diff options
author | Arthur de Kerhor <arthurdekerhor@gmail.com> | 2022-11-16 19:12:05 +0100 |
---|---|---|
committer | Beno�t Ganne <bganne@cisco.com> | 2023-03-23 08:58:55 +0000 |
commit | ad95b06181c354291f4433c5e550cb89c5122252 (patch) | |
tree | f40bc5447c51cbe5f4f5fc5ca5a8e54f72297268 /src/vnet/ipsec/ah.h | |
parent | f6ba56296c4034d299784b828a8ac1661adc74da (diff) |
ipsec: add per-SA error counters
Error counters are added on a per-node basis. In Ipsec, it is
useful to also track the errors that occured per SA.
Type: feature
Change-Id: Iabcdcb439f67ad3c6c202b36ffc44ab39abac1bc
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
Diffstat (limited to 'src/vnet/ipsec/ah.h')
-rw-r--r-- | src/vnet/ipsec/ah.h | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/src/vnet/ipsec/ah.h b/src/vnet/ipsec/ah.h index d0b4c21a4bc..ae4cd0b5908 100644 --- a/src/vnet/ipsec/ah.h +++ b/src/vnet/ipsec/ah.h @@ -17,6 +17,7 @@ #include <vnet/ip/ip.h> #include <vnet/ipsec/ipsec.h> +#include <vnet/ipsec/ipsec.api_enum.h> typedef struct { @@ -43,6 +44,58 @@ typedef CLIB_PACKED (struct { }) ip6_and_ah_header_t; /* *INDENT-ON* */ +always_inline u32 +ah_encrypt_err_to_sa_err (u32 err) +{ + switch (err) + { + case AH_ENCRYPT_ERROR_CRYPTO_ENGINE_ERROR: + return IPSEC_SA_ERROR_CRYPTO_ENGINE_ERROR; + case AH_ENCRYPT_ERROR_SEQ_CYCLED: + return IPSEC_SA_ERROR_SEQ_CYCLED; + } + return ~0; +} + +always_inline u32 +ah_decrypt_err_to_sa_err (u32 err) +{ + switch (err) + { + case AH_DECRYPT_ERROR_DECRYPTION_FAILED: + return IPSEC_SA_ERROR_DECRYPTION_FAILED; + case AH_DECRYPT_ERROR_INTEG_ERROR: + return IPSEC_SA_ERROR_INTEG_ERROR; + case AH_DECRYPT_ERROR_NO_TAIL_SPACE: + return IPSEC_SA_ERROR_NO_TAIL_SPACE; + case AH_DECRYPT_ERROR_DROP_FRAGMENTS: + return IPSEC_SA_ERROR_DROP_FRAGMENTS; + case AH_DECRYPT_ERROR_REPLAY: + return IPSEC_SA_ERROR_REPLAY; + } + return ~0; +} + +always_inline void +ah_encrypt_set_next_index (vlib_buffer_t *b, vlib_node_runtime_t *node, + u32 thread_index, u32 err, u16 index, u16 *nexts, + u16 drop_next, u32 sa_index) +{ + ipsec_set_next_index (b, node, thread_index, err, + ah_encrypt_err_to_sa_err (err), index, nexts, + drop_next, sa_index); +} + +always_inline void +ah_decrypt_set_next_index (vlib_buffer_t *b, vlib_node_runtime_t *node, + u32 thread_index, u32 err, u16 index, u16 *nexts, + u16 drop_next, u32 sa_index) +{ + ipsec_set_next_index (b, node, thread_index, err, + ah_decrypt_err_to_sa_err (err), index, nexts, + drop_next, sa_index); +} + always_inline u8 ah_calc_icv_padding_len (u8 icv_size, int is_ipv6) { |