da3b92d82fc050fa3fe11ac1a75774006b10bd6d
[darkstat] / darkstat.c
1 /* darkstat 3
2 * copyright (c) 2001-2010 Emil Mikulic.
3 *
4 * darkstat.c: signals, cmdline parsing, program body.
5 *
6 * You may use, modify and redistribute this file under the terms of the
7 * GNU General Public License version 2. (see COPYING.GPL)
8 */
9
10 #include "darkstat.h"
11 #include "acct.h"
12 #include "cap.h"
13 #include "conv.h"
14 #include "daylog.h"
15 #include "db.h"
16 #include "dns.h"
17 #include "http.h"
18 #include "hosts_db.h"
19 #include "localip.h"
20 #include "ncache.h"
21 #include "pidfile.h"
22
23 #include "err.h"
24 #include <arpa/inet.h>
25 #include <sys/socket.h>
26 #include <netdb.h>
27 #include <assert.h>
28 #include <errno.h>
29 #include <signal.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <syslog.h>
34 #include <unistd.h>
35 #include <pcap.h>
36
37 #include "now.h"
38 time_t now;
39
40 #ifndef INADDR_NONE
41 # define INADDR_NONE (-1) /* Solaris */
42 #endif
43
44 /* --- Signal handling --- */
45 static volatile int running = 1;
46 static void sig_shutdown(int signum _unused_) { running = 0; }
47
48 static volatile int reset_pending = 0;
49 static void sig_reset(int signum _unused_) { reset_pending = 1; }
50
51 /* --- Commandline parsing --- */
52 static unsigned long
53 parsenum(const char *str, unsigned long max /* 0 for no max */)
54 {
55 unsigned long n;
56 char *end;
57
58 errno = 0;
59 n = strtoul(str, &end, 10);
60 if (*end != '\0')
61 errx(1, "\"%s\" is not a valid number", str);
62 if (errno == ERANGE)
63 errx(1, "\"%s\" is out of range", str);
64 if ((max != 0) && (n > max))
65 errx(1, "\"%s\" is out of range (max %lu)", str, max);
66 return n;
67 }
68
69 const char *interface = NULL;
70 static void cb_interface(const char *arg) { interface = arg; }
71
72 const char *capfile = NULL;
73 static void cb_capfile(const char *arg) { capfile = arg; }
74
75 int want_snaplen = -1;
76 static void cb_snaplen(const char *arg) { want_snaplen = parsenum(arg, 0); }
77
78 int want_pppoe = 0;
79 static void cb_pppoe(const char *arg _unused_) { want_pppoe = 1; }
80
81 static void cb_syslog(const char *arg _unused_) { want_syslog = 1; }
82
83 static void cb_verbose(const char *arg _unused_) { want_verbose = 1; }
84
85 int want_daemonize = 1;
86 static void cb_no_daemon(const char *arg _unused_) { want_daemonize = 0; }
87
88 int want_promisc = 1;
89 static void cb_no_promisc(const char *arg _unused_) { want_promisc = 0; }
90
91 int want_dns = 1;
92 static void cb_no_dns(const char *arg _unused_) { want_dns = 0; }
93
94 int want_macs = 1;
95 static void cb_no_macs(const char *arg _unused_) { want_macs = 0; }
96
97 int want_lastseen = 1;
98 static void cb_no_lastseen(const char *arg _unused_) { want_lastseen = 0; }
99
100 unsigned short bindport = 667;
101 static void cb_port(const char *arg) { bindport = parsenum(arg, 65536); }
102
103 char * bindaddr = NULL;
104 static void cb_bindaddr(const char *arg)
105 {
106 struct addrinfo hints, *ai;
107
108 memset(&hints, '\0', sizeof(hints));
109 hints.ai_flags = AI_PASSIVE;
110 #ifdef AI_ADDRCONFIG
111 hints.ai_flags |= AI_ADDRCONFIG;
112 #endif
113 hints.ai_family = AF_UNSPEC;
114 hints.ai_socktype = SOCK_STREAM;
115
116 if (getaddrinfo(arg, NULL, &hints, &ai))
117 errx(1, "malformed address \"%s\"", arg);
118
119 freeaddrinfo(ai);
120 bindaddr = strdup(arg);
121 }
122
123 const char *filter = NULL;
124 static void cb_filter(const char *arg) { filter = arg; }
125
126 static void cb_local(const char *arg) { acct_init_localnet(arg); }
127
128 const char *chroot_dir = NULL;
129 static void cb_chroot(const char *arg) { chroot_dir = arg; }
130
131 const char *privdrop_user = NULL;
132 static void cb_user(const char *arg) { privdrop_user = arg; }
133
134 const char *daylog_fn = NULL;
135 static void cb_daylog(const char *arg)
136 {
137 if (chroot_dir == NULL)
138 errx(1, "the daylog file is relative to the chroot.\n"
139 "You must specify a --chroot dir before you can use --daylog.");
140 else
141 daylog_fn = arg;
142 }
143
144 const char *import_fn = NULL;
145 static void cb_import(const char *arg)
146 {
147 if (chroot_dir == NULL)
148 errx(1, "the import file is relative to the chroot.\n"
149 "You must specify a --chroot dir before you can use --import.");
150 else
151 import_fn = arg;
152 }
153
154 const char *export_fn = NULL;
155 static void cb_export(const char *arg)
156 {
157 if ((chroot_dir == NULL) && (capfile == NULL))
158 errx(1, "the export file is relative to the chroot.\n"
159 "You must specify a --chroot dir before you can use --export.");
160 else
161 export_fn = arg;
162 }
163
164 static const char *pid_fn = NULL;
165 static void cb_pidfile(const char *arg)
166 {
167 if (chroot_dir == NULL)
168 errx(1, "the pidfile is relative to the chroot.\n"
169 "You must specify a --chroot dir before you can use --pidfile.");
170 else
171 pid_fn = arg;
172 }
173
174 unsigned int hosts_max = 1000;
175 static void cb_hosts_max(const char *arg)
176 { hosts_max = parsenum(arg, 0); }
177
178 unsigned int hosts_keep = 500;
179 static void cb_hosts_keep(const char *arg)
180 { hosts_keep = parsenum(arg, 0); }
181
182 unsigned int ports_max = 200;
183 static void cb_ports_max(const char *arg)
184 { ports_max = parsenum(arg, 65536); }
185
186 unsigned int ports_keep = 30;
187 static void cb_ports_keep(const char *arg)
188 { ports_keep = parsenum(arg, 65536); }
189
190 unsigned int highest_port = 65535;
191 static void cb_highest_port(const char *arg)
192 { highest_port = parsenum(arg, 65535); }
193
194 int wait_secs = -1;
195 static void cb_wait_secs(const char *arg)
196 { wait_secs = parsenum(arg, 0); }
197
198 int want_hexdump = 0;
199 static void cb_hexdump(const char *arg _unused_) { want_hexdump = 1; }
200
201 /* --- */
202
203 struct cmdline_arg {
204 const char *name, *arg_name; /* NULL arg_name means unary */
205 void (*callback)(const char *arg);
206 int num_seen;
207 };
208
209 static struct cmdline_arg cmdline_args[] = {
210 {"-i", "interface", cb_interface, 0},
211 {"-r", "file", cb_capfile, 0},
212 {"--snaplen", "bytes", cb_snaplen, 0},
213 {"--pppoe", NULL, cb_pppoe, 0},
214 {"--syslog", NULL, cb_syslog, 0},
215 {"--verbose", NULL, cb_verbose, 0},
216 {"--no-daemon", NULL, cb_no_daemon, 0},
217 {"--no-promisc", NULL, cb_no_promisc, 0},
218 {"--no-dns", NULL, cb_no_dns, 0},
219 {"--no-macs", NULL, cb_no_macs, 0},
220 {"--no-lastseen", NULL, cb_no_lastseen, 0},
221 {"-p", "port", cb_port, 0},
222 {"-b", "bindaddr", cb_bindaddr, 0},
223 {"-f", "filter", cb_filter, 0},
224 {"-l", "network/netmask", cb_local, 0},
225 {"--chroot", "dir", cb_chroot, 0},
226 {"--user", "username", cb_user, 0},
227 {"--daylog", "filename", cb_daylog, 0},
228 {"--import", "filename", cb_import, 0},
229 {"--export", "filename", cb_export, 0},
230 {"--pidfile", "filename", cb_pidfile, 0},
231 {"--hosts-max", "count", cb_hosts_max, 0},
232 {"--hosts-keep", "count", cb_hosts_keep, 0},
233 {"--ports-max", "count", cb_ports_max, 0},
234 {"--ports-keep", "count", cb_ports_keep, 0},
235 {"--highest-port", "port", cb_highest_port, 0},
236 {"--wait", "secs", cb_wait_secs, 0},
237 {"--hexdump", NULL, cb_hexdump, 0},
238 {NULL, NULL, NULL, 0}
239 };
240
241 static void
242 pad(const int width)
243 {
244 int i;
245 for (i=0; i<width; i++) printf(" ");
246 }
247
248 /*
249 * We autogenerate the usage statement from the cmdline_args data structure.
250 */
251 static void
252 usage(void)
253 {
254 int width, first;
255 struct cmdline_arg *arg;
256
257 printf(PACKAGE_STRING " (built with libpcap %d.%d)\n\n",
258 PCAP_VERSION_MAJOR, PCAP_VERSION_MINOR);
259
260 width = printf("usage: darkstat ");
261 first = 1;
262
263 for (arg = cmdline_args; arg->name != NULL; arg++) {
264 if (first) first = 0; else pad(width);
265 printf("[ %s", arg->name);
266 if (arg->arg_name != NULL) printf(" %s", arg->arg_name);
267 printf(" ]\n");
268 }
269 printf("\n"
270 "Please refer to the darkstat(8) manual page for further\n"
271 "documentation and usage examples.\n");
272 }
273
274 static void
275 parse_sub_cmdline(const int argc, char * const *argv)
276 {
277 struct cmdline_arg *arg;
278
279 if (argc == 0) return;
280 for (arg = cmdline_args; arg->name != NULL; arg++)
281 if (strcmp(argv[0], arg->name) == 0) {
282 if ((arg->arg_name != NULL) && (argc == 1)) {
283 fprintf(stderr,
284 "error: argument \"%s\" requires parameter \"%s\"\n",
285 arg->name, arg->arg_name);
286 usage();
287 exit(EXIT_FAILURE);
288 }
289 if (arg->num_seen > 0) {
290 fprintf(stderr,
291 "error: already specified argument \"%s\"\n",
292 arg->name);
293 usage();
294 exit(EXIT_FAILURE);
295 }
296
297 arg->num_seen++;
298 if (arg->arg_name == NULL) {
299 arg->callback(NULL);
300 parse_sub_cmdline(argc-1, argv+1);
301 } else {
302 arg->callback(argv[1]);
303 parse_sub_cmdline(argc-2, argv+2);
304 }
305 return;
306 }
307
308 fprintf(stderr, "error: illegal argument: \"%s\"\n", argv[0]);
309 usage();
310 exit(EXIT_FAILURE);
311 }
312
313 static void
314 parse_cmdline(const int argc, char * const *argv)
315 {
316 if (argc < 1) {
317 /* Not enough args. */
318 usage();
319 exit(EXIT_FAILURE);
320 }
321
322 parse_sub_cmdline(argc, argv);
323
324 /* start syslogging as early as possible */
325 if (want_syslog) openlog("darkstat", LOG_NDELAY | LOG_PID, LOG_DAEMON);
326
327 /* some default values */
328 if (chroot_dir == NULL) chroot_dir = CHROOT_DIR;
329 if (privdrop_user == NULL) privdrop_user = PRIVDROP_USER;
330
331 /* sanity check args */
332 if ((interface == NULL) && (capfile == NULL))
333 errx(1, "must specify either interface (-i) or capture file (-r)");
334
335 if ((interface != NULL) && (capfile != NULL))
336 errx(1, "can't specify both interface (-i) and capture file (-r)");
337
338 if ((hosts_max != 0) && (hosts_keep >= hosts_max)) {
339 hosts_keep = hosts_max / 2;
340 warnx("reducing --hosts-keep to %u, to be under --hosts-max (%u)",
341 hosts_keep, hosts_max);
342 }
343 verbosef("max %u hosts, cutting down to %u when exceeded",
344 hosts_max, hosts_keep);
345
346 if ((ports_max != 0) && (ports_keep >= ports_max)) {
347 ports_keep = ports_max / 2;
348 warnx("reducing --ports-keep to %u, to be under --ports-max (%u)",
349 ports_keep, ports_max);
350 }
351 verbosef("max %u ports per host, cutting down to %u when exceeded",
352 ports_max, ports_keep);
353
354 if (want_hexdump && !want_verbose) {
355 want_verbose = 1;
356 verbosef("--hexdump implies --verbose");
357 }
358
359 if (want_hexdump && want_daemonize) {
360 want_daemonize = 0;
361 verbosef("--hexdump implies --no-daemon");
362 }
363 }
364
365 static void
366 run_from_capfile(void)
367 {
368 graph_init();
369 hosts_db_init();
370 cap_from_file(capfile, filter);
371 cap_stop();
372 if (export_fn != NULL) db_export(export_fn);
373 hosts_db_free();
374 graph_free();
375 verbosef("Total packets: %qu, bytes: %qu", total_packets, total_bytes);
376 }
377
378 /* --- Program body --- */
379 int
380 main(int argc, char **argv)
381 {
382 test_64order();
383 parse_cmdline(argc-1, argv+1);
384
385 if (capfile) {
386 /*
387 * This is very different from a regular run against a network
388 * interface.
389 */
390 run_from_capfile();
391 return 0;
392 }
393
394 /* must verbosef() before first fork to init lock */
395 verbosef("starting up");
396 if (pid_fn) pidfile_create(chroot_dir, pid_fn, privdrop_user);
397
398 if (want_daemonize) {
399 verbosef("daemonizing to run in the background!");
400 daemonize_start();
401 verbosef("I am the main process");
402 }
403 if (pid_fn) pidfile_write_close();
404
405 /* do this first as it forks - minimize memory use */
406 if (want_dns) dns_init(privdrop_user);
407 cap_init(interface, filter, want_promisc); /* needs root */
408 http_init(bindaddr, bindport, /*maxconn=*/ -1); /* low ports need root */
409 ncache_init(); /* must do before chroot() */
410
411 privdrop(chroot_dir, privdrop_user);
412
413 /* Don't need root privs for these: */
414 now = time(NULL);
415 if (daylog_fn != NULL) daylog_init(daylog_fn);
416 graph_init();
417 hosts_db_init();
418 if (import_fn != NULL) db_import(import_fn);
419 localip_init(interface);
420
421 if (signal(SIGTERM, sig_shutdown) == SIG_ERR)
422 errx(1, "signal(SIGTERM) failed");
423 if (signal(SIGINT, sig_shutdown) == SIG_ERR)
424 errx(1, "signal(SIGINT) failed");
425 if (signal(SIGUSR1, sig_reset) == SIG_ERR)
426 errx(1, "signal(SIGUSR1) failed");
427
428 verbosef("entering main loop");
429 daemonize_finish();
430
431 while (running) {
432 int select_ret, max_fd = -1, use_timeout = 0;
433 struct timeval timeout;
434 fd_set rs, ws;
435
436 now = time(NULL);
437
438 if (reset_pending) {
439 if (export_fn != NULL) db_export(export_fn); /* FIXME: USR2? */
440 hosts_db_reset();
441 graph_reset();
442 reset_pending = 0;
443 }
444
445 FD_ZERO(&rs);
446 FD_ZERO(&ws);
447
448 cap_fd_set(&rs, &max_fd, &timeout, &use_timeout);
449 http_fd_set(&rs, &ws, &max_fd, &timeout, &use_timeout);
450
451 select_ret = select(max_fd+1, &rs, &ws, NULL,
452 (use_timeout) ? &timeout : NULL);
453
454 if ((select_ret == 0) && (!use_timeout))
455 errx(1, "select() erroneously timed out");
456
457 if (select_ret == -1) {
458 if (errno == EINTR)
459 continue;
460 else
461 err(1, "select()");
462 }
463 else {
464 graph_rotate();
465 cap_poll(&rs);
466 dns_poll();
467 http_poll(&rs, &ws);
468 }
469 }
470
471 verbosef("shutting down");
472 verbosef("pcap stats: %u packets received, %u packets dropped",
473 pkts_recv, pkts_drop);
474 cap_stop();
475 dns_stop();
476 if (export_fn != NULL) db_export(export_fn);
477 hosts_db_free();
478 graph_free();
479 if (daylog_fn != NULL) daylog_free();
480 ncache_free();
481 if (pid_fn) pidfile_unlink();
482 verbosef("shut down");
483 return (EXIT_SUCCESS);
484 }
485
486 /* vim:set ts=3 sw=3 tw=78 expandtab: */