Date: Thu, 30 Jul 2009 22:04:31 GMT From: Gabor Pali <pgj@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 166838 for review Message-ID: <200907302204.n6UM4V0u039085@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=166838 Change 166838 by pgj@petymeg-current on 2009/07/30 22:04:21 Add support for ESP. Affected files ... .. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat.h#50 edit .. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_internal.h#47 edit .. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_stat.c#17 edit .. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_util.c#55 edit Differences ... ==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat.h#50 (text+ko) ==== @@ -34,6 +34,7 @@ #ifdef IPSEC #include <netipsec/keysock.h> +#include <netipsec/esp_var.h> #endif #define NETSTAT_MAXCALLER 16 @@ -88,6 +89,8 @@ #define NETSTAT_PFKEY_IN_MSGTYPE_MAX 256 #define NETSTAT_PFKEY_OUT_MSGTYPE_MAX 256 +/* ESP: */ +#define NETSTAT_ESP_HIST_MAX ESP_ALG_MAX /* Enum for TCP states: */ enum tcp_state { @@ -152,6 +155,7 @@ stat_pfsync, #ifdef IPSEC stat_pfkey, + stat_ESP, #endif stat_MAX, stat_Invalid, @@ -203,6 +207,7 @@ struct pfsync_stat; #ifdef IPSEC struct pfkey_stat; +struct esp_stat; #endif __BEGIN_DECLS @@ -944,5 +949,30 @@ enum pfkey_msgtarget); u_int64_t netstat_pfkeys_get_in_nomem(const struct pfkey_stat *); u_int64_t netstat_pfkeys_get_sockerr(const struct pfkey_stat *); + +const struct esp_stat *netstat_get_espstats(const struct stat_type *); +const char *netstat_ipsec_espname(int); + +u_int32_t netstat_esps_get_hdrops(const struct esp_stat *); +u_int32_t netstat_esps_get_nopf(const struct esp_stat *); +u_int32_t netstat_esps_get_notdb(const struct esp_stat *); +u_int32_t netstat_esps_get_badkcr(const struct esp_stat *); +u_int32_t netstat_esps_get_qfull(const struct esp_stat *); +u_int32_t netstat_esps_get_noxform(const struct esp_stat *); +u_int32_t netstat_esps_get_badilen(const struct esp_stat *); +u_int32_t netstat_esps_get_wrap(const struct esp_stat *); +u_int32_t netstat_esps_get_badenc(const struct esp_stat *); +u_int32_t netstat_esps_get_badauth(const struct esp_stat *); +u_int32_t netstat_esps_get_replay(const struct esp_stat *); +u_int32_t netstat_esps_get_input(const struct esp_stat *); +u_int32_t netstat_esps_get_output(const struct esp_stat *); +u_int32_t netstat_esps_get_invalid(const struct esp_stat *); +u_int64_t netstat_esps_get_ibytes(const struct esp_stat *); +u_int64_t netstat_esps_get_obytes(const struct esp_stat *); +u_int32_t netstat_esps_get_toobig(const struct esp_stat *); +u_int32_t netstat_esps_get_pdrops(const struct esp_stat *); +u_int32_t netstat_esps_get_crypto(const struct esp_stat *); +u_int32_t netstat_esps_get_tunnel(const struct esp_stat *); +u_int32_t netstat_esps_get_hist(const struct esp_stat *, int); #endif /* !IPSEC */ #endif /* !_NETSTAT_H_ */ ==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_internal.h#47 (text+ko) ==== @@ -67,6 +67,7 @@ #include <net/if_pfsync.h> #ifdef IPSEC #include <netipsec/keysock.h> +#include <netipsec/esp_var.h> #endif #include "netstat.h" @@ -375,6 +376,10 @@ struct pfkey_stat { struct pfkeystat s; }; + +struct esp_stat { + struct espstat s; +}; #endif /* Timestamp type. */ @@ -383,6 +388,11 @@ u_int32_t ts_usec; }; +struct val2str { + int val; + const char *str; +}; + int kread_data(kvm_t *kvm, u_long kvm_pointer, void *address, size_t size); int kread_string(kvm_t *kvm, u_long kvm_pointer, char *buffer, int buflen); @@ -408,6 +418,7 @@ struct bpf_type *_netstat_bpt_allocate(struct bpf_type_list *list, const char *ifname); +const char *resolve_val2str_name(int, const struct val2str *); /* XXX: merge these into a common address resolution routine. */ const char *routename(in_addr_t in, int numeric); const char *netname(in_addr_t in, u_long mask, int numeric); ==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_stat.c#17 (text+ko) ==== @@ -88,6 +88,7 @@ { PFSYNCSTAT_VERSION, "net.inet.pfsync.stats", "_pfsyncstats" }, #ifdef IPSEC { PFKEYSTAT_VERSION, "net.key.stats", "_pfkeystat" }, + { ESPSTAT_VERSION, "net.inet.esp.stats", "_espstat" }, #endif }; ==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_util.c#55 (text+ko) ==== @@ -32,6 +32,7 @@ #include <sys/protosw.h> #include <sys/domain.h> +#include <net/pfkeyv2.h> #include <netinet/in.h> #include <arpa/inet.h> @@ -1902,6 +1903,41 @@ PFKEY_ACC(sockerr); #undef PFKEY_ACC #undef PFKEY_ACCA + +#define ESP_ACC(field) \ + STATS_ACCX(u_int32_t,esp,field,esps_##field) + +#define ESP_ACC64(field) \ + STATS_ACCX(u_int64_t,esp,field,esps_##field) + +#define ESP_ACCA(field,size) \ + STATS_ACCXA(u_int32_t,esp,field,esps_##field,size) + +STATS_GET(esp,ESP); +ESP_ACC(hdrops); +ESP_ACC(nopf); +ESP_ACC(notdb); +ESP_ACC(badkcr); +ESP_ACC(qfull); +ESP_ACC(noxform); +ESP_ACC(badilen); +ESP_ACC(wrap); +ESP_ACC(badenc); +ESP_ACC(badauth); +ESP_ACC(replay); +ESP_ACC(input); +ESP_ACC(output); +ESP_ACC(invalid); +ESP_ACC64(ibytes); +ESP_ACC64(obytes); +ESP_ACC(toobig); +ESP_ACC(pdrops); +ESP_ACC(crypto); +ESP_ACC(tunnel); +ESP_ACCA(hist,ESP_ALG_MAX); +#undef ESP_ACC +#undef ESP_ACC64 +#undef ESP_ACCA #endif /* !IPSEC */ static const char *icmpnames[ICMP_MAXTYPE + 1] = { @@ -2247,6 +2283,46 @@ return buf; } +static struct val2str ipsec_espnames[] = { + { SADB_EALG_NONE, "none" }, + { SADB_EALG_DESCBC, "des-cbc" }, + { SADB_EALG_3DESCBC, "3des-cbc" }, + { SADB_EALG_NULL, "null" }, + { SADB_X_EALG_CAST128CBC, "cast128-cbc" }, + { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc" }, +#ifdef SADB_X_EALG_RIJNDAELCBC + { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc" }, +#endif +#ifdef SADB_X_EALG_AESCTR + { SADB_X_EALG_AESCTR, "aes-ctr" }, +#endif + { -1, NULL }, +}; + +const char * +resolve_val2str_name(int proto, const struct val2str *name) +{ + static char buf[20]; + const struct val2str *p; + + for (p = name; p && p->str; p++) { + if (p->val == proto) + break; + } + + if (p != NULL && p->str != NULL) + return (p->str); + + snprintf(buf, sizeof(buf), "#%lu", (unsigned long)proto); + return buf; +} + +const char * +netstat_ipsec_espname(int proto) +{ + return (resolve_val2str_name(proto, ipsec_espnames)); +} + const char * routename(in_addr_t in, int numeric) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907302204.n6UM4V0u039085>