2 * copyright (c) 2001-2009 Emil Mikulic.
4 * hosts_db.c: database of hosts, ports, protocols.
6 * You may use, modify and redistribute this file under the terms of the
7 * GNU General Public License version 2. (see COPYING.GPL)
21 #include <arpa/inet.h> /* inet_aton() */
22 #include <netdb.h> /* struct addrinfo */
27 #include <string.h> /* memset(), strcmp() */
30 extern int want_lastseen
;
31 int show_mac_addrs
= 0;
32 extern const char *interface
;
34 /* FIXME: specify somewhere more sane/tunable */
35 #define MAX_ENTRIES 30 /* in an HTML table rendered from a hashtable */
37 typedef uint32_t (hash_func_t
)(const struct hashtable
*, const void *);
38 typedef void (free_func_t
)(struct bucket
*);
39 typedef const void * (key_func_t
)(const struct bucket
*);
40 typedef int (find_func_t
)(const struct bucket
*, const void *);
41 typedef struct bucket
* (make_func_t
)(const void *);
42 typedef void (format_cols_func_t
)(struct str
*);
43 typedef void (format_row_func_t
)(struct str
*, const struct bucket
*,
47 uint8_t bits
; /* size of hashtable in bits */
49 uint32_t count
, count_max
, count_keep
; /* items in table */
50 uint32_t coeff
; /* coefficient for Fibonacci hashing */
51 struct bucket
**table
;
54 uint64_t inserts
, searches
, deletions
, rehashes
;
57 hash_func_t
*hash_func
;
58 /* returns hash value of given key (passed as void*) */
60 free_func_t
*free_func
;
61 /* free of bucket payload */
64 /* returns pointer to key of bucket (to pass to hash_func) */
66 find_func_t
*find_func
;
67 /* returns true if given bucket matches key (passed as void*) */
69 make_func_t
*make_func
;
70 /* returns bucket containing new record with key (passed as void*) */
72 format_cols_func_t
*format_cols_func
;
73 /* append table columns to str */
75 format_row_func_t
*format_row_func
;
76 /* format record and append to str */
79 static void hashtable_reduce(struct hashtable
*ht
);
80 static void hashtable_free(struct hashtable
*h
);
82 #define HOST_BITS 1 /* initial size of hosts table */
83 #define PORT_BITS 1 /* initial size of ports tables */
84 #define PROTO_BITS 1 /* initial size of proto table */
86 /* We only use one hosts_db hashtable and this is it. */
87 static struct hashtable
*hosts_db
= NULL
;
89 /* phi^-1 (reciprocal of golden ratio) = (sqrt(5) - 1) / 2 */
90 static const double phi_1
=
91 0.61803398874989490252573887119069695472717285156250;
93 /* Co-prime of u, using phi^-1 */
94 inline static uint32_t
95 coprime(const uint32_t u
)
97 return ( (uint32_t)( (double)(u
) * phi_1
) | 1U );
101 * This is the "recommended" IPv4 hash function, as seen in FreeBSD's
102 * src/sys/netinet/tcp_hostcache.c 1.1
104 inline static uint32_t
105 ipv4_hash(const struct in_addr
*const ip
)
107 return ( (ip
->s_addr
) ^ ((ip
->s_addr
) >> 7) ^ ((ip
->s_addr
) >> 17) );
111 /* Covers OpenBSD and FreeBSD. The macro __USE_GNU has
112 * taken care of GNU/Linux and GNU/kfreebsd. */
113 # define s6_addr32 __u6_addr.__u6_addr32
117 * This is the IPv6 hash function used by FreeBSD in the same file as above,
120 inline static uint32_t
121 ipv6_hash(const struct in6_addr
*const ip6
)
123 return ( ip6
->s6_addr32
[0] ^ ip6
->s6_addr32
[1] ^ ip6
->s6_addr32
[2] ^ ip6
->s6_addr32
[3] );
126 /* ---------------------------------------------------------------------------
127 * hash_func collection
129 #define CASTKEY(type) (*((const type *)key))
132 hash_func_host(const struct hashtable
*h _unused_
, const void *key
)
134 struct addr46
*ip
= (struct addr46
*) key
;
138 return (ipv4_hash(&ip
->addr
.ip
));
140 return (ipv6_hash(&ip
->addr
.ip6
));
147 hash_func_short(const struct hashtable
*h
, const void *key
)
149 return (CASTKEY(uint16_t) * h
->coeff
);
153 hash_func_byte(const struct hashtable
*h
, const void *key
)
155 return (CASTKEY(uint8_t) * h
->coeff
);
158 /* ---------------------------------------------------------------------------
159 * key_func collection
163 key_func_host(const struct bucket
*b
)
165 return &(b
->u
.host
.ipaddr
);
169 key_func_port_tcp(const struct bucket
*b
)
171 return &(b
->u
.port_tcp
.port
);
175 key_func_port_udp(const struct bucket
*b
)
177 return &(b
->u
.port_udp
.port
);
181 key_func_ip_proto(const struct bucket
*b
)
183 return &(b
->u
.ip_proto
.proto
);
186 /* ---------------------------------------------------------------------------
187 * find_func collection
191 find_func_host(const struct bucket
*b
, const void *key
)
193 struct addr46
*ipaddr
= (struct addr46
*) key
;
195 if (b
->u
.host
.ipaddr
.af
!= ipaddr
->af
)
196 return 0; /* not comparable */
198 switch (ipaddr
->af
) {
200 return (memcmp(&b
->u
.host
.ipaddr
.addr
.ip
,
201 &ipaddr
->addr
.ip
, sizeof(ipaddr
->addr
.ip
))
204 return (memcmp(&b
->u
.host
.ipaddr
.addr
.ip6
,
205 &ipaddr
->addr
.ip6
, sizeof(ipaddr
->addr
.ip6
))
213 find_func_port_tcp(const struct bucket
*b
, const void *key
)
215 return (b
->u
.port_tcp
.port
== CASTKEY(uint16_t));
219 find_func_port_udp(const struct bucket
*b
, const void *key
)
221 return (b
->u
.port_udp
.port
== CASTKEY(uint16_t));
225 find_func_ip_proto(const struct bucket
*b
, const void *key
)
227 return (b
->u
.ip_proto
.proto
== CASTKEY(uint8_t));
230 /* ---------------------------------------------------------------------------
231 * make_func collection
234 #define MAKE_BUCKET(name_bucket, name_content, type) struct { \
235 struct bucket *next; \
236 uint64_t in, out, total; \
237 union { struct type t; } u; } _custom_bucket; \
238 struct bucket *name_bucket = xcalloc(1, sizeof(_custom_bucket)); \
239 struct type *name_content = &(name_bucket->u.type); \
240 name_bucket->next = NULL; \
241 name_bucket->in = name_bucket->out = name_bucket->total = 0;
243 static struct bucket
*
244 make_func_host(const void *key
)
246 MAKE_BUCKET(b
, h
, host
);
247 memcpy(&h
->ipaddr
, key
, sizeof(h
->ipaddr
));
250 memset(&h
->mac_addr
, 0, sizeof(h
->mac_addr
));
258 free_func_host(struct bucket
*b
)
260 struct host
*h
= &(b
->u
.host
);
261 if (h
->dns
!= NULL
) free(h
->dns
);
262 hashtable_free(h
->ports_tcp
);
263 hashtable_free(h
->ports_udp
);
264 hashtable_free(h
->ip_protos
);
267 static struct bucket
*
268 make_func_port_tcp(const void *key
)
270 MAKE_BUCKET(b
, p
, port_tcp
);
271 p
->port
= CASTKEY(uint16_t);
276 static struct bucket
*
277 make_func_port_udp(const void *key
)
279 MAKE_BUCKET(b
, p
, port_udp
);
280 p
->port
= CASTKEY(uint16_t);
284 static struct bucket
*
285 make_func_ip_proto(const void *key
)
287 MAKE_BUCKET(b
, p
, ip_proto
);
288 p
->proto
= CASTKEY(uint8_t);
293 free_func_simple(struct bucket
*b _unused_
)
298 /* ---------------------------------------------------------------------------
299 * format_func collection (ordered by struct)
303 format_cols_host(struct str
*buf
)
305 /* FIXME: don't clobber parts of the query string
306 * specifically "full" and "start"
307 * when setting sort direction
313 " <th>Hostname</th>\n");
314 if (show_mac_addrs
) str_append(buf
,
315 " <th>MAC Address</th>\n");
317 " <th><a href=\"?sort=in\">In</a></th>\n"
318 " <th><a href=\"?sort=out\">Out</a></th>\n"
319 " <th><a href=\"?sort=total\">Total</a></th>\n");
320 if (want_lastseen
) str_append(buf
,
321 " <th><a href=\"?sort=lastseen\">Last seen</a></th>\n");
327 format_row_host(struct str
*buf
, const struct bucket
*b
,
328 const char *css_class
)
330 const char *ip
= ip_to_str( &b
->u
.host
.ipaddr
);
333 "<tr class=\"%s\">\n"
334 " <td><a href=\"/hosts/%s/\">%s</a></td>\n"
338 (b
->u
.host
.dns
== NULL
) ? "" : b
->u
.host
.dns
);
342 " <td><tt>%x:%x:%x:%x:%x:%x</tt></td>\n",
343 b
->u
.host
.mac_addr
[0],
344 b
->u
.host
.mac_addr
[1],
345 b
->u
.host
.mac_addr
[2],
346 b
->u
.host
.mac_addr
[3],
347 b
->u
.host
.mac_addr
[4],
348 b
->u
.host
.mac_addr
[5]);
351 " <td class=\"num\">%'qu</td>\n"
352 " <td class=\"num\">%'qu</td>\n"
353 " <td class=\"num\">%'qu</td>\n",
354 b
->in
, b
->out
, b
->total
);
357 time_t last_t
= b
->u
.host
.last_seen
;
358 struct str
*lastseen
= NULL
;
361 lastseen
= length_of_time(now
- last_t
);
364 " <td class=\"num\">");
365 if (lastseen
== NULL
)
366 str_append(buf
, "(clock error)");
368 str_appendstr(buf
, lastseen
);
378 /* Only resolve hosts "on demand" */
379 if (b
->u
.host
.dns
== NULL
)
380 dns_queue(&b
->u
.host
.ipaddr
);
384 format_cols_port_tcp(struct str
*buf
)
390 " <th>Service</td>\n"
400 format_row_port_tcp(struct str
*buf
, const struct bucket
*b
,
401 const char *css_class
)
403 const struct port_tcp
*p
= &(b
->u
.port_tcp
);
406 "<tr class=\"%s\">\n"
407 " <td class=\"num\">%u</td>\n"
409 " <td class=\"num\">%'qu</td>\n"
410 " <td class=\"num\">%'qu</td>\n"
411 " <td class=\"num\">%'qu</td>\n"
412 " <td class=\"num\">%'qu</td>\n"
415 p
->port
, getservtcp(p
->port
), b
->in
, b
->out
, b
->total
, p
->syn
420 format_cols_port_udp(struct str
*buf
)
426 " <th>Service</td>\n"
435 format_row_port_udp(struct str
*buf
, const struct bucket
*b
,
436 const char *css_class
)
438 const struct port_udp
*p
= &(b
->u
.port_udp
);
441 "<tr class=\"%s\">\n"
442 " <td class=\"num\">%u</td>\n"
444 " <td class=\"num\">%'qu</td>\n"
445 " <td class=\"num\">%'qu</td>\n"
446 " <td class=\"num\">%'qu</td>\n"
449 p
->port
, getservudp(p
->port
), b
->in
, b
->out
, b
->total
454 format_cols_ip_proto(struct str
*buf
)
460 " <th>Protocol</td>\n"
469 format_row_ip_proto(struct str
*buf
, const struct bucket
*b
,
470 const char *css_class
)
472 const struct ip_proto
*p
= &(b
->u
.ip_proto
);
475 "<tr class=\"%s\">\n"
476 " <td class=\"num\">%u</td>\n"
478 " <td class=\"num\">%'qu</td>\n"
479 " <td class=\"num\">%'qu</td>\n"
480 " <td class=\"num\">%'qu</td>\n"
483 p
->proto
, getproto(p
->proto
),
484 b
->in
, b
->out
, b
->total
488 /* ---------------------------------------------------------------------------
489 * Initialise a hashtable.
491 static struct hashtable
*
492 hashtable_make(const uint8_t bits
,
493 const unsigned int count_max
,
494 const unsigned int count_keep
,
495 hash_func_t
*hash_func
,
496 free_func_t
*free_func
,
497 key_func_t
*key_func
,
498 find_func_t
*find_func
,
499 make_func_t
*make_func
,
500 format_cols_func_t
*format_cols_func
,
501 format_row_func_t
*format_row_func
)
503 struct hashtable
*hash
;
506 hash
= xmalloc(sizeof(*hash
));
508 hash
->count_max
= count_max
;
509 hash
->count_keep
= count_keep
;
510 hash
->size
= 1U << bits
;
511 hash
->mask
= hash
->size
- 1;
512 hash
->coeff
= coprime(hash
->size
);
513 hash
->hash_func
= hash_func
;
514 hash
->free_func
= free_func
;
515 hash
->key_func
= key_func
;
516 hash
->find_func
= find_func
;
517 hash
->make_func
= make_func
;
518 hash
->format_cols_func
= format_cols_func
;
519 hash
->format_row_func
= format_row_func
;
521 hash
->table
= xcalloc(hash
->size
, sizeof(*hash
->table
));
522 memset(&(hash
->stats
), 0, sizeof(hash
->stats
));
526 /* ---------------------------------------------------------------------------
527 * Initialise global hosts_db.
532 assert(hosts_db
== NULL
);
533 hosts_db
= hashtable_make(HOST_BITS
, hosts_max
, hosts_keep
,
534 hash_func_host
, free_func_host
, key_func_host
, find_func_host
,
535 make_func_host
, format_cols_host
, format_row_host
);
539 hashtable_rehash(struct hashtable
*h
, const uint8_t bits
)
541 struct bucket
**old_table
, **new_table
;
542 uint32_t i
, old_size
;
548 old_table
= h
->table
;
551 h
->size
= 1U << bits
;
552 h
->mask
= h
->size
- 1;
553 h
->coeff
= coprime(h
->size
);
554 new_table
= xcalloc(h
->size
, sizeof(*new_table
));
556 for (i
=0; i
<old_size
; i
++) {
557 struct bucket
*next
, *b
= old_table
[i
];
559 uint32_t pos
= h
->hash_func(h
, h
->key_func(b
)) & h
->mask
;
561 b
->next
= new_table
[pos
];
568 h
->table
= new_table
;
572 hashtable_insert(struct hashtable
*h
, struct bucket
*b
)
577 assert(b
->next
== NULL
);
579 /* Rehash on 80% occupancy */
580 if ((h
->count
> h
->size
) ||
581 ((h
->size
- h
->count
) < h
->size
/ 5))
582 hashtable_rehash(h
, h
->bits
+1);
584 pos
= h
->hash_func(h
, h
->key_func(b
)) & h
->mask
;
585 if (h
->table
[pos
] == NULL
)
588 /* Insert at top of chain. */
589 b
->next
= h
->table
[pos
];
596 /* Return bucket matching key, or NULL if no such entry. */
597 static struct bucket
*
598 hashtable_search(struct hashtable
*h
, const void *key
)
604 pos
= h
->hash_func(h
, key
) & h
->mask
;
607 if (h
->find_func(b
, key
))
615 /* Search for a key. If it's not there, make and insert a bucket for it. */
616 static struct bucket
*
617 hashtable_find_or_insert(struct hashtable
*h
, const void *key
)
619 struct bucket
*b
= hashtable_search(h
, key
);
622 /* Not found, so insert after checking occupancy. */
623 /*assert(h->count <= h->count_max);*/
624 if (h
->count
>= h
->count_max
) hashtable_reduce(h
);
625 b
= h
->make_func(key
);
626 hashtable_insert(h
, b
);
632 * Frees the hashtable and the buckets. The contents are assumed to be
633 * "simple" -- i.e. no "destructor" action is required beyond simply freeing
637 hashtable_free(struct hashtable
*h
)
643 for (i
=0; i
<h
->size
; i
++) {
644 struct bucket
*tmp
, *b
= h
->table
[i
];
656 /* ---------------------------------------------------------------------------
657 * Return existing host or insert a new one.
660 host_get(const struct addr46
*const ip
)
662 return (hashtable_find_or_insert(hosts_db
, ip
));
665 /* ---------------------------------------------------------------------------
666 * Find host, returns NULL if not in DB.
669 host_find(const struct addr46
*const ip
)
671 return (hashtable_search(hosts_db
, ip
));
674 /* ---------------------------------------------------------------------------
675 * Find host, returns NULL if not in DB.
677 static struct bucket
*
678 host_search(const char *ipstr
)
680 struct addr46 ipaddr
;
681 struct sockaddr_storage ss
;
682 struct addrinfo hints
, *ai
;
684 memset(&hints
, 0, sizeof(hints
));
685 hints
.ai_family
= AF_UNSPEC
;
686 hints
.ai_flags
= AI_NUMERICHOST
;
688 if (getaddrinfo(ipstr
, NULL
, &hints
, &ai
))
689 return (NULL
); /* invalid addr */
691 memcpy(&ss
, ai
->ai_addr
, ai
->ai_addrlen
);
694 ipaddr
.af
= ss
.ss_family
;
695 switch (ss
.ss_family
) {
697 memcpy(&ipaddr
.addr
.ip
, &((struct sockaddr_in
*) &ss
)->sin_addr
,
698 sizeof(ipaddr
.addr
.ip
));
701 memcpy(&ipaddr
.addr
.ip6
, &((struct sockaddr_in6
*) &ss
)->sin6_addr
,
702 sizeof(ipaddr
.addr
.ip6
));
708 return (hashtable_search(hosts_db
, &ipaddr
));
711 /* ---------------------------------------------------------------------------
712 * Reduce a hashtable to the top <keep> entries.
715 hashtable_reduce(struct hashtable
*ht
)
717 uint32_t i
, pos
, rmd
;
718 const struct bucket
**table
;
721 assert(ht
->count_keep
< ht
->count
);
723 /* Fill table with pointers to buckets in hashtable. */
724 table
= xcalloc(ht
->count
, sizeof(*table
));
725 for (pos
=0, i
=0; i
<ht
->size
; i
++) {
726 struct bucket
*b
= ht
->table
[i
];
732 assert(pos
== ht
->count
);
733 qsort_buckets(table
, ht
->count
, 0, ht
->count_keep
, TOTAL
);
734 cutoff
= table
[ht
->count_keep
]->total
;
737 /* Remove all elements with total <= cutoff. */
739 for (i
=0; i
<ht
->size
; i
++) {
740 struct bucket
*last
= NULL
, *next
, *b
= ht
->table
[i
];
743 if (b
->total
<= cutoff
) {
744 /* Remove this one. */
759 verbosef("hashtable_reduce: removed %u buckets, left %u",
761 hashtable_rehash(ht
, ht
->bits
); /* is this needed? */
764 /* ---------------------------------------------------------------------------
765 * Reset hosts_db to empty.
772 for (i
=0; i
<hosts_db
->size
; i
++) {
773 struct bucket
*next
, *b
= hosts_db
->table
[i
];
776 hosts_db
->free_func(b
);
780 hosts_db
->table
[i
] = NULL
;
782 verbosef("hosts_db reset to empty, freed %u hosts", hosts_db
->count
);
786 /* ---------------------------------------------------------------------------
787 * Deallocate hosts_db.
789 void hosts_db_free(void)
793 assert(hosts_db
!= NULL
);
794 for (i
=0; i
<hosts_db
->size
; i
++) {
795 struct bucket
*tmp
, *b
= hosts_db
->table
[i
];
799 hosts_db
->free_func(tmp
);
803 free(hosts_db
->table
);
808 /* ---------------------------------------------------------------------------
809 * Find or create a port_tcp inside a host.
812 host_get_port_tcp(struct bucket
*host
, const uint16_t port
)
814 struct host
*h
= &host
->u
.host
;
816 if (h
->ports_tcp
== NULL
)
817 h
->ports_tcp
= hashtable_make(PORT_BITS
, ports_max
, ports_keep
,
818 hash_func_short
, free_func_simple
, key_func_port_tcp
,
819 find_func_port_tcp
, make_func_port_tcp
,
820 format_cols_port_tcp
, format_row_port_tcp
);
821 return (hashtable_find_or_insert(h
->ports_tcp
, &port
));
824 /* ---------------------------------------------------------------------------
825 * Find or create a port_udp inside a host.
828 host_get_port_udp(struct bucket
*host
, const uint16_t port
)
830 struct host
*h
= &host
->u
.host
;
832 if (h
->ports_udp
== NULL
)
833 h
->ports_udp
= hashtable_make(PORT_BITS
, ports_max
, ports_keep
,
834 hash_func_short
, free_func_simple
, key_func_port_udp
,
835 find_func_port_udp
, make_func_port_udp
,
836 format_cols_port_udp
, format_row_port_udp
);
837 return (hashtable_find_or_insert(h
->ports_udp
, &port
));
840 /* ---------------------------------------------------------------------------
841 * Find or create an ip_proto inside a host.
844 host_get_ip_proto(struct bucket
*host
, const uint8_t proto
)
846 struct host
*h
= &host
->u
.host
;
847 static const unsigned int PROTOS_MAX
= 512, PROTOS_KEEP
= 256;
849 if (h
->ip_protos
== NULL
)
850 h
->ip_protos
= hashtable_make(PROTO_BITS
, PROTOS_MAX
, PROTOS_KEEP
,
851 hash_func_byte
, free_func_simple
, key_func_ip_proto
,
852 find_func_ip_proto
, make_func_ip_proto
,
853 format_cols_ip_proto
, format_row_ip_proto
);
854 return (hashtable_find_or_insert(h
->ip_protos
, &proto
));
857 static struct str
*html_hosts_main(const char *qs
);
858 static struct str
*html_hosts_detail(const char *ip
);
860 /* ---------------------------------------------------------------------------
861 * Web interface: delegate the /hosts/ space.
864 html_hosts(const char *uri
, const char *query
)
867 char **elem
= split('/', uri
, &num_elems
);
868 struct str
*buf
= NULL
;
870 assert(num_elems
>= 1);
871 assert(strcmp(elem
[0], "hosts") == 0);
875 buf
= html_hosts_main(query
);
876 else if (num_elems
== 2)
877 /* /hosts/<IP of host>/ */
878 buf
= html_hosts_detail(elem
[1]);
880 for (i
=0; i
<num_elems
; i
++)
883 return (buf
); /* FIXME: a NULL here becomes 404 Not Found, we might want
884 other codes to be possible */
887 /* ---------------------------------------------------------------------------
888 * Format hashtable into HTML.
891 format_table(struct str
*buf
, struct hashtable
*ht
, int start
,
892 const enum sort_dir sort
, const int full
)
894 const struct bucket
**table
;
895 uint32_t i
, pos
, end
;
898 if ((ht
== NULL
) || (ht
->count
== 0)) {
899 str_append(buf
, "<p>The table is empty.</p>\n");
903 /* Fill table with pointers to buckets in hashtable. */
904 table
= xcalloc(ht
->count
, sizeof(*table
));
905 for (pos
=0, i
=0; i
<ht
->size
; i
++) {
906 struct bucket
*b
= ht
->table
[i
];
912 assert(pos
== ht
->count
);
915 /* full report overrides start and end */
919 end
= min(ht
->count
, (uint32_t)start
+MAX_ENTRIES
);
921 str_appendf(buf
, "(%u-%u of %u)<br/>\n", start
+1, end
, ht
->count
);
922 qsort_buckets(table
, ht
->count
, start
, end
, sort
);
923 ht
->format_cols_func(buf
);
925 for (i
=start
; i
<end
; i
++) {
926 ht
->format_row_func(buf
, table
[i
], alt
? "alt1" : "alt2");
927 alt
= !alt
; /* alternate class for table rows */
930 str_append(buf
, "</table>\n");
933 /* ---------------------------------------------------------------------------
934 * Web interface: sorted table of hosts.
937 html_hosts_main(const char *qs
)
939 struct str
*buf
= str_make();
940 char *qs_start
, *qs_sort
, *qs_full
, *ep
;
945 /* parse query string */
946 qs_start
= qs_get(qs
, "start");
947 qs_sort
= qs_get(qs
, "sort");
948 qs_full
= qs_get(qs
, "full");
949 if (qs_full
!= NULL
) {
955 if (qs_sort
== NULL
) sort
= TOTAL
;
956 else if (strcmp(qs_sort
, "total") == 0) sort
= TOTAL
;
957 else if (strcmp(qs_sort
, "in") == 0) sort
= IN
;
958 else if (strcmp(qs_sort
, "out") == 0) sort
= OUT
;
959 else if (strcmp(qs_sort
, "lastseen") == 0) sort
= LASTSEEN
;
961 str_append(buf
, "Error: invalid value for \"sort\".\n");
966 if (qs_start
== NULL
)
969 start
= (int)strtoul(qs_start
, &ep
, 10);
971 str_append(buf
, "Error: \"start\" is not a number.\n");
974 if ((errno
== ERANGE
) ||
975 (start
< 0) || (start
>= (int)hosts_db
->count
)) {
976 str_append(buf
, "Error: \"start\" is out of bounds.\n");
981 #define PREV "<<< prev page"
982 #define NEXT "next page >>>"
983 #define FULL "full table"
985 str_append(buf
, html_header_1
);
986 str_appendf(buf
, " <title>darkstat3: Hosts (%s)</title>\n", interface
);
987 str_append(buf
, html_header_2
);
988 str_appendf(buf
, "<h2 class=\"pageheader\">Hosts (%s)</h2>\n", interface
);
989 format_table(buf
, hosts_db
, start
, sort
, full
);
991 /* <prev | full | stats | next> */
993 if (sortstr
== NULL
) sortstr
= "total";
995 int prev
= max(start
- MAX_ENTRIES
, 0);
996 str_appendf(buf
, "<a href=\"?start=%d&sort=%s\">" PREV
"</a>",
999 str_append(buf
, PREV
);
1002 str_append(buf
, " | " FULL
);
1004 str_appendf(buf
, " | <a href=\"?full=yes&sort=%s\">" FULL
"</a>",
1007 if (start
+MAX_ENTRIES
< (int)hosts_db
->count
)
1008 str_appendf(buf
, " | <a href=\"?start=%d&sort=%s\">" NEXT
"</a>",
1009 start
+MAX_ENTRIES
, sortstr
);
1011 str_append(buf
, " | " NEXT
);
1013 str_append(buf
, "<br/>\n");
1014 str_append(buf
, html_footer
);
1016 if (qs_start
!= NULL
) free(qs_start
);
1017 if (qs_sort
!= NULL
) free(qs_sort
);
1024 /* ---------------------------------------------------------------------------
1025 * Web interface: detailed view of a single host.
1028 html_hosts_detail(const char *ip
)
1031 struct str
*buf
, *ls_len
;
1035 h
= host_search(ip
);
1037 return (NULL
); /* no such host */
1041 str_append(buf
, html_header_1
);
1042 str_appendf(buf
, " <title>%s</title>\n", ip
);
1043 str_append(buf
, html_header_2
);
1047 "<b>Hostname:</b> %s<br/>\n",
1049 (h
->u
.host
.dns
== NULL
)?"(resolving...)":h
->u
.host
.dns
);
1051 /* Resolve host "on demand" */
1052 if (h
->u
.host
.dns
== NULL
)
1053 dns_queue(&h
->u
.host
.ipaddr
);
1057 "<b>MAC Address:</b> "
1058 "<tt>%x:%x:%x:%x:%x:%x</tt><br/>\n",
1059 h
->u
.host
.mac_addr
[0],
1060 h
->u
.host
.mac_addr
[1],
1061 h
->u
.host
.mac_addr
[2],
1062 h
->u
.host
.mac_addr
[3],
1063 h
->u
.host
.mac_addr
[4],
1064 h
->u
.host
.mac_addr
[5]);
1069 "<b>Last seen:</b> ");
1071 ls
= h
->u
.host
.last_seen
;
1072 if (strftime(ls_when
, sizeof(ls_when
),
1073 "%Y-%m-%d %H:%M:%S %Z%z", localtime(&ls
)) != 0)
1074 str_append(buf
, ls_when
);
1076 if (h
->u
.host
.last_seen
<= now
) {
1077 ls_len
= length_of_time(now
- h
->u
.host
.last_seen
);
1078 str_append(buf
, " (");
1079 str_appendstr(buf
, ls_len
);
1081 str_append(buf
, " ago)");
1083 str_append(buf
, " (in the future, possible clock problem)");
1089 " <b>In:</b> %'qu<br/>\n"
1090 " <b>Out:</b> %'qu<br/>\n"
1091 " <b>Total:</b> %'qu<br/>\n"
1093 h
->in
, h
->out
, h
->total
);
1095 str_append(buf
, "<h3>TCP ports</h3>\n");
1096 format_table(buf
, h
->u
.host
.ports_tcp
, 0,TOTAL
,0);
1098 str_append(buf
, "<h3>UDP ports</h3>\n");
1099 format_table(buf
, h
->u
.host
.ports_udp
, 0,TOTAL
,0);
1101 str_append(buf
, "<h3>IP protocols</h3>\n");
1102 format_table(buf
, h
->u
.host
.ip_protos
, 0,TOTAL
,0);
1104 str_append(buf
, html_footer
);
1108 /* ---------------------------------------------------------------------------
1109 * Database import and export code:
1110 * Initially written and contributed by Ben Stewart.
1111 * copyright (c) 2007 Ben Stewart, Emil Mikulic.
1113 static int hosts_db_export_ip(const struct hashtable
*h
, const int fd
);
1114 static int hosts_db_export_tcp(const struct hashtable
*h
, const int fd
);
1115 static int hosts_db_export_udp(const struct hashtable
*h
, const int fd
);
1118 export_proto_ip
= 'P',
1119 export_proto_tcp
= 'T',
1120 export_proto_udp
= 'U';
1122 static const unsigned char
1123 export_tag_host_ver1
[] = {'H', 'S', 'T', 0x01},
1124 export_tag_host_ver2
[] = {'H', 'S', 'T', 0x02};
1126 /* ---------------------------------------------------------------------------
1127 * Load a host's ip_proto table from a file.
1128 * Returns 0 on failure, 1 on success.
1131 hosts_db_import_ip(const int fd
, struct bucket
*host
)
1135 if (!expect8(fd
, export_proto_ip
)) return 0;
1136 if (!read8(fd
, &count
)) return 0;
1138 for (i
=0; i
<count
; i
++) {
1143 if (!read8(fd
, &proto
)) return 0;
1144 if (!read64(fd
, &in
)) return 0;
1145 if (!read64(fd
, &out
)) return 0;
1148 b
= host_get_ip_proto(host
, proto
);
1151 b
->total
= in
+ out
;
1152 assert(b
->u
.ip_proto
.proto
== proto
); /* should be done by make fn */
1157 /* ---------------------------------------------------------------------------
1158 * Load a host's port_tcp table from a file.
1159 * Returns 0 on failure, 1 on success.
1162 hosts_db_import_tcp(const int fd
, struct bucket
*host
)
1166 if (!expect8(fd
, export_proto_tcp
)) return 0;
1167 if (!read16(fd
, &count
)) return 0;
1169 for (i
=0; i
<count
; i
++) {
1172 uint64_t in
, out
, syn
;
1174 if (!read16(fd
, &port
)) return 0;
1175 if (!read64(fd
, &syn
)) return 0;
1176 if (!read64(fd
, &in
)) return 0;
1177 if (!read64(fd
, &out
)) return 0;
1180 b
= host_get_port_tcp(host
, port
);
1183 b
->total
= in
+ out
;
1184 assert(b
->u
.port_tcp
.port
== port
); /* done by make_func_port_tcp */
1185 b
->u
.port_tcp
.syn
= syn
;
1190 /* ---------------------------------------------------------------------------
1191 * Load a host's port_tcp table from a file.
1192 * Returns 0 on failure, 1 on success.
1195 hosts_db_import_udp(const int fd
, struct bucket
*host
)
1199 if (!expect8(fd
, export_proto_udp
)) return 0;
1200 if (!read16(fd
, &count
)) return 0;
1202 for (i
=0; i
<count
; i
++) {
1207 if (!read16(fd
, &port
)) return 0;
1208 if (!read64(fd
, &in
)) return 0;
1209 if (!read64(fd
, &out
)) return 0;
1212 b
= host_get_port_udp(host
, port
);
1215 b
->total
= in
+ out
;
1216 assert(b
->u
.port_udp
.port
== port
); /* done by make_func */
1221 /* ---------------------------------------------------------------------------
1222 * Load all hosts from a file.
1223 * Returns 0 on failure, 1 on success.
1226 hosts_db_import_host(const int fd
)
1228 struct bucket
*host
;
1229 struct addr46 ipaddr
;
1230 uint8_t hostname_len
;
1232 unsigned int pos
= xtell(fd
);
1236 if (!readn(fd
, hdr
, sizeof(hdr
))) return 0;
1237 if (memcmp(hdr
, export_tag_host_ver2
, sizeof(hdr
)) == 0)
1239 else if (memcmp(hdr
, export_tag_host_ver1
, sizeof(hdr
)) == 0)
1242 warnx("bad host header: %02x%02x%02x%02x",
1243 hdr
[0], hdr
[1], hdr
[2], hdr
[3]);
1247 ipaddr
.af
= AF_INET
;
1248 if (!readaddr(fd
, &ipaddr
)) return 0;
1249 verbosef("at file pos %u, importing host %s", pos
, ip_to_str(&ipaddr
));
1250 host
= host_get(&ipaddr
);
1251 assert(host
->u
.host
.ipaddr
.addr
.ip
.s_addr
== ipaddr
.addr
.ip
.s_addr
); /* make fn? */
1255 if (!read64(fd
, &t
)) return 0;
1256 host
->u
.host
.last_seen
= (time_t)t
;
1259 assert(sizeof(host
->u
.host
.mac_addr
) == 6);
1260 if (!readn(fd
, host
->u
.host
.mac_addr
, sizeof(host
->u
.host
.mac_addr
)))
1264 assert(host
->u
.host
.dns
== NULL
); /* make fn? */
1265 if (!read8(fd
, &hostname_len
)) return 0;
1266 if (hostname_len
> 0) {
1267 host
->u
.host
.dns
= xmalloc(hostname_len
+ 1);
1268 host
->u
.host
.dns
[0] = '\0';
1270 /* At this point, the hostname is attached to a host which is in our
1271 * hosts_db, so if we bail out due to an import error, this pointer
1272 * isn't lost and leaked, it can be cleaned up in hosts_db_{free,reset}
1275 if (!readn(fd
, host
->u
.host
.dns
, hostname_len
)) return 0;
1276 host
->u
.host
.dns
[hostname_len
] = '\0';
1279 if (!read64(fd
, &in
)) return 0;
1280 if (!read64(fd
, &out
)) return 0;
1284 host
->total
= in
+ out
;
1286 /* Host's port and proto subtables: */
1287 if (!hosts_db_import_ip(fd
, host
)) return 0;
1288 if (!hosts_db_import_tcp(fd
, host
)) return 0;
1289 if (!hosts_db_import_udp(fd
, host
)) return 0;
1293 /* ---------------------------------------------------------------------------
1294 * Database Import: Grab hosts_db from a file provided by the caller.
1296 * This function will retrieve the data sans the header. We expect the caller
1297 * to have validated the header of the hosts_db segment, and left the file
1298 * sitting at the start of the data.
1300 int hosts_db_import(const int fd
)
1302 uint32_t host_count
, i
;
1304 if (!read32(fd
, &host_count
)) return 0;
1306 for (i
=0; i
<host_count
; i
++)
1307 if (!hosts_db_import_host(fd
)) return 0;
1312 /* ---------------------------------------------------------------------------
1313 * Database Export: Dump hosts_db into a file provided by the caller.
1314 * The caller is responsible for writing out export_tag_hosts_ver1 first.
1316 int hosts_db_export(const int fd
)
1321 if (!write32(fd
, hosts_db
->count
)) return 0;
1323 for (i
= 0; i
<hosts_db
->size
; i
++)
1324 for (b
= hosts_db
->table
[i
]; b
!= NULL
; b
= b
->next
) {
1325 /* For each host: */
1326 if (!writen(fd
, export_tag_host_ver2
, sizeof(export_tag_host_ver2
)))
1329 if (!writeaddr(fd
, &b
->u
.host
.ipaddr
)) return 0;
1331 if (!write64(fd
, (uint64_t)(b
->u
.host
.last_seen
))) return 0;
1333 assert(sizeof(b
->u
.host
.mac_addr
) == 6);
1334 if (!writen(fd
, b
->u
.host
.mac_addr
, sizeof(b
->u
.host
.mac_addr
)))
1338 if (b
->u
.host
.dns
== NULL
) {
1339 if (!write8(fd
, 0)) return 0;
1341 int dnslen
= strlen(b
->u
.host
.dns
);
1344 warnx("found a very long hostname: \"%s\"\n"
1345 "wasn't expecting one longer than 255 chars (this one is %d)",
1346 b
->u
.host
.dns
, dnslen
);
1350 if (!write8(fd
, (uint8_t)dnslen
)) return 0;
1351 if (!writen(fd
, b
->u
.host
.dns
, dnslen
)) return 0;
1354 if (!write64(fd
, b
->in
)) return 0;
1355 if (!write64(fd
, b
->out
)) return 0;
1357 if (!hosts_db_export_ip(b
->u
.host
.ip_protos
, fd
)) return 0;
1358 if (!hosts_db_export_tcp(b
->u
.host
.ports_tcp
, fd
)) return 0;
1359 if (!hosts_db_export_udp(b
->u
.host
.ports_udp
, fd
)) return 0;
1364 /* ---------------------------------------------------------------------------
1365 * Dump the ip_proto table of a host.
1368 hosts_db_export_ip(const struct hashtable
*h
, const int fd
)
1370 uint32_t i
, written
= 0;
1374 if (!write8(fd
, export_proto_ip
)) return 0;
1376 /* If no data, write a IP Proto count of 0 and we're done. */
1378 if (!write8(fd
, 0)) return 0;
1382 assert(h
->count
< 256);
1383 if (!write8(fd
, (uint8_t)h
->count
)) return 0;
1385 for (i
= 0; i
<h
->size
; i
++)
1386 for (b
= h
->table
[i
]; b
!= NULL
; b
= b
->next
) {
1387 /* For each ip_proto bucket: */
1389 if (!write8(fd
, b
->u
.ip_proto
.proto
)) return 0;
1390 if (!write64(fd
, b
->in
)) return 0;
1391 if (!write64(fd
, b
->out
)) return 0;
1394 assert(written
== h
->count
);
1398 /* ---------------------------------------------------------------------------
1399 * Dump the port_tcp table of a host.
1402 hosts_db_export_tcp(const struct hashtable
*h
, const int fd
)
1405 uint32_t i
, written
= 0;
1408 if (!write8(fd
, export_proto_tcp
)) return 0;
1410 /* If no data, write a count of 0 and we're done. */
1412 if (!write16(fd
, 0)) return 0;
1416 assert(h
->count
< 65536);
1417 if (!write16(fd
, (uint16_t)h
->count
)) return 0;
1419 for (i
= 0; i
<h
->size
; i
++)
1420 for (b
= h
->table
[i
]; b
!= NULL
; b
= b
->next
) {
1421 if (!write16(fd
, b
->u
.port_tcp
.port
)) return 0;
1422 if (!write64(fd
, b
->u
.port_tcp
.syn
)) return 0;
1423 if (!write64(fd
, b
->in
)) return 0;
1424 if (!write64(fd
, b
->out
)) return 0;
1427 assert(written
== h
->count
);
1431 /* ---------------------------------------------------------------------------
1432 * Dump the port_udp table of a host.
1435 hosts_db_export_udp(const struct hashtable
*h
, const int fd
)
1438 uint32_t i
, written
= 0;
1441 if (!write8(fd
, export_proto_udp
)) return 0;
1443 /* If no data, write a count of 0 and we're done. */
1445 if (!write16(fd
, 0)) return 0;
1449 assert(h
->count
< 65536);
1450 if (!write16(fd
, (uint16_t)h
->count
)) return 0;
1452 for (i
= 0; i
<h
->size
; i
++)
1453 for (b
= h
->table
[i
]; b
!= NULL
; b
= b
->next
) {
1454 if (!write16(fd
, b
->u
.port_udp
.port
)) return 0;
1455 if (!write64(fd
, b
->in
)) return 0;
1456 if (!write64(fd
, b
->out
)) return 0;
1459 assert(written
== h
->count
);
1463 /* vim:set ts=3 sw=3 tw=78 expandtab: */