKET))
1497 		sock_close(sockdata, NULL, 0);
1498 
1499 	if (!active)
1500 	{
1501 #ifdef HAVE_OPENSSL
1502 		if (pr->ctrl_ssl)
1503 		{
1504 			// Finish using the SSL handle for the control socket.
1505 			// This must be done *before* the socket is closed.
1506 			ssl_finish(pr->ctrl_ssl);
1507 			pr->ctrl_ssl = NULL;
1508 		}
1509 #endif
1510 		sock_close(pr->rmt_sockctrl, NULL, 0);
1511 	}
1512 
1513 	if (addrinfo != NULL)
1514 		freeaddrinfo(addrinfo);
1515 
1516 	/*
1517 	 * We do not have to call pcap_close() here, because this function is always called
1518 	 * by the user in case something bad happens
1519 	 */
1520 #if 0
1521 	if (fp)
1522 	{
1523 		pcap_close(fp);
1524 		fp= NULL;
1525 	}
1526 #endif
1527 
1528 	return -1;
1529 }
1530 
1531 /*
1532  * This function takes a bpf program and sends it to the other host.
1533  *
1534  * This function can be called in two cases:
1535  * - pcap_startcapture_remote() is called (we have to send the filter
1536  *   along with the 'start capture' command)
1537  * - we want to update the filter during a capture (i.e. pcap_setfilter()
1538  *   after the capture has been started)
1539  *
1540  * This function serializes the filter into the sending buffer ('sendbuf',
1541  * passed as a parameter) and return back. It does not send anything on
1542  * the network.
1543  *
1544  * \param fp: the pcap_t descriptor of the device currently opened.
1545  *
1546  * \param sendbuf: the buffer on which the serialized data has to copied.
1547  *
1548  * \param sendbufidx: it is used to return the abounf of bytes copied into the buffer.
1549  *
1550  * \param prog: the bpf program we have to copy.
1551  *
1552  * \return '0' if everything is fine, '-1' otherwise. The error message (if one)
1553  * is returned into the 'errbuf' field of the pcap_t structure.
1554  */
1555 static int pcap_pack_bpffilter(pcap_t *fp, char *sendbuf, int *sendbufidx, struct bpf_program *prog)
1556 {
1557 	struct rpcap_filter *filter;
1558 	struct rpcap_filterbpf_insn *insn;
1559 	struct bpf_insn *bf_insn;
1560 	struct bpf_program fake_prog;		/* To be used just in case the user forgot to set a filter */
1561 	unsigned int i;
1562 
1563 	if (prog->bf_len == 0)	/* No filters have been specified; so, let's apply a "fake" filter */
1564 	{
1565 		if (pcap_compile(fp, &fake_prog, NULL /* buffer */, 1, 0) == -1)
1566 			return -1;
1567 
1568 		prog = &fake_prog;
1569 	}
1570 
1571 	filter = (struct rpcap_filter *) sendbuf;
1572 
1573 	if (sock_bufferize(NULL, sizeof(struct rpcap_filter), NULL, sendbufidx,
1574 		RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1575 		return -1;
1576 
1577 	filter->filtertype = htons(RPCAP_UPDATEFILTER_BPF);
1578 	filter->nitems = htonl((int32)prog->bf_len);
1579 
1580 	if (sock_bufferize(NULL, prog->bf_len * sizeof(struct rpcap_filterbpf_insn),
1581 		NULL, sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1582 		return -1;
1583 
1584 	insn = (struct rpcap_filterbpf_insn *) (filter + 1);
1585 	bf_insn = prog->bf_insns;
1586 
1587 	for (i = 0; i < prog->bf_len; i++)
1588 	{
1589 		insn->code = htons(bf_insn->code);
1590 		insn->jf = bf_insn->jf;
1591 		insn->jt = bf_insn->jt;
1592 		insn->k = htonl(bf_insn->k);
1593 
1594 		insn++;
1595 		bf_insn++;
1596 	}
1597 
1598 	return 0;
1599 }
1600 
1601 /*
1602  * This function updates a filter on a remote host.
1603  *
1604  * It is called when the user wants to update a filter.
1605  * In case we're capturing from the network, it sends the filter to our
1606  * peer.
1607  * This function is *not* called automatically when the user calls
1608  * pcap_setfilter().
1609  * There will be two cases:
1610  * - the capture has been started: in this case, pcap_setfilter_rpcap()
1611  *   calls pcap_updatefilter_remote()
1612  * - the capture has not started yet: in this case, pcap_setfilter_rpcap()
1613  *   stores the filter into the pcap_t structure, and then the filter is
1614  *   sent with pcap_startcap().
1615  *
1616  * WARNING This function *does not* clear the packet currently into the
1617  * buffers. Therefore, the user has to expect to receive some packets
1618  * that are related to the previous filter.  If you want to discard all
1619  * the packets before applying a new filter, you have to close the
1620  * current capture session and start a new one.
1621  *
1622  * XXX - we really should have pcap_setfilter() always discard packets
1623  * received with the old filter, and have a separate pcap_setfilter_noflush()
1624  * function that doesn't discard any packets.
1625  */
1626 static int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog)
1627 {
1628 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
1629 	char sendbuf[RPCAP_NETBUF_SIZE];	/* temporary buffer in which data to be sent is buffered */
1630 	int sendbufidx = 0;			/* index which keeps the number of bytes currently buffered */
1631 	struct rpcap_header header;		/* To keep the reply message */
1632 
1633 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1634 		RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1635 		return -1;
1636 
1637 	rpcap_createhdr((struct rpcap_header *) sendbuf,
1638 	    pr->protocol_version, RPCAP_MSG_UPDATEFILTER_REQ, 0,
1639 	    sizeof(struct rpcap_filter) + prog->bf_len * sizeof(struct rpcap_filterbpf_insn));
1640 
1641 	if (pcap_pack_bpffilter(fp, &sendbuf[sendbufidx], &sendbufidx, prog))
1642 		return -1;
1643 
1644 	if (sock_send(pr->rmt_sockctrl, pr->ctrl_ssl, sendbuf, sendbufidx, fp->errbuf,
1645 	    PCAP_ERRBUF_SIZE) < 0)
1646 		return -1;
1647 
1648 	/* Receive and process the reply message header. */
1649 	if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->ctrl_ssl, pr->protocol_version,
1650 	    RPCAP_MSG_UPDATEFILTER_REQ, &header, fp->errbuf) == -1)
1651 		return -1;
1652 
1653 	/*
1654 	 * It shouldn't have any contents; discard it if it does.
1655 	 */
1656 	if (rpcap_discard(pr->rmt_sockctrl, pr->ctrl_ssl, header.plen, fp->errbuf) == -1)
1657 		return -1;
1658 
1659 	return 0;
1660 }
1661 
1662 static void
1663 pcap_save_current_filter_rpcap(pcap_t *fp, const char *filter)
1664 {
1665 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
1666 
1667 	/*
1668 	 * Check if:
1669 	 *  - We are on an remote capture
1670 	 *  - we do not want to capture RPCAP traffic
1671 	 *
1672 	 * If so, we have to save the current filter, because we have to
1673 	 * add some piece of stuff later
1674 	 */
1675 	if (pr->rmt_clientside &&
1676 	    (pr->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP))
1677 	{
1678 		if (pr->currentfilter)
1679 			free(pr->currentfilter);
1680 
1681 		if (filter == NULL)
1682 			filter = "";
1683 
1684 		pr->currentfilter = strdup(filter);
1685 	}
1686 }
1687 
1688 /*
1689  * This function sends a filter to a remote host.
1690  *
1691  * This function is called when the user wants to set a filter.
1692  * It sends the filter to our peer.
1693  * This function is called automatically when the user calls pcap_setfilter().
1694  *
1695  * Parameters and return values are exactly the same of pcap_setfilter().
1696  */
1697 static int pcap_setfilter_rpcap(pcap_t *fp, struct bpf_program *prog)
1698 {
1699 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
1700 
1701 	if (!pr->rmt_capstarted)
1702 	{
1703 		/* copy filter into the pcap_t structure */
1704 		if (install_bpf_program(fp, prog) == -1)
1705 			return -1;
1706 		return 0;
1707 	}
1708 
1709 	/* we have to update a filter during run-time */
1710 	if (pcap_updatefilter_remote(fp, prog))
1711 		return -1;
1712 
1713 	return 0;
1714 }
1715 
1716 /*
1717  * This function updates the current filter in order not to capture rpcap
1718  * packets.
1719  *
1720  * This function is called *only* when the user wants exclude RPCAP packets
1721  * related to the current session from the captured packets.
1722  *
1723  * \return '0' if everything is fine, '-1' otherwise. The error message (if one)
1724  * is returned into the 'errbuf' field of the pcap_t structure.
1725  */
1726 static int pcap_createfilter_norpcappkt(pcap_t *fp, struct bpf_program *prog)
1727 {
1728 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
1729 	int RetVal = 0;
1730 
1731 	/* We do not want to capture our RPCAP traffic. So, let's update the filter */
1732 	if (pr->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP)
1733 	{
1734 		struct sockaddr_storage saddr;		/* temp, needed to retrieve the network data port chosen on the local machine */
1735 		socklen_t saddrlen;					/* temp, needed to retrieve the network data port chosen on the local machine */
1736 		char myaddress[128];
1737 		char myctrlport[128];
1738 		char mydataport[128];
1739 		char peeraddress[128];
1740 		char peerctrlport[128];
1741 		char *newfilter;
1742 
1743 		/* Get the name/port of our peer */
1744 		saddrlen = sizeof(struct sockaddr_storage);
1745 		if (getpeername(pr->rmt_sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
1746 		{
1747 			sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1748 			    "getpeername() failed");
1749 			return -1;
1750 		}
1751 
1752 		if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peeraddress,
1753 			sizeof(peeraddress), peerctrlport, sizeof(peerctrlport), NI_NUMERICHOST | NI_NUMERICSERV))
1754 		{
1755 			sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1756 			    "getnameinfo() failed");
1757 			return -1;
1758 		}
1759 
1760 		/* We cannot check the data port, because this is available only in case of TCP sockets */
1761 		/* Get the name/port of the current host */
1762 		if (getsockname(pr->rmt_sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
1763 		{
1764 			sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1765 			    "getsockname() failed");
1766 			return -1;
1767 		}
1768 
1769 		/* Get the local port the system picked up */
1770 		if (getnameinfo((struct sockaddr *) &saddr, saddrlen, myaddress,
1771 			sizeof(myaddress), myctrlport, sizeof(myctrlport), NI_NUMERICHOST | NI_NUMERICSERV))
1772 		{
1773 			sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1774 			    "getnameinfo() failed");
1775 			return -1;
1776 		}
1777 
1778 		/* Let's now check the data port */
1779 		if (getsockname(pr->rmt_sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
1780 		{
1781 			sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1782 			    "getsockname() failed");
1783 			return -1;
1784 		}
1785 
1786 		/* Get the local port the system picked up */
1787 		if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL, 0, mydataport, sizeof(mydataport), NI_NUMERICSERV))
1788 		{
1789 			sock_geterrmsg(fp->errbuf, PCAP_ERRBUF_SIZE,
1790 			    "getnameinfo() failed");
1791 			return -1;
1792 		}
1793 
1794 		if (pr->currentfilter && pr->currentfilter[0] != '\0')
1795 		{
1796 			/*
1797 			 * We have a current filter; add items to it to
1798 			 * filter out this rpcap session.
1799 			 */
1800 			if (pcap_asprintf(&newfilter,
1801 			    "(%s) and not (host %s and host %s and port %s and port %s) and not (host %s and host %s and port %s)",
1802 			    pr->currentfilter, myaddress, peeraddress,
1803 			    myctrlport, peerctrlport, myaddress, peeraddress,
1804 			    mydataport) == -1)
1805 			{
1806 				/* Failed. */
1807 				snprintf(fp->errbuf, PCAP_ERRBUF_SIZE,
1808 				    "Can't allocate memory for new filter");
1809 				return -1;
1810 			}
1811 		}
1812 		else
1813 		{
1814 			/*
1815 			 * We have no current filter; construct a filter to
1816 			 * filter out this rpcap session.
1817 			 */
1818 			if (pcap_asprintf(&newfilter,
1819 			    "not (host %s and host %s and port %s and port %s) and not (host %s and host %s and port %s)",
1820 			    myaddress, peeraddress, myctrlport, peerctrlport,
1821 			    myaddress, peeraddress, mydataport) == -1)
1822 			{
1823 				/* Failed. */
1824 				snprintf(fp->errbuf, PCAP_ERRBUF_SIZE,
1825 				    "Can't allocate memory for new filter");
1826 				return -1;
1827 			}
1828 		}
1829 
1830 		/*
1831 		 * This is only an hack to prevent the save_current_filter
1832 		 * routine, which will be called when we call pcap_compile(),
1833 		 * from saving the modified filter.
1834 		 */
1835 		pr->rmt_clientside = 0;
1836 
1837 		if (pcap_compile(fp, prog, newfilter, 1, 0) == -1)
1838 			RetVal = -1;
1839 
1840 		/* Undo the hack. */
1841 		pr->rmt_clientside = 1;
1842 
1843 		free(newfilter);
1844 	}
1845 
1846 	return RetVal;
1847 }
1848 
1849 /*
1850  * This function sets sampling parameters in the remote host.
1851  *
1852  * It is called when the user wants to set activate sampling on the
1853  * remote host.
1854  *
1855  * Sampling parameters are defined into the 'pcap_t' structure.
1856  *
1857  * \param p: the pcap_t descriptor of the device currently opened.
1858  *
1859  * \return '0' if everything is OK, '-1' is something goes wrong. The
1860  * error message is returned in the 'errbuf' member of the pcap_t structure.
1861  */
1862 static int pcap_setsampling_remote(pcap_t *fp)
1863 {
1864 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
1865 	char sendbuf[RPCAP_NETBUF_SIZE];/* temporary buffer in which data to be sent is buffered */
1866 	int sendbufidx = 0;			/* index which keeps the number of bytes currently buffered */
1867 	struct rpcap_header header;		/* To keep the reply message */
1868 	struct rpcap_sampling *sampling_pars;	/* Structure that is needed to send sampling parameters to the remote host */
1869 
1870 	/* If no samping is requested, return 'ok' */
1871 	if (fp->rmt_samp.method == PCAP_SAMP_NOSAMP)
1872 		return 0;
1873 
1874 	/*
1875 	 * Check for sampling parameters that don't fit in a message.
1876 	 * We'll let the server complain about invalid parameters
1877 	 * that do fit into the message.
1878 	 */
1879 	if (fp->rmt_samp.method < 0 || fp->rmt_samp.method > 255) {
1880 		snprintf(fp->errbuf, PCAP_ERRBUF_SIZE,
1881 		    "Invalid sampling method %d", fp->rmt_samp.method);
1882 		return -1;
1883 	}
1884 	if (fp->rmt_samp.value < 0 || fp->rmt_samp.value > 65535) {
1885 		snprintf(fp->errbuf, PCAP_ERRBUF_SIZE,
1886 		    "Invalid sampling value %d", fp->rmt_samp.value);
1887 		return -1;
1888 	}
1889 
1890 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
1891 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1892 		return -1;
1893 
1894 	rpcap_createhdr((struct rpcap_header *) sendbuf,
1895 	    pr->protocol_version, RPCAP_MSG_SETSAMPLING_REQ, 0,
1896 	    sizeof(struct rpcap_sampling));
1897 
1898 	/* Fill the structure needed to open an adapter remotely */
1899 	sampling_pars = (struct rpcap_sampling *) &sendbuf[sendbufidx];
1900 
1901 	if (sock_bufferize(NULL, sizeof(struct rpcap_sampling), NULL,
1902 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
1903 		return -1;
1904 
1905 	memset(sampling_pars, 0, sizeof(struct rpcap_sampling));
1906 
1907 	sampling_pars->method = (uint8)fp->rmt_samp.method;
1908 	sampling_pars->value = (uint16)htonl(fp->rmt_samp.value);
1909 
1910 	if (sock_send(pr->rmt_sockctrl, pr->ctrl_ssl, sendbuf, sendbufidx, fp->errbuf,
1911 	    PCAP_ERRBUF_SIZE) < 0)
1912 		return -1;
1913 
1914 	/* Receive and process the reply message header. */
1915 	if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->ctrl_ssl, pr->protocol_version,
1916 	    RPCAP_MSG_SETSAMPLING_REQ, &header, fp->errbuf) == -1)
1917 		return -1;
1918 
1919 	/*
1920 	 * It shouldn't have any contents; discard it if it does.
1921 	 */
1922 	if (rpcap_discard(pr->rmt_sockctrl, pr->ctrl_ssl, header.plen, fp->errbuf) == -1)
1923 		return -1;
1924 
1925 	return 0;
1926 }
1927 
1928 /*********************************************************
1929  *                                                       *
1930  * Miscellaneous functions                               *
1931  *                                                       *
1932  *********************************************************/
1933 
1934 /*
1935  * This function performs authentication and protocol version
1936  * negotiation.  It is required in order to open the connection
1937  * with the other end party.
1938  *
1939  * It sends authentication parameters on the control socket and
1940  * reads the reply.  If the reply is a success indication, it
1941  * checks whether the reply includes minimum and maximum supported
1942  * versions from the server; if not, it assumes both are 0, as
1943  * that means it's an older server that doesn't return supported
1944  * version numbers in authentication replies, so it only supports
1945  * version 0.  It then tries to determine the maximum version
1946  * supported both by us and by the server.  If it can find such a
1947  * version, it sets us up to use that version; otherwise, it fails,
1948  * indicating that there is no version supported by us and by the
1949  * server.
1950  *
1951  * \param sock: the socket we are currently using.
1952  *
1953  * \param ver: pointer to variable to which to set the protocol version
1954  * number we selected.
1955  *
1956  * \param byte_swapped: pointer to variable to which to set 1 if the
1957  * byte order the server says it has is byte-swapped from ours, 0
1958  * otherwise (whether it's the same as ours or is unknown).
1959  *
1960  * \param auth: authentication parameters that have to be sent.
1961  *
1962  * \param errbuf: a pointer to a user-allocated buffer (of size
1963  * PCAP_ERRBUF_SIZE) that will contain the error message (in case there
1964  * is one). It could be a network problem or the fact that the authorization
1965  * failed.
1966  *
1967  * \return '0' if everything is fine, '-1' for an error.  For errors,
1968  * an error message string is returned in the 'errbuf' variable.
1969  */
1970 static int rpcap_doauth(SOCKET sockctrl, SSL *ssl, uint8 *ver,
1971     int *byte_swapped, struct pcap_rmtauth *auth, char *errbuf)
1972 {
1973 	char sendbuf[RPCAP_NETBUF_SIZE];	/* temporary buffer in which data that has to be sent is buffered */
1974 	int sendbufidx = 0;			/* index which keeps the number of bytes currently buffered */
1975 	uint16 length;				/* length of the payload of this message */
1976 	struct rpcap_auth *rpauth;
1977 	uint16 auth_type;
1978 	struct rpcap_header header;
1979 	size_t str_length;
1980 	uint32 plen;
1981 	struct rpcap_authreply authreply;	/* authentication reply message */
1982 	uint8 ourvers;
1983 	int has_byte_order;			/* The server sent its version of the byte-order magic number */
1984 	u_int their_byte_order_magic;		/* Here's what it is */
1985 
1986 	if (auth)
1987 	{
1988 		switch (auth->type)
1989 		{
1990 		case RPCAP_RMTAUTH_NULL:
1991 			length = sizeof(struct rpcap_auth);
1992 			break;
1993 
1994 		case RPCAP_RMTAUTH_PWD:
1995 			length = sizeof(struct rpcap_auth);
1996 			if (auth->username)
1997 			{
1998 				str_length = strlen(auth->username);
1999 				if (str_length > 65535)
2000 				{
2001 					snprintf(errbuf, PCAP_ERRBUF_SIZE, "User name is too long (> 65535 bytes)");
2002 					return -1;
2003 				}
2004 				length += (uint16)str_length;
2005 			}
2006 			if (auth->password)
2007 			{
2008 				str_length = strlen(auth->password);
2009 				if (str_length > 65535)
2010 				{
2011 					snprintf(errbuf, PCAP_ERRBUF_SIZE, "Password is too long (> 65535 bytes)");
2012 					return -1;
2013 				}
2014 				length += (uint16)str_length;
2015 			}
2016 			break;
2017 
2018 		default:
2019 			snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication type not recognized.");
2020 			return -1;
2021 		}
2022 
2023 		auth_type = (uint16)auth->type;
2024 	}
2025 	else
2026 	{
2027 		auth_type = RPCAP_RMTAUTH_NULL;
2028 		length = sizeof(struct rpcap_auth);
2029 	}
2030 
2031 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2032 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE))
2033 		return -1;
2034 
2035 	rpcap_createhdr((struct rpcap_header *) sendbuf, 0,
2036 	    RPCAP_MSG_AUTH_REQ, 0, length);
2037 
2038 	rpauth = (struct rpcap_auth *) &sendbuf[sendbufidx];
2039 
2040 	if (sock_bufferize(NULL, sizeof(struct rpcap_auth), NULL,
2041 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE))
2042 		return -1;
2043 
2044 	memset(rpauth, 0, sizeof(struct rpcap_auth));
2045 
2046 	rpauth->type = htons(auth_type);
2047 
2048 	if (auth_type == RPCAP_RMTAUTH_PWD)
2049 	{
2050 		if (auth->username)
2051 			rpauth->slen1 = (uint16)strlen(auth->username);
2052 		else
2053 			rpauth->slen1 = 0;
2054 
2055 		if (sock_bufferize(auth->username, rpauth->slen1, sendbuf,
2056 			&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE))
2057 			return -1;
2058 
2059 		if (auth->password)
2060 			rpauth->slen2 = (uint16)strlen(auth->password);
2061 		else
2062 			rpauth->slen2 = 0;
2063 
2064 		if (sock_bufferize(auth->password, rpauth->slen2, sendbuf,
2065 			&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE))
2066 			return -1;
2067 
2068 		rpauth->slen1 = htons(rpauth->slen1);
2069 		rpauth->slen2 = htons(rpauth->slen2);
2070 	}
2071 
2072 	if (sock_send(sockctrl, ssl, sendbuf, sendbufidx, errbuf,
2073 	    PCAP_ERRBUF_SIZE) < 0)
2074 		return -1;
2075 
2076 	/* Receive and process the reply message header */
2077 	if (rpcap_process_msg_header(sockctrl, ssl, 0, RPCAP_MSG_AUTH_REQ,
2078 	    &header, errbuf) == -1)
2079 		return -1;
2080 
2081 	/*
2082 	 * OK, it's an authentication reply, so we're logged in.
2083 	 *
2084 	 * Did it send any additional information?
2085 	 */
2086 	plen = header.plen;
2087 	if (plen != 0)
2088 	{
2089 		size_t reply_len;
2090 
2091 		/* Yes - is it big enough to include version information? */
2092 		if (plen < sizeof(struct rpcap_authreply_old))
2093 		{
2094 			/* No - discard it and fail. */
2095 			snprintf(errbuf, PCAP_ERRBUF_SIZE,
2096 			    "Authenticaton reply from server is too short");
2097 			(void)rpcap_discard(sockctrl, ssl, plen, NULL);
2098 			return -1;
2099 		}
2100 
2101 		/* Yes - does it include server byte order information? */
2102 		if (plen == sizeof(struct rpcap_authreply_old))
2103 		{
2104 			/* No - just read the version information */
2105 			has_byte_order = 0;
2106 			reply_len = sizeof(struct rpcap_authreply_old);
2107 		}
2108 		else if (plen >= sizeof(struct rpcap_authreply_old))
2109 		{
2110 			/* Yes - read it all. */
2111 			has_byte_order = 1;
2112 			reply_len = sizeof(struct rpcap_authreply);
2113 		}
2114 		else
2115 		{
2116 			/*
2117 			 * Too long for old reply, too short for new reply.
2118 			 * Discard it and fail.
2119 			 */
2120 			snprintf(errbuf, PCAP_ERRBUF_SIZE,
2121 			    "Authenticaton reply from server is too short");
2122 			(void)rpcap_discard(sockctrl, ssl, plen, NULL);
2123 			return -1;
2124 		}
2125 
2126 		/* Read the reply body */
2127 		if (rpcap_recv(sockctrl, ssl, (char *)&authreply,
2128 		    reply_len, &plen, errbuf) == -1)
2129 		{
2130 			(void)rpcap_discard(sockctrl, ssl, plen, NULL);
2131 			return -1;
2132 		}
2133 
2134 		/* Discard the rest of the message, if there is any. */
2135 		if (rpcap_discard(sockctrl, ssl, plen, errbuf) == -1)
2136 			return -1;
2137 
2138 		/*
2139 		 * Check the minimum and maximum versions for sanity;
2140 		 * the minimum must be <= the maximum.
2141 		 */
2142 		if (authreply.minvers > authreply.maxvers)
2143 		{
2144 			/*
2145 			 * Bogus - give up on this server.
2146 			 */
2147 			snprintf(errbuf, PCAP_ERRBUF_SIZE,
2148 			    "The server's minimum supported protocol version is greater than its maximum supported protocol version");
2149 			return -1;
2150 		}
2151 
2152 		if (has_byte_order)
2153 		{
2154 			their_byte_order_magic = authreply.byte_order_magic;
2155 		}
2156 		else
2157 		{
2158 			/*
2159 			 * The server didn't tell us what its byte
2160 			 * order is; assume it's ours.
2161 			 */
2162 			their_byte_order_magic = RPCAP_BYTE_ORDER_MAGIC;
2163 		}
2164 	}
2165 	else
2166 	{
2167 		/* No - it supports only version 0. */
2168 		authreply.minvers = 0;
2169 		authreply.maxvers = 0;
2170 
2171 		/*
2172 		 * And it didn't tell us what its byte order is; assume
2173 		 * it's ours.
2174 		 */
2175 		has_byte_order = 0;
2176 		their_byte_order_magic = RPCAP_BYTE_ORDER_MAGIC;
2177 	}
2178 
2179 	/*
2180 	 * OK, let's start with the maximum version the server supports.
2181 	 */
2182 	ourvers = authreply.maxvers;
2183 
2184 #if RPCAP_MIN_VERSION != 0
2185 	/*
2186 	 * If that's less than the minimum version we support, we
2187 	 * can't communicate.
2188 	 */
2189 	if (ourvers < RPCAP_MIN_VERSION)
2190 		goto novers;
2191 #endif
2192 
2193 	/*
2194 	 * If that's greater than the maximum version we support,
2195 	 * choose the maximum version we support.
2196 	 */
2197 	if (ourvers > RPCAP_MAX_VERSION)
2198 	{
2199 		ourvers = RPCAP_MAX_VERSION;
2200 
2201 		/*
2202 		 * If that's less than the minimum version they
2203 		 * support, we can't communicate.
2204 		 */
2205 		if (ourvers < authreply.minvers)
2206 			goto novers;
2207 	}
2208 
2209 	/*
2210 	 * Is the server byte order the opposite of ours?
2211 	 */
2212 	if (their_byte_order_magic == RPCAP_BYTE_ORDER_MAGIC)
2213 	{
2214 		/* No, it's the same. */
2215 		*byte_swapped = 0;
2216 	}
2217 	else if (their_byte_order_magic == RPCAP_BYTE_ORDER_MAGIC_SWAPPED)
2218 	{
2219 		/* Yes, it's the opposite of ours. */
2220 		*byte_swapped = 1;
2221 	}
2222 	else
2223 	{
2224 		/* They sent us something bogus. */
2225 		snprintf(errbuf, PCAP_ERRBUF_SIZE,
2226 		    "The server did not send us a valid byte order value");
2227 		return -1;
2228 	}
2229 
2230 	*ver = ourvers;
2231 	return 0;
2232 
2233 novers:
2234 	/*
2235 	 * There is no version we both support; that is a fatal error.
2236 	 */
2237 	snprintf(errbuf, PCAP_ERRBUF_SIZE,
2238 	    "The server doesn't support any protocol version that we support");
2239 	return -1;
2240 }
2241 
2242 /* We don't currently support non-blocking mode. */
2243 static int
2244 pcap_getnonblock_rpcap(pcap_t *p)
2245 {
2246 	snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2247 	    "Non-blocking mode isn't supported for capturing remotely with rpcap");
2248 	return (-1);
2249 }
2250 
2251 static int
2252 pcap_setnonblock_rpcap(pcap_t *p, int nonblock _U_)
2253 {
2254 	snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2255 	    "Non-blocking mode isn't supported for capturing remotely with rpcap");
2256 	return (-1);
2257 }
2258 
2259 static int
2260 rpcap_setup_session(const char *source, struct pcap_rmtauth *auth,
2261     int *activep, SOCKET *sockctrlp, uint8 *uses_sslp, SSL **sslp,
2262     int rmt_flags, uint8 *protocol_versionp, int *byte_swappedp,
2263     char *host, char *port, char *iface, char *errbuf)
2264 {
2265 	int type;
2266 	struct activehosts *activeconn;		/* active connection, if there is one */
2267 	int error;				/* 1 if rpcap_remoteact_getsock got an error */
2268 
2269 	/*
2270 	 * Determine the type of the source (NULL, file, local, remote).
2271 	 * You must have a valid source string even if we're in active mode,
2272 	 * because otherwise the call to the following function will fail.
2273 	 */
2274 	if (pcap_parsesrcstr_ex(source, &type, host, port, iface, uses_sslp,
2275 	    errbuf) == -1)
2276 		return -1;
2277 
2278 	/*
2279 	 * It must be remote.
2280 	 */
2281 	if (type != PCAP_SRC_IFREMOTE)
2282 	{
2283 		snprintf(errbuf, PCAP_ERRBUF_SIZE,
2284 		    "Non-remote interface passed to remote capture routine");
2285 		return -1;
2286 	}
2287 
2288 	/*
2289 	 * We don't yet support DTLS, so if the user asks for a TLS
2290 	 * connection and asks for data packets to be sent over UDP,
2291 	 * we have to give up.
2292 	 */
2293 	if (*uses_sslp && (rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
2294 	{
2295 		snprintf(errbuf, PCAP_ERRBUF_SIZE,
2296 		    "TLS not supported with UDP forward of remote packets");
2297 		return -1;
2298 	}
2299 
2300 	/* Warning: this call can be the first one called by the user. */
2301 	/* For this reason, we have to initialize the Winsock support. */
2302 	if (sock_init(errbuf, PCAP_ERRBUF_SIZE) == -1)
2303 		return -1;
2304 
2305 	/* Check for active mode */
2306 	activeconn = rpcap_remoteact_getsock(host, &error, errbuf);
2307 	if (activeconn != NULL)
2308 	{
2309 		*activep = 1;
2310 		*sockctrlp = activeconn->sockctrl;
2311 		*sslp = activeconn->ssl;
2312 		*protocol_versionp = activeconn->protocol_version;
2313 		*byte_swappedp = activeconn->byte_swapped;
2314 	}
2315 	else
2316 	{
2317 		*activep = 0;
2318 		struct addrinfo hints;		/* temp variable needed to resolve hostnames into to socket representation */
2319 		struct addrinfo *addrinfo;	/* temp variable needed to resolve hostnames into to socket representation */
2320 
2321 		if (error)
2322 		{
2323 			/*
2324 			 * Call failed.
2325 			 */
2326 			return -1;
2327 		}
2328 
2329 		/*
2330 		 * We're not in active mode; let's try to open a new
2331 		 * control connection.
2332 		 */
2333 		memset(&hints, 0, sizeof(struct addrinfo));
2334 		hints.ai_family = PF_UNSPEC;
2335 		hints.ai_socktype = SOCK_STREAM;
2336 
2337 		if (port[0] == 0)
2338 		{
2339 			/* the user chose not to specify the port */
2340 			if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
2341 			    &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
2342 				return -1;
2343 		}
2344 		else
2345 		{
2346 			if (sock_initaddress(host, port, &hints, &addrinfo,
2347 			    errbuf, PCAP_ERRBUF_SIZE) == -1)
2348 				return -1;
2349 		}
2350 
2351 		if ((*sockctrlp = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0,
2352 		    errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2353 		{
2354 			freeaddrinfo(addrinfo);
2355 			return -1;
2356 		}
2357 
2358 		/* addrinfo is no longer used */
2359 		freeaddrinfo(addrinfo);
2360 		addrinfo = NULL;
2361 
2362 		if (*uses_sslp)
2363 		{
2364 #ifdef HAVE_OPENSSL
2365 			*sslp = ssl_promotion(0, *sockctrlp, errbuf,
2366 			    PCAP_ERRBUF_SIZE);
2367 			if (!*sslp)
2368 			{
2369 				sock_close(*sockctrlp, NULL, 0);
2370 				return -1;
2371 			}
2372 #else
2373 			snprintf(errbuf, PCAP_ERRBUF_SIZE,
2374 			    "No TLS support");
2375 			sock_close(*sockctrlp, NULL, 0);
2376 			return -1;
2377 #endif
2378 		}
2379 
2380 		if (rpcap_doauth(*sockctrlp, *sslp, protocol_versionp,
2381 		    byte_swappedp, auth, errbuf) == -1)
2382 		{
2383 #ifdef HAVE_OPENSSL
2384 			if (*sslp)
2385 			{
2386 				// Finish using the SSL handle for the socket.
2387 				// This must be done *before* the socket is
2388 				// closed.
2389 				ssl_finish(*sslp);
2390 			}
2391 #endif
2392 			sock_close(*sockctrlp, NULL, 0);
2393 			return -1;
2394 		}
2395 	}
2396 	return 0;
2397 }
2398 
2399 /*
2400  * This function opens a remote adapter by opening an RPCAP connection and
2401  * so on.
2402  *
2403  * It does the job of pcap_open_live() for a remote interface; it's called
2404  * by pcap_open() for remote interfaces.
2405  *
2406  * We do not start the capture until pcap_startcapture_remote() is called.
2407  *
2408  * This is because, when doing a remote capture, we cannot start capturing
2409  * data as soon as the 'open adapter' command is sent. Suppose the remote
2410  * adapter is already overloaded; if we start a capture (which, by default,
2411  * has a NULL filter) the new traffic can saturate the network.
2412  *
2413  * Instead, we want to "open" the adapter, then send a "start capture"
2414  * command only when we're ready to start the capture.
2415  * This function does this job: it sends an "open adapter" command
2416  * (according to the RPCAP protocol), but it does not start the capture.
2417  *
2418  * Since the other libpcap functions do not share this way of life, we
2419  * have to do some dirty things in order to make everything work.
2420  *
2421  * \param source: see pcap_open().
2422  * \param snaplen: see pcap_open().
2423  * \param flags: see pcap_open().
2424  * \param read_timeout: see pcap_open().
2425  * \param auth: see pcap_open().
2426  * \param errbuf: see pcap_open().
2427  *
2428  * \return a pcap_t pointer in case of success, NULL otherwise. In case of
2429  * success, the pcap_t pointer can be used as a parameter to the following
2430  * calls (pcap_compile() and so on). In case of problems, errbuf contains
2431  * a text explanation of error.
2432  *
2433  * WARNING: In case we call pcap_compile() and the capture has not yet
2434  * been started, the filter will be saved into the pcap_t structure,
2435  * and it will be sent to the other host later (when
2436  * pcap_startcapture_remote() is called).
2437  */
2438 pcap_t *pcap_open_rpcap(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf)
2439 {
2440 	pcap_t *fp;
2441 	char *source_str;
2442 	struct pcap_rpcap *pr;		/* structure used when doing a remote live capture */
2443 	char host[PCAP_BUF_SIZE], ctrlport[PCAP_BUF_SIZE], iface[PCAP_BUF_SIZE];
2444 	SOCKET sockctrl;
2445 	SSL *ssl = NULL;
2446 	uint8 protocol_version;			/* negotiated protocol version */
2447 	int byte_swapped;			/* server is known to be byte-swapped */
2448 	int active;
2449 	uint32 plen;
2450 	char sendbuf[RPCAP_NETBUF_SIZE];	/* temporary buffer in which data to be sent is buffered */
2451 	int sendbufidx = 0;			/* index which keeps the number of bytes currently buffered */
2452 
2453 	/* RPCAP-related variables */
2454 	struct rpcap_header header;		/* header of the RPCAP packet */
2455 	struct rpcap_openreply openreply;	/* open reply message */
2456 
2457 	fp = PCAP_CREATE_COMMON(errbuf, struct pcap_rpcap);
2458 	if (fp == NULL)
2459 	{
2460 		return NULL;
2461 	}
2462 	source_str = strdup(source);
2463 	if (source_str == NULL) {
2464 		pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2465 		    errno, "malloc");
2466 		return NULL;
2467 	}
2468 
2469 	/*
2470 	 * Turn a negative snapshot value (invalid), a snapshot value of
2471 	 * 0 (unspecified), or a value bigger than the normal maximum
2472 	 * value, into the maximum allowed value.
2473 	 *
2474 	 * If some application really *needs* a bigger snapshot
2475 	 * length, we should just increase MAXIMUM_SNAPLEN.
2476 	 *
2477 	 * XXX - should we leave this up to the remote server to
2478 	 * do?
2479 	 */
2480 	if (snaplen <= 0 || snaplen > MAXIMUM_SNAPLEN)
2481 		snaplen = MAXIMUM_SNAPLEN;
2482 
2483 	fp->opt.device = source_str;
2484 	fp->snapshot = snaplen;
2485 	fp->opt.timeout = read_timeout;
2486 	pr = fp->priv;
2487 	pr->rmt_flags = flags;
2488 
2489 	/*
2490 	 * Attempt to set up the session with the server.
2491 	 */
2492 	if (rpcap_setup_session(fp->opt.device, auth, &active, &sockctrl,
2493 	    &pr->uses_ssl, &ssl, flags, &protocol_version, &byte_swapped,
2494 	    host, ctrlport, iface, errbuf) == -1)
2495 	{
2496 		/* Session setup failed. */
2497 		pcap_close(fp);
2498 		return NULL;
2499 	}
2500 
2501 	/* All good so far, save the ssl handler */
2502 	ssl_main = ssl;
2503 
2504 	/*
2505 	 * Now it's time to start playing with the RPCAP protocol
2506 	 * RPCAP open command: create the request message
2507 	 */
2508 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2509 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE))
2510 		goto error_nodiscard;
2511 
2512 	rpcap_createhdr((struct rpcap_header *) sendbuf, protocol_version,
2513 	    RPCAP_MSG_OPEN_REQ, 0, (uint32) strlen(iface));
2514 
2515 	if (sock_bufferize(iface, (int) strlen(iface), sendbuf, &sendbufidx,
2516 		RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE))
2517 		goto error_nodiscard;
2518 
2519 	if (sock_send(sockctrl, ssl, sendbuf, sendbufidx, errbuf,
2520 	    PCAP_ERRBUF_SIZE) < 0)
2521 		goto error_nodiscard;
2522 
2523 	/* Receive and process the reply message header. */
2524 	if (rpcap_process_msg_header(sockctrl, ssl, protocol_version,
2525 	    RPCAP_MSG_OPEN_REQ, &header, errbuf) == -1)
2526 		goto error_nodiscard;
2527 	plen = header.plen;
2528 
2529 	/* Read the reply body */
2530 	if (rpcap_recv(sockctrl, ssl, (char *)&openreply,
2531 	    sizeof(struct rpcap_openreply), &plen, errbuf) == -1)
2532 		goto error;
2533 
2534 	/* Discard the rest of the message, if there is any. */
2535 	if (rpcap_discard(sockctrl, ssl, plen, errbuf) == -1)
2536 		goto error_nodiscard;
2537 
2538 	/* Set proper fields into the pcap_t struct */
2539 	fp->linktype = ntohl(openreply.linktype);
2540 	pr->rmt_sockctrl = sockctrl;
2541 	pr->ctrl_ssl = ssl;
2542 	pr->protocol_version = protocol_version;
2543 	pr->byte_swapped = byte_swapped;
2544 	pr->rmt_clientside = 1;
2545 
2546 	/* This code is duplicated from the end of this function */
2547 	fp->read_op = pcap_read_rpcap;
2548 	fp->save_current_filter_op = pcap_save_current_filter_rpcap;
2549 	fp->setfilter_op = pcap_setfilter_rpcap;
2550 	fp->getnonblock_op = pcap_getnonblock_rpcap;
2551 	fp->setnonblock_op = pcap_setnonblock_rpcap;
2552 	fp->stats_op = pcap_stats_rpcap;
2553 #ifdef _WIN32
2554 	fp->stats_ex_op = pcap_stats_ex_rpcap;
2555 #endif
2556 	fp->cleanup_op = pcap_cleanup_rpcap;
2557 
2558 	fp->activated = 1;
2559 	return fp;
2560 
2561 error:
2562 	/*
2563 	 * When the connection has been established, we have to close it. So, at the
2564 	 * beginning of this function, if an error occur we return immediately with
2565 	 * a return NULL; when the connection is established, we have to come here
2566 	 * ('goto error;') in order to close everything properly.
2567 	 */
2568 
2569 	/*
2570 	 * Discard the rest of the message.
2571 	 * We already reported an error; if this gets an error, just
2572 	 * drive on.
2573 	 */
2574 	(void)rpcap_discard(sockctrl, pr->ctrl_ssl, plen, NULL);
2575 
2576 error_nodiscard:
2577 	if (!active)
2578 	{
2579 #ifdef HAVE_OPENSSL
2580 		if (ssl)
2581 		{
2582 			// Finish using the SSL handle for the socket.
2583 			// This must be done *before* the socket is closed.
2584 			ssl_finish(ssl);
2585 		}
2586 #endif
2587 		sock_close(sockctrl, NULL, 0);
2588 	}
2589 
2590 	pcap_close(fp);
2591 	return NULL;
2592 }
2593 
2594 /* String identifier to be used in the pcap_findalldevs_ex() */
2595 #define PCAP_TEXT_SOURCE_ADAPTER "Network adapter"
2596 #define PCAP_TEXT_SOURCE_ADAPTER_LEN (sizeof PCAP_TEXT_SOURCE_ADAPTER - 1)
2597 /* String identifier to be used in the pcap_findalldevs_ex() */
2598 #define PCAP_TEXT_SOURCE_ON_REMOTE_HOST "on remote node"
2599 #define PCAP_TEXT_SOURCE_ON_REMOTE_HOST_LEN (sizeof PCAP_TEXT_SOURCE_ON_REMOTE_HOST - 1)
2600 
2601 static void
2602 freeaddr(struct pcap_addr *addr)
2603 {
2604 	free(addr->addr);
2605 	free(addr->netmask);
2606 	free(addr->broadaddr);
2607 	free(addr->dstaddr);
2608 	free(addr);
2609 }
2610 
2611 int
2612 pcap_findalldevs_ex_remote(const char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf)
2613 {
2614 	uint8 protocol_version;		/* protocol version */
2615 	int byte_swapped;		/* Server byte order is swapped from ours */
2616 	SOCKET sockctrl;		/* socket descriptor of the control connection */
2617 	SSL *ssl = NULL;		/* optional SSL handler for sockctrl */
2618 	uint32 plen;
2619 	struct rpcap_header header;	/* structure that keeps the general header of the rpcap protocol */
2620 	int i, j;		/* temp variables */
2621 	int nif;		/* Number of interfaces listed */
2622 	int active;			/* 'true' if we the other end-party is in active mode */
2623 	uint8 uses_ssl;
2624 	char host[PCAP_BUF_SIZE], port[PCAP_BUF_SIZE];
2625 	char tmpstring[PCAP_BUF_SIZE + 1];		/* Needed to convert names and descriptions from 'old' syntax to the 'new' one */
2626 	pcap_if_t *lastdev;	/* Last device in the pcap_if_t list */
2627 	pcap_if_t *dev;		/* Device we're adding to the pcap_if_t list */
2628 
2629 	/* List starts out empty. */
2630 	(*alldevs) = NULL;
2631 	lastdev = NULL;
2632 
2633 	/*
2634 	 * Attempt to set up the session with the server.
2635 	 */
2636 	if (rpcap_setup_session(source, auth, &active, &sockctrl, &uses_ssl,
2637 	    &ssl, 0, &protocol_version, &byte_swapped, host, port, NULL,
2638 	    errbuf) == -1)
2639 	{
2640 		/* Session setup failed. */
2641 		return -1;
2642 	}
2643 
2644 	/* RPCAP findalldevs command */
2645 	rpcap_createhdr(&header, protocol_version, RPCAP_MSG_FINDALLIF_REQ,
2646 	    0, 0);
2647 
2648 	if (sock_send(sockctrl, ssl, (char *)&header, sizeof(struct rpcap_header),
2649 	    errbuf, PCAP_ERRBUF_SIZE) < 0)
2650 		goto error_nodiscard;
2651 
2652 	/* Receive and process the reply message header. */
2653 	if (rpcap_process_msg_header(sockctrl, ssl, protocol_version,
2654 	    RPCAP_MSG_FINDALLIF_REQ, &header, errbuf) == -1)
2655 		goto error_nodiscard;
2656 
2657 	plen = header.plen;
2658 
2659 	/* read the number of interfaces */
2660 	nif = ntohs(header.value);
2661 
2662 	/* loop until all interfaces have been received */
2663 	for (i = 0; i < nif; i++)
2664 	{
2665 		struct rpcap_findalldevs_if findalldevs_if;
2666 		char tmpstring2[PCAP_BUF_SIZE + 1];		/* Needed to convert names and descriptions from 'old' syntax to the 'new' one */
2667 		struct pcap_addr *addr, *prevaddr;
2668 
2669 		tmpstring2[PCAP_BUF_SIZE] = 0;
2670 
2671 		/* receive the findalldevs structure from remote host */
2672 		if (rpcap_recv(sockctrl, ssl, (char *)&findalldevs_if,
2673 		    sizeof(struct rpcap_findalldevs_if), &plen, errbuf) == -1)
2674 			goto error;
2675 
2676 		findalldevs_if.namelen = ntohs(findalldevs_if.namelen);
2677 		findalldevs_if.desclen = ntohs(findalldevs_if.desclen);
2678 		findalldevs_if.naddr = ntohs(findalldevs_if.naddr);
2679 
2680 		/* allocate the main structure */
2681 		dev = (pcap_if_t *)malloc(sizeof(pcap_if_t));
2682 		if (dev == NULL)
2683 		{
2684 			pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2685 			    errno, "malloc() failed");
2686 			goto error;
2687 		}
2688 
2689 		/* Initialize the structure to 'zero' */
2690 		memset(dev, 0, sizeof(pcap_if_t));
2691 
2692 		/* Append it to the list. */
2693 		if (lastdev == NULL)
2694 		{
2695 			/*
2696 			 * List is empty, so it's also the first device.
2697 			 */
2698 			*alldevs = dev;
2699 		}
2700 		else
2701 		{
2702 			/*
2703 			 * Append after the last device.
2704 			 */
2705 			lastdev->next = dev;
2706 		}
2707 		/* It's now the last device. */
2708 		lastdev = dev;
2709 
2710 		/* allocate mem for name and description */
2711 		if (findalldevs_if.namelen)
2712 		{
2713 
2714 			if (findalldevs_if.namelen >= sizeof(tmpstring))
2715 			{
2716 				snprintf(errbuf, PCAP_ERRBUF_SIZE, "Interface name too long");
2717 				goto error;
2718 			}
2719 
2720 			/* Retrieve adapter name */
2721 			if (rpcap_recv(sockctrl, ssl, tmpstring,
2722 			    findalldevs_if.namelen, &plen, errbuf) == -1)
2723 				goto error;
2724 
2725 			tmpstring[findalldevs_if.namelen] = 0;
2726 
2727 			/* Create the new device identifier */
2728 			if (pcap_createsrcstr_ex(tmpstring2, PCAP_SRC_IFREMOTE,
2729 			    host, port, tmpstring, uses_ssl, errbuf) == -1)
2730 				goto error;
2731 
2732 			dev->name = strdup(tmpstring2);
2733 			if (dev->name == NULL)
2734 			{
2735 				pcap_fmt_errmsg_for_errno(errbuf,
2736 				    PCAP_ERRBUF_SIZE, errno, "malloc() failed");
2737 				goto error;
2738 			}
2739 		}
2740 
2741 		if (findalldevs_if.desclen)
2742 		{
2743 			if (findalldevs_if.desclen >= sizeof(tmpstring))
2744 			{
2745 				snprintf(errbuf, PCAP_ERRBUF_SIZE, "Interface description too long");
2746 				goto error;
2747 			}
2748 
2749 			/* Retrieve adapter description */
2750 			if (rpcap_recv(sockctrl, ssl, tmpstring,
2751 			    findalldevs_if.desclen, &plen, errbuf) == -1)
2752 				goto error;
2753 
2754 			tmpstring[findalldevs_if.desclen] = 0;
2755 
2756 			if (pcap_asprintf(&dev->description,
2757 			    "%s '%s' %s %s", PCAP_TEXT_SOURCE_ADAPTER,
2758 			    tmpstring, PCAP_TEXT_SOURCE_ON_REMOTE_HOST, host) == -1)
2759 			{
2760 				pcap_fmt_errmsg_for_errno(errbuf,
2761 				    PCAP_ERRBUF_SIZE, errno, "malloc() failed");
2762 				goto error;
2763 			}
2764 		}
2765 
2766 		dev->flags = ntohl(findalldevs_if.flags);
2767 
2768 		prevaddr = NULL;
2769 		/* loop until all addresses have been received */
2770 		for (j = 0; j < findalldevs_if.naddr; j++)
2771 		{
2772 			struct rpcap_findalldevs_ifaddr ifaddr;
2773 
2774 			/* Retrieve the interface addresses */
2775 			if (rpcap_recv(sockctrl, ssl, (char *)&ifaddr,
2776 			    sizeof(struct rpcap_findalldevs_ifaddr),
2777 			    &plen, errbuf) == -1)
2778 				goto error;
2779 
2780 			/*
2781 			 * Deserialize all the address components.
2782 			 */
2783 			addr = (struct pcap_addr *) malloc(sizeof(struct pcap_addr));
2784 			if (addr == NULL)
2785 			{
2786 				pcap_fmt_errmsg_for_errno(errbuf,
2787 				    PCAP_ERRBUF_SIZE, errno, "malloc() failed");
2788 				goto error;
2789 			}
2790 			addr->next = NULL;
2791 			addr->addr = NULL;
2792 			addr->netmask = NULL;
2793 			addr->broadaddr = NULL;
2794 			addr->dstaddr = NULL;
2795 
2796 			if (rpcap_deseraddr(&ifaddr.addr,
2797 				(struct sockaddr_storage **) &addr->addr, errbuf) == -1)
2798 			{
2799 				freeaddr(addr);
2800 				goto error;
2801 			}
2802 			if (rpcap_deseraddr(&ifaddr.netmask,
2803 				(struct sockaddr_storage **) &addr->netmask, errbuf) == -1)
2804 			{
2805 				freeaddr(addr);
2806 				goto error;
2807 			}
2808 			if (rpcap_deseraddr(&ifaddr.broadaddr,
2809 				(struct sockaddr_storage **) &addr->broadaddr, errbuf) == -1)
2810 			{
2811 				freeaddr(addr);
2812 				goto error;
2813 			}
2814 			if (rpcap_deseraddr(&ifaddr.dstaddr,
2815 				(struct sockaddr_storage **) &addr->dstaddr, errbuf) == -1)
2816 			{
2817 				freeaddr(addr);
2818 				goto error;
2819 			}
2820 
2821 			if ((addr->addr == NULL) && (addr->netmask == NULL) &&
2822 				(addr->broadaddr == NULL) && (addr->dstaddr == NULL))
2823 			{
2824 				/*
2825 				 * None of the addresses are IPv4 or IPv6
2826 				 * addresses, so throw this entry away.
2827 				 */
2828 				free(addr);
2829 			}
2830 			else
2831 			{
2832 				/*
2833 				 * Add this entry to the list.
2834 				 */
2835 				if (prevaddr == NULL)
2836 				{
2837 					dev->addresses = addr;
2838 				}
2839 				else
2840 				{
2841 					prevaddr->next = addr;
2842 				}
2843 				prevaddr = addr;
2844 			}
2845 		}
2846 	}
2847 
2848 	/* Discard the rest of the message. */
2849 	if (rpcap_discard(sockctrl, ssl, plen, errbuf) == 1)
2850 		goto error_nodiscard;
2851 
2852 	/* Control connection has to be closed only in case the remote machine is in passive mode */
2853 	if (!active)
2854 	{
2855 		/* DO not send RPCAP_CLOSE, since we did not open a pcap_t; no need to free resources */
2856 #ifdef HAVE_OPENSSL
2857 		if (ssl)
2858 		{
2859 			// Finish using the SSL handle for the socket.
2860 			// This must be done *before* the socket is closed.
2861 			ssl_finish(ssl);
2862 		}
2863 #endif
2864 		if (sock_close(sockctrl, errbuf, PCAP_ERRBUF_SIZE))
2865 			return -1;
2866 	}
2867 
2868 	/* To avoid inconsistencies in the number of sock_init() */
2869 	sock_cleanup();
2870 
2871 	return 0;
2872 
2873 error:
2874 	/*
2875 	 * In case there has been an error, I don't want to overwrite it with a new one
2876 	 * if the following call fails. I want to return always the original error.
2877 	 *
2878 	 * Take care: this connection can already be closed when we try to close it.
2879 	 * This happens because a previous error in the rpcapd, which requested to
2880 	 * closed the connection. In that case, we already recognized that into the
2881 	 * rpspck_isheaderok() and we already acknowledged the closing.
2882 	 * In that sense, this call is useless here (however it is needed in case
2883 	 * the client generates the error).
2884 	 *
2885 	 * Checks if all the data has been read; if not, discard the data in excess
2886 	 */
2887 	(void) rpcap_discard(sockctrl, ssl, plen, NULL);
2888 
2889 error_nodiscard:
2890 	/* Control connection has to be closed only in case the remote machine is in passive mode */
2891 	if (!active)
2892 	{
2893 #ifdef HAVE_OPENSSL
2894 		if (ssl)
2895 		{
2896 			// Finish using the SSL handle for the socket.
2897 			// This must be done *before* the socket is closed.
2898 			ssl_finish(ssl);
2899 		}
2900 #endif
2901 		sock_close(sockctrl, NULL, 0);
2902 	}
2903 
2904 	/* To avoid inconsistencies in the number of sock_init() */
2905 	sock_cleanup();
2906 
2907 	/* Free whatever interfaces we've allocated. */
2908 	pcap_freealldevs(*alldevs);
2909 
2910 	return -1;
2911 }
2912 
2913 /*
2914  * Active mode routines.
2915  *
2916  * The old libpcap API is somewhat ugly, and makes active mode difficult
2917  * to implement; we provide some APIs for it that work only with rpcap.
2918  */
2919 
2920 SOCKET pcap_remoteact_accept_ex(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, int uses_ssl, char *errbuf)
2921 {
2922 	/* socket-related variables */
2923 	struct addrinfo hints;			/* temporary struct to keep settings needed to open the new socket */
2924 	struct addrinfo *addrinfo;		/* keeps the addrinfo chain; required to open a new socket */
2925 	struct sockaddr_storage from;	/* generic sockaddr_storage variable */
2926 	socklen_t fromlen;				/* keeps the length of the sockaddr_storage variable */
2927 	SOCKET sockctrl;				/* keeps the main socket identifier */
2928 	SSL *ssl = NULL;				/* Optional SSL handler for sockctrl */
2929 	uint8 protocol_version;			/* negotiated protocol version */
2930 	int byte_swapped;			/* 1 if server byte order is known to be the reverse of ours */
2931 	struct activehosts *temp, *prev;	/* temp var needed to scan he host list chain */
2932 
2933 	*connectinghost = 0;		/* just in case */
2934 
2935 	/* Prepare to open a new server socket */
2936 	memset(&hints, 0, sizeof(struct addrinfo));
2937 	/* WARNING Currently it supports only ONE socket family among ipv4 and IPv6  */
2938 	hints.ai_family = AF_INET;		/* PF_UNSPEC to have both IPv4 and IPv6 server */
2939 	hints.ai_flags = AI_PASSIVE;	/* Ready to a bind() socket */
2940 	hints.ai_socktype = SOCK_STREAM;
2941 
2942 	/* Warning: this call can be the first one called by the user. */
2943 	/* For this reason, we have to initialize the Winsock support. */
2944 	if (sock_init(errbuf, PCAP_ERRBUF_SIZE) == -1)
2945 		return (SOCKET)-1;
2946 
2947 	/* Do the work */
2948 	if ((port == NULL) || (port[0] == 0))
2949 	{
2950 		if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
2951 		{
2952 			return (SOCKET)-2;
2953 		}
2954 	}
2955 	else
2956 	{
2957 		if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
2958 		{
2959 			return (SOCKET)-2;
2960 		}
2961 	}
2962 
2963 
2964 	if ((sockmain = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2965 	{
2966 		freeaddrinfo(addrinfo);
2967 		return (SOCKET)-2;
2968 	}
2969 	freeaddrinfo(addrinfo);
2970 
2971 	/* Connection creation */
2972 	fromlen = sizeof(struct sockaddr_storage);
2973 
2974 	sockctrl = accept(sockmain, (struct sockaddr *) &from, &fromlen);
2975 
2976 	/* We're not using sock_close, since we do not want to send a shutdown */
2977 	/* (which is not allowed on a non-connected socket) */
2978 	closesocket(sockmain);
2979 	sockmain = 0;
2980 
2981 	if (sockctrl == INVALID_SOCKET)
2982 	{
2983 		sock_geterrmsg(errbuf, PCAP_ERRBUF_SIZE, "accept() failed");
2984 		return (SOCKET)-2;
2985 	}
2986 
2987 	/* Promote to SSL early before any error message may be sent */
2988 	if (uses_ssl)
2989 	{
2990 #ifdef HAVE_OPENSSL
2991 		ssl = ssl_promotion(0, sockctrl, errbuf, PCAP_ERRBUF_SIZE);
2992 		if (! ssl)
2993 		{
2994 			sock_close(sockctrl, NULL, 0);
2995 			return (SOCKET)-1;
2996 		}
2997 #else
2998 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "No TLS support");
2999 		sock_close(sockctrl, NULL, 0);
3000 		return (SOCKET)-1;
3001 #endif
3002 	}
3003 
3004 	/* Get the numeric for of the name of the connecting host */
3005 	if (getnameinfo((struct sockaddr *) &from, fromlen, connectinghost, RPCAP_HOSTLIST_SIZE, NULL, 0, NI_NUMERICHOST))
3006 	{
3007 		sock_geterrmsg(errbuf, PCAP_ERRBUF_SIZE,
3008 		    "getnameinfo() failed");
3009 		rpcap_senderror(sockctrl, ssl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
3010 #ifdef HAVE_OPENSSL
3011 		if (ssl)
3012 		{
3013 			// Finish using the SSL handle for the socket.
3014 			// This must be done *before* the socket is closed.
3015 			ssl_finish(ssl);
3016 		}
3017 #endif
3018 		sock_close(sockctrl, NULL, 0);
3019 		return (SOCKET)-1;
3020 	}
3021 
3022 	/* checks if the connecting host is among the ones allowed */
3023 	if (sock_check_hostlist((char *)hostlist, RPCAP_HOSTLIST_SEP, &from, errbuf, PCAP_ERRBUF_SIZE) < 0)
3024 	{
3025 		rpcap_senderror(sockctrl, ssl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
3026 #ifdef HAVE_OPENSSL
3027 		if (ssl)
3028 		{
3029 			// Finish using the SSL handle for the socket.
3030 			// This must be done *before* the socket is closed.
3031 			ssl_finish(ssl);
3032 		}
3033 #endif
3034 		sock_close(sockctrl, NULL, 0);
3035 		return (SOCKET)-1;
3036 	}
3037 
3038 	/*
3039 	 * Send authentication to the remote machine.
3040 	 */
3041 	if (rpcap_doauth(sockctrl, ssl, &protocol_version, &byte_swapped,
3042 	    auth, errbuf) == -1)
3043 	{
3044 		/* Unrecoverable error. */
3045 		rpcap_senderror(sockctrl, ssl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
3046 #ifdef HAVE_OPENSSL
3047 		if (ssl)
3048 		{
3049 			// Finish using the SSL handle for the socket.
3050 			// This must be done *before* the socket is closed.
3051 			ssl_finish(ssl);
3052 		}
3053 #endif
3054 		sock_close(sockctrl, NULL, 0);
3055 		return (SOCKET)-3;
3056 	}
3057 
3058 	/* Checks that this host does not already have a cntrl connection in place */
3059 
3060 	/* Initialize pointers */
3061 	temp = activeHosts;
3062 	prev = NULL;
3063 
3064 	while (temp)
3065 	{
3066 		/* This host already has an active connection in place, so I don't have to update the host list */
3067 		if (sock_cmpaddr(&temp->host, &from) == 0)
3068 			return sockctrl;
3069 
3070 		prev = temp;
3071 		temp = temp->next;
3072 	}
3073 
3074 	/* The host does not exist in the list; so I have to update the list */
3075 	if (prev)
3076 	{
3077 		prev->next = (struct activehosts *) malloc(sizeof(struct activehosts));
3078 		temp = prev->next;
3079 	}
3080 	else
3081 	{
3082 		activeHosts = (struct activehosts *) malloc(sizeof(struct activehosts));
3083 		temp = activeHosts;
3084 	}
3085 
3086 	if (temp == NULL)
3087 	{
3088 		pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
3089 		    errno, "malloc() failed");
3090 		rpcap_senderror(sockctrl, ssl, protocol_version, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
3091 #ifdef HAVE_OPENSSL
3092 		if (ssl)
3093 		{
3094 			// Finish using the SSL handle for the socket.
3095 			// This must be done *before* the socket is closed.
3096 			ssl_finish(ssl);
3097 		}
3098 #endif
3099 		sock_close(sockctrl, NULL, 0);
3100 		return (SOCKET)-1;
3101 	}
3102 
3103 	memcpy(&temp->host, &from, fromlen);
3104 	temp->sockctrl = sockctrl;
3105 	temp->ssl = ssl;
3106 	temp->protocol_version = protocol_version;
3107 	temp->byte_swapped = byte_swapped;
3108 	temp->next = NULL;
3109 
3110 	return sockctrl;
3111 }
3112 
3113 SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf)
3114 {
3115 	return pcap_remoteact_accept_ex(address, port, hostlist, connectinghost, auth, 0, errbuf);
3116 }
3117 
3118 int pcap_remoteact_close(const char *host, char *errbuf)
3119 {
3120 	struct activehosts *temp, *prev;	/* temp var needed to scan the host list chain */
3121 	struct addrinfo hints, *addrinfo, *ai_next;	/* temp var needed to translate between hostname to its address */
3122 	int retval;
3123 
3124 	temp = activeHosts;
3125 	prev = NULL;
3126 
3127 	/* retrieve the network address corresponding to 'host' */
3128 	addrinfo = NULL;
3129 	memset(&hints, 0, sizeof(struct addrinfo));
3130 	hints.ai_family = PF_UNSPEC;
3131 	hints.ai_socktype = SOCK_STREAM;
3132 
3133 	retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
3134 	    PCAP_ERRBUF_SIZE);
3135 	if (retval != 0)
3136 	{
3137 		return -1;
3138 	}
3139 
3140 	while (temp)
3141 	{
3142 		ai_next = addrinfo;
3143 		while (ai_next)
3144 		{
3145 			if (sock_cmpaddr(&temp->host, (struct sockaddr_storage *) ai_next->ai_addr) == 0)
3146 			{
3147 				struct rpcap_header header;
3148 				int status = 0;
3149 
3150 				/* Close this connection */
3151 				rpcap_createhdr(&header, temp->protocol_version,
3152 				    RPCAP_MSG_CLOSE, 0, 0);
3153 
3154 				/*
3155 				 * Don't check for errors, since we're
3156 				 * just cleaning up.
3157 				 */
3158 				if (sock_send(temp->sockctrl, temp->ssl,
3159 				    (char *)&header,
3160 				    sizeof(struct rpcap_header), errbuf,
3161 				    PCAP_ERRBUF_SIZE) < 0)
3162 				{
3163 					/*
3164 					 * Let that error be the one we
3165 					 * report.
3166 					 */
3167 #ifdef HAVE_OPENSSL
3168 					if (temp->ssl)
3169 					{
3170 						// Finish using the SSL handle
3171 						// for the socket.
3172 						// This must be done *before*
3173 						// the socket is closed.
3174 						ssl_finish(temp->ssl);
3175 					}
3176 #endif
3177 					(void)sock_close(temp->sockctrl, NULL,
3178 					   0);
3179 					status = -1;
3180 				}
3181 				else
3182 				{
3183 #ifdef HAVE_OPENSSL
3184 					if (temp->ssl)
3185 					{
3186 						// Finish using the SSL handle
3187 						// for the socket.
3188 						// This must be done *before*
3189 						// the socket is closed.
3190 						ssl_finish(temp->ssl);
3191 					}
3192 #endif
3193 					if (sock_close(temp->sockctrl, errbuf,
3194 					   PCAP_ERRBUF_SIZE) == -1)
3195 						status = -1;
3196 				}
3197 
3198 				/*
3199 				 * Remove the host from the list of active
3200 				 * hosts.
3201 				 */
3202 				if (prev)
3203 					prev->next = temp->next;
3204 				else
3205 					activeHosts = temp->next;
3206 
3207 				freeaddrinfo(addrinfo);
3208 
3209 				free(temp);
3210 
3211 				/* To avoid inconsistencies in the number of sock_init() */
3212 				sock_cleanup();
3213 
3214 				return status;
3215 			}
3216 
3217 			ai_next = ai_next->ai_next;
3218 		}
3219 		prev = temp;
3220 		temp = temp->next;
3221 	}
3222 
3223 	if (addrinfo)
3224 		freeaddrinfo(addrinfo);
3225 
3226 	/* To avoid inconsistencies in the number of sock_init() */
3227 	sock_cleanup();
3228 
3229 	snprintf(errbuf, PCAP_ERRBUF_SIZE, "The host you want to close the active connection is not known");
3230 	return -1;
3231 }
3232 
3233 void pcap_remoteact_cleanup(void)
3234 {
3235 #	ifdef HAVE_OPENSSL
3236 	if (ssl_main)
3237 	{
3238 		// Finish using the SSL handle for the main active socket.
3239 		// This must be done *before* the socket is closed.
3240 		ssl_finish(ssl_main);
3241 		ssl_main = NULL;
3242 	}
3243 #	endif
3244 
3245 	/* Very dirty, but it works */
3246 	if (sockmain)
3247 	{
3248 		closesocket(sockmain);
3249 
3250 		/* To avoid inconsistencies in the number of sock_init() */
3251 		sock_cleanup();
3252 	}
3253 }
3254 
3255 int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf)
3256 {
3257 	struct activehosts *temp;	/* temp var needed to scan the host list chain */
3258 	size_t len;
3259 	char hoststr[RPCAP_HOSTLIST_SIZE + 1];
3260 
3261 	temp = activeHosts;
3262 
3263 	len = 0;
3264 	*hostlist = 0;
3265 
3266 	while (temp)
3267 	{
3268 		/*int sock_getascii_addrport(const struct sockaddr_storage *sockaddr, char *address, int addrlen, char *port, int portlen, int flags, char *errbuf, int errbuflen) */
3269 
3270 		/* Get the numeric form of the name of the connecting host */
3271 		if (sock_getascii_addrport((struct sockaddr_storage *) &temp->host, hoststr,
3272 			RPCAP_HOSTLIST_SIZE, NULL, 0, NI_NUMERICHOST, errbuf, PCAP_ERRBUF_SIZE) != -1)
3273 			/*	if (getnameinfo( (struct sockaddr *) &temp->host, sizeof (struct sockaddr_storage), hoststr, */
3274 			/*		RPCAP_HOSTLIST_SIZE, NULL, 0, NI_NUMERICHOST) ) */
3275 		{
3276 			/*	sock_geterrmsg(errbuf, PCAP_ERRBUF_SIZE, */
3277 			/*	    "getnameinfo() failed");             */
3278 			return -1;
3279 		}
3280 
3281 		len = len + strlen(hoststr) + 1 /* the separator */;
3282 
3283 		if ((size < 0) || (len >= (size_t)size))
3284 		{
3285 			snprintf(errbuf, PCAP_ERRBUF_SIZE, "The string you provided is not able to keep "
3286 				"the hostnames for all the active connections");
3287 			return -1;
3288 		}
3289 
3290 		pcap_strlcat(hostlist, hoststr, PCAP_ERRBUF_SIZE);
3291 		hostlist[len - 1] = sep;
3292 		hostlist[len] = 0;
3293 
3294 		temp = temp->next;
3295 	}
3296 
3297 	return 0;
3298 }
3299 
3300 /*
3301  * Receive the header of a message.
3302  */
3303 static int rpcap_recv_msg_header(SOCKET sock, SSL *ssl, struct rpcap_header *header, char *errbuf)
3304 {
3305 	int nrecv;
3306 
3307 	nrecv = sock_recv(sock, ssl, (char *) header, sizeof(struct rpcap_header),
3308 	    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
3309 	    PCAP_ERRBUF_SIZE);
3310 	if (nrecv == -1)
3311 	{
3312 		/* Network error. */
3313 		return -1;
3314 	}
3315 	header->plen = ntohl(header->plen);
3316 	return 0;
3317 }
3318 
3319 /*
3320  * Make sure the protocol version of a received message is what we were
3321  * expecting.
3322  */
3323 static int rpcap_check_msg_ver(SOCKET sock, SSL *ssl, uint8 expected_ver, struct rpcap_header *header, char *errbuf)
3324 {
3325 	/*
3326 	 * Did the server specify the version we negotiated?
3327 	 */
3328 	if (header->ver != expected_ver)
3329 	{
3330 		/*
3331 		 * Discard the rest of the message.
3332 		 */
3333 		if (rpcap_discard(sock, ssl, header->plen, errbuf) == -1)
3334 			return -1;
3335 
3336 		/*
3337 		 * Tell our caller that it's not the negotiated version.
3338 		 */
3339 		if (errbuf != NULL)
3340 		{
3341 			snprintf(errbuf, PCAP_ERRBUF_SIZE,
3342 			    "Server sent us a message with version %u when we were expecting %u",
3343 			    header->ver, expected_ver);
3344 		}
3345 		return -1;
3346 	}
3347 	return 0;
3348 }
3349 
3350 /*
3351  * Check the message type of a received message, which should either be
3352  * the expected message type or RPCAP_MSG_ERROR.
3353  */
3354 static int rpcap_check_msg_type(SOCKET sock, SSL *ssl, uint8 request_type, struct rpcap_header *header, uint16 *errcode, char *errbuf)
3355 {
3356 	const char *request_type_string;
3357 	const char *msg_type_string;
3358 
3359 	/*
3360 	 * What type of message is it?
3361 	 */
3362 	if (header->type == RPCAP_MSG_ERROR)
3363 	{
3364 		/*
3365 		 * The server reported an error.
3366 		 * Hand that error back to our caller.
3367 		 */
3368 		*errcode = ntohs(header->value);
3369 		rpcap_msg_err(sock, ssl, header->plen, errbuf);
3370 		return -1;
3371 	}
3372 
3373 	*errcode = 0;
3374 
3375 	/*
3376 	 * For a given request type value, the expected reply type value
3377 	 * is the request type value with ORed with RPCAP_MSG_IS_REPLY.
3378 	 */
3379 	if (header->type != (request_type | RPCAP_MSG_IS_REPLY))
3380 	{
3381 		/*
3382 		 * This isn't a reply to the request we sent.
3383 		 */
3384 
3385 		/*
3386 		 * Discard the rest of the message.
3387 		 */
3388 		if (rpcap_discard(sock, ssl, header->plen, errbuf) == -1)
3389 			return -1;
3390 
3391 		/*
3392 		 * Tell our caller about it.
3393 		 */
3394 		request_type_string = rpcap_msg_type_string(request_type);
3395 		msg_type_string = rpcap_msg_type_string(header->type);
3396 		if (errbuf != NULL)
3397 		{
3398 			if (request_type_string == NULL)
3399 			{
3400 				/* This should not happen. */
3401 				snprintf(errbuf, PCAP_ERRBUF_SIZE,
3402 				    "rpcap_check_msg_type called for request message with type %u",
3403 				    request_type);
3404 				return -1;
3405 			}
3406 			if (msg_type_string != NULL)
3407 				snprintf(errbuf, PCAP_ERRBUF_SIZE,
3408 				    "%s message received in response to a %s message",
3409 				    msg_type_string, request_type_string);
3410 			else
3411 				snprintf(errbuf, PCAP_ERRBUF_SIZE,
3412 				    "Message of unknown type %u message received in response to a %s request",
3413 				    header->type, request_type_string);
3414 		}
3415 		return -1;
3416 	}
3417 
3418 	return 0;
3419 }
3420 
3421 /*
3422  * Receive and process the header of a message.
3423  */
3424 static int rpcap_process_msg_header(SOCKET sock, SSL *ssl, uint8 expected_ver, uint8 request_type, struct rpcap_header *header, char *errbuf)
3425 {
3426 	uint16 errcode;
3427 
3428 	if (rpcap_recv_msg_header(sock, ssl, header, errbuf) == -1)
3429 	{
3430 		/* Network error. */
3431 		return -1;
3432 	}
3433 
3434 	/*
3435 	 * Did the server specify the version we negotiated?
3436 	 */
3437 	if (rpcap_check_msg_ver(sock, ssl, expected_ver, header, errbuf) == -1)
3438 		return -1;
3439 
3440 	/*
3441 	 * Check the message type.
3442 	 */
3443 	return rpcap_check_msg_type(sock, ssl, request_type, header,
3444 	    &errcode, errbuf);
3445 }
3446 
3447 /*
3448  * Read data from a message.
3449  * If we're trying to read more data that remains, puts an error
3450  * message into errmsgbuf and returns -2.  Otherwise, tries to read
3451  * the data and, if that succeeds, subtracts the amount read from
3452  * the number of bytes of data that remains.
3453  * Returns 0 on success, logs a message and returns -1 on a network
3454  * error.
3455  */
3456 static int rpcap_recv(SOCKET sock, SSL *ssl, void *buffer, size_t toread, uint32 *plen, char *errbuf)
3457 {
3458 	int nread;
3459 
3460 	if (toread > *plen)
3461 	{
3462 		/* The server sent us a bad message */
3463 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
3464 		return -1;
3465 	}
3466 	nread = sock_recv(sock, ssl, buffer, toread,
3467 	    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
3468 	if (nread == -1)
3469 	{
3470 		return -1;
3471 	}
3472 	*plen -= nread;
3473 	return 0;
3474 }
3475 
3476 /*
3477  * This handles the RPCAP_MSG_ERROR message.
3478  */
3479 static void rpcap_msg_err(SOCKET sockctrl, SSL *ssl, uint32 plen, char *remote_errbuf)
3480 {
3481 	char errbuf[PCAP_ERRBUF_SIZE];
3482 
3483 	if (plen >= PCAP_ERRBUF_SIZE)
3484 	{
3485 		/*
3486 		 * Message is too long; just read as much of it as we
3487 		 * can into the buffer provided, and discard the rest.
3488 		 */
3489 		if (sock_recv(sockctrl, ssl, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
3490 		    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
3491 		    PCAP_ERRBUF_SIZE) == -1)
3492 		{
3493 			// Network error.
3494 			DIAG_OFF_FORMAT_TRUNCATION
3495 			snprintf(remote_errbuf, PCAP_ERRBUF_SIZE, "Read of error message from client failed: %s", errbuf);
3496 			DIAG_ON_FORMAT_TRUNCATION
3497 			return;
3498 		}
3499 
3500 		/*
3501 		 * Null-terminate it.
3502 		 */
3503 		remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0';
3504 
3505 #ifdef _WIN32
3506 		/*
3507 		 * If we're not in UTF-8 mode, convert it to the local
3508 		 * code page.
3509 		 */
3510 		if (!pcap_utf_8_mode)
3511 			utf_8_to_acp_truncated(remote_errbuf);
3512 #endif
3513 
3514 		/*
3515 		 * Throw away the rest.
3516 		 */
3517 		(void)rpcap_discard(sockctrl, ssl, plen - (PCAP_ERRBUF_SIZE - 1), remote_errbuf);
3518 	}
3519 	else if (plen == 0)
3520 	{
3521 		/* Empty error string. */
3522 		remote_errbuf[0] = '\0';
3523 	}
3524 	else
3525 	{
3526 		if (sock_recv(sockctrl, ssl, remote_errbuf, plen,
3527 		    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
3528 		    PCAP_ERRBUF_SIZE) == -1)
3529 		{
3530 			// Network error.
3531 			DIAG_OFF_FORMAT_TRUNCATION
3532 			snprintf(remote_errbuf, PCAP_ERRBUF_SIZE, "Read of error message from client failed: %s", errbuf);
3533 			DIAG_ON_FORMAT_TRUNCATION
3534 			return;
3535 		}
3536 
3537 		/*
3538 		 * Null-terminate it.
3539 		 */
3540 		remote_errbuf[plen] = '\0';
3541 	}
3542 }
3543 
3544 /*
3545  * Discard data from a connection.
3546  * Mostly used to discard wrong-sized messages.
3547  * Returns 0 on success, logs a message and returns -1 on a network
3548  * error.
3549  */
3550 static int rpcap_discard(SOCKET sock, SSL *ssl, uint32 len, char *errbuf)
3551 {
3552 	if (len != 0)
3553 	{
3554 		if (sock_discard(sock, ssl, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
3555 		{
3556 			// Network error.
3557 			return -1;
3558 		}
3559 	}
3560 	return 0;
3561 }
3562 
3563 /*
3564  * Read bytes into the pcap_t's buffer until we have the specified
3565  * number of bytes read or we get an error or interrupt indication.
3566  */
3567 static int rpcap_read_packet_msg(struct pcap_rpcap const *rp, pcap_t *p, size_t size)
3568 {
3569 	u_char *bp;
3570 	int cc;
3571 	int bytes_read;
3572 
3573 	bp = p->bp;
3574 	cc = p->cc;
3575 
3576 	/*
3577 	 * Loop until we have the amount of data requested or we get
3578 	 * an error or interrupt.
3579 	 */
3580 	while ((size_t)cc < size)
3581 	{
3582 		/*
3583 		 * We haven't read all of the packet header yet.
3584 		 * Read what remains, which could be all of it.
3585 		 */
3586 		bytes_read = sock_recv(rp->rmt_sockdata, rp->data_ssl, bp, size - cc,
3587 		    SOCK_RECEIVEALL_NO|SOCK_EOF_IS_ERROR, p->errbuf,
3588 		    PCAP_ERRBUF_SIZE);
3589 
3590 		if (bytes_read == -1)
3591 		{
3592 			/*
3593 			 * Network error.  Update the read pointer and
3594 			 * byte count, and return an error indication.
3595 			 */
3596 			p->bp = bp;
3597 			p->cc = cc;
3598 			return -1;
3599 		}
3600 		if (bytes_read == -3)
3601 		{
3602 			/*
3603 			 * Interrupted receive.  Update the read
3604 			 * pointer and byte count, and return
3605 			 * an interrupted indication.
3606 			 */
3607 			p->bp = bp;
3608 			p->cc = cc;
3609 			return -3;
3610 		}
3611 		if (bytes_read == 0)
3612 		{
3613 			/*
3614 			 * EOF - server terminated the connection.
3615 			 * Update the read pointer and byte count, and
3616 			 * return an error indication.
3617 			 */
3618 			snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3619 			    "The server terminated the connection.");
3620 			return -1;
3621 		}
3622 		bp += bytes_read;
3623 		cc += bytes_read;
3624 	}
3625 	p->bp = bp;
3626 	p->cc = cc;
3627 	return 0;
3628 }
3629