skipstat is the command-line interface for viewing SKIP statistics. Because skipstat is a skipstat command-line interface, the information that is displayed does not update on screen with the results of the latest sampling as skiptool does.
The following statistics are available in SunScreen:
SKIP Network Interface Statistics
SKIP Header Statistics
SKIP Key Statistics
SKIP Encryption Statistics (for Versions 1 and 2)
SKIP Authentication Statistics
skiplog -[a|C|c|m|k|K|h] [option specific arguments]
-a |
Displays all information available. |
-C |
Display cryptographic algorithms supported by the local system. Each algorithm is listed with its module identifier and name. |
-c [version] |
Displays cryptographic algorithm statistics for SKIP version; 1= SKIP V1, 2=SKIP |
-m |
Displays MAC algorithms statistics. |
-k |
Displays SKIP key statistics. |
-K |
Displays local key information. |
-h |
Displays SKIP header statistics. |
See the man pages for more detail.
The following is a breakdown of skipstat output for each of the main options:
The skipstat -i command is no longer supported.
New Command :skiphost -h
SKIP interface (le0) statistics:
skip_if_ipkts: |
number of packets received by interface |
skip_if_opkts: |
number of packets sent by interface |
skip_if_encrypts: |
number of packets encrypted |
skip_if_decrypts: |
number of packets decrypted |
skip_if_drops: |
number of packets dropped |
skip_if_notv4: |
number of non-IPv4 packets |
skip_if_bypasses: |
number of certificate packets |
skip_if_raw_in: |
number of raw packets received |
skip_if_raw_out: |
number of raw packets sent |
Command: skipstat -h
In the description below, V1 refers to SKIP's SunScreen SPF-100 and SPF-100G compatibility mode (based on an earlier version of the SKIP protocol).
skip_hdr_encodes: |
number of SKIP V1 headers encoded |
skip_hdr_decodes: |
number of SKIP V1 headers decoded |
skip_ipsp_encodes: |
number of SKIP V2 headers encoded |
skip_ipsp_decodes: |
number of SKIP V2 headers decoded |
Header decode error statistics:
skip_hdr_bad_versions: |
invalid protocol version |
skip_hdr_short_ekps: |
short eKp fields |
skip_hdr_short_mids: |
short MID fields |
skip_hdr_bad_kp_algs: |
unknown crypto algorithms |
skip_hdr_bad_kij_algs: |
unknown key encryption algorithms |
skip_hdr_runts: |
short SKIP V1 packets |
skip_hdr_short_nodeids: |
short SKIP V1 node ids |
skip_hdr_bad_nsid: |
bad V2 namespace ID |
skip_hdr_bad_mac_alg: |
bad MAC algorithm |
skip_hdr_bad_mac_size: |
bad MAC data size |
skip_hdr_bad_mac_val: |
bad MAC value |
skip_hdr_bad_next: |
bad V2 next protocol field |
skip_hdr_bad_esp_spi: |
bad V2 encryption SPI field |
skip_hdr_bad_ah_spi: |
bad V2 MAC SPI field |
skip_hdr_bad_iv: |
bad V2 initialization vector |
skip_hdr_short_r_mkeyid: |
short V2 receiver key ID |
skip_hdr_short_s_mkeyid: |
short V2 sender key ID |
skip_hdr_bad_r_mkeyid: |
bad V2 receiver key ID |
skip_ah_nat_in: |
# MD5-NAT packets received |
skip_ah_nat_out: |
# MD5-NAT packets sent |
Command: skipstat -k
skip_key_max_idle: |
unused key time-out |
skip_key_max_bytes: |
maximum bytes to encrypt |
skip_encrypt_keys_active: |
encrypt keys in cache |
skip_decrypt_keys_active: |
decrypt keys in cache |
skip_key_lookups: |
key cache lookups |
skip_keymgr_requests: |
key cache misses |
skip_key_reclaims: |
cache entries reclaimed |
skip_hash_collisions: |
hash table collisions |
Command: skipstat -c
(requires the version of SKIP as part of the argument; 1= SKIP V1, 2=SKIP.)
Cryptographic algorithm stats (SKIP Version 1)
Crypto Module Name: DES-CBC
encrypts: |
number of successful encryptions |
encrypterrs: |
number of failed decryptions |
decrypts: |
number of successful decryptions |
decrypterrs: |
number of failed decryptions |
Cryptographic algorithm stats (SKIP)
Crypto Module Name: DES-EDE-K3-CBC
encrypts: |
number of successful encryptions |
encrypterrs: |
number of failed decryptions |
decrypts: |
number of successful decryptions |
decrypterrs: |
number of failed decryptions |
SKIP Authentication Statistics
Command: skipstat -m
MAC algorithm statistics (SKIP)
MAC Module Name: MD5
in_mac: |
number of received MAC calculation |
in_mac_errs: |
number of failed received MAC calculation |
out_mac: |
number of successful sent MAC calculation |
out_mac_errs: |
number of failed sent MAC calculation |
MAC Module Name: MD5-NAT
in_mac: |
number of received MAC calculation |
in_mac_errs: |
number of failed received MAC calculation |
out_mac: |
number of successful sent MAC calculation |
out_mac_errs: |
number of failed sent MAC calculation |
For more information using skipstat, refer to the man pages for SunScreen SKIP.