skipstat: Viewing SunScreen SKIP Statistics
skipstat is the command-line interface for viewing SKIP statistics. Because skipstat is a command-line interface, the information that is displayed does not update on screen with the results of the latest sampling as skiptool does.
The following statistics are available in SunScreen SKIP:
-
SKIP Network Interface Statistics
-
SKIP Header Statistics
-
SKIP Key Statistics
-
SKIP Encryption Statistics (for Versions 1 and 2)
-
SKIP Authentication Statistics
The following is a breakdown of skipstat output for each of the main options:
SKIP Network Interface Statistics
Command: skipstat -I<interface>
SKIP interface (le0) statistics:
|
skip_if_ipkts: |
number of packets received by interface |
|
skip_if_opkts: |
number of packets sent by interface |
|
skip_if_encrypts: |
number of packets encrypted |
|
skip_if_decrypts: |
number of packets decrypted |
|
skip_if_drops: |
number of packets dropped |
|
skip_if_notv4: |
number of non-IPV4 packets |
|
skip_if_bypasses: |
number of certificate packets |
|
skip_if_raw_in: |
number of raw packets received |
|
skip_if_raw_out: |
number of raw packets sent |
SKIP Header Statistics:
Command: skipstat -h
Note -
In the description below, V1 refers to SKIP's SunScreen SPF-100 and SPF-100G compatibility mode (based on an earlier version of the SKIP protocol).
|
skip_hdr_encodes: |
number of SKIP V1 headers encoded |
|
skip_hdr_decodes: |
number of SKIP V1 headers decoded |
|
skip_ipsp_encodes: |
number of SKIP V2 headers encoded |
|
skip_ipsp_decodes: |
number of SKIP V2 headers decoded |
Header decode error statistics:
|
skip_hdr_bad_versions: |
invalid protocol version |
|
skip_hdr_short_ekps: |
short eKp fields |
|
skip_hdr_short_mids: |
short MID fields |
|
skip_hdr_bad_kp_algs: |
unknown crypto algorithms |
|
skip_hdr_runts: |
short SKIP V1 packets |
|
skip_hdr_short_nodeids: |
short SKIP V1 node ids |
|
skip_hdr_bad_nsid: |
bad V2 namespace ID |
|
skip_hdr_bad_mac_alg: |
bad MAC algorithm |
|
skip_hdr_bad_mac_size: |
bad MAC data size |
|
skip_hdr_bad_mac_val: |
bad MAC value |
|
skip_hdr_bad_next: |
bad V2 next protocol field |
|
skip_hdr_bad_esp_spi: |
bad V2 encryption SPI field |
|
skip_hdr_bad_ah_spi: |
bad V2 MAC SPI field |
|
skip_hdr_bad_iv: |
bad V2 initialization vector |
|
skip_hdr_short_r_mkeyid: |
short V2 receiver key ID |
|
skip_hdr_short_s_mkeyid: |
short V2 sender key ID |
|
skip_hdr_bad_r_mkeyid: |
bad V2 receiver key ID |
Key Statistics
Command: skipstat -k
|
skip_key_max_idle: |
unused key time-out |
|
skip_key_max_bytes: |
maximum bytes to encrypt |
|
skip_encrypt_keys_active: |
encrypt keys in cache |
|
skip_decrypt_keys_active: |
decrypt keys in cache |
|
skip_key_lookups: |
key cache lookups |
|
skip_keymgr_requests: |
key cache misses |
|
skip_key_reclaims: |
cache entries reclaimed |
|
skip_hash_collisions: |
hash table collisions |
SKIP Encryption Statistics:
Command: skipstat -c (requires the version of SKIP as part of the argument
Cryptographic algorithm stats (SKIP Version 1)
Crypto Module Name: DES-CBC
|
encrypts: |
number of successful encryptions |
|
encrypterrs: |
number of failed decryptions |
|
decrypts: |
number of successful decryptions |
|
decrypterrs: |
number of failed decryptions |
Cryptographic algorithm stats (SKIP)
Crypto Module Name: DES-EDE-K3-CBC
|
encrypts: |
number of successful encryptions |
|
encrypterrs: |
number of failed decryptions |
|
decrypts: |
number of successful decryptions |
|
decrypterrs: |
number of failed decryptions |
SKIP Authentication Statistics
Command: skipstat -m
MAC algorithm statistics (SKIP)
MAC Module Name: MD5
|
in_mac: |
number of received MAC calculation |
|
in_mac_errs: |
number of failed received MAC calculation |
|
out_mac: |
number of successful sent MAC calculation |
|
out_mac_errs: |
number of failed sent MAC calculation |
For more information using skipstat, refer to the man pages for SunScreen SKIP.
- © 2010, Oracle Corporation and/or its affiliates