diff options
| author |   Dave Barach <dave@barachs.net> | 2019-06-08 12:33:13 -0400 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2019-06-08 19:39:57 +0000 |
| commit | 7681b1c469eda79003eef550fda460f48e5a08d7 (patch) | |
| tree | a7bc4e892fd2b60efc2b39775487f51c524c10f0 /src/plugins/mactime/node.c | |
| parent | 8875248f5e0602f4b4872ea12e542826df3df1f8 (diff) | |
mactime: add per-mac allow-with-quota feature
Specify a data limit during specified time ranges. Outside of the
specified time ranges, data will be allowed.
Clean up "show mactime" output.
Type: feature
Change-Id: Iddd6678e7ded1d0f9cb88d69c656de8d87d5694c
Signed-off-by: Dave Barach <dave@barachs.net>
Diffstat (limited to 'src/plugins/mactime/node.c')
| -rw-r--r-- | src/plugins/mactime/node.c | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/src/plugins/mactime/node.c b/src/plugins/mactime/node.c index e4d12f80db4..608773d5ce4 100644 --- a/src/plugins/mactime/node.c +++ b/src/plugins/mactime/node.c @@ -120,6 +120,7 @@ mactime_node_inline (vlib_main_t * vm, u32 device_index0; u32 len0; ethernet_header_t *en0; + int has_dynamic_range_allow = 0; int i; /* speculatively enqueue b0 to the current next frame */ @@ -168,8 +169,9 @@ mactime_node_inline (vlib_main_t * vm, dp = pool_elt_at_index (mm->devices, device_index0); - /* Known device, check for a traffic quota */ - if (PREDICT_FALSE (dp->data_quota)) + /* Known device, check for an always-on traffic quota */ + if ((dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW) + && PREDICT_FALSE (dp->data_quota)) { vlib_counter_t device_current_count; vlib_get_combined_counter (&mm->allow_counters, @@ -242,6 +244,9 @@ mactime_node_inline (vlib_main_t * vm, start0 = r->start + mm->sunday_midnight; end0 = r->end + mm->sunday_midnight; + if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW_QUOTA) + has_dynamic_range_allow = 1; + /* Packet within time range */ if (now >= start0 && now <= end0) { @@ -253,15 +258,35 @@ mactime_node_inline (vlib_main_t * vm, dp - mm->devices, 1, len0); next0 = MACTIME_NEXT_DROP; b0->error = node->errors[MACTIME_ERROR_RANGE_DROP]; + goto trace0; } - else /* it's an allow range, allow it */ + /* Quota-check allow range? */ + else if (has_dynamic_range_allow) { + if (dp->data_used_in_range + len0 >= dp->data_quota) + { + next0 = MACTIME_NEXT_DROP; + b0->error = node->errors[MACTIME_ERROR_QUOTA_DROP]; + vlib_increment_combined_counter + (&mm->drop_counters, thread_index, + dp - mm->devices, 1, len0); + goto trace0; + } + else + { + dp->data_used_in_range += len0; + goto allow0; + } + } + else + { /* it's an allow range, allow it */ + allow0: vlib_increment_combined_counter (&mm->allow_counters, thread_index, dp - mm->devices, 1, len0); packets_ok++; + goto trace0; } - goto trace0; } } /* @@ -275,11 +300,13 @@ mactime_node_inline (vlib_main_t * vm, vlib_increment_combined_counter (&mm->drop_counters, thread_index, dp - mm->devices, 1, len0); } - else + else /* DYNAMIC_DROP, DYNAMIC_RANGE_ALLOW_QUOTA */ { vlib_increment_combined_counter (&mm->allow_counters, thread_index, dp - mm->devices, 1, len0); + /* Clear the data quota accumulater */ + dp->data_used_in_range = 0; packets_ok++; } |