1 /*
2 * Copyright (c) 2013 The DragonFly Project. All rights reserved.
3 *
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34 #include <sys/param.h>
35 #include <sys/queue.h>
36 #include <sys/tree.h>
37 #include <sys/socket.h>
38 #include <sys/socketvar.h>
39 #include <sys/protosw.h>
40 #include <sys/sysctl.h>
41 #include <sys/endian.h>
42
43 #include <netinet/in.h>
44 #include <arpa/inet.h>
45 #include <net/route.h>
46 #include <net/if.h>
47 #include <net/pf/pfvar.h>
48 #include <netinet/in_systm.h>
49 #include <netinet/ip.h>
50 #ifdef INET6
51 #include <netinet/ip6.h>
52 #endif
53 #include <netinet/in_pcb.h>
54 #include <netinet/ip_icmp.h>
55 #include <netinet/icmp_var.h>
56 #include <netinet/ip_var.h>
57 #include <netinet/tcp.h>
58 #include <netinet/tcpip.h>
59 #include <netinet/tcp_seq.h>
60 #include <netinet/tcp_fsm.h>
61 #include <netinet/tcp_timer.h>
62 #include <netinet/tcp_var.h>
63 #include <netinet/udp.h>
64 #include <netinet/udp_var.h>
65
66 #include <stdio.h>
67 #include <stdlib.h>
68 #include <string.h>
69 #include <unistd.h>
70 #include <fcntl.h>
71 #include <nlist.h>
72 #include <paths.h>
73 #include <err.h>
74 #include <errno.h>
75 #include <netdb.h>
76
77 #include "systat.h"
78 #include "extern.h"
79
80 struct mypfstate {
81 RB_ENTRY(mypfstate) rb_node;
82 int seq;
83 double save_bw;
84 double best_bw;
85 struct pfsync_state state;
86 struct pfsync_state last_state;
87 };
88
89 double delta_time = 1.0; /* for DELTARATE() initial state */
90 double highestbw;
91
92 static int
mypfstate_cmp(struct mypfstate * pf1,struct mypfstate * pf2)93 mypfstate_cmp(struct mypfstate *pf1, struct mypfstate *pf2)
94 {
95 struct pfsync_state_key *nk1, *nk2;
96 int r;
97
98 if (pf1->state.proto < pf2->state.proto)
99 return(-1);
100 if (pf1->state.proto > pf2->state.proto)
101 return(1);
102
103 if (pf1->state.direction == PF_OUT) {
104 nk1 = &pf1->state.key[PF_SK_WIRE];
105 } else {
106 nk1 = &pf1->state.key[PF_SK_STACK];
107 }
108 if (pf2->state.direction == PF_OUT) {
109 nk2 = &pf2->state.key[PF_SK_WIRE];
110 } else {
111 nk2 = &pf2->state.key[PF_SK_STACK];
112 }
113 if (pf1->state.proto == IPPROTO_TCP ||
114 pf1->state.proto == IPPROTO_UDP ||
115 pf1->state.proto == IPPROTO_ICMP ||
116 pf1->state.proto == IPPROTO_ICMPV6) {
117 if (ntohs(nk1->port[0]) >= 1024 &&
118 ntohs(nk2->port[0]) >= 1024) {
119 if (ntohs(nk1->port[1]) < ntohs(nk2->port[1]))
120 return(-1);
121 if (ntohs(nk1->port[1]) > ntohs(nk2->port[1]))
122 return(1);
123 }
124 if (ntohs(nk1->port[0]) < ntohs(nk2->port[0]))
125 return(-1);
126 if (ntohs(nk1->port[0]) > ntohs(nk2->port[0]))
127 return(1);
128 if (ntohs(nk1->port[1]) < ntohs(nk2->port[1]))
129 return(-1);
130 if (ntohs(nk1->port[1]) > ntohs(nk2->port[1]))
131 return(1);
132 }
133
134 /*
135 * Sort IPV4 vs IPV6 addresses
136 */
137 if (pf1->state.af < pf2->state.af)
138 return(-1);
139 if (pf1->state.af > pf2->state.af)
140 return(1);
141
142 /*
143 * Local and foreign addresses
144 */
145 if (pf1->state.af == AF_INET) {
146 if (ntohl(nk1->addr[0].v4.s_addr) <
147 ntohl(nk2->addr[0].v4.s_addr))
148 return(-1);
149 if (ntohl(nk1->addr[0].v4.s_addr) >
150 ntohl(nk2->addr[0].v4.s_addr))
151 return(1);
152 if (ntohl(nk1->addr[1].v4.s_addr) <
153 ntohl(nk2->addr[1].v4.s_addr))
154 return(-1);
155 if (ntohl(nk1->addr[1].v4.s_addr) >
156 ntohl(nk2->addr[1].v4.s_addr))
157 return(1);
158 } else if (pf1->state.af == AF_INET6) {
159 r = bcmp(&nk1->addr[0].v6,
160 &nk2->addr[0].v6,
161 sizeof(nk1->addr[0].v6));
162 if (r)
163 return(r);
164 } else {
165 r = bcmp(&nk1->addr[0].v6,
166 &nk2->addr[0].v6,
167 sizeof(nk1->addr[0].v6));
168 if (r)
169 return(r);
170 }
171
172 /*
173 * Unique Identifier to prevent overloading which messes up
174 * the bandwidth calculations.
175 */
176 return (memcmp(pf1->state.id, pf2->state.id, sizeof(pf1->state.id)));
177 }
178
179 struct mypfstate_tree;
180 RB_HEAD(mypfstate_tree, mypfstate);
181 RB_PROTOTYPE(mypfstate_tree, mypfstate, rb_node, mypfstate_cmp);
182 RB_GENERATE(mypfstate_tree, mypfstate, rb_node, mypfstate_cmp);
183
184 static struct mypfstate_tree mypf_tree;
185 static struct timeval tv_curr;
186 static struct timeval tv_last;
187 static int tcp_pcb_seq;
188
189 static const char *numtok(double value, double template);
190 static const char *netaddrstr(sa_family_t af, struct pf_addr *addr,
191 u_int16_t port);
192 static const char *statestr(int proto);
193 static void updatestate(struct pfsync_state *state);
194 static int statebwcmp(const void *data1, const void *data2);
195
196 #define GETBYTES64(field) \
197 (be64toh(*(uint64_t *)elm->state.field))
198 #define DELTARATE(field) \
199 ((double)(be64toh(*(uint64_t *)elm->state.field) - \
200 be64toh(*(uint64_t *)elm->last_state.field)) / delta_time)
201
202 WINDOW *
openpftop(void)203 openpftop(void)
204 {
205 RB_INIT(&mypf_tree);
206 return (subwin(stdscr, LINES-0-1, 0, 0, 0));
207 }
208
209 void
closepftop(WINDOW * w)210 closepftop(WINDOW *w)
211 {
212 struct mypfstate *mypf;
213
214 while ((mypf = RB_ROOT(&mypf_tree)) != NULL) {
215 RB_REMOVE(mypfstate_tree, &mypf_tree, mypf);
216 free(mypf);
217 }
218
219 if (w != NULL) {
220 wclear(w);
221 wrefresh(w);
222 delwin(w);
223 }
224 }
225
226 int
initpftop(void)227 initpftop(void)
228 {
229 return(1);
230 }
231
232 void
fetchpftop(void)233 fetchpftop(void)
234 {
235 struct pfioc_states ps;
236 struct pfsync_state *states;
237 size_t nstates;
238 size_t i;
239 int fd;
240
241 fd = open("/dev/pf", O_RDONLY);
242 if (fd < 0)
243 return;
244
245 /*
246 * Extract PCB list
247 */
248 bzero(&ps, sizeof(ps));
249 if (ioctl(fd, DIOCGETSTATES, &ps) < 0) {
250 close(fd);
251 return;
252 }
253 ps.ps_len += 1024 * 1024;
254 ps.ps_buf = malloc(ps.ps_len);
255 if (ioctl(fd, DIOCGETSTATES, &ps) < 0) {
256 free(ps.ps_buf);
257 close(fd);
258 return;
259 }
260
261 states = (void *)ps.ps_buf;
262 nstates = ps.ps_len / sizeof(*states);
263
264 ++tcp_pcb_seq;
265
266 highestbw = 0.0;
267 for (i = 0; i < nstates; ++i)
268 updatestate(&states[i]);
269 free(ps.ps_buf);
270 close(fd);
271 states = NULL;
272 fd = -1;
273
274 tv_last = tv_curr;
275 gettimeofday(&tv_curr, NULL);
276 }
277
278 void
labelpftop(void)279 labelpftop(void)
280 {
281 wmove(wnd, 0, 0);
282 wclrtobot(wnd);
283 #if 0
284 mvwaddstr(wnd, 0, LADDR, "Local Address");
285 mvwaddstr(wnd, 0, FADDR, "Foreign Address");
286 mvwaddstr(wnd, 0, PROTO, "Proto");
287 mvwaddstr(wnd, 0, RCVCC, "Recv-Q");
288 mvwaddstr(wnd, 0, SNDCC, "Send-Q");
289 mvwaddstr(wnd, 0, STATE, "(state)");
290 #endif
291 }
292
293 void
showpftop(void)294 showpftop(void)
295 {
296 struct mypfstate *elm;
297 struct mypfstate *delm;
298 struct mypfstate **array;
299 size_t i;
300 size_t n;
301 struct pfsync_state_key *nk;
302 int row;
303 int rxdir;
304 int txdir;
305
306 delta_time = (double)(tv_curr.tv_sec - tv_last.tv_sec) - 1.0 +
307 (tv_curr.tv_usec + 1000000 - tv_last.tv_usec) / 1e6;
308 if (delta_time < 0.1) {
309 delta_time = 0.1; /* don't implode DELTARATE */
310 return;
311 }
312
313 /*
314 * Delete and collect pass
315 */
316 delm = NULL;
317 i = 0;
318 n = 1024;
319 array = malloc(n * sizeof(*array));
320
321 RB_FOREACH(elm, mypfstate_tree, &mypf_tree) {
322 if (delm) {
323 RB_REMOVE(mypfstate_tree, &mypf_tree, delm);
324 free(delm);
325 delm = NULL;
326 }
327
328 if (elm->seq == tcp_pcb_seq && elm->save_bw > 0) {
329 array[i++] = elm;
330 if (i == n) {
331 n *= 2;
332 array = realloc(array, n * sizeof(*array));
333 }
334 } else if (elm->seq != tcp_pcb_seq) {
335 delm = elm;
336 }
337 }
338 if (delm) {
339 RB_REMOVE(mypfstate_tree, &mypf_tree, delm);
340 free(delm);
341 delm = NULL;
342 }
343 qsort(array, i, sizeof(array[0]), statebwcmp);
344
345 row = 2;
346 n = i;
347 for (i = 0; i < n; ++i) {
348 int64_t ttl;
349
350 elm = array[i];
351 if (elm->state.direction == PF_OUT) {
352 nk = &elm->state.key[PF_SK_WIRE];
353 rxdir = 0;
354 txdir = 1;
355 } else {
356 nk = &elm->state.key[PF_SK_STACK];
357 rxdir = 1;
358 txdir = 0;
359 }
360 ttl = GETBYTES64(bytes[0]) + GETBYTES64(bytes[1]);
361 mvwprintw(wnd, row, 0,
362 "%s %s | %s "
363 /*"rxb %s txb %s "*/
364 "rcv %s snd %s ttl %s",
365 statestr(elm->state.proto),
366 netaddrstr(elm->state.af, &nk->addr[0], nk->port[0]),
367 netaddrstr(elm->state.af, &nk->addr[1], nk->port[1]),
368 numtok(DELTARATE(bytes[rxdir]), highestbw),
369 numtok(DELTARATE(bytes[txdir]), highestbw),
370 numtok(ttl, ttl)
371 );
372 #if 0
373 mvwprintw(wnd, row, 0,
374 "%s %s %s "
375 /*"rxb %s txb %s "*/
376 "rcv %jd-%jd snd %jd-%jd ",
377 statestr(elm->state.proto),
378 netaddrstr(elm->state.af, &nk->addr[0], nk->port[0]),
379 netaddrstr(elm->state.af, &nk->addr[1], nk->port[1]),
380 be64toh(*(uint64_t *)elm->state.bytes[0]),
381 be64toh(*(uint64_t *)elm->last_state.bytes[0]),
382 be64toh(*(uint64_t *)elm->state.bytes[1]),
383 be64toh(*(uint64_t *)elm->last_state.bytes[1])
384 );
385 #endif
386 wclrtoeol(wnd);
387 if (++row >= LINES-3)
388 break;
389 }
390 free(array);
391 wmove(wnd, row, 0);
392 wclrtobot(wnd);
393 mvwprintw(wnd, LINES-2, 0, "Rate bytes/sec, active pf states");
394 }
395
396 /*
397 * Sort by total bytes transfered, highest first
398 */
399 static
400 int
statebwcmp(const void * data1,const void * data2)401 statebwcmp(const void *data1, const void *data2)
402 {
403 const struct mypfstate *elm1 = *__DECONST(struct mypfstate **, data1);
404 const struct mypfstate *elm2 = *__DECONST(struct mypfstate **, data2);
405 double dv;
406
407 dv = elm1->save_bw - elm2->save_bw;
408 if (dv < 0)
409 return 1;
410 if (dv > 0)
411 return -1;
412 return 0;
413 }
414
415 #if 0
416 int
417 cmdpftop(const char *cmd __unused, char *args __unused)
418 {
419 fetchpftop();
420 showpftop();
421 refresh();
422
423 return (0);
424 }
425 #endif
426
427 #define MAXINDEXES 8
428
429 static
430 const char *
numtok(double value,double template)431 numtok(double value, double template)
432 {
433 static char buf[MAXINDEXES][32];
434 static int nexti;
435 static const char *suffixes[] = { " ", "K", "M", "G", "T", NULL };
436 int suffix = 0;
437 const char *fmt;
438
439 while (template >= 1000.0 && suffixes[suffix+1]) {
440 value /= 1000.0;
441 template /= 1000.0;
442 ++suffix;
443 }
444 nexti = (nexti + 1) % MAXINDEXES;
445 if (value < 0.001) {
446 fmt = " ";
447 } else if (template < 1.0) {
448 fmt = "%5.3f%s";
449 } else if (template < 10.0) {
450 fmt = "%5.3f%s";
451 } else if (template < 100.0) {
452 fmt = "%5.2f%s";
453 } else if (template < 1000.0) {
454 fmt = "%5.1f%s";
455 } else {
456 fmt = "<huge>";
457 }
458 snprintf(buf[nexti], sizeof(buf[nexti]),
459 fmt, value, suffixes[suffix]);
460 return (buf[nexti]);
461 }
462
463 static const char *
netaddrstr(sa_family_t af,struct pf_addr * addr,u_int16_t port)464 netaddrstr(sa_family_t af, struct pf_addr *addr, u_int16_t port)
465 {
466 static char buf[MAXINDEXES][64];
467 static int nexta;
468 char bufip[64];
469
470 nexta = (nexta + 1) % MAXINDEXES;
471
472 port = ntohs(port);
473
474 if (af == AF_INET) {
475 snprintf(bufip, sizeof(bufip),
476 "%d.%d.%d.%d",
477 (ntohl(addr->v4.s_addr) >> 24) & 255,
478 (ntohl(addr->v4.s_addr) >> 16) & 255,
479 (ntohl(addr->v4.s_addr) >> 8) & 255,
480 (ntohl(addr->v4.s_addr) >> 0) & 255);
481 snprintf(buf[nexta], sizeof(buf[nexta]),
482 "%-20s %-5d", bufip, port);
483 } else if (af == AF_INET6) {
484 #if defined(PFTOP_WIDE)
485 snprintf(bufip, sizeof(bufip),
486 "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
487 ntohs(addr->v6.s6_addr16[0]),
488 ntohs(addr->v6.s6_addr16[1]),
489 ntohs(addr->v6.s6_addr16[2]),
490 ntohs(addr->v6.s6_addr16[3]),
491 ntohs(addr->v6.s6_addr16[4]),
492 ntohs(addr->v6.s6_addr16[5]),
493 ntohs(addr->v6.s6_addr16[6]),
494 ntohs(addr->v6.s6_addr16[7]));
495 snprintf(buf[nexta], sizeof(buf[nexta]),
496 "%39s %-5d", bufip, port);
497 #else
498 snprintf(bufip, sizeof(bufip),
499 "%04x:%04x--%04x:%04x",
500 ntohs(addr->v6.s6_addr16[0]),
501 ntohs(addr->v6.s6_addr16[1]),
502 ntohs(addr->v6.s6_addr16[6]),
503 ntohs(addr->v6.s6_addr16[7]));
504 snprintf(buf[nexta], sizeof(buf[nexta]),
505 "%20s %-5d", bufip, port);
506 #endif
507 } else {
508 snprintf(bufip, sizeof(bufip), "<unknown>:%-5d", port);
509 snprintf(buf[nexta], sizeof(buf[nexta]),
510 "%15s:%-5d", bufip, port);
511 }
512 return (buf[nexta]);
513 }
514
515 static
516 void
updatestate(struct pfsync_state * state)517 updatestate(struct pfsync_state *state)
518 {
519 struct mypfstate dummy;
520 struct mypfstate *elm;
521
522 dummy.state = *state;
523 if ((elm = RB_FIND(mypfstate_tree, &mypf_tree, &dummy)) == NULL) {
524 elm = malloc(sizeof(*elm));
525 bzero(elm, sizeof(*elm));
526 elm->state = *state;
527 elm->last_state = *state;
528 elm->best_bw = DELTARATE(bytes[0]) + DELTARATE(bytes[1]);
529 elm->save_bw = elm->best_bw;
530 bzero(elm->last_state.bytes,
531 sizeof(elm->last_state.bytes));
532 bzero(elm->last_state.packets,
533 sizeof(elm->last_state.packets));
534 RB_INSERT(mypfstate_tree, &mypf_tree, elm);
535 if (highestbw < elm->save_bw)
536 highestbw = elm->save_bw;
537 } else {
538 elm->last_state = elm->state;
539 elm->state = *state;
540 elm->best_bw = DELTARATE(bytes[0]) + DELTARATE(bytes[1]);
541 if (elm->save_bw < elm->best_bw)
542 elm->save_bw = elm->best_bw;
543 else
544 elm->save_bw = (elm->save_bw * 7 + elm->best_bw) / 8;
545 if (highestbw < elm->save_bw)
546 highestbw = elm->save_bw;
547 }
548 elm->seq = tcp_pcb_seq;
549 }
550
551 const char *
statestr(int proto)552 statestr(int proto)
553 {
554 static char buf[32];
555
556 switch(proto) {
557 case IPPROTO_TCP:
558 return ("tcp ");
559 case IPPROTO_UDP:
560 return ("udp ");
561 case IPPROTO_ICMP:
562 return ("icmp ");
563 case IPPROTO_ICMPV6:
564 return ("icmp6");
565 default:
566 snprintf(buf, sizeof(buf), "%-5d", proto);
567 return buf;
568 }
569 }
570