summaryrefslogtreecommitdiff
path: root/usr.bin/netstat
diff options
context:
space:
mode:
authorMartin Pieuchot <mpi@cvs.openbsd.org>2018-08-13 14:36:55 +0000
committerMartin Pieuchot <mpi@cvs.openbsd.org>2018-08-13 14:36:55 +0000
commit48190d6336759198a53313145d4cd5ed10000b42 (patch)
tree1c6b6cfb4bf58b99128c1de0b441414015cf2bf0 /usr.bin/netstat
parent02dc1e8680f7bb858d97db9652c373f10a7b10d6 (diff)
Print global IPsec counters.
ok markus@
Diffstat (limited to 'usr.bin/netstat')
-rw-r--r--usr.bin/netstat/inet.c36
-rw-r--r--usr.bin/netstat/main.c3
-rw-r--r--usr.bin/netstat/netstat.h3
3 files changed, 39 insertions, 3 deletions
diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c
index af37c5cd761..8e490540955 100644
--- a/usr.bin/netstat/inet.c
+++ b/usr.bin/netstat/inet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: inet.c,v 1.162 2017/11/07 16:51:23 visa Exp $ */
+/* $OpenBSD: inet.c,v 1.163 2018/08/13 14:36:54 mpi Exp $ */
/* $NetBSD: inet.c,v 1.14 1995/10/03 21:42:37 thorpej Exp $ */
/*
@@ -1010,6 +1010,40 @@ etherip_stats(char *name)
}
/*
+ * Dump IPsec statistics structure.
+ */
+void
+ipsec_stats(char *name)
+{
+ struct ipsecstat ipsecstat;
+ int mib[] = { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_IPSEC_STATS };
+ size_t len = sizeof(ipsecstat);
+
+ if (sysctl(mib, sizeof(mib) / sizeof(mib[0]),
+ &ipsecstat, &len, NULL, 0) == -1) {
+ if (errno != ENOPROTOOPT)
+ warn("%s", name);
+ return;
+ }
+
+ printf("%s:\n", name);
+#define p(f, m) if (ipsecstat.f || sflag <= 1) \
+ printf(m, ipsecstat.f, plural(ipsecstat.f))
+ p(ipsec_ipackets, "\t%llu input IPsec packet%s\n");
+ p(ipsec_opackets, "\t%llu output IPsec packet%s\n");
+ p(ipsec_ibytes, "\t%llu input byte%s\n");
+ p(ipsec_obytes, "\t%llu output byte%s\n");
+ p(ipsec_idecompbytes, "\t%llu input byte%s, decompressed\n");
+ p(ipsec_ouncompbytes, "\t%llu output byte%s, uncompressed\n");
+ p(ipsec_idrops, "\t%llu packet%s dropped on input\n");
+ p(ipsec_odrops, "\t%llu packet%s dropped on output\n");
+ p(ipsec_crypto, "\t%llu packet%s that failed crypto processing\n");
+ p(ipsec_noxform, "\t%llu packet%s for which no XFORM was set in TDB received\n");
+ p(ipsec_notdb, "\t%llu packet%s for which no TDB was found\n");
+#undef p
+}
+
+/*
* Dump ESP statistics structure.
*/
void
diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c
index f2310f3dffd..17c889768a2 100644
--- a/usr.bin/netstat/main.c
+++ b/usr.bin/netstat/main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: main.c,v 1.112 2017/08/12 03:21:02 benno Exp $ */
+/* $OpenBSD: main.c,v 1.113 2018/08/13 14:36:54 mpi Exp $ */
/* $NetBSD: main.c,v 1.9 1996/05/07 02:55:02 thorpej Exp $ */
/*
@@ -77,6 +77,7 @@ struct protox {
{ ipip_stats, "ipencap", 0 },
{ tcp_stats, "tcp", IPPROTO_TCP },
{ udp_stats, "udp", IPPROTO_UDP },
+ { ipsec_stats, "ipsec", 0 },
{ esp_stats, "esp", 0 },
{ ah_stats, "ah", 0 },
{ etherip_stats,"etherip", 0 },
diff --git a/usr.bin/netstat/netstat.h b/usr.bin/netstat/netstat.h
index 4782b700d24..2cd9f6c0ae1 100644
--- a/usr.bin/netstat/netstat.h
+++ b/usr.bin/netstat/netstat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: netstat.h,v 1.71 2017/08/12 03:21:02 benno Exp $ */
+/* $OpenBSD: netstat.h,v 1.72 2018/08/13 14:36:54 mpi Exp $ */
/* $NetBSD: netstat.h,v 1.6 1996/05/07 02:55:05 thorpej Exp $ */
/*
@@ -92,6 +92,7 @@ void icmp_stats(char *);
void igmp_stats(char *);
void pim_stats(char *);
void ah_stats(char *);
+void ipsec_stats(char *);
void esp_stats(char *);
void ipip_stats(char *);
void carp_stats (char *);