Commit Graph

61 Commits

Author SHA1 Message Date
markj
a67fb46cc5 icmp6: Count packets dropped due to an invalid hop limit
Pad the icmp6stat structure so that we can add more counters in the
future without breaking compatibility again, last done in r358620.
Annotate the rarely executed error paths with __predict_false while
here.

Reviewed by:	bz, melifaro
Sponsored by:	NetApp, Inc.
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D26578
2020-10-19 17:07:19 +00:00
bz
de9f739c2b Add new ICMPv6 counters for Anti-DoS limits.
Add four new counters for ND6 related Anti-DoS measures.
We split these out into a separate upfront commit so that we only
change the struct size one time.  Implementations using them will
follow.

PR:		157410
Reviewed by:	melifaro
MFC after:	2 weeks
X-MFC:		cannot really MFC this without breaking netstat
Sponsored by:	Netflix (initially)
Differential Revision:	https://reviews.freebsd.org/D22711
2020-03-04 16:20:59 +00:00
bz
9a01cf0376 IPv6 cleanup: netstat
Rename the variable for the in6_addr from in6p to ia6 to follow the
convention generally used in FreeBSD.

No functional changes.

MFC after:		3 months
Sponsored by:		Netflix
2019-08-01 20:36:25 +00:00
thj
56e95f6462 Add stat counter for ipv6 atomic fragments
Add a stat counter to track ipv6 atomic fragments. Atomic fragments can be
generated in response to invalid path MTU values, but are also a potential
attack vector and considered harmful (see RFC6946 and RFC8021).

While here add tracking of the atomic fragment counter to netstat and systat.

Reviewed by:    tuexen, jtl, bz
Approved by:    jtl (mentor), bz (mentor)
Event:  Aberdeen hackathon 2019
Differential Revision:  https://reviews.freebsd.org/D17511
2019-04-19 17:06:43 +00:00
pfg
872b698bd4 General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:49:47 +00:00
asomers
bf46da77c5 usr.bin/netstat: strcpy -> strlcpy
Reported by:	Coverity
CID:		1006741, 1006744
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-04-07 15:15:10 +00:00
imp
7e6cabd06e Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
ume
0682ff789a When displaying netstat details with libxo in JSON
or XML modes, the value conversion for tcp6 and udp6
port numbers drops last digit.

PR:		215682
MFC after:	3 days
2017-01-05 11:44:27 +00:00
delphij
1b12c4f0ad Use strlcpy and snprintf in netstat(1).
Expand inet6name() line buffer to NI_MAXHOST and use strlcpy/snprintf
in various places.

Reported by:	Anton Yuzhaninov <citrin citrin ru>
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D8916
2017-01-05 09:23:54 +00:00
tuexen
615d47e6cd Fix the output for scope statistics.
MFC after: 3 days
2016-08-17 16:56:20 +00:00
tuexen
697fdb532f Use names for SCTP and UDPLite when reporting the input histogram.
MFC after: 3 days
2016-08-17 14:44:47 +00:00
markj
65d9a559eb Use a common subroutine to fetch and zero protocol stats instead of
duplicating roughly similar code for each protocol.

MFC after:	2 weeks
2015-09-11 04:37:01 +00:00
hrs
df2a89db2b - Add -W flag support for network column in intpr() (-i flag) and
routepr() (-r flag).  It is too narrow to show an IPv6 prefix
  in most cases.

- Accept "local" as a synonym of "unix" in protocol family name.

- Show a prefix length in CIDR notation when name resolution failed in
  netname().

- Make routename() and netname() AF-independent and remove
  unnecessary typecasting from struct sockaddr.

- Use getnameinfo(3) to format L2 addr in intpr().

- Fix a bug which showed "Address" when -A flag is specfied in pr_rthdr().

- Replace cryptic GETSA() macro with SA_SIZE().

- Fix declarations shadowing local variables with the same names.

- Add more static, remove unused header files and variables.

MFC after:	1 week
2015-09-01 08:42:04 +00:00
glebius
78d51c7b15 Stop including if_var.h from userland.
Sponsored by:	Nginx, Inc.
2015-04-06 09:42:23 +00:00
marcel
0ea1b83e37 Convert netstat to use libxo.
Obtained from:  Phil Shafer <phil@juniper.net>
Ported to -current by: alfred@ (mostly), Kim Shrier
Formatting: marcel@
Sponsored by:   Juniper Networks, Inc.
2015-02-21 23:47:20 +00:00
ae
7d73ba1804 Add the ability to set `prefer_source' flag to an IPv6 address.
It affects the IPv6 source address selection algorithm (RFC 6724)
and allows override the last rule ("longest matching prefix") for
choosing among equivalent addresses. The address with `prefer_source'
will be preferred source address.

Obtained from:	Yandex LLC
MFC after:	1 month
Sponsored by:	Yandex LLC
2014-09-09 10:52:50 +00:00
ae
6526887307 Add the reverse part to rule #9. Also change its description in the
netstat(8) output.

MFC after:	1 week
2014-09-01 09:30:34 +00:00
markj
ac07a3a377 Suppress warnings when retrieving protocol stats from interfaces that
don't support IPv6 (e.g. pflog(4)).

Reviewed by:	hrs
MFC after:	2 weeks
2014-08-22 19:23:38 +00:00
hrs
17f8b7cb0b - Use getnameinfo(3) instead of gethostbyaddr(3) or inet_ntop(3).
- Fill sin6_scope_id from in6p.sin6_addr.s6_addr[2].  struct inpcb has
  struct in6_addr for the endpoint addresses, so sin6_scope_id must be filled.
2013-08-17 17:23:42 +00:00
ae
e5b002a3b8 Migrate structs ip6stat, icmp6stat and rip6stat to PCPU counters. 2013-07-09 09:54:54 +00:00
ae
7d578335bd Replace hardcoded numbers. Also use interface-local scope name instead
of node-local.
2013-04-16 11:25:45 +00:00
charnier
8f92a0e983 WARNS=6 compliance 2013-02-19 13:17:16 +00:00
ed
e7e5b53bf1 Replace index() and rindex() calls with strchr() and strrchr().
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.

This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
2012-01-03 18:51:58 +00:00
maxim
330e98b5de o Convert IPv6 read-only stats sysctls to the read-write ones.
o Teach netstat(1) -z to reset these stats sysctls.

PR:		bin/153206
Reviewed by:	glebuis
Sponsored by:	NGINX, Inc.
MFC after:	1 month
2011-12-19 05:50:34 +00:00
joel
29af67e52c Remove the advertising clause from UCB copyrighted files in usr.bin. This
is in accordance with the information provided at
ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change

Also add $FreeBSD$ to a few files to keep svn happy.

Discussed with:	imp, rwatson
2010-12-11 08:32:16 +00:00
brucec
bb24a2af36 Fix typo. 2010-11-27 21:35:16 +00:00
bms
feddbae3c6 Add MLDv2 statistic IDs to netstat for IPv6 stack. 2009-04-29 09:52:04 +00:00
bz
5d8f0a53a7 Remove the single global unlocked route cache ip6_forward_rt
from the inet6 stack along with statistics and make sure we
properly free the rt in all cases.

While the current situation is not better performance wise it
prevents panics seen more often these days.
After more inet6 and ipsec cleanup we should be able to improve
the situation again passing the rt to ip6_forward directly.

Leave the ip6_forward_rt entry in struct vinet6 but mark it
for removal.

PR:		kern/128247, kern/131038
MFC after:	25 days
Committed from:	Bugathon #6
Tested by:	Denis Ahrens <denis@h3q.com> (different initial version)
2009-02-01 21:11:08 +00:00
maxim
7abddeaa68 o Respect -ss flags (suppress zero counters) for icmp6 "histogram
of error messages" section.

Submitted by:	naddy
MFC after:	1 week
2009-01-13 07:58:57 +00:00
maxim
ea7e9a42ea o Fix grammar.
PR:		bin/129938
Submitted by:	Bruce Cran
2008-12-26 07:16:20 +00:00
ume
d6bcc8a9c7 Change .8s port name restriction to .15s.
This change corresponds to inet.c 1.13.

MFC after:	1 week
2008-03-18 15:04:05 +00:00
obrien
7407056580 style(9)
+ kread is not a boolean, so check it as such
+ fix $FreeBSD$ Ids
+ denote copyrights with /*-
+ misc whitespace changes.
2008-01-02 23:26:11 +00:00
jhb
27187e7f6b Restore netstat -M functionality for most statistics on core dumps. In
general, when support was added to netstat for fetching data using sysctl,
no provision was left for fetching equivalent data from a core dump, and
in fact, netstat would _always_ fetch data from the live kernel using
sysctl even when -M was specified resulting in the user believing they
were getting data from coredumps when they actually weren't.  Some specific
changes:
- Add a global 'live' variable that is true if netstat is running against
  the live kernel and false if -M has been specified.
- Stop abusing the sysctl flag in the protocol tables to hold the protocol
  number.  Instead, the protocol is now its own field in the tables, and
  it is passed as a separate parameter to the PCB and stat routines rather
  than overloading the KVM offset parameter.
- Don't run PCB or stats functions who don't have a namelist offset if we
  are being run against a crash dump (!live).
- For the inet and unix PCB routines, we generate the same buffer from KVM
  that the sysctl usually generates complete with the header and trailer.
- Don't run bpf stats for !live (before it would just silently always run
  live).
- kread() no longer trashes memory when opening the buffer if there is an
  error on open and the passed in buffer is smaller than _POSIX2_LINE_MAX.
- The multicast routing code doesn't fallback to kvm on live kernels if
  the sysctl fails.  Keeping this made the code rather hairy, and netstat
  is already tied to the kernel ABI anyway (even when using sysctl's since
  things like xinpcb contain an inpcb) so any kernels this is run against
  that have the multicast routing stuff should have the sysctls.
- Don't try to dig around in the kernel linker in the netgraph PCB routine
  for core dumps.

Other notes:
- sctp's PCB routine only works on live kernels, it looked rather
  complicated to generate all the same stuff via KVM.  Someone can always
  add it later if desired though.
- Fix the ipsec removal bug where N_xxx for IPSEC stats weren't renumbered.
- Use sysctlbyname() everywhere rather than hardcoded mib values.

MFC after:	1 week
Approved by:	re (rwatson)
2007-07-16 17:15:55 +00:00
bms
79da54db62 Use sysctl(2), not kvm(3), to read IPv6 multicast information from
the running system.
Use the name 'IPv6 Forwarding Table', not 'IPv6 Routing Table', to be
consistent with what the code actually does and is.
2007-02-24 21:58:30 +00:00
yar
e1db503689 Achieve WARNS=2 by using uintmax_t to pass around 64-bit quantities,
including to printf().  Using uintmax_t is also robust to further
extensions in both the C language and the bitwidth of kernel counters.

Tested on:	i386 amd64 ia64
2006-07-28 16:09:19 +00:00
julian
429b08f9da Not having ipv6 in your kernel is not an error and should not be reported.
MFC after:	1 week
2006-07-14 23:32:43 +00:00
stefanf
7cdc27d942 Use the length modifier 'll' instead of 'q' to print long longs. 2004-07-28 16:03:13 +00:00
charnier
cd48a1d32b Add __FBSDID. Replace local variable sin by sockin to not conflict with sin(3).
Use warnx() instead of warn() when error message is not of any interest. Add
prototypes.
2004-07-26 20:18:11 +00:00
ume
756361c57e printed statistics about source address selection rules.
Obtained from:	KAME
2004-02-05 12:08:35 +00:00
ume
315524cfd5 stops program if kvm_read fails.
Obtained from:	KAME
2004-02-05 12:05:35 +00:00
mtm
2da153c5bb o Typo/Grammar fixes
o Added mini-function to correctly handle singular/plural
	  of words ending in 'ly'

Approved by: markm (mentor)
Not objected to by: -audit
2003-01-14 16:02:56 +00:00
dwmalone
cb4604919f Warns cleanups for netstat:
1) Include arpa/inet.h for ntohs.
2) Constness fixes.
3) Fix shadowing except for "sin" which shouldn't be in scope.
4) Remove register keyword.
5) Add missing initialsers to user defined structs.
5) Make prototype of netname6 globally visable.
6) Use right macros for printing syncache stats (even though entrie isn't
   a word).
2002-09-05 17:06:51 +00:00
markm
d4767a7bb1 Cast to kill warnings. De-register. 2002-04-28 12:17:27 +00:00
ru
63326af6cd Deprecate the -l option in favour of more natural -W.
The compatibility glue is still provided.

(This change is not yet reflected in the manpage, nor
in usage().  This will be fixed at a later time today,
with the general manpage cleanup commit.)
2001-09-07 12:00:50 +00:00
ume
111d276984 - create an entry of IPV6CTL_STATS sysctl.
- fix the problem that netstat doesn't show raw6 and icmp6 pcblist.
- make netstat use sysctl to retreive stats of ipv6 and icmpv6
  instead of kread.

Obtained from:	KAME
MFC after:	1 week
2001-06-28 18:06:15 +00:00
sumikawa
eaafbef7b8 - Avoid hardcoded constant on icmp6 in/out histogram printing
- Icmp6 histogram update for inverse neighbor solicit/advert.

Obtained from:	KAME
MFC after:	2 weeks
2001-06-21 08:27:09 +00:00
assar
f5fc9b5340 remove warnings
remove superfluous declarations
make things more consistent
2001-06-15 23:55:45 +00:00
assar
ee746c97f9 remove K&R support 2001-06-15 23:35:13 +00:00
assar
6c0b683445 revert removal of warning and K&R support
Requested by: bde
2001-06-15 23:07:59 +00:00
assar
9e34fe7efd remove most of the warnings 2001-06-15 01:53:05 +00:00