217d0e23386b98b09724d2c112d29d217df9fa4c
[darkstat] / darkstat.c
1 /* darkstat 3
2 * copyright (c) 2001-2010 Emil Mikulic.
3 *
4 * darkstat.c: signals, cmdline parsing, program body.
5 *
6 * You may use, modify and redistribute this file under the terms of the
7 * GNU General Public License version 2. (see COPYING.GPL)
8 */
9
10 #include "darkstat.h"
11 #include "acct.h"
12 #include "cap.h"
13 #include "config.h"
14 #include "conv.h"
15 #include "daylog.h"
16 #include "db.h"
17 #include "dns.h"
18 #include "http.h"
19 #include "hosts_db.h"
20 #include "localip.h"
21 #include "ncache.h"
22 #include "pidfile.h"
23
24 #include "err.h"
25 #include <arpa/inet.h>
26 #include <sys/socket.h>
27 #include <netdb.h>
28 #include <assert.h>
29 #include <errno.h>
30 #include <signal.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <syslog.h>
35 #include <unistd.h>
36 #include <pcap.h>
37
38 #include "now.h"
39 time_t now;
40
41 #ifndef INADDR_NONE
42 # define INADDR_NONE (-1) /* Solaris */
43 #endif
44
45 /* --- Signal handling --- */
46 static volatile int running = 1;
47 static void sig_shutdown(int signum _unused_) { running = 0; }
48
49 static volatile int reset_pending = 0, export_pending = 0;
50 static void sig_reset(int signum _unused_)
51 {
52 reset_pending = 1;
53 export_pending = 1;
54 }
55
56 static void sig_export(int signum _unused_) { export_pending = 1; }
57
58 /* --- Commandline parsing --- */
59 static unsigned long
60 parsenum(const char *str, unsigned long max /* 0 for no max */)
61 {
62 unsigned long n;
63 char *end;
64
65 errno = 0;
66 n = strtoul(str, &end, 10);
67 if (*end != '\0')
68 errx(1, "\"%s\" is not a valid number", str);
69 if (errno == ERANGE)
70 errx(1, "\"%s\" is out of range", str);
71 if ((max != 0) && (n > max))
72 errx(1, "\"%s\" is out of range (max %lu)", str, max);
73 return n;
74 }
75
76 const char *opt_interface = NULL;
77 static void cb_interface(const char *arg) { opt_interface = arg; }
78
79 const char *opt_capfile = NULL;
80 static void cb_capfile(const char *arg) { opt_capfile = arg; }
81
82 int opt_want_snaplen = -1;
83 static void cb_snaplen(const char *arg)
84 { opt_want_snaplen = (int)parsenum(arg, 0); }
85
86 int opt_want_pppoe = 0;
87 static void cb_pppoe(const char *arg _unused_) { opt_want_pppoe = 1; }
88
89 int opt_want_syslog = 0;
90 static void cb_syslog(const char *arg _unused_) { opt_want_syslog = 1; }
91
92 int opt_want_verbose = 0;
93 static void cb_verbose(const char *arg _unused_) { opt_want_verbose = 1; }
94
95 int opt_want_daemonize = 1;
96 static void cb_no_daemon(const char *arg _unused_) { opt_want_daemonize = 0; }
97
98 int opt_want_promisc = 1;
99 static void cb_no_promisc(const char *arg _unused_) { opt_want_promisc = 0; }
100
101 int opt_want_dns = 1;
102 static void cb_no_dns(const char *arg _unused_) { opt_want_dns = 0; }
103
104 int opt_want_macs = 1;
105 static void cb_no_macs(const char *arg _unused_) { opt_want_macs = 0; }
106
107 int opt_want_lastseen = 1;
108 static void cb_no_lastseen(const char *arg _unused_) { opt_want_lastseen = 0; }
109
110 unsigned short opt_bindport = 667;
111 static void cb_port(const char *arg)
112 { opt_bindport = (unsigned short)parsenum(arg, 65536); }
113
114 const char *opt_bindaddr = NULL;
115 static void cb_bindaddr(const char *arg)
116 {
117 struct addrinfo hints, *ai;
118
119 memset(&hints, 0, sizeof(hints));
120 hints.ai_flags = AI_PASSIVE;
121 #ifdef AI_ADDRCONFIG
122 hints.ai_flags |= AI_ADDRCONFIG;
123 #endif
124 hints.ai_family = AF_UNSPEC;
125 hints.ai_socktype = SOCK_STREAM;
126
127 if (getaddrinfo(arg, NULL, &hints, &ai))
128 errx(1, "malformed address \"%s\"", arg);
129
130 freeaddrinfo(ai);
131 opt_bindaddr = arg;
132 }
133
134 const char *opt_filter = NULL;
135 static void cb_filter(const char *arg) { opt_filter = arg; }
136
137 static void cb_local(const char *arg) { acct_init_localnet(arg); }
138
139 const char *opt_chroot_dir = NULL;
140 static void cb_chroot(const char *arg) { opt_chroot_dir = arg; }
141
142 const char *opt_base = NULL;
143 static void cb_base(const char *arg) { opt_base = arg; }
144
145 const char *opt_privdrop_user = NULL;
146 static void cb_user(const char *arg) { opt_privdrop_user = arg; }
147
148 const char *daylog_fn = NULL;
149 static void cb_daylog(const char *arg)
150 {
151 if (opt_chroot_dir == NULL)
152 errx(1, "the daylog file is relative to the chroot.\n"
153 "You must specify a --chroot dir before you can use --daylog.");
154 else
155 daylog_fn = arg;
156 }
157
158 const char *import_fn = NULL;
159 static void cb_import(const char *arg)
160 {
161 if (opt_chroot_dir == NULL)
162 errx(1, "the import file is relative to the chroot.\n"
163 "You must specify a --chroot dir before you can use --import.");
164 else
165 import_fn = arg;
166 }
167
168 const char *export_fn = NULL;
169 static void cb_export(const char *arg)
170 {
171 if ((opt_chroot_dir == NULL) && (opt_capfile == NULL))
172 errx(1, "the export file is relative to the chroot.\n"
173 "You must specify a --chroot dir before you can use --export.");
174 else
175 export_fn = arg;
176 }
177
178 static const char *pid_fn = NULL;
179 static void cb_pidfile(const char *arg)
180 {
181 if (opt_chroot_dir == NULL)
182 errx(1, "the pidfile is relative to the chroot.\n"
183 "You must specify a --chroot dir before you can use --pidfile.");
184 else
185 pid_fn = arg;
186 }
187
188 unsigned int opt_hosts_max = 1000;
189 static void cb_hosts_max(const char *arg)
190 { opt_hosts_max = parsenum(arg, 0); }
191
192 unsigned int opt_hosts_keep = 500;
193 static void cb_hosts_keep(const char *arg)
194 { opt_hosts_keep = parsenum(arg, 0); }
195
196 unsigned int opt_ports_max = 200;
197 static void cb_ports_max(const char *arg)
198 { opt_ports_max = parsenum(arg, 65536); }
199
200 unsigned int opt_ports_keep = 30;
201 static void cb_ports_keep(const char *arg)
202 { opt_ports_keep = parsenum(arg, 65536); }
203
204 unsigned int opt_highest_port = 65535;
205 static void cb_highest_port(const char *arg)
206 { opt_highest_port = parsenum(arg, 65535); }
207
208 int opt_wait_secs = -1;
209 static void cb_wait_secs(const char *arg)
210 { opt_wait_secs = (int)parsenum(arg, 0); }
211
212 int opt_want_hexdump = 0;
213 static void cb_hexdump(const char *arg _unused_) { opt_want_hexdump = 1; }
214
215 /* --- */
216
217 struct cmdline_arg {
218 const char *name, *arg_name; /* NULL arg_name means unary */
219 void (*callback)(const char *arg);
220 int num_seen;
221 };
222
223 static struct cmdline_arg cmdline_args[] = {
224 {"-i", "interface", cb_interface, 0},
225 {"-r", "file", cb_capfile, 0},
226 {"--snaplen", "bytes", cb_snaplen, 0},
227 {"--pppoe", NULL, cb_pppoe, 0},
228 {"--syslog", NULL, cb_syslog, 0},
229 {"--verbose", NULL, cb_verbose, 0},
230 {"--no-daemon", NULL, cb_no_daemon, 0},
231 {"--no-promisc", NULL, cb_no_promisc, 0},
232 {"--no-dns", NULL, cb_no_dns, 0},
233 {"--no-macs", NULL, cb_no_macs, 0},
234 {"--no-lastseen", NULL, cb_no_lastseen, 0},
235 {"-p", "port", cb_port, 0},
236 {"-b", "bindaddr", cb_bindaddr, 0},
237 {"--base", "path", cb_base, 0},
238 {"-f", "filter", cb_filter, 0},
239 {"-l", "network/netmask", cb_local, 0},
240 {"--chroot", "dir", cb_chroot, 0},
241 {"--user", "username", cb_user, 0},
242 {"--daylog", "filename", cb_daylog, 0},
243 {"--import", "filename", cb_import, 0},
244 {"--export", "filename", cb_export, 0},
245 {"--pidfile", "filename", cb_pidfile, 0},
246 {"--hosts-max", "count", cb_hosts_max, 0},
247 {"--hosts-keep", "count", cb_hosts_keep, 0},
248 {"--ports-max", "count", cb_ports_max, 0},
249 {"--ports-keep", "count", cb_ports_keep, 0},
250 {"--highest-port", "port", cb_highest_port, 0},
251 {"--wait", "secs", cb_wait_secs, 0},
252 {"--hexdump", NULL, cb_hexdump, 0},
253 {NULL, NULL, NULL, 0}
254 };
255
256 static void
257 pad(const int width)
258 {
259 int i;
260 for (i=0; i<width; i++) printf(" ");
261 }
262
263 /*
264 * We autogenerate the usage statement from the cmdline_args data structure.
265 */
266 static void
267 usage(void)
268 {
269 int width, first;
270 struct cmdline_arg *arg;
271
272 printf(PACKAGE_STRING " (built with libpcap %d.%d)\n\n",
273 PCAP_VERSION_MAJOR, PCAP_VERSION_MINOR);
274
275 width = printf("usage: darkstat ");
276 first = 1;
277
278 for (arg = cmdline_args; arg->name != NULL; arg++) {
279 if (first) first = 0; else pad(width);
280 printf("[ %s", arg->name);
281 if (arg->arg_name != NULL) printf(" %s", arg->arg_name);
282 printf(" ]\n");
283 }
284 printf("\n"
285 "Please refer to the darkstat(8) manual page for further\n"
286 "documentation and usage examples.\n");
287 }
288
289 static void
290 parse_sub_cmdline(const int argc, char * const *argv)
291 {
292 struct cmdline_arg *arg;
293
294 if (argc == 0) return;
295 for (arg = cmdline_args; arg->name != NULL; arg++)
296 if (strcmp(argv[0], arg->name) == 0) {
297 if ((arg->arg_name != NULL) && (argc == 1)) {
298 fprintf(stderr,
299 "error: argument \"%s\" requires parameter \"%s\"\n",
300 arg->name, arg->arg_name);
301 usage();
302 exit(EXIT_FAILURE);
303 }
304 if (arg->num_seen > 0) {
305 fprintf(stderr,
306 "error: already specified argument \"%s\"\n",
307 arg->name);
308 usage();
309 exit(EXIT_FAILURE);
310 }
311
312 arg->num_seen++;
313 if (arg->arg_name == NULL) {
314 arg->callback(NULL);
315 parse_sub_cmdline(argc-1, argv+1);
316 } else {
317 arg->callback(argv[1]);
318 parse_sub_cmdline(argc-2, argv+2);
319 }
320 return;
321 }
322
323 fprintf(stderr, "error: illegal argument: \"%s\"\n", argv[0]);
324 usage();
325 exit(EXIT_FAILURE);
326 }
327
328 static void
329 parse_cmdline(const int argc, char * const *argv)
330 {
331 if (argc < 1) {
332 /* Not enough args. */
333 usage();
334 exit(EXIT_FAILURE);
335 }
336
337 parse_sub_cmdline(argc, argv);
338
339 /* start syslogging as early as possible */
340 if (opt_want_syslog) openlog("darkstat", LOG_NDELAY | LOG_PID, LOG_DAEMON);
341
342 /* some default values */
343 if (opt_chroot_dir == NULL) opt_chroot_dir = CHROOT_DIR;
344 if (opt_privdrop_user == NULL) opt_privdrop_user = PRIVDROP_USER;
345
346 /* sanity check args */
347 if ((opt_interface == NULL) && (opt_capfile == NULL))
348 errx(1, "must specify either interface (-i) or capture file (-r)");
349
350 if ((opt_interface != NULL) && (opt_capfile != NULL))
351 errx(1, "can't specify both interface (-i) and capture file (-r)");
352
353 if ((opt_hosts_max != 0) && (opt_hosts_keep >= opt_hosts_max)) {
354 opt_hosts_keep = opt_hosts_max / 2;
355 warnx("reducing --hosts-keep to %u, to be under --hosts-max (%u)",
356 opt_hosts_keep, opt_hosts_max);
357 }
358 verbosef("max %u hosts, cutting down to %u when exceeded",
359 opt_hosts_max, opt_hosts_keep);
360
361 if ((opt_ports_max != 0) && (opt_ports_keep >= opt_ports_max)) {
362 opt_ports_keep = opt_ports_max / 2;
363 warnx("reducing --ports-keep to %u, to be under --ports-max (%u)",
364 opt_ports_keep, opt_ports_max);
365 }
366 verbosef("max %u ports per host, cutting down to %u when exceeded",
367 opt_ports_max, opt_ports_keep);
368
369 if (opt_want_hexdump && !opt_want_verbose) {
370 opt_want_verbose = 1;
371 verbosef("--hexdump implies --verbose");
372 }
373
374 if (opt_want_hexdump && opt_want_daemonize) {
375 opt_want_daemonize = 0;
376 verbosef("--hexdump implies --no-daemon");
377 }
378 }
379
380 static void
381 run_from_capfile(void)
382 {
383 graph_init();
384 hosts_db_init();
385 cap_from_file(opt_capfile, opt_filter);
386 cap_stop();
387 if (export_fn != NULL) db_export(export_fn);
388 hosts_db_free();
389 graph_free();
390 verbosef("Total packets: %qu, bytes: %qu",
391 acct_total_packets, acct_total_bytes);
392 }
393
394 /* --- Program body --- */
395 int
396 main(int argc, char **argv)
397 {
398 test_64order();
399 parse_cmdline(argc-1, argv+1);
400
401 if (opt_capfile) {
402 /*
403 * This is very different from a regular run against a network
404 * interface.
405 */
406 run_from_capfile();
407 return 0;
408 }
409
410 /* must verbosef() before first fork to init lock */
411 verbosef("starting up");
412 if (pid_fn) pidfile_create(opt_chroot_dir, pid_fn, opt_privdrop_user);
413
414 if (opt_want_daemonize) {
415 verbosef("daemonizing to run in the background!");
416 daemonize_start();
417 verbosef("I am the main process");
418 }
419 if (pid_fn) pidfile_write_close();
420
421 /* do this first as it forks - minimize memory use */
422 if (opt_want_dns) dns_init(opt_privdrop_user);
423 cap_init(opt_interface, opt_filter, opt_want_promisc); /* needs root */
424 http_init(opt_base, opt_bindaddr, opt_bindport, /*maxconn=*/-1);
425 ncache_init(); /* must do before chroot() */
426
427 privdrop(opt_chroot_dir, opt_privdrop_user);
428
429 /* Don't need root privs for these: */
430 now = time(NULL);
431 if (daylog_fn != NULL) daylog_init(daylog_fn);
432 graph_init();
433 hosts_db_init();
434 if (import_fn != NULL) db_import(import_fn);
435 localip_init(opt_interface);
436
437 if (signal(SIGTERM, sig_shutdown) == SIG_ERR)
438 errx(1, "signal(SIGTERM) failed");
439 if (signal(SIGINT, sig_shutdown) == SIG_ERR)
440 errx(1, "signal(SIGINT) failed");
441 if (signal(SIGUSR1, sig_reset) == SIG_ERR)
442 errx(1, "signal(SIGUSR1) failed");
443 if (signal(SIGUSR2, sig_export) == SIG_ERR)
444 errx(1, "signal(SIGUSR2) failed");
445
446 verbosef("entering main loop");
447 daemonize_finish();
448
449 while (running) {
450 int select_ret, max_fd = -1, use_timeout = 0;
451 struct timeval timeout;
452 fd_set rs, ws;
453
454 now = time(NULL);
455
456 if (export_pending) {
457 if (export_fn != NULL)
458 db_export(export_fn);
459 export_pending = 0;
460 }
461
462 if (reset_pending) {
463 hosts_db_reset();
464 graph_reset();
465 reset_pending = 0;
466 }
467
468 FD_ZERO(&rs);
469 FD_ZERO(&ws);
470
471 cap_fd_set(&rs, &max_fd, &timeout, &use_timeout);
472 http_fd_set(&rs, &ws, &max_fd, &timeout, &use_timeout);
473
474 select_ret = select(max_fd+1, &rs, &ws, NULL,
475 (use_timeout) ? &timeout : NULL);
476
477 if ((select_ret == 0) && (!use_timeout))
478 errx(1, "select() erroneously timed out");
479
480 if (select_ret == -1) {
481 if (errno == EINTR)
482 continue;
483 else
484 err(1, "select()");
485 }
486 else {
487 graph_rotate();
488 cap_poll(&rs);
489 dns_poll();
490 http_poll(&rs, &ws);
491 }
492 }
493
494 verbosef("shutting down");
495 verbosef("pcap stats: %u packets received, %u packets dropped",
496 cap_pkts_recv, cap_pkts_drop);
497 http_stop();
498 cap_stop();
499 dns_stop();
500 if (export_fn != NULL) db_export(export_fn);
501 hosts_db_free();
502 graph_free();
503 if (daylog_fn != NULL) daylog_free();
504 ncache_free();
505 if (pid_fn) pidfile_unlink();
506 verbosef("shut down");
507 return (EXIT_SUCCESS);
508 }
509
510 /* vim:set ts=3 sw=3 tw=78 expandtab: */