int main( int argc, char **argv ) { struct stat stat_buff; char *rfile, *ffile, *filter, *tstring; int c, confirm, ffd, ret, blast, netflow_version; unsigned int delay, count, sockbuff_size; time_t t_start, t_end; rfile = ffile = filter = tstring = NULL; t_start = t_end = 0; peer.hostname = NULL; peer.port = DEFAULTCISCOPORT; peer.mcast = 0; peer.family = AF_UNSPEC; peer.sockfd = 0; delay = 1; count = 0xFFFFFFFF; sockbuff_size = 0; netflow_version = 5; blast = 0; verbose = 0; confirm = 0; while ((c = getopt(argc, argv, "46BhH:i:K:L:p:d:c:b:j:r:f:t:v:VY")) != EOF) { switch (c) { case 'h': usage(argv[0]); exit(0); break; case 'B': blast = 1; break; case 'V': printf("%s: Version: %s\n",argv[0], nfdump_version); exit(0); break; case 'Y': confirm = 1; break; case 'H': case 'i': // compatibility with old version peer.hostname = strdup(optarg); peer.mcast = 0; break; case 'j': if ( peer.hostname == NULL ) { peer.hostname = strdup(optarg); peer.mcast = 1; } else { LogError("ERROR, -H(-i) and -j are mutually exclusive!!\n"); exit(255); } break; case 'K': LogError("*** Anonymization moved! Use nfanon to anonymize flows first!\n"); exit(255); break; case 'L': if ( !InitLog(argv[0], optarg) ) exit(255); break; case 'p': peer.port = strdup(optarg); break; case 'd': delay = atoi(optarg); break; case 'v': netflow_version = atoi(optarg); if ( netflow_version != 5 && netflow_version != 9 ) { LogError("Invalid netflow version: %s. Accept only 5 or 9!\n", optarg); exit(255); } break; case 'c': count = atoi(optarg); break; case 'b': sockbuff_size = atoi(optarg); break; case 'f': ffile = optarg; break; case 't': tstring = optarg; break; case 'r': rfile = optarg; break; case '4': if ( peer.family == AF_UNSPEC ) peer.family = AF_INET; else { LogError("ERROR, Accepts only one protocol IPv4 or IPv6!\n"); exit(255); } break; case '6': if ( peer.family == AF_UNSPEC ) peer.family = AF_INET6; else { LogError("ERROR, Accepts only one protocol IPv4 or IPv6!\n"); exit(255); } break; default: usage(argv[0]); exit(0); } } if (argc - optind > 1) { usage(argv[0]); exit(255); } else { /* user specified a pcap filter */ filter = argv[optind]; } if ( peer.hostname == NULL ) peer.hostname = DEFAULTHOSTNAME; if ( !filter && ffile ) { if ( stat(ffile, &stat_buff) ) { perror("Can't stat file"); exit(255); } filter = (char *)malloc(stat_buff.st_size); if ( !filter ) { perror("Memory error"); exit(255); } ffd = open(ffile, O_RDONLY); if ( ffd < 0 ) { perror("Can't open file"); exit(255); } ret = read(ffd, (void *)filter, stat_buff.st_size); if ( ret < 0 ) { perror("Error reading file"); close(ffd); exit(255); } close(ffd); } if ( !filter ) filter = "any"; Engine = CompileFilter(filter); if ( !Engine ) exit(254); if ( peer.mcast ) peer.sockfd = Multicast_send_socket (peer.hostname, peer.port, peer.family, sockbuff_size, &peer.addr, &peer.addrlen ); else peer.sockfd = Unicast_send_socket (peer.hostname, peer.port, peer.family, sockbuff_size, &peer.addr, &peer.addrlen ); if ( peer.sockfd <= 0 ) { exit(255); } if ( blast ) { send_blast(delay ); exit(0); } extension_map_list = InitExtensionMaps(NEEDS_EXTENSION_LIST); SetupInputFileSequence(NULL,rfile, NULL); if ( tstring ) { if ( !ScanTimeFrame(tstring, &t_start, &t_end) ) exit(255); } send_data(rfile, t_start, t_end, count, delay, confirm, netflow_version); FreeExtensionMaps(extension_map_list); return 0; }
int main(int argc, char **argv) { char *bindhost, *filter, *datadir, pidstr[32], *launch_process; char *userid, *groupid, *checkptr, *listenport, *mcastgroup, *extension_tags; char *Ident, *dynsrcdir, pidfile[MAXPATHLEN]; struct stat fstat; packet_function_t receive_packet; send_peer_t peer; FlowSource_t *fs; struct sigaction act; int family, bufflen; time_t twin, t_start; int sock, synctime, do_daemonize, expire, report_sequence, do_xstat; int subdir_index, sampling_rate, compress; int c; #ifdef PCAP char *pcap_file; pcap_file = NULL; #endif receive_packet = recvfrom; verbose = synctime = do_daemonize = 0; bufflen = 0; family = AF_UNSPEC; launcher_pid = 0; launcher_alive = 0; report_sequence = 0; listenport = DEFAULTCISCOPORT; bindhost = NULL; mcastgroup = NULL; pidfile[0] = 0; filter = NULL; launch_process = NULL; userid = groupid = NULL; twin = TIME_WINDOW; datadir = NULL; subdir_index = 0; expire = 0; sampling_rate = 1; compress = 0; do_xstat = 0; memset((void *)&peer, 0, sizeof(send_peer_t)); peer.family = AF_UNSPEC; Ident = "none"; FlowSource = NULL; extension_tags = DefaultExtensions; dynsrcdir = NULL; while ((c = getopt(argc, argv, "46ef:whEVI:DB:b:j:l:M:n:p:P:R:S:s:T:t:x:Xru:g:z")) != EOF) { switch (c) { case 'h': usage(argv[0]); exit(0); break; case 'u': userid = optarg; break; case 'g': groupid = optarg; break; case 'e': expire = 1; break; case 'f': { #ifdef PCAP struct stat fstat; pcap_file = optarg; stat(pcap_file, &fstat); if ( !S_ISREG(fstat.st_mode) ) { fprintf(stderr, "Not a regular file: %s\n", pcap_file); exit(254); } #else fprintf(stderr, "PCAP reader not compiled! Option ignored!\n"); #endif } break; case 'E': verbose = 1; Setv6Mode(1); break; case 'V': printf("%s: Version: %s\n",argv[0], nfdump_version); exit(0); break; case 'X': do_xstat = 1; break; case 'D': do_daemonize = 1; break; case 'I': Ident = strdup(optarg); break; case 'M': dynsrcdir = strdup(optarg); if ( strlen(dynsrcdir) > MAXPATHLEN ) { fprintf(stderr, "ERROR: Path too long!\n"); exit(255); } if ( stat(dynsrcdir, &fstat) < 0 ) { fprintf(stderr, "stat() failed on %s: %s\n", dynsrcdir, strerror(errno)); exit(255); } if ( !(fstat.st_mode & S_IFDIR) ) { fprintf(stderr, "No such directory: %s\n", dynsrcdir); break; } if ( !SetDynamicSourcesDir(&FlowSource, dynsrcdir) ) { fprintf(stderr, "-l, -M and -n are mutually exclusive\n"); break; } break; case 'n': if ( AddFlowSource(&FlowSource, optarg) != 1 ) exit(255); break; case 'w': synctime = 1; break; case 'B': bufflen = strtol(optarg, &checkptr, 10); if ( (checkptr != NULL && *checkptr == 0) && bufflen > 0 ) break; fprintf(stderr,"Argument error for -B\n"); exit(255); case 'b': bindhost = optarg; break; case 'j': mcastgroup = optarg; break; case 'p': listenport = optarg; break; case 'P': if ( optarg[0] == '/' ) { // absolute path given strncpy(pidfile, optarg, MAXPATHLEN-1); } else { // path relative to current working directory char tmp[MAXPATHLEN]; if ( !getcwd(tmp, MAXPATHLEN-1) ) { fprintf(stderr, "Failed to get current working directory: %s\n", strerror(errno)); exit(255); } tmp[MAXPATHLEN-1] = 0; snprintf(pidfile, MAXPATHLEN - 1 - strlen(tmp), "%s/%s", tmp, optarg); } // pidfile now absolute path pidfile[MAXPATHLEN-1] = 0; break; case 'R': { char *p = strchr(optarg, '/'); if ( p ) { *p++ = '\0'; peer.port = strdup(p); } else { peer.port = DEFAULTCISCOPORT; } peer.hostname = strdup(optarg); break; } case 'r': report_sequence = 1; break; case 's': // a negative sampling rate is set as the overwrite sampling rate sampling_rate = (int)strtol(optarg, (char **)NULL, 10); if ( (sampling_rate == 0 ) || (sampling_rate < 0 && sampling_rate < -10000000) || (sampling_rate > 0 && sampling_rate > 10000000) ) { fprintf(stderr, "Invalid sampling rate: %s\n", optarg); exit(255); } break; case 'T': { size_t len = strlen(optarg); extension_tags = optarg; if ( len == 0 || len > 128 ) { fprintf(stderr, "Extension length error. Unexpected option '%s'\n", extension_tags); exit(255); } break; } case 'l': datadir = optarg; if ( strlen(datadir) > MAXPATHLEN ) { fprintf(stderr, "ERROR: Path too long!\n"); exit(255); } if ( stat(datadir, &fstat) < 0 ) { fprintf(stderr, "stat() failed on %s: %s\n", datadir, strerror(errno)); exit(255); } if ( !(fstat.st_mode & S_IFDIR) ) { fprintf(stderr, "No such directory: %s\n", datadir); break; } break; case 'S': subdir_index = atoi(optarg); break; case 't': twin = atoi(optarg); if ( twin <= 0 ) { fprintf(stderr, "ERROR: time frame <= 0\n"); exit(255); } if (twin < 10) { fprintf(stderr, "WARNING, Very small time frame - < 10s!\n"); } break; case 'x': launch_process = optarg; break; case 'z': compress = 1; break; case '4': if ( family == AF_UNSPEC ) family = AF_INET; else { fprintf(stderr, "ERROR, Accepts only one protocol IPv4 or IPv6!\n"); exit(255); } break; case '6': if ( family == AF_UNSPEC ) family = AF_INET6; else { fprintf(stderr, "ERROR, Accepts only one protocol IPv4 or IPv6!\n"); exit(255); } break; default: usage(argv[0]); exit(255); } } if ( FlowSource == NULL && datadir == NULL && dynsrcdir == NULL ) { fprintf(stderr, "ERROR, Missing -n (-l/-I) or -M source definitions\n"); exit(255); } if ( FlowSource == NULL && datadir != NULL && !AddDefaultFlowSource(&FlowSource, Ident, datadir) ) { fprintf(stderr, "Failed to add default data collector directory\n"); exit(255); } if ( bindhost && mcastgroup ) { fprintf(stderr, "ERROR, -b and -j are mutually exclusive!!\n"); exit(255); } if ( do_daemonize && !InitLog(argv[0], SYSLOG_FACILITY)) { exit(255); } InitExtensionMaps(NO_EXTENSION_LIST); SetupExtensionDescriptors(strdup(extension_tags)); // Debug code to read from pcap file #ifdef PCAP sock = 0; if ( pcap_file ) { printf("Setup pcap reader\n"); setup_packethandler(pcap_file, NULL); receive_packet = NextPacket; } else #endif if ( mcastgroup ) sock = Multicast_receive_socket (mcastgroup, listenport, family, bufflen); else sock = Unicast_receive_socket(bindhost, listenport, family, bufflen ); if ( sock == -1 ) { fprintf(stderr,"Terminated due to errors.\n"); exit(255); } if ( peer.hostname ) { peer.sockfd = Unicast_send_socket (peer.hostname, peer.port, peer.family, bufflen, &peer.addr, &peer.addrlen ); if ( peer.sockfd <= 0 ) exit(255); LogInfo("Replay flows to host: %s port: %s", peer.hostname, peer.port); } if ( sampling_rate < 0 ) { default_sampling = -sampling_rate; overwrite_sampling = default_sampling; } else { default_sampling = sampling_rate; } SetPriv(userid, groupid); if ( subdir_index && !InitHierPath(subdir_index) ) { close(sock); exit(255); } // check if pid file exists and if so, if a process with registered pid is running if ( strlen(pidfile) ) { int pidf; pidf = open(pidfile, O_RDONLY, 0); if ( pidf > 0 ) { // pid file exists char s[32]; ssize_t len; len = read(pidf, (void *)s, 31); close(pidf); s[31] = '\0'; if ( len < 0 ) { fprintf(stderr, "read() error existing pid file: %s\n", strerror(errno)); exit(255); } else { unsigned long pid = atol(s); if ( pid == 0 ) { // garbage - use this file unlink(pidfile); } else { if ( kill(pid, 0) == 0 ) { // process exists fprintf(stderr, "A process with pid %lu registered in pidfile %s is already running!\n", pid, strerror(errno)); exit(255); } else { // no such process - use this file unlink(pidfile); } } } } else { if ( errno != ENOENT ) { fprintf(stderr, "open() error existing pid file: %s\n", strerror(errno)); exit(255); } // else errno == ENOENT - no file - this is fine } } if (argc - optind > 1) { usage(argv[0]); close(sock); exit(255); } else { /* user specified a pcap filter */ filter = argv[optind]; } t_start = time(NULL); if ( synctime ) t_start = t_start - ( t_start % twin); if ( do_daemonize ) { verbose = 0; daemonize(); } if (strlen(pidfile)) { pid_t pid = getpid(); int pidf = open(pidfile, O_RDWR|O_TRUNC|O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if ( pidf == -1 ) { LogError("Error opening pid file: '%s' %s", pidfile, strerror(errno)); close(sock); exit(255); } snprintf(pidstr,31,"%lu\n", (unsigned long)pid); if ( write(pidf, pidstr, strlen(pidstr)) <= 0 ) { LogError("Error write pid file: '%s' %s", pidfile, strerror(errno)); } close(pidf); } done = 0; if ( launch_process || expire ) { // for efficiency reason, the process collecting the data // and the process launching processes, when a new file becomes // available are separated. Communication is done using signals // as well as shared memory // prepare shared memory shmem = mmap(0, sizeof(srecord_t), PROT_READ | PROT_WRITE, MAP_ANON | MAP_SHARED, -1, 0); if ( shmem == (caddr_t)-1 ) { LogError("mmap() error: %s", strerror(errno)); close(sock); exit(255); } launcher_pid = fork(); switch (launcher_pid) { case 0: // child close(sock); launcher((char *)shmem, FlowSource, launch_process, expire); _exit(0); break; case -1: LogError("fork() error: %s", strerror(errno)); if ( strlen(pidfile) ) unlink(pidfile); exit(255); break; default: // parent launcher_alive = 1; LogInfo("Launcher[%i] forked", launcher_pid); } } fs = FlowSource; while ( fs ) { if ( InitBookkeeper(&fs->bookkeeper, fs->datadir, getpid(), launcher_pid) != BOOKKEEPER_OK ) { LogError("initialize bookkeeper failed."); // release all already allocated bookkeepers fs = FlowSource; while ( fs && fs->bookkeeper ) { ReleaseBookkeeper(fs->bookkeeper, DESTROY_BOOKKEEPER); fs = fs->next; } close(sock); if ( launcher_pid ) kill_launcher(launcher_pid); if ( strlen(pidfile) ) unlink(pidfile); exit(255); } // Init the extension map list if ( !InitExtensionMapList(fs) ) { // error message goes to syslog exit(255); } fs = fs->next; } /* Signal handling */ memset((void *)&act,0,sizeof(struct sigaction)); act.sa_handler = IntHandler; sigemptyset(&act.sa_mask); act.sa_flags = 0; sigaction(SIGTERM, &act, NULL); sigaction(SIGINT, &act, NULL); sigaction(SIGHUP, &act, NULL); sigaction(SIGALRM, &act, NULL); sigaction(SIGCHLD, &act, NULL); LogInfo("Startup."); run(receive_packet, sock, peer, twin, t_start, report_sequence, subdir_index, compress, do_xstat); close(sock); kill_launcher(launcher_pid); fs = FlowSource; while ( fs && fs->bookkeeper ) { dirstat_t *dirstat; // if we do not auto expire and there is a stat file, update the stats before we leave if ( expire == 0 && ReadStatInfo(fs->datadir, &dirstat, LOCK_IF_EXISTS) == STATFILE_OK ) { UpdateBookStat(dirstat, fs->bookkeeper); WriteStatInfo(dirstat); LogInfo("Updating statinfo in directory '%s'", datadir); } ReleaseBookkeeper(fs->bookkeeper, DESTROY_BOOKKEEPER); fs = fs->next; } LogInfo("Terminating nfcapd."); EndLog(); if ( strlen(pidfile) ) unlink(pidfile); return 0; } /* End of main */