Home | History | Annotate | only in /src/usr.bin/netstat
History log of /src/usr.bin/netstat
RevisionDateAuthorComments
 1.49 03-Jun-2023  lukem bsd.own.mk: rename GCC_NO_* to CC_WNO_*

Rename compiler-warning-disable variables from
GCC_NO_warning
to
CC_WNO_warning
where warning is the full warning name as used by the compiler.

GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH

Using the convention CC_compilerflag, where compilerflag
is based on the full compiler flag name.
 1.48 03-Apr-2020  christos remove unused
 1.47 13-Oct-2019  mrg introduce some common variables for use in GCC warning disables:

GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)

use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.


we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
 1.46 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.45 10-Oct-2017  christos branches: 1.45.4; 1.45.6;
use librumpres
 1.44 23-Dec-2016  mrg for 64 bit mips platforms where we built userland largely as n32 by
default, build a handful of tools as n64 so they work properly.

unfortunately, they're also static as dynamic n64 has a problem.

of these tools pstat is probably the lowest hanging fruit to convert
to sysctl. systat would be close were it not for the netstat screen,
which includes netstat itself.

the rest are difficult to perhaps foolish.


the upside is that netstat, pmap and fstat all work properly now.
 1.43 06-Jun-2015  joerg branches: 1.43.2;
Format-string related warnings work fine now with both GCC 4.8 and
Clang.
 1.42 15-May-2015  ozaki-r Fix rump.{netstat,route} shows host's interface names in link local addresses

Interface names of IPv6 link local addresses are resolved
by getnameinfo(3). So we need to rump-ify it as well as
if_indextoname and getifaddrs.
 1.41 07-Feb-2015  christos print the timer flags.
 1.40 06-Nov-2014  christos use the common code from route.c
 1.39 01-Mar-2013  joerg branches: 1.39.8;
Retire OSI network stack. OK core@
 1.38 22-Mar-2012  drochner branches: 1.38.2;
remove KAME IPSEC, replaced by FAST_IPSEC
 1.37 06-Jan-2012  drochner split the ipsec.c source file into the pfkey part which is shared
with FAST_IPSEC and KAME specific IPSEC statistics
 1.36 16-Aug-2011  christos branches: 1.36.2;
document non-literal format strings
 1.35 26-May-2011  joerg Default to -Wno-sign-compare -Wno-pointer-sign for clang.
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
 1.34 03-May-2011  dyoung Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
 1.33 01-Mar-2011  dyoung Pull pfsync_stats() out of inet.c and into pfsync.c so that inet.c does
not have to #include PF header files that pollute the global namespace
by #defining v4 and v6 (sheesh).
 1.32 15-Dec-2010  pooka branches: 1.32.2;
Deal with crunch the standard way.
 1.31 15-Dec-2010  he Make this build with CRUNCHEDPROG defined, and default to the sysctl()
method of fetching information. Apparently we can't simply not define
the prog_ops struct in this program.
 1.30 13-Dec-2010  pooka Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.29 14-Sep-2009  degroote Import pfsync support from OpenBSD 4.2

Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.

This work was part of my 2009 GSoC

No objection on tech-net@
 1.28 28-May-2007  tls Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
 1.27 26-Aug-2006  matt Conditionalize XNS support. No longer enabled.
 1.26 28-May-2006  elad Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
 1.25 04-Aug-2005  rpaulo branches: 1.25.2;
Added bpf.c.
 1.24 10-Jan-2005  lukem Only compile in IPv6 support if ${USE_INET6} != "no"

MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
 1.23 07-May-2004  jonathan Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl, for
netstat -p ipsec.

New kernel files:
sys/netipsec/Makefile (new file; install *_var.h includes)
sys/netipsec/ipsec_var.h (new 64-bit mib counter struct)

Changed kernel files:
sys/Makefile (recurse into sys/netipsec/)
sys/netinet/in.h (fake IP_PROTO name for fast_ipsec
sysctl subtree.)
sys/netipsec/ipsec.h (minimal userspace inclusion)
sys/netipsec/ipsec_osdep.h (minimal userspace inclusion)
sys/netipsec/ipsec_netbsd.c (redo sysctl subtree from scratch)
sys/netipsec/key*.c (fix broken net.key subtree)

sys/netipsec/ah_var.h (increase all counters to 64 bits)
sys/netipsec/esp_var.h (increase all counters to 64 bits)
sys/netipsec/ipip_var.h (increase all counters to 64 bits)
sys/netipsec/ipcomp_var.h (increase all counters to 64 bits)

sys/netipsec/ipsec.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_mbuf.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_output.c (add #include netipsec/ipsec_var.h)

sys/netinet/raw_ip.c (add #include netipsec/ipsec_var.h)
sys/netinet/tcp_input.c (add #include netipsec/ipsec_var.h)
sys/netinet/udp_usrreq.c (add #include netipsec/ipsec_var.h)

Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":

New file:
usr.bin/netstat/fast_ipsec.c (print fast-ipsec counters)

Changed files:
usr.bin/netstat/Makefile (add fast_ipsec.c)
usr.bin/netstat/netstat.h (declarations for fast_ipsec.c)
usr.bin/netstat/main.c (call KAME-vs-fast-ipsec dispatcher)
 1.22 14-May-2003  itojun branches: 1.22.2;
use proper #ifdef to determine behavior (__KAME__)
 1.21 18-Sep-2002  lukem makefile delint. use NETBSDSRCDIR as appropriate
 1.20 26-Feb-2000  itojun revise IPsec, pfkey, IPv6 multicast and IPv6 statistics. (sync with kame)
 1.19 13-Dec-1999  itojun per-interface statistics.
bring in and enable KAME scopeid hack.
lots of cleanups.
(sync with latest KAME)
 1.18 12-Jul-1999  thorpej branches: 1.18.4;
Revert previous, as it merely worked around a recent bug in make(1) which
is now fixed.
 1.17 12-Jul-1999  itojun make sure to use files in ${.CURDIR} before ${.CURDIR}/../../sys/netiso.
(namely iso.c)
 1.16 12-Jul-1999  itojun merge SRCS into one.
 1.15 01-Jul-1999  itojun make netstat IPv6-ready.
 1.14 08-May-1997  gwr Back out the .PATH.c changes. The .depend problem (and others)
will be fixed using the new .NOPATH make feature instead.
 1.13 06-May-1997  gwr Use .PATH.c: ...
 1.12 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.11 03-Oct-1995  thorpej New-style RCS ids.
 1.10 06-Oct-1994  mycroft Re-enable some ugly ISO code.
 1.9 03-Aug-1994  deraadt do not need -I/sys
 1.8 02-Aug-1994  pk Use ${DESTDIR}/sys in CFLAGS.
 1.7 13-May-1994  mycroft Clean up import.
 1.6 28-Jan-1994  cgd needs -lkvm, not -lutil
 1.5 11-Jan-1994  brezak Incorporate changes for IP mcast and IGMP from cmaeda@cs.washington.edu.
 1.4 25-Sep-1993  pk -I/sys --> -I${DESTDIR}/sys, to support cross-compilation.
 1.3 31-Jul-1993  mycroft Add RCS identifiers.
 1.2 01-May-1993  mycroft Reenable NS and ISO code.
 1.1 21-Mar-1993  cgd branches: 1.1.1;
after 0.2.2 "stable" patches applied
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.18.4.1 27-Dec-1999  wrstuden Pull up to last week's -current.
 1.22.2.1 10-May-2004  tron Pull up revision 1.23 (requested by jonathan in ticket #280):
Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl, for
netstat -p ipsec.
New kernel files:
sys/netipsec/Makefile (new file; install *_var.h includes)
sys/netipsec/ipsec_var.h (new 64-bit mib counter struct)
Changed kernel files:
sys/Makefile (recurse into sys/netipsec/)
sys/netinet/in.h (fake IP_PROTO name for fast_ipsec
sysctl subtree.)
sys/netipsec/ipsec.h (minimal userspace inclusion)
sys/netipsec/ipsec_osdep.h (minimal userspace inclusion)
sys/netipsec/ipsec_netbsd.c (redo sysctl subtree from scratch)
sys/netipsec/key*.c (fix broken net.key subtree)
sys/netipsec/ah_var.h (increase all counters to 64 bits)
sys/netipsec/esp_var.h (increase all counters to 64 bits)
sys/netipsec/ipip_var.h (increase all counters to 64 bits)
sys/netipsec/ipcomp_var.h (increase all counters to 64 bits)
sys/netipsec/ipsec.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_mbuf.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_output.c (add #include netipsec/ipsec_var.h)
sys/netinet/raw_ip.c (add #include netipsec/ipsec_var.h)
sys/netinet/tcp_input.c (add #include netipsec/ipsec_var.h)
sys/netinet/udp_usrreq.c (add #include netipsec/ipsec_var.h)
Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":
New file:
usr.bin/netstat/fast_ipsec.c (print fast-ipsec counters)
Changed files:
usr.bin/netstat/Makefile (add fast_ipsec.c)
usr.bin/netstat/netstat.h (declarations for fast_ipsec.c)
usr.bin/netstat/main.c (call KAME-vs-fast-ipsec dispatcher)
 1.25.2.1 19-Jun-2006  chap Sync with head.
 1.32.2.1 05-Mar-2011  bouyer Sync with HEAD
 1.36.2.2 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.36.2.1 17-Apr-2012  yamt sync with head
 1.38.2.1 23-Jun-2013  tls resync from head
 1.39.8.1 08-Jan-2015  martin Pull up following revision(s) (requested by prlw1 in ticket #390):
usr.bin/netstat/mroute.c: revision 1.25
usr.bin/netstat/Makefile: revision 1.40
sbin/route/prog_ops.h: revision 1.3
sbin/route/rtutil.c: revision 1.1
sbin/route/rtutil.h: revision 1.1
usr.bin/netstat/mroute6.c: revision 1.15
sbin/route/extern.h: revision 1.15
usr.bin/netstat/show.c: file removal
usr.bin/netstat/main.c: revision 1.93
usr.bin/netstat/route.c: revision 1.83
usr.bin/netstat/netstat.h: revision 1.51
distrib/utils/x_route/Makefile: revision 1.18
sbin/route/show.c: revision 1.46
usr.bin/netstat/if.c: revision 1.80
sbin/route/route.c: revision 1.145
sbin/route/Makefile: revision 1.26
Factor out the netstat route printing code and use it here. There is no
point in having 2 different copies; fixes PR/49371
 1.43.2.1 07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.45.6.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.45.4.2 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.45.4.1 08-Apr-2020  martin Merge changes from current as of 20200406
 1.21 02-Sep-2022  msaitoh KNF. No functional change.
 1.20 01-Sep-2022  msaitoh KNF. No functional change.
 1.19 28-Aug-2020  ozaki-r netstat: strengthen against kernel changes

netstat uses sysctlbyname to get counter data from the kernel.
sysctlbyname fails with ENOMEM if actual counter data in the kernel is
larger than a passed buffer. netstat just skips showing counters of a
category if sysctlbyname fails, so if we added new counters of the
category to the kernel, nestat shows nothing for the category.

Fortunately sysctlbyname fills data as much as possible even if a passed
buffer is short. So we can allow netstat to show the filled data anyway
if sysctlbyname fails with ENOMEM.

Note that this backcompat mechanism works only if new counters are
appended, and doesn't work if new counters are inserted into the middle
or counters are moved.
 1.18 23-Apr-2020  joerg Avoid global scope for variables only used locally
 1.17 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.16 06-Jun-2015  joerg branches: 1.16.8; 1.16.16; 1.16.18;
Drop assignment from uninitialized and otherwise unused variable.
 1.15 18-Oct-2013  christos branches: 1.15.4;
- avoid pointer gymnastics
- remove unused variables
 1.14 12-Apr-2009  lukem branches: 1.14.6; 1.14.12;
Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.13 24-Apr-2008  thorpej branches: 1.13.8;
net.atalk, not net.at.
 1.12 24-Apr-2008  thorpej Note which things are not available by KVM, and print a nice message
stating so if someone specifically asks for it.
 1.11 23-Apr-2008  thorpej Make DDP stats per-cpu. While here, bump the counters to 64-bit and
make them available by sysctl.
 1.10 06-Apr-2006  rpaulo branches: 1.10.20;
snprintf returns int, not size_t. CID 691.
From bjh21.
 1.9 04-Aug-2005  rpaulo Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.8 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.7 19-Aug-2001  itojun snprintf length audit. from openbsd
 1.6 11-Oct-2000  is More format string cleanup by sommerfeld.
 1.5 06-Jan-1999  abs branches: 1.5.2; 1.5.10;
Apply (slightly modified) patch from 5543 to fix -s behaviour for netatalk.
 1.4 12-Jul-1998  mrg - KNF
- use err(3)
- sprintf/strcpy -> snprintf/strncpy
- change route.c:domask() to take a size_t of the buffer passed.
 1.3 19-Oct-1997  lukem fix up .Nm usage, getopt returns -1 not EOF
 1.2 22-May-1997  christos branches: 1.2.2;
PR/3660: Dave Huang: Fix formatting misalignments in appletalk
PR/3659: Dave Huang: Fix PCB reporting in appletalk
 1.1 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.2.2.2 22-May-1997  christos PR/3660: Dave Huang: Fix formatting misalignments in appletalk
PR/3659: Dave Huang: Fix PCB reporting in appletalk
 1.2.2.1 22-May-1997  christos file atalk.c was added on branch SYN_cache_branch on 1997-05-22 17:21:27 +0000
 1.5.10.1 18-Oct-2000  tv Pullup usr.bin string format fixes [is].
See "cvs log" for explicit revision numbers per file, from sommerfeld.
 1.5.2.1 19-Oct-2000  he Pull up revision 1.6 (requested by he):
Format string cleanup.
 1.10.20.1 18-May-2008  yamt sync with head.
 1.13.8.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.14.12.1 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.14.6.1 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.15.4.1 10-Jun-2015  snj Pull up following revision(s) (requested by joerg in ticket #831):
gnu/dist/groff/src/utils/hpftodit/hpftodit.cpp: revision 1.6
gnu/dist/texinfo/makeinfo/files.c: revision 1.10
usr.bin/netstat/atalk.c: revision 1.16
Fix operator precedence to allocate enough memory.
--
Drop assignment from uninitialized and otherwise unused variable.
--
The opposite of new[] is delete[], not delete.
 1.16.18.2 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.16.18.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.16.16.1 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.16.8.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.18 18-Aug-2023  martin Rename local bpf_* functions to nsbpf_* to avoid conflicts with
new libpcap bpf_* functions
 1.17 19-Nov-2022  yamt netstat/bpf.c: Don't print garbage for stale pid
 1.16 01-Sep-2022  msaitoh KNF. No functional change.
 1.15 28-Aug-2020  ozaki-r netstat: strengthen against kernel changes

netstat uses sysctlbyname to get counter data from the kernel.
sysctlbyname fails with ENOMEM if actual counter data in the kernel is
larger than a passed buffer. netstat just skips showing counters of a
category if sysctlbyname fails, so if we added new counters of the
category to the kernel, nestat shows nothing for the category.

Fortunately sysctlbyname fills data as much as possible even if a passed
buffer is short. So we can allow netstat to show the filled data anyway
if sysctlbyname fails with ENOMEM.

Note that this backcompat mechanism works only if new counters are
appended, and doesn't work if new counters are inserted into the middle
or counters are moved.
 1.14 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.13 26-Jun-2018  msaitoh branches: 1.13.2; 1.13.4;
Fix a bug that BPF_D_OUT isn't printed correctly.
 1.12 26-Jun-2018  msaitoh Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward
compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same
as FreeBSD.

This change also fixes a bug that the direction is misunderstand on some
environment by passing the direction to bpf_mtap*() instead of checking
m->m_pkthdr.rcvif.
 1.11 14-Dec-2012  msaitoh branches: 1.11.22; 1.11.28;
Fix memory leak.
 1.10 13-Dec-2010  pooka branches: 1.10.6; 1.10.8; 1.10.12;
Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.9 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.8 28-Apr-2008  martin branches: 1.8.6; 1.8.8;
Remove clause 3 and 4 from TNF licenses
 1.7 24-Apr-2008  thorpej Note which things are not available by KVM, and print a nice message
stating so if someone specifically asks for it.
 1.6 22-Sep-2006  elad branches: 1.6.16;
PR/31347: Geoff C. Wing: netstat err message is ambiguous about cause
Applied patch, thanks!
 1.5 21-Nov-2005  rpaulo Convert 3 printf() calls into one puts().
 1.4 02-Sep-2005  rpaulo Place the sysctl code under an if block and print an error message if the
user tries to fetch information via kvm.

Discussed with Elad Efrat.
 1.3 02-Sep-2005  rpaulo Request process information using sysctl(3) and not kvm(3) since bpf(4)
statistics and peers are only available using the former.
 1.2 05-Aug-2005  elad Fix printing formats.
 1.1 04-Aug-2005  rpaulo Implemented the userland part of the BPF statistics and BPF peers,
net.bpf.stats and net.bpf.peers sysctls respectively. netstat(1) now
has an additional syntax:
netstat [-s] [-B] [-I Interface]

Only the super user can see a list of BPF peers with the following command:
# netstat -B
Active BPF peers
PID Int Recv Drop Capt Flags Bufsize Comm
4941 lo0 0 0 0 I--S- 262144 tcpdump
252 ex0 19668 0 5 I-RS- 32768 dhclient

And every user can see the BPF statistics with:
$ netstat -s -B
bpf:
19669 total packets received
5 total packets captured
0 total packets dropped

This idea came from FreeBSD (Christian S.J. Peron) but, currently, they
doen't have a userland utility in the base system to read the sysctls.

Reviewed by: christos@
 1.6.16.1 18-May-2008  yamt sync with head.
 1.8.8.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.8.6.1 13-Jan-2013  bouyer Pull up following revision(s) (requested by msaitoh in ticket #1833):
usr.bin/netstat/bpf.c: revision 1.11
Fix memory leak.
 1.10.12.1 25-Feb-2013  tls resync with head
 1.10.8.1 25-Dec-2012  snj Pull up following revision(s) (requested by msaitoh in ticket #763):
usr.bin/netstat/bpf.c: revision 1.11
Fix memory leak.
 1.10.6.1 23-Jan-2013  yamt sync with head
 1.11.28.1 28-Jul-2018  pgoyette Sync with HEAD
 1.11.22.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.13.4.2 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.13.4.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.13.2.1 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.24 01-Sep-2022  msaitoh KNF. No functional change.
 1.23 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.22 29-Jun-2017  ozaki-r branches: 1.22.6; 1.22.8;
Tweak outputs of netstat -s for IPsec

- Get rid of "Fast"
- Use ipsec and ipsec6 for titles to clarify protocol
- Indent outputs of sub protocols

Original outputs were organized like this:

(Fast) IPsec:
IPsec ah:
IPsec esp:
IPsec ipip:
IPsec ipcomp:
(Fast) IPsec:
IPsec ah:
IPsec esp:
IPsec ipip:
IPsec ipcomp:

New outputs are organized like this:

ipsec:
ah:
esp:
ipip:
ipcomp:
ipsec6:
ah:
esp:
ipip:
ipcomp:
 1.21 13-Apr-2017  christos branches: 1.21.4;
Redo the statistics through an indirection array and put the definitions
of the arrays in pfkeyv2.h so that they are next to the index definitions.
Remove "bogus" comment about compressing the statistics which is now fixed.
 1.20 15-Apr-2013  christos branches: 1.20.10; 1.20.14;
PR/47744: Frank Kardel: netstat -s stops output prematurely when ipsec is not
compiled.
If the first sysctl fails return silently.
XXX: pullup-6
 1.19 22-Mar-2012  drochner branches: 1.19.2;
remove KAME IPSEC, replaced by FAST_IPSEC
 1.18 06-Jan-2012  drochner more IPSEC header cleanup: don't install unneeded headers to userland,
and remove some differences berween KAME and FAST_IPSEC
 1.17 26-May-2011  drochner branches: 1.17.4;
pull in AES-GCM/GMAC support from OpenBSD
This is still somewhat experimental. Tested between 2 similar boxes
so far. There is much potential for performance improvement. For now,
I've changed the gmac code to accept any data alignment, as the "char *"
pointer suggests. As the code is practically used, 32-bit alignment
can be assumed, at the cost of data copies. I don't know whether
bytewise access or copies are worse performance-wise. For efficient
implementations using SSE2 instructions on x86, even stricter
alignment requirements might arise.
 1.16 24-May-2011  drochner copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.
 1.15 23-May-2011  drochner report aes-ctr statistic counter by name
 1.14 05-May-2011  drochner decode camellia-cbc in stats histogram
 1.13 19-Apr-2011  drochner fix some labels for ipcomp counters which didn't make sense at all
 1.12 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.11 24-Apr-2008  thorpej branches: 1.11.8;
Note which things are not available by KVM, and print a nice message
stating so if someone specifically asks for it.
 1.10 23-Apr-2008  thorpej Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().
 1.9 29-Dec-2007  degroote branches: 1.9.4;
Report the new ipcomp stats under FAST_IPSEC : ipcomps_minlen and
ipcomps_uselesscomp
 1.8 05-Dec-2007  seanb Report ipsecstats.ips_spdcache_miss under FAST_IPSEC correctly.
 1.7 04-Aug-2005  rpaulo branches: 1.7.12;
Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.6 17-Jul-2004  atatat Rework sys/netipsec/ipsec_netbsd.c to present a more consistent tree.

Rework usr.bin/netstat/fast_ipsec.c to find the stats nodes under the
new names (Kame uses the name stats so we use different ones), as well
as setting slen appropriately between calls to sysctlbyname(), and
providing forward compatibility when actually retrieving stats via
sysctlbyname().

And correct a spelling error.
 1.5 27-Jun-2004  jonathan Fix two stupid bugs I introduced with stats for fast-ipsec:

1. Pass the caller-supplied protocol name down through ipsec_switch().

2. Remove my poor attempt to print fast-ipsec stats automagically for
`netstat -s'. The previous code would print (fast)IPsec per-protocol
stats even for 'netstat', which is just wrong.

A better fix would be to enumerate the sub-"protocols" under IPsec;
but first lets fix the broken behaviour now, for a pullup to 2.0.
 1.4 06-Jun-2004  christos Temporary hack to fix ipsec stats lossage. Atatat, are you listening?
 1.3 09-May-2004  petrov branches: 1.3.2;
Forgotten $ for NetBSD key.
 1.2 09-May-2004  petrov Use int_fmtio.h and PRUx formats for longs.
 1.1 07-May-2004  jonathan Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl, for
netstat -p ipsec.

New kernel files:
sys/netipsec/Makefile (new file; install *_var.h includes)
sys/netipsec/ipsec_var.h (new 64-bit mib counter struct)

Changed kernel files:
sys/Makefile (recurse into sys/netipsec/)
sys/netinet/in.h (fake IP_PROTO name for fast_ipsec
sysctl subtree.)
sys/netipsec/ipsec.h (minimal userspace inclusion)
sys/netipsec/ipsec_osdep.h (minimal userspace inclusion)
sys/netipsec/ipsec_netbsd.c (redo sysctl subtree from scratch)
sys/netipsec/key*.c (fix broken net.key subtree)

sys/netipsec/ah_var.h (increase all counters to 64 bits)
sys/netipsec/esp_var.h (increase all counters to 64 bits)
sys/netipsec/ipip_var.h (increase all counters to 64 bits)
sys/netipsec/ipcomp_var.h (increase all counters to 64 bits)

sys/netipsec/ipsec.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_mbuf.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_output.c (add #include netipsec/ipsec_var.h)

sys/netinet/raw_ip.c (add #include netipsec/ipsec_var.h)
sys/netinet/tcp_input.c (add #include netipsec/ipsec_var.h)
sys/netinet/udp_usrreq.c (add #include netipsec/ipsec_var.h)

Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":

New file:
usr.bin/netstat/fast_ipsec.c (print fast-ipsec counters)

Changed files:
usr.bin/netstat/Makefile (add fast_ipsec.c)
usr.bin/netstat/netstat.h (declarations for fast_ipsec.c)
usr.bin/netstat/main.c (call KAME-vs-fast-ipsec dispatcher)
 1.3.2.7 17-Jul-2004  he Pull up revision 1.6 (requested by atatat in ticket #674):
Rework ipsec_netbsd.c to present a more ocnsistent tree.
Rework netstat to find the stats nodes under the new names.
 1.3.2.6 14-Jul-2004  tron Pull up revision 1.5 (requested by jonathan in ticket #647):
Fix two stupid bugs I introduced with stats for fast-ipsec:
1. Pass the caller-supplied protocol name down through ipsec_switch().
2. Remove my poor attempt to print fast-ipsec stats automagically for
`netstat -s'. The previous code would print (fast)IPsec per-protocol
stats even for 'netstat', which is just wrong.
A better fix would be to enumerate the sub-"protocols" under IPsec;
but first lets fix the broken behaviour now, for a pullup to 2.0.
 1.3.2.5 14-Jul-2004  tron Pull up revision 1.4 (requested by jonathan in ticket #647):
Temporary hack to fix ipsec stats lossage. Atatat, are you listening?
 1.3.2.4 11-May-2004  tron Pull up revision 1.3 (requested by martin in ticket #310):
Forgotten $ for NetBSD key.
 1.3.2.3 11-May-2004  tron Pull up revision 1.2 (requested by martin in ticket #310):
Use int_fmtio.h and PRUx formats for longs.
 1.3.2.2 10-May-2004  tron Pull up revision 1.1 (requested by jonathan in ticket #280):
Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl, for
netstat -p ipsec.
New kernel files:
sys/netipsec/Makefile (new file; install *_var.h includes)
sys/netipsec/ipsec_var.h (new 64-bit mib counter struct)
Changed kernel files:
sys/Makefile (recurse into sys/netipsec/)
sys/netinet/in.h (fake IP_PROTO name for fast_ipsec
sysctl subtree.)
sys/netipsec/ipsec.h (minimal userspace inclusion)
sys/netipsec/ipsec_osdep.h (minimal userspace inclusion)
sys/netipsec/ipsec_netbsd.c (redo sysctl subtree from scratch)
sys/netipsec/key*.c (fix broken net.key subtree)
sys/netipsec/ah_var.h (increase all counters to 64 bits)
sys/netipsec/esp_var.h (increase all counters to 64 bits)
sys/netipsec/ipip_var.h (increase all counters to 64 bits)
sys/netipsec/ipcomp_var.h (increase all counters to 64 bits)
sys/netipsec/ipsec.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_mbuf.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_output.c (add #include netipsec/ipsec_var.h)
sys/netinet/raw_ip.c (add #include netipsec/ipsec_var.h)
sys/netinet/tcp_input.c (add #include netipsec/ipsec_var.h)
sys/netinet/udp_usrreq.c (add #include netipsec/ipsec_var.h)
Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":
New file:
usr.bin/netstat/fast_ipsec.c (print fast-ipsec counters)
Changed files:
usr.bin/netstat/Makefile (add fast_ipsec.c)
usr.bin/netstat/netstat.h (declarations for fast_ipsec.c)
usr.bin/netstat/main.c (call KAME-vs-fast-ipsec dispatcher)
 1.3.2.1 09-May-2004  tron file fast_ipsec.c was added on branch netbsd-2-0 on 2004-05-10 15:00:38 +0000
 1.7.12.1 09-Jan-2008  matt sync with HEAD
 1.9.4.1 18-May-2008  yamt sync with head.
 1.11.8.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.17.4.2 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.17.4.1 17-Apr-2012  yamt sync with head
 1.19.2.1 23-Jun-2013  tls resync from head
 1.20.14.1 21-Apr-2017  bouyer Sync with HEAD
 1.20.10.1 26-Apr-2017  pgoyette Sync with HEAD
 1.21.4.2 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.21.4.1 21-Oct-2017  snj Pull up following revision(s) (requested by ozaki-r in ticket #300):
crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19
crypto/dist/ipsec-tools/src/setkey/token.l: 1.20
distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759
doc/TODO.smpnet: 1.12-1.13
sys/net/pfkeyv2.h: 1.32
sys/net/raw_cb.c: 1.23-1.24, 1.28
sys/net/raw_cb.h: 1.28
sys/net/raw_usrreq.c: 1.57-1.58
sys/net/rtsock.c: 1.228-1.229
sys/netinet/in_proto.c: 1.125
sys/netinet/ip_input.c: 1.359-1.361
sys/netinet/tcp_input.c: 1.359-1.360
sys/netinet/tcp_output.c: 1.197
sys/netinet/tcp_var.h: 1.178
sys/netinet6/icmp6.c: 1.213
sys/netinet6/in6_proto.c: 1.119
sys/netinet6/ip6_forward.c: 1.88
sys/netinet6/ip6_input.c: 1.181-1.182
sys/netinet6/ip6_output.c: 1.193
sys/netinet6/ip6protosw.h: 1.26
sys/netipsec/ipsec.c: 1.100-1.122
sys/netipsec/ipsec.h: 1.51-1.61
sys/netipsec/ipsec6.h: 1.18-1.20
sys/netipsec/ipsec_input.c: 1.44-1.51
sys/netipsec/ipsec_netbsd.c: 1.41-1.45
sys/netipsec/ipsec_output.c: 1.49-1.64
sys/netipsec/ipsec_private.h: 1.5
sys/netipsec/key.c: 1.164-1.234
sys/netipsec/key.h: 1.20-1.32
sys/netipsec/key_debug.c: 1.18-1.21
sys/netipsec/key_debug.h: 1.9
sys/netipsec/keydb.h: 1.16-1.20
sys/netipsec/keysock.c: 1.59-1.62
sys/netipsec/keysock.h: 1.10
sys/netipsec/xform.h: 1.9-1.12
sys/netipsec/xform_ah.c: 1.55-1.74
sys/netipsec/xform_esp.c: 1.56-1.72
sys/netipsec/xform_ipcomp.c: 1.39-1.53
sys/netipsec/xform_ipip.c: 1.50-1.54
sys/netipsec/xform_tcp.c: 1.12-1.16
sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170
sys/rump/librump/rumpnet/net_stub.c: 1.27
sys/sys/protosw.h: 1.67-1.68
tests/net/carp/t_basic.sh: 1.7
tests/net/if_gif/t_gif.sh: 1.11
tests/net/if_l2tp/t_l2tp.sh: 1.3
tests/net/ipsec/Makefile: 1.7-1.9
tests/net/ipsec/algorithms.sh: 1.5
tests/net/ipsec/common.sh: 1.4-1.6
tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2
tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2
tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7
tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7
tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18
tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2
tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2
tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6
tests/net/ipsec/t_ipsec_tunnel.sh: 1.9
tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2
tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3
tests/net/mcast/t_mcast.sh: 1.6
tests/net/net/t_ipaddress.sh: 1.11
tests/net/net_common.sh: 1.20
tests/net/npf/t_npf.sh: 1.3
tests/net/route/t_flags.sh: 1.20
tests/net/route/t_flags6.sh: 1.16
usr.bin/netstat/fast_ipsec.c: 1.22
Do m_pullup before mtod

It may fix panicks of some tests on anita/sparc and anita/GuruPlug.
---
KNF
---
Enable DEBUG for babylon5
---
Apply C99-style struct initialization to xformsw
---
Tweak outputs of netstat -s for IPsec

- Get rid of "Fast"
- Use ipsec and ipsec6 for titles to clarify protocol
- Indent outputs of sub protocols

Original outputs were organized like this:

(Fast) IPsec:
IPsec ah:
IPsec esp:
IPsec ipip:
IPsec ipcomp:
(Fast) IPsec:
IPsec ah:
IPsec esp:
IPsec ipip:
IPsec ipcomp:

New outputs are organized like this:

ipsec:
ah:
esp:
ipip:
ipcomp:
ipsec6:
ah:
esp:
ipip:
ipcomp:
---
Add test cases for IPComp
---
Simplify IPSEC_OSTAT macro (NFC)
---
KNF; replace leading whitespaces with hard tabs
---
Introduce and use SADB_SASTATE_USABLE_P
---
KNF
---
Add update command for testing

Updating an SA (SADB_UPDATE) requires that a process issuing
SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI).
This means that update command must be used with add command in a
configuration of setkey. This usage is normally meaningless but
useful for testing (and debugging) purposes.
---
Add test cases for updating SA/SP

The tests require newly-added udpate command of setkey.
---
PR/52346: Frank Kardel: Fix checksumming for NAT-T
See XXX for improvements.
---
Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE

It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters
that have IPsec accelerators; a driver sets the mtag to a packet
when its device has already encrypted the packet.

Unfortunately no driver implements such offload features for long
years and seems unlikely to implement them soon. (Note that neither
FreeBSD nor Linux doesn't have such drivers.) Let's remove related
(unused) codes and simplify the IPsec code.
---
Fix usages of sadb_msg_errno
---
Avoid updating sav directly

On SADB_UPDATE a target sav was updated directly, which was unsafe.
Instead allocate another sav, copy variables of the old sav to
the new one and replace the old one with the new one.
---
Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid
---
Rename key_alloc* functions (NFC)

We shouldn't use the term "alloc" for functions that just look up
data and actually don't allocate memory.
---
Use explicit_memset to surely zero-clear key_auth and key_enc
---
Make sure to clear keys on error paths of key_setsaval
---
Add missing KEY_FREESAV
---
Make sure a sav is inserted to a sah list after its initialization completes
---
Remove unnecessary zero-clearing codes from key_setsaval

key_setsaval is now used only for a newly-allocated sav. (It was
used to reset variables of an existing sav.)
---
Correct wrong assumption of sav->refcnt in key_delsah

A sav in a list is basically not to be sav->refcnt == 0. And also
KEY_FREESAV assumes sav->refcnt > 0.
---
Let key_getsavbyspi take a reference of a returning sav
---
Use time_mono_to_wall (NFC)
---
Separate sending message routine (NFC)
---
Simplify; remove unnecessary zero-clears

key_freesaval is used only when a target sav is being destroyed.
---
Omit NULL checks for sav->lft_c

sav->lft_c can be NULL only when initializing or destroying sav.
---
Omit unnecessary NULL checks for sav->sah
---
Omit unnecessary check of sav->state

key_allocsa_policy picks a sav of either MATURE or DYING so we
don't need to check its state again.
---
Simplify; omit unnecessary saidx passing

- ipsec_nextisr returns a saidx but no caller uses it
- key_checkrequest is passed a saidx but it can be gotton by
another argument (isr)
---
Fix splx isn't called on some error paths
---
Fix header size calculation of esp where sav is NULL
---
Fix header size calculation of ah in the case sav is NULL

This fix was also needed for esp.
---
Pass sav directly to opencrypto callback

In a callback, use a passed sav as-is by default and look up a sav
only if the passed sav is dead.
---
Avoid examining freshness of sav on packet processing

If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance,
we don't need to examine each sav and also don't need to delete one
on the fly and send up a message. Fortunately every sav lists are sorted
as we need.

Added key_validate_savlist validates that each sav list is surely sorted
(run only if DEBUG because it's not cheap).
---
Add test cases for SAs with different SPIs
---
Prepare to stop using isr->sav

isr is a shared resource and using isr->sav as a temporal storage
for each packet processing is racy. And also having a reference from
isr to sav makes the lifetime of sav non-deterministic; such a reference
is removed when a packet is processed and isr->sav is overwritten by
new one. Let's have a sav locally for each packet processing instead of
using shared isr->sav.

However this change doesn't stop using isr->sav yet because there are
some users of isr->sav. isr->sav will be removed after the users find
a way to not use isr->sav.
---
Fix wrong argument handling
---
fix printf format.
---
Don't validate sav lists of LARVAL or DEAD states

We don't sort the lists so the validation will always fail.

Fix PR kern/52405
---
Make sure to sort the list when changing the state by key_sa_chgstate
---
Rename key_allocsa_policy to key_lookup_sa_bysaidx
---
Separate test files
---
Calculate ah_max_authsize on initialization as well as esp_max_ivlen
---
Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag
---
Restore a comment removed in previous

The comment is valid for the below code.
---
Make tests more stable

sleep command seems to wait longer than expected on anita so
use polling to wait for a state change.
---
Add tests that explicitly delete SAs instead of waiting for expirations
---
Remove invalid M_AUTHIPDGM check on ESP isr->sav

M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can
have AH authentication as sav->tdb_authalgxform. However, in that
case esp_input and esp_input_cb are used to do ESP decryption and
AH authentication and M_AUTHIPDGM never be set to a mbuf. So
checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless.
---
Look up sav instead of relying on unstable sp->req->sav

This code is executed only in an error path so an additional lookup
doesn't matter.
---
Correct a comment
---
Don't release sav if calling crypto_dispatch again
---
Remove extra KEY_FREESAV from ipsec_process_done

It should be done by the caller.
---
Don't bother the case of crp->crp_buf == NULL in callbacks
---
Hold a reference to an SP during opencrypto processing

An SP has a list of isr (ipsecrequest) that represents a sequence
of IPsec encryption/authentication processing. One isr corresponds
to one opencrypto processing. The lifetime of an isr follows its SP.

We pass an isr to a callback function of opencrypto to continue
to a next encryption/authentication processing. However nobody
guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed.

In order to avoid such unexpected destruction of isr, hold a reference
to its SP during opencrypto processing.
---
Don't make SAs expired on tests that delete SAs explicitly
---
Fix a debug message
---
Dedup error paths (NFC)
---
Use pool to allocate tdb_crypto

For ESP and AH, we need to allocate an extra variable space in addition
to struct tdb_crypto. The fixed size of pool items may be larger than
an actual requisite size of a buffer, but still the performance
improvement by replacing malloc with pool wins.
---
Don't use unstable isr->sav for header size calculations

We may need to optimize to not look up sav here for users that
don't need to know an exact size of headers (e.g., TCP segmemt size
caclulation).
---
Don't use sp->req->sav when handling NAT-T ESP fragmentation

In order to do this we need to look up a sav however an additional
look-up degrades performance. A sav is later looked up in
ipsec4_process_packet so delay the fragmentation check until then
to avoid an extra look-up.
---
Don't use key_lookup_sp that depends on unstable sp->req->sav

It provided a fast look-up of SP. We will provide an alternative
method in the future (after basic MP-ification finishes).
---
Stop setting isr->sav on looking up sav in key_checkrequest
---
Remove ipsecrequest#sav
---
Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore
---
Skip ipsec_spi_*_*_preferred_new_timeout when running on qemu

Probably due to PR 43997
---
Add localcount to rump kernels
---
Remove unused macro
---
Fix key_getcomb_setlifetime

The fix adjusts a soft limit to be 80% of a corresponding hard limit.

I'm not sure the fix is really correct though, at least the original
code is wrong. A passed comb is zero-cleared before calling
key_getcomb_setlifetime, so
comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
is meaningless.
---
Provide and apply key_sp_refcnt (NFC)

It simplifies further changes.
---
Fix indentation

Pointed out by knakahara@
---
Use pslist(9) for sptree
---
Don't acquire global locks for IPsec if NET_MPSAFE

Note that the change is just to make testing easy and IPsec isn't MP-safe yet.
---
Let PF_KEY socks hold their own lock instead of softnet_lock

Operations on SAD and SPD are executed via PF_KEY socks. The operations
include deletions of SAs and SPs that will use synchronization mechanisms
such as pserialize_perform to wait for references to SAs and SPs to be
released. It is known that using such mechanisms with holding softnet_lock
causes a dead lock. We should avoid the situation.
---
Make IPsec SPD MP-safe

We use localcount(9), not psref(9), to make the sptree and secpolicy (SP)
entries MP-safe because SPs need to be referenced over opencrypto
processing that executes a callback in a different context.

SPs on sockets aren't managed by the sptree and can be destroyed in softint.
localcount_drain cannot be used in softint so we delay the destruction of
such SPs to a thread context. To do so, a list to manage such SPs is added
(key_socksplist) and key_timehandler_spd deletes dead SPs in the list.

For more details please read the locking notes in key.c.

Proposed on tech-kern@ and tech-net@
---
Fix updating ipsec_used

- key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush
- key_update_used wasn't called if an SP had been added/deleted but
a reply to userland failed
---
Fix updating ipsec_used; turn on when SPs on sockets are added
---
Add missing IPsec policy checks to icmp6_rip6_input

icmp6_rip6_input is quite similar to rip6_input and the same checks exist
in rip6_input.
---
Add test cases for setsockopt(IP_IPSEC_POLICY)
---
Don't use KEY_NEWSP for dummy SP entries

By the change KEY_NEWSP is now not called from softint anymore
and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP.
---
Comment out unused functions
---
Add test cases that there are SPs but no relevant SAs
---
Don't allow sav->lft_c to be NULL

lft_c of an sav that was created by SADB_GETSPI could be NULL.
---
Clean up clunky eval strings

- Remove unnecessary \ at EOL
- This allows to omit ; too
- Remove unnecessary quotes for arguments of atf_set
- Don't expand $DEBUG in eval
- We expect it's expanded on execution

Suggested by kre@
---
Remove unnecessary KEY_FREESAV in an error path

sav should be freed (unreferenced) by the caller.
---
Use pslist(9) for sahtree
---
Use pslist(9) for sah->savtree
---
Rename local variable newsah to sah

It may not be new.
---
MP-ify SAD slightly

- Introduce key_sa_mtx and use it for some list operations
- Use pserialize for some list iterations
---
Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future

KEY_SA_UNREF is still key_freesav so no functional change for now.

This change reduces diff of further changes.
---
Remove out-of-date log output

Pointed out by riastradh@
---
Use KDASSERT instead of KASSERT for mutex_ownable

Because mutex_ownable is too heavy to run in a fast path
even for DIAGNOSTIC + LOCKDEBUG.

Suggested by riastradh@
---
Assemble global lists and related locks into cache lines (NFCI)

Also rename variable names from *tree to *list because they are
just lists, not trees.

Suggested by riastradh@
---
Move locking notes
---
Update the locking notes

- Add locking order
- Add locking notes for misc lists such as reglist
- Mention pserialize, key_sp_ref and key_sp_unref on SP operations

Requested by riastradh@
---
Describe constraints of key_sp_ref and key_sp_unref

Requested by riastradh@
---
Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL
---
Add __read_mostly to key_psz

Suggested by riastradh@
---
Tweak wording (pserialize critical section => pserialize read section)

Suggested by riastradh@
---
Add missing mutex_exit
---
Fix setkey -D -P outputs

The outputs were tweaked (by me), but I forgot updating libipsec
in my local ATF environment...
---
MP-ify SAD (key_sad.sahlist and sah entries)

localcount(9) is used to protect key_sad.sahlist and sah entries
as well as SPD (and will be used for SAD sav).

Please read the locking notes of SAD for more details.
---
Introduce key_sa_refcnt and replace sav->refcnt with it (NFC)
---
Destroy sav only in the loop for DEAD sav
---
Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf

If key_sendup_mbuf isn't passed a socket, the assertion fails.
Originally in this case sb->sb_so was softnet_lock and callers
held softnet_lock so the assertion was magically satisfied.
Now sb->sb_so is key_so_mtx and also softnet_lock isn't always
held by callers so the assertion can fail.

Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket.

Reported by knakahara@
Tested by knakahara@ and ozaki-r@
---
Fix locking notes of SAD
---
Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain

If we call key_sendup_mbuf from key_acquire that is called on packet
processing, a deadlock can happen like this:
- At key_acquire, a reference to an SP (and an SA) is held
- key_sendup_mbuf will try to take key_so_mtx
- Some other thread may try to localcount_drain to the SP with
holding key_so_mtx in say key_api_spdflush
- In this case localcount_drain never return because key_sendup_mbuf
that has stuck on key_so_mtx never release a reference to the SP

Fix the deadlock by deferring key_sendup_mbuf to the timer
(key_timehandler).
---
Fix that prev isn't cleared on retry
---
Limit the number of mbufs queued for deferred key_sendup_mbuf

It's easy to be queued hundreds of mbufs on the list under heavy
network load.
---
MP-ify SAD (savlist)

localcount(9) is used to protect savlist of sah. The basic design is
similar to MP-ifications of SPD and SAD sahlist. Please read the
locking notes of SAD for more details.
---
Simplify ipsec_reinject_ipstack (NFC)
---
Add per-CPU rtcache to ipsec_reinject_ipstack

It reduces route lookups and also reduces rtcache lock contentions
when NET_MPSAFE is enabled.
---
Use pool_cache(9) instead of pool(9) for tdb_crypto objects

The change improves network throughput especially on multi-core systems.
---
Update

ipsec(4), opencrypto(9) and vlan(4) are now MP-safe.
---
Write known issues on scalability
---
Share a global dummy SP between PCBs

It's never be changed so it can be pre-allocated and shared safely between PCBs.
---
Fix race condition on the rawcb list shared by rtsock and keysock

keysock now protects itself by its own mutex, which means that
the rawcb list is protected by two different mutexes (keysock's one
and softnet_lock for rtsock), of course it's useless.

Fix the situation by having a discrete rawcb list for each.
---
Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE
---
fix localcount leak in sav. fixed by ozaki-r@n.o.

I commit on behalf of him.
---
remove unnecessary comment.
---
Fix deadlock between pserialize_perform and localcount_drain

A typical ussage of localcount_drain looks like this:

mutex_enter(&mtx);
item = remove_from_list();
pserialize_perform(psz);
localcount_drain(&item->localcount, &cv, &mtx);
mutex_exit(&mtx);

This sequence can cause a deadlock which happens for example on the following
situation:

- Thread A calls localcount_drain which calls xc_broadcast after releasing
a specified mutex
- Thread B enters the sequence and calls pserialize_perform with holding
the mutex while pserialize_perform also calls xc_broadcast
- Thread C (xc_thread) that calls an xcall callback of localcount_drain tries
to hold the mutex

xc_broadcast of thread B doesn't start until xc_broadcast of thread A
finishes, which is a feature of xcall(9). This means that pserialize_perform
never complete until xc_broadcast of thread A finishes. On the other hand,
thread C that is a callee of xc_broadcast of thread A sticks on the mutex.
Finally the threads block each other (A blocks B, B blocks C and C blocks A).

A possible fix is to serialize executions of the above sequence by another
mutex, but adding another mutex makes the code complex, so fix the deadlock
by another way; the fix is to release the mutex before pserialize_perform
and instead use a condvar to prevent pserialize_perform from being called
simultaneously.

Note that the deadlock has happened only if NET_MPSAFE is enabled.
---
Add missing ifdef NET_MPSAFE
---
Take softnet_lock on pr_input properly if NET_MPSAFE

Currently softnet_lock is taken unnecessarily in some cases, e.g.,
icmp_input and encap4_input from ip_input, or not taken even if needed,
e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.

NFC if NET_MPSAFE is disabled (default).
---
- sanitize key debugging so that we don't print extra newlines or unassociated
debugging messages.
- remove unused functions and make internal ones static
- print information in one line per message
---
humanize printing of ip addresses
---
cast reduction, NFC.
---
Fix typo in comment
---
Pull out ipsec_fill_saidx_bymbuf (NFC)
---
Don't abuse key_checkrequest just for looking up sav

It does more than expected for example key_acquire.
---
Fix SP is broken on transport mode

isr->saidx was modified accidentally in ipsec_nextisr.

Reported by christos@
Helped investigations by christos@ and knakahara@
---
Constify isr at many places (NFC)
---
Include socketvar.h for softnet_lock
---
Fix buffer length for ipsec_logsastr
 1.22.8.2 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.22.8.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.22.6.1 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.4 13-May-1994  mycroft Clean up deleted files.
 1.3 01-Apr-1994  cgd kill lots of off_t's.
 1.2 01-Aug-1993  mycroft Add RCS identifiers.
 1.1 21-Mar-1993  cgd after 0.2.2 "stable" patches applied
 1.109 28-Dec-2022  mrg if not given an interface to monitor by default, pick the one
with the most bytes in/out the first time and keep using it.

in addition to picking the most likely intersting interface,
this actually fixes a bug where interfaces coming/going in
the middle of eg, "netstat -b -w 1", may end up showing the
data for another interface on any output line (including the
the header declaring the interface!)
 1.108 12-Dec-2022  msaitoh branches: 1.108.2;
Use warn() instead of warnx() and simplify.
 1.107 19-Nov-2022  taca netstat/if.c: Fix error message with "-w" option.

Now ifq_drops is 64bit unsigned integer.

No description in src/doc/CHANGES?
 1.106 24-Oct-2022  msaitoh Make ifq_drops in struct ifqueue and struct ifaltq 64 bit.
 1.105 21-Sep-2022  msaitoh s/u_quad_t/uint64_t/. No functional change.
 1.104 12-Sep-2022  msaitoh Print oqdrops correctly in continuous display mode using with kvm.
 1.103 11-Sep-2022  msaitoh Fix printing current output drop packet count in continuous display mode.
 1.102 05-Sep-2022  msaitoh G.C. No functional change.
 1.101 05-Sep-2022  msaitoh Print oqdrops correctly.
 1.100 05-Sep-2022  msaitoh Get if_data correctly when kvm is used.
 1.99 02-Sep-2022  msaitoh KNF. No functional change.
 1.98 01-Sep-2022  msaitoh KNF. No functional change.
 1.97 18-Aug-2022  msaitoh Use NULL instead of 0.
 1.96 02-Feb-2020  thorpej Update for per-cpu interface statistics.
 1.95 11-Jul-2018  msaitoh branches: 1.95.2;
Print iqdrops, too. This change also fixes a bug that Odrops prints
iqdrops when kvm read failed.
 1.94 23-Feb-2017  ozaki-r branches: 1.94.4; 1.94.10; 1.94.12;
Remove mkludge stuffs

For unknown reasons, IPv6 multicast addresses are linked to a first
IPv6 address assigned to an interface. Due to the design, when removing
a first address having multicast addresses, we need to save them to
somewhere and later restore them once a new IPv6 address is activated.
mkludge stuffs support the operations.

This change links multicast addresses to an interface directly and
throws the kludge away.

Note that as usual some obsolete member variables remain for kvm(3)
users. And also sysctl net.inet6.multicast_kludge remains to avoid
breaking old ifmcstat.

TODO: currently ifnet has a list of in6_multi but obviously the list
should be protocol independent. Provide a common structure (if_multi
or something) to handle in6_multi and in_multi together as well as
ifaddr does for in_ifaddr and in6_ifaddr.
 1.93 22-Jan-2017  mrg re-do the previous to avoid malloc/free on the same size every iteration.

with this, or the previous, 'netstat -b 1' no longer leaks memory in
-current (or any older release using sysctl for this.)
 1.92 22-Jan-2017  christos sprinkle free
 1.91 11-Jan-2017  ozaki-r branches: 1.91.2;
Fix showing multicast addresses of !IFF_UP interfaces

netstat appends '*' to the name of an interface without IFF_UP, so
if_nametoindex which is used in mc_print fails. mc_print needs just
an interface index so pass it instead of a tweaked interface name.
 1.90 24-Nov-2016  dholland Fix "sidewaysintpr", the thing that prints interface statistics in a
loop, to use signals properly. There are two copies of this code; one
uses kvm and the other uses sysctls. One copy had been updated to use
sigset_t and sigsuspend; the other was using vintage sigpause(). Sync
up the code so both use sigpause. Also, use sig_atomic_t, and block
SIGALRM when not waiting for it to avoid a small and unlikely but real
race.

Since the non-modernized copy of the code *had* for some been
modernized to use setitimer instead of just alarm(), propagate that
change to the other copy.

These copies could share more logic than they do.
 1.89 14-Jul-2016  christos branches: 1.89.2;
more XXX removal.
 1.88 14-Jul-2016  christos XXX: removal
 1.87 14-Jul-2016  christos remove __P
 1.86 14-Jul-2016  christos dedup
 1.85 14-Jul-2016  christos use sysctl to print multicast addresses
 1.84 13-Jul-2016  christos fix sysctl based interface printing, and annotate where we should add the
missing multicast printing code.
 1.83 29-Feb-2016  christos PR/50872: David Binderman: Use logical and instead of arithmetic
 1.82 20-Sep-2015  mrg query the window size and use it instead of assuming 24 lines.
now the header isn't re-printed a lot of times in tall windows.
 1.81 07-Jan-2015  christos adjust to the netname4 prototype.
 1.80 06-Nov-2014  christos use the common code from route.c
 1.79 19-Oct-2013  christos branches: 1.79.4;
use correct function and symbolic constants
 1.78 19-Oct-2013  christos use new scopeid functions
 1.77 18-Oct-2013  christos - avoid pointer gymnastics
- remove unused variables
 1.76 01-Mar-2013  joerg Retire OSI network stack. OK core@
 1.75 19-Oct-2012  msaitoh Line up total numbers again (for -b case and -X case).
 1.74 20-Mar-2012  matt branches: 1.74.2;
Use C89 function definitions
 1.73 12-Feb-2012  christos branches: 1.73.2;
PR/44889: Yamamoto Takashi: netstat -d option is broken (from Elad)
 1.72 16-Sep-2011  joerg branches: 1.72.2;
Use __dead
 1.71 04-Feb-2011  martin Use RT_ROUNDUP() and friends from sys/route.h instead of homegrown
variants.
 1.70 13-Dec-2010  pooka branches: 1.70.2;
Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.69 09-Jul-2010  enami Line up total numbers again.
 1.68 24-Feb-2010  pooka Add -h, which makes output of bytes counts "humanized" (e.g. -bih)

(netstat had -h some 15 years ago, but since then it has been just
a fancy way of calling usage())
 1.67 27-Sep-2009  plunky protecting sockaddr_in6 with -DINET6
 1.66 13-Sep-2009  pgoyette Use PRIu64 for printf'ing stuff. Fixes build breakage on part-amd64
introduced in rev 1.64 (and reverts a partial fix provided in rev 1.65)
 1.65 13-Sep-2009  elad Put some unsigned long long casts (as was in the original printing code).

Should fix build breakage noticed by pgoyette@ on current-users@:

http://mail-index.netbsd.org/current-users/2009/09/13/msg010554.html

(sorry, don't have an amd64 anymore!)
 1.64 13-Sep-2009  elad Checkin work in progress to make netstat use sysctl rather than kvm(3).

This commit mostly adds code written by Claudio Jeker for OpenBSD to
support sysctl in the interface printing parts (-i, -I, -w). The port has
been ported to NetBSD with tiny adjustments -- of course all bugs etc.
are mine.

Also add and document a -X flag to force sysctl usage. The documentation
notes this flag may be removed at any time and its presence should not be
relied on.

Some misc. comments/#ifdef changes/code snippet moves as well.

Please note that no functionality should change as the routing and
interface printing code is still not fully supported.

Mailing list reference:

http://mail-index.netbsd.org/tech-userlevel/2009/09/09/msg002604.html
 1.63 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.62 23-Apr-2008  thorpej branches: 1.62.8;
netns is no longer in the tree; completely purge it from netstat(1).
 1.61 26-Aug-2006  matt branches: 1.61.16;
Conditionalize XNS support. No longer enabled.
 1.60 28-May-2006  elad Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
 1.59 04-Aug-2005  rpaulo branches: 1.59.2;
Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.58 16-Nov-2004  itojun NI_WITHSCOPEID was not picked up by IETF standardization process.
 1.57 15-Nov-2003  ragge Use itimerval() instead of alarm() for interval displaying. This increases
accuracy on interval stats also on fast machines.
 1.56 19-Aug-2003  itojun correct strange indentation
 1.55 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.54 14-May-2003  itojun use proper #ifdef to determine behavior (__KAME__)
 1.53 15-Apr-2003  itojun make char array bigger where it seems too small and may overrun.
 1.52 19-Jun-2002  itojun use macro to determine link-local multicast addr
 1.51 19-Jun-2002  itojun identify kame scopeid hack with KAME_SCOPEID
 1.50 08-Jun-2002  yamt make an auto const variable static.
 1.49 06-Oct-2001  bjh21 Use getnameinfo() for printing link-layer addresses in netstat -i, rather
than doing it ourselves.
 1.48 06-Apr-2001  itojun pedant changes for strcpy/sprintf.
 1.47 19-Feb-2001  cgd convert to use getprogname()
 1.46 14-Nov-2000  matt Print out IEEE1394 addresses with : . Add a hack to limit the address
to 8 bytes.
 1.45 11-Oct-2000  is More format string cleanup by sommerfeld.
 1.44 06-Jul-2000  itojun more stats. from kame
 1.43 03-Jul-2000  enami Allocate one more byte for the asterisk after the name of interface.
 1.42 03-Jul-2000  matt Make gcc 2.96 (and maybe earlier) happier. Include <stdlib.h>,<string.>,
etc. as appropriate to get exit,srncmp,abs,abort,etc.
Add -I${.CURDIR} to a few Makefiles
 1.41 02-Jul-2000  itojun with -inv flag, do not truncate name of the interface (like "strip0").
 1.40 19-Apr-2000  enami branches: 1.40.4;
Define members previously defined as u_long in struct iftot as u_quad_t.
Since these members are used to hold members defined now as u_quad_t
in struct if_data, u_long is quite not enough actually.
Without this, one night ttcp easily makes netstat to produce wrong output
like this:
enami@annex-2f-floor-244% netstat -ibw 1 -I tlp0
tlp0 in tlp0 out total in total out
bytes bytes bytes bytes
176333740607 176914940420 240082591 821282404
176093659136 176093659136 0 0
176093659136 176093659136 0 0
 1.39 09-Feb-2000  itojun use NI_WITHSCOPEID when printing multicast group with -inav.
 1.38 05-Feb-2000  itojun print IPv6 scopeid on -inv. with -in, scopeid is omitted due to insufficient
width.
 1.37 25-Jan-2000  itojun better sync with #ifdef notdef part (in -i for AF_INET).
 1.36 25-Jan-2000  itojun don't truncate IPv4 entries on -i (with -v). it is mainly for
"Network" column (13 digits, it will be 18 digits in maximum).
 1.35 17-Jan-2000  itojun print IPv6 multicast group on -ia (-iav will avoid truncation)
 1.34 13-Dec-1999  itojun per-interface statistics.
bring in and enable KAME scopeid hack.
lots of cleanups.
(sync with latest KAME)
 1.33 19-Nov-1999  bouyer Change printf formats for 64bit counters.
 1.32 01-Jul-1999  itojun branches: 1.32.4;
make netstat IPv6-ready.
 1.31 14-Mar-1999  mycroft branches: 1.31.2;
Make the damned columns line up.
 1.30 11-Jan-1999  mrg #ifndef SMALL changes. saves 30k on the sparc
 1.29 25-Aug-1998  ross Add { and } to shut up egcs. Reformat the more questionable code.
 1.28 12-Jul-1998  mrg - KNF
- use err(3)
- sprintf/strcpy -> snprintf/strncpy
- change route.c:domask() to take a size_t of the buffer passed.
 1.27 14-May-1998  kml Partial fix for PR kern/5435 -- changed netstat to use unsigned counters
instead of signed. The rest of the fix will have to wait for 64-bit counters.
 1.26 19-Mar-1998  kml Add support for a '-b' option to provide byte counts in and out,
instead of just packet counts. On the byte screens, errors and
collisions are not shown, since they are more packet count related.
 1.25 19-Oct-1997  lukem branches: 1.25.2;
fix up .Nm usage, getopt returns -1 not EOF
 1.24 22-May-1997  christos branches: 1.24.2;
PR/3660: Dave Huang: Fix formatting misalignments in appletalk
PR/3659: Dave Huang: Fix PCB reporting in appletalk
 1.23 07-Apr-1997  mikel more column alignment fixes
 1.22 07-Apr-1997  christos PR/3451: Anders Hjalmarsson: Column alignment fixes after the netatalk addition.
 1.21 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.20 26-Mar-1997  thorpej Print Ethernet and FDDI addresses in the same format as ether_ntoa().
From Matt Thomas <matt@3am-software.com>
 1.19 07-Jun-1996  thorpej Fix missing `)' in the sideways view of interfaces (i.e. netstat -w 1).
Bug pointed out by Chris G. Demetriou.
 1.18 04-Jun-1996  cgd bump MAXIF (the maximum number of interfaces for which information is kept,
for 'netstat -w <delay>') to 100, from 10. 10 was definitely not sufficient
for many hosts; 100 should be for most if not all. This code really should
dynamically allocate the information structures, based on the number of
interfaces in the kernel, account for interfaces that are added or removed,
etc., but given its current structure that would require substantial changes.
 1.17 04-Jun-1996  cgd if doing 'netstat -I <intf> -w <delay>', and netstat can't find an
interface of the given name, print an error message and exit.
This whole section of code needs to be re-thought, if interfaces
can be dynamically added or removed.
 1.16 07-May-1996  thorpej branches: 1.16.4;
Kill a couple of unnecessary calls to strlen().
 1.15 07-May-1996  thorpej Update for the changes to struct ifnet. While I'm here, fix a couple
of long-standing bugs:

- Actually deal with the fact that the kernel ifnet list is
a TAILQ; it just happened to work before.

- Use kvm_openfiles() instead of kvm_open(). The code passed
arguments to kvm_open() as if it were kvm_openfiles(), but
apparently went unnoticed since the prototypes are the same.
Amusing bit: there were XXX's in the code which seemed to
apologize for a verbose libkvm, when it happened to be a
bug in netstat!
 1.14 17-Oct-1995  jtc Implement change done in revision 1.12 (for PR #1473 & duplicates) in a
slightly different way. This widens the Address field instead of the
Ipkts field because Address is the one that may be too big.
 1.13 03-Oct-1995  thorpej New-style RCS ids.
 1.12 28-Sep-1995  jtc Change formatting so that columns line up; PR #1473 + several duplicates
 1.11 03-Jul-1995  mycroft Remove an extra htonl().
 1.10 12-Jun-1995  mycroft Update to match kernel changes.
 1.9 17-Sep-1994  mycroft Align link address under `Address' header.
 1.8 13-May-1994  mycroft Clean up import.
 1.7 01-Apr-1994  cgd kill lots of off_t's.
 1.6 28-Mar-1994  cgd clean up, for off_t... ugliest 'cleaning' possible, i think...
 1.5 03-Mar-1994  deraadt netname() takes a struct in_addr, not an int. Breaks on sparc.
fix from Chuck Cranor <chuck@maria.wustl.edu>
 1.4 22-Feb-1994  cgd fix to print netstat unit number right; from Greenman
 1.3 01-Aug-1993  mycroft Add RCS identifiers.
 1.2 11-Jul-1993  paul Included Havard Eidnes' latest changes.
 1.1 21-Mar-1993  cgd branches: 1.1.1;
after 0.2.2 "stable" patches applied
 1.1.1.2 02-Jan-1997  mellon imported from 44lite2
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.16.4.2 07-Jun-1996  thorpej Update from trunk:

Fix missing `)' in the sideways view of interfaces (i.e. netstat -w 1).
Bug pointed out by Chris G. Demetriou.
 1.16.4.1 04-Jun-1996  cgd pull up changes from the trunk:
>if doing 'netstat -I <intf> -w <delay>', and netstat can't find an
>interface of the given name, print an error message and exit.
>This whole section of code needs to be re-thought, if interfaces
>can be dynamically added or removed.
and:
>bump MAXIF (the maximum number of interfaces for which information is kept,
>for 'netstat -w <delay>') to 100, from 10. 10 was definitely not sufficient
>for many hosts; 100 should be for most if not all. This code really should
>dynamically allocate the information structures, based on the number of
>interfaces in the kernel, account for interfaces that are added or removed,
>etc., but given its current structure that would require substantial changes.
 1.24.2.2 22-May-1997  christos PR/3660: Dave Huang: Fix formatting misalignments in appletalk
PR/3659: Dave Huang: Fix PCB reporting in appletalk
 1.24.2.1 22-May-1997  christos file if.c was added on branch SYN_cache_branch on 1997-05-22 17:21:28 +0000
 1.25.2.1 19-Jan-1999  cgd pull up rev 1.30 from trunk (mrg)
 1.31.2.1 19-Oct-2000  he Pull up revision 1.45 (requested by he):
Format string cleanup.
 1.32.4.1 27-Dec-1999  wrstuden Pull up to last week's -current.
 1.40.4.2 18-Oct-2000  tv Pullup usr.bin string format fixes [is].
See "cvs log" for explicit revision numbers per file, from sommerfeld.
 1.40.4.1 03-Jul-2000  thorpej Pull up rev. 1.41:
with -inv flag, do not truncate name of the interface (like "strip0").
 1.59.2.1 19-Jun-2006  chap Sync with head.
 1.61.16.1 18-May-2008  yamt sync with head.
 1.62.8.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.70.2.1 08-Feb-2011  bouyer Sync with HEAD
 1.72.2.3 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.72.2.2 30-Oct-2012  yamt sync with head
 1.72.2.1 17-Apr-2012  yamt sync with head
 1.73.2.1 24-Oct-2012  riz Pull up following revision(s) (requested by msaitoh in ticket #632):
usr.bin/netstat/if.c: revision 1.75
Line up total numbers again (for -b case and -X case).
 1.74.2.3 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.74.2.2 23-Jun-2013  tls resync from head
 1.74.2.1 20-Nov-2012  tls Resync to 2012-11-19 00:00:00 UTC
 1.79.4.2 08-Jan-2015  martin Pull up following revision(s) (requested by prlw1 in ticket #395):
sbin/route/rtutil.c: revision 1.4
sbin/route/rtutil.h: revision 1.3
usr.bin/netstat/if.c: revision 1.81
make netname4 match the netname6 signature avoiding a NULL pointer.
adjust to the netname4 prototype.
 1.79.4.1 08-Jan-2015  martin Pull up following revision(s) (requested by prlw1 in ticket #390):
usr.bin/netstat/mroute.c: revision 1.25
usr.bin/netstat/Makefile: revision 1.40
sbin/route/prog_ops.h: revision 1.3
sbin/route/rtutil.c: revision 1.1
sbin/route/rtutil.h: revision 1.1
usr.bin/netstat/mroute6.c: revision 1.15
sbin/route/extern.h: revision 1.15
usr.bin/netstat/show.c: file removal
usr.bin/netstat/main.c: revision 1.93
usr.bin/netstat/route.c: revision 1.83
usr.bin/netstat/netstat.h: revision 1.51
distrib/utils/x_route/Makefile: revision 1.18
sbin/route/show.c: revision 1.46
usr.bin/netstat/if.c: revision 1.80
sbin/route/route.c: revision 1.145
sbin/route/Makefile: revision 1.26
Factor out the netstat route printing code and use it here. There is no
point in having 2 different copies; fixes PR/49371
 1.89.2.2 20-Mar-2017  pgoyette Sync with HEAD
 1.89.2.1 07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.91.2.1 21-Apr-2017  bouyer Sync with HEAD
 1.94.12.2 08-Apr-2020  martin Merge changes from current as of 20200406
 1.94.12.1 10-Jun-2019  christos Sync with HEAD
 1.94.10.1 28-Jul-2018  pgoyette Sync with HEAD
 1.94.4.2 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.94.4.1 26-Jul-2018  snj Pull up following revision(s) (requested by msaitoh in ticket #939):
usr.bin/netstat/if.c: revision 1.95
Print iqdrops, too. This change also fixes a bug that Odrops prints
iqdrops when kvm read failed.
 1.95.2.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.108.2.1 12-Jan-2023  martin Pull up following revision(s) (requested by mrg in ticket #42):

usr.bin/netstat/if.c: revision 1.109

if not given an interface to monitor by default, pick the one
with the most bytes in/out the first time and keep using it.

in addition to picking the most likely intersting interface,
this actually fixes a bug where interfaces coming/going in
the middle of eg, "netstat -b -w 1", may end up showing the
data for another interface on any output line (including the
the header declaring the interface!)
 1.119 28-Oct-2022  ozaki-r Adjust userland commands for struct inpcb separation

Only kvm users are affected.
 1.118 28-Oct-2022  ozaki-r Adjust userland commands for struct inpcb integration

Only kvm users are affected.
 1.117 21-Sep-2022  msaitoh s/u_quad_t/uint64_t/. No functional change.
 1.116 02-Sep-2022  msaitoh KNF. No functional change.
 1.115 01-Sep-2022  msaitoh KNF. No functional change.
 1.114 30-Oct-2021  nia netstat(1): convert malloc(x * y) and realloc(x * y) to reallocarr
 1.113 28-Aug-2020  ozaki-r netstat: strengthen against kernel changes

netstat uses sysctlbyname to get counter data from the kernel.
sysctlbyname fails with ENOMEM if actual counter data in the kernel is
larger than a passed buffer. netstat just skips showing counters of a
category if sysctlbyname fails, so if we added new counters of the
category to the kernel, nestat shows nothing for the category.

Fortunately sysctlbyname fills data as much as possible even if a passed
buffer is short. So we can allow netstat to show the filled data anyway
if sysctlbyname fails with ENOMEM.

Note that this backcompat mechanism works only if new counters are
appended, and doesn't work if new counters are inserted into the middle
or counters are moved.
 1.112 28-Aug-2020  ozaki-r netstat: support new packet counters
 1.111 06-Aug-2020  knakahara add missing {IP,IP6}_STAT_NOIPSEC to netstat.
 1.110 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.109 13-May-2019  ozaki-r branches: 1.109.2;
Show the number of packets dropped by pfil
 1.108 03-May-2018  maxv branches: 1.108.2;
Remove now unused tcpip.h includes. Some were already unused before.
 1.107 23-Dec-2016  mrg branches: 1.107.6; 1.107.12;
in getpcblist_sysctl() if sysctlnametomib() fails, return NULL and
set *len = 0, rather than bailing. now "netstat" doesn't give up
early on kernels without INET6.
 1.106 08-Feb-2015  christos branches: 1.106.2;
Allocate the right size for pcb blocks.
XXX: pullup-7!
 1.105 07-Feb-2015  christos print the timer flags.
 1.104 23-Nov-2013  christos branches: 1.104.4;
Update for new pcb tailq's.
While here fix ipv6 pcb printing by making tcp6_dump with tcp.
XXX: Merge the inet and the inet6 code. It is silly to need to specify
-p tcp6 to print a tcp6 pcb, we already know what it is.
 1.103 20-Jun-2013  martin Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.102 19-Jun-2013  christos Don't use -P as a kmem printer, verify that the address points to a pcb first!
 1.101 24-Dec-2011  christos branches: 1.101.2; 1.101.6; 1.101.8; 1.101.14;
use the names from the include files.
 1.100 04-Oct-2011  shattered branches: 1.100.2;
PR/43968 -- add 'segqlen' of TCPCB to 'netstat -P'.

OK by wiz@
 1.99 11-May-2011  dyoung Suppress whitespace at EOL to fix lib/librumphijack/t_tcpip.
 1.98 11-May-2011  drochner use getmicrouptime(9) rather than microtime(9) for TIME_WAIT duration
calculation, because this doesn't get confused by system time changes,
and uses less CPU cycles
reviewed by dyoung
 1.97 03-May-2011  dyoung Do not display expired or reclaimed vestigial TIME_WAIT entries.
 1.96 03-May-2011  dyoung Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
 1.95 02-Mar-2011  dyoung Use __arraycount() and PRIu64. Delete unnecessary casts to unsigned
long long.
 1.94 01-Mar-2011  dyoung Pull pfsync_stats() out of inet.c and into pfsync.c so that inet.c does
not have to #include PF header files that pollute the global namespace
by #defining v4 and v6 (sheesh).
 1.93 13-Dec-2010  pooka branches: 1.93.2;
Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.92 07-Dec-2009  christos PR/42243: Yasuoka Masahiko: Add support for "net.inet.icmp.bmcastecho" support.
Print the current status.
 1.91 14-Sep-2009  degroote Import pfsync support from OpenBSD 4.2

Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.

This work was part of my 2009 GSoC

No objection on tech-net@
 1.90 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.89 22-Feb-2009  dholland Make netstat handle -a properly; that is, don't show unconnected
listener sockets unless -a was given. (It was checking the local
address instead of the remote address for being INADDR_ANY or
equivalent.)

PR 38093 from Dieter Roelants; I adjusted the patch a little.

This needs pullups for both -4 and -5.
 1.88 24-Apr-2008  thorpej branches: 1.88.6; 1.88.8;
Note which things are not available by KVM, and print a nice message
stating so if someone specifically asks for it.
 1.87 15-Apr-2008  thorpej branches: 1.87.2;
Make IGMP stats per-cpu.
 1.86 15-Apr-2008  thorpej Make ARP stats per-cpu.
 1.85 15-Apr-2008  thorpej Make CARP status per-cpu.
 1.84 15-Apr-2008  thorpej Use ANSI function decls throughout.
 1.83 08-Apr-2008  thorpej Change TCP stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old tcpstat structure; old netstat
binaries will continue to work properly.
 1.82 07-Apr-2008  thorpej Change IP stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old ipstat structure; old netstat
binaries will continue to work properly.
 1.81 06-Apr-2008  jnemeth fix build problem introduced in 1.79
 1.80 06-Apr-2008  thorpej Change UDP stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old icmpstat structure; old netstat
binaries will continue to work properly.
 1.79 06-Apr-2008  thorpej Change ICMP stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old icmpstat structure; old netstat
binaries will continue to work properly.
 1.78 10-Jul-2007  ad Make netstat build again. I don't see why it has any business dumping
the raw contents of tcpcb but that's another story.
 1.77 22-Sep-2006  elad branches: 1.77.2;
PR/31347: Geoff C. Wing: netstat err message is ambiguous about cause
Applied patch, thanks!
 1.76 05-Sep-2006  rpaulo Import of TCP ECN algorithm for congestion control.
Both available for IPv4 and IPv6.
Basic implementation test results are available at
http://netbsd-soc.sourceforge.net/projects/ecn/testresults.html.

Work sponsored by the Google Summer of Code project 2006.
Special thanks to Kentaro Kurahone, Allen Briggs and Matt Thomas for their
help, comments and support during the project.
 1.75 17-Aug-2006  rpaulo Revert previous.
 1.74 17-Aug-2006  rpaulo Adapt to ECN.
 1.73 20-Jun-2006  rpaulo It's not an error if we can't print CARP stats, it just means it's not built
in.
 1.72 28-May-2006  elad Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
 1.71 21-May-2006  liamjfoy check if malloc(3) failed

ok joerg@
 1.70 18-May-2006  riz branches: 1.70.2;
Use PRIu64 to format uint64_t quantities, instead of %llu, in
newly-introduced code.

XXX more %llu cleanup is needed throughout netstat code.
 1.69 18-May-2006  liamjfoy Integrate Common Address Redundancy Procotol (CARP) from OpenBSD

'pseudo-device carp'

Thanks to: joerg@ christos@ riz@ and others who tested
Ok: core@
 1.68 12-Aug-2005  elad Use PRIxPTR when printing a pointer.
 1.67 08-Aug-2005  he Replace usage of caddr_t with intptr_t, to allow this to build cleanly
on both 32- and 64-bit archs.
 1.66 07-Aug-2005  elad Use sysctl to read live kernel PF_INET PCBs.
 1.65 06-Aug-2005  elad Use sysctl to fetch IP, ICMP, TCP, and UDP statistics.
 1.64 04-Aug-2005  rpaulo Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.63 06-Sep-2004  martin Make it compile on ports where u_quad_t is not printf-format-compatible
with unsigned long long.
 1.62 04-Sep-2004  manu IPv4 PIM support, from the submission of Pavlin Radoslavov on tech-net@
 1.61 18-May-2004  itojun print stat for TCP MD5 signature
 1.60 17-Oct-2003  enami Print ips_rcvmemdrop and ips_nogif.
 1.59 04-Sep-2003  itojun synchronize w/ inpcb/in6pcb change
 1.58 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.57 20-Jul-2003  he As a temporary workaround, apply the fix from PR#20390, thereby
cooperating with the callout code in working around the race
condition caused by the TCP code's use of the callout facility.

Instead of unconditionally releasing memory in tcp_close() and
SYN_CACHE_PUT(), check whether any of the related callout handlers
are about to be invoked (but have not yet done callout_ack()), and
if so, just mark the associated data structure (tcpcb or syn cache
entry) as "dead", and test for this (and release storage) in the
callout handler functions.
 1.56 12-Jul-2003  itojun strlcpy
 1.55 22-Mar-2003  jdolecek it's not necessary to limit the service name artificially to 8 characters
in inet*print() - only first 'width' characters of the 'host.service'
string would be printed anyway, so allow full service name if string would fit
 1.54 04-Feb-2003  thorpej Update for callout changes, and show TCP timers in relative, rather
than absolute ticks.
 1.53 03-Feb-2003  thorpej Test CALLOUT_PENDING, not CALLOUT_ACTIVE.
 1.52 26-May-2002  itojun path MTU discovery blackhole detection.
PR 12790 (sorry for not committing it for a long time)
 1.51 27-Feb-2002  lukem branches: 1.51.2;
if not -n and the local socket doesn't have INP_ANONPORT set, always try
to determine the symbolic name of the foreign port.

previously the foreign port would be displayed numerically in this case if
the local & foreign ports were different. this particular behaviour was
added in rev 1.28 when I added INP_ANONPORT support from FreeBSD, and for
the life of me I can't fathom the rationale for it ;-|
 1.50 15-Sep-2001  thorpej Fix a printf format/argument cast.
 1.49 10-Sep-2001  thorpej tcp_dump(): Also print the address of the in6pcb.
 1.48 10-Sep-2001  thorpej Update for TCP timer changes.
 1.47 10-Sep-2001  thorpej Update for field name changes in struct tcpcb.
 1.46 28-May-2001  assar add `-s' that prints port numbers symbolically but addresses numerically
 1.45 06-Apr-2001  itojun pedant changes for strcpy/sprintf.
 1.44 20-Mar-2001  itojun add few icmp type names.
http://www.isi.edu/in-notes/iana/assignments/icmp-parameters
 1.43 02-Mar-2001  itojun increase ipstat.ips_badaddr if the packet fails to pass address checks.
 1.42 18-Oct-2000  itojun count successful path MTU changes. good for debugging.
(there could be some discussion on when to increase the counter...)
 1.41 15-Aug-2000  jhawk Add kernel counters for arp events, displayable with netstat -s -f arp
 1.40 03-Jul-2000  enami Backout part of rev 1.29 which doesn't match with the log message.
 1.39 26-Feb-2000  itojun revise IPsec, pfkey, IPv6 multicast and IPv6 statistics. (sync with kame)
 1.38 19-Nov-1999  bouyer Change printf formats for 64bit counters.
 1.37 01-Jul-1999  itojun branches: 1.37.4;
make netstat IPv6-ready.
 1.36 29-Apr-1999  thorpej Print SYN,ACK retransmission statistics.
 1.35 18-Feb-1999  lukem branches: 1.35.2;
rework so that `-A -n' won't truncate the `ipaddr.port' fields, by displaying
an abbreviated state column in that case (to fit in 80 columns)
 1.34 25-Aug-1998  ross Add { and } to shut up egcs. Reformat the more questionable code.
 1.33 20-Jul-1998  sommerfe Fix bogon in length argument to snprintf when formatting port number
 1.32 12-Jul-1998  mrg - KNF
- use err(3)
- sprintf/strcpy -> snprintf/strncpy
- change route.c:domask() to take a size_t of the buffer passed.
 1.31 06-Jul-1998  mrg - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
 1.30 03-Jun-1998  thorpej Add an option to dump the contents of a PCB at the specified address, and
implement this for TCP.
 1.29 29-Apr-1998  matt Add support for printing fast forwarded packets.
 1.28 07-Jan-1998  lukem if INP_ANONPORT is set in the pcb, don't getservbyport the local port,
as the service name is irrelevent. from freebsd
 1.27 17-Dec-1997  thorpej Print the connections dropped due to excessive persist timeouts.
 1.26 13-Dec-1997  thorpej Nuke "delayed window updates" statistic.
 1.25 11-Dec-1997  thorpej Print window updates delayed (piggybacked on delayed ACKs).
 1.24 10-Dec-1997  thorpej Report connections drained due to memory shortage.
 1.23 19-Oct-1997  lukem fix up .Nm usage, getopt returns -1 not EOF
 1.22 23-Jul-1997  thorpej Pull SYN_cache_branch down onto the main line.
 1.21 22-May-1997  christos branches: 1.21.2;
PR/3660: Dave Huang: Fix formatting misalignments in appletalk
PR/3659: Dave Huang: Fix PCB reporting in appletalk
 1.20 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.19 09-Dec-1996  neil errors not generated 'cuz old message was icmp -> [EWW!]
errors not generated because old message was icmp
 1.18 25-Oct-1996  thorpej Add the `toolong' count to the IP stats display.
 1.17 08-Oct-1996  explorer use %lu, not %u. This covers more than my original %d -> %u change...
 1.16 07-Oct-1996  explorer Netstat -s should use %u for u_long parameters... Closes bin/2817 by me
 1.15 31-Jan-1996  mycroft branches: 1.15.4;
Update to match kernel.
 1.14 03-Oct-1995  thorpej branches: 1.14.2;
New-style RCS ids.
 1.13 19-Jun-1995  cgd update for new network structures
 1.12 12-Jun-1995  mycroft Update to match kernel changes.
 1.11 14-May-1995  cgd print out number of malformed fragments dropped
 1.10 24-Dec-1994  cgd a couple of these need <sys/queue.h>
 1.9 13-May-1994  mycroft Clean up import.
 1.8 01-Apr-1994  cgd kill lots of off_t's.
 1.7 28-Mar-1994  cgd clean up, for off_t... ugliest 'cleaning' possible, i think...
 1.6 11-Jan-1994  brezak Incorporate changes for IP mcast and IGMP from cmaeda@cs.washington.edu.
 1.5 01-Aug-1993  mycroft Add RCS identifiers.
 1.4 20-May-1993  cgd get rid of select.h inclusion, and clean up headers *more*.
 1.3 20-May-1993  cgd fix for new select & clean up headers
 1.2 26-Apr-1993  glass print out more of the gathered udp stats (actually all of them)
 1.1 21-Mar-1993  cgd branches: 1.1.1;
after 0.2.2 "stable" patches applied
 1.1.1.2 02-Jan-1997  mellon imported from 44lite2
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.14.2.1 02-Feb-1996  mycroft Bring in changes for mondo patch 2.
 1.15.4.1 14-Nov-1996  thorpej Pull up from trunk:

> revision 1.18
> date: 1996/10/25 07:41:35; author: thorpej; state: Exp; lines: +3 -2
> Add the `toolong' count to the IP stats display.
 1.21.2.2 12-Jul-1997  thorpej Print statistics gather by the compressed TCP state engine.
 1.21.2.1 22-May-1997  thorpej file inet.c was added on branch SYN_cache_branch on 1997-07-12 18:06:27 +0000
 1.35.2.1 29-Apr-1999  perry pullup 1.35->1.36 (thorpej)
 1.37.4.1 27-Dec-1999  wrstuden Pull up to last week's -current.
 1.51.2.2 22-Oct-2003  jmc Pullup rev 1.57 (requested by he in ticket #1530)


Introduce a new INVOKING status for callouts, and use it to close
a race condition in the TCP code. Fixes PR#20390.
 1.51.2.1 05-Sep-2003  tron Pull up revision 1.52 (requested by tls in ticket #1445):
path MTU discovery blackhole detection.
PR 12790 (sorry for not committing it for a long time)
 1.70.2.1 19-Jun-2006  chap Sync with head.
 1.77.2.1 31-Mar-2009  bouyer Pull up following revision(s) (requested by dholland in ticket #1292):
usr.bin/netstat/inet.c: revision 1.89
usr.bin/netstat/inet6.c: revision 1.51
usr.bin/netstat/iso.c: revision 1.31
Make netstat handle -a properly; that is, don't show unconnected
listener sockets unless -a was given. (It was checking the local
address instead of the remote address for being INADDR_ANY or
equivalent.)
PR 38093 from Dieter Roelants; I adjusted the patch a little.
 1.87.2.1 18-May-2008  yamt sync with head.
 1.88.8.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.88.6.2 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.88.6.1 26-Mar-2009  snj branches: 1.88.6.1.6; 1.88.6.1.10;
Pull up following revision(s) (requested by dholland in ticket #608):
usr.bin/netstat/inet.c: revision 1.89
usr.bin/netstat/inet6.c: revision 1.51
usr.bin/netstat/iso.c: revision 1.31
Make netstat handle -a properly; that is, don't show unconnected
listener sockets unless -a was given. (It was checking the local
address instead of the remote address for being INADDR_ANY or
equivalent.)
PR 38093 from Dieter Roelants; I adjusted the patch a little.
This needs pullups for both -4 and -5.
 1.88.6.1.10.1 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.88.6.1.6.1 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.93.2.1 05-Mar-2011  bouyer Sync with HEAD
 1.100.2.2 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.100.2.1 17-Apr-2012  yamt sync with head
 1.101.14.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.101.8.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.101.6.2 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.101.6.1 23-Jun-2013  tls resync from head
 1.101.2.2 11-Feb-2015  martin Pull up following revision(s) (requested by christos in ticket #1249):
usr.bin/netstat/inet.c: revision 1.106
usr.bin/netstat/inet6.c: revision 1.68
Allocate the right size for pcb blocks.
 1.101.2.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.104.4.1 11-Feb-2015  snj Pull up following revision(s) (requested by christos in ticket #503):
usr.bin/netstat/inet.c: revision 1.106
usr.bin/netstat/inet6.c: revision 1.68
Allocate the right size for pcb blocks.
 1.106.2.1 07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.107.12.1 21-May-2018  pgoyette Sync with HEAD
 1.107.6.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.108.2.2 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.108.2.1 10-Jun-2019  christos Sync with HEAD
 1.109.2.2 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.109.2.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.84 28-Oct-2022  ozaki-r Adjust userland commands for struct inpcb separation

Only kvm users are affected.
 1.83 28-Oct-2022  ozaki-r Adjust userland commands for struct inpcb integration

Only kvm users are affected.
 1.82 21-Sep-2022  msaitoh s/u_quad_t/uint64_t/. No functional change.
 1.81 02-Sep-2022  msaitoh KNF. No functional change.
 1.80 01-Sep-2022  msaitoh KNF. No functional change.
 1.79 30-Oct-2021  nia netstat(1): convert malloc(x * y) and realloc(x * y) to reallocarr
 1.78 10-Sep-2021  rillig usr.bin: remove unnecessary lint comment CONSTCOND

Since 2021-01-31, lint no longer warns about 'do ... while (0)'.

No functional change.
 1.77 28-Aug-2020  ozaki-r netstat: strengthen against kernel changes

netstat uses sysctlbyname to get counter data from the kernel.
sysctlbyname fails with ENOMEM if actual counter data in the kernel is
larger than a passed buffer. netstat just skips showing counters of a
category if sysctlbyname fails, so if we added new counters of the
category to the kernel, nestat shows nothing for the category.

Fortunately sysctlbyname fills data as much as possible even if a passed
buffer is short. So we can allow netstat to show the filled data anyway
if sysctlbyname fails with ENOMEM.

Note that this backcompat mechanism works only if new counters are
appended, and doesn't work if new counters are inserted into the middle
or counters are moved.
 1.76 28-Aug-2020  ozaki-r netstat: support new packet counters
 1.75 06-Aug-2020  knakahara add missing {IP,IP6}_STAT_NOIPSEC to netstat.
 1.74 23-Apr-2020  joerg sockb is only used locally, so move it into the function
 1.73 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.72 13-May-2019  ozaki-r branches: 1.72.2;
Show the number of packets dropped by pfil
 1.71 03-May-2018  maxv branches: 1.71.2;
Remove now unused tcpip.h includes. Some were already unused before.
 1.70 19-Dec-2017  kre branches: 1.70.2;
Add names of a few more ICMPv6 messages, from RFC6275 (Mobile IPv6)
and RFC4286 (Multicast Router Discovery.) and as shown in the IANA
parameters page available at:
https://www.ietf.org/assignments/icmpv6-parameters/icmpv6-parameters.txt

Also make the array be explicitly 256 entries long, one for each possible
code, which will detect attempts to insert names without deleting the
place holder (and mean a good solid NULL de-ref if too many place holders
are deleted, rather than just random results.)
 1.69 17-Dec-2016  mlelstv branches: 1.69.6;
Print previously missing fields from a TCP6 PCB.
 1.68 08-Feb-2015  christos branches: 1.68.2;
Allocate the right size for pcb blocks.
XXX: pullup-7!
 1.67 07-Feb-2015  christos print the timer flags.
 1.66 23-Nov-2013  christos branches: 1.66.4;
Update for new pcb tailq's.
While here fix ipv6 pcb printing by making tcp6_dump with tcp.
XXX: Merge the inet and the inet6 code. It is silly to need to specify
-p tcp6 to print a tcp6 pcb, we already know what it is.
 1.65 19-Oct-2013  christos use correct function and symbolic constants
 1.64 19-Oct-2013  christos use new scopeid functions
 1.63 18-Oct-2013  christos - avoid pointer gymnastics
- remove unused variables
 1.62 20-Jun-2013  martin Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.61 19-Jun-2013  christos Don't use -P as a kmem printer, verify that the address points to a pcb first!
 1.60 01-Mar-2013  joerg Retire OSI network stack. OK core@
 1.59 24-May-2011  spz branches: 1.59.4; 1.59.6; 1.59.10; 1.59.12; 1.59.16;
RA flood mitigation via a limit on accepted routes:
- introduce a limit for the routes accepted via IPv6 Router Advertisement:
a common 2 interface client will have 6, the default limit is 100 and
can be adjusted via sysctl
- report the current number of routes installed via RA via sysctl
- count discarded route additions. Note that one RA message is two routes.
This is at present only across all interfaces even though per-interface
would be more useful, since the per-interface structure complies to RFC2466
- bump kernel version due to the previous change
- adjust netstat to use the new value (with netstat -p icmp6)
 1.58 11-May-2011  dyoung Suppress whitespace at EOL to fix lib/librumphijack/t_tcpip.
 1.57 11-May-2011  drochner use getmicrouptime(9) rather than microtime(9) for TIME_WAIT duration
calculation, because this doesn't get confused by system time changes,
and uses less CPU cycles
reviewed by dyoung
 1.56 04-May-2011  dyoung Don't use type qualifier 'register'.
 1.55 03-May-2011  dyoung Do not display expired or reclaimed vestigial TIME_WAIT entries.
 1.54 03-May-2011  dyoung Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
 1.53 13-Dec-2010  pooka Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.52 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.51 22-Feb-2009  dholland Make netstat handle -a properly; that is, don't show unconnected
listener sockets unless -a was given. (It was checking the local
address instead of the remote address for being INADDR_ANY or
equivalent.)

PR 38093 from Dieter Roelants; I adjusted the patch a little.

This needs pullups for both -4 and -5.
 1.50 24-Apr-2008  thorpej branches: 1.50.6; 1.50.8;
Note which things are not available by KVM, and print a nice message
stating so if someone specifically asks for it.
 1.49 15-Apr-2008  thorpej branches: 1.49.2;
Make pim6 stats per-cpu.
 1.48 15-Apr-2008  thorpej Make raw6 stats per-cpu.
 1.47 15-Apr-2008  thorpej Use ANSI function decls throughout.
 1.46 15-Apr-2008  thorpej Make udp6 stats per-cpu.
 1.45 08-Apr-2008  thorpej Change IPv6 stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old ip6stat structure; old netstat
binaries will continue to work properly.
 1.44 08-Apr-2008  thorpej Change ICMP6 stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old icmp6stat structure; old netstat
binaries will continue to work properly.
 1.43 16-Feb-2008  matt Fix more -combine fallout. (mismatched definitions)
 1.42 07-Mar-2007  liamjfoy branches: 1.42.4;
Add new IPv6 Fast Forward statistics
 1.41 17-Jan-2007  hubertf Remove duplicate #includes
From Slava Semushin <slava.semushin@gmail.com>, via private mail
 1.40 22-Sep-2006  elad branches: 1.40.2;
PR/31347: Geoff C. Wing: netstat err message is ambiguous about cause
Applied patch, thanks!
 1.39 31-May-2006  rpaulo Don't print an error if kernel doesn't have INET6 support.
By Jukka Salmi on current-users.
 1.38 28-May-2006  elad Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
 1.37 21-May-2006  liamjfoy check if malloc(3) failed

ok joerg@
 1.36 28-Aug-2005  rpaulo branches: 1.36.2;
Use net.inet6.{ip6,udp6,pim6,raw6}.stats for live systems.

Reviewed by Elad Efrat.
 1.35 28-Aug-2005  rpaulo Use net.inet6.tcp6.pcblist, net.inet6.tcp6.stats (not implemented yet) and
net.inet6.icmp6.stats if we are gathering information from a live system.

Reviewed by Elad Efrat.
 1.34 04-Aug-2005  rpaulo Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.33 13-Feb-2005  atatat print the proper pointer for the pcb address. otherwise, all the udp6
pcb addresses are the same as unrelated udp pcb addresses.
 1.32 16-Nov-2004  itojun NI_WITHSCOPEID was not picked up by IETF standardization process.
 1.31 06-Nov-2003  itojun handle KAME scopeid hack for multicast addr. Matthias Drochner
 1.30 12-Sep-2003  itojun fix PR bin/22739 (netstat -nlv -f inet6 weird)
 1.29 04-Sep-2003  itojun synchronize w/ inpcb/in6pcb change
 1.28 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.27 14-May-2003  itojun use proper #ifdef to determine behavior (__KAME__)
 1.26 22-Mar-2003  jdolecek it's not necessary to limit the service name artificially to 8 characters
in inet*print() - only first 'width' characters of the 'host.service'
string would be printed anyway, so allow full service name if string would fit
 1.25 26-Oct-2002  grant fix typo, from sm@resistor.net in misc/18816.
 1.24 09-Jun-2002  itojun use strchr, not index
 1.23 18-Oct-2001  itojun print rip6stat. sync with kame
 1.22 10-Sep-2001  thorpej Make the PCB address printing look like the IPv4 version.
 1.21 13-Jun-2001  itojun typo
 1.20 28-May-2001  assar add `-s' that prints port numbers symbolically but addresses numerically
 1.19 06-Apr-2001  itojun pedant changes for strcpy/sprintf.
 1.18 20-Mar-2001  itojun add sctp (maybe we should add it to /etc/protocols instead?)
 1.17 07-Feb-2001  itojun during ip6/icmp6 inbound packet processing, do not call log() nor printf() in
normal operation (/var can get filled up by flodding bogus packets).
sysctl net.inet6.icmp6.nd6_debug will turn on diagnostic messages.
(#define ND6_DEBUG will turn it on by default)

improve stats in ND6 code.

lots of synchronziation with kame (including comments and cometic ones).
 1.16 14-Dec-2000  itojun try to lookup /etc/protocols for histogram
 1.15 11-Dec-2000  itojun typo in -s message
 1.14 23-Oct-2000  itojun count path MTU changes.
 1.13 11-Oct-2000  is More format string cleanup by sommerfeld.
 1.12 13-Aug-2000  jhawk Fix netstat -ss handling for a bunch of ISO cases, so that
zero values are not printed.
"tp:" still needs some work, though.
 1.11 13-Jul-2000  itojun do not print m_pulldown statistics. it is too experimental and
belongs to kame tree only (not for *bsd tree).
 1.10 06-Jul-2000  itojun more stats. from kame
 1.9 16-Jun-2000  itojun branches: 1.9.2;
print # of packets filtered by icmp6 rate limitation
 1.8 17-May-2000  itojun branches: 1.8.2;
s/icmp/icmp6/ in message
 1.7 26-Feb-2000  itojun revise IPsec, pfkey, IPv6 multicast and IPv6 statistics. (sync with kame)
 1.6 16-Dec-1999  thorpej Make this compile on the Alpha again.
 1.5 13-Dec-1999  itojun per-interface statistics.
bring in and enable KAME scopeid hack.
lots of cleanups.
(sync with latest KAME)
 1.4 19-Nov-1999  bouyer Change printf formats for 64bit counters.
 1.3 30-Jul-1999  itojun branches: 1.3.4;
do not include netinet/in6_systm.h, which has been empty for a while.
 1.2 06-Jul-1999  itojun add NetBSD RCS ID.
 1.1 01-Jul-1999  itojun make netstat IPv6-ready.
 1.3.4.1 27-Dec-1999  wrstuden Pull up to last week's -current.
 1.8.2.1 23-Jun-2000  minoura Sync w/ netbsd-1-5-base.
 1.9.2.2 18-Oct-2000  tv Pullup usr.bin string format fixes [is].
See "cvs log" for explicit revision numbers per file, from sommerfeld.
 1.9.2.1 13-Jul-2000  itojun pullup 1.10 -> 1.11 (approved by releng-1-5)
do not print m_pulldown statistics. it is too experimental and
belongs to kame tree only (not for *bsd tree).
 1.36.2.1 19-Jun-2006  chap Sync with head.
 1.40.2.1 31-Mar-2009  bouyer Pull up following revision(s) (requested by dholland in ticket #1292):
usr.bin/netstat/inet.c: revision 1.89
usr.bin/netstat/inet6.c: revision 1.51
usr.bin/netstat/iso.c: revision 1.31
Make netstat handle -a properly; that is, don't show unconnected
listener sockets unless -a was given. (It was checking the local
address instead of the remote address for being INADDR_ANY or
equivalent.)
PR 38093 from Dieter Roelants; I adjusted the patch a little.
 1.42.4.1 23-Mar-2008  matt sync with HEAD
 1.49.2.1 18-May-2008  yamt sync with head.
 1.50.8.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.50.6.2 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.50.6.1 26-Mar-2009  snj branches: 1.50.6.1.6; 1.50.6.1.10;
Pull up following revision(s) (requested by dholland in ticket #608):
usr.bin/netstat/inet.c: revision 1.89
usr.bin/netstat/inet6.c: revision 1.51
usr.bin/netstat/iso.c: revision 1.31
Make netstat handle -a properly; that is, don't show unconnected
listener sockets unless -a was given. (It was checking the local
address instead of the remote address for being INADDR_ANY or
equivalent.)
PR 38093 from Dieter Roelants; I adjusted the patch a little.
This needs pullups for both -4 and -5.
 1.50.6.1.10.1 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.50.6.1.6.1 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.59.16.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.59.12.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.59.10.2 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.59.10.1 23-Jun-2013  tls resync from head
 1.59.6.2 11-Feb-2015  martin Pull up following revision(s) (requested by christos in ticket #1249):
usr.bin/netstat/inet.c: revision 1.106
usr.bin/netstat/inet6.c: revision 1.68
Allocate the right size for pcb blocks.
 1.59.6.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.59.4.1 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.66.4.1 11-Feb-2015  snj Pull up following revision(s) (requested by christos in ticket #503):
usr.bin/netstat/inet.c: revision 1.106
usr.bin/netstat/inet6.c: revision 1.68
Allocate the right size for pcb blocks.
 1.68.2.1 07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.69.6.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.70.2.1 21-May-2018  pgoyette Sync with HEAD
 1.71.2.2 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.71.2.1 10-Jun-2019  christos Sync with HEAD
 1.72.2.2 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.72.2.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.17 22-Mar-2012  drochner remove KAME IPSEC, replaced by FAST_IPSEC
 1.16 06-Jan-2012  drochner split the ipsec.c source file into the pfkey part which is shared
with FAST_IPSEC and KAME specific IPSEC statistics
 1.15 12-Apr-2009  lukem branches: 1.15.6;
Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.14 24-Apr-2008  thorpej branches: 1.14.8;
Note which things are not available by KVM, and print a nice message
stating so if someone specifically asks for it.
 1.13 23-Apr-2008  thorpej PF_KEY stats for IPSEC and FAST_IPSEC are now per-CPU.
 1.12 23-Apr-2008  thorpej Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().
 1.11 04-Aug-2005  rpaulo branches: 1.11.20;
Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.10 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.9 25-Jul-2003  itojun support new algorithms
 1.8 22-Jul-2003  itojun support hmac-sha2.
 1.7 15-Apr-2003  itojun make char array bigger where it seems too small and may overrun.
 1.6 02-Jun-2002  itojun KNF
 1.5 21-Mar-2002  itojun pfkey statistics was presented in wrong direction.
 1.4 06-Aug-2001  itojun present SPD cache lookup stats. sync with kame
 1.3 02-Oct-2000  itojun be ready for rijndael
 1.2 20-Jul-2000  itojun sync with net/pfkeyv2.h change. do not assume SADB_[EAC]ALG numbers are
continuous. sync with kame.
 1.1 26-Feb-2000  itojun branches: 1.1.4;
revise IPsec, pfkey, IPv6 multicast and IPv6 statistics. (sync with kame)
 1.1.4.2 04-Oct-2000  itojun pullup (approved by releng-1-5)
rijndael-cbc userland support.

usr.sbin/netstat/ipsec.c 1.2 -> 1.3
sbin/setkey/setkey.8 1.4 -> 1.5
sbin/setkey/setkey.c 1.1 -> 1.2
sbin/setkey/token.l 1.2 -> 1.3
lib/libipsec/pfkey_dump.c 1.8 -> 1.9
usr.sbin/tcpdump/ipsec_doi.h 1.2 -> 1.3
usr.sbin/tcpdump/isakmp.h 1.3 -> 1.4
usr.sbin/tcpdump/print-isakmp.h 1.5 -> 1.6
 1.1.4.1 25-Jul-2000  itojun pullup 1.7 -> 1.8 (approved by releng-1-5)
do not rely upon algorithm ordering in pfkey spec. sync with kame
 1.11.20.1 18-May-2008  yamt sync with head.
 1.14.8.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.15.6.1 17-Apr-2012  yamt sync with head
 1.34 01-Mar-2013  joerg Retire OSI network stack. OK core@
 1.33 20-Mar-2012  matt branches: 1.33.2;
Use C89 function definitions
 1.32 12-Apr-2009  lukem branches: 1.32.6;
Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.31 22-Feb-2009  dholland Make netstat handle -a properly; that is, don't show unconnected
listener sockets unless -a was given. (It was checking the local
address instead of the remote address for being INADDR_ANY or
equivalent.)

PR 38093 from Dieter Roelants; I adjusted the patch a little.

This needs pullups for both -4 and -5.
 1.30 23-Apr-2008  plunky branches: 1.30.6; 1.30.8;
don't include <cons_pcb.h> as it is unnecessary
 1.29 27-Feb-2008  ad branches: 1.29.2;
- Define _KERNEL for sys/types.h in unix.c.
- caddr_t -> char * in a couple of places.
 1.28 16-Feb-2008  matt branches: 1.28.2;
Fix more -combine fallout. (mismatched definitions)
 1.27 18-Feb-2007  hubertf branches: 1.27.4;
Make this compile after TSEL() const poisoning
OK'd by dyoung@
 1.26 27-May-2006  elad branches: 1.26.4;
be quiet if symbol not in namelist, nothing cares
 1.25 02-Apr-2006  christos branches: 1.25.2;
Coverity CID 2336: Fix memory leak.
 1.24 04-Aug-2005  rpaulo Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.23 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.22 28-May-2001  assar add `-s' that prints port numbers symbolically but addresses numerically
 1.21 31-Mar-2001  christos PR/12517: Izumi Tsutsui: Don't use paddr_t in netstat; change to u_long
 1.20 11-Oct-2000  is More format string cleanup by sommerfeld.
 1.19 31-Aug-2000  jhawk Rewrite tprintstat() so that netstat -ss functionality works
correctly for the "tp:" case (family iso). To avoid serious code
space bloat, stats are now table-driven.

A side-effect is that the mbuf chain statistics have been slightly re-ordered
to follow the 3 lines of EOT stats (still under Miscellaneous) rather
than sandwiched between "dec bits" and the EOTs.
 1.18 13-Aug-2000  itojun -Wall friendly
 1.17 13-Aug-2000  jhawk Fix netstat -ss handling for a bunch of ISO cases, so that
zero values are not printed.
"tp:" still needs some work, though.
 1.16 12-Jul-1998  mrg branches: 1.16.2; 1.16.10;
- KNF
- use err(3)
- sprintf/strcpy -> snprintf/strncpy
- change route.c:domask() to take a size_t of the buffer passed.
 1.15 29-Jan-1998  frueauf s/_offsetof/offsetof and include stddef.h to reflect recent
change in sys/netiso/iso.h.
 1.14 19-Oct-1997  lukem fix up .Nm usage, getopt returns -1 not EOF
 1.13 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.12 03-Oct-1995  thorpej New-style RCS ids.
 1.11 24-Dec-1994  cgd a couple of these need <sys/queue.h>
 1.10 06-Oct-1994  mycroft Re-enable some ugly ISO code.
 1.9 13-May-1994  mycroft Clean up import.
 1.8 01-Apr-1994  cgd kill lots of off_t's.
 1.7 28-Mar-1994  cgd clean up, for off_t... ugliest 'cleaning' possible, i think...
 1.6 26-Mar-1994  glass moved useful contents of netiso/tp_astring.c down
 1.5 03-Nov-1993  mycroft Don't generate two warnings if OSI isn't configured in the kernel.
 1.4 01-Aug-1993  mycroft Add RCS identifiers.
 1.3 20-May-1993  cgd get rid of select.h inclusion, and clean up headers *more*.
 1.2 20-May-1993  cgd fix for new select & clean up headers
 1.1 21-Mar-1993  cgd branches: 1.1.1;
after 0.2.2 "stable" patches applied
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.16.10.1 18-Oct-2000  tv Pullup usr.bin string format fixes [is].
See "cvs log" for explicit revision numbers per file, from sommerfeld.
 1.16.2.1 19-Oct-2000  he Pull up revision 1.20 (requested by he):
Format string cleanup.
 1.25.2.1 19-Jun-2006  chap Sync with head.
 1.26.4.1 31-Mar-2009  bouyer Pull up following revision(s) (requested by dholland in ticket #1292):
usr.bin/netstat/inet.c: revision 1.89
usr.bin/netstat/inet6.c: revision 1.51
usr.bin/netstat/iso.c: revision 1.31
Make netstat handle -a properly; that is, don't show unconnected
listener sockets unless -a was given. (It was checking the local
address instead of the remote address for being INADDR_ANY or
equivalent.)
PR 38093 from Dieter Roelants; I adjusted the patch a little.
 1.27.4.1 23-Mar-2008  matt sync with HEAD
 1.28.2.1 24-Mar-2008  keiichi sync with head.
 1.29.2.1 18-May-2008  yamt sync with head.
 1.30.8.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.30.6.1 26-Mar-2009  snj Pull up following revision(s) (requested by dholland in ticket #608):
usr.bin/netstat/inet.c: revision 1.89
usr.bin/netstat/inet6.c: revision 1.51
usr.bin/netstat/iso.c: revision 1.31
Make netstat handle -a properly; that is, don't show unconnected
listener sockets unless -a was given. (It was checking the local
address instead of the remote address for being INADDR_ANY or
equivalent.)
PR 38093 from Dieter Roelants; I adjusted the patch a little.
This needs pullups for both -4 and -5.
 1.32.6.2 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.32.6.1 17-Apr-2012  yamt sync with head
 1.33.2.1 23-Jun-2013  tls resync from head
 1.105 18-Aug-2023  martin Rename local bpf_* functions to nsbpf_* to avoid conflicts with
new libpcap bpf_* functions
 1.104 24-Oct-2022  msaitoh Make ifq_drops in struct ifqueue and struct ifaltq 64 bit.
 1.103 02-Sep-2022  msaitoh KNF. No functional change.
 1.102 01-Sep-2022  msaitoh KNF. No functional change.
 1.101 10-Mar-2021  simonb Remove Network ATM soft intr queue reporting, we don't have that in the
kernel anymore.
 1.100 23-Apr-2020  joerg Avoid common symbol definitions.
 1.99 14-Jul-2016  christos branches: 1.99.8; 1.99.18;
remove soft interrupt queues that don't exist anymore.
 1.98 14-Jul-2016  christos remove __P
 1.97 14-Jul-2016  christos use sysctl to print multicast addresses
 1.96 13-Jul-2016  christos Use sysctl for interface printing (-i), leave on for multicast address printing
(-ia) and comment in the code where this is missing?
XXX: should that be an ioctl or sysctl? provide getifmultiaddrs() via the
routing socket? I guess since this is just for netstat a simple sysctl or
ioctl would suffice. I lean towards sysctl.
 1.95 12-Nov-2014  christos PR/47704: Takahiro HAYASHI: Fix -L flag
 1.94 07-Nov-2014  christos fix A,v,T with route display.
 1.93 06-Nov-2014  christos use the common code from route.c
 1.92 09-Oct-2014  enami Fix a bug introduced in rev. 1.62; it fails to negate (a && b).
 1.91 30-May-2014  rmind branches: 1.91.2;
netstat(1) and ifmcstat(8): ifnet was renamed to ifnet_list, PR/48850.
 1.90 28-Apr-2014  christos use the same for the route metrics part, both in the sysctl and kmem paths.
From Takahiro HAYASHI
 1.89 24-Apr-2014  christos The sysctl code does not support verbose route printing that prints the
internal route statistics. Restore the old kmem route printing code that
was not just used for post-mortem displays. Reported by kardel@, test by
netstat -nrvf inet
 1.88 23-Nov-2013  christos branches: 1.88.2;
Update for new pcb tailq's.
While here fix ipv6 pcb printing by making tcp6_dump with tcp.
XXX: Merge the inet and the inet6 code. It is silly to need to specify
-p tcp6 to print a tcp6 pcb, we already know what it is.
 1.87 18-Oct-2013  bad Make the -f option accept multiple address families.
Bump man page date.
 1.86 19-Jun-2013  christos Don't use -P as a kmem printer, verify that the address points to a pcb first!
 1.85 01-Mar-2013  joerg Retire OSI network stack. OK core@
 1.84 28-Jan-2013  joerg Use sysctl based code netstat -r. Remove support for post-mortem
analysis.
 1.83 22-Mar-2012  drochner branches: 1.83.2;
remove KAME IPSEC, replaced by FAST_IPSEC
 1.82 20-Mar-2012  matt Use C89 function definitions
 1.81 16-Sep-2011  joerg branches: 1.81.2; 1.81.4; 1.81.8; 1.81.10;
Use __dead
 1.80 17-Jul-2011  njoly Use errx() to display kvm_openfiles error message, the provided buffer
already has it.
 1.79 04-May-2011  dyoung Always try to open kmem, do not always set use_sysctl to 1, and do not
fail if opening kmem fails unless !use_sysctl. Fixes netstat(1) options
such as -s.
 1.78 03-May-2011  dyoung Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
 1.77 13-Dec-2010  pooka Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.76 29-Jun-2010  kefren Add mpls into family address list
 1.75 27-Jun-2010  kefren Add -T flag, that shows tags in route output
 1.74 24-Feb-2010  pooka Add -h, which makes output of bytes counts "humanized" (e.g. -bih)

(netstat had -h some 15 years ago, but since then it has been just
a fancy way of calling usage())
 1.73 14-Sep-2009  degroote Import pfsync support from OpenBSD 4.2

Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.

This work was part of my 2009 GSoC

No objection on tech-net@
 1.72 13-Sep-2009  elad Checkin work in progress to make netstat use sysctl rather than kvm(3).

This commit mostly adds code written by Claudio Jeker for OpenBSD to
support sysctl in the interface printing parts (-i, -I, -w). The port has
been ported to NetBSD with tiny adjustments -- of course all bugs etc.
are mine.

Also add and document a -X flag to force sysctl usage. The documentation
notes this flag may be removed at any time and its presence should not be
relied on.

Some misc. comments/#ifdef changes/code snippet moves as well.

Please note that no functionality should change as the routing and
interface printing code is still not fully supported.

Mailing list reference:

http://mail-index.netbsd.org/tech-userlevel/2009/09/09/msg002604.html
 1.71 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.70 21-Jul-2008  lukem branches: 1.70.2; 1.70.4; 1.70.6; 1.70.12;
Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.
 1.69 24-Apr-2008  thorpej branches: 1.69.2;
Make note of a few things no longer available via kvm.
 1.68 23-Apr-2008  thorpej netns is no longer in the tree; completely purge it from netstat(1).
 1.67 23-Apr-2008  thorpej Make DDP stats per-cpu. While here, bump the counters to 64-bit and
make them available by sysctl.
 1.66 23-Apr-2008  thorpej PF_KEY stats for IPSEC and FAST_IPSEC are now per-CPU.
 1.65 15-Apr-2008  thorpej branches: 1.65.2;
ARP and IGMP stats are now available by sysctl.
 1.64 27-Apr-2007  mlelstv Fall back to kvm interface for protocols that do not yet
offer a sysctl interface. Fixes PR bin/36210.
 1.63 15-Nov-2006  elad branches: 1.63.2;
PR/35056: Keiichi Shima: netstat does not compile in crunched environment

Patch applied, thanks!
 1.62 13-Oct-2006  elad Refactor code a bit so we only use kmem when we really need it.
 1.61 27-Sep-2006  elad Good intentions are still intentions. If we can't open kvm, but we still
have sysctl, it's still not enough for -P. A groveler is a groveler is
a groveler.

On a different note, this code needs a rewrite.
 1.60 14-Sep-2006  christos - Back to using kvm if we have access to it, since the sysctl stats do not
yet support all the fields we need.
- Don't core-dump if we could not open the kvm file.
 1.59 26-Aug-2006  matt Conditionalize XNS support. No longer enabled.
 1.58 22-Aug-2006  christos well, the || needed to be an && and the operand order needed to be changed.
XXX: There are still things like interface printing that need kvm.
 1.57 21-Aug-2006  christos Fix another && || confusion, from Kurt Schreiner, thanks!
 1.56 17-Aug-2006  christos Don't use || if you need &&.
 1.55 04-Jun-2006  elad branches: 1.55.2;
another netstat fix, Kurt Schreiner. thanx!
 1.54 04-Jun-2006  elad fix logic; from Kurt Schreiner
 1.53 28-May-2006  elad Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
 1.52 18-May-2006  liamjfoy branches: 1.52.2;
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD

'pseudo-device carp'

Thanks to: joerg@ christos@ riz@ and others who tested
Ok: core@
 1.51 14-Sep-2005  drochner make bpf stats #ifndef SMALL,
fixes build of x_netstat
 1.50 02-Sep-2005  rpaulo Request process information using sysctl(3) and not kvm(3) since bpf(4)
statistics and peers are only available using the former.
 1.49 04-Aug-2005  rpaulo Implemented the userland part of the BPF statistics and BPF peers,
net.bpf.stats and net.bpf.peers sysctls respectively. netstat(1) now
has an additional syntax:
netstat [-s] [-B] [-I Interface]

Only the super user can see a list of BPF peers with the following command:
# netstat -B
Active BPF peers
PID Int Recv Drop Capt Flags Bufsize Comm
4941 lo0 0 0 0 I--S- 262144 tcpdump
252 ex0 19668 0 5 I-RS- 32768 dhclient

And every user can see the BPF statistics with:
$ netstat -s -B
bpf:
19669 total packets received
5 total packets captured
0 total packets dropped

This idea came from FreeBSD (Christian S.J. Peron) but, currently, they
doen't have a userland utility in the base system to read the sysctls.

Reviewed by: christos@
 1.48 30-Oct-2004  dsl Add (unsigned char) cast to ctype functions
 1.47 04-Sep-2004  manu IPv4 PIM support, from the submission of Pavlin Radoslavov on tech-net@
 1.46 27-Jun-2004  jonathan Fix two stupid bugs I introduced with stats for fast-ipsec:

1. Pass the caller-supplied protocol name down through ipsec_switch().

2. Remove my poor attempt to print fast-ipsec stats automagically for
`netstat -s'. The previous code would print (fast)IPsec per-protocol
stats even for 'netstat', which is just wrong.

A better fix would be to enumerate the sub-"protocols" under IPsec;
but first lets fix the broken behaviour now, for a pullup to 2.0.
 1.45 06-Jun-2004  christos Temporary hack to fix ipsec stats lossage. Atatat, are you listening?
 1.44 07-May-2004  jonathan Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl, for
netstat -p ipsec.

New kernel files:
sys/netipsec/Makefile (new file; install *_var.h includes)
sys/netipsec/ipsec_var.h (new 64-bit mib counter struct)

Changed kernel files:
sys/Makefile (recurse into sys/netipsec/)
sys/netinet/in.h (fake IP_PROTO name for fast_ipsec
sysctl subtree.)
sys/netipsec/ipsec.h (minimal userspace inclusion)
sys/netipsec/ipsec_osdep.h (minimal userspace inclusion)
sys/netipsec/ipsec_netbsd.c (redo sysctl subtree from scratch)
sys/netipsec/key*.c (fix broken net.key subtree)

sys/netipsec/ah_var.h (increase all counters to 64 bits)
sys/netipsec/esp_var.h (increase all counters to 64 bits)
sys/netipsec/ipip_var.h (increase all counters to 64 bits)
sys/netipsec/ipcomp_var.h (increase all counters to 64 bits)

sys/netipsec/ipsec.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_mbuf.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_output.c (add #include netipsec/ipsec_var.h)

sys/netinet/raw_ip.c (add #include netipsec/ipsec_var.h)
sys/netinet/tcp_input.c (add #include netipsec/ipsec_var.h)
sys/netinet/udp_usrreq.c (add #include netipsec/ipsec_var.h)

Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":

New file:
usr.bin/netstat/fast_ipsec.c (print fast-ipsec counters)

Changed files:
usr.bin/netstat/Makefile (add fast_ipsec.c)
usr.bin/netstat/netstat.h (declarations for fast_ipsec.c)
usr.bin/netstat/main.c (call KAME-vs-fast-ipsec dispatcher)
 1.43 04-Sep-2003  itojun branches: 1.43.2;
synchronize w/ inpcb/in6pcb change
 1.42 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.41 18-Apr-2003  lukem clear errno before strto(u)l() if we're going to test it for ERANGE afterwards
 1.40 26-Feb-2003  matt Add MBUFTRACE kernel option.
Do a little mbuf rework while here. Change all uses of MGET*(*, M_WAIT, *)
to m_get*(M_WAIT, *). These are not performance critical and making them
call m_get saves considerable space. Add m_clget analogue of MCLGET and
make corresponding change for M_WAIT uses.
Modify netinet, gem, fxp, tulip, nfs to support MBUFTRACE.
Begin to change netstat to use sysctl.
 1.39 04-Feb-2003  thorpej Update for callout changes, and show TCP timers in relative, rather
than absolute ticks.
 1.38 23-Jul-2002  enami Add more software intrq.
 1.37 03-Jul-2002  enami Introduce -q flag to print some information (like number of packets dropped
due to queue full) about software interrupt queues such as ipintrq.
 1.36 02-Jul-2002  soren Sync SYNOPSIS and usage() with reality.
 1.35 11-Jun-2002  itojun err/errx/warn/warnx do not need \n at the end
 1.34 18-Oct-2001  itojun print rip6stat. sync with kame
 1.33 28-May-2001  assar add `-s' that prints port numbers symbolically but addresses numerically
 1.32 19-Feb-2001  cgd convert to use getprogname()
 1.31 28-Oct-2000  itojun more fix to "pfkey printed twice" problem. PR 11323 from ura.
 1.30 05-Oct-2000  itojun don't print pfkey statistics twice. from uep
 1.29 15-Aug-2000  jhawk Add kernel counters for arp events, displayable with netstat -s -f arp
 1.28 06-Jul-2000  itojun more stats. from kame
 1.27 14-Apr-2000  simonb branches: 1.27.4;
Don't declare 'extern opt*' getopt variables.
 1.26 26-Feb-2000  itojun revise IPsec, pfkey, IPv6 multicast and IPv6 statistics. (sync with kame)
 1.25 13-Dec-1999  itojun per-interface statistics.
bring in and enable KAME scopeid hack.
lots of cleanups.
(sync with latest KAME)
 1.24 15-Sep-1999  is branches: 1.24.4;
Add -L option. netstat -r -L behaves like 4.3BSD netstat -r, that is, it
does not show route table entries pointing to link level addresses (ARP
entries or IPv6 neighbour discovery entries).
 1.23 01-Jul-1999  itojun make netstat IPv6-ready.
 1.22 14-Mar-1999  kristerw There is no -h flag. From OpenBSD.
 1.21 27-Feb-1999  sommerfe fix PR7057: division by zero if no mbufs allocated
fix PR7059 (partial): mbuf cluster counts were based on counters which
are no longer maintained.
(full fix will involve renaming the now-unused fields in mclstat in mbuf.h)
 1.20 08-Feb-1999  explorer fix dumping of pcbs
 1.19 15-Jan-1999  kml Added a verbose flag for route display that will show
the various route metrics.
 1.18 11-Jan-1999  mrg #ifndef SMALL changes. saves 30k on the sparc
 1.17 18-Jul-1998  lukem use AF_LOCAL instead of AF_UNIX. support -f local as synonym for -f unix
 1.16 12-Jul-1998  mrg - KNF
- use err(3)
- sprintf/strcpy -> snprintf/strncpy
- change route.c:domask() to take a size_t of the buffer passed.
 1.15 06-Jul-1998  mrg - change setgid kmem programs (that lend themselves to this) so setegid(getgid())
and the top, and then set the effective gid back to kmem around the call to
kvm_openfiles(). this reduces the time group kmem is available.
- for those above that also allow this, setgid(getgid()) after the call to
kvm_openfiles() to fully revoke priviledges.
- some KNF
- use err(3) over fprintf(3) in some places
 1.14 03-Jun-1998  thorpej Add an option to dump the contents of a PCB at the specified address, and
implement this for TCP.
 1.13 19-Mar-1998  kml Add support for a '-b' option to provide byte counts in and out,
instead of just packet counts. On the byte screens, errors and
collisions are not shown, since they are more packet count related.
 1.12 19-Oct-1997  lukem branches: 1.12.2;
fix up .Nm usage, getopt returns -1 not EOF
 1.11 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.10 28-Feb-1997  jonathan Add compiled-in MCLBYTES and MSIZE to conf/param.c, as 'mclbytes" and "msize".

Add code to netstat to use libkvm to for kernel variables "mclbytes"
and "msize', and if found, use those for netstat -m rather than
compiled-in defaults.
 1.9 07-May-1996  thorpej Update for the changes to struct ifnet. While I'm here, fix a couple
of long-standing bugs:

- Actually deal with the fact that the kernel ifnet list is
a TAILQ; it just happened to work before.

- Use kvm_openfiles() instead of kvm_open(). The code passed
arguments to kvm_open() as if it were kvm_openfiles(), but
apparently went unnoticed since the prototypes are the same.
Amusing bit: there were XXX's in the code which seemed to
apologize for a verbose libkvm, when it happened to be a
bug in netstat!
 1.8 03-Oct-1995  thorpej New-style RCS ids.
 1.7 12-Jun-1995  mycroft Update to match kernel changes.
 1.6 13-May-1994  mycroft Clean up import.
 1.5 01-Apr-1994  cgd kill lots of off_t's.
 1.4 11-Jan-1994  brezak Incorporate changes for IP mcast and IGMP from cmaeda@cs.washington.edu.
 1.3 22-Dec-1993  cgd fix from James Jegers <jimj@miller.cs.uwm.edu>. Netstat -w didn't work
(and would seg fault, too). solution: tell getopt to expect an argument,
and set the appropriate flags when -w is given.
 1.2 01-Aug-1993  mycroft Add RCS identifiers.
 1.1 21-Mar-1993  cgd branches: 1.1.1;
after 0.2.2 "stable" patches applied
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.12.2.1 19-Jan-1999  cgd pull up rev 1.18 from trunk (mrg)
 1.24.4.1 27-Dec-1999  wrstuden Pull up to last week's -current.
 1.27.4.2 30-Oct-2000  tv Pullup 1.31 by patch [itojun]:
more fix to "pfkey printed twice" problem. PR 11323 from ura.
 1.27.4.1 05-Oct-2000  itojun pullup 1.29 -> 1.30 (approved by releng-1-5)
don't print pfkey statistics twice. from uep
 1.43.2.3 14-Jul-2004  tron Pull up revision 1.46 (requested by jonathan in ticket #647):
Fix two stupid bugs I introduced with stats for fast-ipsec:
1. Pass the caller-supplied protocol name down through ipsec_switch().
2. Remove my poor attempt to print fast-ipsec stats automagically for
`netstat -s'. The previous code would print (fast)IPsec per-protocol
stats even for 'netstat', which is just wrong.
A better fix would be to enumerate the sub-"protocols" under IPsec;
but first lets fix the broken behaviour now, for a pullup to 2.0.
 1.43.2.2 14-Jul-2004  tron Pull up revision 1.45 (requested by jonathan in ticket #647):
Temporary hack to fix ipsec stats lossage. Atatat, are you listening?
 1.43.2.1 10-May-2004  tron Pull up revision 1.44 (requested by jonathan in ticket #280):
Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl, for
netstat -p ipsec.
New kernel files:
sys/netipsec/Makefile (new file; install *_var.h includes)
sys/netipsec/ipsec_var.h (new 64-bit mib counter struct)
Changed kernel files:
sys/Makefile (recurse into sys/netipsec/)
sys/netinet/in.h (fake IP_PROTO name for fast_ipsec
sysctl subtree.)
sys/netipsec/ipsec.h (minimal userspace inclusion)
sys/netipsec/ipsec_osdep.h (minimal userspace inclusion)
sys/netipsec/ipsec_netbsd.c (redo sysctl subtree from scratch)
sys/netipsec/key*.c (fix broken net.key subtree)
sys/netipsec/ah_var.h (increase all counters to 64 bits)
sys/netipsec/esp_var.h (increase all counters to 64 bits)
sys/netipsec/ipip_var.h (increase all counters to 64 bits)
sys/netipsec/ipcomp_var.h (increase all counters to 64 bits)
sys/netipsec/ipsec.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_mbuf.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_output.c (add #include netipsec/ipsec_var.h)
sys/netinet/raw_ip.c (add #include netipsec/ipsec_var.h)
sys/netinet/tcp_input.c (add #include netipsec/ipsec_var.h)
sys/netinet/udp_usrreq.c (add #include netipsec/ipsec_var.h)
Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":
New file:
usr.bin/netstat/fast_ipsec.c (print fast-ipsec counters)
Changed files:
usr.bin/netstat/Makefile (add fast_ipsec.c)
usr.bin/netstat/netstat.h (declarations for fast_ipsec.c)
usr.bin/netstat/main.c (call KAME-vs-fast-ipsec dispatcher)
 1.52.2.1 19-Jun-2006  chap Sync with head.
 1.55.2.3 01-Sep-2006  tron Pull up following revision(s) (requested by christos in ticket #77):
usr.bin/netstat/main.c: revision 1.58
well, the || needed to be an && and the operand order needed to be changed.
XXX: There are still things like interface printing that need kvm.
 1.55.2.2 01-Sep-2006  tron Pull up following revision(s) (requested by christos in ticket #77):
usr.bin/netstat/main.c: revision 1.57
Fix another && || confusion, from Kurt Schreiner, thanks!
 1.55.2.1 01-Sep-2006  tron Pull up following revision(s) (requested by christos in ticket #77):
usr.bin/netstat/main.c: revision 1.56
Don't use || if you need &&.
 1.63.2.1 07-May-2007  snj Pull up following revision(s) (requested by mlelstv in ticket #604):
usr.bin/netstat/main.c: revision 1.64
Fall back to kvm interface for protocols that do not yet
offer a sysctl interface. Fixes PR bin/36210.
 1.65.2.1 18-May-2008  yamt sync with head.
 1.69.2.1 18-Sep-2008  wrstuden Sync with wrstuden-revivesa-base-2.
 1.70.12.1 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.70.6.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.70.4.1 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.70.2.1 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.81.10.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.81.8.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.81.4.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.81.2.2 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.81.2.1 17-Apr-2012  yamt sync with head
 1.83.2.3 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.83.2.2 23-Jun-2013  tls resync from head
 1.83.2.1 25-Feb-2013  tls resync with head
 1.88.2.1 10-Aug-2014  tls Rebase.
 1.91.2.1 08-Jan-2015  martin Pull up following revision(s) (requested by prlw1 in ticket #390):
usr.bin/netstat/mroute.c: revision 1.25
usr.bin/netstat/Makefile: revision 1.40
sbin/route/prog_ops.h: revision 1.3
sbin/route/rtutil.c: revision 1.1
sbin/route/rtutil.h: revision 1.1
usr.bin/netstat/mroute6.c: revision 1.15
sbin/route/extern.h: revision 1.15
usr.bin/netstat/show.c: file removal
usr.bin/netstat/main.c: revision 1.93
usr.bin/netstat/route.c: revision 1.83
usr.bin/netstat/netstat.h: revision 1.51
distrib/utils/x_route/Makefile: revision 1.18
sbin/route/show.c: revision 1.46
usr.bin/netstat/if.c: revision 1.80
sbin/route/route.c: revision 1.145
sbin/route/Makefile: revision 1.26
Factor out the netstat route printing code and use it here. There is no
point in having 2 different copies; fixes PR/49371
 1.99.18.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.99.8.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.36 24-Feb-2024  mlelstv Don't truncate mo_descr output and protect against missing terminating NUL.
 1.35 01-Sep-2022  msaitoh branches: 1.35.2;
KNF. No functional change.
 1.34 25-Jun-2019  martin branches: 1.34.2;
Limit maximum owner name to appease gcc
 1.33 28-Jul-2015  christos branches: 1.33.8; 1.33.16;
revert previous, will fix differently.
 1.32 28-Jul-2015  christos fix build (stdbool lossage)
 1.31 20-Mar-2012  matt Use C89 function definitions
 1.30 13-Dec-2010  pooka branches: 1.30.6;
Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.29 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.28 17-Jan-2008  yamt branches: 1.28.12;
sync with kernel. (make some mbuf related statistics per-cpu.)
 1.27 14-Jan-2008  yamt mbpr: fix a harmless bug. (sizeof pointer -> sizeof *pointer)
 1.26 10-Nov-2007  yamt don't bother to print unmaintained statistics. (m_drops, m_wait)
 1.25 09-Nov-2007  christos include stdbool.h instead of typedefing bool to int
 1.24 04-Aug-2005  rpaulo branches: 1.24.12;
Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.23 09-Apr-2004  atatat sysctl(3) no longer returns ENOPROTOOPT in this case, but ENOENT,
which is a more generic "that's not in the tree" response.

ENOPROTOOPT was specific to the net subtree under the old framework,
and didn't add much value (other than letting the caller know they
were looking up something under the net subtree, which they presumably
ought to have known already).
 1.22 18-Oct-2003  enami branches: 1.22.2;
mbstat.m_drain is still maintained. Don't skip it.
 1.21 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.20 27-Feb-2003  enami Don't use uninitialized variable.
 1.19 26-Feb-2003  matt Add MBUFTRACE kernel option.
Do a little mbuf rework while here. Change all uses of MGET*(*, M_WAIT, *)
to m_get*(M_WAIT, *). These are not performance critical and making them
call m_get saves considerable space. Add m_clget analogue of MCLGET and
make corresponding change for M_WAIT uses.
Modify netinet, gem, fxp, tulip, nfs to support MBUFTRACE.
Begin to change netstat to use sysctl.
 1.18 14-Dec-2002  martin Avoid integer overflow in percent calculation when facing a mbuf leak.
Fixes PR bin/19381 by Michael van Elst (slightly different than suggested).
 1.17 09-Mar-2002  sommerfeld Adapt to pool rototill.
 1.16 19-Feb-2001  cgd convert to use getprogname()
 1.15 02-Apr-1999  hubertf Remove duplicated if() statementA.
This fixes PR 7308 by Feico Dillema <feico@pasta.cs.uit.no>
 1.14 31-Mar-1999  thorpej branches: 1.14.2;
Define __POOL_EXPOSE to get at the guts of the pool descriptor.
 1.13 27-Feb-1999  sommerfe fix PR7057: division by zero if no mbufs allocated
fix PR7059 (partial): mbuf cluster counts were based on counters which
are no longer maintained.
(full fix will involve renaming the now-unused fields in mclstat in mbuf.h)
 1.12 19-Oct-1997  lukem fix up .Nm usage, getopt returns -1 not EOF
 1.11 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.10 28-Feb-1997  jonathan Add compiled-in MCLBYTES and MSIZE to conf/param.c, as 'mclbytes" and "msize".

Add code to netstat to use libkvm to for kernel variables "mclbytes"
and "msize', and if found, use those for netstat -m rather than
compiled-in defaults.
 1.9 07-May-1996  thorpej Update for the changes to struct ifnet. While I'm here, fix a couple
of long-standing bugs:

- Actually deal with the fact that the kernel ifnet list is
a TAILQ; it just happened to work before.

- Use kvm_openfiles() instead of kvm_open(). The code passed
arguments to kvm_open() as if it were kvm_openfiles(), but
apparently went unnoticed since the prototypes are the same.
Amusing bit: there were XXX's in the code which seemed to
apologize for a verbose libkvm, when it happened to be a
bug in netstat!
 1.8 03-Oct-1995  thorpej New-style RCS ids.
 1.7 17-Aug-1995  mycroft Garbage collect mbuf types.
 1.6 17-Aug-1995  mycroft Garbage collect mbuf types.
 1.5 13-May-1994  mycroft Clean up import.
 1.4 01-Apr-1994  cgd kill lots of off_t's.
 1.3 28-Mar-1994  cgd clean up, for off_t... ugliest 'cleaning' possible, i think...
 1.2 01-Aug-1993  mycroft Add RCS identifiers.
 1.1 21-Mar-1993  cgd branches: 1.1.1;
after 0.2.2 "stable" patches applied
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.14.2.1 03-Apr-1999  hubertf pullup 1.15
 1.22.2.1 09-Apr-2004  jmc Pullup rev 1.23 (requested by atatat in ticket #108)

sysctl(3) no longer returns ENOPROTOOPT in this case, but ENOENT,
which is a more generic "that's not in the tree" response.

ENOPROTOOPT was specific to the net subtree under the old framework,
and didn't add much value (other than letting the caller know they
were looking up something under the net subtree, which they presumably
ought to have known already).
 1.24.12.2 23-Mar-2008  matt sync with HEAD
 1.24.12.1 09-Jan-2008  matt sync with HEAD
 1.28.12.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.30.6.1 17-Apr-2012  yamt sync with head
 1.33.16.1 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.33.8.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.34.2.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.35.2.1 11-Sep-2024  martin Pull up following revision(s) (requested by rin in ticket #837):

usr.bin/netstat/mbuf.c: revision 1.36

Don't truncate mo_descr output and protect against missing terminating NUL.
 1.27 01-Sep-2022  msaitoh KNF. No functional change.
 1.26 06-Oct-2019  mrg sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
 1.25 06-Nov-2014  christos branches: 1.25.8; 1.25.16; 1.25.18;
use the common code from route.c
 1.24 20-Mar-2012  matt branches: 1.24.10;
Use C89 function definitions
 1.23 12-Apr-2009  lukem branches: 1.23.6;
Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.22 29-Dec-2008  christos branches: 1.22.2;
fix for 64 bit time_t
 1.21 28-May-2006  elad Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
 1.20 04-Aug-2005  rpaulo branches: 1.20.2;
Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.19 06-Sep-2004  martin Make it compile on ports where u_quad_t is not printf-format-compatible
with unsigned long long.
 1.18 04-Sep-2004  manu IPv4 PIM support, from the submission of Pavlin Radoslavov on tech-net@
 1.17 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.16 15-Apr-2003  itojun make char array bigger where it seems too small and may overrun.
 1.15 02-Jun-2002  itojun member of mrtstat are u_long, so %lu is more appropriate than %ld.
 1.14 28-May-2001  assar add `-s' that prints port numbers symbolically but addresses numerically
 1.13 12-Jul-1998  mrg - KNF
- use err(3)
- sprintf/strcpy -> snprintf/strncpy
- change route.c:domask() to take a size_t of the buffer passed.
 1.12 19-Oct-1997  lukem fix up .Nm usage, getopt returns -1 not EOF
 1.11 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.10 11-May-1996  mycroft Avoid spewing if there is no MFC.
 1.9 03-Oct-1995  thorpej New-style RCS ids.
 1.8 12-Jun-1995  mycroft Format the statistics output more like the other protocols.
 1.7 12-Jun-1995  mycroft Update to match kernel changes.
 1.6 28-Mar-1995  jtc KERNEL -> _KERNEL
 1.5 09-Jun-1994  brezak Report wrong interface stats
 1.4 13-May-1994  mycroft Clean up import.
 1.3 01-Apr-1994  cgd kill lots of off_t's.
 1.2 28-Mar-1994  cgd clean up, for off_t... ugliest 'cleaning' possible, i think...
 1.1 11-Jan-1994  brezak branches: 1.1.1;
Incorporate changes for IP mcast and IGMP from cmaeda@cs.washington.edu.
 1.1.1.2 02-Jan-1997  mellon imported from 44lite2
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.20.2.1 19-Jun-2006  chap Sync with head.
 1.22.2.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.23.6.1 17-Apr-2012  yamt sync with head
 1.24.10.1 08-Jan-2015  martin Pull up following revision(s) (requested by prlw1 in ticket #390):
usr.bin/netstat/mroute.c: revision 1.25
usr.bin/netstat/Makefile: revision 1.40
sbin/route/prog_ops.h: revision 1.3
sbin/route/rtutil.c: revision 1.1
sbin/route/rtutil.h: revision 1.1
usr.bin/netstat/mroute6.c: revision 1.15
sbin/route/extern.h: revision 1.15
usr.bin/netstat/show.c: file removal
usr.bin/netstat/main.c: revision 1.93
usr.bin/netstat/route.c: revision 1.83
usr.bin/netstat/netstat.h: revision 1.51
distrib/utils/x_route/Makefile: revision 1.18
sbin/route/show.c: revision 1.46
usr.bin/netstat/if.c: revision 1.80
sbin/route/route.c: revision 1.145
sbin/route/Makefile: revision 1.26
Factor out the netstat route printing code and use it here. There is no
point in having 2 different copies; fixes PR/49371
 1.25.18.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.25.16.1 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.25.8.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.16 01-Sep-2022  msaitoh KNF. No functional change.
 1.15 06-Nov-2014  christos branches: 1.15.8; 1.15.18;
use the common code from route.c
 1.14 18-Oct-2013  christos branches: 1.14.4;
- avoid pointer gymnastics
- remove unused variables
 1.13 20-Mar-2012  matt branches: 1.13.2;
Use C89 function definitions
 1.12 04-Aug-2005  rpaulo branches: 1.12.44;
Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.11 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.10 03-Jul-2002  itojun typo. sync w/kame
 1.9 02-Jun-2002  itojun KNF
 1.8 28-May-2001  assar add `-s' that prints port numbers symbolically but addresses numerically
 1.7 26-Feb-2000  itojun revise IPsec, pfkey, IPv6 multicast and IPv6 statistics. (sync with kame)
 1.6 16-Dec-1999  thorpej Make this compile on the Alpha again.
 1.5 13-Dec-1999  itojun per-interface statistics.
bring in and enable KAME scopeid hack.
lots of cleanups.
(sync with latest KAME)
 1.4 02-Dec-1999  tron Define "_KERNEL" not "KERNEL" before including "netinet6/ip6_mroute.h".
 1.3 19-Nov-1999  bouyer Change printf formats for 64bit counters.
 1.2 06-Jul-1999  itojun branches: 1.2.4;
add NetBSD RCS ID.
 1.1 01-Jul-1999  itojun make netstat IPv6-ready.
 1.2.4.1 27-Dec-1999  wrstuden Pull up to last week's -current.
 1.12.44.2 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.12.44.1 17-Apr-2012  yamt sync with head
 1.13.2.1 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.14.4.1 08-Jan-2015  martin Pull up following revision(s) (requested by prlw1 in ticket #390):
usr.bin/netstat/mroute.c: revision 1.25
usr.bin/netstat/Makefile: revision 1.40
sbin/route/prog_ops.h: revision 1.3
sbin/route/rtutil.c: revision 1.1
sbin/route/rtutil.h: revision 1.1
usr.bin/netstat/mroute6.c: revision 1.15
sbin/route/extern.h: revision 1.15
usr.bin/netstat/show.c: file removal
usr.bin/netstat/main.c: revision 1.93
usr.bin/netstat/route.c: revision 1.83
usr.bin/netstat/netstat.h: revision 1.51
distrib/utils/x_route/Makefile: revision 1.18
sbin/route/show.c: revision 1.46
usr.bin/netstat/if.c: revision 1.80
sbin/route/route.c: revision 1.145
sbin/route/Makefile: revision 1.26
Factor out the netstat route printing code and use it here. There is no
point in having 2 different copies; fixes PR/49371
 1.15.18.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.15.8.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.76 21-Dec-2022  msaitoh Add note about "netstat -mssv".
 1.75 07-Jan-2022  bad branches: 1.75.2;
mention ifmcstat(8) in SEE ALSO.
 1.74 21-Jul-2020  gutteridge netstat.1: add various xrefs present in the body to "See Also"
 1.73 12-May-2016  ozaki-r branches: 1.73.8; 1.73.18;
Remove duplicate routing flag list

We alreay have it in route(8) and shouldn't have another one.
(Actually the removed list is forgot to be updated.)
 1.72 23-Mar-2015  roy Add RTF_BROADCAST to mark routes used for the broadcast address when
they are created on the fly. This makes it clear what the route is for
and allows an optimisation in ip_output() by avoiding a call to
in_broadcast() because most of the time we do talk to a host.
It also avoids a needless allocation for the storage of llinfo_arp and
thus vanishes from arp(8) - it showed as incomplete anyway so this
is a nice side effect.

Guard against this and routes marked with RTF_BLACKHOLE in
ip_fastforward().
While here, guard against routes marked with RTF_BLACKHOLE in
ip6_fastforward().
RTF_BROADCAST is IPv4 only, so don't bother checking that here.
 1.71 26-Feb-2015  roy Document RTF_LOCAL
 1.70 11-Oct-2014  wiz Give flag argument in description. Add two articles.
 1.69 11-Oct-2014  enami - Explicitly describe that kvm(3) is used when -M/-N option is used since
nowadays sysctl(3) is the default information retrieval method.
- Fix description about default value for -N; it is no longer a single value
these days, so just say see kvm_openfiles(3) rahter than repeating
several lines description here.
 1.68 09-Oct-2014  enami As described in kvm_openfiles(3), default core file is not /dev/kmem
but /dev/mem. Actually, passing /dev/kmem to -M doesn't work.
 1.67 18-Oct-2013  bad Make the -f option accept multiple address families.
Bump man page date.
 1.66 01-Mar-2013  joerg Retire OSI network stack. OK core@
 1.65 19-Oct-2012  msaitoh Add -t flag.
 1.64 19-Oct-2012  msaitoh Add note about -l option. Fixes PR#47085 reported by Julian Fagir.
 1.63 25-Sep-2012  pgoyette Sort -h option properly (not between -I and -i)

XXX Should the date be updated?
 1.62 11-Nov-2011  gdt branches: 1.62.2; 1.62.6;
Move RTF_ANNOUNCE flag so that it no longer conflicts with RTF_PROTO2.

RTF_ANNOUNCE was defined as RTF_PROTO2. The flag is used to indicated
that host should act as a proxy for a link level arp or ndp request.
(If RTF_PROTO2 is used as an experimental flag (as advertised),
various problems can occur.)

This commit provides a first-class definition with its own bit for
RTF_ANNOUNCE, removes the old aliasing definitions, and adds support
for the new RTF_ANNOUNCE flag to netstat(8) and route(8).,

Also, remove unused RTF_ flags that collide with RTF_PROTO1:
netinet/icmp6.h defined RTF_PROBEMTU as RTF_PROTO1
netinet/if_inarp.h defined RTF_USETRAILERS as RTF_PROTO1
(Neither of these flags are used anywhere. Both have been removed
to reduce chances of collision with RTF_PROTO1.)

Figuring this out and the diff are the work of Beverly Schwartz of
BBN.

(Passed release build, boot in VM, with no apparently related atf
failures.)

Approved for Public Release, Distribution Unlimited
This material is based upon work supported by the Defense Advanced
Research Projects Agency and Space and Naval Warfare Systems Center,
Pacific, under Contract No. N66001-09-C-2073.
 1.61 21-Jun-2011  wiz branches: 1.61.2;
New sentence, new line.
 1.60 21-Jun-2011  kefren add a sentence regarding multiple tags
 1.59 06-Dec-2010  pooka Insert word "mbuf" to description of -m (so you can search for it).
No functional change.
 1.58 30-Jun-2010  wiz Bump date for previous (mpls).
 1.57 29-Jun-2010  kefren Add mpls into family address list
 1.56 27-Jun-2010  kefren Add -T flag, that shows tags in route output
 1.55 24-Feb-2010  pooka Add -h, which makes output of bytes counts "humanized" (e.g. -bih)

(netstat had -h some 15 years ago, but since then it has been just
a fancy way of calling usage())
 1.54 13-Sep-2009  wiz Fix section for sysctl xref (it is 3, not 2).
 1.53 13-Sep-2009  elad Checkin work in progress to make netstat use sysctl rather than kvm(3).

This commit mostly adds code written by Claudio Jeker for OpenBSD to
support sysctl in the interface printing parts (-i, -I, -w). The port has
been ported to NetBSD with tiny adjustments -- of course all bugs etc.
are mine.

Also add and document a -X flag to force sysctl usage. The documentation
notes this flag may be removed at any time and its presence should not be
relied on.

Some misc. comments/#ifdef changes/code snippet moves as well.

Please note that no functionality should change as the routing and
interface printing code is still not fully supported.

Mailing list reference:

http://mail-index.netbsd.org/tech-userlevel/2009/09/09/msg002604.html
 1.52 28-Jun-2009  dholland Fix typo
 1.51 28-May-2009  christos fix typo (Silas Silva)
 1.50 11-Mar-2009  joerg Fix markup
 1.49 14-Feb-2009  wiz Sort option descriptions, and options in usage.
Covers PR 40627.
 1.48 30-Aug-2007  jnemeth branches: 1.48.12; 1.48.14;
bump date
 1.47 30-Aug-2007  jnemeth PR/36867 - Zafer Aydogan -- trsp is no longer
 1.46 30-Jul-2007  pavel branches: 1.46.4; 1.46.6;
Add xref to sockstat, from Zafer Aydogan in PR misc/36706.
Bump date.
 1.45 28-Dec-2005  rpaulo branches: 1.45.6; 1.45.8;
Bump date for previous.
 1.44 28-Dec-2005  rpaulo Explain the netstat -B flag column.
 1.43 11-Sep-2005  wiz Punctuation fix. From YOMURA Masanori in private mail.
 1.42 11-Sep-2005  wiz Argument is address_family, not "address family". From YOMURA Masanori in private mail.
 1.41 06-Aug-2005  rpaulo Explained how -B works and how it works in conjunction with -I or -s.

Reviewed by wiz@
 1.40 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.39 02-Mar-2003  itojun TF_PROTO1/2 mixup. from itou makoto
 1.38 25-Feb-2003  wiz .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
 1.37 04-Feb-2003  perry "Utilize" has exactly the same meaning as "use," but it is more
difficult to read and understand. Most manuals of English style
therefore say that you should use "use".
 1.36 30-Sep-2002  grant New sentence, new line.
 1.35 03-Jul-2002  enami Introduce -q flag to print some information (like number of packets dropped
due to queue full) about software interrupt queues such as ipintrq.
 1.34 02-Jul-2002  soren Sync SYNOPSIS and usage() with reality.
 1.33 01-Dec-2001  wiz Whitespace cleanup.
 1.32 03-Sep-2001  sommerfeld Cross-reference fstat(1)
 1.31 28-May-2001  itojun typo
 1.30 28-May-2001  assar add `-s' that prints port numbers symbolically but addresses numerically
 1.29 06-May-2001  wiz Change xref for vmstat(8) to vmstat(1).
Whitespace, punctuation and spelling fixes while I'm here.
 1.28 27-Jan-2001  itojun mark cloned routes with RTF_CLONED. present it with netstat -r by "c".

let static routes overwrite cloned routes, as cloned routes can come back again
if necessary. behavior same as freebsd/bsdi, code partially from bsdi42.
(NRL rt->rt_parent was not added)
should fix PR 11916 and maybe some other PRs with ARP behavior.

recompilation of usr.sbin/route6d is suggested.
 1.27 15-Aug-2000  jhawk Add kernel counters for arp events, displayable with netstat -s -f arp
 1.26 13-Dec-1999  itojun branches: 1.26.4;
per-interface statistics.
bring in and enable KAME scopeid hack.
lots of cleanups.
(sync with latest KAME)
 1.25 15-Sep-1999  is branches: 1.25.4;
Add -L option. netstat -r -L behaves like 4.3BSD netstat -r, that is, it
does not show route table entries pointing to link level addresses (ARP
entries or IPv6 neighbour discovery entries).
 1.24 15-Sep-1999  is Netstat knows about "-f inet6".
 1.23 12-Sep-1999  dbj RTF_PROTO1 is indicated by the flag '1' and RTF_PROTO2 is indicated by the flag '2',
not the other way around
 1.22 01-Jul-1999  itojun make netstat IPv6-ready.
 1.21 22-Mar-1999  garbled More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages. Many more to
come.
 1.20 14-Mar-1999  kristerw There is no -h flag. From OpenBSD.
 1.19 02-Feb-1999  lukem remove sentence consistenting solely of "When"
 1.18 15-Jan-1999  kml Added a verbose flag for route display that will show
the various route metrics.
 1.17 18-Jul-1998  lukem use AF_LOCAL instead of AF_UNIX. support -f local as synonym for -f unix
 1.16 03-Jun-1998  thorpej Add an option to dump the contents of a PCB at the specified address, and
implement this for TCP.
 1.15 19-Mar-1998  kml Add support for a '-b' option to provide byte counts in and out,
instead of just packet counts. On the byte screens, errors and
collisions are not shown, since they are more packet count related.
 1.14 28-Oct-1997  kml Added (and documented) a change to the route display, so that mtu values
which have been locked are indicated by an 'L' appended to the MTU value.
Locked routes have path mtu discovery turned off.
 1.13 19-Oct-1997  lukem branches: 1.13.2;
fix up .Nm usage, getopt returns -1 not EOF
 1.12 01-Aug-1997  mikel add 'atalk' to list of arguments recognized by -f, minor cleanup
 1.11 03-Oct-1995  thorpej New-style RCS ids.
 1.10 27-Sep-1995  jtc iostat is in section 8; PR #1533
 1.9 27-Sep-1995  jtc vmstat is in section 8; PR #1532
 1.8 10-Aug-1995  thorpej If set, show a route's mtu in the routing table display.
 1.7 06-Aug-1994  jtc vmunix -> netbsd (PR #375)
 1.6 13-May-1994  mycroft branches: 1.6.2;
Clean up import.
 1.5 01-Apr-1994  cgd there will be no more /vmunix! from Mark Weaver.
 1.4 03-Feb-1994  jtc vmunix -> netbsd
 1.3 11-Jan-1994  brezak Incorporate changes for IP mcast and IGMP from cmaeda@cs.washington.edu.
 1.2 01-Aug-1993  mycroft Add RCS indentifiers.
 1.1 21-Mar-1993  cgd branches: 1.1.1;
after 0.2.2 "stable" patches applied
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.6.2.1 06-Aug-1994  mycroft update fron trunk
 1.13.2.1 29-Oct-1997  mellon Pull rev 1.14 up from trunk
 1.25.4.1 27-Dec-1999  wrstuden Pull up to last week's -current.
 1.26.4.1 05-Apr-2001  he Pull up revision 1.28 (requested by itojun):
Mark cloned routes with RTF_CLONED. Present it in ``netstat -r''
output by ``c''.
 1.45.8.1 03-Sep-2007  wrstuden Sync w/ NetBSD-4-RC_1
 1.45.6.2 05-Sep-2009  bouyer Pull up following revision(s) (requested by dholland in ticket #1356):
usr.bin/netstat/netstat.1: revision 1.52
Fix typo
 1.45.6.1 31-Aug-2007  xtraeme branches: 1.45.6.1.2;
Pull up following revision(s) (requested by jnemeth in ticket #855):
usr.bin/netstat/netstat.1: revision 1.46
usr.bin/netstat/netstat.1: revision 1.47
usr.bin/crunch/examples/really-big.conf: revision 1.3
usr.bin/netstat/netstat.1: revision 1.48
usr.sbin/trpt/trpt.8: revision 1.16
Add xref to sockstat, from Zafer Aydogan in PR misc/36706.
Bump date.
PR/36867 - Zafer Aydogan -- trsp is no longer
usr.bin/netstat/netstat.1 usr.bin/netstat/netstat.1 usr.bin/crunch/examples/really-big.conf usr.bin/netstat/netstat.1 usr.sbin/trpt/trpt.8
 1.45.6.1.2.1 05-Sep-2009  bouyer Pull up following revision(s) (requested by dholland in ticket #1356):
usr.bin/netstat/netstat.1: revision 1.52
Fix typo
 1.46.6.2 30-Jul-2007  pavel Add xref to sockstat, from Zafer Aydogan in PR misc/36706.
Bump date.
 1.46.6.1 30-Jul-2007  pavel file netstat.1 was added on branch matt-mips64 on 2007-07-30 19:59:43 +0000
 1.46.4.1 06-Nov-2007  matt sync with HEAD
 1.48.14.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.48.12.2 05-Sep-2009  bouyer Pull up following revision(s) (requested by dholland in ticket #933):
usr.bin/netstat/netstat.1: revision 1.52
Fix typo
 1.48.12.1 23-Feb-2009  snj branches: 1.48.12.1.2; 1.48.12.1.4;
Pull up following revision(s) (requested by wiz in ticket #462):
usr.bin/netstat/netstat.1: revision 1.49
Sort option descriptions, and options in usage.
Covers PR 40627.
 1.48.12.1.4.1 21-Apr-2010  matt sync to netbsd-5
 1.48.12.1.2.1 05-Sep-2009  bouyer Pull up following revision(s) (requested by dholland in ticket #933):
usr.bin/netstat/netstat.1: revision 1.52
Fix typo
 1.61.2.3 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.61.2.2 30-Oct-2012  yamt sync with head
 1.61.2.1 17-Apr-2012  yamt sync with head
 1.62.6.3 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.62.6.2 23-Jun-2013  tls resync from head
 1.62.6.1 20-Nov-2012  tls Resync to 2012-11-19 00:00:00 UTC
 1.62.2.1 25-Oct-2012  riz Pull up following revision(s) (requested by msaitoh in ticket #635):
usr.bin/netstat/netstat.1: revision 1.64
usr.bin/netstat/netstat.1: revision 1.65
Add note about -l option. Fixes PR#47085 reported by Julian Fagir.
Add -t flag.
 1.73.18.2 19-Jan-2023  martin Pull up following revision(s) (requested by msaitoh in ticket #1569):

usr.bin/netstat/netstat.1: revision 1.76

Add note about "netstat -mssv".
 1.73.18.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.73.8.2 19-Jan-2023  martin Pull up following revision(s) (requested by msaitoh in ticket #1785):

usr.bin/netstat/netstat.1: revision 1.76

Add note about "netstat -mssv".
 1.73.8.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.75.2.1 19-Jan-2023  martin Pull up following revision(s) (requested by msaitoh in ticket #52):

usr.bin/netstat/netstat.1: revision 1.76

Add note about "netstat -mssv".
 1.54 18-Aug-2023  martin Rename local bpf_* functions to nsbpf_* to avoid conflicts with
new libpcap bpf_* functions
 1.53 01-Sep-2022  msaitoh KNF. No functional change.
 1.52 23-Apr-2020  joerg Avoid common symbol definitions.
 1.51 06-Nov-2014  christos branches: 1.51.8; 1.51.18;
use the common code from route.c
 1.50 28-Apr-2014  christos branches: 1.50.2;
use the same for the route metrics part, both in the sysctl and kmem paths.
From Takahiro HAYASHI
 1.49 24-Apr-2014  christos un __P
 1.48 23-Nov-2013  christos branches: 1.48.2;
Update for new pcb tailq's.
While here fix ipv6 pcb printing by making tcp6_dump with tcp.
XXX: Merge the inet and the inet6 code. It is silly to need to specify
-p tcp6 to print a tcp6 pcb, we already know what it is.
 1.47 19-Jun-2013  christos Don't use -P as a kmem printer, verify that the address points to a pcb first!
 1.46 01-Mar-2013  joerg Retire OSI network stack. OK core@
 1.45 28-Jan-2013  joerg Use sysctl based code netstat -r. Remove support for post-mortem
analysis.
 1.44 22-Mar-2012  drochner branches: 1.44.2;
remove KAME IPSEC, replaced by FAST_IPSEC
 1.43 21-Jun-2011  kefren branches: 1.43.2; 1.43.4; 1.43.8; 1.43.10;
print multiple tags if exists, comma separated
 1.42 03-May-2011  dyoung Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
 1.41 27-Jun-2010  kefren Add -T flag, that shows tags in route output
 1.40 24-Feb-2010  pooka Add -h, which makes output of bytes counts "humanized" (e.g. -bih)

(netstat had -h some 15 years ago, but since then it has been just
a fancy way of calling usage())
 1.39 14-Sep-2009  degroote Import pfsync support from OpenBSD 4.2

Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.

This work was part of my 2009 GSoC

No objection on tech-net@
 1.38 13-Sep-2009  elad Checkin work in progress to make netstat use sysctl rather than kvm(3).

This commit mostly adds code written by Claudio Jeker for OpenBSD to
support sysctl in the interface printing parts (-i, -I, -w). The port has
been ported to NetBSD with tiny adjustments -- of course all bugs etc.
are mine.

Also add and document a -X flag to force sysctl usage. The documentation
notes this flag may be removed at any time and its presence should not be
relied on.

Some misc. comments/#ifdef changes/code snippet moves as well.

Please note that no functionality should change as the routing and
interface printing code is still not fully supported.

Mailing list reference:

http://mail-index.netbsd.org/tech-userlevel/2009/09/09/msg002604.html
 1.37 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.36 27-Feb-2008  ad branches: 1.36.6; 1.36.8; 1.36.10; 1.36.16;
- Define _KERNEL for sys/types.h in unix.c.
- caddr_t -> char * in a couple of places.
 1.35 28-May-2006  elad branches: 1.35.10; 1.35.16;
Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
 1.34 23-May-2006  rpaulo Fix carp_stats() prototype location.
Noticed by Iain Hibbert.
 1.33 18-May-2006  liamjfoy branches: 1.33.2;
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD

'pseudo-device carp'

Thanks to: joerg@ christos@ riz@ and others who tested
Ok: core@
 1.32 02-Sep-2005  rpaulo Request process information using sysctl(3) and not kvm(3) since bpf(4)
statistics and peers are only available using the former.
 1.31 04-Aug-2005  rpaulo Implemented the userland part of the BPF statistics and BPF peers,
net.bpf.stats and net.bpf.peers sysctls respectively. netstat(1) now
has an additional syntax:
netstat [-s] [-B] [-I Interface]

Only the super user can see a list of BPF peers with the following command:
# netstat -B
Active BPF peers
PID Int Recv Drop Capt Flags Bufsize Comm
4941 lo0 0 0 0 I--S- 262144 tcpdump
252 ex0 19668 0 5 I-RS- 32768 dhclient

And every user can see the BPF statistics with:
$ netstat -s -B
bpf:
19669 total packets received
5 total packets captured
0 total packets dropped

This idea came from FreeBSD (Christian S.J. Peron) but, currently, they
doen't have a userland utility in the base system to read the sysctls.

Reviewed by: christos@
 1.30 04-Sep-2004  manu IPv4 PIM support, from the submission of Pavlin Radoslavov on tech-net@
 1.29 07-May-2004  jonathan Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl, for
netstat -p ipsec.

New kernel files:
sys/netipsec/Makefile (new file; install *_var.h includes)
sys/netipsec/ipsec_var.h (new 64-bit mib counter struct)

Changed kernel files:
sys/Makefile (recurse into sys/netipsec/)
sys/netinet/in.h (fake IP_PROTO name for fast_ipsec
sysctl subtree.)
sys/netipsec/ipsec.h (minimal userspace inclusion)
sys/netipsec/ipsec_osdep.h (minimal userspace inclusion)
sys/netipsec/ipsec_netbsd.c (redo sysctl subtree from scratch)
sys/netipsec/key*.c (fix broken net.key subtree)

sys/netipsec/ah_var.h (increase all counters to 64 bits)
sys/netipsec/esp_var.h (increase all counters to 64 bits)
sys/netipsec/ipip_var.h (increase all counters to 64 bits)
sys/netipsec/ipcomp_var.h (increase all counters to 64 bits)

sys/netipsec/ipsec.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_mbuf.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_output.c (add #include netipsec/ipsec_var.h)

sys/netinet/raw_ip.c (add #include netipsec/ipsec_var.h)
sys/netinet/tcp_input.c (add #include netipsec/ipsec_var.h)
sys/netinet/udp_usrreq.c (add #include netipsec/ipsec_var.h)

Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":

New file:
usr.bin/netstat/fast_ipsec.c (print fast-ipsec counters)

Changed files:
usr.bin/netstat/Makefile (add fast_ipsec.c)
usr.bin/netstat/netstat.h (declarations for fast_ipsec.c)
usr.bin/netstat/main.c (call KAME-vs-fast-ipsec dispatcher)
 1.28 07-Aug-2003  agc branches: 1.28.2;
Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.27 26-Feb-2003  matt Add MBUFTRACE kernel option.
Do a little mbuf rework while here. Change all uses of MGET*(*, M_WAIT, *)
to m_get*(M_WAIT, *). These are not performance critical and making them
call m_get saves considerable space. Add m_clget analogue of MCLGET and
make corresponding change for M_WAIT uses.
Modify netinet, gem, fxp, tulip, nfs to support MBUFTRACE.
Begin to change netstat to use sysctl.
 1.26 04-Feb-2003  thorpej Update for callout changes, and show TCP timers in relative, rather
than absolute ticks.
 1.25 03-Jul-2002  enami Introduce -q flag to print some information (like number of packets dropped
due to queue full) about software interrupt queues such as ipintrq.
 1.24 27-Feb-2002  lukem clarification of vflag
 1.23 18-Oct-2001  itojun print rip6stat. sync with kame
 1.22 28-May-2001  assar add `-s' that prints port numbers symbolically but addresses numerically
 1.21 19-Feb-2001  cgd convert to use getprogname()
 1.20 15-Aug-2000  jhawk Add kernel counters for arp events, displayable with netstat -s -f arp
 1.19 06-Jul-2000  itojun more stats. from kame
 1.18 26-Feb-2000  itojun revise IPsec, pfkey, IPv6 multicast and IPv6 statistics. (sync with kame)
 1.17 13-Dec-1999  itojun per-interface statistics.
bring in and enable KAME scopeid hack.
lots of cleanups.
(sync with latest KAME)
 1.16 22-Nov-1999  itojun use old WID_{DST,GW} value (field width for netstat -rn) for non-INET6
address families (see tech-net discussion).
 1.15 15-Sep-1999  is branches: 1.15.4;
Add -L option. netstat -r -L behaves like 4.3BSD netstat -r, that is, it
does not show route table entries pointing to link level addresses (ARP
entries or IPv6 neighbour discovery entries).
 1.14 01-Jul-1999  itojun make netstat IPv6-ready.
 1.13 27-Feb-1999  sommerfe fix PR7057: division by zero if no mbufs allocated
fix PR7059 (partial): mbuf cluster counts were based on counters which
are no longer maintained.
(full fix will involve renaming the now-unused fields in mclstat in mbuf.h)
 1.12 15-Jan-1999  kml Added a verbose flag for route display that will show
the various route metrics.
 1.11 11-Jan-1999  mrg #ifndef SMALL changes. saves 30k on the sparc
 1.10 03-Jun-1998  thorpej Add an option to dump the contents of a PCB at the specified address, and
implement this for TCP.
 1.9 19-Mar-1998  kml Add support for a '-b' option to provide byte counts in and out,
instead of just packet counts. On the byte screens, errors and
collisions are not shown, since they are more packet count related.
 1.8 03-Apr-1997  christos branches: 1.8.4;
- netatalk additions
- printf format fixes
- minor prototype cleanups
 1.7 28-Feb-1997  jonathan Add compiled-in MCLBYTES and MSIZE to conf/param.c, as 'mclbytes" and "msize".

Add code to netstat to use libkvm to for kernel variables "mclbytes"
and "msize', and if found, use those for netstat -m rather than
compiled-in defaults.
 1.6 07-May-1996  thorpej Update for the changes to struct ifnet. While I'm here, fix a couple
of long-standing bugs:

- Actually deal with the fact that the kernel ifnet list is
a TAILQ; it just happened to work before.

- Use kvm_openfiles() instead of kvm_open(). The code passed
arguments to kvm_open() as if it were kvm_openfiles(), but
apparently went unnoticed since the prototypes are the same.
Amusing bit: there were XXX's in the code which seemed to
apologize for a verbose libkvm, when it happened to be a
bug in netstat!
 1.5 03-Oct-1995  thorpej New-style RCS ids.
 1.4 03-Jul-1995  mycroft Byte-swap correctly. Make some types 64-bit safe. Use INADDR_ANY rather
than an explicit 0.
 1.3 12-Jun-1995  mycroft Update to match kernel changes.
 1.2 13-May-1994  mycroft Clean up import.
 1.1 13-May-1994  mycroft branches: 1.1.1;
Initial revision
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.8.4.1 19-Jan-1999  cgd pull up rev 1.11 from trunk (mrg)
 1.15.4.1 27-Dec-1999  wrstuden Pull up to last week's -current.
 1.28.2.1 10-May-2004  tron Pull up revision 1.29 (requested by jonathan in ticket #280):
Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl, for
netstat -p ipsec.
New kernel files:
sys/netipsec/Makefile (new file; install *_var.h includes)
sys/netipsec/ipsec_var.h (new 64-bit mib counter struct)
Changed kernel files:
sys/Makefile (recurse into sys/netipsec/)
sys/netinet/in.h (fake IP_PROTO name for fast_ipsec
sysctl subtree.)
sys/netipsec/ipsec.h (minimal userspace inclusion)
sys/netipsec/ipsec_osdep.h (minimal userspace inclusion)
sys/netipsec/ipsec_netbsd.c (redo sysctl subtree from scratch)
sys/netipsec/key*.c (fix broken net.key subtree)
sys/netipsec/ah_var.h (increase all counters to 64 bits)
sys/netipsec/esp_var.h (increase all counters to 64 bits)
sys/netipsec/ipip_var.h (increase all counters to 64 bits)
sys/netipsec/ipcomp_var.h (increase all counters to 64 bits)
sys/netipsec/ipsec.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_mbuf.c (add #include netipsec/ipsec_var.h)
sys/netipsec/ipsec_output.c (add #include netipsec/ipsec_var.h)
sys/netinet/raw_ip.c (add #include netipsec/ipsec_var.h)
sys/netinet/tcp_input.c (add #include netipsec/ipsec_var.h)
sys/netinet/udp_usrreq.c (add #include netipsec/ipsec_var.h)
Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":
New file:
usr.bin/netstat/fast_ipsec.c (print fast-ipsec counters)
Changed files:
usr.bin/netstat/Makefile (add fast_ipsec.c)
usr.bin/netstat/netstat.h (declarations for fast_ipsec.c)
usr.bin/netstat/main.c (call KAME-vs-fast-ipsec dispatcher)
 1.33.2.1 19-Jun-2006  chap Sync with head.
 1.35.16.1 24-Mar-2008  keiichi sync with head.
 1.35.10.1 23-Mar-2008  matt sync with HEAD
 1.36.16.1 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.36.10.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.36.8.1 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.36.6.1 30-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #1868):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.43.10.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.43.8.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.43.4.1 29-Jul-2013  msaitoh Pull up following revision(s) (requested by christos in ticket #912):
usr.bin/netstat/main.c: revision 1.86
usr.bin/netstat/netstat.h: revision 1.47
usr.bin/netstat/inet.c: revision 1.102
usr.bin/netstat/inet.c: revision 1.103
usr.bin/netstat/inet6.c: revision 1.61
usr.bin/netstat/inet6.c: revision 1.62
Don't use -P as a kmem printer, verify that the address points to a pcb first!
Not all pointers are 64bit - use uintptr_t instead of uint64_t.
 1.43.2.2 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.43.2.1 17-Apr-2012  yamt sync with head
 1.44.2.3 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.44.2.2 23-Jun-2013  tls resync from head
 1.44.2.1 25-Feb-2013  tls resync with head
 1.48.2.1 10-Aug-2014  tls Rebase.
 1.50.2.1 08-Jan-2015  martin Pull up following revision(s) (requested by prlw1 in ticket #390):
usr.bin/netstat/mroute.c: revision 1.25
usr.bin/netstat/Makefile: revision 1.40
sbin/route/prog_ops.h: revision 1.3
sbin/route/rtutil.c: revision 1.1
sbin/route/rtutil.h: revision 1.1
usr.bin/netstat/mroute6.c: revision 1.15
sbin/route/extern.h: revision 1.15
usr.bin/netstat/show.c: file removal
usr.bin/netstat/main.c: revision 1.93
usr.bin/netstat/route.c: revision 1.83
usr.bin/netstat/netstat.h: revision 1.51
distrib/utils/x_route/Makefile: revision 1.18
sbin/route/show.c: revision 1.46
usr.bin/netstat/if.c: revision 1.80
sbin/route/route.c: revision 1.145
sbin/route/Makefile: revision 1.26
Factor out the netstat route printing code and use it here. There is no
point in having 2 different copies; fixes PR/49371
 1.51.18.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.51.8.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.4 03-Apr-2020  christos remove unused
 1.3 03-Apr-2020  martin Make route and netstat share the same struct progops (and initialization
code)
 1.2 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.1 13-Dec-2010  pooka branches: 1.1.46; 1.1.48;
Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.1.48.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.1.46.1 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.4 03-Apr-2020  christos remove unused
 1.3 03-Apr-2020  martin Make route and netstat share the same struct progops (and initialization
code)
 1.2 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.1 13-Dec-2010  pooka branches: 1.1.46; 1.1.48;
Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.1.48.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.1.46.1 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.16 23-Apr-2008  thorpej netns is no longer in the tree; completely purge it from netstat(1).
 1.15 04-Aug-2005  rpaulo branches: 1.15.20;
Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.14 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.13 19-Jun-2001  wiz `existent', not `existant'
 1.12 11-Oct-2000  is More format string cleanup by sommerfeld.
 1.11 12-Jul-1998  mrg branches: 1.11.2; 1.11.10;
- KNF
- use err(3)
- sprintf/strcpy -> snprintf/strncpy
- change route.c:domask() to take a size_t of the buffer passed.
 1.10 19-Oct-1997  lukem fix up .Nm usage, getopt returns -1 not EOF
 1.9 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.8 03-Oct-1995  thorpej New-style RCS ids.
 1.7 13-May-1994  mycroft Clean up import.
 1.6 01-Apr-1994  cgd kill lots of off_t's.
 1.5 28-Mar-1994  cgd clean up, for off_t... ugliest 'cleaning' possible, i think...
 1.4 01-Aug-1993  mycroft Add RCS identifiers.
 1.3 20-May-1993  cgd get rid of select.h inclusion, and clean up headers *more*.
 1.2 20-May-1993  cgd fix for new select & clean up headers
 1.1 21-Mar-1993  cgd branches: 1.1.1;
after 0.2.2 "stable" patches applied
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.11.10.1 18-Oct-2000  tv Pullup usr.bin string format fixes [is].
See "cvs log" for explicit revision numbers per file, from sommerfeld.
 1.11.2.1 19-Oct-2000  he Pull up revision 1.12 (requested by he):
Format string cleanup.
 1.15.20.1 17-Jun-2008  yamt fix merge botches
 1.5 02-Sep-2022  msaitoh KNF. No functional change.
 1.4 01-Sep-2022  msaitoh KNF. No functional change.
 1.3 28-Aug-2020  ozaki-r netstat: strengthen against kernel changes

netstat uses sysctlbyname to get counter data from the kernel.
sysctlbyname fails with ENOMEM if actual counter data in the kernel is
larger than a passed buffer. netstat just skips showing counters of a
category if sysctlbyname fails, so if we added new counters of the
category to the kernel, nestat shows nothing for the category.

Fortunately sysctlbyname fills data as much as possible even if a passed
buffer is short. So we can allow netstat to show the filled data anyway
if sysctlbyname fails with ENOMEM.

Note that this backcompat mechanism works only if new counters are
appended, and doesn't work if new counters are inserted into the middle
or counters are moved.
 1.2 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.1 06-Jan-2012  drochner branches: 1.1.4; 1.1.34; 1.1.42; 1.1.44;
split the ipsec.c source file into the pfkey part which is shared
with FAST_IPSEC and KAME specific IPSEC statistics
 1.1.44.2 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.1.44.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.1.42.1 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.1.34.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.1.4.2 17-Apr-2012  yamt sync with head
 1.1.4.1 06-Jan-2012  yamt file pfkey.c was added on branch yamt-pagecache on 2012-04-17 00:09:37 +0000
 1.5 02-Sep-2022  msaitoh KNF. No functional change.
 1.4 01-Sep-2022  msaitoh KNF. No functional change.
 1.3 28-Aug-2020  ozaki-r netstat: strengthen against kernel changes

netstat uses sysctlbyname to get counter data from the kernel.
sysctlbyname fails with ENOMEM if actual counter data in the kernel is
larger than a passed buffer. netstat just skips showing counters of a
category if sysctlbyname fails, so if we added new counters of the
category to the kernel, nestat shows nothing for the category.

Fortunately sysctlbyname fills data as much as possible even if a passed
buffer is short. So we can allow netstat to show the filled data anyway
if sysctlbyname fails with ENOMEM.

Note that this backcompat mechanism works only if new counters are
appended, and doesn't work if new counters are inserted into the middle
or counters are moved.
 1.2 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.1 01-Mar-2011  dyoung branches: 1.1.2; 1.1.38; 1.1.46; 1.1.48;
Pull pfsync_stats() out of inet.c and into pfsync.c so that inet.c does
not have to #include PF header files that pollute the global namespace
by #defining v4 and v6 (sheesh).
 1.1.48.2 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.1.48.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.1.46.1 13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.1.38.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.1.2.2 05-Mar-2011  bouyer Sync with HEAD
 1.1.2.1 01-Mar-2011  bouyer file pfsync.c was added on branch bouyer-quota2 on 2011-03-05 15:11:00 +0000
 1.5 03-Apr-2020  christos remove unused
 1.4 03-Apr-2020  martin Make route and netstat share the same struct progops (and initialization
code)
 1.3 18-Aug-2019  kamil netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.2 15-Dec-2010  pooka branches: 1.2.46; 1.2.48;
Deal with crunch the standard way.
 1.1 13-Dec-2010  pooka Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.2.48.1 19-Aug-2019  martin Pull up following revision(s) (requested by kamil in ticket #94):

usr.bin/netstat/netstat_rumpops.c: revision 1.2
usr.bin/netstat/netstat_hostops.c: revision 1.2
usr.bin/netstat/inet6.c: revision 1.73
usr.bin/netstat/bpf.c: revision 1.14
usr.bin/netstat/Makefile: revision 1.46
usr.bin/netstat/prog_ops.h: revision 1.3
usr.bin/netstat/pfsync.c: revision 1.2
usr.bin/netstat/pfkey.c: revision 1.2
usr.bin/netstat/fast_ipsec.c: revision 1.23
usr.bin/netstat/atalk.c: revision 1.17
usr.bin/netstat/inet.c: revision 1.110

netstat: Add indirection of symbols to remove clash with sanitizers

Add indirection and symbol renaming under MKSANITIZER for the linked in
version of sysctlbyname, sysctlgetmibinfo and sysctlnametomib.
 1.2.46.1 08-Apr-2020  martin Merge changes from current as of 20200406
 1.88 02-Sep-2022  msaitoh KNF. No functional change.
 1.87 01-Sep-2022  msaitoh KNF. No functional change.
 1.86 27-May-2020  yamaguchi Update sysctl key in netstat(1)
 1.85 04-Apr-2016  ozaki-r branches: 1.85.8; 1.85.18;
Separate nexthop caches from the routing table

By this change, nexthop caches (IP-MAC address pair) are not stored
in the routing table anymore. Instead nexthop caches are stored in
each network interface; we already have lltable/llentry data structure
for this purpose. This change also obsoletes the concept of cloning/cloned
routes. Cloned routes no longer exist while cloning routes still exist
with renamed to connected routes.

Noticeable changes are:
- Nexthop caches aren't listed in route show/netstat -r
- sysctl(NET_RT_DUMP) doesn't return them
- If RTF_LLDATA is specified, it returns nexthop caches
- Several definitions of routing flags and messages are removed
- RTF_CLONING, RTF_XRESOLVE, RTF_LLINFO, RTF_CLONED and RTM_RESOLVE
- RTF_CONNECTED is added
- It has the same value of RTF_CLONING for backward compatibility
- route's -xresolve, -[no]cloned and -llinfo options are removed
- -[no]cloning remains because it seems there are users
- -[no]connected is introduced and recommended
to be used instead of -[no]cloning
- route show/netstat -r drops some flags
- 'L' and 'c' are not seen anymore
- 'C' now indicates a connected route
- Gateway value of a route of an interface address is now not
a L2 address but "link#N" like a connected (cloning) route
- Proxy ARP: "arp -s ... pub" doesn't create a route

You can know details of behavior changes by seeing diffs under tests/.

Proposed on tech-net and tech-kern:
http://mail-index.netbsd.org/tech-net/2016/03/11/msg005701.html
 1.84 25-May-2015  manu Make sure netstat builds with -DSMALL

src/usr.bin/netstat relies on code from src/sbin/route. WHen building
with -DSMALL, some functions such as mpls_ntoa() or p_rtrmx() are not
built in src/sbin/route. We therefore have to make sure they are not
used in src/usr.bin/netstat.
 1.83 06-Nov-2014  christos use the common code from route.c
 1.82 28-Apr-2014  christos branches: 1.82.2;
use the same for the route metrics part, both in the sysctl and kmem paths.
From Takahiro HAYASHI
 1.81 24-Apr-2014  christos The sysctl code does not support verbose route printing that prints the
internal route statistics. Restore the old kmem route printing code that
was not just used for post-mortem displays. Reported by kardel@, test by
netstat -nrvf inet
 1.80 28-Jan-2013  joerg branches: 1.80.6;
Use sysctl based code netstat -r. Remove support for post-mortem
analysis.
 1.79 20-Mar-2012  matt branches: 1.79.2;
Use C89 function definitions
 1.78 21-Jun-2011  kefren branches: 1.78.2;
print multiple tags if exists, comma separated
 1.77 04-Feb-2011  martin Use RT_ROUNDUP() and friends from sys/route.h instead of homegrown
variants.
 1.76 01-Feb-2011  matt Add a new AF/PF_ROUTE which is 64-bit clean which makes the routing socket
interface (and its associated sysctls) act identically for both 32 and 64 bit
programs. The old unclean one remains for backward compatibility.
 1.75 27-Jun-2010  kefren branches: 1.75.2;
Add -T flag, that shows tags in route output
 1.74 22-Apr-2010  plunky it is not [any longer] necessary to #define _KERNEL while including
<net/route.h> so remove it.

This fixes a build problem with pcc which is not as clever as gcc
when optimising away unused static inline functions which refer to
unknown symbols (eg sockaddr_dup).
 1.73 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.72 29-Dec-2008  christos branches: 1.72.2;
fix for 64 bit time_t
 1.71 23-Apr-2008  thorpej branches: 1.71.10;
netns is no longer in the tree; completely purge it from netstat(1).
 1.70 21-Jan-2008  dyoung branches: 1.70.4;
#include <stdbool.h> for 'bool', so that this kernel groveller will
hopefully compile again.
 1.69 19-Jul-2007  dyoung branches: 1.69.4; 1.69.8;
rt_key() is no more. Use rt_getkey().
 1.68 26-Aug-2006  matt Conditionalize XNS support. No longer enabled.
 1.67 28-May-2006  elad Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
 1.66 04-Aug-2005  rpaulo branches: 1.66.2;
Added #include <kvm.h> since netstat.h, which is included too, needs it.
 1.65 16-Nov-2004  itojun NI_WITHSCOPEID was not picked up by IETF standardization process
 1.64 16-Nov-2004  itojun NI_WITHSCOPEID was not picked up by IETF standardization process.
 1.63 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.62 04-Aug-2003  itojun always print prefixlen for routes. it's CIDR age.
 1.61 12-Jul-2003  itojun strlcpy
 1.60 14-May-2003  itojun use proper #ifdef to determine behavior (__KAME__)
 1.59 13-May-2002  matt Don't count on kernel includes to exports user variables.
 1.58 06-Oct-2001  bjh21 Use getnameinfo() to format link-layer addresses for netstat -r rather than
doing it ourselves and falling back to link_ntoa().
 1.57 19-Aug-2001  itojun snprintf length audit. from openbsd
 1.56 28-May-2001  assar add `-s' that prints port numbers symbolically but addresses numerically
 1.55 06-Apr-2001  itojun pedant changes for strcpy/sprintf.
 1.54 08-Mar-2001  enami Print hopcount too when -rv is given.
 1.53 21-Feb-2001  itojun use u_quad_t for rtstat.
not sure if it really matters, but short (32K) looks way too small given
recent fat pipes connecting *BSD boxes, and our great uptime :-).
 1.52 27-Jan-2001  itojun mark cloned routes with RTF_CLONED. present it with netstat -r by "c".

let static routes overwrite cloned routes, as cloned routes can come back again
if necessary. behavior same as freebsd/bsdi, code partially from bsdi42.
(NRL rt->rt_parent was not added)
should fix PR 11916 and maybe some other PRs with ARP behavior.

recompilation of usr.sbin/route6d is suggested.
 1.51 14-Nov-2000  matt Do the same IEEE1394 address hack in here.
 1.50 11-Oct-2000  is More format string cleanup by sommerfeld.
 1.49 06-Jul-2000  itojun more stats. from kame
 1.48 17-Jan-2000  itojun branches: 1.48.4;
fix default route determination for inet6.
 1.47 17-Jan-2000  itojun mask addresses properly on netstat -inv.
From: Matt Thomas <matt@3am-software.com>
 1.46 15-Jan-2000  hubertf Properly print the "B"(lackhole) flag (as documented :).
Patch submitted in PR 9190 by URA Hiroshi <ura@hiru.aoba.yokohama.jp>
 1.45 07-Jan-2000  sommerfeld Pay attention to the netmask of routes to 0.0.0.0;
e.g., a route to 0.0.0.0/1 is *not* a default route.

Inspired by a patch by Rodney Grimes sent to the zebra list.
 1.44 13-Dec-1999  itojun per-interface statistics.
bring in and enable KAME scopeid hack.
lots of cleanups.
(sync with latest KAME)
 1.43 27-Nov-1999  soren Print Internet6 header properly without -f.
 1.42 24-Nov-1999  itojun more clarification to field width of netstat -rn -f inet6.
 1.41 22-Nov-1999  itojun use old WID_{DST,GW} value (field width for netstat -rn) for non-INET6
address families (see tech-net discussion).
 1.40 15-Sep-1999  is branches: 1.40.4;
Add -L option. netstat -r -L behaves like 4.3BSD netstat -r, that is, it
does not show route table entries pointing to link level addresses (ARP
entries or IPv6 neighbour discovery entries).
 1.39 03-Sep-1999  itojun sync with recent KAME.
- fix routing socket align issue on 64bit arch.
- avoid s6_addr{8,16,32}, which are nonstandard.
 1.38 01-Jul-1999  itojun make netstat IPv6-ready.
 1.37 02-Apr-1999  chopps don't use malloc for large sockaddr's, just name the union declared above
 1.36 01-Apr-1999  chopps branches: 1.36.2;
user err() not errx()
 1.35 01-Apr-1999  chopps fix for sockaddr's that are bigger than standard sockaddr's (e.g., iso)
 1.34 15-Jan-1999  kml Added a verbose flag for route display that will show
the various route metrics.
 1.33 11-Jan-1999  mrg #ifndef SMALL changes. saves 30k on the sparc
 1.32 05-Dec-1998  pk Make a network number by shifting out host bits in octet units.
This is currently required still to get correct lookups in `/etc/networks'.
 1.31 23-Nov-1998  msaitoh fix invalid shift. colsed PR#5160.
 1.30 31-Oct-1998  mrg put all the different struct sockaddr_xxx types into the union pt_u, to force the alignment to be correct for all of them.
 1.29 12-Jul-1998  mrg - KNF
- use err(3)
- sprintf/strcpy -> snprintf/strncpy
- change route.c:domask() to take a size_t of the buffer passed.
 1.28 06-Jul-1998  mrg - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
 1.27 14-May-1998  kml Partial fix for PR kern/5435 -- changed netstat to use unsigned counters
instead of signed. The rest of the fix will have to wait for 64-bit counters.
 1.26 14-May-1998  kml Ensure that the 'L' lock flag for MTU is always displayed when present.
 1.25 28-Oct-1997  kml Added (and documented) a change to the route display, so that mtu values
which have been locked are indicated by an 'L' appended to the MTU value.
Locked routes have path mtu discovery turned off.
 1.24 20-Oct-1997  mrg branches: 1.24.2;
fix compile warnings on the sparc.
 1.23 19-Oct-1997  lukem fix up .Nm usage, getopt returns -1 not EOF
 1.22 10-Apr-1997  christos Make the first field 2 characters wider so that XXX.XXX.XXX.XXX/XX fits.
From Kimmo
 1.21 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.20 26-Mar-1997  thorpej Print Ethernet and FDDI addresses in the same format as ether_ntoa().
From Matt Thomas <matt@3am-software.com>
 1.19 18-Mar-1997  mycroft Get the byte-swapping right in netmask().
 1.18 02-Jan-1997  mellon ns_print: fix type conflict
 1.17 02-Jan-1997  mellon ns_print: undo bogus type conflict
 1.16 02-Jan-1997  mellon Lite2 Merge
 1.15 07-May-1996  thorpej Update for the changes to struct ifnet. While I'm here, fix a couple
of long-standing bugs:

- Actually deal with the fact that the kernel ifnet list is
a TAILQ; it just happened to work before.

- Use kvm_openfiles() instead of kvm_open(). The code passed
arguments to kvm_open() as if it were kvm_openfiles(), but
apparently went unnoticed since the prototypes are the same.
Amusing bit: there were XXX's in the code which seemed to
apologize for a verbose libkvm, when it happened to be a
bug in netstat!
 1.14 03-Oct-1995  thorpej New-style RCS ids.
 1.13 10-Aug-1995  thorpej If set, show a route's mtu in the routing table display.
 1.12 03-Jul-1995  mycroft Byte-swap correctly. Make some types 64-bit safe. Use INADDR_ANY rather
than an explicit 0.
 1.11 28-Mar-1995  jtc KERNEL -> _KERNEL
 1.10 13-May-1994  mycroft Clean up import.
 1.9 01-Apr-1994  cgd kill lots of off_t's.
 1.8 28-Mar-1994  cgd clean up, for off_t... ugliest 'cleaning' possible, i think...
 1.7 07-Mar-1994  cgd feedback on the last, from sklower
 1.6 06-Mar-1994  cgd print netmask properly
 1.5 01-Aug-1993  mycroft Add RCS identifiers.
 1.4 11-Jul-1993  paul Included Havard Eidnes' latest changes.
 1.3 18-May-1993  cgd fix from David Burren <davidb@otto.bf.rmit.oz.au> to print address families
more nicely, and to print host names when showing routes w/o -n.
 1.2 01-May-1993  mycroft Fix typo.
 1.1 21-Mar-1993  cgd branches: 1.1.1;
after 0.2.2 "stable" patches applied
 1.1.1.2 02-Jan-1997  mellon imported from 44lite2
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.24.2.2 19-Jan-1999  cgd pull up rev 1.33 (mrg)
 1.24.2.1 29-Oct-1997  mellon Pull rev 1.25 up from trunk (kml)
 1.36.2.3 19-Oct-2000  he Pull up revision 1.50 (via patch, requested by he):
Format string cleanup.
 1.36.2.2 21-Jan-2000  he Pull up revision 1.46 (requested by hubertf):
Properly print "B" for "Blackhole" routes. Fixes PR#9190.
 1.36.2.1 02-Apr-1999  chopps pull-up revision 1.37 to fix previous revision (no longer use malloc)
 1.40.4.1 27-Dec-1999  wrstuden Pull up to last week's -current.
 1.48.4.2 05-Apr-2001  he Pull up revision 1.52 (requested by itojun):
Mark cloned routes with RTF_CLONED. Present it in ``netstat -r''
output by ``c''.
 1.48.4.1 18-Oct-2000  tv Pullup usr.bin string format fixes [is].
See "cvs log" for explicit revision numbers per file, from sommerfeld.
 1.66.2.1 19-Jun-2006  chap Sync with head.
 1.69.8.2 19-Jul-2007  dyoung rt_key() is no more. Use rt_getkey().
 1.69.8.1 19-Jul-2007  dyoung file route.c was added on branch matt-mips64 on 2007-07-19 20:51:05 +0000
 1.69.4.1 23-Mar-2008  matt sync with HEAD
 1.70.4.1 18-May-2008  yamt sync with head.
 1.71.10.1 11-May-2010  matt Fixup for u_quad_t route changes.
 1.72.2.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.75.2.1 08-Feb-2011  bouyer Sync with HEAD
 1.78.2.2 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.78.2.1 17-Apr-2012  yamt sync with head
 1.79.2.2 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.79.2.1 25-Feb-2013  tls resync with head
 1.80.6.1 10-Aug-2014  tls Rebase.
 1.82.2.2 01-Jun-2015  snj Pull up following revision(s) (requested by manu in ticket #809):
usr.bin/netstat/route.c: revision 1.84
Make sure netstat builds with -DSMALL
src/usr.bin/netstat relies on code from src/sbin/route. WHen building
with -DSMALL, some functions such as mpls_ntoa() or p_rtrmx() are not
built in src/sbin/route. We therefore have to make sure they are not
used in src/usr.bin/netstat.
 1.82.2.1 08-Jan-2015  martin Pull up following revision(s) (requested by prlw1 in ticket #390):
usr.bin/netstat/mroute.c: revision 1.25
usr.bin/netstat/Makefile: revision 1.40
sbin/route/prog_ops.h: revision 1.3
sbin/route/rtutil.c: revision 1.1
sbin/route/rtutil.h: revision 1.1
usr.bin/netstat/mroute6.c: revision 1.15
sbin/route/extern.h: revision 1.15
usr.bin/netstat/show.c: file removal
usr.bin/netstat/main.c: revision 1.93
usr.bin/netstat/route.c: revision 1.83
usr.bin/netstat/netstat.h: revision 1.51
distrib/utils/x_route/Makefile: revision 1.18
sbin/route/show.c: revision 1.46
usr.bin/netstat/if.c: revision 1.80
sbin/route/route.c: revision 1.145
sbin/route/Makefile: revision 1.26
Factor out the netstat route printing code and use it here. There is no
point in having 2 different copies; fixes PR/49371
 1.85.18.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.85.8.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.21 06-Nov-2014  christos use the common code from route.c
 1.20 27-Jul-2014  dholland branches: 1.20.2;
Fix snprintf usage; from Henning Petersen in PR 47976.
 1.19 28-Apr-2014  christos use the same for the route metrics part, both in the sysctl and kmem paths.
From Takahiro HAYASHI
 1.18 19-Oct-2013  christos branches: 1.18.2;
use correct function and symbolic constants
 1.17 19-Oct-2013  christos use new scopeid functions
 1.16 18-Oct-2013  christos - avoid pointer gymnastics
- remove unused variables
 1.15 11-Nov-2011  gdt branches: 1.15.6;
Move RTF_ANNOUNCE flag so that it no longer conflicts with RTF_PROTO2.

RTF_ANNOUNCE was defined as RTF_PROTO2. The flag is used to indicated
that host should act as a proxy for a link level arp or ndp request.
(If RTF_PROTO2 is used as an experimental flag (as advertised),
various problems can occur.)

This commit provides a first-class definition with its own bit for
RTF_ANNOUNCE, removes the old aliasing definitions, and adds support
for the new RTF_ANNOUNCE flag to netstat(8) and route(8).,

Also, remove unused RTF_ flags that collide with RTF_PROTO1:
netinet/icmp6.h defined RTF_PROBEMTU as RTF_PROTO1
netinet/if_inarp.h defined RTF_USETRAILERS as RTF_PROTO1
(Neither of these flags are used anywhere. Both have been removed
to reduce chances of collision with RTF_PROTO1.)

Figuring this out and the diff are the work of Beverly Schwartz of
BBN.

(Passed release build, boot in VM, with no apparently related atf
failures.)

Approved for Public Release, Distribution Unlimited
This material is based upon work supported by the Defense Advanced
Research Projects Agency and Space and Naval Warfare Systems Center,
Pacific, under Contract No. N66001-09-C-2073.
 1.14 21-Jun-2011  kefren branches: 1.14.2;
print multiple tags if exists, comma separated
 1.13 04-Feb-2011  martin Use RT_ROUNDUP() and friends from sys/route.h instead of homegrown
variants.
 1.12 01-Feb-2011  matt Add a new AF/PF_ROUTE which is 64-bit clean which makes the routing socket
interface (and its associated sysctls) act identically for both 32 and 64 bit
programs. The old unclean one remains for backward compatibility.
 1.11 13-Dec-2010  pooka branches: 1.11.2;
Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.10 27-Jun-2010  kefren Add -T flag, that shows tags in route output
 1.9 26-Jun-2010  kefren add MPLS clue for showing routes
 1.8 13-Sep-2009  elad Checkin work in progress to make netstat use sysctl rather than kvm(3).

This commit mostly adds code written by Claudio Jeker for OpenBSD to
support sysctl in the interface printing parts (-i, -I, -w). The port has
been ported to NetBSD with tiny adjustments -- of course all bugs etc.
are mine.

Also add and document a -X flag to force sysctl usage. The documentation
notes this flag may be removed at any time and its presence should not be
relied on.

Some misc. comments/#ifdef changes/code snippet moves as well.

Please note that no functionality should change as the routing and
interface printing code is still not fully supported.

Mailing list reference:

http://mail-index.netbsd.org/tech-userlevel/2009/09/09/msg002604.html
 1.7 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.6 23-Dec-2006  jdc branches: 1.6.20; 1.6.24;
Don't print "default" when the netmask is non-zero.
Also tested by mlelstv@.
 1.5 03-Oct-2006  mlelstv branches: 1.5.2;
avoid signed/unsigned error when computing mask lengths for empty
masks with sa_len == 0 (happens for inet6 default route).
 1.4 16-Sep-2006  elad We now have CARP, so don't skip IFT_CARP in link_print().
 1.3 14-Sep-2006  christos print "-"'s for the statistics that we don't support in the sysctl interface
and make columns aligned again.
 1.2 09-Jun-2006  christos branches: 1.2.2;
PR/33677: Scott Ellis: Building with MKINET6=no causes netstat to fail compiling
 1.1 28-May-2006  elad Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
 1.2.2.2 19-Jun-2006  chap Sync with head.
 1.2.2.1 09-Jun-2006  chap file show.c was added on branch chap-midi on 2006-06-19 04:17:07 +0000
 1.5.2.1 30-Dec-2006  riz Pull up following revision(s) (requested by jdc in ticket #300):
usr.bin/netstat/show.c: revision 1.6
Don't print "default" when the netmask is non-zero.
Also tested by mlelstv@.
 1.6.24.1 11-May-2010  matt Fixup for u_quad_t route changes.
 1.6.20.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.11.2.1 08-Feb-2011  bouyer Sync with HEAD
 1.14.2.2 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.14.2.1 17-Apr-2012  yamt sync with head
 1.15.6.1 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.18.2.1 10-Aug-2014  tls Rebase.
 1.20.2.1 08-Jan-2015  martin Pull up following revision(s) (requested by prlw1 in ticket #390):
usr.bin/netstat/mroute.c: revision 1.25
usr.bin/netstat/Makefile: revision 1.40
sbin/route/prog_ops.h: revision 1.3
sbin/route/rtutil.c: revision 1.1
sbin/route/rtutil.h: revision 1.1
usr.bin/netstat/mroute6.c: revision 1.15
sbin/route/extern.h: revision 1.15
usr.bin/netstat/show.c: file removal
usr.bin/netstat/main.c: revision 1.93
usr.bin/netstat/route.c: revision 1.83
usr.bin/netstat/netstat.h: revision 1.51
distrib/utils/x_route/Makefile: revision 1.18
sbin/route/show.c: revision 1.46
usr.bin/netstat/if.c: revision 1.80
sbin/route/route.c: revision 1.145
sbin/route/Makefile: revision 1.26
Factor out the netstat route printing code and use it here. There is no
point in having 2 different copies; fixes PR/49371
 1.37 02-Sep-2022  msaitoh KNF. No functional change.
 1.36 01-Sep-2022  msaitoh KNF. No functional change.
 1.35 13-Jan-2017  christos branches: 1.35.6; 1.35.16;
use _KMEMUSER for <sys/file.h>
 1.34 20-Mar-2012  matt branches: 1.34.14;
Use C89 function definitions
 1.33 29-May-2011  manu branches: 1.33.4;
Display SOCK_SEQPACKET local sockets in sockstat and netstat
 1.32 04-May-2011  dyoung Access the kvm_t using get_kvmd(), only.
 1.31 13-Dec-2010  pooka Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
 1.30 22-Apr-2010  plunky no need to forward declare struct uio and proc before including
<sys/file.h> as it does that internally, and don't continue the
_KERNEL definition afterwards as it causes some other problems
with pcc relating to unreferenced symbols in unused static
inline functions which gcc optimises away.
 1.29 12-Apr-2009  lukem Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
 1.28 27-Feb-2008  ad branches: 1.28.10;
- Define _KERNEL for sys/types.h in unix.c.
- caddr_t -> char * in a couple of places.
 1.27 22-Sep-2006  elad branches: 1.27.8; 1.27.14;
PR/31347: Geoff C. Wing: netstat err message is ambiguous about cause
Applied patch, thanks!
 1.26 21-May-2006  liamjfoy check if malloc(3) failed

ok joerg@
 1.25 11-May-2006  mrg branches: 1.25.2;
nfiles -> ns_nfiles (conflicts with kernel header files and _KERNEL.)
 1.24 04-Sep-2005  elad Use sysctl to fetch AF_LOCAL PCB lists if reading live kernel.
 1.23 04-Mar-2005  atatat For connected local domain sockets that don't have a "local" name,
print the "remote" name instead.
 1.22 04-Mar-2005  atatat Print the pcb address like the man page says, not the socket address.
 1.21 07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22365, verified by myself.
 1.20 02-Feb-2003  christos undo mallocvar.h changes!
 1.19 01-Feb-2003  tron Include "sys/mallocvar.h" with "_KERNEL" defined in time to avoid
build failure because MALLOC_DECLARE() is not defined.
 1.18 19-Aug-1999  cgd not all kvm_getfiles() errors are "out of memory." for instance,
some of them are caused by the kvm_getfiles() implementation being
TOTALLY BROKEN for dead kernels. Print out the KVM descriptor's
error so that error causes are more easily diagnosed.
 1.17 19-Oct-1997  lukem branches: 1.17.4;
fix up .Nm usage, getopt returns -1 not EOF
 1.16 03-Apr-1997  christos - netatalk additions
- printf format fixes
- minor prototype cleanups
 1.15 27-Feb-1997  mikel Don't assume that sun_path in sockaddr_un is null-terminated; final fix by
Noriyuki Soda <soda@sra.co.jp>. fixes part of PR 3035.
 1.14 24-May-1996  mycroft Make this work again.
 1.13 03-Oct-1995  thorpej branches: 1.13.6;
New-style RCS ids.
 1.12 28-Mar-1995  jtc KERNEL -> _KERNEL
 1.11 02-Nov-1994  deraadt #include <kvm.h> later
 1.10 13-May-1994  mycroft Clean up import.
 1.9 01-Apr-1994  cgd kill lots of off_t's.
 1.8 28-Mar-1994  cgd clean up, for off_t... ugliest 'cleaning' possible, i think...
 1.7 11-Jan-1994  mycroft Don't print an extra character after a Unix domain socket name.
 1.6 01-Aug-1993  mycroft Add RCS identifiers.
 1.5 21-May-1993  cgd Remove a couple of warnings, add includes
(from Havard Eidnes <Havard.Eidnes@runit.sintef.no>)
 1.4 20-May-1993  cgd get rid of select.h inclusion, and clean up headers *more*.
 1.3 20-May-1993  cgd fix for new select & clean up headers
 1.2 19-Apr-1993  mycroft Cleanup for GCC 2.
 1.1 21-Mar-1993  cgd branches: 1.1.1;
after 0.2.2 "stable" patches applied
 1.1.1.1 06-Oct-1994  mycroft Import original 4.4-Lite version.
 1.13.6.2 02-Mar-1997  mycroft Pull up change from trunk to fix printing of Un*x-domain socket addresses.
 1.13.6.1 11-Dec-1996  mycroft From trunk:
Eliminate SS_PRIV; instead, pass down a proc pointer to the usrreq methods
that need it.
Fix numerous memory leaks and bogus return values.
 1.17.4.1 20-Aug-1999  cgd pull up rev 1.18 from trunk (cgd)
 1.25.2.1 19-Jun-2006  chap Sync with head.
 1.27.14.1 24-Mar-2008  keiichi sync with head.
 1.27.8.1 23-Mar-2008  matt sync with HEAD
 1.28.10.1 13-May-2009  jym Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
 1.33.4.1 17-Apr-2012  yamt sync with head
 1.34.14.1 20-Mar-2017  pgoyette Sync with HEAD
 1.35.16.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.35.6.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.13 01-Sep-2022  msaitoh KNF. No functional change.
 1.12 30-Oct-2021  nia netstat(1): convert malloc(x * y) and realloc(x * y) to reallocarr
 1.11 02-Mar-2021  simonb Don't show any of the completely and utterly undocumented VTW info if
the feature isn't enabled (by checking net.inet.tcp.vtw.enable).
 1.10 03-May-2018  maxv branches: 1.10.4;
Remove now unused tcpip.h includes. Some were already unused before.
 1.9 29-Feb-2016  christos branches: 1.9.8; 1.9.14;
PR/50873: David Binderman: use logical or instead of arithmetic
 1.8 16-Jun-2015  christos fix some error handling.
 1.7 18-Oct-2013  christos - avoid pointer gymnastics
- remove unused variables
 1.6 11-May-2011  drochner branches: 1.6.4; 1.6.10;
use getmicrouptime(9) rather than microtime(9) for TIME_WAIT duration
calculation, because this doesn't get confused by system time changes,
and uses less CPU cycles
reviewed by dyoung
 1.5 10-May-2011  enami Use ptrdiff_t to hold pointer difference to avoid coredump on LP64 system.
 1.4 04-May-2011  pgoyette Use %zx for _both_ size_t formats!
 1.3 04-May-2011  dyoung On second thought, make a more conservative change: use %zx instead of
%x for size_t.
 1.2 04-May-2011  dyoung Use %zu format for size_t instead of %x.
 1.1 03-May-2011  dyoung Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
 1.6.10.1 20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.6.4.1 22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.9.14.1 21-May-2018  pgoyette Sync with HEAD
 1.9.8.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1762:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24 via patch
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.70,1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100,1.102-1.103
usr.bin/netstat/mbuf.c 1.34-1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.87-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- Add names of a few more ICMPv6 messages.
Also make the array be explicitly 256 entries long.
- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- netstat.1: Add various xrefs present in the body to "See Also".
- Limit maximum owner name to appease gcc.
- KNF. Style fixes.
 1.10.4.1 12-Sep-2022  martin Pull up the following, requested by msaitoh in ticket #1522:

usr.bin/netstat/atalk.c 1.18,1.20-1.21
usr.bin/netstat/bpf.c 1.16 via patch
usr.bin/netstat/fast_ipsec.c 1.24
usr.bin/netstat/if.c 1.97-1.99,1.101-1.104 via patch
usr.bin/netstat/inet.c 1.111,1.115-1.116 via patch
usr.bin/netstat/inet6.c 1.74-1.75,1.80-1.81 via patch
usr.bin/netstat/main.c 1.100-1.103
usr.bin/netstat/mbuf.c 1.35
usr.bin/netstat/mroute.c 1.26-1.27
usr.bin/netstat/mroute6.c 1.16
usr.bin/netstat/netstat.h 1.52-1.53
usr.bin/netstat/pfkey.c 1.4-1.5 via patch
usr.bin/netstat/pfsync.c 1.4-1.5 via patch
usr.bin/netstat/route.c 1.86-1.88
usr.bin/netstat/unix.c 1.36-1.37
usr.bin/netstat/vtw.c 1.11,1.13

- sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.
- Fix netstat -rs to print it correctly.
- Add missing {IP,IP6}_STAT_NOIPSEC to netstat.
- Don't show any of the completely and utterly undocumented VTW info
if the feature isn't enabled.
- Print oqdrops correctly.
- Remove Network ATM soft intr queue reporting, we don't have that
in the kernel anymore.
- netstat.1: Add various xrefs present in the body to "See Also".
- KNF. Style fixes.
 1.2 11-May-2011  drochner use getmicrouptime(9) rather than microtime(9) for TIME_WAIT duration
calculation, because this doesn't get confused by system time changes,
and uses less CPU cycles
reviewed by dyoung
 1.1 03-May-2011  dyoung Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.

RSS XML Feed