From 1a36dfcc879833c6fdc45e20d39db618b110f55c Mon Sep 17 00:00:00 2001 From: ae Date: Tue, 9 Jul 2013 09:32:06 +0000 Subject: Prepare network statistics structures for migration to PCPU counters. Use uint64_t as type for all fields of structures. Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat, in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat, pfkeystat, pim6stat, pimstat, rip6stat, udpstat. Discussed with: arch@ --- sys/netipsec/ah_var.h | 40 ++++++++++----------- sys/netipsec/esp_var.h | 42 +++++++++++------------ sys/netipsec/ipcomp_var.h | 39 ++++++++++----------- sys/netipsec/ipip_var.h | 23 ++++++------- sys/netipsec/ipsec.h | 84 ++++++++++++++++++++++----------------------- sys/netipsec/keysock.h | 36 +++++++++---------- sys/netipsec/xform_ipcomp.c | 2 -- 7 files changed, 131 insertions(+), 135 deletions(-) (limited to 'sys/netipsec') diff --git a/sys/netipsec/ah_var.h b/sys/netipsec/ah_var.h index 812fe2d..96cc271 100644 --- a/sys/netipsec/ah_var.h +++ b/sys/netipsec/ah_var.h @@ -48,26 +48,26 @@ #define AH_ALG_MAX 16 struct ahstat { - u_int32_t ahs_hdrops; /* Packet shorter than header shows */ - u_int32_t ahs_nopf; /* Protocol family not supported */ - u_int32_t ahs_notdb; - u_int32_t ahs_badkcr; - u_int32_t ahs_badauth; - u_int32_t ahs_noxform; - u_int32_t ahs_qfull; - u_int32_t ahs_wrap; - u_int32_t ahs_replay; - u_int32_t ahs_badauthl; /* Bad authenticator length */ - u_int32_t ahs_input; /* Input AH packets */ - u_int32_t ahs_output; /* Output AH packets */ - u_int32_t ahs_invalid; /* Trying to use an invalid TDB */ - u_int64_t ahs_ibytes; /* Input bytes */ - u_int64_t ahs_obytes; /* Output bytes */ - u_int32_t ahs_toobig; /* Packet got larger than IP_MAXPACKET */ - u_int32_t ahs_pdrops; /* Packet blocked due to policy */ - u_int32_t ahs_crypto; /* Crypto processing failure */ - u_int32_t ahs_tunnel; /* Tunnel sanity check failure */ - u_int32_t ahs_hist[AH_ALG_MAX]; /* Per-algorithm op count */ + uint64_t ahs_hdrops; /* Packet shorter than header shows */ + uint64_t ahs_nopf; /* Protocol family not supported */ + uint64_t ahs_notdb; + uint64_t ahs_badkcr; + uint64_t ahs_badauth; + uint64_t ahs_noxform; + uint64_t ahs_qfull; + uint64_t ahs_wrap; + uint64_t ahs_replay; + uint64_t ahs_badauthl; /* Bad authenticator length */ + uint64_t ahs_input; /* Input AH packets */ + uint64_t ahs_output; /* Output AH packets */ + uint64_t ahs_invalid; /* Trying to use an invalid TDB */ + uint64_t ahs_ibytes; /* Input bytes */ + uint64_t ahs_obytes; /* Output bytes */ + uint64_t ahs_toobig; /* Packet got larger than IP_MAXPACKET */ + uint64_t ahs_pdrops; /* Packet blocked due to policy */ + uint64_t ahs_crypto; /* Crypto processing failure */ + uint64_t ahs_tunnel; /* Tunnel sanity check failure */ + uint64_t ahs_hist[AH_ALG_MAX]; /* Per-algorithm op count */ }; #ifdef _KERNEL diff --git a/sys/netipsec/esp_var.h b/sys/netipsec/esp_var.h index c613361..46d45df 100644 --- a/sys/netipsec/esp_var.h +++ b/sys/netipsec/esp_var.h @@ -48,27 +48,27 @@ #define ESP_ALG_MAX 256 /* NB: could be < but skipjack is 249 */ struct espstat { - u_int32_t esps_hdrops; /* Packet shorter than header shows */ - u_int32_t esps_nopf; /* Protocol family not supported */ - u_int32_t esps_notdb; - u_int32_t esps_badkcr; - u_int32_t esps_qfull; - u_int32_t esps_noxform; - u_int32_t esps_badilen; - u_int32_t esps_wrap; /* Replay counter wrapped around */ - u_int32_t esps_badenc; /* Bad encryption detected */ - u_int32_t esps_badauth; /* Only valid for transforms with auth */ - u_int32_t esps_replay; /* Possible packet replay detected */ - u_int32_t esps_input; /* Input ESP packets */ - u_int32_t esps_output; /* Output ESP packets */ - u_int32_t esps_invalid; /* Trying to use an invalid TDB */ - u_int64_t esps_ibytes; /* Input bytes */ - u_int64_t esps_obytes; /* Output bytes */ - u_int32_t esps_toobig; /* Packet got larger than IP_MAXPACKET */ - u_int32_t esps_pdrops; /* Packet blocked due to policy */ - u_int32_t esps_crypto; /* Crypto processing failure */ - u_int32_t esps_tunnel; /* Tunnel sanity check failure */ - u_int32_t esps_hist[ESP_ALG_MAX]; /* Per-algorithm op count */ + uint64_t esps_hdrops; /* Packet shorter than header shows */ + uint64_t esps_nopf; /* Protocol family not supported */ + uint64_t esps_notdb; + uint64_t esps_badkcr; + uint64_t esps_qfull; + uint64_t esps_noxform; + uint64_t esps_badilen; + uint64_t esps_wrap; /* Replay counter wrapped around */ + uint64_t esps_badenc; /* Bad encryption detected */ + uint64_t esps_badauth; /* Only valid for transforms with auth */ + uint64_t esps_replay; /* Possible packet replay detected */ + uint64_t esps_input; /* Input ESP packets */ + uint64_t esps_output; /* Output ESP packets */ + uint64_t esps_invalid; /* Trying to use an invalid TDB */ + uint64_t esps_ibytes; /* Input bytes */ + uint64_t esps_obytes; /* Output bytes */ + uint64_t esps_toobig; /* Packet got larger than IP_MAXPACKET */ + uint64_t esps_pdrops; /* Packet blocked due to policy */ + uint64_t esps_crypto; /* Crypto processing failure */ + uint64_t esps_tunnel; /* Tunnel sanity check failure */ + uint64_t esps_hist[ESP_ALG_MAX]; /* Per-algorithm op count */ }; #ifdef _KERNEL diff --git a/sys/netipsec/ipcomp_var.h b/sys/netipsec/ipcomp_var.h index ee15598..fa1f9f1 100644 --- a/sys/netipsec/ipcomp_var.h +++ b/sys/netipsec/ipcomp_var.h @@ -41,27 +41,26 @@ */ #define IPCOMP_ALG_MAX 8 -#define IPCOMPSTAT_VERSION 1 +#define IPCOMPSTAT_VERSION 2 struct ipcompstat { - u_int32_t ipcomps_hdrops; /* Packet shorter than header shows */ - u_int32_t ipcomps_nopf; /* Protocol family not supported */ - u_int32_t ipcomps_notdb; - u_int32_t ipcomps_badkcr; - u_int32_t ipcomps_qfull; - u_int32_t ipcomps_noxform; - u_int32_t ipcomps_wrap; - u_int32_t ipcomps_input; /* Input IPcomp packets */ - u_int32_t ipcomps_output; /* Output IPcomp packets */ - u_int32_t ipcomps_invalid;/* Trying to use an invalid TDB */ - u_int64_t ipcomps_ibytes; /* Input bytes */ - u_int64_t ipcomps_obytes; /* Output bytes */ - u_int32_t ipcomps_toobig; /* Packet got > IP_MAXPACKET */ - u_int32_t ipcomps_pdrops; /* Packet blocked due to policy */ - u_int32_t ipcomps_crypto; /* "Crypto" processing failure */ - u_int32_t ipcomps_hist[IPCOMP_ALG_MAX];/* Per-algorithm op count */ - u_int32_t version; /* Version of this structure. */ - u_int32_t ipcomps_threshold; /* Packet < comp. algo. threshold. */ - u_int32_t ipcomps_uncompr; /* Compression was useles. */ + uint64_t ipcomps_hdrops; /* Packet shorter than header shows */ + uint64_t ipcomps_nopf; /* Protocol family not supported */ + uint64_t ipcomps_notdb; + uint64_t ipcomps_badkcr; + uint64_t ipcomps_qfull; + uint64_t ipcomps_noxform; + uint64_t ipcomps_wrap; + uint64_t ipcomps_input; /* Input IPcomp packets */ + uint64_t ipcomps_output; /* Output IPcomp packets */ + uint64_t ipcomps_invalid;/* Trying to use an invalid TDB */ + uint64_t ipcomps_ibytes; /* Input bytes */ + uint64_t ipcomps_obytes; /* Output bytes */ + uint64_t ipcomps_toobig; /* Packet got > IP_MAXPACKET */ + uint64_t ipcomps_pdrops; /* Packet blocked due to policy */ + uint64_t ipcomps_crypto; /* "Crypto" processing failure */ + uint64_t ipcomps_hist[IPCOMP_ALG_MAX];/* Per-algorithm op count */ + uint64_t ipcomps_threshold; /* Packet < comp. algo. threshold. */ + uint64_t ipcomps_uncompr; /* Compression was useles. */ }; #ifdef _KERNEL diff --git a/sys/netipsec/ipip_var.h b/sys/netipsec/ipip_var.h index 415d5c1..2ad2fb1 100644 --- a/sys/netipsec/ipip_var.h +++ b/sys/netipsec/ipip_var.h @@ -44,18 +44,17 @@ * Not quite all the functionality of RFC-1853, but the main idea is there. */ -struct ipipstat -{ - u_int32_t ipips_ipackets; /* total input packets */ - u_int32_t ipips_opackets; /* total output packets */ - u_int32_t ipips_hdrops; /* packet shorter than header shows */ - u_int32_t ipips_qfull; - u_int64_t ipips_ibytes; - u_int64_t ipips_obytes; - u_int32_t ipips_pdrops; /* packet dropped due to policy */ - u_int32_t ipips_spoof; /* IP spoofing attempts */ - u_int32_t ipips_family; /* Protocol family mismatch */ - u_int32_t ipips_unspec; /* Missing tunnel endpoint address */ +struct ipipstat { + uint64_t ipips_ipackets; /* total input packets */ + uint64_t ipips_opackets; /* total output packets */ + uint64_t ipips_hdrops; /* packet shorter than header shows */ + uint64_t ipips_qfull; + uint64_t ipips_ibytes; + uint64_t ipips_obytes; + uint64_t ipips_pdrops; /* packet dropped due to policy */ + uint64_t ipips_spoof; /* IP spoofing attempts */ + uint64_t ipips_family; /* Protocol family mismatch */ + uint64_t ipips_unspec; /* Missing tunnel endpoint address */ }; #ifdef _KERNEL diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index ad22250..4c198f6 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -217,54 +217,54 @@ struct secspacq { /* statistics for ipsec processing */ struct ipsecstat { - u_quad_t in_success; /* succeeded inbound process */ - u_quad_t in_polvio; + uint64_t in_success; /* succeeded inbound process */ + uint64_t in_polvio; /* security policy violation for inbound process */ - u_quad_t in_nosa; /* inbound SA is unavailable */ - u_quad_t in_inval; /* inbound processing failed due to EINVAL */ - u_quad_t in_nomem; /* inbound processing failed due to ENOBUFS */ - u_quad_t in_badspi; /* failed getting a SPI */ - u_quad_t in_ahreplay; /* AH replay check failed */ - u_quad_t in_espreplay; /* ESP replay check failed */ - u_quad_t in_ahauthsucc; /* AH authentication success */ - u_quad_t in_ahauthfail; /* AH authentication failure */ - u_quad_t in_espauthsucc; /* ESP authentication success */ - u_quad_t in_espauthfail; /* ESP authentication failure */ - u_quad_t in_esphist[256]; - u_quad_t in_ahhist[256]; - u_quad_t in_comphist[256]; - u_quad_t out_success; /* succeeded outbound process */ - u_quad_t out_polvio; + uint64_t in_nosa; /* inbound SA is unavailable */ + uint64_t in_inval; /* inbound processing failed due to EINVAL */ + uint64_t in_nomem; /* inbound processing failed due to ENOBUFS */ + uint64_t in_badspi; /* failed getting a SPI */ + uint64_t in_ahreplay; /* AH replay check failed */ + uint64_t in_espreplay; /* ESP replay check failed */ + uint64_t in_ahauthsucc; /* AH authentication success */ + uint64_t in_ahauthfail; /* AH authentication failure */ + uint64_t in_espauthsucc; /* ESP authentication success */ + uint64_t in_espauthfail; /* ESP authentication failure */ + uint64_t in_esphist[256]; + uint64_t in_ahhist[256]; + uint64_t in_comphist[256]; + uint64_t out_success; /* succeeded outbound process */ + uint64_t out_polvio; /* security policy violation for outbound process */ - u_quad_t out_nosa; /* outbound SA is unavailable */ - u_quad_t out_inval; /* outbound process failed due to EINVAL */ - u_quad_t out_nomem; /* inbound processing failed due to ENOBUFS */ - u_quad_t out_noroute; /* there is no route */ - u_quad_t out_esphist[256]; - u_quad_t out_ahhist[256]; - u_quad_t out_comphist[256]; - - u_quad_t spdcachelookup; - u_quad_t spdcachemiss; - - u_int32_t ips_in_polvio; /* input: sec policy violation */ - u_int32_t ips_out_polvio; /* output: sec policy violation */ - u_int32_t ips_out_nosa; /* output: SA unavailable */ - u_int32_t ips_out_nomem; /* output: no memory available */ - u_int32_t ips_out_noroute; /* output: no route available */ - u_int32_t ips_out_inval; /* output: generic error */ - u_int32_t ips_out_bundlesa; /* output: bundled SA processed */ - u_int32_t ips_mbcoalesced; /* mbufs coalesced during clone */ - u_int32_t ips_clcoalesced; /* clusters coalesced during clone */ - u_int32_t ips_clcopied; /* clusters copied during clone */ - u_int32_t ips_mbinserted; /* mbufs inserted during makespace */ + uint64_t out_nosa; /* outbound SA is unavailable */ + uint64_t out_inval; /* outbound process failed due to EINVAL */ + uint64_t out_nomem; /* inbound processing failed due to ENOBUFS */ + uint64_t out_noroute; /* there is no route */ + uint64_t out_esphist[256]; + uint64_t out_ahhist[256]; + uint64_t out_comphist[256]; + + uint64_t spdcachelookup; + uint64_t spdcachemiss; + + uint64_t ips_in_polvio; /* input: sec policy violation */ + uint64_t ips_out_polvio; /* output: sec policy violation */ + uint64_t ips_out_nosa; /* output: SA unavailable */ + uint64_t ips_out_nomem; /* output: no memory available */ + uint64_t ips_out_noroute; /* output: no route available */ + uint64_t ips_out_inval; /* output: generic error */ + uint64_t ips_out_bundlesa; /* output: bundled SA processed */ + uint64_t ips_mbcoalesced; /* mbufs coalesced during clone */ + uint64_t ips_clcoalesced; /* clusters coalesced during clone */ + uint64_t ips_clcopied; /* clusters copied during clone */ + uint64_t ips_mbinserted; /* mbufs inserted during makespace */ /* * Temporary statistics for performance analysis. */ /* See where ESP/AH/IPCOMP header land in mbuf on input */ - u_int32_t ips_input_front; - u_int32_t ips_input_middle; - u_int32_t ips_input_end; + uint64_t ips_input_front; + uint64_t ips_input_middle; + uint64_t ips_input_end; }; /* diff --git a/sys/netipsec/keysock.h b/sys/netipsec/keysock.h index 6039dbb..9479bb1 100644 --- a/sys/netipsec/keysock.h +++ b/sys/netipsec/keysock.h @@ -36,26 +36,26 @@ /* statistics for pfkey socket */ struct pfkeystat { /* kernel -> userland */ - u_quad_t out_total; /* # of total calls */ - u_quad_t out_bytes; /* total bytecount */ - u_quad_t out_msgtype[256]; /* message type histogram */ - u_quad_t out_invlen; /* invalid length field */ - u_quad_t out_invver; /* invalid version field */ - u_quad_t out_invmsgtype; /* invalid message type field */ - u_quad_t out_tooshort; /* msg too short */ - u_quad_t out_nomem; /* memory allocation failure */ - u_quad_t out_dupext; /* duplicate extension */ - u_quad_t out_invexttype; /* invalid extension type */ - u_quad_t out_invsatype; /* invalid sa type */ - u_quad_t out_invaddr; /* invalid address extension */ + uint64_t out_total; /* # of total calls */ + uint64_t out_bytes; /* total bytecount */ + uint64_t out_msgtype[256]; /* message type histogram */ + uint64_t out_invlen; /* invalid length field */ + uint64_t out_invver; /* invalid version field */ + uint64_t out_invmsgtype; /* invalid message type field */ + uint64_t out_tooshort; /* msg too short */ + uint64_t out_nomem; /* memory allocation failure */ + uint64_t out_dupext; /* duplicate extension */ + uint64_t out_invexttype; /* invalid extension type */ + uint64_t out_invsatype; /* invalid sa type */ + uint64_t out_invaddr; /* invalid address extension */ /* userland -> kernel */ - u_quad_t in_total; /* # of total calls */ - u_quad_t in_bytes; /* total bytecount */ - u_quad_t in_msgtype[256]; /* message type histogram */ - u_quad_t in_msgtarget[3]; /* one/all/registered */ - u_quad_t in_nomem; /* memory allocation failure */ + uint64_t in_total; /* # of total calls */ + uint64_t in_bytes; /* total bytecount */ + uint64_t in_msgtype[256]; /* message type histogram */ + uint64_t in_msgtarget[3]; /* one/all/registered */ + uint64_t in_nomem; /* memory allocation failure */ /* others */ - u_quad_t sockerr; /* # of socket related errors */ + uint64_t sockerr; /* # of socket related errors */ }; #define KEY_SENDUP_ONE 0 diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 8e8814a..ef248e0 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -636,8 +636,6 @@ static void vnet_ipcomp_attach(const void *unused __unused) { - /* XXX */ - V_ipcompstat.version = IPCOMPSTAT_VERSION; } VNET_SYSINIT(vnet_ipcomp_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, -- cgit v1.1