Rework sys/netipsec/ipsec_netbsd.c to present a more consistent tree.

Rework usr.bin/netstat/fast_ipsec.c to find the stats nodes under the
new names (Kame uses the name stats so we use different ones), as well
as setting slen appropriately between calls to sysctlbyname(), and
providing forward compatibility when actually retrieving stats via
sysctlbyname().

And correct a spelling error.
This commit is contained in:
atatat 2004-07-17 16:36:39 +00:00
parent 1a4759a97e
commit 14eee8f4cc
3 changed files with 168 additions and 114 deletions

View File

@ -1,4 +1,4 @@
/* $NetBSD: ipsec_netbsd.c,v 1.10 2004/05/07 00:55:14 jonathan Exp $ */
/* $NetBSD: ipsec_netbsd.c,v 1.11 2004/07/17 16:36:39 atatat Exp $ */
/* $KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $ */
/* $KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $ */
@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.10 2004/05/07 00:55:14 jonathan Exp $");
__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.11 2004/07/17 16:36:39 atatat Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@ -362,6 +362,8 @@ sysctl_fast_ipsec(SYSCTLFN_ARGS)
/* XXX will need a different oid at parent */
SYSCTL_SETUP(sysctl_net_inet_fast_ipsec_setup, "sysctl net.inet.ipsec subtree setup")
{
struct sysctlnode *_ipsec;
int ipproto_ipsec;
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
@ -374,20 +376,63 @@ SYSCTL_SETUP(sysctl_net_inet_fast_ipsec_setup, "sysctl net.inet.ipsec subtree se
NULL, 0, NULL, 0,
CTL_NET, PF_INET, CTL_EOL);
/*
* in numerical order:
*
* net.inet.ipip: CTL_NET.PF_INET.IPPROTO_IPIP
* net.inet.esp: CTL_NET.PF_INET.IPPROTO_ESP
* net.inet.ah: CTL_NET.PF_INET.IPPROTO_AH
* net.inet.ipcomp: CTL_NET.PF_INET.IPPROTO_IPCOMP
* net.inet.ipsec: CTL_NET.PF_INET.CTL_CREATE
*
* this creates separate trees by name, but maintains that the
* ipsec name leads to all the old leaves.
*/
/* create net.inet.ipip */
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "ipip", NULL,
NULL, 0, NULL, 0,
CTL_NET, PF_INET, IPPROTO_IPIP, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READONLY,
CTLTYPE_STRUCT, "ipip_stats", NULL,
NULL, 0, &ipipstat, sizeof(ipipstat),
CTL_NET, PF_INET, IPPROTO_IPIP,
CTL_CREATE, CTL_EOL);
/* create net.inet.esp subtree under IPPROTO_ESP */
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "esp", NULL,
NULL, 0, NULL, 0,
CTL_NET, PF_INET, IPPROTO_ESP, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "trans_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_esp_trans_deflev, 0,
CTL_NET, PF_INET, IPPROTO_ESP,
IPSECCTL_DEF_ESP_TRANSLEV, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "net_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_esp_net_deflev, 0,
CTL_NET, PF_INET, IPPROTO_ESP,
IPSECCTL_DEF_ESP_NETLEV, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READONLY,
CTLTYPE_STRUCT, "esp_stats", NULL,
NULL, 0, &espstat, sizeof(espstat),
CTL_NET, PF_INET, IPPROTO_ESP,
CTL_CREATE, CTL_EOL);
/* create net.inet.ah subtree under IPPROTO_AH */
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "ah", NULL,
NULL, 0, NULL, 0,
CTL_NET, PF_INET, IPPROTO_AH, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READONLY,
CTLTYPE_STRUCT, "stats", NULL,
NULL, 0, &ahstat, sizeof(ahstat),
CTL_NET, PF_INET, IPPROTO_AH,
IPSECCTL_STATS, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "cleartos", NULL,
@ -404,41 +449,20 @@ SYSCTL_SETUP(sysctl_net_inet_fast_ipsec_setup, "sysctl net.inet.ipsec subtree se
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "trans_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_ah_trans_deflev, 0,
CTL_NET, PF_INET, CTL_IPPROTO_IPSEC,
CTL_NET, PF_INET, IPPROTO_AH,
IPSECCTL_DEF_AH_TRANSLEV, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "net_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_ah_net_deflev, 0,
CTL_NET, PF_INET, CTL_IPPROTO_IPSEC,
CTL_NET, PF_INET, IPPROTO_AH,
IPSECCTL_DEF_AH_NETLEV, CTL_EOL);
/* create net.inet.esp subtree under IPPROTO_ESP */
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "esp", NULL,
NULL, 0, NULL, 0,
CTL_NET, PF_INET, IPPROTO_ESP, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READONLY,
CTLTYPE_STRUCT, "stats", NULL,
NULL, 0, &espstat, sizeof(espstat),
CTL_NET, PF_INET, IPPROTO_ESP,
IPSECCTL_STATS, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "trans_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_esp_trans_deflev, 0,
CTL_NET, PF_INET, IPPROTO_ESP,
IPSECCTL_DEF_ESP_TRANSLEV, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "net_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_esp_net_deflev, 0,
CTL_NET, PF_INET, IPPROTO_ESP,
IPSECCTL_DEF_ESP_NETLEV, CTL_EOL);
CTLTYPE_STRUCT, "ah_stats", NULL,
NULL, 0, &ahstat, sizeof(ahstat),
CTL_NET, PF_INET, IPPROTO_AH,
CTL_CREATE, CTL_EOL);
/* create net.inet.ipcomp */
sysctl_createv(clog, 0, NULL, NULL,
@ -446,86 +470,91 @@ SYSCTL_SETUP(sysctl_net_inet_fast_ipsec_setup, "sysctl net.inet.ipsec subtree se
CTLTYPE_NODE, "ipcomp", NULL,
NULL, 0, NULL, 0,
CTL_NET, PF_INET, IPPROTO_IPCOMP, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READONLY,
CTLTYPE_STRUCT, "stats", NULL,
CTLTYPE_STRUCT, "ipcomp_stats", NULL,
NULL, 0, &ipcompstat, sizeof(ipcompstat),
CTL_NET, PF_INET, IPPROTO_IPCOMP,
IPSECCTL_STATS, CTL_EOL);
CTL_CREATE, CTL_EOL);
/* create net.inet.ipip */
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "ipip", NULL,
NULL, 0, NULL, 0,
CTL_NET, PF_INET, IPPROTO_IPIP, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READONLY,
CTLTYPE_STRUCT, "stats", NULL,
NULL, 0, &ipipstat, sizeof(ipipstat),
CTL_NET, PF_INET, IPPROTO_IPIP,
IPSECCTL_STATS, CTL_EOL);
/* create net.inet.ipsec subtree under CTL_IPPROTO_IPSEC */
sysctl_createv(clog, 0, NULL, NULL,
/* create net.inet.ipsec subtree under dynamic oid */
sysctl_createv(clog, 0, NULL, &_ipsec,
CTLFLAG_PERMANENT,
CTLTYPE_NODE, "ipsec", NULL,
NULL, 0, NULL, 0,
CTL_NET, PF_INET, CTL_IPPROTO_IPSEC, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READONLY,
CTLTYPE_STRUCT, "stats", NULL,
NULL, 0, &ipsecstat, sizeof(ipsecstat),
CTL_NET, PF_INET, CTL_IPPROTO_IPSEC,
IPSECCTL_STATS, CTL_EOL);
CTL_NET, PF_INET, CTL_CREATE, CTL_EOL);
ipproto_ipsec = (_ipsec != NULL) ? _ipsec->sysctl_num : 0;
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "def_policy", NULL,
sysctl_fast_ipsec, 0, &ip4_def_policy.policy, 0,
CTL_NET, PF_INET, CTL_IPPROTO_IPSEC,
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_DEF_POLICY, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "esp_trans_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_esp_trans_deflev, 0,
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_DEF_ESP_TRANSLEV, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "esp_net_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_esp_net_deflev, 0,
CTL_NET, PF_INET, IPPROTO_ESP,
IPSECCTL_DEF_ESP_NETLEV, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "esp_net_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_esp_net_deflev, 0,
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_DEF_ESP_NETLEV, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "ah_trans_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_ah_trans_deflev, 0,
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_DEF_AH_TRANSLEV, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "ah_net_deflev", NULL,
sysctl_fast_ipsec, 0, &ip4_ah_net_deflev, 0,
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_DEF_AH_NETLEV, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "ah_cleartos", NULL,
NULL, 0, &/*ip4_*/ah_cleartos, 0,
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_AH_CLEARTOS, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "ah_offsetmask", NULL,
NULL, 0, &ip4_ah_offsetmask, 0,
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_AH_OFFSETMASK, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "dfbit", NULL,
NULL, 0, &ip4_ipsec_dfbit, 0,
CTL_NET, PF_INET, CTL_IPPROTO_IPSEC,
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_DFBIT, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "ecn", NULL,
NULL, 0, &ip4_ipsec_ecn, 0,
CTL_NET, PF_INET, CTL_IPPROTO_IPSEC,
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_ECN, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
CTLTYPE_INT, "debug", NULL,
NULL, 0, &ipsec_debug, 0,
CTL_NET, PF_INET, CTL_IPPROTO_IPSEC,
CTL_NET, PF_INET, ipproto_ipsec,
IPSECCTL_DEBUG, CTL_EOL);
#if 0
/*
* "aliases" for the fast ipsec subtree
*/
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_ALIAS,
CTLTYPE_NODE, "fast_esp", NULL,
NULL, IPPROTO_AH, NULL, 0,
CTL_NET, PF_INET, IPPROTO_ESP, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_ALIAS,
CTLTYPE_NODE, "fast_ipcomp", NULL,
NULL, IPPROTO_AH, NULL, 0,
CTL_NET, PF_INET, IPPROTO_IPCOMP, CTL_EOL);
sysctl_createv(clog, 0, NULL, NULL,
CTLFLAG_PERMANENT|CTLFLAG_ALIAS,
CTLTYPE_NODE, "fast_ah", NULL,
NULL, IPPROTO_AH, NULL, 0,
CTL_NET, PF_INET, CTL_CREATE, CTL_EOL);
#endif
CTLFLAG_PERMANENT|CTLFLAG_READONLY,
CTLTYPE_STRUCT, "ipsecstats", NULL,
NULL, 0, &ipsecstat, sizeof(ipsecstat),
CTL_NET, PF_INET, ipproto_ipsec,
CTL_CREATE, CTL_EOL);
}

View File

@ -1,4 +1,4 @@
/* $NetBSD: ipsec_var.h,v 1.1 2004/05/07 00:55:14 jonathan Exp $ */
/* $NetBSD: ipsec_var.h,v 1.2 2004/07/17 16:36:39 atatat Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $ */
/*-
@ -77,7 +77,7 @@ struct newipsecstat {
/*
* Names for IPsec & Key sysctl objects
*/
#define IPSECCTL_STATS 1 /* stats */
#define IPSECCTL_STATS 1 /* KAME compat stats */
#define IPSECCTL_DEF_POLICY 2
#define IPSECCTL_DEF_ESP_TRANSLEV 3 /* int; ESP transport mode */
#define IPSECCTL_DEF_ESP_NETLEV 4 /* int; ESP tunnel mode */

View File

@ -1,4 +1,4 @@
/* $NetBSD: fast_ipsec.c,v 1.5 2004/06/27 01:10:53 jonathan Exp $ */
/* $NetBSD: fast_ipsec.c,v 1.6 2004/07/17 16:36:39 atatat Exp $ */
/* $FreeBSD: src/tools/tools/crypto/ipsecstats.c,v 1.1.4.1 2003/06/03 00:13:13 sam Exp $ */
/*-
@ -33,7 +33,7 @@
#include <sys/cdefs.h>
#ifndef lint
#ifdef __NetBSD__
__RCSID("$NetBSD: fast_ipsec.c,v 1.5 2004/06/27 01:10:53 jonathan Exp $");
__RCSID("$NetBSD: fast_ipsec.c,v 1.6 2004/07/17 16:36:39 atatat Exp $");
#endif
#endif /* not lint*/
@ -57,11 +57,32 @@ __RCSID("$NetBSD: fast_ipsec.c,v 1.5 2004/06/27 01:10:53 jonathan Exp $");
#include <machine/int_fmtio.h>
#include <err.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include "netstat.h"
/*
* Cache the check to see if we have fast_ipsec so that we don't
* have to go to the kernel repeatedly.
*/
static int
have_fast_ipsec(void)
{
static int haveit = -1;
if (haveit == -1) {
if (sysctlbyname("net.inet.ipsec.ipsecstats", NULL, NULL,
NULL, 0) == -1)
haveit = 0;
else
haveit = 1;
}
return (haveit);
}
/*
* Dispatch between fetching and printing (KAME) IPsec statistics,
* and FAST_IPSEC statistics, so the rest of netstat need not know
@ -70,12 +91,8 @@ __RCSID("$NetBSD: fast_ipsec.c,v 1.5 2004/06/27 01:10:53 jonathan Exp $");
void
ipsec_switch(u_long off, char * name)
{
int status;
size_t slen;
slen = 0;
status = sysctlbyname("net.inet.ipsec.stats", NULL, &slen, NULL, 0);
if (status == 0 && slen == sizeof(struct newipsecstat))
if (have_fast_ipsec())
return fast_ipsec_stats(off, name);
return ipsec_stats(off, name);
@ -156,26 +173,34 @@ fast_ipsec_stats(u_long off, char *name)
memset(&ipips, 0, sizeof(ipips));
/* silence check */
status = sysctlbyname("net.inet.ipsec.stats", NULL, &slen, NULL, 0);
if (status != 0)
if (!have_fast_ipsec())
return;
slen = sizeof(ipsecstats);
status = sysctlbyname("net.inet.ipsec.stats", &ipsecstats, &slen,
status = sysctlbyname("net.inet.ipsec.ipsecstats", &ipsecstats, &slen,
NULL, 0);
if (status < 0)
err(1, "net.inet.ipsec.stats");
if (status < 0 && errno != ENOMEM)
err(1, "net.inet.ipsec.ipsecstats");
slen = sizeof (ahstats);
if (sysctlbyname("net.inet.ah.stats", &ahstats, &slen, NULL, 0) < 0)
err(1, "net.inet.ah.stats");
status = sysctlbyname("net.inet.ah.ah_stats", &ahstats, &slen, NULL, 0);
if (status < 0 && errno != ENOMEM)
err(1, "net.inet.ah.ah_stats");
slen = sizeof (espstats);
if (sysctlbyname("net.inet.esp.stats", &espstats, &slen, NULL, 0) < 0)
err(1, "net.inet.esp.stats");
if (sysctlbyname("net.inet.ipcomp.stats", &ipcs, &slen, NULL, 0) < 0)
err(1, "net.inet.ipcomp.stats");
if (sysctlbyname("net.inet.ipip.stats", &ipips, &slen, NULL, 0) < 0)
err(1, "net.inet.ipip.stats");
status = sysctlbyname("net.inet.esp.esp_stats", &espstats, &slen, NULL, 0);
if (status < 0 && errno != ENOMEM)
err(1, "net.inet.esp.esp_stats");
slen = sizeof(ipcs);
status = sysctlbyname("net.inet.ipcomp.ipcomp_stats", &ipcs, &slen, NULL, 0);
if (status < 0 && errno != ENOMEM)
err(1, "net.inet.ipcomp.ipcomp_stats");
slen = sizeof(ipips);
status = sysctlbyname("net.inet.ipip.ipip_stats", &ipips, &slen, NULL, 0);
if (status < 0 && errno != ENOMEM)
err(1, "net.inet.ipip.ipip_stats");
printf("(Fast) IPsec:\n");
@ -269,7 +294,7 @@ fast_ipsec_stats(u_long off, char *name)
IPIPSTAT(ipips.ipips_family, "protocol family mismatched");
IPIPSTAT(ipips.ipips_unspec, "missing tunnel-endpoint address");
IPIPSTAT(ipips.ipips_ibytes, "input bytes received");
IPIPSTAT(ipips.ipips_obytes, "output bytes procesesed");
IPIPSTAT(ipips.ipips_obytes, "output bytes processed");
#undef IPIPSTAT
printf("IPsec ipcomp:\n");