From 213b8c4fdc5fc41c979cfa426ec8c12714f5799f Mon Sep 17 00:00:00 2001 From: Apple Date: Fri, 6 Jul 2018 16:26:47 +0000 Subject: [PATCH] network_cmds-543.200.16.tar.gz --- cfilutil/cfilstat.c | 29 +++++++--- ifconfig.tproj/af_inet6.c | 4 +- ifconfig.tproj/ifconfig.c | 74 +++++++++++++++++++++++++- netstat.tproj/inet.c | 30 +++++++++-- netstat.tproj/inet6.c | 42 ++++++++++++++- netstat.tproj/main.c | 8 ++- netstat.tproj/netstat.1 | 12 ++++- netstat.tproj/netstat.h | 1 + netstat.tproj/route.c | 55 +++++++++++++++++-- network_cmds.xcodeproj/project.pbxproj | 29 ++++------ unbound/daemon/remote.c | 11 ---- unbound/smallapp/unbound-control.c | 4 -- unbound/testcode/petal.c | 2 - unbound/util/net_help.c | 21 -------- 14 files changed, 242 insertions(+), 80 deletions(-) diff --git a/cfilutil/cfilstat.c b/cfilutil/cfilstat.c index ac4b197..a012e06 100644 --- a/cfilutil/cfilstat.c +++ b/cfilutil/cfilstat.c @@ -29,12 +29,16 @@ #include #include #include +#include #include #include #include #include #include +#define IPPROTOCOL_TCP 6 +#define IPPROTOCOL_UDP 17 + void print_filter_list() { @@ -112,31 +116,38 @@ print_socket_list() struct cfil_sock_stat *sock_stat; char opass[32]; char ipass[32]; - + char namebuffer[256]; + char *procName = ""; + sock_stat = (struct cfil_sock_stat *)ptr; if (curr_len + sock_stat->cfs_len > total_len || sock_stat->cfs_len < sizeof(struct cfil_sock_stat)) break; + if (proc_name(sock_stat->cfs_e_pid, namebuffer, sizeof(namebuffer)) > 0) { + procName = namebuffer; + } + sprint_offset(opass, 32, "%8llu", sock_stat->cfs_snd.cbs_pass_offset); sprint_offset(ipass, 32, "%8llu", sock_stat->cfs_rcv.cbs_pass_offset); - printf("%18s %10s " + printf("%16s %5s %10s " "%8s %8s %8s %8s %8s %8s %8s " "%8s %8s %8s %8s %8s %8s %8s " - "%8s %8s\n", - "sockid", "flags", + "%8s %8s %15s\n", + "sockid", "proto", "flags", "ofirst", "olast", "oqlen", " ", "opass", " ", " ", "ifirst", "ilast", "iqlen", " ", "ipass", " ", " ", - "pid", "epid"); + "pid", "epid", "eprocname"); - printf("0x%016llx 0x%08llx " + printf("%016llu %5s 0x%08llx " "%8llu %8llu %8llu %8s %8s %8s %8s " "%8llu %8llu %8llu %8s %8s %8s %8s " - "%8u %8u\n", + "%8u %8u %15s\n", sock_stat->cfs_sock_id, + sock_stat->cfs_sock_protocol == IPPROTOCOL_TCP ? "TCP" : "UDP", sock_stat->cfs_flags, sock_stat->cfs_snd.cbs_pending_first, @@ -155,7 +166,9 @@ print_socket_list() " ", " ", sock_stat->cfs_pid, - sock_stat->cfs_e_pid); + sock_stat->cfs_e_pid, + procName); + printf("%7s %10s %10s " "%8s %8s %8s %8s %8s %8s %8s " diff --git a/ifconfig.tproj/af_inet6.c b/ifconfig.tproj/af_inet6.c index d2a5b1b..2fedbb3 100644 --- a/ifconfig.tproj/af_inet6.c +++ b/ifconfig.tproj/af_inet6.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2014 Apple Inc. All rights reserved. + * Copyright (c) 2009-2017 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * @@ -345,6 +345,8 @@ in6_status(int s __unused, const struct ifaddrs *ifa) printf("dynamic "); if ((flags6 & IN6_IFF_SECURED) != 0) printf("secured "); + if ((flags6 & IN6_IFF_CLAT46) != 0) + printf("clat46 "); if (scopeid) printf("scopeid 0x%x ", scopeid); diff --git a/ifconfig.tproj/ifconfig.c b/ifconfig.tproj/ifconfig.c index d609ae8..cb6a239 100644 --- a/ifconfig.tproj/ifconfig.c +++ b/ifconfig.tproj/ifconfig.c @@ -99,6 +99,7 @@ __unused static const char copyright[] = #include #include #include +#include #include "ifconfig.h" @@ -137,6 +138,8 @@ static char *bytes_to_str(unsigned long long bytes); static char *bps_to_str(unsigned long long rate); static char *ns_to_str(unsigned long long nsec); static void tunnel_status(int s); +static void clat46_addr(int s, char *name); +static void nat64_status(int s, char *name); static void usage(void); static char *sched2str(unsigned int s); static char *tl2str(unsigned int s); @@ -1189,6 +1192,16 @@ setqosmarking(const char *cmd, const char *arg, int s, const struct afswtch *afp #endif /* defined(SIOCSQOSMARKINGMODE) && defined(SIOCSQOSMARKINGENABLED) */ +void +setlowpowermode(const char *vname, int value, int s, const struct afswtch *afp) +{ + strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + ifr.ifr_low_power_mode = !!value; + + if (ioctl(s, SIOCSIFLOWPOWER, (caddr_t)&ifr) < 0) + Perror(vname); +} + #define IFFBITS \ "\020\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6SMART\7RUNNING" \ "\10NOARP\11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX\15LINK0\16LINK1\17LINK2" \ @@ -1196,7 +1209,7 @@ setqosmarking(const char *cmd, const char *arg, int s, const struct afswtch *afp #define IFEFBITS \ "\020\1AUTOCONFIGURING\4PROBE_CONNECTIVITY\5FASTLN_CAP\6IPV6_DISABLED\7ACCEPT_RTADV\10TXSTART\11RXPOLL" \ -"\12VLAN\13BOND\14ARPLL\15NOWINDOWSCALE\16NOAUTOIPV6LL\17EXPENSIVE\20ROUTER4" \ +"\12VLAN\13BOND\14ARPLL\15CLAT46\16NOAUTOIPV6LL\17EXPENSIVE\20ROUTER4" \ "\21ROUTER6\22LOCALNET_PRIVATE\23ND6ALT\24RESTRICTED_RECV\25AWDL\26NOACKPRI" \ "\27AWDL_RESTRICTED\30CL2K\31ECN_ENABLE\32ECN_DISABLE\33CHANNEL_DRV\34CA" \ "\35SENDLIST\36DIRECTLINK\37FASTLN_ON\40UPDOWNCHANGE" @@ -1290,6 +1303,13 @@ status(const struct afswtch *afp, const struct sockaddr_dl *sdl, } else if (afp->af_af == ift->ifa_addr->sa_family) afp->af_status(s, ift); } + +/* Print CLAT46 address */ + clat46_addr(s, name); + +/* Print NAT64 prefix */ + nat64_status(s, name); + #if 0 if (allfamilies || afp->af_af == AF_LINK) { const struct afswtch *lafp; @@ -1619,6 +1639,11 @@ status(const struct afswtch *afp, const struct sockaddr_dl *sdl, } } #endif /* defined(SIOCGQOSMARKINGENABLED) && defined(SIOCGQOSMARKINGMODE) */ + + if (verbose > 0 && ioctl(s, SIOCGIFLOWPOWER, &ifr) != -1) { + printf("\tlow power mode: %s\n", + (ifr.ifr_low_power_mode != 0) ? "enabled" : "disabled"); + } done: close(s); return; @@ -1717,6 +1742,51 @@ tunnel_status(int s) af_all_tunnel_status(s); } +static void +clat46_addr(int s, char * if_name) +{ + struct if_clat46req ifr; + char buf[MAXHOSTNAMELEN]; + + bzero(&ifr, sizeof (ifr)); + strlcpy(ifr.ifclat46_name, if_name, sizeof(ifr.ifclat46_name)); + + if (ioctl(s, SIOCGIFCLAT46ADDR, &ifr) < 0) { + if (errno != ENOENT) + syslog(LOG_WARNING, "ioctl (SIOCGIFCLAT46ADDR): %d", errno); + return; + } + + if (inet_ntop(AF_INET6, &ifr.ifclat46_addr.v6_address, buf, sizeof(buf)) != NULL) + printf("\tinet6 %s prefixlen %d clat46\n", + buf, ifr.ifclat46_addr.v6_prefixlen); +} + +static void +nat64_status(int s, char * if_name) +{ + int i; + struct if_nat64req ifr; + char buf[MAXHOSTNAMELEN]; + + bzero(&ifr, sizeof(ifr)); + strlcpy(ifr.ifnat64_name, if_name, sizeof(ifr.ifnat64_name)); + + if (ioctl(s, SIOCGIFNAT64PREFIX, &ifr) < 0) { + if (errno != ENOENT) + syslog(LOG_WARNING, "ioctl(SIOCGIFNAT64PREFIX): %d", errno); + return; + } + + for (i = 0; i < NAT64_MAX_NUM_PREFIXES; i++) { + if (ifr.ifnat64_prefixes[i].prefix_len > 0) { + inet_ntop(AF_INET6, &ifr.ifnat64_prefixes[i].ipv6_prefix, buf, sizeof(buf)); + printf("\tnat64 prefix %s prefixlen %d\n", + buf, ifr.ifnat64_prefixes[i].prefix_len << 3); + } + } +} + void Perror(const char *cmd) { @@ -1930,6 +2000,8 @@ static struct cmd basic_cmds[] = { DEF_CMD_ARG("disable_output", setdisableoutput), DEF_CMD("probe_connectivity", 1, setprobeconnectivity), DEF_CMD("-probe_connectivity", 0, setprobeconnectivity), + DEF_CMD("lowpowermode", 1, setlowpowermode), + DEF_CMD("-lowpowermode", 0, setlowpowermode), }; static __constructor void diff --git a/netstat.tproj/inet.c b/netstat.tproj/inet.c index 94034e5..d962a80 100644 --- a/netstat.tproj/inet.c +++ b/netstat.tproj/inet.c @@ -376,8 +376,8 @@ protopr(uint32_t proto, /* for sysctl version we pass proto # */ if (prioflag >= 0) printf(" %7.7s[%1d] %7.7s[%1d]", "rxbytes", prioflag, "txbytes", prioflag); if (vflag > 0) - printf(" %6.6s %6.6s %6.6s %6.6s", - "rhiwat", "shiwat", "pid", "epid"); + printf(" %6.6s %6.6s %6.6s %6.6s %6s %10s", + "rhiwat", "shiwat", "pid", "epid", "state", "options"); printf("\n"); } first = 0; @@ -509,11 +509,13 @@ protopr(uint32_t proto, /* for sysctl version we pass proto # */ prioflag < SO_TC_STATS_MAX ? so_stat->xst_tc_stats[prioflag].txbytes : 0); } if (vflag > 0) { - printf(" %6u %6u %6u %6u", + printf(" %6u %6u %6u %6u 0x%04x 0x%08x", so_rcv->sb_hiwat, so_snd->sb_hiwat, so->so_last_pid, - so->so_e_pid); + so->so_e_pid, + so->so_state, + so->so_options); } putchar('\n'); } @@ -585,6 +587,8 @@ tcp_stats(uint32_t off , char *name, int af) p(tcps_sndwinup, "\t\t%u window update packet%s\n"); p(tcps_sndctrl, "\t\t%u control packet%s\n"); p(tcps_fcholdpacket, "\t\t%u data packet%s sent after flow control\n"); + p(tcps_synchallenge, "\t\t%u challenge ACK%s sent due to unexpected SYN\n"); + p(tcps_rstchallenge, "\t\t%u challenge ACK%s sent due to unexpected RST\n"); t_swcsum = tcpstat.tcps_snd_swcsum + tcpstat.tcps_snd6_swcsum; if ((t_swcsum - pt_swcsum) || sflag <= 1) printf("\t\t%u checksummed in software\n", (t_swcsum - pt_swcsum)); @@ -612,6 +616,7 @@ tcp_stats(uint32_t off , char *name, int af) "\t\t%u packet%s (%u byte%s) of data after window\n"); p(tcps_rcvwinprobe, "\t\t%u window probe%s\n"); p(tcps_rcvwinupd, "\t\t%u window update packet%s\n"); + p(tcps_recovered_pkts, "\t\t%u packet%s recovered after loss\n"); p(tcps_rcvafterclose, "\t\t%u packet%s received after close\n"); p(tcps_badrst, "\t\t%u bad reset%s\n"); p(tcps_rcvbadsum, "\t\t%u discarded for bad checksum%s\n"); @@ -639,12 +644,18 @@ tcp_stats(uint32_t off , char *name, int af) "\t\t%u connection%s updated cached RTT variance on close\n"); p(tcps_cachedssthresh, "\t\t%u connection%s updated cached ssthresh on close\n"); + p(tcps_usedrtt, "\t\t%u connection%s initialized RTT from route cache\n"); + p(tcps_usedrttvar, + "\t\t%u connection%s initialized RTT variance from route cache\n"); + p(tcps_usedssthresh, + "\t\t%u connection%s initialized ssthresh from route cache\n"); p(tcps_conndrops, "\t%u embryonic connection%s dropped\n"); p2(tcps_rttupdated, tcps_segstimed, "\t%u segment%s updated rtt (of %u attempt%s)\n"); p(tcps_rexmttimeo, "\t%u retransmit timeout%s\n"); p(tcps_timeoutdrop, "\t\t%u connection%s dropped by rexmit timeout\n"); p(tcps_rxtfindrop, "\t\t%u connection%s dropped after retransmitting FIN\n"); + p(tcps_sndrexmitbad, "\t\t%u unnecessary packet retransmissions%s\n"); p(tcps_persisttimeo, "\t%u persist timeout%s\n"); p(tcps_persistdrop, "\t\t%u connection%s dropped by persist timeout\n"); p(tcps_keeptimeo, "\t%u keepalive timeout%s\n"); @@ -700,11 +711,16 @@ tcp_stats(uint32_t off , char *name, int af) p(tcps_ecn_fallback_synloss, "\t\t%u connection%s fell back to non-ECN due to SYN-loss\n"); p(tcps_ecn_fallback_reorder, "\t\t%u connection%s fell back to non-ECN due to reordering\n"); p(tcps_ecn_fallback_ce, "\t\t%u connection%s fell back to non-ECN due to excessive CE-markings\n"); + p(tcps_ecn_fallback_droprst, "\t\t%u connection%s fell back caused by connection drop due to RST\n"); + p(tcps_ecn_fallback_droprxmt, "\t\t%u connection%s fell back due to drop after multiple retransmits \n"); + p(tcps_ecn_fallback_synrst, "\t\t%u connection%s fell back due to RST after SYN\n"); + p(tcps_detect_reordering, "\t%u time%s packet reordering was detected on a connection\n"); p(tcps_reordered_pkts, "\t\t%u time%s transmitted packets were reordered\n"); p(tcps_delay_recovery, "\t\t%u time%s fast recovery was delayed to handle reordering\n"); p(tcps_avoid_rxmt, "\t\t%u time%s retransmission was avoided by delaying recovery\n"); p(tcps_unnecessary_rxmt, "\t\t%u retransmission%s not needed \n"); + p(tcps_tailloss_rto, "\t%u retransmission%s due to tail loss\n"); p(tcps_dsack_sent, "\t%u time%s DSACK option was sent\n"); p(tcps_dsack_recvd, "\t\t%u time%s DSACK option was received\n"); p(tcps_dsack_disable, "\t\t%u time%s DSACK was disabled on a connection\n"); @@ -713,6 +729,7 @@ tcp_stats(uint32_t off , char *name, int af) p(tcps_dsack_recvd_old,"\t\t%u time%s ignored old DSACK options\n"); p(tcps_pmtudbh_reverted, "\t%u time%s PMTU Blackhole detection, size reverted\n"); p(tcps_drop_after_sleep, "\t%u connection%s were dropped after long sleep\n"); + p(tcps_nostretchack, "\t%u connection%s had stretch ack algorithm disabled\n"); p(tcps_tfo_cookie_sent,"\t%u time%s a TFO-cookie has been announced\n"); p(tcps_tfo_syn_data_rcv,"\t%u SYN%s with data and a valid TFO-cookie have been received\n"); @@ -724,6 +741,11 @@ tcp_stats(uint32_t off , char *name, int af) p(tcps_tfo_syn_data_acked,"\t\t%u time%s our SYN with data has been acknowledged\n"); p(tcps_tfo_syn_loss,"\t%u time%s a connection-attempt with TFO fell back to regular TCP\n"); p(tcps_tfo_blackhole,"\t%u time%s a TFO-connection blackhole'd\n"); + p(tcps_tfo_cookie_wrong,"\t%u time%s a TFO-cookie we sent was wrong\n"); + p(tcps_tfo_no_cookie_rcv,"\t%u time%s did not received a TFO-cookie we asked for\n"); + p(tcps_tfo_heuristics_disable,"\t%u time%s TFO got disabled due to heuristicsn\n"); + p(tcps_tfo_sndblackhole,"\t%u time%s TFO got blackholed in the sending direction\n"); + p(tcps_mss_to_default,"\t%u time%s maximum segment size was changed to default\n"); p(tcps_mss_to_medium,"\t%u time%s maximum segment size was changed to medium\n"); p(tcps_mss_to_low,"\t%u time%s maximum segment size was changed to low\n"); diff --git a/netstat.tproj/inet6.c b/netstat.tproj/inet6.c index ae50278..b90b141 100644 --- a/netstat.tproj/inet6.c +++ b/netstat.tproj/inet6.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008-2015 Apple Inc. All rights reserved. + * Copyright (c) 2008-2018 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * @@ -450,6 +450,29 @@ ip6_stats(uint32_t off __unused, char *name, int af __unused) p1a(ip6s_forward_cachemiss, "\t\t%llu forward cache miss\n"); p(ip6s_pktdropcntrl, "\t\t%llu packet%s dropped due to no bufs for control data\n"); + /* CLAT46 input stats */ + p(ip6s_clat464_in_tooshort_drop, + "\t\t%llu input packet%s dropped due to too short length \n"); + p(ip6s_clat464_in_nov6addr_drop, + "\t\t%llu input packet%s dropped due to missing CLAT46 IPv6 address\n"); + p(ip6s_clat464_in_nov4addr_drop, + "\t\t%llu input packet%s dropped due to missing CLAT46 IPv4 address\n"); + p(ip6s_clat464_in_v4synthfail_drop, + "\t\t%llu input packet%s dropped due to CLAT46 IPv4 address derivation failure\n"); + p(ip6s_clat464_in_64transfail_drop, + "\t\t%llu input packet%s dropped due to CLAT46 IP header translation failure\n"); + p(ip6s_clat464_in_64proto_transfail_drop, + "\t\t%llu input packet%s dropped due to CLAT46 protocol translation failure\n"); + p(ip6s_clat464_in_64frag_transfail_drop, + "\t\t%llu input packet%s dropped due to CLAT46 fragment translation failure\n"); + p(ip6s_clat464_in_invalpbuf_drop, + "\t\t%llu input packet%s dropped due to invalid pbuf\n"); + p(ip6s_clat464_in_v4_drop, + "\t\t%llu input IPv4 packet%s dropped on CLAT46 enabled interface\n"); + p(ip6s_clat464_in_drop, + "\t\t%llu input packet%s dropped due to CLAT46 failures\n"); + p(ip6s_clat464_in_success, + "\t\t%llu input packet%s successfully translated from IPv6 to IPv4\n"); #define INPERFDIFF(f) (in_net_perf.f - pin_net_perf.f) if (INPERFDIFF(np_total_pkts) > 0 && in_net_perf.np_total_usecs > 0) { @@ -485,6 +508,23 @@ ip6_stats(uint32_t off __unused, char *name, int af __unused) p(ip6s_cantfrag, "\t\t%llu datagram%s that can't be fragmented\n"); p(ip6s_badscope, "\t\t%llu packet%s that violated scope rules\n"); p(ip6s_necp_policy_drop, "\t\t%llu packet%s dropped due to NECP policy\n"); + /* CLAT46 output stats */ + p(ip6s_clat464_out_nov6addr_drop, + "\t\t%llu output packet%s dropped due to missing CLAT46 IPv6 address\n"); + p(ip6s_clat464_out_v6synthfail_drop, + "\t\t%llu output packet%s dropped due to CLAT46 IPv6 address synthesis failure\n"); + p(ip6s_clat464_out_46transfail_drop, + "\t\t%llu output packet%s dropped due to CLAT46 IP header translation failure\n"); + p(ip6s_clat464_out_46proto_transfail_drop, + "\t\t%llu output packet%s dropped due to CLAT46 protocol translation failure\n"); + p(ip6s_clat464_out_46frag_transfail_drop, + "\t\t%llu output packet%s dropped due to CLAT46 fragment translation failure\n"); + p(ip6s_clat464_out_invalpbuf_drop, + "\t\t%llu output packet%s dropped due to invalid pbuf\n"); + p(ip6s_clat464_out_drop, + "\t\t%llu output packet%s dropped due to CLAT46 failures\n"); + p(ip6s_clat464_out_success, + "\t\t%llu output packet%s successfully translated from IPv4 to IPv6\n"); #define OUTPERFDIFF(f) (out_net_perf.f - pout_net_perf.f) if (OUTPERFDIFF(np_total_pkts) > 0 && out_net_perf.np_total_usecs > 0) { diff --git a/netstat.tproj/main.c b/netstat.tproj/main.c index 52c0a0f..7a9d7d7 100644 --- a/netstat.tproj/main.c +++ b/netstat.tproj/main.c @@ -220,6 +220,7 @@ int Wflag; /* wide display */ int qflag; /* classq stats display */ int Qflag; /* opportunistic polling stats display */ int xflag; /* show extended link-layer reachability information */ +int zflag; /* show only entries with non zero rtt metrics */ int cq = -1; /* send classq index (-1 for all) */ int interval; /* repeat interval for i/f stats */ @@ -239,7 +240,7 @@ main(argc, argv) af = AF_UNSPEC; - while ((ch = getopt(argc, argv, "Aabc:dFf:gI:ikLlmnP:p:qQrRsStuvWw:x")) != -1) + while ((ch = getopt(argc, argv, "Aabc:dFf:gI:ikLlmnP:p:qQrRsStuvWw:xz")) != -1) switch(ch) { case 'A': Aflag = 1; @@ -299,7 +300,7 @@ main(argc, argv) iflag = 1; break; case 'l': - lflag = 1; + lflag += 1; break; case 'L': Lflag = 1; @@ -359,6 +360,9 @@ main(argc, argv) xflag = 1; Rflag = 1; break; + case 'z': + zflag = 1; + break; case '?': default: usage(); diff --git a/netstat.tproj/netstat.1 b/netstat.tproj/netstat.1 index d4de10c..61ab843 100644 --- a/netstat.tproj/netstat.1 +++ b/netstat.tproj/netstat.1 @@ -249,7 +249,15 @@ is also present, show routing statistics instead. When .Fl l is also present, .Nm -assumes more columns are there and the maximum transmission unit +assumes more columns are there and the maximum transmission unit. +More detailed information about the route metrics are displayed with +.Fl ll +for TCP round trip times +.Fl lll +for all metrics. +Use the +.Fl z +flags to display only entries with non-zero RTT values. .Pq Dq mtu are also displayed. .It Fl R @@ -258,7 +266,7 @@ Show reachability information. Use with to show link-layer reachability information for a given interface. .It Fl s Show per-protocol statistics. If this option is repeated, counters with a value of -zero are suppressed. +zero are suppressed. For security reasons, root privileges are required to read TCP statistics and in the absence of such privileges all TCP counters will be reported as zero. .It Fl S Show interface link status and interface state information about the specified interface. This option requires specifying an interface with .Fl I diff --git a/netstat.tproj/netstat.h b/netstat.tproj/netstat.h index dd78e0b..c1641ac 100644 --- a/netstat.tproj/netstat.h +++ b/netstat.tproj/netstat.h @@ -90,6 +90,7 @@ extern int Wflag; /* wide display */ extern int qflag; /* Display ifclassq stats */ extern int Qflag; /* Display opportunistic polling stats */ extern int xflag; /* show extended link-layer reachability information */ +extern int zflag; /* show only entries with non zero rtt metrics */ extern int cq; /* send classq index (-1 for all) */ extern int interval; /* repeat interval for i/f stats */ diff --git a/netstat.tproj/route.c b/netstat.tproj/route.c index 4f220ec..fceabf0 100644 --- a/netstat.tproj/route.c +++ b/netstat.tproj/route.c @@ -186,8 +186,24 @@ pr_rthdr(int af) if (Aflag) printf("%-8.8s ","Address"); - if (af == AF_INET || lflag) - if (lflag) + if (af == AF_INET || lflag) { + if (lflag > 2) + printf("%-*.*s %-*.*s %-10.10s %6.6s %8.8s %6.6s %*.*s %6s " + "%10s %10s %8s %8s %8s\n", + WID_DST(af), WID_DST(af), "Destination", + WID_GW(af), WID_GW(af), "Gateway", + "Flags", "Refs", "Use", "Mtu", + WID_IF(af), WID_IF(af), "Netif", "Expire", + "rtt(ns)", "rttvar(ns)", "recvpipe", "sendpipe", "ssthresh"); + else if (lflag > 1) + printf("%-*.*s %-*.*s %-10.10s %6.6s %8.8s %6.6s %*.*s %6s " + "%10s %10s\n", + WID_DST(af), WID_DST(af), "Destination", + WID_GW(af), WID_GW(af), "Gateway", + "Flags", "Refs", "Use", "Mtu", + WID_IF(af), WID_IF(af), "Netif", "Expire", + "rtt(ns)", "rttvar(ns)"); + else if (lflag == 1) printf("%-*.*s %-*.*s %-10.10s %6.6s %8.8s %6.6s %*.*s %6s\n", WID_DST(af), WID_DST(af), "Destination", WID_GW(af), WID_GW(af), "Gateway", @@ -199,12 +215,13 @@ pr_rthdr(int af) WID_GW(af), WID_GW(af), "Gateway", "Flags", "Refs", "Use", WID_IF(af), WID_IF(af), "Netif", "Expire"); - else + } else { printf("%-*.*s %-*.*s %-10.10s %8.8s %6s\n", WID_DST(af), WID_DST(af), "Destination", WID_GW(af), WID_GW(af), "Gateway", "Flags", "Netif", "Expire"); } +} /* * Print routing tables. @@ -277,6 +294,8 @@ np_rtentry(struct rt_msghdr2 *rtm) return; } + if (lflag > 1 && zflag != 0 && rtm->rtm_rmx.rmx_rtt == 0 && rtm->rtm_rmx.rmx_rttvar == 0) + return; fam = sa->sa_family; if (af != AF_UNSPEC && af != fam) return; @@ -322,6 +341,36 @@ np_rtentry(struct rt_msghdr2 *rtm) if ((expire_time = rtm->rtm_rmx.rmx_expire - time((time_t *)0)) > 0) printf(" %6d", (int)expire_time); + else + printf(" %6s", "!"); + } else { + printf(" %6s", ""); + } + if (lflag > 1) { + if (rtm->rtm_rmx.rmx_rtt != 0) + printf(" %6u.%03u", rtm->rtm_rmx.rmx_rtt / 1000, + rtm->rtm_rmx.rmx_rtt % 1000); + else + printf(" %10s", ""); + if (rtm->rtm_rmx.rmx_rttvar != 0) + printf(" %6u.%03u", rtm->rtm_rmx.rmx_rttvar / 1000, + rtm->rtm_rmx.rmx_rttvar % 1000); + else + printf(" %10s", ""); + if (lflag > 2) { + if (rtm->rtm_rmx.rmx_recvpipe != 0) + printf(" %8u", rtm->rtm_rmx.rmx_recvpipe); + else + printf(" %8s", ""); + if (rtm->rtm_rmx.rmx_sendpipe != 0) + printf(" %8u", rtm->rtm_rmx.rmx_sendpipe); + else + printf(" %8s", ""); + if (rtm->rtm_rmx.rmx_ssthresh != 0) + printf(" %8u", rtm->rtm_rmx.rmx_ssthresh); + else + printf(" %8s", ""); + } } putchar('\n'); } diff --git a/network_cmds.xcodeproj/project.pbxproj b/network_cmds.xcodeproj/project.pbxproj index b979f57..1889a84 100755 --- a/network_cmds.xcodeproj/project.pbxproj +++ b/network_cmds.xcodeproj/project.pbxproj @@ -3782,7 +3782,6 @@ 03B2DBF1100BE71D005349BC /* Ignore Me */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist"; CODE_SIGN_IDENTITY = "-"; GCC_PREPROCESSOR_DEFINITIONS = ( @@ -3824,6 +3823,7 @@ INSTALL_MODE_FLAG = 0555; INSTALL_PATH = /usr/sbin; PRODUCT_NAME = rtadvd; + USE_HEADERMAP = NO; WARNING_CFLAGS = ( "$(inherited)", "-Wno-deprecated-declarations", @@ -3901,7 +3901,6 @@ isa = XCBuildConfiguration; buildSettings = { ALTERNATE_MODE = 0555; - ALWAYS_SEARCH_USER_PATHS = NO; COPY_PHASE_STRIP = NO; GCC_DYNAMIC_NO_PIC = NO; GCC_ENABLE_FIX_AND_CONTINUE = YES; @@ -3917,7 +3916,6 @@ 4D2B04F61208C2050004A3F3 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; COPY_PHASE_STRIP = YES; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; GCC_ENABLE_FIX_AND_CONTINUE = NO; @@ -3932,7 +3930,6 @@ 4D2B04F71208C2050004A3F3 /* Ignore Me */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; GCC_ENABLE_FIX_AND_CONTINUE = YES; GCC_MODEL_TUNING = G5; INSTALL_PATH = /usr/local/bin; @@ -3944,7 +3941,6 @@ 565825A11339218F003E5FA5 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist"; CODE_SIGN_IDENTITY = "-"; COPY_PHASE_STRIP = NO; @@ -3961,7 +3957,6 @@ 565825A21339218F003E5FA5 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist"; CODE_SIGN_IDENTITY = "-"; COPY_PHASE_STRIP = YES; @@ -3978,7 +3973,6 @@ 565825A31339218F003E5FA5 /* Ignore Me */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist"; CODE_SIGN_IDENTITY = "-"; GCC_ENABLE_FIX_AND_CONTINUE = YES; @@ -3992,7 +3986,6 @@ 690D978312DE6035004323A7 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist"; CODE_SIGN_IDENTITY = "-"; COPY_PHASE_STRIP = NO; @@ -4011,7 +4004,6 @@ 690D978412DE6035004323A7 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist"; CODE_SIGN_IDENTITY = "-"; COPY_PHASE_STRIP = YES; @@ -4030,7 +4022,6 @@ 690D978512DE6035004323A7 /* Ignore Me */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist"; CODE_SIGN_IDENTITY = "-"; "DEBUG_INFORMATION_FORMAT[sdk=iphoneos*][arch=*]" = dwarf; @@ -4046,10 +4037,8 @@ 7132976C1A93C743002359CF /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; @@ -4073,7 +4062,8 @@ PRODUCT_NAME = "$(TARGET_NAME)"; SDKROOT = macosx.internal; SUPPORTED_PLATFORMS = macosx; - "USER_HEADER_SEARCH_PATHS[arch=*]" = unbound/; + USER_HEADER_SEARCH_PATHS = "$(SRCROOT)/unbound"; + USE_HEADERMAP = NO; VALID_ARCHS = "x86_64 x86_64h"; }; name = Debug; @@ -4081,10 +4071,8 @@ 7132976D1A93C743002359CF /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; @@ -4104,7 +4092,8 @@ PRODUCT_NAME = "$(TARGET_NAME)"; SDKROOT = macosx.internal; SUPPORTED_PLATFORMS = macosx; - "USER_HEADER_SEARCH_PATHS[arch=*]" = unbound; + USER_HEADER_SEARCH_PATHS = "$(SRCROOT)/unbound"; + USE_HEADERMAP = NO; VALID_ARCHS = "x86_64 x86_64h"; }; name = Release; @@ -4112,10 +4101,8 @@ 7132976E1A93C743002359CF /* Ignore Me */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; @@ -4135,6 +4122,8 @@ PRODUCT_NAME = "$(TARGET_NAME)"; SDKROOT = macosx.internal; SUPPORTED_PLATFORMS = macosx; + USER_HEADER_SEARCH_PATHS = "$(SRCROOT)/unbound"; + USE_HEADERMAP = NO; VALID_ARCHS = "x86_64 x86_64h"; }; name = "Ignore Me"; @@ -4326,7 +4315,6 @@ 7216D2CF0EE89B7A00AE70E4 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist"; CODE_SIGN_IDENTITY = "-"; GCC_PREPROCESSOR_DEFINITIONS = ( @@ -4342,7 +4330,6 @@ 7216D2D00EE89B7A00AE70E4 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; CODE_SIGN_ENTITLEMENTS = "$(SRCROOT)/network-client-server-entitlements.plist"; CODE_SIGN_IDENTITY = "-"; GCC_PREPROCESSOR_DEFINITIONS = ( @@ -4399,6 +4386,7 @@ INSTALL_MODE_FLAG = 0555; INSTALL_PATH = /usr/sbin; PRODUCT_NAME = rtadvd; + USE_HEADERMAP = NO; WARNING_CFLAGS = ( "$(inherited)", "-Wno-deprecated-declarations", @@ -4421,6 +4409,7 @@ INSTALL_MODE_FLAG = 0555; INSTALL_PATH = /usr/sbin; PRODUCT_NAME = rtadvd; + USE_HEADERMAP = NO; WARNING_CFLAGS = ( "$(inherited)", "-Wno-deprecated-declarations", diff --git a/unbound/daemon/remote.c b/unbound/daemon/remote.c index ff3d769..65cc4cb 100644 --- a/unbound/daemon/remote.c +++ b/unbound/daemon/remote.c @@ -154,17 +154,6 @@ daemon_remote_create(struct config_file* cfg) free(rc); return NULL; } - /* no SSLv2, SSLv3 because has defects */ - if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ - log_crypto_err("could not set SSL_OP_NO_SSLv2"); - daemon_remote_delete(rc); - return NULL; - } - if(!(SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){ - log_crypto_err("could not set SSL_OP_NO_SSLv3"); - daemon_remote_delete(rc); - return NULL; - } s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1); s_key = fname_after_chroot(cfg->server_key_file, cfg, 1); if(!s_cert || !s_key) { diff --git a/unbound/smallapp/unbound-control.c b/unbound/smallapp/unbound-control.c index ff86184..7af9ce5 100644 --- a/unbound/smallapp/unbound-control.c +++ b/unbound/smallapp/unbound-control.c @@ -147,10 +147,6 @@ setup_ctx(struct config_file* cfg) ctx = SSL_CTX_new(SSLv23_client_method()); if(!ctx) ssl_err("could not allocate SSL_CTX pointer"); - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) - ssl_err("could not set SSL_OP_NO_SSLv2"); - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) - ssl_err("could not set SSL_OP_NO_SSLv3"); if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) || !SSL_CTX_check_private_key(ctx)) diff --git a/unbound/testcode/petal.c b/unbound/testcode/petal.c index 964735b..6606505 100644 --- a/unbound/testcode/petal.c +++ b/unbound/testcode/petal.c @@ -234,8 +234,6 @@ setup_ctx(char* key, char* cert) { SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method()); if(!ctx) print_exit("out of memory"); - (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); - (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); if(!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM)) print_exit("cannot read cert"); if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) diff --git a/unbound/util/net_help.c b/unbound/util/net_help.c index 8c2bac7..ad69488 100644 --- a/unbound/util/net_help.c +++ b/unbound/util/net_help.c @@ -613,17 +613,6 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem) log_crypto_err("could not SSL_CTX_new"); return NULL; } - /* no SSLv2, SSLv3 because has defects */ - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ - log_crypto_err("could not set SSL_OP_NO_SSLv2"); - SSL_CTX_free(ctx); - return NULL; - } - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)){ - log_crypto_err("could not set SSL_OP_NO_SSLv3"); - SSL_CTX_free(ctx); - return NULL; - } if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) { log_err("error for cert file: %s", pem); log_crypto_err("error in SSL_CTX use_certificate_file"); @@ -668,16 +657,6 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem) log_crypto_err("could not allocate SSL_CTX pointer"); return NULL; } - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) { - log_crypto_err("could not set SSL_OP_NO_SSLv2"); - SSL_CTX_free(ctx); - return NULL; - } - if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)) { - log_crypto_err("could not set SSL_OP_NO_SSLv3"); - SSL_CTX_free(ctx); - return NULL; - } if(key && key[0]) { if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) { log_err("error in client certificate %s", pem); -- 2.45.2