From nobody Wed Jan 28 19:20:23 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f1XD75g17z6QdXG for ; Wed, 28 Jan 2026 19:20:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f1XD73Gcbz3pNb for ; Wed, 28 Jan 2026 19:20:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769628023; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=svkdgD7wLxGhs0pNo/lkND0ubquWAKFIFrXpeTUFpL8=; b=fpKFuRyOOEQddQhD9EOJuhDwUoU6lhj06j151Zk59VQuXZqja+XAd9D8XDot0a7QqNVlmX ovbcRS0vh/ibvrt/pnhIBQg99jR6/WeERwXZ5BRFtmsBT82CqjiG+ef+C5o8WEP+SWfhbD Tid2HWoEbH1zRigPQ8AsNigwbWQ5e1IU8LUGfWLNuTuHVLnbbIUKRcwQzWtakTtp6Pln36 lEU6Nplb26o60TsWGITs7Wj3FoUyWItJG+OqYpLJ/4cUisKjr11E08XfuaPZJ6cC99xgCg jc7C5f+4n35p+wU7fOv53PGFxl/Vr4eAdBaY7vBdZZ0N87WZmnDzjJgBRYDCcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769628023; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=svkdgD7wLxGhs0pNo/lkND0ubquWAKFIFrXpeTUFpL8=; b=N0IxIcqDvJw8icHXDr6/HO1Eu27sWNLQJTP/F3mzndrOnSu5r0cFzdBLBd1FIRfSc1yodv T7bCLiR3yafxKpkVeBObXsyVG9eZQNj2jibq5/gWoYYin5fRjcv9Eh7+X+k0mffBTeeOMw 372oKWRHzzoi0o5iIULupqANe7EMOkS8vXx7UIMZUTVqDJgMYL1BnZmslADWWuwsvOInEr A/PLkinnxGxbbVyeJmpZ8LVfs2RqdKlj7HNPGQ1F04wljEqjF0f3vIyf3PDDZ8rnKdUvlB SGK7hOSe1CdHNR1woW22w3co393lmROHcQjomlQ8sCdsLBvaVuRnlh8ulZw9Gg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1769628023; a=rsa-sha256; cv=none; b=ja/sPxpTzBOSy9rx2VZm+hl8rWaMRpF0JPSAZOGBxzkt2SJJKNsDQxz2aMwDQAadeqBhKg m6FBj3JnA1/z5QaB/ePsmwS/U6AfwS6yRd1+GDSVIsYDXEwaO9vBw1PJ9TJ7HbNVq+KyMN Dv1ptRfM977BT2/Hog/OcKPVgCyr5s/relV8fS6zGX/uKpL949xtsPQeYh+NSrIx1SUfqX 06kgXY58eeSGNtlLaSbXqQmbUdu5CpcOSoVY7c0ZtGycLE/+Gpnsyp3l9rNlkbjil20TLv tNBFOG+oKsdxTvFTMFemddSx+dIQFWX3eZDyBxmY87XSzhWMD3LK53AE+WwcSA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4f1XD70NZBz154K for ; Wed, 28 Jan 2026 19:20:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 22794 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 28 Jan 2026 19:20:23 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 1b7a44fbc553 - stable/15 - if_ovpn: add interface counters List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 1b7a44fbc5532c9c3295d360e40e28dc0be97efb Auto-Submitted: auto-generated Date: Wed, 28 Jan 2026 19:20:23 +0000 Message-Id: <697a6177.22794.472dedb7@gitrepo.freebsd.org> The branch stable/15 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=1b7a44fbc5532c9c3295d360e40e28dc0be97efb commit 1b7a44fbc5532c9c3295d360e40e28dc0be97efb Author: Kristof Provost AuthorDate: 2026-01-15 14:15:12 +0000 Commit: Kristof Provost CommitDate: 2026-01-28 09:09:10 +0000 if_ovpn: add interface counters Count input/output packets and bytes on the interface as well, not just in openvpn-specific counters. PR: 292464 MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 21d666a19331f31fb6dfa1e370de5a84a1a5cb46) --- sys/net/if_ovpn.c | 32 ++++++++++++++++++++++++++++++++ tests/sys/net/if_ovpn/if_ovpn.sh | 25 +++++++++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index 5be05667857b..99c99369d22a 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -1667,6 +1667,7 @@ ovpn_encrypt_tx_cb(struct cryptop *crp) NET_EPOCH_EXIT(et); CURVNET_RESTORE(); OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); m_freem(m); return (0); } @@ -1678,6 +1679,8 @@ ovpn_encrypt_tx_cb(struct cryptop *crp) if (ret == 0) { OVPN_COUNTER_ADD(sc, sent_data_pkts, 1); OVPN_COUNTER_ADD(sc, tunnel_bytes_sent, tunnel_len); + if_inc_counter(sc->ifp, IFCOUNTER_OPACKETS, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OBYTES, tunnel_len); } crypto_freereq(crp); @@ -1704,6 +1707,7 @@ ovpn_finish_rx(struct ovpn_softc *sc, struct mbuf *m, if (V_replay_protection && ! ovpn_check_replay(key->decrypt, seq)) { OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); m_freem(m); return; } @@ -1765,6 +1769,7 @@ skip_float: m = m_pullup(m, 1); if (m == NULL) { OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); return; } @@ -1781,6 +1786,7 @@ skip_float: netisr_dispatch(af == AF_INET ? NETISR_IP : NETISR_IPV6, m); } else { OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); m_freem(m); } } @@ -1825,6 +1831,7 @@ ovpn_decrypt_rx_cb(struct cryptop *crp) crypto_freereq(crp); atomic_add_int(&sc->refcount, -1); OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); OVPN_RUNLOCK(sc); m_freem(m); return (0); @@ -1842,6 +1849,7 @@ ovpn_decrypt_rx_cb(struct cryptop *crp) atomic_add_int(&sc->refcount, -1); OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); m_freem(m); CURVNET_RESTORE(); return (0); @@ -1857,6 +1865,7 @@ ovpn_decrypt_rx_cb(struct cryptop *crp) */ OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); m_freem(m); CURVNET_RESTORE(); return (0); @@ -2071,6 +2080,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m, if (_ovpn_lock_trackerp != NULL) OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); m_freem(m); return (ELOOP); } @@ -2087,6 +2097,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m, if (_ovpn_lock_trackerp != NULL) OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); return (ENOBUFS); } ohdr = mtod(m, struct ovpn_wire_header *); @@ -2103,6 +2114,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m, if (_ovpn_lock_trackerp != NULL) OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); /* Let's avoid (very unlikely, but still) wraparounds of the * 64-bit counter taking us back to 0. */ @@ -2125,6 +2137,8 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m, if (ret == 0) { OVPN_COUNTER_ADD(sc, sent_data_pkts, 1); OVPN_COUNTER_ADD(sc, tunnel_bytes_sent, tunnel_len); + if_inc_counter(sc->ifp, IFCOUNTER_OPACKETS, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OBYTES, tunnel_len); } return (ret); } @@ -2134,6 +2148,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m, if (_ovpn_lock_trackerp != NULL) OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); m_freem(m); return (ENOBUFS); } @@ -2172,6 +2187,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m, ret = crypto_dispatch(crp); if (ret) { OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); } return (ret); @@ -2196,6 +2212,7 @@ ovpn_encap(struct ovpn_softc *sc, uint32_t peerid, struct mbuf *m) if (peer == NULL || sc->ifp->if_link_state != LINK_STATE_UP) { OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); m_freem(m); return (ENETDOWN); } @@ -2206,6 +2223,7 @@ ovpn_encap(struct ovpn_softc *sc, uint32_t peerid, struct mbuf *m) if (m == NULL) { OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); m_freem(m); return (ENOBUFS); } @@ -2239,6 +2257,7 @@ ovpn_encap(struct ovpn_softc *sc, uint32_t peerid, struct mbuf *m) if (m == NULL) { OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); return (ENOBUFS); } ip = mtod(m, struct ip *); @@ -2272,12 +2291,14 @@ ovpn_encap(struct ovpn_softc *sc, uint32_t peerid, struct mbuf *m) if (m == NULL) { OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); return (ENOBUFS); } m = m_pullup(m, sizeof(*ip6) + sizeof(*udp)); if (m == NULL) { OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); return (ENOBUFS); } @@ -2339,6 +2360,7 @@ ovpn_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, m = m_unshare(m, M_NOWAIT); if (m == NULL) { OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); return (ENOBUFS); } @@ -2348,6 +2370,7 @@ ovpn_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, if (__predict_false(ifp->if_link_state != LINK_STATE_UP)) { OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); OVPN_RUNLOCK(sc); m_freem(m); return (ENETDOWN); @@ -2366,6 +2389,7 @@ ovpn_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, if (peer == NULL) { /* No destination. */ OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1); + if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1); OVPN_RUNLOCK(sc); m_freem(m); return (ENETDOWN); @@ -2461,6 +2485,8 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, M_ASSERTPKTHDR(m); OVPN_COUNTER_ADD(sc, transport_bytes_received, m->m_pkthdr.len - off); + if_inc_counter(sc->ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len - off); + if_inc_counter(sc->ifp, IFCOUNTER_IPACKETS, 1); ohdrlen = sizeof(*ohdr) - sizeof(ohdr->auth_tag); @@ -2490,6 +2516,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, m = m_unshare(m, M_NOWAIT); if (m == NULL) { OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); return (true); } @@ -2497,6 +2524,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, if (m == NULL) { OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); return (true); } @@ -2513,6 +2541,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, if (key == NULL || key->decrypt == NULL) { OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); m_freem(m); return (true); } @@ -2558,6 +2587,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, if (m == NULL) { OVPN_RUNLOCK(sc); OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); return (true); } uhdr = mtodo(m, 0); @@ -2567,6 +2597,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, crp = crypto_getreq(key->decrypt->cryptoid, M_NOWAIT); if (crp == NULL) { OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); OVPN_RUNLOCK(sc); m_freem(m); return (true); @@ -2603,6 +2634,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, ret = crypto_dispatch(crp); if (ret != 0) { OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1); + if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1); } return (true); diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh index 9dafce2242d8..6fe0393dd2b2 100644 --- a/tests/sys/net/if_ovpn/if_ovpn.sh +++ b/tests/sys/net/if_ovpn/if_ovpn.sh @@ -99,6 +99,31 @@ atf_test_case "4in4" "cleanup" # Test routing loop protection jexec b route add 192.0.2.1 198.51.100.1 atf_check -s exit:2 -o ignore jexec b ping -t 1 -c 1 198.51.100.1 + + jexec a netstat -I ovpn0 -n -b + ipkts=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($5); }') + echo "$ipkts input packets" + if [ $ipkts -eq 0 ]; then + atf_fail "Input packets were not counted" + fi + + ibytes=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($8); }') + echo "$ibytes input bytes" + if [ $ibytes -eq 0 ]; then + atf_fail "Input bytes were not counted" + fi + + opkts=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($9); }') + echo "$opkts output packets" + if [ $obytes -eq 0 ]; then + atf_fail "Output packets were not counted" + fi + + obytes=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($11); }') + echo "$obytes output bytes" + if [ $obytes -eq 0 ]; then + atf_fail "Output bytes were not counted" + fi } 4in4_cleanup()