diff options
author | 2018-08-28 15:15:02 +0000 | |
---|---|---|
committer | 2018-08-28 15:15:02 +0000 | |
commit | 2edaa7bab8dc7eebcf170add906583e7aa0263bf (patch) | |
tree | 022ca6608cd2070d6ae97cb592e4d9e14f734a90 /sys/netinet/ipsec_output.c | |
parent | Drop SSLv2, SSLv3 support. (diff) | |
download | wireguard-openbsd-2edaa7bab8dc7eebcf170add906583e7aa0263bf.tar.xz wireguard-openbsd-2edaa7bab8dc7eebcf170add906583e7aa0263bf.zip |
Add per-TDB counters and a new SADB extension to export them to
userland.
Inputs from markus@, ok sthen@
Diffstat (limited to 'sys/netinet/ipsec_output.c')
-rw-r--r-- | sys/netinet/ipsec_output.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 840903d16bd..c477793a01f 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.73 2018/07/12 15:51:50 mpi Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.74 2018/08/28 15:15:02 mpi Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -361,6 +361,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) } ipsecstat_add(ipsec_ouncompbytes, m->m_pkthdr.len); + tdb->tdb_ouncompbytes += m->m_pkthdr.len; /* Non expansion policy for IPCOMP */ if (tdb->tdb_sproto == IPPROTO_IPCOMP) { @@ -441,13 +442,17 @@ ipsec_output_cb(struct cryptop *crp) } NET_UNLOCK(); - if (error) + if (error) { ipsecstat_inc(ipsec_odrops); + tdb->tdb_odrops++; + } return; baddone: NET_UNLOCK(); droponly: + if (tdb != NULL) + tdb->tdb_odrops++; m_freem(m); free(tc, M_XDATA, 0); crypto_freereq(crp); @@ -572,14 +577,16 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) m_tag_prepend(m, mtag); + ipsecstat_inc(ipsec_opackets); + ipsecstat_add(ipsec_obytes, m->m_pkthdr.len); + tdb->tdb_opackets++; + tdb->tdb_obytes += m->m_pkthdr.len; + /* If there's another (bundled) TDB to apply, do so. */ if (tdb->tdb_onext) return ipsp_process_packet(m, tdb->tdb_onext, tdb->tdb_dst.sa.sa_family, 0); - ipsecstat_inc(ipsec_opackets); - ipsecstat_add(ipsec_obytes, m->m_pkthdr.len); - #if NPF > 0 /* Add pf tag if requested. */ pf_tag_packet(m, tdb->tdb_tag, -1); |