Date: Thu, 30 Jul 2009 22:05:32 GMT From: Gabor Pali <pgj@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 166839 for review Message-ID: <200907302205.n6UM5WrM039231@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=166839 Change 166839 by pgj@petymeg-current on 2009/07/30 22:05:28 Modify netstat(1) to call libnetstat(3) functions for displaying ESP statistics. Affected files ... .. //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/Makefile#5 edit .. //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/extern.h#27 edit .. //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/ipsec.c#3 edit .. //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/main.c#35 edit Differences ... ==== //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/Makefile#5 (text+ko) ==== @@ -5,13 +5,13 @@ PROG= netstat SRCS= if.c inet.c main.c mbuf.c mroute.c route.c \ - unix.c atalk.c mroute6.c ipsec.c bpf.c sctp.c + unix.c atalk.c mroute6.c bpf.c sctp.c WARNS?= 3 CFLAGS+=-fno-strict-aliasing CFLAGS+=-DIPSEC -SRCS+= pfkey.c +SRCS+= pfkey.c ipsec.c CFLAGS+=-DSCTP ==== //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/extern.h#27 (text+ko) ==== @@ -88,7 +88,7 @@ void pfsync_stats(const struct stat_type *); #ifdef IPSEC void ipsec_stats(u_long, const char *, int, int); -void esp_stats(u_long, const char *, int, int); +void esp_stats(const struct stat_type *); void ah_stats(u_long, const char *, int, int); void ipcomp_stats(u_long, const char *, int, int); void pfkey_stats(const struct stat_type *); ==== //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/ipsec.c#3 (text+ko) ==== @@ -101,21 +101,18 @@ #include <sys/socketvar.h> #include <netinet/in.h> - -#ifdef IPSEC #include <netipsec/ipsec.h> #include <netipsec/ah_var.h> #include <netipsec/esp_var.h> #include <netipsec/ipcomp_var.h> -#endif #include <stdint.h> #include <stdio.h> #include <string.h> #include <unistd.h> +#include <netstat.h> #include "extern.h" -#ifdef IPSEC struct val2str { int val; const char *str; @@ -281,7 +278,6 @@ static void ipsec_hist_new(const u_int32_t *hist, size_t histmax, const struct val2str *name, const char *title); static void print_ahstats(const struct ahstat *ahstat); -static void print_espstats(const struct espstat *espstat); static void print_ipcompstats(const struct ipcompstat *ipcompstat); /* @@ -365,56 +361,55 @@ print_ahstats(&ahstat); } -static void -print_espstats(const struct espstat *espstat) +void +esp_stats(const struct stat_type *sttp) { -#define p32(f, m) if (espstat->f || sflag <= 1) \ - printf("\t%u" m, (unsigned int)espstat->f, plural(espstat->f)) -#define p64(f, m) if (espstat->f || sflag <= 1) \ - printf("\t%ju" m, (uintmax_t)espstat->f, plural(espstat->f)) + const struct esp_stat *s; + int first, proto; + + s = netstat_get_espstats(sttp); +#define p32(f, m) if (netstat_esps_get_##f(s) || sflag <= 1) \ + printf("\t%u" m, netstat_esps_get_##f(s), plural(netstat_esps_get_##f(s))) +#define p64(f, m) if (netstat_esps_get_##f(s) || sflag <= 1) \ + printf("\t%ju" m, netstat_esps_get_##f(s), plural(netstat_esps_get_##f(s))) #define hist(f, n, t) \ ipsec_hist_new((f), sizeof(f)/sizeof(f[0]), (n), (t)); - - p32(esps_hdrops, " packet%s shorter than header shows\n"); - p32(esps_nopf, " packet%s dropped; protocol family not supported\n"); - p32(esps_notdb, " packet%s dropped; no TDB\n"); - p32(esps_badkcr, " packet%s dropped; bad KCR\n"); - p32(esps_qfull, " packet%s dropped; queue full\n"); - p32(esps_noxform, " packet%s dropped; no transform\n"); - p32(esps_badilen, " packet%s dropped; bad ilen\n"); - p32(esps_wrap, " replay counter wrap%s\n"); - p32(esps_badenc, " packet%s dropped; bad encryption detected\n"); - p32(esps_badauth, " packet%s dropped; bad authentication detected\n"); - p32(esps_replay, " possible replay packet%s detected\n"); - p32(esps_input, " packet%s in\n"); - p32(esps_output, " packet%s out\n"); - p32(esps_invalid, " packet%s dropped; invalid TDB\n"); - p64(esps_ibytes, " byte%s in\n"); - p64(esps_obytes, " byte%s out\n"); - p32(esps_toobig, " packet%s dropped; larger than IP_MAXPACKET\n"); - p32(esps_pdrops, " packet%s blocked due to policy\n"); - p32(esps_crypto, " crypto processing failure%s\n"); - p32(esps_tunnel, " tunnel sanity check failure%s\n"); - hist(espstat->esps_hist, ipsec_espnames, "ESP output"); - + p32(hdrops, " packet%s shorter than header shows\n"); + p32(nopf, " packet%s dropped; protocol family not supported\n"); + p32(notdb, " packet%s dropped; no TDB\n"); + p32(badkcr, " packet%s dropped; bad KCR\n"); + p32(qfull, " packet%s dropped; queue full\n"); + p32(noxform, " packet%s dropped; no transform\n"); + p32(badilen, " packet%s dropped; bad ilen\n"); + p32(wrap, " replay counter wrap%s\n"); + p32(badenc, " packet%s dropped; bad encryption detected\n"); + p32(badauth, " packet%s dropped; bad authentication detected\n"); + p32(replay, " possible replay packet%s detected\n"); + p32(input, " packet%s in\n"); + p32(output, " packet%s out\n"); + p32(invalid, " packet%s dropped; invalid TDB\n"); + p64(ibytes, " byte%s in\n"); + p64(obytes, " byte%s out\n"); + p32(toobig, " packet%s dropped; larger than IP_MAXPACKET\n"); + p32(pdrops, " packet%s blocked due to policy\n"); + p32(crypto, " crypto processing failure%s\n"); + p32(tunnel, " tunnel sanity check failure%s\n"); + first = 1; + for (proto = 0; proto < NETSTAT_ESP_HIST_MAX; proto++) { + if (netstat_esps_get_hist(s, proto) == 0) + continue; + if (first != 0) { + printf("\tESP output histogram:\n"); + first = 0; + } + printf("\t\t%s: %u\n", netstat_ipsec_espname(proto), + netstat_esps_get_hist(s, proto)); + } #undef p32 #undef p64 #undef hist } -void -esp_stats(u_long off, const char *name, int family __unused, int proto __unused) -{ - struct espstat espstat; - - if (off == 0) - return; - printf ("%s:\n", name); - kread(off, (char *)&espstat, sizeof(espstat)); - - print_espstats(&espstat); -} - static void print_ipcompstats(const struct ipcompstat *ipcompstat) { @@ -460,5 +455,3 @@ print_ipcompstats(&ipcompstat); } - -#endif /*IPSEC*/ ==== //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/main.c#35 (text+ko) ==== @@ -109,11 +109,9 @@ { .n_name = "_rttrash" }, #define N_AHSTAT 15 { .n_name = "_ahstat" }, -#define N_ESPSTAT 16 - { .n_name = "_espstat" }, -#define N_IPCOMPSTAT 17 +#define N_IPCOMPSTAT 16 { .n_name = "_ipcompstat" }, -#define N_MFCTABLESIZE 18 +#define N_MFCTABLESIZE 17 { .n_name = "_mfctablesize" }, { .n_name = NULL }, }; @@ -154,8 +152,8 @@ ipsec_stats, NULL, "ipsec", 0, 0}, { -1, N_AHSTAT, 1, NULL, NULL, stat_MAX, ah_stats, NULL, "ah", 0, 0}, - { -1, N_ESPSTAT, 1, NULL, NULL, stat_MAX, - esp_stats, NULL, "esp", 0, 0}, + { -1, 0, 1, NULL, esp_stats, stat_ESP, + NULL, NULL, "esp", 0, 0}, { -1, N_IPCOMPSTAT, 1, NULL, NULL, stat_MAX, ipcomp_stats, NULL, "ipcomp", 0, 0}, #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907302205.n6UM5WrM039231>