From 0aec93f4ca31b3ab5ed6f385781e597ba0de9c7a Mon Sep 17 00:00:00 2001 From: bz Date: Sat, 5 Dec 2009 19:21:58 +0000 Subject: [PATCH] MFC r199946: Add more statistics variables for IPcomp. Try to version the struct in a backward compatible way. People asked for the versioning of the stats structs in general before. Note: old netstat binaries, as only consumer, continue to work as they are still using kvm but will not display the new stats. [1] Discussed with: rwatson [1] git-svn-id: svn://svn.freebsd.org/base/stable/8@200148 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sys/netipsec/ipcomp_var.h | 4 ++++ sys/netipsec/xform_ipcomp.c | 18 +++++++++++++++--- usr.bin/netstat/ipsec.c | 10 ++++++++++ 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/sys/netipsec/ipcomp_var.h b/sys/netipsec/ipcomp_var.h index a9dbe86f6..78f184882 100644 --- a/sys/netipsec/ipcomp_var.h +++ b/sys/netipsec/ipcomp_var.h @@ -41,6 +41,7 @@ */ #define IPCOMP_ALG_MAX 8 +#define IPCOMPSTAT_VERSION 1 struct ipcompstat { u_int32_t ipcomps_hdrops; /* Packet shorter than header shows */ u_int32_t ipcomps_nopf; /* Protocol family not supported */ @@ -58,6 +59,9 @@ struct ipcompstat { u_int32_t ipcomps_pdrops; /* Packet blocked due to policy */ u_int32_t ipcomps_crypto; /* "Crypto" processing failure */ u_int32_t ipcomps_hist[IPCOMP_ALG_MAX];/* Per-algorithm op count */ + u_int32_t version; /* Version of this structure. */ + u_int32_t ipcomps_threshold; /* Packet < comp. algo. threshold. */ + u_int32_t ipcomps_uncompr; /* Compression was useles. */ }; #ifdef _KERNEL diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 2dc18de6a..4d21e381b 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -345,7 +345,7 @@ ipcomp_output( * See RFC 3173, 2.2. Non-Expansion Policy. */ if (m->m_pkthdr.len <= ipcompx->minlen) { - /* XXX-BZ V_ipcompstat.threshold++; */ + V_ipcompstat.ipcomps_threshold++; return ipsec_process_done(m, isr); } @@ -569,8 +569,10 @@ ipcomp_output_cb(struct cryptop *crp) goto bad; } } else { - /* compression was useless, we have lost time */ - /* XXX add statistic */ + /* Compression was useless, we have lost time. */ + V_ipcompstat.ipcomps_uncompr++; + DPRINTF(("%s: compressions was useless %d - %d <= %d\n", + __func__, crp->crp_ilen, skip, crp->crp_olen)); /* XXX remember state to not compress the next couple * of packets, RFC 3173, 2.2. Non-Expansion Policy */ } @@ -609,3 +611,13 @@ ipcomp_attach(void) } SYSINIT(ipcomp_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ipcomp_attach, NULL); + +static void +vnet_ipcomp_attach(const void *unused __unused) +{ + + V_ipcompstat.version = IPCOMPSTAT_VERSION; +} + +VNET_SYSINIT(vnet_ipcomp_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, + vnet_ipcomp_attach, NULL); diff --git a/usr.bin/netstat/ipsec.c b/usr.bin/netstat/ipsec.c index bfd8ce01e..d3276bf27 100644 --- a/usr.bin/netstat/ipsec.c +++ b/usr.bin/netstat/ipsec.c @@ -418,6 +418,7 @@ esp_stats(u_long off, const char *name, int family __unused, int proto __unused) static void print_ipcompstats(const struct ipcompstat *ipcompstat) { + uint32_t version; #define p32(f, m) if (ipcompstat->f || sflag <= 1) \ printf("\t%u" m, (unsigned int)ipcompstat->f, plural(ipcompstat->f)) #define p64(f, m) if (ipcompstat->f || sflag <= 1) \ @@ -425,6 +426,11 @@ print_ipcompstats(const struct ipcompstat *ipcompstat) #define hist(f, n, t) \ ipsec_hist_new((f), sizeof(f)/sizeof(f[0]), (n), (t)); +#ifndef IPCOMPSTAT_VERSION + version = 0; +#else + version = ipcompstat->version; +#endif p32(ipcomps_hdrops, " packet%s shorter than header shows\n"); p32(ipcomps_nopf, " packet%s dropped; protocol family not supported\n"); p32(ipcomps_notdb, " packet%s dropped; no TDB\n"); @@ -441,6 +447,10 @@ print_ipcompstats(const struct ipcompstat *ipcompstat) p32(ipcomps_pdrops, " packet%s blocked due to policy\n"); p32(ipcomps_crypto, " crypto processing failure%s\n"); hist(ipcompstat->ipcomps_hist, ipsec_compnames, "COMP output"); + if (version >= 1) { + p32(ipcomps_threshold, " packet%s sent uncompressed; size < compr. algo. threshold\n"); + p32(ipcomps_uncompr, " packet%s sent uncompressed; compression was useless\n"); + } #undef p32 #undef p64 -- 2.45.0