+/*
+ * Copyright (c) 2008 Apple Inc. All rights reserved.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
+ */
/* $FreeBSD: src/usr.bin/netstat/ipsec.c,v 1.1.2.3 2001/08/10 09:07:09 ru Exp $ */
/* $NetBSD: inet.c,v 1.35.2.1 1999/04/29 14:57:08 perry Exp $ */
/* $KAME: ipsec.c,v 1.25 2001/03/12 09:04:39 itojun Exp $ */
#include <sys/param.h>
#include <sys/queue.h>
#include <sys/socket.h>
+#include <sys/sysctl.h>
#include <netinet/in.h>
#include <unistd.h>
#include "netstat.h"
-#ifdef __APPLE__
+#if defined(__APPLE__) && !defined(__unused)
#define __unused
#endif
/*
"x_spdsetidx", "x_spdexpire", "x_spddelete2"
};
+static struct ipsecstat pipsecstat;
static struct ipsecstat ipsecstat;
static void print_ipsecstats (void);
static const char *pfkey_msgtype_names (int);
-static void ipsec_hist (const u_quad_t *, size_t, const struct val2str *,
- const char *);
+static void ipsec_hist (const u_quad_t *, const u_quad_t *, size_t,
+ const struct val2str *, const char *);
/*
* Dump IPSEC statistics structure.
*/
static void
ipsec_hist(const u_quad_t *hist,
+ const u_quad_t *phist,
size_t histmax,
const struct val2str *name,
const char *title)
first = 1;
for (proto = 0; proto < histmax; proto++) {
- if (hist[proto] <= 0)
+ if ((hist[proto] - phist[proto]) <= 0)
continue;
if (first) {
printf("\t%s histogram:\n", title);
break;
}
if (p && p->str) {
- printf("\t\t%s: " LLU "\n", p->str, (CAST)hist[proto]);
+ printf("\t\t%s: " LLU "\n", p->str,
+ (CAST)hist[proto] - (CAST)phist[proto]);
} else {
printf("\t\t#%ld: " LLU "\n", (long)proto,
- (CAST)hist[proto]);
+ (CAST)hist[proto] - (CAST)phist[proto]);
}
}
}
static void
print_ipsecstats(void)
{
-#define p(f, m) if (ipsecstat.f || sflag <= 1) \
- printf(m, (CAST)ipsecstat.f, plural(ipsecstat.f))
+#define IPSECDIFF(f) (ipsecstat.f - pipsecstat.f)
+#define p(f, m) if (IPSECDIFF(f) || sflag <= 1) \
+ printf(m, (CAST)IPSECDIFF(f), plural(IPSECDIFF(f)))
#define hist(f, n, t) \
- ipsec_hist((f), sizeof(f)/sizeof(f[0]), (n), (t));
+ ipsec_hist(ipsecstat.f, pipsecstat.f, \
+ sizeof(ipsecstat.f)/sizeof(ipsecstat.f[0]), (n), (t));
p(in_success, "\t" LLU " inbound packet%s processed successfully\n");
p(in_polvio, "\t" LLU " inbound packet%s violated process security "
p(in_espreplay, "\t" LLU " inbound packet%s failed on ESP replay check\n");
p(in_ahauthsucc, "\t" LLU " inbound packet%s considered authentic\n");
p(in_ahauthfail, "\t" LLU " inbound packet%s failed on authentication\n");
- hist(ipsecstat.in_ahhist, ipsec_ahnames, "AH input");
- hist(ipsecstat.in_esphist, ipsec_espnames, "ESP input");
- hist(ipsecstat.in_comphist, ipsec_compnames, "IPComp input");
+ hist(in_ahhist, ipsec_ahnames, "AH input");
+ hist(in_esphist, ipsec_espnames, "ESP input");
+ hist(in_comphist, ipsec_compnames, "IPComp input");
p(out_success, "\t" LLU " outbound packet%s processed successfully\n");
p(out_polvio, "\t" LLU " outbound packet%s violated process security "
p(out_inval, "\t" LLU " invalid outbound packet%s\n");
p(out_nomem, "\t" LLU " outbound packet%s failed due to insufficient memory\n");
p(out_noroute, "\t" LLU " outbound packet%s with no route\n");
- hist(ipsecstat.out_ahhist, ipsec_ahnames, "AH output");
- hist(ipsecstat.out_esphist, ipsec_espnames, "ESP output");
- hist(ipsecstat.out_comphist, ipsec_compnames, "IPComp output");
+ hist(out_ahhist, ipsec_ahnames, "AH output");
+ hist(out_esphist, ipsec_espnames, "ESP output");
+ hist(out_comphist, ipsec_compnames, "IPComp output");
+#undef IPSECDIFF
#undef p
#undef hist
}
void
-ipsec_stats(u_long off __unused, char *name, int af __unused)
+ipsec_stats(uint32_t off __unused, char *name, int af __unused)
{
- if (off == 0)
+ size_t len;
+
+ len = sizeof(struct ipsecstat);
+ if (strcmp(name, "ipsec") == 0) {
+ if (sysctlbyname("net.inet.ipsec.stats", &ipsecstat, &len, 0, 0) == -1)
+ return;
+ } else if (strcmp(name, "ipsec6") == 0) {
+ if (sysctlbyname("net.inet6.ipsec6.stats", &ipsecstat, &len, 0, 0) == -1)
+ return;
+ } else
return;
printf ("%s:\n", name);
- kread(off, (char *)&ipsecstat, sizeof (ipsecstat));
print_ipsecstats();
+
+ if (interval > 0)
+ bcopy(&ipsecstat, &pipsecstat, len);
}
static const char *
}
void
-pfkey_stats(u_long off __unused, char *name, int af __unused)
+pfkey_stats(uint32_t off __unused, char *name, int af __unused)
{
+ static struct pfkeystat ppfkeystat;
struct pfkeystat pfkeystat;
unsigned first, type;
-
- if (off == 0)
+ size_t len;
+
+ len = sizeof(struct pfkeystat);
+ if (sysctlbyname("net.key.pfkeystat", &pfkeystat, &len, 0, 0) == -1)
return;
printf ("%s:\n", name);
- kread(off, (char *)&pfkeystat, sizeof(pfkeystat));
-#define p(f, m) if (pfkeystat.f || sflag <= 1) \
- printf(m, (CAST)pfkeystat.f, plural(pfkeystat.f))
+#define PFKEYDIFF(f) (pfkeystat.f - ppfkeystat.f)
+#define p(f, m) if (PFKEYDIFF(f) || sflag <= 1) \
+ printf(m, (CAST)PFKEYDIFF(f), plural(PFKEYDIFF(f)))
/* kernel -> userland */
p(out_total, "\t" LLU " request%s sent to userland\n");
for (first = 1, type = 0;
type < sizeof(pfkeystat.out_msgtype)/sizeof(pfkeystat.out_msgtype[0]);
type++) {
- if (pfkeystat.out_msgtype[type] <= 0)
+ if (PFKEYDIFF(out_msgtype[type]) <= 0)
continue;
if (first) {
printf("\thistogram by message type:\n");
first = 0;
}
printf("\t\t%s: " LLU "\n", pfkey_msgtype_names(type),
- (CAST)pfkeystat.out_msgtype[type]);
+ (CAST)PFKEYDIFF(out_msgtype[type]));
}
p(out_invlen, "\t" LLU " message%s with invalid length field\n");
p(out_invver, "\t" LLU " message%s with invalid version field\n");
for (first = 1, type = 0;
type < sizeof(pfkeystat.in_msgtype)/sizeof(pfkeystat.in_msgtype[0]);
type++) {
- if (pfkeystat.in_msgtype[type] <= 0)
+ if (PFKEYDIFF(in_msgtype[type]) <= 0)
continue;
if (first) {
printf("\thistogram by message type:\n");
first = 0;
}
printf("\t\t%s: " LLU "\n", pfkey_msgtype_names(type),
- (CAST)pfkeystat.in_msgtype[type]);
+ (CAST)PFKEYDIFF(in_msgtype[type]));
}
p(in_msgtarget[KEY_SENDUP_ONE],
"\t" LLU " message%s toward single socket\n");
p(in_msgtarget[KEY_SENDUP_REGISTERED],
"\t" LLU " message%s toward registered sockets\n");
p(in_nomem, "\t" LLU " message%s with memory allocation failure\n");
+
+ if (interval > 0)
+ bcopy(&pfkeystat, &ppfkeystat, len);
+#undef PFKEYDIFF
#undef p
}
#endif /*IPSEC*/
projects / apple / network_cmds.git / blobdiff