Report gettimeofday() for comparison.
[darkstat] / darkstat.c
1 /* darkstat 3
2 * copyright (c) 2001-2010 Emil Mikulic.
3 *
4 * darkstat.c: signals, cmdline parsing, program body.
5 *
6 * You may use, modify and redistribute this file under the terms of the
7 * GNU General Public License version 2. (see COPYING.GPL)
8 */
9
10 #include "darkstat.h"
11 #include "acct.h"
12 #include "cap.h"
13 #include "conv.h"
14 #include "daylog.h"
15 #include "seclog.h"
16 #include "db.h"
17 #include "dns.h"
18 #include "http.h"
19 #include "hosts_db.h"
20 #include "localip.h"
21 #include "ncache.h"
22 #include "pidfile.h"
23
24 #include "err.h"
25 #include <arpa/inet.h>
26 #include <assert.h>
27 #include <errno.h>
28 #include <signal.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <syslog.h>
33 #include <unistd.h>
34 #include <pcap.h>
35
36 #include "now.h"
37 time_t now;
38
39 #ifndef INADDR_NONE
40 # define INADDR_NONE (-1) /* Solaris */
41 #endif
42
43 /* --- Signal handling --- */
44 static volatile int running = 1;
45 static void sig_shutdown(int signum _unused_) { running = 0; }
46
47 static volatile int reset_pending = 0;
48 static void sig_reset(int signum _unused_) { reset_pending = 1; }
49
50 /* --- Commandline parsing --- */
51 static unsigned long
52 parsenum(const char *str, unsigned long max /* 0 for no max */)
53 {
54 unsigned long n;
55 char *end;
56
57 errno = 0;
58 n = strtoul(str, &end, 10);
59 if (*end != '\0')
60 errx(1, "\"%s\" is not a valid number", str);
61 if (errno == ERANGE)
62 errx(1, "\"%s\" is out of range", str);
63 if ((max != 0) && (n > max))
64 errx(1, "\"%s\" is out of range (max %lu)", str, max);
65 return n;
66 }
67
68 const char *interface = NULL;
69 static void cb_interface(const char *arg) { interface = arg; }
70
71 const char *capfile = NULL;
72 static void cb_capfile(const char *arg) { capfile = arg; }
73
74 int want_snaplen = -1;
75 static void cb_snaplen(const char *arg) { want_snaplen = parsenum(arg, 0); }
76
77 int want_pppoe = 0;
78 static void cb_pppoe(const char *arg _unused_) { want_pppoe = 1; }
79
80 static void cb_syslog(const char *arg _unused_) { want_syslog = 1; }
81
82 static void cb_verbose(const char *arg _unused_) { want_verbose = 1; }
83
84 int want_daemonize = 1;
85 static void cb_no_daemon(const char *arg _unused_) { want_daemonize = 0; }
86
87 int want_promisc = 1;
88 static void cb_no_promisc(const char *arg _unused_) { want_promisc = 0; }
89
90 int want_dns = 1;
91 static void cb_no_dns(const char *arg _unused_) { want_dns = 0; }
92
93 int want_macs = 1;
94 static void cb_no_macs(const char *arg _unused_) { want_macs = 0; }
95
96 int want_lastseen = 1;
97 static void cb_no_lastseen(const char *arg _unused_) { want_lastseen = 0; }
98
99 unsigned short bindport = 667;
100 static void cb_port(const char *arg) { bindport = parsenum(arg, 65536); }
101
102 in_addr_t bindaddr = INADDR_ANY;
103 static void cb_bindaddr(const char *arg)
104 {
105 bindaddr = inet_addr(arg);
106 if (bindaddr == (in_addr_t)INADDR_NONE)
107 errx(1, "malformed address \"%s\"", arg);
108 }
109
110 const char *filter = NULL;
111 static void cb_filter(const char *arg) { filter = arg; }
112
113 static void cb_local(const char *arg) { acct_init_localnet(arg); }
114
115 const char *chroot_dir = NULL;
116 static void cb_chroot(const char *arg) { chroot_dir = arg; }
117
118 const char *privdrop_user = NULL;
119 static void cb_user(const char *arg) { privdrop_user = arg; }
120
121 const char *daylog_fn = NULL;
122 static void cb_daylog(const char *arg)
123 {
124 if (chroot_dir == NULL)
125 errx(1, "the daylog file is relative to the chroot.\n"
126 "You must specify a --chroot dir before you can use --daylog.");
127 else
128 daylog_fn = arg;
129 }
130
131 const char *seclog_fn_base = NULL;
132 static void cb_seclog(const char *arg)
133 {
134 if (chroot_dir == NULL)
135 errx(1, "the seclog file is relative to the chroot.\n"
136 "You must specify a --chroot dir before you can use --seclog.");
137 else
138 seclog_fn_base = arg;
139 }
140
141 const char *import_fn = NULL;
142 static void cb_import(const char *arg)
143 {
144 if (chroot_dir == NULL)
145 errx(1, "the import file is relative to the chroot.\n"
146 "You must specify a --chroot dir before you can use --import.");
147 else
148 import_fn = arg;
149 }
150
151 const char *export_fn = NULL;
152 static void cb_export(const char *arg)
153 {
154 if ((chroot_dir == NULL) && (capfile == NULL))
155 errx(1, "the export file is relative to the chroot.\n"
156 "You must specify a --chroot dir before you can use --export.");
157 else
158 export_fn = arg;
159 }
160
161 static const char *pid_fn = NULL;
162 static void cb_pidfile(const char *arg)
163 {
164 if (chroot_dir == NULL)
165 errx(1, "the pidfile is relative to the chroot.\n"
166 "You must specify a --chroot dir before you can use --pidfile.");
167 else
168 pid_fn = arg;
169 }
170
171 unsigned int hosts_max = 1000;
172 static void cb_hosts_max(const char *arg)
173 { hosts_max = parsenum(arg, 0); }
174
175 unsigned int hosts_keep = 500;
176 static void cb_hosts_keep(const char *arg)
177 { hosts_keep = parsenum(arg, 0); }
178
179 unsigned int ports_max = 200;
180 static void cb_ports_max(const char *arg)
181 { ports_max = parsenum(arg, 65536); }
182
183 unsigned int ports_keep = 30;
184 static void cb_ports_keep(const char *arg)
185 { ports_keep = parsenum(arg, 65536); }
186
187 unsigned int highest_port = 65535;
188 static void cb_highest_port(const char *arg)
189 { highest_port = parsenum(arg, 65535); }
190
191 int wait_secs = -1;
192 static void cb_wait_secs(const char *arg)
193 { wait_secs = parsenum(arg, 0); }
194
195 int want_hexdump = 0;
196 static void cb_hexdump(const char *arg _unused_) { want_hexdump = 1; }
197
198 /* --- */
199
200 struct cmdline_arg {
201 const char *name, *arg_name; /* NULL arg_name means unary */
202 void (*callback)(const char *arg);
203 int num_seen;
204 };
205
206 static struct cmdline_arg cmdline_args[] = {
207 {"-i", "interface", cb_interface, 0},
208 {"-r", "file", cb_capfile, 0},
209 {"--snaplen", "bytes", cb_snaplen, 0},
210 {"--pppoe", NULL, cb_pppoe, 0},
211 {"--syslog", NULL, cb_syslog, 0},
212 {"--verbose", NULL, cb_verbose, 0},
213 {"--no-daemon", NULL, cb_no_daemon, 0},
214 {"--no-promisc", NULL, cb_no_promisc, 0},
215 {"--no-dns", NULL, cb_no_dns, 0},
216 {"--no-macs", NULL, cb_no_macs, 0},
217 {"--no-lastseen", NULL, cb_no_lastseen, 0},
218 {"-p", "port", cb_port, 0},
219 {"-b", "bindaddr", cb_bindaddr, 0},
220 {"-f", "filter", cb_filter, 0},
221 {"-l", "network/netmask", cb_local, 0},
222 {"--chroot", "dir", cb_chroot, 0},
223 {"--user", "username", cb_user, 0},
224 {"--daylog", "filename", cb_daylog, 0},
225 {"--seclog", "filename", cb_seclog, 0},
226 {"--import", "filename", cb_import, 0},
227 {"--export", "filename", cb_export, 0},
228 {"--pidfile", "filename", cb_pidfile, 0},
229 {"--hosts-max", "count", cb_hosts_max, 0},
230 {"--hosts-keep", "count", cb_hosts_keep, 0},
231 {"--ports-max", "count", cb_ports_max, 0},
232 {"--ports-keep", "count", cb_ports_keep, 0},
233 {"--highest-port", "port", cb_highest_port, 0},
234 {"--wait", "secs", cb_wait_secs, 0},
235 {"--hexdump", NULL, cb_hexdump, 0},
236 {NULL, NULL, NULL, 0}
237 };
238
239 static void
240 pad(const int width)
241 {
242 int i;
243 for (i=0; i<width; i++) printf(" ");
244 }
245
246 /*
247 * We autogenerate the usage statement from the cmdline_args data structure.
248 */
249 static void
250 usage(void)
251 {
252 int width, first;
253 struct cmdline_arg *arg;
254
255 printf(PACKAGE_STRING " (built with libpcap %d.%d)\n\n",
256 PCAP_VERSION_MAJOR, PCAP_VERSION_MINOR);
257
258 width = printf("usage: darkstat ");
259 first = 1;
260
261 for (arg = cmdline_args; arg->name != NULL; arg++) {
262 if (first) first = 0; else pad(width);
263 printf("[ %s", arg->name);
264 if (arg->arg_name != NULL) printf(" %s", arg->arg_name);
265 printf(" ]\n");
266 }
267 printf("\n"
268 "Please refer to the darkstat(8) manual page for further\n"
269 "documentation and usage examples.\n");
270 }
271
272 static void
273 parse_sub_cmdline(const int argc, char * const *argv)
274 {
275 struct cmdline_arg *arg;
276
277 if (argc == 0) return;
278 for (arg = cmdline_args; arg->name != NULL; arg++)
279 if (strcmp(argv[0], arg->name) == 0) {
280 if ((arg->arg_name != NULL) && (argc == 1)) {
281 fprintf(stderr,
282 "error: argument \"%s\" requires parameter \"%s\"\n",
283 arg->name, arg->arg_name);
284 usage();
285 exit(EXIT_FAILURE);
286 }
287 if (arg->num_seen > 0) {
288 fprintf(stderr,
289 "error: already specified argument \"%s\"\n",
290 arg->name);
291 usage();
292 exit(EXIT_FAILURE);
293 }
294
295 arg->num_seen++;
296 if (arg->arg_name == NULL) {
297 arg->callback(NULL);
298 parse_sub_cmdline(argc-1, argv+1);
299 } else {
300 arg->callback(argv[1]);
301 parse_sub_cmdline(argc-2, argv+2);
302 }
303 return;
304 }
305
306 fprintf(stderr, "error: illegal argument: \"%s\"\n", argv[0]);
307 usage();
308 exit(EXIT_FAILURE);
309 }
310
311 static void
312 parse_cmdline(const int argc, char * const *argv)
313 {
314 if (argc < 1) {
315 /* Not enough args. */
316 usage();
317 exit(EXIT_FAILURE);
318 }
319
320 parse_sub_cmdline(argc, argv);
321
322 /* start syslogging as early as possible */
323 if (want_syslog) openlog("darkstat", LOG_NDELAY | LOG_PID, LOG_DAEMON);
324
325 /* some default values */
326 if (chroot_dir == NULL) chroot_dir = CHROOT_DIR;
327 if (privdrop_user == NULL) privdrop_user = PRIVDROP_USER;
328
329 /* sanity check args */
330 if ((interface == NULL) && (capfile == NULL))
331 errx(1, "must specify either interface (-i) or capture file (-r)");
332
333 if ((interface != NULL) && (capfile != NULL))
334 errx(1, "can't specify both interface (-i) and capture file (-r)");
335
336 if ((hosts_max != 0) && (hosts_keep >= hosts_max)) {
337 hosts_keep = hosts_max / 2;
338 warnx("reducing --hosts-keep to %u, to be under --hosts-max (%u)",
339 hosts_keep, hosts_max);
340 }
341 verbosef("max %u hosts, cutting down to %u when exceeded",
342 hosts_max, hosts_keep);
343
344 if ((ports_max != 0) && (ports_keep >= ports_max)) {
345 ports_keep = ports_max / 2;
346 warnx("reducing --ports-keep to %u, to be under --ports-max (%u)",
347 ports_keep, ports_max);
348 }
349 verbosef("max %u ports per host, cutting down to %u when exceeded",
350 ports_max, ports_keep);
351
352 if (want_hexdump && !want_verbose) {
353 want_verbose = 1;
354 verbosef("--hexdump implies --verbose");
355 }
356
357 if (want_hexdump && want_daemonize) {
358 want_daemonize = 0;
359 verbosef("--hexdump implies --no-daemon");
360 }
361 }
362
363 static void
364 run_from_capfile(void)
365 {
366 graph_init();
367 hosts_db_init();
368 cap_from_file(capfile, filter);
369 cap_stop();
370 if (export_fn != NULL) db_export(export_fn);
371 hosts_db_free();
372 graph_free();
373 verbosef("Total packets: %qu, bytes: %qu", total_packets, total_bytes);
374 }
375
376 /* --- Program body --- */
377 int
378 main(int argc, char **argv)
379 {
380 test_64order();
381 parse_cmdline(argc-1, argv+1);
382
383 if (capfile) {
384 /*
385 * This is very different from a regular run against a network
386 * interface.
387 */
388 run_from_capfile();
389 return 0;
390 }
391
392 /* must verbosef() before first fork to init lock */
393 verbosef("starting up");
394 if (pid_fn) pidfile_create(chroot_dir, pid_fn, privdrop_user);
395
396 if (want_daemonize) {
397 verbosef("daemonizing to run in the background!");
398 daemonize_start();
399 verbosef("I am the main process");
400 }
401 if (pid_fn) pidfile_write_close();
402
403 /* do this first as it forks - minimize memory use */
404 if (want_dns) dns_init(privdrop_user);
405 cap_init(interface, filter, want_promisc); /* needs root */
406 http_init(bindaddr, bindport, /*maxconn=*/ -1); /* low ports need root */
407 ncache_init(); /* must do before chroot() */
408
409 privdrop(chroot_dir, privdrop_user);
410
411 /* Don't need root privs for these: */
412 now = time(NULL);
413 if (daylog_fn != NULL) daylog_init(daylog_fn);
414 if (seclog_fn_base != NULL) seclog_init(seclog_fn_base);
415 graph_init();
416 hosts_db_init();
417 if (import_fn != NULL) db_import(import_fn);
418 localip_init(interface);
419
420 if (signal(SIGTERM, sig_shutdown) == SIG_ERR)
421 errx(1, "signal(SIGTERM) failed");
422 if (signal(SIGINT, sig_shutdown) == SIG_ERR)
423 errx(1, "signal(SIGINT) failed");
424 if (signal(SIGUSR1, sig_reset) == SIG_ERR)
425 errx(1, "signal(SIGUSR1) failed");
426
427 verbosef("entering main loop");
428 daemonize_finish();
429
430 while (running) {
431 int select_ret, max_fd = -1, use_timeout = 0;
432 struct timeval timeout;
433 fd_set rs, ws;
434
435 now = time(NULL);
436
437 if (reset_pending) {
438 if (export_fn != NULL) db_export(export_fn); /* FIXME: USR2? */
439 hosts_db_reset();
440 graph_reset();
441 reset_pending = 0;
442 }
443
444 FD_ZERO(&rs);
445 FD_ZERO(&ws);
446
447 cap_fd_set(&rs, &max_fd, &timeout, &use_timeout);
448 http_fd_set(&rs, &ws, &max_fd, &timeout, &use_timeout);
449
450 select_ret = select(max_fd+1, &rs, &ws, NULL,
451 (use_timeout) ? &timeout : NULL);
452
453 if ((select_ret == 0) && (!use_timeout))
454 errx(1, "select() erroneously timed out");
455
456 if (select_ret == -1) {
457 if (errno == EINTR)
458 continue;
459 else
460 err(1, "select()");
461 }
462 else {
463 graph_rotate();
464 cap_poll(&rs);
465 dns_poll();
466 http_poll(&rs, &ws);
467 }
468 }
469
470 verbosef("shutting down");
471 verbosef("pcap stats: %u packets received, %u packets dropped",
472 pkts_recv, pkts_drop);
473 cap_stop();
474 dns_stop();
475 if (export_fn != NULL) db_export(export_fn);
476 hosts_db_free();
477 graph_free();
478 if (daylog_fn != NULL) daylog_free();
479 if (seclog_fn_base != NULL) seclog_free();
480 ncache_free();
481 if (pid_fn) pidfile_unlink();
482 verbosef("shut down");
483 return (EXIT_SUCCESS);
484 }
485
486 /* vim:set ts=3 sw=3 tw=78 expandtab: */