diff options
-rw-r--r-- | sys/net/pfkeyv2_convert.c | 21 | ||||
-rw-r--r-- | sys/netinet/ip_ah.c | 4 | ||||
-rw-r--r-- | sys/netinet/ip_esp.c | 4 | ||||
-rw-r--r-- | sys/netinet/ip_ipcomp.c | 4 | ||||
-rw-r--r-- | sys/netinet/ip_ipsp.c | 7 | ||||
-rw-r--r-- | sys/netinet/ip_ipsp.h | 54 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 4 | ||||
-rw-r--r-- | sys/netinet/ipsec_input.c | 11 | ||||
-rw-r--r-- | sys/netinet/ipsec_output.c | 7 | ||||
-rw-r--r-- | sys/netinet6/ip6_output.c | 6 |
10 files changed, 70 insertions, 52 deletions
diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c index 2d648d5a7eb..61feeb9e4b3 100644 --- a/sys/net/pfkeyv2_convert.c +++ b/sys/net/pfkeyv2_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_convert.c,v 1.77 2021/12/11 16:33:46 bluhm Exp $ */ +/* $OpenBSD: pfkeyv2_convert.c,v 1.78 2021/12/20 15:59:09 mvs Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@keromytis.org) * @@ -963,18 +963,21 @@ export_satype(void **p, struct tdb *tdb) void export_counter(void **p, struct tdb *tdb) { + uint64_t counters[tdb_ncounters]; struct sadb_x_counter *scnt = (struct sadb_x_counter *)*p; + counters_read(tdb->tdb_counters, counters, tdb_ncounters); + scnt->sadb_x_counter_len = sizeof(struct sadb_x_counter) / sizeof(uint64_t); scnt->sadb_x_counter_pad = 0; - scnt->sadb_x_counter_ipackets = tdb->tdb_ipackets; - scnt->sadb_x_counter_opackets = tdb->tdb_opackets; - scnt->sadb_x_counter_ibytes = tdb->tdb_ibytes; - scnt->sadb_x_counter_obytes = tdb->tdb_obytes; - scnt->sadb_x_counter_idrops = tdb->tdb_idrops; - scnt->sadb_x_counter_odrops = tdb->tdb_odrops; - scnt->sadb_x_counter_idecompbytes = tdb->tdb_idecompbytes; - scnt->sadb_x_counter_ouncompbytes = tdb->tdb_ouncompbytes; + scnt->sadb_x_counter_ipackets = counters[tdb_ipackets]; + scnt->sadb_x_counter_opackets = counters[tdb_opackets]; + scnt->sadb_x_counter_ibytes = counters[tdb_ibytes]; + scnt->sadb_x_counter_obytes = counters[tdb_obytes]; + scnt->sadb_x_counter_idrops = counters[tdb_idrops]; + scnt->sadb_x_counter_odrops = counters[tdb_odrops]; + scnt->sadb_x_counter_idecompbytes = counters[tdb_idecompbytes]; + scnt->sadb_x_counter_ouncompbytes = counters[tdb_ouncompbytes]; *p += sizeof(struct sadb_x_counter); } diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 63ef3eb5edf..0580f385206 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.169 2021/12/11 16:33:46 bluhm Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.170 2021/12/20 15:59:09 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -608,7 +608,7 @@ ah_input(struct mbuf **mp, struct tdb *tdb, int skip, int protoff) /* Update the counters. */ ibytes = (m->m_pkthdr.len - skip - hl * sizeof(u_int32_t)); tdb->tdb_cur_bytes += ibytes; - tdb->tdb_ibytes += ibytes; + tdbstat_add(tdb, tdb_ibytes, ibytes); ahstat_add(ahs_ibytes, ibytes); /* Hard expiration. */ diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 1aa4d4b58e8..4d368e9af77 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.189 2021/12/11 16:33:47 bluhm Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.190 2021/12/20 15:59:09 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -420,7 +420,7 @@ esp_input(struct mbuf **mp, struct tdb *tdb, int skip, int protoff) /* Update the counters */ tdb->tdb_cur_bytes += plen; - tdb->tdb_ibytes += plen; + tdbstat_add(tdb, tdb_ibytes, plen); espstat_add(esps_ibytes, plen); /* Hard expiration */ diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index 65026466d48..0026fe2da12 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.89 2021/12/11 16:33:47 bluhm Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.90 2021/12/20 15:59:09 mvs Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -193,7 +193,7 @@ ipcomp_input(struct mbuf **mp, struct tdb *tdb, int skip, int protoff) /* update the counters */ ibytes = m->m_pkthdr.len - (skip + hlen); tdb->tdb_cur_bytes += ibytes; - tdb->tdb_ibytes += ibytes; + tdbstat_add(tdb, tdb_ibytes, ibytes); ipcompstat_add(ipcomps_ibytes, ibytes); /* Hard expiration */ diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index f7b4a9c5742..66baca79efc 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.266 2021/12/19 23:30:08 bluhm Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.267 2021/12/20 15:59:09 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -1050,6 +1050,9 @@ tdb_alloc(u_int rdomain) tdbp->tdb_rdomain = rdomain; tdbp->tdb_rdomain_post = rdomain; + /* Initialize counters. */ + tdbp->tdb_counters = counters_alloc(tdb_ncounters); + /* Initialize timeouts. */ timeout_set_proc(&tdbp->tdb_timer_tmo, tdb_timeout, tdbp); timeout_set_proc(&tdbp->tdb_first_tmo, tdb_firstuse, tdbp); @@ -1088,6 +1091,8 @@ tdb_free(struct tdb *tdbp) } #endif + counters_free(tdbp->tdb_counters, tdb_ncounters); + KASSERT(tdbp->tdb_onext == NULL); KASSERT(tdbp->tdb_inext == NULL); diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index d4d3c955975..1a165b668d0 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.232 2021/12/19 23:30:08 bluhm Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.233 2021/12/20 15:59:10 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -136,17 +136,6 @@ struct ipsecstat { uint64_t ipsec_exctdb; /* TDBs with hardlimit excess */ }; -struct tdb_data { - uint64_t tdd_ipackets; /* Input IPsec packets */ - uint64_t tdd_opackets; /* Output IPsec packets */ - uint64_t tdd_ibytes; /* Input bytes */ - uint64_t tdd_obytes; /* Output bytes */ - uint64_t tdd_idrops; /* Dropped on input */ - uint64_t tdd_odrops; /* Dropped on output */ - uint64_t tdd_idecompbytes; /* Input bytes, decompressed */ - uint64_t tdd_ouncompbytes; /* Output bytes, uncompressed */ -}; - #ifdef _KERNEL #include <sys/timeout.h> @@ -401,7 +390,8 @@ struct tdb { /* tunnel descriptor block */ u_int64_t tdb_last_used; /* When was this SA last used */ u_int64_t tdb_last_marked;/* Last SKIPCRYPTO status change */ - struct tdb_data tdb_data; /* stats about this TDB */ + struct cpumem *tdb_counters; /* stats about this TDB */ + u_int64_t tdb_cryptoid; /* Crypto session ID */ u_int32_t tdb_spi; /* [I] SPI */ @@ -447,15 +437,37 @@ struct tdb { /* tunnel descriptor block */ TAILQ_HEAD(tdb_policy_head, ipsec_policy) tdb_policy_head; /* [p] */ TAILQ_ENTRY(tdb) tdb_sync_entry; }; -#define tdb_ipackets tdb_data.tdd_ipackets -#define tdb_opackets tdb_data.tdd_opackets -#define tdb_ibytes tdb_data.tdd_ibytes -#define tdb_obytes tdb_data.tdd_obytes -#define tdb_idrops tdb_data.tdd_idrops -#define tdb_odrops tdb_data.tdd_odrops -#define tdb_idecompbytes tdb_data.tdd_idecompbytes -#define tdb_ouncompbytes tdb_data.tdd_ouncompbytes +enum tdb_counters { + tdb_ipackets, /* Input IPsec packets */ + tdb_opackets, /* Output IPsec packets */ + tdb_ibytes, /* Input bytes */ + tdb_obytes, /* Output bytes */ + tdb_idrops, /* Dropped on input */ + tdb_odrops, /* Dropped on output */ + tdb_idecompbytes, /* Input bytes, decompressed */ + tdb_ouncompbytes, /* Output bytes, uncompressed */ + tdb_ncounters +}; + +static inline void +tdbstat_inc(struct tdb *tdb, enum tdb_counters c) +{ + counters_inc(tdb->tdb_counters, c); +} + +static inline void +tdbstat_add(struct tdb *tdb, enum tdb_counters c, uint64_t v) +{ + counters_add(tdb->tdb_counters, c, v); +} + +static inline void +tdbstat_pkt(struct tdb *tdb, enum tdb_counters pc, enum tdb_counters bc, + uint64_t bytes) +{ + counters_pkt(tdb->tdb_counters, pc, bc, bytes); +} struct tdb_ident { u_int32_t spi; diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index a8f240a887f..de87ad3aac1 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.377 2021/12/03 17:18:34 bluhm Exp $ */ +/* $OpenBSD: ip_output.c,v 1.378 2021/12/20 15:59:10 mvs Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -662,7 +662,7 @@ ip_output_ipsec_send(struct tdb *tdb, struct mbuf *m, struct route *ro, int fwd) error = ipsp_process_packet(m, tdb, AF_INET, 0); if (error) { ipsecstat_inc(ipsec_odrops); - tdb->tdb_odrops++; + tdbstat_inc(tdb, tdb_odrops); } if (ip_mtudisc && error == EMSGSIZE) ip_output_ipsec_pmtu_update(tdb, ro, dst, rtableid, 0); diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 4a6c15215be..1a4621f1be7 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.198 2021/12/20 15:23:32 bluhm Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.199 2021/12/20 15:59:10 mvs Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -340,8 +340,7 @@ ipsec_common_input(struct mbuf **mp, int skip, int protoff, int af, int sproto, } } - tdbp->tdb_ipackets++; - tdbp->tdb_ibytes += m->m_pkthdr.len; + tdbstat_pkt(tdbp, tdb_ipackets, tdb_ibytes, m->m_pkthdr.len); /* * Call appropriate transform and return -- callback takes care of @@ -350,7 +349,7 @@ ipsec_common_input(struct mbuf **mp, int skip, int protoff, int af, int sproto, prot = (*(tdbp->tdb_xform->xf_input))(mp, tdbp, skip, protoff); if (prot == IPPROTO_DONE) { ipsecstat_inc(ipsec_idrops); - tdbp->tdb_idrops++; + tdbstat_inc(tdbp, tdb_idrops); } tdb_unref(tdbp); return prot; @@ -359,7 +358,7 @@ ipsec_common_input(struct mbuf **mp, int skip, int protoff, int af, int sproto, m_freemp(mp); ipsecstat_inc(ipsec_idrops); if (tdbp != NULL) - tdbp->tdb_idrops++; + tdbstat_inc(tdbp, tdb_idrops); tdb_unref(tdbp); return IPPROTO_DONE; } @@ -537,7 +536,7 @@ ipsec_common_input_cb(struct mbuf **mp, struct tdb *tdbp, int skip, int protoff) m->m_flags |= M_TUNNEL; ipsecstat_add(ipsec_idecompbytes, m->m_pkthdr.len); - tdbp->tdb_idecompbytes += m->m_pkthdr.len; + tdbstat_add(tdbp, tdb_idecompbytes, m->m_pkthdr.len); #if NBPFILTER > 0 encif = enc_getif(tdbp->tdb_rdomain_post, tdbp->tdb_tap); diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 7d863f1657a..33b6244ec3b 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.94 2021/12/11 16:33:47 bluhm Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.95 2021/12/20 15:59:10 mvs Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -367,7 +367,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) } ipsecstat_add(ipsec_ouncompbytes, m->m_pkthdr.len); - tdb->tdb_ouncompbytes += m->m_pkthdr.len; + tdbstat_add(tdb, tdb_ouncompbytes, m->m_pkthdr.len); /* Non expansion policy for IPCOMP */ if (tdb->tdb_sproto == IPPROTO_IPCOMP) { @@ -507,8 +507,7 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) m_tag_prepend(m, mtag); ipsecstat_pkt(ipsec_opackets, ipsec_obytes, m->m_pkthdr.len); - tdb->tdb_opackets++; - tdb->tdb_obytes += m->m_pkthdr.len; + tdbstat_pkt(tdb, tdb_opackets, tdb_obytes, m->m_pkthdr.len); /* If there's another (bundled) TDB to apply, do so. */ tdbo = tdb_ref(tdb->tdb_onext); diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index ac28becd3e9..c7f2fec20bb 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.263 2021/12/03 17:18:34 bluhm Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.264 2021/12/20 15:59:10 mvs Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -2875,7 +2875,7 @@ ip6_output_ipsec_send(struct tdb *tdb, struct mbuf *m, struct route_in6 *ro, rtableid, transportmode); if (error) { ipsecstat_inc(ipsec_odrops); - tdb->tdb_odrops++; + tdbstat_inc(tdb, tdb_odrops); m_freem(m); return error; } @@ -2897,7 +2897,7 @@ ip6_output_ipsec_send(struct tdb *tdb, struct mbuf *m, struct route_in6 *ro, error = ipsp_process_packet(m, tdb, AF_INET6, tunalready); if (error) { ipsecstat_inc(ipsec_odrops); - tdb->tdb_odrops++; + tdbstat_inc(tdb, tdb_odrops); } if (ip_mtudisc && error == EMSGSIZE) ip6_output_ipsec_pmtu_update(tdb, ro, &dst, ifidx, rtableid, 0); |