diff options
| author | Tobias Heider <tobhe@cvs.openbsd.org> | 2022-09-19 20:54:03 +0000 |
|---|---|---|
| committer | Tobias Heider <tobhe@cvs.openbsd.org> | 2022-09-19 20:54:03 +0000 |
| commit | ded49e09c197eefed97f2594a610c2461cc2fada (patch) | |
| tree | 532a9374aad697cc19f6fa9fdc6a73940619bab4 /usr.sbin/ikectl | |
| parent | 780ac5f6a7a40e704b72485c973860af939515df (diff) | |
Add iked connection statistics for successful and failed connections, common
error types and other events that help analyze errors in larger setups.
The counters can be printed with 'ikectl show stats'.
ok bluhm@ patrick@
from and ok markus@
Diffstat (limited to 'usr.sbin/ikectl')
| -rw-r--r-- | usr.sbin/ikectl/ikectl.c | 62 | ||||
| -rw-r--r-- | usr.sbin/ikectl/parser.c | 3 | ||||
| -rw-r--r-- | usr.sbin/ikectl/parser.h | 5 |
3 files changed, 66 insertions, 4 deletions
diff --git a/usr.sbin/ikectl/ikectl.c b/usr.sbin/ikectl/ikectl.c index 6ba3b25ebe3..cc10c628b50 100644 --- a/usr.sbin/ikectl/ikectl.c +++ b/usr.sbin/ikectl/ikectl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikectl.c,v 1.27 2021/11/21 22:44:08 tobhe Exp $ */ +/* $OpenBSD: ikectl.c,v 1.28 2022/09/19 20:54:02 tobhe Exp $ */ /* * Copyright (c) 2007-2013 Reyk Floeter <reyk@openbsd.org> @@ -49,6 +49,7 @@ void monitor_id(struct imsg *); int monitor(struct imsg *); int show_string(struct imsg *); +int show_stats(struct imsg *, int); int ca_opt(struct parse_result *); @@ -303,6 +304,10 @@ main(int argc, char *argv[]) imsg_compose(ibuf, IMSG_CTL_SHOW_SA, 0, 0, -1, NULL, 0); done = 0; break; + case SHOW_STATS: + imsg_compose(ibuf, IMSG_CTL_SHOW_STATS, 0, 0, -1, NULL, 0); + done = 0; + break; case SHOW_CERTSTORE: imsg_compose(ibuf, IMSG_CTL_SHOW_CERTSTORE, 0, 0, -1, NULL, 0); done = 0; @@ -354,6 +359,9 @@ main(int argc, char *argv[]) case MONITOR: done = monitor(&imsg); break; + case SHOW_STATS: + done = show_stats(&imsg, quiet); + break; case SHOW_SA: case SHOW_CERTSTORE: done = show_string(&imsg); @@ -421,3 +429,55 @@ show_string(struct imsg *imsg) return (done); } + +static char * +plural(u_int64_t n) +{ + return (n != 1 ? "s" : ""); +} + +/* + * Dump IKE statistics structure. + */ +int +show_stats(struct imsg *imsg, int quiet) +{ + struct iked_stats *stat; + int done = 1; + + if (IMSG_DATA_SIZE(imsg) != sizeof(*stat)) + return (done); + stat = imsg->data; + printf("ike:\n"); +#define p(f, m) if (stat->f || !quiet) \ + printf(m, stat->f, plural(stat->f)) + + p(ikes_sa_created, "\t%llu IKE SA%s created\n"); + p(ikes_sa_established_total, "\t%llu IKE SA%s established\n"); + p(ikes_sa_established_current, "\t%llu IKE SA%s currently established\n"); + p(ikes_sa_established_failures, "\t%llu IKE SA%s failed to establish\n"); + p(ikes_sa_proposals_negotiate_failures, "\t%llu failed proposal negotiation%s\n"); + p(ikes_sa_rekeyed, "\t%llu IKE SA%s rekeyed\n"); + p(ikes_sa_removed, "\t%llu IKE SA%s removed\n"); + p(ikes_csa_created, "\t%llu Child SA%s created\n"); + p(ikes_csa_removed, "\t%llu Child SA%s removed\n"); + p(ikes_msg_sent, "\t%llu message%s sent\n"); + p(ikes_msg_send_failures, "\t%llu message%s could not be sent\n"); + p(ikes_msg_rcvd, "\t%llu message%s received\n"); + p(ikes_msg_rcvd_dropped, "\t%llu message%s dropped\n"); + p(ikes_msg_rcvd_busy, "\t%llu request%s dropped, response being worked on\n"); + p(ikes_retransmit_response, "\t%llu response%s retransmitted\n"); + p(ikes_retransmit_request, "\t%llu request%s retransmitted\n"); + p(ikes_retransmit_limit, "\t%llu request%s timed out\n"); + p(ikes_frag_sent, "\t%llu fragment%s sent\n"); + p(ikes_frag_send_failures, "\t%llu fragment%s could not be sent\n"); + p(ikes_frag_rcvd, "\t%llu fragment%s received\n"); + p(ikes_frag_rcvd_drop, "\t%llu fragment%s dropped\n"); + p(ikes_frag_reass_ok, "\t%llu fragment%s reassembled\n"); + p(ikes_frag_reass_drop, "\t%llu fragment%s could not be reassembled\n"); + p(ikes_update_addresses_sent, "\t%llu update addresses request%s sent\n"); + p(ikes_dpd_sent, "\t%llu dpd request%s sent\n"); + p(ikes_keepalive_sent, "\t%llu keepalive message%s sent\n"); +#undef p + return (done); +} diff --git a/usr.sbin/ikectl/parser.c b/usr.sbin/ikectl/parser.c index 008f986ba6f..008bff43483 100644 --- a/usr.sbin/ikectl/parser.c +++ b/usr.sbin/ikectl/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.20 2021/11/21 22:44:08 tobhe Exp $ */ +/* $OpenBSD: parser.c,v 1.21 2022/09/19 20:54:02 tobhe Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -215,6 +215,7 @@ static const struct token t_show[] = { { KEYWORD, "ca", SHOW_CA, t_show_ca }, { KEYWORD, "sa", SHOW_SA, NULL }, { KEYWORD, "certstore", SHOW_CERTSTORE,NULL }, + { KEYWORD, "stats", SHOW_STATS, NULL }, { ENDTOKEN, "", NONE, NULL } }; diff --git a/usr.sbin/ikectl/parser.h b/usr.sbin/ikectl/parser.h index cd20e793fef..2e06e357a95 100644 --- a/usr.sbin/ikectl/parser.h +++ b/usr.sbin/ikectl/parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.h,v 1.17 2021/11/21 22:44:08 tobhe Exp $ */ +/* $OpenBSD: parser.h,v 1.18 2022/09/19 20:54:02 tobhe Exp $ */ /* * Copyright (c) 2007-2013 Reyk Floeter <reyk@openbsd.org> @@ -57,7 +57,8 @@ enum actions { SHOW_CA_CERTIFICATES, SHOW_SA, RESET_ID, - SHOW_CERTSTORE + SHOW_CERTSTORE, + SHOW_STATS }; struct parse_result { |