Module Name: src
Committed By: christos
Date: Thu Apr 13 16:38:32 UTC 2017
Modified Files:
src/sys/net: pfkeyv2.h
src/sys/netipsec: ah_var.h esp_var.h ipcomp_var.h xform_ah.c
xform_esp.c xform_ipcomp.c
src/usr.bin/netstat: fast_ipsec.c
Log Message:
Redo the statistics through an indirection array and put the definitions
of the arrays in pfkeyv2.h so that they are next to the index definitions.
Remove "bogus" comment about compressing the statistics which is now fixed.
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/sys/net/pfkeyv2.h
cvs rdiff -u -r1.4 -r1.5 src/sys/netipsec/ah_var.h src/sys/netipsec/esp_var.h
cvs rdiff -u -r1.6 -r1.7 src/sys/netipsec/ipcomp_var.h
cvs rdiff -u -r1.46 -r1.47 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.49 -r1.50 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.32 -r1.33 src/sys/netipsec/xform_ipcomp.c
cvs rdiff -u -r1.20 -r1.21 src/usr.bin/netstat/fast_ipsec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/pfkeyv2.h
diff -u src/sys/net/pfkeyv2.h:1.30 src/sys/net/pfkeyv2.h:1.31
--- src/sys/net/pfkeyv2.h:1.30 Thu Jun 9 15:54:18 2011
+++ src/sys/net/pfkeyv2.h Thu Apr 13 12:38:31 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkeyv2.h,v 1.30 2011/06/09 19:54:18 drochner Exp $ */
+/* $NetBSD: pfkeyv2.h,v 1.31 2017/04/13 16:38:31 christos Exp $ */
/* $KAME: pfkeyv2.h,v 1.36 2003/07/25 09:33:37 itojun Exp $ */
/*
@@ -341,6 +341,16 @@ struct sadb_x_nat_t_frag {
#define SADB_SAFLAGS_PFS 1
+/*
+ * Statistics variable definitions. For ESP/AH/IPCOMP we define
+ * indirection arrays of 256 elements indexed by algorithm (which
+ * is uint8_t. All unknown/unhandled entries are summed in the 0th
+ * element. We provide three variables per protocol:
+ * 1. *_STATS_INIT: a list of initializers
+ * 2. *_STATS_NUM: number of algorithms/statistics including (0/unknown)
+ * 3. *_STATS_STR: a list of strings to symbolically print the statistics
+ */
+
/* RFC2367 numbers - meets RFC2407 */
#define SADB_AALG_NONE 0
#define SADB_AALG_MD5HMAC 2
@@ -361,6 +371,43 @@ struct sadb_x_nat_t_frag {
#define SADB_X_AALG_NULL 251 /* null authentication */
#define SADB_X_AALG_TCP_MD5 252 /* Keyed TCP-MD5 (RFC2385) */
+
+#define SADB_AALG_STATS_INIT \
+ [SADB_AALG_NONE] = 1, \
+ [SADB_AALG_MD5HMAC] = 2, \
+ [SADB_AALG_SHA1HMAC] = 3, \
+ [SADB_X_AALG_SHA2_256] = 4, \
+ [SADB_X_AALG_SHA2_384] = 5, \
+ [SADB_X_AALG_SHA2_512] = 6, \
+ [SADB_X_AALG_RIPEMD160HMAC] = 7, \
+ [SADB_X_AALG_AES_XCBC_MAC] = 8, \
+ [SADB_X_AALG_AES128GMAC] = 9, \
+ [SADB_X_AALG_AES192GMAC] = 10, \
+ [SADB_X_AALG_AES256GMAC] = 11, \
+ [SADB_X_AALG_MD5] = 12, \
+ [SADB_X_AALG_SHA] = 13, \
+ [SADB_X_AALG_NULL] = 14, \
+ [SADB_X_AALG_TCP_MD5] = 15,
+
+#define SADB_AALG_STATS_NUM 16
+#define SADB_AALG_STATS_STR \
+ "*unknown*", \
+ "none", \
+ "hmac-md5", \
+ "hmac-sha1", \
+ "hmac-sha2-256", \
+ "hmac-sha2-384", \
+ "hmac-sha2-512", \
+ "hmac-ripe-md160", \
+ "aes-xbc-mac", \
+ "aes-128-mac", \
+ "aes-192-mac", \
+ "aes-256-mac", \
+ "md5", \
+ "sha", \
+ "null", \
+ "tcp-md5",
+
/* RFC2367 numbers - meets RFC2407 */
#define SADB_EALG_NONE 0
#define SADB_EALG_DESCBC 2
@@ -381,6 +428,40 @@ struct sadb_x_nat_t_frag {
/* private allocations should use 249-255 (RFC2407) */
#define SADB_X_EALG_SKIPJACK 250
+#define SADB_EALG_STATS_INIT \
+ [SADB_EALG_NONE] = 1, \
+ [SADB_EALG_DESCBC] = 2, \
+ [SADB_EALG_3DESCBC] = 3, \
+ [SADB_EALG_NULL] = 4, \
+ [SADB_X_EALG_CAST128CBC] = 5, \
+ [SADB_X_EALG_BLOWFISHCBC] = 6, \
+ [SADB_X_EALG_RIJNDAELCBC] = 7, \
+ [SADB_X_EALG_AESCTR] = 8, \
+ [SADB_X_EALG_AESGCM8] = 9, \
+ [SADB_X_EALG_AESGCM12] = 10, \
+ [SADB_X_EALG_AESGCM16] = 11, \
+ [SADB_X_EALG_CAMELLIACBC] = 12, \
+ [SADB_X_EALG_AESGMAC] = 13, \
+ [SADB_X_EALG_SKIPJACK] = 14,
+
+#define SADB_EALG_STATS_NUM 15
+#define SADB_EALG_STATS_STR \
+ "*unknown*", \
+ "none", \
+ "des-cbc", \
+ "3des-cbc", \
+ "null", \
+ "cast128-cbc", \
+ "blowfish-cbc", \
+ "aes-cbc", \
+ "aes-ctr", \
+ "aes-gcm-8", \
+ "aes-gcm-12", \
+ "aes-gcm-16", \
+ "camelia-cbc", \
+ "aes-gmac", \
+ "skipjack",
+
/* private allocations - based on RFC2407/IANA assignment */
#define SADB_X_CALG_NONE 0
#define SADB_X_CALG_OUI 1
@@ -388,6 +469,22 @@ struct sadb_x_nat_t_frag {
#define SADB_X_CALG_LZS 3
#define SADB_X_CALG_MAX 4
+#define SADB_CALG_STATS_INIT \
+ [SADB_X_CALG_NONE] = 1, \
+ [SADB_X_CALG_OUI] = 2, \
+ [SADB_X_CALG_DEFLATE] = 3, \
+ [SADB_X_CALG_LZS] = 4,
+
+#define SADB_CALG_STATS_NUM 5
+
+#define SADB_CALG_STATS_STR \
+ "*unknown*", \
+ "none", \
+ "oui", \
+ "deflate", \
+ "lzs",
+
+
#define SADB_IDENTTYPE_RESERVED 0
#define SADB_IDENTTYPE_PREFIX 1
#define SADB_IDENTTYPE_FQDN 2
Index: src/sys/netipsec/ah_var.h
diff -u src/sys/netipsec/ah_var.h:1.4 src/sys/netipsec/ah_var.h:1.5
--- src/sys/netipsec/ah_var.h:1.4 Wed Apr 23 02:09:05 2008
+++ src/sys/netipsec/ah_var.h Thu Apr 13 12:38:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ah_var.h,v 1.4 2008/04/23 06:09:05 thorpej Exp $ */
+/* $NetBSD: ah_var.h,v 1.5 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/ah_var.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $OpenBSD: ip_ah.h,v 1.29 2002/06/09 16:26:10 itojun Exp $ */
/*
@@ -40,14 +40,6 @@
#ifndef _NETIPSEC_AH_VAR_H_
#define _NETIPSEC_AH_VAR_H_
-/*
- * These define the algorithm indices into the histogram. They're
- * presently based on the PF_KEY v2 protocol values which is bogus;
- * they should be decoupled from the protocol at which time we can
- * pack them and reduce the size of the array to a minimum.
- */
-#define AH_ALG_MAX 16
-
#define AH_STAT_HDROPS 0 /* packet shorter than header shows */
#define AH_STAT_NOPF 1 /* protocol family not supported */
#define AH_STAT_NOTDB 2
@@ -68,11 +60,14 @@
#define AH_STAT_CRYPTO 17 /* crypto processing failure */
#define AH_STAT_TUNNEL 18 /* tunnel sanity check failure */
#define AH_STAT_HIST 19 /* per-algorithm op count */
- /* space for AH_ALG_MAX (16) counters */
-#define AH_NSTATS 35
+/* space for SADB_AALG_STATS_NUM counters */
+#define AH_ALG_MAX SADB_AALG_STATS_NUM
+#define AH_ALG_STR SADB_AALG_STATS_STR
+#define AH_NSTATS (AH_STAT_HIST + AH_ALG_MAX)
#ifdef _KERNEL
+extern const uint8_t ah_stats[256];
extern int ah_enable;
extern int ah_cleartos;
#endif /* _KERNEL */
Index: src/sys/netipsec/esp_var.h
diff -u src/sys/netipsec/esp_var.h:1.4 src/sys/netipsec/esp_var.h:1.5
--- src/sys/netipsec/esp_var.h:1.4 Wed Apr 23 02:09:05 2008
+++ src/sys/netipsec/esp_var.h Thu Apr 13 12:38:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: esp_var.h,v 1.4 2008/04/23 06:09:05 thorpej Exp $ */
+/* $NetBSD: esp_var.h,v 1.5 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/esp_var.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $OpenBSD: ip_esp.h,v 1.37 2002/06/09 16:26:10 itojun Exp $ */
/*
@@ -40,14 +40,6 @@
#ifndef _NETIPSEC_ESP_VAR_H_
#define _NETIPSEC_ESP_VAR_H_
-/*
- * These define the algorithm indices into the histogram. They're
- * presently based on the PF_KEY v2 protocol values which is bogus;
- * they should be decoupled from the protocol at which time we can
- * pack them and reduce the size of the array to a reasonable value.
- */
-#define ESP_ALG_MAX 256 /* NB: could be < but skipjack is 249 */
-
#define ESP_STAT_HDROPS 0 /* packet shorter than header shows */
#define ESP_STAT_NOPF 1 /* protocol family not supported */
#define ESP_STAT_NOTDB 2
@@ -69,11 +61,14 @@
#define ESP_STAT_CRYPTO 18 /* crypto processing failure */
#define ESP_STAT_TUNNEL 19 /* tunnel sanity check failure */
#define ESP_STAT_HIST 20 /* per-algorithm op count */
- /* space for ESP_ALG_MAX (256) counters */
-#define ESP_NSTATS 276
+/* space for SADB_EALG_STATS_NUM counters */
+#define ESP_ALG_MAX SADB_EALG_STATS_NUM
+#define ESP_ALG_STR SADB_EALG_STATS_STR
+#define ESP_NSTATS (ESP_STAT_HIST + ESP_ALG_MAX)
#ifdef _KERNEL
+extern const uint8_t esp_stats[256];
extern int esp_enable;
#endif /* _KERNEL */
#endif /* !_NETIPSEC_ESP_VAR_H_ */
Index: src/sys/netipsec/ipcomp_var.h
diff -u src/sys/netipsec/ipcomp_var.h:1.6 src/sys/netipsec/ipcomp_var.h:1.7
--- src/sys/netipsec/ipcomp_var.h:1.6 Wed Apr 23 02:09:05 2008
+++ src/sys/netipsec/ipcomp_var.h Thu Apr 13 12:38:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipcomp_var.h,v 1.6 2008/04/23 06:09:05 thorpej Exp $ */
+/* $NetBSD: ipcomp_var.h,v 1.7 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/ipcomp_var.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $KAME: ipcomp.h,v 1.8 2000/09/26 07:55:14 itojun Exp $ */
@@ -34,14 +34,6 @@
#ifndef _NETIPSEC_IPCOMP_VAR_H_
#define _NETIPSEC_IPCOMP_VAR_H_
-/*
- * These define the algorithm indices into the histogram. They're
- * presently based on the PF_KEY v2 protocol values which is bogus;
- * they should be decoupled from the protocol at which time we can
- * pack them and reduce the size of the array to a minimum.
- */
-#define IPCOMP_ALG_MAX 8
-
#define IPCOMP_STAT_HDROPS 0 /* packet shorter than header shows */
#define IPCOMP_STAT_NOPF 1 /* protocol family not supported */
#define IPCOMP_STAT_NOTDB 2
@@ -60,11 +52,14 @@
#define IPCOMP_STAT_PDROPS 15 /* packet blocked due to policy */
#define IPCOMP_STAT_CRYPTO 16 /* crypto processing failure */
#define IPCOMP_STAT_HIST 17 /* per-algorithm op count */
- /* space for IPCOMP_ALG_MAX (8) counters */
-#define IPCOMP_NSTATS 25
+/* space for SADB_CALG_STATS_NUM counters */
+#define IPCOMP_ALG_MAX SADB_CALG_STATS_NUM
+#define IPCOMP_ALG_STR SADB_CALG_STATS_STR
+#define IPCOMP_NSTATS (IPCOMP_STAT_HIST + IPCOMP_ALG_MAX)
#ifdef _KERNEL
+extern const uint8_t ipcomp_stats[256];
extern int ipcomp_enable;
#endif /* _KERNEL */
#endif /* !_NETIPSEC_IPCOMP_VAR_H_ */
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.46 src/sys/netipsec/xform_ah.c:1.47
--- src/sys/netipsec/xform_ah.c:1.46 Wed Apr 12 21:32:57 2017
+++ src/sys/netipsec/xform_ah.c Thu Apr 13 12:38:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.46 2017/04/13 01:32:57 ozaki-r Exp $ */
+/* $NetBSD: xform_ah.c,v 1.47 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.46 2017/04/13 01:32:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.47 2017/04/13 16:38:32 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -124,6 +124,8 @@ static unsigned char ipseczeroes[256]; /
static int ah_input_cb(struct cryptop*);
static int ah_output_cb(struct cryptop*);
+const uint8_t ah_stats[256] = { SADB_AALG_STATS_INIT };
+
/*
* NB: this is public for use by the PF_KEY support.
*/
@@ -875,7 +877,7 @@ ah_input_cb(struct cryptop *crp)
error = crp->crp_etype;
goto bad;
} else {
- AH_STATINC(AH_STAT_HIST + sav->alg_auth);
+ AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
crypto_freereq(crp); /* No longer needed. */
crp = NULL;
}
@@ -1283,7 +1285,7 @@ ah_output_cb(struct cryptop *crp)
error = EINVAL;
goto bad;
}
- AH_STATINC(AH_STAT_HIST + sav->alg_auth);
+ AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
/*
* Copy original headers (with the new protocol number) back
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.49 src/sys/netipsec/xform_esp.c:1.50
--- src/sys/netipsec/xform_esp.c:1.49 Wed Apr 12 21:32:57 2017
+++ src/sys/netipsec/xform_esp.c Thu Apr 13 12:38:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.49 2017/04/13 01:32:57 ozaki-r Exp $ */
+/* $NetBSD: xform_esp.c,v 1.50 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.49 2017/04/13 01:32:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.50 2017/04/13 16:38:32 christos Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -109,6 +109,8 @@ static int esp_max_ivlen; /* max iv len
static int esp_input_cb(struct cryptop *op);
static int esp_output_cb(struct cryptop *crp);
+const uint8_t esp_stats[256] = { SADB_EALG_STATS_INIT };
+
/*
* NB: this is public for use by the PF_KEY support.
* NB: if you add support here; be sure to add code to esp_attach below!
@@ -583,7 +585,7 @@ esp_input_cb(struct cryptop *crp)
error = EINVAL;
goto bad;
}
- ESP_STATINC(ESP_STAT_HIST + sav->alg_enc);
+ ESP_STATINC(ESP_STAT_HIST + esp_stats[sav->alg_enc]);
/* If authentication was performed, check now. */
if (esph != NULL) {
@@ -592,7 +594,7 @@ esp_input_cb(struct cryptop *crp)
* the verification for us. Otherwise we need to
* check the authentication calculation.
*/
- AH_STATINC(AH_STAT_HIST + sav->alg_auth);
+ AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
if (mtag == NULL) {
/* Copy the authenticator from the packet */
m_copydata(m, m->m_pkthdr.len - esph->authsize,
@@ -1021,9 +1023,9 @@ esp_output_cb(struct cryptop *crp)
error = EINVAL;
goto bad;
}
- ESP_STATINC(ESP_STAT_HIST + sav->alg_enc);
+ ESP_STATINC(ESP_STAT_HIST + esp_stats[sav->alg_enc]);
if (sav->tdb_authalgxform != NULL)
- AH_STATINC(AH_STAT_HIST + sav->alg_auth);
+ AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
/* Release crypto descriptors. */
free(tc, M_XDATA);
Index: src/sys/netipsec/xform_ipcomp.c
diff -u src/sys/netipsec/xform_ipcomp.c:1.32 src/sys/netipsec/xform_ipcomp.c:1.33
--- src/sys/netipsec/xform_ipcomp.c:1.32 Thu Apr 6 05:20:07 2017
+++ src/sys/netipsec/xform_ipcomp.c Thu Apr 13 12:38:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.32 2017/04/06 09:20:07 ozaki-r Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.33 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.32 2017/04/06 09:20:07 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.33 2017/04/13 16:38:32 christos Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@@ -91,11 +91,11 @@ SYSCTL_STRUCT(_net_inet_ipcomp, IPSECCTL
static int ipcomp_input_cb(struct cryptop *crp);
static int ipcomp_output_cb(struct cryptop *crp);
+const uint8_t ipcomp_stats[256] = { SADB_CALG_STATS_INIT };
+
const struct comp_algo *
ipcomp_algorithm_lookup(int alg)
{
- if (alg >= IPCOMP_ALG_MAX)
- return NULL;
switch (alg) {
case SADB_X_CALG_DEFLATE:
return &comp_algo_deflate_nogrow;
@@ -297,7 +297,7 @@ ipcomp_input_cb(struct cryptop *crp)
error = EINVAL;
goto bad;
}
- IPCOMP_STATINC(IPCOMP_STAT_HIST + sav->alg_comp);
+ IPCOMP_STATINC(IPCOMP_STAT_HIST + ipcomp_stats[sav->alg_comp]);
/* Update the counters */
IPCOMP_STATADD(IPCOMP_STAT_IBYTES, m->m_pkthdr.len - skip - hlen);
@@ -560,7 +560,7 @@ ipcomp_output_cb(struct cryptop *crp)
error = EINVAL;
goto bad;
}
- IPCOMP_STATINC(IPCOMP_STAT_HIST + sav->alg_comp);
+ IPCOMP_STATINC(IPCOMP_STAT_HIST + ipcomp_stats[sav->alg_comp]);
if (rlen > crp->crp_olen) {
/* Inject IPCOMP header */
Index: src/usr.bin/netstat/fast_ipsec.c
diff -u src/usr.bin/netstat/fast_ipsec.c:1.20 src/usr.bin/netstat/fast_ipsec.c:1.21
--- src/usr.bin/netstat/fast_ipsec.c:1.20 Mon Apr 15 17:20:39 2013
+++ src/usr.bin/netstat/fast_ipsec.c Thu Apr 13 12:38:32 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: fast_ipsec.c,v 1.20 2013/04/15 21:20:39 christos Exp $ */
+/* $NetBSD: fast_ipsec.c,v 1.21 2017/04/13 16:38:32 christos Exp $ */
/* $FreeBSD: src/tools/tools/crypto/ipsecstats.c,v 1.1.4.1 2003/06/03 00:13:13 sam Exp $ */
/*-
@@ -33,7 +33,7 @@
#include <sys/cdefs.h>
#ifndef lint
#ifdef __NetBSD__
-__RCSID("$NetBSD: fast_ipsec.c,v 1.20 2013/04/15 21:20:39 christos Exp $");
+__RCSID("$NetBSD: fast_ipsec.c,v 1.21 2017/04/13 16:38:32 christos Exp $");
#endif
#endif /* not lint*/
@@ -70,52 +70,19 @@ struct alg {
int a;
const char *name;
};
-static const struct alg aalgs[] = {
- { SADB_AALG_NONE, "none", },
- { SADB_AALG_MD5HMAC, "hmac-md5", },
- { SADB_AALG_SHA1HMAC, "hmac-sha1", },
- { SADB_X_AALG_MD5, "md5", },
- { SADB_X_AALG_SHA, "sha", },
- { SADB_X_AALG_NULL, "null", },
- { SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
- { SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
- { SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
- { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
- { SADB_X_AALG_AES128GMAC, "aes-128-gmac", },
- { SADB_X_AALG_AES192GMAC, "aes-192-gmac", },
- { SADB_X_AALG_AES256GMAC, "aes-256-gmac", },
-};
-static const struct alg espalgs[] = {
- { SADB_EALG_NONE, "none", },
- { SADB_EALG_DESCBC, "des-cbc", },
- { SADB_EALG_3DESCBC, "3des-cbc", },
- { SADB_EALG_NULL, "null", },
- { SADB_X_EALG_CAST128CBC, "cast128-cbc", },
- { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
- { SADB_X_EALG_RIJNDAELCBC, "aes-cbc", },
- { SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
- { SADB_X_EALG_AESCTR, "aes-ctr", },
- { SADB_X_EALG_AESGCM16, "aes-gcm-16", },
- { SADB_X_EALG_AESGMAC, "aes-gmac", },
-};
-static const struct alg ipcompalgs[] = {
- { SADB_X_CALG_NONE, "none", },
- { SADB_X_CALG_OUI, "oui", },
- { SADB_X_CALG_DEFLATE, "deflate", },
- { SADB_X_CALG_LZS, "lzs", },
-};
-#define N(a) (sizeof(a)/sizeof(a[0]))
-static const char*
-algname(int a, const struct alg algs[], int nalgs)
+static const char *ahalgs[] = { AH_ALG_STR };
+static const char *espalgs[] = { ESP_ALG_STR };
+static const char *ipcompalgs[] = { IPCOMP_ALG_STR };
+
+static const char *
+algname(size_t a, const char *algs[], size_t nalgs)
{
static char buf[80];
- int i;
- for (i = 0; i < nalgs; i++)
- if (algs[i].a == a)
- return algs[i].name;
- snprintf(buf, sizeof(buf), "alg#%u", a);
+ if (a < nalgs)
+ return algs[a];
+ snprintf(buf, sizeof(buf), "alg#%zu", a);
return buf;
}
@@ -135,8 +102,7 @@ fast_ipsec_stats(u_long off, const char
uint64_t ipcs[IPCOMP_NSTATS];
uint64_t ipips[IPIP_NSTATS];
int status;
- size_t slen;
- int i;
+ size_t slen, i;
if (! use_sysctl) {
warnx("IPsec stats not available via KVM.");
@@ -220,7 +186,7 @@ fast_ipsec_stats(u_long off, const char
for (i = 0; i < AH_ALG_MAX; i++)
if (ahstats[AH_STAT_HIST + i])
printf("\t\tah packets with %s: %"PRIu64"\n"
- , algname(i, aalgs, N(aalgs))
+ , algname(i, ahalgs, __arraycount(ahalgs))
, ahstats[AH_STAT_HIST + i]
);
AHSTAT(ahstats[AH_STAT_IBYTES], "bytes received");
@@ -252,7 +218,7 @@ fast_ipsec_stats(u_long off, const char
for (i = 0; i < ESP_ALG_MAX; i++)
if (espstats[ESP_STAT_HIST + i])
printf("\t\tesp packets with %s: %"PRIu64"\n"
- , algname(i, espalgs, N(espalgs))
+ , algname(i, espalgs, __arraycount(espalgs))
, espstats[ESP_STAT_HIST + i]
);
ESPSTAT(espstats[ESP_STAT_IBYTES], "bytes received");
@@ -298,8 +264,8 @@ fast_ipsec_stats(u_long off, const char
for (i = 0; i < IPCOMP_ALG_MAX; i++)
if (ipcs[IPCOMP_STAT_HIST + i])
printf("\t\tIPcomp packets with %s: %"PRIu64"\n"
- , algname(i, ipcompalgs, N(ipcompalgs))
- , ipcs[IPCOMP_STAT_HIST + i]
+ , algname(i, ipcompalgs, __arraycount(ipcompalgs))
+ , ipcs[IPCOMP_STAT_HIST + i]
);
IPCOMP(ipcs[IPCOMP_STAT_IBYTES],"input bytes");
IPCOMP(ipcs[IPCOMP_STAT_OBYTES],"output bytes");
