sync with latest kame netstat. basically, more statistics

8 files changed, 646 insertions, 299 deletions

diff --git a/usr.bin/netstat/Makefile b/usr.bin/netstat/Makefile
index f52e792..7f88c3b 100644
--- a/usr.bin/netstat/Makefile
+++ b/usr.bin/netstat/Makefile
@@ -3,8 +3,9 @@
 
 PROG=	netstat
 SRCS=	if.c inet.c inet6.c main.c mbuf.c mroute.c ipx.c route.c \
-	unix.c atalk.c netgraph.c mroute6.c # iso.c ns.c tp_astring.c
+	unix.c atalk.c netgraph.c mroute6.c ipsec.c # iso.c ns.c tp_astring.c 
 CFLAGS+=-Wall
+CFLAGS+=-DIPSEC
 
 #CFLAGS+=-g
 #.PATH:	${.CURDIR}/../../sys/netiso
diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c
index ac09c4b..c14c7a2 100644
--- a/usr.bin/netstat/inet.c
+++ b/usr.bin/netstat/inet.c
@@ -68,9 +68,6 @@ static const char rcsid[] =
 #include <netinet/tcp_debug.h>
 #include <netinet/udp.h>
 #include <netinet/udp_var.h>
-#ifdef IPSEC
-#include <netinet6/ipsec.h>
-#endif
 
 #include <arpa/inet.h>
 #include <err.h>
@@ -682,109 +679,6 @@ igmp_stats(off, name)
 #undef py
 }
 
-#ifdef IPSEC
-static	char *ipsec_ahnames[] = {
-	"none",
-	"hmac MD5",
-	"hmac SHA1",
-	"keyed MD5",
-	"keyed SHA1",
-	"null",
-};
-
-static	char *ipsec_espnames[] = {
-	"none",
-	"DES CBC",
-	"3DES CBC",
-	"simple",
-	"blowfish CBC",
-	"CAST128 CBC",
-	"RC5 CBC",
-};
-
-/*
- * Dump IPSEC statistics structure.
- */
-void
-ipsec_stats(off, name)
-	u_long off;
-	char *name;
-{
-	struct ipsecstat ipsecstat;
-	int first, proto;
-
-	if (off == 0)
-		return;
-	printf ("%s:\n", name);
-	kread(off, (char *)&ipsecstat, sizeof (ipsecstat));
-
-#define	p(f, m) if (ipsecstat.f || sflag <= 1) \
-    printf(m, ipsecstat.f, plural(ipsecstat.f))
-
-	p(in_success, "\t%lu inbound packet%s processed successfully\n");
-	p(in_polvio, "\t%lu inbound packet%s violated process security "
-		"policy\n");
-	p(in_nosa, "\t%lu inbound packet%s with no SA available\n");
-	p(in_inval, "\t%lu inbound packet%s failed processing due to EINVAL\n");
-	p(in_badspi, "\t%lu inbound packet%s failed getting SPI\n");
-	p(in_ahreplay, "\t%lu inbound packet%s failed on AH replay check\n");
-	p(in_espreplay, "\t%lu inbound packet%s failed on ESP replay check\n");
-	p(in_ahauthsucc, "\t%lu inbound AH packet%s considered authentic\n");
-	p(in_ahauthfail, "\t%lu inbound AH packet%s failed on authentication\n");
-	p(in_espauthsucc, "\t%lu inbound ESP packet%s considered authentic\n");
-	p(in_espauthfail, "\t%lu inbound ESP packet%s failed on authentication\n");
-	for (first = 1, proto = 0; proto < SADB_AALG_MAX; proto++) {
-		if (ipsecstat.in_ahhist[proto] <= 0)
-			continue;
-		if (first) {
-			printf("\tAH input histogram:\n");
-			first = 0;
-		}
-		printf("\t\t%s: %lu\n", ipsec_ahnames[proto],
-			ipsecstat.in_ahhist[proto]);
-	}
-	for (first = 1, proto = 0; proto < SADB_EALG_MAX; proto++) {
-		if (ipsecstat.in_esphist[proto] <= 0)
-			continue;
-		if (first) {
-			printf("\tESP input histogram:\n");
-		first = 0;
-		}
-		printf("\t\t%s: %lu\n", ipsec_espnames[proto],
-			ipsecstat.in_esphist[proto]);
-	}
-
-	p(out_success, "\t%lu outbound packet%s processed successfully\n");
-	p(out_polvio, "\t%lu outbound packet%s violated process security "
-		"policy\n");
-	p(out_nosa, "\t%lu outbound packet%s with no SA available\n");
-	p(out_inval, "\t%lu outbound packet%s failed processing due to "
-		"EINVAL\n");
-	p(out_noroute, "\t%lu outbound packet%s with no route\n");
-	for (first = 1, proto = 0; proto < SADB_AALG_MAX; proto++) {
-		if (ipsecstat.out_ahhist[proto] <= 0)
-			continue;
-		if (first) {
-			printf("\tAH output histogram:\n");
-			first = 0;
-		}
-		printf("\t\t%s: %lu\n", ipsec_ahnames[proto],
-			ipsecstat.out_ahhist[proto]);
-	}
-	for (first = 1, proto = 0; proto < SADB_EALG_MAX; proto++) {
-		if (ipsecstat.out_esphist[proto] <= 0)
-			continue;
-		if (first) {
-			printf("\tESP output histogram:\n");
-			first = 0;
-		}
-		printf("\t\t%s: %lu\n", ipsec_espnames[proto],
-			ipsecstat.out_esphist[proto]);
-	}
-#undef p
-}
-#endif /*IPSEC*/
-
 /*
  * Pretty print an Internet address (net address + port).
  */
diff --git a/usr.bin/netstat/inet6.c b/usr.bin/netstat/inet6.c
index c1c65f2..e441e3b 100644
--- a/usr.bin/netstat/inet6.c
+++ b/usr.bin/netstat/inet6.c
@@ -164,7 +164,7 @@ static	char *ip6nh[] = {
 	"#86",
 	"#87",
 	"#88",
-	"#89",	
+	"OSPF",	
 	"#80",
 	"#91",
 	"#92",
@@ -351,44 +351,44 @@ ip6_stats(off, name)
 	printf("%s:\n", name);
 
 #define	p(f, m) if (ip6stat.f || sflag <= 1) \
-    printf(m, ip6stat.f, plural(ip6stat.f))
+    printf(m, (unsigned long long)ip6stat.f, plural(ip6stat.f))
 #define	p1a(f, m) if (ip6stat.f || sflag <= 1) \
-    printf(m, ip6stat.f)
-
-	p(ip6s_total, "\t%lu total packet%s received\n");
-	p1a(ip6s_toosmall, "\t%lu with size smaller than minimum\n");
-	p1a(ip6s_tooshort, "\t%lu with data size < data length\n");
-	p1a(ip6s_badoptions, "\t%lu with bad options\n");
-	p1a(ip6s_badvers, "\t%lu with incorrect version number\n");
-	p(ip6s_fragments, "\t%lu fragment%s received\n");
-	p(ip6s_fragdropped, "\t%lu fragment%s dropped (dup or out of space)\n");
-	p(ip6s_fragtimeout, "\t%lu fragment%s dropped after timeout\n");
-	p(ip6s_fragoverflow, "\t%lu fragment%s that exceeded limit\n");
-	p(ip6s_reassembled, "\t%lu packet%s reassembled ok\n");
-	p(ip6s_delivered, "\t%lu packet%s for this host\n");
-	p(ip6s_forward, "\t%lu packet%s forwarded\n");
-	p(ip6s_cantforward, "\t%lu packet%s not forwardable\n");
-	p(ip6s_redirectsent, "\t%lu redirect%s sent\n");
-	p(ip6s_localout, "\t%lu packet%s sent from this host\n");
-	p(ip6s_rawout, "\t%lu packet%s sent with fabricated ip header\n");
-	p(ip6s_odropped, "\t%lu output packet%s dropped due to no bufs, etc.\n");
-	p(ip6s_noroute, "\t%lu output packet%s discarded due to no route\n");
-	p(ip6s_fragmented, "\t%lu output datagram%s fragmented\n");
-	p(ip6s_ofragments, "\t%lu fragment%s created\n");
-	p(ip6s_cantfrag, "\t%lu datagram%s that can't be fragmented\n");
-	p(ip6s_badscope, "\t%lu packet%s that violated scope rules\n");
-	p(ip6s_notmember, "\t%lu multicast packet%s which we don't join\n");
+    printf(m, (unsigned long long)ip6stat.f)
+
+	p(ip6s_total, "\t%llu total packet%s received\n");
+	p1a(ip6s_toosmall, "\t%llu with size smaller than minimum\n");
+	p1a(ip6s_tooshort, "\t%llu with data size < data length\n");
+	p1a(ip6s_badoptions, "\t%llu with bad options\n");
+	p1a(ip6s_badvers, "\t%llu with incorrect version number\n");
+	p(ip6s_fragments, "\t%llu fragment%s received\n");
+	p(ip6s_fragdropped, "\t%llu fragment%s dropped (dup or out of space)\n");
+	p(ip6s_fragtimeout, "\t%llu fragment%s dropped after timeout\n");
+	p(ip6s_fragoverflow, "\t%llu fragment%s that exceeded limit\n");
+	p(ip6s_reassembled, "\t%llu packet%s reassembled ok\n");
+	p(ip6s_delivered, "\t%llu packet%s for this host\n");
+	p(ip6s_forward, "\t%llu packet%s forwarded\n");
+	p(ip6s_cantforward, "\t%llu packet%s not forwardable\n");
+	p(ip6s_redirectsent, "\t%llu redirect%s sent\n");
+	p(ip6s_localout, "\t%llu packet%s sent from this host\n");
+	p(ip6s_rawout, "\t%llu packet%s sent with fabricated ip header\n");
+	p(ip6s_odropped, "\t%llu output packet%s dropped due to no bufs, etc.\n");
+	p(ip6s_noroute, "\t%llu output packet%s discarded due to no route\n");
+	p(ip6s_fragmented, "\t%llu output datagram%s fragmented\n");
+	p(ip6s_ofragments, "\t%llu fragment%s created\n");
+	p(ip6s_cantfrag, "\t%llu datagram%s that can't be fragmented\n");
+	p(ip6s_badscope, "\t%llu packet%s that violated scope rules\n");
+	p(ip6s_notmember, "\t%llu multicast packet%s which we don't join\n");
 	for (first = 1, i = 0; i < 256; i++)
 		if (ip6stat.ip6s_nxthist[i] != 0) {
 			if (first) {
 				printf("\tInput histogram:\n");
 				first = 0;
 			}
-			printf("\t\t%s: %lu\n", ip6nh[i],
-			       ip6stat.ip6s_nxthist[i]);
+			printf("\t\t%s: %llu\n", ip6nh[i],
+			    (unsigned long long)ip6stat.ip6s_nxthist[i]);
 		}
 	printf("\tMbuf statistics:\n");
-	printf("\t\t%lu one mbuf\n", ip6stat.ip6s_m1);
+	printf("\t\t%llu one mbuf\n", (unsigned long long)ip6stat.ip6s_m1);
 	for (first = 1, i = 0; i < 32; i++) {
 		char ifbuf[IFNAMSIZ];
 		if (ip6stat.ip6s_m2m[i] != 0) {		
@@ -396,17 +396,126 @@ ip6_stats(off, name)
 				printf("\t\ttwo or more mbuf:\n");
 				first = 0;
 			}
-			printf("\t\t\t%s= %ld\n",
-			       if_indextoname(i, ifbuf),
-			       ip6stat.ip6s_m2m[i]);
+			printf("\t\t\t%s= %llu\n",
+			    if_indextoname(i, ifbuf),
+			    (unsigned long long)ip6stat.ip6s_m2m[i]);
+		}
+	}
+	printf("\t\t%llu one ext mbuf\n",
+	    (unsigned long long)ip6stat.ip6s_mext1);
+	printf("\t\t%llu two or more ext mbuf\n",
+	    (unsigned long long)ip6stat.ip6s_mext2m);	
+	p(ip6s_exthdrtoolong,
+	    "\t%llu packet%s whose headers are not continuous\n");
+	p(ip6s_nogif, "\t%llu tunneling packet%s that can't find gif\n");
+	p(ip6s_toomanyhdr,
+	    "\t%llu packet%s discarded due to too may headers\n");
+
+	if (ip6stat.ip6s_exthdrget || ip6stat.ip6s_exthdrget0) {
+		p(ip6s_exthdrget, "\t%llu use%s of IP6_EXTHDR_GET\n");
+		p(ip6s_exthdrget0, "\t%llu use%s of IP6_EXTHDR_GET0\n");
+		p(ip6s_pulldown, "\t%llu call%s to m_pulldown\n");
+		p(ip6s_pulldown_alloc,
+		    "\t%llu mbuf allocation%s in m_pulldown\n");
+		if (ip6stat.ip6s_pulldown_copy != 1) {
+			p1a(ip6s_pulldown_copy,
+			    "\t%llu mbuf copies in m_pulldown\n");
+		} else {
+			p1a(ip6s_pulldown_copy,
+			    "\t%llu mbuf copy in m_pulldown\n");
+		}
+		p(ip6s_pullup, "\t%llu call%s to m_pullup\n");
+		p(ip6s_pullup_alloc, "\t%llu mbuf allocation%s in m_pullup\n");
+		if (ip6stat.ip6s_pullup_copy != 1) {
+			p1a(ip6s_pullup_copy, "\t%llu mbuf copies in m_pullup\n");
+		} else {
+			p1a(ip6s_pullup_copy, "\t%llu mbuf copy in m_pullup\n");
+		}
+		p(ip6s_pullup_fail, "\t%llu failure%s in m_pullup\n");
+		p(ip6s_pullup2, "\t%llu call%s to m_pullup2\n");
+		p(ip6s_pullup2_alloc, "\t%llu mbuf allocation%s in m_pullup2\n");
+		if (ip6stat.ip6s_pullup2_copy != 1) {
+			p1a(ip6s_pullup2_copy,
+			    "\t%llu mbuf copies in m_pullup2\n");
+		} else {
+			p1a(ip6s_pullup2_copy, "\t%llu mbuf copy in m_pullup2\n");
+		}
+		p(ip6s_pullup2_fail, "\t%llu failure%s in m_pullup2\n");
+	}
+
+	/* for debugging source address selection */
+#define PRINT_SCOPESTAT(s,i) do {\
+		switch(i) { /* XXX hardcoding in each case */\
+		case 1:\
+			p(s, "\t\t%llu node-local%s\n");\
+			break;\
+		case 2:\
+			p(s,"\t\t%llu link-local%s\n");\
+			break;\
+		case 5:\
+			p(s,"\t\t%llu site-local%s\n");\
+			break;\
+		case 14:\
+			p(s,"\t\t%llu global%s\n");\
+			break;\
+		default:\
+			printf("\t\t%llu addresses scope=%x\n",\
+			    (unsigned long long)ip6stat.s, i);\
+		}\
+	} while (0);
+
+	p(ip6s_sources_none,
+	  "\t%llu failure%s of source address selection\n");
+	for (first = 1, i = 0; i < 16; i++) {
+		if (ip6stat.ip6s_sources_sameif[i]) {
+			if (first) {
+				printf("\tsource addresses on an outgoing I/F\n");
+				first = 0;
+			}
+			PRINT_SCOPESTAT(ip6s_sources_sameif[i], i);
+		}
+	}
+	for (first = 1, i = 0; i < 16; i++) {
+		if (ip6stat.ip6s_sources_otherif[i]) {
+			if (first) {
+				printf("\tsource addresses on a non-outgoing I/F\n");
+				first = 0;
+			}
+			PRINT_SCOPESTAT(ip6s_sources_otherif[i], i);
 		}
 	}
-	printf("\t\t%lu one ext mbuf\n", ip6stat.ip6s_mext1);
-	printf("\t\t%lu two or more ext mbuf\n", ip6stat.ip6s_mext2m);	
-	p(ip6s_exthdrtoolong, "\t%lu packet%s whose headers are not continuous\n");
-	p(ip6s_nogif, "\t%lu tunneling packet%s that can't find gif\n");
-	p(ip6s_toomanyhdr, "\t%lu packet%s discarded due to too may headers\n");
+	for (first = 1, i = 0; i < 16; i++) {
+		if (ip6stat.ip6s_sources_samescope[i]) {
+			if (first) {
+				printf("\tsource addresses of same scope\n");
+				first = 0;
+			}
+			PRINT_SCOPESTAT(ip6s_sources_samescope[i], i);
+		}
+	}
+	for (first = 1, i = 0; i < 16; i++) {
+		if (ip6stat.ip6s_sources_otherscope[i]) {
+			if (first) {
+				printf("\tsource addresses of a different scope\n");
+				first = 0;
+			}
+			PRINT_SCOPESTAT(ip6s_sources_otherscope[i], i);
+		}
+	}
+	for (first = 1, i = 0; i < 16; i++) {
+		if (ip6stat.ip6s_sources_deprecated[i]) {
+			if (first) {
+				printf("\tdeprecated source addresses\n");
+				first = 0;
+			}
+			PRINT_SCOPESTAT(ip6s_sources_deprecated[i], i);
+		}
+	}
+
+	p1a(ip6s_forward_cachehit, "\t%llu forward cache hit\n");
+	p1a(ip6s_forward_cachemiss, "\t%llu forward cache miss\n");
 #undef p
+#undef p1a
 }
 
 /*
@@ -419,9 +528,9 @@ ip6_ifstats(ifname)
 	struct in6_ifreq ifr;
 	int s;
 #define	p(f, m) if (ifr.ifr_ifru.ifru_stat.f || sflag <= 1) \
-    printf(m, ifr.ifr_ifru.ifru_stat.f, plural(ifr.ifr_ifru.ifru_stat.f))
+    printf(m, (unsigned long long)ifr.ifr_ifru.ifru_stat.f, plural(ifr.ifr_ifru.ifru_stat.f))
 #define	p_5(f, m) if (ifr.ifr_ifru.ifru_stat.f || sflag <= 1) \
-    printf(m, ip6stat.f)
+    printf(m, (unsigned long long)ip6stat.f)
 
 	if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
 		perror("Warning: socket(AF_INET6)");
@@ -436,28 +545,28 @@ ip6_ifstats(ifname)
 		goto end;
 	}
 
-	p(ifs6_in_receive, "\t%qu total input datagram%s\n");
-	p(ifs6_in_hdrerr, "\t%qu datagram%s with invalid header received\n");
-	p(ifs6_in_toobig, "\t%qu datagram%s exceeded MTU received\n");
-	p(ifs6_in_noroute, "\t%qu datagram%s with no route received\n");
-	p(ifs6_in_addrerr, "\t%qu datagram%s with invalid dst received\n");
-	p(ifs6_in_protounknown, "\t%qu datagram%s with unknown proto received\n");
-	p(ifs6_in_truncated, "\t%qu truncated datagram%s received\n");
-	p(ifs6_in_discard, "\t%qu input datagram%s discarded\n");
+	p(ifs6_in_receive, "\t%llu total input datagram%s\n");
+	p(ifs6_in_hdrerr, "\t%llu datagram%s with invalid header received\n");
+	p(ifs6_in_toobig, "\t%llu datagram%s exceeded MTU received\n");
+	p(ifs6_in_noroute, "\t%llu datagram%s with no route received\n");
+	p(ifs6_in_addrerr, "\t%llu datagram%s with invalid dst received\n");
+	p(ifs6_in_protounknown, "\t%llu datagram%s with unknown proto received\n");
+	p(ifs6_in_truncated, "\t%llu truncated datagram%s received\n");
+	p(ifs6_in_discard, "\t%llu input datagram%s discarded\n");
 	p(ifs6_in_deliver,
-	  "\t%qu datagram%s delivered to an upper layer protocol\n");
-	p(ifs6_out_forward, "\t%qu datagram%s forwarded to this interface\n");
+	  "\t%llu datagram%s delivered to an upper layer protocol\n");
+	p(ifs6_out_forward, "\t%llu datagram%s forwarded to this interface\n");
 	p(ifs6_out_request,
-	  "\t%qu datagram%s sent from an upper layer protocol\n");
-	p(ifs6_out_discard, "\t%qu total discarded output datagram%s\n");
-	p(ifs6_out_fragok, "\t%qu output datagram%s fragmented\n");
-	p(ifs6_out_fragfail, "\t%qu output datagram%s failed on fragment\n");
-	p(ifs6_out_fragcreat, "\t%qu output datagram%s succeeded on fragment\n");
-	p(ifs6_reass_reqd, "\t%qu incoming datagram%s fragmented\n");
-	p(ifs6_reass_ok, "\t%qu datagram%s reassembled\n");
-	p(ifs6_reass_fail, "\t%qu datagram%s failed on reassembling\n");
-	p(ifs6_in_mcast, "\t%qu multicast datagram%s received\n");
-	p(ifs6_out_mcast, "\t%qu multicast datagram%s sent\n");
+	  "\t%llu datagram%s sent from an upper layer protocol\n");
+	p(ifs6_out_discard, "\t%llu total discarded output datagram%s\n");
+	p(ifs6_out_fragok, "\t%llu output datagram%s fragmented\n");
+	p(ifs6_out_fragfail, "\t%llu output datagram%s failed on fragment\n");
+	p(ifs6_out_fragcreat, "\t%llu output datagram%s succeeded on fragment\n");
+	p(ifs6_reass_reqd, "\t%llu incoming datagram%s fragmented\n");
+	p(ifs6_reass_ok, "\t%llu datagram%s reassembled\n");
+	p(ifs6_reass_fail, "\t%llu datagram%s failed on reassembling\n");
+	p(ifs6_in_mcast, "\t%llu multicast datagram%s received\n");
+	p(ifs6_out_mcast, "\t%llu multicast datagram%s sent\n");
 
   end:
 	close(s);
@@ -742,36 +851,53 @@ icmp6_stats(off, name)
 	printf("%s:\n", name);
 
 #define	p(f, m) if (icmp6stat.f || sflag <= 1) \
-    printf(m, icmp6stat.f, plural(icmp6stat.f))
+    printf(m, (unsigned long long)icmp6stat.f, plural(icmp6stat.f))
+#define p_5(f, m) printf(m, (unsigned long long)icmp6stat.f)
 
-	p(icp6s_error, "\t%lu call%s to icmp_error\n");
+	p(icp6s_error, "\t%llu call%s to icmp_error\n");
 	p(icp6s_canterror,
-	    "\t%lu error%s not generated because old message was icmp error or so\n");
+	    "\t%llu error%s not generated because old message was icmp error or so\n");
 	p(icp6s_toofreq,
-	  "\t%lu error%s not generated because rate limitation\n");
+	  "\t%llu error%s not generated because rate limitation\n");
 	for (first = 1, i = 0; i < 256; i++)
 		if (icmp6stat.icp6s_outhist[i] != 0) {
 			if (first) {
 				printf("\tOutput histogram:\n");
 				first = 0;
 			}
-			printf("\t\t%s: %lu\n", icmp6names[i],
-				icmp6stat.icp6s_outhist[i]);
+			printf("\t\t%s: %llu\n", icmp6names[i],
+			    (unsigned long long)icmp6stat.icp6s_outhist[i]);
 		}
-	p(icp6s_badcode, "\t%lu message%s with bad code fields\n");
-	p(icp6s_tooshort, "\t%lu message%s < minimum length\n");
-	p(icp6s_checksum, "\t%lu bad checksum%s\n");
-	p(icp6s_badlen, "\t%lu message%s with bad length\n");
+	p(icp6s_badcode, "\t%llu message%s with bad code fields\n");
+	p(icp6s_tooshort, "\t%llu message%s < minimum length\n");
+	p(icp6s_checksum, "\t%llu bad checksum%s\n");
+	p(icp6s_badlen, "\t%llu message%s with bad length\n");
 	for (first = 1, i = 0; i < ICMP6_MAXTYPE; i++)
 		if (icmp6stat.icp6s_inhist[i] != 0) {
 			if (first) {
 				printf("\tInput histogram:\n");
 				first = 0;
 			}
-			printf("\t\t%s: %lu\n", icmp6names[i],
-				icmp6stat.icp6s_inhist[i]);
+			printf("\t\t%s: %llu\n", icmp6names[i],
+			    (unsigned long long)icmp6stat.icp6s_inhist[i]);
 		}
-	p(icp6s_reflect, "\t%lu message response%s generated\n");
+	printf("\tHistgram of error messages to be generated:\n");
+	p_5(icp6s_odst_unreach_noroute, "\t\t%llu no route\n");
+	p_5(icp6s_odst_unreach_admin, "\t\t%llu administratively prohibited\n");
+	p_5(icp6s_odst_unreach_beyondscope, "\t\t%llu beyond scope\n");
+	p_5(icp6s_odst_unreach_addr, "\t\t%llu address unreachable\n");
+	p_5(icp6s_odst_unreach_noport, "\t\t%llu port unreachable\n");
+	p_5(icp6s_opacket_too_big, "\t\t%llu packet too big\n");
+	p_5(icp6s_otime_exceed_transit, "\t\t%llu time exceed transit\n");
+	p_5(icp6s_otime_exceed_reassembly, "\t\t%llu time exceed reassembly\n");
+	p_5(icp6s_oparamprob_header, "\t\t%llu erroneous header field\n");
+	p_5(icp6s_oparamprob_nextheader, "\t\t%llu unrecognized next header\n");
+	p_5(icp6s_oparamprob_option, "\t\t%llu unrecognized option\n");
+	p_5(icp6s_oredirect, "\t\t%llu redirect\n");
+	p_5(icp6s_ounknown, "\t\t%llu unknown\n");
+
+	p(icp6s_reflect, "\t%llu message response%s generated\n");
+	p(icp6s_nd_toomanyopt, "\t%llu message%s with too many ND options\n");
 #undef p
 #undef p_5
 }
@@ -786,7 +912,7 @@ icmp6_ifstats(ifname)
 	struct in6_ifreq ifr;
 	int s;
 #define	p(f, m) if (ifr.ifr_ifru.ifru_icmp6stat.f || sflag <= 1) \
-    printf(m, (u_quad_t)ifr.ifr_ifru.ifru_icmp6stat.f, plural(ifr.ifr_ifru.ifru_icmp6stat.f))
+    printf(m, (unsigned long long)ifr.ifr_ifru.ifru_icmp6stat.f, plural(ifr.ifr_ifru.ifru_icmp6stat.f))
 
 	if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
 		perror("Warning: socket(AF_INET6)");
@@ -801,41 +927,41 @@ icmp6_ifstats(ifname)
 		goto end;
 	}
 
-	p(ifs6_in_msg, "\t%qu total input message%s\n");
-	p(ifs6_in_error, "\t%qu total input error message%s\n"); 
-	p(ifs6_in_dstunreach, "\t%qu input destination unreachable error%s\n");
-	p(ifs6_in_adminprohib, "\t%qu input administratively prohibited error%s\n");
-	p(ifs6_in_timeexceed, "\t%qu input time exceeded error%s\n");
-	p(ifs6_in_paramprob, "\t%qu input parameter problem error%s\n");
-	p(ifs6_in_pkttoobig, "\t%qu input packet too big error%s\n");
-	p(ifs6_in_echo, "\t%qu input echo request%s\n");
-	p(ifs6_in_echoreply, "\t%qu input echo reply%s\n");
-	p(ifs6_in_routersolicit, "\t%qu input router solicitation%s\n");
-	p(ifs6_in_routeradvert, "\t%qu input router advertisement%s\n");
-	p(ifs6_in_neighborsolicit, "\t%qu input neighbor solicitation%s\n");
-	p(ifs6_in_neighboradvert, "\t%qu input neighbor advertisement%s\n");
-	p(ifs6_in_redirect, "\t%qu input redirect%s\n");
-	p(ifs6_in_mldquery, "\t%qu input MLD query%s\n");
-	p(ifs6_in_mldreport, "\t%qu input MLD report%s\n");
-	p(ifs6_in_mlddone, "\t%qu input MLD done%s\n");
-
-	p(ifs6_out_msg, "\t%qu total output message%s\n");
-	p(ifs6_out_error, "\t%qu total output error message%s\n");
-	p(ifs6_out_dstunreach, "\t%qu output destination unreachable error%s\n");
-	p(ifs6_out_adminprohib, "\t%qu output administratively prohibited error%s\n");
-	p(ifs6_out_timeexceed, "\t%qu output time exceeded error%s\n");
-	p(ifs6_out_paramprob, "\t%qu output parameter problem error%s\n");
-	p(ifs6_out_pkttoobig, "\t%qu output packet too big error%s\n");
-	p(ifs6_out_echo, "\t%qu output echo request%s\n");
-	p(ifs6_out_echoreply, "\t%qu output echo reply%s\n");
-	p(ifs6_out_routersolicit, "\t%qu output router solicitation%s\n");
-	p(ifs6_out_routeradvert, "\t%qu output router advertisement%s\n");
-	p(ifs6_out_neighborsolicit, "\t%qu output neighbor solicitation%s\n");
-	p(ifs6_out_neighboradvert, "\t%qu output neighbor advertisement%s\n");
-	p(ifs6_out_redirect, "\t%qu output redirect%s\n");
-	p(ifs6_out_mldquery, "\t%qu output MLD query%s\n");
-	p(ifs6_out_mldreport, "\t%qu output MLD report%s\n");
-	p(ifs6_out_mlddone, "\t%qu output MLD done%s\n");
+	p(ifs6_in_msg, "\t%llu total input message%s\n");
+	p(ifs6_in_error, "\t%llu total input error message%s\n"); 
+	p(ifs6_in_dstunreach, "\t%llu input destination unreachable error%s\n");
+	p(ifs6_in_adminprohib, "\t%llu input administratively prohibited error%s\n");
+	p(ifs6_in_timeexceed, "\t%llu input time exceeded error%s\n");
+	p(ifs6_in_paramprob, "\t%llu input parameter problem error%s\n");
+	p(ifs6_in_pkttoobig, "\t%llu input packet too big error%s\n");
+	p(ifs6_in_echo, "\t%llu input echo request%s\n");
+	p(ifs6_in_echoreply, "\t%llu input echo reply%s\n");
+	p(ifs6_in_routersolicit, "\t%llu input router solicitation%s\n");
+	p(ifs6_in_routeradvert, "\t%llu input router advertisement%s\n");
+	p(ifs6_in_neighborsolicit, "\t%llu input neighbor solicitation%s\n");
+	p(ifs6_in_neighboradvert, "\t%llu input neighbor advertisement%s\n");
+	p(ifs6_in_redirect, "\t%llu input redirect%s\n");
+	p(ifs6_in_mldquery, "\t%llu input MLD query%s\n");
+	p(ifs6_in_mldreport, "\t%llu input MLD report%s\n");
+	p(ifs6_in_mlddone, "\t%llu input MLD done%s\n");
+
+	p(ifs6_out_msg, "\t%llu total output message%s\n");
+	p(ifs6_out_error, "\t%llu total output error message%s\n");
+	p(ifs6_out_dstunreach, "\t%llu output destination unreachable error%s\n");
+	p(ifs6_out_adminprohib, "\t%llu output administratively prohibited error%s\n");
+	p(ifs6_out_timeexceed, "\t%llu output time exceeded error%s\n");
+	p(ifs6_out_paramprob, "\t%llu output parameter problem error%s\n");
+	p(ifs6_out_pkttoobig, "\t%llu output packet too big error%s\n");
+	p(ifs6_out_echo, "\t%llu output echo request%s\n");
+	p(ifs6_out_echoreply, "\t%llu output echo reply%s\n");
+	p(ifs6_out_routersolicit, "\t%llu output router solicitation%s\n");
+	p(ifs6_out_routeradvert, "\t%llu output router advertisement%s\n");
+	p(ifs6_out_neighborsolicit, "\t%llu output neighbor solicitation%s\n");
+	p(ifs6_out_neighboradvert, "\t%llu output neighbor advertisement%s\n");
+	p(ifs6_out_redirect, "\t%llu output redirect%s\n");
+	p(ifs6_out_mldquery, "\t%llu output MLD query%s\n");
+	p(ifs6_out_mldreport, "\t%llu output MLD report%s\n");
+	p(ifs6_out_mlddone, "\t%llu output MLD done%s\n");
 
   end:
 	close(s);
@@ -858,14 +984,14 @@ pim6_stats(off, name)
 	printf("%s:\n", name);
 
 #define	p(f, m) if (pim6stat.f || sflag <= 1) \
-    printf(m, pim6stat.f, plural(pim6stat.f))
-	p(pim6s_rcv_total, "\t%u message%s received\n");
-	p(pim6s_rcv_tooshort, "\t%u message%s received with too few bytes\n");
-	p(pim6s_rcv_badsum, "\t%u message%s received with bad checksum\n");
-	p(pim6s_rcv_badversion, "\t%u message%s received with bad version\n");
-	p(pim6s_rcv_registers, "\t%u register%s received\n");
-	p(pim6s_rcv_badregisters, "\t%u bad register%s received\n");
-	p(pim6s_snd_registers, "\t%u register%s sent\n");
+    printf(m, (unsigned long long)pim6stat.f, plural(pim6stat.f))
+	p(pim6s_rcv_total, "\t%llu message%s received\n");
+	p(pim6s_rcv_tooshort, "\t%llu message%s received with too few bytes\n");
+	p(pim6s_rcv_badsum, "\t%llu message%s received with bad checksum\n");
+	p(pim6s_rcv_badversion, "\t%llu message%s received with bad version\n");
+	p(pim6s_rcv_registers, "\t%llu register%s received\n");
+	p(pim6s_rcv_badregisters, "\t%llu bad register%s received\n");
+	p(pim6s_snd_registers, "\t%llu register%s sent\n");
 #undef p
 }
 
diff --git a/usr.bin/netstat/ipsec.c b/usr.bin/netstat/ipsec.c
new file mode 100644
index 0000000..ce96488
--- /dev/null
+++ b/usr.bin/netstat/ipsec.c
@@ -0,0 +1,316 @@
+/*	$FreeBSD$	*/
+/*	$NetBSD: inet.c,v 1.35.2.1 1999/04/29 14:57:08 perry Exp $	*/
+
+/*
+ * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Copyright (c) 1983, 1988, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+/*
+static char sccsid[] = "@(#)inet.c	8.5 (Berkeley) 5/24/95";
+*/
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* not lint */
+
+#include <sys/param.h>
+#include <sys/queue.h>
+#include <sys/socket.h>
+
+#include <netinet/in.h>
+
+#ifdef IPSEC
+#include <netinet6/ipsec.h>
+#include <netkey/keysock.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include "netstat.h"
+
+/*
+ * portability issues:
+ * - bsdi[34] uses PLURAL(), not plural().
+ * - freebsd2 can't print "unsigned long long" properly.
+ */
+/*
+ * XXX see PORTABILITY for the twist
+ */
+#define LLU	"%llu"
+#define CAST	unsigned long long
+
+#ifdef IPSEC 
+static const char *ipsec_ahnames[] = {
+	"none",
+	"hmac MD5",
+	"hmac SHA1",
+	"keyed MD5",
+	"keyed SHA1",
+	"null",
+};
+
+static const char *ipsec_espnames[] = {
+	"none",
+	"DES CBC",
+	"3DES CBC",
+	"simple",
+	"blowfish CBC",
+	"CAST128 CBC",
+	"DES derived IV",
+};
+
+static const char *ipsec_compnames[] = {
+	"none",
+	"OUI",
+	"deflate",
+	"LZS",
+};
+
+static const char *pfkey_msgtypenames[] = {
+	"reserved", "getspi", "update", "add", "delete",
+	"get", "acquire", "register", "expire", "flush",
+	"dump", "x_promisc", "x_pchange", "x_spdupdate", "x_spdadd",
+	"x_spddelete", "x_spdget", "x_spdacquire", "x_spddump", "x_spdflush",
+	"x_spdsetidx", "x_spdexpire", "x_spddelete2"
+};
+
+static struct ipsecstat ipsecstat;
+
+static void print_ipsecstats __P((void));
+static const char *pfkey_msgtype_names __P((int));
+static void ipsec_hist __P((const u_quad_t *, size_t, const char **, size_t,
+	const char *));
+
+/*
+ * Dump IPSEC statistics structure.
+ */
+static void
+ipsec_hist(hist, histmax, name, namemax, title)
+	const u_quad_t *hist;
+	size_t histmax;
+	const char **name;
+	size_t namemax;
+	const char *title;
+{
+	int first;
+	size_t proto;
+
+	for (first = 1, proto = 0; proto < histmax; proto++) {
+		if (hist[proto] <= 0)
+			continue;
+		if (first) {
+			printf("\t%s histogram:\n", title);
+			first = 0;
+		}
+		if (proto < namemax && name[proto]) {
+			printf("\t\t%s: " LLU "\n", name[proto],
+				(CAST)hist[proto]);
+		} else {
+			printf("\t\t#%ld: " LLU "\n", (long)proto,
+				(CAST)hist[proto]);
+		}
+	}
+}
+
+static void
+print_ipsecstats()
+{
+#define	p(f, m) if (ipsecstat.f || sflag <= 1) \
+    printf(m, (CAST)ipsecstat.f, plural(ipsecstat.f))
+#define hist(f, n, t) \
+    ipsec_hist((f), sizeof(f)/sizeof(f[0]), (n), sizeof(n)/sizeof(n[0]), (t));
+
+	p(in_success, "\t" LLU " inbound packet%s processed successfully\n");
+	p(in_polvio, "\t" LLU " inbound packet%s violated process security "
+		"policy\n");
+	p(in_nosa, "\t" LLU " inbound packet%s with no SA available\n");
+	p(in_inval, "\t" LLU " invalid inbound packet%s\n");
+	p(in_nomem, "\t" LLU " inbound packet%s failed due to insufficient memory\n");
+	p(in_badspi, "\t" LLU " inbound packet%s failed getting SPI\n");
+	p(in_ahreplay, "\t" LLU " inbound packet%s failed on AH replay check\n");
+	p(in_espreplay, "\t" LLU " inbound packet%s failed on ESP replay check\n");
+	p(in_ahauthsucc, "\t" LLU " inbound packet%s considered authentic\n");
+	p(in_ahauthfail, "\t" LLU " inbound packet%s failed on authentication\n");
+	hist(ipsecstat.in_ahhist, ipsec_ahnames, "AH input");
+	hist(ipsecstat.in_esphist, ipsec_espnames, "ESP input");
+	hist(ipsecstat.in_comphist, ipsec_compnames, "IPComp input");
+
+	p(out_success, "\t" LLU " outbound packet%s processed successfully\n");
+	p(out_polvio, "\t" LLU " outbound packet%s violated process security "
+		"policy\n");
+	p(out_nosa, "\t" LLU " outbound packet%s with no SA available\n");
+	p(out_inval, "\t" LLU " invalid outbound packet%s\n");
+	p(out_nomem, "\t" LLU " outbound packet%s failed due to insufficient memory\n");
+	p(out_noroute, "\t" LLU " outbound packet%s with no route\n");
+	hist(ipsecstat.out_ahhist, ipsec_ahnames, "AH output");
+	hist(ipsecstat.out_esphist, ipsec_espnames, "ESP output");
+	hist(ipsecstat.out_comphist, ipsec_compnames, "IPComp output");
+#undef p
+#undef hist
+}
+
+void
+ipsec_stats(off, name)
+	u_long off;
+	char *name;
+{
+	if (off == 0)
+		return;
+	printf ("%s:\n", name);
+	kread(off, (char *)&ipsecstat, sizeof (ipsecstat));
+
+	print_ipsecstats();
+}
+
+#if defined(__bsdi__) && _BSDI_VERSION >= 199802 /* bsdi4 only */
+void
+ipsec_stats0(name)
+	char *name;
+{
+	printf("%s:\n", name);
+
+	skread(name, &ipsecstat_info);
+
+	print_ipsecstats();
+}
+#endif
+
+static const char *
+pfkey_msgtype_names(x)
+	int x;
+{
+	const int max =
+	    sizeof(pfkey_msgtypenames)/sizeof(pfkey_msgtypenames[0]);
+	static char buf[10];
+
+	if (x < max && pfkey_msgtypenames[x])
+		return pfkey_msgtypenames[x];
+	snprintf(buf, sizeof(buf), "#%d", x);
+	return buf;
+}
+
+void
+pfkey_stats(off, name)
+	u_long off;
+	char *name;
+{
+	struct pfkeystat pfkeystat;
+	int first, type;
+
+	if (off == 0)
+		return;
+	printf ("%s:\n", name);
+	kread(off, (char *)&pfkeystat, sizeof(pfkeystat));
+
+#define	p(f, m) if (pfkeystat.f || sflag <= 1) \
+    printf(m, (CAST)pfkeystat.f, plural(pfkeystat.f))
+
+	/* kernel -> userland */
+	p(out_total, "\t" LLU " request%s sent to userland\n");
+	p(out_bytes, "\t" LLU " byte%s sent to userland\n");
+	for (first = 1, type = 0;
+	     type < sizeof(pfkeystat.out_msgtype)/sizeof(pfkeystat.out_msgtype[0]);
+	     type++) {
+		if (pfkeystat.out_msgtype[type] <= 0)
+			continue;
+		if (first) {
+			printf("\thistogram by message type:\n");
+			first = 0;
+		}
+		printf("\t\t%s: " LLU "\n", pfkey_msgtype_names(type),
+			(CAST)pfkeystat.out_msgtype[type]);
+	}
+	p(out_invlen, "\t" LLU " message%s with invalid length field\n");
+	p(out_invver, "\t" LLU " message%s with invalid version field\n");
+	p(out_invmsgtype, "\t" LLU " message%s with invalid message type field\n");
+	p(out_tooshort, "\t" LLU " message%s too short\n");
+	p(out_nomem, "\t" LLU " message%s with memory allocation failure\n");
+	p(out_dupext, "\t" LLU " message%s with duplicate extension\n");
+	p(out_invexttype, "\t" LLU " message%s with invalid extension type\n");
+	p(out_invsatype, "\t" LLU " message%s with invalid sa type\n");
+	p(out_invaddr, "\t" LLU " message%s with invalid address extension\n");
+
+	/* userland -> kernel */
+	p(in_total, "\t" LLU " request%s sent from userland\n");
+	p(in_bytes, "\t" LLU " byte%s sent from userland\n");
+	for (first = 1, type = 0;
+	     type < sizeof(pfkeystat.in_msgtype)/sizeof(pfkeystat.in_msgtype[0]);
+	     type++) {
+		if (pfkeystat.in_msgtype[type] <= 0)
+			continue;
+		if (first) {
+			printf("\thistogram by message type:\n");
+			first = 0;
+		}
+		printf("\t\t%s: " LLU "\n", pfkey_msgtype_names(type),
+			(CAST)pfkeystat.in_msgtype[type]);
+	}
+	p(in_msgtarget[KEY_SENDUP_ONE],
+	    "\t" LLU " message%s toward single socket\n");
+	p(in_msgtarget[KEY_SENDUP_ALL],
+	    "\t" LLU " message%s toward all sockets\n");
+	p(in_msgtarget[KEY_SENDUP_REGISTERED],
+	    "\t" LLU " message%s toward registered sockets\n");
+	p(in_nomem, "\t" LLU " message%s with memory allocation failure\n");
+#undef p
+}
+#endif /*IPSEC*/
diff --git a/usr.bin/netstat/mroute.c b/usr.bin/netstat/mroute.c
index 74706c7..46e0dfe 100644
--- a/usr.bin/netstat/mroute.c
+++ b/usr.bin/netstat/mroute.c
@@ -48,7 +48,6 @@ static const char rcsid[] =
  * MROUTING 1.0
  */
 
-
 #include <sys/param.h>
 #include <sys/queue.h>
 #include <sys/socket.h>
@@ -123,7 +122,7 @@ mroutepr(mfcaddr, vifaddr)
 			kread((u_long)m, (char *)&mfc, sizeof mfc);
 
 			if (!banner_printed) {
-				printf("\nMulticast Forwarding Cache\n"
+				printf("\nIPv4 Multicast Forwarding Cache\n"
 				       " Origin          Group            "
 				       " Packets In-Vif  Out-Vifs:Ttls\n");
 				banner_printed = 1;
@@ -157,12 +156,12 @@ mrt_stats(mstaddr)
 	struct mrtstat mrtstat;
 
 	if (mstaddr == 0) {
-		printf("No multicast routing compiled into this system.\n");
+		printf("No IPv4 multicast routing compiled into this system.\n");
 		return;
 	}
 
 	kread(mstaddr, (char *)&mrtstat, sizeof(mrtstat));
-	printf("multicast forwarding:\n");
+	printf("IPv4 multicast forwarding:\n");
 	printf(" %10lu multicast forwarding cache lookup%s\n",
 	  mrtstat.mrts_mfc_lookups, plural(mrtstat.mrts_mfc_lookups));
 	printf(" %10lu multicast forwarding cache miss%s\n",
diff --git a/usr.bin/netstat/mroute6.c b/usr.bin/netstat/mroute6.c
index 3730a9e..f605a03 100644
--- a/usr.bin/netstat/mroute6.c
+++ b/usr.bin/netstat/mroute6.c
@@ -139,7 +139,8 @@ mroute6pr(mfcaddr, mifaddr)
 		printf("   %5s", (mifp->m6_flags & MIFF_REGISTER) ?
 		       "reg0" : if_indextoname(ifnet.if_index, ifname));
 
-		printf(" %9qu  %9qu\n", mifp->m6_pkt_in, mifp->m6_pkt_out);
+		printf(" %9llu  %9llu\n", (unsigned long long)mifp->m6_pkt_in,
+		    (unsigned long long)mifp->m6_pkt_out);
 	}
 	if (!banner_printed)
 		printf("\nIPv6 Multicast Interface Table is empty\n");
@@ -163,7 +164,7 @@ mroute6pr(mfcaddr, mifaddr)
 			       routename6(&mfc.mf6c_origin));
 			printf(" %-*.*s", WID_GRP, WID_GRP,
 			       routename6(&mfc.mf6c_mcastgrp));
-			printf(" %9qu", mfc.mf6c_pkt_cnt);
+			printf(" %9llu", (unsigned long long)mfc.mf6c_pkt_cnt);
 
 			for (waitings = 0, rtep = mfc.mf6c_stall; rtep; ) {
 				waitings++;
@@ -206,30 +207,43 @@ mrt6_stats(mstaddr)
 
 	kread(mstaddr, (char *)&mrtstat, sizeof(mrtstat));
 	printf("IPv6 multicast forwarding:\n");
-	printf(" %10qu multicast forwarding cache lookup%s\n",
-	       mrtstat.mrt6s_mfc_lookups, plural(mrtstat.mrt6s_mfc_lookups));
-	printf(" %10qu multicast forwarding cache miss%s\n",
-	       mrtstat.mrt6s_mfc_misses, plurales(mrtstat.mrt6s_mfc_misses));
-	printf(" %10qu upcall%s to mrouted\n",
-	       mrtstat.mrt6s_upcalls, plural(mrtstat.mrt6s_upcalls));
-	printf(" %10qu upcall queue overflow%s\n",
-	  mrtstat.mrt6s_upq_ovflw, plural(mrtstat.mrt6s_upq_ovflw));
-	printf(" %10qu upcall%s dropped due to full socket buffer\n",
-	  mrtstat.mrt6s_upq_sockfull, plural(mrtstat.mrt6s_upq_sockfull));
-	printf(" %10qu cache cleanup%s\n",
-	  mrtstat.mrt6s_cache_cleanups, plural(mrtstat.mrt6s_cache_cleanups));
-	printf(" %10qu datagram%s with no route for origin\n",
-	  mrtstat.mrt6s_no_route, plural(mrtstat.mrt6s_no_route));
-	printf(" %10qu datagram%s arrived with bad tunneling\n",
-	  mrtstat.mrt6s_bad_tunnel, plural(mrtstat.mrt6s_bad_tunnel));
-	printf(" %10qu datagram%s could not be tunneled\n",
-	  mrtstat.mrt6s_cant_tunnel, plural(mrtstat.mrt6s_cant_tunnel));
-	printf(" %10qu datagram%s arrived on wrong interface\n",
-	  mrtstat.mrt6s_wrong_if, plural(mrtstat.mrt6s_wrong_if));
-	printf(" %10qu datagram%s selectively dropped\n",
-	  mrtstat.mrt6s_drop_sel, plural(mrtstat.mrt6s_drop_sel));
-	printf(" %10qu datagram%s dropped due to queue overflow\n",
-	  mrtstat.mrt6s_q_overflow, plural(mrtstat.mrt6s_q_overflow));
-	printf(" %10qu datagram%s dropped for being too large\n",
-	  mrtstat.mrt6s_pkt2large, plural(mrtstat.mrt6s_pkt2large));
+	printf(" %10llu multicast forwarding cache lookup%s\n",
+	    (unsigned long long)mrtstat.mrt6s_mfc_lookups,
+	    plural(mrtstat.mrt6s_mfc_lookups));
+	printf(" %10llu multicast forwarding cache miss%s\n",
+	    (unsigned long long)mrtstat.mrt6s_mfc_misses,
+	    plurales(mrtstat.mrt6s_mfc_misses));
+	printf(" %10llu upcall%s to mrouted\n",
+	    (unsigned long long)mrtstat.mrt6s_upcalls,
+	    plural(mrtstat.mrt6s_upcalls));
+	printf(" %10llu upcall llueue overflow%s\n",
+	    (unsigned long long)mrtstat.mrt6s_upq_ovflw,
+	    plural(mrtstat.mrt6s_upq_ovflw));
+	printf(" %10llu upcall%s dropped due to full socket buffer\n",
+	    (unsigned long long)mrtstat.mrt6s_upq_sockfull,
+	    plural(mrtstat.mrt6s_upq_sockfull));
+	printf(" %10llu cache cleanup%s\n",
+	    (unsigned long long)mrtstat.mrt6s_cache_cleanups,
+	    plural(mrtstat.mrt6s_cache_cleanups));
+	printf(" %10llu datagram%s with no route for origin\n",
+	    (unsigned long long)mrtstat.mrt6s_no_route,
+	    plural(mrtstat.mrt6s_no_route));
+	printf(" %10llu datagram%s arrived with bad tunneling\n",
+	    (unsigned long long)mrtstat.mrt6s_bad_tunnel,
+	    plural(mrtstat.mrt6s_bad_tunnel));
+	printf(" %10llu datagram%s could not be tunneled\n",
+	    (unsigned long long)mrtstat.mrt6s_cant_tunnel,
+	    plural(mrtstat.mrt6s_cant_tunnel));
+	printf(" %10llu datagram%s arrived on wrong interface\n",
+	    (unsigned long long)mrtstat.mrt6s_wrong_if,
+	    plural(mrtstat.mrt6s_wrong_if));
+	printf(" %10llu datagram%s selectively dropped\n",
+	    (unsigned long long)mrtstat.mrt6s_drop_sel,
+	    plural(mrtstat.mrt6s_drop_sel));
+	printf(" %10llu datagram%s dropped due to llueue overflow\n",
+	    (unsigned long long)mrtstat.mrt6s_q_overflow,
+	    plural(mrtstat.mrt6s_q_overflow));
+	printf(" %10llu datagram%s dropped for being too large\n",
+	    (unsigned long long)mrtstat.mrt6s_pkt2large,
+	    plural(mrtstat.mrt6s_pkt2large));
 }
diff --git a/usr.bin/netstat/netstat.h b/usr.bin/netstat/netstat.h
index 3b435c2..6a329f9 100644
--- a/usr.bin/netstat/netstat.h
+++ b/usr.bin/netstat/netstat.h
@@ -81,6 +81,11 @@ void	icmp6_ifstats __P((char *));
 void	pim6_stats __P((u_long, char *));
 void	mroute6pr __P((u_long, u_long));
 void	mrt6_stats __P((u_long));
+
+struct sockaddr_in6;
+struct in6_addr;
+char *routename6 __P((struct sockaddr_in6 *));
+char *netname6 __P((struct sockaddr_in6 *, struct in6_addr *));
 #endif /*INET6*/
 
 void	bdg_stats __P((u_long, char *));
diff --git a/usr.bin/netstat/route.c b/usr.bin/netstat/route.c
index 9d43a81..b6b6382 100644
--- a/usr.bin/netstat/route.c
+++ b/usr.bin/netstat/route.c
@@ -73,6 +73,12 @@ static const char rcsid[] =
 
 #define kget(p, d) (kread((u_long)(p), (char *)&(d), sizeof (d)))
 
+
+/* alignment constraint for routing socket */
+#define ROUNDUP(a) \
+       ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
+
 /*
  * Definitions for showing gateway flags.
  */
@@ -222,44 +228,35 @@ pr_family(af)
 }
 
 /* column widths; each followed by one space */
-#define	WID_DST 	18	/* width of destination column */
-#define	WID_GW		18	/* width of gateway column */
-#ifdef INET6
-#define	WID_DST6 (lflag ? 39 : (nflag ? 33: 18)) /* width of dest column */
-#define	WID_GW6	(lflag ? 31 : (nflag ? 29 : 18)) /* width of gateway column */
+#ifndef INET6
+#define	WID_DST(af) 	18	/* width of destination column */
+#define	WID_GW(af)	18	/* width of gateway column */
+#else
+#define	WID_DST(af) \
+	((af) == AF_INET6 ? (lflag ? 39 : (nflag ? 33: 18)) : 18)
+#define	WID_GW(af) \
+	((af) == AF_INET6 ? (lflag ? 31 : (nflag ? 29 : 18)) : 18)
 #endif /*INET6*/
 
 /*
  * Print header for routing table columns.
  */
 void
-pr_rthdr(wid_af)
-	int wid_af;
+pr_rthdr(af)
+	int af;
 {
-	int wid_dst, wid_gw;
-
-	wid_dst =
-#ifdef INET6
-		wid_af == AF_INET6 ? WID_DST6 :
-#endif
-		WID_DST;
-	wid_gw =
-#ifdef INET6
-		wid_af == AF_INET6 ? WID_GW6 :
-#endif
-		WID_GW;
 
 	if (Aflag)
 		printf("%-8.8s ","Address");
-	if (wid_af == AF_INET || lflag)
+	if (lflag)
 		printf("%-*.*s %-*.*s %-6.6s  %6.6s%8.8s  %8.8s %6s\n",
-			wid_dst, wid_dst, "Destination",
-			wid_gw, wid_gw, "Gateway",
+			WID_DST(af), WID_DST(af), "Destination",
+			WID_GW(af), WID_GW(af), "Gateway",
 			"Flags", "Refs", "Use", "Netif", "Expire");
 	else
 		printf("%-*.*s %-*.*s %-6.6s  %8.8s %6s\n",
-			wid_dst, wid_dst, "Destination",
-			wid_gw, wid_gw, "Gateway",
+			WID_DST(af), WID_DST(af), "Destination",
+			WID_GW(af), WID_GW(af), "Gateway",
 			"Flags", "Netif", "Expire");
 }
 
@@ -414,7 +411,7 @@ np_rtentry(rtm)
 		p_sockaddr(sa, NULL, 0, 36);
 	else {
 		p_sockaddr(sa, NULL, rtm->rtm_flags, 16);
-		sa = (struct sockaddr *)(sa->sa_len + (char *)sa);
+		sa = (struct sockaddr *)(ROUNDUP(sa->sa_len) + (char *)sa);
 		p_sockaddr(sa, NULL, 0, 18);
 	}
 	p_flags(rtm->rtm_flags & interesting, "%-6.6s ");
@@ -602,15 +599,9 @@ p_rtentry(rt)
 	if (rt_mask(rt) && (sa = kgetsa(rt_mask(rt))))
 		bcopy(sa, &mask, sa->sa_len);
 	p_sockaddr(&addr.u_sa, &mask.u_sa, rt->rt_flags,
-#ifdef INET6
-		   addr.u_sa.sa_family == AF_INET6 ? WID_DST6 :
-#endif
-		   WID_DST);
+	    WID_DST(addr.u_sa.sa_family));
 	p_sockaddr(kgetsa(rt->rt_gateway), NULL, RTF_HOST,
-#ifdef INET6
-		   addr.u_sa.sa_family == AF_INET6 ? WID_GW6 :
-#endif
-		   WID_GW);
+	    WID_GW(addr.u_sa.sa_family));
 	p_flags(rt->rt_flags, "%-6.6s ");
 	if (addr.u_sa.sa_family == AF_INET || lflag)
 		printf("%6ld %8ld ", rt->rt_refcnt, rt->rt_use);
@@ -765,18 +756,14 @@ netname6(sa6, mask)
 	static char line[MAXHOSTNAMELEN + 1];
 	u_char *p = (u_char *)mask;
 	u_char *lim;
-	int masklen, illegal = 0;
-	int flag = NI_WITHSCOPEID;
+	int masklen, illegal = 0, flag = NI_WITHSCOPEID;
 
 	if (mask) {
 		for (masklen = 0, lim = p + 16; p < lim; p++) {
-			if (*p == 0xff)
-				masklen += 8;
-			else
-				break;
-		}
-		if (p < lim) {
 			switch (*p) {
+			 case 0xff:
+				 masklen += 8;
+				 break;
 			 case 0xfe:
 				 masklen += 7;
 				 break;
@@ -831,12 +818,17 @@ routename6(sa6)
 {
 	static char line[MAXHOSTNAMELEN + 1];
 	int flag = NI_WITHSCOPEID;
+	/* use local variable for safety */
+	struct sockaddr_in6 sa6_local = {AF_INET6, sizeof(sa6_local),};
+
+	sa6_local.sin6_addr = sa6->sin6_addr;
+	sa6_local.sin6_scope_id = sa6->sin6_scope_id;
 
 	if (nflag)
 		flag |= NI_NUMERICHOST;
 
-	getnameinfo((struct sockaddr *)sa6, sa6->sin6_len, line, sizeof(line),
-		    NULL, 0, flag);
+	getnameinfo((struct sockaddr *)&sa6_local, sa6_local.sin6_len,
+		    line, sizeof(line), NULL, 0, flag);
 
 	return line;
 }