2 * Copyright (c) 2013 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/param.h>
35 #include <sys/queue.h>
37 #include <sys/socket.h>
38 #include <sys/socketvar.h>
39 #include <sys/protosw.h>
40 #include <sys/sysctl.h>
41 #include <sys/endian.h>
43 #include <netinet/in.h>
44 #include <arpa/inet.h>
45 #include <net/route.h>
47 #include <net/pf/pfvar.h>
48 #include <netinet/in_systm.h>
49 #include <netinet/ip.h>
51 #include <netinet/ip6.h>
53 #include <netinet/in_pcb.h>
54 #include <netinet/ip_icmp.h>
55 #include <netinet/icmp_var.h>
56 #include <netinet/ip_var.h>
57 #include <netinet/tcp.h>
58 #include <netinet/tcpip.h>
59 #include <netinet/tcp_seq.h>
60 #include <netinet/tcp_fsm.h>
61 #include <netinet/tcp_timer.h>
62 #include <netinet/tcp_var.h>
63 #include <netinet/tcp_debug.h>
64 #include <netinet/udp.h>
65 #include <netinet/udp_var.h>
82 RB_ENTRY(mypfstate
) rb_node
;
86 struct pfsync_state state
;
87 struct pfsync_state last_state
;
90 double delta_time
= 1.0; /* for DELTARATE() initial state */
94 mypfstate_cmp(struct mypfstate
*pf1
, struct mypfstate
*pf2
)
96 struct pfsync_state_key
*nk1
, *nk2
;
99 if (pf1
->state
.proto
< pf2
->state
.proto
)
101 if (pf1
->state
.proto
> pf2
->state
.proto
)
104 if (pf1
->state
.direction
== PF_OUT
) {
105 nk1
= &pf1
->state
.key
[PF_SK_WIRE
];
107 nk1
= &pf1
->state
.key
[PF_SK_STACK
];
109 if (pf2
->state
.direction
== PF_OUT
) {
110 nk2
= &pf2
->state
.key
[PF_SK_WIRE
];
112 nk2
= &pf2
->state
.key
[PF_SK_STACK
];
114 if (pf1
->state
.proto
== IPPROTO_TCP
||
115 pf1
->state
.proto
== IPPROTO_UDP
||
116 pf1
->state
.proto
== IPPROTO_ICMP
||
117 pf1
->state
.proto
== IPPROTO_ICMPV6
) {
118 if (ntohs(nk1
->port
[0]) >= 1024 &&
119 ntohs(nk2
->port
[0]) >= 1024) {
120 if (ntohs(nk1
->port
[1]) < ntohs(nk2
->port
[1]))
122 if (ntohs(nk1
->port
[1]) > ntohs(nk2
->port
[1]))
125 if (ntohs(nk1
->port
[0]) < ntohs(nk2
->port
[0]))
127 if (ntohs(nk1
->port
[0]) > ntohs(nk2
->port
[0]))
129 if (ntohs(nk1
->port
[1]) < ntohs(nk2
->port
[1]))
131 if (ntohs(nk1
->port
[1]) > ntohs(nk2
->port
[1]))
136 * Sort IPV4 vs IPV6 addresses
138 if (pf1
->state
.af
< pf2
->state
.af
)
140 if (pf1
->state
.af
> pf2
->state
.af
)
144 * Local and foreign addresses
146 if (pf1
->state
.af
== AF_INET
) {
147 if (ntohl(nk1
->addr
[0].v4
.s_addr
) <
148 ntohl(nk2
->addr
[0].v4
.s_addr
))
150 if (ntohl(nk1
->addr
[0].v4
.s_addr
) >
151 ntohl(nk2
->addr
[0].v4
.s_addr
))
153 if (ntohl(nk1
->addr
[1].v4
.s_addr
) <
154 ntohl(nk2
->addr
[1].v4
.s_addr
))
156 if (ntohl(nk1
->addr
[1].v4
.s_addr
) >
157 ntohl(nk2
->addr
[1].v4
.s_addr
))
159 } else if (pf1
->state
.af
== AF_INET6
) {
160 r
= bcmp(&nk1
->addr
[0].v6
,
162 sizeof(nk1
->addr
[0].v6
));
166 r
= bcmp(&nk1
->addr
[0].v6
,
168 sizeof(nk1
->addr
[0].v6
));
174 * Unique Identifier to prevent overloading which messes up
175 * the bandwidth calculations.
177 return (memcmp(pf1
->state
.id
, pf2
->state
.id
, sizeof(pf1
->state
.id
)));
180 struct mypfstate_tree
;
181 RB_HEAD(mypfstate_tree
, mypfstate
);
182 RB_PROTOTYPE(mypfstate_tree
, mypfstate
, rb_node
, mypfstate_cmp
);
183 RB_GENERATE(mypfstate_tree
, mypfstate
, rb_node
, mypfstate_cmp
);
185 static struct mypfstate_tree mypf_tree
;
186 static struct timeval tv_curr
;
187 static struct timeval tv_last
;
188 static int tcp_pcb_seq
;
190 static const char *numtok(double value
, double template);
191 static const char *netaddrstr(sa_family_t af
, struct pf_addr
*addr
,
193 static const char *statestr(int proto
);
194 static void updatestate(struct pfsync_state
*state
);
195 static int statebwcmp(const void *data1
, const void *data2
);
197 #define GETBYTES64(field) \
198 (be64toh(*(uint64_t *)elm->state.field))
199 #define DELTARATE(field) \
200 ((double)(be64toh(*(uint64_t *)elm->state.field) - \
201 be64toh(*(uint64_t *)elm->last_state.field)) / delta_time)
207 return (subwin(stdscr
, LINES
-0-1, 0, 0, 0));
211 closepftop(WINDOW
*w
)
213 struct mypfstate
*mypf
;
215 while ((mypf
= RB_ROOT(&mypf_tree
)) != NULL
) {
216 RB_REMOVE(mypfstate_tree
, &mypf_tree
, mypf
);
236 struct pfioc_states ps
;
237 struct pfsync_state
*states
;
242 fd
= open("/dev/pf", O_RDONLY
);
249 bzero(&ps
, sizeof(ps
));
250 if (ioctl(fd
, DIOCGETSTATES
, &ps
) < 0) {
254 ps
.ps_len
+= 1024 * 1024;
255 ps
.ps_buf
= malloc(ps
.ps_len
);
256 if (ioctl(fd
, DIOCGETSTATES
, &ps
) < 0) {
262 states
= (void *)ps
.ps_buf
;
263 nstates
= ps
.ps_len
/ sizeof(*states
);
268 for (i
= 0; i
< nstates
; ++i
)
269 updatestate(&states
[i
]);
276 gettimeofday(&tv_curr
, NULL
);
285 mvwaddstr(wnd
, 0, LADDR
, "Local Address");
286 mvwaddstr(wnd
, 0, FADDR
, "Foreign Address");
287 mvwaddstr(wnd
, 0, PROTO
, "Proto");
288 mvwaddstr(wnd
, 0, RCVCC
, "Recv-Q");
289 mvwaddstr(wnd
, 0, SNDCC
, "Send-Q");
290 mvwaddstr(wnd
, 0, STATE
, "(state)");
297 struct mypfstate
*elm
;
298 struct mypfstate
*delm
;
299 struct mypfstate
**array
;
302 struct pfsync_state_key
*nk
;
307 delta_time
= (double)(tv_curr
.tv_sec
- tv_last
.tv_sec
) - 1.0 +
308 (tv_curr
.tv_usec
+ 1000000 - tv_last
.tv_usec
) / 1e6
;
309 if (delta_time
< 0.1) {
310 delta_time
= 0.1; /* don't implode DELTARATE */
315 * Delete and collect pass
320 array
= malloc(n
* sizeof(*array
));
322 RB_FOREACH(elm
, mypfstate_tree
, &mypf_tree
) {
324 RB_REMOVE(mypfstate_tree
, &mypf_tree
, delm
);
329 if (elm
->seq
== tcp_pcb_seq
&& elm
->save_bw
> 0) {
333 array
= realloc(array
, n
* sizeof(*array
));
335 } else if (elm
->seq
!= tcp_pcb_seq
) {
340 RB_REMOVE(mypfstate_tree
, &mypf_tree
, delm
);
344 qsort(array
, i
, sizeof(array
[0]), statebwcmp
);
348 for (i
= 0; i
< n
; ++i
) {
352 if (elm
->state
.direction
== PF_OUT
) {
353 nk
= &elm
->state
.key
[PF_SK_WIRE
];
357 nk
= &elm
->state
.key
[PF_SK_STACK
];
361 ttl
= GETBYTES64(bytes
[0]) + GETBYTES64(bytes
[1]);
362 mvwprintw(wnd
, row
, 0,
365 "rcv %s snd %s ttl %s",
366 statestr(elm
->state
.proto
),
367 netaddrstr(elm
->state
.af
, &nk
->addr
[0], nk
->port
[0]),
368 netaddrstr(elm
->state
.af
, &nk
->addr
[1], nk
->port
[1]),
369 numtok(DELTARATE(bytes
[rxdir
]), highestbw
),
370 numtok(DELTARATE(bytes
[txdir
]), highestbw
),
374 mvwprintw(wnd
, row
, 0,
377 "rcv %jd-%jd snd %jd-%jd ",
378 statestr(elm
->state
.proto
),
379 netaddrstr(elm
->state
.af
, &nk
->addr
[0], nk
->port
[0]),
380 netaddrstr(elm
->state
.af
, &nk
->addr
[1], nk
->port
[1]),
381 be64toh(*(uint64_t *)elm
->state
.bytes
[0]),
382 be64toh(*(uint64_t *)elm
->last_state
.bytes
[0]),
383 be64toh(*(uint64_t *)elm
->state
.bytes
[1]),
384 be64toh(*(uint64_t *)elm
->last_state
.bytes
[1])
388 if (++row
>= LINES
-3)
394 mvwprintw(wnd
, LINES
-2, 0, "Rate bytes/sec, active pf states");
398 * Sort by total bytes transfered, highest first
402 statebwcmp(const void *data1
, const void *data2
)
404 const struct mypfstate
*elm1
= *__DECONST(struct mypfstate
**, data1
);
405 const struct mypfstate
*elm2
= *__DECONST(struct mypfstate
**, data2
);
408 dv
= elm1
->save_bw
- elm2
->save_bw
;
418 cmdpftop(const char *cmd __unused
, char *args __unused
)
432 numtok(double value
, double template)
434 static char buf
[MAXINDEXES
][32];
436 static const char *suffixes
[] = { " ", "K", "M", "G", "T", NULL
};
440 while (template >= 1000.0 && suffixes
[suffix
+1]) {
445 nexti
= (nexti
+ 1) % MAXINDEXES
;
448 } else if (template < 1.0) {
450 } else if (template < 10.0) {
452 } else if (template < 100.0) {
454 } else if (template < 1000.0) {
459 snprintf(buf
[nexti
], sizeof(buf
[nexti
]),
460 fmt
, value
, suffixes
[suffix
]);
465 netaddrstr(sa_family_t af
, struct pf_addr
*addr
, u_int16_t port
)
467 static char buf
[MAXINDEXES
][64];
471 nexta
= (nexta
+ 1) % MAXINDEXES
;
476 snprintf(bufip
, sizeof(bufip
),
478 (ntohl(addr
->v4
.s_addr
) >> 24) & 255,
479 (ntohl(addr
->v4
.s_addr
) >> 16) & 255,
480 (ntohl(addr
->v4
.s_addr
) >> 8) & 255,
481 (ntohl(addr
->v4
.s_addr
) >> 0) & 255);
482 snprintf(buf
[nexta
], sizeof(buf
[nexta
]),
483 "%-20s %-5d", bufip
, port
);
484 } else if (af
== AF_INET6
) {
485 #if defined(PFTOP_WIDE)
486 snprintf(bufip
, sizeof(bufip
),
487 "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
488 ntohs(addr
->v6
.s6_addr16
[0]),
489 ntohs(addr
->v6
.s6_addr16
[1]),
490 ntohs(addr
->v6
.s6_addr16
[2]),
491 ntohs(addr
->v6
.s6_addr16
[3]),
492 ntohs(addr
->v6
.s6_addr16
[4]),
493 ntohs(addr
->v6
.s6_addr16
[5]),
494 ntohs(addr
->v6
.s6_addr16
[6]),
495 ntohs(addr
->v6
.s6_addr16
[7]));
496 snprintf(buf
[nexta
], sizeof(buf
[nexta
]),
497 "%39s %-5d", bufip
, port
);
499 snprintf(bufip
, sizeof(bufip
),
500 "%04x:%04x--%04x:%04x",
501 ntohs(addr
->v6
.s6_addr16
[0]),
502 ntohs(addr
->v6
.s6_addr16
[1]),
503 ntohs(addr
->v6
.s6_addr16
[6]),
504 ntohs(addr
->v6
.s6_addr16
[7]));
505 snprintf(buf
[nexta
], sizeof(buf
[nexta
]),
506 "%20s %-5d", bufip
, port
);
509 snprintf(bufip
, sizeof(bufip
), "<unknown>:%-5d", port
);
510 snprintf(buf
[nexta
], sizeof(buf
[nexta
]),
511 "%15s:%-5d", bufip
, port
);
518 updatestate(struct pfsync_state
*state
)
520 struct mypfstate dummy
;
521 struct mypfstate
*elm
;
523 dummy
.state
= *state
;
524 if ((elm
= RB_FIND(mypfstate_tree
, &mypf_tree
, &dummy
)) == NULL
) {
525 elm
= malloc(sizeof(*elm
));
526 bzero(elm
, sizeof(*elm
));
528 elm
->last_state
= *state
;
529 elm
->best_bw
= DELTARATE(bytes
[0]) + DELTARATE(bytes
[1]);
530 elm
->save_bw
= elm
->best_bw
;
531 bzero(elm
->last_state
.bytes
,
532 sizeof(elm
->last_state
.bytes
));
533 bzero(elm
->last_state
.packets
,
534 sizeof(elm
->last_state
.packets
));
535 RB_INSERT(mypfstate_tree
, &mypf_tree
, elm
);
536 if (highestbw
< elm
->save_bw
)
537 highestbw
= elm
->save_bw
;
539 elm
->last_state
= elm
->state
;
541 elm
->best_bw
= DELTARATE(bytes
[0]) + DELTARATE(bytes
[1]);
542 if (elm
->save_bw
< elm
->best_bw
)
543 elm
->save_bw
= elm
->best_bw
;
545 elm
->save_bw
= (elm
->save_bw
* 7 + elm
->best_bw
) / 8;
546 if (highestbw
< elm
->save_bw
)
547 highestbw
= elm
->save_bw
;
549 elm
->seq
= tcp_pcb_seq
;
567 snprintf(buf
, sizeof(buf
), "%-5d", proto
);