diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/nat/in2out.c | 138 | ||||
-rw-r--r-- | src/plugins/nat/in2out_ed.c | 92 | ||||
-rw-r--r-- | src/plugins/nat/nat.c | 67 | ||||
-rw-r--r-- | src/plugins/nat/nat.h | 75 | ||||
-rw-r--r-- | src/plugins/nat/nat44_hairpinning.c | 78 | ||||
-rw-r--r-- | src/plugins/nat/nat64.c | 20 | ||||
-rw-r--r-- | src/plugins/nat/nat64.h | 16 | ||||
-rw-r--r-- | src/plugins/nat/nat64_in2out.c | 57 | ||||
-rw-r--r-- | src/plugins/nat/nat64_out2in.c | 51 | ||||
-rw-r--r-- | src/plugins/nat/nat66/nat66.c | 14 | ||||
-rw-r--r-- | src/plugins/nat/nat66/nat66.h | 3 | ||||
-rw-r--r-- | src/plugins/nat/nat66/nat66_in2out.c | 11 | ||||
-rw-r--r-- | src/plugins/nat/nat66/nat66_out2in.c | 11 | ||||
-rw-r--r-- | src/plugins/nat/out2in.c | 92 | ||||
-rw-r--r-- | src/plugins/nat/out2in_ed.c | 89 | ||||
-rw-r--r-- | src/plugins/nat/test/test_nat.py | 278 |
16 files changed, 585 insertions, 507 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c index 9f5b7cc5709..fe81b022899 100644 --- a/src/plugins/nat/in2out.c +++ b/src/plugins/nat/in2out.c @@ -82,18 +82,11 @@ format_snat_in2out_fast_trace (u8 * s, va_list * args) #define foreach_snat_in2out_error \ _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \ -_(IN2OUT_PACKETS, "good in2out packets processed") \ _(OUT_OF_PORTS, "out of ports") \ _(BAD_OUTSIDE_FIB, "outside VRF ID not found") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ _(NO_TRANSLATION, "no translation") \ _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ -_(DROP_FRAGMENT, "drop fragment") \ -_(TCP_PACKETS, "TCP packets") \ -_(UDP_PACKETS, "UDP packets") \ -_(ICMP_PACKETS, "ICMP packets") \ -_(OTHER_PACKETS, "other protocol packets") \ -_(FRAGMENTS, "fragments") \ _(CANNOT_CREATE_USER, "cannot create NAT user") typedef enum @@ -875,16 +868,9 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, int is_output_feature) { u32 n_left_from, *from; - u32 pkts_processed = 0; snat_main_t *sm = &snat_main; f64 now = vlib_time_now (vm); - u32 stats_node_index; u32 thread_index = vm->thread_index; - u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = - 0, fragments = 0; - - stats_node_index = is_slow_path ? sm->in2out_slowpath_node_index : - sm->in2out_node_index; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -970,7 +956,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, b0->error = node->errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL]; } - other_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out. + other : &sm->counters.fastpath. + in2out.other, thread_index, + sw_if_index0, 1); goto trace00; } @@ -979,7 +969,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, next0 = icmp_in2out_slow_path (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); - icmp_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out. + icmp : &sm->counters.fastpath. + in2out.icmp, thread_index, + sw_if_index0, 1); goto trace00; } } @@ -1090,7 +1084,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } - tcp_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out.tcp : &sm-> + counters.fastpath.in2out.tcp, + thread_index, sw_if_index0, 1); } else { @@ -1111,7 +1108,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, udp0->checksum = ip_csum_fold (sum0); } } - udp_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out.udp : &sm-> + counters.fastpath.in2out.udp, + thread_index, sw_if_index0, 1); } /* Accounting */ @@ -1135,7 +1135,14 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, s0 - sm->per_thread_data[thread_index].sessions; } - pkts_processed += next0 == SNAT_IN2OUT_NEXT_LOOKUP; + if (next0 == SNAT_IN2OUT_NEXT_DROP) + { + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out. + drops : &sm->counters.fastpath. + in2out.drops, thread_index, + sw_if_index0, 1); + } if (is_output_feature) iph_offset1 = vnet_buffer (b1)->ip.reass.save_rewrite_length; @@ -1174,7 +1181,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, b1->error = node->errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL]; } - other_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out. + other : &sm->counters.fastpath. + in2out.other, thread_index, + sw_if_index1, 1); goto trace01; } @@ -1183,7 +1194,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, next1 = icmp_in2out_slow_path (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, next1, now, thread_index, &s1); - icmp_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out. + icmp : &sm->counters.fastpath. + in2out.icmp, thread_index, + sw_if_index1, 1); goto trace01; } } @@ -1293,7 +1308,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, mss_clamping (sm->mss_clamping, tcp1, &sum1); tcp1->checksum = ip_csum_fold (sum1); } - tcp_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out.tcp : &sm-> + counters.fastpath.in2out.tcp, + thread_index, sw_if_index1, 1); } else { @@ -1314,7 +1332,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, udp1->checksum = ip_csum_fold (sum1); } } - udp_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out.udp : &sm-> + counters.fastpath.in2out.udp, + thread_index, sw_if_index1, 1); } /* Accounting */ @@ -1337,7 +1358,14 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, s1 - sm->per_thread_data[thread_index].sessions; } - pkts_processed += next1 == SNAT_IN2OUT_NEXT_LOOKUP; + if (next1 == SNAT_IN2OUT_NEXT_DROP) + { + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out. + drops : &sm->counters.fastpath. + in2out.drops, thread_index, + sw_if_index1, 1); + } n_left_from -= 2; next[0] = next0; @@ -1404,7 +1432,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, b0->error = node->errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL]; } - other_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out. + other : &sm->counters.fastpath. + in2out.other, thread_index, + sw_if_index0, 1); goto trace0; } @@ -1413,7 +1445,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, next0 = icmp_in2out_slow_path (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); - icmp_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out. + icmp : &sm->counters.fastpath. + in2out.icmp, thread_index, + sw_if_index0, 1); goto trace0; } } @@ -1525,7 +1561,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } - tcp_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out.tcp : &sm-> + counters.fastpath.in2out.tcp, + thread_index, sw_if_index0, 1); } else { @@ -1547,7 +1586,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, udp0->checksum = ip_csum_fold (sum0); } } - udp_packets++; + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out.udp : &sm-> + counters.fastpath.in2out.udp, + thread_index, sw_if_index0, 1); } /* Accounting */ @@ -1571,7 +1613,14 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, s0 - sm->per_thread_data[thread_index].sessions; } - pkts_processed += next0 == SNAT_IN2OUT_NEXT_LOOKUP; + if (next0 == SNAT_IN2OUT_NEXT_DROP) + { + vlib_increment_simple_counter (is_slow_path ? &sm-> + counters.slowpath.in2out. + drops : &sm->counters.fastpath. + in2out.drops, thread_index, + sw_if_index0, 1); + } n_left_from--; next[0] = next0; @@ -1580,22 +1629,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts, frame->n_vectors); - - vlib_node_increment_counter (vm, stats_node_index, - SNAT_IN2OUT_ERROR_IN2OUT_PACKETS, - pkts_processed); - vlib_node_increment_counter (vm, stats_node_index, - SNAT_IN2OUT_ERROR_TCP_PACKETS, tcp_packets); - vlib_node_increment_counter (vm, stats_node_index, - SNAT_IN2OUT_ERROR_UDP_PACKETS, udp_packets); - vlib_node_increment_counter (vm, stats_node_index, - SNAT_IN2OUT_ERROR_ICMP_PACKETS, icmp_packets); - vlib_node_increment_counter (vm, stats_node_index, - SNAT_IN2OUT_ERROR_OTHER_PACKETS, - other_packets); - vlib_node_increment_counter (vm, stats_node_index, - SNAT_IN2OUT_ERROR_FRAGMENTS, fragments); - return frame->n_vectors; } @@ -1733,13 +1766,9 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, { u32 n_left_from, *from, *to_next; snat_in2out_next_t next_index; - u32 pkts_processed = 0; snat_main_t *sm = &snat_main; - u32 stats_node_index; int is_hairpinning = 0; - stats_node_index = sm->in2out_fast_node_index; - from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; next_index = node->cached_next_index; @@ -1899,7 +1928,13 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, t->is_hairpinning = is_hairpinning; } - pkts_processed += next0 != SNAT_IN2OUT_NEXT_DROP; + if (next0 != SNAT_IN2OUT_NEXT_DROP) + { + + vlib_increment_simple_counter (&sm->counters.fastpath. + in2out.other, sw_if_index0, + vm->thread_index, 1); + } /* verify speculative enqueue, maybe switch current next frame */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, @@ -1910,9 +1945,6 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, stats_node_index, - SNAT_IN2OUT_ERROR_IN2OUT_PACKETS, - pkts_processed); return frame->n_vectors; } diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c index 7153a60353a..0c65a504e86 100644 --- a/src/plugins/nat/in2out_ed.c +++ b/src/plugins/nat/in2out_ed.c @@ -915,18 +915,13 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, vlib_frame_t * frame, int is_output_feature) { - u32 n_left_from, *from, pkts_processed = 0, stats_node_index; + u32 n_left_from, *from; snat_main_t *sm = &snat_main; f64 now = vlib_time_now (vm); u32 thread_index = vm->thread_index; snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; - u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = - 0, def_slow; - - def_slow = is_output_feature ? NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH : - NAT_NEXT_IN2OUT_ED_SLOW_PATH; - - stats_node_index = sm->ed_in2out_node_index; + u32 def_slow = is_output_feature ? NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH + : NAT_NEXT_IN2OUT_ED_SLOW_PATH; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -1106,7 +1101,8 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } - tcp_packets++; + vlib_increment_simple_counter (&sm->counters.fastpath.in2out_ed.tcp, + thread_index, sw_if_index0, 1); if (nat44_set_tcp_session_state_i2o (sm, now, s0, b0, thread_index)) goto trace0; } @@ -1133,7 +1129,8 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32; } udp0->checksum = ip_csum_fold (sum0); - udp_packets++; + vlib_increment_simple_counter (&sm->counters.fastpath.in2out_ed.udp, + thread_index, sw_if_index0, 1); } else { @@ -1145,7 +1142,9 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, udp0->dst_port = s0->ext_host_port; ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32; } - udp_packets++; + vlib_increment_simple_counter (&sm->counters.fastpath. + in2out_ed.udp, thread_index, + sw_if_index0, 1); } } @@ -1173,7 +1172,12 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, t->session_index = ~0; } - pkts_processed += next[0] == vnet_buffer2 (b0)->nat.arc_next; + if (next[0] == NAT_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.fastpath. + in2out_ed.drops, thread_index, + sw_if_index0, 1); + } n_left_from--; next++; @@ -1181,20 +1185,6 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts, frame->n_vectors); - - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_IN2OUT_PACKETS, - pkts_processed); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_TCP_PACKETS, tcp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_UDP_PACKETS, udp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_ICMP_PACKETS, - icmp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_OTHER_PACKETS, - other_packets); return frame->n_vectors; } @@ -1204,14 +1194,11 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, vlib_frame_t * frame, int is_output_feature) { - u32 n_left_from, *from, pkts_processed = 0, stats_node_index; + u32 n_left_from, *from; snat_main_t *sm = &snat_main; f64 now = vlib_time_now (vm); u32 thread_index = vm->thread_index; snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; - u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = 0; - - stats_node_index = sm->ed_in2out_slowpath_node_index; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -1271,16 +1258,21 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, if (!s0) next[0] = NAT_NEXT_DROP; - other_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath. + in2out_ed.other, thread_index, + sw_if_index0, 1); goto trace0; } if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP)) { - next[0] = icmp_in2out_ed_slow_path - (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, - node, next[0], now, thread_index, &s0); - icmp_packets++; + next[0] = + icmp_in2out_ed_slow_path (sm, b0, ip0, icmp0, sw_if_index0, + rx_fib_index0, node, next[0], now, + thread_index, &s0); + vlib_increment_simple_counter (&sm->counters.slowpath. + in2out_ed.icmp, thread_index, + sw_if_index0, 1); goto trace0; } @@ -1395,7 +1387,8 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } - tcp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.in2out_ed.tcp, + thread_index, sw_if_index0, 1); if (nat44_set_tcp_session_state_i2o (sm, now, s0, b0, thread_index)) goto trace0; } @@ -1422,7 +1415,8 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32; } udp0->checksum = ip_csum_fold (sum0); - udp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.in2out_ed.udp, + thread_index, sw_if_index0, 1); } else { @@ -1434,7 +1428,9 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, udp0->dst_port = s0->ext_host_port; ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32; } - udp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath. + in2out_ed.udp, thread_index, + sw_if_index0, 1); } } @@ -1461,7 +1457,12 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, t->session_index = ~0; } - pkts_processed += next[0] == vnet_buffer2 (b0)->nat.arc_next; + if (next[0] == NAT_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.slowpath. + in2out_ed.drops, thread_index, + sw_if_index0, 1); + } n_left_from--; next++; @@ -1471,19 +1472,6 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts, frame->n_vectors); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_IN2OUT_PACKETS, - pkts_processed); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_TCP_PACKETS, tcp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_UDP_PACKETS, udp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_ICMP_PACKETS, - icmp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_OTHER_PACKETS, - other_packets); return frame->n_vectors; } diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index fa62250cb1c..a0c1de25b6e 100644 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -1797,6 +1797,40 @@ snat_del_address (snat_main_t * sm, ip4_address_t addr, u8 delete_sm, return 0; } +static void +nat_validate_counters (snat_main_t * sm, u32 sw_if_index) +{ +#define _(x) \ + vlib_validate_simple_counter (&sm->counters.fastpath.in2out.x, \ + sw_if_index); \ + vlib_zero_simple_counter (&sm->counters.fastpath.in2out.x, sw_if_index); \ + vlib_validate_simple_counter (&sm->counters.fastpath.out2in.x, \ + sw_if_index); \ + vlib_zero_simple_counter (&sm->counters.fastpath.out2in.x, sw_if_index); \ + vlib_validate_simple_counter (&sm->counters.slowpath.in2out.x, \ + sw_if_index); \ + vlib_zero_simple_counter (&sm->counters.slowpath.in2out.x, sw_if_index); \ + vlib_validate_simple_counter (&sm->counters.slowpath.out2in.x, \ + sw_if_index); \ + vlib_zero_simple_counter (&sm->counters.slowpath.out2in.x, sw_if_index); \ + vlib_validate_simple_counter (&sm->counters.fastpath.in2out_ed.x, \ + sw_if_index); \ + vlib_zero_simple_counter (&sm->counters.fastpath.in2out_ed.x, sw_if_index); \ + vlib_validate_simple_counter (&sm->counters.fastpath.out2in_ed.x, \ + sw_if_index); \ + vlib_zero_simple_counter (&sm->counters.fastpath.out2in_ed.x, sw_if_index); \ + vlib_validate_simple_counter (&sm->counters.slowpath.in2out_ed.x, \ + sw_if_index); \ + vlib_zero_simple_counter (&sm->counters.slowpath.in2out_ed.x, sw_if_index); \ + vlib_validate_simple_counter (&sm->counters.slowpath.out2in_ed.x, \ + sw_if_index); \ + vlib_zero_simple_counter (&sm->counters.slowpath.out2in_ed.x, sw_if_index); + foreach_nat_counter; +#undef _ + vlib_validate_simple_counter (&sm->counters.hairpinning, sw_if_index); + vlib_zero_simple_counter (&sm->counters.hairpinning, sw_if_index); +} + int snat_interface_add_del (u32 sw_if_index, u8 is_inside, int is_del) { @@ -2013,6 +2047,8 @@ feature_set: pool_get (sm->interfaces, i); i->sw_if_index = sw_if_index; i->flags = 0; + nat_validate_counters (sm, sw_if_index); + vnet_feature_enable_disable ("ip4-unicast", feature_name, sw_if_index, 1, 0, 0); @@ -2234,6 +2270,7 @@ fq: pool_get (sm->output_feature_interfaces, i); i->sw_if_index = sw_if_index; i->flags = 0; + nat_validate_counters (sm, sw_if_index); if (is_inside) i->flags |= NAT_INTERFACE_FLAG_IS_INSIDE; else @@ -2589,6 +2626,36 @@ snat_init (vlib_main_t * vm) vlib_validate_simple_counter (&sm->user_limit_reached, 0); vlib_zero_simple_counter (&sm->user_limit_reached, 0); +#define _(x) \ + sm->counters.fastpath.in2out.x.name = #x; \ + sm->counters.fastpath.in2out.x.stat_segment_name = \ + "/nat44/in2out/fastpath/" #x; \ + sm->counters.slowpath.in2out.x.name = #x; \ + sm->counters.slowpath.in2out.x.stat_segment_name = \ + "/nat44/in2out/slowpath/" #x; \ + sm->counters.fastpath.out2in.x.name = #x; \ + sm->counters.fastpath.out2in.x.stat_segment_name = \ + "/nat44/out2in/fastpath/" #x; \ + sm->counters.slowpath.out2in.x.name = #x; \ + sm->counters.slowpath.out2in.x.stat_segment_name = \ + "/nat44/out2in/slowpath/" #x; \ + sm->counters.fastpath.in2out_ed.x.name = #x; \ + sm->counters.fastpath.in2out_ed.x.stat_segment_name = \ + "/nat44/ed/in2out/fastpath/" #x; \ + sm->counters.slowpath.in2out_ed.x.name = #x; \ + sm->counters.slowpath.in2out_ed.x.stat_segment_name = \ + "/nat44/ed/in2out/slowpath/" #x; \ + sm->counters.fastpath.out2in_ed.x.name = #x; \ + sm->counters.fastpath.out2in_ed.x.stat_segment_name = \ + "/nat44/ed/out2in/fastpath/" #x; \ + sm->counters.slowpath.out2in_ed.x.name = #x; \ + sm->counters.slowpath.out2in_ed.x.stat_segment_name = \ + "/nat44/ed/out2in/slowpath/" #x; + foreach_nat_counter; +#undef _ + sm->counters.hairpinning.name = "hairpinning"; + sm->counters.hairpinning.stat_segment_name = "/nat44/hairpinning"; + /* Init IPFIX logging */ snat_ipfix_logging_init (vm); diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index 1885ab57df7..324dc2608c0 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -150,18 +150,11 @@ typedef enum #define foreach_nat_in2out_ed_error \ _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \ -_(IN2OUT_PACKETS, "good in2out packets processed") \ _(OUT_OF_PORTS, "out of ports") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ -_(DROP_FRAGMENT, "drop fragment") \ _(NON_SYN, "non-SYN packet try to create session") \ -_(TCP_PACKETS, "TCP packets") \ -_(TCP_CLOSED, "drops due to TCP in transitory timeout") \ -_(UDP_PACKETS, "UDP packets") \ -_(ICMP_PACKETS, "ICMP packets") \ -_(OTHER_PACKETS, "other protocol packets") \ -_(FRAGMENTS, "fragments") +_(TCP_CLOSED, "drops due to TCP in transitory timeout") typedef enum { @@ -173,21 +166,14 @@ typedef enum #define foreach_nat_out2in_ed_error \ _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \ -_(OUT2IN_PACKETS, "good out2in packets processed") \ _(OUT_OF_PORTS, "out of ports") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ _(NO_TRANSLATION, "no translation") \ _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ _(MAX_USER_SESS_EXCEEDED, "max user sessions exceeded") \ -_(DROP_FRAGMENT, "drop fragment") \ _(CANNOT_CREATE_USER, "cannot create NAT user") \ _(NON_SYN, "non-SYN packet try to create session") \ -_(TCP_PACKETS, "TCP packets") \ -_(TCP_CLOSED, "drops due to TCP in transitory timeout") \ -_(UDP_PACKETS, "UDP packets") \ -_(ICMP_PACKETS, "ICMP packets") \ -_(OTHER_PACKETS, "other protocol packets") \ -_(FRAGMENTS, "fragments") +_(TCP_CLOSED, "drops due to TCP in transitory timeout") typedef enum { @@ -511,6 +497,7 @@ typedef int (nat_alloc_out_addr_and_port_function_t) (snat_address_t * u16 port_per_thread, u32 snat_thread_index); +#define foreach_nat_counter _ (tcp) _ (udp) _ (icmp) _ (other) _ (drops) typedef struct snat_main_s { @@ -654,7 +641,60 @@ typedef struct snat_main_s /* counters/gauges */ vlib_simple_counter_main_t total_users; vlib_simple_counter_main_t total_sessions; - vlib_simple_counter_main_t user_limit_reached;; + vlib_simple_counter_main_t user_limit_reached; + +#define _(x) vlib_simple_counter_main_t x; + struct + { + struct + { + struct + { + foreach_nat_counter; + } in2out; + + struct + { + foreach_nat_counter; + } out2in; + + struct + { + foreach_nat_counter; + } in2out_ed; + + struct + { + foreach_nat_counter; + } out2in_ed; + } fastpath; + + struct + { + struct + { + foreach_nat_counter; + } in2out; + + struct + { + foreach_nat_counter; + } out2in; + + struct + { + foreach_nat_counter; + } in2out_ed; + + struct + { + foreach_nat_counter; + } out2in_ed; + } slowpath; + + vlib_simple_counter_main_t hairpinning; + } counters; +#undef _ /* API message ID base */ u16 msg_id_base; @@ -1443,6 +1483,7 @@ typedef struct } tcp_udp_header_t; u8 *format_user_kvp (u8 * s, va_list * args); + #endif /* __included_nat_h__ */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/nat/nat44_hairpinning.c b/src/plugins/nat/nat44_hairpinning.c index f15de9530da..45444c58a73 100644 --- a/src/plugins/nat/nat44_hairpinning.c +++ b/src/plugins/nat/nat44_hairpinning.c @@ -39,23 +39,6 @@ typedef enum NAT_HAIRPIN_N_NEXT, } nat_hairpin_next_t; -#define foreach_nat44_hairpin_error \ -_(PROCESSED, "NAT44 hairpinning packets processed") - -typedef enum -{ -#define _(sym,str) NAT44_HAIRPIN_ERROR_##sym, - foreach_nat44_hairpin_error -#undef _ - NAT44_HAIRPIN_N_ERROR, -} nat44_hairpin_error_t; - -static char *nat44_hairpin_error_strings[] = { -#define _(sym,string) string, - foreach_nat44_hairpin_error -#undef _ -}; - typedef struct { ip4_address_t addr; @@ -465,16 +448,13 @@ nat44_hairpinning_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame, int is_ed) { - u32 n_left_from, *from, *to_next, stats_node_index; + u32 n_left_from, *from, *to_next; nat_hairpin_next_t next_index; - u32 pkts_processed = 0; snat_main_t *sm = &snat_main; vnet_feature_main_t *fm = &feature_main; u8 arc_index = vnet_feat_arc_ip4_local.feature_arc_index; vnet_feature_config_main_t *cm = &fm->feature_config_mains[arc_index]; - stats_node_index = is_ed ? sm->ed_hairpinning_node_index : - sm->hairpinning_node_index; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; next_index = node->cached_next_index; @@ -494,6 +474,7 @@ nat44_hairpinning_fn_inline (vlib_main_t * vm, u32 proto0; udp_header_t *udp0; tcp_header_t *tcp0; + u32 sw_if_index0; /* speculatively enqueue b0 to the current next frame */ bi0 = from[0]; @@ -507,6 +488,7 @@ nat44_hairpinning_fn_inline (vlib_main_t * vm, ip0 = vlib_buffer_get_current (b0); udp0 = ip4_next_header (ip0); tcp0 = (tcp_header_t *) udp0; + sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; proto0 = ip_proto_to_nat_proto (ip0->protocol); @@ -518,7 +500,12 @@ nat44_hairpinning_fn_inline (vlib_main_t * vm, 1 /* do_trace */ )) next0 = NAT_HAIRPIN_NEXT_LOOKUP; - pkts_processed += next0 != NAT_HAIRPIN_NEXT_DROP; + if (next0 != NAT_HAIRPIN_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.hairpinning, + vm->thread_index, sw_if_index0, + 1); + } /* verify speculative enqueue, maybe switch current next frame */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, @@ -529,8 +516,6 @@ nat44_hairpinning_fn_inline (vlib_main_t * vm, vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, stats_node_index, - NAT44_HAIRPIN_ERROR_PROCESSED, pkts_processed); return frame->n_vectors; } @@ -546,9 +531,7 @@ VLIB_REGISTER_NODE (nat44_hairpinning_node) = { .name = "nat44-hairpinning", .vector_size = sizeof (u32), .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(nat44_hairpin_error_strings), .format_trace = format_nat_hairpin_trace, - .error_strings = nat44_hairpin_error_strings, .n_next_nodes = NAT_HAIRPIN_N_NEXT, .next_nodes = { [NAT_HAIRPIN_NEXT_DROP] = "error-drop", @@ -569,8 +552,6 @@ VLIB_REGISTER_NODE (nat44_ed_hairpinning_node) = { .name = "nat44-ed-hairpinning", .vector_size = sizeof (u32), .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(nat44_hairpin_error_strings), - .error_strings = nat44_hairpin_error_strings, .format_trace = format_nat_hairpin_trace, .n_next_nodes = NAT_HAIRPIN_N_NEXT, .next_nodes = { @@ -585,14 +566,10 @@ snat_hairpin_dst_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame, int is_ed) { - u32 n_left_from, *from, *to_next, stats_node_index; + u32 n_left_from, *from, *to_next; nat_hairpin_next_t next_index; - u32 pkts_processed = 0; snat_main_t *sm = &snat_main; - stats_node_index = is_ed ? sm->ed_hairpin_dst_node_index : - sm->hairpin_dst_node_index; - from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; next_index = node->cached_next_index; @@ -610,6 +587,7 @@ snat_hairpin_dst_fn_inline (vlib_main_t * vm, u32 next0; ip4_header_t *ip0; u32 proto0; + u32 sw_if_index0; /* speculatively enqueue b0 to the current next frame */ bi0 = from[0]; @@ -622,6 +600,7 @@ snat_hairpin_dst_fn_inline (vlib_main_t * vm, b0 = vlib_get_buffer (vm, bi0); next0 = NAT_HAIRPIN_NEXT_LOOKUP; ip0 = vlib_buffer_get_current (b0); + sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; proto0 = ip_proto_to_nat_proto (ip0->protocol); @@ -653,7 +632,13 @@ snat_hairpin_dst_fn_inline (vlib_main_t * vm, vnet_buffer (b0)->snat.flags = SNAT_FLAG_HAIRPINNING; } - pkts_processed += next0 != NAT_HAIRPIN_NEXT_DROP; + + if (next0 != NAT_HAIRPIN_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.hairpinning, + vm->thread_index, sw_if_index0, + 1); + } /* verify speculative enqueue, maybe switch current next frame */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, @@ -664,8 +649,6 @@ snat_hairpin_dst_fn_inline (vlib_main_t * vm, vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, stats_node_index, - NAT44_HAIRPIN_ERROR_PROCESSED, pkts_processed); return frame->n_vectors; } @@ -681,9 +664,7 @@ VLIB_REGISTER_NODE (snat_hairpin_dst_node) = { .name = "nat44-hairpin-dst", .vector_size = sizeof (u32), .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(nat44_hairpin_error_strings), .format_trace = format_nat_hairpin_trace, - .error_strings = nat44_hairpin_error_strings, .n_next_nodes = NAT_HAIRPIN_N_NEXT, .next_nodes = { [NAT_HAIRPIN_NEXT_DROP] = "error-drop", @@ -704,9 +685,7 @@ VLIB_REGISTER_NODE (nat44_ed_hairpin_dst_node) = { .name = "nat44-ed-hairpin-dst", .vector_size = sizeof (u32), .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(nat44_hairpin_error_strings), .format_trace = format_nat_hairpin_trace, - .error_strings = nat44_hairpin_error_strings, .n_next_nodes = NAT_HAIRPIN_N_NEXT, .next_nodes = { [NAT_HAIRPIN_NEXT_DROP] = "error-drop", @@ -720,14 +699,10 @@ snat_hairpin_src_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame, int is_ed) { - u32 n_left_from, *from, *to_next, stats_node_index; + u32 n_left_from, *from, *to_next; snat_hairpin_src_next_t next_index; - u32 pkts_processed = 0; snat_main_t *sm = &snat_main; - stats_node_index = is_ed ? sm->ed_hairpin_src_node_index : - sm->hairpin_src_node_index; - from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; next_index = node->cached_next_index; @@ -777,7 +752,12 @@ snat_hairpin_src_fn_inline (vlib_main_t * vm, })); /* *INDENT-ON* */ - pkts_processed += next0 != SNAT_HAIRPIN_SRC_NEXT_DROP; + if (next0 != SNAT_HAIRPIN_SRC_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.hairpinning, + vm->thread_index, sw_if_index0, + 1); + } /* verify speculative enqueue, maybe switch current next frame */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, @@ -788,8 +768,6 @@ snat_hairpin_src_fn_inline (vlib_main_t * vm, vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, stats_node_index, - NAT44_HAIRPIN_ERROR_PROCESSED, pkts_processed); return frame->n_vectors; } @@ -805,8 +783,6 @@ VLIB_REGISTER_NODE (snat_hairpin_src_node) = { .name = "nat44-hairpin-src", .vector_size = sizeof (u32), .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(nat44_hairpin_error_strings), - .error_strings = nat44_hairpin_error_strings, .n_next_nodes = SNAT_HAIRPIN_SRC_N_NEXT, .next_nodes = { [SNAT_HAIRPIN_SRC_NEXT_DROP] = "error-drop", @@ -829,8 +805,6 @@ VLIB_REGISTER_NODE (nat44_ed_hairpin_src_node) = { .name = "nat44-ed-hairpin-src", .vector_size = sizeof (u32), .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(nat44_hairpin_error_strings), - .error_strings = nat44_hairpin_error_strings, .n_next_nodes = SNAT_HAIRPIN_SRC_N_NEXT, .next_nodes = { [SNAT_HAIRPIN_SRC_NEXT_DROP] = "error-drop", diff --git a/src/plugins/nat/nat64.c b/src/plugins/nat/nat64.c index 9fc3344f015..717cf6a630a 100644 --- a/src/plugins/nat/nat64.c +++ b/src/plugins/nat/nat64.c @@ -248,6 +248,13 @@ nat64_init (vlib_main_t * vm) vlib_validate_simple_counter (&nm->total_sessions, 0); vlib_zero_simple_counter (&nm->total_sessions, 0); +#define _(x) \ + nm->counters.in2out.x.name = #x; \ + nm->counters.in2out.x.stat_segment_name = "/nat64/in2out/" #x; \ + nm->counters.out2in.x.name = #x; \ + nm->counters.out2in.x.stat_segment_name = "/nat64/out2in/" #x; + foreach_nat_counter; +#undef _ return 0; } @@ -410,6 +417,18 @@ nat64_add_interface_address (u32 sw_if_index, int is_add) return 0; } +static void +nat64_validate_counters (nat64_main_t * nm, u32 sw_if_index) +{ +#define _(x) \ + vlib_validate_simple_counter (&nm->counters.in2out.x, sw_if_index); \ + vlib_zero_simple_counter (&nm->counters.in2out.x, sw_if_index); \ + vlib_validate_simple_counter (&nm->counters.out2in.x, sw_if_index); \ + vlib_zero_simple_counter (&nm->counters.out2in.x, sw_if_index); + foreach_nat_counter; +#undef _ +} + int nat64_add_del_interface (u32 sw_if_index, u8 is_inside, u8 is_add) { @@ -439,6 +458,7 @@ nat64_add_del_interface (u32 sw_if_index, u8 is_inside, u8 is_add) pool_get (nm->interfaces, interface); interface->sw_if_index = sw_if_index; interface->flags = 0; + nat64_validate_counters (nm, sw_if_index); set_flags: if (is_inside) interface->flags |= NAT_INTERFACE_FLAG_IS_INSIDE; diff --git a/src/plugins/nat/nat64.h b/src/plugins/nat/nat64.h index 7121638b570..88ba238613f 100644 --- a/src/plugins/nat/nat64.h +++ b/src/plugins/nat/nat64.h @@ -120,6 +120,22 @@ typedef struct ip4_main_t *ip4_main; snat_main_t *sm; + +#define _(x) vlib_simple_counter_main_t x; + struct + { + struct + { + foreach_nat_counter; + } in2out; + + struct + { + foreach_nat_counter; + } out2in; + } counters; +#undef _ + } nat64_main_t; extern nat64_main_t nat64_main; diff --git a/src/plugins/nat/nat64_in2out.c b/src/plugins/nat/nat64_in2out.c index af212d3061d..1928bf899a6 100644 --- a/src/plugins/nat/nat64_in2out.c +++ b/src/plugins/nat/nat64_in2out.c @@ -49,17 +49,8 @@ format_nat64_in2out_trace (u8 * s, va_list * args) #define foreach_nat64_in2out_error \ _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \ -_(IN2OUT_PACKETS, "good in2out packets processed") \ _(NO_TRANSLATION, "no translation") \ -_(UNKNOWN, "unknown") \ -_(DROP_FRAGMENT, "drop fragment") \ -_(TCP_PACKETS, "TCP packets") \ -_(UDP_PACKETS, "UDP packets") \ -_(ICMP_PACKETS, "ICMP packets") \ -_(OTHER_PACKETS, "other protocol packets") \ -_(FRAGMENTS, "fragments") \ -_(CACHED_FRAGMENTS, "cached fragments") \ -_(PROCESSED_FRAGMENTS, "processed fragments") +_(UNKNOWN, "unknown") typedef enum @@ -1045,17 +1036,9 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, { u32 n_left_from, *from, *to_next; nat64_in2out_next_t next_index; - u32 pkts_processed = 0; - u32 stats_node_index; u32 thread_index = vm->thread_index; nat64_main_t *nm = &nat64_main; - u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = - 0, fragments = 0; - - stats_node_index = - is_slow_path ? nm->in2out_slowpath_node_index : nm->in2out_node_index; - from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; next_index = node->cached_next_index; @@ -1089,6 +1072,8 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, b0 = vlib_get_buffer (vm, bi0); ip60 = vlib_buffer_get_current (b0); + sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; + ctx0.b = b0; ctx0.vm = vm; ctx0.thread_index = thread_index; @@ -1105,8 +1090,6 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, goto trace0; } - sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; - if (nat64_not_translate (sw_if_index0, ip60->dst_address)) { next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP; @@ -1119,7 +1102,9 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, { if (PREDICT_TRUE (proto0 == NAT_PROTOCOL_OTHER)) { - other_packets++; + vlib_increment_simple_counter (&nm->counters.in2out.other, + thread_index, sw_if_index0, + 1); if (is_hairpinning (&ip60->dst_address)) { next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP; @@ -1156,7 +1141,8 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, if (proto0 == NAT_PROTOCOL_ICMP) { - icmp_packets++; + vlib_increment_simple_counter (&nm->counters.in2out.icmp, + thread_index, sw_if_index0, 1); if (is_hairpinning (&ip60->dst_address)) { next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP; @@ -1182,9 +1168,11 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, else if (proto0 == NAT_PROTOCOL_TCP || proto0 == NAT_PROTOCOL_UDP) { if (proto0 == NAT_PROTOCOL_TCP) - tcp_packets++; + vlib_increment_simple_counter (&nm->counters.in2out.tcp, + thread_index, sw_if_index0, 1); else - udp_packets++; + vlib_increment_simple_counter (&nm->counters.in2out.udp, + thread_index, sw_if_index0, 1); if (is_hairpinning (&ip60->dst_address)) { @@ -1219,7 +1207,12 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, t->is_slow_path = is_slow_path; } - pkts_processed += next0 == NAT64_IN2OUT_NEXT_IP4_LOOKUP; + if (next0 == NAT64_IN2OUT_NEXT_DROP) + { + vlib_increment_simple_counter (&nm->counters.in2out.drops, + thread_index, sw_if_index0, 1); + } + /* verify speculative enqueue, maybe switch current next frame */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, @@ -1227,20 +1220,6 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, } vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, stats_node_index, - NAT64_IN2OUT_ERROR_IN2OUT_PACKETS, - pkts_processed); - vlib_node_increment_counter (vm, stats_node_index, - NAT64_IN2OUT_ERROR_TCP_PACKETS, tcp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT64_IN2OUT_ERROR_UDP_PACKETS, udp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT64_IN2OUT_ERROR_ICMP_PACKETS, icmp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT64_IN2OUT_ERROR_OTHER_PACKETS, - other_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT64_IN2OUT_ERROR_FRAGMENTS, fragments); return frame->n_vectors; } diff --git a/src/plugins/nat/nat64_out2in.c b/src/plugins/nat/nat64_out2in.c index ef0f8214ddd..304215a1fa3 100644 --- a/src/plugins/nat/nat64_out2in.c +++ b/src/plugins/nat/nat64_out2in.c @@ -45,18 +45,8 @@ format_nat64_out2in_trace (u8 * s, va_list * args) #define foreach_nat64_out2in_error \ _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \ -_(OUT2IN_PACKETS, "good out2in packets processed") \ _(NO_TRANSLATION, "no translation") \ -_(UNKNOWN, "unknown") \ -_(DROP_FRAGMENT, "drop fragment") \ -_(TCP_PACKETS, "TCP packets") \ -_(UDP_PACKETS, "UDP packets") \ -_(ICMP_PACKETS, "ICMP packets") \ -_(OTHER_PACKETS, "other protocol packets") \ -_(FRAGMENTS, "fragments") \ -_(CACHED_FRAGMENTS, "cached fragments") \ -_(PROCESSED_FRAGMENTS, "processed fragments") - +_(UNKNOWN, "unknown") typedef enum { @@ -534,10 +524,7 @@ VLIB_NODE_FN (nat64_out2in_node) (vlib_main_t * vm, u32 n_left_from, *from, *to_next; nat64_out2in_next_t next_index; nat64_main_t *nm = &nat64_main; - u32 pkts_processed = 0; u32 thread_index = vm->thread_index; - u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = - 0, fragments = 0; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -557,6 +544,7 @@ VLIB_NODE_FN (nat64_out2in_node) (vlib_main_t * vm, u32 proto0; nat64_out2in_set_ctx_t ctx0; udp_header_t *udp0; + u32 sw_if_index0; /* speculatively enqueue b0 to the current next frame */ bi0 = from[0]; @@ -576,7 +564,7 @@ VLIB_NODE_FN (nat64_out2in_node) (vlib_main_t * vm, next0 = NAT64_OUT2IN_NEXT_IP6_LOOKUP; proto0 = ip_proto_to_nat_proto (ip40->protocol); - + sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER)) { if (nat64_out2in_unk_proto (vm, b0, &ctx0)) @@ -584,13 +572,15 @@ VLIB_NODE_FN (nat64_out2in_node) (vlib_main_t * vm, next0 = NAT64_OUT2IN_NEXT_DROP; b0->error = node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION]; } - other_packets++; + vlib_increment_simple_counter (&nm->counters.out2in.other, + thread_index, sw_if_index0, 1); goto trace0; } if (proto0 == NAT_PROTOCOL_ICMP) { - icmp_packets++; + vlib_increment_simple_counter (&nm->counters.out2in.icmp, + thread_index, sw_if_index0, 1); if (icmp_to_icmp6 (b0, nat64_out2in_icmp_set_cb, &ctx0, nat64_out2in_inner_icmp_set_cb, &ctx0)) @@ -603,9 +593,11 @@ VLIB_NODE_FN (nat64_out2in_node) (vlib_main_t * vm, else { if (proto0 == NAT_PROTOCOL_TCP) - tcp_packets++; + vlib_increment_simple_counter (&nm->counters.out2in.tcp, + thread_index, sw_if_index0, 1); else - udp_packets++; + vlib_increment_simple_counter (&nm->counters.out2in.udp, + thread_index, sw_if_index0, 1); if (nat64_out2in_tcp_udp (vm, b0, &ctx0)) { @@ -637,7 +629,11 @@ VLIB_NODE_FN (nat64_out2in_node) (vlib_main_t * vm, t->next_index = next0; } - pkts_processed += next0 == NAT64_OUT2IN_NEXT_IP6_LOOKUP; + if (next0 == NAT64_OUT2IN_NEXT_DROP) + { + vlib_increment_simple_counter (&nm->counters.out2in.drops, + thread_index, sw_if_index0, 1); + } /* verify speculative enqueue, maybe switch current next frame */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, @@ -645,21 +641,6 @@ VLIB_NODE_FN (nat64_out2in_node) (vlib_main_t * vm, } vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, nm->out2in_node_index, - NAT64_OUT2IN_ERROR_OUT2IN_PACKETS, - pkts_processed); - vlib_node_increment_counter (vm, nm->out2in_node_index, - NAT64_OUT2IN_ERROR_TCP_PACKETS, tcp_packets); - vlib_node_increment_counter (vm, nm->out2in_node_index, - NAT64_OUT2IN_ERROR_UDP_PACKETS, udp_packets); - vlib_node_increment_counter (vm, nm->out2in_node_index, - NAT64_OUT2IN_ERROR_ICMP_PACKETS, icmp_packets); - vlib_node_increment_counter (vm, nm->out2in_node_index, - NAT64_OUT2IN_ERROR_OTHER_PACKETS, - other_packets); - vlib_node_increment_counter (vm, nm->out2in_node_index, - NAT64_OUT2IN_ERROR_FRAGMENTS, fragments); - return frame->n_vectors; } diff --git a/src/plugins/nat/nat66/nat66.c b/src/plugins/nat/nat66/nat66.c index 36d5d733a6d..0a90f732b95 100644 --- a/src/plugins/nat/nat66/nat66.c +++ b/src/plugins/nat/nat66/nat66.c @@ -70,9 +70,22 @@ nat66_init (vlib_main_t * vm) FIB_SOURCE_PRIORITY_HI, FIB_SOURCE_BH_SIMPLE); + nm->in2out_packets.name = "in2out"; + nm->in2out_packets.stat_segment_name = "/nat64/in2out"; + nm->out2in_packets.name = "out2in"; + nm->out2in_packets.stat_segment_name = "/nat64/out2in"; return nat66_plugin_api_hookup (vm); } +static void +nat66_validate_counters (nat66_main_t * nm, u32 sw_if_index) +{ + vlib_validate_simple_counter (&nm->in2out_packets, sw_if_index); + vlib_zero_simple_counter (&nm->in2out_packets, sw_if_index); + vlib_validate_simple_counter (&nm->out2in_packets, sw_if_index); + vlib_zero_simple_counter (&nm->out2in_packets, sw_if_index); +} + int nat66_interface_add_del (u32 sw_if_index, u8 is_inside, u8 is_add) { @@ -101,6 +114,7 @@ nat66_interface_add_del (u32 sw_if_index, u8 is_inside, u8 is_add) interface->flags = is_inside ? NAT66_INTERFACE_FLAG_IS_INSIDE : NAT66_INTERFACE_FLAG_IS_OUTSIDE; + nat66_validate_counters (nm, sw_if_index); } else { diff --git a/src/plugins/nat/nat66/nat66.h b/src/plugins/nat/nat66/nat66.h index 9757f030032..42dd7ca0eb2 100644 --- a/src/plugins/nat/nat66/nat66.h +++ b/src/plugins/nat/nat66/nat66.h @@ -74,6 +74,9 @@ typedef struct u16 msg_id_base; u8 log_level; + + vlib_simple_counter_main_t in2out_packets; + vlib_simple_counter_main_t out2in_packets;; } nat66_main_t; #define nat66_elog(_level, _str) \ diff --git a/src/plugins/nat/nat66/nat66_in2out.c b/src/plugins/nat/nat66/nat66_in2out.c index 5a027e2cd50..4c4d3ab0299 100644 --- a/src/plugins/nat/nat66/nat66_in2out.c +++ b/src/plugins/nat/nat66/nat66_in2out.c @@ -42,7 +42,6 @@ format_nat66_in2out_trace (u8 * s, va_list * args) } #define foreach_nat66_in2out_error \ -_(IN2OUT_PACKETS, "good in2out packets processed") \ _(NO_TRANSLATION, "no translation") \ _(UNKNOWN, "unknown") @@ -113,7 +112,6 @@ VLIB_NODE_FN (nat66_in2out_node) (vlib_main_t * vm, { u32 n_left_from, *from, *to_next; nat66_in2out_next_t next_index; - u32 pkts_processed = 0; u32 thread_index = vm->thread_index; nat66_main_t *nm = &nat66_main; @@ -221,7 +219,11 @@ VLIB_NODE_FN (nat66_in2out_node) (vlib_main_t * vm, t->next_index = next0; } - pkts_processed += next0 != NAT66_IN2OUT_NEXT_DROP; + if (next0 != NAT66_IN2OUT_NEXT_DROP) + { + vlib_increment_simple_counter (&nm->in2out_packets, + thread_index, sw_if_index0, 1); + } /* verify speculative enqueue, maybe switch current next frame */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, @@ -230,9 +232,6 @@ VLIB_NODE_FN (nat66_in2out_node) (vlib_main_t * vm, vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, nm->in2out_node_index, - NAT66_IN2OUT_ERROR_IN2OUT_PACKETS, - pkts_processed); return frame->n_vectors; } diff --git a/src/plugins/nat/nat66/nat66_out2in.c b/src/plugins/nat/nat66/nat66_out2in.c index 563ad6f5178..9d44b4880eb 100644 --- a/src/plugins/nat/nat66/nat66_out2in.c +++ b/src/plugins/nat/nat66/nat66_out2in.c @@ -42,7 +42,6 @@ format_nat66_out2in_trace (u8 * s, va_list * args) } #define foreach_nat66_out2in_error \ -_(OUT2IN_PACKETS, "good out2in packets processed") \ _(NO_TRANSLATION, "no translation") \ _(UNKNOWN, "unknown") @@ -73,7 +72,6 @@ VLIB_NODE_FN (nat66_out2in_node) (vlib_main_t * vm, { u32 n_left_from, *from, *to_next; nat66_out2in_next_t next_index; - u32 pkts_processed = 0; u32 thread_index = vm->thread_index; nat66_main_t *nm = &nat66_main; @@ -179,7 +177,11 @@ VLIB_NODE_FN (nat66_out2in_node) (vlib_main_t * vm, t->next_index = next0; } - pkts_processed += next0 != NAT66_OUT2IN_NEXT_DROP; + if (next0 != NAT66_OUT2IN_NEXT_DROP) + { + vlib_increment_simple_counter (&nm->out2in_packets, + thread_index, sw_if_index0, 1); + } /* verify speculative enqueue, maybe switch current next frame */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, @@ -188,9 +190,6 @@ VLIB_NODE_FN (nat66_out2in_node) (vlib_main_t * vm, vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, nm->out2in_node_index, - NAT66_OUT2IN_ERROR_OUT2IN_PACKETS, - pkts_processed); return frame->n_vectors; } diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c index 4e6ceb72f6a..5684a93b2a5 100644 --- a/src/plugins/nat/out2in.c +++ b/src/plugins/nat/out2in.c @@ -72,19 +72,10 @@ format_snat_out2in_fast_trace (u8 * s, va_list * args) #define foreach_snat_out2in_error \ _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \ -_(OUT2IN_PACKETS, "good out2in packets processed") \ _(OUT_OF_PORTS, "out of ports") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ _(NO_TRANSLATION, "no translation") \ _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ -_(DROP_FRAGMENT, "drop fragment") \ -_(MAX_REASS, "maximum reassemblies exceeded") \ -_(MAX_FRAG, "maximum fragments per reassembly exceeded")\ -_(TCP_PACKETS, "TCP packets") \ -_(UDP_PACKETS, "UDP packets") \ -_(ICMP_PACKETS, "ICMP packets") \ -_(OTHER_PACKETS, "other protocol packets") \ -_(FRAGMENTS, "fragments") \ _(CANNOT_CREATE_USER, "cannot create NAT user") typedef enum @@ -725,13 +716,10 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, vlib_frame_t * frame) { u32 n_left_from, *from; - u32 pkts_processed = 0; snat_main_t *sm = &snat_main; f64 now = vlib_time_now (vm); u32 thread_index = vm->thread_index; snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; - u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = - 0, fragments = 0; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -819,7 +807,9 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, next0 = SNAT_OUT2IN_NEXT_DROP; } } - other_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.other, + thread_index, sw_if_index0, 1); + goto trace0; } @@ -828,7 +818,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, next0 = icmp_out2in_slow_path (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); - icmp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.icmp, + thread_index, sw_if_index0, 1); goto trace0; } @@ -914,7 +905,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, length /* changed member */ ); tcp0->checksum = ip_csum_fold (sum0); } - tcp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.tcp, + thread_index, sw_if_index0, 1); } else { @@ -934,7 +926,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, udp0->checksum = ip_csum_fold (sum0); } } - udp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.udp, + thread_index, sw_if_index0, 1); } /* Accounting */ @@ -957,7 +950,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, s0 - sm->per_thread_data[thread_index].sessions; } - pkts_processed += next0 == SNAT_OUT2IN_NEXT_LOOKUP; + if (next0 == SNAT_OUT2IN_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.drops, + thread_index, sw_if_index0, 1); + } ip1 = vlib_buffer_get_current (b1); @@ -992,7 +989,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, next1 = SNAT_OUT2IN_NEXT_DROP; } } - other_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.other, + thread_index, sw_if_index1, 1); goto trace1; } @@ -1001,7 +999,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, next1 = icmp_out2in_slow_path (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, next1, now, thread_index, &s1); - icmp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.icmp, + thread_index, sw_if_index1, 1); goto trace1; } @@ -1091,7 +1090,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, length /* changed member */ ); tcp1->checksum = ip_csum_fold (sum1); } - tcp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.tcp, + thread_index, sw_if_index1, 1); } else { @@ -1114,7 +1114,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, udp1->checksum = ip_csum_fold (sum1); } } - udp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.udp, + thread_index, sw_if_index1, 1); } /* Accounting */ @@ -1137,7 +1138,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, s1 - sm->per_thread_data[thread_index].sessions; } - pkts_processed += next1 == SNAT_OUT2IN_NEXT_LOOKUP; + if (next1 == SNAT_OUT2IN_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.drops, + thread_index, sw_if_index1, 1); + } n_left_from -= 2; next[0] = next0; @@ -1193,7 +1198,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, next0 = SNAT_OUT2IN_NEXT_DROP; } } - other_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.other, + thread_index, sw_if_index0, 1); goto trace00; } @@ -1212,7 +1218,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, next0 = icmp_out2in_slow_path (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); - icmp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.icmp, + thread_index, sw_if_index0, 1); goto trace00; } @@ -1302,7 +1309,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, length /* changed member */ ); tcp0->checksum = ip_csum_fold (sum0); } - tcp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.tcp, + thread_index, sw_if_index0, 1); } else { @@ -1322,7 +1330,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, udp0->checksum = ip_csum_fold (sum0); } } - udp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.udp, + thread_index, sw_if_index0, 1); } /* Accounting */ @@ -1345,7 +1354,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, s0 - sm->per_thread_data[thread_index].sessions; } - pkts_processed += next0 == SNAT_OUT2IN_NEXT_LOOKUP; + if (next0 == SNAT_OUT2IN_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.slowpath.out2in.drops, + thread_index, sw_if_index0, 1); + } n_left_from--; next[0] = next0; @@ -1355,21 +1368,6 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts, frame->n_vectors); - vlib_node_increment_counter (vm, sm->out2in_node_index, - SNAT_OUT2IN_ERROR_OUT2IN_PACKETS, - pkts_processed); - vlib_node_increment_counter (vm, sm->out2in_node_index, - SNAT_OUT2IN_ERROR_TCP_PACKETS, tcp_packets); - vlib_node_increment_counter (vm, sm->out2in_node_index, - SNAT_OUT2IN_ERROR_UDP_PACKETS, udp_packets); - vlib_node_increment_counter (vm, sm->out2in_node_index, - SNAT_OUT2IN_ERROR_ICMP_PACKETS, icmp_packets); - vlib_node_increment_counter (vm, sm->out2in_node_index, - SNAT_OUT2IN_ERROR_OTHER_PACKETS, - other_packets); - vlib_node_increment_counter (vm, sm->out2in_node_index, - SNAT_OUT2IN_ERROR_FRAGMENTS, fragments); - return frame->n_vectors; } @@ -1401,7 +1399,6 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm, vlib_frame_t * frame) { u32 n_left_from, *from; - u32 pkts_processed = 0; snat_main_t *sm = &snat_main; from = vlib_frame_vector_args (frame); @@ -1540,7 +1537,11 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm, t->next_index = next0; } - pkts_processed += next0 != SNAT_OUT2IN_NEXT_DROP; + if (next0 == SNAT_OUT2IN_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.fastpath.out2in.drops, + vm->thread_index, sw_if_index0, 1); + } n_left_from--; next[0] = next0; @@ -1550,9 +1551,6 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts, frame->n_vectors); - vlib_node_increment_counter (vm, sm->out2in_fast_node_index, - SNAT_OUT2IN_ERROR_OUT2IN_PACKETS, - pkts_processed); return frame->n_vectors; } diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c index 05fc75fac71..56906369ca6 100644 --- a/src/plugins/nat/out2in_ed.c +++ b/src/plugins/nat/out2in_ed.c @@ -675,15 +675,11 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm, vlib_frame_t * frame, int is_multi_worker) { - u32 n_left_from, *from, pkts_processed = 0, stats_node_index; + u32 n_left_from, *from; snat_main_t *sm = &snat_main; f64 now = vlib_time_now (vm); u32 thread_index = vm->thread_index; snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; - u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = - 0, fragments = 0; - - stats_node_index = sm->ed_out2in_node_index; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -867,10 +863,10 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm, } tcp0->checksum = ip_csum_fold (sum0); } - tcp_packets++; + vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.tcp, + thread_index, sw_if_index0, 1); if (nat44_set_tcp_session_state_o2i - (sm, now, s0, - vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags, + (sm, now, s0, vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags, vnet_buffer (b0)->ip.reass.tcp_ack_number, vnet_buffer (b0)->ip.reass.tcp_seq_number, thread_index)) goto trace0; @@ -898,7 +894,8 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm, ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32; } udp0->checksum = ip_csum_fold (sum0); - udp_packets++; + vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.udp, + thread_index, sw_if_index0, 1); } else { @@ -911,7 +908,8 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm, ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32; } } - udp_packets++; + vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.udp, + thread_index, sw_if_index0, 1); } /* Accounting */ @@ -937,7 +935,12 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm, t->session_index = ~0; } - pkts_processed += next[0] == vnet_buffer2 (b0)->nat.arc_next; + if (next[0] == NAT_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.fastpath. + out2in_ed.drops, thread_index, + sw_if_index0, 1); + } n_left_from--; next++; @@ -945,22 +948,6 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts, frame->n_vectors); - - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_OUT2IN_PACKETS, - pkts_processed); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_TCP_PACKETS, tcp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_UDP_PACKETS, udp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_ICMP_PACKETS, - icmp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_OTHER_PACKETS, - other_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_FRAGMENTS, fragments); return frame->n_vectors; } @@ -969,15 +956,11 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) { - u32 n_left_from, *from, pkts_processed = 0, stats_node_index; + u32 n_left_from, *from; snat_main_t *sm = &snat_main; f64 now = vlib_time_now (vm); u32 thread_index = vm->thread_index; snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; - u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = - 0, fragments = 0; - - stats_node_index = sm->ed_out2in_slowpath_node_index; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -1040,7 +1023,9 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, if (!s0) next[0] = NAT_NEXT_DROP; } - other_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath. + out2in_ed.other, thread_index, + sw_if_index0, 1); goto trace0; } @@ -1049,7 +1034,9 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, next[0] = icmp_out2in_ed_slow_path (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next[0], now, thread_index, &s0); - icmp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath. + out2in_ed.icmp, thread_index, + sw_if_index0, 1); goto trace0; } @@ -1194,10 +1181,10 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, } tcp0->checksum = ip_csum_fold (sum0); } - tcp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.tcp, + thread_index, sw_if_index0, 1); if (nat44_set_tcp_session_state_o2i - (sm, now, s0, - vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags, + (sm, now, s0, vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags, vnet_buffer (b0)->ip.reass.tcp_ack_number, vnet_buffer (b0)->ip.reass.tcp_seq_number, thread_index)) goto trace0; @@ -1224,7 +1211,8 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32; } udp0->checksum = ip_csum_fold (sum0); - udp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.udp, + thread_index, sw_if_index0, 1); } else { @@ -1237,7 +1225,8 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32; } } - udp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.udp, + thread_index, sw_if_index0, 1); } /* Accounting */ @@ -1263,7 +1252,12 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, t->session_index = ~0; } - pkts_processed += next[0] == vnet_buffer2 (b0)->nat.arc_next; + if (next[0] == NAT_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.slowpath. + out2in_ed.drops, thread_index, + sw_if_index0, 1); + } n_left_from--; next++; @@ -1273,21 +1267,6 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts, frame->n_vectors); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_OUT2IN_PACKETS, - pkts_processed); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_TCP_PACKETS, tcp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_UDP_PACKETS, udp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_ICMP_PACKETS, - icmp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_OTHER_PACKETS, - other_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_OUT2IN_ED_ERROR_FRAGMENTS, fragments); return frame->n_vectors; } diff --git a/src/plugins/nat/test/test_nat.py b/src/plugins/nat/test/test_nat.py index 78c20ee3d70..16ffcfde941 100644 --- a/src/plugins/nat/test/test_nat.py +++ b/src/plugins/nat/test/test_nat.py @@ -1514,14 +1514,10 @@ class TestNAT44(MethodHolder): is_add=1) # in2out - tcpn = self.statistics.get_err_counter( - '/err/nat44-in2out-slowpath/TCP packets') - udpn = self.statistics.get_err_counter( - '/err/nat44-in2out-slowpath/UDP packets') - icmpn = self.statistics.get_err_counter( - '/err/nat44-in2out-slowpath/ICMP packets') - totaln = self.statistics.get_err_counter( - '/err/nat44-in2out-slowpath/good in2out packets processed') + tcpn = self.statistics.get_counter('/nat44/in2out/slowpath/tcp')[0] + udpn = self.statistics.get_counter('/nat44/in2out/slowpath/udp')[0] + icmpn = self.statistics.get_counter('/nat44/in2out/slowpath/icmp')[0] + drops = self.statistics.get_counter('/nat44/in2out/slowpath/drops')[0] pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -1530,26 +1526,21 @@ class TestNAT44(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture) - err = self.statistics.get_err_counter( - '/err/nat44-in2out-slowpath/TCP packets') - self.assertEqual(err - tcpn, 2) - err = self.statistics.get_err_counter( - '/err/nat44-in2out-slowpath/UDP packets') - self.assertEqual(err - udpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-in2out-slowpath/ICMP packets') - self.assertEqual(err - icmpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-in2out-slowpath/good in2out packets processed') - self.assertEqual(err - totaln, 4) + if_idx = self.pg0.sw_if_index + cnt = self.statistics.get_counter('/nat44/in2out/slowpath/tcp')[0] + self.assertEqual(cnt[if_idx] - tcpn[if_idx], 2) + cnt = self.statistics.get_counter('/nat44/in2out/slowpath/udp')[0] + self.assertEqual(cnt[if_idx] - udpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat44/in2out/slowpath/icmp')[0] + self.assertEqual(cnt[if_idx] - icmpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat44/in2out/slowpath/drops')[0] + self.assertEqual(cnt[if_idx] - drops[if_idx], 0) # out2in - tcpn = self.statistics.get_err_counter('/err/nat44-out2in/TCP packets') - udpn = self.statistics.get_err_counter('/err/nat44-out2in/UDP packets') - icmpn = self.statistics.get_err_counter( - '/err/nat44-out2in/ICMP packets') - totaln = self.statistics.get_err_counter( - '/err/nat44-out2in/good out2in packets processed') + tcpn = self.statistics.get_counter('/nat44/out2in/slowpath/tcp')[0] + udpn = self.statistics.get_counter('/nat44/out2in/slowpath/udp')[0] + icmpn = self.statistics.get_counter('/nat44/out2in/slowpath/icmp')[0] + drops = self.statistics.get_counter('/nat44/out2in/slowpath/drops')[0] pkts = self.create_stream_out(self.pg1) self.pg1.add_stream(pkts) @@ -1558,15 +1549,15 @@ class TestNAT44(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) - err = self.statistics.get_err_counter('/err/nat44-out2in/TCP packets') - self.assertEqual(err - tcpn, 2) - err = self.statistics.get_err_counter('/err/nat44-out2in/UDP packets') - self.assertEqual(err - udpn, 1) - err = self.statistics.get_err_counter('/err/nat44-out2in/ICMP packets') - self.assertEqual(err - icmpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-out2in/good out2in packets processed') - self.assertEqual(err - totaln, 4) + if_idx = self.pg1.sw_if_index + cnt = self.statistics.get_counter('/nat44/out2in/slowpath/tcp')[0] + self.assertEqual(cnt[if_idx] - tcpn[if_idx], 2) + cnt = self.statistics.get_counter('/nat44/out2in/slowpath/udp')[0] + self.assertEqual(cnt[if_idx] - udpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat44/out2in/slowpath/icmp')[0] + self.assertEqual(cnt[if_idx] - icmpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat44/out2in/slowpath/drops')[0] + self.assertEqual(cnt[if_idx] - drops[if_idx], 0) users = self.statistics.get_counter('/nat44/total-users') self.assertEqual(users[0][0], 1) @@ -2354,6 +2345,7 @@ class TestNAT44(MethodHolder): server_in_port, server_out_port, proto=IP_PROTOS.tcp) + cnt = self.statistics.get_counter('/nat44/hairpinning')[0] # send packet from host to server p = (Ether(src=host.mac, dst=self.pg0.local_mac) / IP(src=host.ip4, dst=self.nat_addr) / @@ -2376,6 +2368,10 @@ class TestNAT44(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise + after = self.statistics.get_counter('/nat44/hairpinning')[0] + if_idx = self.pg0.sw_if_index + self.assertEqual(after[if_idx] - cnt[if_idx], 1) + # send reply from server to host p = (Ether(src=server.mac, dst=self.pg0.local_mac) / IP(src=server.ip4, dst=self.nat_addr) / @@ -2397,6 +2393,10 @@ class TestNAT44(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise + after = self.statistics.get_counter('/nat44/hairpinning')[0] + if_idx = self.pg0.sw_if_index + self.assertEqual(after[if_idx] - cnt[if_idx], 2) + def test_hairpinning2(self): """ NAT44 hairpinning - 1:1 NAT""" @@ -4677,14 +4677,12 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertEqual(1, nat_config.endpoint_dependent) # in2out - tcpn = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/TCP packets') - udpn = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/UDP packets') - icmpn = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/ICMP packets') - totaln = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/good in2out packets processed') + tcpn = self.statistics.get_counter('/nat44/ed/in2out/slowpath/tcp')[0] + udpn = self.statistics.get_counter('/nat44/ed/in2out/slowpath/udp')[0] + icmpn = self.statistics.get_counter( + '/nat44/ed/in2out/slowpath/icmp')[0] + drops = self.statistics.get_counter( + '/nat44/ed/in2out/slowpath/drops')[0] pkts = self.create_stream_in(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -4693,28 +4691,23 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg1.get_capture(len(pkts)) self.verify_capture_out(capture, ignore_port=True) - err = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/TCP packets') - self.assertEqual(err - tcpn, 2) - err = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/UDP packets') - self.assertEqual(err - udpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/ICMP packets') - self.assertEqual(err - icmpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/good in2out packets processed') - self.assertEqual(err - totaln, 4) + if_idx = self.pg0.sw_if_index + cnt = self.statistics.get_counter('/nat44/ed/in2out/slowpath/tcp')[0] + self.assertEqual(cnt[if_idx] - tcpn[if_idx], 2) + cnt = self.statistics.get_counter('/nat44/ed/in2out/slowpath/udp')[0] + self.assertEqual(cnt[if_idx] - udpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat44/ed/in2out/slowpath/icmp')[0] + self.assertEqual(cnt[if_idx] - icmpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat44/ed/in2out/slowpath/drops')[0] + self.assertEqual(cnt[if_idx] - drops[if_idx], 0) # out2in - tcpn = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/TCP packets') - udpn = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/UDP packets') - icmpn = self.statistics.get_err_counter( - '/err/nat44-ed-out2in-slowpath/ICMP packets') - totaln = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/good out2in packets processed') + tcpn = self.statistics.get_counter('/nat44/ed/out2in/fastpath/tcp')[0] + udpn = self.statistics.get_counter('/nat44/ed/out2in/fastpath/udp')[0] + icmpn = self.statistics.get_counter( + '/nat44/ed/out2in/slowpath/icmp')[0] + drops = self.statistics.get_counter( + '/nat44/ed/out2in/fastpath/drops')[0] pkts = self.create_stream_out(self.pg1) self.pg1.add_stream(pkts) @@ -4723,18 +4716,15 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) - err = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/TCP packets') - self.assertEqual(err - tcpn, 2) - err = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/UDP packets') - self.assertEqual(err - udpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-ed-out2in-slowpath/ICMP packets') - self.assertEqual(err - icmpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/good out2in packets processed') - self.assertEqual(err - totaln, 3) + if_idx = self.pg1.sw_if_index + cnt = self.statistics.get_counter('/nat44/ed/out2in/fastpath/tcp')[0] + self.assertEqual(cnt[if_idx] - tcpn[if_idx], 2) + cnt = self.statistics.get_counter('/nat44/ed/out2in/fastpath/udp')[0] + self.assertEqual(cnt[if_idx] - udpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat44/ed/out2in/slowpath/icmp')[0] + self.assertEqual(cnt[if_idx] - icmpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat44/ed/out2in/fastpath/drops')[0] + self.assertEqual(cnt[if_idx] - drops[if_idx], 0) sessions = self.statistics.get_counter('/nat44/total-sessions') self.assertEqual(sessions[0][0], 3) @@ -4819,14 +4809,14 @@ class TestNAT44EndpointDependent(MethodHolder): self.assertEqual(1, nat_config.endpoint_dependent) # in2out - tcpn = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/TCP packets') - udpn = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/UDP packets') - icmpn = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/ICMP packets') - totaln = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/good in2out packets processed') + tcpn = self.statistics.get_counter( + '/nat44/ed/in2out/slowpath/tcp')[0] + udpn = self.statistics.get_counter( + '/nat44/ed/in2out/slowpath/udp')[0] + icmpn = self.statistics.get_counter( + '/nat44/ed/in2out/slowpath/icmp')[0] + drops = self.statistics.get_counter( + '/nat44/ed/in2out/slowpath/drops')[0] pkts = self.create_stream_in(self.pg7, self.pg8) self.pg7.add_stream(pkts) @@ -4835,28 +4825,29 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg8.get_capture(len(pkts)) self.verify_capture_out(capture, ignore_port=True) - err = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/TCP packets') - self.assertEqual(err - tcpn, 2) - err = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/UDP packets') - self.assertEqual(err - udpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/ICMP packets') - self.assertEqual(err - icmpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-ed-in2out-slowpath/good in2out packets processed') - self.assertEqual(err - totaln, 4) + if_idx = self.pg7.sw_if_index + cnt = self.statistics.get_counter( + '/nat44/ed/in2out/slowpath/tcp')[0] + self.assertEqual(cnt[if_idx] - tcpn[if_idx], 2) + cnt = self.statistics.get_counter( + '/nat44/ed/in2out/slowpath/udp')[0] + self.assertEqual(cnt[if_idx] - udpn[if_idx], 1) + cnt = self.statistics.get_counter( + '/nat44/ed/in2out/slowpath/icmp')[0] + self.assertEqual(cnt[if_idx] - icmpn[if_idx], 1) + cnt = self.statistics.get_counter( + '/nat44/ed/in2out/slowpath/drops')[0] + self.assertEqual(cnt[if_idx] - drops[if_idx], 0) # out2in - tcpn = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/TCP packets') - udpn = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/UDP packets') - icmpn = self.statistics.get_err_counter( - '/err/nat44-ed-out2in-slowpath/ICMP packets') - totaln = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/good out2in packets processed') + tcpn = self.statistics.get_counter( + '/nat44/ed/out2in/fastpath/tcp')[0] + udpn = self.statistics.get_counter( + '/nat44/ed/out2in/fastpath/udp')[0] + icmpn = self.statistics.get_counter( + '/nat44/ed/out2in/slowpath/icmp')[0] + drops = self.statistics.get_counter( + '/nat44/ed/out2in/fastpath/drops')[0] pkts = self.create_stream_out(self.pg8) self.pg8.add_stream(pkts) @@ -4865,18 +4856,19 @@ class TestNAT44EndpointDependent(MethodHolder): capture = self.pg7.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg7) - err = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/TCP packets') - self.assertEqual(err - tcpn, 2) - err = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/UDP packets') - self.assertEqual(err - udpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-ed-out2in-slowpath/ICMP packets') - self.assertEqual(err - icmpn, 1) - err = self.statistics.get_err_counter( - '/err/nat44-ed-out2in/good out2in packets processed') - self.assertEqual(err - totaln, 3) + if_idx = self.pg8.sw_if_index + cnt = self.statistics.get_counter( + '/nat44/ed/out2in/fastpath/tcp')[0] + self.assertEqual(cnt[if_idx] - tcpn[if_idx], 2) + cnt = self.statistics.get_counter( + '/nat44/ed/out2in/fastpath/udp')[0] + self.assertEqual(cnt[if_idx] - udpn[if_idx], 1) + cnt = self.statistics.get_counter( + '/nat44/ed/out2in/slowpath/icmp')[0] + self.assertEqual(cnt[if_idx] - icmpn[if_idx], 1) + cnt = self.statistics.get_counter( + '/nat44/ed/out2in/fastpath/drops')[0] + self.assertEqual(cnt[if_idx] - drops[if_idx], 0) sessions = self.statistics.get_counter('/nat44/total-sessions') self.assertEqual(sessions[0][0], 3) @@ -8333,12 +8325,10 @@ class TestNAT64(MethodHolder): sw_if_index=self.pg1.sw_if_index) # in2out - tcpn = self.statistics.get_err_counter('/err/nat64-in2out/TCP packets') - udpn = self.statistics.get_err_counter('/err/nat64-in2out/UDP packets') - icmpn = self.statistics.get_err_counter( - '/err/nat64-in2out/ICMP packets') - totaln = self.statistics.get_err_counter( - '/err/nat64-in2out/good in2out packets processed') + tcpn = self.statistics.get_counter('/nat64/in2out/tcp')[0] + udpn = self.statistics.get_counter('/nat64/in2out/udp')[0] + icmpn = self.statistics.get_counter('/nat64/in2out/icmp')[0] + drops = self.statistics.get_counter('/nat64/in2out/drops')[0] pkts = self.create_stream_in_ip6(self.pg0, self.pg1) self.pg0.add_stream(pkts) @@ -8348,23 +8338,21 @@ class TestNAT64(MethodHolder): self.verify_capture_out(capture, nat_ip=self.nat_addr, dst_ip=self.pg1.remote_ip4) - err = self.statistics.get_err_counter('/err/nat64-in2out/TCP packets') - self.assertEqual(err - tcpn, 1) - err = self.statistics.get_err_counter('/err/nat64-in2out/UDP packets') - self.assertEqual(err - udpn, 1) - err = self.statistics.get_err_counter('/err/nat64-in2out/ICMP packets') - self.assertEqual(err - icmpn, 1) - err = self.statistics.get_err_counter( - '/err/nat64-in2out/good in2out packets processed') - self.assertEqual(err - totaln, 3) + if_idx = self.pg0.sw_if_index + cnt = self.statistics.get_counter('/nat64/in2out/tcp')[0] + self.assertEqual(cnt[if_idx] - tcpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat64/in2out/udp')[0] + self.assertEqual(cnt[if_idx] - udpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat64/in2out/icmp')[0] + self.assertEqual(cnt[if_idx] - icmpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat64/in2out/drops')[0] + self.assertEqual(cnt[if_idx] - drops[if_idx], 0) # out2in - tcpn = self.statistics.get_err_counter('/err/nat64-out2in/TCP packets') - udpn = self.statistics.get_err_counter('/err/nat64-out2in/UDP packets') - icmpn = self.statistics.get_err_counter( - '/err/nat64-out2in/ICMP packets') - totaln = self.statistics.get_err_counter( - '/err/nat64-out2in/good out2in packets processed') + tcpn = self.statistics.get_counter('/nat64/out2in/tcp')[0] + udpn = self.statistics.get_counter('/nat64/out2in/udp')[0] + icmpn = self.statistics.get_counter('/nat64/out2in/icmp')[0] + drops = self.statistics.get_counter('/nat64/out2in/drops')[0] pkts = self.create_stream_out(self.pg1, dst_ip=self.nat_addr) self.pg1.add_stream(pkts) @@ -8374,15 +8362,15 @@ class TestNAT64(MethodHolder): ip = IPv6(src=''.join(['64:ff9b::', self.pg1.remote_ip4])) self.verify_capture_in_ip6(capture, ip[IPv6].src, self.pg0.remote_ip6) - err = self.statistics.get_err_counter('/err/nat64-out2in/TCP packets') - self.assertEqual(err - tcpn, 2) - err = self.statistics.get_err_counter('/err/nat64-out2in/UDP packets') - self.assertEqual(err - udpn, 1) - err = self.statistics.get_err_counter('/err/nat64-out2in/ICMP packets') - self.assertEqual(err - icmpn, 1) - err = self.statistics.get_err_counter( - '/err/nat64-out2in/good out2in packets processed') - self.assertEqual(err - totaln, 4) + if_idx = self.pg1.sw_if_index + cnt = self.statistics.get_counter('/nat64/out2in/tcp')[0] + self.assertEqual(cnt[if_idx] - tcpn[if_idx], 2) + cnt = self.statistics.get_counter('/nat64/out2in/udp')[0] + self.assertEqual(cnt[if_idx] - udpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat64/out2in/icmp')[0] + self.assertEqual(cnt[if_idx] - icmpn[if_idx], 1) + cnt = self.statistics.get_counter('/nat64/out2in/drops')[0] + self.assertEqual(cnt[if_idx] - drops[if_idx], 0) bibs = self.statistics.get_counter('/nat64/total-bibs') self.assertEqual(bibs[0][0], 3) |