1 /*
2  * nstat.c	handy utility to read counters /proc/net/netstat and snmp
3  *
4  *		This program is free software; you can redistribute it and/or
5  *		modify it under the terms of the GNU General Public License
6  *		as published by the Free Software Foundation; either version
7  *		2 of the License, or (at your option) any later version.
8  *
9  * Authors:	Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
10  */
11 
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <unistd.h>
15 #include <fcntl.h>
16 #include <string.h>
17 #include <errno.h>
18 #include <time.h>
19 #include <sys/time.h>
20 #include <fnmatch.h>
21 #include <sys/file.h>
22 #include <sys/socket.h>
23 #include <sys/un.h>
24 #include <sys/poll.h>
25 #include <sys/wait.h>
26 #include <sys/stat.h>
27 #include <signal.h>
28 #include <math.h>
29 #include <getopt.h>
30 
31 #include <json_writer.h>
32 #include <SNAPSHOT.h>
33 #include "utils.h"
34 
35 int dump_zeros;
36 int reset_history;
37 int ignore_history;
38 int no_output;
39 int json_output;
40 int pretty;
41 int no_update;
42 int scan_interval;
43 int time_constant;
44 double W;
45 char **patterns;
46 int npatterns;
47 
48 char info_source[128];
49 int source_mismatch;
50 
generic_proc_open(const char * env,char * name)51 static int generic_proc_open(const char *env, char *name)
52 {
53 	char store[128];
54 	char *p = getenv(env);
55 
56 	if (!p) {
57 		p = getenv("PROC_ROOT") ? : "/proc";
58 		snprintf(store, sizeof(store)-1, "%s/%s", p, name);
59 		p = store;
60 	}
61 	return open(p, O_RDONLY);
62 }
63 
net_netstat_open(void)64 static int net_netstat_open(void)
65 {
66 	return generic_proc_open("PROC_NET_NETSTAT", "net/netstat");
67 }
68 
net_snmp_open(void)69 static int net_snmp_open(void)
70 {
71 	return generic_proc_open("PROC_NET_SNMP", "net/snmp");
72 }
73 
net_snmp6_open(void)74 static int net_snmp6_open(void)
75 {
76 	return generic_proc_open("PROC_NET_SNMP6", "net/snmp6");
77 }
78 
net_sctp_snmp_open(void)79 static int net_sctp_snmp_open(void)
80 {
81 	return generic_proc_open("PROC_NET_SCTP_SNMP", "net/sctp/snmp");
82 }
83 
84 struct nstat_ent {
85 	struct nstat_ent *next;
86 	char		 *id;
87 	unsigned long long val;
88 	double		   rate;
89 };
90 
91 struct nstat_ent *kern_db;
92 struct nstat_ent *hist_db;
93 
94 static const char *useless_numbers[] = {
95 	"IpForwarding", "IpDefaultTTL",
96 	"TcpRtoAlgorithm", "TcpRtoMin", "TcpRtoMax",
97 	"TcpMaxConn", "TcpCurrEstab"
98 };
99 
useless_number(const char * id)100 static int useless_number(const char *id)
101 {
102 	int i;
103 
104 	for (i = 0; i < ARRAY_SIZE(useless_numbers); i++)
105 		if (strcmp(id, useless_numbers[i]) == 0)
106 			return 1;
107 	return 0;
108 }
109 
match(const char * id)110 static int match(const char *id)
111 {
112 	int i;
113 
114 	if (npatterns == 0)
115 		return 1;
116 
117 	for (i = 0; i < npatterns; i++) {
118 		if (!fnmatch(patterns[i], id, 0))
119 			return 1;
120 	}
121 	return 0;
122 }
123 
load_good_table(FILE * fp)124 static void load_good_table(FILE *fp)
125 {
126 	char buf[4096];
127 	struct nstat_ent *db = NULL;
128 	struct nstat_ent *n;
129 
130 	while (fgets(buf, sizeof(buf), fp) != NULL) {
131 		int nr;
132 		unsigned long long val;
133 		double rate;
134 		char idbuf[sizeof(buf)];
135 
136 		if (buf[0] == '#') {
137 			buf[strlen(buf)-1] = 0;
138 			if (info_source[0] && strcmp(info_source, buf+1))
139 				source_mismatch = 1;
140 			info_source[0] = 0;
141 			strncat(info_source, buf+1, sizeof(info_source)-1);
142 			continue;
143 		}
144 		/* idbuf is as big as buf, so this is safe */
145 		nr = sscanf(buf, "%s%llu%lg", idbuf, &val, &rate);
146 		if (nr < 2)
147 			abort();
148 		if (nr < 3)
149 			rate = 0;
150 		if (useless_number(idbuf))
151 			continue;
152 		if ((n = malloc(sizeof(*n))) == NULL)
153 			abort();
154 		n->id = strdup(idbuf);
155 		n->val = val;
156 		n->rate = rate;
157 		n->next = db;
158 		db = n;
159 	}
160 
161 	while (db) {
162 		n = db;
163 		db = db->next;
164 		n->next = kern_db;
165 		kern_db = n;
166 	}
167 }
168 
count_spaces(const char * line)169 static int count_spaces(const char *line)
170 {
171 	int count = 0;
172 	char c;
173 
174 	while ((c = *line++) != 0)
175 		count += c == ' ' || c == '\n';
176 	return count;
177 }
178 
load_ugly_table(FILE * fp)179 static void load_ugly_table(FILE *fp)
180 {
181 	char buf[4096];
182 	struct nstat_ent *db = NULL;
183 	struct nstat_ent *n;
184 
185 	while (fgets(buf, sizeof(buf), fp) != NULL) {
186 		char idbuf[sizeof(buf)];
187 		int  off;
188 		char *p;
189 		int count1, count2, skip = 0;
190 
191 		p = strchr(buf, ':');
192 		if (!p)
193 			abort();
194 		count1 = count_spaces(buf);
195 		*p = 0;
196 		idbuf[0] = 0;
197 		strncat(idbuf, buf, sizeof(idbuf) - 1);
198 		off = p - buf;
199 		p += 2;
200 
201 		while (*p) {
202 			char *next;
203 
204 			if ((next = strchr(p, ' ')) != NULL)
205 				*next++ = 0;
206 			else if ((next = strchr(p, '\n')) != NULL)
207 				*next++ = 0;
208 			if (off < sizeof(idbuf)) {
209 				idbuf[off] = 0;
210 				strncat(idbuf, p, sizeof(idbuf) - off - 1);
211 			}
212 			n = malloc(sizeof(*n));
213 			if (!n)
214 				abort();
215 			n->id = strdup(idbuf);
216 			n->rate = 0;
217 			n->next = db;
218 			db = n;
219 			p = next;
220 		}
221 		n = db;
222 		if (fgets(buf, sizeof(buf), fp) == NULL)
223 			abort();
224 		count2 = count_spaces(buf);
225 		if (count2 > count1)
226 			skip = count2 - count1;
227 		do {
228 			p = strrchr(buf, ' ');
229 			if (!p)
230 				abort();
231 			*p = 0;
232 			if (sscanf(p+1, "%llu", &n->val) != 1)
233 				abort();
234 			/* Trick to skip "dummy" trailing ICMP MIB in 2.4 */
235 			if (skip)
236 				skip--;
237 			else
238 				n = n->next;
239 		} while (p > buf + off + 2);
240 	}
241 
242 	while (db) {
243 		n = db;
244 		db = db->next;
245 		if (useless_number(n->id)) {
246 			free(n->id);
247 			free(n);
248 		} else {
249 			n->next = kern_db;
250 			kern_db = n;
251 		}
252 	}
253 }
254 
load_sctp_snmp(void)255 static void load_sctp_snmp(void)
256 {
257 	FILE *fp = fdopen(net_sctp_snmp_open(), "r");
258 
259 	if (fp) {
260 		load_good_table(fp);
261 		fclose(fp);
262 	}
263 }
264 
load_snmp(void)265 static void load_snmp(void)
266 {
267 	FILE *fp = fdopen(net_snmp_open(), "r");
268 
269 	if (fp) {
270 		load_ugly_table(fp);
271 		fclose(fp);
272 	}
273 }
274 
load_snmp6(void)275 static void load_snmp6(void)
276 {
277 	FILE *fp = fdopen(net_snmp6_open(), "r");
278 
279 	if (fp) {
280 		load_good_table(fp);
281 		fclose(fp);
282 	}
283 }
284 
load_netstat(void)285 static void load_netstat(void)
286 {
287 	FILE *fp = fdopen(net_netstat_open(), "r");
288 
289 	if (fp) {
290 		load_ugly_table(fp);
291 		fclose(fp);
292 	}
293 }
294 
295 
dump_kern_db(FILE * fp,int to_hist)296 static void dump_kern_db(FILE *fp, int to_hist)
297 {
298 	json_writer_t *jw = json_output ? jsonw_new(fp) : NULL;
299 	struct nstat_ent *n, *h;
300 
301 	h = hist_db;
302 	if (jw) {
303 		jsonw_start_object(jw);
304 		jsonw_pretty(jw, pretty);
305 		jsonw_name(jw, info_source);
306 		jsonw_start_object(jw);
307 	} else
308 		fprintf(fp, "#%s\n", info_source);
309 
310 	for (n = kern_db; n; n = n->next) {
311 		unsigned long long val = n->val;
312 
313 		if (!dump_zeros && !val && !n->rate)
314 			continue;
315 		if (!match(n->id)) {
316 			struct nstat_ent *h1;
317 
318 			if (!to_hist)
319 				continue;
320 			for (h1 = h; h1; h1 = h1->next) {
321 				if (strcmp(h1->id, n->id) == 0) {
322 					val = h1->val;
323 					h = h1->next;
324 					break;
325 				}
326 			}
327 		}
328 
329 		if (jw)
330 			jsonw_uint_field(jw, n->id, val);
331 		else
332 			fprintf(fp, "%-32s%-16llu%6.1f\n", n->id, val, n->rate);
333 	}
334 
335 	if (jw) {
336 		jsonw_end_object(jw);
337 
338 		jsonw_end_object(jw);
339 		jsonw_destroy(&jw);
340 	}
341 }
342 
dump_incr_db(FILE * fp)343 static void dump_incr_db(FILE *fp)
344 {
345 	json_writer_t *jw = json_output ? jsonw_new(fp) : NULL;
346 	struct nstat_ent *n, *h;
347 
348 	h = hist_db;
349 	if (jw) {
350 		jsonw_start_object(jw);
351 		jsonw_pretty(jw, pretty);
352 		jsonw_name(jw, info_source);
353 		jsonw_start_object(jw);
354 	} else
355 		fprintf(fp, "#%s\n", info_source);
356 
357 	for (n = kern_db; n; n = n->next) {
358 		int ovfl = 0;
359 		unsigned long long val = n->val;
360 		struct nstat_ent *h1;
361 
362 		for (h1 = h; h1; h1 = h1->next) {
363 			if (strcmp(h1->id, n->id) == 0) {
364 				if (val < h1->val) {
365 					ovfl = 1;
366 					val = h1->val;
367 				}
368 				val -= h1->val;
369 				h = h1->next;
370 				break;
371 			}
372 		}
373 		if (!dump_zeros && !val && !n->rate)
374 			continue;
375 		if (!match(n->id))
376 			continue;
377 
378 		if (jw)
379 			jsonw_uint_field(jw, n->id, val);
380 		else
381 			fprintf(fp, "%-32s%-16llu%6.1f%s\n", n->id, val,
382 				n->rate, ovfl?" (overflow)":"");
383 	}
384 
385 	if (jw) {
386 		jsonw_end_object(jw);
387 
388 		jsonw_end_object(jw);
389 		jsonw_destroy(&jw);
390 	}
391 }
392 
393 static int children;
394 
sigchild(int signo)395 static void sigchild(int signo)
396 {
397 }
398 
update_db(int interval)399 static void update_db(int interval)
400 {
401 	struct nstat_ent *n, *h;
402 
403 	n = kern_db;
404 	kern_db = NULL;
405 
406 	load_netstat();
407 	load_snmp6();
408 	load_snmp();
409 	load_sctp_snmp();
410 
411 	h = kern_db;
412 	kern_db = n;
413 
414 	for (n = kern_db; n; n = n->next) {
415 		struct nstat_ent *h1;
416 
417 		for (h1 = h; h1; h1 = h1->next) {
418 			if (strcmp(h1->id, n->id) == 0) {
419 				double sample;
420 				unsigned long long incr = h1->val - n->val;
421 
422 				n->val = h1->val;
423 				sample = (double)incr * 1000.0 / interval;
424 				if (interval >= scan_interval) {
425 					n->rate += W*(sample-n->rate);
426 				} else if (interval >= 1000) {
427 					if (interval >= time_constant) {
428 						n->rate = sample;
429 					} else {
430 						double w = W*(double)interval/scan_interval;
431 
432 						n->rate += w*(sample-n->rate);
433 					}
434 				}
435 
436 				while (h != h1) {
437 					struct nstat_ent *tmp = h;
438 
439 					h = h->next;
440 					free(tmp->id);
441 					free(tmp);
442 				};
443 				h = h1->next;
444 				free(h1->id);
445 				free(h1);
446 				break;
447 			}
448 		}
449 	}
450 }
451 
452 #define T_DIFF(a, b) (((a).tv_sec-(b).tv_sec)*1000 + ((a).tv_usec-(b).tv_usec)/1000)
453 
454 
server_loop(int fd)455 static void server_loop(int fd)
456 {
457 	struct timeval snaptime = { 0 };
458 	struct pollfd p;
459 
460 	p.fd = fd;
461 	p.events = p.revents = POLLIN;
462 
463 	sprintf(info_source, "%d.%lu sampling_interval=%d time_const=%d",
464 		getpid(), (unsigned long)random(), scan_interval/1000, time_constant/1000);
465 
466 	load_netstat();
467 	load_snmp6();
468 	load_snmp();
469 	load_sctp_snmp();
470 
471 	for (;;) {
472 		int status;
473 		time_t tdiff;
474 		struct timeval now;
475 
476 		gettimeofday(&now, NULL);
477 		tdiff = T_DIFF(now, snaptime);
478 		if (tdiff >= scan_interval) {
479 			update_db(tdiff);
480 			snaptime = now;
481 			tdiff = 0;
482 		}
483 		if (poll(&p, 1, scan_interval - tdiff) > 0
484 		    && (p.revents&POLLIN)) {
485 			int clnt = accept(fd, NULL, NULL);
486 
487 			if (clnt >= 0) {
488 				pid_t pid;
489 
490 				if (children >= 5) {
491 					close(clnt);
492 				} else if ((pid = fork()) != 0) {
493 					if (pid > 0)
494 						children++;
495 					close(clnt);
496 				} else {
497 					FILE *fp = fdopen(clnt, "w");
498 
499 					if (fp)
500 						dump_kern_db(fp, 0);
501 					exit(0);
502 				}
503 			}
504 		}
505 		while (children && waitpid(-1, &status, WNOHANG) > 0)
506 			children--;
507 	}
508 }
509 
verify_forging(int fd)510 static int verify_forging(int fd)
511 {
512 	struct ucred cred;
513 	socklen_t olen = sizeof(cred);
514 
515 	if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void *)&cred, &olen) ||
516 	    olen < sizeof(cred))
517 		return -1;
518 	if (cred.uid == getuid() || cred.uid == 0)
519 		return 0;
520 	return -1;
521 }
522 
523 static void usage(void) __attribute__((noreturn));
524 
usage(void)525 static void usage(void)
526 {
527 	fprintf(stderr,
528 "Usage: nstat [OPTION] [ PATTERN [ PATTERN ] ]\n"
529 "   -h, --help           this message\n"
530 "   -a, --ignore         ignore history\n"
531 "   -d, --scan=SECS      sample every statistics every SECS\n"
532 "   -j, --json           format output in JSON\n"
533 "   -n, --nooutput       do history only\n"
534 "   -p, --pretty         pretty print\n"
535 "   -r, --reset          reset history\n"
536 "   -s, --noupdate       don't update history\n"
537 "   -t, --interval=SECS  report average over the last SECS\n"
538 "   -V, --version        output version information\n"
539 "   -z, --zeros          show entries with zero activity\n");
540 	exit(-1);
541 }
542 
543 static const struct option longopts[] = {
544 	{ "help", 0, 0, 'h' },
545 	{ "ignore",  0,  0, 'a' },
546 	{ "scan", 1, 0, 'd'},
547 	{ "nooutput", 0, 0, 'n' },
548 	{ "json", 0, 0, 'j' },
549 	{ "reset", 0, 0, 'r' },
550 	{ "noupdate", 0, 0, 's' },
551 	{ "pretty", 0, 0, 'p' },
552 	{ "interval", 1, 0, 't' },
553 	{ "version", 0, 0, 'V' },
554 	{ "zeros", 0, 0, 'z' },
555 	{ 0 }
556 };
557 
main(int argc,char * argv[])558 int main(int argc, char *argv[])
559 {
560 	char *hist_name;
561 	struct sockaddr_un sun;
562 	FILE *hist_fp = NULL;
563 	int ch;
564 	int fd;
565 
566 	while ((ch = getopt_long(argc, argv, "h?vVzrnasd:t:jp",
567 				 longopts, NULL)) != EOF) {
568 		switch (ch) {
569 		case 'z':
570 			dump_zeros = 1;
571 			break;
572 		case 'r':
573 			reset_history = 1;
574 			break;
575 		case 'a':
576 			ignore_history = 1;
577 			break;
578 		case 's':
579 			no_update = 1;
580 			break;
581 		case 'n':
582 			no_output = 1;
583 			break;
584 		case 'd':
585 			scan_interval = 1000*atoi(optarg);
586 			break;
587 		case 't':
588 			if (sscanf(optarg, "%d", &time_constant) != 1 ||
589 			    time_constant <= 0) {
590 				fprintf(stderr, "nstat: invalid time constant divisor\n");
591 				exit(-1);
592 			}
593 			break;
594 		case 'j':
595 			json_output = 1;
596 			break;
597 		case 'p':
598 			pretty = 1;
599 			break;
600 		case 'v':
601 		case 'V':
602 			printf("nstat utility, iproute2-ss%s\n", SNAPSHOT);
603 			exit(0);
604 		case 'h':
605 		case '?':
606 		default:
607 			usage();
608 		}
609 	}
610 
611 	argc -= optind;
612 	argv += optind;
613 
614 	sun.sun_family = AF_UNIX;
615 	sun.sun_path[0] = 0;
616 	sprintf(sun.sun_path+1, "nstat%d", getuid());
617 
618 	if (scan_interval > 0) {
619 		if (time_constant == 0)
620 			time_constant = 60;
621 		time_constant *= 1000;
622 		W = 1 - 1/exp(log(10)*(double)scan_interval/time_constant);
623 		if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
624 			perror("nstat: socket");
625 			exit(-1);
626 		}
627 		if (bind(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
628 			perror("nstat: bind");
629 			exit(-1);
630 		}
631 		if (listen(fd, 5) < 0) {
632 			perror("nstat: listen");
633 			exit(-1);
634 		}
635 		if (daemon(0, 0)) {
636 			perror("nstat: daemon");
637 			exit(-1);
638 		}
639 		signal(SIGPIPE, SIG_IGN);
640 		signal(SIGCHLD, sigchild);
641 		server_loop(fd);
642 		exit(0);
643 	}
644 
645 	patterns = argv;
646 	npatterns = argc;
647 
648 	if ((hist_name = getenv("NSTAT_HISTORY")) == NULL) {
649 		hist_name = malloc(128);
650 		sprintf(hist_name, "/tmp/.nstat.u%d", getuid());
651 	}
652 
653 	if (reset_history)
654 		unlink(hist_name);
655 
656 	if (!ignore_history || !no_update) {
657 		struct stat stb;
658 
659 		fd = open(hist_name, O_RDWR|O_CREAT|O_NOFOLLOW, 0600);
660 		if (fd < 0) {
661 			perror("nstat: open history file");
662 			exit(-1);
663 		}
664 		if ((hist_fp = fdopen(fd, "r+")) == NULL) {
665 			perror("nstat: fdopen history file");
666 			exit(-1);
667 		}
668 		if (flock(fileno(hist_fp), LOCK_EX)) {
669 			perror("nstat: flock history file");
670 			exit(-1);
671 		}
672 		if (fstat(fileno(hist_fp), &stb) != 0) {
673 			perror("nstat: fstat history file");
674 			exit(-1);
675 		}
676 		if (stb.st_nlink != 1 || stb.st_uid != getuid()) {
677 			fprintf(stderr, "nstat: something is so wrong with history file, that I prefer not to proceed.\n");
678 			exit(-1);
679 		}
680 		if (!ignore_history) {
681 			FILE *tfp;
682 			long uptime = -1;
683 
684 			if ((tfp = fopen("/proc/uptime", "r")) != NULL) {
685 				if (fscanf(tfp, "%ld", &uptime) != 1)
686 					uptime = -1;
687 				fclose(tfp);
688 			}
689 			if (uptime >= 0 && time(NULL) >= stb.st_mtime+uptime) {
690 				fprintf(stderr, "nstat: history is aged out, resetting\n");
691 				if (ftruncate(fileno(hist_fp), 0) < 0)
692 					perror("nstat: ftruncate");
693 			}
694 		}
695 
696 		load_good_table(hist_fp);
697 
698 		hist_db = kern_db;
699 		kern_db = NULL;
700 	}
701 
702 	if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) >= 0 &&
703 	    (connect(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) == 0
704 	     || (strcpy(sun.sun_path+1, "nstat0"),
705 		 connect(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) == 0))
706 	    && verify_forging(fd) == 0) {
707 		FILE *sfp = fdopen(fd, "r");
708 
709 		if (!sfp) {
710 			fprintf(stderr, "nstat: fdopen failed: %s\n",
711 				strerror(errno));
712 			close(fd);
713 		} else {
714 			load_good_table(sfp);
715 			if (hist_db && source_mismatch) {
716 				fprintf(stderr, "nstat: history is stale, ignoring it.\n");
717 				hist_db = NULL;
718 			}
719 			fclose(sfp);
720 		}
721 	} else {
722 		if (fd >= 0)
723 			close(fd);
724 		if (hist_db && info_source[0] && strcmp(info_source, "kernel")) {
725 			fprintf(stderr, "nstat: history is stale, ignoring it.\n");
726 			hist_db = NULL;
727 			info_source[0] = 0;
728 		}
729 		load_netstat();
730 		load_snmp6();
731 		load_snmp();
732 		load_sctp_snmp();
733 		if (info_source[0] == 0)
734 			strcpy(info_source, "kernel");
735 	}
736 
737 	if (!no_output) {
738 		if (ignore_history || hist_db == NULL)
739 			dump_kern_db(stdout, 0);
740 		else
741 			dump_incr_db(stdout);
742 	}
743 	if (!no_update) {
744 		if (ftruncate(fileno(hist_fp), 0) < 0)
745 			perror("nstat: ftruncate");
746 		rewind(hist_fp);
747 
748 		json_output = 0;
749 		dump_kern_db(hist_fp, 1);
750 		fclose(hist_fp);
751 	}
752 	exit(0);
753 }
754