Add unifdef(1) to the bootstrap-tools.
[dragonfly.git] / usr.bin / netstat / ipsec.c
blob6fb7dda16059adc75d24515487ed651d38c33f70
1 /* $FreeBSD: src/usr.bin/netstat/ipsec.c,v 1.1.2.3 2001/08/10 09:07:09 ru Exp $ */
2 /* $DragonFly: src/usr.bin/netstat/ipsec.c,v 1.2 2003/06/17 04:29:30 dillon Exp $ */
3 /* $NetBSD: inet.c,v 1.35.2.1 1999/04/29 14:57:08 perry Exp $ */
4 /* $KAME: ipsec.c,v 1.25 2001/03/12 09:04:39 itojun Exp $ */
6 /*
7 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the project nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
34 * @(#)inet.c 8.5 (Berkeley) 5/24/95
35 * $FreeBSD: src/usr.bin/netstat/ipsec.c,v 1.1.2.3 2001/08/10 09:07:09 ru Exp $
39 * Copyright (c) 1983, 1988, 1993
40 * The Regents of the University of California. All rights reserved.
42 * Redistribution and use in source and binary forms, with or without
43 * modification, are permitted provided that the following conditions
44 * are met:
45 * 1. Redistributions of source code must retain the above copyright
46 * notice, this list of conditions and the following disclaimer.
47 * 2. Redistributions in binary form must reproduce the above copyright
48 * notice, this list of conditions and the following disclaimer in the
49 * documentation and/or other materials provided with the distribution.
50 * 3. All advertising materials mentioning features or use of this software
51 * must display the following acknowledgement:
52 * This product includes software developed by the University of
53 * California, Berkeley and its contributors.
54 * 4. Neither the name of the University nor the names of its contributors
55 * may be used to endorse or promote products derived from this software
56 * without specific prior written permission.
58 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
59 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
60 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
61 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
62 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
63 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
64 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
65 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
66 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
67 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
68 * SUCH DAMAGE.
71 #include <sys/cdefs.h>
73 #include <sys/param.h>
74 #include <sys/queue.h>
75 #include <sys/socket.h>
77 #include <netinet/in.h>
79 #ifdef IPSEC
80 #include <netinet6/ipsec.h>
81 #include <netkey/keysock.h>
82 #endif
84 #include <stdio.h>
85 #include <string.h>
86 #include <unistd.h>
87 #include "netstat.h"
90 * portability issues:
91 * - bsdi[34] uses PLURAL(), not plural().
92 * - freebsd2 can't print "unsigned long long" properly.
95 * XXX see PORTABILITY for the twist
97 #define LLU "%llu"
98 #define CAST unsigned long long
100 #ifdef IPSEC
101 struct val2str {
102 int val;
103 const char *str;
106 static struct val2str ipsec_ahnames[] = {
107 { SADB_AALG_NONE, "none", },
108 { SADB_AALG_MD5HMAC, "hmac-md5", },
109 { SADB_AALG_SHA1HMAC, "hmac-sha1", },
110 { SADB_X_AALG_MD5, "md5", },
111 { SADB_X_AALG_SHA, "sha", },
112 { SADB_X_AALG_NULL, "null", },
113 #ifdef SADB_X_AALG_SHA2_256
114 { SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
115 #endif
116 #ifdef SADB_X_AALG_SHA2_384
117 { SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
118 #endif
119 #ifdef SADB_X_AALG_SHA2_512
120 { SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
121 #endif
122 { -1, NULL },
125 static struct val2str ipsec_espnames[] = {
126 { SADB_EALG_NONE, "none", },
127 { SADB_EALG_DESCBC, "des-cbc", },
128 { SADB_EALG_3DESCBC, "3des-cbc", },
129 { SADB_EALG_NULL, "null", },
130 #ifdef SADB_X_EALG_RC5CBC
131 { SADB_X_EALG_RC5CBC, "rc5-cbc", },
132 #endif
133 { SADB_X_EALG_CAST128CBC, "cast128-cbc", },
134 { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
135 #ifdef SADB_X_EALG_RIJNDAELCBC
136 { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
137 #endif
138 { -1, NULL },
141 static struct val2str ipsec_compnames[] = {
142 { SADB_X_CALG_NONE, "none", },
143 { SADB_X_CALG_OUI, "oui", },
144 { SADB_X_CALG_DEFLATE, "deflate", },
145 { SADB_X_CALG_LZS, "lzs", },
146 { -1, NULL },
149 static const char *pfkey_msgtypenames[] = {
150 "reserved", "getspi", "update", "add", "delete",
151 "get", "acquire", "register", "expire", "flush",
152 "dump", "x_promisc", "x_pchange", "x_spdupdate", "x_spdadd",
153 "x_spddelete", "x_spdget", "x_spdacquire", "x_spddump", "x_spdflush",
154 "x_spdsetidx", "x_spdexpire", "x_spddelete2"
157 static struct ipsecstat ipsecstat;
159 static void print_ipsecstats (void);
160 static const char *pfkey_msgtype_names (int);
161 static void ipsec_hist (const u_quad_t *, size_t, const struct val2str *,
162 const char *);
165 * Dump IPSEC statistics structure.
167 static void
168 ipsec_hist(const u_quad_t *hist,
169 size_t histmax,
170 const struct val2str *name,
171 const char *title)
173 int first;
174 size_t proto;
175 const struct val2str *p;
177 first = 1;
178 for (proto = 0; proto < histmax; proto++) {
179 if (hist[proto] <= 0)
180 continue;
181 if (first) {
182 printf("\t%s histogram:\n", title);
183 first = 0;
185 for (p = name; p && p->str; p++) {
186 if (p->val == (int)proto)
187 break;
189 if (p && p->str) {
190 printf("\t\t%s: " LLU "\n", p->str, (CAST)hist[proto]);
191 } else {
192 printf("\t\t#%ld: " LLU "\n", (long)proto,
193 (CAST)hist[proto]);
198 static void
199 print_ipsecstats(void)
201 #define p(f, m) if (ipsecstat.f || sflag <= 1) \
202 printf(m, (CAST)ipsecstat.f, plural(ipsecstat.f))
203 #define hist(f, n, t) \
204 ipsec_hist((f), sizeof(f)/sizeof(f[0]), (n), (t));
206 p(in_success, "\t" LLU " inbound packet%s processed successfully\n");
207 p(in_polvio, "\t" LLU " inbound packet%s violated process security "
208 "policy\n");
209 p(in_nosa, "\t" LLU " inbound packet%s with no SA available\n");
210 p(in_inval, "\t" LLU " invalid inbound packet%s\n");
211 p(in_nomem, "\t" LLU " inbound packet%s failed due to insufficient memory\n");
212 p(in_badspi, "\t" LLU " inbound packet%s failed getting SPI\n");
213 p(in_ahreplay, "\t" LLU " inbound packet%s failed on AH replay check\n");
214 p(in_espreplay, "\t" LLU " inbound packet%s failed on ESP replay check\n");
215 p(in_ahauthsucc, "\t" LLU " inbound packet%s considered authentic\n");
216 p(in_ahauthfail, "\t" LLU " inbound packet%s failed on authentication\n");
217 hist(ipsecstat.in_ahhist, ipsec_ahnames, "AH input");
218 hist(ipsecstat.in_esphist, ipsec_espnames, "ESP input");
219 hist(ipsecstat.in_comphist, ipsec_compnames, "IPComp input");
221 p(out_success, "\t" LLU " outbound packet%s processed successfully\n");
222 p(out_polvio, "\t" LLU " outbound packet%s violated process security "
223 "policy\n");
224 p(out_nosa, "\t" LLU " outbound packet%s with no SA available\n");
225 p(out_inval, "\t" LLU " invalid outbound packet%s\n");
226 p(out_nomem, "\t" LLU " outbound packet%s failed due to insufficient memory\n");
227 p(out_noroute, "\t" LLU " outbound packet%s with no route\n");
228 hist(ipsecstat.out_ahhist, ipsec_ahnames, "AH output");
229 hist(ipsecstat.out_esphist, ipsec_espnames, "ESP output");
230 hist(ipsecstat.out_comphist, ipsec_compnames, "IPComp output");
231 #undef p
232 #undef hist
235 void
236 ipsec_stats(u_long off __unused, const char *name, int af1 __unused)
238 if (off == 0)
239 return;
240 printf ("%s:\n", name);
241 kread(off, (char *)&ipsecstat, sizeof (ipsecstat));
243 print_ipsecstats();
246 static const char *
247 pfkey_msgtype_names(int x)
249 const int max =
250 sizeof(pfkey_msgtypenames)/sizeof(pfkey_msgtypenames[0]);
251 static char buf[10];
253 if (x < max && pfkey_msgtypenames[x])
254 return pfkey_msgtypenames[x];
255 snprintf(buf, sizeof(buf), "#%d", x);
256 return buf;
259 void
260 pfkey_stats(u_long off __unused, const char *name, int af1 __unused)
262 struct pfkeystat pfkeystat;
263 unsigned first, type;
265 if (off == 0)
266 return;
267 printf ("%s:\n", name);
268 kread(off, (char *)&pfkeystat, sizeof(pfkeystat));
270 #define p(f, m) if (pfkeystat.f || sflag <= 1) \
271 printf(m, (CAST)pfkeystat.f, plural(pfkeystat.f))
273 /* kernel -> userland */
274 p(out_total, "\t" LLU " request%s sent to userland\n");
275 p(out_bytes, "\t" LLU " byte%s sent to userland\n");
276 for (first = 1, type = 0;
277 type < sizeof(pfkeystat.out_msgtype)/sizeof(pfkeystat.out_msgtype[0]);
278 type++) {
279 if (pfkeystat.out_msgtype[type] <= 0)
280 continue;
281 if (first) {
282 printf("\thistogram by message type:\n");
283 first = 0;
285 printf("\t\t%s: " LLU "\n", pfkey_msgtype_names(type),
286 (CAST)pfkeystat.out_msgtype[type]);
288 p(out_invlen, "\t" LLU " message%s with invalid length field\n");
289 p(out_invver, "\t" LLU " message%s with invalid version field\n");
290 p(out_invmsgtype, "\t" LLU " message%s with invalid message type field\n");
291 p(out_tooshort, "\t" LLU " message%s too short\n");
292 p(out_nomem, "\t" LLU " message%s with memory allocation failure\n");
293 p(out_dupext, "\t" LLU " message%s with duplicate extension\n");
294 p(out_invexttype, "\t" LLU " message%s with invalid extension type\n");
295 p(out_invsatype, "\t" LLU " message%s with invalid sa type\n");
296 p(out_invaddr, "\t" LLU " message%s with invalid address extension\n");
298 /* userland -> kernel */
299 p(in_total, "\t" LLU " request%s sent from userland\n");
300 p(in_bytes, "\t" LLU " byte%s sent from userland\n");
301 for (first = 1, type = 0;
302 type < sizeof(pfkeystat.in_msgtype)/sizeof(pfkeystat.in_msgtype[0]);
303 type++) {
304 if (pfkeystat.in_msgtype[type] <= 0)
305 continue;
306 if (first) {
307 printf("\thistogram by message type:\n");
308 first = 0;
310 printf("\t\t%s: " LLU "\n", pfkey_msgtype_names(type),
311 (CAST)pfkeystat.in_msgtype[type]);
313 p(in_msgtarget[KEY_SENDUP_ONE],
314 "\t" LLU " message%s toward single socket\n");
315 p(in_msgtarget[KEY_SENDUP_ALL],
316 "\t" LLU " message%s toward all sockets\n");
317 p(in_msgtarget[KEY_SENDUP_REGISTERED],
318 "\t" LLU " message%s toward registered sockets\n");
319 p(in_nomem, "\t" LLU " message%s with memory allocation failure\n");
320 #undef p
322 #endif /*IPSEC*/