2 * nat_ipfix_logging.c - NAT Events IPFIX logging
4 * Copyright (c) 2016 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/fib/fib_table.h>
19 #include <vnet/ipfix-export/flow_report.h>
20 #include <vnet/ip/ip4.h>
21 #include <vnet/udp/udp_local.h>
22 #include <vlibmemory/api.h>
23 #include <vppinfra/atomics.h>
24 #include <nat/lib/ipfix_logging.h>
25 #include <nat/lib/inlines.h>
27 vlib_node_registration_t nat_ipfix_flush_node;
28 nat_ipfix_logging_main_t nat_ipfix_logging_main;
30 #define NAT44_SESSION_CREATE_LEN 26
31 #define NAT_ADDRESSES_EXHAUTED_LEN 13
32 #define MAX_ENTRIES_PER_USER_LEN 21
33 #define MAX_SESSIONS_LEN 17
34 #define MAX_BIBS_LEN 17
35 #define MAX_FRAGMENTS_IP4_LEN 21
36 #define MAX_FRAGMENTS_IP6_LEN 33
37 #define NAT64_BIB_LEN 38
38 #define NAT64_SES_LEN 62
40 #define NAT44_SESSION_CREATE_FIELD_COUNT 8
41 #define NAT_ADDRESSES_EXHAUTED_FIELD_COUNT 3
42 #define MAX_ENTRIES_PER_USER_FIELD_COUNT 5
43 #define MAX_SESSIONS_FIELD_COUNT 4
44 #define MAX_BIBS_FIELD_COUNT 4
45 #define MAX_FRAGMENTS_FIELD_COUNT 5
46 #define NAT64_BIB_FIELD_COUNT 8
47 #define NAT64_SES_FIELD_COUNT 12
58 } nat_ipfix_logging_nat44_ses_args_t;
63 } nat_ipfix_logging_addr_exhausted_args_t;
69 } nat_ipfix_logging_max_entries_per_user_args_t;
74 } nat_ipfix_logging_max_sessions_args_t;
79 } nat_ipfix_logging_max_bibs_args_t;
85 } nat_ipfix_logging_max_frags_ip4_args_t;
91 } nat_ipfix_logging_max_frags_ip6_args_t;
106 } nat_ipfix_logging_nat64_ses_args_t;
117 } nat_ipfix_logging_nat64_bib_args_t;
119 #define skip_if_disabled() \
121 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main; \
122 if (PREDICT_TRUE (!clib_atomic_fetch_or(&silm->enabled, 0))) \
126 #define update_template_id(old_id, new_id) \
128 u16 template_id = clib_atomic_fetch_or(old_id, 0); \
129 clib_atomic_cmp_and_swap(old_id, template_id, new_id); \
133 * @brief Create an IPFIX template packet rewrite string
135 * @param frm flow report main
136 * @param fr flow report
137 * @param collector_address collector address
138 * @param src_address source address
139 * @param collector_port collector
140 * @param event NAT event ID
141 * @param quota_event NAT quota exceeded event ID
143 * @returns template packet
146 nat_template_rewrite (ipfix_exporter_t *exp, flow_report_t *fr,
147 ip4_address_t *collector_address,
148 ip4_address_t *src_address, u16 collector_port,
149 nat_event_t event, quota_exceed_event_t quota_event)
151 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
154 ipfix_message_header_t *h;
155 ipfix_set_header_t *s;
156 ipfix_template_header_t *t;
157 ipfix_field_specifier_t *f;
158 ipfix_field_specifier_t *first_field;
160 ip4_ipfix_template_packet_t *tp;
162 flow_report_stream_t *stream;
165 stream = &exp->streams[fr->stream_index];
167 stream_index = clib_atomic_fetch_or(&silm->stream_index, 0);
168 clib_atomic_cmp_and_swap (&silm->stream_index,
169 stream_index, fr->stream_index);
171 if (event == NAT_ADDRESSES_EXHAUTED)
173 field_count = NAT_ADDRESSES_EXHAUTED_FIELD_COUNT;
175 update_template_id(&silm->addr_exhausted_template_id,
178 else if (event == NAT44_SESSION_CREATE)
180 field_count = NAT44_SESSION_CREATE_FIELD_COUNT;
182 update_template_id(&silm->nat44_session_template_id,
185 else if (event == NAT64_BIB_CREATE)
187 field_count = NAT64_BIB_FIELD_COUNT;
189 update_template_id(&silm->nat64_bib_template_id,
192 else if (event == NAT64_SESSION_CREATE)
194 field_count = NAT64_SES_FIELD_COUNT;
196 update_template_id(&silm->nat64_ses_template_id,
199 else if (event == QUOTA_EXCEEDED)
201 if (quota_event == MAX_ENTRIES_PER_USER)
203 field_count = MAX_ENTRIES_PER_USER_FIELD_COUNT;
205 update_template_id(&silm->max_entries_per_user_template_id,
209 else if (quota_event == MAX_SESSION_ENTRIES)
211 field_count = MAX_SESSIONS_FIELD_COUNT;
213 update_template_id(&silm->max_sessions_template_id,
216 else if (quota_event == MAX_BIB_ENTRIES)
218 field_count = MAX_BIBS_FIELD_COUNT;
220 update_template_id(&silm->max_bibs_template_id,
225 /* allocate rewrite space */
226 vec_validate_aligned (rewrite,
227 sizeof (ip4_ipfix_template_packet_t)
228 + field_count * sizeof (ipfix_field_specifier_t) - 1,
229 CLIB_CACHE_LINE_BYTES);
231 tp = (ip4_ipfix_template_packet_t *) rewrite;
232 ip = (ip4_header_t *) & tp->ip4;
233 udp = (udp_header_t *) (ip + 1);
234 h = (ipfix_message_header_t *) (udp + 1);
235 s = (ipfix_set_header_t *) (h + 1);
236 t = (ipfix_template_header_t *) (s + 1);
237 first_field = f = (ipfix_field_specifier_t *) (t + 1);
239 ip->ip_version_and_header_length = 0x45;
241 ip->protocol = IP_PROTOCOL_UDP;
242 ip->src_address.as_u32 = src_address->as_u32;
243 ip->dst_address.as_u32 = collector_address->as_u32;
244 udp->src_port = clib_host_to_net_u16 (stream->src_port);
245 udp->dst_port = clib_host_to_net_u16 (collector_port);
246 udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip));
248 /* FIXUP: message header export_time */
249 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
251 /* Add TLVs to the template */
252 if (event == NAT_ADDRESSES_EXHAUTED)
254 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
256 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
258 f->e_id_length = ipfix_e_id_length (0, natPoolId, 4);
261 else if (event == NAT44_SESSION_CREATE)
263 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
265 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
267 f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
269 f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
271 f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
273 f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
275 f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
277 f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
280 else if (event == NAT64_BIB_CREATE)
282 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
284 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
286 f->e_id_length = ipfix_e_id_length (0, sourceIPv6Address, 16);
288 f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
290 f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
292 f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
294 f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
296 f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
299 else if (event == NAT64_SESSION_CREATE)
301 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
303 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
305 f->e_id_length = ipfix_e_id_length (0, sourceIPv6Address, 16);
307 f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
309 f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
311 f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
313 f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
315 f->e_id_length = ipfix_e_id_length (0, destinationIPv6Address, 16);
317 f->e_id_length = ipfix_e_id_length (0, postNATDestinationIPv4Address, 4);
319 f->e_id_length = ipfix_e_id_length (0, destinationTransportPort, 2);
321 f->e_id_length = ipfix_e_id_length (0, postNAPTDestinationTransportPort,
324 f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
327 else if (event == QUOTA_EXCEEDED)
329 if (quota_event == MAX_ENTRIES_PER_USER)
331 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
334 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
336 f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
338 f->e_id_length = ipfix_e_id_length (0, maxEntriesPerUser, 4);
340 f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
343 else if (quota_event == MAX_SESSION_ENTRIES)
345 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
348 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
350 f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
352 f->e_id_length = ipfix_e_id_length (0, maxSessionEntries, 4);
355 else if (quota_event == MAX_BIB_ENTRIES)
357 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
360 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
362 f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
364 f->e_id_length = ipfix_e_id_length (0, maxBIBEntries, 4);
369 /* Back to the template packet... */
370 ip = (ip4_header_t *) & tp->ip4;
371 udp = (udp_header_t *) (ip + 1);
373 ASSERT (f - first_field);
374 /* Field count in this template */
375 t->id_count = ipfix_id_count (fr->template_id, f - first_field);
377 /* set length in octets */
379 ipfix_set_id_length (2 /* set_id */ , (u8 *) f - (u8 *) s);
381 /* message length in octets */
382 h->version_length = version_length ((u8 *) f - (u8 *) h);
384 ip->length = clib_host_to_net_u16 ((u8 *) f - (u8 *) ip);
385 ip->checksum = ip4_header_checksum (ip);
391 nat_template_rewrite_addr_exhausted (ipfix_exporter_t *exp, flow_report_t *fr,
392 ip4_address_t *collector_address,
393 ip4_address_t *src_address,
395 ipfix_report_element_t *elts, u32 n_elts,
398 return nat_template_rewrite (exp, fr, collector_address, src_address,
399 collector_port, NAT_ADDRESSES_EXHAUTED, 0);
403 nat_template_rewrite_nat44_session (ipfix_exporter_t *exp, flow_report_t *fr,
404 ip4_address_t *collector_address,
405 ip4_address_t *src_address,
407 ipfix_report_element_t *elts, u32 n_elts,
410 return nat_template_rewrite (exp, fr, collector_address, src_address,
411 collector_port, NAT44_SESSION_CREATE, 0);
415 nat_template_rewrite_max_entries_per_usr (
416 ipfix_exporter_t *exp, flow_report_t *fr, ip4_address_t *collector_address,
417 ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts,
418 u32 n_elts, u32 *stream_index)
420 return nat_template_rewrite (exp, fr, collector_address, src_address,
421 collector_port, QUOTA_EXCEEDED,
422 MAX_ENTRIES_PER_USER);
426 nat_template_rewrite_max_sessions (ipfix_exporter_t *exp, flow_report_t *fr,
427 ip4_address_t *collector_address,
428 ip4_address_t *src_address,
430 ipfix_report_element_t *elts, u32 n_elts,
433 return nat_template_rewrite (exp, fr, collector_address, src_address,
434 collector_port, QUOTA_EXCEEDED,
435 MAX_SESSION_ENTRIES);
439 nat_template_rewrite_max_bibs (ipfix_exporter_t *exp, flow_report_t *fr,
440 ip4_address_t *collector_address,
441 ip4_address_t *src_address, u16 collector_port,
442 ipfix_report_element_t *elts, u32 n_elts,
445 return nat_template_rewrite (exp, fr, collector_address, src_address,
446 collector_port, QUOTA_EXCEEDED,
451 nat_template_rewrite_nat64_bib (ipfix_exporter_t *exp, flow_report_t *fr,
452 ip4_address_t *collector_address,
453 ip4_address_t *src_address, u16 collector_port,
454 ipfix_report_element_t *elts, u32 n_elts,
457 return nat_template_rewrite (exp, fr, collector_address, src_address,
458 collector_port, NAT64_BIB_CREATE, 0);
462 nat_template_rewrite_nat64_session (ipfix_exporter_t *exp, flow_report_t *fr,
463 ip4_address_t *collector_address,
464 ip4_address_t *src_address,
466 ipfix_report_element_t *elts, u32 n_elts,
469 return nat_template_rewrite (exp, fr, collector_address, src_address,
470 collector_port, NAT64_SESSION_CREATE, 0);
474 nat_ipfix_header_create (flow_report_main_t * frm,
475 vlib_buffer_t * b0, u32 * offset)
477 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
478 flow_report_stream_t *stream;
479 ip4_ipfix_template_packet_t *tp;
480 ipfix_message_header_t *h = 0;
481 ipfix_set_header_t *s = 0;
486 vlib_main_t *vm = vlib_get_main ();
487 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
489 stream_index = clib_atomic_fetch_or(&silm->stream_index, 0);
490 stream = &exp->streams[stream_index];
492 b0->current_data = 0;
493 b0->current_length = sizeof (*ip) + sizeof (*udp) + sizeof (*h) +
495 b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT);
496 vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
497 vnet_buffer (b0)->sw_if_index[VLIB_TX] = exp->fib_index;
498 tp = vlib_buffer_get_current (b0);
499 ip = (ip4_header_t *) & tp->ip4;
500 udp = (udp_header_t *) (ip + 1);
501 h = (ipfix_message_header_t *) (udp + 1);
502 s = (ipfix_set_header_t *) (h + 1);
504 ip->ip_version_and_header_length = 0x45;
506 ip->protocol = IP_PROTOCOL_UDP;
507 ip->flags_and_fragment_offset = 0;
508 ip->src_address.as_u32 = exp->src_address.as_u32;
509 ip->dst_address.as_u32 = exp->ipfix_collector.as_u32;
510 udp->src_port = clib_host_to_net_u16 (stream->src_port);
511 udp->dst_port = clib_host_to_net_u16 (exp->collector_port);
514 h->export_time = clib_host_to_net_u32 ((u32)
515 (((f64) frm->unix_time_0) +
516 (vlib_time_now (vm) -
519 sequence_number = clib_atomic_fetch_add (&stream->sequence_number, 1);
520 h->sequence_number = clib_host_to_net_u32 (sequence_number);
521 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
523 *offset = (u32) (((u8 *) (s + 1)) - (u8 *) tp);
527 nat_ipfix_send (flow_report_main_t *frm, vlib_frame_t *f, vlib_buffer_t *b0,
530 ip4_ipfix_template_packet_t *tp;
531 ipfix_message_header_t *h = 0;
532 ipfix_set_header_t *s = 0;
535 vlib_main_t *vm = vlib_get_main ();
536 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
538 tp = vlib_buffer_get_current (b0);
539 ip = (ip4_header_t *) & tp->ip4;
540 udp = (udp_header_t *) (ip + 1);
541 h = (ipfix_message_header_t *) (udp + 1);
542 s = (ipfix_set_header_t *) (h + 1);
544 s->set_id_length = ipfix_set_id_length (template_id,
546 (sizeof (*ip) + sizeof (*udp) +
548 h->version_length = version_length (b0->current_length -
549 (sizeof (*ip) + sizeof (*udp)));
551 ip->length = clib_host_to_net_u16 (b0->current_length);
552 ip->checksum = ip4_header_checksum (ip);
553 udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
555 if (exp->udp_checksum)
557 udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
558 if (udp->checksum == 0)
559 udp->checksum = 0xffff;
562 ASSERT (ip4_header_checksum_is_valid (ip));
564 vlib_put_frame_to_node (vm, ip4_lookup_node.index, f);
568 nat_ipfix_logging_nat44_ses (u32 thread_index, u8 nat_event, u32 src_ip,
569 u32 nat_src_ip, ip_protocol_t proto, u16 src_port,
570 u16 nat_src_port, u32 fib_index, int do_flush)
572 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
573 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
574 flow_report_main_t *frm = &flow_report_main;
576 vlib_buffer_t *b0 = 0;
579 vlib_main_t *vm = vlib_get_main ();
583 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
585 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
586 now += silm->milisecond_time_0;
588 b0 = sitd->nat44_session_buffer;
590 if (PREDICT_FALSE (b0 == 0))
595 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
597 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
601 b0 = sitd->nat44_session_buffer = vlib_get_buffer (vm, bi0);
606 bi0 = vlib_get_buffer_index (vm, b0);
607 offset = sitd->nat44_session_next_record_offset;
610 f = sitd->nat44_session_frame;
611 if (PREDICT_FALSE (f == 0))
614 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
615 sitd->nat44_session_frame = f;
616 to_next = vlib_frame_vector_args (f);
621 if (PREDICT_FALSE (offset == 0))
622 nat_ipfix_header_create (frm, b0, &offset);
624 if (PREDICT_TRUE (do_flush == 0))
626 u64 time_stamp = clib_host_to_net_u64 (now);
627 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
628 offset += sizeof (time_stamp);
630 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
631 offset += sizeof (nat_event);
633 clib_memcpy_fast (b0->data + offset, &src_ip, sizeof (src_ip));
634 offset += sizeof (src_ip);
636 clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
637 offset += sizeof (nat_src_ip);
639 clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
640 offset += sizeof (proto);
642 clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
643 offset += sizeof (src_port);
645 clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
646 offset += sizeof (nat_src_port);
648 vrf_id = fib_table_get_table_id (fib_index, FIB_PROTOCOL_IP4);
649 vrf_id = clib_host_to_net_u32 (vrf_id);
650 clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
651 offset += sizeof (vrf_id);
653 b0->current_length += NAT44_SESSION_CREATE_LEN;
656 if (PREDICT_FALSE (do_flush ||
657 (offset + NAT44_SESSION_CREATE_LEN) > exp->path_mtu))
659 template_id = clib_atomic_fetch_or (
660 &silm->nat44_session_template_id,
662 nat_ipfix_send (frm, f, b0, template_id);
663 sitd->nat44_session_frame = 0;
664 sitd->nat44_session_buffer = 0;
667 sitd->nat44_session_next_record_offset = offset;
671 nat_ipfix_logging_addr_exhausted (u32 thread_index, u32 pool_id, int do_flush)
673 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
674 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
675 flow_report_main_t *frm = &flow_report_main;
677 vlib_buffer_t *b0 = 0;
680 vlib_main_t *vm = vlib_get_main ();
682 u8 nat_event = NAT_ADDRESSES_EXHAUTED;
684 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
686 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
687 now += silm->milisecond_time_0;
689 b0 = sitd->addr_exhausted_buffer;
691 if (PREDICT_FALSE (b0 == 0))
696 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
698 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
702 b0 = sitd->addr_exhausted_buffer = vlib_get_buffer (vm, bi0);
707 bi0 = vlib_get_buffer_index (vm, b0);
708 offset = sitd->addr_exhausted_next_record_offset;
711 f = sitd->addr_exhausted_frame;
712 if (PREDICT_FALSE (f == 0))
715 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
716 sitd->addr_exhausted_frame = f;
717 to_next = vlib_frame_vector_args (f);
722 if (PREDICT_FALSE (offset == 0))
723 nat_ipfix_header_create (frm, b0, &offset);
725 if (PREDICT_TRUE (do_flush == 0))
727 u64 time_stamp = clib_host_to_net_u64 (now);
728 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
729 offset += sizeof (time_stamp);
731 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
732 offset += sizeof (nat_event);
734 clib_memcpy_fast (b0->data + offset, &pool_id, sizeof (pool_id));
735 offset += sizeof (pool_id);
737 b0->current_length += NAT_ADDRESSES_EXHAUTED_LEN;
740 if (PREDICT_FALSE (do_flush ||
741 (offset + NAT_ADDRESSES_EXHAUTED_LEN) > exp->path_mtu))
743 template_id = clib_atomic_fetch_or (
744 &silm->addr_exhausted_template_id,
746 nat_ipfix_send (frm, f, b0, template_id);
747 sitd->addr_exhausted_frame = 0;
748 sitd->addr_exhausted_buffer = 0;
751 sitd->addr_exhausted_next_record_offset = offset;
755 nat_ipfix_logging_max_entries_per_usr (u32 thread_index,
756 u32 limit, u32 src_ip, int do_flush)
758 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
759 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
760 flow_report_main_t *frm = &flow_report_main;
762 vlib_buffer_t *b0 = 0;
765 vlib_main_t *vm = vlib_get_main ();
767 u8 nat_event = QUOTA_EXCEEDED;
768 u32 quota_event = clib_host_to_net_u32 (MAX_ENTRIES_PER_USER);
770 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
772 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
773 now += silm->milisecond_time_0;
775 b0 = sitd->max_entries_per_user_buffer;
777 if (PREDICT_FALSE (b0 == 0))
782 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
784 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
788 b0 = sitd->max_entries_per_user_buffer = vlib_get_buffer (vm, bi0);
793 bi0 = vlib_get_buffer_index (vm, b0);
794 offset = sitd->max_entries_per_user_next_record_offset;
797 f = sitd->max_entries_per_user_frame;
798 if (PREDICT_FALSE (f == 0))
801 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
802 sitd->max_entries_per_user_frame = f;
803 to_next = vlib_frame_vector_args (f);
808 if (PREDICT_FALSE (offset == 0))
809 nat_ipfix_header_create (frm, b0, &offset);
811 if (PREDICT_TRUE (do_flush == 0))
813 u64 time_stamp = clib_host_to_net_u64 (now);
814 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
815 offset += sizeof (time_stamp);
817 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
818 offset += sizeof (nat_event);
820 clib_memcpy_fast (b0->data + offset, "a_event, sizeof (quota_event));
821 offset += sizeof (quota_event);
823 limit = clib_host_to_net_u32 (limit);
824 clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
825 offset += sizeof (limit);
827 clib_memcpy_fast (b0->data + offset, &src_ip, sizeof (src_ip));
828 offset += sizeof (src_ip);
830 b0->current_length += MAX_ENTRIES_PER_USER_LEN;
833 if (PREDICT_FALSE (do_flush ||
834 (offset + MAX_ENTRIES_PER_USER_LEN) > exp->path_mtu))
836 template_id = clib_atomic_fetch_or (
837 &silm->max_entries_per_user_template_id,
839 nat_ipfix_send (frm, f, b0, template_id);
840 sitd->max_entries_per_user_frame = 0;
841 sitd->max_entries_per_user_buffer = 0;
844 sitd->max_entries_per_user_next_record_offset = offset;
848 nat_ipfix_logging_max_ses (u32 thread_index, u32 limit, int do_flush)
850 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
851 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
852 flow_report_main_t *frm = &flow_report_main;
854 vlib_buffer_t *b0 = 0;
857 vlib_main_t *vm = vlib_get_main ();
859 u8 nat_event = QUOTA_EXCEEDED;
860 u32 quota_event = clib_host_to_net_u32 (MAX_SESSION_ENTRIES);
862 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
864 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
865 now += silm->milisecond_time_0;
867 b0 = sitd->max_sessions_buffer;
869 if (PREDICT_FALSE (b0 == 0))
874 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
876 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
880 b0 = sitd->max_sessions_buffer = vlib_get_buffer (vm, bi0);
885 bi0 = vlib_get_buffer_index (vm, b0);
886 offset = sitd->max_sessions_next_record_offset;
889 f = sitd->max_sessions_frame;
890 if (PREDICT_FALSE (f == 0))
893 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
894 sitd->max_sessions_frame = f;
895 to_next = vlib_frame_vector_args (f);
900 if (PREDICT_FALSE (offset == 0))
901 nat_ipfix_header_create (frm, b0, &offset);
903 if (PREDICT_TRUE (do_flush == 0))
905 u64 time_stamp = clib_host_to_net_u64 (now);
906 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
907 offset += sizeof (time_stamp);
909 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
910 offset += sizeof (nat_event);
912 clib_memcpy_fast (b0->data + offset, "a_event, sizeof (quota_event));
913 offset += sizeof (quota_event);
915 limit = clib_host_to_net_u32 (limit);
916 clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
917 offset += sizeof (limit);
919 b0->current_length += MAX_SESSIONS_LEN;
922 if (PREDICT_FALSE (do_flush || (offset + MAX_SESSIONS_LEN) > exp->path_mtu))
924 template_id = clib_atomic_fetch_or (
925 &silm->max_sessions_template_id,
927 nat_ipfix_send (frm, f, b0, template_id);
928 sitd->max_sessions_frame = 0;
929 sitd->max_sessions_buffer = 0;
932 sitd->max_sessions_next_record_offset = offset;
936 nat_ipfix_logging_max_bib (u32 thread_index, u32 limit, int do_flush)
938 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
939 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
940 flow_report_main_t *frm = &flow_report_main;
942 vlib_buffer_t *b0 = 0;
945 vlib_main_t *vm = vlib_get_main ();
947 u8 nat_event = QUOTA_EXCEEDED;
948 u32 quota_event = clib_host_to_net_u32 (MAX_BIB_ENTRIES);
950 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
952 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
953 now += silm->milisecond_time_0;
955 b0 = sitd->max_bibs_buffer;
957 if (PREDICT_FALSE (b0 == 0))
962 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
964 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
968 b0 = sitd->max_bibs_buffer = vlib_get_buffer (vm, bi0);
973 bi0 = vlib_get_buffer_index (vm, b0);
974 offset = sitd->max_bibs_next_record_offset;
977 f = sitd->max_bibs_frame;
978 if (PREDICT_FALSE (f == 0))
981 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
982 sitd->max_bibs_frame = f;
983 to_next = vlib_frame_vector_args (f);
988 if (PREDICT_FALSE (offset == 0))
989 nat_ipfix_header_create (frm, b0, &offset);
991 if (PREDICT_TRUE (do_flush == 0))
993 u64 time_stamp = clib_host_to_net_u64 (now);
994 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
995 offset += sizeof (time_stamp);
997 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
998 offset += sizeof (nat_event);
1000 clib_memcpy_fast (b0->data + offset, "a_event, sizeof (quota_event));
1001 offset += sizeof (quota_event);
1003 limit = clib_host_to_net_u32 (limit);
1004 clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
1005 offset += sizeof (limit);
1007 b0->current_length += MAX_BIBS_LEN;
1010 if (PREDICT_FALSE (do_flush || (offset + MAX_BIBS_LEN) > exp->path_mtu))
1012 template_id = clib_atomic_fetch_or (
1013 &silm->max_bibs_template_id,
1015 nat_ipfix_send (frm, f, b0, template_id);
1016 sitd->max_bibs_frame = 0;
1017 sitd->max_bibs_buffer = 0;
1020 sitd->max_bibs_next_record_offset = offset;
1024 nat_ipfix_logging_nat64_bibe (u32 thread_index, u8 nat_event,
1025 ip6_address_t * src_ip, u32 nat_src_ip,
1026 u8 proto, u16 src_port, u16 nat_src_port,
1027 u32 vrf_id, int do_flush)
1029 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1030 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1031 flow_report_main_t *frm = &flow_report_main;
1033 vlib_buffer_t *b0 = 0;
1036 vlib_main_t *vm = vlib_get_main ();
1039 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
1041 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1042 now += silm->milisecond_time_0;
1044 b0 = sitd->nat64_bib_buffer;
1046 if (PREDICT_FALSE (b0 == 0))
1051 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1053 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1057 b0 = sitd->nat64_bib_buffer = vlib_get_buffer (vm, bi0);
1062 bi0 = vlib_get_buffer_index (vm, b0);
1063 offset = sitd->nat64_bib_next_record_offset;
1066 f = sitd->nat64_bib_frame;
1067 if (PREDICT_FALSE (f == 0))
1070 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1071 sitd->nat64_bib_frame = f;
1072 to_next = vlib_frame_vector_args (f);
1077 if (PREDICT_FALSE (offset == 0))
1078 nat_ipfix_header_create (frm, b0, &offset);
1080 if (PREDICT_TRUE (do_flush == 0))
1082 u64 time_stamp = clib_host_to_net_u64 (now);
1083 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1084 offset += sizeof (time_stamp);
1086 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1087 offset += sizeof (nat_event);
1089 clib_memcpy_fast (b0->data + offset, src_ip, sizeof (ip6_address_t));
1090 offset += sizeof (ip6_address_t);
1092 clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
1093 offset += sizeof (nat_src_ip);
1095 clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
1096 offset += sizeof (proto);
1098 clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
1099 offset += sizeof (src_port);
1101 clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
1102 offset += sizeof (nat_src_port);
1104 vrf_id = clib_host_to_net_u32 (vrf_id);
1105 clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
1106 offset += sizeof (vrf_id);
1108 b0->current_length += NAT64_BIB_LEN;
1111 if (PREDICT_FALSE (do_flush || (offset + NAT64_BIB_LEN) > exp->path_mtu))
1113 template_id = clib_atomic_fetch_or (
1114 &silm->nat64_bib_template_id,
1116 nat_ipfix_send (frm, f, b0, template_id);
1117 sitd->nat64_bib_frame = 0;
1118 sitd->nat64_bib_buffer = 0;
1121 sitd->nat64_bib_next_record_offset = offset;
1125 nat_ipfix_logging_nat64_ses (u32 thread_index, u8 nat_event,
1126 ip6_address_t * src_ip, u32 nat_src_ip,
1127 u8 proto, u16 src_port, u16 nat_src_port,
1128 ip6_address_t * dst_ip, u32 nat_dst_ip,
1129 u16 dst_port, u16 nat_dst_port,
1130 u32 vrf_id, int do_flush)
1132 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1133 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1134 flow_report_main_t *frm = &flow_report_main;
1136 vlib_buffer_t *b0 = 0;
1139 vlib_main_t *vm = vlib_get_main ();
1142 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
1144 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1145 now += silm->milisecond_time_0;
1147 b0 = sitd->nat64_ses_buffer;
1149 if (PREDICT_FALSE (b0 == 0))
1154 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1156 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1160 b0 = sitd->nat64_ses_buffer = vlib_get_buffer (vm, bi0);
1165 bi0 = vlib_get_buffer_index (vm, b0);
1166 offset = sitd->nat64_ses_next_record_offset;
1169 f = sitd->nat64_ses_frame;
1170 if (PREDICT_FALSE (f == 0))
1173 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1174 sitd->nat64_ses_frame = f;
1175 to_next = vlib_frame_vector_args (f);
1180 if (PREDICT_FALSE (offset == 0))
1181 nat_ipfix_header_create (frm, b0, &offset);
1183 if (PREDICT_TRUE (do_flush == 0))
1185 u64 time_stamp = clib_host_to_net_u64 (now);
1186 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1187 offset += sizeof (time_stamp);
1189 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1190 offset += sizeof (nat_event);
1192 clib_memcpy_fast (b0->data + offset, src_ip, sizeof (ip6_address_t));
1193 offset += sizeof (ip6_address_t);
1195 clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
1196 offset += sizeof (nat_src_ip);
1198 clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
1199 offset += sizeof (proto);
1201 clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
1202 offset += sizeof (src_port);
1204 clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
1205 offset += sizeof (nat_src_port);
1207 clib_memcpy_fast (b0->data + offset, dst_ip, sizeof (ip6_address_t));
1208 offset += sizeof (ip6_address_t);
1210 clib_memcpy_fast (b0->data + offset, &nat_dst_ip, sizeof (nat_dst_ip));
1211 offset += sizeof (nat_dst_ip);
1213 clib_memcpy_fast (b0->data + offset, &dst_port, sizeof (dst_port));
1214 offset += sizeof (dst_port);
1216 clib_memcpy_fast (b0->data + offset, &nat_dst_port, sizeof (nat_dst_port));
1217 offset += sizeof (nat_dst_port);
1219 vrf_id = clib_host_to_net_u32 (vrf_id);
1220 clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
1221 offset += sizeof (vrf_id);
1223 b0->current_length += NAT64_SES_LEN;
1226 if (PREDICT_FALSE (do_flush || (offset + NAT64_SES_LEN) > exp->path_mtu))
1228 template_id = clib_atomic_fetch_or (
1229 &silm->nat64_ses_template_id,
1231 nat_ipfix_send (frm, f, b0, template_id);
1232 sitd->nat64_ses_frame = 0;
1233 sitd->nat64_ses_buffer = 0;
1236 sitd->nat64_ses_next_record_offset = offset;
1240 nat_ipfix_flush (u32 thread_index)
1244 nat_ipfix_logging_nat44_ses (thread_index,
1245 0, 0, 0, 0, 0, 0, 0, do_flush);
1246 nat_ipfix_logging_addr_exhausted (thread_index, 0, do_flush);
1247 nat_ipfix_logging_max_entries_per_usr (thread_index, 0, 0, do_flush);
1248 nat_ipfix_logging_max_ses (thread_index, 0, do_flush);
1249 nat_ipfix_logging_max_bib (thread_index, 0, do_flush);
1250 nat_ipfix_logging_nat64_bibe (thread_index,
1251 0, 0, 0, 0, 0, 0, 0, do_flush);
1252 nat_ipfix_logging_nat64_ses (thread_index,
1253 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, do_flush);
1257 nat_ipfix_logging_enabled ()
1259 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1260 return !clib_atomic_fetch_or(&silm->enabled, 0);
1264 nat_ipfix_flush_from_main (void)
1266 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1267 vlib_main_t *worker_vm;
1270 if (PREDICT_TRUE (!clib_atomic_fetch_or(&silm->enabled, 0)))
1273 if (PREDICT_FALSE (!silm->worker_vms))
1275 for (i = 1; i < vlib_get_n_threads (); i++)
1277 worker_vm = vlib_get_main_by_index (i);
1279 vec_add1 (silm->worker_vms, worker_vm);
1283 /* Trigger flush for each worker thread */
1284 for (i = 0; i < vec_len (silm->worker_vms); i++)
1286 worker_vm = silm->worker_vms[i];
1288 vlib_node_set_interrupt_pending (worker_vm,
1289 nat_ipfix_flush_node.index);
1292 /* Finally flush main thread */
1293 nat_ipfix_flush (0);
1297 * @brief Generate NAT44 session create event
1300 nat_ipfix_logging_nat44_ses_create (u32 thread_index, u32 src_ip,
1301 u32 nat_src_ip, ip_protocol_t proto,
1302 u16 src_port, u16 nat_src_port,
1305 skip_if_disabled ();
1307 nat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_CREATE, src_ip,
1308 nat_src_ip, proto, src_port, nat_src_port,
1313 * @brief Generate NAT44 session delete event
1316 nat_ipfix_logging_nat44_ses_delete (u32 thread_index, u32 src_ip,
1317 u32 nat_src_ip, ip_protocol_t proto,
1318 u16 src_port, u16 nat_src_port,
1321 skip_if_disabled ();
1323 nat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_DELETE, src_ip,
1324 nat_src_ip, proto, src_port, nat_src_port,
1329 * @brief Generate NAT addresses exhausted event
1331 * @param thread_index thread index
1332 * @param pool_id NAT pool ID
1335 nat_ipfix_logging_addresses_exhausted (u32 thread_index, u32 pool_id)
1337 //TODO: This event SHOULD be rate limited
1338 skip_if_disabled ();
1340 nat_ipfix_logging_addr_exhausted (thread_index, pool_id, 0);
1344 * @brief Generate maximum entries per user exceeded event
1346 * @param thread_index thread index
1347 * @param limit maximum NAT entries that can be created per user
1348 * @param src_ip source IPv4 address
1351 nat_ipfix_logging_max_entries_per_user (u32 thread_index, u32 limit, u32 src_ip)
1353 //TODO: This event SHOULD be rate limited
1354 skip_if_disabled ();
1356 nat_ipfix_logging_max_entries_per_usr (thread_index, limit, src_ip, 0);
1360 deterministic_nat_data_callback
1361 (flow_report_main_t * frm,
1364 u32 * to_next, u32 node_index)
1366 nat_ipfix_flush_from_main();
1372 * @brief Generate maximum session entries exceeded event
1374 * @param thread_index thread index
1375 * @param limit configured limit
1378 nat_ipfix_logging_max_sessions (u32 thread_index, u32 limit)
1380 //TODO: This event SHOULD be rate limited
1381 skip_if_disabled ();
1383 nat_ipfix_logging_max_ses (thread_index, limit, 0);
1387 * @brief Generate maximum BIB entries exceeded event
1389 * @param thread_index thread index
1390 * @param limit configured limit
1393 nat_ipfix_logging_max_bibs (u32 thread_index, u32 limit)
1395 //TODO: This event SHOULD be rate limited
1396 skip_if_disabled ();
1398 nat_ipfix_logging_max_bib (thread_index, limit, 0);
1402 * @brief Generate NAT64 BIB create and delete events
1404 * @param thread_index thread index
1405 * @param src_ip source IPv6 address
1406 * @param nat_src_ip transaltes source IPv4 address
1407 * @param proto L4 protocol
1408 * @param src_port source port
1409 * @param nat_src_port translated source port
1410 * @param vrf_id VRF ID
1411 * @param is_create non-zero value if create event otherwise delete event
1414 nat_ipfix_logging_nat64_bib (u32 thread_index, ip6_address_t * src_ip,
1415 ip4_address_t * nat_src_ip, u8 proto,
1416 u16 src_port, u16 nat_src_port, u32 vrf_id,
1421 skip_if_disabled ();
1423 nat_event = is_create ? NAT64_BIB_CREATE : NAT64_BIB_DELETE;
1425 nat_ipfix_logging_nat64_bibe (thread_index, nat_event, src_ip,
1426 nat_src_ip->as_u32, proto, src_port,
1427 nat_src_port, vrf_id, 0);
1431 * @brief Generate NAT64 session create and delete events
1433 * @param thread_index thread index
1434 * @param src_ip source IPv6 address
1435 * @param nat_src_ip transaltes source IPv4 address
1436 * @param proto L4 protocol
1437 * @param src_port source port
1438 * @param nat_src_port translated source port
1439 * @param dst_ip destination IPv6 address
1440 * @param nat_dst_ip destination IPv4 address
1441 * @param dst_port destination port
1442 * @param nat_dst_port translated destination port
1443 * @param vrf_id VRF ID
1444 * @param is_create non-zero value if create event otherwise delete event
1447 nat_ipfix_logging_nat64_session (u32 thread_index,
1448 ip6_address_t * src_ip,
1449 ip4_address_t * nat_src_ip, u8 proto,
1450 u16 src_port, u16 nat_src_port,
1451 ip6_address_t * dst_ip,
1452 ip4_address_t * nat_dst_ip, u16 dst_port,
1453 u16 nat_dst_port, u32 vrf_id, u8 is_create)
1457 skip_if_disabled ();
1459 nat_event = is_create ? NAT64_SESSION_CREATE : NAT64_SESSION_DELETE;
1461 nat_ipfix_logging_nat64_ses (thread_index, nat_event, src_ip,
1462 nat_src_ip->as_u32, proto, src_port,
1463 nat_src_port, dst_ip, nat_dst_ip->as_u32,
1464 dst_port, nat_dst_port, vrf_id, 0);
1468 data_callback (flow_report_main_t *frm, ipfix_exporter_t *exp,
1469 flow_report_t *fr, vlib_frame_t *f, u32 *to_next,
1472 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1474 if (PREDICT_FALSE (++silm->call_counter >= vec_len (exp->reports)))
1476 nat_ipfix_flush_from_main();
1477 silm->call_counter = 0;
1484 * @brief Enable/disable NAT plugin IPFIX logging
1486 * @param enable 1 if enable, 0 if disable
1487 * @param domain_id observation domain ID
1488 * @param src_port source port number
1490 * @returns 0 if success
1493 nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port)
1495 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1496 ipfix_exporter_t *exp = &flow_report_main.exporters[0];
1497 vnet_flow_report_add_del_args_t a;
1499 u8 e = enable ? 1 : 0;
1501 if (clib_atomic_cmp_and_swap (&silm->enabled, e ^ 1, e) == e)
1504 clib_memset (&a, 0, sizeof (a));
1506 a.domain_id = domain_id ? domain_id : 1;
1507 a.src_port = src_port ? src_port : UDP_DST_PORT_ipfix;
1508 a.flow_data_callback = data_callback;
1510 a.rewrite_callback = nat_template_rewrite_nat44_session;
1511 rv = vnet_flow_report_add_del (exp, &a, NULL);
1514 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1518 a.rewrite_callback = nat_template_rewrite_addr_exhausted;
1519 rv = vnet_flow_report_add_del (exp, &a, NULL);
1522 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1526 a.rewrite_callback = nat_template_rewrite_max_sessions;
1527 rv = vnet_flow_report_add_del (exp, &a, NULL);
1530 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1534 a.rewrite_callback = nat_template_rewrite_max_bibs;
1535 rv = vnet_flow_report_add_del (exp, &a, NULL);
1538 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1542 a.rewrite_callback = nat_template_rewrite_nat64_bib;
1543 rv = vnet_flow_report_add_del (exp, &a, NULL);
1546 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1550 a.rewrite_callback = nat_template_rewrite_nat64_session;
1551 rv = vnet_flow_report_add_del (exp, &a, NULL);
1554 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1558 // if endpoint dependent per user max entries is also required
1560 a.rewrite_callback = nat_template_rewrite_max_entries_per_usr;
1561 rv = vnet_flow_report_add_del (exp, &a, NULL);
1564 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1573 * @brief Initialize NAT plugin IPFIX logging
1575 * @param vm vlib main
1578 nat_ipfix_logging_init (vlib_main_t * vm)
1580 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1581 vlib_thread_main_t *tm = vlib_get_thread_main ();
1584 silm->worker_vms = 0;
1585 silm->call_counter = 0;
1587 /* Set up time reference pair */
1588 silm->vlib_time_0 = vlib_time_now (vm);
1589 silm->milisecond_time_0 = unix_time_now_nsec () * 1e-6;
1591 vec_validate (silm->per_thread_data, tm->n_vlib_mains - 1);
1595 ipfix_flush_process (vlib_main_t *vm,
1596 vlib_node_runtime_t *rt,
1599 nat_ipfix_flush(vm->thread_index);
1604 VLIB_REGISTER_NODE (nat_ipfix_flush_node) = {
1605 .function = ipfix_flush_process,
1606 .name = "nat-ipfix-flush",
1607 .type = VLIB_NODE_TYPE_INPUT,
1608 .state = VLIB_NODE_STATE_INTERRUPT,
Code Review / vpp.git / blob