2 * Copyright (c) 1983, 1988, 1993
3 * Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 char const copyright[] =
32 "@(#) Copyright (c) 1983, 1988, 1993\n\
33 Regents of the University of California. All rights reserved.\n";
38 static char sccsid[] = "@(#)main.c 8.4 (Berkeley) 3/1/94";
42 #include <sys/cdefs.h>
43 __FBSDID("$FreeBSD$");
45 #include <sys/param.h>
47 #include <sys/protosw.h>
48 #include <sys/socket.h>
49 #include <sys/socketvar.h>
50 #include <sys/sysctl.h>
52 #include <netinet/in.h>
55 #include <netgraph/ng_socket.h>
73 static struct nlist nl[] = {
75 { .n_name = "_ifnet" }, /* XXXGL: can be deleted */
77 { .n_name = "_rtstat" },
79 { .n_name = "_rt_tables"},
81 { .n_name = "_mrtstat" },
82 #define N_MFCHASHTBL 4
83 { .n_name = "_mfchashtbl" },
85 { .n_name = "_viftable" },
87 { .n_name = "_ipxpcb_list"},
89 { .n_name = "_ipxstat"},
91 { .n_name = "_spx_istat"},
93 { .n_name = "_ddpstat"},
95 { .n_name = "_ddpcb"},
97 { .n_name = "_ngsocklist"},
99 { .n_name = "_ip6stat" },
100 #define N_ICMP6STAT 13
101 { .n_name = "_icmp6stat" },
102 #define N_IPSECSTAT 14
103 { .n_name = "_ipsec4stat" },
104 #define N_IPSEC6STAT 15
105 { .n_name = "_ipsec6stat" },
106 #define N_PIM6STAT 16
107 { .n_name = "_pim6stat" },
108 #define N_MRT6STAT 17
109 { .n_name = "_mrt6stat" },
110 #define N_MF6CTABLE 18
111 { .n_name = "_mf6ctable" },
112 #define N_MIF6TABLE 19
113 { .n_name = "_mif6table" },
114 #define N_PFKEYSTAT 20
115 { .n_name = "_pfkeystat" },
117 { .n_name = "_rttrash" },
118 #define N_CARPSTAT 22
119 { .n_name = "_carpstats" },
120 #define N_PFSYNCSTAT 23
121 { .n_name = "_pfsyncstats" },
123 { .n_name = "_ahstat" },
125 { .n_name = "_espstat" },
126 #define N_IPCOMPSTAT 26
127 { .n_name = "_ipcompstat" },
129 { .n_name = "_tcpstat" },
131 { .n_name = "_udpstat" },
133 { .n_name = "_ipstat" },
134 #define N_ICMPSTAT 30
135 { .n_name = "_icmpstat" },
136 #define N_IGMPSTAT 31
137 { .n_name = "_igmpstat" },
139 { .n_name = "_pimstat" },
141 { .n_name = "_tcbinfo" },
143 { .n_name = "_udbinfo" },
144 #define N_DIVCBINFO 35
145 { .n_name = "_divcbinfo" },
146 #define N_RIPCBINFO 36
147 { .n_name = "_ripcbinfo" },
148 #define N_UNP_COUNT 37
149 { .n_name = "_unp_count" },
150 #define N_UNP_GENCNT 38
151 { .n_name = "_unp_gencnt" },
152 #define N_UNP_DHEAD 39
153 { .n_name = "_unp_dhead" },
154 #define N_UNP_SHEAD 40
155 { .n_name = "_unp_shead" },
156 #define N_RIP6STAT 41
157 { .n_name = "_rip6stat" },
158 #define N_SCTPSTAT 42
159 { .n_name = "_sctpstat" },
160 #define N_MFCTABLESIZE 43
161 { .n_name = "_mfctablesize" },
163 { .n_name = "_arpstat" },
164 #define N_UNP_SPHEAD 45
165 { .n_name = "unp_sphead" },
167 { .n_name = "_sfstat"},
172 int pr_index; /* index into nlist of cb head */
173 int pr_sindex; /* index into nlist of stat block */
174 u_char pr_wanted; /* 1 if wanted, 0 otherwise */
175 void (*pr_cblocks)(u_long, const char *, int, int);
176 /* control blocks printing routine */
177 void (*pr_stats)(u_long, const char *, int, int);
178 /* statistics printing routine */
179 void (*pr_istats)(char *); /* per/if statistics printing routine */
180 const char *pr_name; /* well-known name */
181 int pr_usesysctl; /* non-zero if we use sysctl, not kvm */
184 { N_TCBINFO, N_TCPSTAT, 1, protopr,
185 tcp_stats, NULL, "tcp", 1, IPPROTO_TCP },
186 { N_UDBINFO, N_UDPSTAT, 1, protopr,
187 udp_stats, NULL, "udp", 1, IPPROTO_UDP },
189 { -1, N_SCTPSTAT, 1, sctp_protopr,
190 sctp_stats, NULL, "sctp", 1, IPPROTO_SCTP },
193 { -1, -1, 1, protopr,
194 NULL, NULL, "sdp", 1, IPPROTO_TCP },
196 { N_DIVCBINFO, -1, 1, protopr,
197 NULL, NULL, "divert", 1, IPPROTO_DIVERT },
198 { N_RIPCBINFO, N_IPSTAT, 1, protopr,
199 ip_stats, NULL, "ip", 1, IPPROTO_RAW },
200 { N_RIPCBINFO, N_ICMPSTAT, 1, protopr,
201 icmp_stats, NULL, "icmp", 1, IPPROTO_ICMP },
202 { N_RIPCBINFO, N_IGMPSTAT, 1, protopr,
203 igmp_stats, NULL, "igmp", 1, IPPROTO_IGMP },
205 { -1, N_IPSECSTAT, 1, NULL, /* keep as compat */
206 ipsec_stats, NULL, "ipsec", 1, 0},
207 { -1, N_AHSTAT, 1, NULL,
208 ah_stats, NULL, "ah", 1, 0},
209 { -1, N_ESPSTAT, 1, NULL,
210 esp_stats, NULL, "esp", 1, 0},
211 { -1, N_IPCOMPSTAT, 1, NULL,
212 ipcomp_stats, NULL, "ipcomp", 1, 0},
214 { N_RIPCBINFO, N_PIMSTAT, 1, protopr,
215 pim_stats, NULL, "pim", 1, IPPROTO_PIM },
216 { -1, N_CARPSTAT, 1, NULL,
217 carp_stats, NULL, "carp", 1, 0 },
219 { -1, N_PFSYNCSTAT, 1, NULL,
220 pfsync_stats, NULL, "pfsync", 1, 0 },
222 { -1, N_ARPSTAT, 1, NULL,
223 arp_stats, NULL, "arp", 1, 0 },
225 NULL, NULL, NULL, 0, 0 }
229 struct protox ip6protox[] = {
230 { N_TCBINFO, N_TCPSTAT, 1, protopr,
231 tcp_stats, NULL, "tcp", 1, IPPROTO_TCP },
232 { N_UDBINFO, N_UDPSTAT, 1, protopr,
233 udp_stats, NULL, "udp", 1, IPPROTO_UDP },
234 { N_RIPCBINFO, N_IP6STAT, 1, protopr,
235 ip6_stats, ip6_ifstats, "ip6", 1, IPPROTO_RAW },
236 { N_RIPCBINFO, N_ICMP6STAT, 1, protopr,
237 icmp6_stats, icmp6_ifstats, "icmp6", 1, IPPROTO_ICMPV6 },
239 { -1, -1, 1, protopr,
240 NULL, NULL, "sdp", 1, IPPROTO_TCP },
243 { -1, N_IPSEC6STAT, 1, NULL,
244 ipsec_stats, NULL, "ipsec6", 1, 0 },
247 { -1, N_PIM6STAT, 1, NULL,
248 pim6_stats, NULL, "pim6", 1, 0 },
250 { -1, N_RIP6STAT, 1, NULL,
251 rip6_stats, NULL, "rip6", 1, 0 },
253 NULL, NULL, NULL, 0, 0 }
258 struct protox pfkeyprotox[] = {
259 { -1, N_PFKEYSTAT, 1, NULL,
260 pfkey_stats, NULL, "pfkey", 0, 0 },
262 NULL, NULL, NULL, 0, 0 }
266 struct protox atalkprotox[] = {
267 { N_DDPCB, N_DDPSTAT, 1, atalkprotopr,
268 ddp_stats, NULL, "ddp", 0, 0 },
270 NULL, NULL, NULL, 0, 0 }
273 struct protox netgraphprotox[] = {
274 { N_NGSOCKS, -1, 1, netgraphprotopr,
275 NULL, NULL, "ctrl", 0, 0 },
276 { N_NGSOCKS, -1, 1, netgraphprotopr,
277 NULL, NULL, "data", 0, 0 },
279 NULL, NULL, NULL, 0, 0 }
283 struct protox ipxprotox[] = {
284 { N_IPX, N_IPXSTAT, 1, ipxprotopr,
285 ipx_stats, NULL, "ipx", 0, 0 },
286 { N_IPX, N_SPXSTAT, 1, ipxprotopr,
287 spx_stats, NULL, "spx", 0, 0 },
289 NULL, NULL, 0, 0, 0 }
293 struct protox *protoprotox[] = {
306 static void printproto(struct protox *, const char *);
307 static void usage(void);
308 static struct protox *name2protox(const char *);
309 static struct protox *knownname(const char *);
312 static char *nlistf = NULL, *memf = NULL;
314 int Aflag; /* show addresses of protocol control block */
315 int aflag; /* show all sockets (including servers) */
316 int Bflag; /* show information about bpf consumers */
317 int bflag; /* show i/f total bytes in/out */
318 int dflag; /* show i/f dropped packets */
319 int gflag; /* show group (multicast) routing or stats */
320 int hflag; /* show counters in human readable format */
321 int iflag; /* show interfaces */
322 int Lflag; /* show size of listen queues */
323 int mflag; /* show memory stats */
324 int noutputs = 0; /* how much outputs before we exit */
325 int numeric_addr; /* show addresses numerically */
326 int numeric_port; /* show ports numerically */
327 static int pflag; /* show given protocol */
328 int Qflag; /* show netisr information */
329 int rflag; /* show routing tables (or routing stats) */
330 int Rflag; /* show flow / RSS statistics */
331 int sflag; /* show protocol statistics */
332 int Wflag; /* wide display */
333 int Tflag; /* TCP Information */
334 int xflag; /* extra information, includes all socket buffer info */
335 int zflag; /* zero stats */
337 int interval; /* repeat interval for i/f stats */
339 char *interface; /* desired i/f for stats, or NULL for all i/fs */
340 int unit; /* unit number for above */
342 int af; /* address family */
343 int live; /* true if we are examining a live system */
346 main(int argc, char *argv[])
348 struct protox *tp = NULL; /* for printing cblocks & stats */
355 while ((ch = getopt(argc, argv, "46AaBbdF:f:ghI:iLlM:mN:np:Qq:RrSTsuWw:xz"))
362 errx(1, "IPv4 support is not compiled in");
369 errx(1, "IPv6 support is not compiled in");
388 fib = strtol(optarg, &endptr, 0);
389 if (*endptr != '\0' ||
390 (fib == 0 && (errno == EINVAL || errno == ERANGE)))
391 errx(1, "%s: invalid fib", optarg);
394 if (strcmp(optarg, "ipx") == 0)
396 else if (strcmp(optarg, "inet") == 0)
399 else if (strcmp(optarg, "inet6") == 0)
403 else if (strcmp(optarg, "pfkey") == 0)
406 else if (strcmp(optarg, "unix") == 0)
408 else if (strcmp(optarg, "atalk") == 0)
411 else if (strcmp(optarg, "ng") == 0
412 || strcmp(optarg, "netgraph") == 0)
415 else if (strcmp(optarg, "link") == 0)
418 errx(1, "%s: unknown address family", optarg);
431 for (cp = interface = optarg; isalpha(*cp); cp++)
452 numeric_addr = numeric_port = 1;
455 if ((tp = name2protox(optarg)) == NULL) {
457 "%s: unknown or uninstrumented protocol",
466 noutputs = atoi(optarg);
490 interval = atoi(optarg);
509 #define BACKWARD_COMPATIBILITY
510 #ifdef BACKWARD_COMPATIBILITY
512 if (isdigit(**argv)) {
513 interval = atoi(*argv);
528 * Discard setgid privileges if not the running kernel so that bad
529 * guys can't print interesting stuff from kernel memory.
531 live = (nlistf == NULL && memf == NULL);
536 errx(1, "-x and -T are incompatible, pick one.");
541 bpf_stats(interface);
546 if (kread(0, NULL, 0) == 0)
547 mbpr(kvmd, nl[N_SFSTAT].n_value);
554 if (kread(0, NULL, 0) == 0)
562 * Keep file descriptors open to avoid overhead
563 * of open/close on each call to get* routines.
569 * This does not make sense any more with DNS being default over
570 * the files. Doing a setXXXXent(1) causes a tcp connection to be
571 * used for the queries, which is slower.
574 if (iflag && !sflag) {
575 intpr(interval, NULL, af);
589 if (af == AF_INET || af == AF_UNSPEC)
592 if (af == AF_INET6 || af == AF_UNSPEC)
596 if (af == AF_INET || af == AF_UNSPEC)
599 if (af == AF_INET6 || af == AF_UNSPEC)
606 /* Load all necessary kvm symbols */
610 printproto(tp, tp->pr_name);
613 if (af == AF_INET || af == AF_UNSPEC)
614 for (tp = protox; tp->pr_name; tp++)
615 printproto(tp, tp->pr_name);
617 if (af == AF_INET6 || af == AF_UNSPEC)
618 for (tp = ip6protox; tp->pr_name; tp++)
619 printproto(tp, tp->pr_name);
622 if (af == PF_KEY || af == AF_UNSPEC)
623 for (tp = pfkeyprotox; tp->pr_name; tp++)
624 printproto(tp, tp->pr_name);
627 if (af == AF_IPX || af == AF_UNSPEC) {
628 for (tp = ipxprotox; tp->pr_name; tp++)
629 printproto(tp, tp->pr_name);
632 if (af == AF_APPLETALK || af == AF_UNSPEC)
633 for (tp = atalkprotox; tp->pr_name; tp++)
634 printproto(tp, tp->pr_name);
636 if (af == AF_NETGRAPH || af == AF_UNSPEC)
637 for (tp = netgraphprotox; tp->pr_name; tp++)
638 printproto(tp, tp->pr_name);
639 #endif /* NETGRAPH */
640 if ((af == AF_UNIX || af == AF_UNSPEC) && !sflag)
641 unixpr(nl[N_UNP_COUNT].n_value, nl[N_UNP_GENCNT].n_value,
642 nl[N_UNP_DHEAD].n_value, nl[N_UNP_SHEAD].n_value,
643 nl[N_UNP_SPHEAD].n_value);
648 fetch_stats(const char *sysctlname, u_long off, void *stats, size_t len,
649 int (*kreadfn)(u_long, void *, size_t))
654 memset(stats, 0, len);
656 error = sysctlbyname(sysctlname, NULL, NULL, stats,
659 error = sysctlbyname(sysctlname, stats, &len, NULL, 0);
660 if (error == -1 && errno != ENOENT)
661 warn("sysctl %s", sysctlname);
665 error = kreadfn(off, stats, len);
671 * Print out protocol statistics or control blocks (per sflag).
672 * If the interface was not specifically requested, and the symbol
673 * is not in the namelist, ignore this one.
676 printproto(struct protox *tp, const char *name)
678 void (*pr)(u_long, const char *, int, int);
684 intpr(interval, tp->pr_istats, af);
686 printf("%s: no per-interface stats routine\n",
693 printf("%s: no stats routine\n",
697 if (tp->pr_usesysctl && live)
699 else if (tp->pr_sindex < 0) {
702 "%s: stats routine doesn't work on cores\n",
706 off = nl[tp->pr_sindex].n_value;
712 printf("%s: no PCB routine\n", tp->pr_name);
715 if (tp->pr_usesysctl && live)
717 else if (tp->pr_index < 0) {
720 "%s: PCB routine doesn't work on cores\n",
724 off = nl[tp->pr_index].n_value;
726 if (pr != NULL && (off || (live && tp->pr_usesysctl) ||
728 (*pr)(off, name, af, tp->pr_protocol);
734 char errbuf[_POSIX2_LINE_MAX];
739 kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY, errbuf);
743 warnx("kvm not available: %s", errbuf);
751 * Resolve symbol list, return 0 on success.
754 kresolve_list(struct nlist *_nl)
757 if ((kvmd == NULL) && (kvmd_init() != 0))
760 if (_nl[0].n_type != 0)
763 if (kvm_nlist(kvmd, _nl) < 0) {
765 errx(1, "%s: kvm_nlist: %s", nlistf,
768 errx(1, "kvm_nlist: %s", kvm_geterr(kvmd));
775 * Read kernel memory, return 0 on success.
778 kread(u_long addr, void *buf, size_t size)
786 if (kvm_read(kvmd, addr, buf, size) != (ssize_t)size) {
787 warnx("%s", kvm_geterr(kvmd));
794 * Read single counter(9).
797 kread_counter(u_long addr)
803 return (kvm_counter_u64_fetch(kvmd, addr));
807 * Read an array of N counters in kernel memory into array of N uint64_t's.
810 kread_counters(u_long addr, void *buf, size_t size)
819 if (size % sizeof(uint64_t) != 0) {
820 warnx("kread_counters: invalid counter set size");
824 n = size / sizeof(uint64_t);
825 if ((counters = malloc(n * sizeof(u_long))) == NULL)
827 if (kread(addr, counters, n * sizeof(u_long)) < 0) {
833 for (i = 0; i < n; i++)
834 c[i] = kvm_counter_u64_fetch(kvmd, counters[i]);
843 return (n != 1 ? "s" : "");
847 plurales(uintmax_t n)
849 return (n != 1 ? "es" : "");
853 pluralies(uintmax_t n)
855 return (n != 1 ? "ies" : "y");
859 * Find the protox for the given "well-known" name.
861 static struct protox *
862 knownname(const char *name)
864 struct protox **tpp, *tp;
866 for (tpp = protoprotox; *tpp; tpp++)
867 for (tp = *tpp; tp->pr_name; tp++)
868 if (strcmp(tp->pr_name, name) == 0)
874 * Find the protox corresponding to name.
876 static struct protox *
877 name2protox(const char *name)
880 char **alias; /* alias from p->aliases */
884 * Try to find the name in the list of "well-known" names. If that
885 * fails, check if name is an alias for an Internet protocol.
887 if ((tp = knownname(name)) != NULL)
890 setprotoent(1); /* make protocol lookup cheaper */
891 while ((p = getprotoent()) != NULL) {
892 /* assert: name not same as p->name */
893 for (alias = p->p_aliases; *alias; alias++)
894 if (strcmp(name, *alias) == 0) {
896 return (knownname(p->p_name));
906 (void)fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n",
907 "usage: netstat [-46AaLnRSTWx] [-f protocol_family | -p protocol]\n"
908 " [-M core] [-N system]",
909 " netstat -i | -I interface [-46abdhnW] [-f address_family]\n"
910 " [-M core] [-N system]",
911 " netstat -w wait [-I interface] [-46d] [-M core] [-N system] [-q howmany]",
912 " netstat -s [-s] [-46z] [-f protocol_family | -p protocol]\n"
913 " [-M core] [-N system]",
914 " netstat -i | -I interface [-46s] [-f protocol_family | -p protocol]\n"
915 " [-M core] [-N system]",
916 " netstat -m [-M core] [-N system]",
917 " netstat -B [-I interface]",
918 " netstat -r [-46AanW] [-f address_family] [-M core] [-N system]",
919 " netstat -rs [-s] [-M core] [-N system]",
920 " netstat -g [-46W] [-f address_family] [-M core] [-N system]",
921 " netstat -gs [-46s] [-f address_family] [-M core] [-N system]",