projects / darkstat / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Warn if the event loop or pcap_dispatch are too slow.
[darkstat] / darkstat.c
1 /* darkstat 3
2 * copyright (c) 2001-2011 Emil Mikulic.
3 *
4 * darkstat.c: signals, cmdline parsing, program body.
5 *
6 * You may use, modify and redistribute this file under the terms of the
7 * GNU General Public License version 2. (see COPYING.GPL)
8 */
9
10 #include "acct.h"
11 #include "cap.h"
12 #include "cdefs.h"
13 #include "config.h"
14 #include "conv.h"
15 #include "daylog.h"
16 #include "db.h"
17 #include "dns.h"
18 #include "err.h"
19 #include "http.h"
20 #include "hosts_db.h"
21 #include "localip.h"
22 #include "ncache.h"
23 #include "now.h"
24 #include "pidfile.h"
25
26 #include <assert.h>
27 #include <errno.h>
28 #include <inttypes.h>
29 #include <signal.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <syslog.h>
34 #include <unistd.h>
35 #include <pcap.h>
36
37 #ifndef INADDR_NONE
38 # define INADDR_NONE (-1) /* Solaris */
39 #endif
40
41 /* --- Signal handling --- */
42 static volatile int running = 1;
43 static void sig_shutdown(int signum _unused_) { running = 0; }
44
45 static volatile int reset_pending = 0, export_pending = 0;
46 static void sig_reset(int signum _unused_)
47 {
48 reset_pending = 1;
49 export_pending = 1;
50 }
51
52 static void sig_export(int signum _unused_) { export_pending = 1; }
53
54 /* --- Commandline parsing --- */
55 static unsigned long
56 parsenum(const char *str, unsigned long max /* 0 for no max */)
57 {
58 unsigned long n;
59 char *end;
60
61 errno = 0;
62 n = strtoul(str, &end, 10);
63 if (*end != '\0')
64 errx(1, "\"%s\" is not a valid number", str);
65 if (errno == ERANGE)
66 errx(1, "\"%s\" is out of range", str);
67 if ((max != 0) && (n > max))
68 errx(1, "\"%s\" is out of range (max %lu)", str, max);
69 return n;
70 }
71
72 const char *opt_interface = NULL;
73 static void cb_interface(const char *arg) { opt_interface = arg; }
74
75 const char *opt_capfile = NULL;
76 static void cb_capfile(const char *arg) { opt_capfile = arg; }
77
78 int opt_want_snaplen = -1;
79 static void cb_snaplen(const char *arg)
80 { opt_want_snaplen = (int)parsenum(arg, 0); }
81
82 int opt_want_pppoe = 0;
83 static void cb_pppoe(const char *arg _unused_) { opt_want_pppoe = 1; }
84
85 int opt_want_syslog = 0;
86 static void cb_syslog(const char *arg _unused_) { opt_want_syslog = 1; }
87
88 int opt_want_verbose = 0;
89 static void cb_verbose(const char *arg _unused_) { opt_want_verbose = 1; }
90
91 int opt_want_daemonize = 1;
92 static void cb_no_daemon(const char *arg _unused_) { opt_want_daemonize = 0; }
93
94 int opt_want_promisc = 1;
95 static void cb_no_promisc(const char *arg _unused_) { opt_want_promisc = 0; }
96
97 int opt_want_dns = 1;
98 static void cb_no_dns(const char *arg _unused_) { opt_want_dns = 0; }
99
100 int opt_want_macs = 1;
101 static void cb_no_macs(const char *arg _unused_) { opt_want_macs = 0; }
102
103 int opt_want_lastseen = 1;
104 static void cb_no_lastseen(const char *arg _unused_) { opt_want_lastseen = 0; }
105
106 unsigned short opt_bindport = 667;
107 static void cb_port(const char *arg)
108 { opt_bindport = (unsigned short)parsenum(arg, 65536); }
109
110 static void cb_bindaddr(const char *arg) { http_add_bindaddr(arg); }
111
112 const char *opt_filter = NULL;
113 static void cb_filter(const char *arg) { opt_filter = arg; }
114
115 static int is_localnet_specified = 0;
116 static void cb_local(const char *arg)
117 {
118 acct_init_localnet(arg);
119 is_localnet_specified = 1;
120 }
121
122 int opt_want_local_only = 0;
123 static void cb_local_only(const char *arg _unused_)
124 { opt_want_local_only = 1; }
125
126 const char *opt_chroot_dir = NULL;
127 static void cb_chroot(const char *arg) { opt_chroot_dir = arg; }
128
129 const char *opt_privdrop_user = NULL;
130 static void cb_user(const char *arg) { opt_privdrop_user = arg; }
131
132 const char *daylog_fn = NULL;
133 static void cb_daylog(const char *arg)
134 {
135 if (opt_chroot_dir == NULL)
136 errx(1, "the daylog file is relative to the chroot.\n"
137 "You must specify a --chroot dir before you can use --daylog.");
138 else
139 daylog_fn = arg;
140 }
141
142 const char *import_fn = NULL;
143 static void cb_import(const char *arg)
144 {
145 if (opt_chroot_dir == NULL)
146 errx(1, "the import file is relative to the chroot.\n"
147 "You must specify a --chroot dir before you can use --import.");
148 else
149 import_fn = arg;
150 }
151
152 const char *export_fn = NULL;
153 static void cb_export(const char *arg)
154 {
155 if ((opt_chroot_dir == NULL) && (opt_capfile == NULL))
156 errx(1, "the export file is relative to the chroot.\n"
157 "You must specify a --chroot dir before you can use --export.");
158 else
159 export_fn = arg;
160 }
161
162 static const char *pid_fn = NULL;
163 static void cb_pidfile(const char *arg)
164 {
165 if (opt_chroot_dir == NULL)
166 errx(1, "the pidfile is relative to the chroot.\n"
167 "You must specify a --chroot dir before you can use --pidfile.");
168 else
169 pid_fn = arg;
170 }
171
172 unsigned int opt_hosts_max = 1000;
173 static void cb_hosts_max(const char *arg)
174 { opt_hosts_max = parsenum(arg, 0); }
175
176 unsigned int opt_hosts_keep = 500;
177 static void cb_hosts_keep(const char *arg)
178 { opt_hosts_keep = parsenum(arg, 0); }
179
180 unsigned int opt_ports_max = 200;
181 static void cb_ports_max(const char *arg)
182 { opt_ports_max = parsenum(arg, 65536); }
183
184 unsigned int opt_ports_keep = 30;
185 static void cb_ports_keep(const char *arg)
186 { opt_ports_keep = parsenum(arg, 65536); }
187
188 unsigned int opt_highest_port = 65535;
189 static void cb_highest_port(const char *arg)
190 { opt_highest_port = parsenum(arg, 65535); }
191
192 int opt_wait_secs = -1;
193 static void cb_wait_secs(const char *arg)
194 { opt_wait_secs = (int)parsenum(arg, 0); }
195
196 int opt_want_hexdump = 0;
197 static void cb_hexdump(const char *arg _unused_)
198 { opt_want_hexdump = 1; }
199
200 int opt_want_help = 0;
201 static void cb_help(const char *arg _unused_)
202 { opt_want_help = 1; }
203 static void cb_version(const char *arg _unused_)
204 { opt_want_help = -1; }
205
206 /* --- */
207
208 struct cmdline_arg {
209 const char *name, *arg_name; /* NULL arg_name means unary */
210 void (*callback)(const char *arg);
211 int num_seen;
212 };
213
214 static struct cmdline_arg cmdline_args[] = {
215 {"-i", "interface", cb_interface, 0},
216 {"-r", "file", cb_capfile, 0},
217 {"-p", "port", cb_port, 0},
218 {"-b", "bindaddr", cb_bindaddr, -1},
219 {"-f", "filter", cb_filter, 0},
220 {"-l", "network/netmask", cb_local, 0},
221 {"--local-only", NULL, cb_local_only, 0},
222 {"--snaplen", "bytes", cb_snaplen, 0},
223 {"--pppoe", NULL, cb_pppoe, 0},
224 {"--syslog", NULL, cb_syslog, 0},
225 {"--verbose", NULL, cb_verbose, 0},
226 {"--no-daemon", NULL, cb_no_daemon, 0},
227 {"--no-promisc", NULL, cb_no_promisc, 0},
228 {"--no-dns", NULL, cb_no_dns, 0},
229 {"--no-macs", NULL, cb_no_macs, 0},
230 {"--no-lastseen", NULL, cb_no_lastseen, 0},
231 {"--chroot", "dir", cb_chroot, 0},
232 {"--user", "username", cb_user, 0},
233 {"--daylog", "filename", cb_daylog, 0},
234 {"--import", "filename", cb_import, 0},
235 {"--export", "filename", cb_export, 0},
236 {"--pidfile", "filename", cb_pidfile, 0},
237 {"--hosts-max", "count", cb_hosts_max, 0},
238 {"--hosts-keep", "count", cb_hosts_keep, 0},
239 {"--ports-max", "count", cb_ports_max, 0},
240 {"--ports-keep", "count", cb_ports_keep, 0},
241 {"--highest-port", "port", cb_highest_port, 0},
242 {"--wait", "secs", cb_wait_secs, 0},
243 {"--hexdump", NULL, cb_hexdump, 0},
244 {"--version", NULL, cb_version, 0},
245 {"--help", NULL, cb_help, 0},
246 {NULL, NULL, NULL, 0}
247 };
248
249 /*
250 * We autogenerate the usage statement from the cmdline_args data structure.
251 */
252 static void
253 usage(void)
254 {
255 static char intro[] = "usage: darkstat ";
256 char indent[sizeof(intro)];
257 struct cmdline_arg *arg;
258
259 printf(PACKAGE_STRING " (using %s)\n", pcap_lib_version());
260 if (opt_want_help == -1) return;
261
262 memset(indent, ' ', sizeof(indent));
263 indent[0] = indent[sizeof(indent) - 1] = 0;
264
265 printf("\n%s", intro);
266 for (arg = cmdline_args; arg->name != NULL; arg++) {
267 printf("%s[ %s%s%s ]\n",
268 indent,
269 arg->name,
270 arg->arg_name != NULL ? " " : "",
271 arg->arg_name != NULL ? arg->arg_name : "");
272 indent[0] = ' ';
273 }
274 printf("\n"
275 "Please refer to the darkstat(8) manual page for further\n"
276 "documentation and usage examples.\n");
277 }
278
279 static void
280 parse_sub_cmdline(const int argc, char * const *argv)
281 {
282 struct cmdline_arg *arg;
283
284 if (argc == 0) return;
285 for (arg = cmdline_args; arg->name != NULL; arg++)
286 if (strcmp(argv[0], arg->name) == 0) {
287 if ((arg->arg_name != NULL) && (argc == 1)) {
288 fprintf(stderr,
289 "error: argument \"%s\" requires parameter \"%s\"\n",
290 arg->name, arg->arg_name);
291 usage();
292 exit(EXIT_FAILURE);
293 }
294 if (arg->num_seen > 0) {
295 fprintf(stderr,
296 "error: already specified argument \"%s\"\n",
297 arg->name);
298 usage();
299 exit(EXIT_FAILURE);
300 }
301
302 if (arg->num_seen != -1) /* accept more than one */
303 arg->num_seen++;
304
305 if (arg->arg_name == NULL) {
306 arg->callback(NULL);
307 parse_sub_cmdline(argc-1, argv+1);
308 } else {
309 arg->callback(argv[1]);
310 parse_sub_cmdline(argc-2, argv+2);
311 }
312 return;
313 }
314
315 fprintf(stderr, "error: illegal argument: \"%s\"\n", argv[0]);
316 usage();
317 exit(EXIT_FAILURE);
318 }
319
320 static void
321 parse_cmdline(const int argc, char * const *argv)
322 {
323 if (argc < 1) {
324 /* Not enough args. */
325 usage();
326 exit(EXIT_FAILURE);
327 }
328
329 parse_sub_cmdline(argc, argv);
330
331 if (opt_want_help) {
332 usage();
333 exit(EXIT_SUCCESS);
334 }
335
336 /* start syslogging as early as possible */
337 if (opt_want_syslog) openlog("darkstat", LOG_NDELAY | LOG_PID, LOG_DAEMON);
338
339 /* some default values */
340 if (opt_chroot_dir == NULL) opt_chroot_dir = CHROOT_DIR;
341 if (opt_privdrop_user == NULL) opt_privdrop_user = PRIVDROP_USER;
342
343 /* sanity check args */
344 if ((opt_interface == NULL) && (opt_capfile == NULL))
345 errx(1, "must specify either interface (-i) or capture file (-r)");
346
347 if ((opt_interface != NULL) && (opt_capfile != NULL))
348 errx(1, "can't specify both interface (-i) and capture file (-r)");
349
350 if ((opt_hosts_max != 0) && (opt_hosts_keep >= opt_hosts_max)) {
351 opt_hosts_keep = opt_hosts_max / 2;
352 warnx("reducing --hosts-keep to %u, to be under --hosts-max (%u)",
353 opt_hosts_keep, opt_hosts_max);
354 }
355 verbosef("max %u hosts, cutting down to %u when exceeded",
356 opt_hosts_max, opt_hosts_keep);
357
358 if ((opt_ports_max != 0) && (opt_ports_keep >= opt_ports_max)) {
359 opt_ports_keep = opt_ports_max / 2;
360 warnx("reducing --ports-keep to %u, to be under --ports-max (%u)",
361 opt_ports_keep, opt_ports_max);
362 }
363 verbosef("max %u ports per host, cutting down to %u when exceeded",
364 opt_ports_max, opt_ports_keep);
365
366 if (opt_want_hexdump && !opt_want_verbose) {
367 opt_want_verbose = 1;
368 verbosef("--hexdump implies --verbose");
369 }
370
371 if (opt_want_hexdump && opt_want_daemonize) {
372 opt_want_daemonize = 0;
373 verbosef("--hexdump implies --no-daemon");
374 }
375
376 if (opt_want_local_only && !is_localnet_specified)
377 verbosef("WARNING: --local-only without -l only matches the local host");
378 }
379
380 static void
381 run_from_capfile(void)
382 {
383 graph_init();
384 hosts_db_init();
385 cap_from_file(opt_capfile, opt_filter);
386 cap_stop();
387 if (export_fn != NULL) db_export(export_fn);
388 hosts_db_free();
389 graph_free();
390 #ifndef PRIu64
391 #warning "PRIu64 is not defined, using qu instead"
392 #define PRIu64 "qu"
393 #endif
394 verbosef("Total packets: %"PRIu64", bytes: %"PRIu64,
395 acct_total_packets, acct_total_bytes);
396 }
397
398 /* --- Program body --- */
399 int
400 main(int argc, char **argv)
401 {
402 test_64order();
403 parse_cmdline(argc-1, argv+1);
404
405 if (opt_capfile) {
406 /*
407 * This is very different from a regular run against a network
408 * interface.
409 */
410 run_from_capfile();
411 return 0;
412 }
413
414 /* must verbosef() before first fork to init lock */
415 verbosef("starting up");
416 if (pid_fn) pidfile_create(opt_chroot_dir, pid_fn, opt_privdrop_user);
417
418 if (opt_want_daemonize) {
419 verbosef("daemonizing to run in the background!");
420 daemonize_start();
421 verbosef("I am the main process");
422 }
423 if (pid_fn) pidfile_write_close();
424
425 /* do this first as it forks - minimize memory use */
426 if (opt_want_dns) dns_init(opt_privdrop_user);
427 cap_init(opt_interface, opt_filter, opt_want_promisc); /* needs root */
428 http_listen(opt_bindport);
429 ncache_init(); /* must do before chroot() */
430
431 privdrop(opt_chroot_dir, opt_privdrop_user);
432
433 /* Don't need root privs for these: */
434 now_init();
435 if (daylog_fn != NULL) daylog_init(daylog_fn);
436 graph_init();
437 hosts_db_init();
438 if (import_fn != NULL) db_import(import_fn);
439
440 local_ips = localip_make();
441 localip_update(opt_interface, local_ips);
442
443 if (signal(SIGTERM, sig_shutdown) == SIG_ERR)
444 errx(1, "signal(SIGTERM) failed");
445 if (signal(SIGINT, sig_shutdown) == SIG_ERR)
446 errx(1, "signal(SIGINT) failed");
447 if (signal(SIGUSR1, sig_reset) == SIG_ERR)
448 errx(1, "signal(SIGUSR1) failed");
449 if (signal(SIGUSR2, sig_export) == SIG_ERR)
450 errx(1, "signal(SIGUSR2) failed");
451
452 verbosef("entering main loop");
453 daemonize_finish();
454
455 while (running) {
456 int select_ret, max_fd = -1, use_timeout = 0;
457 struct timeval timeout;
458 struct timespec t;
459 fd_set rs, ws;
460
461 timer_start(&t);
462 FD_ZERO(&rs);
463 FD_ZERO(&ws);
464 cap_fd_set(&rs, &max_fd, &timeout, &use_timeout);
465 http_fd_set(&rs, &ws, &max_fd, &timeout, &use_timeout);
466
467 select_ret = select(max_fd+1, &rs, &ws, NULL,
468 (use_timeout) ? &timeout : NULL);
469 if (select_ret == 0 && !use_timeout)
470 errx(1, "select() erroneously timed out");
471 if (select_ret == -1) {
472 if (errno == EINTR)
473 continue;
474 else
475 err(1, "select()");
476 }
477
478 now_update();
479
480 if (export_pending) {
481 if (export_fn != NULL)
482 db_export(export_fn);
483 export_pending = 0;
484 }
485
486 if (reset_pending) {
487 if (export_pending)
488 continue; /* export before reset */
489 hosts_db_reset();
490 graph_reset();
491 reset_pending = 0;
492 }
493
494 graph_rotate();
495 cap_poll(&rs);
496 dns_poll();
497 http_poll(&rs, &ws);
498 timer_stop(&t, 1000000000, "event loop took longer than a second");
499 }
500
501 verbosef("shutting down");
502 verbosef("pcap stats: %u packets received, %u packets dropped",
503 cap_pkts_recv, cap_pkts_drop);
504 http_stop();
505 cap_stop();
506 dns_stop();
507 if (export_fn != NULL) db_export(export_fn);
508 hosts_db_free();
509 graph_free();
510 if (daylog_fn != NULL) daylog_free();
511 ncache_free();
512 if (pid_fn) pidfile_unlink();
513 localip_free(local_ips);
514 verbosef("shut down");
515 return (EXIT_SUCCESS);
516 }
517
518 /* vim:set ts=3 sw=3 tw=78 expandtab: */
Network traffic analyzer