xref: /dports/net-mgmt/bpft/bpft/traflog/main.c

/*
 *	Copyleft (c) 2001 Grumbler <g@grumbler.org>
 *
 *	Copyright (c) 1999 RISS-Telecom Networking Center
 *
 *	Copyright (c) 1993 The CAD lab of the
 *	Novosibirsk Institute of Broadcasting and Telecommunication
 *
 *	BPFT $Id: main.c,v 1.12 2003/12/30 12:59:05 stas_degteff Exp $
 *
 *
 * Redistribution and use in source forms, with and without modification,
 * are permitted provided that this entire comment appears intact.
 * Redistribution in binary form may occur without any restrictions.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' WITHOUT ANY WARRANTIES OF ANY KIND.
 */

/*	main.c - tcp/udp data traffic log manager	*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <paths.h>
#include <fcntl.h>
#include <signal.h>
#include <ctype.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <pcap.h>
#if defined(__linux__)
#include <time.h>
#endif
#include "../include/interface.h"
#include "../include/addrtoname.h"
#include "../include/pathnames.h"
#include "traflog.h"

int aflag=0;		/* display all records, default last */
int fflag=0;		/* convert addresses to names only for local hosts */
int lflag=0;		/* output list of log file records */
int nflag=0;		/* don't convert addresses to host names */
int Nflag=0;		/* output host names without domain */
int rflag=0;		/* only return number of records or KB */
int sflag=0;		/* summary traffic */
unsigned short order=ORDER_TO;		/* sorting order */

#define	LASTOFFSET	((unsigned)-1) /* max unsigned value */
unsigned begin = 0, endin = LASTOFFSET;
int tbflag = 0, teflag = 0;
struct timeval tb, te;

char *device_name = NULL;
char *program_name, *f_end;

static time_t tval;

int fvnum = 0;
struct fmt_var *fv = NULL;

char *version();
static void setthetime(register char *,struct timeval *);
static int  get_format(char *);
static int  iskey(char *);

int
main(argc, argv)
	int argc;
	char **argv;
{
	register FILE *fd;
	FILE *fdw = NULL;
	register int op;
	int dflag = 0;		/* dump pattern */
	char buf[PATH_MAX], *cmdbuf, *infile = NULL;
	char ebuf[PCAP_ERRBUF_SIZE];
	extern char *optarg;
	extern int optind, opterr;
	bpf_u_int32 localnet, netmask;
	void usage(), onpipe(), printver();

	program_name = stripdir(argv[0]);

	if (time(&tval) == -1)
		error("error in function 'time'");

	opterr = 0;
	while ((op = getopt(argc, argv, "ab:de:fF:i:lnNo:rsw:S:V")) != EOF)
		switch (op) {
		case 'a':
			++aflag;
			break;
		case 'b':
			if( optarg[0]=='#' )
			{  if( !(begin = atoi(optarg+1)) )
				usage();
			}
			else if( (begin = atoi(optarg))>0 )
			{
				setthetime(optarg, &tb);
				++tbflag;
			}
			else usage();
			break;
		case 'd':
			++dflag;
			break;
		case 'e':
			if( optarg[0]=='#' )
			{  if (!(endin = atoi(optarg+1)))
				usage();
			}
			else if ( (endin=atoi(optarg)) > 0 ) {
				setthetime(optarg, &te);
				++teflag;
			}
			break;
		case 'f':
			++fflag;
			break;
		case 'F':
			infile = optarg;
			break;
		case 'i':
			device_name = optarg;
			break;
		case 'l':
			if (sflag)
				usage();
			++lflag;
			break;
		case 'n':
			++nflag;
			break;
		case 'N':
			++Nflag;
			break;
		case 'o':
			if (!get_format(optarg))
				error("output format '%s' not found", optarg);
			break;
		case 'r':
			++rflag;
			break;
		case 's':
			if (lflag)
				usage();
			++sflag;
			break;
		case 'w':
			if ((fdw = fopen(optarg, "w")) == NULL)
				error("can't write to %s", optarg);
			break;
		case 'S':
			if( !*optarg )
				usage();
			switch (*optarg){
			case 't': order = ORDER_TO; break;
			case 'f': order = ORDER_FROM; break;
			case 'b': order = ORDER_SIZE; break;
#if LAYOUT!=OLD
			case 'd': order = ORDER_DPORT; break;
#endif
			case 's': order = ORDER_SPORT; break;
			default:
				fprintf( stderr, "\n\tIllegal sort order parameter!\n\n" );
				usage();
			}
			break;
		case 'V':
			printver();
			break;
		default:
			usage();
		}

	signal(SIGPIPE, onpipe);

	if (infile) {
		if ((cmdbuf = getenv("PATTERNPATH")) != NULL) {
			infile = stripdir(infile);
			snprintf(buf, sizeof(buf), "%s/%s", cmdbuf, infile);
			infile = buf;
		}
		cmdbuf = read_infile(infile);
	} else
		cmdbuf = copy_argv(&argv[optind]);

	pattern(cmdbuf);
	if (dflag)
		exit(pat_print());

	if (device_name == 0) {
		if ((device_name = getenv("IFF_LISTEN")) == NULL)
			if ((device_name = pcap_lookupdev(ebuf)) == 0)
				error("%s", ebuf);
	} else {
		struct stat st;
		if ( !stat(device_name, &st) && (S_ISREG(st.st_mode) || S_ISLNK(st.st_mode)))
			localnet = netmask = 0;
		else {
			if (pcap_lookupnet(device_name, &localnet, &netmask, ebuf) < 0) {
				localnet = netmask = 0;
				warning("%s", ebuf);
			}
		}
	}

	init_addrtoname(localnet, netmask);

	if ( !(localnet || netmask) ) {  /* device_name is the file name */
		strncpy(buf, device_name, sizeof(buf));
		buf[sizeof(buf)]=0;
	} else                           /* device_name is the device name */
		snprintf(buf, sizeof(buf), "%strafd.%s", PATH_TOSAVE, device_name);

	if ((fd = fopen(buf, "r")) == NULL)
		error("can't open %s", buf);

	log_loop(fd, fdw);
	fclose(fd);
	if(fdw) fclose(fdw);
	exit(0);
}

static int
get_format(f_name)
	char *f_name;
{
	int cmnt, f_len = strlen(f_name);
	static char *dflt = PATH_TRAFLOG_FMT;
	char *f_fmt;
	register char *ptr;
	struct stat st;

	if ((f_fmt = getenv("FORMATPATH")) == NULL)
		f_fmt = dflt;
	if ((cmnt = open(f_fmt, O_RDONLY)) < 0)
		error("can't open %s", f_fmt);
	if (fstat(cmnt, &st) < 0)
		error("can't fstat %s", f_fmt);
	if ((f_fmt = malloc(st.st_size)) == NULL)
		error("can't allocate memory");
	if (read(cmnt, f_fmt, st.st_size) != st.st_size)
		error("can't read format file");
	close(cmnt);
	cmnt = 0;
	f_end = f_fmt + st.st_size;
	for (ptr = f_fmt; ptr < f_end; ptr++) {
		if (*ptr == '\n') {
			cmnt = 0;
			continue;
		}
		if (*ptr == '#') {
			cmnt++;
			continue;
		}
		if (cmnt)
			continue;
		if (f_len) {
			if (!strncmp(ptr, f_name, f_len))
				f_len = 0;
			continue;
		}
		if (*ptr == '}' && (*(ptr+1) == ';' || *(ptr+2) == ';'))
			break;
		ptr += iskey(ptr);
	}
	return fvnum;
}

static int
isformat(fmt)
	char *fmt;
{
	int i;
	char *ptr;
	char *str[2];

	ptr = fmt;
	for (i = 0; i < 2; i++)
		if ((ptr = memchr(ptr, '"', f_end - ptr)) != NULL) {
			str[i] = ptr;
			ptr += 3;
		} else
			return 0;
	++str[0];
	*str[1] = 0;
	if (strchr(str[0], '%') == NULL)
		return 0;
	while ((ptr = strrchr(str[0], '\\')) != NULL) {
		switch (*(ptr+1)) {
			case 'a':
				*ptr = 0x07;	/* BEL */
				break;
			case 'b':
				*ptr = 0x08;	/* BS */
				break;
			case 'f':
				*ptr = 0x0c;	/* FF */
				break;
			case 'n':
				*ptr = 0x0a;	/* LF */
				break;
			case 'r':
				*ptr = 0x0d;	/* CR */
				break;
			case 't':
				*ptr = 0x09;	/* HT */
				break;
			case 'v':
				*ptr = 0x0b;	/* VT */
				break;
			default:
				return 0;
		}
		bcopy(ptr+2, ptr+1,strlen(ptr+1)); /* only bcopy pass strings overlap */
	}
	if ((fv = realloc(fv, ++fvnum * sizeof(struct fmt_var))) == NULL)
		error("can't reallocate memory");
	fv[fvnum-1].format = str[0];

	return (str[1] - fmt);
}

static int
iskey(token)
	char *token;
{
	int i;

	if (!strncmp(token, "from", 4)) {
		if ((i = isformat(token + 4)))
			fv[fvnum-1].cmd = FROM;
		return i+4;
	}
	if (!strncmp(token, "to", 2)) {
		if ((i = isformat(token + 2)))
			fv[fvnum-1].cmd = TO;
		return i+2;
	}
	if (!strncmp(token, "sport", 5)) {
		if ((i = isformat(token + 5)))
			fv[fvnum-1].cmd = SPORT;
		return i+5;
	}
	if (!strncmp(token, "dport", 5)) {
		if ((i = isformat(token + 5)))
			fv[fvnum-1].cmd = DPORT;
		return i+5;
	}
	if (!strncmp(token, "proto", 5)) {
		if ((i = isformat(token + 5)))
			fv[fvnum-1].cmd = PROTO;
		return i+5;
	}
	if (!strncmp(token, "bytes", 5)) {
		if ((i = isformat(token + 5)))
			fv[fvnum-1].cmd = BYTES;
		return i+5;
	}
	if (!strncmp(token, "psize", 5)) {
		if ((i = isformat(token + 5)))
			fv[fvnum-1].cmd = PSIZE;
		return i+5;
	}
	if (!strncmp(token, "ftime", 5)) {
		if ((i = isformat(token + 5)))
			fv[fvnum-1].cmd = FTIME;
		return i+5;
	}
	if (!strncmp(token, "ltime", 5)) {
		if ((i = isformat(token + 5)))
			fv[fvnum-1].cmd = LTIME;
		return i+5;
	}
	return 0;
}

static void badformat()
{
	error("illegal time format");
}

static int days_in_month[12] =
	{31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};

#define	ATOI2(ar)	((ar)[0] - '0') * 10 + ((ar)[1] - '0'); (ar) += 2;
static void setthetime(p, tv)
	register char *p;
	struct timeval *tv;
{
	register struct tm *lt;
	int dot;
	char *t;

	for (t = p, dot = 0; *t; ++t)
		if (!isdigit(*t) && (*t != '.' || dot++))
			badformat();

	lt = localtime(&tval);

	if ((t = index(p, '.'))) {		/* .ss */
		*t++ = '\0';
		lt->tm_sec = ATOI2(t);
		if (lt->tm_sec >= 60)
			badformat();
	} else
		lt->tm_sec = 0;

	for (t = p; *t; ++t)
		if (!isdigit(*t))
			badformat();

	switch (strlen(p)) {
	case 10:				/* yy */
		lt->tm_year = ATOI2(p);
		if (lt->tm_year <= 69)		/* hack for 2000 ;-} */
			lt->tm_year += 100;
		/* FALLTHROUGH */
	case 8:					/* mm */
		lt->tm_mon = ATOI2(p);
		if (lt->tm_mon > 12)
			badformat();
		--lt->tm_mon;			/* time struct is 0 - 11 */
		/* FALLTHROUGH */
	case 6:					/* dd */
		lt->tm_mday = ATOI2(p);
		if (lt->tm_mday > days_in_month[lt->tm_mon]
		    && !(((lt->tm_year % 4 == 0 && lt->tm_year % 100 != 0)
		    || lt->tm_year % 400 == 0) && lt->tm_mon == 1
		    && lt->tm_mday == 29))
			badformat();
		/* FALLTHROUGH */
	case 4:					/* hh */
		lt->tm_hour = ATOI2(p);
		if (lt->tm_hour > 23)
			badformat();
		/* FALLTHROUGH */
	case 2:					/* mm */
		lt->tm_min = ATOI2(p);
		if (lt->tm_min > 59)
			badformat();
		break;
	default:
		badformat();
	}

	/* convert broken-down time to GMT clock time */
	if ((tval = mktime(lt)) == -1)
		badformat();

	tv->tv_sec = tval;
	tv->tv_usec = 0;
}


void
onpipe()
{
	exit(1);
}

void
printver()
{
	fprintf(stderr,
	"traflog v%s - tcp/udp data traffic log manager (BPFT project)\n\n",
	version() );
}

void
usage()
{
	printver();
	fprintf(stderr,
"Usage:\t%s -l [-i iface] [-b #] [-e #] [-rV]\n\
\t%s -d [-fnNV] [-F file | pattern]\n\
\t%s [-i iface|file] [-b #] [-e #] [-afnNrsV] [-S sortorder] [-o format] \\\n\
\t\t[-w file] [-F file | pattern]\n\
    where sortorder: (from|to|bytes|srcport|dstport) or (f|t|b|s|d)\n\
          #: (#nnn | yymmddHHMM.ss)\n",
		program_name, program_name, program_name);
	exit(-1);
}