Annotation of src/usr.bin/netstat/inet.c, Revision 1.103
1.103 ! deraadt 1: /* $OpenBSD: inet.c,v 1.102 2007/12/13 20:00:53 reyk Exp $ */
1.1 deraadt 2: /* $NetBSD: inet.c,v 1.14 1995/10/03 21:42:37 thorpej Exp $ */
3:
4: /*
5: * Copyright (c) 1983, 1988, 1993
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
1.65 millert 16: * 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 17: * may be used to endorse or promote products derived from this software
18: * without specific prior written permission.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30: * SUCH DAMAGE.
31: */
32:
33: #ifndef lint
34: #if 0
35: static char sccsid[] = "from: @(#)inet.c 8.4 (Berkeley) 4/20/94";
36: #else
1.103 ! deraadt 37: static const char *rcsid = "$OpenBSD: inet.c,v 1.102 2007/12/13 20:00:53 reyk Exp $";
1.1 deraadt 38: #endif
39: #endif /* not lint */
40:
41: #include <sys/param.h>
42: #include <sys/queue.h>
43: #include <sys/socket.h>
44: #include <sys/socketvar.h>
45: #include <sys/mbuf.h>
46: #include <sys/protosw.h>
1.102 reyk 47: #include <sys/sysctl.h>
1.1 deraadt 48:
49: #include <net/route.h>
50: #include <netinet/in.h>
51: #include <netinet/in_systm.h>
52: #include <netinet/ip.h>
53: #include <netinet/in_pcb.h>
54: #include <netinet/ip_icmp.h>
55: #include <netinet/icmp_var.h>
56: #include <netinet/igmp_var.h>
57: #include <netinet/ip_var.h>
1.90 mcbride 58: #include <netinet/pim_var.h>
1.1 deraadt 59: #include <netinet/tcp.h>
60: #include <netinet/tcpip.h>
61: #include <netinet/tcp_seq.h>
62: #define TCPSTATES
63: #include <netinet/tcp_fsm.h>
64: #include <netinet/tcp_timer.h>
65: #include <netinet/tcp_var.h>
66: #include <netinet/tcp_debug.h>
67: #include <netinet/udp.h>
68: #include <netinet/udp_var.h>
1.30 angelos 69: #include <netinet/ip_ipsp.h>
1.10 angelos 70: #include <netinet/ip_ah.h>
71: #include <netinet/ip_esp.h>
1.45 angelos 72: #include <netinet/ip_ipip.h>
1.52 angelos 73: #include <netinet/ip_ipcomp.h>
1.34 angelos 74: #include <netinet/ip_ether.h>
1.69 mcbride 75: #include <netinet/ip_carp.h>
1.75 mcbride 76: #include <net/if.h>
77: #include <net/pfvar.h>
78: #include <net/if_pfsync.h>
1.1 deraadt 79:
1.103 ! deraadt 80: #include <rpc/rpc.h>
! 81: #include <rpc/pmap_prot.h>
! 82: #include <rpc/pmap_clnt.h>
! 83:
1.1 deraadt 84: #include <arpa/inet.h>
1.18 millert 85: #include <limits.h>
1.1 deraadt 86: #include <netdb.h>
87: #include <stdio.h>
88: #include <string.h>
89: #include <unistd.h>
1.14 dgregor 90: #include <stdlib.h>
1.103 ! deraadt 91: #include <errno.h>
1.1 deraadt 92: #include "netstat.h"
93:
94: struct inpcb inpcb;
95: struct tcpcb tcpcb;
96: struct socket sockb;
97:
1.56 millert 98: static void protopr0(u_long, char *, int);
1.48 itojun 99:
1.56 millert 100: char *inetname(struct in_addr *);
1.63 deraadt 101: void inetprint(struct in_addr *, in_port_t, char *, int);
1.56 millert 102: char *inet6name(struct in6_addr *);
103: void inet6print(struct in6_addr *, int, char *, int);
1.1 deraadt 104:
105: /*
106: * Print a summary of connections related to an Internet
107: * protocol. For TCP, also give state of connection.
108: * Listening processes (aflag) are suppressed unless the
109: * -a (all) flag is specified.
110: */
111: void
1.63 deraadt 112: protopr(u_long off, char *name)
1.1 deraadt 113: {
1.48 itojun 114: protopr0(off, name, AF_INET);
115: }
116:
117: void
1.63 deraadt 118: ip6protopr(u_long off, char *name)
1.48 itojun 119: {
120: protopr0(off, name, AF_INET6);
121: }
122:
123: static void
1.63 deraadt 124: protopr0(u_long off, char *name, int af)
1.48 itojun 125: {
1.1 deraadt 126: struct inpcbtable table;
1.54 mpech 127: struct inpcb *head, *next, *prev;
1.1 deraadt 128: struct inpcb inpcb;
1.72 markus 129: int istcp, israw;
1.54 mpech 130: int first = 1;
1.38 itojun 131: char *name0;
132: char namebuf[20];
1.1 deraadt 133:
1.38 itojun 134: name0 = name;
1.1 deraadt 135: if (off == 0)
136: return;
137: istcp = strcmp(name, "tcp") == 0;
1.72 markus 138: israw = strncmp(name, "ip", 2) == 0;
1.93 jaredy 139: kread(off, &table, sizeof table);
1.1 deraadt 140: prev = head =
1.99 otto 141: (struct inpcb *)&CIRCLEQ_FIRST(&((struct inpcbtable *)off)->inpt_queue);
142: next = CIRCLEQ_FIRST(&table.inpt_queue);
1.1 deraadt 143:
144: while (next != head) {
1.93 jaredy 145: kread((u_long)next, &inpcb, sizeof inpcb);
1.99 otto 146: if (CIRCLEQ_PREV(&inpcb, inp_queue) != prev) {
1.1 deraadt 147: printf("???\n");
148: break;
149: }
150: prev = next;
1.99 otto 151: next = CIRCLEQ_NEXT(&inpcb, inp_queue);
1.48 itojun 152:
153: switch (af) {
154: case AF_INET:
155: if ((inpcb.inp_flags & INP_IPV6) != 0)
156: continue;
157: break;
158: case AF_INET6:
159: if ((inpcb.inp_flags & INP_IPV6) == 0)
160: continue;
161: break;
162: default:
163: break;
164: }
1.1 deraadt 165:
166: if (!aflag &&
167: inet_lnaof(inpcb.inp_laddr) == INADDR_ANY)
168: continue;
1.93 jaredy 169: kread((u_long)inpcb.inp_socket, &sockb, sizeof (sockb));
1.1 deraadt 170: if (istcp) {
1.93 jaredy 171: kread((u_long)inpcb.inp_ppcb, &tcpcb, sizeof (tcpcb));
1.1 deraadt 172: }
173: if (first) {
174: printf("Active Internet connections");
175: if (aflag)
176: printf(" (including servers)");
177: putchar('\n');
178: if (Aflag)
1.29 deraadt 179: printf("%-*.*s %-5.5s %-6.6s %-6.6s %-18.18s %-18.18s %s\n",
1.18 millert 180: PLEN, PLEN, "PCB", "Proto", "Recv-Q",
1.29 deraadt 181: "Send-Q", "Local Address",
182: "Foreign Address", "(state)");
1.18 millert 183: else
184: printf("%-5.5s %-6.6s %-6.6s %-22.22s %-22.22s %s\n",
185: "Proto", "Recv-Q", "Send-Q",
186: "Local Address", "Foreign Address",
187: "(state)");
1.1 deraadt 188: first = 0;
189: }
1.38 itojun 190: if (Aflag) {
1.1 deraadt 191: if (istcp)
1.18 millert 192: printf("%*p ", PLEN, inpcb.inp_ppcb);
1.1 deraadt 193: else
1.18 millert 194: printf("%*p ", PLEN, prev);
1.38 itojun 195: }
1.72 markus 196: if (inpcb.inp_flags & INP_IPV6 && !israw) {
1.60 deraadt 197: strlcpy(namebuf, name0, sizeof namebuf);
198: strlcat(namebuf, "6", sizeof namebuf);
1.38 itojun 199: name = namebuf;
200: } else
201: name = name0;
1.16 millert 202: printf("%-5.5s %6ld %6ld ", name, sockb.so_rcv.sb_cc,
1.63 deraadt 203: sockb.so_snd.sb_cc);
1.38 itojun 204: if (inpcb.inp_flags & INP_IPV6) {
205: inet6print(&inpcb.inp_laddr6, (int)inpcb.inp_lport,
1.63 deraadt 206: name, 1);
1.38 itojun 207: inet6print(&inpcb.inp_faddr6, (int)inpcb.inp_fport,
1.63 deraadt 208: name, 0);
1.103 ! deraadt 209: } else {
1.38 itojun 210: inetprint(&inpcb.inp_laddr, (int)inpcb.inp_lport,
1.63 deraadt 211: name, 1);
1.38 itojun 212: inetprint(&inpcb.inp_faddr, (int)inpcb.inp_fport,
1.63 deraadt 213: name, 0);
1.38 itojun 214: }
1.1 deraadt 215: if (istcp) {
216: if (tcpcb.t_state < 0 || tcpcb.t_state >= TCP_NSTATES)
217: printf(" %d", tcpcb.t_state);
218: else
219: printf(" %s", tcpstates[tcpcb.t_state]);
1.72 markus 220: } else if (israw) {
221: u_int8_t proto;
1.103 ! deraadt 222:
1.72 markus 223: if (inpcb.inp_flags & INP_IPV6)
224: proto = inpcb.inp_ipv6.ip6_nxt;
225: else
226: proto = inpcb.inp_ip.ip_p;
1.88 otto 227: printf(" %u", proto);
1.1 deraadt 228: }
229: putchar('\n');
230: }
231: }
232:
233: /*
234: * Dump TCP statistics structure.
235: */
236: void
1.103 ! deraadt 237: tcp_stats(char *name)
1.1 deraadt 238: {
239: struct tcpstat tcpstat;
1.102 reyk 240: int mib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
1.103 ! deraadt 241: size_t len = sizeof(tcpstat);
1.1 deraadt 242:
1.102 reyk 243: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
244: &tcpstat, &len, NULL, 0) == -1) {
1.103 ! deraadt 245: if (errno != ENOPROTOOPT)
! 246: warn(name);
1.102 reyk 247: return;
248: }
249:
1.63 deraadt 250: printf("%s:\n", name);
1.1 deraadt 251: #define p(f, m) if (tcpstat.f || sflag <= 1) \
1.60 deraadt 252: printf(m, tcpstat.f, plural(tcpstat.f))
1.38 itojun 253: #define p1(f, m) if (tcpstat.f || sflag <= 1) \
1.60 deraadt 254: printf(m, tcpstat.f)
1.1 deraadt 255: #define p2(f1, f2, m) if (tcpstat.f1 || tcpstat.f2 || sflag <= 1) \
1.60 deraadt 256: printf(m, tcpstat.f1, plural(tcpstat.f1), tcpstat.f2, plural(tcpstat.f2))
1.38 itojun 257: #define p2a(f1, f2, m) if (tcpstat.f1 || tcpstat.f2 || sflag <= 1) \
1.60 deraadt 258: printf(m, tcpstat.f1, plural(tcpstat.f1), tcpstat.f2)
1.1 deraadt 259: #define p3(f, m) if (tcpstat.f || sflag <= 1) \
1.60 deraadt 260: printf(m, tcpstat.f, plurales(tcpstat.f))
1.1 deraadt 261:
1.38 itojun 262: p(tcps_sndtotal, "\t%u packet%s sent\n");
1.1 deraadt 263: p2(tcps_sndpack,tcps_sndbyte,
1.60 deraadt 264: "\t\t%u data packet%s (%qd byte%s)\n");
1.1 deraadt 265: p2(tcps_sndrexmitpack, tcps_sndrexmitbyte,
1.60 deraadt 266: "\t\t%u data packet%s (%qd byte%s) retransmitted\n");
1.26 provos 267: p(tcps_sndrexmitfast, "\t\t%qd fast retransmitted packet%s\n");
1.38 itojun 268: p2a(tcps_sndacks, tcps_delack,
1.60 deraadt 269: "\t\t%u ack-only packet%s (%u delayed)\n");
1.38 itojun 270: p(tcps_sndurg, "\t\t%u URG only packet%s\n");
271: p(tcps_sndprobe, "\t\t%u window probe packet%s\n");
272: p(tcps_sndwinup, "\t\t%u window update packet%s\n");
273: p(tcps_sndctrl, "\t\t%u control packet%s\n");
1.50 angelos 274: p(tcps_outhwcsum, "\t\t%u packet%s hardware-checksummed\n");
1.38 itojun 275: p(tcps_rcvtotal, "\t%u packet%s received\n");
276: p2(tcps_rcvackpack, tcps_rcvackbyte, "\t\t%u ack%s (for %qd byte%s)\n");
277: p(tcps_rcvdupack, "\t\t%u duplicate ack%s\n");
278: p(tcps_rcvacktoomuch, "\t\t%u ack%s for unsent data\n");
1.85 markus 279: p(tcps_rcvacktooold, "\t\t%u ack%s for old data\n");
1.1 deraadt 280: p2(tcps_rcvpack, tcps_rcvbyte,
1.60 deraadt 281: "\t\t%u packet%s (%qu byte%s) received in-sequence\n");
1.1 deraadt 282: p2(tcps_rcvduppack, tcps_rcvdupbyte,
1.60 deraadt 283: "\t\t%u completely duplicate packet%s (%qd byte%s)\n");
1.38 itojun 284: p(tcps_pawsdrop, "\t\t%u old duplicate packet%s\n");
1.1 deraadt 285: p2(tcps_rcvpartduppack, tcps_rcvpartdupbyte,
1.62 jsyn 286: "\t\t%u packet%s with some duplicate data (%qd byte%s duplicated)\n");
1.1 deraadt 287: p2(tcps_rcvoopack, tcps_rcvoobyte,
1.60 deraadt 288: "\t\t%u out-of-order packet%s (%qd byte%s)\n");
1.1 deraadt 289: p2(tcps_rcvpackafterwin, tcps_rcvbyteafterwin,
1.60 deraadt 290: "\t\t%u packet%s (%qd byte%s) of data after window\n");
1.38 itojun 291: p(tcps_rcvwinprobe, "\t\t%u window probe%s\n");
292: p(tcps_rcvwinupd, "\t\t%u window update packet%s\n");
293: p(tcps_rcvafterclose, "\t\t%u packet%s received after close\n");
294: p(tcps_rcvbadsum, "\t\t%u discarded for bad checksum%s\n");
295: p(tcps_rcvbadoff, "\t\t%u discarded for bad header offset field%s\n");
296: p1(tcps_rcvshort, "\t\t%u discarded because packet too short\n");
1.58 miod 297: p1(tcps_rcvnosec, "\t\t%u discarded for missing IPsec protection\n");
1.82 markus 298: p1(tcps_rcvmemdrop, "\t\t%u discarded due to memory shortage\n");
1.50 angelos 299: p(tcps_inhwcsum, "\t\t%u packet%s hardware-checksummed\n");
1.80 markus 300: p(tcps_rcvbadsig, "\t\t%u bad/missing md5 checksum%s\n");
301: p(tcps_rcvgoodsig, "\t\t%qd good md5 checksum%s\n");
1.38 itojun 302: p(tcps_connattempt, "\t%u connection request%s\n");
303: p(tcps_accepts, "\t%u connection accept%s\n");
304: p(tcps_connects, "\t%u connection%s established (including accepts)\n");
1.1 deraadt 305: p2(tcps_closed, tcps_drops,
1.60 deraadt 306: "\t%u connection%s closed (including %u drop%s)\n");
1.83 markus 307: p(tcps_conndrained, "\t%qd connection%s drained\n");
1.38 itojun 308: p(tcps_conndrops, "\t%u embryonic connection%s dropped\n");
1.1 deraadt 309: p2(tcps_rttupdated, tcps_segstimed,
1.60 deraadt 310: "\t%u segment%s updated rtt (of %u attempt%s)\n");
1.38 itojun 311: p(tcps_rexmttimeo, "\t%u retransmit timeout%s\n");
312: p(tcps_timeoutdrop, "\t\t%u connection%s dropped by rexmit timeout\n");
313: p(tcps_persisttimeo, "\t%u persist timeout%s\n");
314: p(tcps_keeptimeo, "\t%u keepalive timeout%s\n");
315: p(tcps_keepprobe, "\t\t%u keepalive probe%s sent\n");
316: p(tcps_keepdrops, "\t\t%u connection%s dropped by keepalive\n");
317: p(tcps_predack, "\t%u correct ACK header prediction%s\n");
318: p(tcps_preddat, "\t%u correct data packet header prediction%s\n");
319: p3(tcps_pcbhashmiss, "\t%u PCB cache miss%s\n");
1.59 kjc 320:
321: p(tcps_ecn_accepts, "\t%u ECN connection%s accepted\n");
322: p(tcps_ecn_rcvece, "\t\t%u ECE packet%s received\n");
323: p(tcps_ecn_rcvcwr, "\t\t%u CWR packet%s received\n");
324: p(tcps_ecn_rcvce, "\t\t%u CE packet%s received\n");
325: p(tcps_ecn_sndect, "\t\t%u ECT packet%s sent\n");
326: p(tcps_ecn_sndece, "\t\t%u ECE packet%s sent\n");
327: p(tcps_ecn_sndcwr, "\t\t%u CWR packet%s sent\n");
328: p1(tcps_cwr_frecovery, "\t\t\tcwr by fastrecovery: %u\n");
329: p1(tcps_cwr_timeout, "\t\t\tcwr by timeout: %u\n");
330: p1(tcps_cwr_ecn, "\t\t\tcwr by ecn: %u\n");
1.78 markus 331:
332: p(tcps_badsyn, "\t%u bad connection attempt%s\n");
333: p1(tcps_sc_added, "\t%qd SYN cache entries added\n");
334: p(tcps_sc_collisions, "\t\t%qd hash collision%s\n");
335: p1(tcps_sc_completed, "\t\t%qd completed\n");
336: p1(tcps_sc_aborted, "\t\t%qd aborted (no space to build PCB)\n");
337: p1(tcps_sc_timed_out, "\t\t%qd timed out\n");
338: p1(tcps_sc_overflowed, "\t\t%qd dropped due to overflow\n");
339: p1(tcps_sc_bucketoverflow, "\t\t%qd dropped due to bucket overflow\n");
340: p1(tcps_sc_reset, "\t\t%qd dropped due to RST\n");
341: p1(tcps_sc_unreach, "\t\t%qd dropped due to ICMP unreachable\n");
342: p(tcps_sc_retransmitted, "\t%qd SYN,ACK%s retransmitted\n");
343: p(tcps_sc_dupesyn, "\t%qd duplicate SYN%s received for entries "
344: "already in the cache\n");
345: p(tcps_sc_dropped, "\t%qd SYN%s dropped (no route or no space)\n");
1.95 markus 346:
347: p(tcps_sack_recovery_episode, "\t%qd SACK recovery episode%s\n");
348: p(tcps_sack_rexmits,
349: "\t\t%qd segment rexmit%s in SACK recovery episodes\n");
350: p(tcps_sack_rexmit_bytes,
351: "\t\t%qd byte rexmit%s in SACK recovery episodes\n");
352: p(tcps_sack_rcv_opts,
353: "\t%qd SACK option%s received\n");
354: p(tcps_sack_snd_opts, "\t%qd SACK option%s sent\n");
1.59 kjc 355:
1.1 deraadt 356: #undef p
1.38 itojun 357: #undef p1
1.1 deraadt 358: #undef p2
1.38 itojun 359: #undef p2a
1.1 deraadt 360: #undef p3
361: }
362:
363: /*
364: * Dump UDP statistics structure.
365: */
366: void
1.103 ! deraadt 367: udp_stats(char *name)
1.1 deraadt 368: {
369: struct udpstat udpstat;
370: u_long delivered;
1.102 reyk 371: int mib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
1.103 ! deraadt 372: size_t len = sizeof(udpstat);
1.1 deraadt 373:
1.102 reyk 374: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
375: &udpstat, &len, NULL, 0) == -1) {
1.103 ! deraadt 376: if (errno != ENOPROTOOPT)
! 377: warn(name);
1.102 reyk 378: return;
379: }
380:
1.1 deraadt 381: printf("%s:\n", name);
382: #define p(f, m) if (udpstat.f || sflag <= 1) \
1.60 deraadt 383: printf(m, udpstat.f, plural(udpstat.f))
1.38 itojun 384: #define p1(f, m) if (udpstat.f || sflag <= 1) \
1.60 deraadt 385: printf(m, udpstat.f)
386:
1.16 millert 387: p(udps_ipackets, "\t%lu datagram%s received\n");
1.38 itojun 388: p1(udps_hdrops, "\t%lu with incomplete header\n");
389: p1(udps_badlen, "\t%lu with bad data length field\n");
390: p1(udps_badsum, "\t%lu with bad checksum\n");
391: p1(udps_nosum, "\t%lu with no checksum\n");
1.50 angelos 392: p(udps_inhwcsum, "\t%lu input packet%s hardware-checksummed\n");
393: p(udps_outhwcsum, "\t%lu output packet%s hardware-checksummed\n");
1.38 itojun 394: p1(udps_noport, "\t%lu dropped due to no socket\n");
1.16 millert 395: p(udps_noportbcast, "\t%lu broadcast/multicast datagram%s dropped due to no socket\n");
1.58 miod 396: p1(udps_nosec, "\t%lu dropped due to missing IPsec protection\n");
1.38 itojun 397: p1(udps_fullsock, "\t%lu dropped due to full socket buffers\n");
1.60 deraadt 398: delivered = udpstat.udps_ipackets - udpstat.udps_hdrops -
399: udpstat.udps_badlen - udpstat.udps_badsum -
400: udpstat.udps_noport - udpstat.udps_noportbcast -
401: udpstat.udps_fullsock;
1.1 deraadt 402: if (delivered || sflag <= 1)
1.16 millert 403: printf("\t%lu delivered\n", delivered);
404: p(udps_opackets, "\t%lu datagram%s output\n");
1.38 itojun 405: p1(udps_pcbhashmiss, "\t%lu missed PCB cache\n");
1.1 deraadt 406: #undef p
1.38 itojun 407: #undef p1
1.1 deraadt 408: }
409:
410: /*
411: * Dump IP statistics structure.
412: */
413: void
1.103 ! deraadt 414: ip_stats(char *name)
1.1 deraadt 415: {
416: struct ipstat ipstat;
1.102 reyk 417: int mib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };
1.103 ! deraadt 418: size_t len = sizeof(ipstat);;
1.1 deraadt 419:
1.102 reyk 420: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
421: &ipstat, &len, NULL, 0) == -1) {
1.103 ! deraadt 422: if (errno != ENOPROTOOPT)
! 423: warn(name);
1.102 reyk 424: return;
425: }
426:
1.1 deraadt 427: printf("%s:\n", name);
428: #define p(f, m) if (ipstat.f || sflag <= 1) \
1.60 deraadt 429: printf(m, ipstat.f, plural(ipstat.f))
1.38 itojun 430: #define p1(f, m) if (ipstat.f || sflag <= 1) \
1.60 deraadt 431: printf(m, ipstat.f)
1.1 deraadt 432:
1.16 millert 433: p(ips_total, "\t%lu total packet%s received\n");
434: p(ips_badsum, "\t%lu bad header checksum%s\n");
1.38 itojun 435: p1(ips_toosmall, "\t%lu with size smaller than minimum\n");
436: p1(ips_tooshort, "\t%lu with data size < data length\n");
437: p1(ips_badhlen, "\t%lu with header length < data size\n");
438: p1(ips_badlen, "\t%lu with data length < header length\n");
439: p1(ips_badoptions, "\t%lu with bad options\n");
440: p1(ips_badvers, "\t%lu with incorrect version number\n");
1.16 millert 441: p(ips_fragments, "\t%lu fragment%s received\n");
1.62 jsyn 442: p(ips_fragdropped, "\t%lu fragment%s dropped (duplicates or out of space)\n");
1.16 millert 443: p(ips_badfrags, "\t%lu malformed fragment%s dropped\n");
444: p(ips_fragtimeout, "\t%lu fragment%s dropped after timeout\n");
445: p(ips_reassembled, "\t%lu packet%s reassembled ok\n");
446: p(ips_delivered, "\t%lu packet%s for this host\n");
447: p(ips_noproto, "\t%lu packet%s for unknown/unsupported protocol\n");
448: p(ips_forward, "\t%lu packet%s forwarded\n");
449: p(ips_cantforward, "\t%lu packet%s not forwardable\n");
450: p(ips_redirectsent, "\t%lu redirect%s sent\n");
451: p(ips_localout, "\t%lu packet%s sent from this host\n");
452: p(ips_rawout, "\t%lu packet%s sent with fabricated ip header\n");
453: p(ips_odropped, "\t%lu output packet%s dropped due to no bufs, etc.\n");
454: p(ips_noroute, "\t%lu output packet%s discarded due to no route\n");
455: p(ips_fragmented, "\t%lu output datagram%s fragmented\n");
456: p(ips_ofragments, "\t%lu fragment%s created\n");
457: p(ips_cantfrag, "\t%lu datagram%s that can't be fragmented\n");
1.38 itojun 458: p1(ips_rcvmemdrop, "\t%lu fragment floods\n");
1.42 itojun 459: p(ips_toolong, "\t%lu packet%s with ip length > max ip packet size\n");
460: p(ips_nogif, "\t%lu tunneling packet%s that can't find gif\n");
1.49 itojun 461: p(ips_badaddr, "\t%lu datagram%s with bad address in header\n");
1.50 angelos 462: p(ips_inhwcsum, "\t%lu input datagram%s checksum-processed by hardware\n");
463: p(ips_outhwcsum, "\t%lu output datagram%s checksum-processed by hardware\n");
1.97 mpf 464: p(ips_notmember, "\t%lu multicast packet%s which we don't join\n");
1.1 deraadt 465: #undef p
1.38 itojun 466: #undef p1
1.1 deraadt 467: }
468:
1.68 tedu 469: static char *icmpnames[ICMP_MAXTYPE + 1] = {
1.1 deraadt 470: "echo reply",
471: "#1",
472: "#2",
473: "destination unreachable",
474: "source quench",
475: "routing redirect",
476: "#6",
477: "#7",
478: "echo",
1.9 deraadt 479: "router advertisement",
480: "router solicitation",
1.1 deraadt 481: "time exceeded",
482: "parameter problem",
483: "time stamp",
484: "time stamp reply",
485: "information request",
486: "information request reply",
487: "address mask request",
488: "address mask reply",
1.68 tedu 489: "#19",
490: "#20",
491: "#21",
492: "#22",
493: "#23",
494: "#24",
495: "#25",
496: "#26",
497: "#27",
498: "#28",
499: "#29",
500: "traceroute",
501: "data conversion error",
502: "mobile host redirect",
503: "IPv6 where-are-you",
504: "IPv6 i-am-here",
505: "mobile registration request",
506: "mobile registration reply",
507: "#37",
508: "#38",
509: "SKIP",
510: "Photuris",
1.1 deraadt 511: };
512:
513: /*
514: * Dump ICMP statistics.
515: */
516: void
1.103 ! deraadt 517: icmp_stats(char *name)
1.1 deraadt 518: {
519: struct icmpstat icmpstat;
1.54 mpech 520: int i, first;
1.102 reyk 521: int mib[] = { CTL_NET, AF_INET, IPPROTO_ICMP, ICMPCTL_STATS };
1.103 ! deraadt 522: size_t len = sizeof(icmpstat);
1.102 reyk 523:
524: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
525: &icmpstat, &len, NULL, 0) == -1) {
1.103 ! deraadt 526: if (errno != ENOPROTOOPT)
! 527: warn(name);
1.102 reyk 528: return;
529: }
530:
1.1 deraadt 531: printf("%s:\n", name);
532: #define p(f, m) if (icmpstat.f || sflag <= 1) \
1.60 deraadt 533: printf(m, icmpstat.f, plural(icmpstat.f))
1.1 deraadt 534:
1.16 millert 535: p(icps_error, "\t%lu call%s to icmp_error\n");
1.1 deraadt 536: p(icps_oldicmp,
1.61 aaron 537: "\t%lu error%s not generated because old message was icmp\n");
1.1 deraadt 538: for (first = 1, i = 0; i < ICMP_MAXTYPE + 1; i++)
539: if (icmpstat.icps_outhist[i] != 0) {
540: if (first) {
1.43 itojun 541: printf("\tOutput packet histogram:\n");
1.1 deraadt 542: first = 0;
543: }
1.68 tedu 544: if (icmpnames[i])
545: printf("\t\t%s:", icmpnames[i]);
546: else
547: printf("\t\t#%d:", i);
548: printf(" %lu\n", icmpstat.icps_outhist[i]);
1.1 deraadt 549: }
1.16 millert 550: p(icps_badcode, "\t%lu message%s with bad code fields\n");
551: p(icps_tooshort, "\t%lu message%s < minimum length\n");
552: p(icps_checksum, "\t%lu bad checksum%s\n");
553: p(icps_badlen, "\t%lu message%s with bad length\n");
1.1 deraadt 554: for (first = 1, i = 0; i < ICMP_MAXTYPE + 1; i++)
555: if (icmpstat.icps_inhist[i] != 0) {
556: if (first) {
1.43 itojun 557: printf("\tInput packet histogram:\n");
1.1 deraadt 558: first = 0;
559: }
1.68 tedu 560: if (icmpnames[i])
561: printf("\t\t%s:", icmpnames[i]);
562: else
563: printf("\t\t#%d:", i);
564: printf(" %lu\n", icmpstat.icps_inhist[i]);
1.1 deraadt 565: }
1.16 millert 566: p(icps_reflect, "\t%lu message response%s generated\n");
1.1 deraadt 567: #undef p
568: }
569:
570: /*
571: * Dump IGMP statistics structure.
572: */
573: void
1.103 ! deraadt 574: igmp_stats(char *name)
1.1 deraadt 575: {
576: struct igmpstat igmpstat;
1.103 ! deraadt 577: int mib[] = { CTL_NET, AF_INET, IPPROTO_IGMP, IGMPCTL_STATS };
! 578: size_t len = sizeof(igmpstat);
1.1 deraadt 579:
1.103 ! deraadt 580: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
! 581: &igmpstat, &len, NULL, 0) == -1) {
! 582: if (errno != ENOPROTOOPT)
! 583: warn(name);
1.1 deraadt 584: return;
1.103 ! deraadt 585: }
! 586:
1.1 deraadt 587: printf("%s:\n", name);
588: #define p(f, m) if (igmpstat.f || sflag <= 1) \
1.60 deraadt 589: printf(m, igmpstat.f, plural(igmpstat.f))
1.1 deraadt 590: #define py(f, m) if (igmpstat.f || sflag <= 1) \
1.60 deraadt 591: printf(m, igmpstat.f, igmpstat.f != 1 ? "ies" : "y")
592:
1.16 millert 593: p(igps_rcv_total, "\t%lu message%s received\n");
1.55 mickey 594: p(igps_rcv_tooshort, "\t%lu message%s received with too few bytes\n");
595: p(igps_rcv_badsum, "\t%lu message%s received with bad checksum\n");
596: py(igps_rcv_queries, "\t%lu membership quer%s received\n");
597: py(igps_rcv_badqueries, "\t%lu membership quer%s received with invalid field(s)\n");
598: p(igps_rcv_reports, "\t%lu membership report%s received\n");
599: p(igps_rcv_badreports, "\t%lu membership report%s received with invalid field(s)\n");
600: p(igps_rcv_ourreports, "\t%lu membership report%s received for groups to which we belong\n");
601: p(igps_snd_reports, "\t%lu membership report%s sent\n");
1.90 mcbride 602: #undef p
603: #undef py
604: }
605:
606: /*
607: * Dump PIM statistics structure.
608: */
609: void
1.103 ! deraadt 610: pim_stats(char *name)
1.90 mcbride 611: {
612: struct pimstat pimstat;
1.103 ! deraadt 613: int mib[] = { CTL_NET, AF_INET, IPPROTO_PIM, PIMCTL_STATS };
! 614: size_t len = sizeof(pimstat);
1.90 mcbride 615:
1.103 ! deraadt 616: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
! 617: &pimstat, &len, NULL, 0) == -1) {
! 618: if (errno != ENOPROTOOPT)
! 619: warn(name);
1.90 mcbride 620: return;
621: }
622:
623: printf("%s:\n", name);
624: #define p(f, m) if (pimstat.f || sflag <= 1) \
625: printf(m, pimstat.f, plural(pimstat.f))
626: #define py(f, m) if (pimstat.f || sflag <= 1) \
627: printf(m, pimstat.f, pimstat.f != 1 ? "ies" : "y")
628:
629: p(pims_rcv_total_msgs, "\t%llu message%s received\n");
630: p(pims_rcv_total_bytes, "\t%llu byte%s received\n");
631: p(pims_rcv_tooshort, "\t%llu message%s received with too few bytes\n");
632: p(pims_rcv_badsum, "\t%llu message%s received with bad checksum\n");
633: p(pims_rcv_badversion, "\t%llu message%s received with bad version\n");
634: p(pims_rcv_registers_msgs, "\t%llu data register message%s received\n");
635: p(pims_rcv_registers_bytes, "\t%llu data register byte%s received\n");
636: p(pims_rcv_registers_wrongiif, "\t%llu data register message%s received on wrong iif\n");
637: p(pims_rcv_badregisters, "\t%llu bad register%s received\n");
638: p(pims_snd_registers_msgs, "\t%llu data register message%s sent\n");
639: p(pims_snd_registers_bytes, "\t%llu data register byte%s sent\n");
1.1 deraadt 640: #undef p
641: #undef py
642: }
643:
1.5 deraadt 644: struct rpcnams {
645: struct rpcnams *next;
1.16 millert 646: in_port_t port;
1.21 deraadt 647: int proto;
1.5 deraadt 648: char *rpcname;
649: };
650:
1.66 deraadt 651: static char *
1.63 deraadt 652: getrpcportnam(in_port_t port, int proto)
1.5 deraadt 653: {
654: struct sockaddr_in server_addr;
1.54 mpech 655: struct hostent *hp;
1.5 deraadt 656: static struct pmaplist *head;
657: int socket = RPC_ANYSOCK;
658: struct timeval minutetimeout;
1.54 mpech 659: CLIENT *client;
1.5 deraadt 660: struct rpcent *rpc;
661: static int first;
662: static struct rpcnams *rpcn;
663: struct rpcnams *n;
1.23 deraadt 664: char num[20];
1.55 mickey 665:
1.5 deraadt 666: if (first == 0) {
667: first = 1;
1.93 jaredy 668: memset(&server_addr, 0, sizeof server_addr);
1.5 deraadt 669: server_addr.sin_family = AF_INET;
670: if ((hp = gethostbyname("localhost")) != NULL)
1.7 deraadt 671: memmove((caddr_t)&server_addr.sin_addr, hp->h_addr,
1.5 deraadt 672: hp->h_length);
673: else
674: (void) inet_aton("0.0.0.0", &server_addr.sin_addr);
675:
676: minutetimeout.tv_sec = 60;
677: minutetimeout.tv_usec = 0;
678: server_addr.sin_port = htons(PMAPPORT);
679: if ((client = clnttcp_create(&server_addr, PMAPPROG,
1.7 deraadt 680: PMAPVERS, &socket, 50, 500)) == NULL)
681: return (NULL);
1.5 deraadt 682: if (clnt_call(client, PMAPPROC_DUMP, xdr_void, NULL,
1.8 deraadt 683: xdr_pmaplist, &head, minutetimeout) != RPC_SUCCESS) {
1.7 deraadt 684: clnt_destroy(client);
685: return (NULL);
1.5 deraadt 686: }
687: for (; head != NULL; head = head->pml_next) {
688: n = (struct rpcnams *)malloc(sizeof(struct rpcnams));
689: if (n == NULL)
690: continue;
691: n->next = rpcn;
692: rpcn = n;
693: n->port = head->pml_map.pm_port;
1.21 deraadt 694: n->proto = head->pml_map.pm_prot;
1.5 deraadt 695:
696: rpc = getrpcbynumber(head->pml_map.pm_prog);
697: if (rpc)
698: n->rpcname = strdup(rpc->r_name);
699: else {
1.23 deraadt 700: snprintf(num, sizeof num, "%ld",
701: head->pml_map.pm_prog);
1.5 deraadt 702: n->rpcname = strdup(num);
703: }
704: }
705: clnt_destroy(client);
706: }
707:
708: for (n = rpcn; n; n = n->next)
1.21 deraadt 709: if (n->port == port && n->proto == proto)
1.5 deraadt 710: return (n->rpcname);
711: return (NULL);
712: }
713:
1.1 deraadt 714: /*
715: * Pretty print an Internet address (net address + port).
716: * If the nflag was specified, use numbers instead of names.
717: */
718: void
1.63 deraadt 719: inetprint(struct in_addr *in, in_port_t port, char *proto, int local)
1.1 deraadt 720: {
721: struct servent *sp = 0;
1.5 deraadt 722: char line[80], *cp, *nam;
1.1 deraadt 723: int width;
724:
1.23 deraadt 725: snprintf(line, sizeof line, "%.*s.", (Aflag && !nflag) ? 12 : 16,
726: inetname(in));
1.4 millert 727: cp = strchr(line, '\0');
1.1 deraadt 728: if (!nflag && port)
729: sp = getservbyport((int)port, proto);
730: if (sp || port == 0)
1.23 deraadt 731: snprintf(cp, line + sizeof line - cp, "%.8s",
732: sp ? sp->s_name : "*");
1.21 deraadt 733: else if (local && !nflag && (nam = getrpcportnam(ntohs(port),
734: (strcmp(proto, "tcp") == 0 ? IPPROTO_TCP : IPPROTO_UDP))))
1.23 deraadt 735: snprintf(cp, line + sizeof line - cp, "%d[%.8s]",
736: ntohs(port), nam);
1.1 deraadt 737: else
1.23 deraadt 738: snprintf(cp, line + sizeof line - cp, "%d", ntohs(port));
1.1 deraadt 739: width = Aflag ? 18 : 22;
740: printf(" %-*.*s", width, width, line);
741: }
742:
743: /*
744: * Construct an Internet address representation.
745: * If the nflag has been supplied, give
746: * numeric value, otherwise try for symbolic name.
747: */
748: char *
1.63 deraadt 749: inetname(struct in_addr *inp)
1.1 deraadt 750: {
1.54 mpech 751: char *cp;
1.1 deraadt 752: static char line[50];
753: struct hostent *hp;
754: struct netent *np;
1.57 mpech 755: static char domain[MAXHOSTNAMELEN];
1.1 deraadt 756: static int first = 1;
757:
758: if (first && !nflag) {
759: first = 0;
1.57 mpech 760: if (gethostname(domain, sizeof(domain)) == 0 &&
1.4 millert 761: (cp = strchr(domain, '.')))
1.60 deraadt 762: (void) strlcpy(domain, cp + 1, sizeof domain);
1.1 deraadt 763: else
1.60 deraadt 764: domain[0] = '\0';
1.1 deraadt 765: }
1.84 deraadt 766: cp = NULL;
1.1 deraadt 767: if (!nflag && inp->s_addr != INADDR_ANY) {
768: int net = inet_netof(*inp);
769: int lna = inet_lnaof(*inp);
770:
771: if (lna == INADDR_ANY) {
772: np = getnetbyaddr(net, AF_INET);
773: if (np)
774: cp = np->n_name;
775: }
1.84 deraadt 776: if (cp == NULL) {
1.1 deraadt 777: hp = gethostbyaddr((char *)inp, sizeof (*inp), AF_INET);
778: if (hp) {
1.4 millert 779: if ((cp = strchr(hp->h_name, '.')) &&
1.1 deraadt 780: !strcmp(cp + 1, domain))
1.84 deraadt 781: *cp = '\0';
1.1 deraadt 782: cp = hp->h_name;
783: }
784: }
785: }
786: if (inp->s_addr == INADDR_ANY)
1.23 deraadt 787: snprintf(line, sizeof line, "*");
1.1 deraadt 788: else if (cp)
1.23 deraadt 789: snprintf(line, sizeof line, "%s", cp);
1.1 deraadt 790: else {
791: inp->s_addr = ntohl(inp->s_addr);
792: #define C(x) ((x) & 0xff)
1.23 deraadt 793: snprintf(line, sizeof line, "%u.%u.%u.%u",
794: C(inp->s_addr >> 24), C(inp->s_addr >> 16),
795: C(inp->s_addr >> 8), C(inp->s_addr));
1.1 deraadt 796: }
797: return (line);
1.10 angelos 798: }
799:
800: /*
801: * Dump AH statistics structure.
802: */
803: void
1.103 ! deraadt 804: ah_stats(char *name)
1.10 angelos 805: {
1.55 mickey 806: struct ahstat ahstat;
1.103 ! deraadt 807: int mib[] = { CTL_NET, AF_INET, IPPROTO_AH, AHCTL_STATS };
! 808: size_t len = sizeof(ahstat);
1.10 angelos 809:
1.103 ! deraadt 810: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
! 811: &ahstat, &len, NULL, 0) == -1) {
! 812: if (errno != ENOPROTOOPT)
! 813: warn(name);
1.55 mickey 814: return;
1.103 ! deraadt 815: }
! 816:
1.55 mickey 817: printf("%s:\n", name);
1.10 angelos 818: #define p(f, m) if (ahstat.f || sflag <= 1) \
1.60 deraadt 819: printf(m, ahstat.f, plural(ahstat.f))
1.38 itojun 820: #define p1(f, m) if (ahstat.f || sflag <= 1) \
1.60 deraadt 821: printf(m, ahstat.f)
1.10 angelos 822:
1.38 itojun 823: p1(ahs_input, "\t%u input AH packets\n");
824: p1(ahs_output, "\t%u output AH packets\n");
1.55 mickey 825: p(ahs_nopf, "\t%u packet%s from unsupported protocol families\n");
826: p(ahs_hdrops, "\t%u packet%s shorter than header shows\n");
827: p(ahs_pdrops, "\t%u packet%s dropped due to policy\n");
828: p(ahs_notdb, "\t%u packet%s for which no TDB was found\n");
829: p(ahs_badkcr, "\t%u input packet%s that failed to be processed\n");
830: p(ahs_badauth, "\t%u packet%s that failed verification received\n");
831: p(ahs_noxform, "\t%u packet%s for which no XFORM was set in TDB received\n");
832: p(ahs_qfull, "\t%u packet%s were dropped due to full output queue\n");
833: p(ahs_wrap, "\t%u packet%s where counter wrapping was detected\n");
834: p(ahs_replay, "\t%u possibly replayed packet%s received\n");
835: p(ahs_badauthl, "\t%u packet%s with bad authenticator length received\n");
1.62 jsyn 836: p(ahs_invalid, "\t%u packet%s attempted to use an invalid TDB\n");
1.25 niklas 837: p(ahs_toobig, "\t%u packet%s got larger than max IP packet size\n");
1.46 angelos 838: p(ahs_crypto, "\t%u packet%s that failed crypto processing\n");
1.20 angelos 839: p(ahs_ibytes, "\t%qu input byte%s\n");
840: p(ahs_obytes, "\t%qu output byte%s\n");
841:
1.34 angelos 842: #undef p
1.38 itojun 843: #undef p1
1.34 angelos 844: }
845:
846: /*
847: * Dump etherip statistics structure.
848: */
849: void
1.103 ! deraadt 850: etherip_stats(char *name)
1.34 angelos 851: {
1.55 mickey 852: struct etheripstat etheripstat;
1.103 ! deraadt 853: int mib[] = { CTL_NET, AF_INET, IPPROTO_ETHERIP, ETHERIPCTL_STATS };
! 854: size_t len = sizeof(etheripstat);
1.34 angelos 855:
1.103 ! deraadt 856: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
! 857: ðeripstat, &len, NULL, 0) == -1) {
! 858: if (errno != ENOPROTOOPT)
! 859: warn(name);
1.55 mickey 860: return;
1.103 ! deraadt 861: }
! 862:
1.55 mickey 863: printf("%s:\n", name);
1.34 angelos 864: #define p(f, m) if (etheripstat.f || sflag <= 1) \
1.60 deraadt 865: printf(m, etheripstat.f, plural(etheripstat.f))
1.34 angelos 866:
1.53 brian 867: p(etherip_hdrops, "\t%u packet%s shorter than header shows\n");
868: p(etherip_qfull, "\t%u packet%s were dropped due to full output queue\n");
1.34 angelos 869: p(etherip_noifdrops, "\t%u packet%s were dropped because of no interface/bridge information\n");
1.53 brian 870: p(etherip_pdrops, "\t%u packet%s dropped due to policy\n");
871: p(etherip_adrops, "\t%u packet%s dropped for other reasons\n");
872: p(etherip_ipackets, "\t%u input ethernet-in-IP packet%s\n");
873: p(etherip_opackets, "\t%u output ethernet-in-IP packet%s\n");
1.34 angelos 874: p(etherip_ibytes, "\t%qu input byte%s\n");
875: p(etherip_obytes, "\t%qu output byte%s\n");
1.10 angelos 876: #undef p
877: }
878:
879: /*
880: * Dump ESP statistics structure.
881: */
882: void
1.103 ! deraadt 883: esp_stats(char *name)
1.10 angelos 884: {
1.55 mickey 885: struct espstat espstat;
1.103 ! deraadt 886: int mib[] = { CTL_NET, AF_INET, IPPROTO_ESP, ESPCTL_STATS };
! 887: size_t len = sizeof(espstat);
1.10 angelos 888:
1.103 ! deraadt 889: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
! 890: &espstat, &len, NULL, 0) == -1) {
! 891: if (errno != ENOPROTOOPT)
! 892: warn(name);
1.55 mickey 893: return;
1.103 ! deraadt 894: }
! 895:
1.55 mickey 896: printf("%s:\n", name);
1.10 angelos 897: #define p(f, m) if (espstat.f || sflag <= 1) \
1.60 deraadt 898: printf(m, espstat.f, plural(espstat.f))
1.10 angelos 899:
1.38 itojun 900: p(esps_input, "\t%u input ESP packet%s\n");
901: p(esps_output, "\t%u output ESP packet%s\n");
1.55 mickey 902: p(esps_nopf, "\t%u packet%s from unsupported protocol families\n");
903: p(esps_hdrops, "\t%u packet%s shorter than header shows\n");
904: p(esps_pdrops, "\t%u packet%s dropped due to policy\n");
905: p(esps_notdb, "\t%u packet%s for which no TDB was found\n");
906: p(esps_badkcr, "\t%u input packet%s that failed to be processed\n");
907: p(esps_badenc, "\t%u packet%s with bad encryption received\n");
908: p(esps_badauth, "\t%u packet%s that failed verification received\n");
909: p(esps_noxform, "\t%u packet%s for which no XFORM was set in TDB received\n");
910: p(esps_qfull, "\t%u packet%s were dropped due to full output queue\n");
911: p(esps_wrap, "\t%u packet%s where counter wrapping was detected\n");
912: p(esps_replay, "\t%u possibly replayed packet%s received\n");
913: p(esps_badilen, "\t%u packet%s with bad payload size or padding received\n");
1.62 jsyn 914: p(esps_invalid, "\t%u packet%s attempted to use an invalid TDB\n");
1.25 niklas 915: p(esps_toobig, "\t%u packet%s got larger than max IP packet size\n");
1.46 angelos 916: p(esps_crypto, "\t%u packet%s that failed crypto processing\n");
1.74 markus 917: p(esps_udpencin, "\t%u input UDP encapsulated ESP packet%s\n");
918: p(esps_udpencout, "\t%u output UDP encapsulated ESP packet%s\n");
919: p(esps_udpinval, "\t%u UDP packet%s for non-encapsulating TDB received\n");
1.20 angelos 920: p(esps_ibytes, "\t%qu input byte%s\n");
921: p(esps_obytes, "\t%qu output byte%s\n");
1.10 angelos 922:
923: #undef p
924: }
925:
926: /*
1.67 deraadt 927: * Dump IP-in-IP statistics structure.
1.10 angelos 928: */
929: void
1.103 ! deraadt 930: ipip_stats(char *name)
1.10 angelos 931: {
1.55 mickey 932: struct ipipstat ipipstat;
1.103 ! deraadt 933: int mib[] = { CTL_NET, AF_INET, IPPROTO_IPIP, IPIPCTL_STATS };
! 934: size_t len = sizeof(ipipstat);
1.10 angelos 935:
1.103 ! deraadt 936: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
! 937: &ipipstat, &len, NULL, 0) == -1) {
! 938: if (errno != ENOPROTOOPT)
! 939: warn(name);
1.55 mickey 940: return;
1.103 ! deraadt 941: }
! 942:
1.55 mickey 943: printf("%s:\n", name);
1.45 angelos 944: #define p(f, m) if (ipipstat.f || sflag <= 1) \
1.60 deraadt 945: printf(m, ipipstat.f, plural(ipipstat.f))
1.10 angelos 946:
1.55 mickey 947: p(ipips_ipackets, "\t%u total input packet%s\n");
948: p(ipips_opackets, "\t%u total output packet%s\n");
949: p(ipips_hdrops, "\t%u packet%s shorter than header shows\n");
950: p(ipips_pdrops, "\t%u packet%s dropped due to policy\n");
951: p(ipips_spoof, "\t%u packet%s with possibly spoofed local addresses\n");
952: p(ipips_qfull, "\t%u packet%s were dropped due to full output queue\n");
1.45 angelos 953: p(ipips_ibytes, "\t%qu input byte%s\n");
954: p(ipips_obytes, "\t%qu output byte%s\n");
1.63 deraadt 955: p(ipips_family, "\t%u protocol family mismatche%s\n");
956: p(ipips_unspec, "\t%u attempt%s to use tunnel with unspecified endpoint(s)\n");
1.69 mcbride 957: #undef p
958: }
959:
1.84 deraadt 960: /*
1.69 mcbride 961: * Dump CARP statistics structure.
962: */
963: void
1.103 ! deraadt 964: carp_stats(char *name)
1.69 mcbride 965: {
966: struct carpstats carpstat;
1.103 ! deraadt 967: int mib[] = { CTL_NET, AF_INET, IPPROTO_CARP, CARPCTL_STATS };
! 968: size_t len = sizeof(carpstat);
1.69 mcbride 969:
1.103 ! deraadt 970: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
! 971: &carpstat, &len, NULL, 0) == -1) {
! 972: if (errno != ENOPROTOOPT)
! 973: warn(name);
1.69 mcbride 974: return;
1.103 ! deraadt 975: }
! 976:
1.69 mcbride 977: printf("%s:\n", name);
978: #define p(f, m) if (carpstat.f || sflag <= 1) \
979: printf(m, carpstat.f, plural(carpstat.f))
980: #define p2(f, m) if (carpstat.f || sflag <= 1) \
981: printf(m, carpstat.f)
982:
1.87 mcbride 983: p(carps_ipackets, "\t%llu packet%s received (IPv4)\n");
984: p(carps_ipackets6, "\t%llu packet%s received (IPv6)\n");
985: p(carps_badif, "\t\t%llu packet%s discarded for bad interface\n");
1.89 mcbride 986: p(carps_badttl, "\t\t%llu packet%s discarded for wrong TTL\n");
1.87 mcbride 987: p(carps_hdrops, "\t\t%llu packet%s shorter than header\n");
988: p(carps_badsum, "\t\t%llu discarded for bad checksum%s\n");
989: p(carps_badver, "\t\t%llu discarded packet%s with a bad version\n");
990: p2(carps_badlen, "\t\t%llu discarded because packet too short\n");
991: p2(carps_badauth, "\t\t%llu discarded for bad authentication\n");
992: p2(carps_badvhid, "\t\t%llu discarded for bad vhid\n");
993: p2(carps_badaddrs, "\t\t%llu discarded because of a bad address list\n");
994: p(carps_opackets, "\t%llu packet%s sent (IPv4)\n");
995: p(carps_opackets6, "\t%llu packet%s sent (IPv6)\n");
1.89 mcbride 996: p2(carps_onomem, "\t\t%llu send failed due to mbuf memory error\n");
1.101 joel 997: p(carps_preempt, "\t%llu transition%s to master\n");
1.51 jjbg 998: #undef p
1.70 mcbride 999: #undef p2
1.51 jjbg 1000: }
1001:
1.94 deraadt 1002: /*
1.75 mcbride 1003: * Dump pfsync statistics structure.
1004: */
1005: void
1.103 ! deraadt 1006: pfsync_stats(char *name)
1.75 mcbride 1007: {
1008: struct pfsyncstats pfsyncstat;
1.103 ! deraadt 1009: int mib[] = { CTL_NET, AF_INET, IPPROTO_PFSYNC, PFSYNCCTL_STATS };
! 1010: size_t len = sizeof(pfsyncstat);
1.75 mcbride 1011:
1.103 ! deraadt 1012: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
! 1013: &pfsyncstat, &len, NULL, 0) == -1) {
! 1014: if (errno != ENOPROTOOPT)
! 1015: warn(name);
1.75 mcbride 1016: return;
1.103 ! deraadt 1017: }
! 1018:
1.75 mcbride 1019: printf("%s:\n", name);
1020: #define p(f, m) if (pfsyncstat.f || sflag <= 1) \
1021: printf(m, pfsyncstat.f, plural(pfsyncstat.f))
1022: #define p2(f, m) if (pfsyncstat.f || sflag <= 1) \
1023: printf(m, pfsyncstat.f)
1024:
1.86 mcbride 1025: p(pfsyncs_ipackets, "\t%llu packet%s received (IPv4)\n");
1026: p(pfsyncs_ipackets6, "\t%llu packet%s received (IPv6)\n");
1027: p(pfsyncs_badif, "\t\t%llu packet%s discarded for bad interface\n");
1028: p(pfsyncs_badttl, "\t\t%llu packet%s discarded for bad ttl\n");
1029: p(pfsyncs_hdrops, "\t\t%llu packet%s shorter than header\n");
1030: p(pfsyncs_badver, "\t\t%llu packet%s discarded for bad version\n");
1031: p(pfsyncs_badauth, "\t\t%llu packet%s discarded for bad HMAC\n");
1032: p(pfsyncs_badact,"\t\t%llu packet%s discarded for bad action\n");
1033: p(pfsyncs_badlen, "\t\t%llu packet%s discarded for short packet\n");
1034: p(pfsyncs_badval, "\t\t%llu state%s discarded for bad values\n");
1035: p(pfsyncs_stale, "\t\t%llu stale state%s\n");
1036: p(pfsyncs_badstate, "\t\t%llu failed state lookup/insert%s\n");
1037: p(pfsyncs_opackets, "\t%llu packet%s sent (IPv4)\n");
1038: p(pfsyncs_opackets6, "\t%llu packet%s sent (IPv6)\n");
1039: p2(pfsyncs_onomem, "\t\t%llu send failed due to mbuf memory error\n");
1040: p2(pfsyncs_oerrors, "\t\t%llu send error\n");
1.75 mcbride 1041: #undef p
1042: #undef p2
1043: }
1044:
1.51 jjbg 1045: /*
1046: * Dump IPCOMP statistics structure.
1047: */
1048: void
1.103 ! deraadt 1049: ipcomp_stats(char *name)
1.51 jjbg 1050: {
1051: struct ipcompstat ipcompstat;
1.103 ! deraadt 1052: int mib[] = { CTL_NET, AF_INET, IPPROTO_IPCOMP, IPCOMPCTL_STATS };
! 1053: size_t len = sizeof(ipcompstat);
1.51 jjbg 1054:
1.103 ! deraadt 1055: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
! 1056: &ipcompstat, &len, NULL, 0) == -1) {
! 1057: if (errno != ENOPROTOOPT)
! 1058: warn(name);
1.51 jjbg 1059: return;
1.103 ! deraadt 1060: }
! 1061:
1.51 jjbg 1062: printf("%s:\n", name);
1063: #define p(f, m) if (ipcompstat.f || sflag <= 1) \
1.60 deraadt 1064: printf(m, ipcompstat.f, plural(ipcompstat.f))
1.51 jjbg 1065:
1066: p(ipcomps_input, "\t%u input IPCOMP packet%s\n");
1067: p(ipcomps_output, "\t%u output IPCOMP packet%s\n");
1068: p(ipcomps_nopf, "\t%u packet%s from unsupported protocol families\n");
1069: p(ipcomps_hdrops, "\t%u packet%s shorter than header shows\n");
1070: p(ipcomps_pdrops, "\t%u packet%s dropped due to policy\n");
1071: p(ipcomps_notdb, "\t%u packet%s for which no TDB was found\n");
1072: p(ipcomps_badkcr, "\t%u input packet%s that failed to be processed\n");
1.55 mickey 1073: p(ipcomps_noxform, "\t%u packet%s for which no XFORM was set in TDB received\n");
1.51 jjbg 1074: p(ipcomps_qfull, "\t%u packet%s were dropped due to full output queue\n");
1075: p(ipcomps_wrap, "\t%u packet%s where counter wrapping was detected\n");
1.62 jsyn 1076: p(ipcomps_invalid, "\t%u packet%s attempted to use an invalid TDB\n");
1.51 jjbg 1077: p(ipcomps_toobig, "\t%u packet%s got larger than max IP packet size\n");
1078: p(ipcomps_crypto, "\t%u packet%s that failed (de)compression processing\n");
1.64 jason 1079: p(ipcomps_minlen, "\t%u packet%s less than minimum compression length\n");
1.51 jjbg 1080: p(ipcomps_ibytes, "\t%qu input byte%s\n");
1081: p(ipcomps_obytes, "\t%qu output byte%s\n");
1082:
1.10 angelos 1083: #undef p
1.1 deraadt 1084: }
1.96 markus 1085:
1086: /*
1087: * Dump the contents of a TCPCB
1088: */
1089: void
1090: tcp_dump(u_long off)
1091: {
1092: struct tcpcb tcpcb;
1093:
1094: if (off == 0)
1095: return;
1096: kread(off, (char *)&tcpcb, sizeof (tcpcb));
1097:
1098: #define p(fmt, v, sep) printf(#v " " fmt sep, tcpcb.v);
1.100 ray 1099: printf("pcb %#lx, ", off);
1.96 markus 1100: p("%p", t_inpcb, "\n");
1101: p("%d", t_state, "");
1102: if (tcpcb.t_state >= 0 && tcpcb.t_state < TCP_NSTATES)
1103: printf(" (%s)", tcpstates[tcpcb.t_state]);
1104: printf("\n");
1105: p("%d", t_rxtshift, ", ");
1106: p("%d", t_rxtcur, ", ");
1107: p("%d", t_dupacks, "\n");
1108: p("%u", t_maxseg, ", ");
1109: p("%u", t_maxopd, ", ");
1110: p("%u", t_peermss, "\n");
1111: p("0x%x", t_flags, ", ");
1112: p("%u", t_force, "\n");
1113: p("%u", iss, "\n");
1114: p("%u", snd_una, ", ");
1115: p("%u", snd_nxt, ", ");
1116: p("%u", snd_up, "\n");
1117: p("%u", snd_wl1, ", ");
1118: p("%u", snd_wl2, ", ");
1119: p("%lu", snd_wnd, "\n");
1120: p("%d", sack_enable, ", ");
1121: p("%d", snd_numholes, ", ");
1122: p("%u", snd_fack, ", ");
1123: p("%lu",snd_awnd, "\n");
1124: p("%u", retran_data, ", ");
1125: p("%u", snd_last, "\n");
1126: p("%u", irs, "\n");
1127: p("%u", rcv_nxt, ", ");
1128: p("%u", rcv_up, ", ");
1129: p("%lu", rcv_wnd, "\n");
1130: p("%u", rcv_lastsack, "\n");
1131: p("%d", rcv_numsacks, "\n");
1132: p("%u", rcv_adv, ", ");
1133: p("%u", snd_max, "\n");
1134: p("%lu", snd_cwnd, ", ");
1135: p("%lu", snd_ssthresh, ", ");
1136: p("%lu", max_sndwnd, "\n");
1137: p("%u", t_rcvtime, ", ");
1138: p("%u", t_rtttime, ", ");
1139: p("%u", t_rtseq, "\n");
1140: p("%u", t_srtt, ", ");
1141: p("%u", t_rttvar, ", ");
1142: p("%u", t_rttmin, "\n");
1143: p("%u", t_oobflags, ", ");
1144: p("%u", t_iobc, "\n");
1145: p("%u", t_softerror, "\n");
1146: p("%u", snd_scale, ", ");
1147: p("%u", rcv_scale, ", ");
1148: p("%u", request_r_scale, ", ");
1149: p("%u", requested_s_scale, "\n");
1150: p("%u", ts_recent, ", ");
1151: p("%u", ts_recent_age, "\n");
1152: p("%u", last_ack_sent, "\n");
1.98 markus 1153: HTONS(tcpcb.t_pmtud_ip_len);
1154: HTONS(tcpcb.t_pmtud_nextmtu);
1155: p("%u", t_pmtud_mss_acked, ", ");
1156: p("%u", t_pmtud_mtu_sent, "\n");
1157: p("%u", t_pmtud_nextmtu, ", ");
1158: p("%u", t_pmtud_ip_len, ", ");
1159: p("%u", t_pmtud_ip_hl, "\n");
1160: p("%u", t_pmtud_th_seq, "\n");
1.96 markus 1161: p("%u", pf, "\n");
1162: #undef p
1.98 markus 1163: }