Re: CVS commit: src/sys/net/npf

[Emmanuel Nyarko <emmankoko519%gmail.com@localhost>]

> On 8 Jul 2025, at 4:42 PM, Emmanuel Nyarko <emmankoko519%gmail.com@localhost> wrote:
> 
> 
> 
>> On 8 Jul 2025, at 4:25 PM, Greg Troxel <gdt%lexort.com@localhost> wrote:
>> 
>> Emmanuel Nyarko <emmankoko519%gmail.com@localhost> writes:
>> 
>>>> I'm not
>>>>  saying they have to be there, but there should be some amount of
>>>>  counters for the various things that can happen, accessible somehow.
>>>>  This became obvious when I ran into the 'all traffic blocked' bug
>>>>  and I could not find a counter for blocked output packets.
>>> 
>>> npfctl stats???
>>> 
>>> i used npfctl stats and i saw the default blocks which helped me to solve the issue.
>> 
>> Sorry, I missed that.  I scanned the output from npfctl on the left and
>> didn't realize the first line had 5 separate verbs.  I'm going to say
>> that's my fault and it's ok.
>> 
>> It would probably be good to improve granularity, perhaps in/out to
>> start with, and "ether" probably should be layer-2 to be consistent.
>> 
> 
> { -1, "Layer 2", },
> { NPF_ETHER_STAT_PASS, "frame pass" },
> { NPF_ETHER_STAT_BLOCK, "frame block" },
> { NPF_ETHER_DEFAULT_PASS, "default pass" },
> 
> { -1, "Layer 3", },
> { -1, "Packets passed" },
> { NPF_STAT_PASS_DEFAULT, "default pass" },
> { NPF_STAT_PASS_RULESET, "ruleset pass" },
> { NPF_STAT_PASS_CONN, "state pass" },
> 
> { -1, "Packets blocked" },
> { NPF_STAT_BLOCK_DEFAULT, "default block" },
> { NPF_STAT_BLOCK_RULESET, "ruleset block" },
> 
> what about this actually ? So we can have them separated.
> 
> Emmanuel
> 
> 

ignore the bad indent. local IDE mess.
> 
> 
> 

Emmanuel