summaryrefslogtreecommitdiff
path: root/include/net
diff options
context:
space:
mode:
authorDmitry Safonov <dima@arista.com>2023-10-23 20:22:05 +0100
committerDavid S. Miller <davem@davemloft.net>2023-10-27 10:35:45 +0100
commitaf09a341dcf63b34ce742295ad1ce876246c5de2 (patch)
tree7cb38d0d08bc96cc8398c465c0a6de76245fc0d6 /include/net
parent0a3a809089eb1d4a0a2fd0c16b520d603988c859 (diff)
net/tcp: Add TCP-AO segments counters
Introduce segment counters that are useful for troubleshooting/debugging as well as for writing tests. Now there are global snmp counters as well as per-socket and per-key. Co-developed-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Co-developed-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Acked-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/dropreason-core.h15
-rw-r--r--include/net/tcp.h15
-rw-r--r--include/net/tcp_ao.h10
3 files changed, 32 insertions, 8 deletions
diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h
index 7637137ae33e..3c70ad53a49c 100644
--- a/include/net/dropreason-core.h
+++ b/include/net/dropreason-core.h
@@ -168,17 +168,24 @@ enum skb_drop_reason {
*/
SKB_DROP_REASON_TCP_MD5FAILURE,
/**
- * @SKB_DROP_REASON_TCP_AONOTFOUND: no TCP-AO hash and one was expected
+ * @SKB_DROP_REASON_TCP_AONOTFOUND: no TCP-AO hash and one was expected,
+ * corresponding to LINUX_MIB_TCPAOREQUIRED
*/
SKB_DROP_REASON_TCP_AONOTFOUND,
/**
* @SKB_DROP_REASON_TCP_AOUNEXPECTED: TCP-AO hash is present and it
- * was not expected.
+ * was not expected, corresponding to LINUX_MIB_TCPAOKEYNOTFOUND
*/
SKB_DROP_REASON_TCP_AOUNEXPECTED,
- /** @SKB_DROP_REASON_TCP_AOKEYNOTFOUND: TCP-AO key is unknown */
+ /**
+ * @SKB_DROP_REASON_TCP_AOKEYNOTFOUND: TCP-AO key is unknown,
+ * corresponding to LINUX_MIB_TCPAOKEYNOTFOUND
+ */
SKB_DROP_REASON_TCP_AOKEYNOTFOUND,
- /** @SKB_DROP_REASON_TCP_AOFAILURE: TCP-AO hash is wrong */
+ /**
+ * @SKB_DROP_REASON_TCP_AOFAILURE: TCP-AO hash is wrong,
+ * corresponding to LINUX_MIB_TCPAOBAD
+ */
SKB_DROP_REASON_TCP_AOFAILURE,
/**
* @SKB_DROP_REASON_SOCKET_BACKLOG: failed to add skb to socket backlog (
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 8e1f835bad22..50ae1ed244e5 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -2712,7 +2712,7 @@ static inline int tcp_parse_auth_options(const struct tcphdr *th,
}
static inline bool tcp_ao_required(struct sock *sk, const void *saddr,
- int family)
+ int family, bool stat_inc)
{
#ifdef CONFIG_TCP_AO
struct tcp_ao_info *ao_info;
@@ -2724,8 +2724,13 @@ static inline bool tcp_ao_required(struct sock *sk, const void *saddr,
return false;
ao_key = tcp_ao_do_lookup(sk, saddr, family, -1, -1);
- if (ao_info->ao_required || ao_key)
+ if (ao_info->ao_required || ao_key) {
+ if (stat_inc) {
+ NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOREQUIRED);
+ atomic64_inc(&ao_info->counters.ao_required);
+ }
return true;
+ }
#endif
return false;
}
@@ -2747,8 +2752,10 @@ tcp_inbound_hash(struct sock *sk, const struct request_sock *req,
return SKB_DROP_REASON_TCP_AUTH_HDR;
if (req) {
- if (tcp_rsk_used_ao(req) != !!aoh)
+ if (tcp_rsk_used_ao(req) != !!aoh) {
+ NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOBAD);
return SKB_DROP_REASON_TCP_AOFAILURE;
+ }
}
/* sdif set, means packet ingressed via a device
@@ -2763,7 +2770,7 @@ tcp_inbound_hash(struct sock *sk, const struct request_sock *req,
* the last key is impossible to remove, so there's
* always at least one current_key.
*/
- if (tcp_ao_required(sk, saddr, family))
+ if (tcp_ao_required(sk, saddr, family, true))
return SKB_DROP_REASON_TCP_AONOTFOUND;
if (unlikely(tcp_md5_do_lookup(sk, l3index, saddr, family))) {
NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
diff --git a/include/net/tcp_ao.h b/include/net/tcp_ao.h
index 1c7c0a5d1877..cfb55bd9411b 100644
--- a/include/net/tcp_ao.h
+++ b/include/net/tcp_ao.h
@@ -19,6 +19,13 @@ struct tcp_ao_hdr {
u8 rnext_keyid;
};
+struct tcp_ao_counters {
+ atomic64_t pkt_good;
+ atomic64_t pkt_bad;
+ atomic64_t key_not_found;
+ atomic64_t ao_required;
+};
+
struct tcp_ao_key {
struct hlist_node node;
union tcp_ao_addr addr;
@@ -33,6 +40,8 @@ struct tcp_ao_key {
u8 rcvid;
u8 maclen;
struct rcu_head rcu;
+ atomic64_t pkt_good;
+ atomic64_t pkt_bad;
u8 traffic_keys[];
};
@@ -81,6 +90,7 @@ struct tcp_ao_info {
*/
struct tcp_ao_key *current_key;
struct tcp_ao_key *rnext_key;
+ struct tcp_ao_counters counters;
u32 ao_required :1,
__unused :31;
__be32 lisn;