1 /* $NetBSD: inet.c,v 1.37 1999/07/01 18:40:35 itojun Exp $ */ 2 3 /* 4 * Copyright (c) 1983, 1988, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 #ifndef lint 38 #if 0 39 static char sccsid[] = "from: @(#)inet.c 8.4 (Berkeley) 4/20/94"; 40 #else 41 __RCSID("$NetBSD: inet.c,v 1.37 1999/07/01 18:40:35 itojun Exp $"); 42 #endif 43 #endif /* not lint */ 44 45 #include <sys/param.h> 46 #include <sys/queue.h> 47 #include <sys/socket.h> 48 #include <sys/socketvar.h> 49 #include <sys/mbuf.h> 50 #include <sys/protosw.h> 51 52 #include <net/route.h> 53 #include <netinet/in.h> 54 #include <netinet/in_systm.h> 55 #include <netinet/ip.h> 56 #include <netinet/in_pcb.h> 57 #include <netinet/ip_icmp.h> 58 59 #ifdef INET6 60 #include <netinet/ip6.h> 61 #endif 62 63 #include <netinet/icmp_var.h> 64 #include <netinet/igmp_var.h> 65 #include <netinet/ip_var.h> 66 #include <netinet/tcp.h> 67 #include <netinet/tcpip.h> 68 #include <netinet/tcp_seq.h> 69 #define TCPSTATES 70 #include <netinet/tcp_fsm.h> 71 #define TCPTIMERS 72 #include <netinet/tcp_timer.h> 73 #include <netinet/tcp_var.h> 74 #include <netinet/tcp_debug.h> 75 #include <netinet/udp.h> 76 #include <netinet/udp_var.h> 77 #ifdef IPSEC 78 #include <netinet6/ipsec.h> 79 #endif 80 81 #include <arpa/inet.h> 82 #include <netdb.h> 83 #include <stdio.h> 84 #include <string.h> 85 #include <unistd.h> 86 #include "netstat.h" 87 88 struct inpcb inpcb; 89 struct tcpcb tcpcb; 90 struct socket sockb; 91 92 char *inetname __P((struct in_addr *)); 93 void inetprint __P((struct in_addr *, u_int16_t, const char *, int)); 94 95 /* 96 * Print a summary of connections related to an Internet 97 * protocol. For TCP, also give state of connection. 98 * Listening processes (aflag) are suppressed unless the 99 * -a (all) flag is specified. 100 */ 101 static int width; 102 103 void 104 protopr(off, name) 105 u_long off; 106 char *name; 107 { 108 struct inpcbtable table; 109 struct inpcb *head, *next, *prev; 110 struct inpcb inpcb; 111 int istcp, compact; 112 static int first = 1; 113 static char *shorttcpstates[] = { 114 "CLOSED", "LISTEN", "SYNSEN", "SYSRCV", 115 "ESTABL", "CLWAIT", "FWAIT1", "CLOSNG", 116 "LASTAK", "FWAIT2", "TMWAIT", 117 }; 118 119 if (off == 0) 120 return; 121 istcp = strcmp(name, "tcp") == 0; 122 kread(off, (char *)&table, sizeof table); 123 prev = head = 124 (struct inpcb *)&((struct inpcbtable *)off)->inpt_queue.cqh_first; 125 next = table.inpt_queue.cqh_first; 126 127 compact = 0; 128 if (Aflag) { 129 if (!nflag) 130 width = 18; 131 else { 132 width = 21; 133 compact = 1; 134 } 135 } else 136 width = 22; 137 while (next != head) { 138 kread((u_long)next, (char *)&inpcb, sizeof inpcb); 139 if (inpcb.inp_queue.cqe_prev != prev) { 140 printf("???\n"); 141 break; 142 } 143 prev = next; 144 next = inpcb.inp_queue.cqe_next; 145 146 if (!aflag && 147 inet_lnaof(inpcb.inp_laddr) == INADDR_ANY) 148 continue; 149 kread((u_long)inpcb.inp_socket, (char *)&sockb, sizeof (sockb)); 150 if (istcp) { 151 kread((u_long)inpcb.inp_ppcb, 152 (char *)&tcpcb, sizeof (tcpcb)); 153 } 154 if (first) { 155 printf("Active Internet connections"); 156 if (aflag) 157 printf(" (including servers)"); 158 putchar('\n'); 159 if (Aflag) 160 printf("%-8.8s ", "PCB"); 161 printf("%-5.5s %-6.6s %-6.6s %s%-*.*s %-*.*s %s\n", 162 "Proto", "Recv-Q", "Send-Q", 163 compact ? "" : " ", 164 width, width, "Local Address", 165 width, width, "Foreign Address", "State"); 166 first = 0; 167 } 168 if (Aflag) { 169 if (istcp) 170 printf("%8lx ", (u_long) inpcb.inp_ppcb); 171 else 172 printf("%8lx ", (u_long) prev); 173 } 174 printf("%-5.5s %6ld %6ld%s", name, sockb.so_rcv.sb_cc, 175 sockb.so_snd.sb_cc, compact ? "" : " "); 176 if (nflag) { 177 inetprint(&inpcb.inp_laddr, inpcb.inp_lport, name, 1); 178 inetprint(&inpcb.inp_faddr, inpcb.inp_fport, name, 1); 179 } else if (inpcb.inp_flags & INP_ANONPORT) { 180 inetprint(&inpcb.inp_laddr, inpcb.inp_lport, name, 1); 181 inetprint(&inpcb.inp_faddr, inpcb.inp_fport, name, 0); 182 } else { 183 inetprint(&inpcb.inp_laddr, inpcb.inp_lport, name, 0); 184 inetprint(&inpcb.inp_faddr, inpcb.inp_fport, name, 185 inpcb.inp_lport != inpcb.inp_fport); 186 } 187 if (istcp) { 188 if (tcpcb.t_state < 0 || tcpcb.t_state >= TCP_NSTATES) 189 printf(" %d", tcpcb.t_state); 190 else 191 printf(" %s", compact ? 192 shorttcpstates[tcpcb.t_state] : 193 tcpstates[tcpcb.t_state]); 194 } 195 putchar('\n'); 196 } 197 } 198 199 /* 200 * Dump TCP statistics structure. 201 */ 202 void 203 tcp_stats(off, name) 204 u_long off; 205 char *name; 206 { 207 struct tcpstat tcpstat; 208 209 if (off == 0) 210 return; 211 printf ("%s:\n", name); 212 kread(off, (char *)&tcpstat, sizeof (tcpstat)); 213 214 #define ps(f, m) if (tcpstat.f || sflag <= 1) \ 215 printf(m, tcpstat.f) 216 #define p(f, m) if (tcpstat.f || sflag <= 1) \ 217 printf(m, tcpstat.f, plural(tcpstat.f)) 218 #define p2(f1, f2, m) if (tcpstat.f1 || tcpstat.f2 || sflag <= 1) \ 219 printf(m, tcpstat.f1, plural(tcpstat.f1), tcpstat.f2, plural(tcpstat.f2)) 220 #define p2s(f1, f2, m) if (tcpstat.f1 || tcpstat.f2 || sflag <= 1) \ 221 printf(m, tcpstat.f1, plural(tcpstat.f1), tcpstat.f2) 222 #define p3(f, m) if (tcpstat.f || sflag <= 1) \ 223 printf(m, tcpstat.f, plurales(tcpstat.f)) 224 225 p(tcps_sndtotal, "\t%lu packet%s sent\n"); 226 p2(tcps_sndpack,tcps_sndbyte, 227 "\t\t%lu data packet%s (%lu byte%s)\n"); 228 p2(tcps_sndrexmitpack, tcps_sndrexmitbyte, 229 "\t\t%lu data packet%s (%lu byte%s) retransmitted\n"); 230 p2s(tcps_sndacks, tcps_delack, 231 "\t\t%lu ack-only packet%s (%lu delayed)\n"); 232 p(tcps_sndurg, "\t\t%lu URG only packet%s\n"); 233 p(tcps_sndprobe, "\t\t%lu window probe packet%s\n"); 234 p(tcps_sndwinup, "\t\t%lu window update packet%s\n"); 235 p(tcps_sndctrl, "\t\t%lu control packet%s\n"); 236 p(tcps_rcvtotal, "\t%lu packet%s received\n"); 237 p2(tcps_rcvackpack, tcps_rcvackbyte, "\t\t%lu ack%s (for %lu byte%s)\n"); 238 p(tcps_rcvdupack, "\t\t%lu duplicate ack%s\n"); 239 p(tcps_rcvacktoomuch, "\t\t%lu ack%s for unsent data\n"); 240 p2(tcps_rcvpack, tcps_rcvbyte, 241 "\t\t%lu packet%s (%lu byte%s) received in-sequence\n"); 242 p2(tcps_rcvduppack, tcps_rcvdupbyte, 243 "\t\t%lu completely duplicate packet%s (%lu byte%s)\n"); 244 p(tcps_pawsdrop, "\t\t%lu old duplicate packet%s\n"); 245 p2(tcps_rcvpartduppack, tcps_rcvpartdupbyte, 246 "\t\t%lu packet%s with some dup. data (%lu byte%s duped)\n"); 247 p2(tcps_rcvoopack, tcps_rcvoobyte, 248 "\t\t%lu out-of-order packet%s (%lu byte%s)\n"); 249 p2(tcps_rcvpackafterwin, tcps_rcvbyteafterwin, 250 "\t\t%lu packet%s (%lu byte%s) of data after window\n"); 251 p(tcps_rcvwinprobe, "\t\t%lu window probe%s\n"); 252 p(tcps_rcvwinupd, "\t\t%lu window update packet%s\n"); 253 p(tcps_rcvafterclose, "\t\t%lu packet%s received after close\n"); 254 p(tcps_rcvbadsum, "\t\t%lu discarded for bad checksum%s\n"); 255 p(tcps_rcvbadoff, "\t\t%lu discarded for bad header offset field%s\n"); 256 ps(tcps_rcvshort, "\t\t%lu discarded because packet too short\n"); 257 p(tcps_connattempt, "\t%lu connection request%s\n"); 258 p(tcps_accepts, "\t%lu connection accept%s\n"); 259 p(tcps_connects, "\t%lu connection%s established (including accepts)\n"); 260 p2(tcps_closed, tcps_drops, 261 "\t%lu connection%s closed (including %lu drop%s)\n"); 262 p(tcps_conndrops, "\t%lu embryonic connection%s dropped\n"); 263 p2(tcps_rttupdated, tcps_segstimed, 264 "\t%lu segment%s updated rtt (of %lu attempt%s)\n"); 265 p(tcps_rexmttimeo, "\t%lu retransmit timeout%s\n"); 266 p(tcps_timeoutdrop, "\t\t%lu connection%s dropped by rexmit timeout\n"); 267 p2(tcps_persisttimeo, tcps_persistdrops, 268 "\t%lu persist timeout%s (resulting in %lu dropped connection%s)\n"); 269 p(tcps_keeptimeo, "\t%lu keepalive timeout%s\n"); 270 p(tcps_keepprobe, "\t\t%lu keepalive probe%s sent\n"); 271 p(tcps_keepdrops, "\t\t%lu connection%s dropped by keepalive\n"); 272 p(tcps_predack, "\t%lu correct ACK header prediction%s\n"); 273 p(tcps_preddat, "\t%lu correct data packet header prediction%s\n"); 274 p3(tcps_pcbhashmiss, "\t%lu PCB hash miss%s\n"); 275 ps(tcps_noport, "\t%lu dropped due to no socket\n"); 276 p(tcps_connsdrained, "\t%lu connection%s drained due to memory shortage\n"); 277 278 p(tcps_badsyn, "\t%lu bad connection attempt%s\n"); 279 ps(tcps_sc_added, "\t%lu SYN cache entries added\n"); 280 p(tcps_sc_collisions, "\t\t%lu hash collision%s\n"); 281 ps(tcps_sc_completed, "\t\t%lu completed\n"); 282 ps(tcps_sc_aborted, "\t\t%lu aborted (no space to build PCB)\n"); 283 ps(tcps_sc_timed_out, "\t\t%lu timed out\n"); 284 ps(tcps_sc_overflowed, "\t\t%lu dropped due to overflow\n"); 285 ps(tcps_sc_bucketoverflow, "\t\t%lu dropped due to bucket overflow\n"); 286 ps(tcps_sc_reset, "\t\t%lu dropped due to RST\n"); 287 ps(tcps_sc_unreach, "\t\t%lu dropped due to ICMP unreachable\n"); 288 p(tcps_sc_retransmitted, "\t%lu SYN,ACK%s retransmitted\n"); 289 p(tcps_sc_dupesyn, "\t%lu duplicate SYN%s received for entries already in the cache\n"); 290 p(tcps_sc_dropped, "\t%lu SYN%s dropped (no route or no space)\n"); 291 292 #undef p 293 #undef ps 294 #undef p2 295 #undef p2s 296 #undef p3 297 } 298 299 /* 300 * Dump UDP statistics structure. 301 */ 302 void 303 udp_stats(off, name) 304 u_long off; 305 char *name; 306 { 307 struct udpstat udpstat; 308 u_long delivered; 309 310 if (off == 0) 311 return; 312 printf("%s:\n", name); 313 kread(off, (char *)&udpstat, sizeof (udpstat)); 314 315 #define ps(f, m) if (udpstat.f || sflag <= 1) \ 316 printf(m, udpstat.f) 317 #define p(f, m) if (udpstat.f || sflag <= 1) \ 318 printf(m, udpstat.f, plural(udpstat.f)) 319 #define p3(f, m) if (udpstat.f || sflag <= 1) \ 320 printf(m, udpstat.f, plurales(udpstat.f)) 321 322 p(udps_ipackets, "\t%lu datagram%s received\n"); 323 ps(udps_hdrops, "\t%lu with incomplete header\n"); 324 ps(udps_badlen, "\t%lu with bad data length field\n"); 325 ps(udps_badsum, "\t%lu with bad checksum\n"); 326 ps(udps_noport, "\t%lu dropped due to no socket\n"); 327 p(udps_noportbcast, "\t%lu broadcast/multicast datagram%s dropped due to no socket\n"); 328 ps(udps_fullsock, "\t%lu dropped due to full socket buffers\n"); 329 delivered = udpstat.udps_ipackets - 330 udpstat.udps_hdrops - 331 udpstat.udps_badlen - 332 udpstat.udps_badsum - 333 udpstat.udps_noport - 334 udpstat.udps_noportbcast - 335 udpstat.udps_fullsock; 336 if (delivered || sflag <= 1) 337 printf("\t%lu delivered\n", delivered); 338 p3(udps_pcbhashmiss, "\t%lu PCB hash miss%s\n"); 339 p(udps_opackets, "\t%lu datagram%s output\n"); 340 341 #undef ps 342 #undef p 343 #undef p3 344 } 345 346 /* 347 * Dump IP statistics structure. 348 */ 349 void 350 ip_stats(off, name) 351 u_long off; 352 char *name; 353 { 354 struct ipstat ipstat; 355 356 if (off == 0) 357 return; 358 kread(off, (char *)&ipstat, sizeof (ipstat)); 359 printf("%s:\n", name); 360 361 #define ps(f, m) if (ipstat.f || sflag <= 1) \ 362 printf(m, ipstat.f) 363 #define p(f, m) if (ipstat.f || sflag <= 1) \ 364 printf(m, ipstat.f, plural(ipstat.f)) 365 366 p(ips_total, "\t%lu total packet%s received\n"); 367 p(ips_badsum, "\t%lu bad header checksum%s\n"); 368 ps(ips_toosmall, "\t%lu with size smaller than minimum\n"); 369 ps(ips_tooshort, "\t%lu with data size < data length\n"); 370 ps(ips_toolong, "\t%lu with length > max ip packet size\n"); 371 ps(ips_badhlen, "\t%lu with header length < data size\n"); 372 ps(ips_badlen, "\t%lu with data length < header length\n"); 373 ps(ips_badoptions, "\t%lu with bad options\n"); 374 ps(ips_badvers, "\t%lu with incorrect version number\n"); 375 p(ips_fragments, "\t%lu fragment%s received"); 376 p(ips_fragdropped, "\t%lu fragment%s dropped (dup or out of space)\n"); 377 p(ips_badfrags, "\t%lu malformed fragment%s dropped\n"); 378 p(ips_fragtimeout, "\t%lu fragment%s dropped after timeout\n"); 379 p(ips_reassembled, "\t%lu packet%s reassembled ok\n"); 380 p(ips_delivered, "\t%lu packet%s for this host\n"); 381 p(ips_noproto, "\t%lu packet%s for unknown/unsupported protocol\n"); 382 p(ips_forward, "\t%lu packet%s forwarded"); 383 p(ips_fastforward, " (%lu packet%s fast forwarded)"); 384 if (ipstat.ips_forward || sflag <= 1) 385 putchar('\n'); 386 p(ips_cantforward, "\t%lu packet%s not forwardable\n"); 387 p(ips_redirectsent, "\t%lu redirect%s sent\n"); 388 p(ips_localout, "\t%lu packet%s sent from this host\n"); 389 p(ips_rawout, "\t%lu packet%s sent with fabricated ip header\n"); 390 p(ips_odropped, "\t%lu output packet%s dropped due to no bufs, etc.\n"); 391 p(ips_noroute, "\t%lu output packet%s discarded due to no route\n"); 392 p(ips_fragmented, "\t%lu output datagram%s fragmented\n"); 393 p(ips_ofragments, "\t%lu fragment%s created\n"); 394 p(ips_cantfrag, "\t%lu datagram%s that can't be fragmented\n"); 395 #undef ps 396 #undef p 397 } 398 399 static char *icmpnames[] = { 400 "echo reply", 401 "#1", 402 "#2", 403 "destination unreachable", 404 "source quench", 405 "routing redirect", 406 "#6", 407 "#7", 408 "echo", 409 "#9", 410 "#10", 411 "time exceeded", 412 "parameter problem", 413 "time stamp", 414 "time stamp reply", 415 "information request", 416 "information request reply", 417 "address mask request", 418 "address mask reply", 419 }; 420 421 /* 422 * Dump ICMP statistics. 423 */ 424 void 425 icmp_stats(off, name) 426 u_long off; 427 char *name; 428 { 429 struct icmpstat icmpstat; 430 int i, first; 431 432 if (off == 0) 433 return; 434 kread(off, (char *)&icmpstat, sizeof (icmpstat)); 435 printf("%s:\n", name); 436 437 #define p(f, m) if (icmpstat.f || sflag <= 1) \ 438 printf(m, icmpstat.f, plural(icmpstat.f)) 439 440 p(icps_error, "\t%lu call%s to icmp_error\n"); 441 p(icps_oldicmp, 442 "\t%lu error%s not generated because old message was icmp\n"); 443 for (first = 1, i = 0; i < ICMP_MAXTYPE + 1; i++) 444 if (icmpstat.icps_outhist[i] != 0) { 445 if (first) { 446 printf("\tOutput histogram:\n"); 447 first = 0; 448 } 449 printf("\t\t%s: %lu\n", icmpnames[i], 450 icmpstat.icps_outhist[i]); 451 } 452 p(icps_badcode, "\t%lu message%s with bad code fields\n"); 453 p(icps_tooshort, "\t%lu message%s < minimum length\n"); 454 p(icps_checksum, "\t%lu bad checksum%s\n"); 455 p(icps_badlen, "\t%lu message%s with bad length\n"); 456 for (first = 1, i = 0; i < ICMP_MAXTYPE + 1; i++) 457 if (icmpstat.icps_inhist[i] != 0) { 458 if (first) { 459 printf("\tInput histogram:\n"); 460 first = 0; 461 } 462 printf("\t\t%s: %lu\n", icmpnames[i], 463 icmpstat.icps_inhist[i]); 464 } 465 p(icps_reflect, "\t%lu message response%s generated\n"); 466 #undef p 467 } 468 469 /* 470 * Dump IGMP statistics structure. 471 */ 472 void 473 igmp_stats(off, name) 474 u_long off; 475 char *name; 476 { 477 struct igmpstat igmpstat; 478 479 if (off == 0) 480 return; 481 kread(off, (char *)&igmpstat, sizeof (igmpstat)); 482 printf("%s:\n", name); 483 484 #define p(f, m) if (igmpstat.f || sflag <= 1) \ 485 printf(m, igmpstat.f, plural(igmpstat.f)) 486 #define py(f, m) if (igmpstat.f || sflag <= 1) \ 487 printf(m, igmpstat.f, igmpstat.f != 1 ? "ies" : "y") 488 p(igps_rcv_total, "\t%lu message%s received\n"); 489 p(igps_rcv_tooshort, "\t%lu message%s received with too few bytes\n"); 490 p(igps_rcv_badsum, "\t%lu message%s received with bad checksum\n"); 491 py(igps_rcv_queries, "\t%lu membership quer%s received\n"); 492 py(igps_rcv_badqueries, "\t%lu membership quer%s received with invalid field(s)\n"); 493 p(igps_rcv_reports, "\t%lu membership report%s received\n"); 494 p(igps_rcv_badreports, "\t%lu membership report%s received with invalid field(s)\n"); 495 p(igps_rcv_ourreports, "\t%lu membership report%s received for groups to which we belong\n"); 496 p(igps_snd_reports, "\t%lu membership report%s sent\n"); 497 #undef p 498 #undef py 499 } 500 501 #ifdef IPSEC 502 static char *ipsec_ahnames[] = { 503 "none", 504 "hmac MD5", 505 "hmac SHA1", 506 "keyed MD5", 507 "keyed SHA1", 508 "null", 509 }; 510 511 static char *ipsec_espnames[] = { 512 "none", 513 "DES CBC", 514 "3DES CBC", 515 "simple", 516 "blowfish CBC", 517 "CAST128 CBC", 518 "DES derived IV", 519 }; 520 521 /* 522 * Dump IPSEC statistics structure. 523 */ 524 void 525 ipsec_stats(off, name) 526 u_long off; 527 char *name; 528 { 529 struct ipsecstat ipsecstat; 530 int first, proto; 531 532 if (off == 0) 533 return; 534 printf ("%s:\n", name); 535 kread(off, (char *)&ipsecstat, sizeof (ipsecstat)); 536 537 #define p(f, m) if (ipsecstat.f || sflag <= 1) \ 538 printf(m, ipsecstat.f, plural(ipsecstat.f)) 539 540 p(in_success, "\t%lu inbound packet%s processed successfully\n"); 541 p(in_polvio, "\t%lu inbound packet%s violated process security " 542 "policy\n"); 543 p(in_nosa, "\t%lu inbound packet%s with no SA available\n"); 544 p(in_inval, "\t%lu inbound packet%s failed processing due to EINVAL\n"); 545 p(in_badspi, "\t%lu inbound packet%s failed getting SPI\n"); 546 p(in_ahreplay, "\t%lu inbound packet%s failed on AH replay check\n"); 547 p(in_espreplay, "\t%lu inbound packet%s failed on ESP replay check\n"); 548 p(in_ahauthsucc, "\t%lu inbound packet%s considered authentic\n"); 549 p(in_ahauthfail, "\t%lu inbound packet%s failed on authentication\n"); 550 for (first = 1, proto = 0; proto < SADB_AALG_MAX; proto++) { 551 if (ipsecstat.in_ahhist[proto] <= 0) 552 continue; 553 if (first) { 554 printf("\tAH input histogram:\n"); 555 first = 0; 556 } 557 printf("\t\t%s: %lu\n", ipsec_ahnames[proto], 558 ipsecstat.in_ahhist[proto]); 559 } 560 for (first = 1, proto = 0; proto < SADB_EALG_MAX; proto++) { 561 if (ipsecstat.in_esphist[proto] <= 0) 562 continue; 563 if (first) { 564 printf("\tESP input histogram:\n"); 565 first = 0; 566 } 567 printf("\t\t%s: %lu\n", ipsec_espnames[proto], 568 ipsecstat.in_esphist[proto]); 569 } 570 571 p(out_success, "\t%lu outbound packet%s processed successfully\n"); 572 p(out_polvio, "\t%lu outbound packet%s violated process security " 573 "policy\n"); 574 p(out_nosa, "\t%lu outbound packet%s with no SA available\n"); 575 p(out_inval, "\t%lu outbound packet%s failed processing due to " 576 "EINVAL\n"); 577 p(out_noroute, "\t%lu outbound packet%s with no route\n"); 578 for (first = 1, proto = 0; proto < SADB_AALG_MAX; proto++) { 579 if (ipsecstat.out_ahhist[proto] <= 0) 580 continue; 581 if (first) { 582 printf("\tAH output histogram:\n"); 583 first = 0; 584 } 585 printf("\t\t%s: %lu\n", ipsec_ahnames[proto], 586 ipsecstat.out_ahhist[proto]); 587 } 588 for (first = 1, proto = 0; proto < SADB_EALG_MAX; proto++) { 589 if (ipsecstat.out_esphist[proto] <= 0) 590 continue; 591 if (first) { 592 printf("\tESP output histogram:\n"); 593 first = 0; 594 } 595 printf("\t\t%s: %lu\n", ipsec_espnames[proto], 596 ipsecstat.out_esphist[proto]); 597 } 598 #undef p 599 } 600 #endif /*IPSEC*/ 601 602 /* 603 * Pretty print an Internet address (net address + port). 604 * If the nflag was specified, use numbers instead of names. 605 */ 606 void 607 inetprint(in, port, proto, numeric) 608 struct in_addr *in; 609 u_int16_t port; 610 const char *proto; 611 int numeric; 612 { 613 struct servent *sp = 0; 614 char line[80], *cp; 615 size_t space; 616 617 (void)snprintf(line, sizeof line, "%.*s.", 618 (Aflag && !nflag) ? 12 : 16, inetname(in)); 619 cp = strchr(line, '\0'); 620 if (!numeric && port) 621 sp = getservbyport((int)port, proto); 622 space = sizeof line - (cp-line); 623 if (sp || port == 0) 624 (void)snprintf(cp, space, "%.8s", sp ? sp->s_name : "*"); 625 else 626 (void)snprintf(cp, space, "%u", ntohs(port)); 627 (void)printf(" %-*.*s", width, width, line); 628 } 629 630 /* 631 * Construct an Internet address representation. 632 * If the nflag has been supplied, give 633 * numeric value, otherwise try for symbolic name. 634 */ 635 char * 636 inetname(inp) 637 struct in_addr *inp; 638 { 639 char *cp; 640 static char line[50]; 641 struct hostent *hp; 642 struct netent *np; 643 static char domain[MAXHOSTNAMELEN + 1]; 644 static int first = 1; 645 646 if (first && !nflag) { 647 first = 0; 648 if (gethostname(domain, sizeof domain) == 0) { 649 domain[sizeof(domain) - 1] = '\0'; 650 if ((cp = strchr(domain, '.'))) 651 (void) strcpy(domain, cp + 1); 652 else 653 domain[0] = 0; 654 } else 655 domain[0] = 0; 656 } 657 cp = 0; 658 if (!nflag && inp->s_addr != INADDR_ANY) { 659 int net = inet_netof(*inp); 660 int lna = inet_lnaof(*inp); 661 662 if (lna == INADDR_ANY) { 663 np = getnetbyaddr(net, AF_INET); 664 if (np) 665 cp = np->n_name; 666 } 667 if (cp == 0) { 668 hp = gethostbyaddr((char *)inp, sizeof (*inp), AF_INET); 669 if (hp) { 670 if ((cp = strchr(hp->h_name, '.')) && 671 !strcmp(cp + 1, domain)) 672 *cp = 0; 673 cp = hp->h_name; 674 } 675 } 676 } 677 if (inp->s_addr == INADDR_ANY) 678 strncpy(line, "*", sizeof line); 679 else if (cp) 680 strncpy(line, cp, sizeof line); 681 else { 682 inp->s_addr = ntohl(inp->s_addr); 683 #define C(x) ((x) & 0xff) 684 (void)snprintf(line, sizeof line, "%u.%u.%u.%u", 685 C(inp->s_addr >> 24), C(inp->s_addr >> 16), 686 C(inp->s_addr >> 8), C(inp->s_addr)); 687 #undef C 688 } 689 line[sizeof(line) - 1] = '\0'; 690 return (line); 691 } 692 693 /* 694 * Dump the contents of a TCP PCB. 695 */ 696 void 697 tcp_dump(pcbaddr) 698 u_long pcbaddr; 699 { 700 struct tcpcb tcpcb; 701 int i; 702 703 kread(pcbaddr, (char *)&tcpcb, sizeof(tcpcb)); 704 705 printf("TCP Protocol Control Block at 0x%08lx:\n\n", pcbaddr); 706 707 printf("Timers:\n"); 708 for (i = 0; i < TCPT_NTIMERS; i++) 709 printf("\t%s: %u", tcptimers[i], tcpcb.t_timer[i]); 710 printf("\n\n"); 711 712 if (tcpcb.t_state < 0 || tcpcb.t_state >= TCP_NSTATES) 713 printf("State: %d", tcpcb.t_state); 714 else 715 printf("State: %s", tcpstates[tcpcb.t_state]); 716 printf(", flags 0x%x, inpcb 0x%lx\n\n", tcpcb.t_flags, 717 (u_long)tcpcb.t_inpcb); 718 719 printf("rxtshift %d, rxtcur %d, dupacks %d\n", tcpcb.t_rxtshift, 720 tcpcb.t_rxtcur, tcpcb.t_dupacks); 721 printf("peermss %u, ourmss %u, segsz %u\n\n", tcpcb.t_peermss, 722 tcpcb.t_ourmss, tcpcb.t_segsz); 723 724 printf("snd_una %u, snd_nxt %u, snd_up %u\n", 725 tcpcb.snd_una, tcpcb.snd_nxt, tcpcb.snd_up); 726 printf("snd_wl1 %u, snd_wl2 %u, iss %u, snd_wnd %lu\n\n", 727 tcpcb.snd_wl1, tcpcb.snd_wl2, tcpcb.iss, tcpcb.snd_wnd); 728 729 printf("rcv_wnd %lu, rcv_nxt %u, rcv_up %u, irs %u\n\n", 730 tcpcb.rcv_wnd, tcpcb.rcv_nxt, tcpcb.rcv_up, tcpcb.irs); 731 732 printf("rcv_adv %u, snd_max %u, snd_cwnd %lu, snd_ssthresh %lu\n", 733 tcpcb.rcv_adv, tcpcb.snd_max, tcpcb.snd_cwnd, tcpcb.snd_ssthresh); 734 735 printf("idle %d, rtt %d, rtseq %u, srtt %d, rttvar %d, rttmin %d, " 736 "max_sndwnd %lu\n\n", tcpcb.t_idle, tcpcb.t_rtt, tcpcb.t_rtseq, 737 tcpcb.t_srtt, tcpcb.t_rttvar, tcpcb.t_rttmin, tcpcb.max_sndwnd); 738 739 printf("oobflags %d, iobc %d, softerror %d\n\n", tcpcb.t_oobflags, 740 tcpcb.t_iobc, tcpcb.t_softerror); 741 742 printf("snd_scale %d, rcv_scale %d, req_r_scale %d, req_s_scale %d\n", 743 tcpcb.snd_scale, tcpcb.rcv_scale, tcpcb.request_r_scale, 744 tcpcb.requested_s_scale); 745 printf("ts_recent %u, ts_regent_age %d, last_ack_sent %u\n", 746 tcpcb.ts_recent, tcpcb.ts_recent_age, tcpcb.last_ack_sent); 747 } 748