skipstat is the command-line interface for viewing SKIP statistics. Because skipstat is a command-line interface, the information that is displayed does not update on screen with the results of the latest sampling as skiptool does.
The following statistics are available in SunScreen SKIP:
SKIP Network Interface Statistics
SKIP Header Statistics
SKIP Key Statistics
SKIP Encryption Statistics (for Versions 1 and 2)
SKIP Authentication Statistics
The following is a breakdown of skipstat output for each of the main options:
Command: skipstat -I<interface>
SKIP interface (le0) statistics:
skip_if_ipkts: |
number of packets received by interface |
skip_if_opkts: |
number of packets sent by interface |
skip_if_encrypts: |
number of packets encrypted |
skip_if_decrypts: |
number of packets decrypted |
skip_if_drops: |
number of packets dropped |
skip_if_notv4: |
number of non-IPV4 packets |
skip_if_bypasses: |
number of certificate packets |
skip_if_raw_in: |
number of raw packets received |
skip_if_raw_out: |
number of raw packets sent |
Command: skipstat -h
In the description below, V1 refers to SKIP's SunScreen SPF-100 and SPF-100G compatibility mode (based on an earlier version of the SKIP protocol).
skip_hdr_encodes: |
number of SKIP V1 headers encoded |
skip_hdr_decodes: |
number of SKIP V1 headers decoded |
skip_ipsp_encodes: |
number of SKIP V2 headers encoded |
skip_ipsp_decodes: |
number of SKIP V2 headers decoded |
Header decode error statistics:
skip_hdr_bad_versions: |
invalid protocol version |
skip_hdr_short_ekps: |
short eKp fields |
skip_hdr_short_mids: |
short MID fields |
skip_hdr_bad_kp_algs: |
unknown crypto algorithms |
skip_hdr_runts: |
short SKIP V1 packets |
skip_hdr_short_nodeids: |
short SKIP V1 node ids |
skip_hdr_bad_nsid: |
bad V2 namespace ID |
skip_hdr_bad_mac_alg: |
bad MAC algorithm |
skip_hdr_bad_mac_size: |
bad MAC data size |
skip_hdr_bad_mac_val: |
bad MAC value |
skip_hdr_bad_next: |
bad V2 next protocol field |
skip_hdr_bad_esp_spi: |
bad V2 encryption SPI field |
skip_hdr_bad_ah_spi: |
bad V2 MAC SPI field |
skip_hdr_bad_iv: |
bad V2 initialization vector |
skip_hdr_short_r_mkeyid: |
short V2 receiver key ID |
skip_hdr_short_s_mkeyid: |
short V2 sender key ID |
skip_hdr_bad_r_mkeyid: |
bad V2 receiver key ID |
Command: skipstat -k
skip_key_max_idle: |
unused key time-out |
skip_key_max_bytes: |
maximum bytes to encrypt |
skip_encrypt_keys_active: |
encrypt keys in cache |
skip_decrypt_keys_active: |
decrypt keys in cache |
skip_key_lookups: |
key cache lookups |
skip_keymgr_requests: |
key cache misses |
skip_key_reclaims: |
cache entries reclaimed |
skip_hash_collisions: |
hash table collisions |
Command: skipstat -c (requires the version of SKIP as part of the argument
Cryptographic algorithm stats (SKIP Version 1)
Crypto Module Name: DES-CBC
encrypts: |
number of successful encryptions |
encrypterrs: |
number of failed decryptions |
decrypts: |
number of successful decryptions |
decrypterrs: |
number of failed decryptions |
Cryptographic algorithm stats (SKIP)
Crypto Module Name: DES-EDE-K3-CBC
encrypts: |
number of successful encryptions |
encrypterrs: |
number of failed decryptions |
decrypts: |
number of successful decryptions |
decrypterrs: |
number of failed decryptions |
SKIP Authentication Statistics
Command: skipstat -m
MAC algorithm statistics (SKIP)
MAC Module Name: MD5
in_mac: |
number of received MAC calculation |
in_mac_errs: |
number of failed received MAC calculation |
out_mac: |
number of successful sent MAC calculation |
out_mac_errs: |
number of failed sent MAC calculation |
For more information using skipstat, refer to the man pages for SunScreen SKIP.