search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge from vendor branch PKGSRC:
[netbsd-mini2440.git] / usr.bin / systat / ipsec.c
blob7e67b7e9fa594dd7c717422067aec6e4f0dd0a51
1 /* $NetBSD: ipsec.c,v 1.9 2006/10/22 16:43:24 christos Exp $ */
2
3 /*
4 * Copyright (c) 1999, 2000 Andrew Doran <ad@NetBSD.org>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 *
28 */
29
30 #include <sys/cdefs.h>
31 #ifndef lint
32 __RCSID("$NetBSD: ipsec.c,v 1.9 2006/10/22 16:43:24 christos Exp $");
33 #endif /* not lint */
34
35 #include <sys/param.h>
36 #include <sys/sysctl.h>
37
38 #include <netinet/in.h>
39 #include <netinet6/ipsec.h>
40
41 #include <string.h>
42
43 #include "systat.h"
44 #include "extern.h"
45
46 #define LHD(row, str) mvwprintw(wnd, row, 10, str)
47 #define RHD(row, str) mvwprintw(wnd, row, 45, str);
48 #define SHOW(stat, row, col) \
49 mvwprintw(wnd, row, col, "%9llu", (unsigned long long)curstat.stat)
50
51 struct mystat {
52 uint64_t i4[IPSEC_NSTATS];
53 #ifdef INET6
54 uint64_t i6[IPSEC_NSTATS];
55 #endif
56 };
57
58 enum update {
59 UPDATE_TIME,
60 UPDATE_BOOT,
61 UPDATE_RUN,
62 };
63
64 static enum update update = UPDATE_TIME;
65 static struct mystat curstat;
66 static struct mystat newstat;
67 static struct mystat oldstat;
68
69 static struct nlist namelist[] = {
70 { .n_name = "_ipsecstat" },
71 #ifdef INET6
72 { .n_name = "_ipsec6stat" },
73 #endif
74 { .n_name = NULL }
75 };
76
77 WINDOW *
78 openipsec(void)
79 {
80
81 return (subwin(stdscr, -1, 0, 5, 0));
82 }
83
84 void
85 closeipsec(WINDOW *w)
86 {
87
88 if (w != NULL) {
89 wclear(w);
90 wrefresh(w);
91 delwin(w);
92 }
93 }
94
95 void
96 labelipsec(void)
97 {
98
99 wmove(wnd, 0, 0); wclrtoeol(wnd);
100
101 if (namelist[0].n_type) {
102 mvwprintw(wnd, 0, 0, "------ IPv4 IPsec input ------");
103 LHD(1, "processed successfully");
104 LHD(2, "violated process policy");
105 LHD(3, "with no SA available");
106 LHD(4, "failed due to EINVAL");
107 LHD(5, "failed getting SPI");
108 LHD(6, "failed on AH replay check");
109 LHD(7, "failed on ESP replay check");
110 LHD(8, "considered authentic");
111 LHD(9, "failed on authentication");
112
113 mvwprintw(wnd, 11, 0, "------ IPv4 IPsec output ------");
114 LHD(12, "processed successfully");
115 LHD(13, "violated process policy");
116 LHD(14, "with no SA available");
117 LHD(15, "failed processing due to EINVAL");
118 LHD(16, "with no route");
119 }
120
121 #ifdef INET6
122 if (namelist[1].n_type) {
123 mvwprintw(wnd, 0, 35, "------ IPv6 IPsec input ------");
124 RHD(1, "processed successfully");
125 RHD(2, "violated process policy");
126 RHD(3, "with no SA available");
127 RHD(4, "failed due to EINVAL");
128 RHD(5, "failed getting SPI");
129 RHD(6, "failed on AH replay check");
130 RHD(7, "failed on ESP replay check");
131 RHD(8, "considered authentic");
132 RHD(9, "failed on authentication");
133
134 mvwprintw(wnd, 11, 35, "------ IPv6 IPsec output ------");
135 RHD(12, "processed successfully");
136 RHD(13, "violated process policy");
137 RHD(14, "with no SA available");
138 RHD(15, "failed due to EINVAL");
139 RHD(16, "with no route");
140 }
141 #endif
142 }
143
144 void
145 showipsec(void)
146 {
147
148 if (namelist[0].n_type) {
149 SHOW(i4[IPSEC_STAT_IN_SUCCESS], 1, 0);
150 SHOW(i4[IPSEC_STAT_IN_POLVIO], 2, 0);
151 SHOW(i4[IPSEC_STAT_IN_NOSA], 3, 0);
152 SHOW(i4[IPSEC_STAT_IN_INVAL], 4, 0);
153 SHOW(i4[IPSEC_STAT_IN_BADSPI], 5, 0);
154 SHOW(i4[IPSEC_STAT_IN_AHREPLAY], 6, 0);
155 SHOW(i4[IPSEC_STAT_IN_ESPREPLAY], 7, 0);
156 SHOW(i4[IPSEC_STAT_IN_AHAUTHSUCC], 8, 0);
157 SHOW(i4[IPSEC_STAT_IN_AHAUTHFAIL], 9, 0);
158
159 SHOW(i4[IPSEC_STAT_OUT_SUCCESS], 12, 0);
160 SHOW(i4[IPSEC_STAT_OUT_POLVIO], 13, 0);
161 SHOW(i4[IPSEC_STAT_OUT_NOSA], 14, 0);
162 SHOW(i4[IPSEC_STAT_OUT_INVAL], 15, 0);
163 SHOW(i4[IPSEC_STAT_OUT_NOROUTE], 16, 0);
164 }
165
166 #ifdef INET6
167 if (namelist[1].n_type) {
168 SHOW(i6[IPSEC_STAT_IN_SUCCESS], 1, 35);
169 SHOW(i6[IPSEC_STAT_IN_POLVIO], 2, 35);
170 SHOW(i6[IPSEC_STAT_IN_NOSA], 3, 35);
171 SHOW(i6[IPSEC_STAT_IN_INVAL], 4, 35);
172 SHOW(i6[IPSEC_STAT_IN_BADSPI], 5, 35);
173 SHOW(i6[IPSEC_STAT_IN_AHREPLAY], 6, 35);
174 SHOW(i6[IPSEC_STAT_IN_ESPREPLAY], 7, 35);
175 SHOW(i6[IPSEC_STAT_IN_AHAUTHSUCC], 8, 35);
176 SHOW(i6[IPSEC_STAT_IN_AHAUTHFAIL], 9, 35);
177
178 SHOW(i6[IPSEC_STAT_OUT_SUCCESS], 12, 35);
179 SHOW(i6[IPSEC_STAT_OUT_POLVIO], 13, 35);
180 SHOW(i6[IPSEC_STAT_OUT_NOSA], 14, 35);
181 SHOW(i6[IPSEC_STAT_OUT_INVAL], 15, 35);
182 SHOW(i6[IPSEC_STAT_OUT_NOROUTE], 16, 35);
183 }
184 #endif
185 }
186
187 int
188 initipsec(void)
189 {
190
191 if (! use_sysctl) {
192 int n;
193
194 if (namelist[0].n_type == 0) {
195 n = kvm_nlist(kd, namelist);
196 if (n < 0) {
197 nlisterr(namelist);
198 return(0);
199 } else if (n == sizeof(namelist) /
200 sizeof(namelist[0]) - 1) {
201 error("No namelist");
202 return(0);
203 }
204 }
205 }
206 return 1;
207 }
208
209 void
210 fetchipsec(void)
211 {
212 bool do_ipsec4 = false;
213 #ifdef INET6
214 bool do_ipsec6 = false;
215 #endif
216 u_int i;
217
218 if (use_sysctl) {
219 size_t size = sizeof(newstat.i4);
220
221 if (sysctlbyname("net.inet.ipsec.stats", newstat.i4, &size,
222 NULL, 0) == 0) {
223 do_ipsec4 = true;
224 }
225 } else {
226 if (namelist[0].n_type) {
227 KREAD((void *)namelist[0].n_value, &newstat.i4,
228 sizeof(newstat.i4));
229 do_ipsec4 = true;
230 }
231 }
232
233 if (do_ipsec4) {
234 for (i = 0; i < IPSEC_NSTATS; i++) {
235 ADJINETCTR(curstat, oldstat, newstat, i4[i]);
236 }
237 }
238
239 #ifdef INET6
240 if (use_sysctl) {
241 size_t size = sizeof(newstat.i6);
242
243 if (sysctlbyname("net.inet6.ipsec6.stats", newstat.i6, &size,
244 NULL, 0) == 0) {
245 do_ipsec6 = true;
246 }
247 } else {
248 if (namelist[1].n_type) {
249 KREAD((void *)namelist[1].n_value, &newstat.i6,
250 sizeof(newstat.i6));
251 do_ipsec6 = true;
252 }
253 }
254
255 if (do_ipsec6) {
256 for (i = 0; i < IPSEC_NSTATS; i++) {
257 ADJINETCTR(curstat, oldstat, newstat, i6[i]);
258 }
259 }
260 #endif
261
262 if (update == UPDATE_TIME)
263 memcpy(&oldstat, &newstat, sizeof(oldstat));
264 }
265
266 void
267 ipsec_boot(char *args)
268 {
269
270 memset(&oldstat, 0, sizeof(oldstat));
271 update = UPDATE_BOOT;
272 }
273
274 void
275 ipsec_run(char *args)
276 {
277
278 if (update != UPDATE_RUN) {
279 memcpy(&oldstat, &newstat, sizeof(oldstat));
280 update = UPDATE_RUN;
281 }
282 }
283
284 void
285 ipsec_time(char *args)
286 {
287
288 if (update != UPDATE_TIME) {
289 memcpy(&oldstat, &newstat, sizeof(oldstat));
290 update = UPDATE_TIME;
291 }
292 }
293
294 void
295 ipsec_zero(char *args)
296 {
297
298 if (update == UPDATE_RUN)
299 memcpy(&oldstat, &newstat, sizeof(oldstat));
300 }
NetBSD on the FriendlyARM MINI2440