From a1e8056c92203d02860d719abb1d562453896da8 Mon Sep 17 00:00:00 2001 From: Emil Mikulic Date: Sun, 18 Aug 2013 16:32:41 +1000 Subject: [PATCH 1/1] Imported Upstream version 3.0.715 --- AUTHORS | 48 + COPYING.GPL | 340 +++ ChangeLog | 168 ++ INSTALL | 47 + LICENSE | 13 + | 151 ++ NEWS | 19 + README | 13 + acct.c | 290 ++ acct.h | 16 + addr.c | 98 + addr.h | 35 + bsd.c | 131 + bsd.h | 28 + cap.c | 413 +++ cap.h | 21 + cdefs.h | 40 + | 91 + configure | 5516 +++++++++++++++++++++++++++++++++++++++ | 329 +++ contrib/LisezMoi.MacOS | 67 + contrib/ReadMe.MacOS | 67 + contrib/cx.ath.darkstat | 32 + contrib/darkproxy.php | 30 + conv.c | 346 +++ conv.h | 25 + | 453 ++++ darkstat.c | 518 ++++ daylog.c | 162 ++ daylog.h | 13 + db.c | 369 +++ db.h | 40 + decode.c | 472 ++++ decode.h | 63 + dns.c | 398 +++ dns.h | 17 + err.c | 197 ++ err.h | 32 + export-format.txt | 53 + graph_db.c | 405 +++ graph_db.h | 30 + graphjs.h | 283 ++ hosts_db.c | 1473 +++++++++++ hosts_db.h | 75 + hosts_sort.c | 206 ++ html.c | 70 + html.h | 14 + http.c | 1135 ++++++++ http.h | 18 + install-sh | 323 +++ localip.c | 154 ++ localip.h | 15 + ncache.c | 144 + ncache.h | 16 + now.h | 9 + opt.h | 43 + pidfile.c | 91 + pidfile.h | 12 + queue.h | 128 + static/c-ify.c | 32 + static/graph.js | 280 ++ static/style.css | 67 + str.c | 357 +++ str.h | 47 + stylecss.h | 70 + tree.h | 394 +++ 66 files changed, 17052 insertions(+) create mode 100644 AUTHORS create mode 100644 COPYING.GPL create mode 100644 ChangeLog create mode 100644 INSTALL create mode 100644 LICENSE create mode 100644 create mode 100644 NEWS create mode 100644 README create mode 100644 acct.c create mode 100644 acct.h create mode 100644 addr.c create mode 100644 addr.h create mode 100644 bsd.c create mode 100644 bsd.h create mode 100644 cap.c create mode 100644 cap.h create mode 100644 cdefs.h create mode 100644 create mode 100755 configure create mode 100644 create mode 100644 contrib/LisezMoi.MacOS create mode 100644 contrib/ReadMe.MacOS create mode 100644 contrib/cx.ath.darkstat create mode 100644 contrib/darkproxy.php create mode 100644 conv.c create mode 100644 conv.h create mode 100644 create mode 100644 darkstat.c create mode 100644 daylog.c create mode 100644 daylog.h create mode 100644 db.c create mode 100644 db.h create mode 100644 decode.c create mode 100644 decode.h create mode 100644 dns.c create mode 100644 dns.h create mode 100644 err.c create mode 100644 err.h create mode 100644 export-format.txt create mode 100644 graph_db.c create mode 100644 graph_db.h create mode 100644 graphjs.h create mode 100644 hosts_db.c create mode 100644 hosts_db.h create mode 100644 hosts_sort.c create mode 100644 html.c create mode 100644 html.h create mode 100644 http.c create mode 100644 http.h create mode 100755 install-sh create mode 100644 localip.c create mode 100644 localip.h create mode 100644 ncache.c create mode 100644 ncache.h create mode 100644 now.h create mode 100644 opt.h create mode 100644 pidfile.c create mode 100644 pidfile.h create mode 100644 queue.h create mode 100644 static/c-ify.c create mode 100644 static/graph.js create mode 100644 static/style.css create mode 100644 str.c create mode 100644 str.h create mode 100644 stylecss.h create mode 100644 tree.h diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..06862ba --- /dev/null +++ b/AUTHORS @@ -0,0 +1,48 @@ +AUTHORS +------- + +- Emil Mikulic + Primary maintainer. + + (please read the manpage before sending me an e-mail about how your + graphs are all blank) + +Big thanks to everyone who helped out, in no particular order: + +- Ben Stewart + Web interface design for v3, import/export code and file format design. + +- Chris Kuethe + Security, cool patches, OpenBSD port maintainer. + +- Bartosz Kuzma + DLT_PPP and DLT_PPP_SERIAL decoding, pkgsrc maintainer. + +- Claudio Leite - DLT_PPP_ETHER decoding. + +- Can Erkin Acar - BIOCSETWF patch. + +- Ingo Bressler - DLT_LINUX_SLL decoding. + +- Dennis Jansen + Motivation for keeping memory use down, cool patches. + +- Anton S. Ustyuzhanin - DLT_RAW decoding. + +- Cristian Rodriguez - SUSE package maintainer. + +- Rene Mayorga - Debian package maintainer. + +- Cedric Delfosse - Debian package maintainer (retired). + +- Damian Lozinski - initial implementation of average KB/s on graphs. + +- Damien Clauzel - launchd config and Mac OS X instructions. + +- Mats Erik Andersson - for doing the IPv6 heavy lifting. + +Cyro W. Corte Real Filho, Jean-Edouard Babin, Leif Terrens, Moritz Grimm, +Andreas Reimann, Colin Phipps, Cheng-Lung Sung, Martin Wilke, Piotr Kalina, +Carlo Florendo, Malte S. Stretz, Dirk Koopman, and others.

My apologies if I missed anyone - please mail any corrections to me (Emil) If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..f14816c --- /dev/null +++ b/ChangeLog @@ -0,0 +1,168 @@ +v3.0.715 (January 2012) + - Compatibility fixes for Hurd and Solaris. + - Use link-time optimization and automake-like silent rules. + - Support systems without ifaddrs.h again. + - Continuing fixes for IPv6 support. + - Only update lastseen time for sender, not recipient. + - Implement --local-only: accounting for hosts on the local net. + - Make failure to bind() a socket non-fatal. + - Make failure to get local IP non-fatal. + - Fall back to gethostbyaddr() if getnameinfo() fails. + - Fix detection of IPv4 multicast addresses. + - Fix decoding on OpenBSD DLT_NULL interfaces (e.g. gif(4)) + +v3.0.714 (June 2011) + - IPv6 support! Big ups to Mats Erik Andersson who did most + of this work! + - Allow sort on last-seen, thanks to Dirk Koopman. + - Support multiple bind addresses. + - Add --disable-debug configure flag, thanks to Malte S. Stretz. + - Make it possible to save the DB without resetting it (SIGUSR2). + - Web: Use relative URLs, so darkstat works properly behind mod_proxy, + thanks to Malte S. Stretz. + +v3.0.713 (March 2010) + - Don't require --verbose for pcap_stats. + - Survive interface going down on Linux. + - Support DLT_RAW, implemented by Anton S. Ustyuzhanin. + - Skip accounting for hosts or ports if their max is set to zero. + - Implement --hexdump for troubleshooting. + - Web: Implement --no-lastseen + - Implement --snaplen manual override. + - Fix snaplen problem on recent (1-2 years?) Linux kernels. + - Implement --syslog + - Implement --wait as a NetworkManager workaround. + +(there were no releases made in 2009) + +v3.0.712 (November 2008) + - Web: Add --no-macs option to hide mac addresses. + Thanks Dennis! + - Web: Make tables prettier. + - Host detail view now triggers a DNS lookup. + - Manpage tweaks, also move from section 1 to section 8. + - Track and show how long ago a host was last seen. + Suggested by: Prof A Olowofoyeku (The African Chief) + - Show pcap_stats (like number of packets dropped) in the web + interface and also upon exit. + +v3.0.711 (August 2008) + - Split --debug into --verbose and --no-daemon + - Include launchd config and instructions for running darkstat + on Mac OS X. Contributed by Damien Clauzel. + - Implement PPPoE decoding on ethernet iface. (--pppoe) + - Web: Add automatic reload button. Thanks Dennis! + - Web: Add a graph legend with min/avg/max. + - Web: Remove hashtable stats pages. + +v3.0.708 (May 2008) + + - Implement limiting of number of ports tracked per host, + configurable on the commandline (--ports-max) + - Optionally don't track high ports (--highest-port) + Thanks Dennis! + - Fix rare use-after-free resulting from hosts table reduction. + - Make hosts limit configurable (--hosts-max) + - Option to read from capfile as alternative to live capture + (really only useful for development, benchmarking) + - Add the sniffed interface name to HTML reports. + Thanks Chris! + +v3.0.707 (Sep 2007) + + - Fix silly bug in formatting hex. + - Check for pcap.h in include/pcap/ for old RedHat-a-likes. + - New commandline parser. + - To stay in foreground, pass --debug instead of -d. + - We can now reset all statistics at runtime (send SIGUSR1) + - Make chroot dir configurable on cmdline (--chroot) + - Make privdrop user configurable on cmdline (--user) + - Implement daylog (brings back a v2 feature) + - Import and export hosts and graphs, this brings back a fairly + major v2 feature. Big ups to Ben for doing a lot of the + design and implementation of this feature! + Note that the v3 database format is, by design, incompatible + with the v2 format. + - Report average KB/s in and out on graphs. + Thanks to Damian Lozinski for suggestion and first cut at the + implementation. + - Fix graph rotation when the delay between rotations is big + enough to clear an entire graph. + - Make ip_proto 8 bits wide, to match the IP header. + - Implement pidfile functionality for people who prefer to + handle daemons in this manner. + +v3.0.619 (Apr 2007) + + - Decode DLT_PPP and DLT_PPP_SERIAL on NetBSD, + patch courtesy of Bartosz Kuzma. + - Don't use pcap_setnonblock(), with help from Colin Phipps. + - Reduce the number of syscalls made. + - Answer FAQ about graph axes / labels / scale. + - Fix build on OpenBSD (thanks Chris!) and Solaris. + - Commandline arg (-n) to disable promiscuous mode when + sniffing, thanks to Chris Kuethe for the implementation. + - Commandline arg (-r) to disable DNS resolver. + - Track and report per-host last seen MAC address. + - Move FAQ into manpage. + - Implement display of start time and running time. + - Web: implement sorting the hosts table by in/out/total. + - Web: implement paging through the hosts table. + - Web: implement full view of hosts table. + - Don't die if the capture interface loses its IP address. + - Make daemonize (previously -d) the default, and make -D the + argument to suppress it. + - Commandline arg (-l) to graph traffic entering/leaving the + local network as opposed to just the local IP. v2 had this. + - Allow configure-time override of CHROOT_DIR and PRIVDROP_USER. + - Web: new color scheme. + +v3.0.540 (Aug 2006) + + - Fix build against old libpcap (thanks Claudio) + - Fix build on AIX (thanks Andreas) + - Fix build warnings on NetBSD (thanks Bartosz) + - Deny writes to BPF socket (thanks Can) + - Reverse-resolve IPs less aggressively. + - Free up the DNS queue as we process it. + - Fix dns_reply silliness. + - Web: tweak the look of the top bar. + - Web: update total packets and bytes as part of graph update. + - Decode DLT_LINUX_SLL (ippp0 on Linux), + patch courtesy of Ingo Bressler + +v3.0.524 (Jul 2006) + + - Fix build on NetBSD. + - Fix shutdown on Linux. + - Performance improvements. + - Free the mallocs. + - Work around BPF being immediate on Linux. + This improves performance. + - Drop privileges when we don't need them. Chroot. Generally + be more paranoid. Thanks to Chris Kuethe for patches and + inspiration. + - Daemonize. (run in the background) + - Graphs: Make the entire bar have the same label (instead of + different labels for in/out), add thousands separators for + legibility, include the position/index (i.e. day 22) + - Instead of reducing the hosts_db based on time, do it based on + its size. + - Implement somewhat better handling of time moving backwards - + we assume that real time is monotonic and just renumber the + graph bars. (time is hard) + - Greatly improve IPC with the DNS child, make it more efficient + and much more robust. + - Decode DLT_PPP_ETHER (pppoe0 on OpenBSD), patch courtesy of + Claudio Leite. + +v3.0.471 (Jun 2006) + + First public release of darkstat 3. Almost a complete rewrite + since v2.6. Architecture much improved, better portability and + stability. + + /* Check the header data */ + if (memcmp(got, expected, sizeof(got)) != 0) { + warnx("bad header: " + "expecting %02x%02x%02x%02x, got %02x%02x%02x%02x", + expected[0], expected[1], expected[2], expected[3], + got[0], got[1], got[2], got[3]); + return 0; + } + return 1; +} + +/* Returns 0 on failure, 1 on success. */ +static int +db_import_from_fd(const int fd) +{ + if (!read_file_header(fd, export_file_header)) return 0; + if (!read_file_header(fd, export_tag_hosts_ver1)) return 0; + if (!hosts_db_import(fd)) return 0; + if (!read_file_header(fd, export_tag_graph_ver1)) return 0; + if (!graph_import(fd)) return 0; + return 1; +} + +void +db_import(const char *filename) +{ + int fd = open(filename, O_RDONLY | O_NOFOLLOW); + if (fd == -1) { + warn("can't import from \"%s\"", filename); + return; + } + if (!db_import_from_fd(fd)) { + warnx("import failed"); + /* don't stay in an inconsistent state: */ + hosts_db_reset(); + graph_reset(); + } + close(fd); +} + +/* Returns 0 on failure, 1 on success. */ +static int +db_export_to_fd(const int fd) +{ + if (!writen(fd, export_file_header, sizeof(export_file_header))) + return 0; + if (!writen(fd, export_tag_hosts_ver1, sizeof(export_tag_hosts_ver1))) + return 0; + if (!hosts_db_export(fd)) + return 0; + if (!writen(fd, export_tag_graph_ver1, sizeof(export_tag_graph_ver1))) + return 0; + if (!graph_export(fd)) + return 0; + return 1; +} + +void +db_export(const char *filename) +{ + int fd = open(filename, O_WRONLY | O_CREAT | O_NOFOLLOW | O_TRUNC, 0600); + if (fd == -1) { + warn("can't export to \"%s\"", filename); + return; + } + verbosef("exporting db to file \"%s\"", filename); + if (!db_export_to_fd(fd)) + warnx("export failed"); + else + verbosef("export successful"); + + /* FIXME: should write to another filename and use the rename() syscall to + * atomically update the output file on success + */ + close(fd); +} + +/* vim:set ts=3 sw=3 tw=78 et: */ diff --git a/db.h b/db.h new file mode 100644 index 0000000..5f2eba6 --- /dev/null +++ b/db.h @@ -0,0 +1,40 @@ +/* darkstat 3 + * + * db.h: load and save in-memory database from/to file + * copyright (c) 2007-2011 Ben Stewart, Emil Mikulic. + */ + +#include /* for size_t */ +#include /* for uint64_t */ + +struct addr; + +void db_import(const char *filename); +void db_export(const char *filename); + +/* byteswap */ +uint64_t hton64(const uint64_t ho); +uint64_t ntoh64(const uint64_t no); +void test_64order(void); + +/* read helpers */ +unsigned int xtell(const int fd); +int readn(const int fd, void *dest, const size_t len); +int read8(const int fd, uint8_t *dest); +int expect8(const int fd, uint8_t expecting); +int read16(const int fd, uint16_t *dest); +int read32(const int fd, uint32_t *dest); +int read64(const int fd, uint64_t *dest); +int readaddr_ipv4(const int fd, struct addr *dest); +int readaddr(const int fd, struct addr *dest); +int read_file_header(const int fd, const uint8_t expected[4]); + +/* write helpers */ +int writen(const int fd, const void *dest, const size_t len); +int write8(const int fd, const uint8_t i); +int write16(const int fd, const uint16_t i); +int write32(const int fd, const uint32_t i); +int write64(const int fd, const uint64_t i); +int writeaddr(const int fd, const struct addr *const a); + +/* vim:set ts=3 sw=3 tw=78 et: */ diff --git a/decode.c b/decode.c new file mode 100644 index 0000000..def8c29 --- /dev/null +++ b/decode.c @@ -0,0 +1,472 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * decode.c: packet decoding. + * + * Given a captured packet, decode it and fill out a pktsummary struct which + * will be sent to the accounting code in acct.c + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ + +#include "cdefs.h" +#include "acct.h" +#include "cap.h" +#include "config.h" +#include "decode.h" +#include "err.h" +#include "opt.h" + +#include +#include +#include +#include +#include +#include +#include /* inet_ntoa() */ + +/* need struct ether_header */ +#if defined(__NetBSD__) || defined(__OpenBSD__) +# include +# include +# include +# include +#else +# ifdef __sun +# include +# define ETHER_HDR_LEN 14 +# else +# ifdef _AIX +# include +# define ETHER_HDR_LEN 14 +# else +# include +# endif +# endif +#endif +#ifndef ETHERTYPE_PPPOE +#define ETHERTYPE_PPPOE 0x8864 +#endif + +#ifndef ETHERTYPE_IPV6 +# ifdef HAVE_NET_IF_ETHER_H +# include /* ETH_P_IPV6 for GNU/kfreebsd */ +# endif +# ifdef ETH_P_IPV6 +# define ETHERTYPE_IPV6 ETH_P_IPV6 +# endif +#endif + +#include /* struct ifreq */ +#include /* n_long */ +#include /* struct ip */ +#include /* struct ip6_hdr */ +#define __FAVOR_BSD +#include /* struct tcphdr */ +#include /* struct udphdr */ + +#ifndef IPV6_VERSION +#define IPV6_VERSION 0x60 +#endif + +#ifndef IPV6_VERSION_MASK +#define IPV6_VERSION_MASK 0xf0 +#endif + +static void decode_ether(u_char *, const struct pcap_pkthdr *, + const u_char *); +static void decode_loop(u_char *, const struct pcap_pkthdr *, + const u_char *); +static void decode_null(u_char *, const struct pcap_pkthdr *, + const u_char *); +static void decode_ppp(u_char *, const struct pcap_pkthdr *, + const u_char *); +static void decode_pppoe(u_char *, const struct pcap_pkthdr *, + const u_char *); +static void decode_pppoe_real(const u_char *pdata, const uint32_t len, + struct pktsummary *sm); +static void decode_linux_sll(u_char *, const struct pcap_pkthdr *, + const u_char *); +static void decode_raw(u_char *, const struct pcap_pkthdr *, + const u_char *); +static void decode_ip(const u_char *pdata, const uint32_t len, + struct pktsummary *sm); +static void decode_ipv6(const u_char *pdata, const uint32_t len, + struct pktsummary *sm); + +/* Link-type header information */ +static const struct linkhdr linkhdrs[] = { + /* linktype hdrlen handler */ + { DLT_EN10MB, ETHER_HDR_LEN, decode_ether }, + { DLT_LOOP, NULL_HDR_LEN, decode_loop }, + { DLT_NULL, NULL_HDR_LEN, decode_null }, + { DLT_PPP, PPP_HDR_LEN, decode_ppp }, +#if defined(__NetBSD__) + { DLT_PPP_SERIAL, PPP_HDR_LEN, decode_ppp }, +#endif + { DLT_FDDI, FDDI_HDR_LEN, NULL }, + { DLT_PPP_ETHER, PPPOE_HDR_LEN, decode_pppoe }, +#ifdef DLT_LINUX_SLL + { DLT_LINUX_SLL, SLL_HDR_LEN, decode_linux_sll }, +#endif + { DLT_RAW, RAW_HDR_LEN, decode_raw }, + { -1, 0, NULL } +}; + +/* + * Returns a pointer to the linkhdr record matching the given linktype, or + * NULL if no matching entry found. + */ +const struct linkhdr * +getlinkhdr(const int linktype) +{ + size_t i; + + for (i=0; linkhdrs[i].linktype != -1; i++) + if (linkhdrs[i].linktype == linktype) + return (&(linkhdrs[i])); + return (NULL); +} + +/* + * Returns the minimum snaplen needed to decode everything up to the TCP/UDP + * packet headers. The IPv6 header is normative. The argument lh is not + * allowed to be NULL. + */ +int +getsnaplen(const struct linkhdr *lh) +{ + return (int)(lh->hdrlen + IPV6_HDR_LEN + MAX(TCP_HDR_LEN, UDP_HDR_LEN)); +} + +/* Decoding functions. */ +static void +decode_ether(u_char *user _unused_, + const struct pcap_pkthdr *pheader, + const u_char *pdata) +{ + u_short type; + const struct ether_header *hdr = (const struct ether_header *)pdata; + struct pktsummary sm; + memset(&sm, 0, sizeof(sm)); + sm.time = pheader->ts.tv_sec; + + if (pheader->caplen < ETHER_HDR_LEN) { + verbosef("ether: packet too short (%u bytes)", pheader->caplen); + return; + } + +#ifdef __sun + memcpy(sm.src_mac, hdr->ether_shost.ether_addr_octet, sizeof(sm.src_mac)); + memcpy(sm.dst_mac, hdr->ether_dhost.ether_addr_octet, sizeof(sm.dst_mac)); +#else + memcpy(sm.src_mac, hdr->ether_shost, sizeof(sm.src_mac)); + memcpy(sm.dst_mac, hdr->ether_dhost, sizeof(sm.dst_mac)); +#endif + + type = ntohs( hdr->ether_type ); + switch (type) { + case ETHERTYPE_IP: + case ETHERTYPE_IPV6: + if (!opt_want_pppoe) { + decode_ip(pdata + ETHER_HDR_LEN, + pheader->caplen - ETHER_HDR_LEN, &sm); + acct_for(&sm); + } else + verbosef("ether: discarded IP packet, expecting PPPoE instead"); + break; + case ETHERTYPE_ARP: + /* known protocol, don't complain about it. */ + break; + case ETHERTYPE_PPPOE: + if (opt_want_pppoe) + decode_pppoe_real(pdata + ETHER_HDR_LEN, + pheader->caplen - ETHER_HDR_LEN, &sm); + else + verbosef("ether: got PPPoE frame: maybe you want --pppoe"); + break; + default: + verbosef("ether: unknown protocol (0x%04x)", type); + } +} + +/* Very similar to decode_null, except on OpenBSD we need to think + * about family endianness. + */ +static void +decode_loop(u_char *user _unused_, + const struct pcap_pkthdr *pheader, + const u_char *pdata) +{ + uint32_t family; + struct pktsummary sm; + memset(&sm, 0, sizeof(sm)); + + if (pheader->caplen < NULL_HDR_LEN) { + verbosef("loop: packet too short (%u bytes)", pheader->caplen); + return; + } + family = *(const uint32_t *)pdata; +#ifdef __OpenBSD__ + family = ntohl(family); +#endif + if (family == AF_INET) { + decode_ip(pdata + NULL_HDR_LEN, pheader->caplen - NULL_HDR_LEN, &sm); + sm.time = pheader->ts.tv_sec; + acct_for(&sm); + } + else if (family == AF_INET6) { + decode_ipv6(pdata + NULL_HDR_LEN, pheader->caplen - NULL_HDR_LEN, &sm); + sm.time = pheader->ts.tv_sec; + acct_for(&sm); + } + else + verbosef("loop: unknown family (%x)", family); +} + +static void +decode_null(u_char *user _unused_, + const struct pcap_pkthdr *pheader, + const u_char *pdata) +{ + uint32_t family; + struct pktsummary sm; + memset(&sm, 0, sizeof(sm)); + + if (pheader->caplen < NULL_HDR_LEN) { + verbosef("null: packet too short (%u bytes)", pheader->caplen); + return; + } + family = *(const uint32_t *)pdata; + if (family == AF_INET) { + decode_ip(pdata + NULL_HDR_LEN, pheader->caplen - NULL_HDR_LEN, &sm); + sm.time = pheader->ts.tv_sec; + acct_for(&sm); + } + else if (family == AF_INET6) { + decode_ipv6(pdata + NULL_HDR_LEN, pheader->caplen - NULL_HDR_LEN, &sm); + sm.time = pheader->ts.tv_sec; + acct_for(&sm); + } + else + verbosef("null: unknown family (%x)", family); +} + +static void +decode_ppp(u_char *user _unused_, + const struct pcap_pkthdr *pheader, + const u_char *pdata) +{ + struct pktsummary sm; + memset(&sm, 0, sizeof(sm)); + + if (pheader->caplen < PPPOE_HDR_LEN) { + verbosef("ppp: packet too short (%u bytes)", pheader->caplen); + return; + } + + if (pdata[2] == 0x00 && pdata[3] == 0x21) { + decode_ip(pdata + PPP_HDR_LEN, pheader->caplen - PPP_HDR_LEN, &sm); + sm.time = pheader->ts.tv_sec; + acct_for(&sm); + } else + verbosef("non-IP PPP packet; ignoring."); +} + +static void +decode_pppoe(u_char *user _unused_, + const struct pcap_pkthdr *pheader, + const u_char *pdata) +{ + struct pktsummary sm; + memset(&sm, 0, sizeof(sm)); + sm.time = pheader->ts.tv_sec; + decode_pppoe_real(pdata, pheader->caplen, &sm); +} + +static void +decode_pppoe_real(const u_char *pdata, const uint32_t len, + struct pktsummary *sm) +{ + if (len < PPPOE_HDR_LEN) { + verbosef("pppoe: packet too short (%u bytes)", len); + return; + } + + if (pdata[1] != 0x00) { + verbosef("pppoe: code = 0x%02x, expecting 0; ignoring.", pdata[1]); + return; + } + + if ((pdata[6] == 0xc0) && (pdata[7] == 0x21)) return; /* LCP */ + if ((pdata[6] == 0xc0) && (pdata[7] == 0x25)) return; /* LQR */ + + if ((pdata[6] == 0x00) && (pdata[7] == 0x21)) { + decode_ip(pdata + PPPOE_HDR_LEN, len - PPPOE_HDR_LEN, sm); + acct_for(sm); + } else + verbosef("pppoe: non-IP PPPoE packet (0x%02x%02x); ignoring.", + pdata[6], pdata[7]); +} + +/* very similar to decode_ether ... */ +static void +decode_linux_sll(u_char *user _unused_, + const struct pcap_pkthdr *pheader, + const u_char *pdata) +{ + const struct sll_header { + uint16_t packet_type; + uint16_t device_type; + uint16_t addr_length; +#define SLL_MAX_ADDRLEN 8 + uint8_t addr[SLL_MAX_ADDRLEN]; + uint16_t ether_type; + } *hdr = (const struct sll_header *)pdata; + u_short type; + struct pktsummary sm; + memset(&sm, 0, sizeof(sm)); + + if (pheader->caplen < SLL_HDR_LEN) { + verbosef("linux_sll: packet too short (%u bytes)", pheader->caplen); + return; + } + + type = ntohs( hdr->ether_type ); + switch (type) { + case ETHERTYPE_IP: + case ETHERTYPE_IPV6: + decode_ip(pdata + SLL_HDR_LEN, pheader->caplen - SLL_HDR_LEN, &sm); + sm.time = pheader->ts.tv_sec; + acct_for(&sm); + break; + case ETHERTYPE_ARP: + /* known protocol, don't complain about it. */ + break; + default: + verbosef("linux_sll: unknown protocol (%04x)", type); + } +} + +static void +decode_raw(u_char *user _unused_, + const struct pcap_pkthdr *pheader, + const u_char *pdata) +{ + struct pktsummary sm; + memset(&sm, 0, sizeof(sm)); + + decode_ip(pdata, pheader->caplen, &sm); + sm.time = pheader->ts.tv_sec; + acct_for(&sm); +} + +static void decode_ip_payload(const u_char *pdata, const uint32_t len, + struct pktsummary *sm); + +static void +decode_ip(const u_char *pdata, const uint32_t len, struct pktsummary *sm) +{ + const struct ip *hdr = (const struct ip *)pdata; + + if (hdr->ip_v == 6) { + /* Redirect parsing of IPv6 packets. */ + decode_ipv6(pdata, len, sm); + return; + } + if (len < IP_HDR_LEN) { + verbosef("ip: packet too short (%u bytes)", len); + return; + } + if (hdr->ip_v != 4) { + verbosef("ip: version %d (expecting 4 or 6)", hdr->ip_v); + return; + } + + sm->len = ntohs(hdr->ip_len); + sm->proto = hdr->ip_p; + + sm-> = IPv4; + sm->src.ip.v4 = hdr->ip_src.s_addr; + + sm-> = IPv4; + sm->dst.ip.v4 = hdr->ip_dst.s_addr; + + decode_ip_payload(pdata + IP_HDR_LEN, len - IP_HDR_LEN, sm); +} + +static void +decode_ipv6(const u_char *pdata, const uint32_t len, struct pktsummary *sm) +{ + const struct ip6_hdr *hdr = (const struct ip6_hdr *)pdata; + + if (len < IPV6_HDR_LEN) { + verbosef("ipv6: packet too short (%u bytes)", len); + return; + } + + if ((hdr->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { + verbosef("ipv6: bad version (%02x, expecting %02x)", + hdr->ip6_vfc & IPV6_VERSION_MASK, + IPV6_VERSION); + return; + } + + sm->len = ntohs(hdr->ip6_plen) + IPV6_HDR_LEN; + sm->proto = hdr->ip6_nxt; + + sm-> = IPv6; + memcpy(&sm->src.ip.v6, &hdr->ip6_src, sizeof(sm->src.ip.v6)); + + sm-> = IPv6; + memcpy(&sm->dst.ip.v6, &hdr->ip6_dst, sizeof(sm->dst.ip.v6)); + + decode_ip_payload(pdata + IPV6_HDR_LEN, len - IPV6_HDR_LEN, sm); +} + +static void +decode_ip_payload(const u_char *pdata, const uint32_t len, + struct pktsummary *sm) +{ + switch (sm->proto) { + case IPPROTO_TCP: { + const struct tcphdr *thdr = (const struct tcphdr *)pdata; + if (len < TCP_HDR_LEN) { + verbosef("tcp: packet too short (%u bytes)", len); + sm->proto = IPPROTO_INVALID; /* don't do accounting! */ + return; + } + sm->src_port = ntohs(thdr->th_sport); + sm->dst_port = ntohs(thdr->th_dport); + sm->tcp_flags = thdr->th_flags & + (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG); + break; + } + + case IPPROTO_UDP: { + const struct udphdr *uhdr = (const struct udphdr *)pdata; + if (len < UDP_HDR_LEN) { + verbosef("udp: packet too short (%u bytes)", len); + sm->proto = IPPROTO_INVALID; /* don't do accounting! */ + return; + } + sm->src_port = ntohs(uhdr->uh_sport); + sm->dst_port = ntohs(uhdr->uh_dport); + break; + } + + case IPPROTO_ICMP: + case IPPROTO_ICMPV6: + case IPPROTO_AH: + case IPPROTO_ESP: + case IPPROTO_OSPF: + /* known protocol, don't complain about it */ + break; + + default: + verbosef("ip: unknown protocol %d", sm->proto); + } +} + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/decode.h b/decode.h new file mode 100644 index 0000000..35cb42a --- /dev/null +++ b/decode.h @@ -0,0 +1,63 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * decode.h: packet decoding. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ +#ifndef __DARKSTAT_DECODE_H +#define __DARKSTAT_DECODE_H + +#include +#include /* n_time */ +#define __USE_GNU 1 +#include /* for */ +#include /* struct ip */ + +#include "addr.h" + +#define PPP_HDR_LEN 4 +#define FDDI_HDR_LEN 21 +#define IP_HDR_LEN sizeof(struct ip) +#define IPV6_HDR_LEN sizeof(struct ip6_hdr) +#define TCP_HDR_LEN sizeof(struct tcphdr) +#define UDP_HDR_LEN sizeof(struct udphdr) +#define NULL_HDR_LEN 4 +#define PPPOE_HDR_LEN 8 +#define SLL_HDR_LEN 16 +#define RAW_HDR_LEN 0 + +#ifndef ETHER_ADDR_LEN +#define ETHER_ADDR_LEN 6 +#endif + +#ifndef IPPROTO_OSPF +#define IPPROTO_OSPF 89 +#endif + +#define IPPROTO_INVALID 254 /* don't do proto accounting */ + +struct linkhdr { + int linktype; + unsigned int hdrlen; + pcap_handler handler; +}; + +const struct linkhdr *getlinkhdr(const int linktype); +int getsnaplen(const struct linkhdr *lh); + +struct pktsummary { + /* Fields are in host byte order (except IPs) */ + struct addr src, dst; + time_t time; + uint16_t len; + uint8_t proto; /* IPPROTO_{TCP, UDP, ICMP} */ + uint8_t tcp_flags; /* only for TCP */ + uint16_t src_port, dst_port; /* only for TCP, UDP */ + uint8_t src_mac[ETHER_ADDR_LEN], + dst_mac[ETHER_ADDR_LEN]; /* only for Ethernet */ +}; + +#endif /* __DARKSTAT_DECODE_H */ +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/dns.c b/dns.c new file mode 100644 index 0000000..e8bdbb4 --- /dev/null +++ b/dns.c @@ -0,0 +1,398 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * dns.c: synchronous DNS in a child process. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ + +#include "cdefs.h" +#include "conv.h" +#include "decode.h" +#include "dns.h" +#include "err.h" +#include "hosts_db.h" +#include "queue.h" +#include "str.h" +#include "tree.h" +#include "bsd.h" /* for setproctitle, strlcpy */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void dns_main(void) _noreturn_; /* the child process runs this */ + +#define CHILD 0 /* child process uses this socket */ +#define PARENT 1 +static int sock[2]; +static pid_t pid = -1; + +struct dns_reply { + struct addr addr; + int error; /* for gai_strerror(), or 0 if no error */ + char name[256]; /* */ +}; + +void +dns_init(const char *privdrop_user) +{ + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sock) == -1) + err(1, "socketpair"); + + pid = fork(); + if (pid == -1) + err(1, "fork"); + + if (pid == 0) { + /* We are the child. */ + privdrop(NULL /* don't chroot */, privdrop_user); + close(sock[PARENT]); + sock[PARENT] = -1; + daemonize_finish(); /* drop our copy of the lifeline! */ + if (signal(SIGUSR1, SIG_IGN) == SIG_ERR) + errx(1, "signal(SIGUSR1, ignore) failed"); + dns_main(); + verbosef("fell out of dns_main()"); + exit(0); + } else { + /* We are the parent. */ + close(sock[CHILD]); + sock[CHILD] = -1; + fd_set_nonblock(sock[PARENT]); + verbosef("DNS child has PID %d", pid); + } +} + +void +dns_stop(void) +{ + if (pid == -1) + return; /* no child was started */ + close(sock[PARENT]); + if (kill(pid, SIGINT) == -1) + err(1, "kill"); + verbosef("dns_stop() waiting for child"); + if (waitpid(pid, NULL, 0) == -1) + err(1, "waitpid"); + verbosef("dns_stop() done waiting for child"); +} + +struct tree_rec { + RB_ENTRY(tree_rec) ptree; + struct addr ip; +}; + +static int +tree_cmp(struct tree_rec *a, struct tree_rec *b) +{ + if (a-> != b-> + /* Sort IPv4 to the left of IPv6. */ + return ((a-> == IPv4) ? -1 : +1); + + if (a-> == IPv4) + return (memcmp(&a->ip.ip.v4, &b->ip.ip.v4, sizeof(a->ip.ip.v4))); + else { + assert(a-> == IPv6); + return (memcmp(&a->ip.ip.v6, &b->ip.ip.v6, sizeof(a->ip.ip.v6))); + } +} + +static RB_HEAD(tree_t, tree_rec) ip_tree = RB_INITIALIZER(&tree_rec); +/* Quiet warnings. */ +static struct tree_rec * tree_t_RB_NEXT(struct tree_rec *elm) + _unused_; +static struct tree_rec * tree_t_RB_MINMAX(struct tree_t *head, int val) + _unused_; +RB_GENERATE(tree_t, tree_rec, ptree, tree_cmp) + +void +dns_queue(const struct addr *const ipaddr) +{ + struct tree_rec *rec; + ssize_t num_w; + + if (pid == -1) + return; /* no child was started - we're not doing any DNS */ + + if ((ipaddr->family != IPv4) && (ipaddr->family != IPv6)) { + verbosef("dns_queue() for unknown family %d", ipaddr->family); + return; + } + + rec = xmalloc(sizeof(*rec)); + memcpy(&rec->ip, ipaddr, sizeof(rec->ip)); + + if (RB_INSERT(tree_t, &ip_tree, rec) != NULL) { + /* Already queued - this happens seldom enough that we don't care about + * the performance hit of needlessly malloc()ing. */ + verbosef("already queued %s", addr_to_str(ipaddr)); + free(rec); + return; + } + + num_w = write(sock[PARENT], ipaddr, sizeof(*ipaddr)); /* won't block */ + if (num_w == 0) + warnx("dns_queue: write: ignoring end of file"); + else if (num_w == -1) + warn("dns_queue: ignoring write error"); + else if (num_w != sizeof(*ipaddr)) + err(1, "dns_queue: wrote %zu instead of %zu", num_w, sizeof(*ipaddr)); +} + +static void +dns_unqueue(const struct addr *const ipaddr) +{ + struct tree_rec tmp, *rec; + + memcpy(&tmp.ip, ipaddr, sizeof(tmp.ip)); + if ((rec = RB_FIND(tree_t, &ip_tree, &tmp)) != NULL) { + RB_REMOVE(tree_t, &ip_tree, rec); + free(rec); + } + else + verbosef("couldn't unqueue %s - not in queue!", addr_to_str(ipaddr)); +} + +/* + * Returns non-zero if result waiting, stores IP and name into given pointers + * (name buffer is allocated by dns_poll) + */ +static int +dns_get_result(struct addr *ipaddr, char **name) +{ + struct dns_reply reply; + ssize_t numread; + + numread = read(sock[PARENT], &reply, sizeof(reply)); + if (numread == -1) { + if (errno == EAGAIN) + return (0); /* no input waiting */ + else + goto error; + } + if (numread == 0) + goto error; /* EOF */ + if (numread != sizeof(reply)) + errx(1, "dns_get_result read got %zu, expected %zu", + numread, sizeof(reply)); + + /* Return successful reply. */ + memcpy(ipaddr, &reply.addr, sizeof(*ipaddr)); + if (reply.error != 0) { + /* Identify common special cases. */ + const char *type = "none"; + + if ( == IPv6) { + if (IN6_IS_ADDR_LINKLOCAL(&reply.addr.ip.v6)) + type = "link-local"; + else if (IN6_IS_ADDR_SITELOCAL(&reply.addr.ip.v6)) + type = "site-local"; + else if (IN6_IS_ADDR_MULTICAST(&reply.addr.ip.v6)) + type = "multicast"; + } else { + assert( == IPv4); + if (IN_MULTICAST(htonl(reply.addr.ip.v4))) + type = "multicast"; + } + xasprintf(name, "(%s)", type); + } + else /* Correctly resolved name. */ + *name = xstrdup(; + + dns_unqueue(&reply.addr); + return (1); + +error: + warn("dns_get_result: ignoring read error"); + /* FIXME: re-align to stream? restart dns child? */ + return (0); +} + +void +dns_poll(void) +{ + struct addr ip; + char *name; + + if (pid == -1) + return; /* no child was started - we're not doing any DNS */ + + while (dns_get_result(&ip, &name)) { + /* push into hosts_db */ + struct bucket *b = host_find(&ip); + + if (b == NULL) { + verbosef("resolved %s to %s but it's not in the DB!", + addr_to_str(&ip), name); + return; + } + if (b-> != NULL) { + verbosef("resolved %s to %s but it's already in the DB!", + addr_to_str(&ip), name); + return; + } + b-> = name; + } +} + +/* ------------------------------------------------------------------------ */ + +struct qitem { + STAILQ_ENTRY(qitem) entries; + struct addr ip; +}; + +STAILQ_HEAD(qhead, qitem) queue = STAILQ_HEAD_INITIALIZER(queue); + +static void +enqueue(const struct addr *const ip) +{ + struct qitem *i; + + i = xmalloc(sizeof(*i)); + memcpy(&i->ip, ip, sizeof(i->ip)); + STAILQ_INSERT_TAIL(&queue, i, entries); + verbosef("DNS: enqueued %s", addr_to_str(ip)); +} + +/* Return non-zero and populate pointer if queue isn't empty. */ +static int +dequeue(struct addr *ip) +{ + struct qitem *i; + + i = STAILQ_FIRST(&queue); + if (i == NULL) + return (0); + STAILQ_REMOVE_HEAD(&queue, entries); + memcpy(ip, &i->ip, sizeof(*ip)); + free(i); + verbosef("DNS: dequeued %s", addr_to_str(ip)); + return 1; +} + +static void +xwrite(const int d, const void *buf, const size_t nbytes) +{ + ssize_t ret = write(d, buf, nbytes); + + if (ret == -1) + err(1, "write"); + if (ret != (ssize_t)nbytes) + err(1, "wrote %d bytes instead of all %d bytes", (int)ret, (int)nbytes); +} + +static void +dns_main(void) +{ + struct addr ip; + + setproctitle("DNS child"); + fd_set_nonblock(sock[CHILD]); + verbosef("DNS child entering main DNS loop"); + for (;;) { + int blocking; + + if (STAILQ_EMPTY(&queue)) { + blocking = 1; + fd_set_block(sock[CHILD]); + verbosef("entering blocking read loop"); + } else { + blocking = 0; + fd_set_nonblock(sock[CHILD]); + verbosef("non-blocking poll"); + } + for (;;) { + /* While we have input to process... */ + ssize_t numread = read(sock[CHILD], &ip, sizeof(ip)); + if (numread == 0) + exit(0); /* end of file, nothing more to do here. */ + if (numread == -1) { + if (!blocking && (errno == EAGAIN)) + break; /* ran out of input */ + /* else error */ + err(1, "DNS: read failed"); + } + if (numread != sizeof(ip)) + err(1, "DNS: read got %zu bytes, expecting %zu", + numread, sizeof(ip)); + enqueue(&ip); + if (blocking) { + /* After one blocking read, become non-blocking so that when we + * run out of input we fall through to queue processing. + */ + blocking = 0; + fd_set_nonblock(sock[CHILD]); + } + } + + /* Process queue. */ + if (dequeue(&ip)) { + struct dns_reply reply; + struct sockaddr_in sin; + struct sockaddr_in6 sin6; + struct hostent *he; + char host[NI_MAXHOST]; + int ret, flags; + + reply.addr = ip; + flags = NI_NAMEREQD; +# ifdef NI_IDN + flags |= NI_IDN; +# endif + switch ( { + case IPv4: + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = ip.ip.v4; + ret = getnameinfo((struct sockaddr *) &sin, sizeof(sin), + host, sizeof(host), NULL, 0, flags); + if (ret == EAI_FAMILY) { + verbosef("getnameinfo error %s, trying gethostbyname", + gai_strerror(ret)); + he = gethostbyaddr(&sin.sin_addr.s_addr, + sizeof(sin.sin_addr.s_addr), sin.sin_family); + if (he == NULL) { + ret = EAI_FAIL; + verbosef("gethostbyname error %s", hstrerror(h_errno)); + } else { + ret = 0; + strlcpy(host, he->h_name, sizeof(host)); + } + } + break; + case IPv6: + sin6.sin6_family = AF_INET6; + memcpy(&sin6.sin6_addr, &ip.ip.v6, sizeof(sin6.sin6_addr)); + ret = getnameinfo((struct sockaddr *) &sin6, sizeof(sin6), + host, sizeof(host), NULL, 0, flags); + break; + default: + ret = EAI_FAMILY; + } + + if (ret != 0) { +[0] = '\0'; + reply.error = ret; + } else { + assert(sizeof( > sizeof(char *)); /* not just a ptr */ + strlcpy(, host, sizeof(; + reply.error = 0; + } + fd_set_block(sock[CHILD]); + xwrite(sock[CHILD], &reply, sizeof(reply)); + verbosef("DNS: %s is \"%s\".", addr_to_str(&reply.addr), + (ret == 0) ? : gai_strerror(ret)); + } + } +} + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/dns.h b/dns.h new file mode 100644 index 0000000..eb933fd --- /dev/null +++ b/dns.h @@ -0,0 +1,17 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * dns.h: synchronous DNS in a child process. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ + +struct addr; + +void dns_init(const char *privdrop_user); +void dns_stop(void); +void dns_queue(const struct addr *const ipaddr); +void dns_poll(void); + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/err.c b/err.c new file mode 100644 index 0000000..358e564 --- /dev/null +++ b/err.c @@ -0,0 +1,197 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * err.c: BSD-like err() and warn() functions + * + * Permission to use, copy, modify, and distribute this file for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. This pipe must be initialized before the first fork() in order to work. Then, verbosef() will block on a read() until it is able to retrieve the byte. (see COPYING.GPL) + */ + +#include + +#include "cap.h" +#include "conv.h" +#include "db.h" +#include "acct.h" +#include "err.h" +#include "str.h" +#include "html.h" +#include "graph_db.h" +#include "now.h" +#include "opt.h" + +#include +#include +#include /* for memcpy() */ + +#define GRAPH_WIDTH "320" +#define GRAPH_HEIGHT "200" + +struct graph { + uint64_t *in, *out; + unsigned int offset; /* i.e. seconds start at 0, days start at 1 */ + unsigned int pos, num_bars; + const char *unit; + unsigned int bar_secs; /* one bar represents seconds */ +}; + +static struct graph + graph_secs = {NULL, NULL, 0, 0, 60, "seconds", 1}, + graph_mins = {NULL, NULL, 0, 0, 60, "minutes", 60}, + graph_hrs = {NULL, NULL, 0, 0, 24, "hours", 3600}, + graph_days = {NULL, NULL, 1, 0, 31, "days", 86400}; + +static struct graph *graph_db[] = { + &graph_secs, &graph_mins, &graph_hrs, &graph_days +}; + +static unsigned int graph_db_size = sizeof(graph_db)/sizeof(*graph_db); + +static time_t start_time, last_time; + +void +graph_init(void) +{ + unsigned int i; + for (i=0; iin = xmalloc(sizeof(uint64_t) * graph_db[i]->num_bars); + graph_db[i]->out = xmalloc(sizeof(uint64_t) * graph_db[i]->num_bars); + } + start_time = time(NULL); + graph_reset(); +} + +static void +zero_graph(struct graph *g) +{ + memset(g->in, 0, sizeof(uint64_t) * g->num_bars); + memset(g->out, 0, sizeof(uint64_t) * g->num_bars); +} + +void +graph_reset(void) +{ + unsigned int i; + for (i=0; iin); + free(graph_db[i]->out); + } +} + +void +graph_acct(uint64_t amount, enum graph_dir dir) +{ + unsigned int i; + for (i=0; iin[ graph_db[i]->pos ] += amount; break; + case GRAPH_OUT: graph_db[i]->out[ graph_db[i]->pos ] += amount; break; + default: errx(1, "unknown graph_dir in graph_acct: %d", dir); + } +} + +/* Advance a graph: advance the pos, zeroing out bars as we move. */ +static void +advance(struct graph *g, const unsigned int pos) +{ + if (g->pos == pos) + return; /* didn't need to advance */ + do { + g->pos = (g->pos + 1) % g->num_bars; + g->in[g->pos] = g->out[g->pos] = 0; + } while (g->pos != pos); +} + +/* Rotate a graph: rotate all bars so that the bar at the current pos is moved + * to the newly given pos. This is non-destructive. */ +static void +rotate(struct graph *g, const unsigned int pos) +{ + uint64_t *tmp; + unsigned int i, ofs; + size_t size; + + if (pos == g->pos) + return; /* nothing to rotate */ + + size = sizeof(*tmp) * g->num_bars; + tmp = xmalloc(size); + ofs = g->num_bars + pos - g->pos; + + for (i=0; inum_bars; i++) + tmp[ (i+ofs) % g->num_bars ] = g->in[i]; + memcpy(g->in, tmp, size); + + for (i=0; inum_bars; i++) + tmp[ (i+ofs) % g->num_bars ] = g->out[i]; + memcpy(g->out, tmp, size); + + free(tmp); + assert(pos == ( (g->pos + ofs) % g->num_bars )); + g->pos = pos; +} + +static void +graph_resync(const time_t new_time) +{ + struct tm *tm; + /* + * If time went backwards, we assume that real time is continuous and that + * the time adjustment should only affect display. i.e., if we have: + * + * second 15: 12 bytes + * second 16: 345 bytes + * second 17: <-- current pos + * + * and time goes backwards to second 8, we will shift the graph around to + * get: + * + * second 6: 12 bytes + * second 7: 345 bytes + * second 8: <-- current pos + * + * Note that we don't make any corrections for time being stepped forward. + * We rely on graph advancement to happen at the correct real time to + * account for, for example, bandwidth used per day. + */ + assert(new_time < last_time); + + tm = localtime(&new_time); + if (tm->tm_sec == 60) + tm->tm_sec = 59; /* mis-handle leap seconds */ + + rotate(&graph_secs, tm->tm_sec); + rotate(&graph_mins, tm->tm_min); + rotate(&graph_hrs, tm->tm_hour); + rotate(&graph_days, tm->tm_mday - 1); + + last_time = new_time; +} + +void +graph_rotate(void) +{ + time_t t, td; + struct tm *tm; + unsigned int i; + + t = now; + + if (last_time == 0) { + verbosef("first rotate"); + last_time = t; + tm = localtime(&t); + if (tm->tm_sec == 60) + tm->tm_sec = 59; /* mis-handle leap seconds */ + + graph_secs.pos = tm->tm_sec; + graph_mins.pos = tm->tm_min; + graph_hrs.pos = tm->tm_hour; + graph_days.pos = tm->tm_mday - 1; + return; + } + + if (t == last_time) + return; /* superfluous rotate */ + + if (t < last_time) { + verbosef("time went backwards! (from %u to %u, offset is %d)", + (unsigned int)last_time, (unsigned int)t, (int)(t - last_time)); + graph_resync(t); + return; + } + + /* else, normal rotation */ + td = t - last_time; + last_time = t; + tm = localtime(&t); + if (tm->tm_sec == 60) + tm->tm_sec = 59; /* mis-handle leap seconds */ + + /* zero out graphs which have been completely rotated through */ + for (i=0; i= (int)(graph_db[i]->num_bars * graph_db[i]->bar_secs)) + zero_graph(graph_db[i]); + + /* advance the current position, zeroing up to it */ + advance(&graph_secs, tm->tm_sec); + advance(&graph_mins, tm->tm_min); + advance(&graph_hrs, tm->tm_hour); + advance(&graph_days, tm->tm_mday - 1); +} + +/* --------------------------------------------------------------------------- + * Database Import: Grab graphs from a file provided by the caller. + * + * This function will retrieve the data sans the header. We expect the caller + * to have validated the header of the segment, and left the file position at + * the start of the data. + */ +int +graph_import(const int fd) +{ + uint64_t last; + unsigned int i, j; + + if (!read64(fd, &last)) return 0; + last_time = (time_t)last; + + for (i=0; i= num_bars) { + warn("pos is %u, should be < num_bars which is %u", + (unsigned int)pos, (unsigned int)num_bars); + return 0; + } + + if (graph_db[i]->num_bars != num_bars) { + warn("num_bars is %u, expecting %u", + (unsigned int)num_bars, graph_db[i]->num_bars); + return 0; + } + + graph_db[i]->pos = pos; + for (j=0; jin[j]))) return 0; + if (!read64(fd, &(graph_db[i]->out[j]))) return 0; + } + } + + return 1; +} + +/* --------------------------------------------------------------------------- + * Database Export: Dump hosts_db into a file provided by the caller. + * The caller is responsible for writing out the header first. + */ +int +graph_export(const int fd) +{ + unsigned int i, j; + + if (!write64(fd, (uint64_t)last_time)) return 0; + for (i=0; inum_bars)) return 0; + if (!write8(fd, graph_db[i]->pos)) return 0; + + for (j=0; jnum_bars; j++) { + if (!write64(fd, graph_db[i]->in[j])) return 0; + if (!write64(fd, graph_db[i]->out[j])) return 0; + } + } + return 1; +} + +/* --------------------------------------------------------------------------- + * Web interface: front page! + */ +struct str * +html_front_page(void) +{ + struct str *buf, *rf; + unsigned int i; + char start_when[100]; + + buf = str_make(); + html_open(buf, "Graphs", /*path_depth=*/0, /*want_graph_js=*/1); + + str_append(buf, "

\n"); + str_append(buf, "Running for "); + rf = length_of_time(now - start_time); + /* FIXME: use a more monotonic clock perhaps? */ + str_appendstr(buf, rf); + str_free(rf); + str_append(buf, ""); + + if (strftime(start_when, sizeof(start_when), + "%Y-%m-%d %H:%M:%S %Z%z", localtime(&start_time)) != 0) + str_appendf(buf, ", since %s", start_when); + + str_appendf(buf,".
\n" + "Total %'qu bytes, " + "in %'qu packets. " + "(%'u captured, " + "%'u dropped)
\n" + "

\n", + acct_total_bytes, + acct_total_packets, + cap_pkts_recv, cap_pkts_drop); + + str_append(buf, + "
\n" + "Graphs require JavaScript.\n" + "\n" + "
\n" + ); + + html_close(buf); + return (buf); +} + +/* --------------------------------------------------------------------------- + * Web interface: graphs.xml + */ +struct str * +xml_graphs(void) +{ + unsigned int i, j; + struct str *buf = str_make(), *rf; + + str_appendf(buf, "\n"); + + for (i=0; i\n", g->unit); + j = g->pos; + do { + j = (j + 1) % g->num_bars; + /* */ + str_appendf(buf, "\n", + g->offset + j, g->in[j], g->out[j]); + } while (j != g->pos); + str_appendf(buf, "\n", g->unit); + } + str_append(buf, "\n"); + return (buf); +} + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/graph_db.h b/graph_db.h new file mode 100644 index 0000000..24db11b --- /dev/null +++ b/graph_db.h @@ -0,0 +1,30 @@ +/* darkstat 3 + * copyright (c) 2006-2011 Emil Mikulic. + * + * graph_db.h: round robin database for graph data + */ +#ifndef __DARKSTAT_GRAPH_DB_H +#define __DARKSTAT_GRAPH_DB_H + +#include /* for uint64_t on Linux and OS X */ + +enum graph_dir { + MIN_GRAPH_DIR = 1, + GRAPH_IN = 1, + GRAPH_OUT = 2, + MAX_GRAPH_DIR = 2 +}; + +void graph_init(void); +void graph_reset(void); +void graph_free(void); +void graph_acct(uint64_t amount, enum graph_dir dir); +void graph_rotate(void); +int graph_import(const int fd); +int graph_export(const int fd); + +struct str *html_front_page(void); +struct str *xml_graphs(void); + +#endif +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/graphjs.h b/graphjs.h new file mode 100644 index 0000000..4d9cee9 --- /dev/null +++ b/graphjs.h @@ -0,0 +1,283 @@ +/* this file was automatically generated */ +static char graph_js[] = +"/* darkstat 3\n" +" * copyright (c) 2006-2008 Emil Mikulic.\n" +" *\n" +" * graph.js: graph renderer\n" +" *\n" +" * You may use, modify and redistribute this file under the terms of the\n" +" * GNU General Public License version 2. (see COPYING.GPL)\n" +" *\n" +" * At some point, this script worked correctly in:\n" +" * - Firefox,, 3.0\n" +" * - IE 6.0\n" +" * - Opera 8.53, 9.50\n" +" * - Konqueror 3.5.9, 4.0.80, 4.0.83\n" +" *\n" +" * Consumer needs to supply the following variables:\n" +" * - graph_width\n" +" * - graph_height\n" +" * - bar_gap\n" +" *\n" +" * - graphs [ {id, name, title, bar_secs} ]\n" +" * - graphs_uri\n" +" *\n" +" * - window.onload = graphs_init\n" +" */\n" +"\n" +"function killChildren(elem) {\n" +" while (elem.childNodes.length > 0)\n" +" elem.removeChild( elem.childNodes.item(0) );\n" +"}\n" +"\n" +"function setClass(elem, c) {\n" +" elem.setAttribute(\"class\", c);\n" +" elem.setAttribute(\"className\", c); /* for MSIE */\n" +"}\n" +"\n" +"function setStyle(elem, s) {\n" +" elem.setAttribute(\"style\", s);\n" +" = s; /* for MSIE */\n" +"}\n" +"\n" +"function makeElemClass(e, c) {\n" +" var r = document.createElement(e);\n" +" setClass(r, c);\n" +" return r;\n" +"}\n" +"\n" +"function makeClear() {\n" +" var r = document.createElement(\"div\");\n" +" setStyle(r, \"clear:both\");\n" +" return r;\n" +"}\n" +"\n" +"function thousands(n) {\n" +" var s = String(n);\n" +" var out = \"\";\n" +" while (s.length > 3) {\n" +" out = \",\" + s.substr(s.length - 3, 3) + out;\n" +" s = s.substr(0, s.length - 3);\n" +" }\n" +" return s+out;\n" +"}\n" +"\n" +"function fkbps(bps) {\n" +" bps /= 1024;\n" +" return bps.toFixed(1);\n" +"}\n" +"\n" +"function kbps(bps) {\n" +" bps /= 1024;\n" +" if (bps < 1) return bps.toPrecision(2);\n" +" else return bps.toFixed(1);\n" +"}\n" +"\n" +"function min(a,b) { return (ab)?a:b; }\n" +"\n" +"var xh, autoreload=false;\n" +"\n" +"function graphs_init() {\n" +" var gr = document.getElementById(\"graphs\");\n" +"\n" +" /* update message */\n" +" var msg = document.createElement(\"div\");\n" +" msg.appendChild(document.createTextNode(\"Graphs are being loaded...\"));\n" +" msg.appendChild(document.createElement(\"br\"));\n" +" msg.appendChild(document.createElement(\"br\"));\n" +" killChildren(gr);\n" +" gr.appendChild(msg);\n" +" graphs.msg = msg;\n" +"\n" +" for (var i=0; i4G? */\n" +" if (b_total > total_max)\n" +" total_max = b_total;\n" +" data.push( [b_pos, b_in, b_out] );\n" +" }\n" +"\n" +" var igraph = makeElemClass(\"div\", \"graph\"); // inner graph\n" +" setStyle(igraph,\n" +" \"width:\"+graph_width+\"px; \"+\n" +" \"height:\"+graph_height+\"px; \"+\n" +" \"position:relative;\");\n" +"\n" +" var nbars = data.length;\n" +" var b_width = (graph_width - bar_gap * (nbars-1)) / nbars;\n" +" var next_xofs = 0;\n" +"\n" +" var min_i = 0, min_o = 0,\n" +" max_i = 0, max_o = 0,\n" +" tot_i = 0, tot_o = 0;\n" +"\n" +" for (var i=0; i0) { if (min_i == 0) min_i = b_i; else min_i = min(min_i, b_i); }\n" +" max_i = max(max_i, b_i);\n" +" tot_i += b_i;\n" +"\n" +" if (b_o>0) { if (min_o == 0) min_o = b_o; else min_o = min(min_o, b_o); }\n" +" max_o = max(max_o, b_o);\n" +" tot_o += b_o;\n" +"\n" +" var xofs = next_xofs;\n" +"\n" +" next_xofs = Math.round((b_width + bar_gap) * (i+1));\n" +" var curr_w = next_xofs - xofs - bar_gap;\n" +"\n" +" var h_i = Math.round( b_i * graph_height / total_max );\n" +" var h_o = Math.round( b_o * graph_height / total_max );\n" +"\n" +" var label = b_p+\": \"+\n" +" thousands(b_i)+\" bytes in, \"+\n" +" thousands(b_o)+\" bytes out | \"+\n" +" kbps(b_i/bar_secs)+\" KB/s in, \"+\n" +" kbps(b_o/bar_secs)+\" KB/s out\";\n" +"\n" +" addBar(igraph, label, \"bar_in\", curr_w, h_i, xofs, 0);\n" +" addBar(igraph, label, \"bar_out\", curr_w, h_o, xofs, h_i);\n" +" }\n" +"\n" +" function legendRow(dir_str, minb, avgb, maxb) {\n" +" function makeTD(c, str) {\n" +" var r = makeElemClass(\"td\", c);\n" +" r.appendChild(document.createTextNode(str));\n" +" return r;\n" +" }\n" +" function addToRow(row, type_str, bytes, trail) {\n" +" row.appendChild( makeTD(\"type\", type_str) );\n" +" row.appendChild( makeTD(\"rate\", fkbps(bytes/bar_secs)+\" KB/s\"+trail) );\n" +" }\n" +" var row = document.createElement(\"tr\");\n" +" row.appendChild( makeTD(\"dir\", dir_str) );\n" +" var cell = makeElemClass(\"td\", \"swatch\");\n" +" var swatch = makeElemClass(\"div\", \"bar_\"+dir_str);\n" +" setStyle(swatch, \"width:6px; height:6px;\");\n" +" cell.appendChild(swatch);\n" +" row.appendChild(cell);\n" +" addToRow(row, \"min:\", minb, \",\");\n" +" addToRow(row, \"avg:\", avgb, \",\");\n" +" addToRow(row, \"max:\", maxb, \"\");\n" +" return row;\n" +" }\n" +"\n" +" var glegend = makeElemClass(\"div\", \"legend\");\n" +" var avg_i = tot_i / nbars,\n" +" avg_o = tot_o / nbars;\n" +" var tbl = document.createElement(\"table\");\n" +" var tb = document.createElement(\"tbody\"); /* for MSIE */\n" +" tb.appendChild( legendRow(\"in\", min_i, avg_i, max_i) );\n" +" tb.appendChild( legendRow(\"out\", min_o, avg_o, max_o) );\n" +" tbl.appendChild(tb);\n" +" glegend.appendChild(tbl);\n" +" setStyle(glegend, \"width:\"+graph_width+\"px;\");\n" +"\n" +" var gtitle = makeElemClass(\"div\", \"graphtitle\");\n" +" setStyle(gtitle, \"width:\"+graph_width+\"px;\");\n" +" gtitle.appendChild(document.createTextNode(title));\n" +"\n" +" killChildren(graph);\n" +" graph.appendChild(igraph);\n" +" graph.appendChild(glegend);\n" +" graph.appendChild(gtitle);\n" +"}\n"; +static const size_t graph_js_len = sizeof(graph_js) - 1; diff --git a/hosts_db.c b/hosts_db.c new file mode 100644 index 0000000..754dacc --- /dev/null +++ b/hosts_db.c @@ -0,0 +1,1473 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * hosts_db.c: database of hosts, ports, protocols. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ + +#include "cdefs.h" +#include "conv.h" +#include "decode.h" +#include "dns.h" +#include "err.h" +#include "hosts_db.h" +#include "db.h" +#include "html.h" +#include "ncache.h" +#include "now.h" +#include "opt.h" +#include "str.h" + +#include /* struct addrinfo */ +#include +#include +#include +#include +#include /* memset(), strcmp() */ +#include + +int hosts_db_show_macs = 0; + +/* FIXME: specify somewhere more sane/tunable */ +#define MAX_ENTRIES 30 /* in an HTML table rendered from a hashtable */ + +typedef uint32_t (hash_func_t)(const struct hashtable *, const void *); +typedef void (free_func_t)(struct bucket *); +typedef const void * (key_func_t)(const struct bucket *); +typedef int (find_func_t)(const struct bucket *, const void *); +typedef struct bucket * (make_func_t)(const void *); +typedef void (format_cols_func_t)(struct str *); +typedef void (format_row_func_t)(struct str *, const struct bucket *, + const char *); + +struct hashtable { + uint8_t bits; /* size of hashtable in bits */ + uint32_t size, mask; + uint32_t count, count_max, count_keep; /* items in table */ + uint32_t coeff; /* coefficient for Fibonacci hashing */ + struct bucket **table; + + struct { + uint64_t inserts, searches, deletions, rehashes; + } stats; + + hash_func_t *hash_func; + /* returns hash value of given key (passed as void*) */ + + free_func_t *free_func; + /* free of bucket payload */ + + key_func_t *key_func; + /* returns pointer to key of bucket (to pass to hash_func) */ + + find_func_t *find_func; + /* returns true if given bucket matches key (passed as void*) */ + + make_func_t *make_func; + /* returns bucket containing new record with key (passed as void*) */ + + format_cols_func_t *format_cols_func; + /* append table columns to str */ + + format_row_func_t *format_row_func; + /* format record and append to str */ +}; + +static void hashtable_reduce(struct hashtable *ht); +static void hashtable_free(struct hashtable *h); + +#define HOST_BITS 1 /* initial size of hosts table */ +#define PORT_BITS 1 /* initial size of ports tables */ +#define PROTO_BITS 1 /* initial size of proto table */ + +/* We only use one hosts_db hashtable and this is it. */ +static struct hashtable *hosts_db = NULL; + +/* phi^-1 (reciprocal of golden ratio) = (sqrt(5) - 1) / 2 */ +static const double phi_1 = + 0.61803398874989490252573887119069695472717285156250; + +/* Co-prime of u, using phi^-1 */ +inline static uint32_t +coprime(const uint32_t u) +{ + return ( (uint32_t)( (double)(u) * phi_1 ) | 1U ); +} + +/* + * This is the "recommended" IPv4 hash function, as seen in FreeBSD's + * src/sys/netinet/tcp_hostcache.c 1.1 + */ +inline static uint32_t +ipv4_hash(const struct addr *const a) +{ + uint32_t ip = a->ip.v4; + return ( (ip) ^ ((ip) >> 7) ^ ((ip) >> 17) ); +} + +#ifndef s6_addr32 +# ifdef sun +/* + * + */ +# define s6_addr32 _S6_un._S6_u32 +# else +/* Covers OpenBSD and FreeBSD. The macro __USE_GNU has + * taken care of GNU/Linux and GNU/kfreebsd. */ +# define s6_addr32 __u6_addr.__u6_addr32 +# endif +#endif + +/* + * This is the IPv6 hash function used by FreeBSD in the same file as above, + * svn rev 122922. + */ +inline static uint32_t +ipv6_hash(const struct addr *const a) +{ + const struct in6_addr *const ip6 = &(a->ip.v6); + return ( ip6->s6_addr32[0] ^ ip6->s6_addr32[1] ^ + ip6->s6_addr32[2] ^ ip6->s6_addr32[3] ); +} + +/* --------------------------------------------------------------------------- + * hash_func collection + */ +static uint32_t +hash_func_host(const struct hashtable *h _unused_, const void *key) +{ + const struct addr *a = key; + if (a->family == IPv4) + return (ipv4_hash(a)); + else { + assert(a->family == IPv6); + return (ipv6_hash(a)); + } +} + +#define CASTKEY(type) (*((const type *)key)) + +static uint32_t +hash_func_short(const struct hashtable *h, const void *key) +{ + return (CASTKEY(uint16_t) * h->coeff); +} + +static uint32_t +hash_func_byte(const struct hashtable *h, const void *key) +{ + return (CASTKEY(uint8_t) * h->coeff); +} + +/* --------------------------------------------------------------------------- + * key_func collection + */ + +static const void * +key_func_host(const struct bucket *b) +{ + return &(b->; +} + +static const void * +key_func_port_tcp(const struct bucket *b) +{ + return &(b->u.port_tcp.port); +} + +static const void * +key_func_port_udp(const struct bucket *b) +{ + return &(b->u.port_udp.port); +} + +static const void * +key_func_ip_proto(const struct bucket *b) +{ + return &(b->u.ip_proto.proto); +} + +/* --------------------------------------------------------------------------- + * find_func collection + */ + +static int +find_func_host(const struct bucket *b, const void *key) +{ + return (addr_equal(key, &(b->; +} + +static int +find_func_port_tcp(const struct bucket *b, const void *key) +{ + return (b->u.port_tcp.port == CASTKEY(uint16_t)); +} + +static int +find_func_port_udp(const struct bucket *b, const void *key) +{ + return (b->u.port_udp.port == CASTKEY(uint16_t)); +} + +static int +find_func_ip_proto(const struct bucket *b, const void *key) +{ + return (b->u.ip_proto.proto == CASTKEY(uint8_t)); +} + +/* --------------------------------------------------------------------------- + * make_func collection + */ + +#define MAKE_BUCKET(name_bucket, name_content, type) struct { \ + struct bucket *next; \ + uint64_t in, out, total; \ + union { struct type t; } u; } _custom_bucket; \ + struct bucket *name_bucket = xcalloc(1, sizeof(_custom_bucket)); \ + struct type *name_content = &(name_bucket->u.type); \ + name_bucket->next = NULL; \ + name_bucket->in = name_bucket->out = name_bucket->total = 0; + +static struct bucket * +make_func_host(const void *key) +{ + MAKE_BUCKET(b, h, host); + h->addr = CASTKEY(struct addr); + h->dns = NULL; + h->lastseen = 0; + memset(&h->mac_addr, 0, sizeof(h->mac_addr)); + h->ports_tcp = NULL; + h->ports_udp = NULL; + h->ip_protos = NULL; + return (b); +} + +static void +free_func_host(struct bucket *b) +{ + struct host *h = &(b->; + if (h->dns != NULL) free(h->dns); + hashtable_free(h->ports_tcp); + hashtable_free(h->ports_udp); + hashtable_free(h->ip_protos); +} + +static struct bucket * +make_func_port_tcp(const void *key) +{ + MAKE_BUCKET(b, p, port_tcp); + p->port = CASTKEY(uint16_t); + p->syn = 0; + return (b); +} + +static struct bucket * +make_func_port_udp(const void *key) +{ + MAKE_BUCKET(b, p, port_udp); + p->port = CASTKEY(uint16_t); + return (b); +} + +static struct bucket * +make_func_ip_proto(const void *key) +{ + MAKE_BUCKET(b, p, ip_proto); + p->proto = CASTKEY(uint8_t); + return (b); +} + +static void +free_func_simple(struct bucket *b _unused_) +{ + /* nop */ +} + +/* --------------------------------------------------------------------------- + * format_func collection (ordered by struct) + */ + +static void +format_cols_host(struct str *buf) +{ + /* FIXME: don't clobber parts of the query string + * specifically "full" and "start" + * when setting sort direction + */ + str_append(buf, + "\n" + "\n" + " \n" + " \n"); + if (hosts_db_show_macs) str_append(buf, + " \n"); + str_append(buf, + " \n" + " \n" + " \n"); + if (opt_want_lastseen) str_append(buf, + " \n"); + str_append(buf, + "\n"); +} + +static void +format_row_host(struct str *buf, const struct bucket *b, + const char *css_class) +{ + const char *ip = addr_to_str(&(b->; + + str_appendf(buf, + "\n" + " \n" + " \n", + css_class, + ip, ip, + (b-> == NULL) ? "" : b->; + + if (hosts_db_show_macs) + str_appendf(buf, + " \n", + b->[0], + b->[1], + b->[2], + b->[3], + b->[4], + b->[5]); + + str_appendf(buf, + " \n" + " \n" + " \n", + b->in, b->out, b->total); + + if (opt_want_lastseen) { + time_t last_t = b->; + struct str *last_str = NULL; + + if ((now >= last_t) && (last_t > 0)) + last_str = length_of_time(now - last_t); + + str_append(buf, + " "); + } + + str_appendf(buf, + "\n"); + + /* Only resolve hosts "on demand" */ + if (b-> == NULL) + dns_queue(&(b->; +} + +static void +format_cols_port_tcp(struct str *buf) +{ + str_append(buf, + "
IPHostnameMAC AddressInOutTotalLast seen
%s%s%x:%x:%x:%x:%x:%x%'qu%'qu%'qu"); + if (last_str == NULL) { + if (last_t == 0) + str_append(buf, "(never)"); + else + str_append(buf, "(clock error)"); + } else { + str_appendstr(buf, last_str); + str_free(last_str); + } + str_append(buf, + "
\n" + "\n" + " \n" + ); +} + +static void +format_row_port_tcp(struct str *buf, const struct bucket *b, + const char *css_class) +{ + const struct port_tcp *p = &(b->u.port_tcp); + + str_appendf(buf, + "\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "\n", + css_class, + p->port, getservtcp(p->port), b->in, b->out, b->total, p->syn + ); +} + +static void +format_cols_port_udp(struct str *buf) +{ + str_append(buf, + "
Port\n" + " Service\n" + " In\n" + " Out\n" + " Total\n" + " SYNs\n" + "
\n" + "\n" + " \n" + ); +} + +static void +format_row_port_udp(struct str *buf, const struct bucket *b, + const char *css_class) +{ + const struct port_udp *p = &(b->u.port_udp); + + str_appendf(buf, + "\n" + " \n" + " \n" + " \n" + " \n" + " \n" + "\n", + css_class, + p->port, getservudp(p->port), b->in, b->out, b->total + ); +} + +static void +format_cols_ip_proto(struct str *buf) +{ + str_append(buf, + "
Port\n" + " Service\n" + " In\n" + " Out\n" + " Total\n" + "
\n" + "\n" + " \n" + ); +} + +static void +format_row_ip_proto(struct str *buf, const struct bucket *b, + const char *css_class) +{ + const struct ip_proto *p = &(b->u.ip_proto); + + str_appendf(buf, + "\n" + " \n" + " \n" + " \n" + " \n" + " \n" + "\n", + css_class, + p->proto, getproto(p->proto), + b->in, b->out, b->total + ); +} + +/* --------------------------------------------------------------------------- + * Initialise a hashtable. + */ +static struct hashtable * +hashtable_make(const uint8_t bits, + const unsigned int count_max, + const unsigned int count_keep, + hash_func_t *hash_func, + free_func_t *free_func, + key_func_t *key_func, + find_func_t *find_func, + make_func_t *make_func, + format_cols_func_t *format_cols_func, + format_row_func_t *format_row_func) +{ + struct hashtable *hash; + assert(bits > 0); + + hash = xmalloc(sizeof(*hash)); + hash->bits = bits; + hash->count_max = count_max; + hash->count_keep = count_keep; + hash->size = 1U << bits; + hash->mask = hash->size - 1; + hash->coeff = coprime(hash->size); + hash->hash_func = hash_func; + hash->free_func = free_func; + hash->key_func = key_func; + hash->find_func = find_func; + hash->make_func = make_func; + hash->format_cols_func = format_cols_func; + hash->format_row_func = format_row_func; + hash->count = 0; + hash->table = xcalloc(hash->size, sizeof(*hash->table)); + memset(&(hash->stats), 0, sizeof(hash->stats)); + return (hash); +} + +/* --------------------------------------------------------------------------- + * Initialise global hosts_db. + */ +void +hosts_db_init(void) +{ + assert(hosts_db == NULL); + hosts_db = hashtable_make(HOST_BITS, opt_hosts_max, opt_hosts_keep, + hash_func_host, free_func_host, key_func_host, find_func_host, + make_func_host, format_cols_host, format_row_host); +} + +static void +hashtable_rehash(struct hashtable *h, const uint8_t bits) +{ + struct bucket **old_table, **new_table; + uint32_t i, old_size; + assert(h != NULL); + assert(bits > 0); + + h->stats.rehashes++; + old_size = h->size; + old_table = h->table; + + h->bits = bits; + h->size = 1U << bits; + h->mask = h->size - 1; + h->coeff = coprime(h->size); + new_table = xcalloc(h->size, sizeof(*new_table)); + + for (i=0; ihash_func(h, h->key_func(b)) & h->mask; + next = b->next; + b->next = new_table[pos]; + new_table[pos] = b; + b = next; + } + } + + free(h->table); + h->table = new_table; +} + +static void +hashtable_insert(struct hashtable *h, struct bucket *b) +{ + uint32_t pos; + assert(h != NULL); + assert(b != NULL); + assert(b->next == NULL); + + /* Rehash on 80% occupancy */ + if ((h->count > h->size) || + ((h->size - h->count) < h->size / 5)) + hashtable_rehash(h, h->bits+1); + + pos = h->hash_func(h, h->key_func(b)) & h->mask; + if (h->table[pos] == NULL) + h->table[pos] = b; + else { + /* Insert at top of chain. */ + b->next = h->table[pos]; + h->table[pos] = b; + } + h->count++; + h->stats.inserts++; +} + +/* Return bucket matching key, or NULL if no such entry. */ +static struct bucket * +hashtable_search(struct hashtable *h, const void *key) +{ + uint32_t pos; + struct bucket *b; + + h->stats.searches++; + pos = h->hash_func(h, key) & h->mask; + b = h->table[pos]; + while (b != NULL) { + if (h->find_func(b, key)) + return (b); + else + b = b->next; + } + return (NULL); +} + +typedef enum { NO_REDUCE = 0, ALLOW_REDUCE = 1 } reduce_bool; +/* Search for a key. If it's not there, make and insert a bucket for it. */ +static struct bucket * +hashtable_find_or_insert(struct hashtable *h, const void *key, + const reduce_bool allow_reduce) +{ + struct bucket *b = hashtable_search(h, key); + + if (b == NULL) { + /* Not found, so insert after checking occupancy. */ + if (allow_reduce && (h->count >= h->count_max)) + hashtable_reduce(h); + b = h->make_func(key); + hashtable_insert(h, b); + } + return (b); +} + +/* + * Frees the hashtable and the buckets. The contents are assumed to be + * "simple" -- i.e. no "destructor" action is required beyond simply freeing + * the bucket. + */ +static void +hashtable_free(struct hashtable *h) +{ + uint32_t i; + + if (h == NULL) + return; + for (i=0; isize; i++) { + struct bucket *tmp, *b = h->table[i]; + while (b != NULL) { + tmp = b; + b = b->next; + h->free_func(tmp); + free(tmp); + } + } + free(h->table); + free(h); +} + +/* --------------------------------------------------------------------------- + * Return existing host or insert a new one. + */ +struct bucket * +host_get(const struct addr *const a) +{ + return (hashtable_find_or_insert(hosts_db, a, NO_REDUCE)); +} + +/* --------------------------------------------------------------------------- + * Find host, returns NULL if not in DB. + */ +struct bucket * +host_find(const struct addr *const a) +{ + return (hashtable_search(hosts_db, a)); +} + +/* --------------------------------------------------------------------------- + * Find host, returns NULL if not in DB. + */ +static struct bucket * +host_search(const char *ipstr) +{ + struct addr a; + struct addrinfo hints, *ai; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_flags = AI_NUMERICHOST; + + if (getaddrinfo(ipstr, NULL, &hints, &ai)) + return (NULL); /* invalid addr */ + + if (ai->ai_family == AF_INET) { + = IPv4; + a.ip.v4 = ((const struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr; + } + else if (ai->ai_family == AF_INET6) { + = IPv6; + memcpy(&(a.ip.v6), + ((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr.s6_addr, + sizeof(a.ip.v6)); + } else { + freeaddrinfo(ai); + return (NULL); /* unknown family */ + } + freeaddrinfo(ai); + + verbosef("search(%s) turned into %s", ipstr, addr_to_str(&a)); + return (hashtable_search(hosts_db, &a)); +} + +/* --------------------------------------------------------------------------- + * Reduce a hashtable to the top entries. + */ +static void +hashtable_reduce(struct hashtable *ht) +{ + uint32_t i, pos, rmd; + const struct bucket **table; + uint64_t cutoff; + + assert(ht->count_keep < ht->count); + + /* Fill table with pointers to buckets in hashtable. */ + table = xcalloc(ht->count, sizeof(*table)); + for (pos=0, i=0; isize; i++) { + struct bucket *b = ht->table[i]; + while (b != NULL) { + table[pos++] = b; + b = b->next; + } + } + assert(pos == ht->count); + qsort_buckets(table, ht->count, 0, ht->count_keep, TOTAL); + cutoff = table[ht->count_keep]->total; + free(table); + + /* Remove all elements with total <= cutoff. */ + rmd = 0; + for (i=0; isize; i++) { + struct bucket *last = NULL, *next, *b = ht->table[i]; + while (b != NULL) { + next = b->next; + if (b->total <= cutoff) { + /* Remove this one. */ + ht->free_func(b); + free(b); + if (last == NULL) + ht->table[i] = next; + else + last->next = next; + rmd++; + ht->count--; + } else { + last = b; + } + b = next; + } + } + verbosef("hashtable_reduce: removed %u buckets, left %u", + rmd, ht->count); + hashtable_rehash(ht, ht->bits); /* is this needed? */ +} + +/* Reduce hosts_db if needed. */ +void hosts_db_reduce(void) +{ + if (hosts_db->count >= hosts_db->count_max) + hashtable_reduce(hosts_db); +} + +/* --------------------------------------------------------------------------- + * Reset hosts_db to empty. + */ +void +hosts_db_reset(void) +{ + unsigned int i; + + for (i=0; isize; i++) { + struct bucket *next, *b = hosts_db->table[i]; + while (b != NULL) { + next = b->next; + hosts_db->free_func(b); + free(b); + b = next; + } + hosts_db->table[i] = NULL; + } + verbosef("hosts_db reset to empty, freed %u hosts", hosts_db->count); + hosts_db->count = 0; +} + +/* --------------------------------------------------------------------------- + * Deallocate hosts_db. + */ +void hosts_db_free(void) +{ + uint32_t i; + + assert(hosts_db != NULL); + for (i=0; isize; i++) { + struct bucket *tmp, *b = hosts_db->table[i]; + while (b != NULL) { + tmp = b; + b = b->next; + hosts_db->free_func(tmp); + free(tmp); + } + } + free(hosts_db->table); + free(hosts_db); + hosts_db = NULL; +} + +/* --------------------------------------------------------------------------- + * Find or create a port_tcp inside a host. + */ +struct bucket * +host_get_port_tcp(struct bucket *host, const uint16_t port) +{ + struct host *h = &host->; + assert(h != NULL); + if (h->ports_tcp == NULL) + h->ports_tcp = hashtable_make(PORT_BITS, opt_ports_max, opt_ports_keep, + hash_func_short, free_func_simple, key_func_port_tcp, + find_func_port_tcp, make_func_port_tcp, + format_cols_port_tcp, format_row_port_tcp); + return (hashtable_find_or_insert(h->ports_tcp, &port, ALLOW_REDUCE)); +} + +/* --------------------------------------------------------------------------- + * Find or create a port_udp inside a host. + */ +struct bucket * +host_get_port_udp(struct bucket *host, const uint16_t port) +{ + struct host *h = &host->; + assert(h != NULL); + if (h->ports_udp == NULL) + h->ports_udp = hashtable_make(PORT_BITS, opt_ports_max, opt_ports_keep, + hash_func_short, free_func_simple, key_func_port_udp, + find_func_port_udp, make_func_port_udp, + format_cols_port_udp, format_row_port_udp); + return (hashtable_find_or_insert(h->ports_udp, &port, ALLOW_REDUCE)); +} + +/* --------------------------------------------------------------------------- + * Find or create an ip_proto inside a host. + */ +struct bucket * +host_get_ip_proto(struct bucket *host, const uint8_t proto) +{ + struct host *h = &host->; + static const unsigned int PROTOS_MAX = 512, PROTOS_KEEP = 256; + assert(h != NULL); + if (h->ip_protos == NULL) + h->ip_protos = hashtable_make(PROTO_BITS, PROTOS_MAX, PROTOS_KEEP, + hash_func_byte, free_func_simple, key_func_ip_proto, + find_func_ip_proto, make_func_ip_proto, + format_cols_ip_proto, format_row_ip_proto); + return (hashtable_find_or_insert(h->ip_protos, &proto, ALLOW_REDUCE)); +} + +static struct str *html_hosts_main(const char *qs); +static struct str *html_hosts_detail(const char *ip); + +/* --------------------------------------------------------------------------- + * Web interface: delegate the /hosts/ space. + */ +struct str * +html_hosts(const char *uri, const char *query) +{ + unsigned int i, num_elems; + char **elem = split('/', uri, &num_elems); + struct str *buf = NULL; + + assert(num_elems >= 1); + assert(strcmp(elem[0], "hosts") == 0); + + if (num_elems == 1) + /* /hosts/ */ + buf = html_hosts_main(query); + else if (num_elems == 2) + /* /hosts// */ + buf = html_hosts_detail(elem[1]); + + for (i=0; icount == 0)) { + str_append(buf, "

The table is empty.

\n"); + return; + } + + /* Fill table with pointers to buckets in hashtable. */ + table = xcalloc(ht->count, sizeof(*table)); + for (pos=0, i=0; isize; i++) { + struct bucket *b = ht->table[i]; + while (b != NULL) { + table[pos++] = b; + b = b->next; + } + } + assert(pos == ht->count); + + if (full) { + /* full report overrides start and end */ + start = 0; + end = ht->count; + } else + end = MIN(ht->count, (uint32_t)start+MAX_ENTRIES); + + str_appendf(buf, "(%u-%u of %u)
\n", start+1, end, ht->count); + qsort_buckets(table, ht->count, start, end, sort); + ht->format_cols_func(buf); + + for (i=start; iformat_row_func(buf, table[i], alt ? "alt1" : "alt2"); + alt = !alt; /* alternate class for table rows */ + } + free(table); + str_append(buf, "
#\n" + " Protocol\n" + " In\n" + " Out\n" + " Total\n" + "
\n"); +} + +/* --------------------------------------------------------------------------- + * Web interface: sorted table of hosts. + */ +static struct str * +html_hosts_main(const char *qs) +{ + struct str *buf = str_make(); + char *qs_start, *qs_sort, *qs_full, *ep; + const char *sortstr; + int start, full = 0; + enum sort_dir sort; + + /* parse query string */ + qs_start = qs_get(qs, "start"); + qs_sort = qs_get(qs, "sort"); + qs_full = qs_get(qs, "full"); + if (qs_full != NULL) { + full = 1; + free(qs_full); + } + + /* validate sort */ + if (qs_sort == NULL) sort = TOTAL; + else if (strcmp(qs_sort, "total") == 0) sort = TOTAL; + else if (strcmp(qs_sort, "in") == 0) sort = IN; + else if (strcmp(qs_sort, "out") == 0) sort = OUT; + else if (strcmp(qs_sort, "lastseen") == 0) sort = LASTSEEN; + else { + str_append(buf, "Error: invalid value for \"sort\".\n"); + goto done; + } + + /* parse start */ + if (qs_start == NULL) + start = 0; + else { + start = (int)strtoul(qs_start, &ep, 10); + if (*ep != '\0') { + str_append(buf, "Error: \"start\" is not a number.\n"); + goto done; + } + if ((errno == ERANGE) || + (start < 0) || (start >= (int)hosts_db->count)) { + str_append(buf, "Error: \"start\" is out of bounds.\n"); + goto done; + } + } + +#define PREV "<<< prev page" +#define NEXT "next page >>>" +#define FULL "full table" + + html_open(buf, "Hosts", /*path_depth=*/1, /*want_graph_js=*/0); + format_table(buf, hosts_db, start, sort, full); + + /* */ + sortstr = qs_sort; + if (sortstr == NULL) sortstr = "total"; + if (start > 0) { + int prev = start - MAX_ENTRIES; + if (prev < 0) + prev = 0; + str_appendf(buf, "" PREV "", + prev, sortstr); + } else + str_append(buf, PREV); + + if (full) + str_append(buf, " | " FULL); + else + str_appendf(buf, " | " FULL "", + sortstr); + + if (start+MAX_ENTRIES < (int)hosts_db->count) + str_appendf(buf, " | " NEXT "", + start+MAX_ENTRIES, sortstr); + else + str_append(buf, " | " NEXT); + + str_append(buf, "
\n"); + + html_close(buf); +done: + if (qs_start != NULL) free(qs_start); + if (qs_sort != NULL) free(qs_sort); + return buf; +#undef PREV +#undef NEXT +#undef FULL +} + +/* --------------------------------------------------------------------------- + * Web interface: detailed view of a single host. + */ +static struct str * +html_hosts_detail(const char *ip) +{ + struct bucket *h; + struct str *buf, *ls_len; + char ls_when[100]; + const char *canonical; + time_t ls; + + h = host_search(ip); + if (h == NULL) + return (NULL); /* no such host */ + + canonical = addr_to_str(&(h->; + + /* Overview. */ + buf = str_make(); + html_open(buf, ip, /*path_depth=*/2, /*want_graph_js=*/0); + if (strcmp(ip, canonical) != 0) + str_appendf(buf, "(canonically %s)\n", canonical); + str_appendf(buf, + "

\n" + "Hostname: %s
\n", + (h-> == NULL)?"(resolving...)":h->; + + /* Resolve host "on demand" */ + if (h-> == NULL) + dns_queue(&(h->; + + if (hosts_db_show_macs) + str_appendf(buf, + "MAC Address: " + "%x:%x:%x:%x:%x:%x
\n", + h->[0], + h->[1], + h->[2], + h->[3], + h->[4], + h->[5]); + + str_append(buf, + "

\n" + "

\n" + "Last seen: "); + + ls = h->; + if (strftime(ls_when, sizeof(ls_when), + "%Y-%m-%d %H:%M:%S %Z%z", localtime(&ls)) != 0) + str_append(buf, ls_when); + + if (h-> <= now) { + ls_len = length_of_time(now - h->; + str_append(buf, " ("); + str_appendstr(buf, ls_len); + str_free(ls_len); + str_append(buf, " ago)"); + } else { + str_append(buf, " (in the future, possible clock problem)"); + } + + str_appendf(buf, + "

\n" + "

\n" + " In: %'qu
\n" + " Out: %'qu
\n" + " Total: %'qu
\n" + "

\n", + h->in, h->out, h->total); + + str_append(buf, "

TCP ports

\n"); + format_table(buf, h->, 0,TOTAL,0); + + str_append(buf, "

UDP ports

\n"); + format_table(buf, h->, 0,TOTAL,0); + + str_append(buf, "

IP protocols

\n"); + format_table(buf, h->, 0,TOTAL,0); + + html_close(buf); + return (buf); +} + +/* --------------------------------------------------------------------------- + * Database import and export code: + * Initially written and contributed by Ben Stewart. + * copyright (c) 2007-2011 Ben Stewart, Emil Mikulic. + */ +static int hosts_db_export_ip(const struct hashtable *h, const int fd); +static int hosts_db_export_tcp(const struct hashtable *h, const int fd); +static int hosts_db_export_udp(const struct hashtable *h, const int fd); + +static const char + export_proto_ip = 'P', + export_proto_tcp = 'T', + export_proto_udp = 'U'; + +static const unsigned char + export_tag_host_ver1[] = {'H', 'S', 'T', 0x01}, + export_tag_host_ver2[] = {'H', 'S', 'T', 0x02}, + export_tag_host_ver3[] = {'H', 'S', 'T', 0x03}; + +/* --------------------------------------------------------------------------- + * Load a host's ip_proto table from a file. + * Returns 0 on failure, 1 on success. + */ +static int +hosts_db_import_ip(const int fd, struct bucket *host) +{ + uint8_t count, i; + + if (!expect8(fd, export_proto_ip)) return 0; + if (!read8(fd, &count)) return 0; + + for (i=0; iin = in; + b->out = out; + b->total = in + out; + assert(b->u.ip_proto.proto == proto); /* should be done by make fn */ + } + return 1; +} + +/* --------------------------------------------------------------------------- + * Load a host's port_tcp table from a file. + * Returns 0 on failure, 1 on success. + */ +static int +hosts_db_import_tcp(const int fd, struct bucket *host) +{ + uint16_t count, i; + + if (!expect8(fd, export_proto_tcp)) return 0; + if (!read16(fd, &count)) return 0; + + for (i=0; iin = in; + b->out = out; + b->total = in + out; + assert(b->u.port_tcp.port == port); /* done by make_func_port_tcp */ + b->u.port_tcp.syn = syn; + } + return 1; +} + +/* --------------------------------------------------------------------------- + * Load a host's port_tcp table from a file. + * Returns 0 on failure, 1 on success. + */ +static int +hosts_db_import_udp(const int fd, struct bucket *host) +{ + uint16_t count, i; + + if (!expect8(fd, export_proto_udp)) return 0; + if (!read16(fd, &count)) return 0; + + for (i=0; iin = in; + b->out = out; + b->total = in + out; + assert(b->u.port_udp.port == port); /* done by make_func */ + } + return 1; +} + +/* --------------------------------------------------------------------------- + * Load all hosts from a file. + * Returns 0 on failure, 1 on success. + */ +static int +hosts_db_import_host(const int fd) +{ + struct bucket *host; + struct addr a; + uint8_t hostname_len; + uint64_t in, out; + unsigned int pos = xtell(fd); + char hdr[4]; + int ver = 0; + + if (!readn(fd, hdr, sizeof(hdr))) return 0; + if (memcmp(hdr, export_tag_host_ver3, sizeof(hdr)) == 0) + ver = 3; + else if (memcmp(hdr, export_tag_host_ver2, sizeof(hdr)) == 0) + ver = 2; + else if (memcmp(hdr, export_tag_host_ver1, sizeof(hdr)) == 0) + ver = 1; + else { + warnx("bad host header: %02x%02x%02x%02x", + hdr[0], hdr[1], hdr[2], hdr[3]); + return 0; + } + + if (ver == 3) { + if (!readaddr(fd, &a)) + return 0; + } else { + assert((ver == 1) || (ver == 2)); + if (!readaddr_ipv4(fd, &a)) + return 0; + } + verbosef("at file pos %u, importing host %s", pos, addr_to_str(&a)); + host = host_get(&a); + assert(addr_equal(&(host->, &a)); + + if (ver > 1) { + uint64_t t; + if (!read64(fd, &t)) return 0; + host-> = (time_t)t; + } + + assert(sizeof(host-> == 6); + if (!readn(fd, host->, sizeof(host-> + return 0; + + /* HOSTNAME */ + assert(host-> == NULL); /* make fn? */ + if (!read8(fd, &hostname_len)) return 0; + if (hostname_len > 0) { + host-> = xmalloc(hostname_len + 1); + host->[0] = '\0'; + + /* At this point, the hostname is attached to a host which is in our + * hosts_db, so if we bail out due to an import error, this pointer + * isn't lost and leaked, it can be cleaned up in hosts_db_{free,reset} + */ + + if (!readn(fd, host->, hostname_len)) return 0; + host->[hostname_len] = '\0'; + } + + if (!read64(fd, &in)) return 0; + if (!read64(fd, &out)) return 0; + + host->in = in; + host->out = out; + host->total = in + out; + + /* Host's port and proto subtables: */ + if (!hosts_db_import_ip(fd, host)) return 0; + if (!hosts_db_import_tcp(fd, host)) return 0; + if (!hosts_db_import_udp(fd, host)) return 0; + return 1; +} + +/* --------------------------------------------------------------------------- + * Database Import: Grab hosts_db from a file provided by the caller. + * + * This function will retrieve the data sans the header. We expect the caller + * to have validated the header of the hosts_db segment, and left the file + * sitting at the start of the data. + */ +int hosts_db_import(const int fd) +{ + uint32_t host_count, i; + + if (!read32(fd, &host_count)) return 0; + + for (i=0; icount)) return 0; + + for (i = 0; isize; i++) + for (b = hosts_db->table[i]; b != NULL; b = b->next) { + /* For each host: */ + if (!writen(fd, export_tag_host_ver3, sizeof(export_tag_host_ver3))) + return 0; + + if (!writeaddr(fd, &(b-> return 0; + + if (!write64(fd, (uint64_t)(b-> return 0; + + assert(sizeof(b-> == 6); + if (!writen(fd, b->, sizeof(b-> + return 0; + + /* HOSTNAME */ + if (b-> == NULL) { + if (!write8(fd, 0)) return 0; + } else { + int dnslen = strlen(b->; + + if (dnslen > 255) { + warnx("found a very long hostname: \"%s\"\n" + "wasn't expecting one longer than 255 chars (this one is %d)", + b->, dnslen); + dnslen = 255; + } + + if (!write8(fd, (uint8_t)dnslen)) return 0; + if (!writen(fd, b->, dnslen)) return 0; + } + + if (!write64(fd, b->in)) return 0; + if (!write64(fd, b->out)) return 0; + + if (!hosts_db_export_ip(b->, fd)) return 0; + if (!hosts_db_export_tcp(b->, fd)) return 0; + if (!hosts_db_export_udp(b->, fd)) return 0; + } + return 1; +} + +/* --------------------------------------------------------------------------- + * Dump the ip_proto table of a host. + */ +static int +hosts_db_export_ip(const struct hashtable *h, const int fd) +{ + uint32_t i, written = 0; + struct bucket *b; + + /* IP DATA */ + if (!write8(fd, export_proto_ip)) return 0; + + /* If no data, write a IP Proto count of 0 and we're done. */ + if (h == NULL) { + if (!write8(fd, 0)) return 0; + return 1; + } + + assert(h->count < 256); + if (!write8(fd, (uint8_t)h->count)) return 0; + + for (i = 0; isize; i++) + for (b = h->table[i]; b != NULL; b = b->next) { + /* For each ip_proto bucket: */ + + if (!write8(fd, b->u.ip_proto.proto)) return 0; + if (!write64(fd, b->in)) return 0; + if (!write64(fd, b->out)) return 0; + written++; + } + assert(written == h->count); + return 1; +} + +/* --------------------------------------------------------------------------- + * Dump the port_tcp table of a host. + */ +static int +hosts_db_export_tcp(const struct hashtable *h, const int fd) +{ + struct bucket *b; + uint32_t i, written = 0; + + /* TCP DATA */ + if (!write8(fd, export_proto_tcp)) return 0; + + /* If no data, write a count of 0 and we're done. */ + if (h == NULL) { + if (!write16(fd, 0)) return 0; + return 1; + } + + assert(h->count < 65536); + if (!write16(fd, (uint16_t)h->count)) return 0; + + for (i = 0; isize; i++) + for (b = h->table[i]; b != NULL; b = b->next) { + if (!write16(fd, b->u.port_tcp.port)) return 0; + if (!write64(fd, b->u.port_tcp.syn)) return 0; + if (!write64(fd, b->in)) return 0; + if (!write64(fd, b->out)) return 0; + written++; + } + assert(written == h->count); + return 1; +} + +/* --------------------------------------------------------------------------- + * Dump the port_udp table of a host. + */ +static int +hosts_db_export_udp(const struct hashtable *h, const int fd) +{ + struct bucket *b; + uint32_t i, written = 0; + + /* UDP DATA */ + if (!write8(fd, export_proto_udp)) return 0; + + /* If no data, write a count of 0 and we're done. */ + if (h == NULL) { + if (!write16(fd, 0)) return 0; + return 1; + } + + assert(h->count < 65536); + if (!write16(fd, (uint16_t)h->count)) return 0; + + for (i = 0; isize; i++) + for (b = h->table[i]; b != NULL; b = b->next) { + if (!write16(fd, b->u.port_udp.port)) return 0; + if (!write64(fd, b->in)) return 0; + if (!write64(fd, b->out)) return 0; + written++; + } + assert(written == h->count); + return 1; +} + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/hosts_db.h b/hosts_db.h new file mode 100644 index 0000000..f2f389a --- /dev/null +++ b/hosts_db.h @@ -0,0 +1,75 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * hosts_db.h: database of hosts, ports, protocols. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ +#ifndef __DARKSTAT_HOSTS_DB_H +#define __DARKSTAT_HOSTS_DB_H + +#include /* for time_t and uint64_t (esp on FreeBSD) */ + +#include "addr.h" + +struct hashtable; + +struct host { + struct addr addr; + char *dns; + uint8_t mac_addr[6]; + time_t lastseen; + struct hashtable *ports_tcp, *ports_udp, *ip_protos; +}; + +struct port_tcp { + uint16_t port; + uint64_t syn; +}; + +struct port_udp { + uint16_t port; +}; + +struct ip_proto { + uint8_t proto; +}; + +struct bucket { + struct bucket *next; + uint64_t in, out, total; + union { + struct host host; + struct port_tcp port_tcp; + struct port_udp port_udp; + struct ip_proto ip_proto; + } u; +}; + +enum sort_dir { IN, OUT, TOTAL, LASTSEEN }; + +extern int hosts_db_show_macs; + +void hosts_db_init(void); +void hosts_db_reduce(void); +void hosts_db_reset(void); +void hosts_db_free(void); +int hosts_db_import(const int fd); +int hosts_db_export(const int fd); + +struct bucket *host_find(const struct addr *const a); /* can return NULL */ +struct bucket *host_get(const struct addr *const a); +struct bucket *host_get_port_tcp(struct bucket *host, const uint16_t port); +struct bucket *host_get_port_udp(struct bucket *host, const uint16_t port); +struct bucket *host_get_ip_proto(struct bucket *host, const uint8_t proto); + +/* Web pages. */ +struct str *html_hosts(const char *uri, const char *query); + +/* From hosts_sort */ +void qsort_buckets(const struct bucket **a, size_t n, + size_t left, size_t right, const enum sort_dir d); + +#endif /* __DARKSTAT_HOSTS_DB_H */ +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/hosts_sort.c b/hosts_sort.c new file mode 100644 index 0000000..d17a21f --- /dev/null +++ b/hosts_sort.c @@ -0,0 +1,206 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * hosts_sort.c: quicksort a table of buckets. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ + +#include "cdefs.h" +#include "err.h" +#include "hosts_db.h" + +/* --------------------------------------------------------------------------- + * comparator for sorting (biggest first) + */ +static int +cmp(const struct bucket * const *x, const struct bucket * const *y, + const enum sort_dir dir) +{ + uint64_t a, b; + + switch (dir) { + case IN: + a = (*x)->in; + b = (*y)->in; + break; + case OUT: + a = (*x)->out; + b = (*y)->out; + break; + case TOTAL: + a = (*x)->total; + b = (*y)->total; + break; + case LASTSEEN: + a = (*x)->; + b = (*y)->; + break; + default: + errx(1, "cmp: unknown direction: %d", dir); + } + + if (a < b) return (1); + else if (a > b) return (-1); + else return (0); +} + +/* + * The quicksort code is derived from FreeBSD's + * src/lib/libc/stdlib/qsort.c v1.12 + */ + +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. Stretz. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ + +#include "config.h" +#include "str.h" +#include "html.h" +#include "opt.h" + +#include + +static const char *relpaths[] = { + ".", + "..", + "../.." +}; + +void html_open(struct str *buf, const char *title, + const unsigned int path_depth, const int want_graph_js) +{ + const char *root; + assert(path_depth < (sizeof(relpaths)/sizeof(*relpaths))); + root = relpaths[path_depth]; + + str_appendf(buf, + "\n" + "\n" + "\n" + "%s (darkstat3 %s)\n" + "\n" + "\n" + "\n" + , title, opt_interface, root); + + if (want_graph_js) + str_appendf(buf, + "\n" + , root); + + str_appendf(buf, + "\n" + "\n" + "
\n" + "
    " /* no whitespace (newlines) in list */ + "
  • " + "
  • graphs
  • " + "
  • hosts
  • " + "
  • homepage
  • " + "
\n" + "
\n" + "
\n" + "


\n" + , root, root, title); +} + +void html_close(struct str *buf) +{ + str_append(buf, + "
\n" + "\n" + "\n"); +} + +/* vim:set ts=4 sw=4 tw=78 expandtab: */ diff --git a/html.h b/html.h new file mode 100644 index 0000000..b024cc5 --- /dev/null +++ b/html.h @@ -0,0 +1,14 @@ +/* darkstat 3 + * + * html.h: HTML header/footer templating for web interface. + * copyright (c) 2006 Ben Stewart. + * copyright (c) 2010 Malte S. Stretz. + */ + +struct str; + +void html_open(struct str *buf, const char *title, + const unsigned int path_depth, const int want_graph_js); +void html_close(struct str *buf); + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/http.c b/http.c new file mode 100644 index 0000000..2835e8e --- /dev/null +++ b/http.c @@ -0,0 +1,1135 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * http.c: embedded webserver. + * This borrows a lot of code from darkhttpd. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ + +#include "cdefs.h" +#include "config.h" +#include "conv.h" +#include "err.h" +#include "graph_db.h" +#include "hosts_db.h" +#include "http.h" +#include "now.h" +#include "queue.h" +#include "str.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static const char mime_type_xml[] = "text/xml"; +static const char mime_type_html[] = "text/html; charset=us-ascii"; +static const char mime_type_css[] = "text/css"; +static const char mime_type_js[] = "text/javascript"; +static const char encoding_identity[] = "identity"; +static const char encoding_gzip[] = "gzip"; + +static const char server[] = PACKAGE_NAME "/" PACKAGE_VERSION; +static int idletime = 60; +#define MAX_REQUEST_LENGTH 4000 + +static int *insocks = NULL; +static unsigned int insock_num = 0; + +struct connection { + LIST_ENTRY(connection) entries; + + int socket; + struct sockaddr_storage client; + time_t last_active; + enum { + RECV_REQUEST, /* receiving request */ + SEND_HEADER_AND_REPLY, /* try to send header+reply together */ + SEND_HEADER, /* sending generated header */ + SEND_REPLY, /* sending reply */ + DONE /* conn closed, need to remove from queue */ + } state; + + /* char request[request_length+1] is null-terminated */ + char *request; + size_t request_length; + int accept_gzip; + + /* request fields */ + char *method, *uri, *query; /* query can be NULL */ + + char *header; + const char *mime_type, *encoding, *header_extra; + size_t header_length, header_sent; + int header_dont_free, header_only, http_code; + + char *reply; + int reply_dont_free; + size_t reply_length, reply_sent; + + unsigned int total_sent; /* header + body = total, for logging */ +}; + +static LIST_HEAD(conn_list_head, connection) connlist = + LIST_HEAD_INITIALIZER(conn_list_head); + +struct bindaddr_entry { + STAILQ_ENTRY(bindaddr_entry) entries; + const char *s; +}; +static STAILQ_HEAD(bindaddrs_head, bindaddr_entry) bindaddrs = + STAILQ_HEAD_INITIALIZER(bindaddrs); + +/* --------------------------------------------------------------------------- + * Decode URL by converting %XX (where XX are hexadecimal digits) to the + * character it represents. Don't forget to free the return value. + */ +static char *urldecode(const char *url) +{ + size_t i, len = strlen(url); + char *out = xmalloc(len+1); + int pos; + + for (i=0, pos=0; i= 'A' && (hex) <= 'F') ? ((hex)-'A'+10): \ + ((hex) >= 'a' && (hex) <= 'f') ? ((hex)-'a'+10): \ + ((hex)-'0') ) + + out[pos++] = HEX_TO_DIGIT(url[i+1]) * 16 + + HEX_TO_DIGIT(url[i+2]); + i += 2; + + #undef HEX_TO_DIGIT + } + else + { + /* straight copy */ + out[pos++] = url[i]; + } + } + out[pos] = 0; +#if 0 + /* don't really need to realloc here - it's probably a performance hit */ + out = xrealloc(out, strlen(out)+1); /* dealloc what we don't need */ +#endif + return (out); +} + + + +/* --------------------------------------------------------------------------- + * Consolidate slashes in-place by shifting parts of the string over repeated + * slashes. + */ +static void consolidate_slashes(char *s) +{ + size_t left = 0, right = 0; + int saw_slash = 0; + + assert(s != NULL); + + while (s[right] != '\0') + { + if (saw_slash) + { + if (s[right] == '/') right++; + else + { + saw_slash = 0; + s[left++] = s[right++]; + } + } + else + { + if (s[right] == '/') saw_slash++; + s[left++] = s[right++]; + } + } + s[left] = '\0'; +} + + + +/* --------------------------------------------------------------------------- + * Resolve /./ and /../ in a URI, returing a new, safe URI, or NULL if the URI + * is invalid/unsafe. Returned buffer needs to be deallocated. + */ +static char *make_safe_uri(char *uri) +{ + char **elem, *out; + unsigned int slashes = 0, elements = 0; + size_t urilen, i, j, pos; + + assert(uri != NULL); + if (uri[0] != '/') + return (NULL); + consolidate_slashes(uri); + urilen = strlen(uri); + + /* count the slashes */ + for (i=0, slashes=0; isocket = -1; + memset(&conn->client, 0, sizeof(conn->client)); + conn->last_active = now; + conn->request = NULL; + conn->request_length = 0; + conn->accept_gzip = 0; + conn->method = NULL; + conn->uri = NULL; + conn->query = NULL; + conn->header = NULL; + conn->mime_type = NULL; + conn->encoding = NULL; + conn->header_extra = ""; + conn->header_length = 0; + conn->header_sent = 0; + conn->header_dont_free = 0; + conn->header_only = 0; + conn->http_code = 0; + conn->reply = NULL; + conn->reply_dont_free = 0; + conn->reply_length = 0; + conn->reply_sent = 0; + conn->total_sent = 0; + + /* Make it harmless so it gets garbage-collected if it should, for some + * reason, fail to be correctly filled out. + */ + conn->state = DONE; + + return (conn); +} + + + +/* --------------------------------------------------------------------------- + * Accept a connection from sockin and add it to the connection queue. + */ +static void accept_connection(const int sockin) +{ + struct sockaddr_storage addrin; + socklen_t sin_size; + struct connection *conn; + char ipaddr[INET6_ADDRSTRLEN], portstr[12]; + int sock; + + sin_size = (socklen_t)sizeof(addrin); + sock = accept(sockin, (struct sockaddr *)&addrin, &sin_size); + if (sock == -1) + { + if (errno == ECONNABORTED || errno == EINTR) + { + verbosef("accept() failed: %s", strerror(errno)); + return; + } + /* else */ err(1, "accept()"); + } + + fd_set_nonblock(sock); + + /* allocate and initialise struct connection */ + conn = new_connection(); + conn->socket = sock; + conn->state = RECV_REQUEST; + memcpy(&conn->client, &addrin, sizeof(conn->client)); + LIST_INSERT_HEAD(&connlist, conn, entries); + + getnameinfo((struct sockaddr *) &addrin, sin_size, + ipaddr, sizeof(ipaddr), portstr, sizeof(portstr), + NI_NUMERICHOST | NI_NUMERICSERV); + verbosef("accepted connection from %s:%s", ipaddr, portstr); +} + + + +/* --------------------------------------------------------------------------- + * Log a connection, then cleanly deallocate its internals. + */ +static void free_connection(struct connection *conn) +{ + dverbosef("free_connection(%d)", conn->socket); + if (conn->socket != -1) + close(conn->socket); + free(conn->request); + free(conn->method); + free(conn->uri); + free(conn->query); + if (!conn->header_dont_free) + free(conn->header); + if (!conn->reply_dont_free) + free(conn->reply); +} + + + +/* --------------------------------------------------------------------------- + * Format [when] as an RFC1123 date, stored in the specified buffer. The same + * buffer is returned for convenience. + */ +#define DATE_LEN 30 /* strlen("Fri, 28 Feb 2003 00:02:08 GMT")+1 */ +static char *rfc1123_date(char *dest, const time_t when) +{ + time_t tmp = when; + if (strftime(dest, DATE_LEN, + "%a, %d %b %Y %H:%M:%S %Z", gmtime(&tmp) ) == 0) + errx(1, "strftime() failed [%s]", dest); + return (dest); +} + +static void generate_header(struct connection *conn, + const int code, const char *text) +{ + char date[DATE_LEN]; + + assert(conn->header == NULL); + assert(conn->mime_type != NULL); + if (conn->encoding == NULL) + conn->encoding = encoding_identity; + + verbosef("http: %d %s (%s: %d bytes)", code, text, + conn->encoding, conn->reply_length); + conn->header_length = xasprintf(&(conn->header), + "HTTP/1.1 %d %s\r\n" + "Date: %s\r\n" + "Server: %s\r\n" + "Vary: Accept-Encoding\r\n" + "Content-Type: %s\r\n" + "Content-Length: %d\r\n" + "Content-Encoding: %s\r\n" + "X-Robots-Tag: noindex, noarchive\r\n" + "%s" + "\r\n" + , + code, text, + rfc1123_date(date, now), server, + conn->mime_type, conn->reply_length, conn->encoding, + conn->header_extra); + conn->http_code = code; +} + + + +/* --------------------------------------------------------------------------- + * A default reply for any (erroneous) occasion. + */ +static void default_reply(struct connection *conn, + const int errcode, const char *errname, const char *format, ...) +{ + char *reason; + va_list va; + + va_start(va, format); + xvasprintf(&reason, format, va); + va_end(va); + + conn->reply_length = xasprintf(&(conn->reply), + "%d %s\n" + "


\n" /* errname */ + "%s\n" /* reason */ + "
\n" + "Generated by %s" + "\n", + errcode, errname, errname, reason, server); + free(reason); + + /* forget any dangling metadata */ + conn->mime_type = mime_type_html; + conn->encoding = encoding_identity; + + generate_header(conn, errcode, errname); +} + + + +/* --------------------------------------------------------------------------- + * Parses a single HTTP request field. Returns string from end of [field] to + * first \r, \n or end of request string. Returns NULL if [field] can't be + * matched. + * + * You need to remember to deallocate the result. + * example: parse_field(conn, "Referer: "); + */ +static char *parse_field(const struct connection *conn, const char *field) +{ + size_t bound1, bound2; + char *pos; + + /* find start */ + pos = strstr(conn->request, field); + if (pos == NULL) + return (NULL); + bound1 = pos - conn->request + strlen(field); + + /* find end */ + for (bound2 = bound1; + conn->request[bound2] != '\r' && + bound2 < conn->request_length; bound2++) + ; + + /* copy to buffer */ + return (split_string(conn->request, bound1, bound2)); +} + + + +/* --------------------------------------------------------------------------- + * Parse an HTTP request like "GET /hosts/?sort=in HTTP/1.1" to get the method + * (GET), the uri (/hosts/), the query (sort=in) and whether the UA will + * accept gzip encoding. Remember to deallocate all these buffers. Query + * can be NULL. The method will be returned in uppercase. + */ +static int parse_request(struct connection *conn) +{ + size_t bound1, bound2, mid; + char *accept_enc; + + /* parse method */ + for (bound1 = 0; bound1 < conn->request_length && + conn->request[bound1] != ' '; bound1++) + ; + + conn->method = split_string(conn->request, 0, bound1); + strntoupper(conn->method, bound1); + + /* parse uri */ + for (; bound1 < conn->request_length && + conn->request[bound1] == ' '; bound1++) + ; + + if (bound1 == conn->request_length) + return (0); /* fail */ + + for (bound2=bound1+1; bound2 < conn->request_length && + conn->request[bound2] != ' ' && + conn->request[bound2] != '\r'; bound2++) + ; + + /* find query string */ + for (mid=bound1; midrequest[mid] != '?'; mid++) + ; + + if (conn->request[mid] == '?') { + conn->query = split_string(conn->request, mid+1, bound2); + bound2 = mid; + } + + conn->uri = split_string(conn->request, bound1, bound2); + + /* parse important fields */ + accept_enc = parse_field(conn, "Accept-Encoding: "); + if (accept_enc != NULL) { + if (strstr(accept_enc, "gzip") != NULL) + conn->accept_gzip = 1; + free(accept_enc); + } + return (1); +} + +/* FIXME: maybe we need a smarter way of doing static pages: */ + +/* --------------------------------------------------------------------------- + * Web interface: static stylesheet. + */ +static void +static_style_css(struct connection *conn) +{ +#include "stylecss.h" + + conn->reply = style_css; + conn->reply_length = style_css_len; + conn->reply_dont_free = 1; + conn->mime_type = mime_type_css; +} + +/* --------------------------------------------------------------------------- + * Web interface: static JavaScript. + */ +static void +static_graph_js(struct connection *conn) +{ +#include "graphjs.h" + + conn->reply = graph_js; + conn->reply_length = graph_js_len; + conn->reply_dont_free = 1; + conn->mime_type = mime_type_js; +} + +/* --------------------------------------------------------------------------- + * gzip a reply, if requested and possible. Don't bother with a minimum + * length requirement, I've never seen a page fail to compress. + */ +static void +process_gzip(struct connection *conn) +{ + char *buf; + size_t len; + z_stream zs; + + if (!conn->accept_gzip) + return; + + buf = xmalloc(conn->reply_length); + len = conn->reply_length; + + zs.zalloc = Z_NULL; + zs.zfree = Z_NULL; + zs.opaque = Z_NULL; + + if (deflateInit2(&zs, Z_BEST_COMPRESSION, Z_DEFLATED, + 15+16, /* 15 = biggest window, 16 = add gzip header+trailer */ + 8 /* default */, + Z_DEFAULT_STRATEGY) != Z_OK) + return; + + zs.avail_in = conn->reply_length; + zs.next_in = (unsigned char *)conn->reply; + + zs.avail_out = conn->reply_length; + zs.next_out = (unsigned char *)buf; + + if (deflate(&zs, Z_FINISH) != Z_STREAM_END) { + deflateEnd(&zs); + free(buf); + verbosef("failed to compress %u bytes", (unsigned int)len); + return; + } + + if (conn->reply_dont_free) + conn->reply_dont_free = 0; + else + free(conn->reply); + conn->reply = buf; + conn->reply_length -= zs.avail_out; + conn->encoding = encoding_gzip; + deflateEnd(&zs); +} + +/* --------------------------------------------------------------------------- + * Process a GET/HEAD request + */ +static void process_get(struct connection *conn) +{ + char *decoded_url, *safe_url; + + verbosef("http: %s \"%s\" %s", conn->method, conn->uri, + (conn->query == NULL)?"":conn->query); + + /* work out path of file being requested */ + decoded_url = urldecode(conn->uri); + + /* make sure it's safe */ + safe_url = make_safe_uri(decoded_url); + free(decoded_url); + if (safe_url == NULL) + { + default_reply(conn, 400, "Bad Request", + "You requested an invalid URI: %s", conn->uri); + return; + } + + if (strcmp(safe_url, "/") == 0) { + struct str *buf = html_front_page(); + str_extract(buf, &(conn->reply_length), &(conn->reply)); + conn->mime_type = mime_type_html; + } + else if (str_starts_with(safe_url, "/hosts/")) { + /* FIXME here - make this saner */ + struct str *buf = html_hosts(safe_url, conn->query); + if (buf == NULL) { + default_reply(conn, 404, "Not Found", + "The page you requested could not be found."); + free(safe_url); + return; + } + str_extract(buf, &(conn->reply_length), &(conn->reply)); + conn->mime_type = mime_type_html; + } + else if (str_starts_with(safe_url, "/graphs.xml")) { + struct str *buf = xml_graphs(); + str_extract(buf, &(conn->reply_length), &(conn->reply)); + conn->mime_type = mime_type_xml; + /* hack around Opera caching the XML */ + conn->header_extra = "Pragma: no-cache\r\n"; + } + else if (strcmp(safe_url, "/style.css") == 0) + static_style_css(conn); + else if (strcmp(safe_url, "/graph.js") == 0) + static_graph_js(conn); + else { + default_reply(conn, 404, "Not Found", + "The page you requested could not be found."); + free(safe_url); + return; + } + free(safe_url); + + process_gzip(conn); + assert(conn->mime_type != NULL); + generate_header(conn, 200, "OK"); +} + + + +/* --------------------------------------------------------------------------- + * Process a request: build the header and reply, advance state. + */ +static void process_request(struct connection *conn) +{ + if (!parse_request(conn)) + { + default_reply(conn, 400, "Bad Request", + "You sent a request that the server couldn't understand."); + } + else if (strcmp(conn->method, "GET") == 0) + { + process_get(conn); + } + else if (strcmp(conn->method, "HEAD") == 0) + { + process_get(conn); + conn->header_only = 1; + } + else + { + default_reply(conn, 501, "Not Implemented", + "The method you specified (%s) is not implemented.", + conn->method); + } + + /* advance state */ + if (conn->header_only) + conn->state = SEND_HEADER; + else + conn->state = SEND_HEADER_AND_REPLY; +} + + + +/* --------------------------------------------------------------------------- + * Receiving request. + */ +static void poll_recv_request(struct connection *conn) +{ + char buf[65536]; + ssize_t recvd; + + recvd = recv(conn->socket, buf, sizeof(buf), 0); + dverbosef("poll_recv_request(%d) got %d bytes", conn->socket, (int)recvd); + if (recvd <= 0) + { + if (recvd == -1) + verbosef("recv(%d) error: %s", conn->socket, strerror(errno)); + conn->state = DONE; + return; + } + conn->last_active = now; + + /* append to conn->request */ + conn->request = xrealloc(conn->request, conn->request_length+recvd+1); + memcpy(conn->request+conn->request_length, buf, (size_t)recvd); + conn->request_length += recvd; + conn->request[conn->request_length] = 0; + + /* die if it's too long */ + if (conn->request_length > MAX_REQUEST_LENGTH) + { + default_reply(conn, 413, "Request Entity Too Large", + "Your request was dropped because it was too long."); + conn->state = SEND_HEADER; + return; + } + + /* process request if we have all of it */ + if (conn->request_length > 4 && + memcmp(conn->request+conn->request_length-4, "\r\n\r\n", 4) == 0) + { + process_request(conn); + + /* request not needed anymore */ + free(conn->request); + conn->request = NULL; /* important: don't free it again later */ + } +} + + + +/* --------------------------------------------------------------------------- + * Try to send header and [a part of the] reply in one packet. + */ +static void poll_send_header_and_reply(struct connection *conn) +{ + ssize_t sent; + struct iovec iov[2]; + + assert(!conn->header_only); + assert(conn->reply_length > 0); + assert(conn->header_sent == 0); + + assert(conn->reply_sent == 0); + + /* Fill out iovec */ + iov[0].iov_base = conn->header; + iov[0].iov_len = conn->header_length; + + iov[1].iov_base = conn->reply; + iov[1].iov_len = conn->reply_length; + + sent = writev(conn->socket, iov, 2); + conn->last_active = now; + + /* handle any errors (-1) or closure (0) in send() */ + if (sent < 1) { + if (sent == -1) + verbosef("writev(%d) error: %s", conn->socket, strerror(errno)); + conn->state = DONE; + return; + } + + /* Figure out what we've sent. */ + conn->total_sent += (unsigned int)sent; + if (sent < (ssize_t)conn->header_length) { + verbosef("partially sent header"); + conn->header_sent = sent; + conn->state = SEND_HEADER; + return; + } + /* else */ + conn->header_sent = conn->header_length; + sent -= conn->header_length; + + if (sent < (ssize_t)conn->reply_length) { + verbosef("partially sent reply"); + conn->reply_sent += sent; + conn->state = SEND_REPLY; + return; + } + /* else */ + conn->reply_sent = conn->reply_length; + conn->state = DONE; +} + +/* --------------------------------------------------------------------------- + * Sending header. Assumes conn->header is not NULL. + */ +static void poll_send_header(struct connection *conn) +{ + ssize_t sent; + + sent = send(conn->socket, conn->header + conn->header_sent, + conn->header_length - conn->header_sent, 0); + conn->last_active = now; + dverbosef("poll_send_header(%d) sent %d bytes", conn->socket, (int)sent); + + /* handle any errors (-1) or closure (0) in send() */ + if (sent < 1) + { + if (sent == -1) + verbosef("send(%d) error: %s", conn->socket, strerror(errno)); + conn->state = DONE; + return; + } + conn->header_sent += (unsigned int)sent; + conn->total_sent += (unsigned int)sent; + + /* check if we're done sending */ + if (conn->header_sent == conn->header_length) + { + if (conn->header_only) + conn->state = DONE; + else + conn->state = SEND_REPLY; + } +} + + + +/* --------------------------------------------------------------------------- + * Sending reply. + */ +static void poll_send_reply(struct connection *conn) +{ + ssize_t sent; + + sent = send(conn->socket, + conn->reply + conn->reply_sent, + conn->reply_length - conn->reply_sent, 0); + conn->last_active = now; + dverbosef("poll_send_reply(%d) sent %d: [%d-%d] of %d", + conn->socket, (int)sent, + (int)conn->reply_sent, + (int)(conn->reply_sent + sent - 1), + (int)conn->reply_length); + + /* handle any errors (-1) or closure (0) in send() */ + if (sent < 1) + { + if (sent == -1) + verbosef("send(%d) error: %s", conn->socket, strerror(errno)); + else if (sent == 0) + verbosef("send(%d) closure", conn->socket); + conn->state = DONE; + return; + } + conn->reply_sent += (unsigned int)sent; + conn->total_sent += (unsigned int)sent; + + /* check if we're done sending */ + if (conn->reply_sent == conn->reply_length) conn->state = DONE; +} + +/* Use getaddrinfo to figure out what type of socket to create and + * what to bind it to. "bindaddr" can be NULL. Remember to freeaddrinfo() + * the result. + */ +static struct addrinfo *get_bind_addr( + const char *bindaddr, const unsigned short bindport) +{ + struct addrinfo hints, *ai; + char portstr[6]; + int ret; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + snprintf(portstr, sizeof(portstr), "%u", bindport); + if ((ret = getaddrinfo(bindaddr, portstr, &hints, &ai))) + err(1, "getaddrinfo(%s, %s) failed: %s", + bindaddr ? bindaddr : "NULL", portstr, gai_strerror(ret)); + if (ai == NULL) + err(1, "getaddrinfo() returned NULL pointer"); + return ai; +} + +void http_add_bindaddr(const char *bindaddr) +{ + struct bindaddr_entry *ent; + + ent = xmalloc(sizeof(*ent)); + ent->s = bindaddr; + STAILQ_INSERT_TAIL(&bindaddrs, ent, entries); +} + +static void http_listen_one(struct addrinfo *ai, + const unsigned short bindport) +{ + char ipaddr[INET6_ADDRSTRLEN]; + int sockin, sockopt, ret; + + /* format address into ipaddr string */ + if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, ipaddr, + sizeof(ipaddr), NULL, 0, NI_NUMERICHOST)) != 0) + err(1, "getnameinfo failed: %s", gai_strerror(ret)); + + /* create incoming socket */ + if ((sockin = socket(ai->ai_family, ai->ai_socktype, + ai->ai_protocol)) == -1) + err(1, "http_listen_one(%s, %u): socket(%d (%s), %d, %d) failed", + ipaddr, (unsigned int)bindport, + ai->ai_family, + (ai->ai_family == AF_INET6) ? "AF_INET6" : + (ai->ai_family == AF_INET) ? "AF_INET" : + "?", + ai->ai_socktype, ai->ai_protocol); + + /* reuse address */ + sockopt = 1; + if (setsockopt(sockin, SOL_SOCKET, SO_REUSEADDR, + &sockopt, sizeof(sockopt)) == -1) + err(1, "can't set SO_REUSEADDR"); + +#ifdef IPV6_V6ONLY + /* explicitly disallow IPv4 mapped addresses since OpenBSD doesn't allow + * dual stack sockets under any circumstances + */ + if (ai->ai_family == AF_INET6) { + sockopt = 1; + if (setsockopt(sockin, IPPROTO_IPV6, IPV6_V6ONLY, + &sockopt, sizeof(sockopt)) == -1) + err(1, "can't set IPV6_V6ONLY"); + } +#endif + + /* bind socket */ + if (bind(sockin, ai->ai_addr, ai->ai_addrlen) == -1) { + warn("bind(\"%s\") failed", ipaddr); + return; + } + + /* listen on socket */ + if (listen(sockin, -1) == -1) + err(1, "listen() failed"); + + verbosef("listening on http://%s%s%s:%u/", + (ai->ai_family == AF_INET6) ? "[" : "", + ipaddr, + (ai->ai_family == AF_INET6) ? "]" : "", + bindport); + + /* add to insocks */ + insocks = xrealloc(insocks, sizeof(*insocks) * (insock_num + 1)); + insocks[insock_num++] = sockin; +} + +/* Initialize the http sockets and listen on them. */ +void http_listen(const unsigned short bindport) +{ + /* If the user didn't specify any bind addresses, add a NULL. + * This will become a wildcard. + */ + if (STAILQ_EMPTY(&bindaddrs)) + http_add_bindaddr(NULL); + + /* Listen on every specified interface. */ + while (!STAILQ_EMPTY(&bindaddrs)) { + struct bindaddr_entry *bindaddr = STAILQ_FIRST(&bindaddrs); + struct addrinfo *ai, *ais = get_bind_addr(bindaddr->s, bindport); + + /* There could be multiple addresses returned, handle them all. */ + for (ai = ais; ai; ai = ai->ai_next) + http_listen_one(ai, bindport); + + freeaddrinfo(ais); + + STAILQ_REMOVE_HEAD(&bindaddrs, entries); + free(bindaddr); + } + + if (insocks == 0) + errx(1, "was not able to bind any ports for http interface"); + + /* ignore SIGPIPE */ + if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) + err(1, "can't ignore SIGPIPE"); +} + + + +/* --------------------------------------------------------------------------- + * Set recv/send fd_sets and calculate timeout length. + */ +void +http_fd_set(fd_set *recv_set, fd_set *send_set, int *max_fd, + struct timeval *timeout, int *need_timeout) +{ + struct connection *conn, *next; + int minidle = idletime + 1; + unsigned int i; + + #define MAX_FD_SET(sock, fdset) do { \ + FD_SET(sock, fdset); *max_fd = MAX(*max_fd, sock); } while(0) + + for (i=0; ilast_active; + + /* Time out dead connections. */ + if (idlefor >= idletime) { + char ipaddr[INET6_ADDRSTRLEN]; + /* FIXME: this is too late on FreeBSD, socket is invalid */ + int ret = getnameinfo((struct sockaddr *)&conn->client, + sizeof(conn->client), ipaddr, sizeof(ipaddr), + NULL, 0, NI_NUMERICHOST); + if (ret == 0) + verbosef("http socket timeout from %s (fd %d)", + ipaddr, conn->socket); + else + warn("http socket timeout: getnameinfo error: %s", + gai_strerror(ret)); + conn->state = DONE; + } + + /* Connections that need a timeout. */ + if (conn->state != DONE) + minidle = MIN(minidle, (idletime - idlefor)); + + switch (conn->state) + { + case DONE: + /* clean out stale connection */ + LIST_REMOVE(conn, entries); + free_connection(conn); + free(conn); + break; + + case RECV_REQUEST: + MAX_FD_SET(conn->socket, recv_set); + break; + + case SEND_HEADER_AND_REPLY: + case SEND_HEADER: + case SEND_REPLY: + MAX_FD_SET(conn->socket, send_set); + break; + + default: errx(1, "invalid state"); + } + } + #undef MAX_FD_SET + + /* Only set timeout if cap hasn't already. */ + if ((*need_timeout == 0) && (minidle <= idletime)) { + *need_timeout = 1; + timeout->tv_sec = minidle; + timeout->tv_usec = 0; + } +} + + + +/* --------------------------------------------------------------------------- + * poll connections that select() says need attention + */ +void http_poll(fd_set *recv_set, fd_set *send_set) +{ + struct connection *conn; + unsigned int i; + + for (i=0; istate) + { + case RECV_REQUEST: + if (FD_ISSET(conn->socket, recv_set)) poll_recv_request(conn); + break; + + case SEND_HEADER_AND_REPLY: + if (FD_ISSET(conn->socket, send_set)) poll_send_header_and_reply(conn); + break; + + case SEND_HEADER: + if (FD_ISSET(conn->socket, send_set)) poll_send_header(conn); + break; + + case SEND_REPLY: + if (FD_ISSET(conn->socket, send_set)) poll_send_reply(conn); + break; + + case DONE: /* fallthrough */ + default: errx(1, "invalid state"); + } +} + +void http_stop(void) { + struct connection *conn; + unsigned int i; + + /* Close listening sockets. */ + for (i=0; i +#include +#include + +void http_add_bindaddr(const char *bindaddr); +void http_listen(const unsigned short bindport); +void http_fd_set(fd_set *recv_set, fd_set *send_set, int *max_fd, + struct timeval *timeout, int *need_timeout); +void http_poll(fd_set *read_set, fd_set *write_set); +void http_stop(void); + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/install-sh b/install-sh new file mode 100755 index 0000000..4d4a951 --- /dev/null +++ b/install-sh @@ -0,0 +1,323 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2005-05-14.22 + +# This originates from X11R5 (mit/util/scripts/, which was +# later released in X11R6 (xc/config/util/ with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. (see COPYING.GPL) + */ + +#include "addr.h" +#include "config.h" /* for HAVE_IFADDRS_H */ +#include "err.h" +#include "localip.h" +#include "bsd.h" /* for strlcpy */ + +#include +#include +#include +#include +#include + +#ifdef HAVE_IFADDRS_H +# include +#else +# ifdef HAVE_SYS_SOCKIO_H +# include /* for SIOCGIFADDR, especially on Solaris */ +# endif +# include +#endif + +static const char *iface = NULL; +struct addr localip4, localip6; +static struct addr last_localip4, last_localip6; + +void +localip_init(const char *interface) +{ + iface = interface; + + /* defaults */ + = IPv4; + localip4.ip.v4 = 0; + + = IPv6; + memset(&(localip6.ip.v6), 0, sizeof(localip6.ip.v6)); + + last_localip4 = localip4; + last_localip6 = localip6; + + /* initial update */ + localip_update(); +} + +static void +localip_update_helper(void) +{ + /* defaults */ + = IPv4; + localip4.ip.v4 = 0; + + = IPv6; + memset(&(localip6.ip.v6), 0, sizeof(localip6.ip.v6)); + + if (iface == NULL) + return; /* reading from capfile */ + +#ifdef HAVE_IFADDRS_H + { + int got_v4 = 0, got_v6 = 0; + struct ifaddrs *ifas, *ifa; + + if (getifaddrs(&ifas) < 0) { + warn("can't getifaddrs() on interface \"%s\"", iface); + return; + } + + for (ifa = ifas; ifa; ifa = ifa->ifa_next) { + if (got_v4 && got_v6) + break; /* Task is already complete. */ + + if (strncmp(ifa->ifa_name, iface, IFNAMSIZ)) + continue; /* Wrong interface. */ + + if (!ifa->ifa_addr) + continue; /* This can be NULL, e.g. for ppp0. */ + + /* The first IPv4 name is always functional. */ + if ((ifa->ifa_addr->sa_family == AF_INET) && !got_v4) + { + /* Good IPv4 address. */ + localip4.ip.v4 = + ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr; + got_v4 = 1; + continue; + } + + /* IPv6 needs some obvious exceptions. */ + if ( ifa->ifa_addr->sa_family == AF_INET6 ) { + struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) ifa->ifa_addr; + + if ( IN6_IS_ADDR_LINKLOCAL(&(sa6->sin6_addr)) + || IN6_IS_ADDR_SITELOCAL(&(sa6->sin6_addr)) ) + continue; + + /* Only standard IPv6 can reach this point. */ + memcpy(&(localip6.ip.v6), &sa6->sin6_addr, sizeof(localip6.ip.v6)); + got_v6 = 1; + } + } + + freeifaddrs(ifas); + + if (!got_v4) + warnx("can't get own IPv4 address on interface \"%s\"", iface); + } +#else /* don't HAVE_IFADDRS_H */ + { + int tmp = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP); + struct ifreq ifr; + struct sockaddr sa; + + strlcpy(ifr.ifr_name, iface, IFNAMSIZ); + ifr.ifr_addr.sa_family = AF_INET; + if (ioctl(tmp, SIOCGIFADDR, &ifr) == -1) { + if (errno == EADDRNOTAVAIL) { + verbosef("lost local IP"); + } else + warn("can't get own IP address on interface \"%s\"", iface); + } else { + /* success! */ + sa = ifr.ifr_addr; + localip4.ip.v4 = ((struct sockaddr_in*)&sa)->sin_addr.s_addr; + } + close(tmp); + } +#endif +} + +void +localip_update(void) +{ + localip_update_helper(); + + if (!addr_equal(&last_localip4, &localip4)) { + verbosef("%s ip4 update: %s", iface, addr_to_str(&localip4)); + last_localip4 = localip4; + } + if (!addr_equal(&last_localip6, &localip6)) { + verbosef("%s ip6 update: %s", iface, addr_to_str(&localip6)); + last_localip6 = localip6; + } +} + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/localip.h b/localip.h new file mode 100644 index 0000000..21231b6 --- /dev/null +++ b/localip.h @@ -0,0 +1,15 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * localip.h: determine local IP of our capture interface + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ + +extern struct addr localip4, localip6; + +void localip_init(const char *interface); +void localip_update(void); + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/ncache.c b/ncache.c new file mode 100644 index 0000000..96e052f --- /dev/null +++ b/ncache.c @@ -0,0 +1,144 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * ncache.c: cache of protocol and service names. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ + +#include "conv.h" +#include "err.h" +#include "ncache.h" +#include "tree.h" +#include "bsd.h" /* for strlcpy */ + +#include /* ntohs */ +#include +#include +#include + +struct name_rec { + RB_ENTRY(name_rec) ptree; + int num; + char *name; +}; + +static int +rec_cmp(struct name_rec *a, struct name_rec *b) +{ + if (a->num < b->num) return (-1); else + if (a->num > b->num) return (+1); else + return (0); +} + +RB_HEAD(nc_tree, name_rec); +RB_GENERATE(nc_tree, name_rec, ptree, rec_cmp) + +static struct nc_tree + t_proto = RB_INITIALIZER(&name_rec), + t_servtcp = RB_INITIALIZER(&name_rec), + t_servudp = RB_INITIALIZER(&name_rec); + +static void +add_rec(struct nc_tree *tree, const int num, const char *name) +{ + struct name_rec *e, *r = xmalloc(sizeof(*r)); + + r->num = num; + e = RB_INSERT(nc_tree, tree, r); + + if (e != NULL) { + size_t newlen; + + /* record exists: append service name, free record */ + newlen = strlen(e->name) + strlen(name) + 2; + e->name = xrealloc(e->name, newlen); + strlcat(e->name, " ", newlen); + strlcat(e->name, name, newlen); + free(r); + } + else { + /* record added: fill out name field */ + r->name = xstrdup(name); + } +} + +void +ncache_init(void) +{ + struct protoent *pe; + struct servent *se; + int count, ctcp, cudp; + + count = 0; + setprotoent(0); + while ((pe = getprotoent()) != NULL) { + add_rec(&t_proto, pe->p_proto, pe->p_name); + count++; + } + endprotoent(); + verbosef("loaded %d protos", count); + + count = ctcp = cudp = 0; + setservent(0); + while ((se = getservent()) != NULL) { + if (strcmp(se->s_proto, "tcp") == 0) { + add_rec(&t_servtcp, ntohs(se->s_port), se->s_name); + ctcp++; + } + else if (strcmp(se->s_proto, "udp") == 0) { + add_rec(&t_servudp, ntohs(se->s_port), se->s_name); + cudp++; + } + count++; + } + endservent(); + verbosef("loaded %d tcp and %d udp servs, from total %d", + ctcp, cudp, count); +} + +static void +tree_free(struct nc_tree *tree) +{ + struct name_rec *curr, *next; + + for (curr = RB_MIN(nc_tree, tree); curr != NULL; curr = next) { + next = RB_NEXT(nc_tree, tree, curr); + RB_REMOVE(nc_tree, tree, curr); + free(curr->name); + free(curr); + } +} + +void +ncache_free(void) +{ + tree_free(&t_proto); + tree_free(&t_servtcp); + tree_free(&t_servudp); +} + +#define FIND(tree,n) { \ + struct name_rec r, *f; \ + r.num = n; \ + f = RB_FIND(nc_tree, &tree, &r); \ + if (f == NULL) \ + return (""); \ + else \ + return (f->name); \ +} + +const char * +getproto(const int proto) +FIND(t_proto, proto) + +const char * +getservtcp(const int port) +FIND(t_servtcp, port) + +const char * +getservudp(const int port) +FIND(t_servudp, port) + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/ncache.h b/ncache.h new file mode 100644 index 0000000..bf99615 --- /dev/null +++ b/ncache.h @@ -0,0 +1,16 @@ +/* darkstat 3 + * copyright (c) 2001-2006 Emil Mikulic. + * + * ncache.h: cache of protocol and service names. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + */ + +void ncache_init(void); +void ncache_free(void); +const char *getproto(const int proto); +const char *getservtcp(const int port); +const char *getservudp(const int port); + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/now.h b/now.h new file mode 100644 index 0000000..2dd8e4a --- /dev/null +++ b/now.h @@ -0,0 +1,9 @@ +/* darkstat 3 + * copyright (c) 2001-2006 Emil Mikulic. + * + * now.h: a cache of the current time + * This lets us avoid superfluous gettimeofday() syscalls. + */ +#include + +extern time_t now; /* updated in the event loop in darkstat.c */ diff --git a/opt.h b/opt.h new file mode 100644 index 0000000..5d75cf3 --- /dev/null +++ b/opt.h @@ -0,0 +1,43 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * opt.h: global options + */ + +/* + * Capture options. + */ +extern int opt_want_pppoe; +extern int opt_want_macs; +extern int opt_want_hexdump; +extern int opt_want_snaplen; +extern int opt_wait_secs; + +/* + * Error/logging options. + */ +extern int opt_want_verbose; +extern int opt_want_syslog; + +/* + * Accounting options. + */ +extern unsigned int opt_highest_port; +extern int opt_want_local_only; + +/* + * Hosts table reduction - when the number of entries is about to exceed + * , we reduce the table to the top entries. + */ +extern unsigned int opt_hosts_max; +extern unsigned int opt_hosts_keep; +extern unsigned int opt_ports_max; +extern unsigned int opt_ports_keep; + +/* + * Hosts output options. + */ +extern int opt_want_lastseen; +extern const char *opt_interface; + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/pidfile.c b/pidfile.c new file mode 100644 index 0000000..044c574 --- /dev/null +++ b/pidfile.c @@ -0,0 +1,91 @@ +/* darkstat 3 + * copyright (c) 2007-2011 Emil Mikulic. + * + * pidfile.h: pidfile manglement + * + * Permission to use, copy, modify, and distribute this file for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. MY HIDEOUS FACE! */ +#include +#include +int +main(int argc, char **argv) +{ + int c, eol; + if (argc != 2) { + fprintf(stderr, "usage: %s name outfile.h\n", + argv[0]); + exit(EXIT_FAILURE); + } + printf("/* this file was automatically generated */\n" + "static char %s[] =", argv[1]); + eol = 1; + while ((c = getchar()) != EOF) { + if (eol) { + printf("\n\""); + eol = 0; + } + switch (c) { + case '\n': printf("\\n\""); eol = 1; break; + case '"': printf("\\\""); break; + case '\\': printf("\\\\"); break; + default: putchar(c); + } + } + printf(";\n" + "static const size_t %s_len = sizeof(%s) - 1;\n", + argv[1], argv[1]); + return (0); +} diff --git a/static/graph.js b/static/graph.js new file mode 100644 index 0000000..6a90bdc --- /dev/null +++ b/static/graph.js @@ -0,0 +1,280 @@ +/* darkstat 3 + * copyright (c) 2006-2008 Emil Mikulic. + * + * graph.js: graph renderer + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. (see COPYING.GPL) + * + * At some point, this script worked correctly in: + * - Firefox,, 3.0 + * - IE 6.0 + * - Opera 8.53, 9.50 + * - Konqueror 3.5.9, 4.0.80, 4.0.83 + * + * Consumer needs to supply the following variables: + * - graph_width + * - graph_height + * - bar_gap + * + * - graphs [ {id, name, title, bar_secs} ] + * - graphs_uri + * + * - window.onload = graphs_init + */ + +function killChildren(elem) { + while (elem.childNodes.length > 0) + elem.removeChild( elem.childNodes.item(0) ); +} + +function setClass(elem, c) { + elem.setAttribute("class", c); + elem.setAttribute("className", c); /* for MSIE */ +} + +function setStyle(elem, s) { + elem.setAttribute("style", s); + = s; /* for MSIE */ +} + +function makeElemClass(e, c) { + var r = document.createElement(e); + setClass(r, c); + return r; +} + +function makeClear() { + var r = document.createElement("div"); + setStyle(r, "clear:both"); + return r; +} + +function thousands(n) { + var s = String(n); + var out = ""; + while (s.length > 3) { + out = "," + s.substr(s.length - 3, 3) + out; + s = s.substr(0, s.length - 3); + } + return s+out; +} + +function fkbps(bps) { + bps /= 1024; + return bps.toFixed(1); +} + +function kbps(bps) { + bps /= 1024; + if (bps < 1) return bps.toPrecision(2); + else return bps.toFixed(1); +} + +function min(a,b) { return (ab)?a:b; } + +var xh, autoreload=false; + +function graphs_init() { + var gr = document.getElementById("graphs"); + + /* update message */ + var msg = document.createElement("div"); + msg.appendChild(document.createTextNode("Graphs are being loaded...")); + msg.appendChild(document.createElement("br")); + msg.appendChild(document.createElement("br")); + killChildren(gr); + gr.appendChild(msg); + graphs.msg = msg; + + for (var i=0; i4G? */ + if (b_total > total_max) + total_max = b_total; + data.push( [b_pos, b_in, b_out] ); + } + + var igraph = makeElemClass("div", "graph"); // inner graph + setStyle(igraph, + "width:"+graph_width+"px; "+ + "height:"+graph_height+"px; "+ + "position:relative;"); + + var nbars = data.length; + var b_width = (graph_width - bar_gap * (nbars-1)) / nbars; + var next_xofs = 0; + + var min_i = 0, min_o = 0, + max_i = 0, max_o = 0, + tot_i = 0, tot_o = 0; + + for (var i=0; i0) { if (min_i == 0) min_i = b_i; else min_i = min(min_i, b_i); } + max_i = max(max_i, b_i); + tot_i += b_i; + + if (b_o>0) { if (min_o == 0) min_o = b_o; else min_o = min(min_o, b_o); } + max_o = max(max_o, b_o); + tot_o += b_o; + + var xofs = next_xofs; + + next_xofs = Math.round((b_width + bar_gap) * (i+1)); + var curr_w = next_xofs - xofs - bar_gap; + + var h_i = Math.round( b_i * graph_height / total_max ); + var h_o = Math.round( b_o * graph_height / total_max ); + + var label = b_p+": "+ + thousands(b_i)+" bytes in, "+ + thousands(b_o)+" bytes out | "+ + kbps(b_i/bar_secs)+" KB/s in, "+ + kbps(b_o/bar_secs)+" KB/s out"; + + addBar(igraph, label, "bar_in", curr_w, h_i, xofs, 0); + addBar(igraph, label, "bar_out", curr_w, h_o, xofs, h_i); + } + + function legendRow(dir_str, minb, avgb, maxb) { + function makeTD(c, str) { + var r = makeElemClass("td", c); + r.appendChild(document.createTextNode(str)); + return r; + } + function addToRow(row, type_str, bytes, trail) { + row.appendChild( makeTD("type", type_str) ); + row.appendChild( makeTD("rate", fkbps(bytes/bar_secs)+" KB/s"+trail) ); + } + var row = document.createElement("tr"); + row.appendChild( makeTD("dir", dir_str) ); + var cell = makeElemClass("td", "swatch"); + var swatch = makeElemClass("div", "bar_"+dir_str); + setStyle(swatch, "width:6px; height:6px;"); + cell.appendChild(swatch); + row.appendChild(cell); + addToRow(row, "min:", minb, ","); + addToRow(row, "avg:", avgb, ","); + addToRow(row, "max:", maxb, ""); + return row; + } + + var glegend = makeElemClass("div", "legend"); + var avg_i = tot_i / nbars, + avg_o = tot_o / nbars; + var tbl = document.createElement("table"); + var tb = document.createElement("tbody"); /* for MSIE */ + tb.appendChild( legendRow("in", min_i, avg_i, max_i) ); + tb.appendChild( legendRow("out", min_o, avg_o, max_o) ); + tbl.appendChild(tb); + glegend.appendChild(tbl); + setStyle(glegend, "width:"+graph_width+"px;"); + + var gtitle = makeElemClass("div", "graphtitle"); + setStyle(gtitle, "width:"+graph_width+"px;"); + gtitle.appendChild(document.createTextNode(title)); + + killChildren(graph); + graph.appendChild(igraph); + graph.appendChild(glegend); + graph.appendChild(gtitle); +} diff --git a/static/style.css b/static/style.css new file mode 100644 index 0000000..06b1b9a --- /dev/null +++ b/static/style.css @@ -0,0 +1,67 @@ +/* darkstat 3 + * + * style.css: CSS stylesheet for web interface. + * copyright (c) 2006 Ben Stewart. + * colors broken in 2007 by Emil Mikulic. + * + * You may use, modify and redistribute this file under the terms of the + * GNU General Public License version 2. If you are afflicted by such a locale, + * change this macro: + */ +#define COMMA ',' + +/* 2^32 = 4,294,967,296 (10 digits, 13 chars) */ +#define I32_MAXLEN 13 + +/* 2^64 = 18,446,744,073,709,551,616 (20 digits, 26 chars) */ +#define I64_MAXLEN 26 + +static void +str_append_u32(struct str *s, const uint32_t i, const int mod_sep) +{ + char out[I32_MAXLEN]; + int pos, len; + uint32_t rem, next; + + if (i == 0) { + str_append(s, "0"); + return; + } + + pos = sizeof(out)-1; + len = 0; + rem = i; + + while (rem > 0) { + assert(pos >= 0); + next = rem / 10; + rem = rem - next * 10; + assert(rem < 10); + out[pos] = '0' + rem; + pos--; + len++; + rem = next; + if (mod_sep && (rem > 0) && (len > 0) && (len % 3 == 0)) { + out[pos] = COMMA; + pos--; + } + } + str_appendn(s, out+pos+1, sizeof(out)-1-pos); +} + +static void +str_append_i32(struct str *s, int32_t i, const int mod_sep) +{ + if (i < 0) { + str_append(s, "-"); + i = -i; + } + str_append_u32(s, (uint32_t)i, mod_sep); +} + +static void +str_append_u64(struct str *s, const uint64_t i, const int mod_sep) +{ + char out[I64_MAXLEN]; + int pos, len; + uint64_t rem, next; + uint32_t rem32, next32; + + if (i == 0) { + str_append(s, "0"); + return; + } + + pos = sizeof(out)-1; + len = 0; + rem = i; + + while (rem >= 4294967295U) { + assert(pos >= 0); + next = rem / 10; + rem = rem - next * 10; + assert(rem < 10); + out[pos] = '0' + rem; + pos--; + len++; + rem = next; + if (mod_sep && (rem > 0) && (len > 0) && (len % 3 == 0)) { + out[pos] = COMMA; + pos--; + } + } + + /* + * Stick to 32-bit math when we can as it's faster on 32-bit platforms. + * FIXME: a tunable way to switch this off? + */ + rem32 = (uint32_t)rem; + while (rem32 > 0) { + assert(pos >= 0); + next32 = rem32 / 10; + rem32 = rem32 - next32 * 10; + assert(rem32 < 10); + out[pos] = '0' + rem32; + pos--; + len++; + rem32 = next32; + if (mod_sep && (rem32 > 0) && (len > 0) && (len % 3 == 0)) { + out[pos] = COMMA; + pos--; + } + } + str_appendn(s, out+pos+1, sizeof(out)-1-pos); +} + +static void +str_append_i64(struct str *s, int64_t i, const int mod_sep) +{ + if (i < 0) { + str_append(s, "-"); + i = -i; + } + str_append_u64(s, (uint64_t)i, mod_sep); +} + +static void +str_append_hex8(struct str *s, const uint8_t b) +{ + char out[2]; + static const char hexset[] = "0123456789abcdef"; + + out[0] = hexset[ ((b >> 4) & 15) ]; + out[1] = hexset[ (b & 15) ]; + str_appendn(s, out, 2); +} + +/* accepted formats: %s %d %u %x + * accepted modifiers: q and ' + * + * %x is equivalent to %02x and expects a uint8_t + */ +static void +str_vappendf(struct str *s, const char *format, va_list va) +{ + size_t pos, len; + len = strlen(format); + + for (pos=0; pos 0) + str_appendn(s, format+span_start, span_len); + + if (format[pos] == '%') { + int mod_quad = 0, mod_sep = 0; + char *arg_str; +FORMAT: + pos++; + switch (format[pos]) { + case '%': + str_append(s, "%"); + break; + case 'q': + mod_quad = 1; + goto FORMAT; + case '\'': + mod_sep = 1; + goto FORMAT; + case 's': + arg_str = va_arg(va, char*); + str_append(s, arg_str); + /* str_append can be a macro! passing it va_arg can result in + * va_arg being called twice + */ + break; + case 'd': + if (mod_quad) + str_append_i64(s, va_arg(va, int64_t), mod_sep); + else + str_append_i32(s, (int32_t)va_arg(va, int), mod_sep); + break; + case 'u': + if (mod_quad) + str_append_u64(s, va_arg(va, uint64_t), mod_sep); + else + str_append_u32(s, (uint32_t)va_arg(va, unsigned int), mod_sep); + break; + case 'x': + str_append_hex8(s, (uint8_t)va_arg(va, int)); + break; + default: + errx(1, "format string is \"%s\", unknown format '%c' at %u", + format, format[pos], (unsigned int)pos); + } + } + } +} + +void +str_appendf(struct str *s, const char *format, ...) +{ + va_list va; + va_start(va, format); + str_vappendf(s, format, va); + va_end(va); +} + +size_t +xvasprintf(char **result, const char *format, va_list va) +{ + size_t len; + struct str *s = str_make(); + str_vappendf(s, format, va); + str_appendn(s, "", 1); /* "" still contains \0 */ + str_extract(s, &len, result); + return (len-1); +} + +size_t +xasprintf(char **result, const char *format, ...) +{ + va_list va; + size_t ret; + va_start(va, format); + ret = xvasprintf(result, format, va); + va_end(va); + return (ret); +} + +/* + * Format a length of time in seconds to "n days, n hrs, n mins, n secs". + * Returns a newly allocated str. + */ +struct str * +length_of_time(const time_t t) +{ + struct str *buf = str_make(); + int secs = t % 60; + int mins = (t / 60) % 60; + int hours = (t / 3600) % 24; + int days = t / 86400; + + int show_zeroes = 0; + + if (days > 0) { + str_appendf(buf, "%d %s", days, (days==1)?"day":"days"); + show_zeroes = 1; + } + + if (show_zeroes || (hours > 0)) { + if (show_zeroes) str_append(buf, ", "); + str_appendf(buf, "%d %s", hours, (hours==1)?"hr":"hrs"); + show_zeroes = 1; + } + + if (show_zeroes || (mins > 0)) { + if (show_zeroes) str_append(buf, ", "); + str_appendf(buf, "%d %s", mins, (mins==1)?"min":"mins"); + show_zeroes = 1; + } + + if (show_zeroes) str_append(buf, ", "); + str_appendf(buf, "%d %s", secs, (secs==1)?"sec":"secs"); + + return buf; +} + +/* vim:set ts=3 sw=3 tw=78 expandtab: */ diff --git a/str.h b/str.h new file mode 100644 index 0000000..da8a2dc --- /dev/null +++ b/str.h @@ -0,0 +1,47 @@ +/* darkstat 3 + * copyright (c) 2001-2011 Emil Mikulic. + * + * str.h: string buffer with pool-based reallocation + * + * Permission to use, copy, modify, and distribute this file for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#define RB_HEAD(name, type) \ +struct name { \ + struct type *rbh_root; /* root of the tree */ \ +} + +#define RB_INITIALIZER(root) { NULL } + +#define RB_BLACK 0 +#define RB_RED 1 +#define RB_ENTRY(type) \ +struct { \ + struct type *rbe_left; /* left element */ \ + struct type *rbe_right; /* right element */ \ + struct type *rbe_parent; /* parent element */ \ + int rbe_color; /* node color */ \ +} + +#define RB_LEFT(elm, field) (elm)->field.rbe_left +#define RB_RIGHT(elm, field) (elm)->field.rbe_right +#define RB_PARENT(elm, field) (elm)->field.rbe_parent +#define RB_COLOR(elm, field) (elm)->field.rbe_color +#define RB_ROOT(head) (head)->rbh_root + +#define RB_SET(elm, parent, field) do { \ + RB_PARENT(elm, field) = parent; \ + RB_LEFT(elm, field) = RB_RIGHT(elm, field) = NULL; \ + RB_COLOR(elm, field) = RB_RED; \ +} while (/*CONSTCOND*/ 0) + +#define RB_SET_BLACKRED(black, red, field) do { \ + RB_COLOR(black, field) = RB_BLACK; \ + RB_COLOR(red, field) = RB_RED; \ +} while (/*CONSTCOND*/ 0) + +#define RB_AUGMENT(x) do {} while (0) + +#define RB_ROTATE_LEFT(head, elm, tmp, field) do { \ + (tmp) = RB_RIGHT(elm, field); \ + if ((RB_RIGHT(elm, field) = RB_LEFT(tmp, field)) != NULL) { \ + RB_PARENT(RB_LEFT(tmp, field), field) = (elm); \ + } \ + RB_AUGMENT(elm); \ + if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field)) != NULL) { \ + if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \ + RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ + else \ + RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ + } else \ + (head)->rbh_root = (tmp); \ + RB_LEFT(tmp, field) = (elm); \ + RB_PARENT(elm, field) = (tmp); \ + RB_AUGMENT(tmp); \ + if ((RB_PARENT(tmp, field))) \ + RB_AUGMENT(RB_PARENT(tmp, field)); \ +} while (/*CONSTCOND*/ 0) + +#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \ + (tmp) = RB_LEFT(elm, field); \ + if ((RB_LEFT(elm, field) = RB_RIGHT(tmp, field)) != NULL) { \ + RB_PARENT(RB_RIGHT(tmp, field), field) = (elm); \ + } \ + RB_AUGMENT(elm); \ + if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field)) != NULL) { \ + if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \ + RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \ + else \ + RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \ + } else \ + (head)->rbh_root = (tmp); \ + RB_RIGHT(tmp, field) = (elm); \ + RB_PARENT(elm, field) = (tmp); \ + RB_AUGMENT(tmp); \ + if ((RB_PARENT(tmp, field))) \ + RB_AUGMENT(RB_PARENT(tmp, field)); \ +} while (/*CONSTCOND*/ 0) + +#define RB_GENERATE(name, type, field, cmp) \ + RB_GENERATE_INTERNAL(name, type, field, cmp, static) +#define RB_GENERATE_INTERNAL(name, type, field, cmp, attr) \ +attr void \ +name##_RB_INSERT_COLOR(struct name *head, struct type *elm) \ +{ \ + struct type *parent, *gparent, *tmp; \ + while ((parent = RB_PARENT(elm, field)) != NULL && \ + RB_COLOR(parent, field) == RB_RED) { \ + gparent = RB_PARENT(parent, field); \ + if (parent == RB_LEFT(gparent, field)) { \ + tmp = RB_RIGHT(gparent, field); \ + if (tmp && RB_COLOR(tmp, field) == RB_RED) { \ + RB_COLOR(tmp, field) = RB_BLACK; \ + RB_SET_BLACKRED(parent, gparent, field);\ + elm = gparent; \ + continue; \ + } \ + if (RB_RIGHT(parent, field) == elm) { \ + RB_ROTATE_LEFT(head, parent, tmp, field);\ + tmp = parent; \ + parent = elm; \ + elm = tmp; \ + } \ + RB_SET_BLACKRED(parent, gparent, field); \ + RB_ROTATE_RIGHT(head, gparent, tmp, field); \ + } else { \ + tmp = RB_LEFT(gparent, field); \ + if (tmp && RB_COLOR(tmp, field) == RB_RED) { \ + RB_COLOR(tmp, field) = RB_BLACK; \ + RB_SET_BLACKRED(parent, gparent, field);\ + elm = gparent; \ + continue; \ + } \ + if (RB_LEFT(parent, field) == elm) { \ + RB_ROTATE_RIGHT(head, parent, tmp, field);\ + tmp = parent; \ + parent = elm; \ + elm = tmp; \ + } \ + RB_SET_BLACKRED(parent, gparent, field); \ + RB_ROTATE_LEFT(head, gparent, tmp, field); \ + } \ + } \ + RB_COLOR(head->rbh_root, field) = RB_BLACK; \ +} \ + \ +attr void \ +name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm) \ +{ \ + struct type *tmp; \ + while ((elm == NULL || RB_COLOR(elm, field) == RB_BLACK) && \ + elm != RB_ROOT(head)) { \ + if (RB_LEFT(parent, field) == elm) { \ + tmp = RB_RIGHT(parent, field); \ + if (RB_COLOR(tmp, field) == RB_RED) { \ + RB_SET_BLACKRED(tmp, parent, field); \ + RB_ROTATE_LEFT(head, parent, tmp, field);\ + tmp = RB_RIGHT(parent, field); \ + } \ + if ((RB_LEFT(tmp, field) == NULL || \ + RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\ + (RB_RIGHT(tmp, field) == NULL || \ + RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\ + RB_COLOR(tmp, field) = RB_RED; \ + elm = parent; \ + parent = RB_PARENT(elm, field); \ + } else { \ + if (RB_RIGHT(tmp, field) == NULL || \ + RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK) {\ + struct type *oleft; \ + if ((oleft = RB_LEFT(tmp, field)) \ + != NULL) \ + RB_COLOR(oleft, field) = RB_BLACK;\ + RB_COLOR(tmp, field) = RB_RED; \ + RB_ROTATE_RIGHT(head, tmp, oleft, field);\ + tmp = RB_RIGHT(parent, field); \ + } \ + RB_COLOR(tmp, field) = RB_COLOR(parent, field);\ + RB_COLOR(parent, field) = RB_BLACK; \ + if (RB_RIGHT(tmp, field)) \ + RB_COLOR(RB_RIGHT(tmp, field), field) = RB_BLACK;\ + RB_ROTATE_LEFT(head, parent, tmp, field);\ + elm = RB_ROOT(head); \ + break; \ + } \ + } else { \ + tmp = RB_LEFT(parent, field); \ + if (RB_COLOR(tmp, field) == RB_RED) { \ + RB_SET_BLACKRED(tmp, parent, field); \ + RB_ROTATE_RIGHT(head, parent, tmp, field);\ + tmp = RB_LEFT(parent, field); \ + } \ + if ((RB_LEFT(tmp, field) == NULL || \ + RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\ + (RB_RIGHT(tmp, field) == NULL || \ + RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\ + RB_COLOR(tmp, field) = RB_RED; \ + elm = parent; \ + parent = RB_PARENT(elm, field); \ + } else { \ + if (RB_LEFT(tmp, field) == NULL || \ + RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) {\ + struct type *oright; \ + if ((oright = RB_RIGHT(tmp, field)) \ + != NULL) \ + RB_COLOR(oright, field) = RB_BLACK;\ + RB_COLOR(tmp, field) = RB_RED; \ + RB_ROTATE_LEFT(head, tmp, oright, field);\ + tmp = RB_LEFT(parent, field); \ + } \ + RB_COLOR(tmp, field) = RB_COLOR(parent, field);\ + RB_COLOR(parent, field) = RB_BLACK; \ + if (RB_LEFT(tmp, field)) \ + RB_COLOR(RB_LEFT(tmp, field), field) = RB_BLACK;\ + RB_ROTATE_RIGHT(head, parent, tmp, field);\ + elm = RB_ROOT(head); \ + break; \ + } \ + } \ + } \ + if (elm) \ + RB_COLOR(elm, field) = RB_BLACK; \ +} \ + \ +attr struct type * \ +name##_RB_REMOVE(struct name *head, struct type *elm) \ +{ \ + struct type *child, *parent, *old = elm; \ + int color; \ + if (RB_LEFT(elm, field) == NULL) \ + child = RB_RIGHT(elm, field); \ + else if (RB_RIGHT(elm, field) == NULL) \ + child = RB_LEFT(elm, field); \ + else { \ + struct type *left; \ + elm = RB_RIGHT(elm, field); \ + while ((left = RB_LEFT(elm, field)) != NULL) \ + elm = left; \ + child = RB_RIGHT(elm, field); \ + parent = RB_PARENT(elm, field); \ + color = RB_COLOR(elm, field); \ + if (child) \ + RB_PARENT(child, field) = parent; \ + if (parent) { \ + if (RB_LEFT(parent, field) == elm) \ + RB_LEFT(parent, field) = child; \ + else \ + RB_RIGHT(parent, field) = child; \ + RB_AUGMENT(parent); \ + } else \ + RB_ROOT(head) = child; \ + if (RB_PARENT(elm, field) == old) \ + parent = elm; \ + (elm)->field = (old)->field; \ + if (RB_PARENT(old, field)) { \ + if (RB_LEFT(RB_PARENT(old, field), field) == old)\ + RB_LEFT(RB_PARENT(old, field), field) = elm;\ + else \ + RB_RIGHT(RB_PARENT(old, field), field) = elm;\ + RB_AUGMENT(RB_PARENT(old, field)); \ + } else \ + RB_ROOT(head) = elm; \ + RB_PARENT(RB_LEFT(old, field), field) = elm; \ + if (RB_RIGHT(old, field)) \ + RB_PARENT(RB_RIGHT(old, field), field) = elm; \ + if (parent) { \ + left = parent; \ + do { \ + RB_AUGMENT(left); \ + } while ((left = RB_PARENT(left, field)) != NULL); \ + } \ + goto color; \ + } \ + parent = RB_PARENT(elm, field); \ + color = RB_COLOR(elm, field); \ + if (child) \ + RB_PARENT(child, field) = parent; \ + if (parent) { \ + if (RB_LEFT(parent, field) == elm) \ + RB_LEFT(parent, field) = child; \ + else \ + RB_RIGHT(parent, field) = child; \ + RB_AUGMENT(parent); \ + } else \ + RB_ROOT(head) = child; \ +color: \ + if (color == RB_BLACK) \ + name##_RB_REMOVE_COLOR(head, parent, child); \ + return (old); \ +} \ + \ +/* Inserts a node into the RB tree */ \ +attr struct type * \ +name##_RB_INSERT(struct name *head, struct type *elm) \ +{ \ + struct type *tmp; \ + struct type *parent = NULL; \ + int comp = 0; \ + tmp = RB_ROOT(head); \ + while (tmp) { \ + parent = tmp; \ + comp = (cmp)(elm, parent); \ + if (comp < 0) \ + tmp = RB_LEFT(tmp, field); \ + else if (comp > 0) \ + tmp = RB_RIGHT(tmp, field); \ + else \ + return (tmp); \ + } \ + RB_SET(elm, parent, field); \ + if (parent != NULL) { \ + if (comp < 0) \ + RB_LEFT(parent, field) = elm; \ + else \ + RB_RIGHT(parent, field) = elm; \ + RB_AUGMENT(parent); \ + } else \ + RB_ROOT(head) = elm; \ + name##_RB_INSERT_COLOR(head, elm); \ + return (NULL); \ +} \ + \ +/* Finds the node with the same key as elm */ \ +attr struct type * \ +name##_RB_FIND(struct name *head, struct type *elm) \ +{ \ + struct type *tmp = RB_ROOT(head); \ + int comp; \ + while (tmp) { \ + comp = cmp(elm, tmp); \ + if (comp < 0) \ + tmp = RB_LEFT(tmp, field); \ + else if (comp > 0) \ + tmp = RB_RIGHT(tmp, field); \ + else \ + return (tmp); \ + } \ + return (NULL); \ +} \ + \ +/* ARGSUSED */ \ +attr struct type * \ +name##_RB_NEXT(struct type *elm) \ +{ \ + if (RB_RIGHT(elm, field)) { \ + elm = RB_RIGHT(elm, field); \ + while (RB_LEFT(elm, field)) \ + elm = RB_LEFT(elm, field); \ + } else { \ + if (RB_PARENT(elm, field) && \ + (elm == RB_LEFT(RB_PARENT(elm, field), field))) \ + elm = RB_PARENT(elm, field); \ + else { \ + while (RB_PARENT(elm, field) && \ + (elm == RB_RIGHT(RB_PARENT(elm, field), field)))\ + elm = RB_PARENT(elm, field); \ + elm = RB_PARENT(elm, field); \ + } \ + } \ + return (elm); \ +} \ + \ +attr struct type * \ +name##_RB_MINMAX(struct name *head, int val) \ +{ \ + struct type *tmp = RB_ROOT(head); \ + struct type *parent = NULL; \ + while (tmp) { \ + parent = tmp; \ + if (val < 0) \ + tmp = RB_LEFT(tmp, field); \ + else \ + tmp = RB_RIGHT(tmp, field); \ + } \ + return (parent); \ +} + +#define RB_NEGINF -1 + +#define RB_INSERT(name, x, y) name##_RB_INSERT(x, y) +#define RB_REMOVE(name, x, y) name##_RB_REMOVE(x, y) +#define RB_FIND(name, x, y) name##_RB_FIND(x, y) +#define RB_NEXT(name, x, y) name##_RB_NEXT(y) +#define RB_MIN(name, x) name##_RB_MINMAX(x, RB_NEGINF) -- 2.17.1