Changeset View
Changeset View
Standalone View
Standalone View
head/tools/tools/crypto/ipsecstats.c
Show All 19 Lines | |||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
* SUCH DAMAGE. | * SUCH DAMAGE. | ||||
* | * | ||||
* $FreeBSD$ | * $FreeBSD$ | ||||
*/ | */ | ||||
#include <sys/types.h> | |||||
#include <sys/param.h> | |||||
#include <sys/sysctl.h> | |||||
#include <netipsec/ipsec.h> | #include <netipsec/ipsec.h> | ||||
#include <netipsec/ah_var.h> | #include <netipsec/ah_var.h> | ||||
#include <netipsec/esp_var.h> | #include <netipsec/esp_var.h> | ||||
#include <err.h> | |||||
#include <stdint.h> | #include <stdint.h> | ||||
#include <stdio.h> | #include <stdio.h> | ||||
struct alg { | struct alg { | ||||
int a; | int a; | ||||
const char *name; | const char *name; | ||||
}; | }; | ||||
static const struct alg aalgs[] = { | static const struct alg aalgs[] = { | ||||
Show All 17 Lines | static const struct alg espalgs[] = { | ||||
{ SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", }, | { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", }, | ||||
}; | }; | ||||
static const struct alg ipcompalgs[] = { | static const struct alg ipcompalgs[] = { | ||||
{ SADB_X_CALG_NONE, "none", }, | { SADB_X_CALG_NONE, "none", }, | ||||
{ SADB_X_CALG_OUI, "oui", }, | { SADB_X_CALG_OUI, "oui", }, | ||||
{ SADB_X_CALG_DEFLATE, "deflate", }, | { SADB_X_CALG_DEFLATE, "deflate", }, | ||||
{ SADB_X_CALG_LZS, "lzs", }, | { SADB_X_CALG_LZS, "lzs", }, | ||||
}; | }; | ||||
#define N(a) (sizeof(a)/sizeof(a[0])) | |||||
static const char* | static const char* | ||||
algname(int a, const struct alg algs[], int nalgs) | algname(int a, const struct alg algs[], int nalgs) | ||||
{ | { | ||||
static char buf[80]; | static char buf[80]; | ||||
int i; | int i; | ||||
for (i = 0; i < nalgs; i++) | for (i = 0; i < nalgs; i++) | ||||
Show All 12 Lines | |||||
#define STAT(x,fmt) if (x) printf(fmt "\n", (uintmax_t)x) | #define STAT(x,fmt) if (x) printf(fmt "\n", (uintmax_t)x) | ||||
struct ipsecstat ips; | struct ipsecstat ips; | ||||
struct ahstat ahs; | struct ahstat ahs; | ||||
struct espstat esps; | struct espstat esps; | ||||
size_t slen; | size_t slen; | ||||
int i; | int i; | ||||
slen = sizeof (ips); | slen = sizeof (ips); | ||||
if (sysctlbyname("net.inet.ipsec.ipsecstats", &ips, &slen, NULL, NULL) < 0) | if (sysctlbyname("net.inet.ipsec.ipsecstats", &ips, &slen, NULL, 0) < 0) | ||||
err(1, "net.inet.ipsec.ipsecstats"); | err(1, "net.inet.ipsec.ipsecstats"); | ||||
slen = sizeof (ahs); | slen = sizeof (ahs); | ||||
if (sysctlbyname("net.inet.ah.stats", &ahs, &slen, NULL, NULL) < 0) | if (sysctlbyname("net.inet.ah.stats", &ahs, &slen, NULL, 0) < 0) | ||||
err(1, "net.inet.ah.stats"); | err(1, "net.inet.ah.stats"); | ||||
slen = sizeof (esps); | slen = sizeof (esps); | ||||
if (sysctlbyname("net.inet.esp.stats", &esps, &slen, NULL, NULL) < 0) | if (sysctlbyname("net.inet.esp.stats", &esps, &slen, NULL, 0) < 0) | ||||
err(1, "net.inet.esp.stats"); | err(1, "net.inet.esp.stats"); | ||||
#define AHSTAT(x,fmt) if (x) printf("ah " fmt ": %ju\n", (uintmax_t)x) | #define AHSTAT(x,fmt) if (x) printf("ah " fmt ": %ju\n", (uintmax_t)x) | ||||
AHSTAT(ahs.ahs_input, "input packets processed"); | AHSTAT(ahs.ahs_input, "input packets processed"); | ||||
AHSTAT(ahs.ahs_output, "output packets processed"); | AHSTAT(ahs.ahs_output, "output packets processed"); | ||||
AHSTAT(ahs.ahs_hdrops, "headers too short"); | AHSTAT(ahs.ahs_hdrops, "headers too short"); | ||||
AHSTAT(ahs.ahs_nopf, "headers for unsupported address family"); | AHSTAT(ahs.ahs_nopf, "headers for unsupported address family"); | ||||
AHSTAT(ahs.ahs_notdb, "packets with no SA"); | AHSTAT(ahs.ahs_notdb, "packets with no SA"); | ||||
AHSTAT(ahs.ahs_badkcr, "packets with bad kcr"); | AHSTAT(ahs.ahs_badkcr, "packets with bad kcr"); | ||||
AHSTAT(ahs.ahs_badauth, "packets with bad authentication"); | AHSTAT(ahs.ahs_badauth, "packets with bad authentication"); | ||||
AHSTAT(ahs.ahs_noxform, "packets with no xform"); | AHSTAT(ahs.ahs_noxform, "packets with no xform"); | ||||
AHSTAT(ahs.ahs_qfull, "packets dropped packet 'cuz queue full"); | AHSTAT(ahs.ahs_qfull, "packets dropped packet 'cuz queue full"); | ||||
AHSTAT(ahs.ahs_wrap, "packets dropped for replace counter wrap"); | AHSTAT(ahs.ahs_wrap, "packets dropped for replace counter wrap"); | ||||
AHSTAT(ahs.ahs_replay, "packets dropped for possible replay"); | AHSTAT(ahs.ahs_replay, "packets dropped for possible replay"); | ||||
AHSTAT(ahs.ahs_badauthl, "packets dropped for bad authenticator length"); | AHSTAT(ahs.ahs_badauthl, "packets dropped for bad authenticator length"); | ||||
AHSTAT(ahs.ahs_invalid, "packets with an invalid SA"); | AHSTAT(ahs.ahs_invalid, "packets with an invalid SA"); | ||||
AHSTAT(ahs.ahs_toobig, "packets too big"); | AHSTAT(ahs.ahs_toobig, "packets too big"); | ||||
AHSTAT(ahs.ahs_pdrops, "packets dropped due to policy"); | AHSTAT(ahs.ahs_pdrops, "packets dropped due to policy"); | ||||
AHSTAT(ahs.ahs_crypto, "failed crypto requests"); | AHSTAT(ahs.ahs_crypto, "failed crypto requests"); | ||||
AHSTAT(ahs.ahs_tunnel, "tunnel sanity check failures"); | AHSTAT(ahs.ahs_tunnel, "tunnel sanity check failures"); | ||||
for (i = 0; i < AH_ALG_MAX; i++) | for (i = 0; i < AH_ALG_MAX; i++) | ||||
if (ahs.ahs_hist[i]) | if (ahs.ahs_hist[i]) | ||||
printf("ah packets with %s: %ju\n" | printf("ah packets with %s: %ju\n" | ||||
, algname(i, aalgs, N(aalgs)) | , algname(i, aalgs, nitems(aalgs)) | ||||
, (uintmax_t)ahs.ahs_hist[i] | , (uintmax_t)ahs.ahs_hist[i] | ||||
); | ); | ||||
AHSTAT(ahs.ahs_ibytes, "bytes received"); | AHSTAT(ahs.ahs_ibytes, "bytes received"); | ||||
AHSTAT(ahs.ahs_obytes, "bytes transmitted"); | AHSTAT(ahs.ahs_obytes, "bytes transmitted"); | ||||
#undef AHSTAT | #undef AHSTAT | ||||
#define ESPSTAT(x,fmt) if (x) printf("esp " fmt ": %ju\n", (uintmax_t)x) | #define ESPSTAT(x,fmt) if (x) printf("esp " fmt ": %ju\n", (uintmax_t)x) | ||||
ESPSTAT(esps.esps_input, "input packets processed"); | ESPSTAT(esps.esps_input, "input packets processed"); | ||||
Show All 12 Lines | #define ESPSTAT(x,fmt) if (x) printf("esp " fmt ": %ju\n", (uintmax_t)x) | ||||
ESPSTAT(esps.esps_invalid, "packets with an invalid SA"); | ESPSTAT(esps.esps_invalid, "packets with an invalid SA"); | ||||
ESPSTAT(esps.esps_toobig, "packets too big"); | ESPSTAT(esps.esps_toobig, "packets too big"); | ||||
ESPSTAT(esps.esps_pdrops, "packets dropped due to policy"); | ESPSTAT(esps.esps_pdrops, "packets dropped due to policy"); | ||||
ESPSTAT(esps.esps_crypto, "failed crypto requests"); | ESPSTAT(esps.esps_crypto, "failed crypto requests"); | ||||
ESPSTAT(esps.esps_tunnel, "tunnel sanity check failures"); | ESPSTAT(esps.esps_tunnel, "tunnel sanity check failures"); | ||||
for (i = 0; i < ESP_ALG_MAX; i++) | for (i = 0; i < ESP_ALG_MAX; i++) | ||||
if (esps.esps_hist[i]) | if (esps.esps_hist[i]) | ||||
printf("esp packets with %s: %ju\n" | printf("esp packets with %s: %ju\n" | ||||
, algname(i, espalgs, N(espalgs)) | , algname(i, espalgs, nitems(espalgs)) | ||||
, (uintmax_t)esps.esps_hist[i] | , (uintmax_t)esps.esps_hist[i] | ||||
); | ); | ||||
ESPSTAT(esps.esps_ibytes, "bytes received"); | ESPSTAT(esps.esps_ibytes, "bytes received"); | ||||
ESPSTAT(esps.esps_obytes, "bytes transmitted"); | ESPSTAT(esps.esps_obytes, "bytes transmitted"); | ||||
#undef ESPSTAT | #undef ESPSTAT | ||||
printf("\n"); | printf("\n"); | ||||
if (ips.ips_in_polvio+ips.ips_out_polvio) | if (ips.ips_in_polvio+ips.ips_out_polvio) | ||||
Show All 17 Lines |