PERFORCE change 166838 for review
Gabor Pali
pgj at FreeBSD.org
Thu Jul 30 22:04:34 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=166838
Change 166838 by pgj at petymeg-current on 2009/07/30 22:04:21
Add support for ESP.
Affected files ...
.. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat.h#50 edit
.. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_internal.h#47 edit
.. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_stat.c#17 edit
.. //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_util.c#55 edit
Differences ...
==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat.h#50 (text+ko) ====
@@ -34,6 +34,7 @@
#ifdef IPSEC
#include <netipsec/keysock.h>
+#include <netipsec/esp_var.h>
#endif
#define NETSTAT_MAXCALLER 16
@@ -88,6 +89,8 @@
#define NETSTAT_PFKEY_IN_MSGTYPE_MAX 256
#define NETSTAT_PFKEY_OUT_MSGTYPE_MAX 256
+/* ESP: */
+#define NETSTAT_ESP_HIST_MAX ESP_ALG_MAX
/* Enum for TCP states: */
enum tcp_state {
@@ -152,6 +155,7 @@
stat_pfsync,
#ifdef IPSEC
stat_pfkey,
+ stat_ESP,
#endif
stat_MAX,
stat_Invalid,
@@ -203,6 +207,7 @@
struct pfsync_stat;
#ifdef IPSEC
struct pfkey_stat;
+struct esp_stat;
#endif
__BEGIN_DECLS
@@ -944,5 +949,30 @@
enum pfkey_msgtarget);
u_int64_t netstat_pfkeys_get_in_nomem(const struct pfkey_stat *);
u_int64_t netstat_pfkeys_get_sockerr(const struct pfkey_stat *);
+
+const struct esp_stat *netstat_get_espstats(const struct stat_type *);
+const char *netstat_ipsec_espname(int);
+
+u_int32_t netstat_esps_get_hdrops(const struct esp_stat *);
+u_int32_t netstat_esps_get_nopf(const struct esp_stat *);
+u_int32_t netstat_esps_get_notdb(const struct esp_stat *);
+u_int32_t netstat_esps_get_badkcr(const struct esp_stat *);
+u_int32_t netstat_esps_get_qfull(const struct esp_stat *);
+u_int32_t netstat_esps_get_noxform(const struct esp_stat *);
+u_int32_t netstat_esps_get_badilen(const struct esp_stat *);
+u_int32_t netstat_esps_get_wrap(const struct esp_stat *);
+u_int32_t netstat_esps_get_badenc(const struct esp_stat *);
+u_int32_t netstat_esps_get_badauth(const struct esp_stat *);
+u_int32_t netstat_esps_get_replay(const struct esp_stat *);
+u_int32_t netstat_esps_get_input(const struct esp_stat *);
+u_int32_t netstat_esps_get_output(const struct esp_stat *);
+u_int32_t netstat_esps_get_invalid(const struct esp_stat *);
+u_int64_t netstat_esps_get_ibytes(const struct esp_stat *);
+u_int64_t netstat_esps_get_obytes(const struct esp_stat *);
+u_int32_t netstat_esps_get_toobig(const struct esp_stat *);
+u_int32_t netstat_esps_get_pdrops(const struct esp_stat *);
+u_int32_t netstat_esps_get_crypto(const struct esp_stat *);
+u_int32_t netstat_esps_get_tunnel(const struct esp_stat *);
+u_int32_t netstat_esps_get_hist(const struct esp_stat *, int);
#endif /* !IPSEC */
#endif /* !_NETSTAT_H_ */
==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_internal.h#47 (text+ko) ====
@@ -67,6 +67,7 @@
#include <net/if_pfsync.h>
#ifdef IPSEC
#include <netipsec/keysock.h>
+#include <netipsec/esp_var.h>
#endif
#include "netstat.h"
@@ -375,6 +376,10 @@
struct pfkey_stat {
struct pfkeystat s;
};
+
+struct esp_stat {
+ struct espstat s;
+};
#endif
/* Timestamp type. */
@@ -383,6 +388,11 @@
u_int32_t ts_usec;
};
+struct val2str {
+ int val;
+ const char *str;
+};
+
int kread_data(kvm_t *kvm, u_long kvm_pointer, void *address, size_t size);
int kread_string(kvm_t *kvm, u_long kvm_pointer, char *buffer, int buflen);
@@ -408,6 +418,7 @@
struct bpf_type *_netstat_bpt_allocate(struct bpf_type_list *list,
const char *ifname);
+const char *resolve_val2str_name(int, const struct val2str *);
/* XXX: merge these into a common address resolution routine. */
const char *routename(in_addr_t in, int numeric);
const char *netname(in_addr_t in, u_long mask, int numeric);
==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_stat.c#17 (text+ko) ====
@@ -88,6 +88,7 @@
{ PFSYNCSTAT_VERSION, "net.inet.pfsync.stats", "_pfsyncstats" },
#ifdef IPSEC
{ PFKEYSTAT_VERSION, "net.key.stats", "_pfkeystat" },
+ { ESPSTAT_VERSION, "net.inet.esp.stats", "_espstat" },
#endif
};
==== //depot/projects/soc2009/pgj_libstat/src/lib/libnetstat/netstat_util.c#55 (text+ko) ====
@@ -32,6 +32,7 @@
#include <sys/protosw.h>
#include <sys/domain.h>
+#include <net/pfkeyv2.h>
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -1902,6 +1903,41 @@
PFKEY_ACC(sockerr);
#undef PFKEY_ACC
#undef PFKEY_ACCA
+
+#define ESP_ACC(field) \
+ STATS_ACCX(u_int32_t,esp,field,esps_##field)
+
+#define ESP_ACC64(field) \
+ STATS_ACCX(u_int64_t,esp,field,esps_##field)
+
+#define ESP_ACCA(field,size) \
+ STATS_ACCXA(u_int32_t,esp,field,esps_##field,size)
+
+STATS_GET(esp,ESP);
+ESP_ACC(hdrops);
+ESP_ACC(nopf);
+ESP_ACC(notdb);
+ESP_ACC(badkcr);
+ESP_ACC(qfull);
+ESP_ACC(noxform);
+ESP_ACC(badilen);
+ESP_ACC(wrap);
+ESP_ACC(badenc);
+ESP_ACC(badauth);
+ESP_ACC(replay);
+ESP_ACC(input);
+ESP_ACC(output);
+ESP_ACC(invalid);
+ESP_ACC64(ibytes);
+ESP_ACC64(obytes);
+ESP_ACC(toobig);
+ESP_ACC(pdrops);
+ESP_ACC(crypto);
+ESP_ACC(tunnel);
+ESP_ACCA(hist,ESP_ALG_MAX);
+#undef ESP_ACC
+#undef ESP_ACC64
+#undef ESP_ACCA
#endif /* !IPSEC */
static const char *icmpnames[ICMP_MAXTYPE + 1] = {
@@ -2247,6 +2283,46 @@
return buf;
}
+static struct val2str ipsec_espnames[] = {
+ { SADB_EALG_NONE, "none" },
+ { SADB_EALG_DESCBC, "des-cbc" },
+ { SADB_EALG_3DESCBC, "3des-cbc" },
+ { SADB_EALG_NULL, "null" },
+ { SADB_X_EALG_CAST128CBC, "cast128-cbc" },
+ { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc" },
+#ifdef SADB_X_EALG_RIJNDAELCBC
+ { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc" },
+#endif
+#ifdef SADB_X_EALG_AESCTR
+ { SADB_X_EALG_AESCTR, "aes-ctr" },
+#endif
+ { -1, NULL },
+};
+
+const char *
+resolve_val2str_name(int proto, const struct val2str *name)
+{
+ static char buf[20];
+ const struct val2str *p;
+
+ for (p = name; p && p->str; p++) {
+ if (p->val == proto)
+ break;
+ }
+
+ if (p != NULL && p->str != NULL)
+ return (p->str);
+
+ snprintf(buf, sizeof(buf), "#%lu", (unsigned long)proto);
+ return buf;
+}
+
+const char *
+netstat_ipsec_espname(int proto)
+{
+ return (resolve_val2str_name(proto, ipsec_espnames));
+}
+
const char *
routename(in_addr_t in, int numeric)
{
More information about the p4-projects
mailing list