Commit ef94125e authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Minor changes to capserver authtication model; capserver now requires

that capture connect on a reserved port. To do this, capture binds a
dynamic reserved port to connect to capserver, which verifies the
integrity of the sender by looking at the portnumber that accept

Note that this has the potential problem of burning a lot of reserved
ports on ops (128 tiplines) since the kernel keeps the client side in
TIME_WAIT for a minute or two after it is closed (the socket is in
actual use for just a moment before being closed). If we try to
restart capture too many times within a span of a minute or two, we
might have problems. Will have to switch to a fancier protocol then.
parent 33e45640
......@@ -132,7 +132,7 @@ main(int argc, char **argv)
while (1) {
struct sockaddr_in client;
int clientsock, length = sizeof(client);
int cc;
int cc, port;
whoami_t whoami;
unsigned char buf[BUFSIZ], node_id[64];
secretkey_t secretkey;
......@@ -144,7 +144,17 @@ main(int argc, char **argv)
syslog(LOG_ERR, "accept failed: %m");
syslog(LOG_INFO, "%s connected", inet_ntoa(client.sin_addr));
port = ntohs(client.sin_port);
syslog(LOG_INFO, "%s connected from port %d",
inet_ntoa(client.sin_addr), port);
* Check port number of sender. Must be a reserved port.
if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED / 2) {
syslog(LOG_ERR, "Illegal port! Ignoring.");
goto done;
* Set timeouts
......@@ -1404,6 +1404,17 @@ handshake(void)
die("socket(): %s", geterr(errno));
* Bind to a reserved port so that capserver can verify integrity
* of the sender by looking at the port number. The actual port
* number does not matter.
if (bindresvport(sock, NULL) < 0) {
warnc("Could not bind reserved port");
return -1;
/* For alarm. */
deadbossflag = 0;
signal(SIGALRM, deadboss);
......@@ -1416,7 +1427,7 @@ handshake(void)
if (connect(sock, (struct sockaddr *)&Bossaddr, sizeof(Bossaddr)) < 0) {
if (connect(sock, (struct sockaddr *)&Bossaddr, sizeof(Bossaddr)) < 0){
warn("connect(%s): %s", Bossnode, geterr(errno));
err = -1;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment