Commit Graph

20 Commits

Author SHA1 Message Date
christos
7ed35ab90d PR/47744: Frank Kardel: netstat -s stops output prematurely when ipsec is not
compiled.
If the first sysctl fails return silently.
XXX: pullup-6
2013-04-15 21:20:39 +00:00
drochner
364a06bb29 remove KAME IPSEC, replaced by FAST_IPSEC 2012-03-22 20:34:37 +00:00
drochner
47a381e15e more IPSEC header cleanup: don't install unneeded headers to userland,
and remove some differences berween KAME and FAST_IPSEC
2012-01-06 14:17:10 +00:00
drochner
0a8dabda40 pull in AES-GCM/GMAC support from OpenBSD
This is still somewhat experimental. Tested between 2 similar boxes
so far. There is much potential for performance improvement. For now,
I've changed the gmac code to accept any data alignment, as the "char *"
pointer suggests. As the code is practically used, 32-bit alignment
can be assumed, at the cost of data copies. I don't know whether
bytewise access or copies are worse performance-wise. For efficient
implementations using SSE2 instructions on x86, even stricter
alignment requirements might arise.
2011-05-26 21:50:02 +00:00
drochner
ebc232a582 copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.
2011-05-24 19:10:08 +00:00
drochner
cfdc35650d report aes-ctr statistic counter by name 2011-05-23 14:29:55 +00:00
drochner
3e2a0f5f49 decode camellia-cbc in stats histogram 2011-05-05 17:49:47 +00:00
drochner
ab862eb3da fix some labels for ipcomp counters which didn't make sense at all 2011-04-19 18:34:39 +00:00
lukem
d5a0caad3b Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
2009-04-12 16:08:37 +00:00
thorpej
40edcfedc2 Note which things are not available by KVM, and print a nice message
stating so if someone specifically asks for it.
2008-04-24 04:09:27 +00:00
thorpej
caf49ea572 Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().
2008-04-23 06:09:04 +00:00
degroote
11c94c257e Report the new ipcomp stats under FAST_IPSEC : ipcomps_minlen and
ipcomps_uselesscomp
2007-12-29 21:36:43 +00:00
seanb
769f8347e5 Report ipsecstats.ips_spdcache_miss under FAST_IPSEC correctly. 2007-12-05 00:51:12 +00:00
rpaulo
9ce7ce6bf0 Added #include <kvm.h> since netstat.h, which is included too, needs it. 2005-08-04 19:41:28 +00:00
atatat
14eee8f4cc Rework sys/netipsec/ipsec_netbsd.c to present a more consistent tree.
Rework usr.bin/netstat/fast_ipsec.c to find the stats nodes under the
new names (Kame uses the name stats so we use different ones), as well
as setting slen appropriately between calls to sysctlbyname(), and
providing forward compatibility when actually retrieving stats via
sysctlbyname().

And correct a spelling error.
2004-07-17 16:36:39 +00:00
jonathan
f8aeaf6223 Fix two stupid bugs I introduced with stats for fast-ipsec:
1. Pass the caller-supplied protocol name down through ipsec_switch().

2. Remove my poor attempt to print fast-ipsec stats automagically for
`netstat -s'.  The previous code would print (fast)IPsec per-protocol
stats even for 'netstat', which is just wrong.

A better fix would be to enumerate the sub-"protocols" under IPsec;
but first lets fix the broken behaviour now, for a pullup to 2.0.
2004-06-27 01:10:53 +00:00
christos
45a11d4b25 Temporary hack to fix ipsec stats lossage. Atatat, are you listening? 2004-06-06 17:11:48 +00:00
petrov
68cb92eb3b Forgotten $ for NetBSD key. 2004-05-09 03:20:44 +00:00
petrov
6e4bb32a73 Use int_fmtio.h and PRUx formats for longs. 2004-05-09 03:18:50 +00:00
jonathan
85b3ba5bf1 Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl,  for
netstat -p ipsec.

New kernel files:
	sys/netipsec/Makefile		(new file; install *_var.h includes)
	sys/netipsec/ipsec_var.h	(new 64-bit mib counter struct)

Changed kernel files:
	sys/Makefile			(recurse into sys/netipsec/)
	sys/netinet/in.h		(fake IP_PROTO name for fast_ipsec
					sysctl subtree.)
	sys/netipsec/ipsec.h		(minimal userspace inclusion)
	sys/netipsec/ipsec_osdep.h	(minimal userspace inclusion)
	sys/netipsec/ipsec_netbsd.c	(redo sysctl subtree from scratch)
	sys/netipsec/key*.c		(fix broken net.key subtree)

	sys/netipsec/ah_var.h		(increase all counters to 64 bits)
	sys/netipsec/esp_var.h		(increase all counters to 64 bits)
	sys/netipsec/ipip_var.h		(increase all counters to 64 bits)
	sys/netipsec/ipcomp_var.h	(increase all counters to 64 bits)

	sys/netipsec/ipsec.c		(add #include netipsec/ipsec_var.h)
	sys/netipsec/ipsec_mbuf.c	(add #include netipsec/ipsec_var.h)
	sys/netipsec/ipsec_output.c	(add #include netipsec/ipsec_var.h)

	sys/netinet/raw_ip.c		(add #include netipsec/ipsec_var.h)
	sys/netinet/tcp_input.c		(add #include netipsec/ipsec_var.h)
	sys/netinet/udp_usrreq.c	(add #include netipsec/ipsec_var.h)

Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":

New file:
	usr.bin/netstat/fast_ipsec.c	(print fast-ipsec counters)

Changed files:
	usr.bin/netstat/Makefile	(add fast_ipsec.c)
	usr.bin/netstat/netstat.h	(declarations for fast_ipsec.c)
	usr.bin/netstat/main.c		(call KAME-vs-fast-ipsec dispatcher)
2004-05-07 00:55:14 +00:00