1 /*
2 * Copyright (c) 2002 - 2003
3 * NetGroup, Politecnico di Torino (Italy)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #ifdef HAVE_CONFIG_H
33 #include <config.h>
34 #endif
35
36 #include "ftmacros.h"
37 #include "varattrs.h"
38
39 #include <errno.h> // for the errno variable
40 #include <stdlib.h> // for malloc(), free(), ...
41 #include <string.h> // for strlen(), ...
42 #include <limits.h> // for INT_MAX
43
44 #ifdef _WIN32
45 #include <process.h> // for threads
46 #else
47 #include <unistd.h>
48 #include <pthread.h>
49 #include <signal.h>
50 #include <sys/time.h>
51 #include <sys/types.h> // for select() and such
52 #include <pwd.h> // for password management
53 #endif
54
55 #ifdef HAVE_GETSPNAM
56 #include <shadow.h> // for password management
57 #endif
58
59 #include <pcap.h> // for libpcap/WinPcap calls
60
61 #include "fmtutils.h"
62 #include "sockutils.h" // for socket calls
63 #include "portability.h"
64 #include "rpcap-protocol.h"
65 #include "daemon.h"
66 #include "log.h"
67
68 #ifdef HAVE_OPENSSL
69 #include <openssl/ssl.h>
70 #include "sslutils.h"
71 #endif
72
73 //
74 // Timeout, in seconds, when we're waiting for a client to send us an
75 // authentication request; if they don't send us a request within that
76 // interval, we drop the connection, so we don't stay stuck forever.
77 //
78 #define RPCAP_TIMEOUT_INIT 90
79
80 //
81 // Timeout, in seconds, when we're waiting for an authenticated client
82 // to send us a request, if a capture isn't in progress; if they don't
83 // send us a request within that interval, we drop the connection, so
84 // we don't stay stuck forever.
85 //
86 #define RPCAP_TIMEOUT_RUNTIME 180
87
88 //
89 // Time, in seconds, that we wait after a failed authentication attempt
90 // before processing the next request; this prevents a client from
91 // rapidly trying different accounts or passwords.
92 //
93 #define RPCAP_SUSPEND_WRONGAUTH 1
94
95 // Parameters for the service loop.
96 struct daemon_slpars
97 {
98 SOCKET sockctrl; //!< SOCKET ID of the control connection
99 SSL *ssl; //!< Optional SSL handler for the controlling sockets
100 int isactive; //!< Not null if the daemon has to run in active mode
101 int nullAuthAllowed; //!< '1' if we permit NULL authentication, '0' otherwise
102 };
103
104 //
105 // Data for a session managed by a thread.
106 // It includes both a Boolean indicating whether we *have* a thread,
107 // and a platform-dependent (UN*X vs. Windows) identifier for the
108 // thread; on Windows, we could use an invalid handle to indicate
109 // that we don't have a thread, but there *is* no portable "no thread"
110 // value for a pthread_t on UN*X.
111 //
112 struct session {
113 SOCKET sockctrl;
114 SOCKET sockdata;
115 SSL *ctrl_ssl, *data_ssl; // optional SSL handlers for sockctrl and sockdata.
116 uint8 protocol_version;
117 pcap_t *fp;
118 unsigned int TotCapt;
119 int have_thread;
120 #ifdef _WIN32
121 HANDLE thread;
122 #else
123 pthread_t thread;
124 #endif
125 };
126
127 // Locally defined functions
128 static int daemon_msg_err(SOCKET sockctrl, SSL *, uint32 plen);
129 static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen);
130 static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
131
132 static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars,
133 uint32 plen);
134
135 static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars,
136 uint32 plen, char *source, size_t sourcelen);
137 static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars,
138 uint32 plen, char *source, struct session **sessionp,
139 struct rpcap_sampling *samp_param, int uses_ssl);
140 static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
141 struct session *session);
142
143 static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
144 struct session *session, uint32 plen);
145 static int daemon_unpackapplyfilter(SOCKET sockctrl, SSL *, struct session *session, uint32 *plenp, char *errbuf);
146
147 static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
148 struct session *session, uint32 plen, struct pcap_stat *stats,
149 unsigned int svrcapt);
150
151 static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars,
152 uint32 plen, struct rpcap_sampling *samp_param);
153
154 static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
155 #ifdef _WIN32
156 static unsigned __stdcall daemon_thrdatamain(void *ptr);
157 #else
158 static void *daemon_thrdatamain(void *ptr);
159 static void noop_handler(int sign);
160 #endif
161
162 static int rpcapd_recv_msg_header(SOCKET sock, SSL *, struct rpcap_header *headerp);
163 static int rpcapd_recv(SOCKET sock, SSL *, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf);
164 static int rpcapd_discard(SOCKET sock, SSL *, uint32 len);
165 static void session_close(struct session *);
166
167 //
168 // TLS record layer header; used when processing the first message from
169 // the client, in case we aren't doing TLS but they are.
170 //
171 struct tls_record_header {
172 uint8 type; // ContentType - will be 22, for Handshake
173 uint8 version_major; // TLS protocol major version
174 uint8 version_injor; // TLS protocol minor version
175 // This is *not* aligned on a 2-byte boundary; we just
176 // declare it as two bytes. Don't assume any particular
177 // compiler's mechanism for saying "packed"!
178 uint8 length_hi; // Upper 8 bits of payload length
179 uint8 length_lo; // Low 8 bits of payload length
180 };
181
182 #define TLS_RECORD_HEADER_LEN 5 // Don't use sizeof in case it's padded
183
184 #define TLS_RECORD_TYPE_ALERT 21
185 #define TLS_RECORD_TYPE_HANDSHAKE 22
186
187 //
188 // TLS alert message.
189 //
190 struct tls_alert {
191 uint8 alert_level;
192 uint8 alert_description;
193 };
194
195 #define TLS_ALERT_LEN 2
196
197 #define TLS_ALERT_LEVEL_FATAL 2
198 #define TLS_ALERT_HANDSHAKE_FAILURE 40
199
200 static int is_url(const char *source);
201
202 /*
203 * Maximum sizes for fixed-bit-width values.
204 */
205 #ifndef UINT16_MAX
206 #define UINT16_MAX 65535U
207 #endif
208
209 #ifndef UINT32_MAX
210 #define UINT32_MAX 4294967295U
211 #endif
212
213 int
daemon_serviceloop(SOCKET sockctrl,int isactive,char * passiveClients,int nullAuthAllowed,int uses_ssl)214 daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
215 int nullAuthAllowed, int uses_ssl)
216 {
217 uint8 first_octet;
218 struct tls_record_header tls_header;
219 struct tls_alert tls_alert;
220 struct daemon_slpars pars; // service loop parameters
221 char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
222 char errmsgbuf[PCAP_ERRBUF_SIZE + 1]; // buffer for errors to send to the client
223 int host_port_check_status;
224 SSL *ssl = NULL;
225 int nrecv;
226 struct rpcap_header header; // RPCAP message general header
227 uint32 plen; // payload length from header
228 int authenticated = 0; // 1 if the client has successfully authenticated
229 char source[PCAP_BUF_SIZE+1]; // keeps the string that contains the interface to open
230 int got_source = 0; // 1 if we've gotten the source from an open request
231 #ifndef _WIN32
232 struct sigaction action;
233 #endif
234 struct session *session = NULL; // struct session main variable
235 const char *msg_type_string; // string for message type
236 int client_told_us_to_close = 0; // 1 if the client told us to close the capture
237
238 // needed to save the values of the statistics
239 struct pcap_stat stats;
240 unsigned int svrcapt;
241
242 struct rpcap_sampling samp_param; // in case sampling has been requested
243
244 // Structures needed for the select() call
245 fd_set rfds; // set of socket descriptors we have to check
246 struct timeval tv; // maximum time the select() can block waiting for data
247 int retval; // select() return value
248
249 *errbuf = 0; // Initialize errbuf
250
251 //
252 // Peek into the socket to determine whether the client sent us
253 // a TLS handshake message or a non-TLS rpcapd message.
254 //
255 // The first byte of an rpcapd request is the version number;
256 // the first byte of a TLS handshake message is 22. The
257 // first request to an rpcapd server must be an authentication
258 // request or a close request, and must have a version number
259 // of 0, so it will be possible to distinguish between an
260 // initial plaintext request to a server and an initial TLS
261 // handshake message.
262 //
263 nrecv = sock_recv(sockctrl, NULL, (char *)&first_octet, 1,
264 SOCK_EOF_ISNT_ERROR|SOCK_MSG_PEEK, errbuf, PCAP_ERRBUF_SIZE);
265 if (nrecv == -1)
266 {
267 // Fatal error.
268 rpcapd_log(LOGPRIO_ERROR, "Peek from client failed: %s", errbuf);
269 goto end;
270 }
271 if (nrecv == 0)
272 {
273 // Client closed the connection.
274 goto end;
275 }
276
277 #ifdef HAVE_OPENSSL
278 //
279 // We have to upgrade to TLS as soon as possible, so that the
280 // whole protocol goes through the encrypted tunnel, including
281 // early error messages.
282 //
283 // Even in active mode, the other end has to initiate the TLS
284 // handshake as we still are the server as far as TLS is concerned,
285 // so we don't check isactive.
286 //
287 if (uses_ssl)
288 {
289 //
290 // We're expecting a TLS handshake message. If this
291 // isn't one, assume it's a non-TLS rpcapd message.
292 //
293 // The first octet of a TLS handshake is
294 // TLS_RECORD_TYPE_HANDSHAKE.
295 //
296 if (first_octet != TLS_RECORD_TYPE_HANDSHAKE)
297 {
298 //
299 // We assume this is a non-TLS rpcapd message.
300 //
301 // Read the message header from the client.
302 //
303 nrecv = rpcapd_recv_msg_header(sockctrl, NULL, &header);
304 if (nrecv == -1)
305 {
306 // Fatal error.
307 goto end;
308 }
309 if (nrecv == -2)
310 {
311 // Client closed the connection.
312 goto end;
313 }
314 plen = header.plen;
315
316 // Discard the rest of the message.
317 if (rpcapd_discard(sockctrl, NULL, plen) == -1)
318 {
319 // Network error.
320 goto end;
321 }
322
323 //
324 // Send an authentication error, indicating
325 // that we require TLS.
326 //
327 if (rpcap_senderror(sockctrl, NULL, header.ver,
328 PCAP_ERR_TLS_REQUIRED,
329 "TLS is required by this server", errbuf) == -1)
330 {
331 // That failed; log a message and give up.
332 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
333 goto end;
334 }
335
336 // Shut the session down.
337 goto end;
338 }
339 ssl = ssl_promotion(1, sockctrl, errbuf, PCAP_ERRBUF_SIZE);
340 if (! ssl)
341 {
342 rpcapd_log(LOGPRIO_ERROR, "TLS handshake on control connection failed: %s",
343 errbuf);
344 goto end;
345 }
346 }
347 else
348 #endif
349 {
350 //
351 // We're expecting a non-TLS rpcapd message. If this
352 // looks, instead, like a TLS handshake message, send
353 // a TLS handshake_failed alert.
354 //
355 // The first octet of a TLS handshake is
356 // TLS_RECORD_TYPE_HANDSHAKE.
357 //
358 if (first_octet == TLS_RECORD_TYPE_HANDSHAKE)
359 {
360 //
361 // TLS handshake.
362 // Read the record header.
363 //
364 nrecv = sock_recv(sockctrl, ssl, (char *) &tls_header,
365 sizeof tls_header, SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR,
366 errbuf, PCAP_ERRBUF_SIZE);
367 if (nrecv == -1)
368 {
369 // Network error.
370 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
371 goto end;
372 }
373 if (nrecv == 0)
374 {
375 // Immediate EOF
376 goto end;
377 }
378 plen = (tls_header.length_hi << 8U) | tls_header.length_lo;
379
380 // Discard the rest of the message.
381 if (rpcapd_discard(sockctrl, NULL, plen) == -1)
382 {
383 // Network error.
384 goto end;
385 }
386
387 //
388 // Send a TLS handshake failure alert.
389 // Use the same version the client sent us.
390 //
391 tls_header.type = TLS_RECORD_TYPE_ALERT;
392 tls_header.length_hi = 0;
393 tls_header.length_lo = TLS_ALERT_LEN;
394
395 if (sock_send(sockctrl, NULL, (char *) &tls_header,
396 TLS_RECORD_HEADER_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
397 {
398 // That failed; log a message and give up.
399 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
400 goto end;
401 }
402
403 tls_alert.alert_level = TLS_ALERT_LEVEL_FATAL;
404 tls_alert.alert_description = TLS_ALERT_HANDSHAKE_FAILURE;
405 if (sock_send(sockctrl, NULL, (char *) &tls_alert,
406 TLS_ALERT_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
407 {
408 // That failed; log a message and give up.
409 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
410 goto end;
411 }
412 //
413 // Give up anyway.
414 //
415 goto end;
416 }
417 }
418
419 // Set parameters structure
420 pars.sockctrl = sockctrl;
421 pars.ssl = ssl;
422 pars.isactive = isactive; // active mode
423 pars.nullAuthAllowed = nullAuthAllowed;
424
425 //
426 // We have a connection.
427 //
428 // If it's a passive mode connection, check whether the connecting
429 // host is among the ones allowed.
430 //
431 // In either case, we were handed a copy of the host list; free it
432 // as soon as we're done with it.
433 //
434 if (pars.isactive)
435 {
436 // Nothing to do.
437 free(passiveClients);
438 passiveClients = NULL;
439 }
440 else
441 {
442 struct sockaddr_storage from;
443 socklen_t fromlen;
444
445 //
446 // Get the address of the other end of the connection.
447 //
448 fromlen = sizeof(struct sockaddr_storage);
449 if (getpeername(pars.sockctrl, (struct sockaddr *)&from,
450 &fromlen) == -1)
451 {
452 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
453 "getpeername() failed");
454 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
455 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
456 goto end;
457 }
458
459 //
460 // Are they in the list of host/port combinations we allow?
461 //
462 host_port_check_status = sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE);
463 free(passiveClients);
464 passiveClients = NULL;
465 if (host_port_check_status < 0)
466 {
467 if (host_port_check_status == -2) {
468 //
469 // We got an error; log it.
470 //
471 rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
472 }
473
474 //
475 // Sorry, we can't let you in.
476 //
477 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1)
478 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
479 goto end;
480 }
481 }
482
483 #ifndef _WIN32
484 //
485 // Catch SIGUSR1, but do nothing. We use it to interrupt the
486 // capture thread to break it out of a loop in which it's
487 // blocked waiting for packets to arrive.
488 //
489 // We don't want interrupted system calls to restart, so that
490 // the read routine for the pcap_t gets EINTR rather than
491 // restarting if it's blocked in a system call.
492 //
493 memset(&action, 0, sizeof (action));
494 action.sa_handler = noop_handler;
495 action.sa_flags = 0;
496 sigemptyset(&action.sa_mask);
497 sigaction(SIGUSR1, &action, NULL);
498 #endif
499
500 //
501 // The client must first authenticate; loop until they send us a
502 // message with a version we support and credentials we accept,
503 // they send us a close message indicating that they're giving up,
504 // or we get a network error or other fatal error.
505 //
506 while (!authenticated)
507 {
508 //
509 // If we're not in active mode, we use select(), with a
510 // timeout, to wait for an authentication request; if
511 // the timeout expires, we drop the connection, so that
512 // a client can't just connect to us and leave us
513 // waiting forever.
514 //
515 if (!pars.isactive)
516 {
517 FD_ZERO(&rfds);
518 // We do not have to block here
519 tv.tv_sec = RPCAP_TIMEOUT_INIT;
520 tv.tv_usec = 0;
521
522 FD_SET(pars.sockctrl, &rfds);
523
524 retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
525 if (retval == -1)
526 {
527 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
528 "select() failed");
529 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
530 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
531 goto end;
532 }
533
534 // The timeout has expired
535 // So, this was a fake connection. Drop it down
536 if (retval == 0)
537 {
538 if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_INITTIMEOUT, "The RPCAP initial timeout has expired", errbuf) == -1)
539 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
540 goto end;
541 }
542 }
543
544 //
545 // Read the message header from the client.
546 //
547 nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
548 if (nrecv == -1)
549 {
550 // Fatal error.
551 goto end;
552 }
553 if (nrecv == -2)
554 {
555 // Client closed the connection.
556 goto end;
557 }
558
559 plen = header.plen;
560
561 //
562 // While we're in the authentication pharse, all requests
563 // must use version 0.
564 //
565 if (header.ver != 0)
566 {
567 //
568 // Send it back to them with their version.
569 //
570 if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver,
571 PCAP_ERR_WRONGVER,
572 "RPCAP version in requests in the authentication phase must be 0",
573 errbuf) == -1)
574 {
575 // That failed; log a message and give up.
576 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
577 goto end;
578 }
579
580 // Discard the rest of the message and drop the
581 // connection.
582 (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
583 goto end;
584 }
585
586 switch (header.type)
587 {
588 case RPCAP_MSG_AUTH_REQ:
589 retval = daemon_msg_auth_req(&pars, plen);
590 if (retval == -1)
591 {
592 // Fatal error; a message has
593 // been logged, so just give up.
594 goto end;
595 }
596 if (retval == -2)
597 {
598 // Non-fatal error; we sent back
599 // an error message, so let them
600 // try again.
601 continue;
602 }
603
604 // OK, we're authenticated; we sent back
605 // a reply, so start serving requests.
606 authenticated = 1;
607 break;
608
609 case RPCAP_MSG_CLOSE:
610 //
611 // The client is giving up.
612 // Discard the rest of the message, if
613 // there is anything more.
614 //
615 (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
616 // We're done with this client.
617 goto end;
618
619 case RPCAP_MSG_ERROR:
620 // Log this and close the connection?
621 // XXX - is this what happens in active
622 // mode, where *we* initiate the
623 // connection, and the client gives us
624 // an error message rather than a "let
625 // me log in" message, indicating that
626 // we're not allowed to connect to them?
627 (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
628 goto end;
629
630 case RPCAP_MSG_FINDALLIF_REQ:
631 case RPCAP_MSG_OPEN_REQ:
632 case RPCAP_MSG_STARTCAP_REQ:
633 case RPCAP_MSG_UPDATEFILTER_REQ:
634 case RPCAP_MSG_STATS_REQ:
635 case RPCAP_MSG_ENDCAP_REQ:
636 case RPCAP_MSG_SETSAMPLING_REQ:
637 //
638 // These requests can't be sent until
639 // the client is authenticated.
640 //
641 msg_type_string = rpcap_msg_type_string(header.type);
642 if (msg_type_string != NULL)
643 {
644 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string);
645 }
646 else
647 {
648 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type);
649 }
650 if (rpcap_senderror(pars.sockctrl, pars.ssl,
651 header.ver, PCAP_ERR_WRONGMSG,
652 errmsgbuf, errbuf) == -1)
653 {
654 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
655 goto end;
656 }
657 // Discard the rest of the message.
658 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
659 {
660 // Network error.
661 goto end;
662 }
663 break;
664
665 case RPCAP_MSG_PACKET:
666 case RPCAP_MSG_FINDALLIF_REPLY:
667 case RPCAP_MSG_OPEN_REPLY:
668 case RPCAP_MSG_STARTCAP_REPLY:
669 case RPCAP_MSG_UPDATEFILTER_REPLY:
670 case RPCAP_MSG_AUTH_REPLY:
671 case RPCAP_MSG_STATS_REPLY:
672 case RPCAP_MSG_ENDCAP_REPLY:
673 case RPCAP_MSG_SETSAMPLING_REPLY:
674 //
675 // These are server-to-client messages.
676 //
677 msg_type_string = rpcap_msg_type_string(header.type);
678 if (msg_type_string != NULL)
679 {
680 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
681 }
682 else
683 {
684 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
685 }
686 if (rpcap_senderror(pars.sockctrl, pars.ssl,
687 header.ver, PCAP_ERR_WRONGMSG,
688 errmsgbuf, errbuf) == -1)
689 {
690 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
691 goto end;
692 }
693 // Discard the rest of the message.
694 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
695 {
696 // Fatal error.
697 goto end;
698 }
699 break;
700
701 default:
702 //
703 // Unknown message type.
704 //
705 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
706 if (rpcap_senderror(pars.sockctrl, pars.ssl,
707 header.ver, PCAP_ERR_WRONGMSG,
708 errmsgbuf, errbuf) == -1)
709 {
710 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
711 goto end;
712 }
713 // Discard the rest of the message.
714 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
715 {
716 // Fatal error.
717 goto end;
718 }
719 break;
720 }
721 }
722
723 //
724 // OK, the client has authenticated itself, and we can start
725 // processing regular requests from it.
726 //
727
728 //
729 // We don't have any statistics yet.
730 //
731 stats.ps_ifdrop = 0;
732 stats.ps_recv = 0;
733 stats.ps_drop = 0;
734 svrcapt = 0;
735
736 //
737 // Service requests.
738 //
739 for (;;)
740 {
741 errbuf[0] = 0; // clear errbuf
742
743 // Avoid zombies connections; check if the connection is opens but no commands are performed
744 // from more than RPCAP_TIMEOUT_RUNTIME
745 // Conditions:
746 // - I have to be in normal mode (no active mode)
747 // - if the device is open, I don't have to be in the middle of a capture (session->sockdata)
748 // - if the device is closed, I have always to check if a new command arrives
749 //
750 // Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
751 // sockdata is 0
752 if ((!pars.isactive) && (session == NULL || session->sockdata == 0))
753 {
754 // Check for the initial timeout
755 FD_ZERO(&rfds);
756 // We do not have to block here
757 tv.tv_sec = RPCAP_TIMEOUT_RUNTIME;
758 tv.tv_usec = 0;
759
760 FD_SET(pars.sockctrl, &rfds);
761 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
762 retval = 1;
763 #else
764 retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
765 #endif
766 if (retval == -1)
767 {
768 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
769 "select() failed");
770 if (rpcap_senderror(pars.sockctrl, pars.ssl,
771 0, PCAP_ERR_NETW,
772 errmsgbuf, errbuf) == -1)
773 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
774 goto end;
775 }
776
777 // The timeout has expired
778 // So, this was a fake connection. Drop it down
779 if (retval == 0)
780 {
781 if (rpcap_senderror(pars.sockctrl, pars.ssl,
782 0, PCAP_ERR_INITTIMEOUT,
783 "The RPCAP initial timeout has expired",
784 errbuf) == -1)
785 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
786 goto end;
787 }
788 }
789
790 //
791 // Read the message header from the client.
792 //
793 nrecv = rpcapd_recv_msg_header(pars.sockctrl, pars.ssl, &header);
794 if (nrecv == -1)
795 {
796 // Fatal error.
797 goto end;
798 }
799 if (nrecv == -2)
800 {
801 // Client closed the connection.
802 goto end;
803 }
804
805 plen = header.plen;
806
807 //
808 // Did the client specify a protocol version that we
809 // support?
810 //
811 if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
812 {
813 //
814 // Tell them it's not a supported version.
815 // Send the error message with their version,
816 // so they don't reject it as having the wrong
817 // version.
818 //
819 if (rpcap_senderror(pars.sockctrl, pars.ssl,
820 header.ver, PCAP_ERR_WRONGVER,
821 "RPCAP version in message isn't supported by the server",
822 errbuf) == -1)
823 {
824 // That failed; log a message and give up.
825 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
826 goto end;
827 }
828
829 // Discard the rest of the message.
830 (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
831 // Give up on them.
832 goto end;
833 }
834
835 switch (header.type)
836 {
837 case RPCAP_MSG_ERROR: // The other endpoint reported an error
838 {
839 (void)daemon_msg_err(pars.sockctrl, pars.ssl, plen);
840 // Do nothing; just exit; the error code is already into the errbuf
841 // XXX - actually exit....
842 break;
843 }
844
845 case RPCAP_MSG_FINDALLIF_REQ:
846 {
847 if (daemon_msg_findallif_req(header.ver, &pars, plen) == -1)
848 {
849 // Fatal error; a message has
850 // been logged, so just give up.
851 goto end;
852 }
853 break;
854 }
855
856 case RPCAP_MSG_OPEN_REQ:
857 {
858 //
859 // Process the open request, and keep
860 // the source from it, for use later
861 // when the capture is started.
862 //
863 // XXX - we don't care if the client sends
864 // us multiple open requests, the last
865 // one wins.
866 //
867 retval = daemon_msg_open_req(header.ver, &pars,
868 plen, source, sizeof(source));
869 if (retval == -1)
870 {
871 // Fatal error; a message has
872 // been logged, so just give up.
873 goto end;
874 }
875 got_source = 1;
876 break;
877 }
878
879 case RPCAP_MSG_STARTCAP_REQ:
880 {
881 if (!got_source)
882 {
883 // They never told us what device
884 // to capture on!
885 if (rpcap_senderror(pars.sockctrl, pars.ssl,
886 header.ver,
887 PCAP_ERR_STARTCAPTURE,
888 "No capture device was specified",
889 errbuf) == -1)
890 {
891 // Fatal error; log an
892 // error and give up.
893 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
894 goto end;
895 }
896 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
897 {
898 goto end;
899 }
900 break;
901 }
902
903 if (daemon_msg_startcap_req(header.ver, &pars,
904 plen, source, &session, &samp_param,
905 uses_ssl) == -1)
906 {
907 // Fatal error; a message has
908 // been logged, so just give up.
909 goto end;
910 }
911 break;
912 }
913
914 case RPCAP_MSG_UPDATEFILTER_REQ:
915 {
916 if (session)
917 {
918 if (daemon_msg_updatefilter_req(header.ver,
919 &pars, session, plen) == -1)
920 {
921 // Fatal error; a message has
922 // been logged, so just give up.
923 goto end;
924 }
925 }
926 else
927 {
928 if (rpcap_senderror(pars.sockctrl, pars.ssl,
929 header.ver,
930 PCAP_ERR_UPDATEFILTER,
931 "Device not opened. Cannot update filter",
932 errbuf) == -1)
933 {
934 // That failed; log a message and give up.
935 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
936 goto end;
937 }
938 }
939 break;
940 }
941
942 case RPCAP_MSG_CLOSE: // The other endpoint close the pcap session
943 {
944 //
945 // Indicate to our caller that the client
946 // closed the control connection.
947 // This is used only in case of active mode.
948 //
949 client_told_us_to_close = 1;
950 rpcapd_log(LOGPRIO_DEBUG, "The other end system asked to close the connection.");
951 goto end;
952 }
953
954 case RPCAP_MSG_STATS_REQ:
955 {
956 if (daemon_msg_stats_req(header.ver, &pars,
957 session, plen, &stats, svrcapt) == -1)
958 {
959 // Fatal error; a message has
960 // been logged, so just give up.
961 goto end;
962 }
963 break;
964 }
965
966 case RPCAP_MSG_ENDCAP_REQ: // The other endpoint close the current capture session
967 {
968 if (session)
969 {
970 // Save statistics (we can need them in the future)
971 if (pcap_stats(session->fp, &stats))
972 {
973 svrcapt = session->TotCapt;
974 }
975 else
976 {
977 stats.ps_ifdrop = 0;
978 stats.ps_recv = 0;
979 stats.ps_drop = 0;
980 svrcapt = 0;
981 }
982
983 if (daemon_msg_endcap_req(header.ver,
984 &pars, session) == -1)
985 {
986 free(session);
987 session = NULL;
988 // Fatal error; a message has
989 // been logged, so just give up.
990 goto end;
991 }
992 free(session);
993 session = NULL;
994 }
995 else
996 {
997 rpcap_senderror(pars.sockctrl, pars.ssl,
998 header.ver,
999 PCAP_ERR_ENDCAPTURE,
1000 "Device not opened. Cannot close the capture",
1001 errbuf);
1002 }
1003 break;
1004 }
1005
1006 case RPCAP_MSG_SETSAMPLING_REQ:
1007 {
1008 if (daemon_msg_setsampling_req(header.ver,
1009 &pars, plen, &samp_param) == -1)
1010 {
1011 // Fatal error; a message has
1012 // been logged, so just give up.
1013 goto end;
1014 }
1015 break;
1016 }
1017
1018 case RPCAP_MSG_AUTH_REQ:
1019 {
1020 //
1021 // We're already authenticated; you don't
1022 // get to reauthenticate.
1023 //
1024 rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed");
1025 if (rpcap_senderror(pars.sockctrl, pars.ssl,
1026 header.ver,
1027 PCAP_ERR_WRONGMSG,
1028 "RPCAP_MSG_AUTH_REQ request sent after authentication was completed",
1029 errbuf) == -1)
1030 {
1031 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1032 goto end;
1033 }
1034 // Discard the rest of the message.
1035 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1036 {
1037 // Fatal error.
1038 goto end;
1039 }
1040 goto end;
1041
1042 case RPCAP_MSG_PACKET:
1043 case RPCAP_MSG_FINDALLIF_REPLY:
1044 case RPCAP_MSG_OPEN_REPLY:
1045 case RPCAP_MSG_STARTCAP_REPLY:
1046 case RPCAP_MSG_UPDATEFILTER_REPLY:
1047 case RPCAP_MSG_AUTH_REPLY:
1048 case RPCAP_MSG_STATS_REPLY:
1049 case RPCAP_MSG_ENDCAP_REPLY:
1050 case RPCAP_MSG_SETSAMPLING_REPLY:
1051 //
1052 // These are server-to-client messages.
1053 //
1054 msg_type_string = rpcap_msg_type_string(header.type);
1055 if (msg_type_string != NULL)
1056 {
1057 rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string);
1058 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
1059 }
1060 else
1061 {
1062 rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type);
1063 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
1064 }
1065 if (rpcap_senderror(pars.sockctrl, pars.ssl,
1066 header.ver, PCAP_ERR_WRONGMSG,
1067 errmsgbuf, errbuf) == -1)
1068 {
1069 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1070 goto end;
1071 }
1072 // Discard the rest of the message.
1073 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1074 {
1075 // Fatal error.
1076 goto end;
1077 }
1078 goto end;
1079
1080 default:
1081 //
1082 // Unknown message type.
1083 //
1084 rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type);
1085 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
1086 if (rpcap_senderror(pars.sockctrl, pars.ssl,
1087 header.ver, PCAP_ERR_WRONGMSG,
1088 errbuf, errmsgbuf) == -1)
1089 {
1090 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1091 goto end;
1092 }
1093 // Discard the rest of the message.
1094 if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
1095 {
1096 // Fatal error.
1097 goto end;
1098 }
1099 goto end;
1100 }
1101 }
1102 }
1103
1104 end:
1105 // The service loop is finishing up.
1106 // If we have a capture session running, close it.
1107 if (session)
1108 {
1109 session_close(session);
1110 free(session);
1111 session = NULL;
1112 }
1113
1114 if (passiveClients) {
1115 free(passiveClients);
1116 }
1117 //
1118 // Finish using the SSL handle for the control socket, if we
1119 // have an SSL connection, and close the control socket.
1120 //
1121 #ifdef HAVE_OPENSSL
1122 if (ssl)
1123 {
1124 // Finish using the SSL handle for the socket.
1125 // This must be done *before* the socket is closed.
1126 ssl_finish(ssl);
1127 }
1128 #endif
1129 sock_close(sockctrl, NULL, 0);
1130
1131 // Print message and return
1132 rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop");
1133
1134 return client_told_us_to_close;
1135 }
1136
1137 /*
1138 * This handles the RPCAP_MSG_ERR message.
1139 */
1140 static int
daemon_msg_err(SOCKET sockctrl,SSL * ssl,uint32 plen)1141 daemon_msg_err(SOCKET sockctrl, SSL *ssl, uint32 plen)
1142 {
1143 char errbuf[PCAP_ERRBUF_SIZE];
1144 char remote_errbuf[PCAP_ERRBUF_SIZE];
1145
1146 if (plen >= PCAP_ERRBUF_SIZE)
1147 {
1148 /*
1149 * Message is too long; just read as much of it as we
1150 * can into the buffer provided, and discard the rest.
1151 */
1152 if (sock_recv(sockctrl, ssl, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
1153 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
1154 PCAP_ERRBUF_SIZE) == -1)
1155 {
1156 // Network error.
1157 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1158 return -1;
1159 }
1160 if (rpcapd_discard(sockctrl, ssl, plen - (PCAP_ERRBUF_SIZE - 1)) == -1)
1161 {
1162 // Network error.
1163 return -1;
1164 }
1165
1166 /*
1167 * Null-terminate it.
1168 */
1169 remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0';
1170 }
1171 else if (plen == 0)
1172 {
1173 /* Empty error string. */
1174 remote_errbuf[0] = '\0';
1175 }
1176 else
1177 {
1178 if (sock_recv(sockctrl, ssl, remote_errbuf, plen,
1179 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
1180 PCAP_ERRBUF_SIZE) == -1)
1181 {
1182 // Network error.
1183 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1184 return -1;
1185 }
1186
1187 /*
1188 * Null-terminate it.
1189 */
1190 remote_errbuf[plen] = '\0';
1191 }
1192 // Log the message
1193 rpcapd_log(LOGPRIO_ERROR, "Error from client: %s", remote_errbuf);
1194 return 0;
1195 }
1196
1197 /*
1198 * This handles the RPCAP_MSG_AUTH_REQ message.
1199 * It checks if the authentication credentials supplied by the user are valid.
1200 *
1201 * This function is called if the daemon receives a RPCAP_MSG_AUTH_REQ
1202 * message in its authentication loop. It reads the body of the
1203 * authentication message from the network and checks whether the
1204 * credentials are valid.
1205 *
1206 * \param sockctrl: the socket for the control connection.
1207 *
1208 * \param nullAuthAllowed: '1' if the NULL authentication is allowed.
1209 *
1210 * \param errbuf: a user-allocated buffer in which the error message
1211 * (if one) has to be written. It must be at least PCAP_ERRBUF_SIZE
1212 * bytes long.
1213 *
1214 * \return '0' if everything is fine, '-1' if an unrecoverable error occurred,
1215 * or '-2' if the authentication failed. For errors, an error message is
1216 * returned in the 'errbuf' variable; this gives a message for the
1217 * unrecoverable error or for the authentication failure.
1218 */
1219 static int
daemon_msg_auth_req(struct daemon_slpars * pars,uint32 plen)1220 daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
1221 {
1222 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1223 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1224 int status;
1225 struct rpcap_auth auth; // RPCAP authentication header
1226 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1227 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1228 struct rpcap_authreply *authreply; // authentication reply message
1229
1230 status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf);
1231 if (status == -1)
1232 {
1233 return -1;
1234 }
1235 if (status == -2)
1236 {
1237 goto error;
1238 }
1239
1240 switch (ntohs(auth.type))
1241 {
1242 case RPCAP_RMTAUTH_NULL:
1243 {
1244 if (!pars->nullAuthAllowed)
1245 {
1246 // Send the client an error reply.
1247 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
1248 "Authentication failed; NULL authentication not permitted.");
1249 if (rpcap_senderror(pars->sockctrl, pars->ssl,
1250 0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
1251 {
1252 // That failed; log a message and give up.
1253 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1254 return -1;
1255 }
1256 goto error_noreply;
1257 }
1258 break;
1259 }
1260
1261 case RPCAP_RMTAUTH_PWD:
1262 {
1263 char *username, *passwd;
1264 uint32 usernamelen, passwdlen;
1265
1266 usernamelen = ntohs(auth.slen1);
1267 username = (char *) malloc (usernamelen + 1);
1268 if (username == NULL)
1269 {
1270 pcap_fmt_errmsg_for_errno(errmsgbuf,
1271 PCAP_ERRBUF_SIZE, errno, "malloc() failed");
1272 goto error;
1273 }
1274 status = rpcapd_recv(pars->sockctrl, pars->ssl, username, usernamelen, &plen, errmsgbuf);
1275 if (status == -1)
1276 {
1277 free(username);
1278 return -1;
1279 }
1280 if (status == -2)
1281 {
1282 free(username);
1283 goto error;
1284 }
1285 username[usernamelen] = '\0';
1286
1287 passwdlen = ntohs(auth.slen2);
1288 passwd = (char *) malloc (passwdlen + 1);
1289 if (passwd == NULL)
1290 {
1291 pcap_fmt_errmsg_for_errno(errmsgbuf,
1292 PCAP_ERRBUF_SIZE, errno, "malloc() failed");
1293 free(username);
1294 goto error;
1295 }
1296 status = rpcapd_recv(pars->sockctrl, pars->ssl, passwd, passwdlen, &plen, errmsgbuf);
1297 if (status == -1)
1298 {
1299 free(username);
1300 free(passwd);
1301 return -1;
1302 }
1303 if (status == -2)
1304 {
1305 free(username);
1306 free(passwd);
1307 goto error;
1308 }
1309 passwd[passwdlen] = '\0';
1310
1311 if (daemon_AuthUserPwd(username, passwd, errmsgbuf))
1312 {
1313 //
1314 // Authentication failed. Let the client
1315 // know.
1316 //
1317 free(username);
1318 free(passwd);
1319 if (rpcap_senderror(pars->sockctrl, pars->ssl,
1320 0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
1321 {
1322 // That failed; log a message and give up.
1323 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1324 return -1;
1325 }
1326
1327 //
1328 // Suspend for 1 second, so that they can't
1329 // hammer us with repeated tries with an
1330 // attack such as a dictionary attack.
1331 //
1332 // WARNING: this delay is inserted only
1333 // at this point; if the client closes the
1334 // connection and reconnects, the suspension
1335 // time does not have any effect.
1336 //
1337 sleep_secs(RPCAP_SUSPEND_WRONGAUTH);
1338 goto error_noreply;
1339 }
1340
1341 free(username);
1342 free(passwd);
1343 break;
1344 }
1345
1346 default:
1347 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
1348 "Authentication type not recognized.");
1349 if (rpcap_senderror(pars->sockctrl, pars->ssl,
1350 0, PCAP_ERR_AUTH_TYPE_NOTSUP, errmsgbuf, errbuf) == -1)
1351 {
1352 // That failed; log a message and give up.
1353 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1354 return -1;
1355 }
1356 goto error_noreply;
1357 }
1358
1359 // The authentication succeeded; let the client know.
1360 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1361 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1362 goto error;
1363
1364 rpcap_createhdr((struct rpcap_header *) sendbuf, 0,
1365 RPCAP_MSG_AUTH_REPLY, 0, sizeof(struct rpcap_authreply));
1366
1367 authreply = (struct rpcap_authreply *) &sendbuf[sendbufidx];
1368
1369 if (sock_bufferize(NULL, sizeof(struct rpcap_authreply), NULL, &sendbufidx,
1370 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1371 goto error;
1372
1373 //
1374 // Indicate to our peer what versions we support and what our
1375 // version of the byte-order magic is (which will tell the
1376 // client whether our byte order differs from theirs, in which
1377 // case they will need to byte-swap some fields in some
1378 // link-layer types' headers).
1379 //
1380 memset(authreply, 0, sizeof(struct rpcap_authreply));
1381 authreply->minvers = RPCAP_MIN_VERSION;
1382 authreply->maxvers = RPCAP_MAX_VERSION;
1383 authreply->byte_order_magic = RPCAP_BYTE_ORDER_MAGIC;
1384
1385 // Send the reply.
1386 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1387 {
1388 // That failed; log a message and give up.
1389 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1390 return -1;
1391 }
1392
1393 // Check if all the data has been read; if not, discard the data in excess
1394 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1395 {
1396 return -1;
1397 }
1398
1399 return 0;
1400
1401 error:
1402 if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH,
1403 errmsgbuf, errbuf) == -1)
1404 {
1405 // That failed; log a message and give up.
1406 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1407 return -1;
1408 }
1409
1410 error_noreply:
1411 // Check if all the data has been read; if not, discard the data in excess
1412 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1413 {
1414 return -1;
1415 }
1416
1417 return -2;
1418 }
1419
1420 static int
daemon_AuthUserPwd(char * username,char * password,char * errbuf)1421 daemon_AuthUserPwd(char *username, char *password, char *errbuf)
1422 {
1423 #ifdef _WIN32
1424 /*
1425 * Warning: the user which launches the process must have the
1426 * SE_TCB_NAME right.
1427 * This corresponds to have the "Act as part of the Operating System"
1428 * turned on (administrative tools, local security settings, local
1429 * policies, user right assignment)
1430 * However, it seems to me that if you run it as a service, this
1431 * right should be provided by default.
1432 *
1433 * XXX - hopefully, this returns errors such as ERROR_LOGON_FAILURE,
1434 * which merely indicates that the user name or password is
1435 * incorrect, not whether it's the user name or the password
1436 * that's incorrect, so a client that's trying to brute-force
1437 * accounts doesn't know whether it's the user name or the
1438 * password that's incorrect, so it doesn't know whether to
1439 * stop trying to log in with a given user name and move on
1440 * to another user name.
1441 */
1442 DWORD error;
1443 HANDLE Token;
1444 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to log
1445
1446 if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
1447 {
1448 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1449 error = GetLastError();
1450 if (error != ERROR_LOGON_FAILURE)
1451 {
1452 // Some error other than an authentication error;
1453 // log it.
1454 pcap_fmt_errmsg_for_win32_err(errmsgbuf,
1455 PCAP_ERRBUF_SIZE, error, "LogonUser() failed");
1456 rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
1457 }
1458 return -1;
1459 }
1460
1461 // This call should change the current thread to the selected user.
1462 // I didn't test it.
1463 if (ImpersonateLoggedOnUser(Token) == 0)
1464 {
1465 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1466 pcap_fmt_errmsg_for_win32_err(errmsgbuf, PCAP_ERRBUF_SIZE,
1467 GetLastError(), "ImpersonateLoggedOnUser() failed");
1468 rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
1469 CloseHandle(Token);
1470 return -1;
1471 }
1472
1473 CloseHandle(Token);
1474 return 0;
1475
1476 #else
1477 /*
1478 * See
1479 *
1480 * https://www.unixpapa.com/incnote/passwd.html
1481 *
1482 * We use the Solaris/Linux shadow password authentication if
1483 * we have getspnam(), otherwise we just do traditional
1484 * authentication, which, on some platforms, might work, even
1485 * with shadow passwords, if we're running as root. Traditional
1486 * authenticaion won't work if we're not running as root, as
1487 * I think these days all UN*Xes either won't return the password
1488 * at all with getpwnam() or will only do so if you're root.
1489 *
1490 * XXX - perhaps what we *should* be using is PAM, if we have
1491 * it. That might hide all the details of username/password
1492 * authentication, whether it's done with a visible-to-root-
1493 * only password database or some other authentication mechanism,
1494 * behind its API.
1495 */
1496 int error;
1497 struct passwd *user;
1498 char *user_password;
1499 #ifdef HAVE_GETSPNAM
1500 struct spwd *usersp;
1501 #endif
1502 char *crypt_password;
1503
1504 // This call is needed to get the uid
1505 if ((user = getpwnam(username)) == NULL)
1506 {
1507 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1508 return -1;
1509 }
1510
1511 #ifdef HAVE_GETSPNAM
1512 // This call is needed to get the password; otherwise 'x' is returned
1513 if ((usersp = getspnam(username)) == NULL)
1514 {
1515 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1516 return -1;
1517 }
1518 user_password = usersp->sp_pwdp;
1519 #else
1520 /*
1521 * XXX - what about other platforms?
1522 * The unixpapa.com page claims this Just Works on *BSD if you're
1523 * running as root - it's from 2000, so it doesn't indicate whether
1524 * macOS (which didn't come out until 2001, under the name Mac OS
1525 * X) behaves like the *BSDs or not, and might also work on AIX.
1526 * HP-UX does something else.
1527 *
1528 * Again, hopefully PAM hides all that.
1529 */
1530 user_password = user->pw_passwd;
1531 #endif
1532
1533 //
1534 // The Single UNIX Specification says that if crypt() fails it
1535 // sets errno, but some implementatons that haven't been run
1536 // through the SUS test suite might not do so.
1537 //
1538 errno = 0;
1539 crypt_password = crypt(password, user_password);
1540 if (crypt_password == NULL)
1541 {
1542 error = errno;
1543 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1544 if (error == 0)
1545 {
1546 // It didn't set errno.
1547 rpcapd_log(LOGPRIO_ERROR, "crypt() failed");
1548 }
1549 else
1550 {
1551 rpcapd_log(LOGPRIO_ERROR, "crypt() failed: %s",
1552 strerror(error));
1553 }
1554 return -1;
1555 }
1556 if (strcmp(user_password, crypt_password) != 0)
1557 {
1558 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
1559 return -1;
1560 }
1561
1562 if (setuid(user->pw_uid))
1563 {
1564 error = errno;
1565 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1566 error, "setuid");
1567 rpcapd_log(LOGPRIO_ERROR, "setuid() failed: %s",
1568 strerror(error));
1569 return -1;
1570 }
1571
1572 /* if (setgid(user->pw_gid))
1573 {
1574 error = errno;
1575 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1576 errno, "setgid");
1577 rpcapd_log(LOGPRIO_ERROR, "setgid() failed: %s",
1578 strerror(error));
1579 return -1;
1580 }
1581 */
1582 return 0;
1583
1584 #endif
1585
1586 }
1587
1588 /*
1589 * Make sure that the reply length won't overflow 32 bits if we add the
1590 * specified amount to it. If it won't, add that amount to it.
1591 *
1592 * We check whether replylen + itemlen > UINT32_MAX, but subtract itemlen
1593 * from both sides, to prevent overflow.
1594 */
1595 #define CHECK_AND_INCREASE_REPLY_LEN(itemlen) \
1596 if (replylen > UINT32_MAX - (itemlen)) { \
1597 pcap_strlcpy(errmsgbuf, "Reply length doesn't fit in 32 bits", \
1598 sizeof (errmsgbuf)); \
1599 goto error; \
1600 } \
1601 replylen += (uint32)(itemlen)
1602
1603 static int
daemon_msg_findallif_req(uint8 ver,struct daemon_slpars * pars,uint32 plen)1604 daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen)
1605 {
1606 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1607 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1608 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1609 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1610 pcap_if_t *alldevs = NULL; // pointer to the header of the interface chain
1611 pcap_if_t *d; // temp pointer needed to scan the interface chain
1612 struct pcap_addr *address; // pcap structure that keeps a network address of an interface
1613 uint32 replylen; // length of reply payload
1614 uint16 nif = 0; // counts the number of interface listed
1615
1616 // Discard the rest of the message; there shouldn't be any payload.
1617 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1618 {
1619 // Network error.
1620 return -1;
1621 }
1622
1623 // Retrieve the device list
1624 if (pcap_findalldevs(&alldevs, errmsgbuf) == -1)
1625 goto error;
1626
1627 if (alldevs == NULL)
1628 {
1629 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
1630 PCAP_ERR_NOREMOTEIF,
1631 "No interfaces found! Make sure libpcap/WinPcap is properly installed"
1632 " and you have the right to access to the remote device.",
1633 errbuf) == -1)
1634 {
1635 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1636 return -1;
1637 }
1638 return 0;
1639 }
1640
1641 // This checks the number of interfaces and computes the total
1642 // length of the payload.
1643 replylen = 0;
1644 for (d = alldevs; d != NULL; d = d->next)
1645 {
1646 nif++;
1647
1648 if (d->description) {
1649 size_t stringlen = strlen(d->description);
1650 if (stringlen > UINT16_MAX) {
1651 pcap_strlcpy(errmsgbuf,
1652 "Description length doesn't fit in 16 bits",
1653 sizeof (errmsgbuf));
1654 goto error;
1655 }
1656 CHECK_AND_INCREASE_REPLY_LEN(stringlen);
1657 }
1658 if (d->name) {
1659 size_t stringlen = strlen(d->name);
1660 if (stringlen > UINT16_MAX) {
1661 pcap_strlcpy(errmsgbuf,
1662 "Name length doesn't fit in 16 bits",
1663 sizeof (errmsgbuf));
1664 goto error;
1665 }
1666 CHECK_AND_INCREASE_REPLY_LEN(stringlen);
1667 }
1668
1669 CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_findalldevs_if));
1670
1671 uint16_t naddrs = 0;
1672 for (address = d->addresses; address != NULL; address = address->next)
1673 {
1674 /*
1675 * Send only IPv4 and IPv6 addresses over the wire.
1676 */
1677 switch (address->addr->sa_family)
1678 {
1679 case AF_INET:
1680 #ifdef AF_INET6
1681 case AF_INET6:
1682 #endif
1683 CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_sockaddr) * 4);
1684 if (naddrs == UINT16_MAX) {
1685 pcap_strlcpy(errmsgbuf,
1686 "Number of interfaces doesn't fit in 16 bits",
1687 sizeof (errmsgbuf));
1688 goto error;
1689 }
1690 naddrs++;
1691 break;
1692
1693 default:
1694 break;
1695 }
1696 }
1697 }
1698
1699 // RPCAP findalldevs reply
1700 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
1701 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf,
1702 PCAP_ERRBUF_SIZE) == -1)
1703 goto error;
1704
1705 rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
1706 RPCAP_MSG_FINDALLIF_REPLY, nif, replylen);
1707
1708 // send the interface list
1709 for (d = alldevs; d != NULL; d = d->next)
1710 {
1711 uint16 lname, ldescr;
1712
1713 // Note: the findalldevs_if entries are *not* neatly
1714 // aligned on 4-byte boundaries, because they're
1715 // preceded by strings that aren't padded to 4-byte
1716 // boundaries, so we cannot just cast output buffer
1717 // boundaries to struct rpcap_findalldevs_if pointers
1718 // and store into them - we must fill in a structure and
1719 // then copy the structure to the buffer, as not all
1720 // systems support unaligned access (some, such as
1721 // SPARC, crash; others, such as Arm, may just ignore
1722 // the lower-order bits).
1723 struct rpcap_findalldevs_if findalldevs_if;
1724
1725 /*
1726 * We've already established that the string lengths
1727 * fit in 16 bits.
1728 */
1729 if (d->description)
1730 ldescr = (uint16) strlen(d->description);
1731 else
1732 ldescr = 0;
1733 if (d->name)
1734 lname = (uint16) strlen(d->name);
1735 else
1736 lname = 0;
1737
1738 findalldevs_if.desclen = htons(ldescr);
1739 findalldevs_if.namelen = htons(lname);
1740 findalldevs_if.flags = htonl(d->flags);
1741
1742 uint16_t naddrs = 0;
1743 for (address = d->addresses; address != NULL; address = address->next)
1744 {
1745 /*
1746 * Send only IPv4 and IPv6 addresses over the wire.
1747 */
1748 switch (address->addr->sa_family)
1749 {
1750 case AF_INET:
1751 #ifdef AF_INET6
1752 case AF_INET6:
1753 #endif
1754 naddrs++;
1755 break;
1756
1757 default:
1758 break;
1759 }
1760 }
1761 findalldevs_if.naddr = htons(naddrs);
1762 findalldevs_if.dummy = 0;
1763
1764 if (sock_bufferize(&findalldevs_if, sizeof(struct rpcap_findalldevs_if), sendbuf,
1765 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1766 PCAP_ERRBUF_SIZE) == -1)
1767 goto error;
1768
1769 if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
1770 RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1771 PCAP_ERRBUF_SIZE) == -1)
1772 goto error;
1773
1774 if (sock_bufferize(d->description, ldescr, sendbuf, &sendbufidx,
1775 RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
1776 PCAP_ERRBUF_SIZE) == -1)
1777 goto error;
1778
1779 // send all addresses
1780 for (address = d->addresses; address != NULL; address = address->next)
1781 {
1782 struct rpcap_sockaddr *sockaddr;
1783
1784 /*
1785 * Send only IPv4 and IPv6 addresses over the wire.
1786 */
1787 switch (address->addr->sa_family)
1788 {
1789 case AF_INET:
1790 #ifdef AF_INET6
1791 case AF_INET6:
1792 #endif
1793 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1794 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1795 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1796 goto error;
1797 daemon_seraddr((struct sockaddr_storage *) address->addr, sockaddr);
1798
1799 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1800 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1801 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1802 goto error;
1803 daemon_seraddr((struct sockaddr_storage *) address->netmask, sockaddr);
1804
1805 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1806 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1807 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1808 goto error;
1809 daemon_seraddr((struct sockaddr_storage *) address->broadaddr, sockaddr);
1810
1811 sockaddr = (struct rpcap_sockaddr *) &sendbuf[sendbufidx];
1812 if (sock_bufferize(NULL, sizeof(struct rpcap_sockaddr), NULL,
1813 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1814 goto error;
1815 daemon_seraddr((struct sockaddr_storage *) address->dstaddr, sockaddr);
1816 break;
1817
1818 default:
1819 break;
1820 }
1821 }
1822 }
1823
1824 // We no longer need the device list. Free it.
1825 pcap_freealldevs(alldevs);
1826
1827 // Send a final command that says "now send it!"
1828 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1829 {
1830 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1831 return -1;
1832 }
1833
1834 return 0;
1835
1836 error:
1837 if (alldevs)
1838 pcap_freealldevs(alldevs);
1839
1840 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
1841 PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1)
1842 {
1843 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1844 return -1;
1845 }
1846 return 0;
1847 }
1848
1849 /*
1850 \param plen: the length of the current message (needed in order to be able
1851 to discard excess data in the message, if present)
1852 */
1853 static int
daemon_msg_open_req(uint8 ver,struct daemon_slpars * pars,uint32 plen,char * source,size_t sourcelen)1854 daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
1855 char *source, size_t sourcelen)
1856 {
1857 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1858 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1859 pcap_t *fp; // pcap_t main variable
1860 int nread;
1861 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1862 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1863 struct rpcap_openreply *openreply; // open reply message
1864
1865 if (plen > sourcelen - 1)
1866 {
1867 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long");
1868 goto error;
1869 }
1870
1871 nread = sock_recv(pars->sockctrl, pars->ssl, source, plen,
1872 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
1873 if (nread == -1)
1874 {
1875 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
1876 return -1;
1877 }
1878 source[nread] = '\0';
1879 plen -= nread;
1880
1881 // Is this a URL rather than a device?
1882 // If so, reject it.
1883 if (is_url(source))
1884 {
1885 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string refers to a remote device");
1886 goto error;
1887 }
1888
1889 // Open the selected device
1890 // This is a fake open, since we do that only to get the needed parameters, then we close the device again
1891 if ((fp = pcap_open_live(source,
1892 1500 /* fake snaplen */,
1893 0 /* no promisc */,
1894 1000 /* fake timeout */,
1895 errmsgbuf)) == NULL)
1896 goto error;
1897
1898 // Now, I can send a RPCAP open reply message
1899 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
1900 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1901 goto error;
1902
1903 rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
1904 RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
1905
1906 openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
1907
1908 if (sock_bufferize(NULL, sizeof(struct rpcap_openreply), NULL, &sendbufidx,
1909 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
1910 goto error;
1911
1912 memset(openreply, 0, sizeof(struct rpcap_openreply));
1913 openreply->linktype = htonl(pcap_datalink(fp));
1914 /*
1915 * This is always 0 for live captures; we no longer support it
1916 * as something we read from capture files and supply to
1917 * clients, but we have to send it over the wire, as open
1918 * replies are expected to have 8 bytes of payload by
1919 * existing clients.
1920 */
1921 openreply->tzoff = 0;
1922
1923 // We're done with the pcap_t.
1924 pcap_close(fp);
1925
1926 // Send the reply.
1927 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
1928 {
1929 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1930 return -1;
1931 }
1932 return 0;
1933
1934 error:
1935 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_OPEN,
1936 errmsgbuf, errbuf) == -1)
1937 {
1938 // That failed; log a message and give up.
1939 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
1940 return -1;
1941 }
1942
1943 // Check if all the data has been read; if not, discard the data in excess
1944 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
1945 {
1946 return -1;
1947 }
1948 return 0;
1949 }
1950
1951 /*
1952 \param plen: the length of the current message (needed in order to be able
1953 to discard excess data in the message, if present)
1954 */
1955 static int
daemon_msg_startcap_req(uint8 ver,struct daemon_slpars * pars,uint32 plen,char * source,struct session ** sessionp,struct rpcap_sampling * samp_param _U_,int uses_ssl)1956 daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
1957 char *source, struct session **sessionp,
1958 struct rpcap_sampling *samp_param _U_, int uses_ssl)
1959 {
1960 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
1961 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
1962 char portdata[PCAP_BUF_SIZE]; // temp variable needed to derive the data port
1963 char peerhost[PCAP_BUF_SIZE]; // temp variable needed to derive the host name of our peer
1964 struct session *session = NULL; // saves state of session
1965 int status;
1966 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
1967 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
1968
1969 // socket-related variables
1970 struct addrinfo hints; // temp, needed to open a socket connection
1971 struct addrinfo *addrinfo; // temp, needed to open a socket connection
1972 struct sockaddr_storage saddr; // temp, needed to retrieve the network data port chosen on the local machine
1973 socklen_t saddrlen; // temp, needed to retrieve the network data port chosen on the local machine
1974 int ret; // return value from functions
1975
1976 // RPCAP-related variables
1977 struct rpcap_startcapreq startcapreq; // start capture request message
1978 struct rpcap_startcapreply *startcapreply; // start capture reply message
1979 int serveropen_dp; // keeps who is going to open the data connection
1980
1981 addrinfo = NULL;
1982
1983 status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &startcapreq,
1984 sizeof(struct rpcap_startcapreq), &plen, errmsgbuf);
1985 if (status == -1)
1986 {
1987 goto fatal_error;
1988 }
1989 if (status == -2)
1990 {
1991 goto error;
1992 }
1993
1994 startcapreq.flags = ntohs(startcapreq.flags);
1995
1996 // Check that the client does not ask for UDP is the server has been asked
1997 // to enforce encryption, as SSL is not supported yet with UDP:
1998 if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM))
1999 {
2000 snprintf(errbuf, PCAP_ERRBUF_SIZE,
2001 "SSL not supported with UDP forward of remote packets");
2002 goto error;
2003 }
2004
2005 // Create a session structure
2006 session = malloc(sizeof(struct session));
2007 if (session == NULL)
2008 {
2009 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure");
2010 goto error;
2011 }
2012
2013 session->sockdata = INVALID_SOCKET;
2014 session->ctrl_ssl = session->data_ssl = NULL;
2015 // We don't have a thread yet.
2016 session->have_thread = 0;
2017 //
2018 // We *shouldn't* have to initialize the thread indicator
2019 // itself, because the compiler *should* realize that we
2020 // only use this if have_thread isn't 0, but we *do* have
2021 // to do it, because not all compilers *do* realize that.
2022 //
2023 // There is no "invalid thread handle" value for a UN*X
2024 // pthread_t, so we just zero it out.
2025 //
2026 #ifdef _WIN32
2027 session->thread = INVALID_HANDLE_VALUE;
2028 #else
2029 memset(&session->thread, 0, sizeof(session->thread));
2030 #endif
2031
2032 // Open the selected device
2033 if ((session->fp = pcap_open_live(source,
2034 ntohl(startcapreq.snaplen),
2035 (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_PROMISC) ? 1 : 0 /* local device, other flags not needed */,
2036 ntohl(startcapreq.read_timeout),
2037 errmsgbuf)) == NULL)
2038 goto error;
2039
2040 #if 0
2041 // Apply sampling parameters
2042 fp->rmt_samp.method = samp_param->method;
2043 fp->rmt_samp.value = samp_param->value;
2044 #endif
2045
2046 /*
2047 We're in active mode if:
2048 - we're using TCP, and the user wants us to be in active mode
2049 - we're using UDP
2050 */
2051 serveropen_dp = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_SERVEROPEN) || (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) || pars->isactive;
2052
2053 /*
2054 Gets the sockaddr structure referred to the other peer in the ctrl connection
2055
2056 We need that because:
2057 - if we're in passive mode, we need to know the address family we want to use
2058 (the same used for the ctrl socket)
2059 - if we're in active mode, we need to know the network address of the other host
2060 we want to connect to
2061 */
2062 saddrlen = sizeof(struct sockaddr_storage);
2063 if (getpeername(pars->sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
2064 {
2065 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
2066 "getpeername() failed");
2067 goto error;
2068 }
2069
2070 memset(&hints, 0, sizeof(struct addrinfo));
2071 hints.ai_socktype = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) ? SOCK_DGRAM : SOCK_STREAM;
2072 hints.ai_family = saddr.ss_family;
2073
2074 // Now we have to create a new socket to send packets
2075 if (serveropen_dp) // Data connection is opened by the server toward the client
2076 {
2077 snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata));
2078
2079 // Get the name of the other peer (needed to connect to that specific network address)
2080 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
2081 sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
2082 {
2083 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
2084 "getnameinfo() failed");
2085 goto error;
2086 }
2087
2088 if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2089 goto error;
2090
2091 if ((session->sockdata = sock_open(peerhost, addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2092 goto error;
2093 }
2094 else // Data connection is opened by the client toward the server
2095 {
2096 hints.ai_flags = AI_PASSIVE;
2097
2098 // Make the server socket pick up a free network port for us
2099 if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2100 goto error;
2101
2102 if ((session->sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
2103 goto error;
2104
2105 // get the complete sockaddr structure used in the data connection
2106 saddrlen = sizeof(struct sockaddr_storage);
2107 if (getsockname(session->sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
2108 {
2109 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
2110 "getsockname() failed");
2111 goto error;
2112 }
2113
2114 // Get the local port the system picked up
2115 if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
2116 0, portdata, sizeof(portdata), NI_NUMERICSERV))
2117 {
2118 sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
2119 "getnameinfo() failed");
2120 goto error;
2121 }
2122 }
2123
2124 // addrinfo is no longer used
2125 freeaddrinfo(addrinfo);
2126 addrinfo = NULL;
2127
2128 // Needed to send an error on the ctrl connection
2129 session->sockctrl = pars->sockctrl;
2130 session->ctrl_ssl = pars->ssl;
2131 session->protocol_version = ver;
2132
2133 // Now I can set the filter
2134 ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
2135 if (ret == -1)
2136 {
2137 // Fatal error. A message has been logged; just give up.
2138 goto fatal_error;
2139 }
2140 if (ret == -2)
2141 {
2142 // Non-fatal error. Send an error message to the client.
2143 goto error;
2144 }
2145
2146 // Now, I can send a RPCAP start capture reply message
2147 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
2148 RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2149 goto error;
2150
2151 rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
2152 RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
2153
2154 startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
2155
2156 if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreply), NULL,
2157 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2158 goto error;
2159
2160 memset(startcapreply, 0, sizeof(struct rpcap_startcapreply));
2161 startcapreply->bufsize = htonl(pcap_bufsize(session->fp));
2162
2163 if (!serveropen_dp)
2164 {
2165 unsigned short port = (unsigned short)strtoul(portdata,NULL,10);
2166 startcapreply->portdata = htons(port);
2167 }
2168
2169 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
2170 {
2171 // That failed; log a message and give up.
2172 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2173 goto fatal_error;
2174 }
2175
2176 if (!serveropen_dp)
2177 {
2178 SOCKET socktemp; // We need another socket, since we're going to accept() a connection
2179
2180 // Connection creation
2181 saddrlen = sizeof(struct sockaddr_storage);
2182
2183 socktemp = accept(session->sockdata, (struct sockaddr *) &saddr, &saddrlen);
2184
2185 if (socktemp == INVALID_SOCKET)
2186 {
2187 sock_geterrmsg(errbuf, PCAP_ERRBUF_SIZE,
2188 "accept() failed");
2189 rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s",
2190 errbuf);
2191 goto error;
2192 }
2193
2194 // Now that I accepted the connection, the server socket is no longer needed
2195 sock_close(session->sockdata, NULL, 0);
2196 session->sockdata = socktemp;
2197 }
2198
2199 SSL *ssl = NULL;
2200 if (uses_ssl)
2201 {
2202 #ifdef HAVE_OPENSSL
2203 /* In both active or passive cases, wait for the client to initiate the
2204 * TLS handshake. Yes during that time the control socket will not be
2205 * served, but the same was true from the above call to accept(). */
2206 ssl = ssl_promotion(1, session->sockdata, errbuf, PCAP_ERRBUF_SIZE);
2207 if (! ssl)
2208 {
2209 rpcapd_log(LOGPRIO_ERROR, "TLS handshake failed: %s", errbuf);
2210 goto error;
2211 }
2212 #endif
2213 }
2214 session->data_ssl = ssl;
2215
2216 // Now we have to create a new thread to receive packets
2217 #ifdef _WIN32
2218 session->thread = (HANDLE)_beginthreadex(NULL, 0, daemon_thrdatamain,
2219 (void *) session, 0, NULL);
2220 if (session->thread == 0)
2221 {
2222 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
2223 goto error;
2224 }
2225 #else
2226 ret = pthread_create(&session->thread, NULL, daemon_thrdatamain,
2227 (void *) session);
2228 if (ret != 0)
2229 {
2230 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2231 ret, "Error creating the data thread");
2232 goto error;
2233 }
2234 #endif
2235 session->have_thread = 1;
2236
2237 // Check if all the data has been read; if not, discard the data in excess
2238 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2239 goto fatal_error;
2240
2241 *sessionp = session;
2242 return 0;
2243
2244 error:
2245 //
2246 // Not a fatal error, so send the client an error message and
2247 // keep serving client requests.
2248 //
2249 *sessionp = NULL;
2250
2251 if (addrinfo)
2252 freeaddrinfo(addrinfo);
2253
2254 if (session)
2255 {
2256 session_close(session);
2257 free(session);
2258 }
2259
2260 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
2261 PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1)
2262 {
2263 // That failed; log a message and give up.
2264 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2265 return -1;
2266 }
2267
2268 // Check if all the data has been read; if not, discard the data in excess
2269 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2270 {
2271 // Network error.
2272 return -1;
2273 }
2274
2275 return 0;
2276
2277 fatal_error:
2278 //
2279 // Fatal network error, so don't try to communicate with
2280 // the client, just give up.
2281 //
2282 *sessionp = NULL;
2283
2284 if (session)
2285 {
2286 session_close(session);
2287 free(session);
2288 }
2289
2290 return -1;
2291 }
2292
2293 static int
daemon_msg_endcap_req(uint8 ver,struct daemon_slpars * pars,struct session * session)2294 daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
2295 struct session *session)
2296 {
2297 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2298 struct rpcap_header header;
2299
2300 session_close(session);
2301
2302 rpcap_createhdr(&header, ver, RPCAP_MSG_ENDCAP_REPLY, 0, 0);
2303
2304 if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
2305 {
2306 // That failed; log a message and give up.
2307 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2308 return -1;
2309 }
2310
2311 return 0;
2312 }
2313
2314 //
2315 // We impose a limit on the filter program size, so that, on Windows,
2316 // where there's only one server process with multiple threads, it's
2317 // harder to eat all the server address space by sending larger filter
2318 // programs. (This isn't an issue on UN*X, where there are multiple
2319 // server processes, one per client connection.)
2320 //
2321 // We pick a value that limits each filter to 64K; that value is twice
2322 // the in-kernel limit for Linux and 16 times the in-kernel limit for
2323 // *BSD and macOS.
2324 //
2325 // It also prevents an overflow on 32-bit platforms when calculating
2326 // the total size of the filter program. (It's not an issue on 64-bit
2327 // platforms with a 64-bit size_t, as the filter size is 32 bits.)
2328 //
2329 #define RPCAP_BPF_MAXINSNS 8192
2330
2331 static int
daemon_unpackapplyfilter(SOCKET sockctrl,SSL * ctrl_ssl,struct session * session,uint32 * plenp,char * errmsgbuf)2332 daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf)
2333 {
2334 int status;
2335 struct rpcap_filter filter;
2336 struct rpcap_filterbpf_insn insn;
2337 struct bpf_insn *bf_insn;
2338 struct bpf_program bf_prog;
2339 unsigned int i;
2340
2341 status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &filter,
2342 sizeof(struct rpcap_filter), plenp, errmsgbuf);
2343 if (status == -1)
2344 {
2345 return -1;
2346 }
2347 if (status == -2)
2348 {
2349 return -2;
2350 }
2351
2352 bf_prog.bf_len = ntohl(filter.nitems);
2353
2354 if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
2355 {
2356 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
2357 return -2;
2358 }
2359
2360 if (bf_prog.bf_len > RPCAP_BPF_MAXINSNS)
2361 {
2362 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
2363 "Filter program is larger than the maximum size of %d instructions",
2364 RPCAP_BPF_MAXINSNS);
2365 return -2;
2366 }
2367 bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
2368 if (bf_insn == NULL)
2369 {
2370 pcap_fmt_errmsg_for_errno(errmsgbuf, PCAP_ERRBUF_SIZE,
2371 errno, "malloc() failed");
2372 return -2;
2373 }
2374
2375 bf_prog.bf_insns = bf_insn;
2376
2377 for (i = 0; i < bf_prog.bf_len; i++)
2378 {
2379 status = rpcapd_recv(sockctrl, ctrl_ssl, (char *) &insn,
2380 sizeof(struct rpcap_filterbpf_insn), plenp, errmsgbuf);
2381 if (status == -1)
2382 {
2383 return -1;
2384 }
2385 if (status == -2)
2386 {
2387 return -2;
2388 }
2389
2390 bf_insn->code = ntohs(insn.code);
2391 bf_insn->jf = insn.jf;
2392 bf_insn->jt = insn.jt;
2393 bf_insn->k = ntohl(insn.k);
2394
2395 bf_insn++;
2396 }
2397
2398 //
2399 // XXX - pcap_setfilter() should do the validation for us.
2400 //
2401 if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
2402 {
2403 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
2404 return -2;
2405 }
2406
2407 if (pcap_setfilter(session->fp, &bf_prog))
2408 {
2409 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
2410 return -2;
2411 }
2412
2413 return 0;
2414 }
2415
2416 static int
daemon_msg_updatefilter_req(uint8 ver,struct daemon_slpars * pars,struct session * session,uint32 plen)2417 daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
2418 struct session *session, uint32 plen)
2419 {
2420 char errbuf[PCAP_ERRBUF_SIZE];
2421 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
2422 int ret; // status of daemon_unpackapplyfilter()
2423 struct rpcap_header header; // keeps the answer to the updatefilter command
2424
2425 ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
2426 if (ret == -1)
2427 {
2428 // Fatal error. A message has been logged; just give up.
2429 return -1;
2430 }
2431 if (ret == -2)
2432 {
2433 // Non-fatal error. Send an error reply to the client.
2434 goto error;
2435 }
2436
2437 // Check if all the data has been read; if not, discard the data in excess
2438 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2439 {
2440 // Network error.
2441 return -1;
2442 }
2443
2444 // A response is needed, otherwise the other host does not know that everything went well
2445 rpcap_createhdr(&header, ver, RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0);
2446
2447 if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE))
2448 {
2449 // That failed; log a message and give up.
2450 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2451 return -1;
2452 }
2453
2454 return 0;
2455
2456 error:
2457 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2458 {
2459 return -1;
2460 }
2461 rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_UPDATEFILTER,
2462 errmsgbuf, NULL);
2463
2464 return 0;
2465 }
2466
2467 /*!
2468 \brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
2469 */
2470 static int
daemon_msg_setsampling_req(uint8 ver,struct daemon_slpars * pars,uint32 plen,struct rpcap_sampling * samp_param)2471 daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
2472 struct rpcap_sampling *samp_param)
2473 {
2474 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2475 char errmsgbuf[PCAP_ERRBUF_SIZE];
2476 struct rpcap_header header;
2477 struct rpcap_sampling rpcap_samp;
2478 int status;
2479
2480 status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &rpcap_samp, sizeof(struct rpcap_sampling), &plen, errmsgbuf);
2481 if (status == -1)
2482 {
2483 return -1;
2484 }
2485 if (status == -2)
2486 {
2487 goto error;
2488 }
2489
2490 // Save these settings in the pcap_t
2491 samp_param->method = rpcap_samp.method;
2492 samp_param->value = ntohl(rpcap_samp.value);
2493
2494 // A response is needed, otherwise the other host does not know that everything went well
2495 rpcap_createhdr(&header, ver, RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
2496
2497 if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
2498 {
2499 // That failed; log a message and give up.
2500 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2501 return -1;
2502 }
2503
2504 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2505 {
2506 return -1;
2507 }
2508
2509 return 0;
2510
2511 error:
2512 if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_SETSAMPLING,
2513 errmsgbuf, errbuf) == -1)
2514 {
2515 // That failed; log a message and give up.
2516 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2517 return -1;
2518 }
2519
2520 // Check if all the data has been read; if not, discard the data in excess
2521 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2522 {
2523 return -1;
2524 }
2525
2526 return 0;
2527 }
2528
2529 static int
daemon_msg_stats_req(uint8 ver,struct daemon_slpars * pars,struct session * session,uint32 plen,struct pcap_stat * stats,unsigned int svrcapt)2530 daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
2531 struct session *session, uint32 plen, struct pcap_stat *stats,
2532 unsigned int svrcapt)
2533 {
2534 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2535 char errmsgbuf[PCAP_ERRBUF_SIZE]; // buffer for errors to send to the client
2536 char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
2537 int sendbufidx = 0; // index which keeps the number of bytes currently buffered
2538 struct rpcap_stats *netstats; // statistics sent on the network
2539
2540 // Checks that the header does not contain other data; if so, discard it
2541 if (rpcapd_discard(pars->sockctrl, pars->ssl, plen) == -1)
2542 {
2543 // Network error.
2544 return -1;
2545 }
2546
2547 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2548 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2549 goto error;
2550
2551 rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
2552 RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
2553
2554 netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
2555
2556 if (sock_bufferize(NULL, sizeof(struct rpcap_stats), NULL,
2557 &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
2558 goto error;
2559
2560 if (session && session->fp)
2561 {
2562 if (pcap_stats(session->fp, stats) == -1)
2563 {
2564 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp));
2565 goto error;
2566 }
2567
2568 netstats->ifdrop = htonl(stats->ps_ifdrop);
2569 netstats->ifrecv = htonl(stats->ps_recv);
2570 netstats->krnldrop = htonl(stats->ps_drop);
2571 netstats->svrcapt = htonl(session->TotCapt);
2572 }
2573 else
2574 {
2575 // We have to keep compatibility with old applications,
2576 // which ask for statistics also when the capture has
2577 // already stopped.
2578 netstats->ifdrop = htonl(stats->ps_ifdrop);
2579 netstats->ifrecv = htonl(stats->ps_recv);
2580 netstats->krnldrop = htonl(stats->ps_drop);
2581 netstats->svrcapt = htonl(svrcapt);
2582 }
2583
2584 // Send the packet
2585 if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
2586 {
2587 rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
2588 return -1;
2589 }
2590
2591 return 0;
2592
2593 error:
2594 rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_GETSTATS,
2595 errmsgbuf, NULL);
2596 return 0;
2597 }
2598
2599 #ifdef _WIN32
2600 static unsigned __stdcall
2601 #else
2602 static void *
2603 #endif
daemon_thrdatamain(void * ptr)2604 daemon_thrdatamain(void *ptr)
2605 {
2606 char errbuf[PCAP_ERRBUF_SIZE + 1]; // error buffer
2607 struct session *session; // pointer to the struct session for this session
2608 int retval; // general variable used to keep the return value of other functions
2609 struct rpcap_pkthdr *net_pkt_header;// header of the packet
2610 struct pcap_pkthdr *pkt_header; // pointer to the buffer that contains the header of the current packet
2611 u_char *pkt_data; // pointer to the buffer that contains the current packet
2612 size_t sendbufsize; // size for the send buffer
2613 char *sendbuf; // temporary buffer in which data to be sent is buffered
2614 int sendbufidx; // index which keeps the number of bytes currently buffered
2615 int status;
2616 #ifndef _WIN32
2617 sigset_t sigusr1; // signal set with just SIGUSR1
2618 #endif
2619
2620 session = (struct session *) ptr;
2621
2622 session->TotCapt = 0; // counter which is incremented each time a packet is received
2623
2624 // Initialize errbuf
2625 memset(errbuf, 0, sizeof(errbuf));
2626
2627 //
2628 // We need a buffer large enough to hold a buffer large enough
2629 // for a maximum-size packet for this pcap_t.
2630 //
2631 if (pcap_snapshot(session->fp) < 0)
2632 {
2633 //
2634 // The snapshot length is negative.
2635 // This "should not happen".
2636 //
2637 rpcapd_log(LOGPRIO_ERROR,
2638 "Unable to allocate the buffer for this child thread: snapshot length of %d is negative",
2639 pcap_snapshot(session->fp));
2640 sendbuf = NULL; // we can't allocate a buffer, so nothing to free
2641 goto error;
2642 }
2643 //
2644 // size_t is unsigned, and the result of pcap_snapshot() is signed;
2645 // on no platform that we support is int larger than size_t.
2646 // This means that, unless the extra information we prepend to
2647 // a maximum-sized packet is impossibly large, the sum of the
2648 // snapshot length and the size of that extra information will
2649 // fit in a size_t.
2650 //
2651 // So we don't need to make sure that sendbufsize will overflow.
2652 //
2653 // However, we *do* need to make sure its value fits in an int,
2654 // because sock_send() can't send more than INT_MAX bytes (it could
2655 // do so on 64-bit UN*Xes, but can't do so on Windows, not even
2656 // 64-bit Windows, as the send() buffer size argument is an int
2657 // in Winsock).
2658 //
2659 sendbufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + pcap_snapshot(session->fp);
2660 if (sendbufsize > INT_MAX)
2661 {
2662 rpcapd_log(LOGPRIO_ERROR,
2663 "Buffer size for this child thread would be larger than %d",
2664 INT_MAX);
2665 sendbuf = NULL; // we haven't allocated a buffer, so nothing to free
2666 goto error;
2667 }
2668 sendbuf = (char *) malloc (sendbufsize);
2669 if (sendbuf == NULL)
2670 {
2671 rpcapd_log(LOGPRIO_ERROR,
2672 "Unable to allocate the buffer for this child thread");
2673 goto error;
2674 }
2675
2676 #ifndef _WIN32
2677 //
2678 // Set the signal set to include just SIGUSR1, and block that
2679 // signal; we only want it unblocked when we're reading
2680 // packets - we dn't want any other system calls, such as
2681 // ones being used to send to the client or to log messages,
2682 // to be interrupted.
2683 //
2684 sigemptyset(&sigusr1);
2685 sigaddset(&sigusr1, SIGUSR1);
2686 pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
2687 #endif
2688
2689 // Retrieve the packets
2690 for (;;)
2691 {
2692 #ifndef _WIN32
2693 //
2694 // Unblock SIGUSR1 while we might be waiting for packets.
2695 //
2696 pthread_sigmask(SIG_UNBLOCK, &sigusr1, NULL);
2697 #endif
2698 retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data); // cast to avoid a compiler warning
2699 #ifndef _WIN32
2700 //
2701 // Now block it again.
2702 //
2703 pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
2704 #endif
2705 if (retval < 0)
2706 break; // error
2707 if (retval == 0) // Read timeout elapsed
2708 continue;
2709
2710 sendbufidx = 0;
2711
2712 // Bufferize the general header
2713 if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
2714 &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
2715 PCAP_ERRBUF_SIZE) == -1)
2716 {
2717 rpcapd_log(LOGPRIO_ERROR,
2718 "sock_bufferize() error sending packet message: %s",
2719 errbuf);
2720 goto error;
2721 }
2722
2723 rpcap_createhdr((struct rpcap_header *) sendbuf,
2724 session->protocol_version, RPCAP_MSG_PACKET, 0,
2725 (uint16) (sizeof(struct rpcap_pkthdr) + pkt_header->caplen));
2726
2727 net_pkt_header = (struct rpcap_pkthdr *) &sendbuf[sendbufidx];
2728
2729 // Bufferize the pkt header
2730 if (sock_bufferize(NULL, sizeof(struct rpcap_pkthdr), NULL,
2731 &sendbufidx, (int)sendbufsize, SOCKBUF_CHECKONLY, errbuf,
2732 PCAP_ERRBUF_SIZE) == -1)
2733 {
2734 rpcapd_log(LOGPRIO_ERROR,
2735 "sock_bufferize() error sending packet message: %s",
2736 errbuf);
2737 goto error;
2738 }
2739
2740 net_pkt_header->caplen = htonl(pkt_header->caplen);
2741 net_pkt_header->len = htonl(pkt_header->len);
2742 net_pkt_header->npkt = htonl(++(session->TotCapt));
2743 //
2744 // This protocol needs to be updated with a new version
2745 // before 2038-01-19 03:14:07 UTC.
2746 //
2747 net_pkt_header->timestamp_sec = htonl((uint32)pkt_header->ts.tv_sec);
2748 net_pkt_header->timestamp_usec = htonl((uint32)pkt_header->ts.tv_usec);
2749
2750 // Bufferize the pkt data
2751 if (sock_bufferize((char *) pkt_data, pkt_header->caplen,
2752 sendbuf, &sendbufidx, (int)sendbufsize, SOCKBUF_BUFFERIZE,
2753 errbuf, PCAP_ERRBUF_SIZE) == -1)
2754 {
2755 rpcapd_log(LOGPRIO_ERROR,
2756 "sock_bufferize() error sending packet message: %s",
2757 errbuf);
2758 goto error;
2759 }
2760
2761 // Send the packet
2762 // If the client dropped the connection, don't report an
2763 // error, just quit.
2764 status = sock_send(session->sockdata, session->data_ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE);
2765 if (status < 0)
2766 {
2767 if (status == -1)
2768 {
2769 //
2770 // Error other than "client closed the
2771 // connection out from under us"; report
2772 // it.
2773 //
2774 rpcapd_log(LOGPRIO_ERROR,
2775 "Send of packet to client failed: %s",
2776 errbuf);
2777 }
2778
2779 //
2780 // Give up in either case.
2781 //
2782 goto error;
2783 }
2784 }
2785
2786 if (retval < 0 && retval != PCAP_ERROR_BREAK)
2787 {
2788 //
2789 // Failed with an error other than "we were told to break
2790 // out of the loop".
2791 //
2792 // The latter just means that the client told us to stop
2793 // capturing, so there's no error to report.
2794 //
2795 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
2796 rpcap_senderror(session->sockctrl, session->ctrl_ssl, session->protocol_version,
2797 PCAP_ERR_READEX, errbuf, NULL);
2798 }
2799
2800 error:
2801 //
2802 // The main thread will clean up the session structure.
2803 //
2804 free(sendbuf);
2805
2806 return 0;
2807 }
2808
2809 #ifndef _WIN32
2810 //
2811 // Do-nothing handler for SIGUSR1; the sole purpose of SIGUSR1 is to
2812 // interrupt the data thread if it's blocked in a system call waiting
2813 // for packets to arrive.
2814 //
noop_handler(int sign _U_)2815 static void noop_handler(int sign _U_)
2816 {
2817 }
2818 #endif
2819
2820 /*!
2821 \brief It serializes a network address.
2822
2823 It accepts a 'sockaddr_storage' structure as input, and it converts it appropriately into a format
2824 that can be used to be sent on the network. Basically, it applies all the hton()
2825 conversion required to the input variable.
2826
2827 \param sockaddrin a 'sockaddr_storage' pointer to the variable that has to be
2828 serialized. This variable can be both a 'sockaddr_in' and 'sockaddr_in6'.
2829
2830 \param sockaddrout an 'rpcap_sockaddr' pointer to the variable that will contain
2831 the serialized data. This variable has to be allocated by the user.
2832
2833 \warning This function supports only AF_INET and AF_INET6 address families.
2834 */
2835 static void
daemon_seraddr(struct sockaddr_storage * sockaddrin,struct rpcap_sockaddr * sockaddrout)2836 daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout)
2837 {
2838 memset(sockaddrout, 0, sizeof(struct sockaddr_storage));
2839
2840 // There can be the case in which the sockaddrin is not available
2841 if (sockaddrin == NULL) return;
2842
2843 // Warning: we support only AF_INET and AF_INET6
2844 //
2845 // Note: as noted above, the output structures are not
2846 // neatly aligned on 4-byte boundaries, so we must fill
2847 // in an aligned structure and then copy it to the output
2848 // buffer with memcpy().
2849 switch (sockaddrin->ss_family)
2850 {
2851 case AF_INET:
2852 {
2853 struct sockaddr_in *sockaddrin_ipv4;
2854 struct rpcap_sockaddr_in sockaddrout_ipv4;
2855
2856 sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
2857
2858 sockaddrout_ipv4.family = htons(RPCAP_AF_INET);
2859 sockaddrout_ipv4.port = htons(sockaddrin_ipv4->sin_port);
2860 memcpy(&sockaddrout_ipv4.addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4.addr));
2861 memset(sockaddrout_ipv4.zero, 0, sizeof(sockaddrout_ipv4.zero));
2862 memcpy(sockaddrout, &sockaddrout_ipv4, sizeof(struct rpcap_sockaddr_in));
2863 break;
2864 }
2865
2866 #ifdef AF_INET6
2867 case AF_INET6:
2868 {
2869 struct sockaddr_in6 *sockaddrin_ipv6;
2870 struct rpcap_sockaddr_in6 sockaddrout_ipv6;
2871
2872 sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
2873
2874 sockaddrout_ipv6.family = htons(RPCAP_AF_INET6);
2875 sockaddrout_ipv6.port = htons(sockaddrin_ipv6->sin6_port);
2876 sockaddrout_ipv6.flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
2877 memcpy(&sockaddrout_ipv6.addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6.addr));
2878 sockaddrout_ipv6.scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
2879 memcpy(sockaddrout, &sockaddrout_ipv6, sizeof(struct rpcap_sockaddr_in6));
2880 break;
2881 }
2882 #endif
2883 }
2884 }
2885
2886
2887 /*!
2888 \brief Suspends a thread for secs seconds.
2889 */
sleep_secs(int secs)2890 void sleep_secs(int secs)
2891 {
2892 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
2893 #ifdef _WIN32
2894 Sleep(secs*1000);
2895 #else
2896 unsigned secs_remaining;
2897
2898 if (secs <= 0)
2899 return;
2900 secs_remaining = secs;
2901 while (secs_remaining != 0)
2902 secs_remaining = sleep(secs_remaining);
2903 #endif
2904 #endif
2905 }
2906
2907 /*
2908 * Read the header of a message.
2909 */
2910 static int
rpcapd_recv_msg_header(SOCKET sock,SSL * ssl,struct rpcap_header * headerp)2911 rpcapd_recv_msg_header(SOCKET sock, SSL *ssl, struct rpcap_header *headerp)
2912 {
2913 int nread;
2914 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2915
2916 nread = sock_recv(sock, ssl, (char *) headerp, sizeof(struct rpcap_header),
2917 SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR, errbuf, PCAP_ERRBUF_SIZE);
2918 if (nread == -1)
2919 {
2920 // Network error.
2921 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2922 return -1;
2923 }
2924 if (nread == 0)
2925 {
2926 // Immediate EOF; that's treated like a close message.
2927 return -2;
2928 }
2929 headerp->plen = ntohl(headerp->plen);
2930 return 0;
2931 }
2932
2933 /*
2934 * Read data from a message.
2935 * If we're trying to read more data that remains, puts an error
2936 * message into errmsgbuf and returns -2. Otherwise, tries to read
2937 * the data and, if that succeeds, subtracts the amount read from
2938 * the number of bytes of data that remains.
2939 * Returns 0 on success, logs a message and returns -1 on a network
2940 * error.
2941 */
2942 static int
rpcapd_recv(SOCKET sock,SSL * ssl,char * buffer,size_t toread,uint32 * plen,char * errmsgbuf)2943 rpcapd_recv(SOCKET sock, SSL *ssl, char *buffer, size_t toread, uint32 *plen, char *errmsgbuf)
2944 {
2945 int nread;
2946 char errbuf[PCAP_ERRBUF_SIZE]; // buffer for network errors
2947
2948 if (toread > *plen)
2949 {
2950 // Tell the client and continue.
2951 snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
2952 return -2;
2953 }
2954 nread = sock_recv(sock, ssl, buffer, toread,
2955 SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
2956 if (nread == -1)
2957 {
2958 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2959 return -1;
2960 }
2961 *plen -= nread;
2962 return 0;
2963 }
2964
2965 /*
2966 * Discard data from a connection.
2967 * Mostly used to discard wrong-sized messages.
2968 * Returns 0 on success, logs a message and returns -1 on a network
2969 * error.
2970 */
2971 static int
rpcapd_discard(SOCKET sock,SSL * ssl,uint32 len)2972 rpcapd_discard(SOCKET sock, SSL *ssl, uint32 len)
2973 {
2974 char errbuf[PCAP_ERRBUF_SIZE + 1]; // keeps the error string, prior to be printed
2975
2976 if (len != 0)
2977 {
2978 if (sock_discard(sock, ssl, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
2979 {
2980 // Network error.
2981 rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
2982 return -1;
2983 }
2984 }
2985 return 0;
2986 }
2987
2988 //
2989 // Shut down any packet-capture thread associated with the session,
2990 // close the SSL handle for the data socket if we have one, close
2991 // the data socket if we have one, and close the underlying packet
2992 // capture handle if we have one.
2993 //
2994 // We do not, of course, touch the controlling socket that's also
2995 // copied into the session, as the service loop might still use it.
2996 //
session_close(struct session * session)2997 static void session_close(struct session *session)
2998 {
2999 if (session->have_thread)
3000 {
3001 //
3002 // Tell the data connection thread main capture loop to
3003 // break out of that loop.
3004 //
3005 // This may be sufficient to wake up a blocked thread,
3006 // but it's not guaranteed to be sufficient.
3007 //
3008 pcap_breakloop(session->fp);
3009
3010 #ifdef _WIN32
3011 //
3012 // Set the event on which a read would block, so that,
3013 // if it's currently blocked waiting for packets to
3014 // arrive, it'll wake up, so it can see the "break
3015 // out of the loop" indication. (pcap_breakloop()
3016 // might do this, but older versions don't. Setting
3017 // it twice should, at worst, cause an extra wakeup,
3018 // which shouldn't be a problem.)
3019 //
3020 // XXX - what about modules other than NPF?
3021 //
3022 SetEvent(pcap_getevent(session->fp));
3023
3024 //
3025 // Wait for the thread to exit, so we don't close
3026 // sockets out from under it.
3027 //
3028 // XXX - have a timeout, so we don't wait forever?
3029 //
3030 WaitForSingleObject(session->thread, INFINITE);
3031
3032 //
3033 // Release the thread handle, as we're done with
3034 // it.
3035 //
3036 CloseHandle(session->thread);
3037 session->have_thread = 0;
3038 session->thread = INVALID_HANDLE_VALUE;
3039 #else
3040 //
3041 // Send a SIGUSR1 signal to the thread, so that, if
3042 // it's currently blocked waiting for packets to arrive,
3043 // it'll wake up (we've turned off SA_RESTART for
3044 // SIGUSR1, so that the system call in which it's blocked
3045 // should return EINTR rather than restarting).
3046 //
3047 pthread_kill(session->thread, SIGUSR1);
3048
3049 //
3050 // Wait for the thread to exit, so we don't close
3051 // sockets out from under it.
3052 //
3053 // XXX - have a timeout, so we don't wait forever?
3054 //
3055 pthread_join(session->thread, NULL);
3056 session->have_thread = 0;
3057 memset(&session->thread, 0, sizeof(session->thread));
3058 #endif
3059 }
3060
3061 #ifdef HAVE_OPENSSL
3062 if (session->data_ssl)
3063 {
3064 // Finish using the SSL handle for the socket.
3065 // This must be done *before* the socket is closed.
3066 ssl_finish(session->data_ssl);
3067 session->data_ssl = NULL;
3068 }
3069 #endif
3070
3071 if (session->sockdata != INVALID_SOCKET)
3072 {
3073 sock_close(session->sockdata, NULL, 0);
3074 session->sockdata = INVALID_SOCKET;
3075 }
3076
3077 if (session->fp)
3078 {
3079 pcap_close(session->fp);
3080 session->fp = NULL;
3081 }
3082 }
3083
3084 //
3085 // Check whether a capture source string is a URL or not.
3086 // This includes URLs that refer to a local device; a scheme, followed
3087 // by ://, followed by *another* scheme and ://, is just silly, and
3088 // anybody who supplies that will get an error.
3089 //
3090 static int
is_url(const char * source)3091 is_url(const char *source)
3092 {
3093 char *colonp;
3094
3095 /*
3096 * RFC 3986 says:
3097 *
3098 * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
3099 *
3100 * hier-part = "//" authority path-abempty
3101 * / path-absolute
3102 * / path-rootless
3103 * / path-empty
3104 *
3105 * authority = [ userinfo "@" ] host [ ":" port ]
3106 *
3107 * userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
3108 *
3109 * Step 1: look for the ":" at the end of the scheme.
3110 * A colon in the source is *NOT* sufficient to indicate that
3111 * this is a URL, as interface names on some platforms might
3112 * include colons (e.g., I think some Solaris interfaces
3113 * might).
3114 */
3115 colonp = strchr(source, ':');
3116 if (colonp == NULL)
3117 {
3118 /*
3119 * The source is the device to open. It's not a URL.
3120 */
3121 return (0);
3122 }
3123
3124 /*
3125 * All schemes must have "//" after them, i.e. we only support
3126 * hier-part = "//" authority path-abempty, not
3127 * hier-part = path-absolute
3128 * hier-part = path-rootless
3129 * hier-part = path-empty
3130 *
3131 * We need that in order to distinguish between a local device
3132 * name that happens to contain a colon and a URI.
3133 */
3134 if (strncmp(colonp + 1, "//", 2) != 0)
3135 {
3136 /*
3137 * The source is the device to open. It's not a URL.
3138 */
3139 return (0);
3140 }
3141
3142 /*
3143 * It's a URL.
3144 */
3145 return (1);
3146 }
3147