From nobody Thu Jan 15 17:14:51 2026
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dsV3J0TDkz6PCbr
	for <dev-commits-src-main@mlmmj.nyi.freebsd.org>; Thu, 15 Jan 2026 17:14:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4dsV3H5kj3z3bZH
	for <dev-commits-src-main@FreeBSD.org>; Thu, 15 Jan 2026 17:14:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1768497291;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=CsEdq81xbgQVedFtb/6KOAf0GAOG4HdM7rPJ6Qewfrc=;
	b=s+KUZLJYPEfxsiewP/8S9oh8g6LFpLkHeZhNLACOyFwpS2dE+KpFc+umRFu/ExeK1oLHUt
	o/6zkZjHNyoNRY2AeuKV+ZGD/JnSXiDQBlMZVPkTEqKLKIYjYqs5BM3kwrpeWAnv3ZRhgi
	yupUUbvhIUCzyxfk4ZgEfWThH6S+qfdgqlcMQKyVw6YcKiJvi22NqMe0YLLSkbRmjFQQ5J
	wr1buzr+yn8vdEpt9mDm1RJ7X7kc1V4GuP6w8e7+i19gUwYILoIR/CisNVzXuK10vFDAYm
	TUOAR+3VtUfgqTZ8ys7aTXkRdXKt4KCDCmYU/shV4mybfb94NshcWD49rNLeQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1768497291;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=CsEdq81xbgQVedFtb/6KOAf0GAOG4HdM7rPJ6Qewfrc=;
	b=mr/7w4JwnThK1Yp2PmvcFGIPYR+4mqlzihvpmxTUJ9WOBZqeLyHMLPQ05tTRCd7TXgYmMk
	q07T2FKPZsjlNfzqC6vypu6TjRfypkp3Twuq+F1S2beKF/47KqEdqK/SMlGRsr1Dq+742K
	vZvV7+vtIeeiscLowIDB01ZGksEhizF9uI+Uld5XtS+kXLxoSJo0lokn/yFDXE2KSpl2DB
	j+irE+m0CpVwptMfd9S7/GoH+PiRYNwnEtNor6EIzI7WJG3ZAmXCzxHhNnK06zYTCcA+ZU
	eK1zV3JK/4/5KQJyhlo68Dfyd6pojpE+oZBjsA1o7OvYSzq6IRPxYulTtnj6Vw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1768497291; a=rsa-sha256; cv=none;
	b=p71Euy5+hpmIomw2clwZlt7n8KP49vjVSSWLu/R+mhVYDr8vq6oeETpFw0QqjSoL7u9v/q
	r4DOP8s0UDCGT8eYkZzS0VuO3OCWU48YpgyAM3A/Ic5ud6IsKgvR43mqF948YKePdU2TZh
	THP2XsnQMRL9RQNktyNPvAuUnU88o8XP6vEk1T/jZlbnu717SGuBigX3jG1iJZJqDuV6x3
	0siuB1BLn2XPTa4uUU5M5BvcJ8eBjBJL83AJkLlFbm/BoA/NPOy2zatDgobCUZsmZMySLa
	A8mhdmPlxhGOeqRjhH8imWSwIMF/rKxHAlsE+APkeOcuauutApZg6ICALiTjag==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dsV3H57gyzdNV
	for <dev-commits-src-main@FreeBSD.org>; Thu, 15 Jan 2026 17:14:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 3918d
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Thu, 15 Jan 2026 17:14:51 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 21d666a19331 - main - if_ovpn: add interface counters
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 21d666a19331f31fb6dfa1e370de5a84a1a5cb46
Auto-Submitted: auto-generated
Date: Thu, 15 Jan 2026 17:14:51 +0000
Message-Id: <6969208b.3918d.62ac1f5f@gitrepo.freebsd.org>

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=21d666a19331f31fb6dfa1e370de5a84a1a5cb46

commit 21d666a19331f31fb6dfa1e370de5a84a1a5cb46
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2026-01-15 14:15:12 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2026-01-15 16:18:27 +0000

    if_ovpn: add interface counters
    
    Count input/output packets and bytes on the interface as well, not just
    in openvpn-specific counters.
    
    PR:             292464
    MFC after:      2 weeks
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/net/if_ovpn.c                | 32 ++++++++++++++++++++++++++++++++
 tests/sys/net/if_ovpn/if_ovpn.sh | 25 +++++++++++++++++++++++++
 2 files changed, 57 insertions(+)

diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c
index ae09a1ce9db8..7c416055e939 100644
--- a/sys/net/if_ovpn.c
+++ b/sys/net/if_ovpn.c
@@ -1669,6 +1669,7 @@ ovpn_encrypt_tx_cb(struct cryptop *crp)
 		NET_EPOCH_EXIT(et);
 		CURVNET_RESTORE();
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 		m_freem(m);
 		return (0);
 	}
@@ -1680,6 +1681,8 @@ ovpn_encrypt_tx_cb(struct cryptop *crp)
 	if (ret == 0) {
 		OVPN_COUNTER_ADD(sc, sent_data_pkts, 1);
 		OVPN_COUNTER_ADD(sc, tunnel_bytes_sent, tunnel_len);
+		if_inc_counter(sc->ifp, IFCOUNTER_OPACKETS, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OBYTES, tunnel_len);
 	}
 
 	crypto_freereq(crp);
@@ -1706,6 +1709,7 @@ ovpn_finish_rx(struct ovpn_softc *sc, struct mbuf *m,
 	if (V_replay_protection && ! ovpn_check_replay(key->decrypt, seq)) {
 		OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 		m_freem(m);
 		return;
 	}
@@ -1767,6 +1771,7 @@ skip_float:
 	m = m_pullup(m, 1);
 	if (m == NULL) {
 		OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		return;
 	}
 
@@ -1783,6 +1788,7 @@ skip_float:
 			netisr_dispatch(af == AF_INET ? NETISR_IP : NETISR_IPV6, m);
 	} else {
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		m_freem(m);
 	}
 }
@@ -1827,6 +1833,7 @@ ovpn_decrypt_rx_cb(struct cryptop *crp)
 		crypto_freereq(crp);
 		atomic_add_int(&sc->refcount, -1);
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		OVPN_RUNLOCK(sc);
 		m_freem(m);
 		return (0);
@@ -1844,6 +1851,7 @@ ovpn_decrypt_rx_cb(struct cryptop *crp)
 		atomic_add_int(&sc->refcount, -1);
 		OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		m_freem(m);
 		CURVNET_RESTORE();
 		return (0);
@@ -1859,6 +1867,7 @@ ovpn_decrypt_rx_cb(struct cryptop *crp)
 		 */
 		OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		m_freem(m);
 		CURVNET_RESTORE();
 		return (0);
@@ -2073,6 +2082,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m,
 		if (_ovpn_lock_trackerp != NULL)
 			OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		m_freem(m);
 		return (ELOOP);
 	}
@@ -2089,6 +2099,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m,
 		if (_ovpn_lock_trackerp != NULL)
 			OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 		return (ENOBUFS);
 	}
 	ohdr = mtod(m, struct ovpn_wire_header *);
@@ -2105,6 +2116,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m,
 		if (_ovpn_lock_trackerp != NULL)
 			OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 
 		/* Let's avoid (very unlikely, but still) wraparounds of the
 		 * 64-bit counter taking us back to 0. */
@@ -2127,6 +2139,8 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m,
 		if (ret == 0) {
 			OVPN_COUNTER_ADD(sc, sent_data_pkts, 1);
 			OVPN_COUNTER_ADD(sc, tunnel_bytes_sent, tunnel_len);
+			if_inc_counter(sc->ifp, IFCOUNTER_OPACKETS, 1);
+			if_inc_counter(sc->ifp, IFCOUNTER_OBYTES, tunnel_len);
 		}
 		return (ret);
 	}
@@ -2136,6 +2150,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m,
 		if (_ovpn_lock_trackerp != NULL)
 			OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 		m_freem(m);
 		return (ENOBUFS);
 	}
@@ -2174,6 +2189,7 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m,
 		ret = crypto_dispatch(crp);
 	if (ret) {
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 	}
 
 	return (ret);
@@ -2198,6 +2214,7 @@ ovpn_encap(struct ovpn_softc *sc, uint32_t peerid, struct mbuf *m)
 	if (peer == NULL || sc->ifp->if_link_state != LINK_STATE_UP) {
 		OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 		m_freem(m);
 		return (ENETDOWN);
 	}
@@ -2208,6 +2225,7 @@ ovpn_encap(struct ovpn_softc *sc, uint32_t peerid, struct mbuf *m)
 	if (m == NULL) {
 		OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 		m_freem(m);
 		return (ENOBUFS);
 	}
@@ -2241,6 +2259,7 @@ ovpn_encap(struct ovpn_softc *sc, uint32_t peerid, struct mbuf *m)
 		if (m == NULL) {
 			OVPN_RUNLOCK(sc);
 			OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 			return (ENOBUFS);
 		}
 		ip = mtod(m, struct ip *);
@@ -2274,12 +2293,14 @@ ovpn_encap(struct ovpn_softc *sc, uint32_t peerid, struct mbuf *m)
 		if (m == NULL) {
 			OVPN_RUNLOCK(sc);
 			OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1);
+			if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 			return (ENOBUFS);
 		}
 		m = m_pullup(m, sizeof(*ip6) + sizeof(*udp));
 		if (m == NULL) {
 			OVPN_RUNLOCK(sc);
 			OVPN_COUNTER_ADD(sc, nomem_data_pkts_out, 1);
+			if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 			return (ENOBUFS);
 		}
 
@@ -2341,6 +2362,7 @@ ovpn_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
 	m = m_unshare(m, M_NOWAIT);
 	if (m == NULL) {
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 		return (ENOBUFS);
 	}
 
@@ -2350,6 +2372,7 @@ ovpn_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
 
 	if (__predict_false(ifp->if_link_state != LINK_STATE_UP)) {
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 		OVPN_RUNLOCK(sc);
 		m_freem(m);
 		return (ENETDOWN);
@@ -2368,6 +2391,7 @@ ovpn_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
 	if (peer == NULL) {
 		/* No destination. */
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_OERRORS, 1);
 		OVPN_RUNLOCK(sc);
 		m_freem(m);
 		return (ENETDOWN);
@@ -2463,6 +2487,8 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp,
 	M_ASSERTPKTHDR(m);
 
 	OVPN_COUNTER_ADD(sc, transport_bytes_received, m->m_pkthdr.len - off);
+	if_inc_counter(sc->ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len - off);
+	if_inc_counter(sc->ifp, IFCOUNTER_IPACKETS, 1);
 
 	ohdrlen = sizeof(*ohdr) - sizeof(ohdr->auth_tag);
 
@@ -2492,6 +2518,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp,
 	m = m_unshare(m, M_NOWAIT);
 	if (m == NULL) {
 		OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		return (true);
 	}
 
@@ -2499,6 +2526,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp,
 	if (m == NULL) {
 		OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		return (true);
 	}
 
@@ -2515,6 +2543,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp,
 	if (key == NULL || key->decrypt == NULL) {
 		OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		m_freem(m);
 		return (true);
 	}
@@ -2560,6 +2589,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp,
 	if (m == NULL) {
 		OVPN_RUNLOCK(sc);
 		OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		return (true);
 	}
 	uhdr = mtodo(m, 0);
@@ -2569,6 +2599,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp,
 	crp = crypto_getreq(key->decrypt->cryptoid, M_NOWAIT);
 	if (crp == NULL) {
 		OVPN_COUNTER_ADD(sc, nomem_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 		OVPN_RUNLOCK(sc);
 		m_freem(m);
 		return (true);
@@ -2605,6 +2636,7 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp,
 		ret = crypto_dispatch(crp);
 	if (ret != 0) {
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1);
+		if_inc_counter(sc->ifp, IFCOUNTER_IERRORS, 1);
 	}
 
 	return (true);
diff --git a/tests/sys/net/if_ovpn/if_ovpn.sh b/tests/sys/net/if_ovpn/if_ovpn.sh
index 9dafce2242d8..6fe0393dd2b2 100644
--- a/tests/sys/net/if_ovpn/if_ovpn.sh
+++ b/tests/sys/net/if_ovpn/if_ovpn.sh
@@ -99,6 +99,31 @@ atf_test_case "4in4" "cleanup"
 	# Test routing loop protection
 	jexec b route add 192.0.2.1 198.51.100.1
 	atf_check -s exit:2 -o ignore jexec b ping -t 1 -c 1 198.51.100.1
+
+	jexec a netstat -I ovpn0 -n -b
+	ipkts=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($5); }')
+	echo "$ipkts input packets"
+	if [ $ipkts -eq 0 ]; then
+		atf_fail "Input packets were not counted"
+	fi
+
+	ibytes=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($8); }')
+	echo "$ibytes input bytes"
+	if [ $ibytes -eq 0 ]; then
+		atf_fail "Input bytes were not counted"
+	fi
+
+	opkts=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($9); }')
+	echo "$opkts output packets"
+	if [ $obytes -eq 0 ]; then
+		atf_fail "Output packets were not counted"
+	fi
+
+	obytes=$(jexec a netstat -I ovpn0 -n -b | awk 'NR == 2 { print($11); }')
+	echo "$obytes output bytes"
+	if [ $obytes -eq 0 ]; then
+		atf_fail "Output bytes were not counted"
+	fi
 }
 
 4in4_cleanup()