xref: /netbsd-src/usr.bin/netstat/pfkey.c (revision 7330f729ccf0bd976a06f95fad452fe774fc7fd1) 
1 /*	$NetBSD: pfkey.c,v 1.2 2019/08/18 04:14:40 kamil Exp $	*/
2 /*	$KAME: ipsec.c,v 1.33 2003/07/25 09:54:32 itojun Exp $	*/
3 
4 /*
5  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of the project nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32 
33 /*
34  * Copyright (c) 1983, 1988, 1993
35  *	The Regents of the University of California.  All rights reserved.
36  *
37  * Redistribution and use in source and binary forms, with or without
38  * modification, are permitted provided that the following conditions
39  * are met:
40  * 1. Redistributions of source code must retain the above copyright
41  *    notice, this list of conditions and the following disclaimer.
42  * 2. Redistributions in binary form must reproduce the above copyright
43  *    notice, this list of conditions and the following disclaimer in the
44  *    documentation and/or other materials provided with the distribution.
45  * 3. Neither the name of the University nor the names of its contributors
46  *    may be used to endorse or promote products derived from this software
47  *    without specific prior written permission.
48  *
49  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59  * SUCH DAMAGE.
60  */
61 
62 #include <sys/cdefs.h>
63 #ifndef lint
64 #if 0
65 static char sccsid[] = "from: @(#)inet.c	8.4 (Berkeley) 4/20/94";
66 #else
67 #ifdef __NetBSD__
68 __RCSID("$NetBSD: pfkey.c,v 1.2 2019/08/18 04:14:40 kamil Exp $");
69 #endif
70 #endif
71 #endif /* not lint */
72 
73 #include <sys/param.h>
74 #include <sys/queue.h>
75 #include <sys/socket.h>
76 #include <sys/sysctl.h>
77 
78 #ifdef IPSEC
79 #include <netipsec/keysock.h>
80 #endif
81 
82 #include <err.h>
83 #include <stdio.h>
84 #include <string.h>
85 #include <unistd.h>
86 #include "netstat.h"
87 #include "prog_ops.h"
88 
89 #ifdef IPSEC
90 
91 static const char *pfkey_msgtypenames[] = {
92 	"reserved", "getspi", "update", "add", "delete",
93 	"get", "acquire", "register", "expire", "flush",
94 	"dump", "x_promisc", "x_pchange", "x_spdupdate", "x_spdadd",
95 	"x_spddelete", "x_spdget", "x_spdacquire", "x_spddump", "x_spdflush",
96 	"x_spdsetidx", "x_spdexpire", "x_spddelete2"
97 };
98 
99 static const char *pfkey_msgtype_names(int);
100 
101 static const char *
102 pfkey_msgtype_names(int x)
103 {
104 	const int max =
105 	    sizeof(pfkey_msgtypenames)/sizeof(pfkey_msgtypenames[0]);
106 	static char buf[20];
107 
108 	if (x < max && pfkey_msgtypenames[x])
109 		return pfkey_msgtypenames[x];
110 	snprintf(buf, sizeof(buf), "#%d", x);
111 	return buf;
112 }
113 
114 void
115 pfkey_stats(u_long off, const char *name)
116 {
117 	uint64_t pfkeystat[PFKEY_NSTATS];
118 	int first, type;
119 
120 	if (use_sysctl) {
121 		size_t size = sizeof(pfkeystat);
122 
123 		if (prog_sysctlbyname("net.key.stats", pfkeystat, &size,
124 				 NULL, 0) == -1)
125 			return;
126 	} else {
127 		warnx("%s stats not available via KVM.", name);
128 		return;
129 	}
130 
131 	printf ("%s:\n", name);
132 
133 #define	p(f, m) if (pfkeystat[f] || sflag <= 1) \
134     printf(m, (unsigned long long)pfkeystat[f], plural(pfkeystat[f]))
135 
136 	/* userland -> kernel */
137 	p(PFKEY_STAT_OUT_TOTAL, "\t%llu request%s sent from userland\n");
138 	p(PFKEY_STAT_OUT_BYTES, "\t%llu byte%s sent from userland\n");
139 	for (first = 1, type = 0; type < 256; type++) {
140 		if (pfkeystat[PFKEY_STAT_OUT_MSGTYPE + type] == 0)
141 			continue;
142 		if (first) {
143 			printf("\thistogram by message type:\n");
144 			first = 0;
145 		}
146 		printf("\t\t%s: %llu\n", pfkey_msgtype_names(type),
147 		    (unsigned long long)pfkeystat[PFKEY_STAT_OUT_MSGTYPE + type]);
148 	}
149 	p(PFKEY_STAT_OUT_INVLEN, "\t%llu message%s with invalid length field\n");
150 	p(PFKEY_STAT_OUT_INVVER, "\t%llu message%s with invalid version field\n");
151 	p(PFKEY_STAT_OUT_INVMSGTYPE, "\t%llu message%s with invalid message type field\n");
152 	p(PFKEY_STAT_OUT_TOOSHORT, "\t%llu message%s too short\n");
153 	p(PFKEY_STAT_OUT_NOMEM, "\t%llu message%s with memory allocation failure\n");
154 	p(PFKEY_STAT_OUT_DUPEXT, "\t%llu message%s with duplicate extension\n");
155 	p(PFKEY_STAT_OUT_INVEXTTYPE, "\t%llu message%s with invalid extension type\n");
156 	p(PFKEY_STAT_OUT_INVSATYPE, "\t%llu message%s with invalid sa type\n");
157 	p(PFKEY_STAT_OUT_INVADDR, "\t%llu message%s with invalid address extension\n");
158 
159 	/* kernel -> userland */
160 	p(PFKEY_STAT_IN_TOTAL, "\t%llu request%s sent to userland\n");
161 	p(PFKEY_STAT_IN_BYTES, "\t%llu byte%s sent to userland\n");
162 	for (first = 1, type = 0; type < 256; type++) {
163 		if (pfkeystat[PFKEY_STAT_IN_MSGTYPE + type] == 0)
164 			continue;
165 		if (first) {
166 			printf("\thistogram by message type:\n");
167 			first = 0;
168 		}
169 		printf("\t\t%s: %llu\n", pfkey_msgtype_names(type),
170 		    (unsigned long long)pfkeystat[PFKEY_STAT_IN_MSGTYPE + type]);
171 	}
172 	p(PFKEY_STAT_IN_MSGTARGET + KEY_SENDUP_ONE,
173 	    "\t%llu message%s toward single socket\n");
174 	p(PFKEY_STAT_IN_MSGTARGET + KEY_SENDUP_ALL,
175 	    "\t%llu message%s toward all sockets\n");
176 	p(PFKEY_STAT_IN_MSGTARGET + KEY_SENDUP_REGISTERED,
177 	    "\t%llu message%s toward registered sockets\n");
178 	p(PFKEY_STAT_IN_NOMEM, "\t%llu message%s with memory allocation failure\n");
179 #undef p
180 }
181 #endif /*IPSEC*/
182