ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

npt66: replace clib_warnings() with error counters

Browse Source 
Replace clib_warnings() in the forwarding path with
error counters.

Change-Id: Ie679d940f056eeddeb8a032c77fe9c2195490cfc
Signed-off-by: Ole Troan <otroan@employees.org>
Type: fix
Signed-off-by: Ole Troan <otroan@employees.org>
This commit is contained in:
Ole Troan
2024-07-31 09:50:31 +02:00
parent 4a65e0166b
commit f726ebd174
2 changed files with 43 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/plugins/npt66/npt66.api
View File

@ -36,5 +36,16 @@ counters npt66 {
units "packets"; units "packets";
description "packet translation failed"; description "packet translation failed";
}; };
icmp6_checksum {
severity error;
type counter64;
units "packets";
description "ICMP6 checksum validation failed";
};
icmp6_truncated {
severity error;
type counter64;
units "packets";
description "ICMP6 packet truncated";
};
}; };

49
src/plugins/npt66/npt66_node.c
View File

@ -127,10 +127,7 @@ npt66_translate (ip6_header_t *ip, npt66_binding_t *binding, int dir)
if (!ip6_prefix_cmp (ip->src_address, binding->internal, if (!ip6_prefix_cmp (ip->src_address, binding->internal,
binding->internal_plen)) binding->internal_plen))
{ {
clib_warning ( /* Packet is not for us */
"npt66_translate: src address is not internal (%U -> %U)",
format_ip6_address, &ip->src_address, format_ip6_address,
&ip->dst_address);
goto done; goto done;
} }
ip->src_address = ip6_prefix_copy (ip->src_address, binding->external, ip->src_address = ip6_prefix_copy (ip->src_address, binding->external,
@ -144,10 +141,7 @@ npt66_translate (ip6_header_t *ip, npt66_binding_t *binding, int dir)
if (!ip6_prefix_cmp (ip->dst_address, binding->external, if (!ip6_prefix_cmp (ip->dst_address, binding->external,
binding->external_plen)) binding->external_plen))
{ {
clib_warning ( /* Packet is not for us */
"npt66_translate: dst address is not external (%U -> %U)",
format_ip6_address, &ip->src_address, format_ip6_address,
&ip->dst_address);
goto done; goto done;
} }
ip->dst_address = ip6_prefix_copy (ip->dst_address, binding->internal, ip->dst_address = ip6_prefix_copy (ip->dst_address, binding->internal,
@ -162,7 +156,7 @@ done:
static int static int
npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip, npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip,
icmp46_header_t *icmp, npt66_binding_t *binding, icmp46_header_t *icmp, npt66_binding_t *binding,
int dir) int dir, u32 *error)
{ {
ip6_header_t *ip = (ip6_header_t *) (icmp + 2); ip6_header_t *ip = (ip6_header_t *) (icmp + 2);
int rv = 0; int rv = 0;
@ -171,7 +165,7 @@ npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip,
if (clib_net_to_host_u16 (outer_ip->payload_length) < if (clib_net_to_host_u16 (outer_ip->payload_length) <
sizeof (icmp46_header_t) + 4 + sizeof (ip6_header_t)) sizeof (icmp46_header_t) + 4 + sizeof (ip6_header_t))
{ {
clib_warning ("ICMP6 payload too short"); *error = NPT66_ERROR_ICMP6_TRUNCATED;
return -1; return -1;
} }
@ -181,7 +175,7 @@ npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip,
sum16 = ip6_tcp_udp_icmp_compute_checksum (vm, b, outer_ip, &bogus_length); sum16 = ip6_tcp_udp_icmp_compute_checksum (vm, b, outer_ip, &bogus_length);
if (sum16 != 0 && sum16 != 0xffff) if (sum16 != 0 && sum16 != 0xffff)
{ {
clib_warning ("ICMP6 checksum failed"); *error = NPT66_ERROR_ICMP6_CHECKSUM;
return -1; return -1;
} }
if (dir == VLIB_RX) if (dir == VLIB_RX)
@ -189,10 +183,7 @@ npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip,
if (!ip6_prefix_cmp (ip->src_address, binding->external, if (!ip6_prefix_cmp (ip->src_address, binding->external,
binding->external_plen)) binding->external_plen))
{ {
clib_warning ( /* Not for us */
"npt66_icmp6_translate: src address is not internal (%U -> %U)",
format_ip6_address, &ip->src_address, format_ip6_address,
&ip->dst_address);
goto done; goto done;
} }
ip->src_address = ip6_prefix_copy (ip->src_address, binding->internal, ip->src_address = ip6_prefix_copy (ip->src_address, binding->internal,
@ -206,10 +197,7 @@ npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip,
if (!ip6_prefix_cmp (ip->dst_address, binding->external, if (!ip6_prefix_cmp (ip->dst_address, binding->external,
binding->external_plen)) binding->external_plen))
{ {
clib_warning ( /* Not for us */
"npt66_icmp6_translate: dst address is not external (%U -> %U)",
format_ip6_address, &ip->src_address, format_ip6_address,
&ip->dst_address);
goto done; goto done;
} }
ip->dst_address = ip6_prefix_copy (ip->dst_address, binding->internal, ip->dst_address = ip6_prefix_copy (ip->dst_address, binding->internal,
@ -217,8 +205,8 @@ npt66_icmp6_translate (vlib_buffer_t *b, ip6_header_t *outer_ip,
rv = npt66_adjust_checksum (binding->internal_plen, false, rv = npt66_adjust_checksum (binding->internal_plen, false,
binding->delta, &ip->dst_address); binding->delta, &ip->dst_address);
} }
done:
done:
return rv; return rv;
} }
@ -243,10 +231,12 @@ npt66_node_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
n_left_from = frame->n_vectors; n_left_from = frame->n_vectors;
vlib_get_buffers (vm, from, b, n_left_from); vlib_get_buffers (vm, from, b, n_left_from);
npt66_binding_t *binding; npt66_binding_t *binding;
u32 translated = 0;
/* Stage 1: build vector of flow hash (based on lookup mask) */ /* Stage 1: build vector of flow hash (based on lookup mask) */
while (n_left_from > 0) while (n_left_from > 0)
{ {
u32 error = NPT66_ERROR_TRANSLATION;
u32 sw_if_index = vnet_buffer (b[0])->sw_if_index[dir]; u32 sw_if_index = vnet_buffer (b[0])->sw_if_index[dir];
u32 iph_offset = u32 iph_offset =
dir == VLIB_TX ? vnet_buffer (b[0])->ip.save_rewrite_length : 0; dir == VLIB_TX ? vnet_buffer (b[0])->ip.save_rewrite_length : 0;
@ -261,28 +251,26 @@ npt66_node_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
icmp46_header_t *icmp = (icmp46_header_t *) (ip + 1); icmp46_header_t *icmp = (icmp46_header_t *) (ip + 1);
if (ip->protocol == IP_PROTOCOL_ICMP6 && icmp->type < 128) if (ip->protocol == IP_PROTOCOL_ICMP6 && icmp->type < 128)
{ {
rv = npt66_icmp6_translate (b[0], ip, icmp, binding, dir); rv = npt66_icmp6_translate (b[0], ip, icmp, binding, dir, &error);
if (rv < 0) if (rv < 0)
{ {
clib_warning ("ICMP6 npt66_translate failed");
*next = NPT66_NEXT_DROP; *next = NPT66_NEXT_DROP;
b[0]->error = node->errors[error];
goto next; goto next;
} }
} }
rv = npt66_translate (ip, binding, dir); rv = npt66_translate (ip, binding, dir);
if (rv < 0) if (rv < 0)
{ {
vlib_node_increment_counter (vm, node->node_index, b[0]->error = node->errors[error];
NPT66_ERROR_TRANSLATION, 1);
*next = NPT66_NEXT_DROP; *next = NPT66_NEXT_DROP;
goto next; goto next;
} }
else if (dir == VLIB_TX)
vlib_node_increment_counter (vm, node->node_index, NPT66_ERROR_TX, 1);
else else
vlib_node_increment_counter (vm, node->node_index, NPT66_ERROR_RX, 1); {
translated++;
}
next: next:
next += 1; next += 1;
n_left_from -= 1; n_left_from -= 1;
@ -321,6 +309,9 @@ npt66_node_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
break; break;
} }
} }
vlib_node_increment_counter (
vm, node->node_index, dir == VLIB_TX ? NPT66_ERROR_TX : NPT66_ERROR_RX,
translated);
vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors); vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
return frame->n_vectors; return frame->n_vectors;