Home | History | Annotate | Download | only in libpcap
      1 /*
      2  * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
      3  * Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
      4  * All rights reserved.
      5  *
      6  * Redistribution and use in source and binary forms, with or without
      7  * modification, are permitted provided that the following conditions
      8  * are met:
      9  *
     10  * 1. Redistributions of source code must retain the above copyright
     11  * notice, this list of conditions and the following disclaimer.
     12  * 2. Redistributions in binary form must reproduce the above copyright
     13  * notice, this list of conditions and the following disclaimer in the
     14  * documentation and/or other materials provided with the distribution.
     15  * 3. Neither the name of the Politecnico di Torino, CACE Technologies
     16  * nor the names of its contributors may be used to endorse or promote
     17  * products derived from this software without specific prior written
     18  * permission.
     19  *
     20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     23  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     24  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     25  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     26  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     30  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     31  *
     32  */
     33 
     34 #ifdef HAVE_CONFIG_H
     35 #include <config.h>
     36 #endif
     37 
     38 #include "ftmacros.h"
     39 
     40 #include <string.h>		/* for strlen(), ... */
     41 #include <stdlib.h>		/* for malloc(), free(), ... */
     42 #include <stdarg.h>		/* for functions with variable number of arguments */
     43 #include <errno.h>		/* for the errno variable */
     44 #include "sockutils.h"
     45 #include "pcap-int.h"
     46 #include "rpcap-protocol.h"
     47 #include "pcap-rpcap.h"
     48 
     49 /*
     50  * This file contains the pcap module for capturing from a remote machine's
     51  * interfaces using the RPCAP protocol.
     52  *
     53  * WARNING: All the RPCAP functions that are allowed to return a buffer
     54  * containing the error description can return max PCAP_ERRBUF_SIZE characters.
     55  * However there is no guarantees that the string will be zero-terminated.
     56  * Best practice is to define the errbuf variable as a char of size
     57  * 'PCAP_ERRBUF_SIZE+1' and to insert manually a NULL character at the end
     58  * of the buffer. This will guarantee that no buffer overflows occur even
     59  * if we use the printf() to show the error on the screen.
     60  *
     61  * XXX - actually, null-terminating the error string is part of the
     62  * contract for the pcap API; if there's any place in the pcap code
     63  * that doesn't guarantee null-termination, even at the expense of
     64  * cutting the message short, that's a bug and needs to be fixed.
     65  */
     66 
     67 #define PCAP_STATS_STANDARD	0	/* Used by pcap_stats_rpcap to see if we want standard or extended statistics */
     68 #ifdef _WIN32
     69 #define PCAP_STATS_EX		1	/* Used by pcap_stats_rpcap to see if we want standard or extended statistics */
     70 #endif
     71 
     72 /*
     73  * \brief Keeps a list of all the opened connections in the active mode.
     74  *
     75  * This structure defines a linked list of items that are needed to keep the info required to
     76  * manage the active mode.
     77  * In other words, when a new connection in active mode starts, this structure is updated so that
     78  * it reflects the list of active mode connections currently opened.
     79  * This structure is required by findalldevs() and open_remote() to see if they have to open a new
     80  * control connection toward the host, or they already have a control connection in place.
     81  */
     82 struct activehosts
     83 {
     84 	struct sockaddr_storage host;
     85 	SOCKET sockctrl;
     86 	uint8 protocol_version;
     87 	struct activehosts *next;
     88 };
     89 
     90 /* Keeps a list of all the opened connections in the active mode. */
     91 static struct activehosts *activeHosts;
     92 
     93 /*
     94  * Keeps the main socket identifier when we want to accept a new remote
     95  * connection (active mode only).
     96  * See the documentation of pcap_remoteact_accept() and
     97  * pcap_remoteact_cleanup() for more details.
     98  */
     99 static SOCKET sockmain;
    100 
    101 /*
    102  * Private data for capturing remotely using the rpcap protocol.
    103  */
    104 struct pcap_rpcap {
    105 	/*
    106 	 * This is '1' if we're the network client; it is needed by several
    107 	 * functions (such as pcap_setfilter()) to know whether they have
    108 	 * to use the socket or have to open the local adapter.
    109 	 */
    110 	int rmt_clientside;
    111 
    112 	SOCKET rmt_sockctrl;		/* socket ID of the socket used for the control connection */
    113 	SOCKET rmt_sockdata;		/* socket ID of the socket used for the data connection */
    114 	int rmt_flags;			/* we have to save flags, since they are passed by the pcap_open_live(), but they are used by the pcap_startcapture() */
    115 	int rmt_capstarted;		/* 'true' if the capture is already started (needed to knoe if we have to call the pcap_startcapture() */
    116 	char *currentfilter;		/* Pointer to a buffer (allocated at run-time) that stores the current filter. Needed when flag PCAP_OPENFLAG_NOCAPTURE_RPCAP is turned on. */
    117 
    118 	uint8 protocol_version;		/* negotiated protocol version */
    119 
    120 	unsigned int TotNetDrops;	/* keeps the number of packets that have been dropped by the network */
    121 
    122 	/*
    123 	 * This keeps the number of packets that have been received by the
    124 	 * application.
    125 	 *
    126 	 * Packets dropped by the kernel buffer are not counted in this
    127 	 * variable. It is always equal to (TotAccepted - TotDrops),
    128 	 * except for the case of remote capture, in which we have also
    129 	 * packets in flight, i.e. that have been transmitted by the remote
    130 	 * host, but that have not been received (yet) from the client.
    131 	 * In this case, (TotAccepted - TotDrops - TotNetDrops) gives a
    132 	 * wrong result, since this number does not corresponds always to
    133 	 * the number of packet received by the application. For this reason,
    134 	 * in the remote capture we need another variable that takes into
    135 	 * account of the number of packets actually received by the
    136 	 * application.
    137 	 */
    138 	unsigned int TotCapt;
    139 
    140 	struct pcap_stat stat;
    141 	/* XXX */
    142 	struct pcap *next;		/* list of open pcaps that need stuff cleared on close */
    143 };
    144 
    145 /****************************************************
    146  *                                                  *
    147  * Locally defined functions                        *
    148  *                                                  *
    149  ****************************************************/
    150 static struct pcap_stat *rpcap_stats_rpcap(pcap_t *p, struct pcap_stat *ps, int mode);
    151 static int pcap_pack_bpffilter(pcap_t *fp, char *sendbuf, int *sendbufidx, struct bpf_program *prog);
    152 static int pcap_createfilter_norpcappkt(pcap_t *fp, struct bpf_program *prog);
    153 static int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog);
    154 static void pcap_save_current_filter_rpcap(pcap_t *fp, const char *filter);
    155 static int pcap_setfilter_rpcap(pcap_t *fp, struct bpf_program *prog);
    156 static int pcap_setsampling_remote(pcap_t *fp);
    157 static int pcap_startcapture_remote(pcap_t *fp);
    158 static int rpcap_sendauth(SOCKET sock, uint8 *ver, struct pcap_rmtauth *auth, char *errbuf);
    159 static int rpcap_recv_msg_header(SOCKET sock, struct rpcap_header *header, char *errbuf);
    160 static int rpcap_check_msg_ver(SOCKET sock, uint8 expected_ver, struct rpcap_header *header, char *errbuf);
    161 static int rpcap_check_msg_type(SOCKET sock, uint8 request_type, struct rpcap_header *header, uint16 *errcode, char *errbuf);
    162 static int rpcap_process_msg_header(SOCKET sock, uint8 ver, uint8 request_type, struct rpcap_header *header, char *errbuf);
    163 static int rpcap_recv(SOCKET sock, void *buffer, size_t toread, uint32 *plen, char *errbuf);
    164 static void rpcap_msg_err(SOCKET sockctrl, uint32 plen, char *remote_errbuf);
    165 static int rpcap_discard(SOCKET sock, uint32 len, char *errbuf);
    166 static int rpcap_read_packet_msg(SOCKET sock, pcap_t *p, size_t size);
    167 
    168 /****************************************************
    169  *                                                  *
    170  * Function bodies                                  *
    171  *                                                  *
    172  ****************************************************/
    173 
    174 /*
    175  * This function translates (i.e. de-serializes) a 'rpcap_sockaddr'
    176  * structure from the network byte order to a 'sockaddr_in" or
    177  * 'sockaddr_in6' structure in the host byte order.
    178  *
    179  * It accepts an 'rpcap_sockaddr' structure as it is received from the
    180  * network, and checks the address family field against various values
    181  * to see whether it looks like an IPv4 address, an IPv6 address, or
    182  * neither of those.  It checks for multiple values in order to try
    183  * to handle older rpcap daemons that sent the native OS's 'sockaddr_in'
    184  * or 'sockaddr_in6' structures over the wire with some members
    185  * byte-swapped, and to handle the fact that AF_INET6 has different
    186  * values on different OSes.
    187  *
    188  * For IPv4 addresses, it converts the address family to host byte
    189  * order from network byte order and puts it into the structure,
    190  * sets the length if a sockaddr structure has a length, converts the
    191  * port number to host byte order from network byte order and puts
    192  * it into the structure, copies over the IPv4 address, and zeroes
    193  * out the zero padding.
    194  *
    195  * For IPv6 addresses, it converts the address family to host byte
    196  * order from network byte order and puts it into the structure,
    197  * sets the length if a sockaddr structure has a length, converts the
    198  * port number and flow information to host byte order from network
    199  * byte order and puts them into the structure, copies over the IPv6
    200  * address, and converts the scope ID to host byte order from network
    201  * byte order and puts it into the structure.
    202  *
    203  * The function will allocate the 'sockaddrout' variable according to the
    204  * address family in use. In case the address does not belong to the
    205  * AF_INET nor AF_INET6 families, 'sockaddrout' is not allocated and a
    206  * NULL pointer is returned.  This usually happens because that address
    207  * does not exist on the other host, or is of an address family other
    208  * than AF_INET or AF_INET6, so the RPCAP daemon sent a 'sockaddr_storage'
    209  * structure containing all 'zero' values.
    210  *
    211  * Older RPCAPDs sent the addresses over the wire in the OS's native
    212  * structure format.  For most OSes, this looks like the over-the-wire
    213  * format, but might have a different value for AF_INET6 than the value
    214  * on the machine receiving the reply.  For OSes with the newer BSD-style
    215  * sockaddr structures, this has, instead of a 2-byte address family,
    216  * a 1-byte structure length followed by a 1-byte address family.  The
    217  * RPCAPD code would put the address family in network byte order before
    218  * sending it; that would set it to 0 on a little-endian machine, as
    219  * htons() of any value between 1 and 255 would result in a value > 255,
    220  * with its lower 8 bits zero, so putting that back into a 1-byte field
    221  * would set it to 0.
    222  *
    223  * Therefore, for older RPCAPDs running on an OS with newer BSD-style
    224  * sockaddr structures, the family field, if treated as a big-endian
    225  * (network byte order) 16-bit field, would be:
    226  *
    227  *	(length << 8) | family if sent by a big-endian machine
    228  *	(length << 8) if sent by a little-endian machine
    229  *
    230  * For current RPCAPDs, and for older RPCAPDs running on an OS with
    231  * older BSD-style sockaddr structures, the family field, if treated
    232  * as a big-endian 16-bit field, would just contain the family.
    233  *
    234  * \param sockaddrin: a 'rpcap_sockaddr' pointer to the variable that has
    235  * to be de-serialized.
    236  *
    237  * \param sockaddrout: a 'sockaddr_storage' pointer to the variable that will contain
    238  * the de-serialized data. The structure returned can be either a 'sockaddr_in' or 'sockaddr_in6'.
    239  * This variable will be allocated automatically inside this function.
    240  *
    241  * \param errbuf: a pointer to a user-allocated buffer (of size PCAP_ERRBUF_SIZE)
    242  * that will contain the error message (in case there is one).
    243  *
    244  * \return '0' if everything is fine, '-1' if some errors occurred. Basically, the error
    245  * can be only the fact that the malloc() failed to allocate memory.
    246  * The error message is returned in the 'errbuf' variable, while the deserialized address
    247  * is returned into the 'sockaddrout' variable.
    248  *
    249  * \warning This function supports only AF_INET and AF_INET6 address families.
    250  *
    251  * \warning The sockaddrout (if not NULL) must be deallocated by the user.
    252  */
    253 
    254 /*
    255  * Possible IPv4 family values other than the designated over-the-wire value,
    256  * which is 2 (because everybody uses 2 for AF_INET4).
    257  */
    258 #define SOCKADDR_IN_LEN		16	/* length of struct sockaddr_in */
    259 #define SOCKADDR_IN6_LEN	28	/* length of struct sockaddr_in6 */
    260 #define NEW_BSD_AF_INET_BE	((SOCKADDR_IN_LEN << 8) | 2)
    261 #define NEW_BSD_AF_INET_LE	(SOCKADDR_IN_LEN << 8)
    262 
    263 /*
    264  * Possible IPv6 family values other than the designated over-the-wire value,
    265  * which is 23 (because that's what Windows uses, and most RPCAP servers
    266  * out there are probably running Windows, as WinPcap includes the server
    267  * but few if any UN*Xes build and ship it).
    268  *
    269  * The new BSD sockaddr structure format was in place before 4.4-Lite, so
    270  * all the free-software BSDs use it.
    271  */
    272 #define NEW_BSD_AF_INET6_BSD_BE		((SOCKADDR_IN6_LEN << 8) | 24)	/* NetBSD, OpenBSD, BSD/OS */
    273 #define NEW_BSD_AF_INET6_FREEBSD_BE	((SOCKADDR_IN6_LEN << 8) | 28)	/* FreeBSD, DragonFly BSD */
    274 #define NEW_BSD_AF_INET6_DARWIN_BE	((SOCKADDR_IN6_LEN << 8) | 30)	/* macOS, iOS, anything else Darwin-based */
    275 #define NEW_BSD_AF_INET6_LE		(SOCKADDR_IN6_LEN << 8)
    276 #define LINUX_AF_INET6			10
    277 #define HPUX_AF_INET6			22
    278 #define AIX_AF_INET6			24
    279 #define SOLARIS_AF_INET6		26
    280 
    281 static int
    282 rpcap_deseraddr(struct rpcap_sockaddr *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf)
    283 {
    284 	/* Warning: we support only AF_INET and AF_INET6 */
    285 	switch (ntohs(sockaddrin->family))
    286 	{
    287 	case RPCAP_AF_INET:
    288 	case NEW_BSD_AF_INET_BE:
    289 	case NEW_BSD_AF_INET_LE:
    290 		{
    291 		struct rpcap_sockaddr_in *sockaddrin_ipv4;
    292 		struct sockaddr_in *sockaddrout_ipv4;
    293 
    294 		(*sockaddrout) = (struct sockaddr_storage *) malloc(sizeof(struct sockaddr_in));
    295 		if ((*sockaddrout) == NULL)
    296 		{
    297 			pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
    298 			    errno, "malloc() failed");
    299 			return -1;
    300 		}
    301 		sockaddrin_ipv4 = (struct rpcap_sockaddr_in *) sockaddrin;
    302 		sockaddrout_ipv4 = (struct sockaddr_in *) (*sockaddrout);
    303 		sockaddrout_ipv4->sin_family = AF_INET;
    304 		sockaddrout_ipv4->sin_port = ntohs(sockaddrin_ipv4->port);
    305 		memcpy(&sockaddrout_ipv4->sin_addr, &sockaddrin_ipv4->addr, sizeof(sockaddrout_ipv4->sin_addr));
    306 		memset(sockaddrout_ipv4->sin_zero, 0, sizeof(sockaddrout_ipv4->sin_zero));
    307 		break;
    308 		}
    309 
    310 #ifdef AF_INET6
    311 	case RPCAP_AF_INET6:
    312 	case NEW_BSD_AF_INET6_BSD_BE:
    313 	case NEW_BSD_AF_INET6_FREEBSD_BE:
    314 	case NEW_BSD_AF_INET6_DARWIN_BE:
    315 	case NEW_BSD_AF_INET6_LE:
    316 	case LINUX_AF_INET6:
    317 	case HPUX_AF_INET6:
    318 	case AIX_AF_INET6:
    319 	case SOLARIS_AF_INET6:
    320 		{
    321 		struct rpcap_sockaddr_in6 *sockaddrin_ipv6;
    322 		struct sockaddr_in6 *sockaddrout_ipv6;
    323 
    324 		(*sockaddrout) = (struct sockaddr_storage *) malloc(sizeof(struct sockaddr_in6));
    325 		if ((*sockaddrout) == NULL)
    326 		{
    327 			pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
    328 			    errno, "malloc() failed");
    329 			return -1;
    330 		}
    331 		sockaddrin_ipv6 = (struct rpcap_sockaddr_in6 *) sockaddrin;
    332 		sockaddrout_ipv6 = (struct sockaddr_in6 *) (*sockaddrout);
    333 		sockaddrout_ipv6->sin6_family = AF_INET6;
    334 		sockaddrout_ipv6->sin6_port = ntohs(sockaddrin_ipv6->port);
    335 		sockaddrout_ipv6->sin6_flowinfo = ntohl(sockaddrin_ipv6->flowinfo);
    336 		memcpy(&sockaddrout_ipv6->sin6_addr, &sockaddrin_ipv6->addr, sizeof(sockaddrout_ipv6->sin6_addr));
    337 		sockaddrout_ipv6->sin6_scope_id = ntohl(sockaddrin_ipv6->scope_id);
    338 		break;
    339 		}
    340 #endif
    341 
    342 	default:
    343 		/*
    344 		 * It is neither AF_INET nor AF_INET6 (or, if the OS doesn't
    345 		 * support AF_INET6, it's not AF_INET).
    346 		 */
    347 		*sockaddrout = NULL;
    348 		break;
    349 	}
    350 	return 0;
    351 }
    352 
    353 /*
    354  * This function reads a packet from the network socket.  It does not
    355  * deliver the packet to a pcap_dispatch()/pcap_loop() callback (hence
    356  * the "nocb" string into its name).
    357  *
    358  * This function is called by pcap_read_rpcap().
    359  *
    360  * WARNING: By choice, this function does not make use of semaphores. A smarter
    361  * implementation should put a semaphore into the data thread, and a signal will
    362  * be raised as soon as there is data into the socket buffer.
    363  * However this is complicated and it does not bring any advantages when reading
    364  * from the network, in which network delays can be much more important than
    365  * these optimizations. Therefore, we chose the following approach:
    366  * - the 'timeout' chosen by the user is split in two (half on the server side,
    367  * with the usual meaning, and half on the client side)
    368  * - this function checks for packets; if there are no packets, it waits for
    369  * timeout/2 and then it checks again. If packets are still missing, it returns,
    370  * otherwise it reads packets.
    371  */
    372 static int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr *pkt_header, u_char **pkt_data)
    373 {
    374 	struct pcap_rpcap *pr = p->priv;	/* structure used when doing a remote live capture */
    375 	struct rpcap_header *header;		/* general header according to the RPCAP format */
    376 	struct rpcap_pkthdr *net_pkt_header;	/* header of the packet, from the message */
    377 	u_char *net_pkt_data;			/* packet data from the message */
    378 	uint32 plen;
    379 	int retval;				/* generic return value */
    380 	int msglen;
    381 
    382 	/* Structures needed for the select() call */
    383 	struct timeval tv;			/* maximum time the select() can block waiting for data */
    384 	fd_set rfds;				/* set of socket descriptors we have to check */
    385 
    386 	/*
    387 	 * Define the packet buffer timeout, to be used in the select()
    388 	 * 'timeout', in pcap_t, is in milliseconds; we have to convert it into sec and microsec
    389 	 */
    390 	tv.tv_sec = p->opt.timeout / 1000;
    391 	tv.tv_usec = (p->opt.timeout - tv.tv_sec * 1000) * 1000;
    392 
    393 	/* Watch out sockdata to see if it has input */
    394 	FD_ZERO(&rfds);
    395 
    396 	/*
    397 	 * 'fp->rmt_sockdata' has always to be set before calling the select(),
    398 	 * since it is cleared by the select()
    399 	 */
    400 	FD_SET(pr->rmt_sockdata, &rfds);
    401 
    402 	retval = select((int) pr->rmt_sockdata + 1, &rfds, NULL, NULL, &tv);
    403 	if (retval == -1)
    404 	{
    405 #ifndef _WIN32
    406 		if (errno == EINTR)
    407 		{
    408 			/* Interrupted. */
    409 			return 0;
    410 		}
    411 #endif
    412 		sock_geterror("select(): ", p->errbuf, PCAP_ERRBUF_SIZE);
    413 		return -1;
    414 	}
    415 
    416 	/* There is no data waiting, so return '0' */
    417 	if (retval == 0)
    418 		return 0;
    419 
    420 	/*
    421 	 * We have to define 'header' as a pointer to a larger buffer,
    422 	 * because in case of UDP we have to read all the message within a single call
    423 	 */
    424 	header = (struct rpcap_header *) p->buffer;
    425 	net_pkt_header = (struct rpcap_pkthdr *) ((char *)p->buffer + sizeof(struct rpcap_header));
    426 	net_pkt_data = (u_char *)p->buffer + sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr);
    427 
    428 	if (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP)
    429 	{
    430 		/* Read the entire message from the network */
    431 		msglen = sock_recv_dgram(pr->rmt_sockdata, p->buffer,
    432 		    p->bufsize, p->errbuf, PCAP_ERRBUF_SIZE);
    433 		if (msglen == -1)
    434 		{
    435 			/* Network error. */
    436 			return -1;
    437 		}
    438 		if (msglen == -3)
    439 		{
    440 			/* Interrupted receive. */
    441 			return 0;
    442 		}
    443 		if ((size_t)msglen < sizeof(struct rpcap_header))
    444 		{
    445 			/*
    446 			 * Message is shorter than an rpcap header.
    447 			 */
    448 			pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
    449 			    "UDP packet message is shorter than an rpcap header");
    450 			return -1;
    451 		}
    452 		plen = ntohl(header->plen);
    453 		if ((size_t)msglen < sizeof(struct rpcap_header) + plen)
    454 		{
    455 			/*
    456 			 * Message is shorter than the header claims it
    457 			 * is.
    458 			 */
    459 			pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
    460 			    "UDP packet message is shorter than its rpcap header claims");
    461 			return -1;
    462 		}
    463 	}
    464 	else
    465 	{
    466 		int status;
    467 
    468 		if ((size_t)p->cc < sizeof(struct rpcap_header))
    469 		{
    470 			/*
    471 			 * We haven't read any of the packet header yet.
    472 			 * The size we should get is the size of the
    473 			 * packet header.
    474 			 */
    475 			status = rpcap_read_packet_msg(pr->rmt_sockdata, p,
    476 			    sizeof(struct rpcap_header));
    477 			if (status == -1)
    478 			{
    479 				/* Network error. */
    480 				return -1;
    481 			}
    482 			if (status == -3)
    483 			{
    484 				/* Interrupted receive. */
    485 				return 0;
    486 			}
    487 		}
    488 
    489 		/*
    490 		 * We have the header, so we know how long the
    491 		 * message payload is.  The size we should get
    492 		 * is the size of the packet header plus the
    493 		 * size of the payload.
    494 		 */
    495 		plen = ntohl(header->plen);
    496 		if (plen > p->bufsize - sizeof(struct rpcap_header))
    497 		{
    498 			/*
    499 			 * This is bigger than the largest
    500 			 * record we'd expect.  (We do it by
    501 			 * subtracting in order to avoid an
    502 			 * overflow.)
    503 			 */
    504 			pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
    505 			    "Server sent us a message larger than the largest expected packet message");
    506 			return -1;
    507 		}
    508 		status = rpcap_read_packet_msg(pr->rmt_sockdata, p,
    509 		    sizeof(struct rpcap_header) + plen);
    510 		if (status == -1)
    511 		{
    512 			/* Network error. */
    513 			return -1;
    514 		}
    515 		if (status == -3)
    516 		{
    517 			/* Interrupted receive. */
    518 			return 0;
    519 		}
    520 
    521 		/*
    522 		 * We have the entire message; reset the buffer pointer
    523 		 * and count, as the next read should start a new
    524 		 * message.
    525 		 */
    526 		p->bp = p->buffer;
    527 		p->cc = 0;
    528 	}
    529 
    530 	/*
    531 	 * We have the entire message.
    532 	 */
    533 	header->plen = plen;
    534 
    535 	/*
    536 	 * Did the server specify the version we negotiated?
    537 	 */
    538 	if (rpcap_check_msg_ver(pr->rmt_sockdata, pr->protocol_version,
    539 	    header, p->errbuf) == -1)
    540 	{
    541 		return 0;	/* Return 'no packets received' */
    542 	}
    543 
    544 	/*
    545 	 * Is this a RPCAP_MSG_PACKET message?
    546 	 */
    547 	if (header->type != RPCAP_MSG_PACKET)
    548 	{
    549 		return 0;	/* Return 'no packets received' */
    550 	}
    551 
    552 	if (ntohl(net_pkt_header->caplen) > plen)
    553 	{
    554 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
    555 		    "Packet's captured data goes past the end of the received packet message.");
    556 		return -1;
    557 	}
    558 
    559 	/* Fill in packet header */
    560 	pkt_header->caplen = ntohl(net_pkt_header->caplen);
    561 	pkt_header->len = ntohl(net_pkt_header->len);
    562 	pkt_header->ts.tv_sec = ntohl(net_pkt_header->timestamp_sec);
    563 	pkt_header->ts.tv_usec = ntohl(net_pkt_header->timestamp_usec);
    564 
    565 	/* Supply a pointer to the beginning of the packet data */
    566 	*pkt_data = net_pkt_data;
    567 
    568 	/*
    569 	 * I don't update the counter of the packets dropped by the network since we're using TCP,
    570 	 * therefore no packets are dropped. Just update the number of packets received correctly
    571 	 */
    572 	pr->TotCapt++;
    573 
    574 	if (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP)
    575 	{
    576 		unsigned int npkt;
    577 
    578 		/* We're using UDP, so we need to update the counter of the packets dropped by the network */
    579 		npkt = ntohl(net_pkt_header->npkt);
    580 
    581 		if (pr->TotCapt != npkt)
    582 		{
    583 			pr->TotNetDrops += (npkt - pr->TotCapt);
    584 			pr->TotCapt = npkt;
    585 		}
    586 	}
    587 
    588 	/* Packet read successfully */
    589 	return 1;
    590 }
    591 
    592 /*
    593  * This function reads a packet from the network socket.
    594  *
    595  * This function relies on the pcap_read_nocb_remote to deliver packets. The
    596  * difference, here, is that as soon as a packet is read, it is delivered
    597  * to the application by means of a callback function.
    598  */
    599 static int pcap_read_rpcap(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
    600 {
    601 	struct pcap_rpcap *pr = p->priv;	/* structure used when doing a remote live capture */
    602 	struct pcap_pkthdr pkt_header;
    603 	u_char *pkt_data;
    604 	int n = 0;
    605 	int ret;
    606 
    607 	/*
    608 	 * If this is client-side, and we haven't already started
    609 	 * the capture, start it now.
    610 	 */
    611 	if (pr->rmt_clientside)
    612 	{
    613 		/* We are on an remote capture */
    614 		if (!pr->rmt_capstarted)
    615 		{
    616 			/*
    617 			 * The capture isn't started yet, so try to
    618 			 * start it.
    619 			 */
    620 			if (pcap_startcapture_remote(p))
    621 				return -1;
    622 		}
    623 	}
    624 
    625 	while (n < cnt || PACKET_COUNT_IS_UNLIMITED(cnt))
    626 	{
    627 		/*
    628 		 * Has "pcap_breakloop()" been called?
    629 		 */
    630 		if (p->break_loop) {
    631 			/*
    632 			 * Yes - clear the flag that indicates that it
    633 			 * has, and return PCAP_ERROR_BREAK to indicate
    634 			 * that we were told to break out of the loop.
    635 			 */
    636 			p->break_loop = 0;
    637 			return (PCAP_ERROR_BREAK);
    638 		}
    639 
    640 		/*
    641 		 * Read some packets.
    642 		 */
    643 		ret = pcap_read_nocb_remote(p, &pkt_header, &pkt_data);
    644 		if (ret == 1)
    645 		{
    646 			/*
    647 			 * We got a packet.  Hand it to the callback
    648 			 * and count it so we can return the count.
    649 			 */
    650 			(*callback)(user, &pkt_header, pkt_data);
    651 			n++;
    652 		}
    653 		else if (ret == -1)
    654 		{
    655 			/* Error. */
    656 			return ret;
    657 		}
    658 		else
    659 		{
    660 			/*
    661 			 * No packet; this could mean that we timed
    662 			 * out, or that we got interrupted, or that
    663 			 * we got a bad packet.
    664 			 *
    665 			 * Were we told to break out of the loop?
    666 			 */
    667 			if (p->break_loop) {
    668 				/*
    669 				 * Yes.
    670 				 */
    671 				p->break_loop = 0;
    672 				return (PCAP_ERROR_BREAK);
    673 			}
    674 			/* No - return the number of packets we've processed. */
    675 			return n;
    676 		}
    677 	}
    678 	return n;
    679 }
    680 
    681 /*
    682  * This function sends a CLOSE command to the capture server.
    683  *
    684  * It is called when the user calls pcap_close().  It sends a command
    685  * to our peer that says 'ok, let's stop capturing'.
    686  *
    687  * WARNING: Since we're closing the connection, we do not check for errors.
    688  */
    689 static void pcap_cleanup_rpcap(pcap_t *fp)
    690 {
    691 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
    692 	struct rpcap_header header;		/* header of the RPCAP packet */
    693 	struct activehosts *temp;		/* temp var needed to scan the host list chain, to detect if we're in active mode */
    694 	int active = 0;				/* active mode or not? */
    695 
    696 	/* detect if we're in active mode */
    697 	temp = activeHosts;
    698 	while (temp)
    699 	{
    700 		if (temp->sockctrl == pr->rmt_sockctrl)
    701 		{
    702 			active = 1;
    703 			break;
    704 		}
    705 		temp = temp->next;
    706 	}
    707 
    708 	if (!active)
    709 	{
    710 		rpcap_createhdr(&header, pr->protocol_version,
    711 		    RPCAP_MSG_CLOSE, 0, 0);
    712 
    713 		/*
    714 		 * Send the close request; don't report any errors, as
    715 		 * we're closing this pcap_t, and have no place to report
    716 		 * the error.  No reply is sent to this message.
    717 		 */
    718 		(void)sock_send(pr->rmt_sockctrl, (char *)&header,
    719 		    sizeof(struct rpcap_header), NULL, 0);
    720 	}
    721 	else
    722 	{
    723 		rpcap_createhdr(&header, pr->protocol_version,
    724 		    RPCAP_MSG_ENDCAP_REQ, 0, 0);
    725 
    726 		/*
    727 		 * Send the end capture request; don't report any errors,
    728 		 * as we're closing this pcap_t, and have no place to
    729 		 * report the error.
    730 		 */
    731 		if (sock_send(pr->rmt_sockctrl, (char *)&header,
    732 		    sizeof(struct rpcap_header), NULL, 0) == 0)
    733 		{
    734 			/*
    735 			 * Wait for the answer; don't report any errors,
    736 			 * as we're closing this pcap_t, and have no
    737 			 * place to report the error.
    738 			 */
    739 			if (rpcap_process_msg_header(pr->rmt_sockctrl,
    740 			    pr->protocol_version, RPCAP_MSG_ENDCAP_REQ,
    741 			    &header, NULL) == 0)
    742 			{
    743 				(void)rpcap_discard(pr->rmt_sockctrl,
    744 				    header.plen, NULL);
    745 			}
    746 		}
    747 	}
    748 
    749 	if (pr->rmt_sockdata)
    750 	{
    751 		sock_close(pr->rmt_sockdata, NULL, 0);
    752 		pr->rmt_sockdata = 0;
    753 	}
    754 
    755 	if ((!active) && (pr->rmt_sockctrl))
    756 		sock_close(pr->rmt_sockctrl, NULL, 0);
    757 
    758 	pr->rmt_sockctrl = 0;
    759 
    760 	if (pr->currentfilter)
    761 	{
    762 		free(pr->currentfilter);
    763 		pr->currentfilter = NULL;
    764 	}
    765 
    766 	/* To avoid inconsistencies in the number of sock_init() */
    767 	sock_cleanup();
    768 }
    769 
    770 /*
    771  * This function retrieves network statistics from our peer;
    772  * it provides only the standard statistics.
    773  */
    774 static int pcap_stats_rpcap(pcap_t *p, struct pcap_stat *ps)
    775 {
    776 	struct pcap_stat *retval;
    777 
    778 	retval = rpcap_stats_rpcap(p, ps, PCAP_STATS_STANDARD);
    779 
    780 	if (retval)
    781 		return 0;
    782 	else
    783 		return -1;
    784 }
    785 
    786 #ifdef _WIN32
    787 /*
    788  * This function retrieves network statistics from our peer;
    789  * it provides the additional statistics supported by pcap_stats_ex().
    790  */
    791 static struct pcap_stat *pcap_stats_ex_rpcap(pcap_t *p, int *pcap_stat_size)
    792 {
    793 	*pcap_stat_size = sizeof (p->stat);
    794 
    795 	/* PCAP_STATS_EX (third param) means 'extended pcap_stats()' */
    796 	return (rpcap_stats_rpcap(p, &(p->stat), PCAP_STATS_EX));
    797 }
    798 #endif
    799 
    800 /*
    801  * This function retrieves network statistics from our peer.  It
    802  * is used by the two previous functions.
    803  *
    804  * It can be called in two modes:
    805  * - PCAP_STATS_STANDARD: if we want just standard statistics (i.e.,
    806  *   for pcap_stats())
    807  * - PCAP_STATS_EX: if we want extended statistics (i.e., for
    808  *   pcap_stats_ex())
    809  *
    810  * This 'mode' parameter is needed because in pcap_stats() the variable that
    811  * keeps the statistics is allocated by the user. On Windows, this structure
    812  * has been extended in order to keep new stats. However, if the user has a
    813  * smaller structure and it passes it to pcap_stats(), this function will
    814  * try to fill in more data than the size of the structure, so that memory
    815  * after the structure will be overwritten.
    816  *
    817  * So, we need to know it we have to copy just the standard fields, or the
    818  * extended fields as well.
    819  *
    820  * In case we want to copy the extended fields as well, the problem of
    821  * memory overflow no longer exists because the structure that's filled
    822  * in is part of the pcap_t, so that it can be guaranteed to be large
    823  * enough for the additional statistics.
    824  *
    825  * \param p: the pcap_t structure related to the current instance.
    826  *
    827  * \param ps: a pointer to a 'pcap_stat' structure, needed for compatibility
    828  * with pcap_stat(), where the structure is allocated by the user. In case
    829  * of pcap_stats_ex(), this structure and the function return value point
    830  * to the same variable.
    831  *
    832  * \param mode: one of PCAP_STATS_STANDARD or PCAP_STATS_EX.
    833  *
    834  * \return The structure that keeps the statistics, or NULL in case of error.
    835  * The error string is placed in the pcap_t structure.
    836  */
    837 static struct pcap_stat *rpcap_stats_rpcap(pcap_t *p, struct pcap_stat *ps, int mode)
    838 {
    839 	struct pcap_rpcap *pr = p->priv;	/* structure used when doing a remote live capture */
    840 	struct rpcap_header header;		/* header of the RPCAP packet */
    841 	struct rpcap_stats netstats;		/* statistics sent on the network */
    842 	uint32 plen;				/* data remaining in the message */
    843 
    844 #ifdef _WIN32
    845 	if (mode != PCAP_STATS_STANDARD && mode != PCAP_STATS_EX)
    846 #else
    847 	if (mode != PCAP_STATS_STANDARD)
    848 #endif
    849 	{
    850 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
    851 		    "Invalid stats mode %d", mode);
    852 		return NULL;
    853 	}
    854 
    855 	/*
    856 	 * If the capture has not yet started, we cannot request statistics
    857 	 * for the capture from our peer, so we return 0 for all statistics,
    858 	 * as nothing's been seen yet.
    859 	 */
    860 	if (!pr->rmt_capstarted)
    861 	{
    862 		ps->ps_drop = 0;
    863 		ps->ps_ifdrop = 0;
    864 		ps->ps_recv = 0;
    865 #ifdef _WIN32
    866 		if (mode == PCAP_STATS_EX)
    867 		{
    868 			ps->ps_capt = 0;
    869 			ps->ps_sent = 0;
    870 			ps->ps_netdrop = 0;
    871 		}
    872 #endif /* _WIN32 */
    873 
    874 		return ps;
    875 	}
    876 
    877 	rpcap_createhdr(&header, pr->protocol_version,
    878 	    RPCAP_MSG_STATS_REQ, 0, 0);
    879 
    880 	/* Send the PCAP_STATS command */
    881 	if (sock_send(pr->rmt_sockctrl, (char *)&header,
    882 	    sizeof(struct rpcap_header), p->errbuf, PCAP_ERRBUF_SIZE) < 0)
    883 		return NULL;		/* Unrecoverable network error */
    884 
    885 	/* Receive and process the reply message header. */
    886 	if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->protocol_version,
    887 	    RPCAP_MSG_STATS_REQ, &header, p->errbuf) == -1)
    888 		return NULL;		/* Error */
    889 
    890 	plen = header.plen;
    891 
    892 	/* Read the reply body */
    893 	if (rpcap_recv(pr->rmt_sockctrl, (char *)&netstats,
    894 	    sizeof(struct rpcap_stats), &plen, p->errbuf) == -1)
    895 		goto error;
    896 
    897 	ps->ps_drop = ntohl(netstats.krnldrop);
    898 	ps->ps_ifdrop = ntohl(netstats.ifdrop);
    899 	ps->ps_recv = ntohl(netstats.ifrecv);
    900 #ifdef _WIN32
    901 	if (mode == PCAP_STATS_EX)
    902 	{
    903 		ps->ps_capt = pr->TotCapt;
    904 		ps->ps_netdrop = pr->TotNetDrops;
    905 		ps->ps_sent = ntohl(netstats.svrcapt);
    906 	}
    907 #endif /* _WIN32 */
    908 
    909 	/* Discard the rest of the message. */
    910 	if (rpcap_discard(pr->rmt_sockctrl, plen, p->errbuf) == -1)
    911 		goto error_nodiscard;
    912 
    913 	return ps;
    914 
    915 error:
    916 	/*
    917 	 * Discard the rest of the message.
    918 	 * We already reported an error; if this gets an error, just
    919 	 * drive on.
    920 	 */
    921 	(void)rpcap_discard(pr->rmt_sockctrl, plen, NULL);
    922 
    923 error_nodiscard:
    924 	return NULL;
    925 }
    926 
    927 /*
    928  * This function returns the entry in the list of active hosts for this
    929  * active connection (active mode only), or NULL if there is no
    930  * active connection or an error occurred.  It is just for internal
    931  * use.
    932  *
    933  * \param host: a string that keeps the host name of the host for which we
    934  * want to get the socket ID for that active connection.
    935  *
    936  * \param error: a pointer to an int that is set to 1 if an error occurred
    937  * and 0 otherwise.
    938  *
    939  * \param errbuf: a pointer to a user-allocated buffer (of size
    940  * PCAP_ERRBUF_SIZE) that will contain the error message (in case
    941  * there is one).
    942  *
    943  * \return the entry for this host in the list of active connections
    944  * if found, NULL if it's not found or there's an error.
    945  */
    946 static struct activehosts *
    947 rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
    948 {
    949 	struct activehosts *temp;			/* temp var needed to scan the host list chain */
    950 	struct addrinfo hints, *addrinfo, *ai_next;	/* temp var needed to translate between hostname to its address */
    951 	int retval;
    952 
    953 	/* retrieve the network address corresponding to 'host' */
    954 	addrinfo = NULL;
    955 	memset(&hints, 0, sizeof(struct addrinfo));
    956 	hints.ai_family = PF_UNSPEC;
    957 	hints.ai_socktype = SOCK_STREAM;
    958 
    959 	retval = getaddrinfo(host, "0", &hints, &addrinfo);
    960 	if (retval != 0)
    961 	{
    962 		pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "getaddrinfo() %s",
    963 		    gai_strerror(retval));
    964 		*error = 1;
    965 		return NULL;
    966 	}
    967 
    968 	temp = activeHosts;
    969 
    970 	while (temp)
    971 	{
    972 		ai_next = addrinfo;
    973 		while (ai_next)
    974 		{
    975 			if (sock_cmpaddr(&temp->host, (struct sockaddr_storage *) ai_next->ai_addr) == 0)
    976 			{
    977 				*error = 0;
    978 				freeaddrinfo(addrinfo);
    979 				return temp;
    980 			}
    981 
    982 			ai_next = ai_next->ai_next;
    983 		}
    984 		temp = temp->next;
    985 	}
    986 
    987 	if (addrinfo)
    988 		freeaddrinfo(addrinfo);
    989 
    990 	/*
    991 	 * The host for which you want to get the socket ID does not have an
    992 	 * active connection.
    993 	 */
    994 	*error = 0;
    995 	return NULL;
    996 }
    997 
    998 /*
    999  * This function starts a remote capture.
   1000  *
   1001  * This function is required since the RPCAP protocol decouples the 'open'
   1002  * from the 'start capture' functions.
   1003  * This function takes all the parameters needed (which have been stored
   1004  * into the pcap_t structure) and sends them to the server.
   1005  *
   1006  * \param fp: the pcap_t descriptor of the device currently open.
   1007  *
   1008  * \return '0' if everything is fine, '-1' otherwise. The error message
   1009  * (if one) is returned into the 'errbuf' field of the pcap_t structure.
   1010  */
   1011 static int pcap_startcapture_remote(pcap_t *fp)
   1012 {
   1013 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
   1014 	char sendbuf[RPCAP_NETBUF_SIZE];	/* temporary buffer in which data to be sent is buffered */
   1015 	int sendbufidx = 0;			/* index which keeps the number of bytes currently buffered */
   1016 	char portdata[PCAP_BUF_SIZE];		/* temp variable needed to keep the network port for the data connection */
   1017 	uint32 plen;
   1018 	int active = 0;				/* '1' if we're in active mode */
   1019 	struct activehosts *temp;		/* temp var needed to scan the host list chain, to detect if we're in active mode */
   1020 	char host[INET6_ADDRSTRLEN + 1];	/* numeric name of the other host */
   1021 
   1022 	/* socket-related variables*/
   1023 	struct addrinfo hints;			/* temp, needed to open a socket connection */
   1024 	struct addrinfo *addrinfo;		/* temp, needed to open a socket connection */
   1025 	SOCKET sockdata = 0;			/* socket descriptor of the data connection */
   1026 	struct sockaddr_storage saddr;		/* temp, needed to retrieve the network data port chosen on the local machine */
   1027 	socklen_t saddrlen;			/* temp, needed to retrieve the network data port chosen on the local machine */
   1028 	int ai_family;				/* temp, keeps the address family used by the control connection */
   1029 
   1030 	/* RPCAP-related variables*/
   1031 	struct rpcap_header header;			/* header of the RPCAP packet */
   1032 	struct rpcap_startcapreq *startcapreq;		/* start capture request message */
   1033 	struct rpcap_startcapreply startcapreply;	/* start capture reply message */
   1034 
   1035 	/* Variables related to the buffer setting */
   1036 	int res;
   1037 	socklen_t itemp;
   1038 	int sockbufsize = 0;
   1039 	uint32 server_sockbufsize;
   1040 
   1041 	/*
   1042 	 * Let's check if sampling has been required.
   1043 	 * If so, let's set it first
   1044 	 */
   1045 	if (pcap_setsampling_remote(fp) != 0)
   1046 		return -1;
   1047 
   1048 	/* detect if we're in active mode */
   1049 	temp = activeHosts;
   1050 	while (temp)
   1051 	{
   1052 		if (temp->sockctrl == pr->rmt_sockctrl)
   1053 		{
   1054 			active = 1;
   1055 			break;
   1056 		}
   1057 		temp = temp->next;
   1058 	}
   1059 
   1060 	addrinfo = NULL;
   1061 
   1062 	/*
   1063 	 * Gets the complete sockaddr structure used in the ctrl connection
   1064 	 * This is needed to get the address family of the control socket
   1065 	 * Tip: I cannot save the ai_family of the ctrl sock in the pcap_t struct,
   1066 	 * since the ctrl socket can already be open in case of active mode;
   1067 	 * so I would have to call getpeername() anyway
   1068 	 */
   1069 	saddrlen = sizeof(struct sockaddr_storage);
   1070 	if (getpeername(pr->rmt_sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
   1071 	{
   1072 		sock_geterror("getsockname(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1073 		goto error_nodiscard;
   1074 	}
   1075 	ai_family = ((struct sockaddr_storage *) &saddr)->ss_family;
   1076 
   1077 	/* Get the numeric address of the remote host we are connected to */
   1078 	if (getnameinfo((struct sockaddr *) &saddr, saddrlen, host,
   1079 		sizeof(host), NULL, 0, NI_NUMERICHOST))
   1080 	{
   1081 		sock_geterror("getnameinfo(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1082 		goto error_nodiscard;
   1083 	}
   1084 
   1085 	/*
   1086 	 * Data connection is opened by the server toward the client if:
   1087 	 * - we're using TCP, and the user wants us to be in active mode
   1088 	 * - we're using UDP
   1089 	 */
   1090 	if ((active) || (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
   1091 	{
   1092 		/*
   1093 		 * We have to create a new socket to receive packets
   1094 		 * We have to do that immediately, since we have to tell the other
   1095 		 * end which network port we picked up
   1096 		 */
   1097 		memset(&hints, 0, sizeof(struct addrinfo));
   1098 		/* TEMP addrinfo is NULL in case of active */
   1099 		hints.ai_family = ai_family;	/* Use the same address family of the control socket */
   1100 		hints.ai_socktype = (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP) ? SOCK_DGRAM : SOCK_STREAM;
   1101 		hints.ai_flags = AI_PASSIVE;	/* Data connection is opened by the server toward the client */
   1102 
   1103 		/* Let's the server pick up a free network port for us */
   1104 		if (sock_initaddress(NULL, "0", &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
   1105 			goto error_nodiscard;
   1106 
   1107 		if ((sockdata = sock_open(addrinfo, SOCKOPEN_SERVER,
   1108 			1 /* max 1 connection in queue */, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
   1109 			goto error_nodiscard;
   1110 
   1111 		/* addrinfo is no longer used */
   1112 		freeaddrinfo(addrinfo);
   1113 		addrinfo = NULL;
   1114 
   1115 		/* get the complete sockaddr structure used in the data connection */
   1116 		saddrlen = sizeof(struct sockaddr_storage);
   1117 		if (getsockname(sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
   1118 		{
   1119 			sock_geterror("getsockname(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1120 			goto error_nodiscard;
   1121 		}
   1122 
   1123 		/* Get the local port the system picked up */
   1124 		if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
   1125 			0, portdata, sizeof(portdata), NI_NUMERICSERV))
   1126 		{
   1127 			sock_geterror("getnameinfo(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1128 			goto error_nodiscard;
   1129 		}
   1130 	}
   1131 
   1132 	/*
   1133 	 * Now it's time to start playing with the RPCAP protocol
   1134 	 * RPCAP start capture command: create the request message
   1135 	 */
   1136 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
   1137 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
   1138 		goto error_nodiscard;
   1139 
   1140 	rpcap_createhdr((struct rpcap_header *) sendbuf,
   1141 	    pr->protocol_version, RPCAP_MSG_STARTCAP_REQ, 0,
   1142 	    sizeof(struct rpcap_startcapreq) + sizeof(struct rpcap_filter) + fp->fcode.bf_len * sizeof(struct rpcap_filterbpf_insn));
   1143 
   1144 	/* Fill the structure needed to open an adapter remotely */
   1145 	startcapreq = (struct rpcap_startcapreq *) &sendbuf[sendbufidx];
   1146 
   1147 	if (sock_bufferize(NULL, sizeof(struct rpcap_startcapreq), NULL,
   1148 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
   1149 		goto error_nodiscard;
   1150 
   1151 	memset(startcapreq, 0, sizeof(struct rpcap_startcapreq));
   1152 
   1153 	/* By default, apply half the timeout on one side, half of the other */
   1154 	fp->opt.timeout = fp->opt.timeout / 2;
   1155 	startcapreq->read_timeout = htonl(fp->opt.timeout);
   1156 
   1157 	/* portdata on the openreq is meaningful only if we're in active mode */
   1158 	if ((active) || (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
   1159 	{
   1160 		sscanf(portdata, "%d", (int *)&(startcapreq->portdata));	/* cast to avoid a compiler warning */
   1161 		startcapreq->portdata = htons(startcapreq->portdata);
   1162 	}
   1163 
   1164 	startcapreq->snaplen = htonl(fp->snapshot);
   1165 	startcapreq->flags = 0;
   1166 
   1167 	if (pr->rmt_flags & PCAP_OPENFLAG_PROMISCUOUS)
   1168 		startcapreq->flags |= RPCAP_STARTCAPREQ_FLAG_PROMISC;
   1169 	if (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP)
   1170 		startcapreq->flags |= RPCAP_STARTCAPREQ_FLAG_DGRAM;
   1171 	if (active)
   1172 		startcapreq->flags |= RPCAP_STARTCAPREQ_FLAG_SERVEROPEN;
   1173 
   1174 	startcapreq->flags = htons(startcapreq->flags);
   1175 
   1176 	/* Pack the capture filter */
   1177 	if (pcap_pack_bpffilter(fp, &sendbuf[sendbufidx], &sendbufidx, &fp->fcode))
   1178 		goto error_nodiscard;
   1179 
   1180 	if (sock_send(pr->rmt_sockctrl, sendbuf, sendbufidx, fp->errbuf,
   1181 	    PCAP_ERRBUF_SIZE) < 0)
   1182 		goto error_nodiscard;
   1183 
   1184 	/* Receive and process the reply message header. */
   1185 	if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->protocol_version,
   1186 	    RPCAP_MSG_STARTCAP_REQ, &header, fp->errbuf) == -1)
   1187 		goto error_nodiscard;
   1188 
   1189 	plen = header.plen;
   1190 
   1191 	if (rpcap_recv(pr->rmt_sockctrl, (char *)&startcapreply,
   1192 	    sizeof(struct rpcap_startcapreply), &plen, fp->errbuf) == -1)
   1193 		goto error;
   1194 
   1195 	/*
   1196 	 * In case of UDP data stream, the connection is always opened by the daemon
   1197 	 * So, this case is already covered by the code above.
   1198 	 * Now, we have still to handle TCP connections, because:
   1199 	 * - if we're in active mode, we have to wait for a remote connection
   1200 	 * - if we're in passive more, we have to start a connection
   1201 	 *
   1202 	 * We have to do he job in two steps because in case we're opening a TCP connection, we have
   1203 	 * to tell the port we're using to the remote side; in case we're accepting a TCP
   1204 	 * connection, we have to wait this info from the remote side.
   1205 	 */
   1206 	if (!(pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP))
   1207 	{
   1208 		if (!active)
   1209 		{
   1210 			memset(&hints, 0, sizeof(struct addrinfo));
   1211 			hints.ai_family = ai_family;		/* Use the same address family of the control socket */
   1212 			hints.ai_socktype = (pr->rmt_flags & PCAP_OPENFLAG_DATATX_UDP) ? SOCK_DGRAM : SOCK_STREAM;
   1213 			pcap_snprintf(portdata, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));
   1214 
   1215 			/* Let's the server pick up a free network port for us */
   1216 			if (sock_initaddress(host, portdata, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
   1217 				goto error;
   1218 
   1219 			if ((sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
   1220 				goto error;
   1221 
   1222 			/* addrinfo is no longer used */
   1223 			freeaddrinfo(addrinfo);
   1224 			addrinfo = NULL;
   1225 		}
   1226 		else
   1227 		{
   1228 			SOCKET socktemp;	/* We need another socket, since we're going to accept() a connection */
   1229 
   1230 			/* Connection creation */
   1231 			saddrlen = sizeof(struct sockaddr_storage);
   1232 
   1233 			socktemp = accept(sockdata, (struct sockaddr *) &saddr, &saddrlen);
   1234 
   1235 			if (socktemp == INVALID_SOCKET)
   1236 			{
   1237 				sock_geterror("accept(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1238 				goto error;
   1239 			}
   1240 
   1241 			/* Now that I accepted the connection, the server socket is no longer needed */
   1242 			sock_close(sockdata, fp->errbuf, PCAP_ERRBUF_SIZE);
   1243 			sockdata = socktemp;
   1244 		}
   1245 	}
   1246 
   1247 	/* Let's save the socket of the data connection */
   1248 	pr->rmt_sockdata = sockdata;
   1249 
   1250 	/*
   1251 	 * Set the size of the socket buffer for the data socket.
   1252 	 * It has the same size as the local capture buffer used
   1253 	 * on the other side of the connection.
   1254 	 */
   1255 	server_sockbufsize = ntohl(startcapreply.bufsize);
   1256 
   1257 	/* Let's get the actual size of the socket buffer */
   1258 	itemp = sizeof(sockbufsize);
   1259 
   1260 	res = getsockopt(sockdata, SOL_SOCKET, SO_RCVBUF, (char *)&sockbufsize, &itemp);
   1261 	if (res == -1)
   1262 	{
   1263 		sock_geterror("pcap_startcapture_remote()", fp->errbuf, PCAP_ERRBUF_SIZE);
   1264 		SOCK_DEBUG_MESSAGE(fp->errbuf);
   1265 	}
   1266 
   1267 	/*
   1268 	 * Warning: on some kernels (e.g. Linux), the size of the user
   1269 	 * buffer does not take into account the pcap_header and such,
   1270 	 * and it is set equal to the snaplen.
   1271 	 *
   1272 	 * In my view, this is wrong (the meaning of the bufsize became
   1273 	 * a bit strange).  So, here bufsize is the whole size of the
   1274 	 * user buffer.  In case the bufsize returned is too small,
   1275 	 * let's adjust it accordingly.
   1276 	 */
   1277 	if (server_sockbufsize <= (u_int) fp->snapshot)
   1278 		server_sockbufsize += sizeof(struct pcap_pkthdr);
   1279 
   1280 	/* if the current socket buffer is smaller than the desired one */
   1281 	if ((u_int) sockbufsize < server_sockbufsize)
   1282 	{
   1283 		/*
   1284 		 * Loop until the buffer size is OK or the original
   1285 		 * socket buffer size is larger than this one.
   1286 		 */
   1287 		for (;;)
   1288 		{
   1289 			res = setsockopt(sockdata, SOL_SOCKET, SO_RCVBUF,
   1290 			    (char *)&(server_sockbufsize),
   1291 			    sizeof(server_sockbufsize));
   1292 
   1293 			if (res == 0)
   1294 				break;
   1295 
   1296 			/*
   1297 			 * If something goes wrong, halve the buffer size
   1298 			 * (checking that it does not become smaller than
   1299 			 * the current one).
   1300 			 */
   1301 			server_sockbufsize /= 2;
   1302 
   1303 			if ((u_int) sockbufsize >= server_sockbufsize)
   1304 			{
   1305 				server_sockbufsize = sockbufsize;
   1306 				break;
   1307 			}
   1308 		}
   1309 	}
   1310 
   1311 	/*
   1312 	 * Let's allocate the packet; this is required in order to put
   1313 	 * the packet somewhere when extracting data from the socket.
   1314 	 * Since buffering has already been done in the socket buffer,
   1315 	 * here we need just a buffer whose size is equal to the
   1316 	 * largest possible packet message for the snapshot size,
   1317 	 * namely the length of the message header plus the length
   1318 	 * of the packet header plus the snapshot length.
   1319 	 */
   1320 	fp->bufsize = sizeof(struct rpcap_header) + sizeof(struct rpcap_pkthdr) + fp->snapshot;
   1321 
   1322 	fp->buffer = (u_char *)malloc(fp->bufsize);
   1323 	if (fp->buffer == NULL)
   1324 	{
   1325 		pcap_fmt_errmsg_for_errno(fp->errbuf, PCAP_ERRBUF_SIZE,
   1326 		    errno, "malloc");
   1327 		goto error;
   1328 	}
   1329 
   1330 	/*
   1331 	 * The buffer is currently empty.
   1332 	 */
   1333 	fp->bp = fp->buffer;
   1334 	fp->cc = 0;
   1335 
   1336 	/* Discard the rest of the message. */
   1337 	if (rpcap_discard(pr->rmt_sockctrl, plen, fp->errbuf) == -1)
   1338 		goto error_nodiscard;
   1339 
   1340 	/*
   1341 	 * In case the user does not want to capture RPCAP packets, let's update the filter
   1342 	 * We have to update it here (instead of sending it into the 'StartCapture' message
   1343 	 * because when we generate the 'start capture' we do not know (yet) all the ports
   1344 	 * we're currently using.
   1345 	 */
   1346 	if (pr->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP)
   1347 	{
   1348 		struct bpf_program fcode;
   1349 
   1350 		if (pcap_createfilter_norpcappkt(fp, &fcode) == -1)
   1351 			goto error;
   1352 
   1353 		/* We cannot use 'pcap_setfilter_rpcap' because formally the capture has not been started yet */
   1354 		/* (the 'pr->rmt_capstarted' variable will be updated some lines below) */
   1355 		if (pcap_updatefilter_remote(fp, &fcode) == -1)
   1356 			goto error;
   1357 
   1358 		pcap_freecode(&fcode);
   1359 	}
   1360 
   1361 	pr->rmt_capstarted = 1;
   1362 	return 0;
   1363 
   1364 error:
   1365 	/*
   1366 	 * When the connection has been established, we have to close it. So, at the
   1367 	 * beginning of this function, if an error occur we return immediately with
   1368 	 * a return NULL; when the connection is established, we have to come here
   1369 	 * ('goto error;') in order to close everything properly.
   1370 	 */
   1371 
   1372 	/*
   1373 	 * Discard the rest of the message.
   1374 	 * We already reported an error; if this gets an error, just
   1375 	 * drive on.
   1376 	 */
   1377 	(void)rpcap_discard(pr->rmt_sockctrl, plen, NULL);
   1378 
   1379 error_nodiscard:
   1380 	if ((sockdata) && (sockdata != -1))		/* we can be here because sockdata said 'error' */
   1381 		sock_close(sockdata, NULL, 0);
   1382 
   1383 	if (!active)
   1384 		sock_close(pr->rmt_sockctrl, NULL, 0);
   1385 
   1386 	if (addrinfo != NULL)
   1387 		freeaddrinfo(addrinfo);
   1388 
   1389 	/*
   1390 	 * We do not have to call pcap_close() here, because this function is always called
   1391 	 * by the user in case something bad happens
   1392 	 */
   1393 #if 0
   1394 	if (fp)
   1395 	{
   1396 		pcap_close(fp);
   1397 		fp= NULL;
   1398 	}
   1399 #endif
   1400 
   1401 	return -1;
   1402 }
   1403 
   1404 /*
   1405  * This function takes a bpf program and sends it to the other host.
   1406  *
   1407  * This function can be called in two cases:
   1408  * - pcap_startcapture_remote() is called (we have to send the filter
   1409  *   along with the 'start capture' command)
   1410  * - we want to udpate the filter during a capture (i.e. pcap_setfilter()
   1411  *   after the capture has been started)
   1412  *
   1413  * This function serializes the filter into the sending buffer ('sendbuf',
   1414  * passed as a parameter) and return back. It does not send anything on
   1415  * the network.
   1416  *
   1417  * \param fp: the pcap_t descriptor of the device currently opened.
   1418  *
   1419  * \param sendbuf: the buffer on which the serialized data has to copied.
   1420  *
   1421  * \param sendbufidx: it is used to return the abounf of bytes copied into the buffer.
   1422  *
   1423  * \param prog: the bpf program we have to copy.
   1424  *
   1425  * \return '0' if everything is fine, '-1' otherwise. The error message (if one)
   1426  * is returned into the 'errbuf' field of the pcap_t structure.
   1427  */
   1428 static int pcap_pack_bpffilter(pcap_t *fp, char *sendbuf, int *sendbufidx, struct bpf_program *prog)
   1429 {
   1430 	struct rpcap_filter *filter;
   1431 	struct rpcap_filterbpf_insn *insn;
   1432 	struct bpf_insn *bf_insn;
   1433 	struct bpf_program fake_prog;		/* To be used just in case the user forgot to set a filter */
   1434 	unsigned int i;
   1435 
   1436 	if (prog->bf_len == 0)	/* No filters have been specified; so, let's apply a "fake" filter */
   1437 	{
   1438 		if (pcap_compile(fp, &fake_prog, NULL /* buffer */, 1, 0) == -1)
   1439 			return -1;
   1440 
   1441 		prog = &fake_prog;
   1442 	}
   1443 
   1444 	filter = (struct rpcap_filter *) sendbuf;
   1445 
   1446 	if (sock_bufferize(NULL, sizeof(struct rpcap_filter), NULL, sendbufidx,
   1447 		RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
   1448 		return -1;
   1449 
   1450 	filter->filtertype = htons(RPCAP_UPDATEFILTER_BPF);
   1451 	filter->nitems = htonl((int32)prog->bf_len);
   1452 
   1453 	if (sock_bufferize(NULL, prog->bf_len * sizeof(struct rpcap_filterbpf_insn),
   1454 		NULL, sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
   1455 		return -1;
   1456 
   1457 	insn = (struct rpcap_filterbpf_insn *) (filter + 1);
   1458 	bf_insn = prog->bf_insns;
   1459 
   1460 	for (i = 0; i < prog->bf_len; i++)
   1461 	{
   1462 		insn->code = htons(bf_insn->code);
   1463 		insn->jf = bf_insn->jf;
   1464 		insn->jt = bf_insn->jt;
   1465 		insn->k = htonl(bf_insn->k);
   1466 
   1467 		insn++;
   1468 		bf_insn++;
   1469 	}
   1470 
   1471 	return 0;
   1472 }
   1473 
   1474 /*
   1475  * This function updates a filter on a remote host.
   1476  *
   1477  * It is called when the user wants to update a filter.
   1478  * In case we're capturing from the network, it sends the filter to our
   1479  * peer.
   1480  * This function is *not* called automatically when the user calls
   1481  * pcap_setfilter().
   1482  * There will be two cases:
   1483  * - the capture has been started: in this case, pcap_setfilter_rpcap()
   1484  *   calls pcap_updatefilter_remote()
   1485  * - the capture has not started yet: in this case, pcap_setfilter_rpcap()
   1486  *   stores the filter into the pcap_t structure, and then the filter is
   1487  *   sent with pcap_startcap().
   1488  *
   1489  * WARNING This function *does not* clear the packet currently into the
   1490  * buffers. Therefore, the user has to expect to receive some packets
   1491  * that are related to the previous filter.  If you want to discard all
   1492  * the packets before applying a new filter, you have to close the
   1493  * current capture session and start a new one.
   1494  *
   1495  * XXX - we really should have pcap_setfilter() always discard packets
   1496  * received with the old filter, and have a separate pcap_setfilter_noflush()
   1497  * function that doesn't discard any packets.
   1498  */
   1499 static int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog)
   1500 {
   1501 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
   1502 	char sendbuf[RPCAP_NETBUF_SIZE];	/* temporary buffer in which data to be sent is buffered */
   1503 	int sendbufidx = 0;			/* index which keeps the number of bytes currently buffered */
   1504 	struct rpcap_header header;		/* To keep the reply message */
   1505 
   1506 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
   1507 		RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
   1508 		return -1;
   1509 
   1510 	rpcap_createhdr((struct rpcap_header *) sendbuf,
   1511 	    pr->protocol_version, RPCAP_MSG_UPDATEFILTER_REQ, 0,
   1512 	    sizeof(struct rpcap_filter) + prog->bf_len * sizeof(struct rpcap_filterbpf_insn));
   1513 
   1514 	if (pcap_pack_bpffilter(fp, &sendbuf[sendbufidx], &sendbufidx, prog))
   1515 		return -1;
   1516 
   1517 	if (sock_send(pr->rmt_sockctrl, sendbuf, sendbufidx, fp->errbuf,
   1518 	    PCAP_ERRBUF_SIZE) < 0)
   1519 		return -1;
   1520 
   1521 	/* Receive and process the reply message header. */
   1522 	if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->protocol_version,
   1523 	    RPCAP_MSG_UPDATEFILTER_REQ, &header, fp->errbuf) == -1)
   1524 		return -1;
   1525 
   1526 	/*
   1527 	 * It shouldn't have any contents; discard it if it does.
   1528 	 */
   1529 	if (rpcap_discard(pr->rmt_sockctrl, header.plen, fp->errbuf) == -1)
   1530 		return -1;
   1531 
   1532 	return 0;
   1533 }
   1534 
   1535 static void
   1536 pcap_save_current_filter_rpcap(pcap_t *fp, const char *filter)
   1537 {
   1538 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
   1539 
   1540 	/*
   1541 	 * Check if:
   1542 	 *  - We are on an remote capture
   1543 	 *  - we do not want to capture RPCAP traffic
   1544 	 *
   1545 	 * If so, we have to save the current filter, because we have to
   1546 	 * add some piece of stuff later
   1547 	 */
   1548 	if (pr->rmt_clientside &&
   1549 	    (pr->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP))
   1550 	{
   1551 		if (pr->currentfilter)
   1552 			free(pr->currentfilter);
   1553 
   1554 		if (filter == NULL)
   1555 			filter = "";
   1556 
   1557 		pr->currentfilter = strdup(filter);
   1558 	}
   1559 }
   1560 
   1561 /*
   1562  * This function sends a filter to a remote host.
   1563  *
   1564  * This function is called when the user wants to set a filter.
   1565  * It sends the filter to our peer.
   1566  * This function is called automatically when the user calls pcap_setfilter().
   1567  *
   1568  * Parameters and return values are exactly the same of pcap_setfilter().
   1569  */
   1570 static int pcap_setfilter_rpcap(pcap_t *fp, struct bpf_program *prog)
   1571 {
   1572 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
   1573 
   1574 	if (!pr->rmt_capstarted)
   1575 	{
   1576 		/* copy filter into the pcap_t structure */
   1577 		if (install_bpf_program(fp, prog) == -1)
   1578 			return -1;
   1579 		return 0;
   1580 	}
   1581 
   1582 	/* we have to update a filter during run-time */
   1583 	if (pcap_updatefilter_remote(fp, prog))
   1584 		return -1;
   1585 
   1586 	return 0;
   1587 }
   1588 
   1589 /*
   1590  * This function updates the current filter in order not to capture rpcap
   1591  * packets.
   1592  *
   1593  * This function is called *only* when the user wants exclude RPCAP packets
   1594  * related to the current session from the captured packets.
   1595  *
   1596  * \return '0' if everything is fine, '-1' otherwise. The error message (if one)
   1597  * is returned into the 'errbuf' field of the pcap_t structure.
   1598  */
   1599 static int pcap_createfilter_norpcappkt(pcap_t *fp, struct bpf_program *prog)
   1600 {
   1601 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
   1602 	int RetVal = 0;
   1603 
   1604 	/* We do not want to capture our RPCAP traffic. So, let's update the filter */
   1605 	if (pr->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP)
   1606 	{
   1607 		struct sockaddr_storage saddr;		/* temp, needed to retrieve the network data port chosen on the local machine */
   1608 		socklen_t saddrlen;					/* temp, needed to retrieve the network data port chosen on the local machine */
   1609 		char myaddress[128];
   1610 		char myctrlport[128];
   1611 		char mydataport[128];
   1612 		char peeraddress[128];
   1613 		char peerctrlport[128];
   1614 		char *newfilter;
   1615 		const int newstringsize = 1024;
   1616 		size_t currentfiltersize;
   1617 
   1618 		/* Get the name/port of our peer */
   1619 		saddrlen = sizeof(struct sockaddr_storage);
   1620 		if (getpeername(pr->rmt_sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
   1621 		{
   1622 			sock_geterror("getpeername(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1623 			return -1;
   1624 		}
   1625 
   1626 		if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peeraddress,
   1627 			sizeof(peeraddress), peerctrlport, sizeof(peerctrlport), NI_NUMERICHOST | NI_NUMERICSERV))
   1628 		{
   1629 			sock_geterror("getnameinfo(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1630 			return -1;
   1631 		}
   1632 
   1633 		/* We cannot check the data port, because this is available only in case of TCP sockets */
   1634 		/* Get the name/port of the current host */
   1635 		if (getsockname(pr->rmt_sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
   1636 		{
   1637 			sock_geterror("getsockname(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1638 			return -1;
   1639 		}
   1640 
   1641 		/* Get the local port the system picked up */
   1642 		if (getnameinfo((struct sockaddr *) &saddr, saddrlen, myaddress,
   1643 			sizeof(myaddress), myctrlport, sizeof(myctrlport), NI_NUMERICHOST | NI_NUMERICSERV))
   1644 		{
   1645 			sock_geterror("getnameinfo(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1646 			return -1;
   1647 		}
   1648 
   1649 		/* Let's now check the data port */
   1650 		if (getsockname(pr->rmt_sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
   1651 		{
   1652 			sock_geterror("getsockname(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1653 			return -1;
   1654 		}
   1655 
   1656 		/* Get the local port the system picked up */
   1657 		if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL, 0, mydataport, sizeof(mydataport), NI_NUMERICSERV))
   1658 		{
   1659 			sock_geterror("getnameinfo(): ", fp->errbuf, PCAP_ERRBUF_SIZE);
   1660 			return -1;
   1661 		}
   1662 
   1663 		currentfiltersize = pr->currentfilter ? strlen(pr->currentfilter) : 0;
   1664 
   1665 		newfilter = (char *)malloc(currentfiltersize + newstringsize + 1);
   1666 
   1667 		if (currentfiltersize)
   1668 		{
   1669 			pcap_snprintf(newfilter, currentfiltersize + newstringsize,
   1670 				"(%s) and not (host %s and host %s and port %s and port %s) and not (host %s and host %s and port %s)",
   1671 				pr->currentfilter, myaddress, peeraddress, myctrlport, peerctrlport, myaddress, peeraddress, mydataport);
   1672 		}
   1673 		else
   1674 		{
   1675 			pcap_snprintf(newfilter, currentfiltersize + newstringsize,
   1676 				"not (host %s and host %s and port %s and port %s) and not (host %s and host %s and port %s)",
   1677 				myaddress, peeraddress, myctrlport, peerctrlport, myaddress, peeraddress, mydataport);
   1678 		}
   1679 
   1680 		newfilter[currentfiltersize + newstringsize] = 0;
   1681 
   1682 		/*
   1683 		 * This is only an hack to prevent the save_current_filter
   1684 		 * routine, which will be called when we call pcap_compile(),
   1685 		 * from saving the modified filter.
   1686 		 */
   1687 		pr->rmt_clientside = 0;
   1688 
   1689 		if (pcap_compile(fp, prog, newfilter, 1, 0) == -1)
   1690 			RetVal = -1;
   1691 
   1692 		/* Undo the hack. */
   1693 		pr->rmt_clientside = 1;
   1694 
   1695 		free(newfilter);
   1696 	}
   1697 
   1698 	return RetVal;
   1699 }
   1700 
   1701 /*
   1702  * This function sets sampling parameters in the remote host.
   1703  *
   1704  * It is called when the user wants to set activate sampling on the
   1705  * remote host.
   1706  *
   1707  * Sampling parameters are defined into the 'pcap_t' structure.
   1708  *
   1709  * \param p: the pcap_t descriptor of the device currently opened.
   1710  *
   1711  * \return '0' if everything is OK, '-1' is something goes wrong. The
   1712  * error message is returned in the 'errbuf' member of the pcap_t structure.
   1713  */
   1714 static int pcap_setsampling_remote(pcap_t *fp)
   1715 {
   1716 	struct pcap_rpcap *pr = fp->priv;	/* structure used when doing a remote live capture */
   1717 	char sendbuf[RPCAP_NETBUF_SIZE];/* temporary buffer in which data to be sent is buffered */
   1718 	int sendbufidx = 0;			/* index which keeps the number of bytes currently buffered */
   1719 	struct rpcap_header header;		/* To keep the reply message */
   1720 	struct rpcap_sampling *sampling_pars;	/* Structure that is needed to send sampling parameters to the remote host */
   1721 
   1722 	/* If no samping is requested, return 'ok' */
   1723 	if (fp->rmt_samp.method == PCAP_SAMP_NOSAMP)
   1724 		return 0;
   1725 
   1726 	/*
   1727 	 * Check for sampling parameters that don't fit in a message.
   1728 	 * We'll let the server complain about invalid parameters
   1729 	 * that do fit into the message.
   1730 	 */
   1731 	if (fp->rmt_samp.method < 0 || fp->rmt_samp.method > 255) {
   1732 		pcap_snprintf(fp->errbuf, PCAP_ERRBUF_SIZE,
   1733 		    "Invalid sampling method %d", fp->rmt_samp.method);
   1734 		return -1;
   1735 	}
   1736 	if (fp->rmt_samp.value < 0 || fp->rmt_samp.value > 65535) {
   1737 		pcap_snprintf(fp->errbuf, PCAP_ERRBUF_SIZE,
   1738 		    "Invalid sampling value %d", fp->rmt_samp.value);
   1739 		return -1;
   1740 	}
   1741 
   1742 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
   1743 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
   1744 		return -1;
   1745 
   1746 	rpcap_createhdr((struct rpcap_header *) sendbuf,
   1747 	    pr->protocol_version, RPCAP_MSG_SETSAMPLING_REQ, 0,
   1748 	    sizeof(struct rpcap_sampling));
   1749 
   1750 	/* Fill the structure needed to open an adapter remotely */
   1751 	sampling_pars = (struct rpcap_sampling *) &sendbuf[sendbufidx];
   1752 
   1753 	if (sock_bufferize(NULL, sizeof(struct rpcap_sampling), NULL,
   1754 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, fp->errbuf, PCAP_ERRBUF_SIZE))
   1755 		return -1;
   1756 
   1757 	memset(sampling_pars, 0, sizeof(struct rpcap_sampling));
   1758 
   1759 	sampling_pars->method = (uint8)fp->rmt_samp.method;
   1760 	sampling_pars->value = (uint16)htonl(fp->rmt_samp.value);
   1761 
   1762 	if (sock_send(pr->rmt_sockctrl, sendbuf, sendbufidx, fp->errbuf,
   1763 	    PCAP_ERRBUF_SIZE) < 0)
   1764 		return -1;
   1765 
   1766 	/* Receive and process the reply message header. */
   1767 	if (rpcap_process_msg_header(pr->rmt_sockctrl, pr->protocol_version,
   1768 	    RPCAP_MSG_SETSAMPLING_REQ, &header, fp->errbuf) == -1)
   1769 		return -1;
   1770 
   1771 	/*
   1772 	 * It shouldn't have any contents; discard it if it does.
   1773 	 */
   1774 	if (rpcap_discard(pr->rmt_sockctrl, header.plen, fp->errbuf) == -1)
   1775 		return -1;
   1776 
   1777 	return 0;
   1778 }
   1779 
   1780 /*********************************************************
   1781  *                                                       *
   1782  * Miscellaneous functions                               *
   1783  *                                                       *
   1784  *********************************************************/
   1785 
   1786 /*
   1787  * This function performs authentication and protocol version
   1788  * negotiation.  It first tries to authenticate with the maximum
   1789  * version we support and, if that fails with an "I don't support
   1790  * that version" error from the server, and the version number in
   1791  * the reply from the server is one we support, tries again with
   1792  * that version.
   1793  *
   1794  * \param sock: the socket we are currently using.
   1795  *
   1796  * \param ver: pointer to variable holding protocol version number to send
   1797  * and to set to the protocol version number in the reply.
   1798  *
   1799  * \param auth: authentication parameters that have to be sent.
   1800  *
   1801  * \param errbuf: a pointer to a user-allocated buffer (of size
   1802  * PCAP_ERRBUF_SIZE) that will contain the error message (in case there
   1803  * is one). It could be a network problem or the fact that the authorization
   1804  * failed.
   1805  *
   1806  * \return '0' if everything is fine, '-1' for an error.  For errors,
   1807  * an error message string is returned in the 'errbuf' variable.
   1808  */
   1809 static int rpcap_doauth(SOCKET sockctrl, uint8 *ver, struct pcap_rmtauth *auth, char *errbuf)
   1810 {
   1811 	int status;
   1812 
   1813 	/*
   1814 	 * Send authentication to the remote machine.
   1815 	 *
   1816 	 * First try with the maximum version number we support.
   1817 	 */
   1818 	*ver = RPCAP_MAX_VERSION;
   1819 	status = rpcap_sendauth(sockctrl, ver, auth, errbuf);
   1820 	if (status == 0)
   1821 	{
   1822 		//
   1823 		// Success.
   1824 		//
   1825 		return 0;
   1826 	}
   1827 	if (status == -1)
   1828 	{
   1829 		/* Unrecoverable error. */
   1830 		return -1;
   1831 	}
   1832 
   1833 	/*
   1834 	 * The server doesn't support the version we used in the initial
   1835 	 * message, and it sent us back a reply either with the maximum
   1836 	 * version they do support, or with the version we sent, and we
   1837 	 * support that version.  *ver has been set to that version; try
   1838 	 * authenticating again with that version.
   1839 	 */
   1840 	status = rpcap_sendauth(sockctrl, ver, auth, errbuf);
   1841 	if (status == 0)
   1842 	{
   1843 		//
   1844 		// Success.
   1845 		//
   1846 		return 0;
   1847 	}
   1848 	if (status == -1)
   1849 	{
   1850 		/* Unrecoverable error. */
   1851 		return -1;
   1852 	}
   1853 	if (status == -2)
   1854 	{
   1855 		/*
   1856 		 * The server doesn't support that version, which
   1857 		 * means there is no version we both support, so
   1858 		 * this is a fatal error.
   1859 		 */
   1860 		pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "The server doesn't support any protocol version that we support");
   1861 		return -1;
   1862 	}
   1863 	pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "rpcap_sendauth() returned %d", status);
   1864 	return -1;
   1865 }
   1866 
   1867 /*
   1868  * This function sends the authentication message.
   1869  *
   1870  * It sends the authentication parameters on the control socket.
   1871  * It is required in order to open the connection with the other end party.
   1872  *
   1873  * \param sock: the socket we are currently using.
   1874  *
   1875  * \param ver: pointer to variable holding protocol version number to send
   1876  * and to set to the protocol version number in the reply.
   1877  *
   1878  * \param auth: authentication parameters that have to be sent.
   1879  *
   1880  * \param errbuf: a pointer to a user-allocated buffer (of size
   1881  * PCAP_ERRBUF_SIZE) that will contain the error message (in case there
   1882  * is one). It could be a network problem or the fact that the authorization
   1883  * failed.
   1884  *
   1885  * \return '0' if everything is fine, '-2' if the server didn't reply with
   1886  * the protocol version we requested but replied with a version we do
   1887  * support, or '-1' for other errors.  For errors, an error message string
   1888  * is returned in the 'errbuf' variable.
   1889  */
   1890 static int rpcap_sendauth(SOCKET sock, uint8 *ver, struct pcap_rmtauth *auth, char *errbuf)
   1891 {
   1892 	char sendbuf[RPCAP_NETBUF_SIZE];	/* temporary buffer in which data that has to be sent is buffered */
   1893 	int sendbufidx = 0;			/* index which keeps the number of bytes currently buffered */
   1894 	uint16 length;				/* length of the payload of this message */
   1895 	uint16 errcode;
   1896 	struct rpcap_auth *rpauth;
   1897 	uint16 auth_type;
   1898 	struct rpcap_header header;
   1899 	size_t str_length;
   1900 
   1901 	if (auth)
   1902 	{
   1903 		switch (auth->type)
   1904 		{
   1905 		case RPCAP_RMTAUTH_NULL:
   1906 			length = sizeof(struct rpcap_auth);
   1907 			break;
   1908 
   1909 		case RPCAP_RMTAUTH_PWD:
   1910 			length = sizeof(struct rpcap_auth);
   1911 			if (auth->username)
   1912 			{
   1913 				str_length = strlen(auth->username);
   1914 				if (str_length > 65535)
   1915 				{
   1916 					pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "User name is too long (> 65535 bytes)");
   1917 					return -1;
   1918 				}
   1919 				length += (uint16)str_length;
   1920 			}
   1921 			if (auth->password)
   1922 			{
   1923 				str_length = strlen(auth->password);
   1924 				if (str_length > 65535)
   1925 				{
   1926 					pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Password is too long (> 65535 bytes)");
   1927 					return -1;
   1928 				}
   1929 				length += (uint16)str_length;
   1930 			}
   1931 			break;
   1932 
   1933 		default:
   1934 			pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication type not recognized.");
   1935 			return -1;
   1936 		}
   1937 
   1938 		auth_type = (uint16)auth->type;
   1939 	}
   1940 	else
   1941 	{
   1942 		auth_type = RPCAP_RMTAUTH_NULL;
   1943 		length = sizeof(struct rpcap_auth);
   1944 	}
   1945 
   1946 
   1947 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
   1948 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE))
   1949 		return -1;
   1950 
   1951 	rpcap_createhdr((struct rpcap_header *) sendbuf, *ver,
   1952 	    RPCAP_MSG_AUTH_REQ, 0, length);
   1953 
   1954 	rpauth = (struct rpcap_auth *) &sendbuf[sendbufidx];
   1955 
   1956 	if (sock_bufferize(NULL, sizeof(struct rpcap_auth), NULL,
   1957 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE))
   1958 		return -1;
   1959 
   1960 	memset(rpauth, 0, sizeof(struct rpcap_auth));
   1961 
   1962 	rpauth->type = htons(auth_type);
   1963 
   1964 	if (auth_type == RPCAP_RMTAUTH_PWD)
   1965 	{
   1966 		if (auth->username)
   1967 			rpauth->slen1 = (uint16)strlen(auth->username);
   1968 		else
   1969 			rpauth->slen1 = 0;
   1970 
   1971 		if (sock_bufferize(auth->username, rpauth->slen1, sendbuf,
   1972 			&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE))
   1973 			return -1;
   1974 
   1975 		if (auth->password)
   1976 			rpauth->slen2 = (uint16)strlen(auth->password);
   1977 		else
   1978 			rpauth->slen2 = 0;
   1979 
   1980 		if (sock_bufferize(auth->password, rpauth->slen2, sendbuf,
   1981 			&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE))
   1982 			return -1;
   1983 
   1984 		rpauth->slen1 = htons(rpauth->slen1);
   1985 		rpauth->slen2 = htons(rpauth->slen2);
   1986 	}
   1987 
   1988 	if (sock_send(sock, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) < 0)
   1989 		return -1;
   1990 
   1991 	/* Receive the reply */
   1992 	if (rpcap_recv_msg_header(sock, &header, errbuf) == -1)
   1993 		return -1;
   1994 
   1995 	if (rpcap_check_msg_type(sock, RPCAP_MSG_AUTH_REQ, &header,
   1996 	    &errcode, errbuf) == -1)
   1997 	{
   1998 		/* Error message - or something else, which is a protocol error. */
   1999 		if (header.type == RPCAP_MSG_ERROR &&
   2000 		    errcode == PCAP_ERR_WRONGVER)
   2001 		{
   2002 			/*
   2003 			 * The server didn't support the version we sent,
   2004 			 * and replied with the maximum version it supports
   2005 			 * if our version was too big or with the version
   2006 			 * we sent if out version was too small.
   2007 			 *
   2008 			 * Do we also support it?
   2009 			 */
   2010 			if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
   2011 			{
   2012 				/*
   2013 				 * No, so there's no version we both support.
   2014 				 * This is an unrecoverable error.
   2015 				 */
   2016 				pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "The server doesn't support any protocol version that we support");
   2017 				return -1;
   2018 			}
   2019 
   2020 			/*
   2021 			 * OK, use that version, and tell our caller to
   2022 			 * try again.
   2023 			 */
   2024 			*ver = header.ver;
   2025 			return -2;
   2026 		}
   2027 
   2028 		/*
   2029 		 * Other error - unrecoverable.
   2030 		 */
   2031 		return -1;
   2032 	}
   2033 
   2034 	/*
   2035 	 * OK, it's an authentication reply, so they're OK with the
   2036 	 * protocol version we sent.
   2037 	 *
   2038 	 * Discard the rest of it.
   2039 	 */
   2040 	if (rpcap_discard(sock, header.plen, errbuf) == -1)
   2041 		return -1;
   2042 
   2043 	return 0;
   2044 }
   2045 
   2046 /* We don't currently support non-blocking mode. */
   2047 static int
   2048 pcap_getnonblock_rpcap(pcap_t *p)
   2049 {
   2050 	pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
   2051 	    "Non-blocking mode isn't supported for capturing remotely with rpcap");
   2052 	return (-1);
   2053 }
   2054 
   2055 static int
   2056 pcap_setnonblock_rpcap(pcap_t *p, int nonblock _U_)
   2057 {
   2058 	pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
   2059 	    "Non-blocking mode isn't supported for capturing remotely with rpcap");
   2060 	return (-1);
   2061 }
   2062 
   2063 /*
   2064  * This function opens a remote adapter by opening an RPCAP connection and
   2065  * so on.
   2066  *
   2067  * It does the job of pcap_open_live() for a remote interface; it's called
   2068  * by pcap_open() for remote interfaces.
   2069  *
   2070  * We do not start the capture until pcap_startcapture_remote() is called.
   2071  *
   2072  * This is because, when doing a remote capture, we cannot start capturing
   2073  * data as soon as the 'open adapter' command is sent. Suppose the remote
   2074  * adapter is already overloaded; if we start a capture (which, by default,
   2075  * has a NULL filter) the new traffic can saturate the network.
   2076  *
   2077  * Instead, we want to "open" the adapter, then send a "start capture"
   2078  * command only when we're ready to start the capture.
   2079  * This function does this job: it sends an "open adapter" command
   2080  * (according to the RPCAP protocol), but it does not start the capture.
   2081  *
   2082  * Since the other libpcap functions do not share this way of life, we
   2083  * have to do some dirty things in order to make everything work.
   2084  *
   2085  * \param source: see pcap_open().
   2086  * \param snaplen: see pcap_open().
   2087  * \param flags: see pcap_open().
   2088  * \param read_timeout: see pcap_open().
   2089  * \param auth: see pcap_open().
   2090  * \param errbuf: see pcap_open().
   2091  *
   2092  * \return a pcap_t pointer in case of success, NULL otherwise. In case of
   2093  * success, the pcap_t pointer can be used as a parameter to the following
   2094  * calls (pcap_compile() and so on). In case of problems, errbuf contains
   2095  * a text explanation of error.
   2096  *
   2097  * WARNING: In case we call pcap_compile() and the capture has not yet
   2098  * been started, the filter will be saved into the pcap_t structure,
   2099  * and it will be sent to the other host later (when
   2100  * pcap_startcapture_remote() is called).
   2101  */
   2102 pcap_t *pcap_open_rpcap(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf)
   2103 {
   2104 	pcap_t *fp;
   2105 	char *source_str;
   2106 	struct pcap_rpcap *pr;		/* structure used when doing a remote live capture */
   2107 	char host[PCAP_BUF_SIZE], ctrlport[PCAP_BUF_SIZE], iface[PCAP_BUF_SIZE];
   2108 	struct activehosts *activeconn;		/* active connection, if there is one */
   2109 	int error;				/* '1' if rpcap_remoteact_getsock returned an error */
   2110 	SOCKET sockctrl;
   2111 	uint8 protocol_version;			/* negotiated protocol version */
   2112 	int active;
   2113 	uint32 plen;
   2114 	char sendbuf[RPCAP_NETBUF_SIZE];	/* temporary buffer in which data to be sent is buffered */
   2115 	int sendbufidx = 0;			/* index which keeps the number of bytes currently buffered */
   2116 	int retval;				/* store the return value of the functions */
   2117 
   2118 	/* RPCAP-related variables */
   2119 	struct rpcap_header header;		/* header of the RPCAP packet */
   2120 	struct rpcap_openreply openreply;	/* open reply message */
   2121 
   2122 	fp = pcap_create_common(errbuf, sizeof (struct pcap_rpcap));
   2123 	if (fp == NULL)
   2124 	{
   2125 		return NULL;
   2126 	}
   2127 	source_str = strdup(source);
   2128 	if (source_str == NULL) {
   2129 		pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
   2130 		    errno, "malloc");
   2131 		return NULL;
   2132 	}
   2133 
   2134 	/*
   2135 	 * Turn a negative snapshot value (invalid), a snapshot value of
   2136 	 * 0 (unspecified), or a value bigger than the normal maximum
   2137 	 * value, into the maximum allowed value.
   2138 	 *
   2139 	 * If some application really *needs* a bigger snapshot
   2140 	 * length, we should just increase MAXIMUM_SNAPLEN.
   2141 	 *
   2142 	 * XXX - should we leave this up to the remote server to
   2143 	 * do?
   2144 	 */
   2145 	if (snaplen <= 0 || snaplen > MAXIMUM_SNAPLEN)
   2146 		snaplen = MAXIMUM_SNAPLEN;
   2147 
   2148 	fp->opt.device = source_str;
   2149 	fp->snapshot = snaplen;
   2150 	fp->opt.timeout = read_timeout;
   2151 	pr = fp->priv;
   2152 	pr->rmt_flags = flags;
   2153 
   2154 	/*
   2155 	 * determine the type of the source (NULL, file, local, remote)
   2156 	 * You must have a valid source string even if we're in active mode, because otherwise
   2157 	 * the call to the following function will fail.
   2158 	 */
   2159 	if (pcap_parsesrcstr(fp->opt.device, &retval, host, ctrlport, iface, errbuf) == -1)
   2160 	{
   2161 		pcap_close(fp);
   2162 		return NULL;
   2163 	}
   2164 
   2165 	if (retval != PCAP_SRC_IFREMOTE)
   2166 	{
   2167 		pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "This function is able to open only remote interfaces");
   2168 		pcap_close(fp);
   2169 		return NULL;
   2170 	}
   2171 
   2172 	/*
   2173 	 * Warning: this call can be the first one called by the user.
   2174 	 * For this reason, we have to initialize the WinSock support.
   2175 	 */
   2176 	if (sock_init(errbuf, PCAP_ERRBUF_SIZE) == -1)
   2177 	{
   2178 		pcap_close(fp);
   2179 		return NULL;
   2180 	}
   2181 
   2182 	/* Check for active mode */
   2183 	activeconn = rpcap_remoteact_getsock(host, &error, errbuf);
   2184 	if (activeconn != NULL)
   2185 	{
   2186 		sockctrl = activeconn->sockctrl;
   2187 		protocol_version = activeconn->protocol_version;
   2188 		active = 1;
   2189 	}
   2190 	else
   2191 	{
   2192 		struct addrinfo hints;			/* temp, needed to open a socket connection */
   2193 		struct addrinfo *addrinfo;		/* temp, needed to open a socket connection */
   2194 
   2195 		if (error)
   2196 		{
   2197 			/*
   2198 			 * Call failed.
   2199 			 */
   2200 			pcap_close(fp);
   2201 			return NULL;
   2202 		}
   2203 
   2204 		/*
   2205 		 * We're not in active mode; let's try to open a new
   2206 		 * control connection.
   2207 		 */
   2208 		memset(&hints, 0, sizeof(struct addrinfo));
   2209 		hints.ai_family = PF_UNSPEC;
   2210 		hints.ai_socktype = SOCK_STREAM;
   2211 
   2212 		if (ctrlport[0] == 0)
   2213 		{
   2214 			/* the user chose not to specify the port */
   2215 			if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
   2216 			{
   2217 				pcap_close(fp);
   2218 				return NULL;
   2219 			}
   2220 		}
   2221 		else
   2222 		{
   2223 			if (sock_initaddress(host, ctrlport, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
   2224 			{
   2225 				pcap_close(fp);
   2226 				return NULL;
   2227 			}
   2228 		}
   2229 
   2230 		if ((sockctrl = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
   2231 		{
   2232 			freeaddrinfo(addrinfo);
   2233 			pcap_close(fp);
   2234 			return NULL;
   2235 		}
   2236 
   2237 		/* addrinfo is no longer used */
   2238 		freeaddrinfo(addrinfo);
   2239 
   2240 		if (rpcap_doauth(sockctrl, &protocol_version, auth, errbuf) == -1)
   2241 		{
   2242 			sock_close(sockctrl, NULL, 0);
   2243 			pcap_close(fp);
   2244 			return NULL;
   2245 		}
   2246 		active = 0;
   2247 	}
   2248 
   2249 	/*
   2250 	 * Now it's time to start playing with the RPCAP protocol
   2251 	 * RPCAP open command: create the request message
   2252 	 */
   2253 	if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
   2254 		&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE))
   2255 		goto error_nodiscard;
   2256 
   2257 	rpcap_createhdr((struct rpcap_header *) sendbuf, protocol_version,
   2258 	    RPCAP_MSG_OPEN_REQ, 0, (uint32) strlen(iface));
   2259 
   2260 	if (sock_bufferize(iface, (int) strlen(iface), sendbuf, &sendbufidx,
   2261 		RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errbuf, PCAP_ERRBUF_SIZE))
   2262 		goto error_nodiscard;
   2263 
   2264 	if (sock_send(sockctrl, sendbuf, sendbufidx, errbuf,
   2265 	    PCAP_ERRBUF_SIZE) < 0)
   2266 		goto error_nodiscard;
   2267 
   2268 	/* Receive and process the reply message header. */
   2269 	if (rpcap_process_msg_header(sockctrl, protocol_version,
   2270 	    RPCAP_MSG_OPEN_REQ, &header, errbuf) == -1)
   2271 		goto error_nodiscard;
   2272 	plen = header.plen;
   2273 
   2274 	/* Read the reply body */
   2275 	if (rpcap_recv(sockctrl, (char *)&openreply,
   2276 	    sizeof(struct rpcap_openreply), &plen, errbuf) == -1)
   2277 		goto error;
   2278 
   2279 	/* Discard the rest of the message, if there is any. */
   2280 	if (rpcap_discard(pr->rmt_sockctrl, plen, errbuf) == -1)
   2281 		goto error_nodiscard;
   2282 
   2283 	/* Set proper fields into the pcap_t struct */
   2284 	fp->linktype = ntohl(openreply.linktype);
   2285 	fp->tzoff = ntohl(openreply.tzoff);
   2286 	pr->rmt_sockctrl = sockctrl;
   2287 	pr->protocol_version = protocol_version;
   2288 	pr->rmt_clientside = 1;
   2289 
   2290 	/* This code is duplicated from the end of this function */
   2291 	fp->read_op = pcap_read_rpcap;
   2292 	fp->save_current_filter_op = pcap_save_current_filter_rpcap;
   2293 	fp->setfilter_op = pcap_setfilter_rpcap;
   2294 	fp->getnonblock_op = pcap_getnonblock_rpcap;
   2295 	fp->setnonblock_op = pcap_setnonblock_rpcap;
   2296 	fp->stats_op = pcap_stats_rpcap;
   2297 #ifdef _WIN32
   2298 	fp->stats_ex_op = pcap_stats_ex_rpcap;
   2299 #endif
   2300 	fp->cleanup_op = pcap_cleanup_rpcap;
   2301 
   2302 	fp->activated = 1;
   2303 	return fp;
   2304 
   2305 error:
   2306 	/*
   2307 	 * When the connection has been established, we have to close it. So, at the
   2308 	 * beginning of this function, if an error occur we return immediately with
   2309 	 * a return NULL; when the connection is established, we have to come here
   2310 	 * ('goto error;') in order to close everything properly.
   2311 	 */
   2312 
   2313 	/*
   2314 	 * Discard the rest of the message.
   2315 	 * We already reported an error; if this gets an error, just
   2316 	 * drive on.
   2317 	 */
   2318 	(void)rpcap_discard(pr->rmt_sockctrl, plen, NULL);
   2319 
   2320 error_nodiscard:
   2321 	if (!active)
   2322 		sock_close(sockctrl, NULL, 0);
   2323 
   2324 	pcap_close(fp);
   2325 	return NULL;
   2326 }
   2327 
   2328 /* String identifier to be used in the pcap_findalldevs_ex() */
   2329 #define PCAP_TEXT_SOURCE_ADAPTER "Network adapter"
   2330 /* String identifier to be used in the pcap_findalldevs_ex() */
   2331 #define PCAP_TEXT_SOURCE_ON_REMOTE_HOST "on remote node"
   2332 
   2333 static void
   2334 freeaddr(struct pcap_addr *addr)
   2335 {
   2336 	free(addr->addr);
   2337 	free(addr->netmask);
   2338 	free(addr->broadaddr);
   2339 	free(addr->dstaddr);
   2340 	free(addr);
   2341 }
   2342 
   2343 int
   2344 pcap_findalldevs_ex_remote(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf)
   2345 {
   2346 	struct activehosts *activeconn;	/* active connection, if there is one */
   2347 	int error;			/* '1' if rpcap_remoteact_getsock returned an error */
   2348 	uint8 protocol_version;		/* protocol version */
   2349 	SOCKET sockctrl;		/* socket descriptor of the control connection */
   2350 	uint32 plen;
   2351 	struct rpcap_header header;	/* structure that keeps the general header of the rpcap protocol */
   2352 	int i, j;		/* temp variables */
   2353 	int nif;		/* Number of interfaces listed */
   2354 	int active;			/* 'true' if we the other end-party is in active mode */
   2355 	int type;
   2356 	char host[PCAP_BUF_SIZE], port[PCAP_BUF_SIZE];
   2357 	char tmpstring[PCAP_BUF_SIZE + 1];		/* Needed to convert names and descriptions from 'old' syntax to the 'new' one */
   2358 	pcap_if_t *lastdev;	/* Last device in the pcap_if_t list */
   2359 	pcap_if_t *dev;		/* Device we're adding to the pcap_if_t list */
   2360 
   2361 	/* List starts out empty. */
   2362 	(*alldevs) = NULL;
   2363 	lastdev = NULL;
   2364 
   2365 	/* Retrieve the needed data for getting adapter list */
   2366 	if (pcap_parsesrcstr(source, &type, host, port, NULL, errbuf) == -1)
   2367 		return -1;
   2368 
   2369 	/* Warning: this call can be the first one called by the user. */
   2370 	/* For this reason, we have to initialize the WinSock support. */
   2371 	if (sock_init(errbuf, PCAP_ERRBUF_SIZE) == -1)
   2372 		return -1;
   2373 
   2374 	/* Check for active mode */
   2375 	activeconn = rpcap_remoteact_getsock(host, &error, errbuf);
   2376 	if (activeconn != NULL)
   2377 	{
   2378 		sockctrl = activeconn->sockctrl;
   2379 		protocol_version = activeconn->protocol_version;
   2380 		active = 1;
   2381 	}
   2382 	else
   2383 	{
   2384 		struct addrinfo hints;		/* temp variable needed to resolve hostnames into to socket representation */
   2385 		struct addrinfo *addrinfo;	/* temp variable needed to resolve hostnames into to socket representation */
   2386 
   2387 		if (error)
   2388 		{
   2389 			/*
   2390 			 * Call failed.
   2391 			 */
   2392 			return -1;
   2393 		}
   2394 
   2395 		/*
   2396 		 * We're not in active mode; let's try to open a new
   2397 		 * control connection.
   2398 		 */
   2399 		memset(&hints, 0, sizeof(struct addrinfo));
   2400 		hints.ai_family = PF_UNSPEC;
   2401 		hints.ai_socktype = SOCK_STREAM;
   2402 
   2403 		if (port[0] == 0)
   2404 		{
   2405 			/* the user chose not to specify the port */
   2406 			if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
   2407 				return -1;
   2408 		}
   2409 		else
   2410 		{
   2411 			if (sock_initaddress(host, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
   2412 				return -1;
   2413 		}
   2414 
   2415 		if ((sockctrl = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
   2416 		{
   2417 			freeaddrinfo(addrinfo);
   2418 			return -1;
   2419 		}
   2420 
   2421 		/* addrinfo is no longer used */
   2422 		freeaddrinfo(addrinfo);
   2423 		addrinfo = NULL;
   2424 
   2425 		if (rpcap_doauth(sockctrl, &protocol_version, auth, errbuf) == -1)
   2426 		{
   2427 			sock_close(sockctrl, NULL, 0);
   2428 			return -1;
   2429 		}
   2430 		active = 0;
   2431 	}
   2432 
   2433 	/* RPCAP findalldevs command */
   2434 	rpcap_createhdr(&header, protocol_version, RPCAP_MSG_FINDALLIF_REQ,
   2435 	    0, 0);
   2436 
   2437 	if (sock_send(sockctrl, (char *)&header, sizeof(struct rpcap_header),
   2438 	    errbuf, PCAP_ERRBUF_SIZE) < 0)
   2439 		goto error_nodiscard;
   2440 
   2441 	/* Receive and process the reply message header. */
   2442 	if (rpcap_process_msg_header(sockctrl, protocol_version,
   2443 	    RPCAP_MSG_FINDALLIF_REQ, &header, errbuf) == -1)
   2444 		goto error_nodiscard;
   2445 
   2446 	plen = header.plen;
   2447 
   2448 	/* read the number of interfaces */
   2449 	nif = ntohs(header.value);
   2450 
   2451 	/* loop until all interfaces have been received */
   2452 	for (i = 0; i < nif; i++)
   2453 	{
   2454 		struct rpcap_findalldevs_if findalldevs_if;
   2455 		char tmpstring2[PCAP_BUF_SIZE + 1];		/* Needed to convert names and descriptions from 'old' syntax to the 'new' one */
   2456 		size_t stringlen;
   2457 		struct pcap_addr *addr, *prevaddr;
   2458 
   2459 		tmpstring2[PCAP_BUF_SIZE] = 0;
   2460 
   2461 		/* receive the findalldevs structure from remote host */
   2462 		if (rpcap_recv(sockctrl, (char *)&findalldevs_if,
   2463 		    sizeof(struct rpcap_findalldevs_if), &plen, errbuf) == -1)
   2464 			goto error;
   2465 
   2466 		findalldevs_if.namelen = ntohs(findalldevs_if.namelen);
   2467 		findalldevs_if.desclen = ntohs(findalldevs_if.desclen);
   2468 		findalldevs_if.naddr = ntohs(findalldevs_if.naddr);
   2469 
   2470 		/* allocate the main structure */
   2471 		dev = (pcap_if_t *)malloc(sizeof(pcap_if_t));
   2472 		if (dev == NULL)
   2473 		{
   2474 			pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
   2475 			    errno, "malloc() failed");
   2476 			goto error;
   2477 		}
   2478 
   2479 		/* Initialize the structure to 'zero' */
   2480 		memset(dev, 0, sizeof(pcap_if_t));
   2481 
   2482 		/* Append it to the list. */
   2483 		if (lastdev == NULL)
   2484 		{
   2485 			/*
   2486 			 * List is empty, so it's also the first device.
   2487 			 */
   2488 			*alldevs = dev;
   2489 		}
   2490 		else
   2491 		{
   2492 			/*
   2493 			 * Append after the last device.
   2494 			 */
   2495 			lastdev->next = dev;
   2496 		}
   2497 		/* It's now the last device. */
   2498 		lastdev = dev;
   2499 
   2500 		/* allocate mem for name and description */
   2501 		if (findalldevs_if.namelen)
   2502 		{
   2503 
   2504 			if (findalldevs_if.namelen >= sizeof(tmpstring))
   2505 			{
   2506 				pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Interface name too long");
   2507 				goto error;
   2508 			}
   2509 
   2510 			/* Retrieve adapter name */
   2511 			if (rpcap_recv(sockctrl, tmpstring,
   2512 			    findalldevs_if.namelen, &plen, errbuf) == -1)
   2513 				goto error;
   2514 
   2515 			tmpstring[findalldevs_if.namelen] = 0;
   2516 
   2517 			/* Create the new device identifier */
   2518 			if (pcap_createsrcstr(tmpstring2, PCAP_SRC_IFREMOTE, host, port, tmpstring, errbuf) == -1)
   2519 				return -1;
   2520 
   2521 			stringlen = strlen(tmpstring2);
   2522 
   2523 			dev->name = (char *)malloc(stringlen + 1);
   2524 			if (dev->name == NULL)
   2525 			{
   2526 				pcap_fmt_errmsg_for_errno(errbuf,
   2527 				    PCAP_ERRBUF_SIZE, errno, "malloc() failed");
   2528 				goto error;
   2529 			}
   2530 
   2531 			/* Copy the new device name into the correct memory location */
   2532 			strlcpy(dev->name, tmpstring2, stringlen + 1);
   2533 		}
   2534 
   2535 		if (findalldevs_if.desclen)
   2536 		{
   2537 			if (findalldevs_if.desclen >= sizeof(tmpstring))
   2538 			{
   2539 				pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Interface description too long");
   2540 				goto error;
   2541 			}
   2542 
   2543 			/* Retrieve adapter description */
   2544 			if (rpcap_recv(sockctrl, tmpstring,
   2545 			    findalldevs_if.desclen, &plen, errbuf) == -1)
   2546 				goto error;
   2547 
   2548 			tmpstring[findalldevs_if.desclen] = 0;
   2549 
   2550 			pcap_snprintf(tmpstring2, sizeof(tmpstring2) - 1, "%s '%s' %s %s", PCAP_TEXT_SOURCE_ADAPTER,
   2551 				tmpstring, PCAP_TEXT_SOURCE_ON_REMOTE_HOST, host);
   2552 
   2553 			stringlen = strlen(tmpstring2);
   2554 
   2555 			dev->description = (char *)malloc(stringlen + 1);
   2556 
   2557 			if (dev->description == NULL)
   2558 			{
   2559 				pcap_fmt_errmsg_for_errno(errbuf,
   2560 				    PCAP_ERRBUF_SIZE, errno, "malloc() failed");
   2561 				goto error;
   2562 			}
   2563 
   2564 			/* Copy the new device description into the correct memory location */
   2565 			strlcpy(dev->description, tmpstring2, stringlen + 1);
   2566 		}
   2567 
   2568 		dev->flags = ntohl(findalldevs_if.flags);
   2569 
   2570 		prevaddr = NULL;
   2571 		/* loop until all addresses have been received */
   2572 		for (j = 0; j < findalldevs_if.naddr; j++)
   2573 		{
   2574 			struct rpcap_findalldevs_ifaddr ifaddr;
   2575 
   2576 			/* Retrieve the interface addresses */
   2577 			if (rpcap_recv(sockctrl, (char *)&ifaddr,
   2578 			    sizeof(struct rpcap_findalldevs_ifaddr),
   2579 			    &plen, errbuf) == -1)
   2580 				goto error;
   2581 
   2582 			/*
   2583 			 * Deserialize all the address components.
   2584 			 */
   2585 			addr = (struct pcap_addr *) malloc(sizeof(struct pcap_addr));
   2586 			if (addr == NULL)
   2587 			{
   2588 				pcap_fmt_errmsg_for_errno(errbuf,
   2589 				    PCAP_ERRBUF_SIZE, errno, "malloc() failed");
   2590 				goto error;
   2591 			}
   2592 			addr->next = NULL;
   2593 			addr->addr = NULL;
   2594 			addr->netmask = NULL;
   2595 			addr->broadaddr = NULL;
   2596 			addr->dstaddr = NULL;
   2597 
   2598 			if (rpcap_deseraddr(&ifaddr.addr,
   2599 				(struct sockaddr_storage **) &addr->addr, errbuf) == -1)
   2600 			{
   2601 				freeaddr(addr);
   2602 				goto error;
   2603 			}
   2604 			if (rpcap_deseraddr(&ifaddr.netmask,
   2605 				(struct sockaddr_storage **) &addr->netmask, errbuf) == -1)
   2606 			{
   2607 				freeaddr(addr);
   2608 				goto error;
   2609 			}
   2610 			if (rpcap_deseraddr(&ifaddr.broadaddr,
   2611 				(struct sockaddr_storage **) &addr->broadaddr, errbuf) == -1)
   2612 			{
   2613 				freeaddr(addr);
   2614 				goto error;
   2615 			}
   2616 			if (rpcap_deseraddr(&ifaddr.dstaddr,
   2617 				(struct sockaddr_storage **) &addr->dstaddr, errbuf) == -1)
   2618 			{
   2619 				freeaddr(addr);
   2620 				goto error;
   2621 			}
   2622 
   2623 			if ((addr->addr == NULL) && (addr->netmask == NULL) &&
   2624 				(addr->broadaddr == NULL) && (addr->dstaddr == NULL))
   2625 			{
   2626 				/*
   2627 				 * None of the addresses are IPv4 or IPv6
   2628 				 * addresses, so throw this entry away.
   2629 				 */
   2630 				free(addr);
   2631 			}
   2632 			else
   2633 			{
   2634 				/*
   2635 				 * Add this entry to the list.
   2636 				 */
   2637 				if (prevaddr == NULL)
   2638 				{
   2639 					dev->addresses = addr;
   2640 				}
   2641 				else
   2642 				{
   2643 					prevaddr->next = addr;
   2644 				}
   2645 				prevaddr = addr;
   2646 			}
   2647 		}
   2648 	}
   2649 
   2650 	/* Discard the rest of the message. */
   2651 	if (rpcap_discard(sockctrl, plen, errbuf) == 1)
   2652 		goto error_nodiscard;
   2653 
   2654 	/* Control connection has to be closed only in case the remote machine is in passive mode */
   2655 	if (!active)
   2656 	{
   2657 		/* DO not send RPCAP_CLOSE, since we did not open a pcap_t; no need to free resources */
   2658 		if (sock_close(sockctrl, errbuf, PCAP_ERRBUF_SIZE))
   2659 			return -1;
   2660 	}
   2661 
   2662 	/* To avoid inconsistencies in the number of sock_init() */
   2663 	sock_cleanup();
   2664 
   2665 	return 0;
   2666 
   2667 error:
   2668 	/*
   2669 	 * In case there has been an error, I don't want to overwrite it with a new one
   2670 	 * if the following call fails. I want to return always the original error.
   2671 	 *
   2672 	 * Take care: this connection can already be closed when we try to close it.
   2673 	 * This happens because a previous error in the rpcapd, which requested to
   2674 	 * closed the connection. In that case, we already recognized that into the
   2675 	 * rpspck_isheaderok() and we already acknowledged the closing.
   2676 	 * In that sense, this call is useless here (however it is needed in case
   2677 	 * the client generates the error).
   2678 	 *
   2679 	 * Checks if all the data has been read; if not, discard the data in excess
   2680 	 */
   2681 	(void) rpcap_discard(sockctrl, plen, NULL);
   2682 
   2683 error_nodiscard:
   2684 	/* Control connection has to be closed only in case the remote machine is in passive mode */
   2685 	if (!active)
   2686 		sock_close(sockctrl, NULL, 0);
   2687 
   2688 	/* To avoid inconsistencies in the number of sock_init() */
   2689 	sock_cleanup();
   2690 
   2691 	/* Free whatever interfaces we've allocated. */
   2692 	pcap_freealldevs(*alldevs);
   2693 
   2694 	return -1;
   2695 }
   2696 
   2697 /*
   2698  * Active mode routines.
   2699  *
   2700  * The old libpcap API is somewhat ugly, and makes active mode difficult
   2701  * to implement; we provide some APIs for it that work only with rpcap.
   2702  */
   2703 
   2704 SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf)
   2705 {
   2706 	/* socket-related variables */
   2707 	struct addrinfo hints;			/* temporary struct to keep settings needed to open the new socket */
   2708 	struct addrinfo *addrinfo;		/* keeps the addrinfo chain; required to open a new socket */
   2709 	struct sockaddr_storage from;	/* generic sockaddr_storage variable */
   2710 	socklen_t fromlen;				/* keeps the length of the sockaddr_storage variable */
   2711 	SOCKET sockctrl;				/* keeps the main socket identifier */
   2712 	uint8 protocol_version;			/* negotiated protocol version */
   2713 	struct activehosts *temp, *prev;	/* temp var needed to scan he host list chain */
   2714 
   2715 	*connectinghost = 0;		/* just in case */
   2716 
   2717 	/* Prepare to open a new server socket */
   2718 	memset(&hints, 0, sizeof(struct addrinfo));
   2719 	/* WARNING Currently it supports only ONE socket family among ipv4 and IPv6  */
   2720 	hints.ai_family = AF_INET;		/* PF_UNSPEC to have both IPv4 and IPv6 server */
   2721 	hints.ai_flags = AI_PASSIVE;	/* Ready to a bind() socket */
   2722 	hints.ai_socktype = SOCK_STREAM;
   2723 
   2724 	/* Warning: this call can be the first one called by the user. */
   2725 	/* For this reason, we have to initialize the WinSock support. */
   2726 	if (sock_init(errbuf, PCAP_ERRBUF_SIZE) == -1)
   2727 		return (SOCKET)-1;
   2728 
   2729 	/* Do the work */
   2730 	if ((port == NULL) || (port[0] == 0))
   2731 	{
   2732 		if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
   2733 		{
   2734 			SOCK_DEBUG_MESSAGE(errbuf);
   2735 			return (SOCKET)-2;
   2736 		}
   2737 	}
   2738 	else
   2739 	{
   2740 		if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
   2741 		{
   2742 			SOCK_DEBUG_MESSAGE(errbuf);
   2743 			return (SOCKET)-2;
   2744 		}
   2745 	}
   2746 
   2747 
   2748 	if ((sockmain = sock_open(addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
   2749 	{
   2750 		SOCK_DEBUG_MESSAGE(errbuf);
   2751 		freeaddrinfo(addrinfo);
   2752 		return (SOCKET)-2;
   2753 	}
   2754 	freeaddrinfo(addrinfo);
   2755 
   2756 	/* Connection creation */
   2757 	fromlen = sizeof(struct sockaddr_storage);
   2758 
   2759 	sockctrl = accept(sockmain, (struct sockaddr *) &from, &fromlen);
   2760 
   2761 	/* We're not using sock_close, since we do not want to send a shutdown */
   2762 	/* (which is not allowed on a non-connected socket) */
   2763 	closesocket(sockmain);
   2764 	sockmain = 0;
   2765 
   2766 	if (sockctrl == INVALID_SOCKET)
   2767 	{
   2768 		sock_geterror("accept(): ", errbuf, PCAP_ERRBUF_SIZE);
   2769 		return (SOCKET)-2;
   2770 	}
   2771 
   2772 	/* Get the numeric for of the name of the connecting host */
   2773 	if (getnameinfo((struct sockaddr *) &from, fromlen, connectinghost, RPCAP_HOSTLIST_SIZE, NULL, 0, NI_NUMERICHOST))
   2774 	{
   2775 		sock_geterror("getnameinfo(): ", errbuf, PCAP_ERRBUF_SIZE);
   2776 		rpcap_senderror(sockctrl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
   2777 		sock_close(sockctrl, NULL, 0);
   2778 		return (SOCKET)-1;
   2779 	}
   2780 
   2781 	/* checks if the connecting host is among the ones allowed */
   2782 	if (sock_check_hostlist((char *)hostlist, RPCAP_HOSTLIST_SEP, &from, errbuf, PCAP_ERRBUF_SIZE) < 0)
   2783 	{
   2784 		rpcap_senderror(sockctrl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
   2785 		sock_close(sockctrl, NULL, 0);
   2786 		return (SOCKET)-1;
   2787 	}
   2788 
   2789 	/*
   2790 	 * Send authentication to the remote machine.
   2791 	 */
   2792 	if (rpcap_doauth(sockctrl, &protocol_version, auth, errbuf) == -1)
   2793 	{
   2794 		/* Unrecoverable error. */
   2795 		rpcap_senderror(sockctrl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
   2796 		sock_close(sockctrl, NULL, 0);
   2797 		return (SOCKET)-3;
   2798 	}
   2799 
   2800 	/* Checks that this host does not already have a cntrl connection in place */
   2801 
   2802 	/* Initialize pointers */
   2803 	temp = activeHosts;
   2804 	prev = NULL;
   2805 
   2806 	while (temp)
   2807 	{
   2808 		/* This host already has an active connection in place, so I don't have to update the host list */
   2809 		if (sock_cmpaddr(&temp->host, &from) == 0)
   2810 			return sockctrl;
   2811 
   2812 		prev = temp;
   2813 		temp = temp->next;
   2814 	}
   2815 
   2816 	/* The host does not exist in the list; so I have to update the list */
   2817 	if (prev)
   2818 	{
   2819 		prev->next = (struct activehosts *) malloc(sizeof(struct activehosts));
   2820 		temp = prev->next;
   2821 	}
   2822 	else
   2823 	{
   2824 		activeHosts = (struct activehosts *) malloc(sizeof(struct activehosts));
   2825 		temp = activeHosts;
   2826 	}
   2827 
   2828 	if (temp == NULL)
   2829 	{
   2830 		pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
   2831 		    errno, "malloc() failed");
   2832 		rpcap_senderror(sockctrl, protocol_version, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
   2833 		sock_close(sockctrl, NULL, 0);
   2834 		return (SOCKET)-1;
   2835 	}
   2836 
   2837 	memcpy(&temp->host, &from, fromlen);
   2838 	temp->sockctrl = sockctrl;
   2839 	temp->protocol_version = protocol_version;
   2840 	temp->next = NULL;
   2841 
   2842 	return sockctrl;
   2843 }
   2844 
   2845 int pcap_remoteact_close(const char *host, char *errbuf)
   2846 {
   2847 	struct activehosts *temp, *prev;	/* temp var needed to scan the host list chain */
   2848 	struct addrinfo hints, *addrinfo, *ai_next;	/* temp var needed to translate between hostname to its address */
   2849 	int retval;
   2850 
   2851 	temp = activeHosts;
   2852 	prev = NULL;
   2853 
   2854 	/* retrieve the network address corresponding to 'host' */
   2855 	addrinfo = NULL;
   2856 	memset(&hints, 0, sizeof(struct addrinfo));
   2857 	hints.ai_family = PF_UNSPEC;
   2858 	hints.ai_socktype = SOCK_STREAM;
   2859 
   2860 	retval = getaddrinfo(host, "0", &hints, &addrinfo);
   2861 	if (retval != 0)
   2862 	{
   2863 		pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "getaddrinfo() %s", gai_strerror(retval));
   2864 		return -1;
   2865 	}
   2866 
   2867 	while (temp)
   2868 	{
   2869 		ai_next = addrinfo;
   2870 		while (ai_next)
   2871 		{
   2872 			if (sock_cmpaddr(&temp->host, (struct sockaddr_storage *) ai_next->ai_addr) == 0)
   2873 			{
   2874 				struct rpcap_header header;
   2875 				int status = 0;
   2876 
   2877 				/* Close this connection */
   2878 				rpcap_createhdr(&header, temp->protocol_version,
   2879 				    RPCAP_MSG_CLOSE, 0, 0);
   2880 
   2881 				/*
   2882 				 * Don't check for errors, since we're
   2883 				 * just cleaning up.
   2884 				 */
   2885 				if (sock_send(temp->sockctrl,
   2886 				    (char *)&header,
   2887 				    sizeof(struct rpcap_header), errbuf,
   2888 				    PCAP_ERRBUF_SIZE) < 0)
   2889 				{
   2890 					/*
   2891 					 * Let that error be the one we
   2892 					 * report.
   2893 					 */
   2894 					(void)sock_close(temp->sockctrl, NULL,
   2895 					   0);
   2896 					status = -1;
   2897 				}
   2898 				else
   2899 				{
   2900 					if (sock_close(temp->sockctrl, errbuf,
   2901 					   PCAP_ERRBUF_SIZE) == -1)
   2902 						status = -1;
   2903 				}
   2904 
   2905 				/*
   2906 				 * Remove the host from the list of active
   2907 				 * hosts.
   2908 				 */
   2909 				if (prev)
   2910 					prev->next = temp->next;
   2911 				else
   2912 					activeHosts = temp->next;
   2913 
   2914 				freeaddrinfo(addrinfo);
   2915 
   2916 				free(temp);
   2917 
   2918 				/* To avoid inconsistencies in the number of sock_init() */
   2919 				sock_cleanup();
   2920 
   2921 				return status;
   2922 			}
   2923 
   2924 			ai_next = ai_next->ai_next;
   2925 		}
   2926 		prev = temp;
   2927 		temp = temp->next;
   2928 	}
   2929 
   2930 	if (addrinfo)
   2931 		freeaddrinfo(addrinfo);
   2932 
   2933 	/* To avoid inconsistencies in the number of sock_init() */
   2934 	sock_cleanup();
   2935 
   2936 	pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "The host you want to close the active connection is not known");
   2937 	return -1;
   2938 }
   2939 
   2940 void pcap_remoteact_cleanup(void)
   2941 {
   2942 	/* Very dirty, but it works */
   2943 	if (sockmain)
   2944 	{
   2945 		closesocket(sockmain);
   2946 
   2947 		/* To avoid inconsistencies in the number of sock_init() */
   2948 		sock_cleanup();
   2949 	}
   2950 
   2951 }
   2952 
   2953 int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf)
   2954 {
   2955 	struct activehosts *temp;	/* temp var needed to scan the host list chain */
   2956 	size_t len;
   2957 	char hoststr[RPCAP_HOSTLIST_SIZE + 1];
   2958 
   2959 	temp = activeHosts;
   2960 
   2961 	len = 0;
   2962 	*hostlist = 0;
   2963 
   2964 	while (temp)
   2965 	{
   2966 		/*int sock_getascii_addrport(const struct sockaddr_storage *sockaddr, char *address, int addrlen, char *port, int portlen, int flags, char *errbuf, int errbuflen) */
   2967 
   2968 		/* Get the numeric form of the name of the connecting host */
   2969 		if (sock_getascii_addrport((struct sockaddr_storage *) &temp->host, hoststr,
   2970 			RPCAP_HOSTLIST_SIZE, NULL, 0, NI_NUMERICHOST, errbuf, PCAP_ERRBUF_SIZE) != -1)
   2971 			/*	if (getnameinfo( (struct sockaddr *) &temp->host, sizeof (struct sockaddr_storage), hoststr, */
   2972 			/*		RPCAP_HOSTLIST_SIZE, NULL, 0, NI_NUMERICHOST) ) */
   2973 		{
   2974 			/*	sock_geterror("getnameinfo(): ", errbuf, PCAP_ERRBUF_SIZE); */
   2975 			return -1;
   2976 		}
   2977 
   2978 		len = len + strlen(hoststr) + 1 /* the separator */;
   2979 
   2980 		if ((size < 0) || (len >= (size_t)size))
   2981 		{
   2982 			pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "The string you provided is not able to keep "
   2983 				"the hostnames for all the active connections");
   2984 			return -1;
   2985 		}
   2986 
   2987 		strlcat(hostlist, hoststr, PCAP_ERRBUF_SIZE);
   2988 		hostlist[len - 1] = sep;
   2989 		hostlist[len] = 0;
   2990 
   2991 		temp = temp->next;
   2992 	}
   2993 
   2994 	return 0;
   2995 }
   2996 
   2997 /*
   2998  * Receive the header of a message.
   2999  */
   3000 static int rpcap_recv_msg_header(SOCKET sock, struct rpcap_header *header, char *errbuf)
   3001 {
   3002 	int nrecv;
   3003 
   3004 	nrecv = sock_recv(sock, (char *) header, sizeof(struct rpcap_header),
   3005 	    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
   3006 	    PCAP_ERRBUF_SIZE);
   3007 	if (nrecv == -1)
   3008 	{
   3009 		/* Network error. */
   3010 		return -1;
   3011 	}
   3012 	header->plen = ntohl(header->plen);
   3013 	return 0;
   3014 }
   3015 
   3016 /*
   3017  * Make sure the protocol version of a received message is what we were
   3018  * expecting.
   3019  */
   3020 static int rpcap_check_msg_ver(SOCKET sock, uint8 expected_ver, struct rpcap_header *header, char *errbuf)
   3021 {
   3022 	/*
   3023 	 * Did the server specify the version we negotiated?
   3024 	 */
   3025 	if (header->ver != expected_ver)
   3026 	{
   3027 		/*
   3028 		 * Discard the rest of the message.
   3029 		 */
   3030 		if (rpcap_discard(sock, header->plen, errbuf) == -1)
   3031 			return -1;
   3032 
   3033 		/*
   3034 		 * Tell our caller that it's not the negotiated version.
   3035 		 */
   3036 		if (errbuf != NULL)
   3037 		{
   3038 			pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
   3039 			    "Server sent us a message with version %u when we were expecting %u",
   3040 			    header->ver, expected_ver);
   3041 		}
   3042 		return -1;
   3043 	}
   3044 	return 0;
   3045 }
   3046 
   3047 /*
   3048  * Check the message type of a received message, which should either be
   3049  * the expected message type or RPCAP_MSG_ERROR.
   3050  */
   3051 static int rpcap_check_msg_type(SOCKET sock, uint8 request_type, struct rpcap_header *header, uint16 *errcode, char *errbuf)
   3052 {
   3053 	const char *request_type_string;
   3054 	const char *msg_type_string;
   3055 
   3056 	/*
   3057 	 * What type of message is it?
   3058 	 */
   3059 	if (header->type == RPCAP_MSG_ERROR)
   3060 	{
   3061 		/*
   3062 		 * The server reported an error.
   3063 		 * Hand that error back to our caller.
   3064 		 */
   3065 		*errcode = ntohs(header->value);
   3066 		rpcap_msg_err(sock, header->plen, errbuf);
   3067 		return -1;
   3068 	}
   3069 
   3070 	*errcode = 0;
   3071 
   3072 	/*
   3073 	 * For a given request type value, the expected reply type value
   3074 	 * is the request type value with ORed with RPCAP_MSG_IS_REPLY.
   3075 	 */
   3076 	if (header->type != (request_type | RPCAP_MSG_IS_REPLY))
   3077 	{
   3078 		/*
   3079 		 * This isn't a reply to the request we sent.
   3080 		 */
   3081 
   3082 		/*
   3083 		 * Discard the rest of the message.
   3084 		 */
   3085 		if (rpcap_discard(sock, header->plen, errbuf) == -1)
   3086 			return -1;
   3087 
   3088 		/*
   3089 		 * Tell our caller about it.
   3090 		 */
   3091 		request_type_string = rpcap_msg_type_string(request_type);
   3092 		msg_type_string = rpcap_msg_type_string(header->type);
   3093 		if (errbuf != NULL)
   3094 		{
   3095 			if (request_type_string == NULL)
   3096 			{
   3097 				/* This should not happen. */
   3098 				pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
   3099 				    "rpcap_check_msg_type called for request message with type %u",
   3100 				    request_type);
   3101 				return -1;
   3102 			}
   3103 			if (msg_type_string != NULL)
   3104 				pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
   3105 				    "%s message received in response to a %s message",
   3106 				    msg_type_string, request_type_string);
   3107 			else
   3108 				pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
   3109 				    "Message of unknown type %u message received in response to a %s request",
   3110 				    header->type, request_type_string);
   3111 		}
   3112 		return -1;
   3113 	}
   3114 
   3115 	return 0;
   3116 }
   3117 
   3118 /*
   3119  * Receive and process the header of a message.
   3120  */
   3121 static int rpcap_process_msg_header(SOCKET sock, uint8 expected_ver, uint8 request_type, struct rpcap_header *header, char *errbuf)
   3122 {
   3123 	uint16 errcode;
   3124 
   3125 	if (rpcap_recv_msg_header(sock, header, errbuf) == -1)
   3126 	{
   3127 		/* Network error. */
   3128 		return -1;
   3129 	}
   3130 
   3131 	/*
   3132 	 * Did the server specify the version we negotiated?
   3133 	 */
   3134 	if (rpcap_check_msg_ver(sock, expected_ver, header, errbuf) == -1)
   3135 		return -1;
   3136 
   3137 	/*
   3138 	 * Check the message type.
   3139 	 */
   3140 	return rpcap_check_msg_type(sock, request_type, header,
   3141 	    &errcode, errbuf);
   3142 }
   3143 
   3144 /*
   3145  * Read data from a message.
   3146  * If we're trying to read more data that remains, puts an error
   3147  * message into errmsgbuf and returns -2.  Otherwise, tries to read
   3148  * the data and, if that succeeds, subtracts the amount read from
   3149  * the number of bytes of data that remains.
   3150  * Returns 0 on success, logs a message and returns -1 on a network
   3151  * error.
   3152  */
   3153 static int rpcap_recv(SOCKET sock, void *buffer, size_t toread, uint32 *plen, char *errbuf)
   3154 {
   3155 	int nread;
   3156 
   3157 	if (toread > *plen)
   3158 	{
   3159 		/* The server sent us a bad message */
   3160 		pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
   3161 		return -1;
   3162 	}
   3163 	nread = sock_recv(sock, buffer, toread,
   3164 	    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf, PCAP_ERRBUF_SIZE);
   3165 	if (nread == -1)
   3166 	{
   3167 		return -1;
   3168 	}
   3169 	*plen -= nread;
   3170 	return 0;
   3171 }
   3172 
   3173 /*
   3174  * This handles the RPCAP_MSG_ERROR message.
   3175  */
   3176 static void rpcap_msg_err(SOCKET sockctrl, uint32 plen, char *remote_errbuf)
   3177 {
   3178 	char errbuf[PCAP_ERRBUF_SIZE];
   3179 
   3180 	if (plen >= PCAP_ERRBUF_SIZE)
   3181 	{
   3182 		/*
   3183 		 * Message is too long; just read as much of it as we
   3184 		 * can into the buffer provided, and discard the rest.
   3185 		 */
   3186 		if (sock_recv(sockctrl, remote_errbuf, PCAP_ERRBUF_SIZE - 1,
   3187 		    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
   3188 		    PCAP_ERRBUF_SIZE) == -1)
   3189 		{
   3190 			// Network error.
   3191 			pcap_snprintf(remote_errbuf, PCAP_ERRBUF_SIZE, "Read of error message from client failed: %s", errbuf);
   3192 			return;
   3193 		}
   3194 
   3195 		/*
   3196 		 * Null-terminate it.
   3197 		 */
   3198 		remote_errbuf[PCAP_ERRBUF_SIZE - 1] = '\0';
   3199 
   3200 		/*
   3201 		 * Throw away the rest.
   3202 		 */
   3203 		(void)rpcap_discard(sockctrl, plen - (PCAP_ERRBUF_SIZE - 1), remote_errbuf);
   3204 	}
   3205 	else if (plen == 0)
   3206 	{
   3207 		/* Empty error string. */
   3208 		remote_errbuf[0] = '\0';
   3209 	}
   3210 	else
   3211 	{
   3212 		if (sock_recv(sockctrl, remote_errbuf, plen,
   3213 		    SOCK_RECEIVEALL_YES|SOCK_EOF_IS_ERROR, errbuf,
   3214 		    PCAP_ERRBUF_SIZE) == -1)
   3215 		{
   3216 			// Network error.
   3217 			pcap_snprintf(remote_errbuf, PCAP_ERRBUF_SIZE, "Read of error message from client failed: %s", errbuf);
   3218 			return;
   3219 		}
   3220 
   3221 		/*
   3222 		 * Null-terminate it.
   3223 		 */
   3224 		remote_errbuf[plen] = '\0';
   3225 	}
   3226 }
   3227 
   3228 /*
   3229  * Discard data from a connection.
   3230  * Mostly used to discard wrong-sized messages.
   3231  * Returns 0 on success, logs a message and returns -1 on a network
   3232  * error.
   3233  */
   3234 static int rpcap_discard(SOCKET sock, uint32 len, char *errbuf)
   3235 {
   3236 	if (len != 0)
   3237 	{
   3238 		if (sock_discard(sock, len, errbuf, PCAP_ERRBUF_SIZE) == -1)
   3239 		{
   3240 			// Network error.
   3241 			return -1;
   3242 		}
   3243 	}
   3244 	return 0;
   3245 }
   3246 
   3247 /*
   3248  * Read bytes into the pcap_t's buffer until we have the specified
   3249  * number of bytes read or we get an error or interrupt indication.
   3250  */
   3251 static int rpcap_read_packet_msg(SOCKET sock, pcap_t *p, size_t size)
   3252 {
   3253 	u_char *bp;
   3254 	int cc;
   3255 	int bytes_read;
   3256 
   3257 	bp = p->bp;
   3258 	cc = p->cc;
   3259 
   3260 	/*
   3261 	 * Loop until we have the amount of data requested or we get
   3262 	 * an error or interrupt.
   3263 	 */
   3264 	while ((size_t)cc < size)
   3265 	{
   3266 		/*
   3267 		 * We haven't read all of the packet header yet.
   3268 		 * Read what remains, which could be all of it.
   3269 		 */
   3270 		bytes_read = sock_recv(sock, bp, size - cc,
   3271 		    SOCK_RECEIVEALL_NO|SOCK_EOF_IS_ERROR, p->errbuf,
   3272 		    PCAP_ERRBUF_SIZE);
   3273 		if (bytes_read == -1)
   3274 		{
   3275 			/*
   3276 			 * Network error.  Update the read pointer and
   3277 			 * byte count, and return an error indication.
   3278 			 */
   3279 			p->bp = bp;
   3280 			p->cc = cc;
   3281 			return -1;
   3282 		}
   3283 		if (bytes_read == -3)
   3284 		{
   3285 			/*
   3286 			 * Interrupted receive.  Update the read
   3287 			 * pointer and byte count, and return
   3288 			 * an interrupted indication.
   3289 			 */
   3290 			p->bp = bp;
   3291 			p->cc = cc;
   3292 			return -3;
   3293 		}
   3294 		if (bytes_read == 0)
   3295 		{
   3296 			/*
   3297 			 * EOF - server terminated the connection.
   3298 			 * Update the read pointer and byte count, and
   3299 			 * return an error indication.
   3300 			 */
   3301 			pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
   3302 			    "The server terminated the connection.");
   3303 			return -1;
   3304 		}
   3305 		bp += bytes_read;
   3306 		cc += bytes_read;
   3307 	}
   3308 	p->bp = bp;
   3309 	p->cc = cc;
   3310 	return 0;
   3311 }
   3312