| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZkCCPvzuRED57RKL@hog> Date: Sun, 12 May 2024 10:47:58 +0200 From: Sabrina Dubroca <sd@...asysnail.net> To: Antonio Quartulli <antonio@...nvpn.net> Cc: netdev@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>, Sergey Ryazanov <ryazanov.s.a@...il.com>, Paolo Abeni <pabeni@...hat.com>, Eric Dumazet <edumazet@...gle.com>, Andrew Lunn <andrew@...n.ch>, Esben Haabendal <esben@...nix.com> Subject: Re: [PATCH net-next v3 12/24] ovpn: store tunnel and transport statistics 2024-05-06, 03:16:25 +0200, Antonio Quartulli wrote: > Byte/packet counters for in-tunnel and transport streams > are now initialized and updated as needed. > > To be exported via netlink. > > Signed-off-by: Antonio Quartulli <antonio@...nvpn.net> > --- > drivers/net/ovpn/Makefile | 1 + > drivers/net/ovpn/io.c | 10 ++++++++ > drivers/net/ovpn/peer.c | 3 +++ > drivers/net/ovpn/peer.h | 13 +++++++--- > drivers/net/ovpn/stats.c | 21 ++++++++++++++++ > drivers/net/ovpn/stats.h | 52 +++++++++++++++++++++++++++++++++++++++ What I'm seeing in this patch are "success" counters. I don't see any stats for dropped packets that would help the user figure out why their VPN isn't working, or why their CPU is burning up decrypting packets that don't show up on the host, etc. You can guess there are issues by subtracting the link and vpn stats, but that's very limited. For example: - counter for packets dropped during the udp encap/decap - counter for failed encrypt/decrypt (especially failed decrypt) - counter for replay protection failures - counter for malformed packets Maybe not a separate counter for each of the prints you added in the rx/tx code, but at least enough of them to start figuring out what's going on without enabling all the prints and parsing dmesg. > diff --git a/drivers/net/ovpn/peer.h b/drivers/net/ovpn/peer.h > index da41d711745c..b5ff59a4b40f 100644 > --- a/drivers/net/ovpn/peer.h > +++ b/drivers/net/ovpn/peer.h > @@ -10,14 +10,15 @@ > #ifndef _NET_OVPN_OVPNPEER_H_ > #define _NET_OVPN_OVPNPEER_H_ > > +#include <linux/ptr_ring.h> > +#include <net/dst_cache.h> > +#include <uapi/linux/ovpn.h> > + > #include "bind.h" > #include "pktid.h" > #include "crypto.h" > #include "socket.h" > - > -#include <linux/ptr_ring.h> > -#include <net/dst_cache.h> > -#include <uapi/linux/ovpn.h> > +#include "stats.h" Header reshuffling got squashed into the wrong patch? > diff --git a/drivers/net/ovpn/stats.h b/drivers/net/ovpn/stats.h > new file mode 100644 > index 000000000000..5134e49c0458 > --- /dev/null > +++ b/drivers/net/ovpn/stats.h > @@ -0,0 +1,52 @@ > +/* SPDX-License-Identifier: GPL-2.0-only */ > +/* OpenVPN data channel offload > + * > + * Copyright (C) 2020-2024 OpenVPN, Inc. > + * > + * Author: James Yonan <james@...nvpn.net> > + * Antonio Quartulli <antonio@...nvpn.net> > + * Lev Stipakov <lev@...nvpn.net> > + */ > + > +#ifndef _NET_OVPN_OVPNSTATS_H_ > +#define _NET_OVPN_OVPNSTATS_H_ > + > +//#include <linux/atomic.h> > +//#include <linux/jiffies.h> Forgot a clean up before posting? :) -- Sabrina
Powered by blists - more mailing lists