ipsec.c (216370) | ipsec.c (253081) |
---|---|
1/* $KAME: ipsec.c,v 1.33 2003/07/25 09:54:32 itojun Exp $ */ 2 3/*- 4 * Copyright (c) 2005 NTT Multimedia Communications Laboratories, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 75 unchanged lines hidden (view full) --- 84 85#if 0 86#ifndef lint 87static char sccsid[] = "@(#)inet.c 8.5 (Berkeley) 5/24/95"; 88#endif /* not lint */ 89#endif 90 91#include <sys/cdefs.h> | 1/* $KAME: ipsec.c,v 1.33 2003/07/25 09:54:32 itojun Exp $ */ 2 3/*- 4 * Copyright (c) 2005 NTT Multimedia Communications Laboratories, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 75 unchanged lines hidden (view full) --- 84 85#if 0 86#ifndef lint 87static char sccsid[] = "@(#)inet.c 8.5 (Berkeley) 5/24/95"; 88#endif /* not lint */ 89#endif 90 91#include <sys/cdefs.h> |
92__FBSDID("$FreeBSD: head/usr.bin/netstat/ipsec.c 216370 2010-12-11 08:32:16Z joel $"); | 92__FBSDID("$FreeBSD: head/usr.bin/netstat/ipsec.c 253081 2013-07-09 09:32:06Z ae $"); |
93 94#include <sys/param.h> 95#include <sys/queue.h> 96#include <sys/socket.h> 97#include <sys/socketvar.h> 98 99#include <netinet/in.h> 100 --- 168 unchanged lines hidden (view full) --- 269 return; 270 printf ("%s:\n", name); 271 kread(off, (char *)&ipsecstat, sizeof(ipsecstat)); 272 273 print_ipsecstats(&ipsecstat); 274} 275 276 | 93 94#include <sys/param.h> 95#include <sys/queue.h> 96#include <sys/socket.h> 97#include <sys/socketvar.h> 98 99#include <netinet/in.h> 100 --- 168 unchanged lines hidden (view full) --- 269 return; 270 printf ("%s:\n", name); 271 kread(off, (char *)&ipsecstat, sizeof(ipsecstat)); 272 273 print_ipsecstats(&ipsecstat); 274} 275 276 |
277static void ipsec_hist_new(const u_int32_t *hist, size_t histmax, | 277static void ipsec_hist_new(const uint64_t *hist, size_t histmax, |
278 const struct val2str *name, const char *title); 279static void print_ahstats(const struct ahstat *ahstat); 280static void print_espstats(const struct espstat *espstat); 281static void print_ipcompstats(const struct ipcompstat *ipcompstat); 282 283/* 284 * Dump IPSEC statistics structure. 285 */ 286static void | 278 const struct val2str *name, const char *title); 279static void print_ahstats(const struct ahstat *ahstat); 280static void print_espstats(const struct espstat *espstat); 281static void print_ipcompstats(const struct ipcompstat *ipcompstat); 282 283/* 284 * Dump IPSEC statistics structure. 285 */ 286static void |
287ipsec_hist_new(const u_int32_t *hist, size_t histmax, | 287ipsec_hist_new(const uint64_t *hist, size_t histmax, |
288 const struct val2str *name, const char *title) 289{ 290 int first; 291 size_t proto; 292 const struct val2str *p; 293 294 first = 1; 295 for (proto = 0; proto < histmax; proto++) { 296 if (hist[proto] <= 0) 297 continue; 298 if (first) { 299 printf("\t%s histogram:\n", title); 300 first = 0; 301 } 302 for (p = name; p && p->str; p++) { 303 if (p->val == (int)proto) 304 break; 305 } 306 if (p && p->str) { | 288 const struct val2str *name, const char *title) 289{ 290 int first; 291 size_t proto; 292 const struct val2str *p; 293 294 first = 1; 295 for (proto = 0; proto < histmax; proto++) { 296 if (hist[proto] <= 0) 297 continue; 298 if (first) { 299 printf("\t%s histogram:\n", title); 300 first = 0; 301 } 302 for (p = name; p && p->str; p++) { 303 if (p->val == (int)proto) 304 break; 305 } 306 if (p && p->str) { |
307 printf("\t\t%s: %u\n", p->str, hist[proto]); | 307 printf("\t\t%s: %ju\n", p->str, 308 (uintmax_t)hist[proto]); |
308 } else { | 309 } else { |
309 printf("\t\t#%lu: %u\n", (unsigned long)proto, 310 hist[proto]); | 310 printf("\t\t#%lu: %ju\n", (unsigned long)proto, 311 (uintmax_t)hist[proto]); |
311 } 312 } 313} 314 315static void 316print_ahstats(const struct ahstat *ahstat) 317{ | 312 } 313 } 314} 315 316static void 317print_ahstats(const struct ahstat *ahstat) 318{ |
318#define p32(f, m) if (ahstat->f || sflag <= 1) \ 319 printf("\t%u" m, (unsigned int)ahstat->f, plural(ahstat->f)) 320#define p64(f, m) if (ahstat->f || sflag <= 1) \ | 319#define p(f, m) if (ahstat->f || sflag <= 1) \ |
321 printf("\t%ju" m, (uintmax_t)ahstat->f, plural(ahstat->f)) 322#define hist(f, n, t) \ 323 ipsec_hist_new((f), sizeof(f)/sizeof(f[0]), (n), (t)); 324 | 320 printf("\t%ju" m, (uintmax_t)ahstat->f, plural(ahstat->f)) 321#define hist(f, n, t) \ 322 ipsec_hist_new((f), sizeof(f)/sizeof(f[0]), (n), (t)); 323 |
325 p32(ahs_hdrops, " packet%s shorter than header shows\n"); 326 p32(ahs_nopf, " packet%s dropped; protocol family not supported\n"); 327 p32(ahs_notdb, " packet%s dropped; no TDB\n"); 328 p32(ahs_badkcr, " packet%s dropped; bad KCR\n"); 329 p32(ahs_qfull, " packet%s dropped; queue full\n"); 330 p32(ahs_noxform, " packet%s dropped; no transform\n"); 331 p32(ahs_wrap, " replay counter wrap%s\n"); 332 p32(ahs_badauth, " packet%s dropped; bad authentication detected\n"); 333 p32(ahs_badauthl, " packet%s dropped; bad authentication length\n"); 334 p32(ahs_replay, " possible replay packet%s detected\n"); 335 p32(ahs_input, " packet%s in\n"); 336 p32(ahs_output, " packet%s out\n"); 337 p32(ahs_invalid, " packet%s dropped; invalid TDB\n"); 338 p64(ahs_ibytes, " byte%s in\n"); 339 p64(ahs_obytes, " byte%s out\n"); 340 p32(ahs_toobig, " packet%s dropped; larger than IP_MAXPACKET\n"); 341 p32(ahs_pdrops, " packet%s blocked due to policy\n"); 342 p32(ahs_crypto, " crypto processing failure%s\n"); 343 p32(ahs_tunnel, " tunnel sanity check failure%s\n"); | 324 p(ahs_hdrops, " packet%s shorter than header shows\n"); 325 p(ahs_nopf, " packet%s dropped; protocol family not supported\n"); 326 p(ahs_notdb, " packet%s dropped; no TDB\n"); 327 p(ahs_badkcr, " packet%s dropped; bad KCR\n"); 328 p(ahs_qfull, " packet%s dropped; queue full\n"); 329 p(ahs_noxform, " packet%s dropped; no transform\n"); 330 p(ahs_wrap, " replay counter wrap%s\n"); 331 p(ahs_badauth, " packet%s dropped; bad authentication detected\n"); 332 p(ahs_badauthl, " packet%s dropped; bad authentication length\n"); 333 p(ahs_replay, " possible replay packet%s detected\n"); 334 p(ahs_input, " packet%s in\n"); 335 p(ahs_output, " packet%s out\n"); 336 p(ahs_invalid, " packet%s dropped; invalid TDB\n"); 337 p(ahs_ibytes, " byte%s in\n"); 338 p(ahs_obytes, " byte%s out\n"); 339 p(ahs_toobig, " packet%s dropped; larger than IP_MAXPACKET\n"); 340 p(ahs_pdrops, " packet%s blocked due to policy\n"); 341 p(ahs_crypto, " crypto processing failure%s\n"); 342 p(ahs_tunnel, " tunnel sanity check failure%s\n"); |
344 hist(ahstat->ahs_hist, ipsec_ahnames, "AH output"); 345 | 343 hist(ahstat->ahs_hist, ipsec_ahnames, "AH output"); 344 |
346#undef p32 347#undef p64 | 345#undef p |
348#undef hist 349} 350 351void 352ah_stats(u_long off, const char *name, int family __unused, int proto __unused) 353{ 354 struct ahstat ahstat; 355 356 if (off == 0) 357 return; 358 printf ("%s:\n", name); 359 kread(off, (char *)&ahstat, sizeof(ahstat)); 360 361 print_ahstats(&ahstat); 362} 363 364static void 365print_espstats(const struct espstat *espstat) 366{ | 346#undef hist 347} 348 349void 350ah_stats(u_long off, const char *name, int family __unused, int proto __unused) 351{ 352 struct ahstat ahstat; 353 354 if (off == 0) 355 return; 356 printf ("%s:\n", name); 357 kread(off, (char *)&ahstat, sizeof(ahstat)); 358 359 print_ahstats(&ahstat); 360} 361 362static void 363print_espstats(const struct espstat *espstat) 364{ |
367#define p32(f, m) if (espstat->f || sflag <= 1) \ 368 printf("\t%u" m, (unsigned int)espstat->f, plural(espstat->f)) 369#define p64(f, m) if (espstat->f || sflag <= 1) \ | 365#define p(f, m) if (espstat->f || sflag <= 1) \ |
370 printf("\t%ju" m, (uintmax_t)espstat->f, plural(espstat->f)) 371#define hist(f, n, t) \ 372 ipsec_hist_new((f), sizeof(f)/sizeof(f[0]), (n), (t)); 373 | 366 printf("\t%ju" m, (uintmax_t)espstat->f, plural(espstat->f)) 367#define hist(f, n, t) \ 368 ipsec_hist_new((f), sizeof(f)/sizeof(f[0]), (n), (t)); 369 |
374 p32(esps_hdrops, " packet%s shorter than header shows\n"); 375 p32(esps_nopf, " packet%s dropped; protocol family not supported\n"); 376 p32(esps_notdb, " packet%s dropped; no TDB\n"); 377 p32(esps_badkcr, " packet%s dropped; bad KCR\n"); 378 p32(esps_qfull, " packet%s dropped; queue full\n"); 379 p32(esps_noxform, " packet%s dropped; no transform\n"); 380 p32(esps_badilen, " packet%s dropped; bad ilen\n"); 381 p32(esps_wrap, " replay counter wrap%s\n"); 382 p32(esps_badenc, " packet%s dropped; bad encryption detected\n"); 383 p32(esps_badauth, " packet%s dropped; bad authentication detected\n"); 384 p32(esps_replay, " possible replay packet%s detected\n"); 385 p32(esps_input, " packet%s in\n"); 386 p32(esps_output, " packet%s out\n"); 387 p32(esps_invalid, " packet%s dropped; invalid TDB\n"); 388 p64(esps_ibytes, " byte%s in\n"); 389 p64(esps_obytes, " byte%s out\n"); 390 p32(esps_toobig, " packet%s dropped; larger than IP_MAXPACKET\n"); 391 p32(esps_pdrops, " packet%s blocked due to policy\n"); 392 p32(esps_crypto, " crypto processing failure%s\n"); 393 p32(esps_tunnel, " tunnel sanity check failure%s\n"); | 370 p(esps_hdrops, " packet%s shorter than header shows\n"); 371 p(esps_nopf, " packet%s dropped; protocol family not supported\n"); 372 p(esps_notdb, " packet%s dropped; no TDB\n"); 373 p(esps_badkcr, " packet%s dropped; bad KCR\n"); 374 p(esps_qfull, " packet%s dropped; queue full\n"); 375 p(esps_noxform, " packet%s dropped; no transform\n"); 376 p(esps_badilen, " packet%s dropped; bad ilen\n"); 377 p(esps_wrap, " replay counter wrap%s\n"); 378 p(esps_badenc, " packet%s dropped; bad encryption detected\n"); 379 p(esps_badauth, " packet%s dropped; bad authentication detected\n"); 380 p(esps_replay, " possible replay packet%s detected\n"); 381 p(esps_input, " packet%s in\n"); 382 p(esps_output, " packet%s out\n"); 383 p(esps_invalid, " packet%s dropped; invalid TDB\n"); 384 p(esps_ibytes, " byte%s in\n"); 385 p(esps_obytes, " byte%s out\n"); 386 p(esps_toobig, " packet%s dropped; larger than IP_MAXPACKET\n"); 387 p(esps_pdrops, " packet%s blocked due to policy\n"); 388 p(esps_crypto, " crypto processing failure%s\n"); 389 p(esps_tunnel, " tunnel sanity check failure%s\n"); |
394 hist(espstat->esps_hist, ipsec_espnames, "ESP output"); 395 | 390 hist(espstat->esps_hist, ipsec_espnames, "ESP output"); 391 |
396#undef p32 397#undef p64 | 392#undef p |
398#undef hist 399} 400 401void 402esp_stats(u_long off, const char *name, int family __unused, int proto __unused) 403{ 404 struct espstat espstat; 405 406 if (off == 0) 407 return; 408 printf ("%s:\n", name); 409 kread(off, (char *)&espstat, sizeof(espstat)); 410 411 print_espstats(&espstat); 412} 413 414static void 415print_ipcompstats(const struct ipcompstat *ipcompstat) 416{ | 393#undef hist 394} 395 396void 397esp_stats(u_long off, const char *name, int family __unused, int proto __unused) 398{ 399 struct espstat espstat; 400 401 if (off == 0) 402 return; 403 printf ("%s:\n", name); 404 kread(off, (char *)&espstat, sizeof(espstat)); 405 406 print_espstats(&espstat); 407} 408 409static void 410print_ipcompstats(const struct ipcompstat *ipcompstat) 411{ |
417 uint32_t version; 418#define p32(f, m) if (ipcompstat->f || sflag <= 1) \ 419 printf("\t%u" m, (unsigned int)ipcompstat->f, plural(ipcompstat->f)) 420#define p64(f, m) if (ipcompstat->f || sflag <= 1) \ | 412#define p(f, m) if (ipcompstat->f || sflag <= 1) \ |
421 printf("\t%ju" m, (uintmax_t)ipcompstat->f, plural(ipcompstat->f)) 422#define hist(f, n, t) \ 423 ipsec_hist_new((f), sizeof(f)/sizeof(f[0]), (n), (t)); 424 | 413 printf("\t%ju" m, (uintmax_t)ipcompstat->f, plural(ipcompstat->f)) 414#define hist(f, n, t) \ 415 ipsec_hist_new((f), sizeof(f)/sizeof(f[0]), (n), (t)); 416 |
425#ifndef IPCOMPSTAT_VERSION 426 version = 0; 427#else 428 version = ipcompstat->version; 429#endif 430 p32(ipcomps_hdrops, " packet%s shorter than header shows\n"); 431 p32(ipcomps_nopf, " packet%s dropped; protocol family not supported\n"); 432 p32(ipcomps_notdb, " packet%s dropped; no TDB\n"); 433 p32(ipcomps_badkcr, " packet%s dropped; bad KCR\n"); 434 p32(ipcomps_qfull, " packet%s dropped; queue full\n"); 435 p32(ipcomps_noxform, " packet%s dropped; no transform\n"); 436 p32(ipcomps_wrap, " replay counter wrap%s\n"); 437 p32(ipcomps_input, " packet%s in\n"); 438 p32(ipcomps_output, " packet%s out\n"); 439 p32(ipcomps_invalid, " packet%s dropped; invalid TDB\n"); 440 p64(ipcomps_ibytes, " byte%s in\n"); 441 p64(ipcomps_obytes, " byte%s out\n"); 442 p32(ipcomps_toobig, " packet%s dropped; larger than IP_MAXPACKET\n"); 443 p32(ipcomps_pdrops, " packet%s blocked due to policy\n"); 444 p32(ipcomps_crypto, " crypto processing failure%s\n"); | 417 p(ipcomps_hdrops, " packet%s shorter than header shows\n"); 418 p(ipcomps_nopf, " packet%s dropped; protocol family not supported\n"); 419 p(ipcomps_notdb, " packet%s dropped; no TDB\n"); 420 p(ipcomps_badkcr, " packet%s dropped; bad KCR\n"); 421 p(ipcomps_qfull, " packet%s dropped; queue full\n"); 422 p(ipcomps_noxform, " packet%s dropped; no transform\n"); 423 p(ipcomps_wrap, " replay counter wrap%s\n"); 424 p(ipcomps_input, " packet%s in\n"); 425 p(ipcomps_output, " packet%s out\n"); 426 p(ipcomps_invalid, " packet%s dropped; invalid TDB\n"); 427 p(ipcomps_ibytes, " byte%s in\n"); 428 p(ipcomps_obytes, " byte%s out\n"); 429 p(ipcomps_toobig, " packet%s dropped; larger than IP_MAXPACKET\n"); 430 p(ipcomps_pdrops, " packet%s blocked due to policy\n"); 431 p(ipcomps_crypto, " crypto processing failure%s\n"); |
445 hist(ipcompstat->ipcomps_hist, ipsec_compnames, "COMP output"); | 432 hist(ipcompstat->ipcomps_hist, ipsec_compnames, "COMP output"); |
446 if (version >= 1) { 447 p32(ipcomps_threshold, " packet%s sent uncompressed; size < compr. algo. threshold\n"); 448 p32(ipcomps_uncompr, " packet%s sent uncompressed; compression was useless\n"); 449 } | 433 p(ipcomps_threshold, " packet%s sent uncompressed; size < compr. algo. threshold\n"); 434 p(ipcomps_uncompr, " packet%s sent uncompressed; compression was useless\n"); |
450 | 435 |
451#undef p32 452#undef p64 | 436#undef p |
453#undef hist 454} 455 456void 457ipcomp_stats(u_long off, const char *name, int family __unused, 458 int proto __unused) 459{ 460 struct ipcompstat ipcompstat; 461 462 if (off == 0) 463 return; 464 printf ("%s:\n", name); 465 kread(off, (char *)&ipcompstat, sizeof(ipcompstat)); 466 467 print_ipcompstats(&ipcompstat); 468} 469 470#endif /*IPSEC*/ | 437#undef hist 438} 439 440void 441ipcomp_stats(u_long off, const char *name, int family __unused, 442 int proto __unused) 443{ 444 struct ipcompstat ipcompstat; 445 446 if (off == 0) 447 return; 448 printf ("%s:\n", name); 449 kread(off, (char *)&ipcompstat, sizeof(ipcompstat)); 450 451 print_ipcompstats(&ipcompstat); 452} 453 454#endif /*IPSEC*/ |