1 /* 2 * Copyright (c) 2013 The DragonFly Project. All rights reserved. 3 * 4 * This code is derived from software contributed to The DragonFly Project 5 * by Matthew Dillon <dillon@backplane.com> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 3. Neither the name of The DragonFly Project nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific, prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 #include <sys/param.h> 35 #include <sys/queue.h> 36 #include <sys/tree.h> 37 #include <sys/socket.h> 38 #include <sys/socketvar.h> 39 #include <sys/protosw.h> 40 #include <sys/sysctl.h> 41 #include <sys/endian.h> 42 43 #include <netinet/in.h> 44 #include <arpa/inet.h> 45 #include <net/route.h> 46 #include <net/if.h> 47 #include <net/pf/pfvar.h> 48 #include <netinet/in_systm.h> 49 #include <netinet/ip.h> 50 #ifdef INET6 51 #include <netinet/ip6.h> 52 #endif 53 #include <netinet/in_pcb.h> 54 #include <netinet/ip_icmp.h> 55 #include <netinet/icmp_var.h> 56 #include <netinet/ip_var.h> 57 #include <netinet/tcp.h> 58 #include <netinet/tcpip.h> 59 #include <netinet/tcp_seq.h> 60 #include <netinet/tcp_fsm.h> 61 #include <netinet/tcp_timer.h> 62 #include <netinet/tcp_var.h> 63 #include <netinet/udp.h> 64 #include <netinet/udp_var.h> 65 66 #include <stdio.h> 67 #include <stdlib.h> 68 #include <string.h> 69 #include <unistd.h> 70 #include <fcntl.h> 71 #include <nlist.h> 72 #include <paths.h> 73 #include <err.h> 74 #include <errno.h> 75 #include <netdb.h> 76 77 #include "systat.h" 78 #include "extern.h" 79 80 struct mypfstate { 81 RB_ENTRY(mypfstate) rb_node; 82 int seq; 83 double save_bw; 84 double best_bw; 85 struct pfsync_state state; 86 struct pfsync_state last_state; 87 }; 88 89 double delta_time = 1.0; /* for DELTARATE() initial state */ 90 double highestbw; 91 92 static int 93 mypfstate_cmp(struct mypfstate *pf1, struct mypfstate *pf2) 94 { 95 struct pfsync_state_key *nk1, *nk2; 96 int r; 97 98 if (pf1->state.proto < pf2->state.proto) 99 return(-1); 100 if (pf1->state.proto > pf2->state.proto) 101 return(1); 102 103 if (pf1->state.direction == PF_OUT) { 104 nk1 = &pf1->state.key[PF_SK_WIRE]; 105 } else { 106 nk1 = &pf1->state.key[PF_SK_STACK]; 107 } 108 if (pf2->state.direction == PF_OUT) { 109 nk2 = &pf2->state.key[PF_SK_WIRE]; 110 } else { 111 nk2 = &pf2->state.key[PF_SK_STACK]; 112 } 113 if (pf1->state.proto == IPPROTO_TCP || 114 pf1->state.proto == IPPROTO_UDP || 115 pf1->state.proto == IPPROTO_ICMP || 116 pf1->state.proto == IPPROTO_ICMPV6) { 117 if (ntohs(nk1->port[0]) >= 1024 && 118 ntohs(nk2->port[0]) >= 1024) { 119 if (ntohs(nk1->port[1]) < ntohs(nk2->port[1])) 120 return(-1); 121 if (ntohs(nk1->port[1]) > ntohs(nk2->port[1])) 122 return(1); 123 } 124 if (ntohs(nk1->port[0]) < ntohs(nk2->port[0])) 125 return(-1); 126 if (ntohs(nk1->port[0]) > ntohs(nk2->port[0])) 127 return(1); 128 if (ntohs(nk1->port[1]) < ntohs(nk2->port[1])) 129 return(-1); 130 if (ntohs(nk1->port[1]) > ntohs(nk2->port[1])) 131 return(1); 132 } 133 134 /* 135 * Sort IPV4 vs IPV6 addresses 136 */ 137 if (pf1->state.af < pf2->state.af) 138 return(-1); 139 if (pf1->state.af > pf2->state.af) 140 return(1); 141 142 /* 143 * Local and foreign addresses 144 */ 145 if (pf1->state.af == AF_INET) { 146 if (ntohl(nk1->addr[0].v4.s_addr) < 147 ntohl(nk2->addr[0].v4.s_addr)) 148 return(-1); 149 if (ntohl(nk1->addr[0].v4.s_addr) > 150 ntohl(nk2->addr[0].v4.s_addr)) 151 return(1); 152 if (ntohl(nk1->addr[1].v4.s_addr) < 153 ntohl(nk2->addr[1].v4.s_addr)) 154 return(-1); 155 if (ntohl(nk1->addr[1].v4.s_addr) > 156 ntohl(nk2->addr[1].v4.s_addr)) 157 return(1); 158 } else if (pf1->state.af == AF_INET6) { 159 r = bcmp(&nk1->addr[0].v6, 160 &nk2->addr[0].v6, 161 sizeof(nk1->addr[0].v6)); 162 if (r) 163 return(r); 164 } else { 165 r = bcmp(&nk1->addr[0].v6, 166 &nk2->addr[0].v6, 167 sizeof(nk1->addr[0].v6)); 168 if (r) 169 return(r); 170 } 171 172 /* 173 * Unique Identifier to prevent overloading which messes up 174 * the bandwidth calculations. 175 */ 176 return (memcmp(pf1->state.id, pf2->state.id, sizeof(pf1->state.id))); 177 } 178 179 struct mypfstate_tree; 180 RB_HEAD(mypfstate_tree, mypfstate); 181 RB_PROTOTYPE(mypfstate_tree, mypfstate, rb_node, mypfstate_cmp); 182 RB_GENERATE(mypfstate_tree, mypfstate, rb_node, mypfstate_cmp); 183 184 static struct mypfstate_tree mypf_tree; 185 static struct timeval tv_curr; 186 static struct timeval tv_last; 187 static int tcp_pcb_seq; 188 189 static const char *numtok(double value, double template); 190 static const char *netaddrstr(sa_family_t af, struct pf_addr *addr, 191 u_int16_t port); 192 static const char *statestr(int proto); 193 static void updatestate(struct pfsync_state *state); 194 static int statebwcmp(const void *data1, const void *data2); 195 196 #define GETBYTES64(field) \ 197 (be64toh(*(uint64_t *)elm->state.field)) 198 #define DELTARATE(field) \ 199 ((double)(be64toh(*(uint64_t *)elm->state.field) - \ 200 be64toh(*(uint64_t *)elm->last_state.field)) / delta_time) 201 202 WINDOW * 203 openpftop(void) 204 { 205 RB_INIT(&mypf_tree); 206 return (subwin(stdscr, LINES-0-1, 0, 0, 0)); 207 } 208 209 void 210 closepftop(WINDOW *w) 211 { 212 struct mypfstate *mypf; 213 214 while ((mypf = RB_ROOT(&mypf_tree)) != NULL) { 215 RB_REMOVE(mypfstate_tree, &mypf_tree, mypf); 216 free(mypf); 217 } 218 219 if (w != NULL) { 220 wclear(w); 221 wrefresh(w); 222 delwin(w); 223 } 224 } 225 226 int 227 initpftop(void) 228 { 229 return(1); 230 } 231 232 void 233 fetchpftop(void) 234 { 235 struct pfioc_states ps; 236 struct pfsync_state *states; 237 size_t nstates; 238 size_t i; 239 int fd; 240 241 fd = open("/dev/pf", O_RDONLY); 242 if (fd < 0) 243 return; 244 245 /* 246 * Extract PCB list 247 */ 248 bzero(&ps, sizeof(ps)); 249 if (ioctl(fd, DIOCGETSTATES, &ps) < 0) { 250 close(fd); 251 return; 252 } 253 ps.ps_len += 1024 * 1024; 254 ps.ps_buf = malloc(ps.ps_len); 255 if (ioctl(fd, DIOCGETSTATES, &ps) < 0) { 256 free(ps.ps_buf); 257 close(fd); 258 return; 259 } 260 261 states = (void *)ps.ps_buf; 262 nstates = ps.ps_len / sizeof(*states); 263 264 ++tcp_pcb_seq; 265 266 highestbw = 0.0; 267 for (i = 0; i < nstates; ++i) 268 updatestate(&states[i]); 269 free(ps.ps_buf); 270 close(fd); 271 states = NULL; 272 fd = -1; 273 274 tv_last = tv_curr; 275 gettimeofday(&tv_curr, NULL); 276 } 277 278 void 279 labelpftop(void) 280 { 281 wmove(wnd, 0, 0); 282 wclrtobot(wnd); 283 #if 0 284 mvwaddstr(wnd, 0, LADDR, "Local Address"); 285 mvwaddstr(wnd, 0, FADDR, "Foreign Address"); 286 mvwaddstr(wnd, 0, PROTO, "Proto"); 287 mvwaddstr(wnd, 0, RCVCC, "Recv-Q"); 288 mvwaddstr(wnd, 0, SNDCC, "Send-Q"); 289 mvwaddstr(wnd, 0, STATE, "(state)"); 290 #endif 291 } 292 293 void 294 showpftop(void) 295 { 296 struct mypfstate *elm; 297 struct mypfstate *delm; 298 struct mypfstate **array; 299 size_t i; 300 size_t n; 301 struct pfsync_state_key *nk; 302 int row; 303 int rxdir; 304 int txdir; 305 306 delta_time = (double)(tv_curr.tv_sec - tv_last.tv_sec) - 1.0 + 307 (tv_curr.tv_usec + 1000000 - tv_last.tv_usec) / 1e6; 308 if (delta_time < 0.1) { 309 delta_time = 0.1; /* don't implode DELTARATE */ 310 return; 311 } 312 313 /* 314 * Delete and collect pass 315 */ 316 delm = NULL; 317 i = 0; 318 n = 1024; 319 array = malloc(n * sizeof(*array)); 320 321 RB_FOREACH(elm, mypfstate_tree, &mypf_tree) { 322 if (delm) { 323 RB_REMOVE(mypfstate_tree, &mypf_tree, delm); 324 free(delm); 325 delm = NULL; 326 } 327 328 if (elm->seq == tcp_pcb_seq && elm->save_bw > 0) { 329 array[i++] = elm; 330 if (i == n) { 331 n *= 2; 332 array = realloc(array, n * sizeof(*array)); 333 } 334 } else if (elm->seq != tcp_pcb_seq) { 335 delm = elm; 336 } 337 } 338 if (delm) { 339 RB_REMOVE(mypfstate_tree, &mypf_tree, delm); 340 free(delm); 341 delm = NULL; 342 } 343 qsort(array, i, sizeof(array[0]), statebwcmp); 344 345 row = 2; 346 n = i; 347 for (i = 0; i < n; ++i) { 348 int64_t ttl; 349 350 elm = array[i]; 351 if (elm->state.direction == PF_OUT) { 352 nk = &elm->state.key[PF_SK_WIRE]; 353 rxdir = 0; 354 txdir = 1; 355 } else { 356 nk = &elm->state.key[PF_SK_STACK]; 357 rxdir = 1; 358 txdir = 0; 359 } 360 ttl = GETBYTES64(bytes[0]) + GETBYTES64(bytes[1]); 361 mvwprintw(wnd, row, 0, 362 "%s %s | %s " 363 /*"rxb %s txb %s "*/ 364 "rcv %s snd %s ttl %s", 365 statestr(elm->state.proto), 366 netaddrstr(elm->state.af, &nk->addr[0], nk->port[0]), 367 netaddrstr(elm->state.af, &nk->addr[1], nk->port[1]), 368 numtok(DELTARATE(bytes[rxdir]), highestbw), 369 numtok(DELTARATE(bytes[txdir]), highestbw), 370 numtok(ttl, ttl) 371 ); 372 #if 0 373 mvwprintw(wnd, row, 0, 374 "%s %s %s " 375 /*"rxb %s txb %s "*/ 376 "rcv %jd-%jd snd %jd-%jd ", 377 statestr(elm->state.proto), 378 netaddrstr(elm->state.af, &nk->addr[0], nk->port[0]), 379 netaddrstr(elm->state.af, &nk->addr[1], nk->port[1]), 380 be64toh(*(uint64_t *)elm->state.bytes[0]), 381 be64toh(*(uint64_t *)elm->last_state.bytes[0]), 382 be64toh(*(uint64_t *)elm->state.bytes[1]), 383 be64toh(*(uint64_t *)elm->last_state.bytes[1]) 384 ); 385 #endif 386 wclrtoeol(wnd); 387 if (++row >= LINES-3) 388 break; 389 } 390 free(array); 391 wmove(wnd, row, 0); 392 wclrtobot(wnd); 393 mvwprintw(wnd, LINES-2, 0, "Rate bytes/sec, active pf states"); 394 } 395 396 /* 397 * Sort by total bytes transfered, highest first 398 */ 399 static 400 int 401 statebwcmp(const void *data1, const void *data2) 402 { 403 const struct mypfstate *elm1 = *__DECONST(struct mypfstate **, data1); 404 const struct mypfstate *elm2 = *__DECONST(struct mypfstate **, data2); 405 double dv; 406 407 dv = elm1->save_bw - elm2->save_bw; 408 if (dv < 0) 409 return 1; 410 if (dv > 0) 411 return -1; 412 return 0; 413 } 414 415 #if 0 416 int 417 cmdpftop(const char *cmd __unused, char *args __unused) 418 { 419 fetchpftop(); 420 showpftop(); 421 refresh(); 422 423 return (0); 424 } 425 #endif 426 427 #define MAXINDEXES 8 428 429 static 430 const char * 431 numtok(double value, double template) 432 { 433 static char buf[MAXINDEXES][32]; 434 static int nexti; 435 static const char *suffixes[] = { " ", "K", "M", "G", "T", NULL }; 436 int suffix = 0; 437 const char *fmt; 438 439 while (template >= 1000.0 && suffixes[suffix+1]) { 440 value /= 1000.0; 441 template /= 1000.0; 442 ++suffix; 443 } 444 nexti = (nexti + 1) % MAXINDEXES; 445 if (value < 0.001) { 446 fmt = " "; 447 } else if (template < 1.0) { 448 fmt = "%5.3f%s"; 449 } else if (template < 10.0) { 450 fmt = "%5.3f%s"; 451 } else if (template < 100.0) { 452 fmt = "%5.2f%s"; 453 } else if (template < 1000.0) { 454 fmt = "%5.1f%s"; 455 } else { 456 fmt = "<huge>"; 457 } 458 snprintf(buf[nexti], sizeof(buf[nexti]), 459 fmt, value, suffixes[suffix]); 460 return (buf[nexti]); 461 } 462 463 static const char * 464 netaddrstr(sa_family_t af, struct pf_addr *addr, u_int16_t port) 465 { 466 static char buf[MAXINDEXES][64]; 467 static int nexta; 468 char bufip[64]; 469 470 nexta = (nexta + 1) % MAXINDEXES; 471 472 port = ntohs(port); 473 474 if (af == AF_INET) { 475 snprintf(bufip, sizeof(bufip), 476 "%d.%d.%d.%d", 477 (ntohl(addr->v4.s_addr) >> 24) & 255, 478 (ntohl(addr->v4.s_addr) >> 16) & 255, 479 (ntohl(addr->v4.s_addr) >> 8) & 255, 480 (ntohl(addr->v4.s_addr) >> 0) & 255); 481 snprintf(buf[nexta], sizeof(buf[nexta]), 482 "%-20s %-5d", bufip, port); 483 } else if (af == AF_INET6) { 484 #if defined(PFTOP_WIDE) 485 snprintf(bufip, sizeof(bufip), 486 "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x", 487 ntohs(addr->v6.s6_addr16[0]), 488 ntohs(addr->v6.s6_addr16[1]), 489 ntohs(addr->v6.s6_addr16[2]), 490 ntohs(addr->v6.s6_addr16[3]), 491 ntohs(addr->v6.s6_addr16[4]), 492 ntohs(addr->v6.s6_addr16[5]), 493 ntohs(addr->v6.s6_addr16[6]), 494 ntohs(addr->v6.s6_addr16[7])); 495 snprintf(buf[nexta], sizeof(buf[nexta]), 496 "%39s %-5d", bufip, port); 497 #else 498 snprintf(bufip, sizeof(bufip), 499 "%04x:%04x--%04x:%04x", 500 ntohs(addr->v6.s6_addr16[0]), 501 ntohs(addr->v6.s6_addr16[1]), 502 ntohs(addr->v6.s6_addr16[6]), 503 ntohs(addr->v6.s6_addr16[7])); 504 snprintf(buf[nexta], sizeof(buf[nexta]), 505 "%20s %-5d", bufip, port); 506 #endif 507 } else { 508 snprintf(bufip, sizeof(bufip), "<unknown>:%-5d", port); 509 snprintf(buf[nexta], sizeof(buf[nexta]), 510 "%15s:%-5d", bufip, port); 511 } 512 return (buf[nexta]); 513 } 514 515 static 516 void 517 updatestate(struct pfsync_state *state) 518 { 519 struct mypfstate dummy; 520 struct mypfstate *elm; 521 522 dummy.state = *state; 523 if ((elm = RB_FIND(mypfstate_tree, &mypf_tree, &dummy)) == NULL) { 524 elm = malloc(sizeof(*elm)); 525 bzero(elm, sizeof(*elm)); 526 elm->state = *state; 527 elm->last_state = *state; 528 elm->best_bw = DELTARATE(bytes[0]) + DELTARATE(bytes[1]); 529 elm->save_bw = elm->best_bw; 530 bzero(elm->last_state.bytes, 531 sizeof(elm->last_state.bytes)); 532 bzero(elm->last_state.packets, 533 sizeof(elm->last_state.packets)); 534 RB_INSERT(mypfstate_tree, &mypf_tree, elm); 535 if (highestbw < elm->save_bw) 536 highestbw = elm->save_bw; 537 } else { 538 elm->last_state = elm->state; 539 elm->state = *state; 540 elm->best_bw = DELTARATE(bytes[0]) + DELTARATE(bytes[1]); 541 if (elm->save_bw < elm->best_bw) 542 elm->save_bw = elm->best_bw; 543 else 544 elm->save_bw = (elm->save_bw * 7 + elm->best_bw) / 8; 545 if (highestbw < elm->save_bw) 546 highestbw = elm->save_bw; 547 } 548 elm->seq = tcp_pcb_seq; 549 } 550 551 const char * 552 statestr(int proto) 553 { 554 static char buf[32]; 555 556 switch(proto) { 557 case IPPROTO_TCP: 558 return ("tcp "); 559 case IPPROTO_UDP: 560 return ("udp "); 561 case IPPROTO_ICMP: 562 return ("icmp "); 563 case IPPROTO_ICMPV6: 564 return ("icmp6"); 565 default: 566 snprintf(buf, sizeof(buf), "%-5d", proto); 567 return buf; 568 } 569 } 570