/**
* HW configuration for the result of creating the endpoint
*/
- HW::item<bool> m_hw;
+ HW::item<uint32_t> m_hw;
/**
* The source EPG ID
namespace VOM {
namespace gbp_contract_cmds {
-create_cmd::create_cmd(HW::item<bool>& item,
+create_cmd::create_cmd(HW::item<uint32_t>& item,
sclass_t sclass,
sclass_t dclass,
const handle_t& acl,
return (s.str());
}
-delete_cmd::delete_cmd(HW::item<bool>& item, sclass_t sclass, sclass_t dclass)
+delete_cmd::delete_cmd(HW::item<uint32_t>& item,
+ sclass_t sclass,
+ sclass_t dclass)
: rpc_cmd(item)
, m_sclass(sclass)
, m_dclass(dclass)
/**
* A command class that creates or updates the GBP contract
*/
-class create_cmd : public rpc_cmd<HW::item<bool>, vapi::Gbp_contract_add_del>
+class create_cmd
+ : public rpc_cmd<HW::item<uint32_t>, vapi::Gbp_contract_add_del>
{
public:
/**
* Constructor
*/
- create_cmd(HW::item<bool>& item,
+ create_cmd(HW::item<uint32_t>& item,
sclass_t sclass,
sclass_t dclass,
const handle_t& acl,
/**
* A cmd class that deletes a GBP contract
*/
-class delete_cmd : public rpc_cmd<HW::item<bool>, vapi::Gbp_contract_add_del>
+class delete_cmd
+ : public rpc_cmd<HW::item<uint32_t>, vapi::Gbp_contract_add_del>
{
public:
/**
* Constructor
*/
- delete_cmd(HW::item<bool>& item, sclass_t sclass, sclass_t dclass);
+ delete_cmd(HW::item<uint32_t>& item, sclass_t sclass, sclass_t dclass);
/**
* Issue the command to VPP/HW
VLIB_INIT_FUNCTION (gbp_policy_dpo_module_init);
#endif /* CLIB_MARCH_VARIANT */
+typedef enum
+{
+#define _(sym,str) GBP_POLICY_DPO_ERROR_##sym,
+ foreach_gbp_policy_error
+#undef _
+ GBP_POLICY_N_ERROR,
+} gbp_policy_dpo_error_t;
+
+static char *gbp_policy_dpo_error_strings[] = {
+#define _(sym,string) string,
+ foreach_gbp_policy_error
+#undef _
+};
+
typedef struct gbp_policy_dpo_trace_t_
{
u32 sclass;
u32 dclass;
u32 acl_index;
- u32 a_bit;
+ u32 flags;
u32 action;
} gbp_policy_dpo_trace_t;
vlib_frame_t * from_frame, u8 is_ip6)
{
gbp_main_t *gm = &gbp_main;
- u32 n_left_from, next_index, *from, *to_next;
+ u32 n_left_from, next_index, *from, *to_next, thread_index;
+ u32 n_allow_intra, n_allow_a_bit;
gbp_rule_t *gu;
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
+ n_allow_intra = n_allow_a_bit = 0;
+ thread_index = vm->thread_index;
next_index = node->cached_next_index;
{
next0 = gpd0->gpd_dpo.dpoi_next_node;
key0.as_u32 = ~0;
+ n_allow_a_bit++;
goto trace;
}
*/
next0 = gpd0->gpd_dpo.dpoi_next_node;
vnet_buffer2 (b0)->gbp.flags |= VXLAN_GBP_GPFLAGS_A;
+ n_allow_intra++;
action0 = 0;
}
else
next0 = gpd0->gpd_dpo.dpoi_next_node;
break;
case GBP_RULE_DENY:
- next0 = 0;
+ next0 = GBP_POLICY_DROP;
break;
case GBP_RULE_REDIRECT:
next0 = gbp_rule_l3_redirect (gu, b0, is_ip6);
break;
}
}
+ if (next0 == GBP_POLICY_DROP)
+ {
+ vlib_increment_combined_counter
+ (&gbp_contract_drop_counters,
+ thread_index,
+ gci0, 1, vlib_buffer_length_in_chain (vm, b0));
+ b0->error =
+ node->errors[GBP_POLICY_DPO_ERROR_DROP_CONTRACT];
+ }
+ else
+ {
+ vlib_increment_combined_counter
+ (&gbp_contract_permit_counters,
+ thread_index,
+ gci0, 1, vlib_buffer_length_in_chain (vm, b0));
+ }
+
+ }
+ else
+ {
+ b0->error =
+ node->errors[GBP_POLICY_DPO_ERROR_DROP_NO_CONTRACT];
}
}
}
tr->sclass = key0.gck_src;
tr->dclass = key0.gck_dst;
tr->acl_index = (gc0 ? gc0->gc_acl_index : ~0);
- tr->a_bit = vnet_buffer2 (b0)->gbp.flags & VXLAN_GBP_GPFLAGS_A;
+ tr->flags = vnet_buffer2 (b0)->gbp.flags;
tr->action = action0;
}
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
+
+ vlib_node_increment_counter (vm, node->node_index,
+ GBP_POLICY_DPO_ERROR_ALLOW_INTRA,
+ n_allow_intra);
+ vlib_node_increment_counter (vm, node->node_index,
+ GBP_POLICY_DPO_ERROR_ALLOW_A_BIT,
+ n_allow_a_bit);
+
return from_frame->n_vectors;
}
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
gbp_policy_dpo_trace_t *t = va_arg (*args, gbp_policy_dpo_trace_t *);
- s = format (s, " sclass:%d dclass:%d acl-index:%d a-bit:%d action:%d",
- t->sclass, t->dclass, t->acl_index, t->a_bit, t->action);
+ s = format (s, " sclass:%d dclass:%d acl-index:%d flags:%U action:%d",
+ t->sclass, t->dclass, t->acl_index,
+ format_vxlan_gbp_header_gpflags, t->flags, t->action);
return s;
}
.name = "ip4-gbp-policy-dpo",
.vector_size = sizeof (u32),
.format_trace = format_gbp_policy_dpo_trace,
+
+ .n_errors = ARRAY_LEN(gbp_policy_dpo_error_strings),
+ .error_strings = gbp_policy_dpo_error_strings,
+
.n_next_nodes = GBP_POLICY_N_NEXT,
.next_nodes =
{
.name = "ip6-gbp-policy-dpo",
.vector_size = sizeof (u32),
.format_trace = format_gbp_policy_dpo_trace,
+
+ .n_errors = ARRAY_LEN(gbp_policy_dpo_error_strings),
+ .error_strings = gbp_policy_dpo_error_strings,
+
.n_next_nodes = GBP_POLICY_N_NEXT,
.next_nodes =
{
typedef enum
{
-#define _(sym,str) GBP_ERROR_##sym,
- foreach_gbp_policy
+#define _(sym,str) GBP_POLICY_ERROR_##sym,
+ foreach_gbp_policy_error
#undef _
GBP_POLICY_N_ERROR,
} gbp_policy_error_t;
static char *gbp_policy_error_strings[] = {
#define _(sym,string) string,
- foreach_gbp_policy
+ foreach_gbp_policy_error
#undef _
};
gbp_main_t *gm = &gbp_main;
gbp_policy_main_t *gpm = &gbp_policy_main;
u32 n_left_from, *from, *to_next;
- u32 next_index;
+ u32 next_index, thread_index;
+ u32 n_allow_intra, n_allow_a_bit;
next_index = 0;
n_left_from = frame->n_vectors;
from = vlib_frame_vector_args (frame);
+ thread_index = vm->thread_index;
+ n_allow_intra = n_allow_a_bit = 0;
while (n_left_from > 0)
{
(is_port_based ?
L2OUTPUT_FEAT_GBP_POLICY_PORT :
L2OUTPUT_FEAT_GBP_POLICY_MAC));
+ n_allow_a_bit++;
key0.as_u32 = ~0;
goto trace;
}
if (NULL != ge0)
key0.gck_dst = ge0->ge_fwd.gef_sclass;
else
- /* If you cannot determine the destination EP then drop */
- goto trace;
-
+ {
+ /* If you cannot determine the destination EP then drop */
+ b0->error = node->errors[GBP_POLICY_ERROR_DROP_NO_DCLASS];
+ goto trace;
+ }
key0.gck_src = vnet_buffer2 (b0)->gbp.sclass;
if (SCLASS_INVALID != key0.gck_src)
L2OUTPUT_FEAT_GBP_POLICY_PORT :
L2OUTPUT_FEAT_GBP_POLICY_MAC));
vnet_buffer2 (b0)->gbp.flags |= VXLAN_GBP_GPFLAGS_A;
+ n_allow_intra++;
}
else
{
u16 ether_type0;
const u8 *h0;
+ vlib_prefetch_combined_counter
+ (&gbp_contract_drop_counters, thread_index, gci0);
+ vlib_prefetch_combined_counter
+ (&gbp_contract_permit_counters, thread_index, gci0);
+
action0 = 0;
gc0 = gbp_contract_get (gci0);
l2_len0 = vnet_buffer (b0)->l2.l2_len;
/*
* black list model so drop
*/
+ b0->error =
+ node->errors[GBP_POLICY_ERROR_DROP_ETHER_TYPE];
+
+ vlib_increment_combined_counter
+ (&gbp_contract_drop_counters,
+ thread_index,
+ gci0, 1, vlib_buffer_length_in_chain (vm, b0));
+
goto trace;
}
L2OUTPUT_FEAT_GBP_POLICY_MAC));
break;
case GBP_RULE_DENY:
- next0 = 0;
+ next0 = GBP_POLICY_NEXT_DROP;
break;
case GBP_RULE_REDIRECT:
next0 = gbp_rule_l2_redirect (gu, b0);
}
}
}
+ if (next0 == GBP_POLICY_NEXT_DROP)
+ {
+ vlib_increment_combined_counter
+ (&gbp_contract_drop_counters,
+ thread_index,
+ gci0, 1, vlib_buffer_length_in_chain (vm, b0));
+ b0->error =
+ node->errors[GBP_POLICY_ERROR_DROP_CONTRACT];
+ }
+ else
+ {
+ vlib_increment_combined_counter
+ (&gbp_contract_permit_counters,
+ thread_index,
+ gci0, 1, vlib_buffer_length_in_chain (vm, b0));
+ }
+ }
+ else
+ {
+ b0->error =
+ node->errors[GBP_POLICY_ERROR_DROP_NO_CONTRACT];
}
}
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
+ vlib_node_increment_counter (vm, node->node_index,
+ GBP_POLICY_ERROR_ALLOW_INTRA, n_allow_intra);
+ vlib_node_increment_counter (vm, node->node_index,
+ GBP_POLICY_ERROR_ALLOW_A_BIT, n_allow_a_bit);
+
return frame->n_vectors;
}
.error_strings = gbp_policy_error_strings,
.n_next_nodes = GBP_POLICY_N_NEXT,
-
.next_nodes = {
[GBP_POLICY_NEXT_DROP] = "error-drop",
},
.vector_size = sizeof (u32),
.format_trace = format_gbp_policy_trace,
.type = VLIB_NODE_TYPE_INTERNAL,
- .sibling_of = "gbp-policy-port",
+
+ .n_errors = ARRAY_LEN(gbp_policy_error_strings),
+ .error_strings = gbp_policy_error_strings,
+
+ .n_next_nodes = GBP_POLICY_N_NEXT,
+ .next_nodes = {
+ [GBP_POLICY_NEXT_DROP] = "error-drop",
+ },
};
/* *INDENT-ON* */
return stat_segment_heartbeat_r (sm);
}
-stat_segment_data_t
+static stat_segment_data_t
copy_data (stat_segment_directory_entry_t * ep, stat_client_main_t * sm)
{
stat_segment_data_t result = { 0 };
rules = []
for r in self.rules:
rules.append(r.encode())
- self._test.vapi.gbp_contract_add_del(
+ r = self._test.vapi.gbp_contract_add_del(
1,
self.sclass,
self.dclass,
self.acl_index,
rules,
self.allowed_ethertypes)
+ self.stats_index = r.stats_index
self._test.registry.register(self, self._test.logger)
def remove_vpp_config(self):
return True
return False
+ def get_drop_stats(self):
+ c = self._test.statistics.get_counter("/net/gbp/contract/drop")
+ return c[0][self.stats_index]
+
+ def get_permit_stats(self):
+ c = self._test.statistics.get_counter("/net/gbp/contract/permit")
+ return c[0][self.stats_index]
+
class VppGbpVxlanTunnel(VppInterface):
"""
pkt_inter_epg_221_to_220 * 65,
eps[0].itf)
+ ds = c2.get_drop_stats()
+ self.assertEqual(ds['packets'], 0)
+ ps = c2.get_permit_stats()
+ self.assertEqual(ps['packets'], 65)
+
#
# the contract does not allow non-IP
#
def test_gbp_learn_l2(self):
""" GBP L2 Endpoint Learning """
+ self.vapi.cli("clear errors")
+
ep_flags = VppEnum.vl_api_gbp_endpoint_flags_t
learnt = [{'mac': '00:00:11:11:11:01',
'ip': '10.0.0.1',
self.send_and_assert_no_replies(self.pg2, p)
+ self.logger.info(self.vapi.cli("sh error"))
+ # self.assert_packet_counter_equal(
+ # '/err/gbp-policy-port/drop-no-contract', 1)
+
#
# we should not have learnt a new tunnel endpoint, since
# the EPG was not learnt.
vx_tun_l2_1.sw_if_index,
ip=l['ip']))
+ # self.assert_packet_counter_equal(
+ # '/err/gbp-policy-port/allow-intra-sclass', 2)
+
self.logger.info(self.vapi.cli("show gbp endpoint"))
self.logger.info(self.vapi.cli("show gbp vxlan"))
self.logger.info(self.vapi.cli("show ip mfib"))
Code Review / vpp.git / commitdiff