📄 daemon.c
字号:
return -1;
// send all addresses
for (address= d->addresses; address != NULL; address= address->next)
{
struct sockaddr_storage *sockaddr;
sockaddr= (struct sockaddr_storage *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct sockaddr_storage), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
daemon_seraddr( (struct sockaddr_storage *) address->addr, sockaddr);
sockaddr= (struct sockaddr_storage *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct sockaddr_storage), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
daemon_seraddr( (struct sockaddr_storage *) address->netmask, sockaddr);
sockaddr= (struct sockaddr_storage *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct sockaddr_storage), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
daemon_seraddr( (struct sockaddr_storage *) address->broadaddr, sockaddr);
sockaddr= (struct sockaddr_storage *) &sendbuf[sendbufidx];
if (sock_bufferize(NULL, sizeof(struct sockaddr_storage), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
daemon_seraddr( (struct sockaddr_storage *) address->dstaddr, sockaddr);
}
}
// Send a final command that says "now send it!"
if (sock_send(sockctrl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
// We do no longer need the device list. Free it
pcap_freealldevs(alldevs);
// everything is fine
return 0;
}
/*
\param plen: the length of the current message (needed in order to be able
to discard excess data in the message, if present)
*/
int daemon_opensource(SOCKET sockctrl, char *source, int srclen, uint32 plen, char *errbuf)
{
pcap_t *fp= NULL; // pcap_t main variable
unsigned int nread; // number of bytes of the payload read from the socket
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx= 0; // index which keeps the number of bytes currently buffered
struct rpcap_openreply *openreply; // open reply message
strcpy(source, PCAP_SRC_IF_STRING);
if (srclen <= (int) (strlen(PCAP_SRC_IF_STRING) + plen) )
{
rpcap_senderror(sockctrl, "Source string too long", PCAP_ERR_OPEN, NULL);
return -1;
}
if ( (nread= sock_recv(sockctrl, &source[strlen(PCAP_SRC_IF_STRING)], plen, SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE)) == -1)
return -1;
// Check if all the data has been read; if not, discard the data in excess
if (nread != plen)
sock_discard(sockctrl, plen - nread, NULL, 0);
// Puts a '0' to terminate the source string
source[strlen(PCAP_SRC_IF_STRING) + plen]= 0;
// Open the selected device
// This is a fake open, since we do that only to get the needed parameters, then we close the device again
if ( (fp= pcap_open(source,
1500 /* fake snaplen */,
0 /* no promis */,
1000 /* fake timeout */,
NULL /* local device, so no auth */,
errbuf)) == NULL)
{
rpcap_senderror(sockctrl, errbuf, PCAP_ERR_OPEN, NULL);
return -1;
}
// Now, I can send a RPCAP open reply message
if ( sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr( (struct rpcap_header *) sendbuf, RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply) );
openreply= (struct rpcap_openreply *) &sendbuf[sendbufidx];
if ( sock_bufferize(NULL, sizeof(struct rpcap_openreply), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
memset(openreply, 0, sizeof(struct rpcap_openreply) );
openreply->linktype= htonl(fp->linktype);
openreply->tzoff= htonl(fp->tzoff);
if ( sock_send(sockctrl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
// I have to close the device again, since it has been opened with wrong parameters
pcap_close(fp);
fp= NULL;
return 0;
error:
if (fp)
{
pcap_close(fp);
fp= NULL;
}
return -1;
}
/*
\param plen: the length of the current message (needed in order to be able
to discard excess data in the message, if present)
*/
pcap_t *daemon_startcapture(SOCKET sockctrl, pthread_t *threaddata, char *source, int active, struct rpcap_sampling *samp_param, uint32 plen, char *errbuf)
{
char portdata[PCAP_BUF_SIZE]; // temp variable needed to derive the data port
char peerhost[PCAP_BUF_SIZE]; // temp variable needed to derive the host name of our peer
pcap_t *fp= NULL; // pcap_t main variable
unsigned int nread; // number of bytes of the payload read from the socket
char sendbuf[RPCAP_NETBUF_SIZE]; // temporary buffer in which data to be sent is buffered
int sendbufidx= 0; // index which keeps the number of bytes currently buffered
// socket-related variables
SOCKET sockdata= 0; // socket descriptor of the data connection
struct addrinfo hints; // temp, needed to open a socket connection
struct addrinfo *addrinfo; // temp, needed to open a socket connection
struct sockaddr_storage saddr; // temp, needed to retrieve the network data port chosen on the local machine
socklen_t saddrlen; // temp, needed to retrieve the network data port chosen on the local machine
pthread_attr_t detachedAttribute; // temp, needed to set the created thread as detached
// RPCAP-related variables
struct rpcap_startcapreq startcapreq; // start capture request message
struct rpcap_startcapreply *startcapreply; // start capture reply message
int serveropen_dp; // keeps who is going to open the data connection
addrinfo= NULL;
if ( (nread= sock_recv(sockctrl, (char *) &startcapreq, sizeof(struct rpcap_startcapreq), SOCK_RECEIVEALL_YES, errbuf, PCAP_ERRBUF_SIZE)) == -1)
return NULL;
startcapreq.flags= ntohs(startcapreq.flags);
// Open the selected device
if ( (fp= pcap_open(source,
ntohl(startcapreq.snaplen),
(startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_PROMISC) ? PCAP_OPENFLAG_PROMISCUOUS : 0 /* local device, other flags not needed */,
ntohl(startcapreq.read_timeout),
NULL /* local device, so no auth */,
errbuf)) == NULL)
{
rpcap_senderror(sockctrl, errbuf, PCAP_ERR_OPEN, NULL);
return NULL;
}
// Apply sampling parameters
fp->rmt_samp.method= samp_param->method;
fp->rmt_samp.value= samp_param->value;
/*
We're in active mode if:
- we're using TCP, and the user wants us to be in active mode
- we're using UDP
*/
serveropen_dp= (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_SERVEROPEN) || (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) || active;
/*
Gets the sockaddr structure referred to the other peer in the ctrl connection
We need that because:
- if we're in passive mode, we need to know the address family we want to use
(the same used for the ctrl socket)
- if we're in active mode, we need to know the network address of the other host
we want to connect to
*/
saddrlen = sizeof(struct sockaddr_storage);
if (getpeername(sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
{
sock_geterror("getpeername(): ", errbuf, PCAP_ERRBUF_SIZE);
goto error;
}
memset(&hints, 0, sizeof(struct addrinfo) );
hints.ai_socktype = (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM) ? SOCK_DGRAM : SOCK_STREAM;
hints.ai_family = saddr.ss_family;
// Now we have to create a new socket to send packets
if (serveropen_dp) // Data connection is opened by the server toward the client
{
sprintf(portdata, "%d", ntohs(startcapreq.portdata) );
// Get the name of the other peer (needed to connect to that specific network address)
if (getnameinfo( (struct sockaddr *) &saddr, saddrlen, peerhost,
sizeof(peerhost), NULL, 0, NI_NUMERICHOST) )
{
sock_geterror("getnameinfo(): ", errbuf, PCAP_ERRBUF_SIZE);
goto error;
}
if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if ( (sockdata= sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errbuf, PCAP_ERRBUF_SIZE)) == -1)
goto error;
}
else // Data connection is opened by the client toward the server
{
hints.ai_flags = AI_PASSIVE;
// Let's the server socket pick up a free network port for us
if (sock_initaddress(NULL, "0", &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if ( (sockdata= sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errbuf, PCAP_ERRBUF_SIZE)) == -1)
goto error;
// get the complete sockaddr structure used in the data connection
saddrlen = sizeof(struct sockaddr_storage);
if (getsockname(sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
{
sock_geterror("getsockname(): ", errbuf, PCAP_ERRBUF_SIZE);
goto error;
}
// Get the local port the system picked up
if (getnameinfo( (struct sockaddr *) &saddr, saddrlen, NULL,
0, portdata, sizeof(portdata), NI_NUMERICSERV) )
{
sock_geterror("getnameinfo(): ", errbuf, PCAP_ERRBUF_SIZE);
goto error;
}
}
// addrinfo is no longer used
freeaddrinfo(addrinfo);
addrinfo= NULL;
// save the socket ID for the next calls
fp->rmt_sockctrl= sockctrl; // Needed to send an error on the ctrl connection
// Now I can set the filter
if ( daemon_unpackapplyfilter(fp, &nread, &plen, errbuf) )
goto error;
// Now, I can send a RPCAP start capture reply message
if ( sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
rpcap_createhdr( (struct rpcap_header *) sendbuf, RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply) );
startcapreply= (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
if ( sock_bufferize(NULL, sizeof(struct rpcap_startcapreply), NULL,
&sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
memset(startcapreply, 0, sizeof(struct rpcap_startcapreply) );
startcapreply->bufsize= htonl(fp->bufsize);
if (!serveropen_dp)
{
sscanf(portdata, "%d", (int *) &(startcapreply->portdata) );
startcapreply->portdata= htons(startcapreply->portdata);
}
if ( sock_send(sockctrl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
goto error;
if (!serveropen_dp)
{
SOCKET socktemp; // We need another socket, since we're going to accept() a connection
// Connection creation
saddrlen = sizeof(struct sockaddr_storage);
socktemp= accept(sockdata, (struct sockaddr *) &saddr, &saddrlen);
if (socktemp == -1)
{
sock_geterror("accept(): ", errbuf, PCAP_ERRBUF_SIZE);
goto error;
}
// Now that I accepted the connection, the server socket is no longer needed
sock_close(sockdata, errbuf, PCAP_ERRBUF_SIZE);
sockdata= socktemp;
}
fp->rmt_sockdata= sockdata;
/* GV we need this to create the thread as detached. */
/* GV otherwise, the thread handle is not destroyed */
pthread_attr_init(&detachedAttribute);
pthread_attr_setdetachstate(&detachedAttribute, PTHREAD_CREATE_DETACHED);
// Now we have to create a new thread to receive packets
if ( pthread_create(threaddata, &detachedAttribute, (void *) daemon_thrdatamain, (void *) fp) )
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
pthread_attr_destroy(&detachedAttribute);
goto error;
}
pthread_attr_destroy(&detachedAttribute);
// Check if all the data has been read; if not, discard the data in excess
if (nread != plen)
sock_discard(sockctrl, plen - nread, NULL, 0);
return fp;
error:
rpcap_senderror(sockctrl, errbuf, PCAP_ERR_STARTCAPTURE, NULL);
if (addrinfo)
freeaddrinfo(addrinfo);
if (threaddata)
pthread_cancel(*threaddata);
if (sockdata)
sock_close(sockdata, NULL, 0);
// Check if all the data has been read; if not, discard the data in excess
if (nread != plen)
sock_discard(sockctrl, plen - nread, NULL, 0);
if (fp)
{
pcap_close(fp);
fp= NULL;
}
return NULL;
}
int daemon_endcapture(pcap_t *fp, pthread_t *threaddata, char *errbuf)
{
struct rpcap_header header;
SOCKET sockctrl;
if (threaddata)
{
pthread_cancel(*threaddata);
threaddata= 0;
}
if (fp->rmt_sockdata)
{
sock_close(fp->rmt_sockdata, NULL, 0);
fp->rmt_sockdata= 0;
}
sockctrl= fp->rmt_sockctrl;
pcap_close(fp);
fp= NULL;
rpcap_createhdr( &header, RPCAP_MSG_ENDCAP_REPLY, 0, 0);
if ( sock_send(sockctrl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
return -1;
return 0;
}
int daemon_unpackapplyfilter(pcap_t *fp, unsigned int *nread, int *plen, char *errbuf)
{
struct rpcap_filter filter;
struct rpcap_filterbpf_insn insn;
struct bpf_insn *bf_insn;
struct bpf_program bf_prog;
unsigned int i;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -