PERFORCE change 166838 for review

Gabor Pali pgj at FreeBSD.org
Thu Jul 30 22:04:34 UTC 2009 

http://perforce.freebsd.org/chv.cgi?CH=166838

Change 166838 by pgj at petymeg-current on 2009/07/30 22:04:21

	Add support for ESP.

Affected files ...

.. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat.h#50 edit
.. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_internal.h#47 edit
.. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_stat.c#17 edit
.. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_util.c#55 edit

Differences ...

==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat.h#50 (text+ko) ====

@@ -34,6 +34,7 @@
 
 #ifdef IPSEC
 #include <netipsec/keysock.h>
+#include <netipsec/esp_var.h>
 #endif
 
 #define NETSTAT_MAXCALLER	    16
@@ -88,6 +89,8 @@
 #define	NETSTAT_PFKEY_IN_MSGTYPE_MAX	256
 #define NETSTAT_PFKEY_OUT_MSGTYPE_MAX	256
 
+/* ESP: */
+#define NETSTAT_ESP_HIST_MAX		ESP_ALG_MAX
 
 /* Enum for TCP states: */
 enum tcp_state {
@@ -152,6 +155,7 @@
     stat_pfsync,
 #ifdef IPSEC
     stat_pfkey,
+    stat_ESP,
 #endif
     stat_MAX,
     stat_Invalid,
@@ -203,6 +207,7 @@
 struct pfsync_stat;
 #ifdef IPSEC
 struct pfkey_stat;
+struct esp_stat;
 #endif
 
 __BEGIN_DECLS
@@ -944,5 +949,30 @@
 		enum pfkey_msgtarget);
 u_int64_t   netstat_pfkeys_get_in_nomem(const struct pfkey_stat *);
 u_int64_t   netstat_pfkeys_get_sockerr(const struct pfkey_stat *);
+
+const struct esp_stat	*netstat_get_espstats(const struct stat_type *);
+const char  *netstat_ipsec_espname(int);
+
+u_int32_t   netstat_esps_get_hdrops(const struct esp_stat *);
+u_int32_t   netstat_esps_get_nopf(const struct esp_stat *);
+u_int32_t   netstat_esps_get_notdb(const struct esp_stat *);
+u_int32_t   netstat_esps_get_badkcr(const struct esp_stat *);
+u_int32_t   netstat_esps_get_qfull(const struct esp_stat *);
+u_int32_t   netstat_esps_get_noxform(const struct esp_stat *);
+u_int32_t   netstat_esps_get_badilen(const struct esp_stat *);
+u_int32_t   netstat_esps_get_wrap(const struct esp_stat *);
+u_int32_t   netstat_esps_get_badenc(const struct esp_stat *);
+u_int32_t   netstat_esps_get_badauth(const struct esp_stat *);
+u_int32_t   netstat_esps_get_replay(const struct esp_stat *);
+u_int32_t   netstat_esps_get_input(const struct esp_stat *);
+u_int32_t   netstat_esps_get_output(const struct esp_stat *);
+u_int32_t   netstat_esps_get_invalid(const struct esp_stat *);
+u_int64_t   netstat_esps_get_ibytes(const struct esp_stat *);
+u_int64_t   netstat_esps_get_obytes(const struct esp_stat *);
+u_int32_t   netstat_esps_get_toobig(const struct esp_stat *);
+u_int32_t   netstat_esps_get_pdrops(const struct esp_stat *);
+u_int32_t   netstat_esps_get_crypto(const struct esp_stat *);
+u_int32_t   netstat_esps_get_tunnel(const struct esp_stat *);
+u_int32_t   netstat_esps_get_hist(const struct esp_stat *, int);
 #endif /* !IPSEC */
 #endif /* !_NETSTAT_H_ */

==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_internal.h#47 (text+ko) ====

@@ -67,6 +67,7 @@
 #include <net/if_pfsync.h>
 #ifdef IPSEC
 #include <netipsec/keysock.h>
+#include <netipsec/esp_var.h>
 #endif
 
 #include "netstat.h"
@@ -375,6 +376,10 @@
 struct pfkey_stat {
 	struct pfkeystat s;
 };
+
+struct esp_stat {
+	struct espstat s;
+};
 #endif
 
 /* Timestamp type. */
@@ -383,6 +388,11 @@
 	u_int32_t   ts_usec;
 };
 
+struct val2str {
+	int val;
+	const char *str;
+};
+
 int kread_data(kvm_t *kvm, u_long kvm_pointer, void *address, size_t size);
 int kread_string(kvm_t *kvm, u_long kvm_pointer, char *buffer, int buflen);
 
@@ -408,6 +418,7 @@
 struct bpf_type *_netstat_bpt_allocate(struct bpf_type_list *list,
 		    const char *ifname);
 
+const char  *resolve_val2str_name(int, const struct val2str *);
 /* XXX: merge these into a common address resolution routine. */
 const char	*routename(in_addr_t in, int numeric);
 const char	*netname(in_addr_t in, u_long mask, int numeric);

==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_stat.c#17 (text+ko) ====

@@ -88,6 +88,7 @@
 	{ PFSYNCSTAT_VERSION, "net.inet.pfsync.stats", "_pfsyncstats" },
 #ifdef IPSEC
 	{ PFKEYSTAT_VERSION, "net.key.stats", "_pfkeystat" },
+	{ ESPSTAT_VERSION, "net.inet.esp.stats", "_espstat" },
 #endif
 };
 

==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_util.c#55 (text+ko) ====

@@ -32,6 +32,7 @@
 #include <sys/protosw.h>
 #include <sys/domain.h>
 
+#include <net/pfkeyv2.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
@@ -1902,6 +1903,41 @@
 PFKEY_ACC(sockerr);
 #undef PFKEY_ACC
 #undef PFKEY_ACCA
+
+#define ESP_ACC(field) \
+    STATS_ACCX(u_int32_t,esp,field,esps_##field)
+
+#define ESP_ACC64(field) \
+    STATS_ACCX(u_int64_t,esp,field,esps_##field)
+
+#define ESP_ACCA(field,size) \
+    STATS_ACCXA(u_int32_t,esp,field,esps_##field,size)
+
+STATS_GET(esp,ESP);
+ESP_ACC(hdrops);
+ESP_ACC(nopf);
+ESP_ACC(notdb);
+ESP_ACC(badkcr);
+ESP_ACC(qfull);
+ESP_ACC(noxform);
+ESP_ACC(badilen);
+ESP_ACC(wrap);
+ESP_ACC(badenc);
+ESP_ACC(badauth);
+ESP_ACC(replay);
+ESP_ACC(input);
+ESP_ACC(output);
+ESP_ACC(invalid);
+ESP_ACC64(ibytes);
+ESP_ACC64(obytes);
+ESP_ACC(toobig);
+ESP_ACC(pdrops);
+ESP_ACC(crypto);
+ESP_ACC(tunnel);
+ESP_ACCA(hist,ESP_ALG_MAX);
+#undef ESP_ACC
+#undef ESP_ACC64
+#undef ESP_ACCA
 #endif /* !IPSEC */
 
 static	const char *icmpnames[ICMP_MAXTYPE + 1] = {
@@ -2247,6 +2283,46 @@
 	return buf;
 }
 
+static struct val2str ipsec_espnames[] = {
+	{ SADB_EALG_NONE, "none" },
+	{ SADB_EALG_DESCBC, "des-cbc" },
+	{ SADB_EALG_3DESCBC, "3des-cbc" },
+	{ SADB_EALG_NULL, "null" },
+	{ SADB_X_EALG_CAST128CBC, "cast128-cbc" },
+	{ SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc" },
+#ifdef SADB_X_EALG_RIJNDAELCBC
+	{ SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc" },
+#endif
+#ifdef SADB_X_EALG_AESCTR
+	{ SADB_X_EALG_AESCTR, "aes-ctr" },
+#endif
+	{ -1, NULL },
+};
+
+const char *
+resolve_val2str_name(int proto, const struct val2str *name)
+{
+	static char buf[20];
+	const struct val2str *p;
+
+	for (p = name; p && p->str; p++) {
+		if (p->val == proto)
+			break;
+	}
+
+	if (p != NULL && p->str != NULL)
+		return (p->str);
+
+	snprintf(buf, sizeof(buf), "#%lu", (unsigned long)proto);
+	return buf;
+}
+
+const char *
+netstat_ipsec_espname(int proto)
+{
+	return (resolve_val2str_name(proto, ipsec_espnames));
+}
+
 const char *
 routename(in_addr_t in, int numeric)
 {

More information about the p4-projects mailing list