aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/vnet/ipsec/ah_decrypt.c46
-rw-r--r--src/vnet/ipsec/ah_encrypt.c19
-rw-r--r--src/vnet/ipsec/esp_decrypt.c57
-rw-r--r--src/vnet/ipsec/esp_encrypt.c29
4 files changed, 35 insertions, 116 deletions
diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c
index a2fc07faebf..c8c89028f9d 100644
--- a/src/vnet/ipsec/ah_decrypt.c
+++ b/src/vnet/ipsec/ah_decrypt.c
@@ -158,14 +158,8 @@ ah_decrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (rv))
{
- if (is_ip6)
- vlib_node_increment_counter (vm,
- ah6_decrypt_node.index,
- AH_DECRYPT_ERROR_REPLAY, 1);
- else
- vlib_node_increment_counter (vm,
- ah4_decrypt_node.index,
- AH_DECRYPT_ERROR_REPLAY, 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ AH_DECRYPT_ERROR_REPLAY, 1);
goto trace;
}
}
@@ -212,16 +206,9 @@ ah_decrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (memcmp (digest, sig, icv_size)))
{
- if (is_ip6)
- vlib_node_increment_counter (vm,
- ah6_decrypt_node.index,
- AH_DECRYPT_ERROR_INTEG_ERROR,
- 1);
- else
- vlib_node_increment_counter (vm,
- ah4_decrypt_node.index,
- AH_DECRYPT_ERROR_INTEG_ERROR,
- 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ AH_DECRYPT_ERROR_INTEG_ERROR,
+ 1);
goto trace;
}
@@ -248,16 +235,9 @@ ah_decrypt_inline (vlib_main_t * vm,
next0 = AH_DECRYPT_NEXT_IP6_INPUT;
else
{
- if (is_ip6)
- vlib_node_increment_counter (vm,
- ah6_decrypt_node.index,
- AH_DECRYPT_ERROR_DECRYPTION_FAILED,
- 1);
- else
- vlib_node_increment_counter (vm,
- ah4_decrypt_node.index,
- AH_DECRYPT_ERROR_DECRYPTION_FAILED,
- 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ AH_DECRYPT_ERROR_DECRYPTION_FAILED,
+ 1);
goto trace;
}
}
@@ -320,14 +300,8 @@ ah_decrypt_inline (vlib_main_t * vm,
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- if (is_ip6)
- vlib_node_increment_counter (vm, ah6_decrypt_node.index,
- AH_DECRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
- else
- vlib_node_increment_counter (vm, ah4_decrypt_node.index,
- AH_DECRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
+ vlib_node_increment_counter (vm, node->node_index, AH_DECRYPT_ERROR_RX_PKTS,
+ from_frame->n_vectors);
return from_frame->n_vectors;
}
diff --git a/src/vnet/ipsec/ah_encrypt.c b/src/vnet/ipsec/ah_encrypt.c
index 6529828f0e9..0dc1612db5e 100644
--- a/src/vnet/ipsec/ah_encrypt.c
+++ b/src/vnet/ipsec/ah_encrypt.c
@@ -127,12 +127,8 @@ ah_encrypt_inline (vlib_main_t * vm,
{
clib_warning ("sequence number counter has cycled SPI %u",
sa0->spi);
- if (is_ip6)
- vlib_node_increment_counter (vm, ah6_encrypt_node.index,
- AH_ENCRYPT_ERROR_SEQ_CYCLED, 1);
- else
- vlib_node_increment_counter (vm, ah4_encrypt_node.index,
- AH_ENCRYPT_ERROR_SEQ_CYCLED, 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ AH_ENCRYPT_ERROR_SEQ_CYCLED, 1);
//TODO need to confirm if below is needed
to_next[0] = i_bi0;
to_next += 1;
@@ -314,14 +310,9 @@ ah_encrypt_inline (vlib_main_t * vm,
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- if (is_ip6)
- vlib_node_increment_counter (vm, ah6_encrypt_node.index,
- AH_ENCRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
- else
- vlib_node_increment_counter (vm, ah4_encrypt_node.index,
- AH_ENCRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
+ vlib_node_increment_counter (vm, node->node_index,
+ AH_ENCRYPT_ERROR_RX_PKTS,
+ from_frame->n_vectors);
return from_frame->n_vectors;
}
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 8ef160a4b32..68cb825f23b 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -131,14 +131,8 @@ esp_decrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (vec_len (empty_buffers) < n_left_from))
{
- if (is_ip6)
- vlib_node_increment_counter (vm, esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_NO_BUFFER,
- n_left_from);
- else
- vlib_node_increment_counter (vm, esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_NO_BUFFER,
- n_left_from);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_NO_BUFFER, n_left_from);
goto free_buffers_and_exit;
}
@@ -190,14 +184,8 @@ esp_decrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (rv))
{
- if (is_ip6)
- vlib_node_increment_counter (vm,
- esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_REPLAY, 1);
- else
- vlib_node_increment_counter (vm,
- esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_REPLAY, 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_REPLAY, 1);
o_bi0 = i_bi0;
to_next[0] = o_bi0;
to_next += 1;
@@ -224,16 +212,9 @@ esp_decrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (memcmp (icv, sig, icv_size)))
{
- if (is_ip6)
- vlib_node_increment_counter (vm,
- esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_INTEG_ERROR,
- 1);
- else
- vlib_node_increment_counter (vm,
- esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_INTEG_ERROR,
- 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_INTEG_ERROR,
+ 1);
o_bi0 = i_bi0;
to_next[0] = o_bi0;
to_next += 1;
@@ -329,16 +310,9 @@ esp_decrypt_inline (vlib_main_t * vm,
next0 = ESP_DECRYPT_NEXT_IP6_INPUT;
else
{
- if (is_ip6)
- vlib_node_increment_counter (vm,
- esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
- 1);
- else
- vlib_node_increment_counter (vm,
- esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
- 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
+ 1);
o_b0 = 0;
goto trace;
}
@@ -410,14 +384,9 @@ esp_decrypt_inline (vlib_main_t * vm,
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- if (is_ip6)
- vlib_node_increment_counter (vm, esp6_decrypt_node.index,
- ESP_DECRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
- else
- vlib_node_increment_counter (vm, esp4_decrypt_node.index,
- ESP_DECRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_DECRYPT_ERROR_RX_PKTS,
+ from_frame->n_vectors);
free_buffers_and_exit:
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 101c5efbfc8..4f2d7707395 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -137,14 +137,8 @@ esp_encrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (vec_len (empty_buffers) < n_left_from))
{
- if (is_ip6)
- vlib_node_increment_counter (vm, esp6_encrypt_node.index,
- ESP_ENCRYPT_ERROR_NO_BUFFER,
- n_left_from);
- else
- vlib_node_increment_counter (vm, esp4_encrypt_node.index,
- ESP_ENCRYPT_ERROR_NO_BUFFER,
- n_left_from);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_ENCRYPT_ERROR_NO_BUFFER, n_left_from);
clib_warning ("not enough empty buffers. discarding frame");
goto free_buffers_and_exit;
}
@@ -189,12 +183,8 @@ esp_encrypt_inline (vlib_main_t * vm,
{
clib_warning ("sequence number counter has cycled SPI %u",
sa0->spi);
- if (is_ip6)
- vlib_node_increment_counter (vm, esp6_encrypt_node.index,
- ESP_ENCRYPT_ERROR_SEQ_CYCLED, 1);
- else
- vlib_node_increment_counter (vm, esp4_encrypt_node.index,
- ESP_ENCRYPT_ERROR_SEQ_CYCLED, 1);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_ENCRYPT_ERROR_SEQ_CYCLED, 1);
//TODO: rekey SA
o_bi0 = i_bi0;
to_next[0] = o_bi0;
@@ -428,14 +418,9 @@ esp_encrypt_inline (vlib_main_t * vm,
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- if (is_ip6)
- vlib_node_increment_counter (vm, esp6_encrypt_node.index,
- ESP_ENCRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
- else
- vlib_node_increment_counter (vm, esp4_encrypt_node.index,
- ESP_ENCRYPT_ERROR_RX_PKTS,
- from_frame->n_vectors);
+ vlib_node_increment_counter (vm, node->node_index,
+ ESP_ENCRYPT_ERROR_RX_PKTS,
+ from_frame->n_vectors);
free_buffers_and_exit:
if (recycle)