github.com/cilium/cilium@v1.16.2/pkg/monitor/api/drop.go

github.com/cilium/cilium@v1.16.2/pkg/monitor/api/drop.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package api
     5  
     6  import (
     7  	"fmt"
     8  )
     9  
    10  // DropMin numbers less than this are non-drop reason codes
    11  var DropMin uint8 = 130
    12  
    13  // DropInvalid is the Invalid packet reason.
    14  var DropInvalid uint8 = 2
    15  
    16  // These values are shared with bpf/lib/common.h and api/v1/flow/flow.proto.
    17  var errors = map[uint8]string{
    18  	0:   "Success",
    19  	2:   "Invalid packet",
    20  	3:   "Interface",
    21  	4:   "Interface Decrypted",
    22  	5:   "LB, sock cgroup: No backend slot entry found",
    23  	6:   "LB, sock cgroup: No backend entry found",
    24  	7:   "LB, sock cgroup: Reverse entry update failed",
    25  	8:   "LB, sock cgroup: Reverse entry stale",
    26  	9:   "Fragmented packet",
    27  	10:  "Fragmented packet entry update failed",
    28  	11:  "Missed tail call to custom program",
    29  	130: "Invalid source mac",      // Unused
    30  	131: "Invalid destination mac", // Unused
    31  	132: "Invalid source ip",
    32  	133: "Policy denied",
    33  	134: "Invalid packet",
    34  	135: "CT: Truncated or invalid header",
    35  	136: "Fragmentation needed",
    36  	137: "CT: Unknown L4 protocol",
    37  	138: "CT: Can't create entry from packet", // Unused
    38  	139: "Unsupported L3 protocol",
    39  	140: "Missed tail call",
    40  	141: "Error writing to packet",
    41  	142: "Unknown L4 protocol",
    42  	143: "Unknown ICMPv4 code",
    43  	144: "Unknown ICMPv4 type",
    44  	145: "Unknown ICMPv6 code",
    45  	146: "Unknown ICMPv6 type",
    46  	147: "Error retrieving tunnel key",
    47  	148: "Error retrieving tunnel options", // Unused
    48  	149: "Invalid Geneve option",           // Unused
    49  	150: "Unknown L3 target address",
    50  	151: "Stale or unroutable IP",
    51  	152: "No matching local container found", // Unused
    52  	153: "Error while correcting L3 checksum",
    53  	154: "Error while correcting L4 checksum",
    54  	155: "CT: Map insertion failed",
    55  	156: "Invalid IPv6 extension header",
    56  	157: "IP fragmentation not supported",
    57  	158: "Service backend not found",
    58  	160: "No tunnel/encapsulation endpoint (datapath BUG!)",
    59  	161: "NAT 46/64 not enabled",
    60  	162: "Reached EDT rate-limiting drop horizon",
    61  	163: "Unknown connection tracking state",
    62  	164: "Local host is unreachable",
    63  	165: "No configuration available to perform policy decision", // Unused
    64  	166: "Unsupported L2 protocol",
    65  	167: "No mapping for NAT masquerade",
    66  	168: "Unsupported protocol for NAT masquerade",
    67  	169: "FIB lookup failed",
    68  	170: "Encapsulation traffic is prohibited",
    69  	171: "Invalid identity",
    70  	172: "Unknown sender",
    71  	173: "NAT not needed",
    72  	174: "Is a ClusterIP",
    73  	175: "First logical datagram fragment not found",
    74  	176: "Forbidden ICMPv6 message",
    75  	177: "Denied by LB src range check",
    76  	178: "Socket lookup failed",
    77  	179: "Socket assign failed",
    78  	180: "Proxy redirection not supported for protocol",
    79  	181: "Policy denied by denylist",
    80  	182: "VLAN traffic disallowed by VLAN filter",
    81  	183: "Incorrect VNI from VTEP",
    82  	184: "Failed to update or lookup TC buffer",
    83  	185: "No SID was found for the IP address",
    84  	186: "SRv6 state was removed during tail call",
    85  	187: "L3 translation from IPv4 to IPv6 failed (NAT46)",
    86  	188: "L3 translation from IPv6 to IPv4 failed (NAT64)",
    87  	189: "Authentication required",
    88  	190: "No conntrack map found",
    89  	191: "No nat map found",
    90  	192: "Invalid ClusterID",
    91  	193: "Unsupported packet protocol for DSR encapsulation",
    92  	194: "No egress gateway found",
    93  	195: "Traffic is unencrypted",
    94  	196: "TTL exceeded",
    95  	197: "No node ID found",
    96  	198: "Rate limited",
    97  	199: "IGMP handled",
    98  	200: "IGMP subscribed",
    99  	201: "Multicast handled",
   100  	202: "Host datapath not ready",
   101  	203: "Endpoint policy program not available",
   102  	204: "No Egress IP configured",
   103  }
   104  
   105  func extendedReason(extError int8) string {
   106  	if extError == int8(0) {
   107  		return ""
   108  	}
   109  	return fmt.Sprintf("%d", extError)
   110  }
   111  
   112  func DropReasonExt(reason uint8, extError int8) string {
   113  	if err, ok := errors[reason]; ok {
   114  		if ext := extendedReason(extError); ext == "" {
   115  			return err
   116  		} else {
   117  			return err + ", " + ext
   118  		}
   119  	}
   120  	return fmt.Sprintf("%d, %d", reason, extError)
   121  }
   122  
   123  // DropReason prints the drop reason in a human readable string
   124  func DropReason(reason uint8) string {
   125  	return DropReasonExt(reason, int8(0))
   126  }