diff options
author | Neale Ranns <neale@graphiant.com> | 2022-08-09 03:34:51 +0000 |
---|---|---|
committer | Beno�t Ganne <bganne@cisco.com> | 2022-08-11 06:51:07 +0000 |
commit | 93688d7341ada44755dc0432de3e3dbaaa8aa111 (patch) | |
tree | a468a2d86cd2b96b662ab8f408ed02ab921de4d5 /src/vnet/ipsec/ipsec_tun_in.c | |
parent | 13a74ae25d606f0ee85b65a57d7cba8bba86c2c2 (diff) |
ipsec: Use .api declared error counters
Type: improvement
Signed-off-by: Neale Ranns <neale@graphiant.com>
Change-Id: Ica7de5a493389c6f53b7cf04e06939473a63d2b9
Diffstat (limited to 'src/vnet/ipsec/ipsec_tun_in.c')
-rw-r--r-- | src/vnet/ipsec/ipsec_tun_in.c | 56 |
1 files changed, 16 insertions, 40 deletions
diff --git a/src/vnet/ipsec/ipsec_tun_in.c b/src/vnet/ipsec/ipsec_tun_in.c index c414be05f7e..8e97fbcc740 100644 --- a/src/vnet/ipsec/ipsec_tun_in.c +++ b/src/vnet/ipsec/ipsec_tun_in.c @@ -24,31 +24,10 @@ #include <vnet/ipsec/ipsec_io.h> #include <vnet/ipsec/ipsec_punt.h> #include <vnet/ipsec/ipsec_tun.h> +#include <vnet/ipsec/ipsec.api_enum.h> #include <vnet/ip/ip4_input.h> -/* Statistics (not really errors) */ -#define foreach_ipsec_tun_protect_input_error \ - _(RX, "good packets received") \ - _(DISABLED, "ipsec packets received on disabled interface") \ - _(NO_TUNNEL, "no matching tunnel") \ - _(TUNNEL_MISMATCH, "SPI-tunnel mismatch") \ - _(NAT_KEEPALIVE, "NAT Keepalive") \ - _(TOO_SHORT, "Too Short") \ - _(SPI_0, "SPI 0") - -static char *ipsec_tun_protect_input_error_strings[] = { -#define _(sym,string) string, - foreach_ipsec_tun_protect_input_error -#undef _ -}; - -typedef enum -{ -#define _(sym,str) IPSEC_TUN_PROTECT_INPUT_ERROR_##sym, - foreach_ipsec_tun_protect_input_error -#undef _ - IPSEC_TUN_PROTECT_INPUT_N_ERROR, -} ipsec_tun_protect_input_error_t; +typedef vl_counter_ipsec_tun_enum_t ipsec_tun_protect_input_error_t; typedef enum ipsec_tun_next_t_ { @@ -93,14 +72,14 @@ ipsec_ip4_if_no_tunnel (vlib_node_runtime_t * node, { if (PREDICT_FALSE (0 == esp->spi)) { - b->error = node->errors[IPSEC_TUN_PROTECT_INPUT_ERROR_SPI_0]; + b->error = node->errors[IPSEC_TUN_ERROR_SPI_0]; b->punt_reason = ipsec_punt_reason[(ip4->protocol == IP_PROTOCOL_UDP ? IPSEC_PUNT_IP4_SPI_UDP_0 : IPSEC_PUNT_IP4_NO_SUCH_TUNNEL)]; } else { - b->error = node->errors[IPSEC_TUN_PROTECT_INPUT_ERROR_NO_TUNNEL]; + b->error = node->errors[IPSEC_TUN_ERROR_NO_TUNNEL]; b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP4_NO_SUCH_TUNNEL]; } return VNET_DEVICE_INPUT_NEXT_PUNT; @@ -110,7 +89,7 @@ always_inline u16 ipsec_ip6_if_no_tunnel (vlib_node_runtime_t * node, vlib_buffer_t * b, const esp_header_t * esp) { - b->error = node->errors[IPSEC_TUN_PROTECT_INPUT_ERROR_NO_TUNNEL]; + b->error = node->errors[IPSEC_TUN_ERROR_NO_TUNNEL]; b->punt_reason = ipsec_punt_reason[IPSEC_PUNT_IP6_NO_SUCH_TUNNEL]; return VNET_DEVICE_INPUT_NEXT_PUNT; @@ -206,8 +185,7 @@ ipsec_tun_protect_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node, if (clib_net_to_host_u16 (udp0->length) == 9 && esp0->spi_bytes[0] == 0xff) { - b[0]->error = - node->errors[IPSEC_TUN_PROTECT_INPUT_ERROR_NAT_KEEPALIVE]; + b[0]->error = node->errors[IPSEC_TUN_ERROR_NAT_KEEPALIVE]; next[0] = VNET_DEVICE_INPUT_NEXT_IP4_DROP; len0 = 0; @@ -230,7 +208,7 @@ ipsec_tun_protect_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node, if (len0 < sizeof (esp_header_t)) { - b[0]->error = node->errors[IPSEC_TUN_PROTECT_INPUT_ERROR_TOO_SHORT]; + b[0]->error = node->errors[IPSEC_TUN_ERROR_TOO_SHORT]; next[0] = is_ip6 ? VNET_DEVICE_INPUT_NEXT_IP6_DROP : VNET_DEVICE_INPUT_NEXT_IP4_DROP; @@ -309,7 +287,7 @@ ipsec_tun_protect_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_increment_combined_counter (drop_counter, thread_index, sw_if_index0, 1, len0); n_disabled++; - b[0]->error = node->errors[IPSEC_TUN_PROTECT_INPUT_ERROR_DISABLED]; + b[0]->error = node->errors[IPSEC_TUN_ERROR_DISABLED]; next[0] = is_ip6 ? VNET_DEVICE_INPUT_NEXT_IP6_DROP : VNET_DEVICE_INPUT_NEXT_IP4_DROP; goto trace00; @@ -377,12 +355,10 @@ ipsec_tun_protect_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node, thread_index, last_sw_if_index, n_packets, n_bytes); - vlib_node_increment_counter (vm, node->node_index, - IPSEC_TUN_PROTECT_INPUT_ERROR_RX, - from_frame->n_vectors - (n_disabled + - n_no_tunnel)); - vlib_node_increment_counter (vm, node->node_index, - IPSEC_TUN_PROTECT_INPUT_ERROR_NO_TUNNEL, + vlib_node_increment_counter (vm, node->node_index, IPSEC_TUN_ERROR_RX, + from_frame->n_vectors - + (n_disabled + n_no_tunnel)); + vlib_node_increment_counter (vm, node->node_index, IPSEC_TUN_ERROR_NO_TUNNEL, n_no_tunnel); vlib_buffer_enqueue_to_next (vm, node, from, nexts, from_frame->n_vectors); @@ -403,8 +379,8 @@ VLIB_REGISTER_NODE (ipsec4_tun_input_node) = { .vector_size = sizeof (u32), .format_trace = format_ipsec_tun_protect_input_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN (ipsec_tun_protect_input_error_strings), - .error_strings = ipsec_tun_protect_input_error_strings, + .n_errors = IPSEC_TUN_N_ERROR, + .error_counters = ipsec_tun_error_counters, .sibling_of = "device-input", }; /* *INDENT-ON* */ @@ -422,8 +398,8 @@ VLIB_REGISTER_NODE (ipsec6_tun_input_node) = { .vector_size = sizeof (u32), .format_trace = format_ipsec_tun_protect_input_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN (ipsec_tun_protect_input_error_strings), - .error_strings = ipsec_tun_protect_input_error_strings, + .n_errors = IPSEC_TUN_N_ERROR, + .error_counters = ipsec_tun_error_counters, .sibling_of = "device-input", }; /* *INDENT-ON* */ |