diff options
| author | Michele Marchetto <michele@cvs.openbsd.org> | 2009-10-04 16:08:38 +0000 |
|---|---|---|
| committer | Michele Marchetto <michele@cvs.openbsd.org> | 2009-10-04 16:08:38 +0000 |
| commit | 82b30916c9515794d7aca77e8c937fc5e0455586 (patch) | |
| tree | ce06c3cb91a134e4d7d4cb69f04155cf3c8ba2dc /usr.bin | |
| parent | dd5c2f75fe5e092eb892c438f7f87faa2e57fcb6 (diff) | |
Add (again) support for divert sockets. They allow you to:
- queue packets from pf(4) to a userspace application
- reinject packets from the application into the kernel stack.
The divert socket can be bound to a special "divert port" and will
receive every packet diverted to that port by pf(4).
The pf syntax is pretty simple, e.g.:
pass on em0 inet proto tcp from any to any port 80 divert-packet port 1
A lot of discussion have happened since my last commit that resulted
in many changes and improvements.
I would *really* like to thank everyone who took part in the discussion
especially canacar@ who spotted out which are the limitations of this approach.
OpenBSD divert(4) is meant to be compatible with software running on
top of FreeBSD's divert sockets even though they are pretty different and will
become even more with time.
discusses with many, but mainly reyk@ canacar@ deraadt@ dlg@ claudio@ beck@
tested by reyk@ and myself
ok reyk@ claudio@ beck@
manpage help and ok by jmc@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/netstat/inet.c | 40 | ||||
| -rw-r--r-- | usr.bin/netstat/main.c | 5 | ||||
| -rw-r--r-- | usr.bin/netstat/netstat.h | 3 |
3 files changed, 42 insertions, 6 deletions
diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c index 8c1140ef8b0..873a1a2074e 100644 --- a/usr.bin/netstat/inet.c +++ b/usr.bin/netstat/inet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet.c,v 1.110 2009/02/07 15:06:04 chl Exp $ */ +/* $OpenBSD: inet.c,v 1.111 2009/10/04 16:08:37 michele Exp $ */ /* $NetBSD: inet.c,v 1.14 1995/10/03 21:42:37 thorpej Exp $ */ /* @@ -65,6 +65,7 @@ #include <netinet/ip_ipcomp.h> #include <netinet/ip_ether.h> #include <netinet/ip_carp.h> +#include <netinet/ip_divert.h> #include <net/if.h> #include <net/pfvar.h> #include <net/if_pfsync.h> @@ -173,12 +174,12 @@ protopr0(u_long off, char *name, int af) printf(" (including servers)"); putchar('\n'); if (Aflag) - printf("%-*.*s %-5.5s %-6.6s %-6.6s %-18.18s %-18.18s %s\n", + printf("%-*.*s %-6.6s %-6.6s %-6.6s %-18.18s %-18.18s %s\n", PLEN, PLEN, "PCB", "Proto", "Recv-Q", "Send-Q", "Local Address", "Foreign Address", "(state)"); else - printf("%-5.5s %-6.6s %-6.6s %-22.22s %-22.22s %s\n", + printf("%-6.6s %-6.6s %-6.6s %-22.22s %-22.22s %s\n", "Proto", "Recv-Q", "Send-Q", "Local Address", "Foreign Address", "(state)"); @@ -196,7 +197,7 @@ protopr0(u_long off, char *name, int af) name = namebuf; } else name = name0; - printf("%-5.5s %6ld %6ld ", name, sockb.so_rcv.sb_cc, + printf("%-6.6s %6ld %6ld ", name, sockb.so_rcv.sb_cc, sockb.so_snd.sb_cc); if (inpcb.inp_flags & INP_IPV6) { inet6print(&inpcb.inp_laddr6, (int)inpcb.inp_lport, @@ -463,6 +464,37 @@ ip_stats(char *name) #undef p1 } +/* + * Dump DIVERT statistics structure. + */ +void +div_stats(char *name) +{ + struct divstat divstat; + int mib[] = { CTL_NET, AF_INET, IPPROTO_DIVERT, DIVERTCTL_STATS }; + size_t len = sizeof(divstat); + + if (sysctl(mib, sizeof(mib) / sizeof(mib[0]), + &divstat, &len, NULL, 0) == -1) { + if (errno != ENOPROTOOPT) + warn(name); + return; + } + + printf("%s:\n", name); +#define p(f, m) if (divstat.f || sflag <= 1) \ + printf(m, divstat.f, plural(divstat.f)) +#define p1(f, m) if (divstat.f || sflag <= 1) \ + printf(m, divstat.f) + p(divs_ipackets, "\t%lu total packet%s received\n"); + p1(divs_noport, "\t%lu dropped due to no socket\n"); + p1(divs_fullsock, "\t%lu dropped due to full socket buffers\n"); + p(divs_opackets, "\t%lu packet%s output\n"); + p1(divs_errors, "\t%lu errors\n"); +#undef p +#undef p1 +} + static char *icmpnames[ICMP_MAXTYPE + 1] = { "echo reply", "#1", diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c index 8662a82be53..4fe7e9c64c6 100644 --- a/usr.bin/netstat/main.c +++ b/usr.bin/netstat/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.79 2009/05/07 15:51:53 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.80 2009/10/04 16:08:37 michele Exp $ */ /* $NetBSD: main.c,v 1.9 1996/05/07 02:55:02 thorpej Exp $ */ /* @@ -87,6 +87,8 @@ struct nlist nl[] = { { "_rawcbtable" }, #define N_RAWIP6TABLE 14 { "_rawin6pcbtable" }, +#define N_DIVBTABLE 15 + { "_divbtable" }, { ""} }; @@ -101,6 +103,7 @@ struct protox { { N_TCBTABLE, protopr, tcp_stats, tcp_dump, "tcp" }, { N_UDBTABLE, protopr, udp_stats, NULL, "udp" }, { N_RAWIPTABLE, protopr, ip_stats, NULL, "ip" }, + { N_DIVBTABLE, protopr, div_stats, NULL, "divert" }, { -1, NULL, icmp_stats, NULL, "icmp" }, { -1, NULL, igmp_stats, NULL, "igmp" }, { -1, NULL, ah_stats, NULL, "ah" }, diff --git a/usr.bin/netstat/netstat.h b/usr.bin/netstat/netstat.h index 251721ccbf6..6e23a1e3cb5 100644 --- a/usr.bin/netstat/netstat.h +++ b/usr.bin/netstat/netstat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: netstat.h,v 1.50 2009/05/07 15:51:53 claudio Exp $ */ +/* $OpenBSD: netstat.h,v 1.51 2009/10/04 16:08:37 michele Exp $ */ /* $NetBSD: netstat.h,v 1.6 1996/05/07 02:55:05 thorpej Exp $ */ /* @@ -74,6 +74,7 @@ void ip6protopr(u_long, char *); void tcp_stats(char *); void udp_stats(char *); void ip_stats(char *); +void div_stats(char *); void icmp_stats(char *); void igmp_stats(char *); void pim_stats(char *); |