Permalink
Browse files

add statistics for pfkey.

  • Loading branch information...
1 parent 5c6f952 commit 6704ec060d909cc227cde1ff2e94b0163a04a3fc itojun committed Jan 10, 2000
Showing with 262 additions and 60 deletions.
  1. +63 −14 kame/sys/netkey/key.c
  2. +63 −14 kame/sys/netkey/keydb.c
  3. +102 −15 kame/sys/netkey/keysock.c
  4. +34 −17 kame/sys/netkey/keysock.h
View
77 kame/sys/netkey/key.c
@@ -27,7 +27,7 @@
* SUCH DAMAGE.
*/
-/* KAME $Id: key.c,v 1.39 2000/01/08 14:34:54 sakane Exp $ */
+/* KAME $Id: key.c,v 1.40 2000/01/10 01:32:05 itojun Exp $ */
/*
* This code is referd to RFC 2367
@@ -168,15 +168,15 @@ SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
&key_int_random, 0, "");
/* lifetime for larval SA */
-SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
&key_larval_lifetime, 0, "");
/* counter for blocking to send SADB_ACQUIRE to IKEd */
SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
&key_blockacq_count, 0, "");
/* lifetime for blocking to send SADB_ACQUIRE to IKEd */
-SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
&key_blockacq_lifetime, 0, "");
#endif /* __FreeBSD__ */
@@ -189,7 +189,8 @@ typedef void (timeout_t)(void *);
for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
#define __LIST_CHAINED(elm) \
(!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
-#define LIST_INSERT_TAIL(head, elm, type, field) do {\
+#define LIST_INSERT_TAIL(head, elm, type, field) \
+do {\
struct type *curelm = LIST_FIRST(head); \
if (curelm == NULL) {\
LIST_INSERT_HEAD(head, elm, field); \
@@ -200,29 +201,32 @@ typedef void (timeout_t)(void *);
}\
} while (0)
-#define KEY_CHKSASTATE(head, sav, name) { \
+#define KEY_CHKSASTATE(head, sav, name) \
+do { \
if ((head) != (sav)) { \
printf("%s: state mismatched (TREE=%d SA=%d)\n", \
(name), (head), (sav)); \
continue; \
} \
-}
+} while (0)
-#define KEY_CHKSPDIR(head, sp, name) { \
+#define KEY_CHKSPDIR(head, sp, name) \
+do { \
if ((head) != (sp)) { \
printf("%s: direction mismatched (TREE=%d SP=%d), " \
"anyway continue.\n", \
(name), (head), (sp)); \
} \
-}
+} while (0)
#if 1
#define KMALLOC(p, t, n) \
((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
#define KFREE(p) \
free((caddr_t)(p), M_SECA);
#else
-#define KMALLOC(p, t, n) do { \
+#define KMALLOC(p, t, n) \
+do { \
((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \
printf("%s %d: %p <- KMALLOC(%s, %d)\n", \
__FILE__, __LINE__, (p), #t, n); \
@@ -242,7 +246,8 @@ typedef void (timeout_t)(void *);
* set parameters into secpolicyindex buffer.
* Must allocate secpolicyindex buffer passed to this function.
*/
-#define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) do { \
+#define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
+do { \
bzero((idx), sizeof(struct secpolicyindex)); \
(idx)->dir = (_dir); \
(idx)->prefs = (ps); \
@@ -256,7 +261,8 @@ typedef void (timeout_t)(void *);
* set parameters into secasindex buffer.
* Must allocate secasindex buffer before calling this function.
*/
-#define KEY_SETSECASIDX(p, m, s, d, idx) do { \
+#define KEY_SETSECASIDX(p, m, s, d, idx) \
+do { \
bzero((idx), sizeof(struct secasindex)); \
(idx)->proto = (p); \
(idx)->mode = (m)->sadb_msg_mode; \
@@ -5333,16 +5339,23 @@ key_parse(msgp, so, targetp)
/* check version */
if (msg->sadb_msg_version != PF_KEY_V2) {
+#ifdef IPSEC_DEBUG
printf("key_parse: PF_KEY version %u is mismatched.\n",
msg->sadb_msg_version);
- return EINVAL;
+#endif
+ pfkeystat.out_invver++;
+ msg->sadb_msg_errno = EINVAL;
+ return orglen;
}
/* check type */
if (msg->sadb_msg_type > SADB_MAX) {
+#ifdef IPSEC_DEBUG
printf("key_parse: invalid type %u is passed.\n",
msg->sadb_msg_type);
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invmsgtype++;
return orglen;
}
@@ -5363,10 +5376,13 @@ key_parse(msgp, so, targetp)
case SADB_GET:
case SADB_ACQUIRE:
case SADB_EXPIRE:
+#ifdef IPSEC_DEBUG
printf("key_parse: must specify satype "
"when msg type=%u.\n",
msg->sadb_msg_type);
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invsatype++;
return orglen;
}
break;
@@ -5381,27 +5397,37 @@ key_parse(msgp, so, targetp)
case SADB_X_SPDGET:
case SADB_X_SPDDUMP:
case SADB_X_SPDFLUSH:
- printf("key_parse: illegal satype=%u\n", msg->sadb_msg_type);
+#ifdef IPSEC_DEBUG
+ printf("key_parse: illegal satype=%u\n",
+ msg->sadb_msg_type);
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invsatype++;
return orglen;
}
break;
case SADB_SATYPE_RSVP:
case SADB_SATYPE_OSPFV2:
case SADB_SATYPE_RIPV2:
case SADB_SATYPE_MIP:
+#ifdef IPSEC_DEBUG
printf("key_parse: type %u isn't supported.\n",
msg->sadb_msg_satype);
+#endif
msg->sadb_msg_errno = EOPNOTSUPP;
+ pfkeystat.out_invsatype++;
return orglen;
case 1: /* XXX: What does it do ? */
if (msg->sadb_msg_type == SADB_X_PROMISC)
break;
/*FALLTHROUGH*/
default:
+#ifdef IPSEC_DEBUG
printf("key_parse: invalid type %u is passed.\n",
msg->sadb_msg_satype);
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invsatype++;
return orglen;
}
@@ -5416,16 +5442,22 @@ key_parse(msgp, so, targetp)
/* check upper layer protocol */
if (src0->sadb_address_proto != dst0->sadb_address_proto) {
+#ifdef IPSEC_DEBUG
printf("key_parse: upper layer protocol mismatched.\n");
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invaddr++;
return orglen;
}
/* check family */
if (PFKEY_ADDR_SADDR(src0)->sa_family
!= PFKEY_ADDR_SADDR(dst0)->sa_family) {
+#ifdef IPSEC_DEBUG
printf("key_parse: address family mismatched.\n");
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invaddr++;
return orglen;
}
@@ -5434,8 +5466,11 @@ key_parse(msgp, so, targetp)
/* check max prefixlen */
if (prefix < src0->sadb_address_prefixlen
|| prefix < dst0->sadb_address_prefixlen) {
+#ifdef IPSEC_DEBUG
printf("key_parse: illegal prefixlen.\n");
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invaddr++;
return orglen;
}
@@ -5444,8 +5479,11 @@ key_parse(msgp, so, targetp)
case AF_INET6:
break;
default:
+#ifdef IPSEC_DEBUG
printf("key_parse: invalid address family.\n");
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invaddr++;
return orglen;
}
@@ -5518,10 +5556,13 @@ key_parse(msgp, so, targetp)
break;
case SADB_EXPIRE:
+#ifdef IPSEC_DEBUG
printf("key_parse: why is SADB_EXPIRE received ?\n");
+#endif
msg->sadb_msg_errno = EINVAL;
if (targetp)
*targetp = KEY_SENDUP_ALL;
+ pfkeystat.out_invmsgtype++;
return orglen;
case SADB_FLUSH:
@@ -5550,8 +5591,11 @@ key_parse(msgp, so, targetp)
return 0; /*nothing to reply*/
case SADB_X_PCHANGE:
+#ifdef IPSEC_DEBUG
printf("key_parse: SADB_X_PCHANGE isn't supported.\n");
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invmsgtype++;
return orglen;
#if 0
if (targetp)
@@ -5584,7 +5628,6 @@ key_parse(msgp, so, targetp)
}
break;
-
case SADB_X_SPDFLUSH:
if ((newmsg = key_spdflush(mhp)) == NULL)
return orglen;
@@ -5660,16 +5703,22 @@ key_align(msg, mhp)
* KEY_AUTH or KEY_ENCRYPT ?
*/
if (mhp[ext->sadb_ext_type] != NULL) {
+#ifdef IPSEC_DEBUG
printf("key_align: duplicate ext_type %u "
"is passed.\n",
ext->sadb_ext_type);
+#endif
+ pfkeystat.out_dupext++;
return EINVAL;
}
mhp[ext->sadb_ext_type] = (caddr_t)ext;
break;
default:
+#ifdef IPSEC_DEBUG
printf("key_align: invalid ext_type %u is passed.\n",
ext->sadb_ext_type);
+#endif
+ pfkeystat.out_invexttype++;
return EINVAL;
}
View
77 kame/sys/netkey/keydb.c
@@ -27,7 +27,7 @@
* SUCH DAMAGE.
*/
-/* KAME $Id: keydb.c,v 1.39 2000/01/08 14:34:54 sakane Exp $ */
+/* KAME $Id: keydb.c,v 1.40 2000/01/10 01:32:05 itojun Exp $ */
/*
* This code is referd to RFC 2367
@@ -168,15 +168,15 @@ SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
&key_int_random, 0, "");
/* lifetime for larval SA */
-SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
&key_larval_lifetime, 0, "");
/* counter for blocking to send SADB_ACQUIRE to IKEd */
SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
&key_blockacq_count, 0, "");
/* lifetime for blocking to send SADB_ACQUIRE to IKEd */
-SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
&key_blockacq_lifetime, 0, "");
#endif /* __FreeBSD__ */
@@ -189,7 +189,8 @@ typedef void (timeout_t)(void *);
for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
#define __LIST_CHAINED(elm) \
(!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
-#define LIST_INSERT_TAIL(head, elm, type, field) do {\
+#define LIST_INSERT_TAIL(head, elm, type, field) \
+do {\
struct type *curelm = LIST_FIRST(head); \
if (curelm == NULL) {\
LIST_INSERT_HEAD(head, elm, field); \
@@ -200,29 +201,32 @@ typedef void (timeout_t)(void *);
}\
} while (0)
-#define KEY_CHKSASTATE(head, sav, name) { \
+#define KEY_CHKSASTATE(head, sav, name) \
+do { \
if ((head) != (sav)) { \
printf("%s: state mismatched (TREE=%d SA=%d)\n", \
(name), (head), (sav)); \
continue; \
} \
-}
+} while (0)
-#define KEY_CHKSPDIR(head, sp, name) { \
+#define KEY_CHKSPDIR(head, sp, name) \
+do { \
if ((head) != (sp)) { \
printf("%s: direction mismatched (TREE=%d SP=%d), " \
"anyway continue.\n", \
(name), (head), (sp)); \
} \
-}
+} while (0)
#if 1
#define KMALLOC(p, t, n) \
((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
#define KFREE(p) \
free((caddr_t)(p), M_SECA);
#else
-#define KMALLOC(p, t, n) do { \
+#define KMALLOC(p, t, n) \
+do { \
((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \
printf("%s %d: %p <- KMALLOC(%s, %d)\n", \
__FILE__, __LINE__, (p), #t, n); \
@@ -242,7 +246,8 @@ typedef void (timeout_t)(void *);
* set parameters into secpolicyindex buffer.
* Must allocate secpolicyindex buffer passed to this function.
*/
-#define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) do { \
+#define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
+do { \
bzero((idx), sizeof(struct secpolicyindex)); \
(idx)->dir = (_dir); \
(idx)->prefs = (ps); \
@@ -256,7 +261,8 @@ typedef void (timeout_t)(void *);
* set parameters into secasindex buffer.
* Must allocate secasindex buffer before calling this function.
*/
-#define KEY_SETSECASIDX(p, m, s, d, idx) do { \
+#define KEY_SETSECASIDX(p, m, s, d, idx) \
+do { \
bzero((idx), sizeof(struct secasindex)); \
(idx)->proto = (p); \
(idx)->mode = (m)->sadb_msg_mode; \
@@ -5333,16 +5339,23 @@ key_parse(msgp, so, targetp)
/* check version */
if (msg->sadb_msg_version != PF_KEY_V2) {
+#ifdef IPSEC_DEBUG
printf("key_parse: PF_KEY version %u is mismatched.\n",
msg->sadb_msg_version);
- return EINVAL;
+#endif
+ pfkeystat.out_invver++;
+ msg->sadb_msg_errno = EINVAL;
+ return orglen;
}
/* check type */
if (msg->sadb_msg_type > SADB_MAX) {
+#ifdef IPSEC_DEBUG
printf("key_parse: invalid type %u is passed.\n",
msg->sadb_msg_type);
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invmsgtype++;
return orglen;
}
@@ -5363,10 +5376,13 @@ key_parse(msgp, so, targetp)
case SADB_GET:
case SADB_ACQUIRE:
case SADB_EXPIRE:
+#ifdef IPSEC_DEBUG
printf("key_parse: must specify satype "
"when msg type=%u.\n",
msg->sadb_msg_type);
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invsatype++;
return orglen;
}
break;
@@ -5381,27 +5397,37 @@ key_parse(msgp, so, targetp)
case SADB_X_SPDGET:
case SADB_X_SPDDUMP:
case SADB_X_SPDFLUSH:
- printf("key_parse: illegal satype=%u\n", msg->sadb_msg_type);
+#ifdef IPSEC_DEBUG
+ printf("key_parse: illegal satype=%u\n",
+ msg->sadb_msg_type);
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invsatype++;
return orglen;
}
break;
case SADB_SATYPE_RSVP:
case SADB_SATYPE_OSPFV2:
case SADB_SATYPE_RIPV2:
case SADB_SATYPE_MIP:
+#ifdef IPSEC_DEBUG
printf("key_parse: type %u isn't supported.\n",
msg->sadb_msg_satype);
+#endif
msg->sadb_msg_errno = EOPNOTSUPP;
+ pfkeystat.out_invsatype++;
return orglen;
case 1: /* XXX: What does it do ? */
if (msg->sadb_msg_type == SADB_X_PROMISC)
break;
/*FALLTHROUGH*/
default:
+#ifdef IPSEC_DEBUG
printf("key_parse: invalid type %u is passed.\n",
msg->sadb_msg_satype);
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invsatype++;
return orglen;
}
@@ -5416,16 +5442,22 @@ key_parse(msgp, so, targetp)
/* check upper layer protocol */
if (src0->sadb_address_proto != dst0->sadb_address_proto) {
+#ifdef IPSEC_DEBUG
printf("key_parse: upper layer protocol mismatched.\n");
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invaddr++;
return orglen;
}
/* check family */
if (PFKEY_ADDR_SADDR(src0)->sa_family
!= PFKEY_ADDR_SADDR(dst0)->sa_family) {
+#ifdef IPSEC_DEBUG
printf("key_parse: address family mismatched.\n");
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invaddr++;
return orglen;
}
@@ -5434,8 +5466,11 @@ key_parse(msgp, so, targetp)
/* check max prefixlen */
if (prefix < src0->sadb_address_prefixlen
|| prefix < dst0->sadb_address_prefixlen) {
+#ifdef IPSEC_DEBUG
printf("key_parse: illegal prefixlen.\n");
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invaddr++;
return orglen;
}
@@ -5444,8 +5479,11 @@ key_parse(msgp, so, targetp)
case AF_INET6:
break;
default:
+#ifdef IPSEC_DEBUG
printf("key_parse: invalid address family.\n");
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invaddr++;
return orglen;
}
@@ -5518,10 +5556,13 @@ key_parse(msgp, so, targetp)
break;
case SADB_EXPIRE:
+#ifdef IPSEC_DEBUG
printf("key_parse: why is SADB_EXPIRE received ?\n");
+#endif
msg->sadb_msg_errno = EINVAL;
if (targetp)
*targetp = KEY_SENDUP_ALL;
+ pfkeystat.out_invmsgtype++;
return orglen;
case SADB_FLUSH:
@@ -5550,8 +5591,11 @@ key_parse(msgp, so, targetp)
return 0; /*nothing to reply*/
case SADB_X_PCHANGE:
+#ifdef IPSEC_DEBUG
printf("key_parse: SADB_X_PCHANGE isn't supported.\n");
+#endif
msg->sadb_msg_errno = EINVAL;
+ pfkeystat.out_invmsgtype++;
return orglen;
#if 0
if (targetp)
@@ -5584,7 +5628,6 @@ key_parse(msgp, so, targetp)
}
break;
-
case SADB_X_SPDFLUSH:
if ((newmsg = key_spdflush(mhp)) == NULL)
return orglen;
@@ -5660,16 +5703,22 @@ key_align(msg, mhp)
* KEY_AUTH or KEY_ENCRYPT ?
*/
if (mhp[ext->sadb_ext_type] != NULL) {
+#ifdef IPSEC_DEBUG
printf("key_align: duplicate ext_type %u "
"is passed.\n",
ext->sadb_ext_type);
+#endif
+ pfkeystat.out_dupext++;
return EINVAL;
}
mhp[ext->sadb_ext_type] = (caddr_t)ext;
break;
default:
+#ifdef IPSEC_DEBUG
printf("key_align: invalid ext_type %u is passed.\n",
ext->sadb_ext_type);
+#endif
+ pfkeystat.out_invexttype++;
return EINVAL;
}
View
117 kame/sys/netkey/keysock.c
@@ -27,7 +27,7 @@
* SUCH DAMAGE.
*/
-/* KAME @(#)$Id: keysock.c,v 1.2 1999/10/27 17:41:42 sakane Exp $ */
+/* KAME @(#)$Id: keysock.c,v 1.3 2000/01/10 01:32:06 itojun Exp $ */
#if defined(__FreeBSD__) && __FreeBSD__ >= 3
#include "opt_inet.h"
@@ -100,6 +100,8 @@ static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
} while (0)
#endif
+struct pfkeystat pfkeystat;
+
/*
* key_usrreq()
* derived from net/rtsock.c:route_usrreq()
@@ -235,24 +237,44 @@ key_output(m, va_alist)
if (m == 0)
panic("key_output: NULL pointer was passed.\n");
- if (m->m_len < sizeof(long)
- && (m = m_pullup(m, 8)) == 0) {
- printf("key_output: can't pullup mbuf\n");
- error = ENOBUFS;
+ pfkeystat.out_total++;
+ pfkeystat.out_bytes += m->m_pkthdr.len;
+
+ len = m->m_pkthdr.len;
+ if (len < sizeof(struct sadb_msg)) {
+#ifdef IPSEC_DEBUG
+ printf("key_output: Invalid message length.\n");
+#endif
+ pfkeystat.out_tooshort++;
+ error = EINVAL;
goto end;
}
+ if (m->m_len < sizeof(struct sadb_msg)) {
+ if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
+#ifdef IPSEC_DEBUG
+ printf("key_output: can't pullup mbuf\n");
+#endif
+ pfkeystat.out_nomem++;
+ error = ENOBUFS;
+ goto end;
+ }
+ }
+
if ((m->m_flags & M_PKTHDR) == 0)
panic("key_output: not M_PKTHDR ??");
-#if defined(IPSEC_DEBUG)
+#ifdef IPSEC_DEBUG
KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
#endif /* defined(IPSEC_DEBUG) */
- len = m->m_pkthdr.len;
- if (len < sizeof(struct sadb_msg)
- || len != PFKEY_UNUNIT64(mtod(m, struct sadb_msg *)->sadb_msg_len)) {
+ msg = mtod(m, struct sadb_msg *);
+ pfkeystat.out_msgtype[msg->sadb_msg_type]++;
+ if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
+#ifdef IPSEC_DEBUG
printf("key_output: Invalid message length.\n");
+#endif
+ pfkeystat.out_invlen++;
error = EINVAL;
goto end;
}
@@ -263,8 +285,11 @@ key_output(m, va_alist)
*/
KMALLOC(msg, struct sadb_msg *, len);
if (msg == 0) {
+#ifdef IPSEC_DEBUG
printf("key_output: No more memory.\n");
+#endif
error = ENOBUFS;
+ pfkeystat.out_nomem++;
goto end;
/* or do panic ? */
}
@@ -309,7 +334,10 @@ key_sendup0(rp, m, promisc)
if (m && m->m_len < sizeof(struct sadb_msg))
m = m_pullup(m, sizeof(struct sadb_msg));
if (!m) {
+#ifdef IPSEC_DEBUG
printf("key_sendup0: cannot pullup\n");
+#endif
+ pfkeystat.in_nomem++;
m_freem(m);
return ENOBUFS;
}
@@ -321,18 +349,24 @@ key_sendup0(rp, m, promisc)
pmsg->sadb_msg_type = SADB_X_PROMISC;
pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
/* pid and seq? */
+
+ pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
}
if (!sbappendaddr(&rp->rcb_socket->so_rcv,
(struct sockaddr *)&key_src, m, NULL)) {
+#ifdef IPSEC_DEBUG
printf("key_sendup0: sbappendaddr failed\n");
+#endif
+ pfkeystat.in_nomem++;
m_freem(m);
return ENOBUFS;
}
sorwakeup(rp->rcb_socket);
return 0;
}
+/* XXX this interface should be obsoleted. */
int
key_sendup(so, msg, len, target)
struct socket *so;
@@ -341,10 +375,6 @@ key_sendup(so, msg, len, target)
int target; /*target of the resulting message*/
{
struct mbuf *m, *n, *mprev;
- struct keycb *kp;
- int sendup;
- struct rawcb *rp;
- int error;
int tlen;
/* sanity check */
@@ -356,6 +386,14 @@ key_sendup(so, msg, len, target)
kdebug_sadb(msg));
/*
+ * we increment statistics here, just in case we have ENOBUFS
+ * in this function.
+ */
+ pfkeystat.in_total++;
+ pfkeystat.in_bytes += len;
+ pfkeystat.in_msgtype[msg->sadb_msg_type]++;
+
+ /*
* Get mbuf chain whenever possible (not clusters),
* to save socket buffer. We'll be generating many SADB_ACQUIRE
* messages to listening key sockets. If we simmply allocate clusters,
@@ -374,13 +412,16 @@ key_sendup(so, msg, len, target)
MGET(n, M_DONTWAIT, MT_DATA);
n->m_len = MLEN;
}
- if (!n)
+ if (!n) {
+ pfkeystat.in_nomem++;
return ENOBUFS;
- if (tlen > MCLBYTES) { /*XXX better threshold? */
+ }
+ if (tlen >= MCLBYTES) { /*XXX better threshold? */
MCLGET(n, M_DONTWAIT);
if ((n->m_flags & M_EXT) == 0) {
m_free(n);
m_freem(m);
+ pfkeystat.in_nomem++;
return ENOBUFS;
}
n->m_len = MCLBYTES;
@@ -402,6 +443,48 @@ key_sendup(so, msg, len, target)
m->m_pkthdr.rcvif = NULL;
m_copyback(m, 0, len, (caddr_t)msg);
+ /* avoid duplicated statistics */
+ pfkeystat.in_total--;
+ pfkeystat.in_bytes -= len;
+ pfkeystat.in_msgtype[msg->sadb_msg_type]--;
+
+ return key_sendup_mbuf(so, m, target);
+}
+
+int
+key_sendup_mbuf(so, m, target)
+ struct socket *so;
+ struct mbuf *m;
+ int target;
+{
+ struct mbuf *n;
+ struct keycb *kp;
+ int sendup;
+ struct rawcb *rp;
+ int error;
+
+ if (so == NULL || m == NULL)
+ panic("key_sendup_mbuf: NULL pointer was passed.\n");
+
+ pfkeystat.in_total++;
+ pfkeystat.in_bytes += m->m_pkthdr.len;
+ if (m->m_len < sizeof(struct sadb_msg)) {
+#if 1
+ m = m_pullup(m, sizeof(struct sadb_msg));
+ if (m == NULL) {
+ pfkeystat.in_nomem++;
+ return ENOBUFS;
+ }
+#else
+ /* don't bother pulling it up just for stats */
+#endif
+ }
+ if (m->m_len >= sizeof(struct sadb_msg)) {
+ struct sadb_msg *msg;
+ msg = mtod(m, struct sadb_msg *);
+ pfkeystat.in_msgtype[msg->sadb_msg_type]++;
+ }
+
#ifndef __NetBSD__
for (rp = rawcb.rcb_next; rp != &rawcb; rp = rp->rcb_next)
#else
@@ -448,13 +531,17 @@ key_sendup(so, msg, len, target)
sendup++;
break;
}
+ pfkeystat.in_msgtarget[target]++;
if (!sendup)
continue;
if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
+#ifdef IPSEC_DEBUG
printf("key_sendup: m_copy fail\n");
+#endif
m_freem(m);
+ pfkeystat.in_nomem++;
return ENOBUFS;
}
View
51 kame/sys/netkey/keysock.h
@@ -27,41 +27,58 @@
* SUCH DAMAGE.
*/
-/* $Id: keysock.h,v 1.1 1999/08/03 01:02:15 itojun Exp $ */
+/* $Id: keysock.h,v 1.2 2000/01/10 01:32:06 itojun Exp $ */
#ifndef _NETKEY_KEYSOCK_H_
#define _NETKEY_KEYSOCK_H_
-#ifdef __NetBSD__
-# ifdef _KERNEL
-# define KERNEL
-# endif
-#endif
+/* statistics for pfkey socket */
+struct pfkeystat {
+ /* kernel -> userland */
+ u_quad_t out_total; /* # of total calls */
+ u_quad_t out_bytes; /* total bytecount */
+ u_quad_t out_msgtype[256]; /* message type histogram */
+ u_quad_t out_invlen; /* invalid length field */
+ u_quad_t out_invver; /* invalid version field */
+ u_quad_t out_invmsgtype; /* invalid message type field */
+ u_quad_t out_tooshort; /* msg too short */
+ u_quad_t out_nomem; /* memory allocation failure */
+ u_quad_t out_dupext; /* duplicate extension */
+ u_quad_t out_invexttype; /* invalid extension type */
+ u_quad_t out_invsatype; /* invalid sa type */
+ u_quad_t out_invaddr; /* invalid address extension */
+ /* userland -> kernel */
+ u_quad_t in_total; /* # of total calls */
+ u_quad_t in_bytes; /* total bytecount */
+ u_quad_t in_msgtype[256]; /* message type histogram */
+ u_quad_t in_msgtarget[3]; /* one/all/registered */
+ u_quad_t in_nomem; /* memory allocation failure */
+};
-#if defined(KERNEL)
+#define KEY_SENDUP_ONE 0
+#define KEY_SENDUP_ALL 1
+#define KEY_SENDUP_REGISTERED 2
+
+#if defined(KERNEL) || defined(_KERNEL)
struct keycb {
struct rawcb kp_raw; /* rawcb */
int kp_promisc; /* promiscuous mode */
int kp_registered; /* registered socket */
};
+extern struct pfkeystat pfkeystat;
+
extern int key_output __P((struct mbuf *, ...));
#ifndef __NetBSD__
-extern int key_usrreq __P((struct socket *, int, struct mbuf *, struct mbuf *, struct mbuf *));
+extern int key_usrreq __P((struct socket *,
+ int, struct mbuf *, struct mbuf *, struct mbuf *));
#else
extern int key_usrreq __P((struct socket *,
int, struct mbuf *, struct mbuf *, struct mbuf *, struct proc *));
#endif
-#define KEY_SENDUP_ONE 0
-#define KEY_SENDUP_ALL 1
-#define KEY_SENDUP_REGISTERED 2
-
extern int key_sendup __P((struct socket *, struct sadb_msg *, u_int, int));
-#else
-#if 0 /* no library defined for this */
-extern int key_sendup __P((int, struct sadb_msg *, u_int, int));
-#endif
-#endif /* defined(KERNEL) */
+extern int key_sendup_mbuf __P((struct socket *, struct mbuf *, int));
+#endif /* KERNEL */
#endif _NETKEY_KEYSOCK_H_

0 comments on commit 6704ec0

Please sign in to comment.