From 67852c399647b9fc13d474fd298d0bf9249860bd Mon Sep 17 00:00:00 2001 From: mpi Date: Mon, 13 Aug 2018 14:36:54 +0000 Subject: [PATCH] Print global IPsec counters. ok markus@ --- usr.bin/netstat/inet.c | 36 +++++++++++++++++++++++++++++++++++- usr.bin/netstat/main.c | 3 ++- usr.bin/netstat/netstat.h | 3 ++- 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c index af37c5cd761..8e490540955 100644 --- a/usr.bin/netstat/inet.c +++ b/usr.bin/netstat/inet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet.c,v 1.162 2017/11/07 16:51:23 visa Exp $ */ +/* $OpenBSD: inet.c,v 1.163 2018/08/13 14:36:54 mpi Exp $ */ /* $NetBSD: inet.c,v 1.14 1995/10/03 21:42:37 thorpej Exp $ */ /* @@ -1009,6 +1009,40 @@ etherip_stats(char *name) #undef p } +/* + * Dump IPsec statistics structure. + */ +void +ipsec_stats(char *name) +{ + struct ipsecstat ipsecstat; + int mib[] = { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_STATS }; + size_t len = sizeof(ipsecstat); + + if (sysctl(mib, sizeof(mib) / sizeof(mib[0]), + &ipsecstat, &len, NULL, 0) == -1) { + if (errno != ENOPROTOOPT) + warn("%s", name); + return; + } + + printf("%s:\n", name); +#define p(f, m) if (ipsecstat.f || sflag <= 1) \ + printf(m, ipsecstat.f, plural(ipsecstat.f)) + p(ipsec_ipackets, "\t%llu input IPsec packet%s\n"); + p(ipsec_opackets, "\t%llu output IPsec packet%s\n"); + p(ipsec_ibytes, "\t%llu input byte%s\n"); + p(ipsec_obytes, "\t%llu output byte%s\n"); + p(ipsec_idecompbytes, "\t%llu input byte%s, decompressed\n"); + p(ipsec_ouncompbytes, "\t%llu output byte%s, uncompressed\n"); + p(ipsec_idrops, "\t%llu packet%s dropped on input\n"); + p(ipsec_odrops, "\t%llu packet%s dropped on output\n"); + p(ipsec_crypto, "\t%llu packet%s that failed crypto processing\n"); + p(ipsec_noxform, "\t%llu packet%s for which no XFORM was set in TDB received\n"); + p(ipsec_notdb, "\t%llu packet%s for which no TDB was found\n"); +#undef p +} + /* * Dump ESP statistics structure. */ diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c index f2310f3dffd..17c889768a2 100644 --- a/usr.bin/netstat/main.c +++ b/usr.bin/netstat/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.112 2017/08/12 03:21:02 benno Exp $ */ +/* $OpenBSD: main.c,v 1.113 2018/08/13 14:36:54 mpi Exp $ */ /* $NetBSD: main.c,v 1.9 1996/05/07 02:55:02 thorpej Exp $ */ /* @@ -77,6 +77,7 @@ struct protox { { ipip_stats, "ipencap", 0 }, { tcp_stats, "tcp", IPPROTO_TCP }, { udp_stats, "udp", IPPROTO_UDP }, + { ipsec_stats, "ipsec", 0 }, { esp_stats, "esp", 0 }, { ah_stats, "ah", 0 }, { etherip_stats,"etherip", 0 }, diff --git a/usr.bin/netstat/netstat.h b/usr.bin/netstat/netstat.h index 4782b700d24..2cd9f6c0ae1 100644 --- a/usr.bin/netstat/netstat.h +++ b/usr.bin/netstat/netstat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: netstat.h,v 1.71 2017/08/12 03:21:02 benno Exp $ */ +/* $OpenBSD: netstat.h,v 1.72 2018/08/13 14:36:54 mpi Exp $ */ /* $NetBSD: netstat.h,v 1.6 1996/05/07 02:55:05 thorpej Exp $ */ /* @@ -92,6 +92,7 @@ void icmp_stats(char *); void igmp_stats(char *); void pim_stats(char *); void ah_stats(char *); +void ipsec_stats(char *); void esp_stats(char *); void ipip_stats(char *); void carp_stats (char *); -- 2.20.1