1 /* 2 * Copyright (c) 2013 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Matthew Dillon <dillon@backplane.com> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 #include <sys/param.h> 35 #include <sys/queue.h> 36 #include <sys/tree.h> 37 #include <sys/socket.h> 38 #include <sys/socketvar.h> 39 #include <sys/protosw.h> 40 #include <sys/sysctl.h> 41 #include <sys/endian.h> 42 43 #include <netinet/in.h> 44 #include <arpa/inet.h> 45 #include <net/route.h> 46 #include <net/if.h> 47 #include <net/pf/pfvar.h> 48 #include <netinet/in_systm.h> 49 #include <netinet/ip.h> 50 #ifdef INET6 51 #include <netinet/ip6.h> 52 #endif 53 #include <netinet/in_pcb.h> 54 #include <netinet/ip_icmp.h> 55 #include <netinet/icmp_var.h> 56 #include <netinet/ip_var.h> 57 #include <netinet/tcp.h> 58 #include <netinet/tcpip.h> 59 #include <netinet/tcp_seq.h> 60 #include <netinet/tcp_fsm.h> 61 #include <netinet/tcp_timer.h> 62 #include <netinet/tcp_var.h> 63 #include <netinet/tcp_debug.h> 64 #include <netinet/udp.h> 65 #include <netinet/udp_var.h> 66 67 #include <stdio.h> 68 #include <stdlib.h> 69 #include <string.h> 70 #include <unistd.h> 71 #include <fcntl.h> 72 #include <nlist.h> 73 #include <paths.h> 74 #include <err.h> 75 #include <errno.h> 76 #include <netdb.h> 77 78 #include "systat.h" 79 #include "extern.h" 80 81 struct mypfstate { 82 RB_ENTRY(mypfstate) rb_node; 83 int seq; 84 struct pfsync_state state; 85 struct pfsync_state last_state; 86 }; 87 88 static int 89 mypfstate_cmp(struct mypfstate *pf1, struct mypfstate *pf2) 90 { 91 struct pfsync_state_key *nk1, *nk2; 92 int r; 93 94 if (pf1->state.proto < pf2->state.proto) 95 return(-1); 96 if (pf1->state.proto > pf2->state.proto) 97 return(1); 98 99 if (pf1->state.direction == PF_OUT) { 100 nk1 = &pf1->state.key[PF_SK_WIRE]; 101 } else { 102 nk1 = &pf1->state.key[PF_SK_STACK]; 103 } 104 if (pf2->state.direction == PF_OUT) { 105 nk2 = &pf2->state.key[PF_SK_WIRE]; 106 } else { 107 nk2 = &pf2->state.key[PF_SK_STACK]; 108 } 109 if (pf1->state.proto == IPPROTO_TCP || pf1->state.proto == IPPROTO_UDP) { 110 if (ntohs(nk1->port[0]) >= 1024 && 111 ntohs(nk2->port[0]) >= 1024) { 112 if (ntohs(nk1->port[1]) < ntohs(nk2->port[1])) 113 return(-1); 114 if (ntohs(nk1->port[1]) > ntohs(nk2->port[1])) 115 return(1); 116 } 117 if (ntohs(nk1->port[0]) < ntohs(nk2->port[0])) 118 return(-1); 119 if (ntohs(nk1->port[0]) > ntohs(nk2->port[0])) 120 return(1); 121 if (ntohs(nk1->port[1]) < ntohs(nk2->port[1])) 122 return(-1); 123 if (ntohs(nk1->port[1]) > ntohs(nk2->port[1])) 124 return(1); 125 } 126 127 /* 128 * Sort IPV4 vs IPV6 addresses 129 */ 130 if (pf1->state.af < pf2->state.af) 131 return(-1); 132 if (pf1->state.af > pf2->state.af) 133 return(1); 134 135 /* 136 * Local and foreign addresses 137 */ 138 if (pf1->state.af == AF_INET) { 139 if (ntohl(nk1->addr[0].v4.s_addr) < 140 ntohl(nk2->addr[0].v4.s_addr)) 141 return(-1); 142 if (ntohl(nk1->addr[0].v4.s_addr) > 143 ntohl(nk2->addr[0].v4.s_addr)) 144 return(1); 145 if (ntohl(nk1->addr[1].v4.s_addr) < 146 ntohl(nk2->addr[1].v4.s_addr)) 147 return(-1); 148 if (ntohl(nk1->addr[1].v4.s_addr) > 149 ntohl(nk2->addr[1].v4.s_addr)) 150 return(1); 151 } else if (pf1->state.af == AF_INET6) { 152 r = bcmp(&nk1->addr[0].v6, 153 &nk2->addr[0].v6, 154 sizeof(nk1->addr[0].v6)); 155 if (r) 156 return(r); 157 } else { 158 r = bcmp(&nk1->addr[0].v6, 159 &nk2->addr[0].v6, 160 sizeof(nk1->addr[0].v6)); 161 if (r) 162 return(r); 163 } 164 return(0); 165 } 166 167 struct mypfstate_tree; 168 RB_HEAD(mypfstate_tree, mypfstate); 169 RB_PROTOTYPE(mypfstate_tree, mypfstate, rb_node, mypfstate_cmp); 170 RB_GENERATE(mypfstate_tree, mypfstate, rb_node, mypfstate_cmp); 171 172 static struct mypfstate_tree mypf_tree; 173 static struct timeval tv_curr; 174 static struct timeval tv_last; 175 static int tcp_pcb_seq; 176 177 static const char *numtok(double value); 178 static const char *netaddrstr(sa_family_t af, struct pf_addr *addr, 179 u_int16_t port); 180 static void updatestate(struct pfsync_state *state); 181 static int statebwcmp(const void *data1, const void *data2); 182 183 #define DELTARATE(field) \ 184 ((double)(be64toh(*(uint64_t *)elm->state.field) - \ 185 be64toh(*(uint64_t *)elm->last_state.field)) / delta_time) 186 187 WINDOW * 188 openpftop(void) 189 { 190 RB_INIT(&mypf_tree); 191 return (subwin(stdscr, LINES-0-1, 0, 0, 0)); 192 } 193 194 void 195 closepftop(WINDOW *w) 196 { 197 struct mypfstate *mypf; 198 199 while ((mypf = RB_ROOT(&mypf_tree)) != NULL) { 200 RB_REMOVE(mypfstate_tree, &mypf_tree, mypf); 201 free(mypf); 202 } 203 204 if (w != NULL) { 205 wclear(w); 206 wrefresh(w); 207 delwin(w); 208 } 209 } 210 211 int 212 initpftop(void) 213 { 214 return(1); 215 } 216 217 void 218 fetchpftop(void) 219 { 220 struct pfioc_states ps; 221 struct pfsync_state *states; 222 size_t nstates; 223 size_t i; 224 int fd; 225 226 fd = open("/dev/pf", O_RDONLY); 227 if (fd < 0) 228 return; 229 230 /* 231 * Extract PCB list 232 */ 233 bzero(&ps, sizeof(ps)); 234 if (ioctl(fd, DIOCGETSTATES, &ps) < 0) { 235 close(fd); 236 return; 237 } 238 ps.ps_len += 1024 * 1024; 239 ps.ps_buf = malloc(ps.ps_len); 240 if (ioctl(fd, DIOCGETSTATES, &ps) < 0) { 241 free(ps.ps_buf); 242 close(fd); 243 return; 244 } 245 246 states = (void *)ps.ps_buf; 247 nstates = ps.ps_len / sizeof(*states); 248 249 ++tcp_pcb_seq; 250 251 for (i = 0; i < nstates; ++i) 252 updatestate(&states[i]); 253 free(ps.ps_buf); 254 close(fd); 255 states = NULL; 256 fd = -1; 257 258 tv_last = tv_curr; 259 gettimeofday(&tv_curr, NULL); 260 } 261 262 void 263 labelpftop(void) 264 { 265 wmove(wnd, 0, 0); 266 wclrtobot(wnd); 267 #if 0 268 mvwaddstr(wnd, 0, LADDR, "Local Address"); 269 mvwaddstr(wnd, 0, FADDR, "Foreign Address"); 270 mvwaddstr(wnd, 0, PROTO, "Proto"); 271 mvwaddstr(wnd, 0, RCVCC, "Recv-Q"); 272 mvwaddstr(wnd, 0, SNDCC, "Send-Q"); 273 mvwaddstr(wnd, 0, STATE, "(state)"); 274 #endif 275 } 276 277 void 278 showpftop(void) 279 { 280 double delta_time; 281 struct mypfstate *elm; 282 struct mypfstate *delm; 283 struct mypfstate **array; 284 size_t i; 285 size_t n; 286 struct pfsync_state_key *nk; 287 int row; 288 289 delta_time = (double)(tv_curr.tv_sec - tv_last.tv_sec) - 1.0 + 290 (tv_curr.tv_usec + 1000000 - tv_last.tv_usec) / 1e6; 291 if (delta_time < 0.1) 292 return; 293 294 /* 295 * Delete and collect pass 296 */ 297 delm = NULL; 298 i = 0; 299 n = 1024; 300 array = malloc(n * sizeof(*array)); 301 RB_FOREACH(elm, mypfstate_tree, &mypf_tree) { 302 if (delm) { 303 RB_REMOVE(mypfstate_tree, &mypf_tree, delm); 304 free(delm); 305 delm = NULL; 306 } 307 if (elm->seq == tcp_pcb_seq && 308 (DELTARATE(bytes[0]) || 309 DELTARATE(bytes[1])) 310 ) { 311 array[i++] = elm; 312 if (i == n) { 313 n *= 2; 314 array = realloc(array, n * sizeof(*array)); 315 } 316 } else if (elm->seq != tcp_pcb_seq) { 317 delm = elm; 318 } 319 } 320 if (delm) { 321 RB_REMOVE(mypfstate_tree, &mypf_tree, delm); 322 free(delm); 323 delm = NULL; 324 } 325 qsort(array, i, sizeof(array[0]), statebwcmp); 326 327 row = 2; 328 n = i; 329 for (i = 0; i < n; ++i) { 330 elm = array[i]; 331 if (elm->state.direction == PF_OUT) { 332 nk = &elm->state.key[PF_SK_WIRE]; 333 } else { 334 nk = &elm->state.key[PF_SK_STACK]; 335 } 336 mvwprintw(wnd, row, 0, 337 "%s %s " 338 /*"rxb %s txb %s "*/ 339 "rcv %s snd %s ", 340 netaddrstr(elm->state.af, &nk->addr[0], nk->port[0]), 341 netaddrstr(elm->state.af, &nk->addr[1], nk->port[1]), 342 numtok(DELTARATE(bytes[0])), 343 numtok(DELTARATE(bytes[1])) 344 ); 345 wclrtoeol(wnd); 346 if (++row >= LINES-3) 347 break; 348 } 349 free(array); 350 wmove(wnd, row, 0); 351 wclrtobot(wnd); 352 mvwprintw(wnd, LINES-2, 0, "Rate bytes/sec, active pf states"); 353 } 354 355 /* 356 * Sort by total bytes transfered, highest first 357 */ 358 static 359 int 360 statebwcmp(const void *data1, const void *data2) 361 { 362 const struct mypfstate *elm1 = *__DECONST(struct mypfstate **, data1); 363 const struct mypfstate *elm2 = *__DECONST(struct mypfstate **, data2); 364 uint64_t v1; 365 uint64_t v2; 366 367 v1 = be64toh(*(const uint64_t *)elm1->state.bytes[0]) + 368 be64toh(*(const uint64_t *)elm1->state.bytes[1]); 369 v1 -= be64toh(*(const uint64_t *)elm1->last_state.bytes[0]) + 370 be64toh(*(const uint64_t *)elm1->last_state.bytes[1]); 371 v2 = be64toh(*(const uint64_t *)elm2->state.bytes[0]) + 372 be64toh(*(const uint64_t *)elm2->state.bytes[1]); 373 v2 -= be64toh(*(const uint64_t *)elm2->last_state.bytes[0]) + 374 be64toh(*(const uint64_t *)elm2->last_state.bytes[1]); 375 if (v1 < v2) 376 return(1); 377 if (v1 > v2) 378 return(-1); 379 return(0); 380 } 381 382 #if 0 383 int 384 cmdpftop(const char *cmd __unused, char *args __unused) 385 { 386 fetchpftop(); 387 showpftop(); 388 refresh(); 389 390 return (0); 391 } 392 #endif 393 394 #define MAXINDEXES 8 395 396 static 397 const char * 398 numtok(double value) 399 { 400 static char buf[MAXINDEXES][32]; 401 static int nexti; 402 static const char *suffixes[] = { " ", "K", "M", "G", "T", NULL }; 403 int suffix = 0; 404 const char *fmt; 405 406 while (value >= 1000.0 && suffixes[suffix+1]) { 407 value /= 1000.0; 408 ++suffix; 409 } 410 nexti = (nexti + 1) % MAXINDEXES; 411 if (value < 0.001) { 412 fmt = " "; 413 } else if (value < 1.0) { 414 fmt = "%5.3f%s"; 415 } else if (value < 10.0) { 416 fmt = "%5.3f%s"; 417 } else if (value < 100.0) { 418 fmt = "%5.2f%s"; 419 } else if (value < 1000.0) { 420 fmt = "%5.1f%s"; 421 } else { 422 fmt = "<huge>"; 423 } 424 snprintf(buf[nexti], sizeof(buf[nexti]), 425 fmt, value, suffixes[suffix]); 426 return (buf[nexti]); 427 } 428 429 static const char * 430 netaddrstr(sa_family_t af, struct pf_addr *addr, u_int16_t port) 431 { 432 static char buf[MAXINDEXES][64]; 433 static int nexta; 434 char bufip[64]; 435 436 nexta = (nexta + 1) % MAXINDEXES; 437 438 port = ntohs(port); 439 440 if (af == AF_INET) { 441 snprintf(bufip, sizeof(bufip), 442 "%d.%d.%d.%d", 443 (ntohl(addr->v4.s_addr) >> 24) & 255, 444 (ntohl(addr->v4.s_addr) >> 16) & 255, 445 (ntohl(addr->v4.s_addr) >> 8) & 255, 446 (ntohl(addr->v4.s_addr) >> 0) & 255); 447 snprintf(buf[nexta], sizeof(buf[nexta]), 448 "%15s:%-5d", bufip, port); 449 } else if (af == AF_INET6) { 450 snprintf(bufip, sizeof(bufip), 451 "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x", 452 ntohs(addr->v6.s6_addr16[0]), 453 ntohs(addr->v6.s6_addr16[1]), 454 ntohs(addr->v6.s6_addr16[2]), 455 ntohs(addr->v6.s6_addr16[3]), 456 ntohs(addr->v6.s6_addr16[4]), 457 ntohs(addr->v6.s6_addr16[5]), 458 ntohs(addr->v6.s6_addr16[6]), 459 ntohs(addr->v6.s6_addr16[7])); 460 snprintf(buf[nexta], sizeof(buf[nexta]), 461 "%39s:%-5d", bufip, port); 462 } else { 463 snprintf(bufip, sizeof(bufip), "<unknown>:%-5d", port); 464 snprintf(buf[nexta], sizeof(buf[nexta]), 465 "%15s:%-5d", bufip, port); 466 } 467 return (buf[nexta]); 468 } 469 470 static 471 void 472 updatestate(struct pfsync_state *state) 473 { 474 struct mypfstate dummy; 475 struct mypfstate *elm; 476 477 dummy.state = *state; 478 if ((elm = RB_FIND(mypfstate_tree, &mypf_tree, &dummy)) == NULL) { 479 elm = malloc(sizeof(*elm)); 480 bzero(elm, sizeof(*elm)); 481 elm->state = *state; 482 elm->last_state = *state; 483 bzero(elm->last_state.bytes, 484 sizeof(elm->last_state.bytes)); 485 bzero(elm->last_state.packets, 486 sizeof(elm->last_state.packets)); 487 RB_INSERT(mypfstate_tree, &mypf_tree, elm); 488 } else { 489 elm->last_state = elm->state; 490 elm->state = *state; 491 } 492 elm->seq = tcp_pcb_seq; 493 } 494