aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/gbp/gbp_policy_dpo.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/gbp/gbp_policy_dpo.c')
-rw-r--r--src/plugins/gbp/gbp_policy_dpo.c70
1 files changed, 64 insertions, 6 deletions
diff --git a/src/plugins/gbp/gbp_policy_dpo.c b/src/plugins/gbp/gbp_policy_dpo.c
index c3a51a46236..a6194df6836 100644
--- a/src/plugins/gbp/gbp_policy_dpo.c
+++ b/src/plugins/gbp/gbp_policy_dpo.c
@@ -217,12 +217,26 @@ gbp_policy_dpo_module_init (vlib_main_t * vm)
VLIB_INIT_FUNCTION (gbp_policy_dpo_module_init);
#endif /* CLIB_MARCH_VARIANT */
+typedef enum
+{
+#define _(sym,str) GBP_POLICY_DPO_ERROR_##sym,
+ foreach_gbp_policy_error
+#undef _
+ GBP_POLICY_N_ERROR,
+} gbp_policy_dpo_error_t;
+
+static char *gbp_policy_dpo_error_strings[] = {
+#define _(sym,string) string,
+ foreach_gbp_policy_error
+#undef _
+};
+
typedef struct gbp_policy_dpo_trace_t_
{
u32 sclass;
u32 dclass;
u32 acl_index;
- u32 a_bit;
+ u32 flags;
u32 action;
} gbp_policy_dpo_trace_t;
@@ -255,11 +269,14 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
vlib_frame_t * from_frame, u8 is_ip6)
{
gbp_main_t *gm = &gbp_main;
- u32 n_left_from, next_index, *from, *to_next;
+ u32 n_left_from, next_index, *from, *to_next, thread_index;
+ u32 n_allow_intra, n_allow_a_bit;
gbp_rule_t *gu;
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
+ n_allow_intra = n_allow_a_bit = 0;
+ thread_index = vm->thread_index;
next_index = node->cached_next_index;
@@ -307,6 +324,7 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
{
next0 = gpd0->gpd_dpo.dpoi_next_node;
key0.as_u32 = ~0;
+ n_allow_a_bit++;
goto trace;
}
@@ -322,6 +340,7 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
*/
next0 = gpd0->gpd_dpo.dpoi_next_node;
vnet_buffer2 (b0)->gbp.flags |= VXLAN_GBP_GPFLAGS_A;
+ n_allow_intra++;
action0 = 0;
}
else
@@ -365,13 +384,35 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
next0 = gpd0->gpd_dpo.dpoi_next_node;
break;
case GBP_RULE_DENY:
- next0 = 0;
+ next0 = GBP_POLICY_DROP;
break;
case GBP_RULE_REDIRECT:
next0 = gbp_rule_l3_redirect (gu, b0, is_ip6);
break;
}
}
+ if (next0 == GBP_POLICY_DROP)
+ {
+ vlib_increment_combined_counter
+ (&gbp_contract_drop_counters,
+ thread_index,
+ gci0, 1, vlib_buffer_length_in_chain (vm, b0));
+ b0->error =
+ node->errors[GBP_POLICY_DPO_ERROR_DROP_CONTRACT];
+ }
+ else
+ {
+ vlib_increment_combined_counter
+ (&gbp_contract_permit_counters,
+ thread_index,
+ gci0, 1, vlib_buffer_length_in_chain (vm, b0));
+ }
+
+ }
+ else
+ {
+ b0->error =
+ node->errors[GBP_POLICY_DPO_ERROR_DROP_NO_CONTRACT];
}
}
}
@@ -392,7 +433,7 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
tr->sclass = key0.gck_src;
tr->dclass = key0.gck_dst;
tr->acl_index = (gc0 ? gc0->gc_acl_index : ~0);
- tr->a_bit = vnet_buffer2 (b0)->gbp.flags & VXLAN_GBP_GPFLAGS_A;
+ tr->flags = vnet_buffer2 (b0)->gbp.flags;
tr->action = action0;
}
@@ -401,6 +442,14 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
+
+ vlib_node_increment_counter (vm, node->node_index,
+ GBP_POLICY_DPO_ERROR_ALLOW_INTRA,
+ n_allow_intra);
+ vlib_node_increment_counter (vm, node->node_index,
+ GBP_POLICY_DPO_ERROR_ALLOW_A_BIT,
+ n_allow_a_bit);
+
return from_frame->n_vectors;
}
@@ -411,8 +460,9 @@ format_gbp_policy_dpo_trace (u8 * s, va_list * args)
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
gbp_policy_dpo_trace_t *t = va_arg (*args, gbp_policy_dpo_trace_t *);
- s = format (s, " sclass:%d dclass:%d acl-index:%d a-bit:%d action:%d",
- t->sclass, t->dclass, t->acl_index, t->a_bit, t->action);
+ s = format (s, " sclass:%d dclass:%d acl-index:%d flags:%U action:%d",
+ t->sclass, t->dclass, t->acl_index,
+ format_vxlan_gbp_header_gpflags, t->flags, t->action);
return s;
}
@@ -436,6 +486,10 @@ VLIB_REGISTER_NODE (ip4_gbp_policy_dpo_node) = {
.name = "ip4-gbp-policy-dpo",
.vector_size = sizeof (u32),
.format_trace = format_gbp_policy_dpo_trace,
+
+ .n_errors = ARRAY_LEN(gbp_policy_dpo_error_strings),
+ .error_strings = gbp_policy_dpo_error_strings,
+
.n_next_nodes = GBP_POLICY_N_NEXT,
.next_nodes =
{
@@ -446,6 +500,10 @@ VLIB_REGISTER_NODE (ip6_gbp_policy_dpo_node) = {
.name = "ip6-gbp-policy-dpo",
.vector_size = sizeof (u32),
.format_trace = format_gbp_policy_dpo_trace,
+
+ .n_errors = ARRAY_LEN(gbp_policy_dpo_error_strings),
+ .error_strings = gbp_policy_dpo_error_strings,
+
.n_next_nodes = GBP_POLICY_N_NEXT,
.next_nodes =
{