Print global IPsec counters.

ok markus@

diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c
index af37c5c..8e49054 100644 (file)
--- a/usr.bin/netstat/inet.c
+++ b/usr.bin/netstat/inet.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: inet.c,v 1.162 2017/11/07 16:51:23 visa Exp $ */
+/*     $OpenBSD: inet.c,v 1.163 2018/08/13 14:36:54 mpi Exp $  */
 /*     $NetBSD: inet.c,v 1.14 1995/10/03 21:42:37 thorpej Exp $        */
 
 /*
@@ -1009,6 +1009,40 @@ etherip_stats(char *name)
 #undef p
 }
 
+/*
+ * Dump IPsec statistics structure.
+ */
+void
+ipsec_stats(char *name)
+{
+       struct ipsecstat ipsecstat;
+       int mib[] = { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_STATS };
+       size_t len = sizeof(ipsecstat);
+
+       if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
+           &ipsecstat, &len, NULL, 0) == -1) {
+               if (errno != ENOPROTOOPT)
+                       warn("%s", name);
+               return;
+       }
+
+       printf("%s:\n", name);
+#define p(f, m) if (ipsecstat.f || sflag <= 1) \
+       printf(m, ipsecstat.f, plural(ipsecstat.f))
+       p(ipsec_ipackets, "\t%llu input IPsec packet%s\n");
+       p(ipsec_opackets, "\t%llu output IPsec packet%s\n");
+       p(ipsec_ibytes, "\t%llu input byte%s\n");
+       p(ipsec_obytes, "\t%llu output byte%s\n");
+       p(ipsec_idecompbytes, "\t%llu input byte%s, decompressed\n");
+       p(ipsec_ouncompbytes, "\t%llu output byte%s, uncompressed\n");
+       p(ipsec_idrops, "\t%llu packet%s dropped on input\n");
+       p(ipsec_odrops, "\t%llu packet%s dropped on output\n");
+       p(ipsec_crypto, "\t%llu packet%s that failed crypto processing\n");
+       p(ipsec_noxform, "\t%llu packet%s for which no XFORM was set in TDB received\n");
+       p(ipsec_notdb, "\t%llu packet%s for which no TDB was found\n");
+#undef p
+}
+
 /*
  * Dump ESP statistics structure.
  */

diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c
index f2310f3..17c8897 100644 (file)
--- a/usr.bin/netstat/main.c
+++ b/usr.bin/netstat/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.112 2017/08/12 03:21:02 benno Exp $        */
+/*     $OpenBSD: main.c,v 1.113 2018/08/13 14:36:54 mpi Exp $  */
 /*     $NetBSD: main.c,v 1.9 1996/05/07 02:55:02 thorpej Exp $ */
 
 /*
@@ -77,6 +77,7 @@ struct protox {
        { ipip_stats,   "ipencap", 0 },
        { tcp_stats,    "tcp",  IPPROTO_TCP },
        { udp_stats,    "udp",  IPPROTO_UDP },
+       { ipsec_stats,  "ipsec", 0 },
        { esp_stats,    "esp", 0 },
        { ah_stats,     "ah", 0 },
        { etherip_stats,"etherip", 0 },

diff --git a/usr.bin/netstat/netstat.h b/usr.bin/netstat/netstat.h
index 4782b70..2cd9f6c 100644 (file)
--- a/usr.bin/netstat/netstat.h
+++ b/usr.bin/netstat/netstat.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: netstat.h,v 1.71 2017/08/12 03:21:02 benno Exp $      */
+/*     $OpenBSD: netstat.h,v 1.72 2018/08/13 14:36:54 mpi Exp $        */
 /*     $NetBSD: netstat.h,v 1.6 1996/05/07 02:55:05 thorpej Exp $      */
 
 /*
@@ -92,6 +92,7 @@ void  icmp_stats(char *);
 void   igmp_stats(char *);
 void   pim_stats(char *);
 void   ah_stats(char *);
+void   ipsec_stats(char *);
 void   esp_stats(char *);
 void   ipip_stats(char *);
 void   carp_stats (char *);