3a0ca087dca24c1449cbb3ee00ed8d9a96909ec4
[darkstat] / darkstat.c
1 /* darkstat 3
2 * copyright (c) 2001-2010 Emil Mikulic.
3 *
4 * darkstat.c: signals, cmdline parsing, program body.
5 *
6 * You may use, modify and redistribute this file under the terms of the
7 * GNU General Public License version 2. (see COPYING.GPL)
8 */
9
10 #include "darkstat.h"
11 #include "acct.h"
12 #include "cap.h"
13 #include "conv.h"
14 #include "daylog.h"
15 #include "db.h"
16 #include "dns.h"
17 #include "http.h"
18 #include "hosts_db.h"
19 #include "localip.h"
20 #include "ncache.h"
21 #include "pidfile.h"
22
23 #include "err.h"
24 #include <arpa/inet.h>
25 #include <sys/socket.h>
26 #include <netdb.h>
27 #include <assert.h>
28 #include <errno.h>
29 #include <signal.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <syslog.h>
34 #include <unistd.h>
35 #include <pcap.h>
36
37 #include "now.h"
38 time_t now;
39
40 #ifndef INADDR_NONE
41 # define INADDR_NONE (-1) /* Solaris */
42 #endif
43
44 /* --- Signal handling --- */
45 static volatile int running = 1;
46 static void sig_shutdown(int signum _unused_) { running = 0; }
47
48 static volatile int reset_pending = 0, export_pending = 0;
49 static void sig_reset(int signum _unused_)
50 {
51 reset_pending = 1;
52 export_pending = 1;
53 }
54
55 static void sig_export(int signum _unused_) { export_pending = 1; }
56
57 /* --- Commandline parsing --- */
58 static unsigned long
59 parsenum(const char *str, unsigned long max /* 0 for no max */)
60 {
61 unsigned long n;
62 char *end;
63
64 errno = 0;
65 n = strtoul(str, &end, 10);
66 if (*end != '\0')
67 errx(1, "\"%s\" is not a valid number", str);
68 if (errno == ERANGE)
69 errx(1, "\"%s\" is out of range", str);
70 if ((max != 0) && (n > max))
71 errx(1, "\"%s\" is out of range (max %lu)", str, max);
72 return n;
73 }
74
75 const char *opt_interface = NULL;
76 static void cb_interface(const char *arg) { opt_interface = arg; }
77
78 const char *opt_capfile = NULL;
79 static void cb_capfile(const char *arg) { opt_capfile = arg; }
80
81 int opt_want_snaplen = -1;
82 static void cb_snaplen(const char *arg)
83 { opt_want_snaplen = (int)parsenum(arg, 0); }
84
85 int opt_want_pppoe = 0;
86 static void cb_pppoe(const char *arg _unused_) { opt_want_pppoe = 1; }
87
88 int opt_want_syslog = 0;
89 static void cb_syslog(const char *arg _unused_) { opt_want_syslog = 1; }
90
91 int opt_want_verbose = 0;
92 static void cb_verbose(const char *arg _unused_) { opt_want_verbose = 1; }
93
94 int opt_want_daemonize = 1;
95 static void cb_no_daemon(const char *arg _unused_) { opt_want_daemonize = 0; }
96
97 int opt_want_promisc = 1;
98 static void cb_no_promisc(const char *arg _unused_) { opt_want_promisc = 0; }
99
100 int opt_want_dns = 1;
101 static void cb_no_dns(const char *arg _unused_) { opt_want_dns = 0; }
102
103 int opt_want_macs = 1;
104 static void cb_no_macs(const char *arg _unused_) { opt_want_macs = 0; }
105
106 int opt_want_lastseen = 1;
107 static void cb_no_lastseen(const char *arg _unused_) { opt_want_lastseen = 0; }
108
109 unsigned short opt_bindport = 667;
110 static void cb_port(const char *arg)
111 { opt_bindport = (unsigned short)parsenum(arg, 65536); }
112
113 const char *opt_bindaddr = NULL;
114 static void cb_bindaddr(const char *arg)
115 {
116 struct addrinfo hints, *ai;
117
118 memset(&hints, 0, sizeof(hints));
119 hints.ai_flags = AI_PASSIVE;
120 #ifdef AI_ADDRCONFIG
121 hints.ai_flags |= AI_ADDRCONFIG;
122 #endif
123 hints.ai_family = AF_UNSPEC;
124 hints.ai_socktype = SOCK_STREAM;
125
126 if (getaddrinfo(arg, NULL, &hints, &ai))
127 errx(1, "malformed address \"%s\"", arg);
128
129 freeaddrinfo(ai);
130 opt_bindaddr = arg;
131 }
132
133 const char *opt_filter = NULL;
134 static void cb_filter(const char *arg) { opt_filter = arg; }
135
136 static void cb_local(const char *arg) { acct_init_localnet(arg); }
137
138 const char *opt_chroot_dir = NULL;
139 static void cb_chroot(const char *arg) { opt_chroot_dir = arg; }
140
141 const char *opt_base = NULL;
142 static void cb_base(const char *arg) { opt_base = arg; }
143
144 const char *opt_privdrop_user = NULL;
145 static void cb_user(const char *arg) { opt_privdrop_user = arg; }
146
147 const char *daylog_fn = NULL;
148 static void cb_daylog(const char *arg)
149 {
150 if (opt_chroot_dir == NULL)
151 errx(1, "the daylog file is relative to the chroot.\n"
152 "You must specify a --chroot dir before you can use --daylog.");
153 else
154 daylog_fn = arg;
155 }
156
157 const char *import_fn = NULL;
158 static void cb_import(const char *arg)
159 {
160 if (opt_chroot_dir == NULL)
161 errx(1, "the import file is relative to the chroot.\n"
162 "You must specify a --chroot dir before you can use --import.");
163 else
164 import_fn = arg;
165 }
166
167 const char *export_fn = NULL;
168 static void cb_export(const char *arg)
169 {
170 if ((opt_chroot_dir == NULL) && (opt_capfile == NULL))
171 errx(1, "the export file is relative to the chroot.\n"
172 "You must specify a --chroot dir before you can use --export.");
173 else
174 export_fn = arg;
175 }
176
177 static const char *pid_fn = NULL;
178 static void cb_pidfile(const char *arg)
179 {
180 if (opt_chroot_dir == NULL)
181 errx(1, "the pidfile is relative to the chroot.\n"
182 "You must specify a --chroot dir before you can use --pidfile.");
183 else
184 pid_fn = arg;
185 }
186
187 unsigned int opt_hosts_max = 1000;
188 static void cb_hosts_max(const char *arg)
189 { opt_hosts_max = parsenum(arg, 0); }
190
191 unsigned int opt_hosts_keep = 500;
192 static void cb_hosts_keep(const char *arg)
193 { opt_hosts_keep = parsenum(arg, 0); }
194
195 unsigned int opt_ports_max = 200;
196 static void cb_ports_max(const char *arg)
197 { opt_ports_max = parsenum(arg, 65536); }
198
199 unsigned int opt_ports_keep = 30;
200 static void cb_ports_keep(const char *arg)
201 { opt_ports_keep = parsenum(arg, 65536); }
202
203 unsigned int opt_highest_port = 65535;
204 static void cb_highest_port(const char *arg)
205 { opt_highest_port = parsenum(arg, 65535); }
206
207 int opt_wait_secs = -1;
208 static void cb_wait_secs(const char *arg)
209 { opt_wait_secs = (int)parsenum(arg, 0); }
210
211 int opt_want_hexdump = 0;
212 static void cb_hexdump(const char *arg _unused_) { opt_want_hexdump = 1; }
213
214 /* --- */
215
216 struct cmdline_arg {
217 const char *name, *arg_name; /* NULL arg_name means unary */
218 void (*callback)(const char *arg);
219 int num_seen;
220 };
221
222 static struct cmdline_arg cmdline_args[] = {
223 {"-i", "interface", cb_interface, 0},
224 {"-r", "file", cb_capfile, 0},
225 {"--snaplen", "bytes", cb_snaplen, 0},
226 {"--pppoe", NULL, cb_pppoe, 0},
227 {"--syslog", NULL, cb_syslog, 0},
228 {"--verbose", NULL, cb_verbose, 0},
229 {"--no-daemon", NULL, cb_no_daemon, 0},
230 {"--no-promisc", NULL, cb_no_promisc, 0},
231 {"--no-dns", NULL, cb_no_dns, 0},
232 {"--no-macs", NULL, cb_no_macs, 0},
233 {"--no-lastseen", NULL, cb_no_lastseen, 0},
234 {"-p", "port", cb_port, 0},
235 {"-b", "bindaddr", cb_bindaddr, 0},
236 {"--base", "path", cb_base, 0},
237 {"-f", "filter", cb_filter, 0},
238 {"-l", "network/netmask", cb_local, 0},
239 {"--chroot", "dir", cb_chroot, 0},
240 {"--user", "username", cb_user, 0},
241 {"--daylog", "filename", cb_daylog, 0},
242 {"--import", "filename", cb_import, 0},
243 {"--export", "filename", cb_export, 0},
244 {"--pidfile", "filename", cb_pidfile, 0},
245 {"--hosts-max", "count", cb_hosts_max, 0},
246 {"--hosts-keep", "count", cb_hosts_keep, 0},
247 {"--ports-max", "count", cb_ports_max, 0},
248 {"--ports-keep", "count", cb_ports_keep, 0},
249 {"--highest-port", "port", cb_highest_port, 0},
250 {"--wait", "secs", cb_wait_secs, 0},
251 {"--hexdump", NULL, cb_hexdump, 0},
252 {NULL, NULL, NULL, 0}
253 };
254
255 static void
256 pad(const int width)
257 {
258 int i;
259 for (i=0; i<width; i++) printf(" ");
260 }
261
262 /*
263 * We autogenerate the usage statement from the cmdline_args data structure.
264 */
265 static void
266 usage(void)
267 {
268 int width, first;
269 struct cmdline_arg *arg;
270
271 printf(PACKAGE_STRING " (built with libpcap %d.%d)\n\n",
272 PCAP_VERSION_MAJOR, PCAP_VERSION_MINOR);
273
274 width = printf("usage: darkstat ");
275 first = 1;
276
277 for (arg = cmdline_args; arg->name != NULL; arg++) {
278 if (first) first = 0; else pad(width);
279 printf("[ %s", arg->name);
280 if (arg->arg_name != NULL) printf(" %s", arg->arg_name);
281 printf(" ]\n");
282 }
283 printf("\n"
284 "Please refer to the darkstat(8) manual page for further\n"
285 "documentation and usage examples.\n");
286 }
287
288 static void
289 parse_sub_cmdline(const int argc, char * const *argv)
290 {
291 struct cmdline_arg *arg;
292
293 if (argc == 0) return;
294 for (arg = cmdline_args; arg->name != NULL; arg++)
295 if (strcmp(argv[0], arg->name) == 0) {
296 if ((arg->arg_name != NULL) && (argc == 1)) {
297 fprintf(stderr,
298 "error: argument \"%s\" requires parameter \"%s\"\n",
299 arg->name, arg->arg_name);
300 usage();
301 exit(EXIT_FAILURE);
302 }
303 if (arg->num_seen > 0) {
304 fprintf(stderr,
305 "error: already specified argument \"%s\"\n",
306 arg->name);
307 usage();
308 exit(EXIT_FAILURE);
309 }
310
311 arg->num_seen++;
312 if (arg->arg_name == NULL) {
313 arg->callback(NULL);
314 parse_sub_cmdline(argc-1, argv+1);
315 } else {
316 arg->callback(argv[1]);
317 parse_sub_cmdline(argc-2, argv+2);
318 }
319 return;
320 }
321
322 fprintf(stderr, "error: illegal argument: \"%s\"\n", argv[0]);
323 usage();
324 exit(EXIT_FAILURE);
325 }
326
327 static void
328 parse_cmdline(const int argc, char * const *argv)
329 {
330 if (argc < 1) {
331 /* Not enough args. */
332 usage();
333 exit(EXIT_FAILURE);
334 }
335
336 parse_sub_cmdline(argc, argv);
337
338 /* start syslogging as early as possible */
339 if (opt_want_syslog) openlog("darkstat", LOG_NDELAY | LOG_PID, LOG_DAEMON);
340
341 /* some default values */
342 if (opt_chroot_dir == NULL) opt_chroot_dir = CHROOT_DIR;
343 if (opt_privdrop_user == NULL) opt_privdrop_user = PRIVDROP_USER;
344
345 /* sanity check args */
346 if ((opt_interface == NULL) && (opt_capfile == NULL))
347 errx(1, "must specify either interface (-i) or capture file (-r)");
348
349 if ((opt_interface != NULL) && (opt_capfile != NULL))
350 errx(1, "can't specify both interface (-i) and capture file (-r)");
351
352 if ((opt_hosts_max != 0) && (opt_hosts_keep >= opt_hosts_max)) {
353 opt_hosts_keep = opt_hosts_max / 2;
354 warnx("reducing --hosts-keep to %u, to be under --hosts-max (%u)",
355 opt_hosts_keep, opt_hosts_max);
356 }
357 verbosef("max %u hosts, cutting down to %u when exceeded",
358 opt_hosts_max, opt_hosts_keep);
359
360 if ((opt_ports_max != 0) && (opt_ports_keep >= opt_ports_max)) {
361 opt_ports_keep = opt_ports_max / 2;
362 warnx("reducing --ports-keep to %u, to be under --ports-max (%u)",
363 opt_ports_keep, opt_ports_max);
364 }
365 verbosef("max %u ports per host, cutting down to %u when exceeded",
366 opt_ports_max, opt_ports_keep);
367
368 if (opt_want_hexdump && !opt_want_verbose) {
369 opt_want_verbose = 1;
370 verbosef("--hexdump implies --verbose");
371 }
372
373 if (opt_want_hexdump && opt_want_daemonize) {
374 opt_want_daemonize = 0;
375 verbosef("--hexdump implies --no-daemon");
376 }
377 }
378
379 static void
380 run_from_capfile(void)
381 {
382 graph_init();
383 hosts_db_init();
384 cap_from_file(opt_capfile, opt_filter);
385 cap_stop();
386 if (export_fn != NULL) db_export(export_fn);
387 hosts_db_free();
388 graph_free();
389 verbosef("Total packets: %qu, bytes: %qu",
390 acct_total_packets, acct_total_bytes);
391 }
392
393 /* --- Program body --- */
394 int
395 main(int argc, char **argv)
396 {
397 test_64order();
398 parse_cmdline(argc-1, argv+1);
399
400 if (opt_capfile) {
401 /*
402 * This is very different from a regular run against a network
403 * interface.
404 */
405 run_from_capfile();
406 return 0;
407 }
408
409 /* must verbosef() before first fork to init lock */
410 verbosef("starting up");
411 if (pid_fn) pidfile_create(opt_chroot_dir, pid_fn, opt_privdrop_user);
412
413 if (opt_want_daemonize) {
414 verbosef("daemonizing to run in the background!");
415 daemonize_start();
416 verbosef("I am the main process");
417 }
418 if (pid_fn) pidfile_write_close();
419
420 /* do this first as it forks - minimize memory use */
421 if (opt_want_dns) dns_init(opt_privdrop_user);
422 cap_init(opt_interface, opt_filter, opt_want_promisc); /* needs root */
423 http_init(opt_base, opt_bindaddr, opt_bindport, /*maxconn=*/-1);
424 ncache_init(); /* must do before chroot() */
425
426 privdrop(opt_chroot_dir, opt_privdrop_user);
427
428 /* Don't need root privs for these: */
429 now = time(NULL);
430 if (daylog_fn != NULL) daylog_init(daylog_fn);
431 graph_init();
432 hosts_db_init();
433 if (import_fn != NULL) db_import(import_fn);
434 localip_init(opt_interface);
435
436 if (signal(SIGTERM, sig_shutdown) == SIG_ERR)
437 errx(1, "signal(SIGTERM) failed");
438 if (signal(SIGINT, sig_shutdown) == SIG_ERR)
439 errx(1, "signal(SIGINT) failed");
440 if (signal(SIGUSR1, sig_reset) == SIG_ERR)
441 errx(1, "signal(SIGUSR1) failed");
442 if (signal(SIGUSR2, sig_export) == SIG_ERR)
443 errx(1, "signal(SIGUSR2) failed");
444
445 verbosef("entering main loop");
446 daemonize_finish();
447
448 while (running) {
449 int select_ret, max_fd = -1, use_timeout = 0;
450 struct timeval timeout;
451 fd_set rs, ws;
452
453 now = time(NULL);
454
455 if (export_pending) {
456 if (export_fn != NULL)
457 db_export(export_fn);
458 export_pending = 0;
459 }
460
461 if (reset_pending) {
462 hosts_db_reset();
463 graph_reset();
464 reset_pending = 0;
465 }
466
467 FD_ZERO(&rs);
468 FD_ZERO(&ws);
469
470 cap_fd_set(&rs, &max_fd, &timeout, &use_timeout);
471 http_fd_set(&rs, &ws, &max_fd, &timeout, &use_timeout);
472
473 select_ret = select(max_fd+1, &rs, &ws, NULL,
474 (use_timeout) ? &timeout : NULL);
475
476 if ((select_ret == 0) && (!use_timeout))
477 errx(1, "select() erroneously timed out");
478
479 if (select_ret == -1) {
480 if (errno == EINTR)
481 continue;
482 else
483 err(1, "select()");
484 }
485 else {
486 graph_rotate();
487 cap_poll(&rs);
488 dns_poll();
489 http_poll(&rs, &ws);
490 }
491 }
492
493 verbosef("shutting down");
494 verbosef("pcap stats: %u packets received, %u packets dropped",
495 cap_pkts_recv, cap_pkts_drop);
496 http_stop();
497 cap_stop();
498 dns_stop();
499 if (export_fn != NULL) db_export(export_fn);
500 hosts_db_free();
501 graph_free();
502 if (daylog_fn != NULL) daylog_free();
503 ncache_free();
504 if (pid_fn) pidfile_unlink();
505 verbosef("shut down");
506 return (EXIT_SUCCESS);
507 }
508
509 /* vim:set ts=3 sw=3 tw=78 expandtab: */