From 97c2a697dfdc54e466f131290d6e72cb36921578 Mon Sep 17 00:00:00 2001 From: VANHULLEBUS Yvan Date: Tue, 12 Aug 2008 09:05:01 +0000 Subject: [PATCH] Increase statistic counters for enc0 interface when enabled and processing IPSec traffic. Approved by: gnn (mentor) MFC after: 1 week --- sys/net/if_enc.c | 2 +- sys/net/if_enc.h | 35 +++++++++++++++++++++++++++++++++++ sys/netipsec/ipsec_input.c | 11 +++++++++++ sys/netipsec/ipsec_output.c | 11 +++++++++++ 4 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 sys/net/if_enc.h diff --git a/sys/net/if_enc.c b/sys/net/if_enc.c index bc5f32867333..aa008aec12fc 100644 --- a/sys/net/if_enc.c +++ b/sys/net/if_enc.c @@ -76,7 +76,7 @@ struct enchdr { u_int32_t flags; }; -static struct ifnet *encif; +struct ifnet *encif; static struct mtx enc_mtx; struct enc_softc { diff --git a/sys/net/if_enc.h b/sys/net/if_enc.h new file mode 100644 index 000000000000..59a55fcfe951 --- /dev/null +++ b/sys/net/if_enc.h @@ -0,0 +1,35 @@ +/*- + * Copyright (c) 2008 The FreeBSD Project. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _NET_IF_ENC_H +#define _NET_IF_ENC_H + +extern struct ifnet *encif; + +#endif /* _NET_IF_ENC_H */ diff --git a/sys/netipsec/ipsec_input.c b/sys/netipsec/ipsec_input.c index e98f71ebf703..edd222302bf1 100644 --- a/sys/netipsec/ipsec_input.c +++ b/sys/netipsec/ipsec_input.c @@ -93,6 +93,11 @@ #include #include +#ifdef DEV_ENC +#include +#endif + + #define IPSEC_ISTAT(p,x,y,z) ((p) == IPPROTO_ESP ? (x)++ : \ (p) == IPPROTO_AH ? (y)++ : (z)++) @@ -455,6 +460,9 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, key_sa_recordxfer(sav, m); /* record data transfer */ #ifdef DEV_ENC + encif->if_ipackets++; + encif->if_ibytes += m->m_pkthdr.len; + /* * Pass the mbuf to enc0 for bpf and pfil. We will filter the IPIP * packet later after it has been decapsulated. @@ -718,6 +726,9 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int proto key_sa_recordxfer(sav, m); #ifdef DEV_ENC + encif->if_ipackets++; + encif->if_ibytes += m->m_pkthdr.len; + /* * Pass the mbuf to enc0 for bpf and pfil. We will filter the IPIP * packet later after it has been decapsulated. diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c index ea153d4d720d..72840c2d551b 100644 --- a/sys/netipsec/ipsec_output.c +++ b/sys/netipsec/ipsec_output.c @@ -82,6 +82,11 @@ #include +#ifdef DEV_ENC +#include +#endif + + int ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr) { @@ -364,6 +369,9 @@ ipsec4_process_packet( sav = isr->sav; #ifdef DEV_ENC + encif->if_opackets++; + encif->if_obytes += m->m_pkthdr.len; + /* pass the mbuf to enc0 for bpf processing */ ipsec_bpf(m, sav, AF_INET, ENC_OUT|ENC_BEFORE); /* pass the mbuf to enc0 for packet filtering */ @@ -724,6 +732,9 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int } #ifdef DEV_ENC + encif->if_opackets++; + encif->if_obytes += m->m_pkthdr.len; + /* pass the mbuf to enc0 for bpf processing */ ipsec_bpf(m, isr->sav, AF_INET6, ENC_OUT|ENC_BEFORE); /* pass the mbuf to enc0 for packet filtering */