e974d523fd0842e1697f785fe5f9f3e95a8bab44
[darkstat] / darkstat.c
1 /* darkstat 3
2 * copyright (c) 2001-2009 Emil Mikulic.
3 *
4 * darkstat.c: signals, cmdline parsing, program body.
5 *
6 * You may use, modify and redistribute this file under the terms of the
7 * GNU General Public License version 2. (see COPYING.GPL)
8 */
9
10 #include "darkstat.h"
11 #include "acct.h"
12 #include "cap.h"
13 #include "conv.h"
14 #include "daylog.h"
15 #include "db.h"
16 #include "dns.h"
17 #include "http.h"
18 #include "hosts_db.h"
19 #include "localip.h"
20 #include "ncache.h"
21 #include "pidfile.h"
22
23 #include "err.h"
24 #include <arpa/inet.h>
25 #include <assert.h>
26 #include <errno.h>
27 #include <signal.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <unistd.h>
32 #include <pcap.h>
33
34 #include "now.h"
35 time_t now;
36
37 #ifndef INADDR_NONE
38 # define INADDR_NONE (-1) /* Solaris */
39 #endif
40
41 /* --- Signal handling --- */
42 static volatile int running = 1;
43 static void sig_shutdown(int signum _unused_) { running = 0; }
44
45 static volatile int reset_pending = 0;
46 static void sig_reset(int signum _unused_) { reset_pending = 1; }
47
48 /* --- Commandline parsing --- */
49 static unsigned long
50 parsenum(const char *str, unsigned long max /* 0 for no max */)
51 {
52 unsigned long n;
53 char *end;
54
55 errno = 0;
56 n = strtoul(str, &end, 10);
57 if (*end != '\0')
58 errx(1, "\"%s\" is not a valid number", str);
59 if (errno == ERANGE)
60 errx(1, "\"%s\" is out of range", str);
61 if ((max != 0) && (n > max))
62 errx(1, "\"%s\" is out of range (max %lu)", str, max);
63 return n;
64 }
65
66 const char *interface = NULL;
67 static void cb_interface(const char *arg) { interface = arg; }
68
69 const char *capfile = NULL;
70 static void cb_capfile(const char *arg) { capfile = arg; }
71
72 int want_pppoe = 0;
73 static void cb_pppoe(const char *arg _unused_) { want_pppoe = 1; }
74
75 static void cb_verbose(const char *arg _unused_) { want_verbose = 1; }
76
77 int want_daemonize = 1;
78 static void cb_no_daemon(const char *arg _unused_) { want_daemonize = 0; }
79
80 int want_promisc = 1;
81 static void cb_no_promisc(const char *arg _unused_) { want_promisc = 0; }
82
83 int want_dns = 1;
84 static void cb_no_dns(const char *arg _unused_) { want_dns = 0; }
85
86 int want_macs = 1;
87 static void cb_no_macs(const char *arg _unused_) { want_macs = 0; }
88
89 unsigned short bindport = 667;
90 static void cb_port(const char *arg) { bindport = parsenum(arg, 65536); }
91
92 in_addr_t bindaddr = INADDR_ANY;
93 static void cb_bindaddr(const char *arg)
94 {
95 bindaddr = inet_addr(arg);
96 if (bindaddr == (in_addr_t)INADDR_NONE)
97 errx(1, "malformed address \"%s\"", arg);
98 }
99
100 const char *filter = NULL;
101 static void cb_filter(const char *arg) { filter = arg; }
102
103 static void cb_local(const char *arg) { acct_init_localnet(arg); }
104
105 const char *chroot_dir = NULL;
106 static void cb_chroot(const char *arg) { chroot_dir = arg; }
107
108 const char *privdrop_user = NULL;
109 static void cb_user(const char *arg) { privdrop_user = arg; }
110
111 const char *daylog_fn = NULL;
112 static void cb_daylog(const char *arg)
113 {
114 if (chroot_dir == NULL)
115 errx(1, "the daylog file is relative to the chroot.\n"
116 "You must specify a --chroot dir before you can use --daylog.");
117 else
118 daylog_fn = arg;
119 }
120
121 const char *import_fn = NULL;
122 static void cb_import(const char *arg)
123 {
124 if (chroot_dir == NULL)
125 errx(1, "the import file is relative to the chroot.\n"
126 "You must specify a --chroot dir before you can use --import.");
127 else
128 import_fn = arg;
129 }
130
131 const char *export_fn = NULL;
132 static void cb_export(const char *arg)
133 {
134 if ((chroot_dir == NULL) && (capfile == NULL))
135 errx(1, "the export file is relative to the chroot.\n"
136 "You must specify a --chroot dir before you can use --export.");
137 else
138 export_fn = arg;
139 }
140
141 static const char *pid_fn = NULL;
142 static void cb_pidfile(const char *arg)
143 {
144 if (chroot_dir == NULL)
145 errx(1, "the pidfile is relative to the chroot.\n"
146 "You must specify a --chroot dir before you can use --pidfile.");
147 else
148 pid_fn = arg;
149 }
150
151 unsigned int hosts_max = 1000;
152 static void cb_hosts_max(const char *arg)
153 { hosts_max = parsenum(arg, 0); }
154
155 unsigned int hosts_keep = 500;
156 static void cb_hosts_keep(const char *arg)
157 { hosts_keep = parsenum(arg, 0); }
158
159 unsigned int ports_max = 200;
160 static void cb_ports_max(const char *arg)
161 { ports_max = parsenum(arg, 65536); }
162
163 unsigned int ports_keep = 30;
164 static void cb_ports_keep(const char *arg)
165 { ports_keep = parsenum(arg, 65536); }
166
167 unsigned int highest_port = 65535;
168 static void cb_highest_port(const char *arg)
169 { highest_port = parsenum(arg, 65535); }
170
171 int want_hexdump = 0;
172 static void cb_hexdump(const char *arg _unused_) { want_hexdump = 1; }
173
174 /* --- */
175
176 struct cmdline_arg {
177 const char *name, *arg_name; /* NULL arg_name means unary */
178 void (*callback)(const char *arg);
179 int num_seen;
180 };
181
182 static struct cmdline_arg cmdline_args[] = {
183 {"-i", "interface", cb_interface, 0},
184 {"-r", "file", cb_capfile, 0},
185 {"--pppoe", NULL, cb_pppoe, 0},
186 {"--verbose", NULL, cb_verbose, 0},
187 {"--no-daemon", NULL, cb_no_daemon, 0},
188 {"--no-promisc", NULL, cb_no_promisc, 0},
189 {"--no-dns", NULL, cb_no_dns, 0},
190 {"--no-macs", NULL, cb_no_macs, 0},
191 {"-p", "port", cb_port, 0},
192 {"-b", "bindaddr", cb_bindaddr, 0},
193 {"-f", "filter", cb_filter, 0},
194 {"-l", "network/netmask", cb_local, 0},
195 {"--chroot", "dir", cb_chroot, 0},
196 {"--user", "username", cb_user, 0},
197 {"--daylog", "filename", cb_daylog, 0},
198 {"--import", "filename", cb_import, 0},
199 {"--export", "filename", cb_export, 0},
200 {"--pidfile", "filename", cb_pidfile, 0},
201 {"--hosts-max", "count", cb_hosts_max, 0},
202 {"--hosts-keep", "count", cb_hosts_keep, 0},
203 {"--ports-max", "count", cb_ports_max, 0},
204 {"--ports-keep", "count", cb_ports_keep, 0},
205 {"--highest-port", "port", cb_highest_port, 0},
206 {"--hexdump", NULL, cb_hexdump, 0},
207 {NULL, NULL, NULL, 0}
208 };
209
210 static void
211 pad(const int width)
212 {
213 int i;
214 for (i=0; i<width; i++) printf(" ");
215 }
216
217 /*
218 * We autogenerate the usage statement from the cmdline_args data structure.
219 */
220 static void
221 usage(void)
222 {
223 int width, first;
224 struct cmdline_arg *arg;
225
226 printf(PACKAGE_STRING " (built with libpcap %d.%d)\n\n",
227 PCAP_VERSION_MAJOR, PCAP_VERSION_MINOR);
228
229 width = printf("usage: darkstat ");
230 first = 1;
231
232 for (arg = cmdline_args; arg->name != NULL; arg++) {
233 if (first) first = 0; else pad(width);
234 printf("[ %s", arg->name);
235 if (arg->arg_name != NULL) printf(" %s", arg->arg_name);
236 printf(" ]\n");
237 }
238 printf("\n"
239 "Please refer to the darkstat(8) manual page for further\n"
240 "documentation and usage examples.\n");
241 }
242
243 static void
244 parse_sub_cmdline(const int argc, char * const *argv)
245 {
246 struct cmdline_arg *arg;
247
248 if (argc == 0) return;
249 for (arg = cmdline_args; arg->name != NULL; arg++)
250 if (strcmp(argv[0], arg->name) == 0) {
251 if ((arg->arg_name != NULL) && (argc == 1)) {
252 printf("\nerror: argument \"%s\" requires parameter \"%s\"\n",
253 arg->name, arg->arg_name);
254 usage();
255 exit(EXIT_FAILURE);
256 }
257 if (arg->num_seen > 0) {
258 printf("\nerror: already specified argument \"%s\"\n",
259 arg->name);
260 usage();
261 exit(EXIT_FAILURE);
262 }
263
264 arg->num_seen++;
265 if (arg->arg_name == NULL) {
266 arg->callback(NULL);
267 parse_sub_cmdline(argc-1, argv+1);
268 } else {
269 arg->callback(argv[1]);
270 parse_sub_cmdline(argc-2, argv+2);
271 }
272 return;
273 }
274
275 printf("\nerror: illegal argument: \"%s\"\n", argv[0]);
276 usage();
277 exit(EXIT_FAILURE);
278 }
279
280 static void
281 parse_cmdline(const int argc, char * const *argv)
282 {
283 if (argc < 1) {
284 /* Not enough args. */
285 usage();
286 exit(EXIT_FAILURE);
287 }
288
289 parse_sub_cmdline(argc, argv);
290
291 /* some default values */
292 if (chroot_dir == NULL) chroot_dir = CHROOT_DIR;
293 if (privdrop_user == NULL) privdrop_user = PRIVDROP_USER;
294
295 /* sanity check args */
296 if ((interface == NULL) && (capfile == NULL))
297 errx(1, "must specify either interface (-i) or capture file (-r)");
298
299 if ((interface != NULL) && (capfile != NULL))
300 errx(1, "can't specify both interface (-i) and capture file (-r)");
301
302 if ((hosts_max != 0) && (hosts_keep >= hosts_max)) {
303 hosts_keep = hosts_max / 2;
304 warnx("reducing --hosts-keep to %u, to be under --hosts-max (%u)",
305 hosts_keep, hosts_max);
306 }
307 verbosef("max %u hosts, cutting down to %u when exceeded",
308 hosts_max, hosts_keep);
309
310 if ((ports_max != 0) && (ports_keep >= ports_max)) {
311 ports_keep = ports_max / 2;
312 warnx("reducing --ports-keep to %u, to be under --ports-max (%u)",
313 ports_keep, ports_max);
314 }
315 verbosef("max %u ports per host, cutting down to %u when exceeded",
316 ports_max, ports_keep);
317
318 if (want_hexdump && !want_verbose) {
319 want_verbose = 1;
320 verbosef("--hexdump implies --verbose");
321 }
322
323 if (want_hexdump && want_daemonize) {
324 want_daemonize = 0;
325 verbosef("--hexdump implies --no-daemon");
326 }
327 }
328
329 static void
330 run_from_capfile(void)
331 {
332 graph_init();
333 hosts_db_init();
334 cap_from_file(capfile, filter);
335 cap_stop();
336 if (export_fn != NULL) db_export(export_fn);
337 hosts_db_free();
338 graph_free();
339 verbosef("Total packets: %qu, bytes: %qu", total_packets, total_bytes);
340 }
341
342 /* --- Program body --- */
343 int
344 main(int argc, char **argv)
345 {
346 test_64order();
347 parse_cmdline(argc-1, argv+1);
348
349 if (capfile) {
350 /*
351 * This is very different from a regular run against a network
352 * interface.
353 */
354 run_from_capfile();
355 return 0;
356 }
357
358 /* must verbosef() before first fork to init lock */
359 verbosef("starting up");
360 if (pid_fn) pidfile_create(chroot_dir, pid_fn, privdrop_user);
361
362 if (want_daemonize) {
363 verbosef("daemonizing to run in the background!");
364 daemonize_start();
365 verbosef("I am the main process");
366 }
367 if (pid_fn) pidfile_write_close();
368
369 /* do this first as it forks - minimize memory use */
370 if (want_dns) dns_init(privdrop_user);
371 cap_init(interface, filter, want_promisc); /* needs root */
372 http_init(bindaddr, bindport, /*maxconn=*/ -1); /* low ports need root */
373 ncache_init(); /* must do before chroot() */
374
375 privdrop(chroot_dir, privdrop_user);
376
377 /* Don't need root privs for these: */
378 now = time(NULL);
379 if (daylog_fn != NULL) daylog_init(daylog_fn);
380 graph_init();
381 hosts_db_init();
382 if (import_fn != NULL) db_import(import_fn);
383 localip_init(interface);
384
385 if (signal(SIGTERM, sig_shutdown) == SIG_ERR)
386 errx(1, "signal(SIGTERM) failed");
387 if (signal(SIGINT, sig_shutdown) == SIG_ERR)
388 errx(1, "signal(SIGINT) failed");
389 if (signal(SIGUSR1, sig_reset) == SIG_ERR)
390 errx(1, "signal(SIGUSR1) failed");
391
392 verbosef("entering main loop");
393 daemonize_finish();
394
395 while (running) {
396 int select_ret, max_fd = -1, use_timeout = 0;
397 struct timeval timeout;
398 fd_set rs, ws;
399
400 now = time(NULL);
401
402 if (reset_pending) {
403 if (export_fn != NULL) db_export(export_fn); /* FIXME: USR2? */
404 hosts_db_reset();
405 graph_reset();
406 reset_pending = 0;
407 }
408
409 FD_ZERO(&rs);
410 FD_ZERO(&ws);
411
412 cap_fd_set(&rs, &max_fd, &timeout, &use_timeout);
413 http_fd_set(&rs, &ws, &max_fd, &timeout, &use_timeout);
414
415 select_ret = select(max_fd+1, &rs, &ws, NULL,
416 (use_timeout) ? &timeout : NULL);
417
418 if ((select_ret == 0) && (!use_timeout))
419 errx(1, "select() erroneously timed out");
420
421 if (select_ret == -1) {
422 if (errno == EINTR)
423 continue;
424 else
425 err(1, "select()");
426 }
427 else {
428 graph_rotate();
429 cap_poll(&rs);
430 dns_poll();
431 http_poll(&rs, &ws);
432 }
433 }
434
435 verbosef("shutting down");
436 verbosef("pcap stats: %u packets received, %u packets dropped",
437 pkts_recv, pkts_drop);
438 cap_stop();
439 dns_stop();
440 if (export_fn != NULL) db_export(export_fn);
441 hosts_db_free();
442 graph_free();
443 if (daylog_fn != NULL) daylog_free();
444 ncache_free();
445 if (pid_fn) pidfile_unlink();
446 verbosef("shut down");
447 return (EXIT_SUCCESS);
448 }
449
450 /* vim:set ts=3 sw=3 tw=78 expandtab: */