From patchwork Sun Nov  9 08:41:23 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 4573
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:33c4:b0:7b1:439f:bdf with SMTP id u4csp524028maf;
        Sun, 9 Nov 2025 00:42:16 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCVOTdHHw7+vPwn/hrdN3fxdoGCBSUjCjrPpjnREhtwsOkeW13wD169ls71wpnEv0924jo/7+vy7mek=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IHk0jrs4Er36TV/izRANVX+QpH9jt4lrRWCoz0waConusvfQ7wk8G2Gcx2096dsnOWrqLuv
X-Received: by 2002:a05:6808:221f:b0:450:3fb0:6ddd with SMTP id
 5614622812f47-4503fb07668mr807147b6e.47.1762677736088;
        Sun, 09 Nov 2025 00:42:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1762677736; cv=none;
        d=google.com; s=arc-20240605;
        b=RbR7r0UiRh/HfYjkw31yvGldk2YT0LuQ40j+VHe9s+uWqkaEvCY3q807ZXEH+5bylz
         4x6Ere+HtlhUISAbFftu5ulX6dK9egrdEu/90AIrfEbXLOR+CbScLEVtEWF0sTBbaHD+
         qOD0Qa5MTBlUXC5HZn0HSXDfanW4TMDMu6tU7ojdsEGjEBtFHyGAoLU/4tVnBhx3OlTz
         FSp/IzKdK1+r5LMjuK8wTeMb1JpZiEtYUarZGXnVpkybPLWXmS1C/wXUnbkzl7QgQdvH
         J7kAbyUC8uRO4h63stOwIEGNqEQMHTALJ/qIkndkUtvxNc/xjDaKbX/+Plx9lOqacDI2
         4Rpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=yaACxIE6QBiKhiAFPhY2KzZvXcJsJBFaTY1JEErMETc=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=LlkzK7XeRYtgyW2l1Am73TIrGK4eJWrTkP/ZPN59RLwTuIfwiPKp+iGVUTU0O3TBVt
         5yHf7TnnkX0t1JnYVuconQV9ehG767MMeZXnqy+YtEpOHyAlizBdAFnC3ndAWsx8jrkk
         ARk9qa3N7mggUaBoAox+3gRJ4Bs8pkxFC9n4B3/yHJjfcyMcXzM6kRLp4WaMXb2HxdTQ
         VE8IITgFgZ+wm4cZv2jmXaUVtCK1VYk2uU1tRW8UcgwbzJ3djt6QGPCIbVaU6jFFp6qC
         8dJ84Twm5oIeLTzx8xokjZnvQTOihb/mU7uFuQHP1X8vU0aww3vqPO/aK8kwB1j8ewAh
         +Lxw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=ZZIGUJy7;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b="GF5ve4b/";
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=PkZBGByS;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 5614622812f47-4500274a979si3349079b6e.23.2025.11.09.00.42.15
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 09 Nov 2025 00:42:15 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=ZZIGUJy7;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b="GF5ve4b/";
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=PkZBGByS;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=yaACxIE6QBiKhiAFPhY2KzZvXcJsJBFaTY1JEErMETc=; b=ZZIGUJy7caPiM4eUW6i1cRhHOn
	1HvwGFU4U6iv0j+p1pdl+YL607jmsAc5+t7bP8h1DAIi3rzBNltR0zx5RpDiUi+312uLh7PjWQ1nT
	2MrJerwlUGXxMamXWOM5xSnDUhcml4O20bTH6nJIK0fodLSU7GWvQL5P57ata0iCXMeg=;
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1vI100-0001a7-3E;
	Sun, 09 Nov 2025 08:42:12 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue4.greenie.muc.de>) id 1vI0zb-0001ZY-Au
 for openvpn-devel@lists.sourceforge.net;
 Sun, 09 Nov 2025 08:41:47 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=DJCicTAmY5OVP3olCcJZVh0dZSQ4ckRbFWoeF2CqXx8=; b=GF5ve4b//Tk9wOBlRckMiMrw1D
 IANyYzbLCb2a1B5ozStDU/QbDQEuND4nSE5KbbhLVrTQK0XzXULdHSr7Kd9BljYqkuywGsMa5NSc8
 H9Ren1Bn6526Y8UDrsRagbhVtjUP/ZBp5HLxv7o6Z5vJj7h4C0tY5+rTzVmKdRb94lxU=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=DJCicTAmY5OVP3olCcJZVh0dZSQ4ckRbFWoeF2CqXx8=; b=PkZBGByS7qqaGQ+wtiHAvO6/VJ
 c6fYHkduCEmd/pehOGxiObhUcF79Jyycdz05WabiuBx2GiiE1zLf/YiiGDxXDiPAHDH4+KRiw5Nv7
 RwIsSX5UI2M2M7FmWP2BdtU6HFLtQBlCTg5T40abR4bFCjZwEXsNiGqihxr3KdkklnUI=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1vI0za-00025T-7q for openvpn-devel@lists.sourceforge.net;
 Sun, 09 Nov 2025 08:41:47 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5A98fYvQ011486
 for <openvpn-devel@lists.sourceforge.net>; Sun, 9 Nov 2025 09:41:34 +0100
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5A98fYs7011485
 for openvpn-devel@lists.sourceforge.net; Sun, 9 Nov 2025 09:41:34 +0100
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Sun,  9 Nov 2025 09:41:23 +0100
Message-ID: <20251109084130.11463-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.49.1
In-Reply-To: 
 <gerrit.1762292654000.I38a040a9bdcb44933d4ca538f746af5c61011d7c@gerrit.openvpn.net>
References: 
 <gerrit.1762292654000.I38a040a9bdcb44933d4ca538f746af5c61011d7c@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-2.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  This is "fetch read/write statistics for a single peer",
 complementing
 dco_get_peer_stats_multi() "... for all peers", and it is called in --client
 mode, and (!) in p2mp mode to check if --inactive th [...]
 Content analysis details:   (1.3 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1vI0za-00025T-7q
Subject: [Openvpn-devel] [PATCH v3] dco_freebsd: implement
 dco_get_peer_stats()
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1848301569697098459?=
X-GMAIL-MSGID: =?utf-8?q?1848301569697098459?=

This is "fetch read/write statistics for a single peer", complementing
dco_get_peer_stats_multi() "... for all peers", and it is called in
--client mode, and (!) in p2mp mode to check if --inactive thresholds
are reached.

The FreeBSD DCO module has no "give me stats for a single peer" call, so
we just call dco_get_peer_stats_multi() to get all of them - and that
function is modified to handle p2p or p2mp mode by checking mode == CM_TOP.

(dco_linux does about the same in dco_get_peer*() -> ovpn_handle_peer(),
after a few iterations, except that it can query for "just one peer")

"--inactive" still does not work on FreeBSD, because the code in forward.c
looks at counters that are not set by FreeBSD DCO.

v2:
  on AUTH_FAIL, 'dco' struct is not initialized yet -> SIGSEGV crash,
  verify that dco_peer_id is >= 0 before calling dco_get_peer_stats_multi()

Github: OpenVPN/openvpn#898

Change-Id: I38a040a9bdcb44933d4ca538f746af5c61011d7c
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Ralf Lici <ralf@mandelbit.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1350
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1350
This mail reflects revision 3 of this Change.

Acked-by according to Gerrit (reflected above):
Ralf Lici <ralf@mandelbit.com>

diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index f80b6df..21f0ac0 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -870,8 +870,20 @@
     {
         const nvlist_t *peer = nvpeers[i];
         uint32_t peerid = nvlist_get_number(peer, "peerid");
+        const nvlist_t *bytes = nvlist_get_nvlist(peer, "bytes");
 
-        dco_update_peer_stat(dco->c->multi, peerid, nvlist_get_nvlist(peer, "bytes"));
+        /* we can end here in p2mp mode, or in p2p mode via
+         * the call to "dco_get_peer_stat()"
+         */
+        if (dco->c->mode == CM_TOP)
+        {
+            dco_update_peer_stat(dco->c->multi, peerid, bytes);
+        }
+        else
+        {
+            dco->c->c2.dco_read_bytes = nvlist_get_number(bytes, "in");
+            dco->c->c2.dco_write_bytes = nvlist_get_number(bytes, "out");
+        }
     }
 
     nvlist_destroy(nvl);
@@ -882,12 +894,26 @@
 #pragma GCC diagnostic pop
 #endif
 
+/* get stats for a single peer
+ * we can get here for "the peer stats" in p2p client mode, or by
+ * being queried for a particular peer in p2mp mode, for --inactive
+ */
 int
 dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
 {
-    msg(D_DCO_DEBUG, __func__);
-    /* Not implemented. */
-    return 0;
+    ASSERT(c->c2.tls_multi);
+    msg(D_DCO_DEBUG, "%s: peer-id %d", __func__, c->c2.tls_multi->dco_peer_id);
+
+    if (c->c2.tls_multi->dco_peer_id < 0)
+    {
+        return -EINVAL; /* DCO not active yet */
+    }
+
+    /* unfortunately, the FreeBSD kernel has no peer-specific query - so
+     * we just get all the stats - and if we're there anyway, we can save it
+     * for all peers, too...
+     */
+    return dco_get_peer_stats_multi(&c->c1.tuntap->dco, raise_sigusr1_on_err);
 }
 
 const char *