Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Redo the statistics through an indirection array and put the...
details: https://anonhg.NetBSD.org/src/rev/cae91d384598
branches: trunk
changeset: 823135:cae91d384598
user: christos <christos%NetBSD.org@localhost>
date: Thu Apr 13 16:38:31 2017 +0000
description:
Redo the statistics through an indirection array and put the definitions
of the arrays in pfkeyv2.h so that they are next to the index definitions.
Remove "bogus" comment about compressing the statistics which is now fixed.
diffstat:
sys/net/pfkeyv2.h | 99 +++++++++++++++++++++++++++++++++++++++++++-
sys/netipsec/ah_var.h | 17 ++----
sys/netipsec/esp_var.h | 17 ++----
sys/netipsec/ipcomp_var.h | 17 ++----
sys/netipsec/xform_ah.c | 10 ++-
sys/netipsec/xform_esp.c | 14 +++--
sys/netipsec/xform_ipcomp.c | 12 ++--
usr.bin/netstat/fast_ipsec.c | 66 +++++++----------------------
8 files changed, 152 insertions(+), 100 deletions(-)
diffs (truncated from 528 to 300 lines):
diff -r 33f2a58991b2 -r cae91d384598 sys/net/pfkeyv2.h
--- a/sys/net/pfkeyv2.h Thu Apr 13 16:32:00 2017 +0000
+++ b/sys/net/pfkeyv2.h Thu Apr 13 16:38:31 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkeyv2.h,v 1.30 2011/06/09 19:54:18 drochner Exp $ */
+/* $NetBSD: pfkeyv2.h,v 1.31 2017/04/13 16:38:31 christos Exp $ */
/* $KAME: pfkeyv2.h,v 1.36 2003/07/25 09:33:37 itojun Exp $ */
/*
@@ -341,6 +341,16 @@
#define SADB_SAFLAGS_PFS 1
+/*
+ * Statistics variable definitions. For ESP/AH/IPCOMP we define
+ * indirection arrays of 256 elements indexed by algorithm (which
+ * is uint8_t. All unknown/unhandled entries are summed in the 0th
+ * element. We provide three variables per protocol:
+ * 1. *_STATS_INIT: a list of initializers
+ * 2. *_STATS_NUM: number of algorithms/statistics including (0/unknown)
+ * 3. *_STATS_STR: a list of strings to symbolically print the statistics
+ */
+
/* RFC2367 numbers - meets RFC2407 */
#define SADB_AALG_NONE 0
#define SADB_AALG_MD5HMAC 2
@@ -361,6 +371,43 @@
#define SADB_X_AALG_NULL 251 /* null authentication */
#define SADB_X_AALG_TCP_MD5 252 /* Keyed TCP-MD5 (RFC2385) */
+
+#define SADB_AALG_STATS_INIT \
+ [SADB_AALG_NONE] = 1, \
+ [SADB_AALG_MD5HMAC] = 2, \
+ [SADB_AALG_SHA1HMAC] = 3, \
+ [SADB_X_AALG_SHA2_256] = 4, \
+ [SADB_X_AALG_SHA2_384] = 5, \
+ [SADB_X_AALG_SHA2_512] = 6, \
+ [SADB_X_AALG_RIPEMD160HMAC] = 7, \
+ [SADB_X_AALG_AES_XCBC_MAC] = 8, \
+ [SADB_X_AALG_AES128GMAC] = 9, \
+ [SADB_X_AALG_AES192GMAC] = 10, \
+ [SADB_X_AALG_AES256GMAC] = 11, \
+ [SADB_X_AALG_MD5] = 12, \
+ [SADB_X_AALG_SHA] = 13, \
+ [SADB_X_AALG_NULL] = 14, \
+ [SADB_X_AALG_TCP_MD5] = 15,
+
+#define SADB_AALG_STATS_NUM 16
+#define SADB_AALG_STATS_STR \
+ "*unknown*", \
+ "none", \
+ "hmac-md5", \
+ "hmac-sha1", \
+ "hmac-sha2-256", \
+ "hmac-sha2-384", \
+ "hmac-sha2-512", \
+ "hmac-ripe-md160", \
+ "aes-xbc-mac", \
+ "aes-128-mac", \
+ "aes-192-mac", \
+ "aes-256-mac", \
+ "md5", \
+ "sha", \
+ "null", \
+ "tcp-md5",
+
/* RFC2367 numbers - meets RFC2407 */
#define SADB_EALG_NONE 0
#define SADB_EALG_DESCBC 2
@@ -381,6 +428,40 @@
/* private allocations should use 249-255 (RFC2407) */
#define SADB_X_EALG_SKIPJACK 250
+#define SADB_EALG_STATS_INIT \
+ [SADB_EALG_NONE] = 1, \
+ [SADB_EALG_DESCBC] = 2, \
+ [SADB_EALG_3DESCBC] = 3, \
+ [SADB_EALG_NULL] = 4, \
+ [SADB_X_EALG_CAST128CBC] = 5, \
+ [SADB_X_EALG_BLOWFISHCBC] = 6, \
+ [SADB_X_EALG_RIJNDAELCBC] = 7, \
+ [SADB_X_EALG_AESCTR] = 8, \
+ [SADB_X_EALG_AESGCM8] = 9, \
+ [SADB_X_EALG_AESGCM12] = 10, \
+ [SADB_X_EALG_AESGCM16] = 11, \
+ [SADB_X_EALG_CAMELLIACBC] = 12, \
+ [SADB_X_EALG_AESGMAC] = 13, \
+ [SADB_X_EALG_SKIPJACK] = 14,
+
+#define SADB_EALG_STATS_NUM 15
+#define SADB_EALG_STATS_STR \
+ "*unknown*", \
+ "none", \
+ "des-cbc", \
+ "3des-cbc", \
+ "null", \
+ "cast128-cbc", \
+ "blowfish-cbc", \
+ "aes-cbc", \
+ "aes-ctr", \
+ "aes-gcm-8", \
+ "aes-gcm-12", \
+ "aes-gcm-16", \
+ "camelia-cbc", \
+ "aes-gmac", \
+ "skipjack",
+
/* private allocations - based on RFC2407/IANA assignment */
#define SADB_X_CALG_NONE 0
#define SADB_X_CALG_OUI 1
@@ -388,6 +469,22 @@
#define SADB_X_CALG_LZS 3
#define SADB_X_CALG_MAX 4
+#define SADB_CALG_STATS_INIT \
+ [SADB_X_CALG_NONE] = 1, \
+ [SADB_X_CALG_OUI] = 2, \
+ [SADB_X_CALG_DEFLATE] = 3, \
+ [SADB_X_CALG_LZS] = 4,
+
+#define SADB_CALG_STATS_NUM 5
+
+#define SADB_CALG_STATS_STR \
+ "*unknown*", \
+ "none", \
+ "oui", \
+ "deflate", \
+ "lzs",
+
+
#define SADB_IDENTTYPE_RESERVED 0
#define SADB_IDENTTYPE_PREFIX 1
#define SADB_IDENTTYPE_FQDN 2
diff -r 33f2a58991b2 -r cae91d384598 sys/netipsec/ah_var.h
--- a/sys/netipsec/ah_var.h Thu Apr 13 16:32:00 2017 +0000
+++ b/sys/netipsec/ah_var.h Thu Apr 13 16:38:31 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ah_var.h,v 1.4 2008/04/23 06:09:05 thorpej Exp $ */
+/* $NetBSD: ah_var.h,v 1.5 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/ah_var.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $OpenBSD: ip_ah.h,v 1.29 2002/06/09 16:26:10 itojun Exp $ */
/*
@@ -40,14 +40,6 @@
#ifndef _NETIPSEC_AH_VAR_H_
#define _NETIPSEC_AH_VAR_H_
-/*
- * These define the algorithm indices into the histogram. They're
- * presently based on the PF_KEY v2 protocol values which is bogus;
- * they should be decoupled from the protocol at which time we can
- * pack them and reduce the size of the array to a minimum.
- */
-#define AH_ALG_MAX 16
-
#define AH_STAT_HDROPS 0 /* packet shorter than header shows */
#define AH_STAT_NOPF 1 /* protocol family not supported */
#define AH_STAT_NOTDB 2
@@ -68,11 +60,14 @@
#define AH_STAT_CRYPTO 17 /* crypto processing failure */
#define AH_STAT_TUNNEL 18 /* tunnel sanity check failure */
#define AH_STAT_HIST 19 /* per-algorithm op count */
- /* space for AH_ALG_MAX (16) counters */
-#define AH_NSTATS 35
+/* space for SADB_AALG_STATS_NUM counters */
+#define AH_ALG_MAX SADB_AALG_STATS_NUM
+#define AH_ALG_STR SADB_AALG_STATS_STR
+#define AH_NSTATS (AH_STAT_HIST + AH_ALG_MAX)
#ifdef _KERNEL
+extern const uint8_t ah_stats[256];
extern int ah_enable;
extern int ah_cleartos;
#endif /* _KERNEL */
diff -r 33f2a58991b2 -r cae91d384598 sys/netipsec/esp_var.h
--- a/sys/netipsec/esp_var.h Thu Apr 13 16:32:00 2017 +0000
+++ b/sys/netipsec/esp_var.h Thu Apr 13 16:38:31 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: esp_var.h,v 1.4 2008/04/23 06:09:05 thorpej Exp $ */
+/* $NetBSD: esp_var.h,v 1.5 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/esp_var.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $OpenBSD: ip_esp.h,v 1.37 2002/06/09 16:26:10 itojun Exp $ */
/*
@@ -40,14 +40,6 @@
#ifndef _NETIPSEC_ESP_VAR_H_
#define _NETIPSEC_ESP_VAR_H_
-/*
- * These define the algorithm indices into the histogram. They're
- * presently based on the PF_KEY v2 protocol values which is bogus;
- * they should be decoupled from the protocol at which time we can
- * pack them and reduce the size of the array to a reasonable value.
- */
-#define ESP_ALG_MAX 256 /* NB: could be < but skipjack is 249 */
-
#define ESP_STAT_HDROPS 0 /* packet shorter than header shows */
#define ESP_STAT_NOPF 1 /* protocol family not supported */
#define ESP_STAT_NOTDB 2
@@ -69,11 +61,14 @@
#define ESP_STAT_CRYPTO 18 /* crypto processing failure */
#define ESP_STAT_TUNNEL 19 /* tunnel sanity check failure */
#define ESP_STAT_HIST 20 /* per-algorithm op count */
- /* space for ESP_ALG_MAX (256) counters */
-#define ESP_NSTATS 276
+/* space for SADB_EALG_STATS_NUM counters */
+#define ESP_ALG_MAX SADB_EALG_STATS_NUM
+#define ESP_ALG_STR SADB_EALG_STATS_STR
+#define ESP_NSTATS (ESP_STAT_HIST + ESP_ALG_MAX)
#ifdef _KERNEL
+extern const uint8_t esp_stats[256];
extern int esp_enable;
#endif /* _KERNEL */
#endif /* !_NETIPSEC_ESP_VAR_H_ */
diff -r 33f2a58991b2 -r cae91d384598 sys/netipsec/ipcomp_var.h
--- a/sys/netipsec/ipcomp_var.h Thu Apr 13 16:32:00 2017 +0000
+++ b/sys/netipsec/ipcomp_var.h Thu Apr 13 16:38:31 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipcomp_var.h,v 1.6 2008/04/23 06:09:05 thorpej Exp $ */
+/* $NetBSD: ipcomp_var.h,v 1.7 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/ipcomp_var.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $KAME: ipcomp.h,v 1.8 2000/09/26 07:55:14 itojun Exp $ */
@@ -34,14 +34,6 @@
#ifndef _NETIPSEC_IPCOMP_VAR_H_
#define _NETIPSEC_IPCOMP_VAR_H_
-/*
- * These define the algorithm indices into the histogram. They're
- * presently based on the PF_KEY v2 protocol values which is bogus;
- * they should be decoupled from the protocol at which time we can
- * pack them and reduce the size of the array to a minimum.
- */
-#define IPCOMP_ALG_MAX 8
-
#define IPCOMP_STAT_HDROPS 0 /* packet shorter than header shows */
#define IPCOMP_STAT_NOPF 1 /* protocol family not supported */
#define IPCOMP_STAT_NOTDB 2
@@ -60,11 +52,14 @@
#define IPCOMP_STAT_PDROPS 15 /* packet blocked due to policy */
#define IPCOMP_STAT_CRYPTO 16 /* crypto processing failure */
#define IPCOMP_STAT_HIST 17 /* per-algorithm op count */
- /* space for IPCOMP_ALG_MAX (8) counters */
-#define IPCOMP_NSTATS 25
+/* space for SADB_CALG_STATS_NUM counters */
+#define IPCOMP_ALG_MAX SADB_CALG_STATS_NUM
+#define IPCOMP_ALG_STR SADB_CALG_STATS_STR
+#define IPCOMP_NSTATS (IPCOMP_STAT_HIST + IPCOMP_ALG_MAX)
#ifdef _KERNEL
+extern const uint8_t ipcomp_stats[256];
extern int ipcomp_enable;
#endif /* _KERNEL */
#endif /* !_NETIPSEC_IPCOMP_VAR_H_ */
diff -r 33f2a58991b2 -r cae91d384598 sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c Thu Apr 13 16:32:00 2017 +0000
+++ b/sys/netipsec/xform_ah.c Thu Apr 13 16:38:31 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.46 2017/04/13 01:32:57 ozaki-r Exp $ */
+/* $NetBSD: xform_ah.c,v 1.47 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.46 2017/04/13 01:32:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.47 2017/04/13 16:38:32 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -124,6 +124,8 @@
static int ah_input_cb(struct cryptop*);
static int ah_output_cb(struct cryptop*);
+const uint8_t ah_stats[256] = { SADB_AALG_STATS_INIT };
+
/*
* NB: this is public for use by the PF_KEY support.
*/
@@ -875,7 +877,7 @@
error = crp->crp_etype;
goto bad;
} else {
- AH_STATINC(AH_STAT_HIST + sav->alg_auth);
+ AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
crypto_freereq(crp); /* No longer needed. */
crp = NULL;
}
@@ -1283,7 +1285,7 @@
error = EINVAL;
goto bad;
}
- AH_STATINC(AH_STAT_HIST + sav->alg_auth);
+ AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
Home |
Main Index |
Thread Index |
Old Index