ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ipsec: simplify bumping counters - cosmetic change

Browse Source 
Change-Id: Ibb55427ed49d0277854a352922c6c4bb007bf072
Signed-off-by: Klement Sekera <ksekera@cisco.com>
This commit is contained in:
Klement Sekera
2018-11-30 14:37:03 +01:00
committed by Dave Barach
parent 01f3f894fc
commit 2e02ba0dda
4 changed files with 35 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/vnet/ipsec/ah_decrypt.c
View File

@@ -158,14 +158,8 @@ ah_decrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (rv))
{
if (is_ip6)
vlib_node_increment_counter (vm,
ah6_decrypt_node.index,
AH_DECRYPT_ERROR_REPLAY, 1);
else
vlib_node_increment_counter (vm,
ah4_decrypt_node.index,
AH_DECRYPT_ERROR_REPLAY, 1);
vlib_node_increment_counter (vm, node->node_index,
AH_DECRYPT_ERROR_REPLAY, 1);
goto trace;
}
}
@@ -212,16 +206,9 @@ ah_decrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (memcmp (digest, sig, icv_size)))
{
if (is_ip6)
vlib_node_increment_counter (vm,
ah6_decrypt_node.index,
AH_DECRYPT_ERROR_INTEG_ERROR,
1);
else
vlib_node_increment_counter (vm,
ah4_decrypt_node.index,
AH_DECRYPT_ERROR_INTEG_ERROR,
1);
vlib_node_increment_counter (vm, node->node_index,
AH_DECRYPT_ERROR_INTEG_ERROR,
1);
goto trace;
}
@@ -248,16 +235,9 @@ ah_decrypt_inline (vlib_main_t * vm,
next0 = AH_DECRYPT_NEXT_IP6_INPUT;
else
{
if (is_ip6)
vlib_node_increment_counter (vm,
ah6_decrypt_node.index,
AH_DECRYPT_ERROR_DECRYPTION_FAILED,
1);
else
vlib_node_increment_counter (vm,
ah4_decrypt_node.index,
AH_DECRYPT_ERROR_DECRYPTION_FAILED,
1);
vlib_node_increment_counter (vm, node->node_index,
AH_DECRYPT_ERROR_DECRYPTION_FAILED,
1);
goto trace;
}
}
@@ -320,14 +300,8 @@ ah_decrypt_inline (vlib_main_t * vm,
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
if (is_ip6)
vlib_node_increment_counter (vm, ah6_decrypt_node.index,
AH_DECRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
else
vlib_node_increment_counter (vm, ah4_decrypt_node.index,
AH_DECRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
vlib_node_increment_counter (vm, node->node_index, AH_DECRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
return from_frame->n_vectors;
}

19
src/vnet/ipsec/ah_encrypt.c
View File

@@ -127,12 +127,8 @@ ah_encrypt_inline (vlib_main_t * vm,
{
clib_warning ("sequence number counter has cycled SPI %u",
sa0->spi);
if (is_ip6)
vlib_node_increment_counter (vm, ah6_encrypt_node.index,
AH_ENCRYPT_ERROR_SEQ_CYCLED, 1);
else
vlib_node_increment_counter (vm, ah4_encrypt_node.index,
AH_ENCRYPT_ERROR_SEQ_CYCLED, 1);
vlib_node_increment_counter (vm, node->node_index,
AH_ENCRYPT_ERROR_SEQ_CYCLED, 1);
//TODO need to confirm if below is needed
to_next[0] = i_bi0;
to_next += 1;
@@ -314,14 +310,9 @@ ah_encrypt_inline (vlib_main_t * vm,
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
if (is_ip6)
vlib_node_increment_counter (vm, ah6_encrypt_node.index,
AH_ENCRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
else
vlib_node_increment_counter (vm, ah4_encrypt_node.index,
AH_ENCRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
vlib_node_increment_counter (vm, node->node_index,
AH_ENCRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
return from_frame->n_vectors;
}

57
src/vnet/ipsec/esp_decrypt.c
View File

@@ -131,14 +131,8 @@ esp_decrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (vec_len (empty_buffers) < n_left_from))
{
if (is_ip6)
vlib_node_increment_counter (vm, esp6_decrypt_node.index,
ESP_DECRYPT_ERROR_NO_BUFFER,
n_left_from);
else
vlib_node_increment_counter (vm, esp4_decrypt_node.index,
ESP_DECRYPT_ERROR_NO_BUFFER,
n_left_from);
vlib_node_increment_counter (vm, node->node_index,
ESP_DECRYPT_ERROR_NO_BUFFER, n_left_from);
goto free_buffers_and_exit;
}
@@ -190,14 +184,8 @@ esp_decrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (rv))
{
if (is_ip6)
vlib_node_increment_counter (vm,
esp6_decrypt_node.index,
ESP_DECRYPT_ERROR_REPLAY, 1);
else
vlib_node_increment_counter (vm,
esp4_decrypt_node.index,
ESP_DECRYPT_ERROR_REPLAY, 1);
vlib_node_increment_counter (vm, node->node_index,
ESP_DECRYPT_ERROR_REPLAY, 1);
o_bi0 = i_bi0;
to_next[0] = o_bi0;
to_next += 1;
@@ -224,16 +212,9 @@ esp_decrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (memcmp (icv, sig, icv_size)))
{
if (is_ip6)
vlib_node_increment_counter (vm,
esp6_decrypt_node.index,
ESP_DECRYPT_ERROR_INTEG_ERROR,
1);
else
vlib_node_increment_counter (vm,
esp4_decrypt_node.index,
ESP_DECRYPT_ERROR_INTEG_ERROR,
1);
vlib_node_increment_counter (vm, node->node_index,
ESP_DECRYPT_ERROR_INTEG_ERROR,
1);
o_bi0 = i_bi0;
to_next[0] = o_bi0;
to_next += 1;
@@ -329,16 +310,9 @@ esp_decrypt_inline (vlib_main_t * vm,
next0 = ESP_DECRYPT_NEXT_IP6_INPUT;
else
{
if (is_ip6)
vlib_node_increment_counter (vm,
esp6_decrypt_node.index,
ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
1);
else
vlib_node_increment_counter (vm,
esp4_decrypt_node.index,
ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
1);
vlib_node_increment_counter (vm, node->node_index,
ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
1);
o_b0 = 0;
goto trace;
}
@@ -410,14 +384,9 @@ esp_decrypt_inline (vlib_main_t * vm,
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
if (is_ip6)
vlib_node_increment_counter (vm, esp6_decrypt_node.index,
ESP_DECRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
else
vlib_node_increment_counter (vm, esp4_decrypt_node.index,
ESP_DECRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
vlib_node_increment_counter (vm, node->node_index,
ESP_DECRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
free_buffers_and_exit:

29
src/vnet/ipsec/esp_encrypt.c
View File

@@ -137,14 +137,8 @@ esp_encrypt_inline (vlib_main_t * vm,
if (PREDICT_FALSE (vec_len (empty_buffers) < n_left_from))
{
if (is_ip6)
vlib_node_increment_counter (vm, esp6_encrypt_node.index,
ESP_ENCRYPT_ERROR_NO_BUFFER,
n_left_from);
else
vlib_node_increment_counter (vm, esp4_encrypt_node.index,
ESP_ENCRYPT_ERROR_NO_BUFFER,
n_left_from);
vlib_node_increment_counter (vm, node->node_index,
ESP_ENCRYPT_ERROR_NO_BUFFER, n_left_from);
clib_warning ("not enough empty buffers. discarding frame");
goto free_buffers_and_exit;
}
@@ -189,12 +183,8 @@ esp_encrypt_inline (vlib_main_t * vm,
{
clib_warning ("sequence number counter has cycled SPI %u",
sa0->spi);
if (is_ip6)
vlib_node_increment_counter (vm, esp6_encrypt_node.index,
ESP_ENCRYPT_ERROR_SEQ_CYCLED, 1);
else
vlib_node_increment_counter (vm, esp4_encrypt_node.index,
ESP_ENCRYPT_ERROR_SEQ_CYCLED, 1);
vlib_node_increment_counter (vm, node->node_index,
ESP_ENCRYPT_ERROR_SEQ_CYCLED, 1);
//TODO: rekey SA
o_bi0 = i_bi0;
to_next[0] = o_bi0;
@@ -428,14 +418,9 @@ esp_encrypt_inline (vlib_main_t * vm,
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
if (is_ip6)
vlib_node_increment_counter (vm, esp6_encrypt_node.index,
ESP_ENCRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
else
vlib_node_increment_counter (vm, esp4_encrypt_node.index,
ESP_ENCRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
vlib_node_increment_counter (vm, node->node_index,
ESP_ENCRYPT_ERROR_RX_PKTS,
from_frame->n_vectors);
free_buffers_and_exit:
if (recycle)