ipsec: increment no-tunnel counter in ipsec-tun-input

If "no-tunnel" error erises, you will not see it in the "show errors"
output because the packet will be punted. That fact complicates
troubleshooting.

Type: improvement

Change-Id: Ic08347f81131a4a73a05b66acbfb02797373f5ab
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>

diff --git a/src/vnet/ipsec/ipsec_tun_in.c b/src/vnet/ipsec/ipsec_tun_in.c
index 501ab02..fd0c3b0 100644 (file)
--- a/src/vnet/ipsec/ipsec_tun_in.c
+++ b/src/vnet/ipsec/ipsec_tun_in.c
@@ -347,6 +347,9 @@ ipsec_tun_protect_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
                               IPSEC_TUN_PROTECT_INPUT_ERROR_RX,
                               from_frame->n_vectors - (n_disabled +
                                                        n_no_tunnel));
+  vlib_node_increment_counter (vm, node->node_index,
+                              IPSEC_TUN_PROTECT_INPUT_ERROR_NO_TUNNEL,
+                              n_no_tunnel);
 
   vlib_buffer_enqueue_to_next (vm, node, from, nexts, from_frame->n_vectors);