xref: /freebsd/contrib/libpcap/rpcapd/daemon.c (revision 87b759f0fa1f7554d50ce640c40138512bbded44)
1 /*
2  * Copyright (c) 2002 - 2003
3  * NetGroup, Politecnico di Torino (Italy)
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the Politecnico di Torino nor the names of its
16  * contributors may be used to endorse or promote products derived from
17  * this software without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 #include <config.h>
33 
34 #include "ftmacros.h"
35 #include "varattrs.h"
36 
37 #include <errno.h>		// for the errno variable
38 #include <stdlib.h>		// for malloc(), free(), ...
39 #include <string.h>		// for strlen(), ...
40 #include <limits.h>		// for INT_MAX
41 
42 #ifdef _WIN32
43   #include <process.h>		// for threads
44 #else
45   #include <unistd.h>
46   #include <pthread.h>
47   #include <signal.h>
48   #include <sys/time.h>
49   #include <sys/types.h>	// for select() and such
50   #include <pwd.h>		// for password management
51 #endif
52 
53 #ifdef HAVE_GETSPNAM
54 #include <shadow.h>		// for password management
55 #endif
56 
57 #include <pcap.h>		// for libpcap/WinPcap calls
58 
59 #include "fmtutils.h"
60 #include "sockutils.h"		// for socket calls
61 #include "portability.h"
62 #include "rpcap-protocol.h"
63 #include "daemon.h"
64 #include "log.h"
65 
66 #ifdef HAVE_OPENSSL
67 #include <openssl/ssl.h>
68 #include "sslutils.h"
69 #endif
70 
71 //
72 // Timeout, in seconds, when we're waiting for a client to send us an
73 // authentication request; if they don't send us a request within that
74 // interval, we drop the connection, so we don't stay stuck forever.
75 //
76 #define RPCAP_TIMEOUT_INIT 90
77 
78 //
79 // Timeout, in seconds, when we're waiting for an authenticated client
80 // to send us a request, if a capture isn't in progress; if they don't
81 // send us a request within that interval, we drop the connection, so
82 // we don't stay stuck forever.
83 //
84 #define RPCAP_TIMEOUT_RUNTIME 180
85 
86 //
87 // Time, in seconds, that we wait after a failed authentication attempt
88 // before processing the next request; this prevents a client from
89 // rapidly trying different accounts or passwords.
90 //
91 #define RPCAP_SUSPEND_WRONGAUTH 1
92 
93 // Parameters for the service loop.
94 struct daemon_slpars
95 {
96 	PCAP_SOCKET sockctrl;	//!< PCAP_SOCKET ID of the control connection
97 	SSL *ssl;		//!< Optional SSL handler for the controlling sockets
98 	int isactive;		//!< Not null if the daemon has to run in active mode
99 	int nullAuthAllowed;	//!< '1' if we permit NULL authentication, '0' otherwise
100 };
101 
102 //
103 // Data for a session managed by a thread.
104 // It includes both a Boolean indicating whether we *have* a thread,
105 // and a platform-dependent (UN*X vs. Windows) identifier for the
106 // thread; on Windows, we could use an invalid handle to indicate
107 // that we don't have a thread, but there *is* no portable "no thread"
108 // value for a pthread_t on UN*X.
109 //
110 struct session {
111 	PCAP_SOCKET sockctrl;
112 	PCAP_SOCKET sockdata;
113 	SSL *ctrl_ssl, *data_ssl; // optional SSL handlers for sockctrl and sockdata.
114 	uint8 protocol_version;
115 	pcap_t *fp;
116 	unsigned int TotCapt;
117 	int	have_thread;
118 #ifdef _WIN32
119 	HANDLE thread;
120 #else
121 	pthread_t thread;
122 #endif
123 };
124 
125 // Locally defined functions
126 static int daemon_msg_err(PCAP_SOCKET sockctrl, SSL *, uint32 plen);
127 static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen);
128 static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
129 
130 static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars,
131     uint32 plen);
132 
133 static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars,
134     uint32 plen, char *source, size_t sourcelen);
135 static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars,
136     uint32 plen, char *source, struct session **sessionp,
137     struct rpcap_sampling *samp_param, int uses_ssl);
138 static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
139     struct session *session);
140 
141 static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
142     struct session *session, uint32 plen);
143 static int daemon_unpackapplyfilter(PCAP_SOCKET sockctrl, SSL *, struct session *session, uint32 *plenp, char *errbuf);
144 
145 static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
146     struct session *session, uint32 plen, struct pcap_stat *stats,
147     unsigned int svrcapt);
148 
149 static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars,
150     uint32 plen, struct rpcap_sampling *samp_param);
151 
152 static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
153 #ifdef _WIN32
154 static unsigned __stdcall daemon_thrdatamain(void *ptr);
155 #else
156 static void *daemon_thrdatamain(void *ptr);
157 static void noop_handler(int sign);
158 #endif
159 
160 static int rpcapd_recv_msg_header(PCAP_SOCKET sock, SSL *, struct rpcap_header *headerp);
161 static int rpcapd_recv(PCAP_SOCKET sock, SSL *, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf);
162 static int rpcapd_discard(PCAP_SOCKET sock, SSL *, uint32 len);
163 static void session_close(struct session *);
164 
165 //
166 // TLS record layer header; used when processing the first message from
167 // the client, in case we aren't doing TLS but they are.
168 //
169 struct tls_record_header {
170 	uint8 type;		// ContentType - will be 22, for Handshake
171 	uint8 version_major;	// TLS protocol major version
172 	uint8 version_injor;	// TLS protocol minor version
173 	// This is *not* aligned on a 2-byte boundary; we just
174 	// declare it as two bytes.  Don't assume any particular
175 	// compiler's mechanism for saying "packed"!
176 	uint8 length_hi;	// Upper 8 bits of payload length
177 	uint8 length_lo;	// Low 8 bits of payload length
178 };
179 
180 #define TLS_RECORD_HEADER_LEN	5	// Don't use sizeof in case it's padded
181 
182 #define TLS_RECORD_TYPE_ALERT		21
183 #define TLS_RECORD_TYPE_HANDSHAKE	22
184 
185 //
186 // TLS alert message.
187 //
188 struct tls_alert {
189 	uint8 alert_level;
190 	uint8 alert_description;
191 };
192 
193 #define TLS_ALERT_LEN			2
194 
195 #define TLS_ALERT_LEVEL_FATAL		2
196 #define TLS_ALERT_HANDSHAKE_FAILURE	40
197 
198 static int is_url(const char *source);
199 
200 /*
201  * Maximum sizes for fixed-bit-width values.
202  */
203 #ifndef UINT16_MAX
204 #define UINT16_MAX	65535U
205 #endif
206 
207 #ifndef UINT32_MAX
208 #define UINT32_MAX	4294967295U
209 #endif
210 
211 int
212 daemon_serviceloop(PCAP_SOCKET sockctrl, int isactive, char *passiveClients,
213     int nullAuthAllowed, int uses_ssl)
214 {
215 	uint8 first_octet;
216 	struct tls_record_header tls_header;
217 	struct tls_alert tls_alert;
218 	struct daemon_slpars pars;		// service loop parameters
219 	char errbuf[PCAP_ERRBUF_SIZE + 1];	// keeps the error string, prior to be printed
220 	char errmsgbuf[PCAP_ERRBUF_SIZE + 1];	// buffer for errors to send to the client
221 	int host_port_check_status;
222 	SSL *ssl = NULL;
223 	int nrecv;
224 	struct rpcap_header header;		// RPCAP message general header
225 	uint32 plen;				// payload length from header
226 	int authenticated = 0;			// 1 if the client has successfully authenticated
227 	char source[PCAP_BUF_SIZE+1];		// keeps the string that contains the interface to open
228 	int got_source = 0;			// 1 if we've gotten the source from an open request
229 #ifndef _WIN32
230 	struct sigaction action;
231 #endif
232 	struct session *session = NULL;		// struct session main variable
233 	const char *msg_type_string;		// string for message type
234 	int client_told_us_to_close = 0;	// 1 if the client told us to close the capture
235 
236 	// needed to save the values of the statistics
237 	struct pcap_stat stats;
238 	unsigned int svrcapt;
239 
240 	struct rpcap_sampling samp_param;	// in case sampling has been requested
241 
242 	// Structures needed for the select() call
243 	fd_set rfds;				// set of socket descriptors we have to check
244 	struct timeval tv;			// maximum time the select() can block waiting for data
245 	int retval;				// select() return value
246 
247 	*errbuf = 0;	// Initialize errbuf
248 
249 	//
250 	// Peek into the socket to determine whether the client sent us
251 	// a TLS handshake message or a non-TLS rpcapd message.
252 	//
253 	// The first byte of an rpcapd request is the version number;
254 	// the first byte of a TLS handshake message is 22.  The
255 	// first request to an rpcapd server must be an authentication
256 	// request or a close request, and must have a version number
257 	// of 0, so it will be possible to distinguish between an
258 	// initial plaintext request to a server and an initial TLS
259 	// handshake message.
260 	//
261 	nrecv = sock_recv(sockctrl, NULL, (char *)&first_octet, 1,
262 	    SOCK_EOF_ISNT_ERROR|SOCK_MSG_PEEK, errbuf, PCAP_ERRBUF_SIZE);
263 	if (nrecv == -1)
264 	{
265 		// Fatal error.
266 		rpcapd_log(LOGPRIO_ERROR, "Peek from client failed: %s", errbuf);
267 		goto end;
268 	}
269 	if (nrecv == 0)
270 	{
271 		// Client closed the connection.
272 		goto end;
273 	}
274 
275 #ifdef HAVE_OPENSSL
276 	//
277 	// We have to upgrade to TLS as soon as possible, so that the
278 	// whole protocol goes through the encrypted tunnel, including
279 	// early error messages.
280 	//
281 	// Even in active mode, the other end has to initiate the TLS
282 	// handshake as we still are the server as far as TLS is concerned,
283 	// so we don't check isactive.
284 	//
285 	if (uses_ssl)
286 	{
287 		//
288 		// We're expecting a TLS handshake message.  If this
289 		// isn't one, assume it's a non-TLS rpcapd message.
290 		//
291 		// The first octet of a TLS handshake is
292 		// TLS_RECORD_TYPE_HANDSHAKE.
293 		//
294 		if (first_octet != TLS_RECORD_TYPE_HANDSHAKE)
295 		{
296 			//
297 			// We assume this is a non-TLS rpcapd message.
298 			//
299 			// Read the message header from the client.
300 			//
301 			nrecv = rpcapd_recv_msg_header(sockctrl, NULL, &header);
302 			if (nrecv == -1)
303 			{
304 				// Fatal error.
305 				goto end;
306 			}
307 			if (nrecv == -2)
308 			{
309 				// Client closed the connection.
310 				goto end;
311 			}
312 			plen = header.plen;
313 
314 			// Discard the rest of the message.
315 			if (rpcapd_discard(sockctrl, NULL, plen) == -1)
316 			{
317 				// Network error.
318 				goto end;
319 			}
320 
321 			//
322 			// Send an authentication error, indicating
323 			// that we require TLS.
324 			//
325 			if (rpcap_senderror(sockctrl, NULL, header.ver,
326 			    PCAP_ERR_TLS_REQUIRED,
327 			    "TLS is required by this server", errbuf) == -1)
328 			{
329 				// That failed; log a message and give up.
330 				rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
331 				goto end;
332 			}
333 
334 			// Shut the session down.
335 			goto end;
336 		}
337 		ssl = ssl_promotion(1, sockctrl, errbuf, PCAP_ERRBUF_SIZE);
338 		if (! ssl)
339 		{
340 			rpcapd_log(LOGPRIO_ERROR, "TLS handshake on control connection failed: %s",
341 			    errbuf);
342 			goto end;
343 		}
344 	}
345 	else
346 #endif
347 	{
348 		//
349 		// We're expecting a non-TLS rpcapd message.  If this
350 		// looks, instead, like a TLS handshake message, send
351 		// a TLS handshake_failed alert.
352 		//
353 		// The first octet of a TLS handshake is
354 		// TLS_RECORD_TYPE_HANDSHAKE.
355 		//
356 		if (first_octet == TLS_RECORD_TYPE_HANDSHAKE)
357 		{
358 			//
359 			// TLS handshake.
360 			// Read the record header.
361 			//
362 			nrecv = sock_recv(sockctrl, ssl, (char *) &tls_header,
363 			    sizeof tls_header, SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR,
364 			    errbuf, PCAP_ERRBUF_SIZE);
365 			if (nrecv == -1)
366 			{
367 				// Network error.
368 				rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
369 				goto end;
370 			}
371 			if (nrecv == 0)
372 			{
373 				// Immediate EOF
374 				goto end;
375 			}
376 			plen = (tls_header.length_hi << 8U) | tls_header.length_lo;
377 
378 			// Discard the rest of the message.
379 			if (rpcapd_discard(sockctrl, NULL, plen) == -1)
380 			{
381 				// Network error.
382 				goto end;
383 			}
384 
385 			//
386 			// Send a TLS handshake failure alert.
387 			// Use the same version the client sent us.
388 			//
389 			tls_header.type = TLS_RECORD_TYPE_ALERT;
390 			tls_header.length_hi = 0;
391 			tls_header.length_lo = TLS_ALERT_LEN;
392 
393 			if (sock_send(sockctrl, NULL, (char *) &tls_header,
394 			    TLS_RECORD_HEADER_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
395 			{
396 				// That failed; log a message and give up.
397 				rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
398 				goto end;
399 			}
400 
401 			tls_alert.alert_level = TLS_ALERT_LEVEL_FATAL;
402 			tls_alert.alert_description = TLS_ALERT_HANDSHAKE_FAILURE;
403 			if (sock_send(sockctrl, NULL, (char *) &tls_alert,
404 			    TLS_ALERT_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
405 			{
406 				// That failed; log a message and give up.
407 				rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
408 				goto end;
409 			}
410 			//
411 			// Give up anyway.
412 			//
413 			goto end;
414 		}
415 	}
416 
417 	// Set parameters structure
418 	pars.sockctrl = sockctrl;
419 	pars.ssl = ssl;
420 	pars.isactive = isactive;		// active mode
421 	pars.nullAuthAllowed = nullAuthAllowed;
422 
423 	//
424 	// We have a connection.
425 	//
426 	// If it's a passive mode connection, check whether the connecting
427 	// host is among the ones allowed.
428 	//
429 	// In either case, we were handed a copy of the host list; free it
430 	// as soon as we're done with it.
431 	//
432 	if (pars.isactive)
433 	{
434 		// Nothing to do.
435 		free(passiveClients);
436 		passiveClients = NULL;
437 	}
438 	else
439 	{
440 		struct sockaddr_storage from;
441 		socklen_t fromlen;
442 
443 		//
444 		// Get the address of the other end of the connection.
445 		//
446 		fromlen = sizeof(struct sockaddr_storage);
447 		if (getpeername(pars.sockctrl, (struct sockaddr *)&from,
448 		    &fromlen) == -1)
449 		{
450 			sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
451 			    "getpeername() failed");
452 			if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
453 				rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
454 			goto end;
455 		}
456 
457 		//
458 		// Are they in the list of host/port combinations we allow?
459 		//
460 		host_port_check_status = sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE);
461 		free(passiveClients);
462 		passiveClients = NULL;
463 		if (host_port_check_status < 0)
464 		{
465 			if (host_port_check_status == -2) {
466 				//
467 				// We got an error; log it.
468 				//
469 				rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
470 			}
471 
472 			//
473 			// Sorry, we can't let you in.
474 			//
475 			if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1)
476 				rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
477 			goto end;
478 		}
479 	}
480 
481 #ifndef _WIN32
482 	//
483 	// Catch SIGUSR1, but do nothing.  We use it to interrupt the
484 	// capture thread to break it out of a loop in which it's
485 	// blocked waiting for packets to arrive.
486 	//
487 	// We don't want interrupted system calls to restart, so that
488 	// the read routine for the pcap_t gets EINTR rather than
489 	// restarting if it's blocked in a system call.
490 	//
491 	memset(&action, 0, sizeof (action));
492 	action.sa_handler = noop_handler;
493 	action.sa_flags = 0;
494 	sigemptyset(&action.sa_mask);
495 	sigaction(SIGUSR1, &action, NULL);
496 #endif
497 
498 	//
499 	// The client must first authenticate; loop until they send us a
500 	// message with a version we support and credentials we accept,
501 	// they send us a close message indicating that they're giving up,
502 	// or we get a network error or other fatal error.
503 	//
504 	while (!authenticated)
505 	{
506 		//
507 		// If we're not in active mode, we use select(), with a
508 		// timeout, to wait for an authentication request; if
509 		// the timeout expires, we drop the connection, so that
510 		// a client can't just connect to us and leave us
511 		// waiting forever.
512 		//
513 		if (!pars.isactive)
514 		{
515 			FD_ZERO(&rfds);
516 			// We do not have to block here
517 			tv.tv_sec = RPCAP_TIMEOUT_INIT;
518 			tv.tv_usec = 0;
519 
520 			FD_SET(pars.sockctrl, &rfds);
521 
522 			retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
523 			if (retval == -1)
524 			{
525 				sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
526 				    "select() failed");
527 				if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
528 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
529 				goto end;
530 			}
531 
532 			// The timeout has expired
533 			// So, this was a fake connection. Drop it down
534 			if (retval == 0)
535 			{
536 				if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1)
537 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
538 				goto end;
539 			}
540 		}
541 
542 		//
543 		// Read the message header from the client.
544 		//
545 		nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
546 		if (nrecv == -1)
547 		{
548 			// Fatal error.
549 			goto end;
550 		}
551 		if (nrecv == -2)
552 		{
553 			// Client closed the connection.
554 			goto end;
555 		}
556 
557 		plen = header.plen;
558 
559 		//
560 		// While we're in the authentication phase, all requests
561 		// must use version 0.
562 		//
563 		if (header.ver != 0)
564 		{
565 			//
566 			// Send it back to them with their version.
567 			//
568 			if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver,
569 			    PCAP_ERR_WRONGVER,
570 			    "RPCAP version in requests in the authentication phase must be 0",
571 			    errbuf) == -1)
572 			{
573 				// That failed; log a message and give up.
574 				rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
575 				goto end;
576 			}
577 
578 			// Discard the rest of the message and drop the
579 			// connection.
580 			(void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
581 			goto end;
582 		}
583 
584 		switch (header.type)
585 		{
586 			case RPCAP_MSG_AUTH_REQ:
587 				retval = daemon_msg_auth_req(&pars, plen);
588 				if (retval == -1)
589 				{
590 					// Fatal error; a message has
591 					// been logged, so just give up.
592 					goto end;
593 				}
594 				if (retval == -2)
595 				{
596 					// Non-fatal error; we sent back
597 					// an error message, so let them
598 					// try again.
599 					continue;
600 				}
601 
602 				// OK, we're authenticated; we sent back
603 				// a reply, so start serving requests.
604 				authenticated = 1;
605 				break;
606 
607 			case RPCAP_MSG_CLOSE:
608 				//
609 				// The client is giving up.
610 				// Discard the rest of the message, if
611 				// there is anything more.
612 				//
613 				(void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
614 				// We're done with this client.
615 				goto end;
616 
617 			case RPCAP_MSG_ERROR:
618 				// Log this and close the connection?
619 				// XXX - is this what happens in active
620 				// mode, where *we* initiate the
621 				// connection, and the client gives us
622 				// an error message rather than a "let
623 				// me log in" message, indicating that
624 				// we're not allowed to connect to them?
625 				(void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
626 				goto end;
627 
628 			case RPCAP_MSG_FINDALLIF_REQ:
629 			case RPCAP_MSG_OPEN_REQ:
630 			case RPCAP_MSG_STARTCAP_REQ:
631 			case RPCAP_MSG_UPDATEFILTER_REQ:
632 			case RPCAP_MSG_STATS_REQ:
633 			case RPCAP_MSG_ENDCAP_REQ:
634 			case RPCAP_MSG_SETSAMPLING_REQ:
635 				//
636 				// These requests can't be sent until
637 				// the client is authenticated.
638 				//
639 				msg_type_string = rpcap_msg_type_string(header.type);
640 				if (msg_type_string != NULL)
641 				{
642 					snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string);
643 				}
644 				else
645 				{
646 					snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type);
647 				}
648 				if (rpcap_senderror(pars.sockctrl, pars.ssl,
649 				    header.ver, PCAP_ERR_WRONGMSG,
650 				    errmsgbuf, errbuf) == -1)
651 				{
652 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
653 					goto end;
654 				}
655 				// Discard the rest of the message.
656 				if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
657 				{
658 					// Network error.
659 					goto end;
660 				}
661 				break;
662 
663 			case RPCAP_MSG_PACKET:
664 			case RPCAP_MSG_FINDALLIF_REPLY:
665 			case RPCAP_MSG_OPEN_REPLY:
666 			case RPCAP_MSG_STARTCAP_REPLY:
667 			case RPCAP_MSG_UPDATEFILTER_REPLY:
668 			case RPCAP_MSG_AUTH_REPLY:
669 			case RPCAP_MSG_STATS_REPLY:
670 			case RPCAP_MSG_ENDCAP_REPLY:
671 			case RPCAP_MSG_SETSAMPLING_REPLY:
672 				//
673 				// These are server-to-client messages.
674 				//
675 				msg_type_string = rpcap_msg_type_string(header.type);
676 				if (msg_type_string != NULL)
677 				{
678 					snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
679 				}
680 				else
681 				{
682 					snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
683 				}
684 				if (rpcap_senderror(pars.sockctrl, pars.ssl,
685 				    header.ver, PCAP_ERR_WRONGMSG,
686 				    errmsgbuf, errbuf) == -1)
687 				{
688 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
689 					goto end;
690 				}
691 				// Discard the rest of the message.
692 				if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
693 				{
694 					// Fatal error.
695 					goto end;
696 				}
697 				break;
698 
699 			default:
700 				//
701 				// Unknown message type.
702 				//
703 				snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
704 				if (rpcap_senderror(pars.sockctrl, pars.ssl,
705 				    header.ver, PCAP_ERR_WRONGMSG,
706 				    errmsgbuf, errbuf) == -1)
707 				{
708 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
709 					goto end;
710 				}
711 				// Discard the rest of the message.
712 				if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
713 				{
714 					// Fatal error.
715 					goto end;
716 				}
717 				break;
718 		}
719 	}
720 
721 	//
722 	// OK, the client has authenticated itself, and we can start
723 	// processing regular requests from it.
724 	//
725 
726 	//
727 	// We don't have any statistics yet.
728 	//
729 	stats.ps_ifdrop = 0;
730 	stats.ps_recv = 0;
731 	stats.ps_drop = 0;
732 	svrcapt = 0;
733 
734 	//
735 	// Service requests.
736 	//
737 	for (;;)
738 	{
739 		errbuf[0] = 0;	// clear errbuf
740 
741 		// Avoid zombies connections; check if the connection is opens but no commands are performed
742 		// from more than RPCAP_TIMEOUT_RUNTIME
743 		// Conditions:
744 		// - I have to be in normal mode (no active mode)
745 		// - if the device is open, I don't have to be in the middle of a capture (session->sockdata)
746 		// - if the device is closed, I have always to check if a new command arrives
747 		//
748 		// Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
749 		//  sockdata is 0
750 		if ((!pars.isactive) && (session == NULL || session->sockdata == 0))
751 		{
752 			// Check for the initial timeout
753 			FD_ZERO(&rfds);
754 			// We do not have to block here
755 			tv.tv_sec = RPCAP_TIMEOUT_RUNTIME;
756 			tv.tv_usec = 0;
757 
758 			FD_SET(pars.sockctrl, &rfds);
759 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
760 			retval = 1;
761 #else
762 			retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
763 #endif
764 			if (retval == -1)
765 			{
766 				sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
767 				    "select() failed");
768 				if (rpcap_senderror(pars.sockctrl, pars.ssl,
769 				    0, PCAP_ERR_NETW,
770 				    errmsgbuf, errbuf) == -1)
771 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
772 				goto end;
773 			}
774 
775 			// The timeout has expired
776 			// So, this was a fake connection. Drop it down
777 			if (retval == 0)
778 			{
779 				if (rpcap_senderror(pars.sockctrl, pars.ssl,
780 				    0, PCAP_ERR_INITTIMEOUT,
781 				    "The RPCAP initial timeout has expired",
782 				    errbuf) == -1)
783 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
784 				goto end;
785 			}
786 		}
787 
788 		//
789 		// Read the message header from the client.
790 		//
791 		nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
792 		if (nrecv == -1)
793 		{
794 			// Fatal error.
795 			goto end;
796 		}
797 		if (nrecv == -2)
798 		{
799 			// Client closed the connection.
800 			goto end;
801 		}
802 
803 		plen = header.plen;
804 
805 		//
806 		// Did the client specify a protocol version that we
807 		// support?
808 		//
809 		if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
810 		{
811 			//
812 			// Tell them it's not a supported version.
813 			// Send the error message with their version,
814 			// so they don't reject it as having the wrong
815 			// version.
816 			//
817 			if (rpcap_senderror(pars.sockctrl, pars.ssl,
818 			    header.ver, PCAP_ERR_WRONGVER,
819 			    "RPCAP version in message isn't supported by the server",
820 			    errbuf) == -1)
821 			{
822 				// That failed; log a message and give up.
823 				rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
824 				goto end;
825 			}
826 
827 			// Discard the rest of the message.
828 			(void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
829 			// Give up on them.
830 			goto end;
831 		}
832 
833 		switch (header.type)
834 		{
835 			case RPCAP_MSG_ERROR:		// The other endpoint reported an error
836 			{
837 				(void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
838 				// Do nothing; just exit; the error code is already into the errbuf
839 				// XXX - actually exit....
840 				break;
841 			}
842 
843 			case RPCAP_MSG_FINDALLIF_REQ:
844 			{
845 				if (daemon_msg_findallif_req(header.ver, &pars, plen) == -1)
846 				{
847 					// Fatal error; a message has
848 					// been logged, so just give up.
849 					goto end;
850 				}
851 				break;
852 			}
853 
854 			case RPCAP_MSG_OPEN_REQ:
855 			{
856 				//
857 				// Process the open request, and keep
858 				// the source from it, for use later
859 				// when the capture is started.
860 				//
861 				// XXX - we don't care if the client sends
862 				// us multiple open requests, the last
863 				// one wins.
864 				//
865 				retval = daemon_msg_open_req(header.ver, &pars,
866 				    plen, source, sizeof(source));
867 				if (retval == -1)
868 				{
869 					// Fatal error; a message has
870 					// been logged, so just give up.
871 					goto end;
872 				}
873 				got_source = 1;
874 				break;
875 			}
876 
877 			case RPCAP_MSG_STARTCAP_REQ:
878 			{
879 				if (!got_source)
880 				{
881 					// They never told us what device
882 					// to capture on!
883 					if (rpcap_senderror(pars.sockctrl, pars.ssl,
884 					    header.ver,
885 					    PCAP_ERR_STARTCAPTURE,
886 					    "No capture device was specified",
887 					    errbuf) == -1)
888 					{
889 						// Fatal error; log an
890 						// error and  give up.
891 						rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
892 						goto end;
893 					}
894 					if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
895 					{
896 						goto end;
897 					}
898 					break;
899 				}
900 
901 				if (daemon_msg_startcap_req(header.ver, &pars,
902 				    plen, source, &session, &samp_param,
903 				    uses_ssl) == -1)
904 				{
905 					// Fatal error; a message has
906 					// been logged, so just give up.
907 					goto end;
908 				}
909 				break;
910 			}
911 
912 			case RPCAP_MSG_UPDATEFILTER_REQ:
913 			{
914 				if (session)
915 				{
916 					if (daemon_msg_updatefilter_req(header.ver,
917 					    &pars, session, plen) == -1)
918 					{
919 						// Fatal error; a message has
920 						// been logged, so just give up.
921 						goto end;
922 					}
923 				}
924 				else
925 				{
926 					if (rpcap_senderror(pars.sockctrl, pars.ssl,
927 					    header.ver,
928 					    PCAP_ERR_UPDATEFILTER,
929 					    "Device not opened. Cannot update filter",
930 					    errbuf) == -1)
931 					{
932 						// That failed; log a message and give up.
933 						rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
934 						goto end;
935 					}
936 				}
937 				break;
938 			}
939 
940 			case RPCAP_MSG_CLOSE:		// The other endpoint close the pcap session
941 			{
942 				//
943 				// Indicate to our caller that the client
944 				// closed the control connection.
945 				// This is used only in case of active mode.
946 				//
947 				client_told_us_to_close = 1;
948 				rpcapd_log(LOGPRIO_DEBUG, "The other end system asked to close the connection.");
949 				goto end;
950 			}
951 
952 			case RPCAP_MSG_STATS_REQ:
953 			{
954 				if (daemon_msg_stats_req(header.ver, &pars,
955 				    session, plen, &stats, svrcapt) == -1)
956 				{
957 					// Fatal error; a message has
958 					// been logged, so just give up.
959 					goto end;
960 				}
961 				break;
962 			}
963 
964 			case RPCAP_MSG_ENDCAP_REQ:		// The other endpoint close the current capture session
965 			{
966 				if (session)
967 				{
968 					// Save statistics (we can need them in the future)
969 					if (pcap_stats(session->fp, &stats))
970 					{
971 						svrcapt = session->TotCapt;
972 					}
973 					else
974 					{
975 						stats.ps_ifdrop = 0;
976 						stats.ps_recv = 0;
977 						stats.ps_drop = 0;
978 						svrcapt = 0;
979 					}
980 
981 					if (daemon_msg_endcap_req(header.ver,
982 					    &pars, session) == -1)
983 					{
984 						free(session);
985 						session = NULL;
986 						// Fatal error; a message has
987 						// been logged, so just give up.
988 						goto end;
989 					}
990 					free(session);
991 					session = NULL;
992 				}
993 				else
994 				{
995 					rpcap_senderror(pars.sockctrl, pars.ssl,
996 					    header.ver,
997 					    PCAP_ERR_ENDCAPTURE,
998 					    "Device not opened. Cannot close the capture",
999 					    errbuf);
1000 				}
1001 				break;
1002 			}
1003 
1004 			case RPCAP_MSG_SETSAMPLING_REQ:
1005 			{
1006 				if (daemon_msg_setsampling_req(header.ver,
1007 				    &pars, plen, &samp_param) == -1)
1008 				{
1009 					// Fatal error; a message has
1010 					// been logged, so just give up.
1011 					goto end;
1012 				}
1013 				break;
1014 			}
1015 
1016 			case RPCAP_MSG_AUTH_REQ:
1017 			{
1018 				//
1019 				// We're already authenticated; you don't
1020 				// get to reauthenticate.
1021 				//
1022 				rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed");
1023 				if (rpcap_senderror(pars.sockctrl, pars.ssl,
1024 				    header.ver,
1025 				    PCAP_ERR_WRONGMSG,
1026 				    "RPCAP_MSG_AUTH_REQ request sent after authentication was completed",
1027 				    errbuf) == -1)
1028 				{
1029 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1030 					goto end;
1031 				}
1032 				// Discard the rest of the message.
1033 				if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1034 				{
1035 					// Fatal error.
1036 					goto end;
1037 				}
1038 				goto end;
1039 
1040 			case RPCAP_MSG_PACKET:
1041 			case RPCAP_MSG_FINDALLIF_REPLY:
1042 			case RPCAP_MSG_OPEN_REPLY:
1043 			case RPCAP_MSG_STARTCAP_REPLY:
1044 			case RPCAP_MSG_UPDATEFILTER_REPLY:
1045 			case RPCAP_MSG_AUTH_REPLY:
1046 			case RPCAP_MSG_STATS_REPLY:
1047 			case RPCAP_MSG_ENDCAP_REPLY:
1048 			case RPCAP_MSG_SETSAMPLING_REPLY:
1049 				//
1050 				// These are server-to-client messages.
1051 				//
1052 				msg_type_string = rpcap_msg_type_string(header.type);
1053 				if (msg_type_string != NULL)
1054 				{
1055 					rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string);
1056 					snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
1057 				}
1058 				else
1059 				{
1060 					rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type);
1061 					snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
1062 				}
1063 				if (rpcap_senderror(pars.sockctrl, pars.ssl,
1064 				    header.ver, PCAP_ERR_WRONGMSG,
1065 				    errmsgbuf, errbuf) == -1)
1066 				{
1067 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1068 					goto end;
1069 				}
1070 				// Discard the rest of the message.
1071 				if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1072 				{
1073 					// Fatal error.
1074 					goto end;
1075 				}
1076 				goto end;
1077 
1078 			default:
1079 				//
1080 				// Unknown message type.
1081 				//
1082 				rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type);
1083 				snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
1084 				if (rpcap_senderror(pars.sockctrl, pars.ssl,
1085 				    header.ver, PCAP_ERR_WRONGMSG,
1086 				    errbuf, errmsgbuf) == -1)
1087 				{
1088 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1089 					goto end;
1090 				}
1091 				// Discard the rest of the message.
1092 				if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1093 				{
1094 					// Fatal error.
1095 					goto end;
1096 				}
1097 				goto end;
1098 			}
1099 		}
1100 	}
1101 
1102 end:
1103 	// The service loop is finishing up.
1104 	// If we have a capture session running, close it.
1105 	if (session)
1106 	{
1107 		session_close(session);
1108 		free(session);
1109 		session = NULL;
1110 	}
1111 
1112 	if (passiveClients) {
1113 		free(passiveClients);
1114 	}
1115 	//
1116 	// Finish using the SSL handle for the control socket, if we
1117 	// have an SSL connection, and close the control socket.
1118 	//
1119 #ifdef HAVE_OPENSSL
1120 	if (ssl)
1121 	{
1122 		// Finish using the SSL handle for the socket.
1123 		// This must be done *before* the socket is closed.
1124 		ssl_finish(ssl);
1125 	}
1126 #endif
1127 	sock_close(sockctrl, NULL, 0);
1128 
1129 	// Print message and return
1130 	rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop");
1131 
1132 	return client_told_us_to_close;
1133 }
1134 
1135 /*
1136  * This handles the RPCAP_MSG_ERR message.
1137  */
1138 static int
1139 daemon_msg_err(PCAP_SOCKET sockctrl, SSL *ssl, uint32 plen)
1140 {
1141 	char errbuf[PCAP_ERRBUF_SIZE];
1142 	char remote_errbuf[PCAP_ERRBUF_SIZE];
1143 
1144 	if (plen >= PCAP_ERRBUF_SIZE)
1145 	{
1146 		/*
1147 		 * Message is too long; just read as much of it as we
1148 		 * can into the buffer provided, and discard the rest.
1149 		 */
1150 		if (sock_recv(sockctrl, ssl, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
1151 		    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
1152 		    PCAP_ERRBUF_SIZE) == -1)
1153 		{
1154 			// Network error.
1155 			rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1156 			return -1;
1157 		}
1158 		if (rpcapd_discard(sockctrl, ssl, plen - (PCAP_ERRBUF_SIZE - 1)) == -1)
1159 		{
1160 			// Network error.
1161 			return -1;
1162 		}
1163 
1164 		/*
1165 		 * Null-terminate it.
1166 		 */
1167 		remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0';
1168 	}
1169 	else if (plen == 0)
1170 	{
1171 		/* Empty error string. */
1172 		remote_errbuf[0] = '\0';
1173 	}
1174 	else
1175 	{
1176 		if (sock_recv(sockctrl, ssl, remote_errbuf, plen,
1177 		    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
1178 		    PCAP_ERRBUF_SIZE) == -1)
1179 		{
1180 			// Network error.
1181 			rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1182 			return -1;
1183 		}
1184 
1185 		/*
1186 		 * Null-terminate it.
1187 		 */
1188 		remote_errbuf[plen] = '\0';
1189 	}
1190 	// Log the message
1191 	rpcapd_log(LOGPRIO_ERROR, "Error from client: %s", remote_errbuf);
1192 	return 0;
1193 }
1194 
1195 /*
1196  * This handles the RPCAP_MSG_AUTH_REQ message.
1197  * It checks if the authentication credentials supplied by the user are valid.
1198  *
1199  * This function is called if the daemon receives a RPCAP_MSG_AUTH_REQ
1200  * message in its authentication loop.  It reads the body of the
1201  * authentication message from the network and checks whether the
1202  * credentials are valid.
1203  *
1204  * \param sockctrl: the socket for the control connection.
1205  *
1206  * \param nullAuthAllowed: '1' if the NULL authentication is allowed.
1207  *
1208  * \param errbuf: a user-allocated buffer in which the error message
1209  * (if one) has to be written.  It must be at least PCAP_ERRBUF_SIZE
1210  * bytes long.
1211  *
1212  * \return '0' if everything is fine, '-1' if an unrecoverable error occurred,
1213  * or '-2' if the authentication failed.  For errors, an error message is
1214  * returned in the 'errbuf' variable; this gives a message for the
1215  * unrecoverable error or for the authentication failure.
1216  */
1217 static int
1218 daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
1219 {
1220 	char errbuf[PCAP_ERRBUF_SIZE];		// buffer for network errors
1221 	char errmsgbuf[PCAP_ERRBUF_SIZE];	// buffer for errors to send to the client
1222 	int status;
1223 	struct rpcap_auth auth;			// RPCAP authentication header
1224 	char sendbuf[RPCAP_NETBUF_SIZE];	// temporary buffer in which data to be sent is buffered
1225 	int sendbufidx = 0;			// index which keeps the number of bytes currently buffered
1226 	struct rpcap_authreply *authreply;	// authentication reply message
1227 
1228 	status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf);
1229 	if (status == -1)
1230 	{
1231 		return -1;
1232 	}
1233 	if (status == -2)
1234 	{
1235 		goto error;
1236 	}
1237 
1238 	switch (ntohs(auth.type))
1239 	{
1240 		case RPCAP_RMTAUTH_NULL:
1241 		{
1242 			if (!pars->nullAuthAllowed)
1243 			{
1244 				// Send the client an error reply.
1245 				snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
1246 				    "Authentication failed; NULL authentication not permitted.");
1247 				if (rpcap_senderror(pars->sockctrl, pars->ssl,
1248 				    0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
1249 				{
1250 					// That failed; log a message and give up.
1251 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1252 					return -1;
1253 				}
1254 				goto error_noreply;
1255 			}
1256 			break;
1257 		}
1258 
1259 		case RPCAP_RMTAUTH_PWD:
1260 		{
1261 			char *username, *passwd;
1262 			uint32 usernamelen, passwdlen;
1263 
1264 			usernamelen = ntohs(auth.slen1);
1265 			username = (char *) malloc (usernamelen + 1);
1266 			if (username == NULL)
1267 			{
1268 				pcapint_fmt_errmsg_for_errno(errmsgbuf,
1269 				    PCAP_ERRBUF_SIZE, errno, "malloc() failed");
1270 				goto error;
1271 			}
1272 			status = rpcapd_recv(pars->sockctrl, pars->ssl, username, usernamelen, &plen, errmsgbuf);
1273 			if (status == -1)
1274 			{
1275 				free(username);
1276 				return -1;
1277 			}
1278 			if (status == -2)
1279 			{
1280 				free(username);
1281 				goto error;
1282 			}
1283 			username[usernamelen] = '\0';
1284 
1285 			passwdlen = ntohs(auth.slen2);
1286 			passwd = (char *) malloc (passwdlen + 1);
1287 			if (passwd == NULL)
1288 			{
1289 				pcapint_fmt_errmsg_for_errno(errmsgbuf,
1290 				    PCAP_ERRBUF_SIZE, errno, "malloc() failed");
1291 				free(username);
1292 				goto error;
1293 			}
1294 			status = rpcapd_recv(pars->sockctrl, pars->ssl, passwd, passwdlen, &plen, errmsgbuf);
1295 			if (status == -1)
1296 			{
1297 				free(username);
1298 				free(passwd);
1299 				return -1;
1300 			}
1301 			if (status == -2)
1302 			{
1303 				free(username);
1304 				free(passwd);
1305 				goto error;
1306 			}
1307 			passwd[passwdlen] = '\0';
1308 
1309 			if (daemon_AuthUserPwd(username, passwd, errmsgbuf))
1310 			{
1311 				//
1312 				// Authentication failed.  Let the client
1313 				// know.
1314 				//
1315 				free(username);
1316 				free(passwd);
1317 				if (rpcap_senderror(pars->sockctrl, pars->ssl,
1318 				    0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
1319 				{
1320 					// That failed; log a message and give up.
1321 					rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1322 					return -1;
1323 				}
1324 
1325 				//
1326 				// Suspend for 1 second, so that they can't
1327 				// hammer us with repeated tries with an
1328 				// attack such as a dictionary attack.
1329 				//
1330 				// WARNING: this delay is inserted only
1331 				// at this point; if the client closes the
1332 				// connection and reconnects, the suspension
1333 				// time does not have any effect.
1334 				//
1335 				sleep_secs(RPCAP_SUSPEND_WRONGAUTH);
1336 				goto error_noreply;
1337 			}
1338 
1339 			free(username);
1340 			free(passwd);
1341 			break;
1342 			}
1343 
1344 		default:
1345 			snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
1346 			    "Authentication type not recognized.");
1347 			if (rpcap_senderror(pars->sockctrl, pars->ssl,
1348 			    0, PCAP_ERR_AUTH_TYPE_NOTSUP, errmsgbuf, errbuf) == -1)
1349 			{
1350 				// That failed; log a message and give up.
1351 				rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1352 				return -1;
1353 			}
1354 			goto error_noreply;
1355 	}
1356 
1357 	// The authentication succeeded; let the client know.
1358 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1359 	    RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1360 		goto error;
1361 
1362 	rpcap_createhdr((struct rpcap_header *) sendbuf, 0,
1363 	    RPCAP_MSG_AUTH_REPLY, 0, sizeof(struct rpcap_authreply));
1364 
1365 	authreply = (struct rpcap_authreply *) &sendbuf[sendbufidx];
1366 
1367 	if (sock_bufferize(NULL, sizeof(struct rpcap_authreply), NULL, &sendbufidx,
1368 	    RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1369 		goto error;
1370 
1371 	//
1372 	// Indicate to our peer what versions we support and what our
1373 	// version of the byte-order magic is (which will tell the
1374 	// client whether our byte order differs from theirs, in which
1375 	// case they will need to byte-swap some fields in some
1376 	// link-layer types' headers).
1377 	//
1378 	memset(authreply, 0, sizeof(struct rpcap_authreply));
1379 	authreply->minvers = RPCAP_MIN_VERSION;
1380 	authreply->maxvers = RPCAP_MAX_VERSION;
1381 	authreply->byte_order_magic = RPCAP_BYTE_ORDER_MAGIC;
1382 
1383 	// Send the reply.
1384 	if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1385 	{
1386 		// That failed; log a message and give up.
1387 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1388 		return -1;
1389 	}
1390 
1391 	// Check if all the data has been read; if not, discard the data in excess
1392 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1393 	{
1394 		return -1;
1395 	}
1396 
1397 	return 0;
1398 
1399 error:
1400 	if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH,
1401 	    errmsgbuf, errbuf) == -1)
1402 	{
1403 		// That failed; log a message and give up.
1404 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1405 		return -1;
1406 	}
1407 
1408 error_noreply:
1409 	// Check if all the data has been read; if not, discard the data in excess
1410 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1411 	{
1412 		return -1;
1413 	}
1414 
1415 	return -2;
1416 }
1417 
1418 static int
1419 daemon_AuthUserPwd(char *username, char *password, char *errbuf)
1420 {
1421 #ifdef _WIN32
1422 	/*
1423 	 * Warning: the user which launches the process must have the
1424 	 * SE_TCB_NAME right.
1425 	 * This corresponds to have the "Act as part of the Operating System"
1426 	 * turned on (administrative tools, local security settings, local
1427 	 * policies, user right assignment)
1428 	 * However, it seems to me that if you run it as a service, this
1429 	 * right should be provided by default.
1430 	 *
1431 	 * XXX - hopefully, this returns errors such as ERROR_LOGON_FAILURE,
1432 	 * which merely indicates that the user name or password is
1433 	 * incorrect, not whether it's the user name or the password
1434 	 * that's incorrect, so a client that's trying to brute-force
1435 	 * accounts doesn't know whether it's the user name or the
1436 	 * password that's incorrect, so it doesn't know whether to
1437 	 * stop trying to log in with a given user name and move on
1438 	 * to another user name.
1439 	 */
1440 	DWORD error;
1441 	HANDLE Token;
1442 	char errmsgbuf[PCAP_ERRBUF_SIZE];	// buffer for errors to log
1443 
1444 	if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
1445 	{
1446 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1447 		error = GetLastError();
1448 		if (error != ERROR_LOGON_FAILURE)
1449 		{
1450 			// Some error other than an authentication error;
1451 			// log it.
1452 			pcapint_fmt_errmsg_for_win32_err(errmsgbuf,
1453 			    PCAP_ERRBUF_SIZE, error, "LogonUser() failed");
1454 			rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
1455 		}
1456 		return -1;
1457 	}
1458 
1459 	// This call should change the current thread to the selected user.
1460 	// I didn't test it.
1461 	if (ImpersonateLoggedOnUser(Token) == 0)
1462 	{
1463 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1464 		pcapint_fmt_errmsg_for_win32_err(errmsgbuf, PCAP_ERRBUF_SIZE,
1465 		    GetLastError(), "ImpersonateLoggedOnUser() failed");
1466 		rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
1467 		CloseHandle(Token);
1468 		return -1;
1469 	}
1470 
1471 	CloseHandle(Token);
1472 	return 0;
1473 
1474 #else
1475 	/*
1476 	 * See
1477 	 *
1478 	 *	https://www.unixpapa.com/incnote/passwd.html
1479 	 *
1480 	 * We use the Solaris/Linux shadow password authentication if
1481 	 * we have getspnam(), otherwise we just do traditional
1482 	 * authentication, which, on some platforms, might work, even
1483 	 * with shadow passwords, if we're running as root.  Traditional
1484 	 * authentication won't work if we're not running as root, as
1485 	 * I think these days all UN*Xes either won't return the password
1486 	 * at all with getpwnam() or will only do so if you're root.
1487 	 *
1488 	 * XXX - perhaps what we *should* be using is PAM, if we have
1489 	 * it.  That might hide all the details of username/password
1490 	 * authentication, whether it's done with a visible-to-root-
1491 	 * only password database or some other authentication mechanism,
1492 	 * behind its API.
1493 	 */
1494 	int error;
1495 	struct passwd *user;
1496 	char *user_password;
1497 #ifdef HAVE_GETSPNAM
1498 	struct spwd *usersp;
1499 #endif
1500 	char *crypt_password;
1501 
1502 	// This call is needed to get the uid
1503 	if ((user = getpwnam(username)) == NULL)
1504 	{
1505 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1506 		return -1;
1507 	}
1508 
1509 #ifdef HAVE_GETSPNAM
1510 	// This call is needed to get the password; otherwise 'x' is returned
1511 	if ((usersp = getspnam(username)) == NULL)
1512 	{
1513 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1514 		return -1;
1515 	}
1516 	user_password = usersp->sp_pwdp;
1517 #else
1518 	/*
1519 	 * XXX - what about other platforms?
1520 	 * The unixpapa.com page claims this Just Works on *BSD if you're
1521 	 * running as root - it's from 2000, so it doesn't indicate whether
1522 	 * macOS (which didn't come out until 2001, under the name Mac OS
1523 	 * X) behaves like the *BSDs or not, and might also work on AIX.
1524 	 * HP-UX does something else.
1525 	 *
1526 	 * Again, hopefully PAM hides all that.
1527 	 */
1528 	user_password = user->pw_passwd;
1529 #endif
1530 
1531 	//
1532 	// The Single UNIX Specification says that if crypt() fails it
1533 	// sets errno, but some implementations that haven't been run
1534 	// through the SUS test suite might not do so.
1535 	//
1536 	errno = 0;
1537 	crypt_password = crypt(password, user_password);
1538 	if (crypt_password == NULL)
1539 	{
1540 		error = errno;
1541 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1542 		if (error == 0)
1543 		{
1544 			// It didn't set errno.
1545 			rpcapd_log(LOGPRIO_ERROR, "crypt() failed");
1546 		}
1547 		else
1548 		{
1549 			rpcapd_log(LOGPRIO_ERROR, "crypt() failed: %s",
1550 			    strerror(error));
1551 		}
1552 		return -1;
1553 	}
1554 	if (strcmp(user_password, crypt_password) != 0)
1555 	{
1556 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1557 		return -1;
1558 	}
1559 
1560 	if (setuid(user->pw_uid))
1561 	{
1562 		error = errno;
1563 		pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1564 		    error, "setuid");
1565 		rpcapd_log(LOGPRIO_ERROR, "setuid() failed: %s",
1566 		    strerror(error));
1567 		return -1;
1568 	}
1569 
1570 /*	if (setgid(user->pw_gid))
1571 	{
1572 		error = errno;
1573 		pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1574 		    errno, "setgid");
1575 		rpcapd_log(LOGPRIO_ERROR, "setgid() failed: %s",
1576 		    strerror(error));
1577 		return -1;
1578 	}
1579 */
1580 	return 0;
1581 
1582 #endif
1583 
1584 }
1585 
1586 /*
1587  * Make sure that the reply length won't overflow 32 bits if we add the
1588  * specified amount to it.  If it won't, add that amount to it.
1589  *
1590  * We check whether replylen + itemlen > UINT32_MAX, but subtract itemlen
1591  * from both sides, to prevent overflow.
1592  */
1593 #define CHECK_AND_INCREASE_REPLY_LEN(itemlen) \
1594 	if (replylen > UINT32_MAX - (itemlen)) { \
1595 		pcapint_strlcpy(errmsgbuf, "Reply length doesn't fit in 32 bits", \
1596 		    sizeof (errmsgbuf)); \
1597 		goto error; \
1598 	} \
1599 	replylen += (uint32)(itemlen)
1600 
1601 static int
1602 daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen)
1603 {
1604 	char errbuf[PCAP_ERRBUF_SIZE];		// buffer for network errors
1605 	char errmsgbuf[PCAP_ERRBUF_SIZE];	// buffer for errors to send to the client
1606 	char sendbuf[RPCAP_NETBUF_SIZE];	// temporary buffer in which data to be sent is buffered
1607 	int sendbufidx = 0;			// index which keeps the number of bytes currently buffered
1608 	pcap_if_t *alldevs = NULL;		// pointer to the header of the interface chain
1609 	pcap_if_t *d;				// temp pointer needed to scan the interface chain
1610 	struct pcap_addr *address;		// pcap structure that keeps a network address of an interface
1611 	uint32 replylen;			// length of reply payload
1612 	uint16 nif = 0;				// counts the number of interface listed
1613 
1614 	// Discard the rest of the message; there shouldn't be any payload.
1615 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1616 	{
1617 		// Network error.
1618 		return -1;
1619 	}
1620 
1621 	// Retrieve the device list
1622 	if (pcap_findalldevs(&alldevs, errmsgbuf) == -1)
1623 		goto error;
1624 
1625 	if (alldevs == NULL)
1626 	{
1627 		if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
1628 			PCAP_ERR_NOREMOTEIF,
1629 			"No interfaces found! Make sure libpcap/WinPcap is properly installed"
1630 			" and you have the right to access to the remote device.",
1631 			errbuf) == -1)
1632 		{
1633 			rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1634 			return -1;
1635 		}
1636 		return 0;
1637 	}
1638 
1639 	// This checks the number of interfaces and computes the total
1640 	// length of the payload.
1641 	replylen = 0;
1642 	for (d = alldevs; d != NULL; d = d->next)
1643 	{
1644 		nif++;
1645 
1646 		if (d->description) {
1647 			size_t stringlen = strlen(d->description);
1648 			if (stringlen > UINT16_MAX) {
1649 				pcapint_strlcpy(errmsgbuf,
1650 				    "Description length doesn't fit in 16 bits",
1651 				    sizeof (errmsgbuf));
1652 				goto error;
1653 			}
1654 			CHECK_AND_INCREASE_REPLY_LEN(stringlen);
1655 		}
1656 		if (d->name) {
1657 			size_t stringlen = strlen(d->name);
1658 			if (stringlen > UINT16_MAX) {
1659 				pcapint_strlcpy(errmsgbuf,
1660 				    "Name length doesn't fit in 16 bits",
1661 				    sizeof (errmsgbuf));
1662 				goto error;
1663 			}
1664 			CHECK_AND_INCREASE_REPLY_LEN(stringlen);
1665 		}
1666 
1667 		CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_findalldevs_if));
1668 
1669 		uint16_t naddrs = 0;
1670 		for (address = d->addresses; address != NULL; address = address->next)
1671 		{
1672 			/*
1673 			 * Send only IPv4 and IPv6 addresses over the wire.
1674 			 */
1675 			switch (address->addr->sa_family)
1676 			{
1677 			case AF_INET:
1678 #ifdef AF_INET6
1679 			case AF_INET6:
1680 #endif
1681 				CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_sockaddr) * 4);
1682 				if (naddrs == UINT16_MAX) {
1683 					pcapint_strlcpy(errmsgbuf,
1684 					    "Number of interfaces doesn't fit in 16 bits",
1685 					    sizeof (errmsgbuf));
1686 					goto error;
1687 				}
1688 				naddrs++;
1689 				break;
1690 
1691 			default:
1692 				break;
1693 			}
1694 		}
1695 	}
1696 
1697 	// RPCAP findalldevs reply
1698 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
1699 	    &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf,
1700 	    PCAP_ERRBUF_SIZE) == -1)
1701 		goto error;
1702 
1703 	rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
1704 	    RPCAP_MSG_FINDALLIF_REPLY, nif, replylen);
1705 
1706 	// send the interface list
1707 	for (d = alldevs; d != NULL; d = d->next)
1708 	{
1709 		uint16 lname, ldescr;
1710 
1711 		// Note: the findalldevs_if entries are *not* neatly
1712 		// aligned on 4-byte boundaries, because they're
1713 		// preceded by strings that aren't padded to 4-byte
1714 		// boundaries, so we cannot just cast output buffer
1715 		// boundaries to struct rpcap_findalldevs_if pointers
1716 		// and store into them - we must fill in a structure and
1717 		// then copy the structure to the buffer, as not all
1718 		// systems support unaligned access (some, such as
1719 		// SPARC, crash; others, such as Arm, may just ignore
1720 		// the lower-order bits).
1721 		struct rpcap_findalldevs_if findalldevs_if;
1722 
1723 		/*
1724 		 * We've already established that the string lengths
1725 		 * fit in 16 bits.
1726 		 */
1727 		if (d->description)
1728 			ldescr = (uint16) strlen(d->description);
1729 		else
1730 			ldescr = 0;
1731 		if (d->name)
1732 			lname = (uint16) strlen(d->name);
1733 		else
1734 			lname = 0;
1735 
1736 		findalldevs_if.desclen = htons(ldescr);
1737 		findalldevs_if.namelen = htons(lname);
1738 		findalldevs_if.flags = htonl(d->flags);
1739 
1740 		uint16_t naddrs = 0;
1741 		for (address = d->addresses; address != NULL; address = address->next)
1742 		{
1743 			/*
1744 			 * Send only IPv4 and IPv6 addresses over the wire.
1745 			 */
1746 			switch (address->addr->sa_family)
1747 			{
1748 			case AF_INET:
1749 #ifdef AF_INET6
1750 			case AF_INET6:
1751 #endif
1752 				naddrs++;
1753 				break;
1754 
1755 			default:
1756 				break;
1757 			}
1758 		}
1759 		findalldevs_if.naddr = htons(naddrs);
1760 		findalldevs_if.dummy = 0;
1761 
1762 		if (sock_bufferize(&findalldevs_if, sizeof(struct rpcap_findalldevs_if), sendbuf,
1763 		    &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1764 		    PCAP_ERRBUF_SIZE) == -1)
1765 			goto error;
1766 
1767 		if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
1768 		    RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1769 		    PCAP_ERRBUF_SIZE) == -1)
1770 			goto error;
1771 
1772 		if (sock_bufferize(d->description, ldescr, sendbuf, &sendbufidx,
1773 		    RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1774 		    PCAP_ERRBUF_SIZE) == -1)
1775 			goto error;
1776 
1777 		// send all addresses
1778 		for (address = d->addresses; address != NULL; address = address->next)
1779 		{
1780 			struct rpcap_sockaddr *sockaddr;
1781 
1782 			/*
1783 			 * Send only IPv4 and IPv6 addresses over the wire.
1784 			 */
1785 			switch (address->addr->sa_family)
1786 			{
1787 			case AF_INET:
1788 #ifdef AF_INET6
1789 			case AF_INET6:
1790 #endif
1791 				sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1792 				if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1793 				    &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1794 					goto error;
1795 				daemon_seraddr((struct sockaddr_storage *) address->addr, sockaddr);
1796 
1797 				sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1798 				if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1799 				    &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1800 					goto error;
1801 				daemon_seraddr((struct sockaddr_storage *) address->netmask, sockaddr);
1802 
1803 				sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1804 				if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1805 				    &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1806 					goto error;
1807 				daemon_seraddr((struct sockaddr_storage *) address->broadaddr, sockaddr);
1808 
1809 				sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1810 				if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1811 				    &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1812 					goto error;
1813 				daemon_seraddr((struct sockaddr_storage *) address->dstaddr, sockaddr);
1814 				break;
1815 
1816 			default:
1817 				break;
1818 			}
1819 		}
1820 	}
1821 
1822 	// We no longer need the device list. Free it.
1823 	pcap_freealldevs(alldevs);
1824 
1825 	// Send a final command that says "now send it!"
1826 	if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1827 	{
1828 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1829 		return -1;
1830 	}
1831 
1832 	return 0;
1833 
1834 error:
1835 	if (alldevs)
1836 		pcap_freealldevs(alldevs);
1837 
1838 	if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
1839 	    PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1)
1840 	{
1841 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1842 		return -1;
1843 	}
1844 	return 0;
1845 }
1846 
1847 /*
1848 	\param plen: the length of the current message (needed in order to be able
1849 	to discard excess data in the message, if present)
1850 */
1851 static int
1852 daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
1853     char *source, size_t sourcelen)
1854 {
1855 	char errbuf[PCAP_ERRBUF_SIZE];		// buffer for network errors
1856 	char errmsgbuf[PCAP_ERRBUF_SIZE];	// buffer for errors to send to the client
1857 	pcap_t *fp;				// pcap_t main variable
1858 	int nread;
1859 	char sendbuf[RPCAP_NETBUF_SIZE];	// temporary buffer in which data to be sent is buffered
1860 	int sendbufidx = 0;			// index which keeps the number of bytes currently buffered
1861 	struct rpcap_openreply *openreply;	// open reply message
1862 
1863 	if (plen > sourcelen - 1)
1864 	{
1865 		snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long");
1866 		goto error;
1867 	}
1868 
1869 	nread = sock_recv(pars->sockctrl, pars->ssl, source, plen,
1870 	    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
1871 	if (nread == -1)
1872 	{
1873 		rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1874 		return -1;
1875 	}
1876 	source[nread] = '\0';
1877 	plen -= nread;
1878 
1879 	// Is this a URL rather than a device?
1880 	// If so, reject it.
1881 	if (is_url(source))
1882 	{
1883 		snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string refers to a remote device");
1884 		goto error;
1885 	}
1886 
1887 	// Open the selected device
1888 	// This is a fake open, since we do that only to get the needed parameters, then we close the device again
1889 	if ((fp = pcap_open_live(source,
1890 			1500 /* fake snaplen */,
1891 			0 /* no promisc */,
1892 			1000 /* fake timeout */,
1893 			errmsgbuf)) == NULL)
1894 		goto error;
1895 
1896 	// Now, I can send a RPCAP open reply message
1897 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1898 	    RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1899 		goto error;
1900 
1901 	rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
1902 	    RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
1903 
1904 	openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
1905 
1906 	if (sock_bufferize(NULL, sizeof(struct rpcap_openreply), NULL, &sendbufidx,
1907 	    RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1908 		goto error;
1909 
1910 	memset(openreply, 0, sizeof(struct rpcap_openreply));
1911 	openreply->linktype = htonl(pcap_datalink(fp));
1912 	/*
1913 	 * This is always 0 for live captures; we no longer support it
1914 	 * as something we read from capture files and supply to
1915 	 * clients, but we have to send it over the wire, as open
1916 	 * replies are expected to have 8 bytes of payload by
1917 	 * existing clients.
1918 	 */
1919 	openreply->tzoff = 0;
1920 
1921 	// We're done with the pcap_t.
1922 	pcap_close(fp);
1923 
1924 	// Send the reply.
1925 	if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1926 	{
1927 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1928 		return -1;
1929 	}
1930 	return 0;
1931 
1932 error:
1933 	if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_OPEN,
1934 	    errmsgbuf, errbuf) == -1)
1935 	{
1936 		// That failed; log a message and give up.
1937 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1938 		return -1;
1939 	}
1940 
1941 	// Check if all the data has been read; if not, discard the data in excess
1942 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1943 	{
1944 		return -1;
1945 	}
1946 	return 0;
1947 }
1948 
1949 /*
1950 	\param plen: the length of the current message (needed in order to be able
1951 	to discard excess data in the message, if present)
1952 */
1953 static int
1954 daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
1955     char *source, struct session **sessionp,
1956     struct rpcap_sampling *samp_param _U_, int uses_ssl)
1957 {
1958 	char errbuf[PCAP_ERRBUF_SIZE];		// buffer for network errors
1959 	char errmsgbuf[PCAP_ERRBUF_SIZE];	// buffer for errors to send to the client
1960 	char portdata[PCAP_BUF_SIZE];		// temp variable needed to derive the data port
1961 	char peerhost[PCAP_BUF_SIZE];		// temp variable needed to derive the host name of our peer
1962 	struct session *session = NULL;		// saves state of session
1963 	int status;
1964 	char sendbuf[RPCAP_NETBUF_SIZE];	// temporary buffer in which data to be sent is buffered
1965 	int sendbufidx = 0;			// index which keeps the number of bytes currently buffered
1966 
1967 	// socket-related variables
1968 	struct addrinfo hints;			// temp, needed to open a socket connection
1969 	struct addrinfo *addrinfo;		// temp, needed to open a socket connection
1970 	struct sockaddr_storage saddr;		// temp, needed to retrieve the network data port chosen on the local machine
1971 	socklen_t saddrlen;			// temp, needed to retrieve the network data port chosen on the local machine
1972 	int ret;				// return value from functions
1973 
1974 	// RPCAP-related variables
1975 	struct rpcap_startcapreq startcapreq;		// start capture request message
1976 	struct rpcap_startcapreply *startcapreply;	// start capture reply message
1977 	int serveropen_dp;							// keeps who is going to open the data connection
1978 
1979 	addrinfo = NULL;
1980 
1981 	status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &startcapreq,
1982 	    sizeof(struct rpcap_startcapreq), &plen, errmsgbuf);
1983 	if (status == -1)
1984 	{
1985 		goto fatal_error;
1986 	}
1987 	if (status == -2)
1988 	{
1989 		goto error;
1990 	}
1991 
1992 	startcapreq.flags = ntohs(startcapreq.flags);
1993 
1994 	// Check that the client does not ask for UDP is the server has been asked
1995 	// to enforce encryption, as SSL is not supported yet with UDP:
1996 	if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM))
1997 	{
1998 		snprintf(errbuf, PCAP_ERRBUF_SIZE,
1999 		    "SSL not supported with UDP forward of remote packets");
2000 		goto error;
2001 	}
2002 
2003 	// Create a session structure
2004 	session = malloc(sizeof(struct session));
2005 	if (session == NULL)
2006 	{
2007 		snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure");
2008 		goto error;
2009 	}
2010 
2011 	session->sockdata = INVALID_SOCKET;
2012 	session->ctrl_ssl = session->data_ssl = NULL;
2013 	// We don't have a thread yet.
2014 	session->have_thread = 0;
2015 	//
2016 	// We *shouldn't* have to initialize the thread indicator
2017 	// itself, because the compiler *should* realize that we
2018 	// only use this if have_thread isn't 0, but we *do* have
2019 	// to do it, because not all compilers *do* realize that.
2020 	//
2021 	// There is no "invalid thread handle" value for a UN*X
2022 	// pthread_t, so we just zero it out.
2023 	//
2024 #ifdef _WIN32
2025 	session->thread = INVALID_HANDLE_VALUE;
2026 #else
2027 	memset(&session->thread, 0, sizeof(session->thread));
2028 #endif
2029 
2030 	// Open the selected device
2031 	if ((session->fp = pcap_open_live(source,
2032 			ntohl(startcapreq.snaplen),
2033 			(startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_PROMISC) ? 1 : 0 /* local device, other flags not needed */,
2034 			ntohl(startcapreq.read_timeout),
2035 			errmsgbuf)) == NULL)
2036 		goto error;
2037 
2038 #if 0
2039 	// Apply sampling parameters
2040 	fp->rmt_samp.method = samp_param->method;
2041 	fp->rmt_samp.value = samp_param->value;
2042 #endif
2043 
2044 	/*
2045 	We're in active mode if:
2046 	- we're using TCP, and the user wants us to be in active mode
2047 	- we're using UDP
2048 	*/
2049 	serveropen_dp = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_SERVEROPEN) || (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) || pars->isactive;
2050 
2051 	/*
2052 	Gets the sockaddr structure referred to the other peer in the ctrl connection
2053 
2054 	We need that because:
2055 	- if we're in passive mode, we need to know the address family we want to use
2056 	(the same used for the ctrl socket)
2057 	- if we're in active mode, we need to know the network address of the other host
2058 	we want to connect to
2059 	*/
2060 	saddrlen = sizeof(struct sockaddr_storage);
2061 	if (getpeername(pars->sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
2062 	{
2063 		sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
2064 		    "getpeername() failed");
2065 		goto error;
2066 	}
2067 
2068 	memset(&hints, 0, sizeof(struct addrinfo));
2069 	hints.ai_socktype = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) ? SOCK_DGRAM : SOCK_STREAM;
2070 	hints.ai_family = saddr.ss_family;
2071 
2072 	// Now we have to create a new socket to send packets
2073 	if (serveropen_dp)		// Data connection is opened by the server toward the client
2074 	{
2075 		snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata));
2076 
2077 		// Get the name of the other peer (needed to connect to that specific network address)
2078 		if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
2079 				sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
2080 		{
2081 			sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
2082 			    "getnameinfo() failed");
2083 			goto error;
2084 		}
2085 
2086 		addrinfo = sock_initaddress(peerhost, portdata, &hints,
2087 		    errmsgbuf, PCAP_ERRBUF_SIZE);
2088 		if (addrinfo == NULL)
2089 			goto error;
2090 
2091 		if ((session->sockdata = sock_open(peerhost, addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2092 			goto error;
2093 	}
2094 	else		// Data connection is opened by the client toward the server
2095 	{
2096 		hints.ai_flags = AI_PASSIVE;
2097 
2098 		// Make the server socket pick up a free network port for us
2099 		addrinfo = sock_initaddress(NULL, NULL, &hints, errmsgbuf,
2100 		    PCAP_ERRBUF_SIZE);
2101 		if (addrinfo == NULL)
2102 			goto error;
2103 
2104 		if ((session->sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2105 			goto error;
2106 
2107 		// get the complete sockaddr structure used in the data connection
2108 		saddrlen = sizeof(struct sockaddr_storage);
2109 		if (getsockname(session->sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
2110 		{
2111 			sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
2112 			    "getsockname() failed");
2113 			goto error;
2114 		}
2115 
2116 		// Get the local port the system picked up
2117 		if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
2118 				0, portdata, sizeof(portdata), NI_NUMERICSERV))
2119 		{
2120 			sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
2121 			    "getnameinfo() failed");
2122 			goto error;
2123 		}
2124 	}
2125 
2126 	// addrinfo is no longer used
2127 	freeaddrinfo(addrinfo);
2128 	addrinfo = NULL;
2129 
2130 	// Needed to send an error on the ctrl connection
2131 	session->sockctrl = pars->sockctrl;
2132 	session->ctrl_ssl = pars->ssl;
2133 	session->protocol_version = ver;
2134 
2135 	// Now I can set the filter
2136 	ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
2137 	if (ret == -1)
2138 	{
2139 		// Fatal error.  A message has been logged; just give up.
2140 		goto fatal_error;
2141 	}
2142 	if (ret == -2)
2143 	{
2144 		// Non-fatal error.  Send an error message to the client.
2145 		goto error;
2146 	}
2147 
2148 	// Now, I can send a RPCAP start capture reply message
2149 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
2150 	    RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2151 		goto error;
2152 
2153 	rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
2154 	    RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
2155 
2156 	startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
2157 
2158 	if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreply), NULL,
2159 	    &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2160 		goto error;
2161 
2162 	memset(startcapreply, 0, sizeof(struct rpcap_startcapreply));
2163 	startcapreply->bufsize = htonl(pcap_bufsize(session->fp));
2164 
2165 	if (!serveropen_dp)
2166 	{
2167 		unsigned short port = (unsigned short)strtoul(portdata,NULL,10);
2168 		startcapreply->portdata = htons(port);
2169 	}
2170 
2171 	if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
2172 	{
2173 		// That failed; log a message and give up.
2174 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2175 		goto fatal_error;
2176 	}
2177 
2178 	if (!serveropen_dp)
2179 	{
2180 		PCAP_SOCKET socktemp;	// We need another socket, since we're going to accept() a connection
2181 
2182 		// Connection creation
2183 		saddrlen = sizeof(struct sockaddr_storage);
2184 
2185 		socktemp = accept(session->sockdata, (struct sockaddr *) &saddr, &saddrlen);
2186 
2187 		if (socktemp == INVALID_SOCKET)
2188 		{
2189 			sock_geterrmsg(errbuf, PCAP_ERRBUF_SIZE,
2190 			   "accept() failed");
2191 			rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s",
2192 			    errbuf);
2193 			goto error;
2194 		}
2195 
2196 		// Now that I accepted the connection, the server socket is no longer needed
2197 		sock_close(session->sockdata, NULL, 0);
2198 		session->sockdata = socktemp;
2199 	}
2200 
2201 	SSL *ssl = NULL;
2202 	if (uses_ssl)
2203 	{
2204 #ifdef HAVE_OPENSSL
2205 		/* In both active or passive cases, wait for the client to initiate the
2206 		 * TLS handshake. Yes during that time the control socket will not be
2207 		 * served, but the same was true from the above call to accept(). */
2208 		ssl = ssl_promotion(1, session->sockdata, errbuf, PCAP_ERRBUF_SIZE);
2209 		if (! ssl)
2210 		{
2211 			rpcapd_log(LOGPRIO_ERROR, "TLS handshake failed: %s", errbuf);
2212 			goto error;
2213 		}
2214 #endif
2215 	}
2216 	session->data_ssl = ssl;
2217 
2218 	// Now we have to create a new thread to receive packets
2219 #ifdef _WIN32
2220 	session->thread = (HANDLE)_beginthreadex(NULL, 0, daemon_thrdatamain,
2221 	    (void *) session, 0, NULL);
2222 	if (session->thread == 0)
2223 	{
2224 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
2225 		goto error;
2226 	}
2227 #else
2228 	ret = pthread_create(&session->thread, NULL, daemon_thrdatamain,
2229 	    (void *) session);
2230 	if (ret != 0)
2231 	{
2232 		pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2233 		    ret, "Error creating the data thread");
2234 		goto error;
2235 	}
2236 #endif
2237 	session->have_thread = 1;
2238 
2239 	// Check if all the data has been read; if not, discard the data in excess
2240 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2241 		goto fatal_error;
2242 
2243 	*sessionp = session;
2244 	return 0;
2245 
2246 error:
2247 	//
2248 	// Not a fatal error, so send the client an error message and
2249 	// keep serving client requests.
2250 	//
2251 	*sessionp = NULL;
2252 
2253 	if (addrinfo)
2254 		freeaddrinfo(addrinfo);
2255 
2256 	if (session)
2257 	{
2258 		session_close(session);
2259 		free(session);
2260 	}
2261 
2262 	if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
2263 	    PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1)
2264 	{
2265 		// That failed; log a message and give up.
2266 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2267 		return -1;
2268 	}
2269 
2270 	// Check if all the data has been read; if not, discard the data in excess
2271 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2272 	{
2273 		// Network error.
2274 		return -1;
2275 	}
2276 
2277 	return 0;
2278 
2279 fatal_error:
2280 	//
2281 	// Fatal network error, so don't try to communicate with
2282 	// the client, just give up.
2283 	//
2284 	*sessionp = NULL;
2285 
2286 	if (session)
2287 	{
2288 		session_close(session);
2289 		free(session);
2290 	}
2291 
2292 	return -1;
2293 }
2294 
2295 static int
2296 daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
2297     struct session *session)
2298 {
2299 	char errbuf[PCAP_ERRBUF_SIZE];		// buffer for network errors
2300 	struct rpcap_header header;
2301 
2302 	session_close(session);
2303 
2304 	rpcap_createhdr(&header, ver, RPCAP_MSG_ENDCAP_REPLY, 0, 0);
2305 
2306 	if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
2307 	{
2308 		// That failed; log a message and give up.
2309 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2310 		return -1;
2311 	}
2312 
2313 	return 0;
2314 }
2315 
2316 //
2317 // We impose a limit on the filter program size, so that, on Windows,
2318 // where there's only one server process with multiple threads, it's
2319 // harder to eat all the server address space by sending larger filter
2320 // programs.  (This isn't an issue on UN*X, where there are multiple
2321 // server processes, one per client connection.)
2322 //
2323 // We pick a value that limits each filter to 64K; that value is twice
2324 // the in-kernel limit for Linux and 16 times the in-kernel limit for
2325 // *BSD and macOS.
2326 //
2327 // It also prevents an overflow on 32-bit platforms when calculating
2328 // the total size of the filter program.  (It's not an issue on 64-bit
2329 // platforms with a 64-bit size_t, as the filter size is 32 bits.)
2330 //
2331 #define RPCAP_BPF_MAXINSNS	8192
2332 
2333 static int
2334 daemon_unpackapplyfilter(PCAP_SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf)
2335 {
2336 	int status;
2337 	struct rpcap_filter filter;
2338 	struct rpcap_filterbpf_insn insn;
2339 	struct bpf_insn *bf_insn;
2340 	struct bpf_program bf_prog;
2341 	unsigned int i;
2342 
2343 	status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &filter,
2344 	    sizeof(struct rpcap_filter), plenp, errmsgbuf);
2345 	if (status == -1)
2346 	{
2347 		return -1;
2348 	}
2349 	if (status == -2)
2350 	{
2351 		return -2;
2352 	}
2353 
2354 	bf_prog.bf_len = ntohl(filter.nitems);
2355 
2356 	if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
2357 	{
2358 		snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
2359 		return -2;
2360 	}
2361 
2362 	if (bf_prog.bf_len > RPCAP_BPF_MAXINSNS)
2363 	{
2364 		snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
2365 		    "Filter program is larger than the maximum size of %d instructions",
2366 		    RPCAP_BPF_MAXINSNS);
2367 		return -2;
2368 	}
2369 	bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
2370 	if (bf_insn == NULL)
2371 	{
2372 		pcapint_fmt_errmsg_for_errno(errmsgbuf, PCAP_ERRBUF_SIZE,
2373 		    errno, "malloc() failed");
2374 		return -2;
2375 	}
2376 
2377 	bf_prog.bf_insns = bf_insn;
2378 
2379 	for (i = 0; i < bf_prog.bf_len; i++)
2380 	{
2381 		status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &insn,
2382 		    sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf);
2383 		if (status == -1)
2384 		{
2385 			return -1;
2386 		}
2387 		if (status == -2)
2388 		{
2389 			return -2;
2390 		}
2391 
2392 		bf_insn->code = ntohs(insn.code);
2393 		bf_insn->jf = insn.jf;
2394 		bf_insn->jt = insn.jt;
2395 		bf_insn->k = ntohl(insn.k);
2396 
2397 		bf_insn++;
2398 	}
2399 
2400 	//
2401 	// XXX - pcap_setfilter() should do the validation for us.
2402 	//
2403 	if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
2404 	{
2405 		snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
2406 		return -2;
2407 	}
2408 
2409 	if (pcap_setfilter(session->fp, &bf_prog))
2410 	{
2411 		snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
2412 		return -2;
2413 	}
2414 
2415 	return 0;
2416 }
2417 
2418 static int
2419 daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
2420     struct session *session, uint32 plen)
2421 {
2422 	char errbuf[PCAP_ERRBUF_SIZE];
2423 	char errmsgbuf[PCAP_ERRBUF_SIZE];	// buffer for errors to send to the client
2424 	int ret;				// status of daemon_unpackapplyfilter()
2425 	struct rpcap_header header;		// keeps the answer to the updatefilter command
2426 
2427 	ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
2428 	if (ret == -1)
2429 	{
2430 		// Fatal error.  A message has been logged; just give up.
2431 		return -1;
2432 	}
2433 	if (ret == -2)
2434 	{
2435 		// Non-fatal error.  Send an error reply to the client.
2436 		goto error;
2437 	}
2438 
2439 	// Check if all the data has been read; if not, discard the data in excess
2440 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2441 	{
2442 		// Network error.
2443 		return -1;
2444 	}
2445 
2446 	// A response is needed, otherwise the other host does not know that everything went well
2447 	rpcap_createhdr(&header, ver, RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0);
2448 
2449 	if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE))
2450 	{
2451 		// That failed; log a message and give up.
2452 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2453 		return -1;
2454 	}
2455 
2456 	return 0;
2457 
2458 error:
2459 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2460 	{
2461 		return -1;
2462 	}
2463 	rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_UPDATEFILTER,
2464 	    errmsgbuf, NULL);
2465 
2466 	return 0;
2467 }
2468 
2469 /*!
2470 	\brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
2471 */
2472 static int
2473 daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
2474     struct rpcap_sampling *samp_param)
2475 {
2476 	char errbuf[PCAP_ERRBUF_SIZE];		// buffer for network errors
2477 	char errmsgbuf[PCAP_ERRBUF_SIZE];
2478 	struct rpcap_header header;
2479 	struct rpcap_sampling rpcap_samp;
2480 	int status;
2481 
2482 	status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &rpcap_samp, sizeof(struct rpcap_sampling), &plen, errmsgbuf);
2483 	if (status == -1)
2484 	{
2485 		return -1;
2486 	}
2487 	if (status == -2)
2488 	{
2489 		goto error;
2490 	}
2491 
2492 	// Save these settings in the pcap_t
2493 	samp_param->method = rpcap_samp.method;
2494 	samp_param->value = ntohl(rpcap_samp.value);
2495 
2496 	// A response is needed, otherwise the other host does not know that everything went well
2497 	rpcap_createhdr(&header, ver, RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
2498 
2499 	if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
2500 	{
2501 		// That failed; log a message and give up.
2502 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2503 		return -1;
2504 	}
2505 
2506 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2507 	{
2508 		return -1;
2509 	}
2510 
2511 	return 0;
2512 
2513 error:
2514 	if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_SETSAMPLING,
2515 	    errmsgbuf, errbuf) == -1)
2516 	{
2517 		// That failed; log a message and give up.
2518 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2519 		return -1;
2520 	}
2521 
2522 	// Check if all the data has been read; if not, discard the data in excess
2523 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2524 	{
2525 		return -1;
2526 	}
2527 
2528 	return 0;
2529 }
2530 
2531 static int
2532 daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
2533     struct session *session, uint32 plen, struct pcap_stat *stats,
2534     unsigned int svrcapt)
2535 {
2536 	char errbuf[PCAP_ERRBUF_SIZE];		// buffer for network errors
2537 	char errmsgbuf[PCAP_ERRBUF_SIZE];	// buffer for errors to send to the client
2538 	char sendbuf[RPCAP_NETBUF_SIZE];	// temporary buffer in which data to be sent is buffered
2539 	int sendbufidx = 0;			// index which keeps the number of bytes currently buffered
2540 	struct rpcap_stats *netstats;		// statistics sent on the network
2541 
2542 	// Checks that the header does not contain other data; if so, discard it
2543 	if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2544 	{
2545 		// Network error.
2546 		return -1;
2547 	}
2548 
2549 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2550 	    &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2551 		goto error;
2552 
2553 	rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
2554 	    RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
2555 
2556 	netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
2557 
2558 	if (sock_bufferize(NULL, sizeof(struct rpcap_stats), NULL,
2559 	    &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2560 		goto error;
2561 
2562 	if (session && session->fp)
2563 	{
2564 		if (pcap_stats(session->fp, stats) == -1)
2565 		{
2566 			snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp));
2567 			goto error;
2568 		}
2569 
2570 		netstats->ifdrop = htonl(stats->ps_ifdrop);
2571 		netstats->ifrecv = htonl(stats->ps_recv);
2572 		netstats->krnldrop = htonl(stats->ps_drop);
2573 		netstats->svrcapt = htonl(session->TotCapt);
2574 	}
2575 	else
2576 	{
2577 		// We have to keep compatibility with old applications,
2578 		// which ask for statistics also when the capture has
2579 		// already stopped.
2580 		netstats->ifdrop = htonl(stats->ps_ifdrop);
2581 		netstats->ifrecv = htonl(stats->ps_recv);
2582 		netstats->krnldrop = htonl(stats->ps_drop);
2583 		netstats->svrcapt = htonl(svrcapt);
2584 	}
2585 
2586 	// Send the packet
2587 	if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
2588 	{
2589 		rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2590 		return -1;
2591 	}
2592 
2593 	return 0;
2594 
2595 error:
2596 	rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_GETSTATS,
2597 	    errmsgbuf, NULL);
2598 	return 0;
2599 }
2600 
2601 #ifdef _WIN32
2602 static unsigned __stdcall
2603 #else
2604 static void *
2605 #endif
2606 daemon_thrdatamain(void *ptr)
2607 {
2608 	char errbuf[PCAP_ERRBUF_SIZE + 1];	// error buffer
2609 	struct session *session;		// pointer to the struct session for this session
2610 	int retval;							// general variable used to keep the return value of other functions
2611 	struct rpcap_pkthdr *net_pkt_header;// header of the packet
2612 	struct pcap_pkthdr *pkt_header;		// pointer to the buffer that contains the header of the current packet
2613 	u_char *pkt_data;					// pointer to the buffer that contains the current packet
2614 	size_t sendbufsize;			// size for the send buffer
2615 	char *sendbuf;						// temporary buffer in which data to be sent is buffered
2616 	int sendbufidx;						// index which keeps the number of bytes currently buffered
2617 	int status;
2618 #ifndef _WIN32
2619 	sigset_t sigusr1;			// signal set with just SIGUSR1
2620 #endif
2621 
2622 	session = (struct session *) ptr;
2623 
2624 	session->TotCapt = 0;			// counter which is incremented each time a packet is received
2625 
2626 	// Initialize errbuf
2627 	memset(errbuf, 0, sizeof(errbuf));
2628 
2629 	//
2630 	// We need a buffer large enough to hold a buffer large enough
2631 	// for a maximum-size packet for this pcap_t.
2632 	//
2633 	if (pcap_snapshot(session->fp) < 0)
2634 	{
2635 		//
2636 		// The snapshot length is negative.
2637 		// This "should not happen".
2638 		//
2639 		rpcapd_log(LOGPRIO_ERROR,
2640 		    "Unable to allocate the buffer for this child thread: snapshot length of %d is negative",
2641 		        pcap_snapshot(session->fp));
2642 		sendbuf = NULL;	// we can't allocate a buffer, so nothing to free
2643 		goto error;
2644 	}
2645 	//
2646 	// size_t is unsigned, and the result of pcap_snapshot() is signed;
2647 	// on no platform that we support is int larger than size_t.
2648 	// This means that, unless the extra information we prepend to
2649 	// a maximum-sized packet is impossibly large, the sum of the
2650 	// snapshot length and the size of that extra information will
2651 	// fit in a size_t.
2652 	//
2653 	// So we don't need to make sure that sendbufsize will overflow.
2654 	//
2655 	// However, we *do* need to make sure its value fits in an int,
2656 	// because sock_send() can't send more than INT_MAX bytes (it could
2657 	// do so on 64-bit UN*Xes, but can't do so on Windows, not even
2658 	// 64-bit Windows, as the send() buffer size argument is an int
2659 	// in Winsock).
2660 	//
2661 	sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp);
2662 	if (sendbufsize > INT_MAX)
2663 	{
2664 		rpcapd_log(LOGPRIO_ERROR,
2665 		    "Buffer size for this child thread would be larger than %d",
2666 		    INT_MAX);
2667 		sendbuf = NULL;	// we haven't allocated a buffer, so nothing to free
2668 		goto error;
2669 	}
2670 	sendbuf = (char *) malloc (sendbufsize);
2671 	if (sendbuf == NULL)
2672 	{
2673 		rpcapd_log(LOGPRIO_ERROR,
2674 		    "Unable to allocate the buffer for this child thread");
2675 		goto error;
2676 	}
2677 
2678 #ifndef _WIN32
2679 	//
2680 	// Set the signal set to include just SIGUSR1, and block that
2681 	// signal; we only want it unblocked when we're reading
2682 	// packets - we dn't want any other system calls, such as
2683 	// ones being used to send to the client or to log messages,
2684 	// to be interrupted.
2685 	//
2686 	sigemptyset(&sigusr1);
2687 	sigaddset(&sigusr1, SIGUSR1);
2688 	pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
2689 #endif
2690 
2691 	// Retrieve the packets
2692 	for (;;)
2693 	{
2694 #ifndef _WIN32
2695 		//
2696 		// Unblock SIGUSR1 while we might be waiting for packets.
2697 		//
2698 		pthread_sigmask(SIG_UNBLOCK, &sigusr1, NULL);
2699 #endif
2700 		retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data);	// cast to avoid a compiler warning
2701 #ifndef _WIN32
2702 		//
2703 		// Now block it again.
2704 		//
2705 		pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
2706 #endif
2707 		if (retval < 0)
2708 			break;		// error
2709 		if (retval == 0)	// Read timeout elapsed
2710 			continue;
2711 
2712 		sendbufidx = 0;
2713 
2714 		// Bufferize the general header
2715 		if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2716 		    &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
2717 		    PCAP_ERRBUF_SIZE) == -1)
2718 		{
2719 			rpcapd_log(LOGPRIO_ERROR,
2720 			    "sock_bufferize() error sending packet message: %s",
2721 			    errbuf);
2722 			goto error;
2723 		}
2724 
2725 		rpcap_createhdr((struct rpcap_header *) sendbuf,
2726 		    session->protocol_version, RPCAP_MSG_PACKET, 0,
2727 		    (uint16) (sizeof(struct rpcap_pkthdr) + pkt_header->caplen));
2728 
2729 		net_pkt_header = (struct rpcap_pkthdr *) &sendbuf[sendbufidx];
2730 
2731 		// Bufferize the pkt header
2732 		if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL,
2733 		    &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
2734 		    PCAP_ERRBUF_SIZE) == -1)
2735 		{
2736 			rpcapd_log(LOGPRIO_ERROR,
2737 			    "sock_bufferize() error sending packet message: %s",
2738 			    errbuf);
2739 			goto error;
2740 		}
2741 
2742 		net_pkt_header->caplen = htonl(pkt_header->caplen);
2743 		net_pkt_header->len = htonl(pkt_header->len);
2744 		net_pkt_header->npkt = htonl(++(session->TotCapt));
2745 		//
2746 		// This protocol needs to be updated with a new version
2747 		// before 2038-01-19 03:14:07 UTC.
2748 		//
2749 		net_pkt_header->timestamp_sec = htonl((uint32)pkt_header->ts.tv_sec);
2750 		net_pkt_header->timestamp_usec = htonl((uint32)pkt_header->ts.tv_usec);
2751 
2752 		// Bufferize the pkt data
2753 		if (sock_bufferize((char *) pkt_data, pkt_header->caplen,
2754 		    sendbuf, &sendbufidx, (int)sendbufsize, SOCKBUF_BUFFERIZE,
2755 		    errbuf, PCAP_ERRBUF_SIZE) == -1)
2756 		{
2757 			rpcapd_log(LOGPRIO_ERROR,
2758 			    "sock_bufferize() error sending packet message: %s",
2759 			    errbuf);
2760 			goto error;
2761 		}
2762 
2763 		// Send the packet
2764 		// If the client dropped the connection, don't report an
2765 		// error, just quit.
2766 		status = sock_send(session->sockdata, session->data_ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE);
2767 		if (status < 0)
2768 		{
2769 			if (status == -1)
2770 			{
2771 				//
2772 				// Error other than "client closed the
2773 				// connection out from under us"; report
2774 				// it.
2775 				//
2776 				rpcapd_log(LOGPRIO_ERROR,
2777 				    "Send of packet to client failed: %s",
2778 				    errbuf);
2779 			}
2780 
2781 			//
2782 			// Give up in either case.
2783 			//
2784 			goto error;
2785 		}
2786 	}
2787 
2788 	if (retval < 0 && retval != PCAP_ERROR_BREAK)
2789 	{
2790 		//
2791 		// Failed with an error other than "we were told to break
2792 		// out of the loop".
2793 		//
2794 		// The latter just means that the client told us to stop
2795 		// capturing, so there's no error to report.
2796 		//
2797 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
2798 		rpcap_senderror(session->sockctrl, session->ctrl_ssl, session->protocol_version,
2799 		    PCAP_ERR_READEX, errbuf, NULL);
2800 	}
2801 
2802 error:
2803 	//
2804 	// The main thread will clean up the session structure.
2805 	//
2806 	free(sendbuf);
2807 
2808 	return 0;
2809 }
2810 
2811 #ifndef _WIN32
2812 //
2813 // Do-nothing handler for SIGUSR1; the sole purpose of SIGUSR1 is to
2814 // interrupt the data thread if it's blocked in a system call waiting
2815 // for packets to arrive.
2816 //
2817 static void noop_handler(int sign _U_)
2818 {
2819 }
2820 #endif
2821 
2822 /*!
2823 	\brief It serializes a network address.
2824 
2825 	It accepts a 'sockaddr_storage' structure as input, and it converts it appropriately into a format
2826 	that can be used to be sent on the network. Basically, it applies all the hton()
2827 	conversion required to the input variable.
2828 
2829 	\param sockaddrin a 'sockaddr_storage' pointer to the variable that has to be
2830 	serialized. This variable can be both a 'sockaddr_in' and 'sockaddr_in6'.
2831 
2832 	\param sockaddrout an 'rpcap_sockaddr' pointer to the variable that will contain
2833 	the serialized data. This variable has to be allocated by the user.
2834 
2835 	\warning This function supports only AF_INET and AF_INET6 address families.
2836 */
2837 static void
2838 daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout)
2839 {
2840 	memset(sockaddrout, 0, sizeof(struct sockaddr_storage));
2841 
2842 	// There can be the case in which the sockaddrin is not available
2843 	if (sockaddrin == NULL) return;
2844 
2845 	// Warning: we support only AF_INET and AF_INET6
2846 	//
2847 	// Note: as noted above, the output structures are not
2848 	// neatly aligned on 4-byte boundaries, so we must fill
2849 	// in an aligned structure and then copy it to the output
2850 	// buffer with memcpy().
2851 	switch (sockaddrin->ss_family)
2852 	{
2853 	case AF_INET:
2854 		{
2855 		struct sockaddr_in *sockaddrin_ipv4;
2856 		struct rpcap_sockaddr_in sockaddrout_ipv4;
2857 
2858 		sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
2859 
2860 		sockaddrout_ipv4.family = htons(RPCAP_AF_INET);
2861 		sockaddrout_ipv4.port = htons(sockaddrin_ipv4->sin_port);
2862 		memcpy(&sockaddrout_ipv4.addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4.addr));
2863 		memset(sockaddrout_ipv4.zero, 0, sizeof(sockaddrout_ipv4.zero));
2864 		memcpy(sockaddrout, &sockaddrout_ipv4, sizeof(struct rpcap_sockaddr_in));
2865 		break;
2866 		}
2867 
2868 #ifdef AF_INET6
2869 	case AF_INET6:
2870 		{
2871 		struct sockaddr_in6 *sockaddrin_ipv6;
2872 		struct rpcap_sockaddr_in6 sockaddrout_ipv6;
2873 
2874 		sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
2875 
2876 		sockaddrout_ipv6.family = htons(RPCAP_AF_INET6);
2877 		sockaddrout_ipv6.port = htons(sockaddrin_ipv6->sin6_port);
2878 		sockaddrout_ipv6.flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
2879 		memcpy(&sockaddrout_ipv6.addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6.addr));
2880 		sockaddrout_ipv6.scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
2881 		memcpy(sockaddrout, &sockaddrout_ipv6, sizeof(struct rpcap_sockaddr_in6));
2882 		break;
2883 		}
2884 #endif
2885 	}
2886 }
2887 
2888 
2889 /*!
2890 	\brief Suspends a thread for secs seconds.
2891 */
2892 void sleep_secs(int secs)
2893 {
2894 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2895 #ifdef _WIN32
2896 	Sleep(secs*1000);
2897 #else
2898 	unsigned secs_remaining;
2899 
2900 	if (secs <= 0)
2901 		return;
2902 	secs_remaining = secs;
2903 	while (secs_remaining != 0)
2904 		secs_remaining = sleep(secs_remaining);
2905 #endif
2906 #endif
2907 }
2908 
2909 /*
2910  * Read the header of a message.
2911  */
2912 static int
2913 rpcapd_recv_msg_header(PCAP_SOCKET sock, SSL *ssl, struct rpcap_header *headerp)
2914 {
2915 	int nread;
2916 	char errbuf[PCAP_ERRBUF_SIZE];		// buffer for network errors
2917 
2918 	nread = sock_recv(sock, ssl, (char *) headerp, sizeof(struct rpcap_header),
2919 	    SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, errbuf, PCAP_ERRBUF_SIZE);
2920 	if (nread == -1)
2921 	{
2922 		// Network error.
2923 		rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2924 		return -1;
2925 	}
2926 	if (nread == 0)
2927 	{
2928 		// Immediate EOF; that's treated like a close message.
2929 		return -2;
2930 	}
2931 	headerp->plen = ntohl(headerp->plen);
2932 	return 0;
2933 }
2934 
2935 /*
2936  * Read data from a message.
2937  * If we're trying to read more data that remains, puts an error
2938  * message into errmsgbuf and returns -2.  Otherwise, tries to read
2939  * the data and, if that succeeds, subtracts the amount read from
2940  * the number of bytes of data that remains.
2941  * Returns 0 on success, logs a message and returns -1 on a network
2942  * error.
2943  */
2944 static int
2945 rpcapd_recv(PCAP_SOCKET sock, SSL *ssl, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf)
2946 {
2947 	int nread;
2948 	char errbuf[PCAP_ERRBUF_SIZE];		// buffer for network errors
2949 
2950 	if (toread > *plen)
2951 	{
2952 		// Tell the client and continue.
2953 		snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
2954 		return -2;
2955 	}
2956 	nread = sock_recv(sock, ssl, buffer, toread,
2957 	    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
2958 	if (nread == -1)
2959 	{
2960 		rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2961 		return -1;
2962 	}
2963 	*plen -= nread;
2964 	return 0;
2965 }
2966 
2967 /*
2968  * Discard data from a connection.
2969  * Mostly used to discard wrong-sized messages.
2970  * Returns 0 on success, logs a message and returns -1 on a network
2971  * error.
2972  */
2973 static int
2974 rpcapd_discard(PCAP_SOCKET sock, SSL *ssl, uint32 len)
2975 {
2976 	char errbuf[PCAP_ERRBUF_SIZE + 1];	// keeps the error string, prior to be printed
2977 
2978 	if (len != 0)
2979 	{
2980 		if (sock_discard(sock, ssl, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
2981 		{
2982 			// Network error.
2983 			rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2984 			return -1;
2985 		}
2986 	}
2987 	return 0;
2988 }
2989 
2990 //
2991 // Shut down any packet-capture thread associated with the session,
2992 // close the SSL handle for the data socket if we have one, close
2993 // the data socket if we have one, and close the underlying packet
2994 // capture handle if we have one.
2995 //
2996 // We do not, of course, touch the controlling socket that's also
2997 // copied into the session, as the service loop might still use it.
2998 //
2999 static void session_close(struct session *session)
3000 {
3001 	if (session->have_thread)
3002 	{
3003 		//
3004 		// Tell the data connection thread main capture loop to
3005 		// break out of that loop.
3006 		//
3007 		// This may be sufficient to wake up a blocked thread,
3008 		// but it's not guaranteed to be sufficient.
3009 		//
3010 		pcap_breakloop(session->fp);
3011 
3012 #ifdef _WIN32
3013 		//
3014 		// Set the event on which a read would block, so that,
3015 		// if it's currently blocked waiting for packets to
3016 		// arrive, it'll wake up, so it can see the "break
3017 		// out of the loop" indication.  (pcap_breakloop()
3018 		// might do this, but older versions don't.  Setting
3019 		// it twice should, at worst, cause an extra wakeup,
3020 		// which shouldn't be a problem.)
3021 		//
3022 		// XXX - what about modules other than NPF?
3023 		//
3024 		SetEvent(pcap_getevent(session->fp));
3025 
3026 		//
3027 		// Wait for the thread to exit, so we don't close
3028 		// sockets out from under it.
3029 		//
3030 		// XXX - have a timeout, so we don't wait forever?
3031 		//
3032 		WaitForSingleObject(session->thread, INFINITE);
3033 
3034 		//
3035 		// Release the thread handle, as we're done with
3036 		// it.
3037 		//
3038 		CloseHandle(session->thread);
3039 		session->have_thread = 0;
3040 		session->thread = INVALID_HANDLE_VALUE;
3041 #else
3042 		//
3043 		// Send a SIGUSR1 signal to the thread, so that, if
3044 		// it's currently blocked waiting for packets to arrive,
3045 		// it'll wake up (we've turned off SA_RESTART for
3046 		// SIGUSR1, so that the system call in which it's blocked
3047 		// should return EINTR rather than restarting).
3048 		//
3049 		pthread_kill(session->thread, SIGUSR1);
3050 
3051 		//
3052 		// Wait for the thread to exit, so we don't close
3053 		// sockets out from under it.
3054 		//
3055 		// XXX - have a timeout, so we don't wait forever?
3056 		//
3057 		pthread_join(session->thread, NULL);
3058 		session->have_thread = 0;
3059 		memset(&session->thread, 0, sizeof(session->thread));
3060 #endif
3061 	}
3062 
3063 #ifdef HAVE_OPENSSL
3064 	if (session->data_ssl)
3065 	{
3066 		// Finish using the SSL handle for the socket.
3067 		// This must be done *before* the socket is closed.
3068 		ssl_finish(session->data_ssl);
3069 		session->data_ssl = NULL;
3070 	}
3071 #endif
3072 
3073 	if (session->sockdata != INVALID_SOCKET)
3074 	{
3075 		sock_close(session->sockdata, NULL, 0);
3076 		session->sockdata = INVALID_SOCKET;
3077 	}
3078 
3079 	if (session->fp)
3080 	{
3081 		pcap_close(session->fp);
3082 		session->fp = NULL;
3083 	}
3084 }
3085 
3086 //
3087 // Check whether a capture source string is a URL or not.
3088 // This includes URLs that refer to a local device; a scheme, followed
3089 // by ://, followed by *another* scheme and ://, is just silly, and
3090 // anybody who supplies that will get an error.
3091 //
3092 static int
3093 is_url(const char *source)
3094 {
3095 	char *colonp;
3096 
3097 	/*
3098 	 * RFC 3986 says:
3099 	 *
3100 	 *   URI         = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
3101 	 *
3102 	 *   hier-part   = "//" authority path-abempty
3103 	 *               / path-absolute
3104 	 *               / path-rootless
3105 	 *               / path-empty
3106 	 *
3107 	 *   authority   = [ userinfo "@" ] host [ ":" port ]
3108 	 *
3109 	 *   userinfo    = *( unreserved / pct-encoded / sub-delims / ":" )
3110 	 *
3111 	 * Step 1: look for the ":" at the end of the scheme.
3112 	 * A colon in the source is *NOT* sufficient to indicate that
3113 	 * this is a URL, as interface names on some platforms might
3114 	 * include colons (e.g., I think some Solaris interfaces
3115 	 * might).
3116 	 */
3117 	colonp = strchr(source, ':');
3118 	if (colonp == NULL)
3119 	{
3120 		/*
3121 		 * The source is the device to open.  It's not a URL.
3122 		 */
3123 		return (0);
3124 	}
3125 
3126 	/*
3127 	 * All schemes must have "//" after them, i.e. we only support
3128 	 * hier-part   = "//" authority path-abempty, not
3129 	 * hier-part   = path-absolute
3130 	 * hier-part   = path-rootless
3131 	 * hier-part   = path-empty
3132 	 *
3133 	 * We need that in order to distinguish between a local device
3134 	 * name that happens to contain a colon and a URI.
3135 	 */
3136 	if (strncmp(colonp + 1, "//", 2) != 0)
3137 	{
3138 		/*
3139 		 * The source is the device to open.  It's not a URL.
3140 		 */
3141 		return (0);
3142 	}
3143 
3144 	/*
3145 	 * It's a URL.
3146 	 */
3147 	return (1);
3148 }
3149