summaryrefslogtreecommitdiffstats
path: root/src/vnet/policer/police_inlines.h
blob: 64386e6f1bf7f01e36c2d52d5c316719c0926022 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
/*
 * Copyright (c) 2015 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#ifndef __POLICE_INLINES_H__
#define __POLICE_INLINES_H__

#include <vnet/policer/police.h>
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>

#define IP4_NON_DSCP_BITS 0x03
#define IP4_DSCP_SHIFT    2
#define IP6_NON_DSCP_BITS 0xf03fffff
#define IP6_DSCP_SHIFT    22

static_always_inline void
vnet_policer_mark (vlib_buffer_t * b, u8 dscp)
{
  ethernet_header_t *eh;
  ip4_header_t *ip4h;
  ip6_header_t *ip6h;
  u16 type;

  eh = (ethernet_header_t *) b->data;
  type = clib_net_to_host_u16 (eh->type);

  if (PREDICT_TRUE (type == ETHERNET_TYPE_IP4))
    {
      ip4h = (ip4_header_t *) & (b->data[sizeof (ethernet_header_t)]);;
      ip4h->tos &= IP4_NON_DSCP_BITS;
      ip4h->tos |= dscp << IP4_DSCP_SHIFT;
      ip4h->checksum = ip4_header_checksum (ip4h);
    }
  else
    {
      if (PREDICT_TRUE (type == ETHERNET_TYPE_IP6))
	{
	  ip6h = (ip6_header_t *) & (b->data[sizeof (ethernet_header_t)]);
	  ip6h->ip_version_traffic_class_and_flow_label &=
	    clib_host_to_net_u32 (IP6_NON_DSCP_BITS);
	  ip6h->ip_version_traffic_class_and_flow_label |=
	    clib_host_to_net_u32 (dscp << IP6_DSCP_SHIFT);
	}
    }
}

static_always_inline u8
vnet_policer_police (vlib_main_t * vm,
		     vlib_buffer_t * b,
		     u32 policer_index,
		     u64 time_in_policer_periods,
		     policer_result_e packet_color)
{
  u8 act;
  u32 len;
  u32 col;
  policer_read_response_type_st *pol;
  vnet_policer_main_t *pm = &vnet_policer_main;

  len = vlib_buffer_length_in_chain (vm, b);
  pol = &pm->policers[policer_index];
  col = vnet_police_packet (pol, len, packet_color, time_in_policer_periods);
  act = pol->action[col];
  if (PREDICT_TRUE (act == SSE2_QOS_ACTION_MARK_AND_TRANSMIT))
    vnet_policer_mark (b, pol->mark_dscp[col]);

  return act;
}

#endif // __POLICE_INLINES_H__

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */
ass="n">Raw(b"\xa5" * 100) ) def tearDown(self): for i in self.pg_interfaces: i.unconfig_ip4() i.admin_down() super(TestPolicerInput, self).tearDown() def policer_interface_test(self, dir: Dir): pkts = self.pkt * NUM_PKTS action_tx = PolicerAction( VppEnum.vl_api_sse2_qos_action_type_t.SSE2_QOS_ACTION_API_TRANSMIT, 0 ) policer = VppPolicer( self, "pol1", 80, 0, 1000, 0, conform_action=action_tx, exceed_action=action_tx, violate_action=action_tx, ) policer.add_vpp_config() sw_if_index = self.pg0.sw_if_index if dir == Dir.RX else self.pg1.sw_if_index # Start policing on pg0 policer.apply_vpp_config(sw_if_index, dir, True) rx = self.send_and_expect(self.pg0, pkts, self.pg1, worker=0) stats = policer.get_stats() # Single rate, 2 colour policer - expect conform, violate but no exceed self.assertGreater(stats["conform_packets"], 0) self.assertEqual(stats["exceed_packets"], 0) self.assertGreater(stats["violate_packets"], 0) # Stop policing on pg0 policer.apply_vpp_config(sw_if_index, dir, False) rx = self.send_and_expect(self.pg0, pkts, self.pg1, worker=0) statsnew = policer.get_stats() # No new packets counted self.assertEqual(stats, statsnew) policer.remove_vpp_config() def test_policer_input(self): """Input Policing""" self.policer_interface_test(Dir.RX) def test_policer_output(self): """Output Policing""" self.policer_interface_test(Dir.TX) def test_policer_reset(self): """Policer reset bucket""" pkts = self.pkt * NUM_PKTS action_tx = PolicerAction( VppEnum.vl_api_sse2_qos_action_type_t.SSE2_QOS_ACTION_API_TRANSMIT, 0 ) policer = VppPolicer( self, "pol1", 1, 0, 10000, 0, conform_action=action_tx, exceed_action=action_tx, violate_action=action_tx, ) policer.add_vpp_config() # Start policing on pg0 policer.apply_vpp_config(self.pg0.sw_if_index, Dir.RX, True) self.send_and_expect(self.pg0, pkts, self.pg1, worker=0) details = policer.get_details() self.assertGreater(details.current_limit, details.current_bucket) self.send_and_expect(self.pg0, pkts, self.pg1, worker=0) self.vapi.policer_reset(policer_index=policer.policer_index) details = policer.get_details() self.assertEqual(details.current_limit, details.current_bucket) policer.apply_vpp_config(self.pg0.sw_if_index, Dir.RX, False) policer.remove_vpp_config() def test_policer_update(self): """Policer update""" pkts = self.pkt * NUM_PKTS action_tx = PolicerAction( VppEnum.vl_api_sse2_qos_action_type_t.SSE2_QOS_ACTION_API_TRANSMIT, 0 ) policer = VppPolicer( self, "pol1", 1, 0, 10000, 0, conform_action=action_tx, exceed_action=action_tx, violate_action=action_tx, ) policer.add_vpp_config() # Start policing on pg0 policer.apply_vpp_config(self.pg0.sw_if_index, Dir.RX, True) self.send_and_expect(self.pg0, pkts, self.pg1, worker=0) details_before = policer.get_details() self.assertGreater(details_before.current_limit, details_before.current_bucket) policer.cir = 8000 policer.commited_burst = 100000 policer.update() details_after = policer.get_details() self.assertGreater(details_after.cir, details_before.cir) self.assertGreater(details_after.cb, details_before.cb) policer.apply_vpp_config(self.pg0.sw_if_index, Dir.RX, False) policer.remove_vpp_config() def policer_handoff_test(self, dir: Dir): pkts = self.pkt * NUM_PKTS action_tx = PolicerAction( VppEnum.vl_api_sse2_qos_action_type_t.SSE2_QOS_ACTION_API_TRANSMIT, 0 ) policer = VppPolicer( self, "pol2", 80, 0, 1000, 0, conform_action=action_tx, exceed_action=action_tx, violate_action=action_tx, ) policer.add_vpp_config() sw_if_index = self.pg0.sw_if_index if dir == Dir.RX else self.pg1.sw_if_index # Bind the policer to worker 1 policer.bind_vpp_config(1, True) # Start policing on pg0 policer.apply_vpp_config(sw_if_index, dir, True) for worker in [0, 1]: self.send_and_expect(self.pg0, pkts, self.pg1, worker=worker) self.logger.debug(self.vapi.cli("show trace max 100")) stats = policer.get_stats() stats0 = policer.get_stats(worker=0) stats1 = policer.get_stats(worker=1) # Worker 1, should have done all the policing self.assertEqual(stats, stats1) # Worker 0, should have handed everything off self.assertEqual(stats0["conform_packets"], 0) self.assertEqual(stats0["exceed_packets"], 0) self.assertEqual(stats0["violate_packets"], 0) # Unbind the policer from worker 1 and repeat policer.bind_vpp_config(1, False) for worker in [0, 1]: self.send_and_expect(self.pg0, pkts, self.pg1, worker=worker) self.logger.debug(self.vapi.cli("show trace max 100")) # The policer should auto-bind to worker 0 when packets arrive stats = policer.get_stats() # The 2 workers should now have policed the same amount stats = policer.get_stats() stats0 = policer.get_stats(worker=0) stats1 = policer.get_stats(worker=1) self.assertGreater(stats0["conform_packets"], 0) self.assertEqual(stats0["exceed_packets"], 0) self.assertGreater(stats0["violate_packets"], 0) self.assertGreater(stats1["conform_packets"], 0) self.assertEqual(stats1["exceed_packets"], 0) self.assertGreater(stats1["violate_packets"], 0) self.assertEqual( stats0["conform_packets"] + stats1["conform_packets"], stats["conform_packets"], ) self.assertEqual( stats0["violate_packets"] + stats1["violate_packets"], stats["violate_packets"], ) # Stop policing on pg0 policer.apply_vpp_config(sw_if_index, dir, False) policer.remove_vpp_config() def test_policer_handoff_input(self): """Worker thread handoff policer input""" self.policer_handoff_test(Dir.RX) def test_policer_handoff_output(self): """Worker thread handoff policer output""" self.policer_handoff_test(Dir.TX) if __name__ == "__main__": unittest.main(testRunner=VppTestRunner)