This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm using rpcapd on my Tomato router to access all packets from a Wireshark client on my network. rpcapd works great and I can see traffic for each bridge I select in remote connection in Wireshark. I am using null authentication at the moment, and I would of course like to create an allowed hosts lists with the: rpcapd -l allowed_host_list but for some reason no format I use in this list is accepted during the connection in Wireshark. I've tried IP address, MAC address, etc, every time it says the device I'm connecting from is not in the allowed hosts list. Any idea what the format is supposed to be for the allowed hosts list in linux? I see the format for rpcapd.ini in Windows, but can find no reference to what this file format should be in linux?

asked 18 May '13, 23:34

fvultee's gravatar image

fvultee
11112
accept rate: 0%


Any idea what the format is supposed to be for the allowed hosts list in linux?

according to the (WinPcap) code, it is a file with a list of allowed hosts, separated by one of these characters.

pcap-remote.h

#define RPCAP_HOSTLIST_SEP " ,;\n\r"

According to the online help of rpcapd

  -l <host_list>: a file that keeps the list of the hosts which are allowed
      to connect to this server (if more than one, list them one per line).
      We suggest to use literal names (instead of numeric ones) in order to
      avoid problems with different address families

So far, so good...

I've tried IP address, MAC address, etc, every time it says the device I'm connecting from is not in the allowed hosts list.

Unfortunately the code to parse the hosts list is severely broken.

int sock_check_hostlist(char *hostlist, const char *sep, struct sockaddr_storage *from, char *errbuf, int errbuflen)
{
    // checks if the connecting host is among the ones allowed
    if ( (hostlist) && (hostlist[0]) )
    {
    char *token;                    // temp, needed to separate items into the hostlist
    struct addrinfo *addrinfo, *ai_next;
    char *temphostlist;

        temphostlist= (char *) malloc (strlen(hostlist) + 1);
        if (temphostlist == NULL)
        {
            sock_geterror("sock_check_hostlist(), malloc() failed", errbuf, errbuflen);
            return -2;
        }

        // The problem is that strtok modifies the original variable by putting '0' at the end of each token
        // So, we have to create a new temporary string in which the original content is kept
        strcpy(temphostlist, hostlist);

        token= strtok(temphostlist, sep);

Instead of tokenizing the content of the file, it uses the file name :-(. Thus, you will never get a positive answer unless you name the hosts list file according to the connecting IP address ;-)

This works on my system.

create an empty file named: 192.168.158.139,192.168.158.140,.txt

Then start rpcapd.

./rpcapd -b 192.168.158.129 -p 2002 -n -l 192.168.158.139,192.168.158.140,.txt

Now connect from 192.168.158.139 or from 192.168.158.140.

The content of the file does not matter in this case, as it is not read anyways.

While this might be an acceptable workaround for you, it is clearly a bug and should be reported to the WinPcap team.

Please do so, with a reference to my answer.

http://www.winpcap.org/bugs.htm

Regards
Kurt

permanent link

answered 20 May '13, 07:26

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 20 May '13, 07:40

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×72
×22
×18
×15
×1

question asked: 18 May '13, 23:34

question was seen: 4,283 times

last updated: 20 May '13, 07:40

p​o​w​e​r​e​d by O​S​Q​A