2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1983, 1988, 1993
5 * Regents of the University of California. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/param.h>
37 #include <sys/protosw.h>
38 #include <sys/socket.h>
39 #include <sys/socketvar.h>
40 #include <sys/sysctl.h>
42 #include <netinet/in.h>
45 #include <netgraph/ng_socket.h>
69 static struct protox {
70 int pr_index; /* index into nlist of cb head */
71 int pr_sindex; /* index into nlist of stat block */
72 u_char pr_wanted; /* 1 if wanted, 0 otherwise */
73 void (*pr_cblocks)(u_long, const char *, int, int);
74 /* control blocks printing routine */
75 void (*pr_stats)(u_long, const char *, int, int);
76 /* statistics printing routine */
77 void (*pr_istats)(char *); /* per/if statistics printing routine */
78 const char *pr_name; /* well-known name */
79 int pr_usesysctl; /* non-zero if we use sysctl, not kvm */
82 { -1 , N_TCPSTAT, 1, protopr,
83 tcp_stats, NULL, "tcp", 1, IPPROTO_TCP },
84 { -1 , N_UDPSTAT, 1, protopr,
85 udp_stats, NULL, "udp", 1, IPPROTO_UDP },
87 { -1, N_SCTPSTAT, 1, sctp_protopr,
88 sctp_stats, NULL, "sctp", 1, IPPROTO_SCTP },
92 NULL, NULL, "sdp", 1, IPPROTO_TCP },
94 { -1 , -1, 1, protopr,
95 divert_stats, NULL, "divert", 1, 0 },
96 { -1 , N_IPSTAT, 1, protopr,
97 ip_stats, NULL, "ip", 1, IPPROTO_RAW },
98 { -1 , N_ICMPSTAT, 1, protopr,
99 icmp_stats, NULL, "icmp", 1, IPPROTO_ICMP },
100 { -1 , N_IGMPSTAT, 1, protopr,
101 igmp_stats, NULL, "igmp", 1, IPPROTO_IGMP },
103 { -1, N_IPSEC4STAT, 1, NULL, /* keep as compat */
104 ipsec_stats, NULL, "ipsec", 1, 0},
105 { -1, N_AHSTAT, 1, NULL,
106 ah_stats, NULL, "ah", 1, 0},
107 { -1, N_ESPSTAT, 1, NULL,
108 esp_stats, NULL, "esp", 1, 0},
109 { -1, N_IPCOMPSTAT, 1, NULL,
110 ipcomp_stats, NULL, "ipcomp", 1, 0},
112 { -1 , N_PIMSTAT, 1, protopr,
113 pim_stats, NULL, "pim", 1, IPPROTO_PIM },
114 { -1, N_CARPSTATS, 1, NULL,
115 carp_stats, NULL, "carp", 1, 0 },
117 { -1, N_PFSYNCSTATS, 1, NULL,
118 pfsync_stats, NULL, "pfsync", 1, 0 },
119 { -1, N_PFLOWSTATS, 1, NULL,
120 pflow_stats, NULL, "pflow", 1, 0 },
122 { -1, N_ARPSTAT, 1, NULL,
123 arp_stats, NULL, "arp", 1, 0 },
125 NULL, NULL, NULL, 0, 0 }
129 static struct protox ip6protox[] = {
130 { -1 , N_TCPSTAT, 1, protopr,
131 tcp_stats, NULL, "tcp", 1, IPPROTO_TCP },
132 { -1 , N_UDPSTAT, 1, protopr,
133 udp_stats, NULL, "udp", 1, IPPROTO_UDP },
134 { -1 , N_IP6STAT, 1, protopr,
135 ip6_stats, ip6_ifstats, "ip6", 1, IPPROTO_RAW },
136 { -1 , N_ICMP6STAT, 1, protopr,
137 icmp6_stats, icmp6_ifstats, "icmp6", 1, IPPROTO_ICMPV6 },
139 { -1, -1, 1, protopr,
140 NULL, NULL, "sdp", 1, IPPROTO_TCP },
143 { -1, N_IPSEC6STAT, 1, NULL,
144 ipsec_stats, NULL, "ipsec6", 1, 0 },
147 { -1, N_PIM6STAT, 1, NULL,
148 pim6_stats, NULL, "pim6", 1, 0 },
150 { -1, N_RIP6STAT, 1, NULL,
151 rip6_stats, NULL, "rip6", 1, 0 },
153 NULL, NULL, NULL, 0, 0 }
158 static struct protox pfkeyprotox[] = {
159 { -1, N_PFKEYSTAT, 1, NULL,
160 pfkey_stats, NULL, "pfkey", 0, 0 },
162 NULL, NULL, NULL, 0, 0 }
167 static struct protox netgraphprotox[] = {
168 { N_NGSOCKLIST, -1, 1, netgraphprotopr,
169 NULL, NULL, "ctrl", 0, 0 },
170 { N_NGSOCKLIST, -1, 1, netgraphprotopr,
171 NULL, NULL, "data", 0, 0 },
173 NULL, NULL, NULL, 0, 0 }
177 static struct protox *protoprotox[] = {
187 static void printproto(struct protox *, const char *, bool *);
188 static void usage(void) __dead2;
189 static struct protox *name2protox(const char *);
190 static struct protox *knownname(const char *);
192 static int kresolve_list(struct nlist *_nl);
195 static char *nlistf = NULL, *memf = NULL;
197 int Aflag; /* show addresses of protocol control block */
198 int aflag; /* show all sockets (including servers) */
199 static int Bflag; /* show information about bpf consumers */
200 int bflag; /* show i/f total bytes in/out */
201 int cflag; /* show TCP congestion control stack */
202 int Cflag; /* show congestion control algo and vars */
203 int dflag; /* show i/f dropped packets */
204 int gflag; /* show group (multicast) routing or stats */
205 int hflag; /* show counters in human readable format */
206 int iflag; /* show interfaces */
207 int Lflag; /* show size of listen queues */
208 int mflag; /* show memory stats */
209 int noutputs = 0; /* how much outputs before we exit */
210 int numeric_addr; /* show addresses numerically */
211 int numeric_port; /* show ports numerically */
212 int Oflag; /* show nhgrp objects*/
213 int oflag; /* show nexthop objects*/
214 int Pflag; /* show TCP log ID */
215 static int pflag; /* show given protocol */
216 static int Qflag; /* show netisr information */
217 int rflag; /* show routing tables (or routing stats) */
218 int Rflag; /* show flow / RSS statistics */
219 int sflag; /* show protocol statistics */
220 int Wflag; /* wide display */
221 int Tflag; /* TCP Information */
222 int xflag; /* extra information, includes all socket buffer info */
223 int zflag; /* zero stats */
225 int interval; /* repeat interval for i/f stats */
227 char *interface; /* desired i/f for stats, or NULL for all i/fs */
228 int unit; /* unit number for above */
230 char *jail_name; /* desired jail to operate in */
233 static int af; /* address family */
234 int live; /* true if we are examining a live system */
237 main(int argc, char *argv[])
239 struct protox *tp = NULL; /* for printing cblocks & stats */
250 argc = xo_parse_args(argc, argv);
254 while ((ch = getopt(argc, argv, "46AaBbCcdF:f:ghI:ij:LlM:mN:nOoPp:Qq:RrSTsuWw:xz"))
261 errx(1, "IPv4 support is not compiled in");
268 errx(1, "IPv6 support is not compiled in");
293 fib = strtol(optarg, &endptr, 0);
294 if (*endptr != '\0' ||
295 (fib == 0 && (errno == EINVAL || errno == ERANGE)))
296 xo_errx(1, "%s: invalid fib", optarg);
299 if (strcmp(optarg, "inet") == 0)
302 else if (strcmp(optarg, "inet6") == 0)
306 else if (strcmp(optarg, "pfkey") == 0)
309 else if (strcmp(optarg, "unix") == 0 ||
310 strcmp(optarg, "local") == 0)
313 else if (strcmp(optarg, "ng") == 0
314 || strcmp(optarg, "netgraph") == 0)
317 else if (strcmp(optarg, "link") == 0)
320 xo_errx(1, "%s: unknown address family",
334 for (cp = interface = optarg; isalpha(*cp); cp++)
348 errx(1, "Jail support is not compiled in");
364 numeric_addr = numeric_port = 1;
376 if ((tp = name2protox(optarg)) == NULL) {
377 xo_errx(1, "%s: unknown or uninstrumented "
386 noutputs = atoi(optarg);
410 interval = atoi(optarg);
429 #define BACKWARD_COMPATIBILITY
430 #ifdef BACKWARD_COMPATIBILITY
432 if (isdigit(**argv)) {
433 interval = atoi(*argv);
448 if (jail_name != NULL) {
449 jid = jail_getid(jail_name);
451 errx(1, "Jail not found");
452 if (jail_attach(jid) != 0)
453 errx(1, "Cannot attach to jail");
458 * Discard setgid privileges if not the running kernel so that bad
459 * guys can't print interesting stuff from kernel memory.
461 live = (nlistf == NULL && memf == NULL);
463 if (setgid(getgid()) != 0)
464 xo_err(-1, "setgid");
465 /* Load all necessary kvm symbols */
470 xo_errx(1, "-x and -T are incompatible, pick one.");
475 bpf_stats(interface);
481 if (kread(0, NULL, 0) == 0)
482 mbpr(kvmd, nl[N_SFSTAT].n_value);
490 if (kread(0, NULL, 0) == 0)
499 * Keep file descriptors open to avoid overhead
500 * of open/close on each call to get* routines.
506 * This does not make sense any more with DNS being default over
507 * the files. Doing a setXXXXent(1) causes a tcp connection to be
508 * used for the queries, which is slower.
511 if (iflag && !sflag) {
512 xo_open_container("statistics");
514 xo_close_container("statistics");
519 xo_open_container("statistics");
527 xo_close_container("statistics");
532 xo_open_container("statistics");
533 nhops_print(fib, af);
534 xo_close_container("statistics");
539 xo_open_container("statistics");
540 nhgrp_print(fib, af);
541 xo_close_container("statistics");
549 xo_open_container("statistics");
551 if (af == AF_INET || af == AF_UNSPEC)
554 if (af == AF_INET6 || af == AF_UNSPEC)
558 if (af == AF_INET || af == AF_UNSPEC)
561 if (af == AF_INET6 || af == AF_UNSPEC)
565 xo_close_container("statistics");
571 xo_open_container("statistics");
572 printproto(tp, tp->pr_name, &first);
574 xo_close_list("socket");
575 xo_close_container("statistics");
580 xo_open_container("statistics");
581 if (af == AF_INET || af == AF_UNSPEC)
582 for (tp = protox; tp->pr_name; tp++)
583 printproto(tp, tp->pr_name, &first);
585 if (af == AF_INET6 || af == AF_UNSPEC)
586 for (tp = ip6protox; tp->pr_name; tp++)
587 printproto(tp, tp->pr_name, &first);
590 if (af == PF_KEY || af == AF_UNSPEC)
591 for (tp = pfkeyprotox; tp->pr_name; tp++)
592 printproto(tp, tp->pr_name, &first);
595 if (af == AF_NETGRAPH || af == AF_UNSPEC)
596 for (tp = netgraphprotox; tp->pr_name; tp++)
597 printproto(tp, tp->pr_name, &first);
598 #endif /* NETGRAPH */
599 if ((af == AF_UNIX || af == AF_UNSPEC) && !sflag)
600 unixpr(nl[N_UNP_COUNT].n_value, nl[N_UNP_GENCNT].n_value,
601 nl[N_UNP_DHEAD].n_value, nl[N_UNP_SHEAD].n_value,
602 nl[N_UNP_SPHEAD].n_value, &first);
605 xo_close_list("socket");
606 xo_close_container("statistics");
612 fetch_stats_internal(const char *sysctlname, u_long off, void *stats,
613 size_t len, kreadfn_t kreadfn, int zero)
618 memset(stats, 0, len);
620 error = sysctlbyname(sysctlname, NULL, NULL, stats,
623 error = sysctlbyname(sysctlname, stats, &len, NULL, 0);
624 if (error == -1 && errno != ENOENT)
625 xo_warn("sysctl %s", sysctlname);
629 error = kreadfn(off, stats, len);
635 fetch_stats(const char *sysctlname, u_long off, void *stats,
636 size_t len, kreadfn_t kreadfn)
639 return (fetch_stats_internal(sysctlname, off, stats, len, kreadfn,
644 fetch_stats_ro(const char *sysctlname, u_long off, void *stats,
645 size_t len, kreadfn_t kreadfn)
648 return (fetch_stats_internal(sysctlname, off, stats, len, kreadfn, 0));
652 * Print out protocol statistics or control blocks (per sflag).
653 * If the interface was not specifically requested, and the symbol
654 * is not in the namelist, ignore this one.
657 printproto(struct protox *tp, const char *name, bool *first)
659 void (*pr)(u_long, const char *, int, int);
661 bool doingdblocks = false;
666 intpr(tp->pr_istats, af);
668 xo_message("%s: no per-interface stats routine",
675 xo_message("%s: no stats routine",
679 if (tp->pr_usesysctl && live)
681 else if (tp->pr_sindex < 0) {
683 xo_message("%s: stats routine doesn't "
684 "work on cores", tp->pr_name);
687 off = nl[tp->pr_sindex].n_value;
694 xo_message("%s: no PCB routine", tp->pr_name);
697 if (tp->pr_usesysctl && live)
699 else if (tp->pr_index < 0) {
701 xo_message("%s: PCB routine doesn't work on "
702 "cores", tp->pr_name);
705 off = nl[tp->pr_index].n_value;
707 if (pr != NULL && (off || (live && tp->pr_usesysctl) ||
709 if (doingdblocks && *first) {
710 xo_open_list("socket");
714 (*pr)(off, name, af, tp->pr_protocol);
721 char errbuf[_POSIX2_LINE_MAX];
726 kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf);
727 if (setgid(getgid()) != 0)
728 xo_err(-1, "setgid");
731 xo_warnx("kvm not available: %s", errbuf);
739 * Resolve symbol list, return 0 on success.
742 kresolve_list(struct nlist *_nl)
745 if ((kvmd == NULL) && (kvmd_init() != 0))
748 if (_nl[0].n_type != 0)
751 if (kvm_nlist(kvmd, _nl) < 0) {
753 xo_errx(1, "%s: kvm_nlist: %s", nlistf,
756 xo_errx(1, "kvm_nlist: %s", kvm_geterr(kvmd));
763 * Wrapper of kvm_dpcpu_setcpu().
766 kset_dpcpu(u_int cpuid)
769 if ((kvmd == NULL) && (kvmd_init() != 0))
770 xo_errx(-1, "%s: kvm is not available", __func__);
772 if (kvm_dpcpu_setcpu(kvmd, cpuid) < 0)
773 xo_errx(-1, "%s: kvm_dpcpu_setcpu(%u): %s", __func__,
774 cpuid, kvm_geterr(kvmd));
779 * Read kernel memory, return 0 on success.
782 kread(u_long addr, void *buf, size_t size)
790 if (kvm_read(kvmd, addr, buf, size) != (ssize_t)size) {
791 xo_warnx("%s", kvm_geterr(kvmd));
798 * Read single counter(9).
801 kread_counter(u_long addr)
807 return (kvm_counter_u64_fetch(kvmd, addr));
811 * Read an array of N counters in kernel memory into array of N uint64_t's.
814 kread_counters(u_long addr, void *buf, size_t size)
823 if (size % sizeof(uint64_t) != 0) {
824 xo_warnx("kread_counters: invalid counter set size");
828 n = size / sizeof(uint64_t);
829 if ((counters = malloc(n * sizeof(u_long))) == NULL)
830 xo_err(-1, "malloc");
831 if (kread(addr, counters, n * sizeof(u_long)) < 0) {
837 for (i = 0; i < n; i++)
838 c[i] = kvm_counter_u64_fetch(kvmd, counters[i]);
847 return (n != 1 ? "s" : "");
851 plurales(uintmax_t n)
853 return (n != 1 ? "es" : "");
857 pluralies(uintmax_t n)
859 return (n != 1 ? "ies" : "y");
863 * Find the protox for the given "well-known" name.
865 static struct protox *
866 knownname(const char *name)
868 struct protox **tpp, *tp;
870 for (tpp = protoprotox; *tpp; tpp++)
871 for (tp = *tpp; tp->pr_name; tp++)
872 if (strcmp(tp->pr_name, name) == 0)
878 * Find the protox corresponding to name.
880 static struct protox *
881 name2protox(const char *name)
884 char **alias; /* alias from p->aliases */
888 * Try to find the name in the list of "well-known" names. If that
889 * fails, check if name is an alias for an Internet protocol.
891 if ((tp = knownname(name)) != NULL)
894 setprotoent(1); /* make protocol lookup cheaper */
895 while ((p = getprotoent()) != NULL) {
896 /* assert: name not same as p->name */
897 for (alias = p->p_aliases; *alias; alias++)
898 if (strcmp(name, *alias) == 0) {
900 return (knownname(p->p_name));
910 (void)xo_error("%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n",
911 "usage: netstat [-j jail] [-46AaCcLnRSTWx] [-f protocol_family | -p protocol]\n"
912 " [-M core] [-N system]",
913 " netstat [-j jail] -i | -I interface [-46abdhnW] [-f address_family]\n"
914 " [-M core] [-N system]",
915 " netstat [-j jail] -w wait [-I interface] [-46d] [-M core] [-N system]\n"
917 " netstat [-j jail] -s [-46sz] [-f protocol_family | -p protocol]\n"
918 " [-M core] [-N system]",
919 " netstat [-j jail] -i | -I interface -s [-46s]\n"
920 " [-f protocol_family | -p protocol] [-M core] [-N system]",
921 " netstat [-j jail] -m [-M core] [-N system]",
922 " netstat [-j jail] -B [-z] [-I interface]",
923 " netstat [-j jail] -r [-46AnW] [-F fibnum] [-f address_family]\n"
924 " [-M core] [-N system]",
925 " netstat [-j jail] -rs [-s] [-M core] [-N system]",
926 " netstat [-j jail] -g [-46W] [-f address_family] [-M core] [-N system]",
927 " netstat [-j jail] -gs [-46s] [-f address_family] [-M core] [-N system]",
928 " netstat [-j jail] -Q");