PERFORCE change 166839 for review
Gabor Pali
pgj at FreeBSD.org
Thu Jul 30 22:05:34 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=166839
Change 166839 by pgj at petymeg-current on 2009/07/30 22:05:28
Modify netstat(1) to call libnetstat(3) functions for displaying
ESP statistics.
Affected files ...
.. //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/Makefile#5 edit
.. //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/extern.h#27 edit
.. //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/ipsec.c#3 edit
.. //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/main.c#35 edit
Differences ...
==== //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/Makefile#5 (text+ko) ====
@@ -5,13 +5,13 @@
PROG= netstat
SRCS= if.c inet.c main.c mbuf.c mroute.c route.c \
- unix.c atalk.c mroute6.c ipsec.c bpf.c sctp.c
+ unix.c atalk.c mroute6.c bpf.c sctp.c
WARNS?= 3
CFLAGS+=-fno-strict-aliasing
CFLAGS+=-DIPSEC
-SRCS+= pfkey.c
+SRCS+= pfkey.c ipsec.c
CFLAGS+=-DSCTP
==== //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/extern.h#27 (text+ko) ====
@@ -88,7 +88,7 @@
void pfsync_stats(const struct stat_type *);
#ifdef IPSEC
void ipsec_stats(u_long, const char *, int, int);
-void esp_stats(u_long, const char *, int, int);
+void esp_stats(const struct stat_type *);
void ah_stats(u_long, const char *, int, int);
void ipcomp_stats(u_long, const char *, int, int);
void pfkey_stats(const struct stat_type *);
==== //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/ipsec.c#3 (text+ko) ====
@@ -101,21 +101,18 @@
#include <sys/socketvar.h>
#include <netinet/in.h>
-
-#ifdef IPSEC
#include <netipsec/ipsec.h>
#include <netipsec/ah_var.h>
#include <netipsec/esp_var.h>
#include <netipsec/ipcomp_var.h>
-#endif
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
+#include <netstat.h>
#include "extern.h"
-#ifdef IPSEC
struct val2str {
int val;
const char *str;
@@ -281,7 +278,6 @@
static void ipsec_hist_new(const u_int32_t *hist, size_t histmax,
const struct val2str *name, const char *title);
static void print_ahstats(const struct ahstat *ahstat);
-static void print_espstats(const struct espstat *espstat);
static void print_ipcompstats(const struct ipcompstat *ipcompstat);
/*
@@ -365,56 +361,55 @@
print_ahstats(&ahstat);
}
-static void
-print_espstats(const struct espstat *espstat)
+void
+esp_stats(const struct stat_type *sttp)
{
-#define p32(f, m) if (espstat->f || sflag <= 1) \
- printf("\t%u" m, (unsigned int)espstat->f, plural(espstat->f))
-#define p64(f, m) if (espstat->f || sflag <= 1) \
- printf("\t%ju" m, (uintmax_t)espstat->f, plural(espstat->f))
+ const struct esp_stat *s;
+ int first, proto;
+
+ s = netstat_get_espstats(sttp);
+#define p32(f, m) if (netstat_esps_get_##f(s) || sflag <= 1) \
+ printf("\t%u" m, netstat_esps_get_##f(s), plural(netstat_esps_get_##f(s)))
+#define p64(f, m) if (netstat_esps_get_##f(s) || sflag <= 1) \
+ printf("\t%ju" m, netstat_esps_get_##f(s), plural(netstat_esps_get_##f(s)))
#define hist(f, n, t) \
ipsec_hist_new((f), sizeof(f)/sizeof(f[0]), (n), (t));
-
- p32(esps_hdrops, " packet%s shorter than header shows\n");
- p32(esps_nopf, " packet%s dropped; protocol family not supported\n");
- p32(esps_notdb, " packet%s dropped; no TDB\n");
- p32(esps_badkcr, " packet%s dropped; bad KCR\n");
- p32(esps_qfull, " packet%s dropped; queue full\n");
- p32(esps_noxform, " packet%s dropped; no transform\n");
- p32(esps_badilen, " packet%s dropped; bad ilen\n");
- p32(esps_wrap, " replay counter wrap%s\n");
- p32(esps_badenc, " packet%s dropped; bad encryption detected\n");
- p32(esps_badauth, " packet%s dropped; bad authentication detected\n");
- p32(esps_replay, " possible replay packet%s detected\n");
- p32(esps_input, " packet%s in\n");
- p32(esps_output, " packet%s out\n");
- p32(esps_invalid, " packet%s dropped; invalid TDB\n");
- p64(esps_ibytes, " byte%s in\n");
- p64(esps_obytes, " byte%s out\n");
- p32(esps_toobig, " packet%s dropped; larger than IP_MAXPACKET\n");
- p32(esps_pdrops, " packet%s blocked due to policy\n");
- p32(esps_crypto, " crypto processing failure%s\n");
- p32(esps_tunnel, " tunnel sanity check failure%s\n");
- hist(espstat->esps_hist, ipsec_espnames, "ESP output");
-
+ p32(hdrops, " packet%s shorter than header shows\n");
+ p32(nopf, " packet%s dropped; protocol family not supported\n");
+ p32(notdb, " packet%s dropped; no TDB\n");
+ p32(badkcr, " packet%s dropped; bad KCR\n");
+ p32(qfull, " packet%s dropped; queue full\n");
+ p32(noxform, " packet%s dropped; no transform\n");
+ p32(badilen, " packet%s dropped; bad ilen\n");
+ p32(wrap, " replay counter wrap%s\n");
+ p32(badenc, " packet%s dropped; bad encryption detected\n");
+ p32(badauth, " packet%s dropped; bad authentication detected\n");
+ p32(replay, " possible replay packet%s detected\n");
+ p32(input, " packet%s in\n");
+ p32(output, " packet%s out\n");
+ p32(invalid, " packet%s dropped; invalid TDB\n");
+ p64(ibytes, " byte%s in\n");
+ p64(obytes, " byte%s out\n");
+ p32(toobig, " packet%s dropped; larger than IP_MAXPACKET\n");
+ p32(pdrops, " packet%s blocked due to policy\n");
+ p32(crypto, " crypto processing failure%s\n");
+ p32(tunnel, " tunnel sanity check failure%s\n");
+ first = 1;
+ for (proto = 0; proto < NETSTAT_ESP_HIST_MAX; proto++) {
+ if (netstat_esps_get_hist(s, proto) == 0)
+ continue;
+ if (first != 0) {
+ printf("\tESP output histogram:\n");
+ first = 0;
+ }
+ printf("\t\t%s: %u\n", netstat_ipsec_espname(proto),
+ netstat_esps_get_hist(s, proto));
+ }
#undef p32
#undef p64
#undef hist
}
-void
-esp_stats(u_long off, const char *name, int family __unused, int proto __unused)
-{
- struct espstat espstat;
-
- if (off == 0)
- return;
- printf ("%s:\n", name);
- kread(off, (char *)&espstat, sizeof(espstat));
-
- print_espstats(&espstat);
-}
-
static void
print_ipcompstats(const struct ipcompstat *ipcompstat)
{
@@ -460,5 +455,3 @@
print_ipcompstats(&ipcompstat);
}
-
-#endif /*IPSEC*/
==== //depot/projects/soc2009/pgj_libstat/src/usr.bin/netstat/main.c#35 (text+ko) ====
@@ -109,11 +109,9 @@
{ .n_name = "_rttrash" },
#define N_AHSTAT 15
{ .n_name = "_ahstat" },
-#define N_ESPSTAT 16
- { .n_name = "_espstat" },
-#define N_IPCOMPSTAT 17
+#define N_IPCOMPSTAT 16
{ .n_name = "_ipcompstat" },
-#define N_MFCTABLESIZE 18
+#define N_MFCTABLESIZE 17
{ .n_name = "_mfctablesize" },
{ .n_name = NULL },
};
@@ -154,8 +152,8 @@
ipsec_stats, NULL, "ipsec", 0, 0},
{ -1, N_AHSTAT, 1, NULL, NULL, stat_MAX,
ah_stats, NULL, "ah", 0, 0},
- { -1, N_ESPSTAT, 1, NULL, NULL, stat_MAX,
- esp_stats, NULL, "esp", 0, 0},
+ { -1, 0, 1, NULL, esp_stats, stat_ESP,
+ NULL, NULL, "esp", 0, 0},
{ -1, N_IPCOMPSTAT, 1, NULL, NULL, stat_MAX,
ipcomp_stats, NULL, "ipcomp", 0, 0},
#endif
More information about the p4-projects
mailing list