freebsd-nq/usr.bin/netstat/pfkey.c

184 lines
6.8 KiB
C
Raw Normal View History

/* $FreeBSD$ */
/* $NetBSD: inet.c,v 1.35.2.1 1999/04/29 14:57:08 perry Exp $ */
/* $KAME: ipsec.c,v 1.25 2001/03/12 09:04:39 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Copyright (c) 1983, 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
#ifndef lint
/*
static char sccsid[] = "@(#)inet.c 8.5 (Berkeley) 5/24/95";
*/
static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
#include <sys/param.h>
#include <sys/queue.h>
#include <sys/socket.h>
Restore netstat -M functionality for most statistics on core dumps. In general, when support was added to netstat for fetching data using sysctl, no provision was left for fetching equivalent data from a core dump, and in fact, netstat would _always_ fetch data from the live kernel using sysctl even when -M was specified resulting in the user believing they were getting data from coredumps when they actually weren't. Some specific changes: - Add a global 'live' variable that is true if netstat is running against the live kernel and false if -M has been specified. - Stop abusing the sysctl flag in the protocol tables to hold the protocol number. Instead, the protocol is now its own field in the tables, and it is passed as a separate parameter to the PCB and stat routines rather than overloading the KVM offset parameter. - Don't run PCB or stats functions who don't have a namelist offset if we are being run against a crash dump (!live). - For the inet and unix PCB routines, we generate the same buffer from KVM that the sysctl usually generates complete with the header and trailer. - Don't run bpf stats for !live (before it would just silently always run live). - kread() no longer trashes memory when opening the buffer if there is an error on open and the passed in buffer is smaller than _POSIX2_LINE_MAX. - The multicast routing code doesn't fallback to kvm on live kernels if the sysctl fails. Keeping this made the code rather hairy, and netstat is already tied to the kernel ABI anyway (even when using sysctl's since things like xinpcb contain an inpcb) so any kernels this is run against that have the multicast routing stuff should have the sysctls. - Don't try to dig around in the kernel linker in the netgraph PCB routine for core dumps. Other notes: - sctp's PCB routine only works on live kernels, it looked rather complicated to generate all the same stuff via KVM. Someone can always add it later if desired though. - Fix the ipsec removal bug where N_xxx for IPSEC stats weren't renumbered. - Use sysctlbyname() everywhere rather than hardcoded mib values. MFC after: 1 week Approved by: re (rwatson)
2007-07-16 17:15:55 +00:00
#include <sys/socketvar.h>
#include <netinet/in.h>
#ifdef IPSEC
#include <netipsec/keysock.h>
#endif
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include "netstat.h"
#ifdef IPSEC
static const char *pfkey_msgtypenames[] = {
"reserved", "getspi", "update", "add", "delete",
"get", "acquire", "register", "expire", "flush",
"dump", "x_promisc", "x_pchange", "x_spdupdate", "x_spdadd",
"x_spddelete", "x_spdget", "x_spdacquire", "x_spddump", "x_spdflush",
"x_spdsetidx", "x_spdexpire", "x_spddelete2"
};
static const char *pfkey_msgtype_names (int);
static const char *
pfkey_msgtype_names(int x)
{
const int max =
sizeof(pfkey_msgtypenames)/sizeof(pfkey_msgtypenames[0]);
static char buf[20];
if (x < max && pfkey_msgtypenames[x])
return pfkey_msgtypenames[x];
snprintf(buf, sizeof(buf), "#%d", x);
return buf;
}
void
Restore netstat -M functionality for most statistics on core dumps. In general, when support was added to netstat for fetching data using sysctl, no provision was left for fetching equivalent data from a core dump, and in fact, netstat would _always_ fetch data from the live kernel using sysctl even when -M was specified resulting in the user believing they were getting data from coredumps when they actually weren't. Some specific changes: - Add a global 'live' variable that is true if netstat is running against the live kernel and false if -M has been specified. - Stop abusing the sysctl flag in the protocol tables to hold the protocol number. Instead, the protocol is now its own field in the tables, and it is passed as a separate parameter to the PCB and stat routines rather than overloading the KVM offset parameter. - Don't run PCB or stats functions who don't have a namelist offset if we are being run against a crash dump (!live). - For the inet and unix PCB routines, we generate the same buffer from KVM that the sysctl usually generates complete with the header and trailer. - Don't run bpf stats for !live (before it would just silently always run live). - kread() no longer trashes memory when opening the buffer if there is an error on open and the passed in buffer is smaller than _POSIX2_LINE_MAX. - The multicast routing code doesn't fallback to kvm on live kernels if the sysctl fails. Keeping this made the code rather hairy, and netstat is already tied to the kernel ABI anyway (even when using sysctl's since things like xinpcb contain an inpcb) so any kernels this is run against that have the multicast routing stuff should have the sysctls. - Don't try to dig around in the kernel linker in the netgraph PCB routine for core dumps. Other notes: - sctp's PCB routine only works on live kernels, it looked rather complicated to generate all the same stuff via KVM. Someone can always add it later if desired though. - Fix the ipsec removal bug where N_xxx for IPSEC stats weren't renumbered. - Use sysctlbyname() everywhere rather than hardcoded mib values. MFC after: 1 week Approved by: re (rwatson)
2007-07-16 17:15:55 +00:00
pfkey_stats(u_long off, const char *name, int family __unused,
int proto __unused)
{
struct pfkeystat pfkeystat;
unsigned first, type;
if (off == 0)
return;
printf ("%s:\n", name);
kread(off, (char *)&pfkeystat, sizeof(pfkeystat));
#define p(f, m) if (pfkeystat.f || sflag <= 1) \
printf(m, (uintmax_t)pfkeystat.f, plural(pfkeystat.f))
/* userland -> kernel */
p(out_total, "\t%ju request%s sent from userland\n");
p(out_bytes, "\t%ju byte%s sent from userland\n");
for (first = 1, type = 0;
type < sizeof(pfkeystat.out_msgtype)/sizeof(pfkeystat.out_msgtype[0]);
type++) {
if (pfkeystat.out_msgtype[type] <= 0)
continue;
if (first) {
printf("\thistogram by message type:\n");
first = 0;
}
printf("\t\t%s: %ju\n", pfkey_msgtype_names(type),
(uintmax_t)pfkeystat.out_msgtype[type]);
}
p(out_invlen, "\t%ju message%s with invalid length field\n");
p(out_invver, "\t%ju message%s with invalid version field\n");
p(out_invmsgtype, "\t%ju message%s with invalid message type field\n");
p(out_tooshort, "\t%ju message%s too short\n");
p(out_nomem, "\t%ju message%s with memory allocation failure\n");
p(out_dupext, "\t%ju message%s with duplicate extension\n");
p(out_invexttype, "\t%ju message%s with invalid extension type\n");
p(out_invsatype, "\t%ju message%s with invalid sa type\n");
p(out_invaddr, "\t%ju message%s with invalid address extension\n");
/* kernel -> userland */
p(in_total, "\t%ju request%s sent to userland\n");
p(in_bytes, "\t%ju byte%s sent to userland\n");
for (first = 1, type = 0;
type < sizeof(pfkeystat.in_msgtype)/sizeof(pfkeystat.in_msgtype[0]);
type++) {
if (pfkeystat.in_msgtype[type] <= 0)
continue;
if (first) {
printf("\thistogram by message type:\n");
first = 0;
}
printf("\t\t%s: %ju\n", pfkey_msgtype_names(type),
(uintmax_t)pfkeystat.in_msgtype[type]);
}
p(in_msgtarget[KEY_SENDUP_ONE],
"\t%ju message%s toward single socket\n");
p(in_msgtarget[KEY_SENDUP_ALL],
"\t%ju message%s toward all sockets\n");
p(in_msgtarget[KEY_SENDUP_REGISTERED],
"\t%ju message%s toward registered sockets\n");
p(in_nomem, "\t%ju message%s with memory allocation failure\n");
#undef p
}
#endif /* IPSEC */