2 * Copyright (c) 2013 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #define _KERNEL_STRUCTURES
36 #include <sys/param.h>
37 #include <sys/queue.h>
39 #include <sys/socket.h>
40 #include <sys/socketvar.h>
41 #include <sys/protosw.h>
42 #include <sys/sysctl.h>
43 #include <sys/endian.h>
45 #include <netinet/in.h>
46 #include <arpa/inet.h>
47 #include <net/route.h>
49 #include <net/pf/pfvar.h>
50 #include <netinet/in_systm.h>
51 #include <netinet/ip.h>
53 #include <netinet/ip6.h>
55 #include <netinet/in_pcb.h>
56 #include <netinet/ip_icmp.h>
57 #include <netinet/icmp_var.h>
58 #include <netinet/ip_var.h>
59 #include <netinet/tcp.h>
60 #include <netinet/tcpip.h>
61 #include <netinet/tcp_seq.h>
62 #include <netinet/tcp_fsm.h>
63 #include <netinet/tcp_timer.h>
64 #include <netinet/tcp_var.h>
65 #include <netinet/tcp_debug.h>
66 #include <netinet/udp.h>
67 #include <netinet/udp_var.h>
84 RB_ENTRY(mypfstate) rb_node;
86 struct pfsync_state state;
87 struct pfsync_state last_state;
91 mypfstate_cmp(struct mypfstate *pf1, struct mypfstate *pf2)
93 struct pfsync_state_key *nk1, *nk2;
96 if (pf1->state.proto < pf2->state.proto)
98 if (pf1->state.proto > pf2->state.proto)
101 if (pf1->state.direction == PF_OUT) {
102 nk1 = &pf1->state.key[PF_SK_WIRE];
104 nk1 = &pf1->state.key[PF_SK_STACK];
106 if (pf2->state.direction == PF_OUT) {
107 nk2 = &pf2->state.key[PF_SK_WIRE];
109 nk2 = &pf2->state.key[PF_SK_STACK];
111 if (pf1->state.proto == IPPROTO_TCP || pf1->state.proto == IPPROTO_UDP) {
112 if (ntohs(nk1->port[0]) >= 1024 &&
113 ntohs(nk2->port[0]) >= 1024) {
114 if (ntohs(nk1->port[1]) < ntohs(nk2->port[1]))
116 if (ntohs(nk1->port[1]) > ntohs(nk2->port[1]))
119 if (ntohs(nk1->port[0]) < ntohs(nk2->port[0]))
121 if (ntohs(nk1->port[0]) > ntohs(nk2->port[0]))
123 if (ntohs(nk1->port[1]) < ntohs(nk2->port[1]))
125 if (ntohs(nk1->port[1]) > ntohs(nk2->port[1]))
130 * Sort IPV4 vs IPV6 addresses
132 if (pf1->state.af < pf2->state.af)
134 if (pf1->state.af > pf2->state.af)
138 * Local and foreign addresses
140 if (pf1->state.af == AF_INET) {
141 if (ntohl(nk1->addr[0].v4.s_addr) <
142 ntohl(nk2->addr[0].v4.s_addr))
144 if (ntohl(nk1->addr[0].v4.s_addr) >
145 ntohl(nk2->addr[0].v4.s_addr))
147 if (ntohl(nk1->addr[1].v4.s_addr) <
148 ntohl(nk2->addr[1].v4.s_addr))
150 if (ntohl(nk1->addr[1].v4.s_addr) >
151 ntohl(nk2->addr[1].v4.s_addr))
153 } else if (pf1->state.af == AF_INET6) {
154 r = bcmp(&nk1->addr[0].v6,
156 sizeof(nk1->addr[0].v6));
160 r = bcmp(&nk1->addr[0].v6,
162 sizeof(nk1->addr[0].v6));
169 struct mypfstate_tree;
170 RB_HEAD(mypfstate_tree, mypfstate);
171 RB_PROTOTYPE(mypfstate_tree, mypfstate, rb_node, mypfstate_cmp);
172 RB_GENERATE(mypfstate_tree, mypfstate, rb_node, mypfstate_cmp);
174 static struct mypfstate_tree mypf_tree;
175 static struct timeval tv_curr;
176 static struct timeval tv_last;
177 static int tcp_pcb_seq;
179 static const char *numtok(double value);
180 static const char *netaddrstr(sa_family_t af, struct pf_addr *addr,
182 static void updatestate(struct pfsync_state *state);
183 static int statebwcmp(const void *data1, const void *data2);
185 #define DELTARATE(field) \
186 ((double)(be64toh(*(uint64_t *)elm->state.field) - \
187 be64toh(*(uint64_t *)elm->last_state.field)) / delta_time)
193 return (subwin(stdscr, LINES-0-1, 0, 0, 0));
197 closepftop(WINDOW *w)
199 struct mypfstate *mypf;
201 while ((mypf = RB_ROOT(&mypf_tree)) != NULL) {
202 RB_REMOVE(mypfstate_tree, &mypf_tree, mypf);
222 struct pfioc_states ps;
223 struct pfsync_state *states;
228 fd = open("/dev/pf", O_RDONLY);
235 bzero(&ps, sizeof(ps));
236 if (ioctl(fd, DIOCGETSTATES, &ps) < 0) {
240 ps.ps_len += 1024 * 1024;
241 ps.ps_buf = malloc(ps.ps_len);
242 if (ioctl(fd, DIOCGETSTATES, &ps) < 0) {
248 states = (void *)ps.ps_buf;
249 nstates = ps.ps_len / sizeof(*states);
253 for (i = 0; i < nstates; ++i)
254 updatestate(&states[i]);
261 gettimeofday(&tv_curr, NULL);
270 mvwaddstr(wnd, 0, LADDR, "Local Address");
271 mvwaddstr(wnd, 0, FADDR, "Foreign Address");
272 mvwaddstr(wnd, 0, PROTO, "Proto");
273 mvwaddstr(wnd, 0, RCVCC, "Recv-Q");
274 mvwaddstr(wnd, 0, SNDCC, "Send-Q");
275 mvwaddstr(wnd, 0, STATE, "(state)");
283 struct mypfstate *elm;
284 struct mypfstate *delm;
285 struct mypfstate **array;
288 struct pfsync_state_key *nk;
291 delta_time = (double)(tv_curr.tv_sec - tv_last.tv_sec) - 1.0 +
292 (tv_curr.tv_usec + 1000000 - tv_last.tv_usec) / 1e6;
293 if (delta_time < 0.1)
297 * Delete and collect pass
302 array = malloc(n * sizeof(*array));
303 RB_FOREACH(elm, mypfstate_tree, &mypf_tree) {
305 RB_REMOVE(mypfstate_tree, &mypf_tree, delm);
309 if (elm->seq == tcp_pcb_seq &&
310 (DELTARATE(bytes[0]) ||
316 array = realloc(array, n * sizeof(*array));
318 } else if (elm->seq != tcp_pcb_seq) {
323 RB_REMOVE(mypfstate_tree, &mypf_tree, delm);
327 qsort(array, i, sizeof(array[0]), statebwcmp);
331 for (i = 0; i < n; ++i) {
333 if (elm->state.direction == PF_OUT) {
334 nk = &elm->state.key[PF_SK_WIRE];
336 nk = &elm->state.key[PF_SK_STACK];
338 mvwprintw(wnd, row, 0,
342 netaddrstr(elm->state.af, &nk->addr[0], nk->port[0]),
343 netaddrstr(elm->state.af, &nk->addr[1], nk->port[1]),
344 numtok(DELTARATE(bytes[0])),
345 numtok(DELTARATE(bytes[1]))
348 if (++row >= LINES-3)
354 mvwprintw(wnd, LINES-2, 0, "Rate bytes/sec, active pf states");
358 * Sort by total bytes transfered, highest first
362 statebwcmp(const void *data1, const void *data2)
364 const struct mypfstate *elm1 = *__DECONST(struct mypfstate **, data1);
365 const struct mypfstate *elm2 = *__DECONST(struct mypfstate **, data2);
369 v1 = be64toh(*(const uint64_t *)elm1->state.bytes[0]) +
370 be64toh(*(const uint64_t *)elm1->state.bytes[1]);
371 v1 -= be64toh(*(const uint64_t *)elm1->last_state.bytes[0]) +
372 be64toh(*(const uint64_t *)elm1->last_state.bytes[1]);
373 v2 = be64toh(*(const uint64_t *)elm2->state.bytes[0]) +
374 be64toh(*(const uint64_t *)elm2->state.bytes[1]);
375 v2 -= be64toh(*(const uint64_t *)elm2->last_state.bytes[0]) +
376 be64toh(*(const uint64_t *)elm2->last_state.bytes[1]);
386 cmdpftop(const char *cmd __unused, char *args __unused)
402 static char buf[MAXINDEXES][32];
404 static const char *suffixes[] = { " ", "K", "M", "G", "T", NULL };
408 while (value >= 1000.0 && suffixes[suffix+1]) {
412 nexti = (nexti + 1) % MAXINDEXES;
415 } else if (value < 1.0) {
417 } else if (value < 10.0) {
419 } else if (value < 100.0) {
421 } else if (value < 1000.0) {
426 snprintf(buf[nexti], sizeof(buf[nexti]),
427 fmt, value, suffixes[suffix]);
432 netaddrstr(sa_family_t af, struct pf_addr *addr, u_int16_t port)
434 static char buf[MAXINDEXES][64];
438 nexta = (nexta + 1) % MAXINDEXES;
443 snprintf(bufip, sizeof(bufip),
445 (ntohl(addr->v4.s_addr) >> 24) & 255,
446 (ntohl(addr->v4.s_addr) >> 16) & 255,
447 (ntohl(addr->v4.s_addr) >> 8) & 255,
448 (ntohl(addr->v4.s_addr) >> 0) & 255);
449 snprintf(buf[nexta], sizeof(buf[nexta]),
450 "%15s:%-5d", bufip, port);
451 } else if (af == AF_INET6) {
452 snprintf(bufip, sizeof(bufip),
453 "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
454 ntohs(addr->v6.s6_addr16[0]),
455 ntohs(addr->v6.s6_addr16[1]),
456 ntohs(addr->v6.s6_addr16[2]),
457 ntohs(addr->v6.s6_addr16[3]),
458 ntohs(addr->v6.s6_addr16[4]),
459 ntohs(addr->v6.s6_addr16[5]),
460 ntohs(addr->v6.s6_addr16[6]),
461 ntohs(addr->v6.s6_addr16[7]));
462 snprintf(buf[nexta], sizeof(buf[nexta]),
463 "%39s:%-5d", bufip, port);
465 snprintf(bufip, sizeof(bufip), "<unknown>:%-5d", port);
466 snprintf(buf[nexta], sizeof(buf[nexta]),
467 "%15s:%-5d", bufip, port);
474 updatestate(struct pfsync_state *state)
476 struct mypfstate dummy;
477 struct mypfstate *elm;
479 dummy.state = *state;
480 if ((elm = RB_FIND(mypfstate_tree, &mypf_tree, &dummy)) == NULL) {
481 elm = malloc(sizeof(*elm));
482 bzero(elm, sizeof(*elm));
484 elm->last_state = *state;
485 bzero(elm->last_state.bytes,
486 sizeof(elm->last_state.bytes));
487 bzero(elm->last_state.packets,
488 sizeof(elm->last_state.packets));
489 RB_INSERT(mypfstate_tree, &mypf_tree, elm);
491 elm->last_state = elm->state;
494 elm->seq = tcp_pcb_seq;