Annotation of src/usr.bin/netstat/inet.c, Revision 1.113
1.113 ! blambert 1: /* $OpenBSD: inet.c,v 1.112 2009/11/05 20:50:14 michele Exp $ */
1.1 deraadt 2: /* $NetBSD: inet.c,v 1.14 1995/10/03 21:42:37 thorpej Exp $ */
3:
4: /*
5: * Copyright (c) 1983, 1988, 1993
6: * The Regents of the University of California. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: * 1. Redistributions of source code must retain the above copyright
12: * notice, this list of conditions and the following disclaimer.
13: * 2. Redistributions in binary form must reproduce the above copyright
14: * notice, this list of conditions and the following disclaimer in the
15: * documentation and/or other materials provided with the distribution.
1.65 millert 16: * 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 17: * may be used to endorse or promote products derived from this software
18: * without specific prior written permission.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30: * SUCH DAMAGE.
31: */
32:
33: #include <sys/param.h>
34: #include <sys/queue.h>
35: #include <sys/socket.h>
36: #include <sys/socketvar.h>
37: #include <sys/mbuf.h>
38: #include <sys/protosw.h>
1.102 reyk 39: #include <sys/sysctl.h>
1.1 deraadt 40:
41: #include <net/route.h>
42: #include <netinet/in.h>
43: #include <netinet/in_systm.h>
44: #include <netinet/ip.h>
45: #include <netinet/in_pcb.h>
46: #include <netinet/ip_icmp.h>
47: #include <netinet/icmp_var.h>
48: #include <netinet/igmp_var.h>
49: #include <netinet/ip_var.h>
1.90 mcbride 50: #include <netinet/pim_var.h>
1.1 deraadt 51: #include <netinet/tcp.h>
52: #include <netinet/tcpip.h>
53: #include <netinet/tcp_seq.h>
54: #define TCPSTATES
55: #include <netinet/tcp_fsm.h>
56: #include <netinet/tcp_timer.h>
57: #include <netinet/tcp_var.h>
58: #include <netinet/tcp_debug.h>
59: #include <netinet/udp.h>
60: #include <netinet/udp_var.h>
1.30 angelos 61: #include <netinet/ip_ipsp.h>
1.10 angelos 62: #include <netinet/ip_ah.h>
63: #include <netinet/ip_esp.h>
1.45 angelos 64: #include <netinet/ip_ipip.h>
1.52 angelos 65: #include <netinet/ip_ipcomp.h>
1.34 angelos 66: #include <netinet/ip_ether.h>
1.69 mcbride 67: #include <netinet/ip_carp.h>
1.111 michele 68: #include <netinet/ip_divert.h>
1.75 mcbride 69: #include <net/if.h>
70: #include <net/pfvar.h>
71: #include <net/if_pfsync.h>
1.107 gollo 72: #include <net/if_pflow.h>
1.1 deraadt 73:
1.103 deraadt 74: #include <rpc/rpc.h>
75: #include <rpc/pmap_prot.h>
76: #include <rpc/pmap_clnt.h>
77:
1.1 deraadt 78: #include <arpa/inet.h>
1.110 chl 79: #include <err.h>
1.18 millert 80: #include <limits.h>
1.1 deraadt 81: #include <netdb.h>
82: #include <stdio.h>
83: #include <string.h>
84: #include <unistd.h>
1.14 dgregor 85: #include <stdlib.h>
1.103 deraadt 86: #include <errno.h>
1.1 deraadt 87: #include "netstat.h"
88:
89: struct inpcb inpcb;
90: struct tcpcb tcpcb;
91: struct socket sockb;
92:
1.56 millert 93: char *inetname(struct in_addr *);
1.63 deraadt 94: void inetprint(struct in_addr *, in_port_t, char *, int);
1.56 millert 95: char *inet6name(struct in6_addr *);
1.108 deraadt 96: void inet6print(struct in6_addr *, int, char *);
1.1 deraadt 97:
98: /*
99: * Print a summary of connections related to an Internet
100: * protocol. For TCP, also give state of connection.
101: * Listening processes (aflag) are suppressed unless the
102: * -a (all) flag is specified.
103: */
104: void
1.113 ! blambert 105: protopr(u_long off, char *name, int af)
1.48 itojun 106: {
1.1 deraadt 107: struct inpcbtable table;
1.54 mpech 108: struct inpcb *head, *next, *prev;
1.1 deraadt 109: struct inpcb inpcb;
1.105 sthen 110: int istcp, israw, isany;
1.54 mpech 111: int first = 1;
1.38 itojun 112: char *name0;
113: char namebuf[20];
1.1 deraadt 114:
1.38 itojun 115: name0 = name;
1.1 deraadt 116: if (off == 0)
117: return;
118: istcp = strcmp(name, "tcp") == 0;
1.72 markus 119: israw = strncmp(name, "ip", 2) == 0;
1.93 jaredy 120: kread(off, &table, sizeof table);
1.1 deraadt 121: prev = head =
1.99 otto 122: (struct inpcb *)&CIRCLEQ_FIRST(&((struct inpcbtable *)off)->inpt_queue);
123: next = CIRCLEQ_FIRST(&table.inpt_queue);
1.1 deraadt 124:
125: while (next != head) {
1.93 jaredy 126: kread((u_long)next, &inpcb, sizeof inpcb);
1.99 otto 127: if (CIRCLEQ_PREV(&inpcb, inp_queue) != prev) {
1.1 deraadt 128: printf("???\n");
129: break;
130: }
131: prev = next;
1.99 otto 132: next = CIRCLEQ_NEXT(&inpcb, inp_queue);
1.48 itojun 133:
134: switch (af) {
135: case AF_INET:
136: if ((inpcb.inp_flags & INP_IPV6) != 0)
137: continue;
1.105 sthen 138: isany = inet_lnaof(inpcb.inp_faddr) == INADDR_ANY;
1.48 itojun 139: break;
140: case AF_INET6:
141: if ((inpcb.inp_flags & INP_IPV6) == 0)
142: continue;
1.105 sthen 143: isany = IN6_IS_ADDR_UNSPECIFIED(&inpcb.inp_faddr6);
1.48 itojun 144: break;
145: default:
1.105 sthen 146: isany = 0;
1.48 itojun 147: break;
148: }
1.1 deraadt 149:
1.93 jaredy 150: kread((u_long)inpcb.inp_socket, &sockb, sizeof (sockb));
1.1 deraadt 151: if (istcp) {
1.93 jaredy 152: kread((u_long)inpcb.inp_ppcb, &tcpcb, sizeof (tcpcb));
1.105 sthen 153: if (!aflag && tcpcb.t_state <= TCPS_LISTEN)
154: continue;
155: } else if (!aflag && isany)
156: continue;
1.1 deraadt 157: if (first) {
158: printf("Active Internet connections");
159: if (aflag)
160: printf(" (including servers)");
161: putchar('\n');
162: if (Aflag)
1.112 michele 163: printf("%-*.*s %-7.7s %-6.6s %-6.6s %-18.18s %-18.18s %s\n",
1.18 millert 164: PLEN, PLEN, "PCB", "Proto", "Recv-Q",
1.29 deraadt 165: "Send-Q", "Local Address",
166: "Foreign Address", "(state)");
1.18 millert 167: else
1.112 michele 168: printf("%-7.7s %-6.6s %-6.6s %-22.22s %-22.22s %s\n",
1.18 millert 169: "Proto", "Recv-Q", "Send-Q",
170: "Local Address", "Foreign Address",
171: "(state)");
1.1 deraadt 172: first = 0;
173: }
1.38 itojun 174: if (Aflag) {
1.1 deraadt 175: if (istcp)
1.18 millert 176: printf("%*p ", PLEN, inpcb.inp_ppcb);
1.1 deraadt 177: else
1.18 millert 178: printf("%*p ", PLEN, prev);
1.38 itojun 179: }
1.72 markus 180: if (inpcb.inp_flags & INP_IPV6 && !israw) {
1.60 deraadt 181: strlcpy(namebuf, name0, sizeof namebuf);
182: strlcat(namebuf, "6", sizeof namebuf);
1.38 itojun 183: name = namebuf;
184: } else
185: name = name0;
1.112 michele 186: printf("%-7.7s %6ld %6ld ", name, sockb.so_rcv.sb_cc,
1.63 deraadt 187: sockb.so_snd.sb_cc);
1.38 itojun 188: if (inpcb.inp_flags & INP_IPV6) {
189: inet6print(&inpcb.inp_laddr6, (int)inpcb.inp_lport,
1.108 deraadt 190: name);
1.38 itojun 191: inet6print(&inpcb.inp_faddr6, (int)inpcb.inp_fport,
1.108 deraadt 192: name);
1.103 deraadt 193: } else {
1.38 itojun 194: inetprint(&inpcb.inp_laddr, (int)inpcb.inp_lport,
1.63 deraadt 195: name, 1);
1.38 itojun 196: inetprint(&inpcb.inp_faddr, (int)inpcb.inp_fport,
1.63 deraadt 197: name, 0);
1.38 itojun 198: }
1.1 deraadt 199: if (istcp) {
200: if (tcpcb.t_state < 0 || tcpcb.t_state >= TCP_NSTATES)
201: printf(" %d", tcpcb.t_state);
202: else
203: printf(" %s", tcpstates[tcpcb.t_state]);
1.72 markus 204: } else if (israw) {
205: u_int8_t proto;
1.103 deraadt 206:
1.72 markus 207: if (inpcb.inp_flags & INP_IPV6)
208: proto = inpcb.inp_ipv6.ip6_nxt;
209: else
210: proto = inpcb.inp_ip.ip_p;
1.88 otto 211: printf(" %u", proto);
1.1 deraadt 212: }
213: putchar('\n');
214: }
215: }
216:
217: /*
218: * Dump TCP statistics structure.
219: */
220: void
1.103 deraadt 221: tcp_stats(char *name)
1.1 deraadt 222: {
223: struct tcpstat tcpstat;
1.102 reyk 224: int mib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
1.103 deraadt 225: size_t len = sizeof(tcpstat);
1.1 deraadt 226:
1.102 reyk 227: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
228: &tcpstat, &len, NULL, 0) == -1) {
1.103 deraadt 229: if (errno != ENOPROTOOPT)
230: warn(name);
1.102 reyk 231: return;
232: }
233:
1.63 deraadt 234: printf("%s:\n", name);
1.1 deraadt 235: #define p(f, m) if (tcpstat.f || sflag <= 1) \
1.60 deraadt 236: printf(m, tcpstat.f, plural(tcpstat.f))
1.38 itojun 237: #define p1(f, m) if (tcpstat.f || sflag <= 1) \
1.60 deraadt 238: printf(m, tcpstat.f)
1.1 deraadt 239: #define p2(f1, f2, m) if (tcpstat.f1 || tcpstat.f2 || sflag <= 1) \
1.60 deraadt 240: printf(m, tcpstat.f1, plural(tcpstat.f1), tcpstat.f2, plural(tcpstat.f2))
1.38 itojun 241: #define p2a(f1, f2, m) if (tcpstat.f1 || tcpstat.f2 || sflag <= 1) \
1.60 deraadt 242: printf(m, tcpstat.f1, plural(tcpstat.f1), tcpstat.f2)
1.1 deraadt 243: #define p3(f, m) if (tcpstat.f || sflag <= 1) \
1.60 deraadt 244: printf(m, tcpstat.f, plurales(tcpstat.f))
1.1 deraadt 245:
1.38 itojun 246: p(tcps_sndtotal, "\t%u packet%s sent\n");
1.1 deraadt 247: p2(tcps_sndpack,tcps_sndbyte,
1.60 deraadt 248: "\t\t%u data packet%s (%qd byte%s)\n");
1.1 deraadt 249: p2(tcps_sndrexmitpack, tcps_sndrexmitbyte,
1.60 deraadt 250: "\t\t%u data packet%s (%qd byte%s) retransmitted\n");
1.26 provos 251: p(tcps_sndrexmitfast, "\t\t%qd fast retransmitted packet%s\n");
1.38 itojun 252: p2a(tcps_sndacks, tcps_delack,
1.60 deraadt 253: "\t\t%u ack-only packet%s (%u delayed)\n");
1.38 itojun 254: p(tcps_sndurg, "\t\t%u URG only packet%s\n");
255: p(tcps_sndprobe, "\t\t%u window probe packet%s\n");
256: p(tcps_sndwinup, "\t\t%u window update packet%s\n");
257: p(tcps_sndctrl, "\t\t%u control packet%s\n");
1.50 angelos 258: p(tcps_outhwcsum, "\t\t%u packet%s hardware-checksummed\n");
1.38 itojun 259: p(tcps_rcvtotal, "\t%u packet%s received\n");
260: p2(tcps_rcvackpack, tcps_rcvackbyte, "\t\t%u ack%s (for %qd byte%s)\n");
261: p(tcps_rcvdupack, "\t\t%u duplicate ack%s\n");
262: p(tcps_rcvacktoomuch, "\t\t%u ack%s for unsent data\n");
1.85 markus 263: p(tcps_rcvacktooold, "\t\t%u ack%s for old data\n");
1.1 deraadt 264: p2(tcps_rcvpack, tcps_rcvbyte,
1.60 deraadt 265: "\t\t%u packet%s (%qu byte%s) received in-sequence\n");
1.1 deraadt 266: p2(tcps_rcvduppack, tcps_rcvdupbyte,
1.60 deraadt 267: "\t\t%u completely duplicate packet%s (%qd byte%s)\n");
1.38 itojun 268: p(tcps_pawsdrop, "\t\t%u old duplicate packet%s\n");
1.1 deraadt 269: p2(tcps_rcvpartduppack, tcps_rcvpartdupbyte,
1.62 jsyn 270: "\t\t%u packet%s with some duplicate data (%qd byte%s duplicated)\n");
1.1 deraadt 271: p2(tcps_rcvoopack, tcps_rcvoobyte,
1.60 deraadt 272: "\t\t%u out-of-order packet%s (%qd byte%s)\n");
1.1 deraadt 273: p2(tcps_rcvpackafterwin, tcps_rcvbyteafterwin,
1.60 deraadt 274: "\t\t%u packet%s (%qd byte%s) of data after window\n");
1.38 itojun 275: p(tcps_rcvwinprobe, "\t\t%u window probe%s\n");
276: p(tcps_rcvwinupd, "\t\t%u window update packet%s\n");
277: p(tcps_rcvafterclose, "\t\t%u packet%s received after close\n");
278: p(tcps_rcvbadsum, "\t\t%u discarded for bad checksum%s\n");
279: p(tcps_rcvbadoff, "\t\t%u discarded for bad header offset field%s\n");
280: p1(tcps_rcvshort, "\t\t%u discarded because packet too short\n");
1.58 miod 281: p1(tcps_rcvnosec, "\t\t%u discarded for missing IPsec protection\n");
1.82 markus 282: p1(tcps_rcvmemdrop, "\t\t%u discarded due to memory shortage\n");
1.50 angelos 283: p(tcps_inhwcsum, "\t\t%u packet%s hardware-checksummed\n");
1.80 markus 284: p(tcps_rcvbadsig, "\t\t%u bad/missing md5 checksum%s\n");
285: p(tcps_rcvgoodsig, "\t\t%qd good md5 checksum%s\n");
1.38 itojun 286: p(tcps_connattempt, "\t%u connection request%s\n");
287: p(tcps_accepts, "\t%u connection accept%s\n");
288: p(tcps_connects, "\t%u connection%s established (including accepts)\n");
1.1 deraadt 289: p2(tcps_closed, tcps_drops,
1.60 deraadt 290: "\t%u connection%s closed (including %u drop%s)\n");
1.83 markus 291: p(tcps_conndrained, "\t%qd connection%s drained\n");
1.38 itojun 292: p(tcps_conndrops, "\t%u embryonic connection%s dropped\n");
1.1 deraadt 293: p2(tcps_rttupdated, tcps_segstimed,
1.60 deraadt 294: "\t%u segment%s updated rtt (of %u attempt%s)\n");
1.38 itojun 295: p(tcps_rexmttimeo, "\t%u retransmit timeout%s\n");
296: p(tcps_timeoutdrop, "\t\t%u connection%s dropped by rexmit timeout\n");
297: p(tcps_persisttimeo, "\t%u persist timeout%s\n");
298: p(tcps_keeptimeo, "\t%u keepalive timeout%s\n");
299: p(tcps_keepprobe, "\t\t%u keepalive probe%s sent\n");
300: p(tcps_keepdrops, "\t\t%u connection%s dropped by keepalive\n");
301: p(tcps_predack, "\t%u correct ACK header prediction%s\n");
302: p(tcps_preddat, "\t%u correct data packet header prediction%s\n");
303: p3(tcps_pcbhashmiss, "\t%u PCB cache miss%s\n");
1.59 kjc 304:
305: p(tcps_ecn_accepts, "\t%u ECN connection%s accepted\n");
306: p(tcps_ecn_rcvece, "\t\t%u ECE packet%s received\n");
307: p(tcps_ecn_rcvcwr, "\t\t%u CWR packet%s received\n");
308: p(tcps_ecn_rcvce, "\t\t%u CE packet%s received\n");
309: p(tcps_ecn_sndect, "\t\t%u ECT packet%s sent\n");
310: p(tcps_ecn_sndece, "\t\t%u ECE packet%s sent\n");
311: p(tcps_ecn_sndcwr, "\t\t%u CWR packet%s sent\n");
312: p1(tcps_cwr_frecovery, "\t\t\tcwr by fastrecovery: %u\n");
313: p1(tcps_cwr_timeout, "\t\t\tcwr by timeout: %u\n");
314: p1(tcps_cwr_ecn, "\t\t\tcwr by ecn: %u\n");
1.78 markus 315:
316: p(tcps_badsyn, "\t%u bad connection attempt%s\n");
317: p1(tcps_sc_added, "\t%qd SYN cache entries added\n");
318: p(tcps_sc_collisions, "\t\t%qd hash collision%s\n");
319: p1(tcps_sc_completed, "\t\t%qd completed\n");
320: p1(tcps_sc_aborted, "\t\t%qd aborted (no space to build PCB)\n");
321: p1(tcps_sc_timed_out, "\t\t%qd timed out\n");
322: p1(tcps_sc_overflowed, "\t\t%qd dropped due to overflow\n");
323: p1(tcps_sc_bucketoverflow, "\t\t%qd dropped due to bucket overflow\n");
324: p1(tcps_sc_reset, "\t\t%qd dropped due to RST\n");
325: p1(tcps_sc_unreach, "\t\t%qd dropped due to ICMP unreachable\n");
326: p(tcps_sc_retransmitted, "\t%qd SYN,ACK%s retransmitted\n");
327: p(tcps_sc_dupesyn, "\t%qd duplicate SYN%s received for entries "
328: "already in the cache\n");
329: p(tcps_sc_dropped, "\t%qd SYN%s dropped (no route or no space)\n");
1.95 markus 330:
331: p(tcps_sack_recovery_episode, "\t%qd SACK recovery episode%s\n");
332: p(tcps_sack_rexmits,
333: "\t\t%qd segment rexmit%s in SACK recovery episodes\n");
334: p(tcps_sack_rexmit_bytes,
335: "\t\t%qd byte rexmit%s in SACK recovery episodes\n");
336: p(tcps_sack_rcv_opts,
337: "\t%qd SACK option%s received\n");
338: p(tcps_sack_snd_opts, "\t%qd SACK option%s sent\n");
1.59 kjc 339:
1.1 deraadt 340: #undef p
1.38 itojun 341: #undef p1
1.1 deraadt 342: #undef p2
1.38 itojun 343: #undef p2a
1.1 deraadt 344: #undef p3
345: }
346:
347: /*
348: * Dump UDP statistics structure.
349: */
350: void
1.103 deraadt 351: udp_stats(char *name)
1.1 deraadt 352: {
353: struct udpstat udpstat;
354: u_long delivered;
1.102 reyk 355: int mib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
1.103 deraadt 356: size_t len = sizeof(udpstat);
1.1 deraadt 357:
1.102 reyk 358: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
359: &udpstat, &len, NULL, 0) == -1) {
1.103 deraadt 360: if (errno != ENOPROTOOPT)
361: warn(name);
1.102 reyk 362: return;
363: }
364:
1.1 deraadt 365: printf("%s:\n", name);
366: #define p(f, m) if (udpstat.f || sflag <= 1) \
1.60 deraadt 367: printf(m, udpstat.f, plural(udpstat.f))
1.38 itojun 368: #define p1(f, m) if (udpstat.f || sflag <= 1) \
1.60 deraadt 369: printf(m, udpstat.f)
370:
1.16 millert 371: p(udps_ipackets, "\t%lu datagram%s received\n");
1.38 itojun 372: p1(udps_hdrops, "\t%lu with incomplete header\n");
373: p1(udps_badlen, "\t%lu with bad data length field\n");
374: p1(udps_badsum, "\t%lu with bad checksum\n");
375: p1(udps_nosum, "\t%lu with no checksum\n");
1.50 angelos 376: p(udps_inhwcsum, "\t%lu input packet%s hardware-checksummed\n");
377: p(udps_outhwcsum, "\t%lu output packet%s hardware-checksummed\n");
1.38 itojun 378: p1(udps_noport, "\t%lu dropped due to no socket\n");
1.16 millert 379: p(udps_noportbcast, "\t%lu broadcast/multicast datagram%s dropped due to no socket\n");
1.58 miod 380: p1(udps_nosec, "\t%lu dropped due to missing IPsec protection\n");
1.38 itojun 381: p1(udps_fullsock, "\t%lu dropped due to full socket buffers\n");
1.60 deraadt 382: delivered = udpstat.udps_ipackets - udpstat.udps_hdrops -
383: udpstat.udps_badlen - udpstat.udps_badsum -
384: udpstat.udps_noport - udpstat.udps_noportbcast -
385: udpstat.udps_fullsock;
1.1 deraadt 386: if (delivered || sflag <= 1)
1.16 millert 387: printf("\t%lu delivered\n", delivered);
388: p(udps_opackets, "\t%lu datagram%s output\n");
1.38 itojun 389: p1(udps_pcbhashmiss, "\t%lu missed PCB cache\n");
1.1 deraadt 390: #undef p
1.38 itojun 391: #undef p1
1.1 deraadt 392: }
393:
394: /*
395: * Dump IP statistics structure.
396: */
397: void
1.103 deraadt 398: ip_stats(char *name)
1.1 deraadt 399: {
400: struct ipstat ipstat;
1.102 reyk 401: int mib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };
1.109 mbalmer 402: size_t len = sizeof(ipstat);
1.1 deraadt 403:
1.102 reyk 404: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
405: &ipstat, &len, NULL, 0) == -1) {
1.103 deraadt 406: if (errno != ENOPROTOOPT)
407: warn(name);
1.102 reyk 408: return;
409: }
410:
1.1 deraadt 411: printf("%s:\n", name);
412: #define p(f, m) if (ipstat.f || sflag <= 1) \
1.60 deraadt 413: printf(m, ipstat.f, plural(ipstat.f))
1.38 itojun 414: #define p1(f, m) if (ipstat.f || sflag <= 1) \
1.60 deraadt 415: printf(m, ipstat.f)
1.1 deraadt 416:
1.16 millert 417: p(ips_total, "\t%lu total packet%s received\n");
418: p(ips_badsum, "\t%lu bad header checksum%s\n");
1.38 itojun 419: p1(ips_toosmall, "\t%lu with size smaller than minimum\n");
420: p1(ips_tooshort, "\t%lu with data size < data length\n");
421: p1(ips_badhlen, "\t%lu with header length < data size\n");
422: p1(ips_badlen, "\t%lu with data length < header length\n");
423: p1(ips_badoptions, "\t%lu with bad options\n");
424: p1(ips_badvers, "\t%lu with incorrect version number\n");
1.16 millert 425: p(ips_fragments, "\t%lu fragment%s received\n");
1.62 jsyn 426: p(ips_fragdropped, "\t%lu fragment%s dropped (duplicates or out of space)\n");
1.16 millert 427: p(ips_badfrags, "\t%lu malformed fragment%s dropped\n");
428: p(ips_fragtimeout, "\t%lu fragment%s dropped after timeout\n");
429: p(ips_reassembled, "\t%lu packet%s reassembled ok\n");
430: p(ips_delivered, "\t%lu packet%s for this host\n");
431: p(ips_noproto, "\t%lu packet%s for unknown/unsupported protocol\n");
432: p(ips_forward, "\t%lu packet%s forwarded\n");
433: p(ips_cantforward, "\t%lu packet%s not forwardable\n");
434: p(ips_redirectsent, "\t%lu redirect%s sent\n");
435: p(ips_localout, "\t%lu packet%s sent from this host\n");
436: p(ips_rawout, "\t%lu packet%s sent with fabricated ip header\n");
437: p(ips_odropped, "\t%lu output packet%s dropped due to no bufs, etc.\n");
438: p(ips_noroute, "\t%lu output packet%s discarded due to no route\n");
439: p(ips_fragmented, "\t%lu output datagram%s fragmented\n");
440: p(ips_ofragments, "\t%lu fragment%s created\n");
441: p(ips_cantfrag, "\t%lu datagram%s that can't be fragmented\n");
1.38 itojun 442: p1(ips_rcvmemdrop, "\t%lu fragment floods\n");
1.42 itojun 443: p(ips_toolong, "\t%lu packet%s with ip length > max ip packet size\n");
444: p(ips_nogif, "\t%lu tunneling packet%s that can't find gif\n");
1.49 itojun 445: p(ips_badaddr, "\t%lu datagram%s with bad address in header\n");
1.50 angelos 446: p(ips_inhwcsum, "\t%lu input datagram%s checksum-processed by hardware\n");
447: p(ips_outhwcsum, "\t%lu output datagram%s checksum-processed by hardware\n");
1.97 mpf 448: p(ips_notmember, "\t%lu multicast packet%s which we don't join\n");
1.111 michele 449: #undef p
450: #undef p1
451: }
452:
453: /*
454: * Dump DIVERT statistics structure.
455: */
456: void
457: div_stats(char *name)
458: {
459: struct divstat divstat;
460: int mib[] = { CTL_NET, AF_INET, IPPROTO_DIVERT, DIVERTCTL_STATS };
461: size_t len = sizeof(divstat);
462:
463: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
464: &divstat, &len, NULL, 0) == -1) {
465: if (errno != ENOPROTOOPT)
466: warn(name);
467: return;
468: }
469:
470: printf("%s:\n", name);
471: #define p(f, m) if (divstat.f || sflag <= 1) \
472: printf(m, divstat.f, plural(divstat.f))
473: #define p1(f, m) if (divstat.f || sflag <= 1) \
474: printf(m, divstat.f)
475: p(divs_ipackets, "\t%lu total packet%s received\n");
476: p1(divs_noport, "\t%lu dropped due to no socket\n");
477: p1(divs_fullsock, "\t%lu dropped due to full socket buffers\n");
478: p(divs_opackets, "\t%lu packet%s output\n");
479: p1(divs_errors, "\t%lu errors\n");
1.1 deraadt 480: #undef p
1.38 itojun 481: #undef p1
1.1 deraadt 482: }
483:
1.68 tedu 484: static char *icmpnames[ICMP_MAXTYPE + 1] = {
1.1 deraadt 485: "echo reply",
486: "#1",
487: "#2",
488: "destination unreachable",
489: "source quench",
490: "routing redirect",
491: "#6",
492: "#7",
493: "echo",
1.9 deraadt 494: "router advertisement",
495: "router solicitation",
1.1 deraadt 496: "time exceeded",
497: "parameter problem",
498: "time stamp",
499: "time stamp reply",
500: "information request",
501: "information request reply",
502: "address mask request",
503: "address mask reply",
1.68 tedu 504: "#19",
505: "#20",
506: "#21",
507: "#22",
508: "#23",
509: "#24",
510: "#25",
511: "#26",
512: "#27",
513: "#28",
514: "#29",
515: "traceroute",
516: "data conversion error",
517: "mobile host redirect",
518: "IPv6 where-are-you",
519: "IPv6 i-am-here",
520: "mobile registration request",
521: "mobile registration reply",
522: "#37",
523: "#38",
524: "SKIP",
525: "Photuris",
1.1 deraadt 526: };
527:
528: /*
529: * Dump ICMP statistics.
530: */
531: void
1.103 deraadt 532: icmp_stats(char *name)
1.1 deraadt 533: {
534: struct icmpstat icmpstat;
1.54 mpech 535: int i, first;
1.102 reyk 536: int mib[] = { CTL_NET, AF_INET, IPPROTO_ICMP, ICMPCTL_STATS };
1.103 deraadt 537: size_t len = sizeof(icmpstat);
1.102 reyk 538:
539: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
540: &icmpstat, &len, NULL, 0) == -1) {
1.103 deraadt 541: if (errno != ENOPROTOOPT)
542: warn(name);
1.102 reyk 543: return;
544: }
545:
1.1 deraadt 546: printf("%s:\n", name);
547: #define p(f, m) if (icmpstat.f || sflag <= 1) \
1.60 deraadt 548: printf(m, icmpstat.f, plural(icmpstat.f))
1.1 deraadt 549:
1.16 millert 550: p(icps_error, "\t%lu call%s to icmp_error\n");
1.1 deraadt 551: p(icps_oldicmp,
1.61 aaron 552: "\t%lu error%s not generated because old message was icmp\n");
1.1 deraadt 553: for (first = 1, i = 0; i < ICMP_MAXTYPE + 1; i++)
554: if (icmpstat.icps_outhist[i] != 0) {
555: if (first) {
1.43 itojun 556: printf("\tOutput packet histogram:\n");
1.1 deraadt 557: first = 0;
558: }
1.68 tedu 559: if (icmpnames[i])
560: printf("\t\t%s:", icmpnames[i]);
561: else
562: printf("\t\t#%d:", i);
563: printf(" %lu\n", icmpstat.icps_outhist[i]);
1.1 deraadt 564: }
1.16 millert 565: p(icps_badcode, "\t%lu message%s with bad code fields\n");
566: p(icps_tooshort, "\t%lu message%s < minimum length\n");
567: p(icps_checksum, "\t%lu bad checksum%s\n");
568: p(icps_badlen, "\t%lu message%s with bad length\n");
1.1 deraadt 569: for (first = 1, i = 0; i < ICMP_MAXTYPE + 1; i++)
570: if (icmpstat.icps_inhist[i] != 0) {
571: if (first) {
1.43 itojun 572: printf("\tInput packet histogram:\n");
1.1 deraadt 573: first = 0;
574: }
1.68 tedu 575: if (icmpnames[i])
576: printf("\t\t%s:", icmpnames[i]);
577: else
578: printf("\t\t#%d:", i);
579: printf(" %lu\n", icmpstat.icps_inhist[i]);
1.1 deraadt 580: }
1.16 millert 581: p(icps_reflect, "\t%lu message response%s generated\n");
1.1 deraadt 582: #undef p
583: }
584:
585: /*
586: * Dump IGMP statistics structure.
587: */
588: void
1.103 deraadt 589: igmp_stats(char *name)
1.1 deraadt 590: {
591: struct igmpstat igmpstat;
1.103 deraadt 592: int mib[] = { CTL_NET, AF_INET, IPPROTO_IGMP, IGMPCTL_STATS };
593: size_t len = sizeof(igmpstat);
1.1 deraadt 594:
1.103 deraadt 595: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
596: &igmpstat, &len, NULL, 0) == -1) {
597: if (errno != ENOPROTOOPT)
598: warn(name);
1.1 deraadt 599: return;
1.103 deraadt 600: }
601:
1.1 deraadt 602: printf("%s:\n", name);
603: #define p(f, m) if (igmpstat.f || sflag <= 1) \
1.60 deraadt 604: printf(m, igmpstat.f, plural(igmpstat.f))
1.1 deraadt 605: #define py(f, m) if (igmpstat.f || sflag <= 1) \
1.60 deraadt 606: printf(m, igmpstat.f, igmpstat.f != 1 ? "ies" : "y")
607:
1.16 millert 608: p(igps_rcv_total, "\t%lu message%s received\n");
1.55 mickey 609: p(igps_rcv_tooshort, "\t%lu message%s received with too few bytes\n");
610: p(igps_rcv_badsum, "\t%lu message%s received with bad checksum\n");
611: py(igps_rcv_queries, "\t%lu membership quer%s received\n");
612: py(igps_rcv_badqueries, "\t%lu membership quer%s received with invalid field(s)\n");
613: p(igps_rcv_reports, "\t%lu membership report%s received\n");
614: p(igps_rcv_badreports, "\t%lu membership report%s received with invalid field(s)\n");
615: p(igps_rcv_ourreports, "\t%lu membership report%s received for groups to which we belong\n");
616: p(igps_snd_reports, "\t%lu membership report%s sent\n");
1.90 mcbride 617: #undef p
618: #undef py
619: }
620:
621: /*
622: * Dump PIM statistics structure.
623: */
624: void
1.103 deraadt 625: pim_stats(char *name)
1.90 mcbride 626: {
627: struct pimstat pimstat;
1.103 deraadt 628: int mib[] = { CTL_NET, AF_INET, IPPROTO_PIM, PIMCTL_STATS };
629: size_t len = sizeof(pimstat);
1.90 mcbride 630:
1.103 deraadt 631: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
632: &pimstat, &len, NULL, 0) == -1) {
633: if (errno != ENOPROTOOPT)
634: warn(name);
1.90 mcbride 635: return;
636: }
637:
638: printf("%s:\n", name);
639: #define p(f, m) if (pimstat.f || sflag <= 1) \
640: printf(m, pimstat.f, plural(pimstat.f))
641: #define py(f, m) if (pimstat.f || sflag <= 1) \
642: printf(m, pimstat.f, pimstat.f != 1 ? "ies" : "y")
643:
644: p(pims_rcv_total_msgs, "\t%llu message%s received\n");
645: p(pims_rcv_total_bytes, "\t%llu byte%s received\n");
646: p(pims_rcv_tooshort, "\t%llu message%s received with too few bytes\n");
647: p(pims_rcv_badsum, "\t%llu message%s received with bad checksum\n");
648: p(pims_rcv_badversion, "\t%llu message%s received with bad version\n");
649: p(pims_rcv_registers_msgs, "\t%llu data register message%s received\n");
650: p(pims_rcv_registers_bytes, "\t%llu data register byte%s received\n");
651: p(pims_rcv_registers_wrongiif, "\t%llu data register message%s received on wrong iif\n");
652: p(pims_rcv_badregisters, "\t%llu bad register%s received\n");
653: p(pims_snd_registers_msgs, "\t%llu data register message%s sent\n");
654: p(pims_snd_registers_bytes, "\t%llu data register byte%s sent\n");
1.1 deraadt 655: #undef p
656: #undef py
657: }
658:
1.5 deraadt 659: struct rpcnams {
660: struct rpcnams *next;
1.16 millert 661: in_port_t port;
1.21 deraadt 662: int proto;
1.5 deraadt 663: char *rpcname;
664: };
665:
1.66 deraadt 666: static char *
1.63 deraadt 667: getrpcportnam(in_port_t port, int proto)
1.5 deraadt 668: {
669: struct sockaddr_in server_addr;
1.54 mpech 670: struct hostent *hp;
1.5 deraadt 671: static struct pmaplist *head;
672: int socket = RPC_ANYSOCK;
673: struct timeval minutetimeout;
1.54 mpech 674: CLIENT *client;
1.5 deraadt 675: struct rpcent *rpc;
676: static int first;
677: static struct rpcnams *rpcn;
678: struct rpcnams *n;
1.23 deraadt 679: char num[20];
1.55 mickey 680:
1.5 deraadt 681: if (first == 0) {
682: first = 1;
1.93 jaredy 683: memset(&server_addr, 0, sizeof server_addr);
1.5 deraadt 684: server_addr.sin_family = AF_INET;
685: if ((hp = gethostbyname("localhost")) != NULL)
1.7 deraadt 686: memmove((caddr_t)&server_addr.sin_addr, hp->h_addr,
1.5 deraadt 687: hp->h_length);
688: else
689: (void) inet_aton("0.0.0.0", &server_addr.sin_addr);
690:
691: minutetimeout.tv_sec = 60;
692: minutetimeout.tv_usec = 0;
693: server_addr.sin_port = htons(PMAPPORT);
694: if ((client = clnttcp_create(&server_addr, PMAPPROG,
1.7 deraadt 695: PMAPVERS, &socket, 50, 500)) == NULL)
696: return (NULL);
1.5 deraadt 697: if (clnt_call(client, PMAPPROC_DUMP, xdr_void, NULL,
1.8 deraadt 698: xdr_pmaplist, &head, minutetimeout) != RPC_SUCCESS) {
1.7 deraadt 699: clnt_destroy(client);
700: return (NULL);
1.5 deraadt 701: }
702: for (; head != NULL; head = head->pml_next) {
703: n = (struct rpcnams *)malloc(sizeof(struct rpcnams));
704: if (n == NULL)
705: continue;
706: n->next = rpcn;
707: rpcn = n;
708: n->port = head->pml_map.pm_port;
1.21 deraadt 709: n->proto = head->pml_map.pm_prot;
1.5 deraadt 710:
711: rpc = getrpcbynumber(head->pml_map.pm_prog);
712: if (rpc)
713: n->rpcname = strdup(rpc->r_name);
714: else {
1.23 deraadt 715: snprintf(num, sizeof num, "%ld",
716: head->pml_map.pm_prog);
1.5 deraadt 717: n->rpcname = strdup(num);
718: }
719: }
720: clnt_destroy(client);
721: }
722:
723: for (n = rpcn; n; n = n->next)
1.21 deraadt 724: if (n->port == port && n->proto == proto)
1.5 deraadt 725: return (n->rpcname);
726: return (NULL);
727: }
728:
1.1 deraadt 729: /*
730: * Pretty print an Internet address (net address + port).
731: * If the nflag was specified, use numbers instead of names.
732: */
733: void
1.63 deraadt 734: inetprint(struct in_addr *in, in_port_t port, char *proto, int local)
1.1 deraadt 735: {
736: struct servent *sp = 0;
1.5 deraadt 737: char line[80], *cp, *nam;
1.1 deraadt 738: int width;
739:
1.23 deraadt 740: snprintf(line, sizeof line, "%.*s.", (Aflag && !nflag) ? 12 : 16,
741: inetname(in));
1.4 millert 742: cp = strchr(line, '\0');
1.1 deraadt 743: if (!nflag && port)
744: sp = getservbyport((int)port, proto);
745: if (sp || port == 0)
1.23 deraadt 746: snprintf(cp, line + sizeof line - cp, "%.8s",
747: sp ? sp->s_name : "*");
1.21 deraadt 748: else if (local && !nflag && (nam = getrpcportnam(ntohs(port),
749: (strcmp(proto, "tcp") == 0 ? IPPROTO_TCP : IPPROTO_UDP))))
1.23 deraadt 750: snprintf(cp, line + sizeof line - cp, "%d[%.8s]",
751: ntohs(port), nam);
1.1 deraadt 752: else
1.23 deraadt 753: snprintf(cp, line + sizeof line - cp, "%d", ntohs(port));
1.1 deraadt 754: width = Aflag ? 18 : 22;
755: printf(" %-*.*s", width, width, line);
756: }
757:
758: /*
759: * Construct an Internet address representation.
760: * If the nflag has been supplied, give
761: * numeric value, otherwise try for symbolic name.
762: */
763: char *
1.63 deraadt 764: inetname(struct in_addr *inp)
1.1 deraadt 765: {
1.54 mpech 766: char *cp;
1.1 deraadt 767: static char line[50];
768: struct hostent *hp;
769: struct netent *np;
1.57 mpech 770: static char domain[MAXHOSTNAMELEN];
1.1 deraadt 771: static int first = 1;
772:
773: if (first && !nflag) {
774: first = 0;
1.57 mpech 775: if (gethostname(domain, sizeof(domain)) == 0 &&
1.4 millert 776: (cp = strchr(domain, '.')))
1.60 deraadt 777: (void) strlcpy(domain, cp + 1, sizeof domain);
1.1 deraadt 778: else
1.60 deraadt 779: domain[0] = '\0';
1.1 deraadt 780: }
1.84 deraadt 781: cp = NULL;
1.1 deraadt 782: if (!nflag && inp->s_addr != INADDR_ANY) {
783: int net = inet_netof(*inp);
784: int lna = inet_lnaof(*inp);
785:
786: if (lna == INADDR_ANY) {
787: np = getnetbyaddr(net, AF_INET);
788: if (np)
789: cp = np->n_name;
790: }
1.84 deraadt 791: if (cp == NULL) {
1.1 deraadt 792: hp = gethostbyaddr((char *)inp, sizeof (*inp), AF_INET);
793: if (hp) {
1.4 millert 794: if ((cp = strchr(hp->h_name, '.')) &&
1.1 deraadt 795: !strcmp(cp + 1, domain))
1.84 deraadt 796: *cp = '\0';
1.1 deraadt 797: cp = hp->h_name;
798: }
799: }
800: }
801: if (inp->s_addr == INADDR_ANY)
1.23 deraadt 802: snprintf(line, sizeof line, "*");
1.1 deraadt 803: else if (cp)
1.23 deraadt 804: snprintf(line, sizeof line, "%s", cp);
1.1 deraadt 805: else {
806: inp->s_addr = ntohl(inp->s_addr);
807: #define C(x) ((x) & 0xff)
1.23 deraadt 808: snprintf(line, sizeof line, "%u.%u.%u.%u",
809: C(inp->s_addr >> 24), C(inp->s_addr >> 16),
810: C(inp->s_addr >> 8), C(inp->s_addr));
1.1 deraadt 811: }
812: return (line);
1.10 angelos 813: }
814:
815: /*
816: * Dump AH statistics structure.
817: */
818: void
1.103 deraadt 819: ah_stats(char *name)
1.10 angelos 820: {
1.55 mickey 821: struct ahstat ahstat;
1.103 deraadt 822: int mib[] = { CTL_NET, AF_INET, IPPROTO_AH, AHCTL_STATS };
823: size_t len = sizeof(ahstat);
1.10 angelos 824:
1.103 deraadt 825: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
826: &ahstat, &len, NULL, 0) == -1) {
827: if (errno != ENOPROTOOPT)
828: warn(name);
1.55 mickey 829: return;
1.103 deraadt 830: }
831:
1.55 mickey 832: printf("%s:\n", name);
1.10 angelos 833: #define p(f, m) if (ahstat.f || sflag <= 1) \
1.60 deraadt 834: printf(m, ahstat.f, plural(ahstat.f))
1.38 itojun 835: #define p1(f, m) if (ahstat.f || sflag <= 1) \
1.60 deraadt 836: printf(m, ahstat.f)
1.10 angelos 837:
1.38 itojun 838: p1(ahs_input, "\t%u input AH packets\n");
839: p1(ahs_output, "\t%u output AH packets\n");
1.55 mickey 840: p(ahs_nopf, "\t%u packet%s from unsupported protocol families\n");
841: p(ahs_hdrops, "\t%u packet%s shorter than header shows\n");
842: p(ahs_pdrops, "\t%u packet%s dropped due to policy\n");
843: p(ahs_notdb, "\t%u packet%s for which no TDB was found\n");
844: p(ahs_badkcr, "\t%u input packet%s that failed to be processed\n");
845: p(ahs_badauth, "\t%u packet%s that failed verification received\n");
846: p(ahs_noxform, "\t%u packet%s for which no XFORM was set in TDB received\n");
847: p(ahs_qfull, "\t%u packet%s were dropped due to full output queue\n");
848: p(ahs_wrap, "\t%u packet%s where counter wrapping was detected\n");
849: p(ahs_replay, "\t%u possibly replayed packet%s received\n");
850: p(ahs_badauthl, "\t%u packet%s with bad authenticator length received\n");
1.62 jsyn 851: p(ahs_invalid, "\t%u packet%s attempted to use an invalid TDB\n");
1.25 niklas 852: p(ahs_toobig, "\t%u packet%s got larger than max IP packet size\n");
1.46 angelos 853: p(ahs_crypto, "\t%u packet%s that failed crypto processing\n");
1.20 angelos 854: p(ahs_ibytes, "\t%qu input byte%s\n");
855: p(ahs_obytes, "\t%qu output byte%s\n");
856:
1.34 angelos 857: #undef p
1.38 itojun 858: #undef p1
1.34 angelos 859: }
860:
861: /*
862: * Dump etherip statistics structure.
863: */
864: void
1.103 deraadt 865: etherip_stats(char *name)
1.34 angelos 866: {
1.55 mickey 867: struct etheripstat etheripstat;
1.103 deraadt 868: int mib[] = { CTL_NET, AF_INET, IPPROTO_ETHERIP, ETHERIPCTL_STATS };
869: size_t len = sizeof(etheripstat);
1.34 angelos 870:
1.103 deraadt 871: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
872: ðeripstat, &len, NULL, 0) == -1) {
873: if (errno != ENOPROTOOPT)
874: warn(name);
1.55 mickey 875: return;
1.103 deraadt 876: }
877:
1.55 mickey 878: printf("%s:\n", name);
1.34 angelos 879: #define p(f, m) if (etheripstat.f || sflag <= 1) \
1.60 deraadt 880: printf(m, etheripstat.f, plural(etheripstat.f))
1.34 angelos 881:
1.53 brian 882: p(etherip_hdrops, "\t%u packet%s shorter than header shows\n");
883: p(etherip_qfull, "\t%u packet%s were dropped due to full output queue\n");
1.34 angelos 884: p(etherip_noifdrops, "\t%u packet%s were dropped because of no interface/bridge information\n");
1.53 brian 885: p(etherip_pdrops, "\t%u packet%s dropped due to policy\n");
886: p(etherip_adrops, "\t%u packet%s dropped for other reasons\n");
887: p(etherip_ipackets, "\t%u input ethernet-in-IP packet%s\n");
888: p(etherip_opackets, "\t%u output ethernet-in-IP packet%s\n");
1.34 angelos 889: p(etherip_ibytes, "\t%qu input byte%s\n");
890: p(etherip_obytes, "\t%qu output byte%s\n");
1.10 angelos 891: #undef p
892: }
893:
894: /*
895: * Dump ESP statistics structure.
896: */
897: void
1.103 deraadt 898: esp_stats(char *name)
1.10 angelos 899: {
1.55 mickey 900: struct espstat espstat;
1.103 deraadt 901: int mib[] = { CTL_NET, AF_INET, IPPROTO_ESP, ESPCTL_STATS };
902: size_t len = sizeof(espstat);
1.10 angelos 903:
1.103 deraadt 904: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
905: &espstat, &len, NULL, 0) == -1) {
906: if (errno != ENOPROTOOPT)
907: warn(name);
1.55 mickey 908: return;
1.103 deraadt 909: }
910:
1.55 mickey 911: printf("%s:\n", name);
1.10 angelos 912: #define p(f, m) if (espstat.f || sflag <= 1) \
1.60 deraadt 913: printf(m, espstat.f, plural(espstat.f))
1.10 angelos 914:
1.38 itojun 915: p(esps_input, "\t%u input ESP packet%s\n");
916: p(esps_output, "\t%u output ESP packet%s\n");
1.55 mickey 917: p(esps_nopf, "\t%u packet%s from unsupported protocol families\n");
918: p(esps_hdrops, "\t%u packet%s shorter than header shows\n");
919: p(esps_pdrops, "\t%u packet%s dropped due to policy\n");
920: p(esps_notdb, "\t%u packet%s for which no TDB was found\n");
921: p(esps_badkcr, "\t%u input packet%s that failed to be processed\n");
922: p(esps_badenc, "\t%u packet%s with bad encryption received\n");
923: p(esps_badauth, "\t%u packet%s that failed verification received\n");
924: p(esps_noxform, "\t%u packet%s for which no XFORM was set in TDB received\n");
925: p(esps_qfull, "\t%u packet%s were dropped due to full output queue\n");
926: p(esps_wrap, "\t%u packet%s where counter wrapping was detected\n");
927: p(esps_replay, "\t%u possibly replayed packet%s received\n");
928: p(esps_badilen, "\t%u packet%s with bad payload size or padding received\n");
1.62 jsyn 929: p(esps_invalid, "\t%u packet%s attempted to use an invalid TDB\n");
1.25 niklas 930: p(esps_toobig, "\t%u packet%s got larger than max IP packet size\n");
1.46 angelos 931: p(esps_crypto, "\t%u packet%s that failed crypto processing\n");
1.74 markus 932: p(esps_udpencin, "\t%u input UDP encapsulated ESP packet%s\n");
933: p(esps_udpencout, "\t%u output UDP encapsulated ESP packet%s\n");
934: p(esps_udpinval, "\t%u UDP packet%s for non-encapsulating TDB received\n");
1.20 angelos 935: p(esps_ibytes, "\t%qu input byte%s\n");
936: p(esps_obytes, "\t%qu output byte%s\n");
1.10 angelos 937:
938: #undef p
939: }
940:
941: /*
1.67 deraadt 942: * Dump IP-in-IP statistics structure.
1.10 angelos 943: */
944: void
1.103 deraadt 945: ipip_stats(char *name)
1.10 angelos 946: {
1.55 mickey 947: struct ipipstat ipipstat;
1.103 deraadt 948: int mib[] = { CTL_NET, AF_INET, IPPROTO_IPIP, IPIPCTL_STATS };
949: size_t len = sizeof(ipipstat);
1.10 angelos 950:
1.103 deraadt 951: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
952: &ipipstat, &len, NULL, 0) == -1) {
953: if (errno != ENOPROTOOPT)
954: warn(name);
1.55 mickey 955: return;
1.103 deraadt 956: }
957:
1.55 mickey 958: printf("%s:\n", name);
1.45 angelos 959: #define p(f, m) if (ipipstat.f || sflag <= 1) \
1.60 deraadt 960: printf(m, ipipstat.f, plural(ipipstat.f))
1.10 angelos 961:
1.55 mickey 962: p(ipips_ipackets, "\t%u total input packet%s\n");
963: p(ipips_opackets, "\t%u total output packet%s\n");
964: p(ipips_hdrops, "\t%u packet%s shorter than header shows\n");
965: p(ipips_pdrops, "\t%u packet%s dropped due to policy\n");
966: p(ipips_spoof, "\t%u packet%s with possibly spoofed local addresses\n");
967: p(ipips_qfull, "\t%u packet%s were dropped due to full output queue\n");
1.45 angelos 968: p(ipips_ibytes, "\t%qu input byte%s\n");
969: p(ipips_obytes, "\t%qu output byte%s\n");
1.63 deraadt 970: p(ipips_family, "\t%u protocol family mismatche%s\n");
971: p(ipips_unspec, "\t%u attempt%s to use tunnel with unspecified endpoint(s)\n");
1.69 mcbride 972: #undef p
973: }
974:
1.84 deraadt 975: /*
1.69 mcbride 976: * Dump CARP statistics structure.
977: */
978: void
1.103 deraadt 979: carp_stats(char *name)
1.69 mcbride 980: {
981: struct carpstats carpstat;
1.103 deraadt 982: int mib[] = { CTL_NET, AF_INET, IPPROTO_CARP, CARPCTL_STATS };
983: size_t len = sizeof(carpstat);
1.69 mcbride 984:
1.103 deraadt 985: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
986: &carpstat, &len, NULL, 0) == -1) {
987: if (errno != ENOPROTOOPT)
988: warn(name);
1.69 mcbride 989: return;
1.103 deraadt 990: }
991:
1.69 mcbride 992: printf("%s:\n", name);
993: #define p(f, m) if (carpstat.f || sflag <= 1) \
994: printf(m, carpstat.f, plural(carpstat.f))
995: #define p2(f, m) if (carpstat.f || sflag <= 1) \
996: printf(m, carpstat.f)
997:
1.87 mcbride 998: p(carps_ipackets, "\t%llu packet%s received (IPv4)\n");
999: p(carps_ipackets6, "\t%llu packet%s received (IPv6)\n");
1000: p(carps_badif, "\t\t%llu packet%s discarded for bad interface\n");
1.89 mcbride 1001: p(carps_badttl, "\t\t%llu packet%s discarded for wrong TTL\n");
1.87 mcbride 1002: p(carps_hdrops, "\t\t%llu packet%s shorter than header\n");
1003: p(carps_badsum, "\t\t%llu discarded for bad checksum%s\n");
1004: p(carps_badver, "\t\t%llu discarded packet%s with a bad version\n");
1005: p2(carps_badlen, "\t\t%llu discarded because packet too short\n");
1006: p2(carps_badauth, "\t\t%llu discarded for bad authentication\n");
1.106 mpf 1007: p2(carps_badvhid, "\t\t%llu discarded for unknown vhid\n");
1.87 mcbride 1008: p2(carps_badaddrs, "\t\t%llu discarded because of a bad address list\n");
1009: p(carps_opackets, "\t%llu packet%s sent (IPv4)\n");
1010: p(carps_opackets6, "\t%llu packet%s sent (IPv6)\n");
1.89 mcbride 1011: p2(carps_onomem, "\t\t%llu send failed due to mbuf memory error\n");
1.101 joel 1012: p(carps_preempt, "\t%llu transition%s to master\n");
1.51 jjbg 1013: #undef p
1.70 mcbride 1014: #undef p2
1.51 jjbg 1015: }
1016:
1.94 deraadt 1017: /*
1.75 mcbride 1018: * Dump pfsync statistics structure.
1019: */
1020: void
1.103 deraadt 1021: pfsync_stats(char *name)
1.75 mcbride 1022: {
1023: struct pfsyncstats pfsyncstat;
1.103 deraadt 1024: int mib[] = { CTL_NET, AF_INET, IPPROTO_PFSYNC, PFSYNCCTL_STATS };
1025: size_t len = sizeof(pfsyncstat);
1.75 mcbride 1026:
1.103 deraadt 1027: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
1028: &pfsyncstat, &len, NULL, 0) == -1) {
1029: if (errno != ENOPROTOOPT)
1030: warn(name);
1.75 mcbride 1031: return;
1.103 deraadt 1032: }
1033:
1.75 mcbride 1034: printf("%s:\n", name);
1035: #define p(f, m) if (pfsyncstat.f || sflag <= 1) \
1036: printf(m, pfsyncstat.f, plural(pfsyncstat.f))
1037: #define p2(f, m) if (pfsyncstat.f || sflag <= 1) \
1038: printf(m, pfsyncstat.f)
1039:
1.86 mcbride 1040: p(pfsyncs_ipackets, "\t%llu packet%s received (IPv4)\n");
1041: p(pfsyncs_ipackets6, "\t%llu packet%s received (IPv6)\n");
1042: p(pfsyncs_badif, "\t\t%llu packet%s discarded for bad interface\n");
1043: p(pfsyncs_badttl, "\t\t%llu packet%s discarded for bad ttl\n");
1044: p(pfsyncs_hdrops, "\t\t%llu packet%s shorter than header\n");
1045: p(pfsyncs_badver, "\t\t%llu packet%s discarded for bad version\n");
1046: p(pfsyncs_badauth, "\t\t%llu packet%s discarded for bad HMAC\n");
1047: p(pfsyncs_badact,"\t\t%llu packet%s discarded for bad action\n");
1048: p(pfsyncs_badlen, "\t\t%llu packet%s discarded for short packet\n");
1049: p(pfsyncs_badval, "\t\t%llu state%s discarded for bad values\n");
1050: p(pfsyncs_stale, "\t\t%llu stale state%s\n");
1051: p(pfsyncs_badstate, "\t\t%llu failed state lookup/insert%s\n");
1052: p(pfsyncs_opackets, "\t%llu packet%s sent (IPv4)\n");
1053: p(pfsyncs_opackets6, "\t%llu packet%s sent (IPv6)\n");
1054: p2(pfsyncs_onomem, "\t\t%llu send failed due to mbuf memory error\n");
1055: p2(pfsyncs_oerrors, "\t\t%llu send error\n");
1.107 gollo 1056: #undef p
1057: #undef p2
1058: }
1059:
1060: /*
1061: * Dump pflow statistics structure.
1062: */
1063: void
1064: pflow_stats(char *name)
1065: {
1066: struct pflowstats flowstats;
1067: int mib[] = { CTL_NET, PF_PFLOW, NET_PFLOW_STATS };
1068: size_t len = sizeof(struct pflowstats);
1069:
1070: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]), &flowstats, &len,
1071: NULL, 0) == -1) {
1072: if (errno != ENOPROTOOPT)
1073: warn(name);
1074: return;
1075: }
1076:
1077: printf("%s:\n", name);
1078: #define p(f, m) if (flowstats.f || sflag <= 1) \
1079: printf(m, flowstats.f, plural(flowstats.f))
1080: #define p2(f, m) if (flowstats.f || sflag <= 1) \
1081: printf(m, flowstats.f)
1082:
1083: p(pflow_flows, "\t%llu flow%s sent\n");
1084: p(pflow_packets, "\t%llu packet%s sent\n");
1085: p2(pflow_onomem, "\t\t%llu send failed due to mbuf memory error\n");
1086: p2(pflow_oerrors, "\t\t%llu send error\n");
1.75 mcbride 1087: #undef p
1088: #undef p2
1089: }
1090:
1.51 jjbg 1091: /*
1092: * Dump IPCOMP statistics structure.
1093: */
1094: void
1.103 deraadt 1095: ipcomp_stats(char *name)
1.51 jjbg 1096: {
1097: struct ipcompstat ipcompstat;
1.103 deraadt 1098: int mib[] = { CTL_NET, AF_INET, IPPROTO_IPCOMP, IPCOMPCTL_STATS };
1099: size_t len = sizeof(ipcompstat);
1.51 jjbg 1100:
1.103 deraadt 1101: if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
1102: &ipcompstat, &len, NULL, 0) == -1) {
1103: if (errno != ENOPROTOOPT)
1104: warn(name);
1.51 jjbg 1105: return;
1.103 deraadt 1106: }
1107:
1.51 jjbg 1108: printf("%s:\n", name);
1109: #define p(f, m) if (ipcompstat.f || sflag <= 1) \
1.60 deraadt 1110: printf(m, ipcompstat.f, plural(ipcompstat.f))
1.51 jjbg 1111:
1112: p(ipcomps_input, "\t%u input IPCOMP packet%s\n");
1113: p(ipcomps_output, "\t%u output IPCOMP packet%s\n");
1114: p(ipcomps_nopf, "\t%u packet%s from unsupported protocol families\n");
1115: p(ipcomps_hdrops, "\t%u packet%s shorter than header shows\n");
1116: p(ipcomps_pdrops, "\t%u packet%s dropped due to policy\n");
1117: p(ipcomps_notdb, "\t%u packet%s for which no TDB was found\n");
1118: p(ipcomps_badkcr, "\t%u input packet%s that failed to be processed\n");
1.55 mickey 1119: p(ipcomps_noxform, "\t%u packet%s for which no XFORM was set in TDB received\n");
1.51 jjbg 1120: p(ipcomps_qfull, "\t%u packet%s were dropped due to full output queue\n");
1121: p(ipcomps_wrap, "\t%u packet%s where counter wrapping was detected\n");
1.62 jsyn 1122: p(ipcomps_invalid, "\t%u packet%s attempted to use an invalid TDB\n");
1.51 jjbg 1123: p(ipcomps_toobig, "\t%u packet%s got larger than max IP packet size\n");
1124: p(ipcomps_crypto, "\t%u packet%s that failed (de)compression processing\n");
1.64 jason 1125: p(ipcomps_minlen, "\t%u packet%s less than minimum compression length\n");
1.51 jjbg 1126: p(ipcomps_ibytes, "\t%qu input byte%s\n");
1127: p(ipcomps_obytes, "\t%qu output byte%s\n");
1128:
1.10 angelos 1129: #undef p
1.1 deraadt 1130: }
1.96 markus 1131:
1132: /*
1133: * Dump the contents of a TCPCB
1134: */
1135: void
1136: tcp_dump(u_long off)
1137: {
1138: struct tcpcb tcpcb;
1139:
1140: if (off == 0)
1141: return;
1142: kread(off, (char *)&tcpcb, sizeof (tcpcb));
1143:
1144: #define p(fmt, v, sep) printf(#v " " fmt sep, tcpcb.v);
1.100 ray 1145: printf("pcb %#lx, ", off);
1.96 markus 1146: p("%p", t_inpcb, "\n");
1147: p("%d", t_state, "");
1148: if (tcpcb.t_state >= 0 && tcpcb.t_state < TCP_NSTATES)
1149: printf(" (%s)", tcpstates[tcpcb.t_state]);
1150: printf("\n");
1151: p("%d", t_rxtshift, ", ");
1152: p("%d", t_rxtcur, ", ");
1153: p("%d", t_dupacks, "\n");
1154: p("%u", t_maxseg, ", ");
1155: p("%u", t_maxopd, ", ");
1156: p("%u", t_peermss, "\n");
1157: p("0x%x", t_flags, ", ");
1158: p("%u", t_force, "\n");
1159: p("%u", iss, "\n");
1160: p("%u", snd_una, ", ");
1161: p("%u", snd_nxt, ", ");
1162: p("%u", snd_up, "\n");
1163: p("%u", snd_wl1, ", ");
1164: p("%u", snd_wl2, ", ");
1165: p("%lu", snd_wnd, "\n");
1166: p("%d", sack_enable, ", ");
1167: p("%d", snd_numholes, ", ");
1168: p("%u", snd_fack, ", ");
1169: p("%lu",snd_awnd, "\n");
1170: p("%u", retran_data, ", ");
1171: p("%u", snd_last, "\n");
1172: p("%u", irs, "\n");
1173: p("%u", rcv_nxt, ", ");
1174: p("%u", rcv_up, ", ");
1175: p("%lu", rcv_wnd, "\n");
1176: p("%u", rcv_lastsack, "\n");
1177: p("%d", rcv_numsacks, "\n");
1178: p("%u", rcv_adv, ", ");
1179: p("%u", snd_max, "\n");
1180: p("%lu", snd_cwnd, ", ");
1181: p("%lu", snd_ssthresh, ", ");
1182: p("%lu", max_sndwnd, "\n");
1183: p("%u", t_rcvtime, ", ");
1184: p("%u", t_rtttime, ", ");
1185: p("%u", t_rtseq, "\n");
1186: p("%u", t_srtt, ", ");
1187: p("%u", t_rttvar, ", ");
1188: p("%u", t_rttmin, "\n");
1189: p("%u", t_oobflags, ", ");
1190: p("%u", t_iobc, "\n");
1191: p("%u", t_softerror, "\n");
1192: p("%u", snd_scale, ", ");
1193: p("%u", rcv_scale, ", ");
1194: p("%u", request_r_scale, ", ");
1195: p("%u", requested_s_scale, "\n");
1196: p("%u", ts_recent, ", ");
1197: p("%u", ts_recent_age, "\n");
1198: p("%u", last_ack_sent, "\n");
1.98 markus 1199: HTONS(tcpcb.t_pmtud_ip_len);
1200: HTONS(tcpcb.t_pmtud_nextmtu);
1201: p("%u", t_pmtud_mss_acked, ", ");
1202: p("%u", t_pmtud_mtu_sent, "\n");
1203: p("%u", t_pmtud_nextmtu, ", ");
1204: p("%u", t_pmtud_ip_len, ", ");
1205: p("%u", t_pmtud_ip_hl, "\n");
1206: p("%u", t_pmtud_th_seq, "\n");
1.96 markus 1207: p("%u", pf, "\n");
1208: #undef p
1.98 markus 1209: }