Commit Graph

375 Commits

Author SHA1 Message Date
jnemeth
1ff05f7784 PR/36867 - Zafer Aydogan -- trsp is no longer 2007-08-30 18:51:32 +00:00
pavel
c723e7a07c Add xref to sockstat, from Zafer Aydogan in PR misc/36706.
Bump date.
2007-07-30 19:59:42 +00:00
dyoung
458b31be33 rt_key() is no more. Use rt_getkey(). 2007-07-19 20:51:04 +00:00
ad
75ff053010 Make netstat build again. I don't see why it has any business dumping
the raw contents of tcpcb but that's another story.
2007-07-10 21:12:32 +00:00
tls
4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
mlelstv
0de32b854f Fall back to kvm interface for protocols that do not yet
offer a sysctl interface. Fixes PR bin/36210.
2007-04-27 18:37:53 +00:00
liamjfoy
5e73ba0829 Add new IPv6 Fast Forward statistics 2007-03-07 22:22:50 +00:00
hubertf
96ed6e7862 Make this compile after TSEL() const poisoning
OK'd by dyoung@
2007-02-18 01:56:17 +00:00
hubertf
48b31403c5 Remove duplicate #includes
From Slava Semushin <slava.semushin@gmail.com>, via private mail
2007-01-17 00:21:43 +00:00
jdc
40b89794d7 Don't print "default" when the netmask is non-zero.
Also tested by mlelstv@.
2006-12-23 11:05:14 +00:00
elad
26e33be266 PR/35056: Keiichi Shima: netstat does not compile in crunched environment
Patch applied, thanks!
2006-11-15 11:55:00 +00:00
elad
c136b6cd0d Refactor code a bit so we only use kmem when we really need it. 2006-10-13 16:33:57 +00:00
mlelstv
05f80f69b3 avoid signed/unsigned error when computing mask lengths for empty
masks with sa_len == 0 (happens for inet6 default route).
2006-10-03 08:30:12 +00:00
elad
65305bdc98 Good intentions are still intentions. If we can't open kvm, but we still
have sysctl, it's still not enough for -P. A groveler is a groveler is
a groveler.

On a different note, this code needs a rewrite.
2006-09-27 12:51:43 +00:00
elad
a81bf90a94 PR/31347: Geoff C. Wing: netstat err message is ambiguous about cause
Applied patch, thanks!
2006-09-22 23:21:52 +00:00
elad
b77c058061 We now have CARP, so don't skip IFT_CARP in link_print(). 2006-09-16 12:25:11 +00:00
christos
32f8a691e7 - Back to using kvm if we have access to it, since the sysctl stats do not
yet support all the fields we need.
- Don't core-dump if we could not open the kvm file.
2006-09-14 20:43:50 +00:00
christos
13a976b45e print "-"'s for the statistics that we don't support in the sysctl interface
and make columns aligned again.
2006-09-14 20:42:34 +00:00
rpaulo
2fb2ae3251 Import of TCP ECN algorithm for congestion control.
Both available for IPv4 and IPv6.
Basic implementation test results are available at
http://netbsd-soc.sourceforge.net/projects/ecn/testresults.html.

Work sponsored by the Google Summer of Code project 2006.
Special thanks to Kentaro Kurahone, Allen Briggs and Matt Thomas for their
help, comments and support during the project.
2006-09-05 00:29:35 +00:00
matt
a5db205458 Conditionalize XNS support. No longer enabled. 2006-08-26 15:33:20 +00:00
christos
c10a5d302a well, the || needed to be an && and the operand order needed to be changed.
XXX: There are still things like interface printing that need kvm.
2006-08-22 20:06:17 +00:00
christos
ed6a70d32a Fix another && || confusion, from Kurt Schreiner, thanks! 2006-08-21 18:31:24 +00:00
christos
a49f247028 Don't use || if you need &&. 2006-08-17 22:23:07 +00:00
rpaulo
4381b9dc9b Revert previous. 2006-08-17 01:42:57 +00:00
rpaulo
d7a463a8aa Adapt to ECN. 2006-08-17 01:32:13 +00:00
rpaulo
63b3e9f51c It's not an error if we can't print CARP stats, it just means it's not built
in.
2006-06-20 19:22:17 +00:00
christos
13b8a79d82 PR/33677: Scott Ellis: Building with MKINET6=no causes netstat to fail compiling 2006-06-09 16:39:11 +00:00
elad
fb101b952c another netstat fix, Kurt Schreiner. thanx! 2006-06-04 22:39:33 +00:00
elad
e7a2ce04a1 fix logic; from Kurt Schreiner 2006-06-04 20:01:14 +00:00
rpaulo
088720fe4b Don't print an error if kernel doesn't have INET6 support.
By Jukka Salmi on current-users.
2006-05-31 13:26:17 +00:00
elad
5d7aa1a613 Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
2006-05-28 16:51:40 +00:00
elad
48404677c4 be quiet if symbol not in namelist, nothing cares 2006-05-27 23:57:32 +00:00
rpaulo
f6e31a1aa2 Fix carp_stats() prototype location.
Noticed by Iain Hibbert.
2006-05-23 14:31:11 +00:00
liamjfoy
362a260c6d check if malloc(3) failed
ok joerg@
2006-05-21 21:01:55 +00:00
riz
64cde4117b Use PRIu64 to format uint64_t quantities, instead of %llu, in
newly-introduced code.

XXX more %llu cleanup is needed throughout netstat code.
2006-05-18 17:19:22 +00:00
liamjfoy
4876c304b1 Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device	carp'

Thanks to: joerg@ christos@ riz@ and others who tested
Ok: core@
2006-05-18 09:05:49 +00:00
mrg
0e223467a4 nfiles -> ns_nfiles (conflicts with kernel header files and _KERNEL.) 2006-05-11 01:23:20 +00:00
rpaulo
32f6ca81fb snprintf returns int, not size_t. CID 691.
From bjh21.
2006-04-06 18:30:31 +00:00
christos
6e2787485e Coverity CID 2336: Fix memory leak. 2006-04-02 03:19:34 +00:00
rpaulo
fbe17c43c7 Bump date for previous. 2005-12-28 22:53:59 +00:00
rpaulo
fa0b253ddc Explain the netstat -B flag column. 2005-12-28 17:57:16 +00:00
rpaulo
e5a1f0391d Convert 3 printf() calls into one puts(). 2005-11-21 22:43:34 +00:00
drochner
360dbbc86f make bpf stats #ifndef SMALL,
fixes build of x_netstat
2005-09-14 15:35:26 +00:00
wiz
b5e0c3219f Punctuation fix. From YOMURA Masanori in private mail. 2005-09-11 23:20:12 +00:00
wiz
ad44d18838 Argument is address_family, not "address family". From YOMURA Masanori in private mail. 2005-09-11 23:19:27 +00:00
elad
4c70438790 Use sysctl to fetch AF_LOCAL PCB lists if reading live kernel. 2005-09-04 18:59:57 +00:00
rpaulo
f20c174719 Place the sysctl code under an if block and print an error message if the
user tries to fetch information via kvm.

Discussed with Elad Efrat.
2005-09-02 22:52:24 +00:00
rpaulo
d65009381e Request process information using sysctl(3) and not kvm(3) since bpf(4)
statistics and peers are only available using the former.
2005-09-02 22:23:13 +00:00
rpaulo
c5a8fe81ae Use net.inet6.{ip6,udp6,pim6,raw6}.stats for live systems.
Reviewed by Elad Efrat.
2005-08-28 21:06:57 +00:00
rpaulo
51345e62d3 Use net.inet6.tcp6.pcblist, net.inet6.tcp6.stats (not implemented yet) and
net.inet6.icmp6.stats if we are gathering information from a live system.

Reviewed by Elad Efrat.
2005-08-28 16:12:35 +00:00
elad
bbf85a429b Use PRIxPTR when printing a pointer. 2005-08-12 14:08:16 +00:00
he
4577ef8d16 Replace usage of caddr_t with intptr_t, to allow this to build cleanly
on both 32- and 64-bit archs.
2005-08-08 12:11:52 +00:00
elad
dbc883fab2 Use sysctl to read live kernel PF_INET PCBs. 2005-08-07 17:10:36 +00:00
elad
c1494c99c6 Use sysctl to fetch IP, ICMP, TCP, and UDP statistics. 2005-08-06 17:58:13 +00:00
rpaulo
ec70a5dc17 Explained how -B works and how it works in conjunction with -I or -s.
Reviewed by wiz@
2005-08-06 11:23:32 +00:00
elad
8920c39bb8 Fix printing formats. 2005-08-05 12:16:51 +00:00
rpaulo
9ce7ce6bf0 Added #include <kvm.h> since netstat.h, which is included too, needs it. 2005-08-04 19:41:28 +00:00
rpaulo
22a0fcf290 Added bpf.c. 2005-08-04 19:40:00 +00:00
rpaulo
66daeed445 Implemented the userland part of the BPF statistics and BPF peers,
net.bpf.stats and net.bpf.peers sysctls respectively. netstat(1) now
has an additional syntax:
	netstat [-s] [-B] [-I Interface]

Only the super user can see a list of BPF peers with the following command:
# netstat -B
Active BPF peers
PID     Int     Recv     Drop     Capt     Flags  Bufsize  Comm
4941    lo0     0        0        0        I--S-  262144   tcpdump
252     ex0     19668    0        5        I-RS-  32768    dhclient

And every user can see the BPF statistics with:
$ netstat -s -B
bpf:
        19669 total packets received
        5 total packets captured
        0 total packets dropped

This idea came from FreeBSD (Christian S.J. Peron) but, currently, they
doen't have a userland utility in the base system to read the sysctls.

Reviewed by: christos@
2005-08-04 19:39:40 +00:00
atatat
e698a148f7 For connected local domain sockets that don't have a "local" name,
print the "remote" name instead.
2005-03-04 03:59:07 +00:00
atatat
9244b3d60d Print the pcb address like the man page says, not the socket address. 2005-03-04 03:57:48 +00:00
atatat
61ae0cbaf1 print the proper pointer for the pcb address. otherwise, all the udp6
pcb addresses are the same as unrelated udp pcb addresses.
2005-02-13 03:15:18 +00:00
lukem
7157011597 Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
2005-01-10 02:58:58 +00:00
itojun
da88342476 NI_WITHSCOPEID was not picked up by IETF standardization process 2004-11-16 06:04:12 +00:00
itojun
b95181fc9b NI_WITHSCOPEID was not picked up by IETF standardization process. 2004-11-16 05:59:32 +00:00
dsl
dfdc37e2fe Add (unsigned char) cast to ctype functions 2004-10-30 20:56:20 +00:00
martin
ee9d1625eb Make it compile on ports where u_quad_t is not printf-format-compatible
with unsigned long long.
2004-09-06 14:51:32 +00:00
manu
753bcaf581 IPv4 PIM support, from the submission of Pavlin Radoslavov on tech-net@ 2004-09-04 23:35:43 +00:00
atatat
14eee8f4cc Rework sys/netipsec/ipsec_netbsd.c to present a more consistent tree.
Rework usr.bin/netstat/fast_ipsec.c to find the stats nodes under the
new names (Kame uses the name stats so we use different ones), as well
as setting slen appropriately between calls to sysctlbyname(), and
providing forward compatibility when actually retrieving stats via
sysctlbyname().

And correct a spelling error.
2004-07-17 16:36:39 +00:00
jonathan
f8aeaf6223 Fix two stupid bugs I introduced with stats for fast-ipsec:
1. Pass the caller-supplied protocol name down through ipsec_switch().

2. Remove my poor attempt to print fast-ipsec stats automagically for
`netstat -s'.  The previous code would print (fast)IPsec per-protocol
stats even for 'netstat', which is just wrong.

A better fix would be to enumerate the sub-"protocols" under IPsec;
but first lets fix the broken behaviour now, for a pullup to 2.0.
2004-06-27 01:10:53 +00:00
christos
45a11d4b25 Temporary hack to fix ipsec stats lossage. Atatat, are you listening? 2004-06-06 17:11:48 +00:00
itojun
cf6b841417 print stat for TCP MD5 signature 2004-05-18 14:44:41 +00:00
petrov
68cb92eb3b Forgotten $ for NetBSD key. 2004-05-09 03:20:44 +00:00
petrov
6e4bb32a73 Use int_fmtio.h and PRUx formats for longs. 2004-05-09 03:18:50 +00:00
jonathan
85b3ba5bf1 Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl,  for
netstat -p ipsec.

New kernel files:
	sys/netipsec/Makefile		(new file; install *_var.h includes)
	sys/netipsec/ipsec_var.h	(new 64-bit mib counter struct)

Changed kernel files:
	sys/Makefile			(recurse into sys/netipsec/)
	sys/netinet/in.h		(fake IP_PROTO name for fast_ipsec
					sysctl subtree.)
	sys/netipsec/ipsec.h		(minimal userspace inclusion)
	sys/netipsec/ipsec_osdep.h	(minimal userspace inclusion)
	sys/netipsec/ipsec_netbsd.c	(redo sysctl subtree from scratch)
	sys/netipsec/key*.c		(fix broken net.key subtree)

	sys/netipsec/ah_var.h		(increase all counters to 64 bits)
	sys/netipsec/esp_var.h		(increase all counters to 64 bits)
	sys/netipsec/ipip_var.h		(increase all counters to 64 bits)
	sys/netipsec/ipcomp_var.h	(increase all counters to 64 bits)

	sys/netipsec/ipsec.c		(add #include netipsec/ipsec_var.h)
	sys/netipsec/ipsec_mbuf.c	(add #include netipsec/ipsec_var.h)
	sys/netipsec/ipsec_output.c	(add #include netipsec/ipsec_var.h)

	sys/netinet/raw_ip.c		(add #include netipsec/ipsec_var.h)
	sys/netinet/tcp_input.c		(add #include netipsec/ipsec_var.h)
	sys/netinet/udp_usrreq.c	(add #include netipsec/ipsec_var.h)

Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":

New file:
	usr.bin/netstat/fast_ipsec.c	(print fast-ipsec counters)

Changed files:
	usr.bin/netstat/Makefile	(add fast_ipsec.c)
	usr.bin/netstat/netstat.h	(declarations for fast_ipsec.c)
	usr.bin/netstat/main.c		(call KAME-vs-fast-ipsec dispatcher)
2004-05-07 00:55:14 +00:00
atatat
e9814619fb sysctl(3) no longer returns ENOPROTOOPT in this case, but ENOENT,
which is a more generic "that's not in the tree" response.

ENOPROTOOPT was specific to the net subtree under the old framework,
and didn't add much value (other than letting the caller know they
were looking up something under the net subtree, which they presumably
ought to have known already).
2004-04-09 18:48:05 +00:00
ragge
ab6a210f76 Use itimerval() instead of alarm() for interval displaying. This increases
accuracy on interval stats also on fast machines.
2003-11-15 11:54:34 +00:00
itojun
9a941e2d01 handle KAME scopeid hack for multicast addr. Matthias Drochner 2003-11-06 06:11:48 +00:00
enami
07bf4ffc50 mbstat.m_drain is still maintained. Don't skip it. 2003-10-18 12:26:26 +00:00
enami
52b6a13784 Print ips_rcvmemdrop and ips_nogif. 2003-10-17 22:28:11 +00:00
itojun
070ac19762 fix PR bin/22739 (netstat -nlv -f inet6 weird) 2003-09-12 10:43:42 +00:00
itojun
0162be23d0 synchronize w/ inpcb/in6pcb change 2003-09-04 09:23:35 +00:00
itojun
c636858983 correct strange indentation 2003-08-19 12:52:13 +00:00
agc
89aaa1bb64 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22365, verified by myself.
2003-08-07 11:13:06 +00:00
itojun
4c488f6bec always print prefixlen for routes. it's CIDR age. 2003-08-04 11:10:33 +00:00
itojun
182a98314c support new algorithms 2003-07-25 10:06:09 +00:00
itojun
aa96314290 support hmac-sha2. 2003-07-22 03:41:28 +00:00
he
80ccb5520c As a temporary workaround, apply the fix from PR#20390, thereby
cooperating with the callout code in working around the race
condition caused by the TCP code's use of the callout facility.

Instead of unconditionally releasing memory in tcp_close() and
SYN_CACHE_PUT(), check whether any of the related callout handlers
are about to be invoked (but have not yet done callout_ack()), and
if so, just mark the associated data structure (tcpcb or syn cache
entry) as "dead", and test for this (and release storage) in the
callout handler functions.
2003-07-20 16:35:07 +00:00
itojun
417386ecc9 strlcpy 2003-07-12 13:38:10 +00:00
itojun
47d22404d4 use proper #ifdef to determine behavior (__KAME__) 2003-05-14 23:36:32 +00:00
lukem
ef83aa34d9 clear errno before strto(u)l() if we're going to test it for ERANGE afterwards 2003-04-18 03:21:00 +00:00
itojun
01757d86d6 make char array bigger where it seems too small and may overrun. 2003-04-15 08:07:10 +00:00
jdolecek
842b4adcdc it's not necessary to limit the service name artificially to 8 characters
in inet*print() - only first 'width' characters of the 'host.service'
string would be printed anyway, so allow full service name if string would fit
2003-03-22 15:18:36 +00:00
itojun
424153ef69 TF_PROTO1/2 mixup. from itou makoto 2003-03-02 01:59:06 +00:00
enami
acf5c11cc1 Don't use uninitialized variable. 2003-02-27 08:07:14 +00:00
matt
65e5548a17 Add MBUFTRACE kernel option.
Do a little mbuf rework while here.  Change all uses of MGET*(*, M_WAIT, *)
to m_get*(M_WAIT, *).  These are not performance critical and making them
call m_get saves considerable space.  Add m_clget analogue of MCLGET and
make corresponding change for M_WAIT uses.
Modify netinet, gem, fxp, tulip, nfs to support MBUFTRACE.
Begin to change netstat to use sysctl.
2003-02-26 06:31:08 +00:00
wiz
990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
perry
8a49ec08e4 "Utilize" has exactly the same meaning as "use," but it is more
difficult to read and understand. Most manuals of English style
therefore say that you should use "use".
2003-02-04 23:07:28 +00:00
thorpej
9abf2fa449 Update for callout changes, and show TCP timers in relative, rather
than absolute ticks.
2003-02-04 01:22:08 +00:00
thorpej
7d9af30957 Test CALLOUT_PENDING, not CALLOUT_ACTIVE. 2003-02-03 23:37:09 +00:00