From d1bf5b454659dd04aa9b3a4281ffe1d0d4299cf3 Mon Sep 17 00:00:00 2001 From: Cedric Cellier Date: Wed, 30 May 2018 09:43:35 +0200 Subject: SSL: implement encryption of active connections control sockets Added one boolean argument to pcap_remoteact_accept(). --- pcap-rpcap.c | 16 +++++++++++++--- pcap/pcap.h | 2 +- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/pcap-rpcap.c b/pcap-rpcap.c index 83af582b..e5a2b35e 100644 --- a/pcap-rpcap.c +++ b/pcap-rpcap.c @@ -102,6 +102,7 @@ static struct activehosts *activeHosts; * pcap_remoteact_cleanup() for more details. */ static SOCKET sockmain; +static SSL *ssl_main; /* * Private data for capturing remotely using the rpcap protocol. @@ -2320,6 +2321,9 @@ pcap_t *pcap_open_rpcap(const char *source, int snaplen, int flags, int read_tim goto error_nodiscard; } + /* All good so far, save the ssl handler */ + ssl_main = ssl; + /* * Now it's time to start playing with the RPCAP protocol * RPCAP open command: create the request message @@ -2810,7 +2814,7 @@ error_nodiscard: * to implement; we provide some APIs for it that work only with rpcap. */ -SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf) +SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, int uses_ssl, char *errbuf) { /* socket-related variables */ struct addrinfo hints; /* temporary struct to keep settings needed to open the new socket */ @@ -2818,12 +2822,11 @@ SOCKET pcap_remoteact_accept(const char *address, const char *port, const char * struct sockaddr_storage from; /* generic sockaddr_storage variable */ socklen_t fromlen; /* keeps the length of the sockaddr_storage variable */ SOCKET sockctrl; /* keeps the main socket identifier */ - SSL *ssl = NULL; /* Optional SSL handler for sockctrl */ + SSL *ssl = NULL; /* Optional SSL handler for sockctrl */ uint8 protocol_version; /* negotiated protocol version */ struct activehosts *temp, *prev; /* temp var needed to scan he host list chain */ *connectinghost = 0; /* just in case */ - uint8 uses_ssl = 0; // TODO: how to get this info and how to return the SSL*? /* Prepare to open a new server socket */ memset(&hints, 0, sizeof(struct addrinfo)); @@ -3095,6 +3098,13 @@ void pcap_remoteact_cleanup(void) sock_cleanup(); } +# ifdef HAVE_OPENSSL + if (ssl_main) + { + SSL_free(ssl_main); + ssl_main = NULL; + } +# endif } int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf) diff --git a/pcap/pcap.h b/pcap/pcap.h index 8ad79b61..6b6437fa 100644 --- a/pcap/pcap.h +++ b/pcap/pcap.h @@ -950,7 +950,7 @@ PCAP_API struct pcap_samp *pcap_setsampling(pcap_t *p); PCAP_API SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, - struct pcap_rmtauth *auth, char *errbuf); + struct pcap_rmtauth *auth, int uses_ssl, char *errbuf); PCAP_API int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf); PCAP_API int pcap_remoteact_close(const char *host, char *errbuf); -- cgit v1.2.3