/** \file
This file defines vpp mactime control-plane API messages
*/
-option version = "1.1.0";
+option version = "1.1.1";
/** \brief api to enable or disable the time-based src mac filter on
an interface
u8 is_add; /**< add=1, del=0 */
u8 drop; /**< drop flag */
u8 allow; /**< allow flag */
+ u8 allow_quota; /**< allow subject to quota */
u8 no_udp_10001; /**< drop udp to port 10001 */
u64 data_quota; /**< max bytes this device */
u8 mac_address[6]; /**< src mac address */
dp->flags = MACTIME_DEVICE_FLAG_DYNAMIC_DROP;
if (mp->allow)
dp->flags = MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW;
+ if (mp->allow_quota)
+ dp->flags = MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW_QUOTA;
}
else
{
dp->flags = MACTIME_DEVICE_FLAG_DYNAMIC_DROP;
if (mp->allow)
dp->flags = MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW;
+ if (mp->allow_quota)
+ dp->flags = MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW_QUOTA;
}
else
{
u8 *fmt;
char *suffix = "";
- fmt = format (0, "%%%d.3f%%s%c", width, 0);
+ if (width > 0)
+ fmt = format (0, "%%%d.3f%%s%c", width, 0);
+ else
+ fmt = format (0, "%%.3f%%s%c", 0);
if (nbytes > (1024ULL * 1024ULL * 1024ULL))
{
suffix = "K";
}
else
- nbytes_f64 = (f64) nbytes;
+ {
+ nbytes_f64 = (f64) nbytes;
+ suffix = "B";
+ }
s = format (s, (char *) fmt, nbytes_f64, suffix);
vec_free (fmt);
}));
/* *INDENT-ON* */
- vlib_cli_output (vm, "%-15s %18s %14s %10s %11s %10s",
+ vlib_cli_output (vm, "%-15s %18s %14s %10s %11s %13s",
"Device Name", "Addresses", "Status",
"AllowPkt", "AllowByte", "DropPkt");
{
if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW)
current_status = 3;
+ else if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW_QUOTA)
+ current_status = 5;
else
current_status = 2;
if (verbose)
current_status = 2;
if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_DROP)
current_status = 3;
+ if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW_QUOTA)
+ current_status = 4;
print:
vec_reset_length (macstring);
case 3:
status_string = "dynamic allow";
break;
+ case 4:
+ status_string = "d-quota inact";
+ break;
+ case 5:
+ status_string = "d-quota activ";
+ break;
default:
status_string = "code bug!";
break;
vlib_get_combined_counter (&mm->allow_counters, dp - mm->devices,
&allow);
vlib_get_combined_counter (&mm->drop_counters, dp - mm->devices, &drop);
- vlib_cli_output (vm, "%-15s %18s %14s %10lld %U %10lld",
+ vlib_cli_output (vm, "%-15s %18s %14s %10lld %U %13lld",
dp->device_name, macstring, status_string,
allow.packets, format_bytes_with_width, allow.bytes,
10, drop.packets);
if (dp->data_quota > 0)
- vlib_cli_output (vm, "%-54s %s%U", " ", "Quota ",
- format_bytes_with_width, dp->data_quota, 10);
+ vlib_cli_output (vm, "%-54s %s%U %s%U", " ", "Quota ",
+ format_bytes_with_width, dp->data_quota, 10,
+ "Use ", format_bytes_with_width,
+ dp->data_used_in_range, 8);
/* This is really only good for small N... */
for (j = 0; j < vec_len (mm->arp_cache_copy); j++)
{
u8 *device_name;
u8 mac_address[6];
u64 data_quota;
+ u64 data_used_in_range;
u32 flags;
clib_timebase_range_t *ranges;
} mactime_device_t;
#define MACTIME_DEVICE_FLAG_STATIC_ALLOW (1<<1)
#define MACTIME_DEVICE_FLAG_DYNAMIC_DROP (1<<2)
#define MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW (1<<3)
-#define MACTIME_DEVICE_FLAG_DROP_UDP_10001 (1<<4)
+#define MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW_QUOTA (1<<4)
+#define MACTIME_DEVICE_FLAG_DROP_UDP_10001 (1<<5)
typedef struct
{
int mac_set = 0;
u8 is_add = 1;
u8 allow = 0;
+ u8 allow_quota = 0;
u8 drop = 0;
u8 no_udp_10001 = 0;
u64 data_quota = 0;
else if (unformat (i, "allow-range %U",
unformat_clib_timebase_range_vector, &rp))
allow = 1;
+ else if (unformat (i, "allow-quota-range %U",
+ unformat_clib_timebase_range_vector, &rp))
+ allow_quota = 1;
else if (unformat (i, "drop-range %U",
unformat_clib_timebase_range_vector, &rp))
drop = 1;
}
/* allow-range / drop-range parse errors cause this condition */
- if (is_add && allow == 0 && drop == 0)
+ if (is_add && allow == 0 && drop == 0 && allow_quota == 0)
{
vec_free (rp);
vec_free (device_name);
- errmsg ("neither allow nor drop set, parse error...\n");
+ errmsg ("parse error...\n");
+ return -99;
}
/* Unlikely, but check anyhow */
mp->is_add = is_add;
mp->drop = drop;
mp->allow = allow;
+ mp->allow_quota = allow_quota;
mp->no_udp_10001 = no_udp_10001;
mp->data_quota = clib_host_to_net_u64 (data_quota);
memcpy (mp->mac_address, mac_address, sizeof (mp->mac_address));
u32 device_index0;
u32 len0;
ethernet_header_t *en0;
+ int has_dynamic_range_allow = 0;
int i;
/* speculatively enqueue b0 to the current next frame */
dp = pool_elt_at_index (mm->devices, device_index0);
- /* Known device, check for a traffic quota */
- if (PREDICT_FALSE (dp->data_quota))
+ /* Known device, check for an always-on traffic quota */
+ if ((dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW)
+ && PREDICT_FALSE (dp->data_quota))
{
vlib_counter_t device_current_count;
vlib_get_combined_counter (&mm->allow_counters,
start0 = r->start + mm->sunday_midnight;
end0 = r->end + mm->sunday_midnight;
+ if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW_QUOTA)
+ has_dynamic_range_allow = 1;
+
/* Packet within time range */
if (now >= start0 && now <= end0)
{
dp - mm->devices, 1, len0);
next0 = MACTIME_NEXT_DROP;
b0->error = node->errors[MACTIME_ERROR_RANGE_DROP];
+ goto trace0;
}
- else /* it's an allow range, allow it */
+ /* Quota-check allow range? */
+ else if (has_dynamic_range_allow)
{
+ if (dp->data_used_in_range + len0 >= dp->data_quota)
+ {
+ next0 = MACTIME_NEXT_DROP;
+ b0->error = node->errors[MACTIME_ERROR_QUOTA_DROP];
+ vlib_increment_combined_counter
+ (&mm->drop_counters, thread_index,
+ dp - mm->devices, 1, len0);
+ goto trace0;
+ }
+ else
+ {
+ dp->data_used_in_range += len0;
+ goto allow0;
+ }
+ }
+ else
+ { /* it's an allow range, allow it */
+ allow0:
vlib_increment_combined_counter
(&mm->allow_counters, thread_index,
dp - mm->devices, 1, len0);
packets_ok++;
+ goto trace0;
}
- goto trace0;
}
}
/*
vlib_increment_combined_counter
(&mm->drop_counters, thread_index, dp - mm->devices, 1, len0);
}
- else
+ else /* DYNAMIC_DROP, DYNAMIC_RANGE_ALLOW_QUOTA */
{
vlib_increment_combined_counter
(&mm->allow_counters, thread_index, dp - mm->devices, 1,
len0);
+ /* Clear the data quota accumulater */
+ dp->data_used_in_range = 0;
packets_ok++;
}