NetBSD/usr.bin/netstat/bpf.c
rpaulo 66daeed445 Implemented the userland part of the BPF statistics and BPF peers,
net.bpf.stats and net.bpf.peers sysctls respectively. netstat(1) now
has an additional syntax:
	netstat [-s] [-B] [-I Interface]

Only the super user can see a list of BPF peers with the following command:
# netstat -B
Active BPF peers
PID     Int     Recv     Drop     Capt     Flags  Bufsize  Comm
4941    lo0     0        0        0        I--S-  262144   tcpdump
252     ex0     19668    0        5        I-RS-  32768    dhclient

And every user can see the BPF statistics with:
$ netstat -s -B
bpf:
        19669 total packets received
        5 total packets captured
        0 total packets dropped

This idea came from FreeBSD (Christian S.J. Peron) but, currently, they
doen't have a userland utility in the base system to read the sysctls.

Reviewed by: christos@
2005-08-04 19:39:40 +00:00

159 lines
4.4 KiB
C

/* $NetBSD: bpf.c,v 1.1 2005/08/04 19:39:40 rpaulo Exp $ */
/*
* Copyright (c) 2005 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Rui Paulo.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the NetBSD
* Foundation, Inc. and its contributors.
* 4. Neither the name of The NetBSD Foundation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <kvm.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <net/if.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/sysctl.h>
#include <net/bpfdesc.h>
#include <net/bpf.h>
#include "netstat.h"
void
bpf_stats(void)
{
struct bpf_stat bpf_s;
size_t len = sizeof(bpf_s);
if (sysctlbyname("net.bpf.stats", &bpf_s, &len, NULL, 0) == -1)
err(1, "net.bpf.stats");
printf("bpf:\n");
printf("\t%lld total packets received\n", bpf_s.bs_recv);
printf("\t%lld total packets captured\n", bpf_s.bs_capt);
printf("\t%lld total packets dropped\n", bpf_s.bs_drop);
}
void
bpf_dump(kvm_t *kd, char *interface)
{
int name[CTL_MAXNAME], rc, i, cnt;
size_t sz;
u_int namelen;
void *v;
struct bpf_d_ext *dpe;
struct kinfo_proc *kp;
/* adapted from sockstat.c by Andrew Brown */
sz = CTL_MAXNAME;
if (sysctlnametomib("net.bpf.peers", &name[0], &sz) == -1)
err(1, "sysctlnametomib");
namelen = sz;
name[namelen++] = sizeof(*dpe);
name[namelen++] = INT_MAX;
v = NULL;
sz = 0;
do {
rc = sysctl(&name[0], namelen, v, &sz, NULL, 0);
if (rc == -1 && errno != ENOMEM)
err(1, "sysctl: net.bpf.peers");
if (rc == -1 && v != NULL) {
free(v);
v = NULL;
}
if (v == NULL) {
v = malloc(sz);
rc = -1;
}
if (v == NULL)
err(1, "malloc");
} while (rc == -1);
dpe = v;
printf("Active BPF peers\n");
printf("PID\tInt\tRecv Drop Capt Flags Bufsize Comm\n");
#define BPFEXT(entry) dpe->entry
for (i = 0; i < (sz / sizeof(*dpe)); i++, dpe++) {
if (interface &&
strncmp(BPFEXT(bde_ifname), interface, IFNAMSIZ))
continue;
printf("%-7d ", BPFEXT(bde_pid));
printf("%-7s ",
(BPFEXT(bde_ifname)[0] == '\0') ? "-" :
BPFEXT(bde_ifname));
printf("%-8lld %-8lld %-8lld ",
BPFEXT(bde_rcount), BPFEXT(bde_dcount),
BPFEXT(bde_ccount));
switch (BPFEXT(bde_state)) {
case BPF_IDLE:
printf("I");
break;
case BPF_WAITING:
printf("W");
break;
case BPF_TIMED_OUT:
printf("T");
break;
default:
printf("-");
break;
}
printf("%c", BPFEXT(bde_promisc) ? 'P' : '-');
printf("%c", BPFEXT(bde_immediate) ? 'R' : '-');
printf("%c", BPFEXT(bde_seesent) ? 'S' : '-');
printf("%c", BPFEXT(bde_hdrcmplt) ? 'H' : '-');
printf(" %-8d ", BPFEXT(bde_bufsize));
kp = kvm_getprocs(kd, KERN_PROC_PID, BPFEXT(bde_pid), &cnt);
if (cnt && kd)
printf("%s\n", kp->kp_proc.p_comm);
else
printf("-\n");
#undef BPFEXT
}
}