1 /* 2 * Copyright (c) 2002 - 2003 3 * NetGroup, Politecnico di Torino (Italy) 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the Politecnico di Torino nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #ifdef HAVE_CONFIG_H 33 #include <config.h> 34 #endif 35 36 #include "ftmacros.h" 37 #include "varattrs.h" 38 39 #include <errno.h> // for the errno variable 40 #include <stdlib.h> // for malloc(), free(), ... 41 #include <string.h> // for strlen(), ... 42 #include <limits.h> // for INT_MAX 43 44 #ifdef _WIN32 45 #include <process.h> // for threads 46 #else 47 #include <unistd.h> 48 #include <pthread.h> 49 #include <signal.h> 50 #include <sys/time.h> 51 #include <sys/types.h> // for select() and such 52 #include <pwd.h> // for password management 53 #endif 54 55 #ifdef HAVE_GETSPNAM 56 #include <shadow.h> // for password management 57 #endif 58 59 #include <pcap.h> // for libpcap/WinPcap calls 60 61 #include "fmtutils.h" 62 #include "sockutils.h" // for socket calls 63 #include "portability.h" 64 #include "rpcap-protocol.h" 65 #include "daemon.h" 66 #include "log.h" 67 68 #ifdef HAVE_OPENSSL 69 #include <openssl/ssl.h> 70 #include "sslutils.h" 71 #endif 72 73 // 74 // Timeout, in seconds, when we're waiting for a client to send us an 75 // authentication request; if they don't send us a request within that 76 // interval, we drop the connection, so we don't stay stuck forever. 77 // 78 #define RPCAP_TIMEOUT_INIT 90 79 80 // 81 // Timeout, in seconds, when we're waiting for an authenticated client 82 // to send us a request, if a capture isn't in progress; if they don't 83 // send us a request within that interval, we drop the connection, so 84 // we don't stay stuck forever. 85 // 86 #define RPCAP_TIMEOUT_RUNTIME 180 87 88 // 89 // Time, in seconds, that we wait after a failed authentication attempt 90 // before processing the next request; this prevents a client from 91 // rapidly trying different accounts or passwords. 92 // 93 #define RPCAP_SUSPEND_WRONGAUTH 1 94 95 // Parameters for the service loop. 96 struct daemon_slpars 97 { 98 SOCKET sockctrl; //!< SOCKET ID of the control connection 99 SSL *ssl; //!< Optional SSL handler for the controlling sockets 100 int isactive; //!< Not null if the daemon has to run in active mode 101 int nullAuthAllowed; //!< '1' if we permit NULL authentication, '0' otherwise 102 }; 103 104 // 105 // Data for a session managed by a thread. 106 // It includes both a Boolean indicating whether we *have* a thread, 107 // and a platform-dependent (UN*X vs. Windows) identifier for the 108 // thread; on Windows, we could use an invalid handle to indicate 109 // that we don't have a thread, but there *is* no portable "no thread" 110 // value for a pthread_t on UN*X. 111 // 112 struct session { 113 SOCKET sockctrl; 114 SOCKET sockdata; 115 SSL *ctrl_ssl, *data_ssl; // optional SSL handlers for sockctrl and sockdata. 116 uint8 protocol_version; 117 pcap_t *fp; 118 unsigned int TotCapt; 119 int have_thread; 120 #ifdef _WIN32 121 HANDLE thread; 122 #else 123 pthread_t thread; 124 #endif 125 }; 126 127 // Locally defined functions 128 static int daemon_msg_err(SOCKET sockctrl, SSL *, uint32 plen); 129 static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen); 130 static int daemon_AuthUserPwd(char *username, char *password, char *errbuf); 131 132 static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, 133 uint32 plen); 134 135 static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, 136 uint32 plen, char *source, size_t sourcelen); 137 static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, 138 uint32 plen, char *source, struct session **sessionp, 139 struct rpcap_sampling *samp_param, int uses_ssl); 140 static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars, 141 struct session *session); 142 143 static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars, 144 struct session *session, uint32 plen); 145 static int daemon_unpackapplyfilter(SOCKET sockctrl, SSL *, struct session *session, uint32 *plenp, char *errbuf); 146 147 static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars, 148 struct session *session, uint32 plen, struct pcap_stat *stats, 149 unsigned int svrcapt); 150 151 static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, 152 uint32 plen, struct rpcap_sampling *samp_param); 153 154 static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout); 155 #ifdef _WIN32 156 static unsigned __stdcall daemon_thrdatamain(void *ptr); 157 #else 158 static void *daemon_thrdatamain(void *ptr); 159 static void noop_handler(int sign); 160 #endif 161 162 static int rpcapd_recv_msg_header(SOCKET sock, SSL *, struct rpcap_header *headerp); 163 static int rpcapd_recv(SOCKET sock, SSL *, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf); 164 static int rpcapd_discard(SOCKET sock, SSL *, uint32 len); 165 static void session_close(struct session *); 166 167 // 168 // TLS record layer header; used when processing the first message from 169 // the client, in case we aren't doing TLS but they are. 170 // 171 struct tls_record_header { 172 uint8 type; // ContentType - will be 22, for Handshake 173 uint8 version_major; // TLS protocol major version 174 uint8 version_injor; // TLS protocol minor version 175 // This is *not* aligned on a 2-byte boundary; we just 176 // declare it as two bytes. Don't assume any particular 177 // compiler's mechanism for saying "packed"! 178 uint8 length_hi; // Upper 8 bits of payload length 179 uint8 length_lo; // Low 8 bits of payload length 180 }; 181 182 #define TLS_RECORD_HEADER_LEN 5 // Don't use sizeof in case it's padded 183 184 #define TLS_RECORD_TYPE_ALERT 21 185 #define TLS_RECORD_TYPE_HANDSHAKE 22 186 187 // 188 // TLS alert message. 189 // 190 struct tls_alert { 191 uint8 alert_level; 192 uint8 alert_description; 193 }; 194 195 #define TLS_ALERT_LEN 2 196 197 #define TLS_ALERT_LEVEL_FATAL 2 198 #define TLS_ALERT_HANDSHAKE_FAILURE 40 199 200 static int is_url(const char *source); 201 202 /* 203 * Maximum sizes for fixed-bit-width values. 204 */ 205 #ifndef UINT16_MAX 206 #define UINT16_MAX 65535U 207 #endif 208 209 #ifndef UINT32_MAX 210 #define UINT32_MAX 4294967295U 211 #endif 212 213 int 214 daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients, 215 int nullAuthAllowed, int uses_ssl) 216 { 217 uint8 first_octet; 218 struct tls_record_header tls_header; 219 struct tls_alert tls_alert; 220 struct daemon_slpars pars; // service loop parameters 221 char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed 222 char errmsgbuf[PCAP_ERRBUF_SIZE + 1]; // buffer for errors to send to the client 223 int host_port_check_status; 224 SSL *ssl = NULL; 225 int nrecv; 226 struct rpcap_header header; // RPCAP message general header 227 uint32 plen; // payload length from header 228 int authenticated = 0; // 1 if the client has successfully authenticated 229 char source[PCAP_BUF_SIZE+1]; // keeps the string that contains the interface to open 230 int got_source = 0; // 1 if we've gotten the source from an open request 231 #ifndef _WIN32 232 struct sigaction action; 233 #endif 234 struct session *session = NULL; // struct session main variable 235 const char *msg_type_string; // string for message type 236 int client_told_us_to_close = 0; // 1 if the client told us to close the capture 237 238 // needed to save the values of the statistics 239 struct pcap_stat stats; 240 unsigned int svrcapt; 241 242 struct rpcap_sampling samp_param; // in case sampling has been requested 243 244 // Structures needed for the select() call 245 fd_set rfds; // set of socket descriptors we have to check 246 struct timeval tv; // maximum time the select() can block waiting for data 247 int retval; // select() return value 248 249 *errbuf = 0; // Initialize errbuf 250 251 // 252 // Peek into the socket to determine whether the client sent us 253 // a TLS handshake message or a non-TLS rpcapd message. 254 // 255 // The first byte of an rpcapd request is the version number; 256 // the first byte of a TLS handshake message is 22. The 257 // first request to an rpcapd server must be an authentication 258 // request or a close request, and must have a version number 259 // of 0, so it will be possible to distinguish between an 260 // initial plaintext request to a server and an initial TLS 261 // handshake message. 262 // 263 nrecv = sock_recv(sockctrl, NULL, (char *)&first_octet, 1, 264 SOCK_EOF_ISNT_ERROR|SOCK_MSG_PEEK, errbuf, PCAP_ERRBUF_SIZE); 265 if (nrecv == -1) 266 { 267 // Fatal error. 268 rpcapd_log(LOGPRIO_ERROR, "Peek from client failed: %s", errbuf); 269 goto end; 270 } 271 if (nrecv == 0) 272 { 273 // Client closed the connection. 274 goto end; 275 } 276 277 #ifdef HAVE_OPENSSL 278 // 279 // We have to upgrade to TLS as soon as possible, so that the 280 // whole protocol goes through the encrypted tunnel, including 281 // early error messages. 282 // 283 // Even in active mode, the other end has to initiate the TLS 284 // handshake as we still are the server as far as TLS is concerned, 285 // so we don't check isactive. 286 // 287 if (uses_ssl) 288 { 289 // 290 // We're expecting a TLS handshake message. If this 291 // isn't one, assume it's a non-TLS rpcapd message. 292 // 293 // The first octet of a TLS handshake is 294 // TLS_RECORD_TYPE_HANDSHAKE. 295 // 296 if (first_octet != TLS_RECORD_TYPE_HANDSHAKE) 297 { 298 // 299 // We assume this is a non-TLS rpcapd message. 300 // 301 // Read the message header from the client. 302 // 303 nrecv = rpcapd_recv_msg_header(sockctrl, NULL, &header); 304 if (nrecv == -1) 305 { 306 // Fatal error. 307 goto end; 308 } 309 if (nrecv == -2) 310 { 311 // Client closed the connection. 312 goto end; 313 } 314 plen = header.plen; 315 316 // Discard the rest of the message. 317 if (rpcapd_discard(sockctrl, NULL, plen) == -1) 318 { 319 // Network error. 320 goto end; 321 } 322 323 // 324 // Send an authentication error, indicating 325 // that we require TLS. 326 // 327 if (rpcap_senderror(sockctrl, NULL, header.ver, 328 PCAP_ERR_TLS_REQUIRED, 329 "TLS is required by this server", errbuf) == -1) 330 { 331 // That failed; log a message and give up. 332 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 333 goto end; 334 } 335 336 // Shut the session down. 337 goto end; 338 } 339 ssl = ssl_promotion(1, sockctrl, errbuf, PCAP_ERRBUF_SIZE); 340 if (! ssl) 341 { 342 rpcapd_log(LOGPRIO_ERROR, "TLS handshake on control connection failed: %s", 343 errbuf); 344 goto end; 345 } 346 } 347 else 348 #endif 349 { 350 // 351 // We're expecting a non-TLS rpcapd message. If this 352 // looks, instead, like a TLS handshake message, send 353 // a TLS handshake_failed alert. 354 // 355 // The first octet of a TLS handshake is 356 // TLS_RECORD_TYPE_HANDSHAKE. 357 // 358 if (first_octet == TLS_RECORD_TYPE_HANDSHAKE) 359 { 360 // 361 // TLS handshake. 362 // Read the record header. 363 // 364 nrecv = sock_recv(sockctrl, ssl, (char *) &tls_header, 365 sizeof tls_header, SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, 366 errbuf, PCAP_ERRBUF_SIZE); 367 if (nrecv == -1) 368 { 369 // Network error. 370 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); 371 goto end; 372 } 373 if (nrecv == 0) 374 { 375 // Immediate EOF 376 goto end; 377 } 378 plen = (tls_header.length_hi << 8U) | tls_header.length_lo; 379 380 // Discard the rest of the message. 381 if (rpcapd_discard(sockctrl, NULL, plen) == -1) 382 { 383 // Network error. 384 goto end; 385 } 386 387 // 388 // Send a TLS handshake failure alert. 389 // Use the same version the client sent us. 390 // 391 tls_header.type = TLS_RECORD_TYPE_ALERT; 392 tls_header.length_hi = 0; 393 tls_header.length_lo = TLS_ALERT_LEN; 394 395 if (sock_send(sockctrl, NULL, (char *) &tls_header, 396 TLS_RECORD_HEADER_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1) 397 { 398 // That failed; log a message and give up. 399 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 400 goto end; 401 } 402 403 tls_alert.alert_level = TLS_ALERT_LEVEL_FATAL; 404 tls_alert.alert_description = TLS_ALERT_HANDSHAKE_FAILURE; 405 if (sock_send(sockctrl, NULL, (char *) &tls_alert, 406 TLS_ALERT_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1) 407 { 408 // That failed; log a message and give up. 409 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 410 goto end; 411 } 412 // 413 // Give up anyway. 414 // 415 goto end; 416 } 417 } 418 419 // Set parameters structure 420 pars.sockctrl = sockctrl; 421 pars.ssl = ssl; 422 pars.isactive = isactive; // active mode 423 pars.nullAuthAllowed = nullAuthAllowed; 424 425 // 426 // We have a connection. 427 // 428 // If it's a passive mode connection, check whether the connecting 429 // host is among the ones allowed. 430 // 431 // In either case, we were handed a copy of the host list; free it 432 // as soon as we're done with it. 433 // 434 if (pars.isactive) 435 { 436 // Nothing to do. 437 free(passiveClients); 438 passiveClients = NULL; 439 } 440 else 441 { 442 struct sockaddr_storage from; 443 socklen_t fromlen; 444 445 // 446 // Get the address of the other end of the connection. 447 // 448 fromlen = sizeof(struct sockaddr_storage); 449 if (getpeername(pars.sockctrl, (struct sockaddr *)&from, 450 &fromlen) == -1) 451 { 452 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE, 453 "getpeername() failed"); 454 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1) 455 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 456 goto end; 457 } 458 459 // 460 // Are they in the list of host/port combinations we allow? 461 // 462 host_port_check_status = sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE); 463 free(passiveClients); 464 passiveClients = NULL; 465 if (host_port_check_status < 0) 466 { 467 if (host_port_check_status == -2) { 468 // 469 // We got an error; log it. 470 // 471 rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf); 472 } 473 474 // 475 // Sorry, we can't let you in. 476 // 477 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1) 478 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 479 goto end; 480 } 481 } 482 483 #ifndef _WIN32 484 // 485 // Catch SIGUSR1, but do nothing. We use it to interrupt the 486 // capture thread to break it out of a loop in which it's 487 // blocked waiting for packets to arrive. 488 // 489 // We don't want interrupted system calls to restart, so that 490 // the read routine for the pcap_t gets EINTR rather than 491 // restarting if it's blocked in a system call. 492 // 493 memset(&action, 0, sizeof (action)); 494 action.sa_handler = noop_handler; 495 action.sa_flags = 0; 496 sigemptyset(&action.sa_mask); 497 sigaction(SIGUSR1, &action, NULL); 498 #endif 499 500 // 501 // The client must first authenticate; loop until they send us a 502 // message with a version we support and credentials we accept, 503 // they send us a close message indicating that they're giving up, 504 // or we get a network error or other fatal error. 505 // 506 while (!authenticated) 507 { 508 // 509 // If we're not in active mode, we use select(), with a 510 // timeout, to wait for an authentication request; if 511 // the timeout expires, we drop the connection, so that 512 // a client can't just connect to us and leave us 513 // waiting forever. 514 // 515 if (!pars.isactive) 516 { 517 FD_ZERO(&rfds); 518 // We do not have to block here 519 tv.tv_sec = RPCAP_TIMEOUT_INIT; 520 tv.tv_usec = 0; 521 522 FD_SET(pars.sockctrl, &rfds); 523 524 retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv); 525 if (retval == -1) 526 { 527 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE, 528 "select() failed"); 529 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1) 530 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 531 goto end; 532 } 533 534 // The timeout has expired 535 // So, this was a fake connection. Drop it down 536 if (retval == 0) 537 { 538 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1) 539 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 540 goto end; 541 } 542 } 543 544 // 545 // Read the message header from the client. 546 // 547 nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header); 548 if (nrecv == -1) 549 { 550 // Fatal error. 551 goto end; 552 } 553 if (nrecv == -2) 554 { 555 // Client closed the connection. 556 goto end; 557 } 558 559 plen = header.plen; 560 561 // 562 // While we're in the authentication pharse, all requests 563 // must use version 0. 564 // 565 if (header.ver != 0) 566 { 567 // 568 // Send it back to them with their version. 569 // 570 if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver, 571 PCAP_ERR_WRONGVER, 572 "RPCAP version in requests in the authentication phase must be 0", 573 errbuf) == -1) 574 { 575 // That failed; log a message and give up. 576 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 577 goto end; 578 } 579 580 // Discard the rest of the message and drop the 581 // connection. 582 (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen); 583 goto end; 584 } 585 586 switch (header.type) 587 { 588 case RPCAP_MSG_AUTH_REQ: 589 retval = daemon_msg_auth_req(&pars, plen); 590 if (retval == -1) 591 { 592 // Fatal error; a message has 593 // been logged, so just give up. 594 goto end; 595 } 596 if (retval == -2) 597 { 598 // Non-fatal error; we sent back 599 // an error message, so let them 600 // try again. 601 continue; 602 } 603 604 // OK, we're authenticated; we sent back 605 // a reply, so start serving requests. 606 authenticated = 1; 607 break; 608 609 case RPCAP_MSG_CLOSE: 610 // 611 // The client is giving up. 612 // Discard the rest of the message, if 613 // there is anything more. 614 // 615 (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen); 616 // We're done with this client. 617 goto end; 618 619 case RPCAP_MSG_ERROR: 620 // Log this and close the connection? 621 // XXX - is this what happens in active 622 // mode, where *we* initiate the 623 // connection, and the client gives us 624 // an error message rather than a "let 625 // me log in" message, indicating that 626 // we're not allowed to connect to them? 627 (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen); 628 goto end; 629 630 case RPCAP_MSG_FINDALLIF_REQ: 631 case RPCAP_MSG_OPEN_REQ: 632 case RPCAP_MSG_STARTCAP_REQ: 633 case RPCAP_MSG_UPDATEFILTER_REQ: 634 case RPCAP_MSG_STATS_REQ: 635 case RPCAP_MSG_ENDCAP_REQ: 636 case RPCAP_MSG_SETSAMPLING_REQ: 637 // 638 // These requests can't be sent until 639 // the client is authenticated. 640 // 641 msg_type_string = rpcap_msg_type_string(header.type); 642 if (msg_type_string != NULL) 643 { 644 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string); 645 } 646 else 647 { 648 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type); 649 } 650 if (rpcap_senderror(pars.sockctrl, pars.ssl, 651 header.ver, PCAP_ERR_WRONGMSG, 652 errmsgbuf, errbuf) == -1) 653 { 654 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 655 goto end; 656 } 657 // Discard the rest of the message. 658 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) 659 { 660 // Network error. 661 goto end; 662 } 663 break; 664 665 case RPCAP_MSG_PACKET: 666 case RPCAP_MSG_FINDALLIF_REPLY: 667 case RPCAP_MSG_OPEN_REPLY: 668 case RPCAP_MSG_STARTCAP_REPLY: 669 case RPCAP_MSG_UPDATEFILTER_REPLY: 670 case RPCAP_MSG_AUTH_REPLY: 671 case RPCAP_MSG_STATS_REPLY: 672 case RPCAP_MSG_ENDCAP_REPLY: 673 case RPCAP_MSG_SETSAMPLING_REPLY: 674 // 675 // These are server-to-client messages. 676 // 677 msg_type_string = rpcap_msg_type_string(header.type); 678 if (msg_type_string != NULL) 679 { 680 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string); 681 } 682 else 683 { 684 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type); 685 } 686 if (rpcap_senderror(pars.sockctrl, pars.ssl, 687 header.ver, PCAP_ERR_WRONGMSG, 688 errmsgbuf, errbuf) == -1) 689 { 690 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 691 goto end; 692 } 693 // Discard the rest of the message. 694 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) 695 { 696 // Fatal error. 697 goto end; 698 } 699 break; 700 701 default: 702 // 703 // Unknown message type. 704 // 705 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type); 706 if (rpcap_senderror(pars.sockctrl, pars.ssl, 707 header.ver, PCAP_ERR_WRONGMSG, 708 errmsgbuf, errbuf) == -1) 709 { 710 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 711 goto end; 712 } 713 // Discard the rest of the message. 714 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) 715 { 716 // Fatal error. 717 goto end; 718 } 719 break; 720 } 721 } 722 723 // 724 // OK, the client has authenticated itself, and we can start 725 // processing regular requests from it. 726 // 727 728 // 729 // We don't have any statistics yet. 730 // 731 stats.ps_ifdrop = 0; 732 stats.ps_recv = 0; 733 stats.ps_drop = 0; 734 svrcapt = 0; 735 736 // 737 // Service requests. 738 // 739 for (;;) 740 { 741 errbuf[0] = 0; // clear errbuf 742 743 // Avoid zombies connections; check if the connection is opens but no commands are performed 744 // from more than RPCAP_TIMEOUT_RUNTIME 745 // Conditions: 746 // - I have to be in normal mode (no active mode) 747 // - if the device is open, I don't have to be in the middle of a capture (session->sockdata) 748 // - if the device is closed, I have always to check if a new command arrives 749 // 750 // Be carefully: the capture can have been started, but an error occurred (so session != NULL, but 751 // sockdata is 0 752 if ((!pars.isactive) && (session == NULL || session->sockdata == 0)) 753 { 754 // Check for the initial timeout 755 FD_ZERO(&rfds); 756 // We do not have to block here 757 tv.tv_sec = RPCAP_TIMEOUT_RUNTIME; 758 tv.tv_usec = 0; 759 760 FD_SET(pars.sockctrl, &rfds); 761 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 762 retval = 1; 763 #else 764 retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv); 765 #endif 766 if (retval == -1) 767 { 768 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE, 769 "select() failed"); 770 if (rpcap_senderror(pars.sockctrl, pars.ssl, 771 0, PCAP_ERR_NETW, 772 errmsgbuf, errbuf) == -1) 773 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 774 goto end; 775 } 776 777 // The timeout has expired 778 // So, this was a fake connection. Drop it down 779 if (retval == 0) 780 { 781 if (rpcap_senderror(pars.sockctrl, pars.ssl, 782 0, PCAP_ERR_INITTIMEOUT, 783 "The RPCAP initial timeout has expired", 784 errbuf) == -1) 785 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 786 goto end; 787 } 788 } 789 790 // 791 // Read the message header from the client. 792 // 793 nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header); 794 if (nrecv == -1) 795 { 796 // Fatal error. 797 goto end; 798 } 799 if (nrecv == -2) 800 { 801 // Client closed the connection. 802 goto end; 803 } 804 805 plen = header.plen; 806 807 // 808 // Did the client specify a protocol version that we 809 // support? 810 // 811 if (!RPCAP_VERSION_IS_SUPPORTED(header.ver)) 812 { 813 // 814 // Tell them it's not a supported version. 815 // Send the error message with their version, 816 // so they don't reject it as having the wrong 817 // version. 818 // 819 if (rpcap_senderror(pars.sockctrl, pars.ssl, 820 header.ver, PCAP_ERR_WRONGVER, 821 "RPCAP version in message isn't supported by the server", 822 errbuf) == -1) 823 { 824 // That failed; log a message and give up. 825 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 826 goto end; 827 } 828 829 // Discard the rest of the message. 830 (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen); 831 // Give up on them. 832 goto end; 833 } 834 835 switch (header.type) 836 { 837 case RPCAP_MSG_ERROR: // The other endpoint reported an error 838 { 839 (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen); 840 // Do nothing; just exit; the error code is already into the errbuf 841 // XXX - actually exit.... 842 break; 843 } 844 845 case RPCAP_MSG_FINDALLIF_REQ: 846 { 847 if (daemon_msg_findallif_req(header.ver, &pars, plen) == -1) 848 { 849 // Fatal error; a message has 850 // been logged, so just give up. 851 goto end; 852 } 853 break; 854 } 855 856 case RPCAP_MSG_OPEN_REQ: 857 { 858 // 859 // Process the open request, and keep 860 // the source from it, for use later 861 // when the capture is started. 862 // 863 // XXX - we don't care if the client sends 864 // us multiple open requests, the last 865 // one wins. 866 // 867 retval = daemon_msg_open_req(header.ver, &pars, 868 plen, source, sizeof(source)); 869 if (retval == -1) 870 { 871 // Fatal error; a message has 872 // been logged, so just give up. 873 goto end; 874 } 875 got_source = 1; 876 break; 877 } 878 879 case RPCAP_MSG_STARTCAP_REQ: 880 { 881 if (!got_source) 882 { 883 // They never told us what device 884 // to capture on! 885 if (rpcap_senderror(pars.sockctrl, pars.ssl, 886 header.ver, 887 PCAP_ERR_STARTCAPTURE, 888 "No capture device was specified", 889 errbuf) == -1) 890 { 891 // Fatal error; log an 892 // error and give up. 893 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 894 goto end; 895 } 896 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) 897 { 898 goto end; 899 } 900 break; 901 } 902 903 if (daemon_msg_startcap_req(header.ver, &pars, 904 plen, source, &session, &samp_param, 905 uses_ssl) == -1) 906 { 907 // Fatal error; a message has 908 // been logged, so just give up. 909 goto end; 910 } 911 break; 912 } 913 914 case RPCAP_MSG_UPDATEFILTER_REQ: 915 { 916 if (session) 917 { 918 if (daemon_msg_updatefilter_req(header.ver, 919 &pars, session, plen) == -1) 920 { 921 // Fatal error; a message has 922 // been logged, so just give up. 923 goto end; 924 } 925 } 926 else 927 { 928 if (rpcap_senderror(pars.sockctrl, pars.ssl, 929 header.ver, 930 PCAP_ERR_UPDATEFILTER, 931 "Device not opened. Cannot update filter", 932 errbuf) == -1) 933 { 934 // That failed; log a message and give up. 935 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 936 goto end; 937 } 938 } 939 break; 940 } 941 942 case RPCAP_MSG_CLOSE: // The other endpoint close the pcap session 943 { 944 // 945 // Indicate to our caller that the client 946 // closed the control connection. 947 // This is used only in case of active mode. 948 // 949 client_told_us_to_close = 1; 950 rpcapd_log(LOGPRIO_DEBUG, "The other end system asked to close the connection."); 951 goto end; 952 } 953 954 case RPCAP_MSG_STATS_REQ: 955 { 956 if (daemon_msg_stats_req(header.ver, &pars, 957 session, plen, &stats, svrcapt) == -1) 958 { 959 // Fatal error; a message has 960 // been logged, so just give up. 961 goto end; 962 } 963 break; 964 } 965 966 case RPCAP_MSG_ENDCAP_REQ: // The other endpoint close the current capture session 967 { 968 if (session) 969 { 970 // Save statistics (we can need them in the future) 971 if (pcap_stats(session->fp, &stats)) 972 { 973 svrcapt = session->TotCapt; 974 } 975 else 976 { 977 stats.ps_ifdrop = 0; 978 stats.ps_recv = 0; 979 stats.ps_drop = 0; 980 svrcapt = 0; 981 } 982 983 if (daemon_msg_endcap_req(header.ver, 984 &pars, session) == -1) 985 { 986 free(session); 987 session = NULL; 988 // Fatal error; a message has 989 // been logged, so just give up. 990 goto end; 991 } 992 free(session); 993 session = NULL; 994 } 995 else 996 { 997 rpcap_senderror(pars.sockctrl, pars.ssl, 998 header.ver, 999 PCAP_ERR_ENDCAPTURE, 1000 "Device not opened. Cannot close the capture", 1001 errbuf); 1002 } 1003 break; 1004 } 1005 1006 case RPCAP_MSG_SETSAMPLING_REQ: 1007 { 1008 if (daemon_msg_setsampling_req(header.ver, 1009 &pars, plen, &samp_param) == -1) 1010 { 1011 // Fatal error; a message has 1012 // been logged, so just give up. 1013 goto end; 1014 } 1015 break; 1016 } 1017 1018 case RPCAP_MSG_AUTH_REQ: 1019 { 1020 // 1021 // We're already authenticated; you don't 1022 // get to reauthenticate. 1023 // 1024 rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed"); 1025 if (rpcap_senderror(pars.sockctrl, pars.ssl, 1026 header.ver, 1027 PCAP_ERR_WRONGMSG, 1028 "RPCAP_MSG_AUTH_REQ request sent after authentication was completed", 1029 errbuf) == -1) 1030 { 1031 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1032 goto end; 1033 } 1034 // Discard the rest of the message. 1035 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) 1036 { 1037 // Fatal error. 1038 goto end; 1039 } 1040 goto end; 1041 1042 case RPCAP_MSG_PACKET: 1043 case RPCAP_MSG_FINDALLIF_REPLY: 1044 case RPCAP_MSG_OPEN_REPLY: 1045 case RPCAP_MSG_STARTCAP_REPLY: 1046 case RPCAP_MSG_UPDATEFILTER_REPLY: 1047 case RPCAP_MSG_AUTH_REPLY: 1048 case RPCAP_MSG_STATS_REPLY: 1049 case RPCAP_MSG_ENDCAP_REPLY: 1050 case RPCAP_MSG_SETSAMPLING_REPLY: 1051 // 1052 // These are server-to-client messages. 1053 // 1054 msg_type_string = rpcap_msg_type_string(header.type); 1055 if (msg_type_string != NULL) 1056 { 1057 rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string); 1058 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string); 1059 } 1060 else 1061 { 1062 rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type); 1063 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type); 1064 } 1065 if (rpcap_senderror(pars.sockctrl, pars.ssl, 1066 header.ver, PCAP_ERR_WRONGMSG, 1067 errmsgbuf, errbuf) == -1) 1068 { 1069 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1070 goto end; 1071 } 1072 // Discard the rest of the message. 1073 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) 1074 { 1075 // Fatal error. 1076 goto end; 1077 } 1078 goto end; 1079 1080 default: 1081 // 1082 // Unknown message type. 1083 // 1084 rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type); 1085 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type); 1086 if (rpcap_senderror(pars.sockctrl, pars.ssl, 1087 header.ver, PCAP_ERR_WRONGMSG, 1088 errbuf, errmsgbuf) == -1) 1089 { 1090 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1091 goto end; 1092 } 1093 // Discard the rest of the message. 1094 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1) 1095 { 1096 // Fatal error. 1097 goto end; 1098 } 1099 goto end; 1100 } 1101 } 1102 } 1103 1104 end: 1105 // The service loop is finishing up. 1106 // If we have a capture session running, close it. 1107 if (session) 1108 { 1109 session_close(session); 1110 free(session); 1111 session = NULL; 1112 } 1113 1114 if (passiveClients) { 1115 free(passiveClients); 1116 } 1117 // 1118 // Finish using the SSL handle for the control socket, if we 1119 // have an SSL connection, and close the control socket. 1120 // 1121 #ifdef HAVE_OPENSSL 1122 if (ssl) 1123 { 1124 // Finish using the SSL handle for the socket. 1125 // This must be done *before* the socket is closed. 1126 ssl_finish(ssl); 1127 } 1128 #endif 1129 sock_close(sockctrl, NULL, 0); 1130 1131 // Print message and return 1132 rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop"); 1133 1134 return client_told_us_to_close; 1135 } 1136 1137 /* 1138 * This handles the RPCAP_MSG_ERR message. 1139 */ 1140 static int 1141 daemon_msg_err(SOCKET sockctrl, SSL *ssl, uint32 plen) 1142 { 1143 char errbuf[PCAP_ERRBUF_SIZE]; 1144 char remote_errbuf[PCAP_ERRBUF_SIZE]; 1145 1146 if (plen >= PCAP_ERRBUF_SIZE) 1147 { 1148 /* 1149 * Message is too long; just read as much of it as we 1150 * can into the buffer provided, and discard the rest. 1151 */ 1152 if (sock_recv(sockctrl, ssl, remote_errbuf, PCAP_ERRBUF_SIZE - 1, 1153 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, 1154 PCAP_ERRBUF_SIZE) == -1) 1155 { 1156 // Network error. 1157 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); 1158 return -1; 1159 } 1160 if (rpcapd_discard(sockctrl, ssl, plen - (PCAP_ERRBUF_SIZE - 1)) == -1) 1161 { 1162 // Network error. 1163 return -1; 1164 } 1165 1166 /* 1167 * Null-terminate it. 1168 */ 1169 remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0'; 1170 } 1171 else if (plen == 0) 1172 { 1173 /* Empty error string. */ 1174 remote_errbuf[0] = '\0'; 1175 } 1176 else 1177 { 1178 if (sock_recv(sockctrl, ssl, remote_errbuf, plen, 1179 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, 1180 PCAP_ERRBUF_SIZE) == -1) 1181 { 1182 // Network error. 1183 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); 1184 return -1; 1185 } 1186 1187 /* 1188 * Null-terminate it. 1189 */ 1190 remote_errbuf[plen] = '\0'; 1191 } 1192 // Log the message 1193 rpcapd_log(LOGPRIO_ERROR, "Error from client: %s", remote_errbuf); 1194 return 0; 1195 } 1196 1197 /* 1198 * This handles the RPCAP_MSG_AUTH_REQ message. 1199 * It checks if the authentication credentials supplied by the user are valid. 1200 * 1201 * This function is called if the daemon receives a RPCAP_MSG_AUTH_REQ 1202 * message in its authentication loop. It reads the body of the 1203 * authentication message from the network and checks whether the 1204 * credentials are valid. 1205 * 1206 * \param sockctrl: the socket for the control connection. 1207 * 1208 * \param nullAuthAllowed: '1' if the NULL authentication is allowed. 1209 * 1210 * \param errbuf: a user-allocated buffer in which the error message 1211 * (if one) has to be written. It must be at least PCAP_ERRBUF_SIZE 1212 * bytes long. 1213 * 1214 * \return '0' if everything is fine, '-1' if an unrecoverable error occurred, 1215 * or '-2' if the authentication failed. For errors, an error message is 1216 * returned in the 'errbuf' variable; this gives a message for the 1217 * unrecoverable error or for the authentication failure. 1218 */ 1219 static int 1220 daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen) 1221 { 1222 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors 1223 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client 1224 int status; 1225 struct rpcap_auth auth; // RPCAP authentication header 1226 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered 1227 int sendbufidx = 0; // index which keeps the number of bytes currently buffered 1228 struct rpcap_authreply *authreply; // authentication reply message 1229 1230 status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf); 1231 if (status == -1) 1232 { 1233 return -1; 1234 } 1235 if (status == -2) 1236 { 1237 goto error; 1238 } 1239 1240 switch (ntohs(auth.type)) 1241 { 1242 case RPCAP_RMTAUTH_NULL: 1243 { 1244 if (!pars->nullAuthAllowed) 1245 { 1246 // Send the client an error reply. 1247 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, 1248 "Authentication failed; NULL authentication not permitted."); 1249 if (rpcap_senderror(pars->sockctrl, pars->ssl, 1250 0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1) 1251 { 1252 // That failed; log a message and give up. 1253 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1254 return -1; 1255 } 1256 goto error_noreply; 1257 } 1258 break; 1259 } 1260 1261 case RPCAP_RMTAUTH_PWD: 1262 { 1263 char *username, *passwd; 1264 uint32 usernamelen, passwdlen; 1265 1266 usernamelen = ntohs(auth.slen1); 1267 username = (char *) malloc (usernamelen + 1); 1268 if (username == NULL) 1269 { 1270 pcap_fmt_errmsg_for_errno(errmsgbuf, 1271 PCAP_ERRBUF_SIZE, errno, "malloc() failed"); 1272 goto error; 1273 } 1274 status = rpcapd_recv(pars->sockctrl, pars->ssl, username, usernamelen, &plen, errmsgbuf); 1275 if (status == -1) 1276 { 1277 free(username); 1278 return -1; 1279 } 1280 if (status == -2) 1281 { 1282 free(username); 1283 goto error; 1284 } 1285 username[usernamelen] = '\0'; 1286 1287 passwdlen = ntohs(auth.slen2); 1288 passwd = (char *) malloc (passwdlen + 1); 1289 if (passwd == NULL) 1290 { 1291 pcap_fmt_errmsg_for_errno(errmsgbuf, 1292 PCAP_ERRBUF_SIZE, errno, "malloc() failed"); 1293 free(username); 1294 goto error; 1295 } 1296 status = rpcapd_recv(pars->sockctrl, pars->ssl, passwd, passwdlen, &plen, errmsgbuf); 1297 if (status == -1) 1298 { 1299 free(username); 1300 free(passwd); 1301 return -1; 1302 } 1303 if (status == -2) 1304 { 1305 free(username); 1306 free(passwd); 1307 goto error; 1308 } 1309 passwd[passwdlen] = '\0'; 1310 1311 if (daemon_AuthUserPwd(username, passwd, errmsgbuf)) 1312 { 1313 // 1314 // Authentication failed. Let the client 1315 // know. 1316 // 1317 free(username); 1318 free(passwd); 1319 if (rpcap_senderror(pars->sockctrl, pars->ssl, 1320 0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1) 1321 { 1322 // That failed; log a message and give up. 1323 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1324 return -1; 1325 } 1326 1327 // 1328 // Suspend for 1 second, so that they can't 1329 // hammer us with repeated tries with an 1330 // attack such as a dictionary attack. 1331 // 1332 // WARNING: this delay is inserted only 1333 // at this point; if the client closes the 1334 // connection and reconnects, the suspension 1335 // time does not have any effect. 1336 // 1337 sleep_secs(RPCAP_SUSPEND_WRONGAUTH); 1338 goto error_noreply; 1339 } 1340 1341 free(username); 1342 free(passwd); 1343 break; 1344 } 1345 1346 default: 1347 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, 1348 "Authentication type not recognized."); 1349 if (rpcap_senderror(pars->sockctrl, pars->ssl, 1350 0, PCAP_ERR_AUTH_TYPE_NOTSUP, errmsgbuf, errbuf) == -1) 1351 { 1352 // That failed; log a message and give up. 1353 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1354 return -1; 1355 } 1356 goto error_noreply; 1357 } 1358 1359 // The authentication succeeded; let the client know. 1360 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx, 1361 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 1362 goto error; 1363 1364 rpcap_createhdr((struct rpcap_header *) sendbuf, 0, 1365 RPCAP_MSG_AUTH_REPLY, 0, sizeof(struct rpcap_authreply)); 1366 1367 authreply = (struct rpcap_authreply *) &sendbuf[sendbufidx]; 1368 1369 if (sock_bufferize(NULL, sizeof(struct rpcap_authreply), NULL, &sendbufidx, 1370 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 1371 goto error; 1372 1373 // 1374 // Indicate to our peer what versions we support and what our 1375 // version of the byte-order magic is (which will tell the 1376 // client whether our byte order differs from theirs, in which 1377 // case they will need to byte-swap some fields in some 1378 // link-layer types' headers). 1379 // 1380 memset(authreply, 0, sizeof(struct rpcap_authreply)); 1381 authreply->minvers = RPCAP_MIN_VERSION; 1382 authreply->maxvers = RPCAP_MAX_VERSION; 1383 authreply->byte_order_magic = RPCAP_BYTE_ORDER_MAGIC; 1384 1385 // Send the reply. 1386 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1) 1387 { 1388 // That failed; log a message and give up. 1389 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1390 return -1; 1391 } 1392 1393 // Check if all the data has been read; if not, discard the data in excess 1394 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 1395 { 1396 return -1; 1397 } 1398 1399 return 0; 1400 1401 error: 1402 if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH, 1403 errmsgbuf, errbuf) == -1) 1404 { 1405 // That failed; log a message and give up. 1406 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1407 return -1; 1408 } 1409 1410 error_noreply: 1411 // Check if all the data has been read; if not, discard the data in excess 1412 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 1413 { 1414 return -1; 1415 } 1416 1417 return -2; 1418 } 1419 1420 static int 1421 daemon_AuthUserPwd(char *username, char *password, char *errbuf) 1422 { 1423 #ifdef _WIN32 1424 /* 1425 * Warning: the user which launches the process must have the 1426 * SE_TCB_NAME right. 1427 * This corresponds to have the "Act as part of the Operating System" 1428 * turned on (administrative tools, local security settings, local 1429 * policies, user right assignment) 1430 * However, it seems to me that if you run it as a service, this 1431 * right should be provided by default. 1432 * 1433 * XXX - hopefully, this returns errors such as ERROR_LOGON_FAILURE, 1434 * which merely indicates that the user name or password is 1435 * incorrect, not whether it's the user name or the password 1436 * that's incorrect, so a client that's trying to brute-force 1437 * accounts doesn't know whether it's the user name or the 1438 * password that's incorrect, so it doesn't know whether to 1439 * stop trying to log in with a given user name and move on 1440 * to another user name. 1441 */ 1442 DWORD error; 1443 HANDLE Token; 1444 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to log 1445 1446 if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0) 1447 { 1448 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); 1449 error = GetLastError(); 1450 if (error != ERROR_LOGON_FAILURE) 1451 { 1452 // Some error other than an authentication error; 1453 // log it. 1454 pcap_fmt_errmsg_for_win32_err(errmsgbuf, 1455 PCAP_ERRBUF_SIZE, error, "LogonUser() failed"); 1456 rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf); 1457 } 1458 return -1; 1459 } 1460 1461 // This call should change the current thread to the selected user. 1462 // I didn't test it. 1463 if (ImpersonateLoggedOnUser(Token) == 0) 1464 { 1465 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); 1466 pcap_fmt_errmsg_for_win32_err(errmsgbuf, PCAP_ERRBUF_SIZE, 1467 GetLastError(), "ImpersonateLoggedOnUser() failed"); 1468 rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf); 1469 CloseHandle(Token); 1470 return -1; 1471 } 1472 1473 CloseHandle(Token); 1474 return 0; 1475 1476 #else 1477 /* 1478 * See 1479 * 1480 * https://www.unixpapa.com/incnote/passwd.html 1481 * 1482 * We use the Solaris/Linux shadow password authentication if 1483 * we have getspnam(), otherwise we just do traditional 1484 * authentication, which, on some platforms, might work, even 1485 * with shadow passwords, if we're running as root. Traditional 1486 * authenticaion won't work if we're not running as root, as 1487 * I think these days all UN*Xes either won't return the password 1488 * at all with getpwnam() or will only do so if you're root. 1489 * 1490 * XXX - perhaps what we *should* be using is PAM, if we have 1491 * it. That might hide all the details of username/password 1492 * authentication, whether it's done with a visible-to-root- 1493 * only password database or some other authentication mechanism, 1494 * behind its API. 1495 */ 1496 int error; 1497 struct passwd *user; 1498 char *user_password; 1499 #ifdef HAVE_GETSPNAM 1500 struct spwd *usersp; 1501 #endif 1502 char *crypt_password; 1503 1504 // This call is needed to get the uid 1505 if ((user = getpwnam(username)) == NULL) 1506 { 1507 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); 1508 return -1; 1509 } 1510 1511 #ifdef HAVE_GETSPNAM 1512 // This call is needed to get the password; otherwise 'x' is returned 1513 if ((usersp = getspnam(username)) == NULL) 1514 { 1515 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); 1516 return -1; 1517 } 1518 user_password = usersp->sp_pwdp; 1519 #else 1520 /* 1521 * XXX - what about other platforms? 1522 * The unixpapa.com page claims this Just Works on *BSD if you're 1523 * running as root - it's from 2000, so it doesn't indicate whether 1524 * macOS (which didn't come out until 2001, under the name Mac OS 1525 * X) behaves like the *BSDs or not, and might also work on AIX. 1526 * HP-UX does something else. 1527 * 1528 * Again, hopefully PAM hides all that. 1529 */ 1530 user_password = user->pw_passwd; 1531 #endif 1532 1533 // 1534 // The Single UNIX Specification says that if crypt() fails it 1535 // sets errno, but some implementatons that haven't been run 1536 // through the SUS test suite might not do so. 1537 // 1538 errno = 0; 1539 crypt_password = crypt(password, user_password); 1540 if (crypt_password == NULL) 1541 { 1542 error = errno; 1543 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); 1544 if (error == 0) 1545 { 1546 // It didn't set errno. 1547 rpcapd_log(LOGPRIO_ERROR, "crypt() failed"); 1548 } 1549 else 1550 { 1551 rpcapd_log(LOGPRIO_ERROR, "crypt() failed: %s", 1552 strerror(error)); 1553 } 1554 return -1; 1555 } 1556 if (strcmp(user_password, crypt_password) != 0) 1557 { 1558 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); 1559 return -1; 1560 } 1561 1562 if (setuid(user->pw_uid)) 1563 { 1564 error = errno; 1565 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1566 error, "setuid"); 1567 rpcapd_log(LOGPRIO_ERROR, "setuid() failed: %s", 1568 strerror(error)); 1569 return -1; 1570 } 1571 1572 /* if (setgid(user->pw_gid)) 1573 { 1574 error = errno; 1575 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1576 errno, "setgid"); 1577 rpcapd_log(LOGPRIO_ERROR, "setgid() failed: %s", 1578 strerror(error)); 1579 return -1; 1580 } 1581 */ 1582 return 0; 1583 1584 #endif 1585 1586 } 1587 1588 /* 1589 * Make sure that the reply length won't overflow 32 bits if we add the 1590 * specified amount to it. If it won't, add that amount to it. 1591 * 1592 * We check whether replylen + itemlen > UINT32_MAX, but subtract itemlen 1593 * from both sides, to prevent overflow. 1594 */ 1595 #define CHECK_AND_INCREASE_REPLY_LEN(itemlen) \ 1596 if (replylen > UINT32_MAX - (itemlen)) { \ 1597 pcap_strlcpy(errmsgbuf, "Reply length doesn't fit in 32 bits", \ 1598 sizeof (errmsgbuf)); \ 1599 goto error; \ 1600 } \ 1601 replylen += (uint32)(itemlen) 1602 1603 static int 1604 daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen) 1605 { 1606 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors 1607 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client 1608 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered 1609 int sendbufidx = 0; // index which keeps the number of bytes currently buffered 1610 pcap_if_t *alldevs = NULL; // pointer to the header of the interface chain 1611 pcap_if_t *d; // temp pointer needed to scan the interface chain 1612 struct pcap_addr *address; // pcap structure that keeps a network address of an interface 1613 uint32 replylen; // length of reply payload 1614 uint16 nif = 0; // counts the number of interface listed 1615 1616 // Discard the rest of the message; there shouldn't be any payload. 1617 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 1618 { 1619 // Network error. 1620 return -1; 1621 } 1622 1623 // Retrieve the device list 1624 if (pcap_findalldevs(&alldevs, errmsgbuf) == -1) 1625 goto error; 1626 1627 if (alldevs == NULL) 1628 { 1629 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, 1630 PCAP_ERR_NOREMOTEIF, 1631 "No interfaces found! Make sure libpcap/WinPcap is properly installed" 1632 " and you have the right to access to the remote device.", 1633 errbuf) == -1) 1634 { 1635 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1636 return -1; 1637 } 1638 return 0; 1639 } 1640 1641 // This checks the number of interfaces and computes the total 1642 // length of the payload. 1643 replylen = 0; 1644 for (d = alldevs; d != NULL; d = d->next) 1645 { 1646 nif++; 1647 1648 if (d->description) { 1649 size_t stringlen = strlen(d->description); 1650 if (stringlen > UINT16_MAX) { 1651 pcap_strlcpy(errmsgbuf, 1652 "Description length doesn't fit in 16 bits", 1653 sizeof (errmsgbuf)); 1654 goto error; 1655 } 1656 CHECK_AND_INCREASE_REPLY_LEN(stringlen); 1657 } 1658 if (d->name) { 1659 size_t stringlen = strlen(d->name); 1660 if (stringlen > UINT16_MAX) { 1661 pcap_strlcpy(errmsgbuf, 1662 "Name length doesn't fit in 16 bits", 1663 sizeof (errmsgbuf)); 1664 goto error; 1665 } 1666 CHECK_AND_INCREASE_REPLY_LEN(stringlen); 1667 } 1668 1669 CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_findalldevs_if)); 1670 1671 uint16_t naddrs = 0; 1672 for (address = d->addresses; address != NULL; address = address->next) 1673 { 1674 /* 1675 * Send only IPv4 and IPv6 addresses over the wire. 1676 */ 1677 switch (address->addr->sa_family) 1678 { 1679 case AF_INET: 1680 #ifdef AF_INET6 1681 case AF_INET6: 1682 #endif 1683 CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_sockaddr) * 4); 1684 if (naddrs == UINT16_MAX) { 1685 pcap_strlcpy(errmsgbuf, 1686 "Number of interfaces doesn't fit in 16 bits", 1687 sizeof (errmsgbuf)); 1688 goto error; 1689 } 1690 naddrs++; 1691 break; 1692 1693 default: 1694 break; 1695 } 1696 } 1697 } 1698 1699 // RPCAP findalldevs reply 1700 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, 1701 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, 1702 PCAP_ERRBUF_SIZE) == -1) 1703 goto error; 1704 1705 rpcap_createhdr((struct rpcap_header *) sendbuf, ver, 1706 RPCAP_MSG_FINDALLIF_REPLY, nif, replylen); 1707 1708 // send the interface list 1709 for (d = alldevs; d != NULL; d = d->next) 1710 { 1711 uint16 lname, ldescr; 1712 1713 // Note: the findalldevs_if entries are *not* neatly 1714 // aligned on 4-byte boundaries, because they're 1715 // preceded by strings that aren't padded to 4-byte 1716 // boundaries, so we cannot just cast output buffer 1717 // boundaries to struct rpcap_findalldevs_if pointers 1718 // and store into them - we must fill in a structure and 1719 // then copy the structure to the buffer, as not all 1720 // systems support unaligned access (some, such as 1721 // SPARC, crash; others, such as Arm, may just ignore 1722 // the lower-order bits). 1723 struct rpcap_findalldevs_if findalldevs_if; 1724 1725 /* 1726 * We've already established that the string lengths 1727 * fit in 16 bits. 1728 */ 1729 if (d->description) 1730 ldescr = (uint16) strlen(d->description); 1731 else 1732 ldescr = 0; 1733 if (d->name) 1734 lname = (uint16) strlen(d->name); 1735 else 1736 lname = 0; 1737 1738 findalldevs_if.desclen = htons(ldescr); 1739 findalldevs_if.namelen = htons(lname); 1740 findalldevs_if.flags = htonl(d->flags); 1741 1742 uint16_t naddrs = 0; 1743 for (address = d->addresses; address != NULL; address = address->next) 1744 { 1745 /* 1746 * Send only IPv4 and IPv6 addresses over the wire. 1747 */ 1748 switch (address->addr->sa_family) 1749 { 1750 case AF_INET: 1751 #ifdef AF_INET6 1752 case AF_INET6: 1753 #endif 1754 naddrs++; 1755 break; 1756 1757 default: 1758 break; 1759 } 1760 } 1761 findalldevs_if.naddr = htons(naddrs); 1762 findalldevs_if.dummy = 0; 1763 1764 if (sock_bufferize(&findalldevs_if, sizeof(struct rpcap_findalldevs_if), sendbuf, 1765 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf, 1766 PCAP_ERRBUF_SIZE) == -1) 1767 goto error; 1768 1769 if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx, 1770 RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf, 1771 PCAP_ERRBUF_SIZE) == -1) 1772 goto error; 1773 1774 if (sock_bufferize(d->description, ldescr, sendbuf, &sendbufidx, 1775 RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf, 1776 PCAP_ERRBUF_SIZE) == -1) 1777 goto error; 1778 1779 // send all addresses 1780 for (address = d->addresses; address != NULL; address = address->next) 1781 { 1782 struct rpcap_sockaddr *sockaddr; 1783 1784 /* 1785 * Send only IPv4 and IPv6 addresses over the wire. 1786 */ 1787 switch (address->addr->sa_family) 1788 { 1789 case AF_INET: 1790 #ifdef AF_INET6 1791 case AF_INET6: 1792 #endif 1793 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx]; 1794 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL, 1795 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 1796 goto error; 1797 daemon_seraddr((struct sockaddr_storage *) address->addr, sockaddr); 1798 1799 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx]; 1800 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL, 1801 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 1802 goto error; 1803 daemon_seraddr((struct sockaddr_storage *) address->netmask, sockaddr); 1804 1805 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx]; 1806 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL, 1807 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 1808 goto error; 1809 daemon_seraddr((struct sockaddr_storage *) address->broadaddr, sockaddr); 1810 1811 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx]; 1812 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL, 1813 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 1814 goto error; 1815 daemon_seraddr((struct sockaddr_storage *) address->dstaddr, sockaddr); 1816 break; 1817 1818 default: 1819 break; 1820 } 1821 } 1822 } 1823 1824 // We no longer need the device list. Free it. 1825 pcap_freealldevs(alldevs); 1826 1827 // Send a final command that says "now send it!" 1828 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1) 1829 { 1830 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1831 return -1; 1832 } 1833 1834 return 0; 1835 1836 error: 1837 if (alldevs) 1838 pcap_freealldevs(alldevs); 1839 1840 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, 1841 PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1) 1842 { 1843 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1844 return -1; 1845 } 1846 return 0; 1847 } 1848 1849 /* 1850 \param plen: the length of the current message (needed in order to be able 1851 to discard excess data in the message, if present) 1852 */ 1853 static int 1854 daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, 1855 char *source, size_t sourcelen) 1856 { 1857 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors 1858 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client 1859 pcap_t *fp; // pcap_t main variable 1860 int nread; 1861 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered 1862 int sendbufidx = 0; // index which keeps the number of bytes currently buffered 1863 struct rpcap_openreply *openreply; // open reply message 1864 1865 if (plen > sourcelen - 1) 1866 { 1867 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long"); 1868 goto error; 1869 } 1870 1871 nread = sock_recv(pars->sockctrl, pars->ssl, source, plen, 1872 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE); 1873 if (nread == -1) 1874 { 1875 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); 1876 return -1; 1877 } 1878 source[nread] = '\0'; 1879 plen -= nread; 1880 1881 // Is this a URL rather than a device? 1882 // If so, reject it. 1883 if (is_url(source)) 1884 { 1885 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string refers to a remote device"); 1886 goto error; 1887 } 1888 1889 // Open the selected device 1890 // This is a fake open, since we do that only to get the needed parameters, then we close the device again 1891 if ((fp = pcap_open_live(source, 1892 1500 /* fake snaplen */, 1893 0 /* no promisc */, 1894 1000 /* fake timeout */, 1895 errmsgbuf)) == NULL) 1896 goto error; 1897 1898 // Now, I can send a RPCAP open reply message 1899 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx, 1900 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 1901 goto error; 1902 1903 rpcap_createhdr((struct rpcap_header *) sendbuf, ver, 1904 RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply)); 1905 1906 openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx]; 1907 1908 if (sock_bufferize(NULL, sizeof(struct rpcap_openreply), NULL, &sendbufidx, 1909 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 1910 goto error; 1911 1912 memset(openreply, 0, sizeof(struct rpcap_openreply)); 1913 openreply->linktype = htonl(pcap_datalink(fp)); 1914 /* 1915 * This is always 0 for live captures; we no longer support it 1916 * as something we read from capture files and supply to 1917 * clients, but we have to send it over the wire, as open 1918 * replies are expected to have 8 bytes of payload by 1919 * existing clients. 1920 */ 1921 openreply->tzoff = 0; 1922 1923 // We're done with the pcap_t. 1924 pcap_close(fp); 1925 1926 // Send the reply. 1927 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1) 1928 { 1929 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1930 return -1; 1931 } 1932 return 0; 1933 1934 error: 1935 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_OPEN, 1936 errmsgbuf, errbuf) == -1) 1937 { 1938 // That failed; log a message and give up. 1939 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 1940 return -1; 1941 } 1942 1943 // Check if all the data has been read; if not, discard the data in excess 1944 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 1945 { 1946 return -1; 1947 } 1948 return 0; 1949 } 1950 1951 /* 1952 \param plen: the length of the current message (needed in order to be able 1953 to discard excess data in the message, if present) 1954 */ 1955 static int 1956 daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, 1957 char *source, struct session **sessionp, 1958 struct rpcap_sampling *samp_param _U_, int uses_ssl) 1959 { 1960 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors 1961 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client 1962 char portdata[PCAP_BUF_SIZE]; // temp variable needed to derive the data port 1963 char peerhost[PCAP_BUF_SIZE]; // temp variable needed to derive the host name of our peer 1964 struct session *session = NULL; // saves state of session 1965 int status; 1966 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered 1967 int sendbufidx = 0; // index which keeps the number of bytes currently buffered 1968 1969 // socket-related variables 1970 struct addrinfo hints; // temp, needed to open a socket connection 1971 struct addrinfo *addrinfo; // temp, needed to open a socket connection 1972 struct sockaddr_storage saddr; // temp, needed to retrieve the network data port chosen on the local machine 1973 socklen_t saddrlen; // temp, needed to retrieve the network data port chosen on the local machine 1974 int ret; // return value from functions 1975 1976 // RPCAP-related variables 1977 struct rpcap_startcapreq startcapreq; // start capture request message 1978 struct rpcap_startcapreply *startcapreply; // start capture reply message 1979 int serveropen_dp; // keeps who is going to open the data connection 1980 1981 addrinfo = NULL; 1982 1983 status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &startcapreq, 1984 sizeof(struct rpcap_startcapreq), &plen, errmsgbuf); 1985 if (status == -1) 1986 { 1987 goto fatal_error; 1988 } 1989 if (status == -2) 1990 { 1991 goto error; 1992 } 1993 1994 startcapreq.flags = ntohs(startcapreq.flags); 1995 1996 // Check that the client does not ask for UDP is the server has been asked 1997 // to enforce encryption, as SSL is not supported yet with UDP: 1998 if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM)) 1999 { 2000 snprintf(errbuf, PCAP_ERRBUF_SIZE, 2001 "SSL not supported with UDP forward of remote packets"); 2002 goto error; 2003 } 2004 2005 // Create a session structure 2006 session = malloc(sizeof(struct session)); 2007 if (session == NULL) 2008 { 2009 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure"); 2010 goto error; 2011 } 2012 2013 session->sockdata = INVALID_SOCKET; 2014 session->ctrl_ssl = session->data_ssl = NULL; 2015 // We don't have a thread yet. 2016 session->have_thread = 0; 2017 // 2018 // We *shouldn't* have to initialize the thread indicator 2019 // itself, because the compiler *should* realize that we 2020 // only use this if have_thread isn't 0, but we *do* have 2021 // to do it, because not all compilers *do* realize that. 2022 // 2023 // There is no "invalid thread handle" value for a UN*X 2024 // pthread_t, so we just zero it out. 2025 // 2026 #ifdef _WIN32 2027 session->thread = INVALID_HANDLE_VALUE; 2028 #else 2029 memset(&session->thread, 0, sizeof(session->thread)); 2030 #endif 2031 2032 // Open the selected device 2033 if ((session->fp = pcap_open_live(source, 2034 ntohl(startcapreq.snaplen), 2035 (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_PROMISC) ? 1 : 0 /* local device, other flags not needed */, 2036 ntohl(startcapreq.read_timeout), 2037 errmsgbuf)) == NULL) 2038 goto error; 2039 2040 #if 0 2041 // Apply sampling parameters 2042 fp->rmt_samp.method = samp_param->method; 2043 fp->rmt_samp.value = samp_param->value; 2044 #endif 2045 2046 /* 2047 We're in active mode if: 2048 - we're using TCP, and the user wants us to be in active mode 2049 - we're using UDP 2050 */ 2051 serveropen_dp = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_SERVEROPEN) || (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) || pars->isactive; 2052 2053 /* 2054 Gets the sockaddr structure referred to the other peer in the ctrl connection 2055 2056 We need that because: 2057 - if we're in passive mode, we need to know the address family we want to use 2058 (the same used for the ctrl socket) 2059 - if we're in active mode, we need to know the network address of the other host 2060 we want to connect to 2061 */ 2062 saddrlen = sizeof(struct sockaddr_storage); 2063 if (getpeername(pars->sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1) 2064 { 2065 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE, 2066 "getpeername() failed"); 2067 goto error; 2068 } 2069 2070 memset(&hints, 0, sizeof(struct addrinfo)); 2071 hints.ai_socktype = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) ? SOCK_DGRAM : SOCK_STREAM; 2072 hints.ai_family = saddr.ss_family; 2073 2074 // Now we have to create a new socket to send packets 2075 if (serveropen_dp) // Data connection is opened by the server toward the client 2076 { 2077 snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata)); 2078 2079 // Get the name of the other peer (needed to connect to that specific network address) 2080 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost, 2081 sizeof(peerhost), NULL, 0, NI_NUMERICHOST)) 2082 { 2083 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE, 2084 "getnameinfo() failed"); 2085 goto error; 2086 } 2087 2088 if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 2089 goto error; 2090 2091 if ((session->sockdata = sock_open(peerhost, addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) 2092 goto error; 2093 } 2094 else // Data connection is opened by the client toward the server 2095 { 2096 hints.ai_flags = AI_PASSIVE; 2097 2098 // Make the server socket pick up a free network port for us 2099 if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 2100 goto error; 2101 2102 if ((session->sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) 2103 goto error; 2104 2105 // get the complete sockaddr structure used in the data connection 2106 saddrlen = sizeof(struct sockaddr_storage); 2107 if (getsockname(session->sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1) 2108 { 2109 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE, 2110 "getsockname() failed"); 2111 goto error; 2112 } 2113 2114 // Get the local port the system picked up 2115 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL, 2116 0, portdata, sizeof(portdata), NI_NUMERICSERV)) 2117 { 2118 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE, 2119 "getnameinfo() failed"); 2120 goto error; 2121 } 2122 } 2123 2124 // addrinfo is no longer used 2125 freeaddrinfo(addrinfo); 2126 addrinfo = NULL; 2127 2128 // Needed to send an error on the ctrl connection 2129 session->sockctrl = pars->sockctrl; 2130 session->ctrl_ssl = pars->ssl; 2131 session->protocol_version = ver; 2132 2133 // Now I can set the filter 2134 ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf); 2135 if (ret == -1) 2136 { 2137 // Fatal error. A message has been logged; just give up. 2138 goto fatal_error; 2139 } 2140 if (ret == -2) 2141 { 2142 // Non-fatal error. Send an error message to the client. 2143 goto error; 2144 } 2145 2146 // Now, I can send a RPCAP start capture reply message 2147 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx, 2148 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 2149 goto error; 2150 2151 rpcap_createhdr((struct rpcap_header *) sendbuf, ver, 2152 RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply)); 2153 2154 startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx]; 2155 2156 if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreply), NULL, 2157 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 2158 goto error; 2159 2160 memset(startcapreply, 0, sizeof(struct rpcap_startcapreply)); 2161 startcapreply->bufsize = htonl(pcap_bufsize(session->fp)); 2162 2163 if (!serveropen_dp) 2164 { 2165 unsigned short port = (unsigned short)strtoul(portdata,NULL,10); 2166 startcapreply->portdata = htons(port); 2167 } 2168 2169 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1) 2170 { 2171 // That failed; log a message and give up. 2172 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 2173 goto fatal_error; 2174 } 2175 2176 if (!serveropen_dp) 2177 { 2178 SOCKET socktemp; // We need another socket, since we're going to accept() a connection 2179 2180 // Connection creation 2181 saddrlen = sizeof(struct sockaddr_storage); 2182 2183 socktemp = accept(session->sockdata, (struct sockaddr *) &saddr, &saddrlen); 2184 2185 if (socktemp == INVALID_SOCKET) 2186 { 2187 sock_geterrmsg(errbuf, PCAP_ERRBUF_SIZE, 2188 "accept() failed"); 2189 rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s", 2190 errbuf); 2191 goto error; 2192 } 2193 2194 // Now that I accepted the connection, the server socket is no longer needed 2195 sock_close(session->sockdata, NULL, 0); 2196 session->sockdata = socktemp; 2197 } 2198 2199 SSL *ssl = NULL; 2200 if (uses_ssl) 2201 { 2202 #ifdef HAVE_OPENSSL 2203 /* In both active or passive cases, wait for the client to initiate the 2204 * TLS handshake. Yes during that time the control socket will not be 2205 * served, but the same was true from the above call to accept(). */ 2206 ssl = ssl_promotion(1, session->sockdata, errbuf, PCAP_ERRBUF_SIZE); 2207 if (! ssl) 2208 { 2209 rpcapd_log(LOGPRIO_ERROR, "TLS handshake failed: %s", errbuf); 2210 goto error; 2211 } 2212 #endif 2213 } 2214 session->data_ssl = ssl; 2215 2216 // Now we have to create a new thread to receive packets 2217 #ifdef _WIN32 2218 session->thread = (HANDLE)_beginthreadex(NULL, 0, daemon_thrdatamain, 2219 (void *) session, 0, NULL); 2220 if (session->thread == 0) 2221 { 2222 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread"); 2223 goto error; 2224 } 2225 #else 2226 ret = pthread_create(&session->thread, NULL, daemon_thrdatamain, 2227 (void *) session); 2228 if (ret != 0) 2229 { 2230 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 2231 ret, "Error creating the data thread"); 2232 goto error; 2233 } 2234 #endif 2235 session->have_thread = 1; 2236 2237 // Check if all the data has been read; if not, discard the data in excess 2238 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 2239 goto fatal_error; 2240 2241 *sessionp = session; 2242 return 0; 2243 2244 error: 2245 // 2246 // Not a fatal error, so send the client an error message and 2247 // keep serving client requests. 2248 // 2249 *sessionp = NULL; 2250 2251 if (addrinfo) 2252 freeaddrinfo(addrinfo); 2253 2254 if (session) 2255 { 2256 session_close(session); 2257 free(session); 2258 } 2259 2260 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, 2261 PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1) 2262 { 2263 // That failed; log a message and give up. 2264 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 2265 return -1; 2266 } 2267 2268 // Check if all the data has been read; if not, discard the data in excess 2269 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 2270 { 2271 // Network error. 2272 return -1; 2273 } 2274 2275 return 0; 2276 2277 fatal_error: 2278 // 2279 // Fatal network error, so don't try to communicate with 2280 // the client, just give up. 2281 // 2282 *sessionp = NULL; 2283 2284 if (session) 2285 { 2286 session_close(session); 2287 free(session); 2288 } 2289 2290 return -1; 2291 } 2292 2293 static int 2294 daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars, 2295 struct session *session) 2296 { 2297 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors 2298 struct rpcap_header header; 2299 2300 session_close(session); 2301 2302 rpcap_createhdr(&header, ver, RPCAP_MSG_ENDCAP_REPLY, 0, 0); 2303 2304 if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1) 2305 { 2306 // That failed; log a message and give up. 2307 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 2308 return -1; 2309 } 2310 2311 return 0; 2312 } 2313 2314 // 2315 // We impose a limit on the filter program size, so that, on Windows, 2316 // where there's only one server process with multiple threads, it's 2317 // harder to eat all the server address space by sending larger filter 2318 // programs. (This isn't an issue on UN*X, where there are multiple 2319 // server processes, one per client connection.) 2320 // 2321 // We pick a value that limits each filter to 64K; that value is twice 2322 // the in-kernel limit for Linux and 16 times the in-kernel limit for 2323 // *BSD and macOS. 2324 // 2325 // It also prevents an overflow on 32-bit platforms when calculating 2326 // the total size of the filter program. (It's not an issue on 64-bit 2327 // platforms with a 64-bit size_t, as the filter size is 32 bits.) 2328 // 2329 #define RPCAP_BPF_MAXINSNS 8192 2330 2331 static int 2332 daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf) 2333 { 2334 int status; 2335 struct rpcap_filter filter; 2336 struct rpcap_filterbpf_insn insn; 2337 struct bpf_insn *bf_insn; 2338 struct bpf_program bf_prog; 2339 unsigned int i; 2340 2341 status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &filter, 2342 sizeof(struct rpcap_filter), plenp, errmsgbuf); 2343 if (status == -1) 2344 { 2345 return -1; 2346 } 2347 if (status == -2) 2348 { 2349 return -2; 2350 } 2351 2352 bf_prog.bf_len = ntohl(filter.nitems); 2353 2354 if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF) 2355 { 2356 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported"); 2357 return -2; 2358 } 2359 2360 if (bf_prog.bf_len > RPCAP_BPF_MAXINSNS) 2361 { 2362 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, 2363 "Filter program is larger than the maximum size of %d instructions", 2364 RPCAP_BPF_MAXINSNS); 2365 return -2; 2366 } 2367 bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len); 2368 if (bf_insn == NULL) 2369 { 2370 pcap_fmt_errmsg_for_errno(errmsgbuf, PCAP_ERRBUF_SIZE, 2371 errno, "malloc() failed"); 2372 return -2; 2373 } 2374 2375 bf_prog.bf_insns = bf_insn; 2376 2377 for (i = 0; i < bf_prog.bf_len; i++) 2378 { 2379 status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &insn, 2380 sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf); 2381 if (status == -1) 2382 { 2383 return -1; 2384 } 2385 if (status == -2) 2386 { 2387 return -2; 2388 } 2389 2390 bf_insn->code = ntohs(insn.code); 2391 bf_insn->jf = insn.jf; 2392 bf_insn->jt = insn.jt; 2393 bf_insn->k = ntohl(insn.k); 2394 2395 bf_insn++; 2396 } 2397 2398 // 2399 // XXX - pcap_setfilter() should do the validation for us. 2400 // 2401 if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0) 2402 { 2403 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions"); 2404 return -2; 2405 } 2406 2407 if (pcap_setfilter(session->fp, &bf_prog)) 2408 { 2409 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp)); 2410 return -2; 2411 } 2412 2413 return 0; 2414 } 2415 2416 static int 2417 daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars, 2418 struct session *session, uint32 plen) 2419 { 2420 char errbuf[PCAP_ERRBUF_SIZE]; 2421 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client 2422 int ret; // status of daemon_unpackapplyfilter() 2423 struct rpcap_header header; // keeps the answer to the updatefilter command 2424 2425 ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf); 2426 if (ret == -1) 2427 { 2428 // Fatal error. A message has been logged; just give up. 2429 return -1; 2430 } 2431 if (ret == -2) 2432 { 2433 // Non-fatal error. Send an error reply to the client. 2434 goto error; 2435 } 2436 2437 // Check if all the data has been read; if not, discard the data in excess 2438 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 2439 { 2440 // Network error. 2441 return -1; 2442 } 2443 2444 // A response is needed, otherwise the other host does not know that everything went well 2445 rpcap_createhdr(&header, ver, RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0); 2446 2447 if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE)) 2448 { 2449 // That failed; log a message and give up. 2450 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 2451 return -1; 2452 } 2453 2454 return 0; 2455 2456 error: 2457 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 2458 { 2459 return -1; 2460 } 2461 rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_UPDATEFILTER, 2462 errmsgbuf, NULL); 2463 2464 return 0; 2465 } 2466 2467 /*! 2468 \brief Received the sampling parameters from remote host and it stores in the pcap_t structure. 2469 */ 2470 static int 2471 daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen, 2472 struct rpcap_sampling *samp_param) 2473 { 2474 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors 2475 char errmsgbuf[PCAP_ERRBUF_SIZE]; 2476 struct rpcap_header header; 2477 struct rpcap_sampling rpcap_samp; 2478 int status; 2479 2480 status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &rpcap_samp, sizeof(struct rpcap_sampling), &plen, errmsgbuf); 2481 if (status == -1) 2482 { 2483 return -1; 2484 } 2485 if (status == -2) 2486 { 2487 goto error; 2488 } 2489 2490 // Save these settings in the pcap_t 2491 samp_param->method = rpcap_samp.method; 2492 samp_param->value = ntohl(rpcap_samp.value); 2493 2494 // A response is needed, otherwise the other host does not know that everything went well 2495 rpcap_createhdr(&header, ver, RPCAP_MSG_SETSAMPLING_REPLY, 0, 0); 2496 2497 if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1) 2498 { 2499 // That failed; log a message and give up. 2500 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 2501 return -1; 2502 } 2503 2504 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 2505 { 2506 return -1; 2507 } 2508 2509 return 0; 2510 2511 error: 2512 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_SETSAMPLING, 2513 errmsgbuf, errbuf) == -1) 2514 { 2515 // That failed; log a message and give up. 2516 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 2517 return -1; 2518 } 2519 2520 // Check if all the data has been read; if not, discard the data in excess 2521 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 2522 { 2523 return -1; 2524 } 2525 2526 return 0; 2527 } 2528 2529 static int 2530 daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars, 2531 struct session *session, uint32 plen, struct pcap_stat *stats, 2532 unsigned int svrcapt) 2533 { 2534 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors 2535 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client 2536 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered 2537 int sendbufidx = 0; // index which keeps the number of bytes currently buffered 2538 struct rpcap_stats *netstats; // statistics sent on the network 2539 2540 // Checks that the header does not contain other data; if so, discard it 2541 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1) 2542 { 2543 // Network error. 2544 return -1; 2545 } 2546 2547 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, 2548 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 2549 goto error; 2550 2551 rpcap_createhdr((struct rpcap_header *) sendbuf, ver, 2552 RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats)); 2553 2554 netstats = (struct rpcap_stats *) &sendbuf[sendbufidx]; 2555 2556 if (sock_bufferize(NULL, sizeof(struct rpcap_stats), NULL, 2557 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) 2558 goto error; 2559 2560 if (session && session->fp) 2561 { 2562 if (pcap_stats(session->fp, stats) == -1) 2563 { 2564 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp)); 2565 goto error; 2566 } 2567 2568 netstats->ifdrop = htonl(stats->ps_ifdrop); 2569 netstats->ifrecv = htonl(stats->ps_recv); 2570 netstats->krnldrop = htonl(stats->ps_drop); 2571 netstats->svrcapt = htonl(session->TotCapt); 2572 } 2573 else 2574 { 2575 // We have to keep compatibility with old applications, 2576 // which ask for statistics also when the capture has 2577 // already stopped. 2578 netstats->ifdrop = htonl(stats->ps_ifdrop); 2579 netstats->ifrecv = htonl(stats->ps_recv); 2580 netstats->krnldrop = htonl(stats->ps_drop); 2581 netstats->svrcapt = htonl(svrcapt); 2582 } 2583 2584 // Send the packet 2585 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1) 2586 { 2587 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf); 2588 return -1; 2589 } 2590 2591 return 0; 2592 2593 error: 2594 rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_GETSTATS, 2595 errmsgbuf, NULL); 2596 return 0; 2597 } 2598 2599 #ifdef _WIN32 2600 static unsigned __stdcall 2601 #else 2602 static void * 2603 #endif 2604 daemon_thrdatamain(void *ptr) 2605 { 2606 char errbuf[PCAP_ERRBUF_SIZE + 1]; // error buffer 2607 struct session *session; // pointer to the struct session for this session 2608 int retval; // general variable used to keep the return value of other functions 2609 struct rpcap_pkthdr *net_pkt_header;// header of the packet 2610 struct pcap_pkthdr *pkt_header; // pointer to the buffer that contains the header of the current packet 2611 u_char *pkt_data; // pointer to the buffer that contains the current packet 2612 size_t sendbufsize; // size for the send buffer 2613 char *sendbuf; // temporary buffer in which data to be sent is buffered 2614 int sendbufidx; // index which keeps the number of bytes currently buffered 2615 int status; 2616 #ifndef _WIN32 2617 sigset_t sigusr1; // signal set with just SIGUSR1 2618 #endif 2619 2620 session = (struct session *) ptr; 2621 2622 session->TotCapt = 0; // counter which is incremented each time a packet is received 2623 2624 // Initialize errbuf 2625 memset(errbuf, 0, sizeof(errbuf)); 2626 2627 // 2628 // We need a buffer large enough to hold a buffer large enough 2629 // for a maximum-size packet for this pcap_t. 2630 // 2631 if (pcap_snapshot(session->fp) < 0) 2632 { 2633 // 2634 // The snapshot length is negative. 2635 // This "should not happen". 2636 // 2637 rpcapd_log(LOGPRIO_ERROR, 2638 "Unable to allocate the buffer for this child thread: snapshot length of %d is negative", 2639 pcap_snapshot(session->fp)); 2640 sendbuf = NULL; // we can't allocate a buffer, so nothing to free 2641 goto error; 2642 } 2643 // 2644 // size_t is unsigned, and the result of pcap_snapshot() is signed; 2645 // on no platform that we support is int larger than size_t. 2646 // This means that, unless the extra information we prepend to 2647 // a maximum-sized packet is impossibly large, the sum of the 2648 // snapshot length and the size of that extra information will 2649 // fit in a size_t. 2650 // 2651 // So we don't need to make sure that sendbufsize will overflow. 2652 // 2653 // However, we *do* need to make sure its value fits in an int, 2654 // because sock_send() can't send more than INT_MAX bytes (it could 2655 // do so on 64-bit UN*Xes, but can't do so on Windows, not even 2656 // 64-bit Windows, as the send() buffer size argument is an int 2657 // in Winsock). 2658 // 2659 sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp); 2660 if (sendbufsize > INT_MAX) 2661 { 2662 rpcapd_log(LOGPRIO_ERROR, 2663 "Buffer size for this child thread would be larger than %d", 2664 INT_MAX); 2665 sendbuf = NULL; // we haven't allocated a buffer, so nothing to free 2666 goto error; 2667 } 2668 sendbuf = (char *) malloc (sendbufsize); 2669 if (sendbuf == NULL) 2670 { 2671 rpcapd_log(LOGPRIO_ERROR, 2672 "Unable to allocate the buffer for this child thread"); 2673 goto error; 2674 } 2675 2676 #ifndef _WIN32 2677 // 2678 // Set the signal set to include just SIGUSR1, and block that 2679 // signal; we only want it unblocked when we're reading 2680 // packets - we dn't want any other system calls, such as 2681 // ones being used to send to the client or to log messages, 2682 // to be interrupted. 2683 // 2684 sigemptyset(&sigusr1); 2685 sigaddset(&sigusr1, SIGUSR1); 2686 pthread_sigmask(SIG_BLOCK, &sigusr1, NULL); 2687 #endif 2688 2689 // Retrieve the packets 2690 for (;;) 2691 { 2692 #ifndef _WIN32 2693 // 2694 // Unblock SIGUSR1 while we might be waiting for packets. 2695 // 2696 pthread_sigmask(SIG_UNBLOCK, &sigusr1, NULL); 2697 #endif 2698 retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data); // cast to avoid a compiler warning 2699 #ifndef _WIN32 2700 // 2701 // Now block it again. 2702 // 2703 pthread_sigmask(SIG_BLOCK, &sigusr1, NULL); 2704 #endif 2705 if (retval < 0) 2706 break; // error 2707 if (retval == 0) // Read timeout elapsed 2708 continue; 2709 2710 sendbufidx = 0; 2711 2712 // Bufferize the general header 2713 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, 2714 &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf, 2715 PCAP_ERRBUF_SIZE) == -1) 2716 { 2717 rpcapd_log(LOGPRIO_ERROR, 2718 "sock_bufferize() error sending packet message: %s", 2719 errbuf); 2720 goto error; 2721 } 2722 2723 rpcap_createhdr((struct rpcap_header *) sendbuf, 2724 session->protocol_version, RPCAP_MSG_PACKET, 0, 2725 (uint16) (sizeof(struct rpcap_pkthdr) + pkt_header->caplen)); 2726 2727 net_pkt_header = (struct rpcap_pkthdr *) &sendbuf[sendbufidx]; 2728 2729 // Bufferize the pkt header 2730 if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL, 2731 &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf, 2732 PCAP_ERRBUF_SIZE) == -1) 2733 { 2734 rpcapd_log(LOGPRIO_ERROR, 2735 "sock_bufferize() error sending packet message: %s", 2736 errbuf); 2737 goto error; 2738 } 2739 2740 net_pkt_header->caplen = htonl(pkt_header->caplen); 2741 net_pkt_header->len = htonl(pkt_header->len); 2742 net_pkt_header->npkt = htonl(++(session->TotCapt)); 2743 // 2744 // This protocol needs to be updated with a new version 2745 // before 2038-01-19 03:14:07 UTC. 2746 // 2747 net_pkt_header->timestamp_sec = htonl((uint32)pkt_header->ts.tv_sec); 2748 net_pkt_header->timestamp_usec = htonl((uint32)pkt_header->ts.tv_usec); 2749 2750 // Bufferize the pkt data 2751 if (sock_bufferize((char *) pkt_data, pkt_header->caplen, 2752 sendbuf, &sendbufidx, (int)sendbufsize, SOCKBUF_BUFFERIZE, 2753 errbuf, PCAP_ERRBUF_SIZE) == -1) 2754 { 2755 rpcapd_log(LOGPRIO_ERROR, 2756 "sock_bufferize() error sending packet message: %s", 2757 errbuf); 2758 goto error; 2759 } 2760 2761 // Send the packet 2762 // If the client dropped the connection, don't report an 2763 // error, just quit. 2764 status = sock_send(session->sockdata, session->data_ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE); 2765 if (status < 0) 2766 { 2767 if (status == -1) 2768 { 2769 // 2770 // Error other than "client closed the 2771 // connection out from under us"; report 2772 // it. 2773 // 2774 rpcapd_log(LOGPRIO_ERROR, 2775 "Send of packet to client failed: %s", 2776 errbuf); 2777 } 2778 2779 // 2780 // Give up in either case. 2781 // 2782 goto error; 2783 } 2784 } 2785 2786 if (retval < 0 && retval != PCAP_ERROR_BREAK) 2787 { 2788 // 2789 // Failed with an error other than "we were told to break 2790 // out of the loop". 2791 // 2792 // The latter just means that the client told us to stop 2793 // capturing, so there's no error to report. 2794 // 2795 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp)); 2796 rpcap_senderror(session->sockctrl, session->ctrl_ssl, session->protocol_version, 2797 PCAP_ERR_READEX, errbuf, NULL); 2798 } 2799 2800 error: 2801 // 2802 // The main thread will clean up the session structure. 2803 // 2804 free(sendbuf); 2805 2806 return 0; 2807 } 2808 2809 #ifndef _WIN32 2810 // 2811 // Do-nothing handler for SIGUSR1; the sole purpose of SIGUSR1 is to 2812 // interrupt the data thread if it's blocked in a system call waiting 2813 // for packets to arrive. 2814 // 2815 static void noop_handler(int sign _U_) 2816 { 2817 } 2818 #endif 2819 2820 /*! 2821 \brief It serializes a network address. 2822 2823 It accepts a 'sockaddr_storage' structure as input, and it converts it appropriately into a format 2824 that can be used to be sent on the network. Basically, it applies all the hton() 2825 conversion required to the input variable. 2826 2827 \param sockaddrin a 'sockaddr_storage' pointer to the variable that has to be 2828 serialized. This variable can be both a 'sockaddr_in' and 'sockaddr_in6'. 2829 2830 \param sockaddrout an 'rpcap_sockaddr' pointer to the variable that will contain 2831 the serialized data. This variable has to be allocated by the user. 2832 2833 \warning This function supports only AF_INET and AF_INET6 address families. 2834 */ 2835 static void 2836 daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout) 2837 { 2838 memset(sockaddrout, 0, sizeof(struct sockaddr_storage)); 2839 2840 // There can be the case in which the sockaddrin is not available 2841 if (sockaddrin == NULL) return; 2842 2843 // Warning: we support only AF_INET and AF_INET6 2844 // 2845 // Note: as noted above, the output structures are not 2846 // neatly aligned on 4-byte boundaries, so we must fill 2847 // in an aligned structure and then copy it to the output 2848 // buffer with memcpy(). 2849 switch (sockaddrin->ss_family) 2850 { 2851 case AF_INET: 2852 { 2853 struct sockaddr_in *sockaddrin_ipv4; 2854 struct rpcap_sockaddr_in sockaddrout_ipv4; 2855 2856 sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin; 2857 2858 sockaddrout_ipv4.family = htons(RPCAP_AF_INET); 2859 sockaddrout_ipv4.port = htons(sockaddrin_ipv4->sin_port); 2860 memcpy(&sockaddrout_ipv4.addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4.addr)); 2861 memset(sockaddrout_ipv4.zero, 0, sizeof(sockaddrout_ipv4.zero)); 2862 memcpy(sockaddrout, &sockaddrout_ipv4, sizeof(struct rpcap_sockaddr_in)); 2863 break; 2864 } 2865 2866 #ifdef AF_INET6 2867 case AF_INET6: 2868 { 2869 struct sockaddr_in6 *sockaddrin_ipv6; 2870 struct rpcap_sockaddr_in6 sockaddrout_ipv6; 2871 2872 sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin; 2873 2874 sockaddrout_ipv6.family = htons(RPCAP_AF_INET6); 2875 sockaddrout_ipv6.port = htons(sockaddrin_ipv6->sin6_port); 2876 sockaddrout_ipv6.flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo); 2877 memcpy(&sockaddrout_ipv6.addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6.addr)); 2878 sockaddrout_ipv6.scope_id = htonl(sockaddrin_ipv6->sin6_scope_id); 2879 memcpy(sockaddrout, &sockaddrout_ipv6, sizeof(struct rpcap_sockaddr_in6)); 2880 break; 2881 } 2882 #endif 2883 } 2884 } 2885 2886 2887 /*! 2888 \brief Suspends a thread for secs seconds. 2889 */ 2890 void sleep_secs(int secs) 2891 { 2892 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 2893 #ifdef _WIN32 2894 Sleep(secs*1000); 2895 #else 2896 unsigned secs_remaining; 2897 2898 if (secs <= 0) 2899 return; 2900 secs_remaining = secs; 2901 while (secs_remaining != 0) 2902 secs_remaining = sleep(secs_remaining); 2903 #endif 2904 #endif 2905 } 2906 2907 /* 2908 * Read the header of a message. 2909 */ 2910 static int 2911 rpcapd_recv_msg_header(SOCKET sock, SSL *ssl, struct rpcap_header *headerp) 2912 { 2913 int nread; 2914 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors 2915 2916 nread = sock_recv(sock, ssl, (char *) headerp, sizeof(struct rpcap_header), 2917 SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, errbuf, PCAP_ERRBUF_SIZE); 2918 if (nread == -1) 2919 { 2920 // Network error. 2921 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); 2922 return -1; 2923 } 2924 if (nread == 0) 2925 { 2926 // Immediate EOF; that's treated like a close message. 2927 return -2; 2928 } 2929 headerp->plen = ntohl(headerp->plen); 2930 return 0; 2931 } 2932 2933 /* 2934 * Read data from a message. 2935 * If we're trying to read more data that remains, puts an error 2936 * message into errmsgbuf and returns -2. Otherwise, tries to read 2937 * the data and, if that succeeds, subtracts the amount read from 2938 * the number of bytes of data that remains. 2939 * Returns 0 on success, logs a message and returns -1 on a network 2940 * error. 2941 */ 2942 static int 2943 rpcapd_recv(SOCKET sock, SSL *ssl, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf) 2944 { 2945 int nread; 2946 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors 2947 2948 if (toread > *plen) 2949 { 2950 // Tell the client and continue. 2951 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short"); 2952 return -2; 2953 } 2954 nread = sock_recv(sock, ssl, buffer, toread, 2955 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE); 2956 if (nread == -1) 2957 { 2958 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); 2959 return -1; 2960 } 2961 *plen -= nread; 2962 return 0; 2963 } 2964 2965 /* 2966 * Discard data from a connection. 2967 * Mostly used to discard wrong-sized messages. 2968 * Returns 0 on success, logs a message and returns -1 on a network 2969 * error. 2970 */ 2971 static int 2972 rpcapd_discard(SOCKET sock, SSL *ssl, uint32 len) 2973 { 2974 char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed 2975 2976 if (len != 0) 2977 { 2978 if (sock_discard(sock, ssl, len, errbuf, PCAP_ERRBUF_SIZE) == -1) 2979 { 2980 // Network error. 2981 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf); 2982 return -1; 2983 } 2984 } 2985 return 0; 2986 } 2987 2988 // 2989 // Shut down any packet-capture thread associated with the session, 2990 // close the SSL handle for the data socket if we have one, close 2991 // the data socket if we have one, and close the underlying packet 2992 // capture handle if we have one. 2993 // 2994 // We do not, of course, touch the controlling socket that's also 2995 // copied into the session, as the service loop might still use it. 2996 // 2997 static void session_close(struct session *session) 2998 { 2999 if (session->have_thread) 3000 { 3001 // 3002 // Tell the data connection thread main capture loop to 3003 // break out of that loop. 3004 // 3005 // This may be sufficient to wake up a blocked thread, 3006 // but it's not guaranteed to be sufficient. 3007 // 3008 pcap_breakloop(session->fp); 3009 3010 #ifdef _WIN32 3011 // 3012 // Set the event on which a read would block, so that, 3013 // if it's currently blocked waiting for packets to 3014 // arrive, it'll wake up, so it can see the "break 3015 // out of the loop" indication. (pcap_breakloop() 3016 // might do this, but older versions don't. Setting 3017 // it twice should, at worst, cause an extra wakeup, 3018 // which shouldn't be a problem.) 3019 // 3020 // XXX - what about modules other than NPF? 3021 // 3022 SetEvent(pcap_getevent(session->fp)); 3023 3024 // 3025 // Wait for the thread to exit, so we don't close 3026 // sockets out from under it. 3027 // 3028 // XXX - have a timeout, so we don't wait forever? 3029 // 3030 WaitForSingleObject(session->thread, INFINITE); 3031 3032 // 3033 // Release the thread handle, as we're done with 3034 // it. 3035 // 3036 CloseHandle(session->thread); 3037 session->have_thread = 0; 3038 session->thread = INVALID_HANDLE_VALUE; 3039 #else 3040 // 3041 // Send a SIGUSR1 signal to the thread, so that, if 3042 // it's currently blocked waiting for packets to arrive, 3043 // it'll wake up (we've turned off SA_RESTART for 3044 // SIGUSR1, so that the system call in which it's blocked 3045 // should return EINTR rather than restarting). 3046 // 3047 pthread_kill(session->thread, SIGUSR1); 3048 3049 // 3050 // Wait for the thread to exit, so we don't close 3051 // sockets out from under it. 3052 // 3053 // XXX - have a timeout, so we don't wait forever? 3054 // 3055 pthread_join(session->thread, NULL); 3056 session->have_thread = 0; 3057 memset(&session->thread, 0, sizeof(session->thread)); 3058 #endif 3059 } 3060 3061 #ifdef HAVE_OPENSSL 3062 if (session->data_ssl) 3063 { 3064 // Finish using the SSL handle for the socket. 3065 // This must be done *before* the socket is closed. 3066 ssl_finish(session->data_ssl); 3067 session->data_ssl = NULL; 3068 } 3069 #endif 3070 3071 if (session->sockdata != INVALID_SOCKET) 3072 { 3073 sock_close(session->sockdata, NULL, 0); 3074 session->sockdata = INVALID_SOCKET; 3075 } 3076 3077 if (session->fp) 3078 { 3079 pcap_close(session->fp); 3080 session->fp = NULL; 3081 } 3082 } 3083 3084 // 3085 // Check whether a capture source string is a URL or not. 3086 // This includes URLs that refer to a local device; a scheme, followed 3087 // by ://, followed by *another* scheme and ://, is just silly, and 3088 // anybody who supplies that will get an error. 3089 // 3090 static int 3091 is_url(const char *source) 3092 { 3093 char *colonp; 3094 3095 /* 3096 * RFC 3986 says: 3097 * 3098 * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ] 3099 * 3100 * hier-part = "//" authority path-abempty 3101 * / path-absolute 3102 * / path-rootless 3103 * / path-empty 3104 * 3105 * authority = [ userinfo "@" ] host [ ":" port ] 3106 * 3107 * userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) 3108 * 3109 * Step 1: look for the ":" at the end of the scheme. 3110 * A colon in the source is *NOT* sufficient to indicate that 3111 * this is a URL, as interface names on some platforms might 3112 * include colons (e.g., I think some Solaris interfaces 3113 * might). 3114 */ 3115 colonp = strchr(source, ':'); 3116 if (colonp == NULL) 3117 { 3118 /* 3119 * The source is the device to open. It's not a URL. 3120 */ 3121 return (0); 3122 } 3123 3124 /* 3125 * All schemes must have "//" after them, i.e. we only support 3126 * hier-part = "//" authority path-abempty, not 3127 * hier-part = path-absolute 3128 * hier-part = path-rootless 3129 * hier-part = path-empty 3130 * 3131 * We need that in order to distinguish between a local device 3132 * name that happens to contain a colon and a URI. 3133 */ 3134 if (strncmp(colonp + 1, "//", 2) != 0) 3135 { 3136 /* 3137 * The source is the device to open. It's not a URL. 3138 */ 3139 return (0); 3140 } 3141 3142 /* 3143 * It's a URL. 3144 */ 3145 return (1); 3146 } 3147