aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/vnet/ip/ip4_error.h99
-rw-r--r--src/vnet/ip/reass/ip4_full_reass.c32
2 files changed, 84 insertions, 47 deletions
diff --git a/src/vnet/ip/ip4_error.h b/src/vnet/ip/ip4_error.h
index dce3dd4c1ab..187b0794bdb 100644
--- a/src/vnet/ip/ip4_error.h
+++ b/src/vnet/ip/ip4_error.h
@@ -40,53 +40,58 @@
#ifndef included_ip_ip4_error_h
#define included_ip_ip4_error_h
-#define foreach_ip4_error \
- /* Must be first. */ \
- _ (NONE, "valid ip4 packets") \
- \
- /* Errors signalled by ip4-input */ \
- _ (TOO_SHORT, "ip4 length < 20 bytes") \
- _ (BAD_LENGTH, "ip4 length > l2 length") \
- _ (BAD_CHECKSUM, "bad ip4 checksum") \
- _ (VERSION, "ip4 version != 4") \
- _ (OPTIONS, "ip4 options present") \
- _ (FRAGMENT_OFFSET_ONE, "ip4 fragment offset == 1") \
- _ (TIME_EXPIRED, "ip4 ttl <= 1") \
- \
- /* Errors signalled by ip4-rewrite. */ \
- _ (MTU_EXCEEDED, "ip4 MTU exceeded and DF set") \
- _ (DST_LOOKUP_MISS, "ip4 destination lookup miss") \
- _ (SRC_LOOKUP_MISS, "ip4 source lookup miss") \
- _ (DROP, "ip4 drop") \
- _ (PUNT, "ip4 punt") \
- _ (SAME_INTERFACE, "ip4 egress interface same as ingress") \
- \
- /* Errors signalled by ip4-local. */ \
- _ (UNKNOWN_PROTOCOL, "unknown ip protocol") \
- _ (TCP_CHECKSUM, "bad tcp checksum") \
- _ (UDP_CHECKSUM, "bad udp checksum") \
- _ (UDP_LENGTH, "inconsistent udp/ip lengths") \
- \
- /* Spoofed packets in ip4-rewrite-local */ \
- _ (SPOOFED_LOCAL_PACKETS, "ip4 spoofed local-address packet drops") \
- \
- /* Errors signalled by ip4-inacl */ \
- _ (INACL_TABLE_MISS, "input ACL table-miss drops") \
- _ (INACL_SESSION_DENY, "input ACL session deny drops") \
- /* Errors singalled by ip4-outacl */ \
- _ (OUTACL_TABLE_MISS, "output ACL table-miss drops") \
- _ (OUTACL_SESSION_DENY, "output ACL session deny drops") \
- \
- /* Errors from mfib-forward */ \
- _ (RPF_FAILURE, "Multicast RPF check failed") \
- \
- /* Errors signalled by ip4-reassembly */ \
- _ (REASS_DUPLICATE_FRAGMENT, "duplicate/overlapping fragments") \
- _ (REASS_LIMIT_REACHED, "drops due to concurrent reassemblies limit") \
- _ (REASS_FRAGMENT_CHAIN_TOO_LONG, "fragment chain too long (drop)") \
- _ (REASS_NO_BUF, "out of buffers (drop)") \
- _ (REASS_MALFORMED_PACKET, "malformed packets") \
- _ (REASS_INTERNAL_ERROR, "drops due to internal reassembly error") \
+#define foreach_ip4_error \
+ /* Must be first. */ \
+ _ (NONE, "valid ip4 packets") \
+ \
+ /* Errors signalled by ip4-input */ \
+ _ (TOO_SHORT, "ip4 length < 20 bytes") \
+ _ (BAD_LENGTH, "ip4 length > l2 length") \
+ _ (BAD_CHECKSUM, "bad ip4 checksum") \
+ _ (VERSION, "ip4 version != 4") \
+ _ (OPTIONS, "ip4 options present") \
+ _ (FRAGMENT_OFFSET_ONE, "ip4 fragment offset == 1") \
+ _ (TIME_EXPIRED, "ip4 ttl <= 1") \
+ \
+ /* Errors signalled by ip4-rewrite. */ \
+ _ (MTU_EXCEEDED, "ip4 MTU exceeded and DF set") \
+ _ (DST_LOOKUP_MISS, "ip4 destination lookup miss") \
+ _ (SRC_LOOKUP_MISS, "ip4 source lookup miss") \
+ _ (DROP, "ip4 drop") \
+ _ (PUNT, "ip4 punt") \
+ _ (SAME_INTERFACE, "ip4 egress interface same as ingress") \
+ \
+ /* Errors signalled by ip4-local. */ \
+ _ (UNKNOWN_PROTOCOL, "unknown ip protocol") \
+ _ (TCP_CHECKSUM, "bad tcp checksum") \
+ _ (UDP_CHECKSUM, "bad udp checksum") \
+ _ (UDP_LENGTH, "inconsistent udp/ip lengths") \
+ \
+ /* Spoofed packets in ip4-rewrite-local */ \
+ _ (SPOOFED_LOCAL_PACKETS, "ip4 spoofed local-address packet drops") \
+ \
+ /* Errors signalled by ip4-inacl */ \
+ _ (INACL_TABLE_MISS, "input ACL table-miss drops") \
+ _ (INACL_SESSION_DENY, "input ACL session deny drops") \
+ /* Errors singalled by ip4-outacl */ \
+ _ (OUTACL_TABLE_MISS, "output ACL table-miss drops") \
+ _ (OUTACL_SESSION_DENY, "output ACL session deny drops") \
+ \
+ /* Errors from mfib-forward */ \
+ _ (RPF_FAILURE, "Multicast RPF check failed") \
+ \
+ /* Errors signalled by ip4-reassembly */ \
+ _ (REASS_DUPLICATE_FRAGMENT, "duplicate/overlapping fragments") \
+ _ (REASS_LIMIT_REACHED, "drops due to concurrent reassemblies limit") \
+ _ (REASS_FRAGMENT_CHAIN_TOO_LONG, "fragment chain too long (drop)") \
+ _ (REASS_NO_BUF, "out of buffers (drop)") \
+ _ (REASS_MALFORMED_PACKET, "malformed packets") \
+ _ (REASS_INTERNAL_ERROR, "drops due to internal reassembly error") \
+ _ (REASS_TIMEOUT, "fragments dropped due to reassembly timeout") \
+ _ (REASS_TO_CUSTOM_APP, "send to custom drop app") \
+ _ (REASS_SUCCESS, "successful reassemblies") \
+ _ (REASS_FRAGMENTS_REASSEMBLED, "fragments reassembled") \
+ _ (REASS_FRAGMENTS_RCVD, "fragments received") \
_ (REASS_UNSUPP_IP_PROT, "unsupported ip protocol")
typedef enum
diff --git a/src/vnet/ip/reass/ip4_full_reass.c b/src/vnet/ip/reass/ip4_full_reass.c
index 2493fae434a..b5ea0276c88 100644
--- a/src/vnet/ip/reass/ip4_full_reass.c
+++ b/src/vnet/ip/reass/ip4_full_reass.c
@@ -453,6 +453,11 @@ ip4_full_reass_drop_all (vlib_main_t *vm, vlib_node_runtime_t *node,
next_index = reass->error_next_index;
u32 bi = ~0;
+ /* record number of packets sent to custom app */
+ vlib_node_increment_counter (vm, node->node_index,
+ IP4_ERROR_REASS_TO_CUSTOM_APP,
+ vec_len (to_free));
+
while (vec_len (to_free) > 0)
{
vlib_get_next_frame (vm, node, next_index, *to_next,
@@ -579,6 +584,8 @@ again:
if (now > reass->last_heard + rm->timeout)
{
+ vlib_node_increment_counter (vm, node->node_index,
+ IP4_ERROR_REASS_TIMEOUT, 1);
ip4_full_reass_drop_all (vm, node, reass, n_left_to_next, to_next);
ip4_full_reass_free (rm, rt, reass);
reass = NULL;
@@ -825,6 +832,15 @@ ip4_full_reass_finalize (vlib_main_t * vm, vlib_node_runtime_t * node,
}
vnet_buffer (first_b)->ip.reass.estimated_mtu = reass->min_fragment_length;
+ /* Keep track of number of successfully reassembled packets and number of
+ * fragments reassembled */
+ vlib_node_increment_counter (vm, node->node_index, IP4_ERROR_REASS_SUCCESS,
+ 1);
+
+ vlib_node_increment_counter (vm, node->node_index,
+ IP4_ERROR_REASS_FRAGMENTS_REASSEMBLED,
+ reass->fragments_n);
+
*error0 = IP4_ERROR_NONE;
ip4_full_reass_free (rm, rt, reass);
reass = NULL;
@@ -1214,6 +1230,10 @@ ip4_full_reass_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
clib_net_to_host_u16 (ip0->length) - ip4_header_bytes (ip0);
const u32 fragment_last = fragment_first + fragment_length - 1;
+ /* Keep track of received fragments */
+ vlib_node_increment_counter (vm, node->node_index,
+ IP4_ERROR_REASS_FRAGMENTS_RCVD, 1);
+
if (fragment_first > fragment_last ||
fragment_first + fragment_length > UINT16_MAX - 20 ||
(fragment_length < 8 && // 8 is minimum frag length per RFC 791
@@ -1335,6 +1355,14 @@ ip4_full_reass_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
vnet_feature_next (&next0, b0);
}
+ /* Increment the counter to-custom-app also as this fragment is
+ * also going to application */
+ if (CUSTOM == type)
+ {
+ vlib_node_increment_counter (
+ vm, node->node_index, IP4_ERROR_REASS_TO_CUSTOM_APP, 1);
+ }
+
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
to_next, n_left_to_next,
bi0, next0);
@@ -1680,6 +1708,10 @@ ip4_full_reass_walk_expired (vlib_main_t *vm, vlib_node_runtime_t *node,
}
}
+ if (vec_len (pool_indexes_to_free))
+ vlib_node_increment_counter (vm, node->node_index,
+ IP4_ERROR_REASS_TIMEOUT,
+ vec_len (pool_indexes_to_free));
int *i;
vec_foreach (i, pool_indexes_to_free)
{