diff options
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/ip/ip4_error.h | 99 | ||||
-rw-r--r-- | src/vnet/ip/reass/ip4_full_reass.c | 32 |
2 files changed, 84 insertions, 47 deletions
diff --git a/src/vnet/ip/ip4_error.h b/src/vnet/ip/ip4_error.h index dce3dd4c1ab..187b0794bdb 100644 --- a/src/vnet/ip/ip4_error.h +++ b/src/vnet/ip/ip4_error.h @@ -40,53 +40,58 @@ #ifndef included_ip_ip4_error_h #define included_ip_ip4_error_h -#define foreach_ip4_error \ - /* Must be first. */ \ - _ (NONE, "valid ip4 packets") \ - \ - /* Errors signalled by ip4-input */ \ - _ (TOO_SHORT, "ip4 length < 20 bytes") \ - _ (BAD_LENGTH, "ip4 length > l2 length") \ - _ (BAD_CHECKSUM, "bad ip4 checksum") \ - _ (VERSION, "ip4 version != 4") \ - _ (OPTIONS, "ip4 options present") \ - _ (FRAGMENT_OFFSET_ONE, "ip4 fragment offset == 1") \ - _ (TIME_EXPIRED, "ip4 ttl <= 1") \ - \ - /* Errors signalled by ip4-rewrite. */ \ - _ (MTU_EXCEEDED, "ip4 MTU exceeded and DF set") \ - _ (DST_LOOKUP_MISS, "ip4 destination lookup miss") \ - _ (SRC_LOOKUP_MISS, "ip4 source lookup miss") \ - _ (DROP, "ip4 drop") \ - _ (PUNT, "ip4 punt") \ - _ (SAME_INTERFACE, "ip4 egress interface same as ingress") \ - \ - /* Errors signalled by ip4-local. */ \ - _ (UNKNOWN_PROTOCOL, "unknown ip protocol") \ - _ (TCP_CHECKSUM, "bad tcp checksum") \ - _ (UDP_CHECKSUM, "bad udp checksum") \ - _ (UDP_LENGTH, "inconsistent udp/ip lengths") \ - \ - /* Spoofed packets in ip4-rewrite-local */ \ - _ (SPOOFED_LOCAL_PACKETS, "ip4 spoofed local-address packet drops") \ - \ - /* Errors signalled by ip4-inacl */ \ - _ (INACL_TABLE_MISS, "input ACL table-miss drops") \ - _ (INACL_SESSION_DENY, "input ACL session deny drops") \ - /* Errors singalled by ip4-outacl */ \ - _ (OUTACL_TABLE_MISS, "output ACL table-miss drops") \ - _ (OUTACL_SESSION_DENY, "output ACL session deny drops") \ - \ - /* Errors from mfib-forward */ \ - _ (RPF_FAILURE, "Multicast RPF check failed") \ - \ - /* Errors signalled by ip4-reassembly */ \ - _ (REASS_DUPLICATE_FRAGMENT, "duplicate/overlapping fragments") \ - _ (REASS_LIMIT_REACHED, "drops due to concurrent reassemblies limit") \ - _ (REASS_FRAGMENT_CHAIN_TOO_LONG, "fragment chain too long (drop)") \ - _ (REASS_NO_BUF, "out of buffers (drop)") \ - _ (REASS_MALFORMED_PACKET, "malformed packets") \ - _ (REASS_INTERNAL_ERROR, "drops due to internal reassembly error") \ +#define foreach_ip4_error \ + /* Must be first. */ \ + _ (NONE, "valid ip4 packets") \ + \ + /* Errors signalled by ip4-input */ \ + _ (TOO_SHORT, "ip4 length < 20 bytes") \ + _ (BAD_LENGTH, "ip4 length > l2 length") \ + _ (BAD_CHECKSUM, "bad ip4 checksum") \ + _ (VERSION, "ip4 version != 4") \ + _ (OPTIONS, "ip4 options present") \ + _ (FRAGMENT_OFFSET_ONE, "ip4 fragment offset == 1") \ + _ (TIME_EXPIRED, "ip4 ttl <= 1") \ + \ + /* Errors signalled by ip4-rewrite. */ \ + _ (MTU_EXCEEDED, "ip4 MTU exceeded and DF set") \ + _ (DST_LOOKUP_MISS, "ip4 destination lookup miss") \ + _ (SRC_LOOKUP_MISS, "ip4 source lookup miss") \ + _ (DROP, "ip4 drop") \ + _ (PUNT, "ip4 punt") \ + _ (SAME_INTERFACE, "ip4 egress interface same as ingress") \ + \ + /* Errors signalled by ip4-local. */ \ + _ (UNKNOWN_PROTOCOL, "unknown ip protocol") \ + _ (TCP_CHECKSUM, "bad tcp checksum") \ + _ (UDP_CHECKSUM, "bad udp checksum") \ + _ (UDP_LENGTH, "inconsistent udp/ip lengths") \ + \ + /* Spoofed packets in ip4-rewrite-local */ \ + _ (SPOOFED_LOCAL_PACKETS, "ip4 spoofed local-address packet drops") \ + \ + /* Errors signalled by ip4-inacl */ \ + _ (INACL_TABLE_MISS, "input ACL table-miss drops") \ + _ (INACL_SESSION_DENY, "input ACL session deny drops") \ + /* Errors singalled by ip4-outacl */ \ + _ (OUTACL_TABLE_MISS, "output ACL table-miss drops") \ + _ (OUTACL_SESSION_DENY, "output ACL session deny drops") \ + \ + /* Errors from mfib-forward */ \ + _ (RPF_FAILURE, "Multicast RPF check failed") \ + \ + /* Errors signalled by ip4-reassembly */ \ + _ (REASS_DUPLICATE_FRAGMENT, "duplicate/overlapping fragments") \ + _ (REASS_LIMIT_REACHED, "drops due to concurrent reassemblies limit") \ + _ (REASS_FRAGMENT_CHAIN_TOO_LONG, "fragment chain too long (drop)") \ + _ (REASS_NO_BUF, "out of buffers (drop)") \ + _ (REASS_MALFORMED_PACKET, "malformed packets") \ + _ (REASS_INTERNAL_ERROR, "drops due to internal reassembly error") \ + _ (REASS_TIMEOUT, "fragments dropped due to reassembly timeout") \ + _ (REASS_TO_CUSTOM_APP, "send to custom drop app") \ + _ (REASS_SUCCESS, "successful reassemblies") \ + _ (REASS_FRAGMENTS_REASSEMBLED, "fragments reassembled") \ + _ (REASS_FRAGMENTS_RCVD, "fragments received") \ _ (REASS_UNSUPP_IP_PROT, "unsupported ip protocol") typedef enum diff --git a/src/vnet/ip/reass/ip4_full_reass.c b/src/vnet/ip/reass/ip4_full_reass.c index 2493fae434a..b5ea0276c88 100644 --- a/src/vnet/ip/reass/ip4_full_reass.c +++ b/src/vnet/ip/reass/ip4_full_reass.c @@ -453,6 +453,11 @@ ip4_full_reass_drop_all (vlib_main_t *vm, vlib_node_runtime_t *node, next_index = reass->error_next_index; u32 bi = ~0; + /* record number of packets sent to custom app */ + vlib_node_increment_counter (vm, node->node_index, + IP4_ERROR_REASS_TO_CUSTOM_APP, + vec_len (to_free)); + while (vec_len (to_free) > 0) { vlib_get_next_frame (vm, node, next_index, *to_next, @@ -579,6 +584,8 @@ again: if (now > reass->last_heard + rm->timeout) { + vlib_node_increment_counter (vm, node->node_index, + IP4_ERROR_REASS_TIMEOUT, 1); ip4_full_reass_drop_all (vm, node, reass, n_left_to_next, to_next); ip4_full_reass_free (rm, rt, reass); reass = NULL; @@ -825,6 +832,15 @@ ip4_full_reass_finalize (vlib_main_t * vm, vlib_node_runtime_t * node, } vnet_buffer (first_b)->ip.reass.estimated_mtu = reass->min_fragment_length; + /* Keep track of number of successfully reassembled packets and number of + * fragments reassembled */ + vlib_node_increment_counter (vm, node->node_index, IP4_ERROR_REASS_SUCCESS, + 1); + + vlib_node_increment_counter (vm, node->node_index, + IP4_ERROR_REASS_FRAGMENTS_REASSEMBLED, + reass->fragments_n); + *error0 = IP4_ERROR_NONE; ip4_full_reass_free (rm, rt, reass); reass = NULL; @@ -1214,6 +1230,10 @@ ip4_full_reass_inline (vlib_main_t *vm, vlib_node_runtime_t *node, clib_net_to_host_u16 (ip0->length) - ip4_header_bytes (ip0); const u32 fragment_last = fragment_first + fragment_length - 1; + /* Keep track of received fragments */ + vlib_node_increment_counter (vm, node->node_index, + IP4_ERROR_REASS_FRAGMENTS_RCVD, 1); + if (fragment_first > fragment_last || fragment_first + fragment_length > UINT16_MAX - 20 || (fragment_length < 8 && // 8 is minimum frag length per RFC 791 @@ -1335,6 +1355,14 @@ ip4_full_reass_inline (vlib_main_t *vm, vlib_node_runtime_t *node, vnet_feature_next (&next0, b0); } + /* Increment the counter to-custom-app also as this fragment is + * also going to application */ + if (CUSTOM == type) + { + vlib_node_increment_counter ( + vm, node->node_index, IP4_ERROR_REASS_TO_CUSTOM_APP, 1); + } + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, n_left_to_next, bi0, next0); @@ -1680,6 +1708,10 @@ ip4_full_reass_walk_expired (vlib_main_t *vm, vlib_node_runtime_t *node, } } + if (vec_len (pool_indexes_to_free)) + vlib_node_increment_counter (vm, node->node_index, + IP4_ERROR_REASS_TIMEOUT, + vec_len (pool_indexes_to_free)); int *i; vec_foreach (i, pool_indexes_to_free) { |