6b393c7744118ffcab7970835ca5b758db968cfc
[darkstat] / darkstat.c
1 /* darkstat 3
2 * copyright (c) 2001-2010 Emil Mikulic.
3 *
4 * darkstat.c: signals, cmdline parsing, program body.
5 *
6 * You may use, modify and redistribute this file under the terms of the
7 * GNU General Public License version 2. (see COPYING.GPL)
8 */
9
10 #include "darkstat.h"
11 #include "acct.h"
12 #include "cap.h"
13 #include "conv.h"
14 #include "daylog.h"
15 #include "db.h"
16 #include "dns.h"
17 #include "http.h"
18 #include "hosts_db.h"
19 #include "localip.h"
20 #include "ncache.h"
21 #include "pidfile.h"
22
23 #include "err.h"
24 #include <arpa/inet.h>
25 #include <assert.h>
26 #include <errno.h>
27 #include <signal.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <syslog.h>
32 #include <unistd.h>
33 #include <pcap.h>
34
35 #include "now.h"
36 time_t now;
37
38 #ifndef INADDR_NONE
39 # define INADDR_NONE (-1) /* Solaris */
40 #endif
41
42 /* --- Signal handling --- */
43 static volatile int running = 1;
44 static void sig_shutdown(int signum _unused_) { running = 0; }
45
46 static volatile int reset_pending = 0;
47 static void sig_reset(int signum _unused_) { reset_pending = 1; }
48
49 /* --- Commandline parsing --- */
50 static unsigned long
51 parsenum(const char *str, unsigned long max /* 0 for no max */)
52 {
53 unsigned long n;
54 char *end;
55
56 errno = 0;
57 n = strtoul(str, &end, 10);
58 if (*end != '\0')
59 errx(1, "\"%s\" is not a valid number", str);
60 if (errno == ERANGE)
61 errx(1, "\"%s\" is out of range", str);
62 if ((max != 0) && (n > max))
63 errx(1, "\"%s\" is out of range (max %lu)", str, max);
64 return n;
65 }
66
67 const char *interface = NULL;
68 static void cb_interface(const char *arg) { interface = arg; }
69
70 const char *capfile = NULL;
71 static void cb_capfile(const char *arg) { capfile = arg; }
72
73 int want_snaplen = -1;
74 static void cb_snaplen(const char *arg) { want_snaplen = parsenum(arg, 0); }
75
76 int want_pppoe = 0;
77 static void cb_pppoe(const char *arg _unused_) { want_pppoe = 1; }
78
79 static void cb_syslog(const char *arg _unused_) { want_syslog = 1; }
80
81 static void cb_verbose(const char *arg _unused_) { want_verbose = 1; }
82
83 int want_daemonize = 1;
84 static void cb_no_daemon(const char *arg _unused_) { want_daemonize = 0; }
85
86 int want_promisc = 1;
87 static void cb_no_promisc(const char *arg _unused_) { want_promisc = 0; }
88
89 int want_dns = 1;
90 static void cb_no_dns(const char *arg _unused_) { want_dns = 0; }
91
92 int want_macs = 1;
93 static void cb_no_macs(const char *arg _unused_) { want_macs = 0; }
94
95 int want_lastseen = 1;
96 static void cb_no_lastseen(const char *arg _unused_) { want_lastseen = 0; }
97
98 unsigned short bindport = 667;
99 static void cb_port(const char *arg) { bindport = parsenum(arg, 65536); }
100
101 in_addr_t bindaddr = INADDR_ANY;
102 static void cb_bindaddr(const char *arg)
103 {
104 bindaddr = inet_addr(arg);
105 if (bindaddr == (in_addr_t)INADDR_NONE)
106 errx(1, "malformed address \"%s\"", arg);
107 }
108
109 const char *filter = NULL;
110 static void cb_filter(const char *arg) { filter = arg; }
111
112 static void cb_local(const char *arg) { acct_init_localnet(arg); }
113
114 const char *chroot_dir = NULL;
115 static void cb_chroot(const char *arg) { chroot_dir = arg; }
116
117 const char *privdrop_user = NULL;
118 static void cb_user(const char *arg) { privdrop_user = arg; }
119
120 const char *daylog_fn = NULL;
121 static void cb_daylog(const char *arg)
122 {
123 if (chroot_dir == NULL)
124 errx(1, "the daylog file is relative to the chroot.\n"
125 "You must specify a --chroot dir before you can use --daylog.");
126 else
127 daylog_fn = arg;
128 }
129
130 const char *import_fn = NULL;
131 static void cb_import(const char *arg)
132 {
133 if (chroot_dir == NULL)
134 errx(1, "the import file is relative to the chroot.\n"
135 "You must specify a --chroot dir before you can use --import.");
136 else
137 import_fn = arg;
138 }
139
140 const char *export_fn = NULL;
141 static void cb_export(const char *arg)
142 {
143 if ((chroot_dir == NULL) && (capfile == NULL))
144 errx(1, "the export file is relative to the chroot.\n"
145 "You must specify a --chroot dir before you can use --export.");
146 else
147 export_fn = arg;
148 }
149
150 static const char *pid_fn = NULL;
151 static void cb_pidfile(const char *arg)
152 {
153 if (chroot_dir == NULL)
154 errx(1, "the pidfile is relative to the chroot.\n"
155 "You must specify a --chroot dir before you can use --pidfile.");
156 else
157 pid_fn = arg;
158 }
159
160 unsigned int hosts_max = 1000;
161 static void cb_hosts_max(const char *arg)
162 { hosts_max = parsenum(arg, 0); }
163
164 unsigned int hosts_keep = 500;
165 static void cb_hosts_keep(const char *arg)
166 { hosts_keep = parsenum(arg, 0); }
167
168 unsigned int ports_max = 200;
169 static void cb_ports_max(const char *arg)
170 { ports_max = parsenum(arg, 65536); }
171
172 unsigned int ports_keep = 30;
173 static void cb_ports_keep(const char *arg)
174 { ports_keep = parsenum(arg, 65536); }
175
176 unsigned int highest_port = 65535;
177 static void cb_highest_port(const char *arg)
178 { highest_port = parsenum(arg, 65535); }
179
180 int wait_secs = -1;
181 static void cb_wait_secs(const char *arg)
182 { wait_secs = parsenum(arg, 0); }
183
184 int want_hexdump = 0;
185 static void cb_hexdump(const char *arg _unused_) { want_hexdump = 1; }
186
187 /* --- */
188
189 struct cmdline_arg {
190 const char *name, *arg_name; /* NULL arg_name means unary */
191 void (*callback)(const char *arg);
192 int num_seen;
193 };
194
195 static struct cmdline_arg cmdline_args[] = {
196 {"-i", "interface", cb_interface, 0},
197 {"-r", "file", cb_capfile, 0},
198 {"--snaplen", "bytes", cb_snaplen, 0},
199 {"--pppoe", NULL, cb_pppoe, 0},
200 {"--syslog", NULL, cb_syslog, 0},
201 {"--verbose", NULL, cb_verbose, 0},
202 {"--no-daemon", NULL, cb_no_daemon, 0},
203 {"--no-promisc", NULL, cb_no_promisc, 0},
204 {"--no-dns", NULL, cb_no_dns, 0},
205 {"--no-macs", NULL, cb_no_macs, 0},
206 {"--no-lastseen", NULL, cb_no_lastseen, 0},
207 {"-p", "port", cb_port, 0},
208 {"-b", "bindaddr", cb_bindaddr, 0},
209 {"-f", "filter", cb_filter, 0},
210 {"-l", "network/netmask", cb_local, 0},
211 {"--chroot", "dir", cb_chroot, 0},
212 {"--user", "username", cb_user, 0},
213 {"--daylog", "filename", cb_daylog, 0},
214 {"--import", "filename", cb_import, 0},
215 {"--export", "filename", cb_export, 0},
216 {"--pidfile", "filename", cb_pidfile, 0},
217 {"--hosts-max", "count", cb_hosts_max, 0},
218 {"--hosts-keep", "count", cb_hosts_keep, 0},
219 {"--ports-max", "count", cb_ports_max, 0},
220 {"--ports-keep", "count", cb_ports_keep, 0},
221 {"--highest-port", "port", cb_highest_port, 0},
222 {"--wait", "secs", cb_wait_secs, 0},
223 {"--hexdump", NULL, cb_hexdump, 0},
224 {NULL, NULL, NULL, 0}
225 };
226
227 static void
228 pad(const int width)
229 {
230 int i;
231 for (i=0; i<width; i++) printf(" ");
232 }
233
234 /*
235 * We autogenerate the usage statement from the cmdline_args data structure.
236 */
237 static void
238 usage(void)
239 {
240 int width, first;
241 struct cmdline_arg *arg;
242
243 printf(PACKAGE_STRING " (built with libpcap %d.%d)\n\n",
244 PCAP_VERSION_MAJOR, PCAP_VERSION_MINOR);
245
246 width = printf("usage: darkstat ");
247 first = 1;
248
249 for (arg = cmdline_args; arg->name != NULL; arg++) {
250 if (first) first = 0; else pad(width);
251 printf("[ %s", arg->name);
252 if (arg->arg_name != NULL) printf(" %s", arg->arg_name);
253 printf(" ]\n");
254 }
255 printf("\n"
256 "Please refer to the darkstat(8) manual page for further\n"
257 "documentation and usage examples.\n");
258 }
259
260 static void
261 parse_sub_cmdline(const int argc, char * const *argv)
262 {
263 struct cmdline_arg *arg;
264
265 if (argc == 0) return;
266 for (arg = cmdline_args; arg->name != NULL; arg++)
267 if (strcmp(argv[0], arg->name) == 0) {
268 if ((arg->arg_name != NULL) && (argc == 1)) {
269 fprintf(stderr,
270 "error: argument \"%s\" requires parameter \"%s\"\n",
271 arg->name, arg->arg_name);
272 usage();
273 exit(EXIT_FAILURE);
274 }
275 if (arg->num_seen > 0) {
276 fprintf(stderr,
277 "error: already specified argument \"%s\"\n",
278 arg->name);
279 usage();
280 exit(EXIT_FAILURE);
281 }
282
283 arg->num_seen++;
284 if (arg->arg_name == NULL) {
285 arg->callback(NULL);
286 parse_sub_cmdline(argc-1, argv+1);
287 } else {
288 arg->callback(argv[1]);
289 parse_sub_cmdline(argc-2, argv+2);
290 }
291 return;
292 }
293
294 fprintf(stderr, "error: illegal argument: \"%s\"\n", argv[0]);
295 usage();
296 exit(EXIT_FAILURE);
297 }
298
299 static void
300 parse_cmdline(const int argc, char * const *argv)
301 {
302 if (argc < 1) {
303 /* Not enough args. */
304 usage();
305 exit(EXIT_FAILURE);
306 }
307
308 parse_sub_cmdline(argc, argv);
309
310 /* start syslogging as early as possible */
311 if (want_syslog) openlog("darkstat", LOG_NDELAY | LOG_PID, LOG_DAEMON);
312
313 /* some default values */
314 if (chroot_dir == NULL) chroot_dir = CHROOT_DIR;
315 if (privdrop_user == NULL) privdrop_user = PRIVDROP_USER;
316
317 /* sanity check args */
318 if ((interface == NULL) && (capfile == NULL))
319 errx(1, "must specify either interface (-i) or capture file (-r)");
320
321 if ((interface != NULL) && (capfile != NULL))
322 errx(1, "can't specify both interface (-i) and capture file (-r)");
323
324 if ((hosts_max != 0) && (hosts_keep >= hosts_max)) {
325 hosts_keep = hosts_max / 2;
326 warnx("reducing --hosts-keep to %u, to be under --hosts-max (%u)",
327 hosts_keep, hosts_max);
328 }
329 verbosef("max %u hosts, cutting down to %u when exceeded",
330 hosts_max, hosts_keep);
331
332 if ((ports_max != 0) && (ports_keep >= ports_max)) {
333 ports_keep = ports_max / 2;
334 warnx("reducing --ports-keep to %u, to be under --ports-max (%u)",
335 ports_keep, ports_max);
336 }
337 verbosef("max %u ports per host, cutting down to %u when exceeded",
338 ports_max, ports_keep);
339
340 if (want_hexdump && !want_verbose) {
341 want_verbose = 1;
342 verbosef("--hexdump implies --verbose");
343 }
344
345 if (want_hexdump && want_daemonize) {
346 want_daemonize = 0;
347 verbosef("--hexdump implies --no-daemon");
348 }
349 }
350
351 static void
352 run_from_capfile(void)
353 {
354 graph_init();
355 hosts_db_init();
356 cap_from_file(capfile, filter);
357 cap_stop();
358 if (export_fn != NULL) db_export(export_fn);
359 hosts_db_free();
360 graph_free();
361 verbosef("Total packets: %qu, bytes: %qu", total_packets, total_bytes);
362 }
363
364 /* --- Program body --- */
365 int
366 main(int argc, char **argv)
367 {
368 test_64order();
369 parse_cmdline(argc-1, argv+1);
370
371 if (capfile) {
372 /*
373 * This is very different from a regular run against a network
374 * interface.
375 */
376 run_from_capfile();
377 return 0;
378 }
379
380 /* must verbosef() before first fork to init lock */
381 verbosef("starting up");
382 if (pid_fn) pidfile_create(chroot_dir, pid_fn, privdrop_user);
383
384 if (want_daemonize) {
385 verbosef("daemonizing to run in the background!");
386 daemonize_start();
387 verbosef("I am the main process");
388 }
389 if (pid_fn) pidfile_write_close();
390
391 /* do this first as it forks - minimize memory use */
392 if (want_dns) dns_init(privdrop_user);
393 cap_init(interface, filter, want_promisc); /* needs root */
394 http_init(bindaddr, bindport, /*maxconn=*/ -1); /* low ports need root */
395 ncache_init(); /* must do before chroot() */
396
397 privdrop(chroot_dir, privdrop_user);
398
399 /* Don't need root privs for these: */
400 now = time(NULL);
401 if (daylog_fn != NULL) daylog_init(daylog_fn);
402 graph_init();
403 hosts_db_init();
404 if (import_fn != NULL) db_import(import_fn);
405 localip_init(interface);
406
407 if (signal(SIGTERM, sig_shutdown) == SIG_ERR)
408 errx(1, "signal(SIGTERM) failed");
409 if (signal(SIGINT, sig_shutdown) == SIG_ERR)
410 errx(1, "signal(SIGINT) failed");
411 if (signal(SIGUSR1, sig_reset) == SIG_ERR)
412 errx(1, "signal(SIGUSR1) failed");
413
414 verbosef("entering main loop");
415 daemonize_finish();
416
417 while (running) {
418 int select_ret, max_fd = -1, use_timeout = 0;
419 struct timeval timeout;
420 fd_set rs, ws;
421
422 now = time(NULL);
423
424 if (reset_pending) {
425 if (export_fn != NULL) db_export(export_fn); /* FIXME: USR2? */
426 hosts_db_reset();
427 graph_reset();
428 reset_pending = 0;
429 }
430
431 FD_ZERO(&rs);
432 FD_ZERO(&ws);
433
434 cap_fd_set(&rs, &max_fd, &timeout, &use_timeout);
435 http_fd_set(&rs, &ws, &max_fd, &timeout, &use_timeout);
436
437 select_ret = select(max_fd+1, &rs, &ws, NULL,
438 (use_timeout) ? &timeout : NULL);
439
440 if ((select_ret == 0) && (!use_timeout))
441 errx(1, "select() erroneously timed out");
442
443 if (select_ret == -1) {
444 if (errno == EINTR)
445 continue;
446 else
447 err(1, "select()");
448 }
449 else {
450 graph_rotate();
451 cap_poll(&rs);
452 dns_poll();
453 http_poll(&rs, &ws);
454 }
455 }
456
457 verbosef("shutting down");
458 verbosef("pcap stats: %u packets received, %u packets dropped",
459 pkts_recv, pkts_drop);
460 cap_stop();
461 dns_stop();
462 if (export_fn != NULL) db_export(export_fn);
463 hosts_db_free();
464 graph_free();
465 if (daylog_fn != NULL) daylog_free();
466 ncache_free();
467 if (pid_fn) pidfile_unlink();
468 verbosef("shut down");
469 return (EXIT_SUCCESS);
470 }
471
472 /* vim:set ts=3 sw=3 tw=78 expandtab: */