2 * nat_ipfix_logging.c - NAT Events IPFIX logging
4 * Copyright (c) 2016 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/ipfix-export/flow_report.h>
19 #include <vnet/ip/ip4.h>
20 #include <vnet/udp/udp_local.h>
21 #include <vlibmemory/api.h>
22 #include <vppinfra/atomics.h>
23 #include <nat/lib/ipfix_logging.h>
24 #include <nat/lib/inlines.h>
26 vlib_node_registration_t nat_ipfix_flush_node;
27 nat_ipfix_logging_main_t nat_ipfix_logging_main;
29 #define NAT44_SESSION_CREATE_LEN 26
30 #define NAT_ADDRESSES_EXHAUTED_LEN 13
31 #define MAX_ENTRIES_PER_USER_LEN 21
32 #define MAX_SESSIONS_LEN 17
33 #define MAX_BIBS_LEN 17
34 #define MAX_FRAGMENTS_IP4_LEN 21
35 #define MAX_FRAGMENTS_IP6_LEN 33
36 #define NAT64_BIB_LEN 38
37 #define NAT64_SES_LEN 62
39 #define NAT44_SESSION_CREATE_FIELD_COUNT 8
40 #define NAT_ADDRESSES_EXHAUTED_FIELD_COUNT 3
41 #define MAX_ENTRIES_PER_USER_FIELD_COUNT 5
42 #define MAX_SESSIONS_FIELD_COUNT 4
43 #define MAX_BIBS_FIELD_COUNT 4
44 #define MAX_FRAGMENTS_FIELD_COUNT 5
45 #define NAT64_BIB_FIELD_COUNT 8
46 #define NAT64_SES_FIELD_COUNT 12
53 nat_protocol_t nat_proto;
57 } nat_ipfix_logging_nat44_ses_args_t;
62 } nat_ipfix_logging_addr_exhausted_args_t;
68 } nat_ipfix_logging_max_entries_per_user_args_t;
73 } nat_ipfix_logging_max_sessions_args_t;
78 } nat_ipfix_logging_max_bibs_args_t;
84 } nat_ipfix_logging_max_frags_ip4_args_t;
90 } nat_ipfix_logging_max_frags_ip6_args_t;
105 } nat_ipfix_logging_nat64_ses_args_t;
116 } nat_ipfix_logging_nat64_bib_args_t;
118 #define skip_if_disabled() \
120 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main; \
121 if (PREDICT_TRUE (!clib_atomic_fetch_or(&silm->enabled, 0))) \
125 #define update_template_id(old_id, new_id) \
127 u16 template_id = clib_atomic_fetch_or(old_id, 0); \
128 clib_atomic_cmp_and_swap(old_id, template_id, new_id); \
132 * @brief Create an IPFIX template packet rewrite string
134 * @param frm flow report main
135 * @param fr flow report
136 * @param collector_address collector address
137 * @param src_address source address
138 * @param collector_port collector
139 * @param event NAT event ID
140 * @param quota_event NAT quota exceeded event ID
142 * @returns template packet
145 nat_template_rewrite (flow_report_main_t * frm,
147 ip4_address_t * collector_address,
148 ip4_address_t * src_address,
150 nat_event_t event, quota_exceed_event_t quota_event)
152 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
155 ipfix_message_header_t *h;
156 ipfix_set_header_t *s;
157 ipfix_template_header_t *t;
158 ipfix_field_specifier_t *f;
159 ipfix_field_specifier_t *first_field;
161 ip4_ipfix_template_packet_t *tp;
163 flow_report_stream_t *stream;
166 stream = &frm->streams[fr->stream_index];
168 stream_index = clib_atomic_fetch_or(&silm->stream_index, 0);
169 clib_atomic_cmp_and_swap (&silm->stream_index,
170 stream_index, fr->stream_index);
172 if (event == NAT_ADDRESSES_EXHAUTED)
174 field_count = NAT_ADDRESSES_EXHAUTED_FIELD_COUNT;
176 update_template_id(&silm->addr_exhausted_template_id,
179 else if (event == NAT44_SESSION_CREATE)
181 field_count = NAT44_SESSION_CREATE_FIELD_COUNT;
183 update_template_id(&silm->nat44_session_template_id,
186 else if (event == NAT64_BIB_CREATE)
188 field_count = NAT64_BIB_FIELD_COUNT;
190 update_template_id(&silm->nat64_bib_template_id,
193 else if (event == NAT64_SESSION_CREATE)
195 field_count = NAT64_SES_FIELD_COUNT;
197 update_template_id(&silm->nat64_ses_template_id,
200 else if (event == QUOTA_EXCEEDED)
202 if (quota_event == MAX_ENTRIES_PER_USER)
204 field_count = MAX_ENTRIES_PER_USER_FIELD_COUNT;
206 update_template_id(&silm->max_entries_per_user_template_id,
210 else if (quota_event == MAX_SESSION_ENTRIES)
212 field_count = MAX_SESSIONS_FIELD_COUNT;
214 update_template_id(&silm->max_sessions_template_id,
217 else if (quota_event == MAX_BIB_ENTRIES)
219 field_count = MAX_BIBS_FIELD_COUNT;
221 update_template_id(&silm->max_bibs_template_id,
226 /* allocate rewrite space */
227 vec_validate_aligned (rewrite,
228 sizeof (ip4_ipfix_template_packet_t)
229 + field_count * sizeof (ipfix_field_specifier_t) - 1,
230 CLIB_CACHE_LINE_BYTES);
232 tp = (ip4_ipfix_template_packet_t *) rewrite;
233 ip = (ip4_header_t *) & tp->ip4;
234 udp = (udp_header_t *) (ip + 1);
235 h = (ipfix_message_header_t *) (udp + 1);
236 s = (ipfix_set_header_t *) (h + 1);
237 t = (ipfix_template_header_t *) (s + 1);
238 first_field = f = (ipfix_field_specifier_t *) (t + 1);
240 ip->ip_version_and_header_length = 0x45;
242 ip->protocol = IP_PROTOCOL_UDP;
243 ip->src_address.as_u32 = src_address->as_u32;
244 ip->dst_address.as_u32 = collector_address->as_u32;
245 udp->src_port = clib_host_to_net_u16 (stream->src_port);
246 udp->dst_port = clib_host_to_net_u16 (collector_port);
247 udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip));
249 /* FIXUP: message header export_time */
250 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
252 /* Add TLVs to the template */
253 if (event == NAT_ADDRESSES_EXHAUTED)
255 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
257 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
259 f->e_id_length = ipfix_e_id_length (0, natPoolId, 4);
262 else if (event == NAT44_SESSION_CREATE)
264 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
266 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
268 f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
270 f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
272 f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
274 f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
276 f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
278 f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
281 else if (event == NAT64_BIB_CREATE)
283 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
285 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
287 f->e_id_length = ipfix_e_id_length (0, sourceIPv6Address, 16);
289 f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
291 f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
293 f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
295 f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
297 f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
300 else if (event == NAT64_SESSION_CREATE)
302 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
304 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
306 f->e_id_length = ipfix_e_id_length (0, sourceIPv6Address, 16);
308 f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
310 f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
312 f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
314 f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
316 f->e_id_length = ipfix_e_id_length (0, destinationIPv6Address, 16);
318 f->e_id_length = ipfix_e_id_length (0, postNATDestinationIPv4Address, 4);
320 f->e_id_length = ipfix_e_id_length (0, destinationTransportPort, 2);
322 f->e_id_length = ipfix_e_id_length (0, postNAPTDestinationTransportPort,
325 f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
328 else if (event == QUOTA_EXCEEDED)
330 if (quota_event == MAX_ENTRIES_PER_USER)
332 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
335 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
337 f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
339 f->e_id_length = ipfix_e_id_length (0, maxEntriesPerUser, 4);
341 f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
344 else if (quota_event == MAX_SESSION_ENTRIES)
346 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
349 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
351 f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
353 f->e_id_length = ipfix_e_id_length (0, maxSessionEntries, 4);
356 else if (quota_event == MAX_BIB_ENTRIES)
358 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
361 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
363 f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
365 f->e_id_length = ipfix_e_id_length (0, maxBIBEntries, 4);
370 /* Back to the template packet... */
371 ip = (ip4_header_t *) & tp->ip4;
372 udp = (udp_header_t *) (ip + 1);
374 ASSERT (f - first_field);
375 /* Field count in this template */
376 t->id_count = ipfix_id_count (fr->template_id, f - first_field);
378 /* set length in octets */
380 ipfix_set_id_length (2 /* set_id */ , (u8 *) f - (u8 *) s);
382 /* message length in octets */
383 h->version_length = version_length ((u8 *) f - (u8 *) h);
385 ip->length = clib_host_to_net_u16 ((u8 *) f - (u8 *) ip);
386 ip->checksum = ip4_header_checksum (ip);
392 nat_template_rewrite_addr_exhausted (flow_report_main_t * frm,
394 ip4_address_t * collector_address,
395 ip4_address_t * src_address,
397 ipfix_report_element_t *elts,
398 u32 n_elts, u32 *stream_index)
400 return nat_template_rewrite (frm, fr, collector_address, src_address,
401 collector_port, NAT_ADDRESSES_EXHAUTED, 0);
405 nat_template_rewrite_nat44_session (flow_report_main_t * frm,
407 ip4_address_t * collector_address,
408 ip4_address_t * src_address,
410 ipfix_report_element_t *elts,
411 u32 n_elts, u32 *stream_index)
413 return nat_template_rewrite (frm, fr, collector_address, src_address,
414 collector_port, NAT44_SESSION_CREATE, 0);
418 nat_template_rewrite_max_entries_per_usr (flow_report_main_t * frm,
420 ip4_address_t * collector_address,
421 ip4_address_t * src_address,
423 ipfix_report_element_t *elts,
424 u32 n_elts, u32 *stream_index)
426 return nat_template_rewrite (frm, fr, collector_address, src_address,
427 collector_port, QUOTA_EXCEEDED,
428 MAX_ENTRIES_PER_USER);
432 nat_template_rewrite_max_sessions (flow_report_main_t * frm,
434 ip4_address_t * collector_address,
435 ip4_address_t * src_address,
437 ipfix_report_element_t *elts,
438 u32 n_elts, u32 *stream_index)
440 return nat_template_rewrite (frm, fr, collector_address, src_address,
441 collector_port, QUOTA_EXCEEDED,
442 MAX_SESSION_ENTRIES);
446 nat_template_rewrite_max_bibs (flow_report_main_t * frm,
448 ip4_address_t * collector_address,
449 ip4_address_t * src_address,
451 ipfix_report_element_t *elts,
452 u32 n_elts, u32 *stream_index)
454 return nat_template_rewrite (frm, fr, collector_address, src_address,
455 collector_port, QUOTA_EXCEEDED,
460 nat_template_rewrite_nat64_bib (flow_report_main_t * frm,
462 ip4_address_t * collector_address,
463 ip4_address_t * src_address,
465 ipfix_report_element_t *elts,
466 u32 n_elts, u32 *stream_index)
468 return nat_template_rewrite (frm, fr, collector_address, src_address,
469 collector_port, NAT64_BIB_CREATE, 0);
473 nat_template_rewrite_nat64_session (flow_report_main_t * frm,
475 ip4_address_t * collector_address,
476 ip4_address_t * src_address,
478 ipfix_report_element_t *elts,
479 u32 n_elts, u32 *stream_index)
481 return nat_template_rewrite (frm, fr, collector_address, src_address,
482 collector_port, NAT64_SESSION_CREATE, 0);
486 nat_ipfix_header_create (flow_report_main_t * frm,
487 vlib_buffer_t * b0, u32 * offset)
489 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
490 flow_report_stream_t *stream;
491 ip4_ipfix_template_packet_t *tp;
492 ipfix_message_header_t *h = 0;
493 ipfix_set_header_t *s = 0;
498 vlib_main_t *vm = vlib_get_main ();
500 stream_index = clib_atomic_fetch_or(&silm->stream_index, 0);
501 stream = &frm->streams[stream_index];
503 b0->current_data = 0;
504 b0->current_length = sizeof (*ip) + sizeof (*udp) + sizeof (*h) +
506 b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT);
507 vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
508 vnet_buffer (b0)->sw_if_index[VLIB_TX] = frm->fib_index;
509 tp = vlib_buffer_get_current (b0);
510 ip = (ip4_header_t *) & tp->ip4;
511 udp = (udp_header_t *) (ip + 1);
512 h = (ipfix_message_header_t *) (udp + 1);
513 s = (ipfix_set_header_t *) (h + 1);
515 ip->ip_version_and_header_length = 0x45;
517 ip->protocol = IP_PROTOCOL_UDP;
518 ip->flags_and_fragment_offset = 0;
519 ip->src_address.as_u32 = frm->src_address.as_u32;
520 ip->dst_address.as_u32 = frm->ipfix_collector.as_u32;
521 udp->src_port = clib_host_to_net_u16 (stream->src_port);
522 udp->dst_port = clib_host_to_net_u16 (frm->collector_port);
525 h->export_time = clib_host_to_net_u32 ((u32)
526 (((f64) frm->unix_time_0) +
527 (vlib_time_now (vm) -
530 sequence_number = clib_atomic_fetch_add (&stream->sequence_number, 1);
531 h->sequence_number = clib_host_to_net_u32 (sequence_number);
532 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
534 *offset = (u32) (((u8 *) (s + 1)) - (u8 *) tp);
538 nat_ipfix_send (u32 thread_index, flow_report_main_t * frm,
539 vlib_frame_t * f, vlib_buffer_t * b0, u16 template_id)
541 ip4_ipfix_template_packet_t *tp;
542 ipfix_message_header_t *h = 0;
543 ipfix_set_header_t *s = 0;
546 vlib_main_t *vm = vlib_mains[thread_index];
548 tp = vlib_buffer_get_current (b0);
549 ip = (ip4_header_t *) & tp->ip4;
550 udp = (udp_header_t *) (ip + 1);
551 h = (ipfix_message_header_t *) (udp + 1);
552 s = (ipfix_set_header_t *) (h + 1);
554 s->set_id_length = ipfix_set_id_length (template_id,
556 (sizeof (*ip) + sizeof (*udp) +
558 h->version_length = version_length (b0->current_length -
559 (sizeof (*ip) + sizeof (*udp)));
561 ip->length = clib_host_to_net_u16 (b0->current_length);
562 ip->checksum = ip4_header_checksum (ip);
563 udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
565 if (frm->udp_checksum)
567 udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
568 if (udp->checksum == 0)
569 udp->checksum = 0xffff;
572 ASSERT (ip4_header_checksum_is_valid (ip));
574 vlib_put_frame_to_node (vm, ip4_lookup_node.index, f);
578 nat_ipfix_logging_nat44_ses (u32 thread_index, u8 nat_event, u32 src_ip,
579 u32 nat_src_ip, nat_protocol_t nat_proto,
580 u16 src_port, u16 nat_src_port, u32 vrf_id,
583 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
584 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
585 flow_report_main_t *frm = &flow_report_main;
587 vlib_buffer_t *b0 = 0;
590 vlib_main_t *vm = vlib_mains[thread_index];
595 proto = nat_proto_to_ip_proto (nat_proto);
597 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
598 now += silm->milisecond_time_0;
600 b0 = sitd->nat44_session_buffer;
602 if (PREDICT_FALSE (b0 == 0))
607 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
609 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
613 b0 = sitd->nat44_session_buffer = vlib_get_buffer (vm, bi0);
614 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
619 bi0 = vlib_get_buffer_index (vm, b0);
620 offset = sitd->nat44_session_next_record_offset;
623 f = sitd->nat44_session_frame;
624 if (PREDICT_FALSE (f == 0))
627 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
628 sitd->nat44_session_frame = f;
629 to_next = vlib_frame_vector_args (f);
634 if (PREDICT_FALSE (offset == 0))
635 nat_ipfix_header_create (frm, b0, &offset);
637 if (PREDICT_TRUE (do_flush == 0))
639 u64 time_stamp = clib_host_to_net_u64 (now);
640 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
641 offset += sizeof (time_stamp);
643 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
644 offset += sizeof (nat_event);
646 clib_memcpy_fast (b0->data + offset, &src_ip, sizeof (src_ip));
647 offset += sizeof (src_ip);
649 clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
650 offset += sizeof (nat_src_ip);
652 clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
653 offset += sizeof (proto);
655 clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
656 offset += sizeof (src_port);
658 clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
659 offset += sizeof (nat_src_port);
661 vrf_id = clib_host_to_net_u32 (vrf_id);
662 clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
663 offset += sizeof (vrf_id);
665 b0->current_length += NAT44_SESSION_CREATE_LEN;
669 (do_flush || (offset + NAT44_SESSION_CREATE_LEN) > frm->path_mtu))
671 template_id = clib_atomic_fetch_or (
672 &silm->nat44_session_template_id,
674 nat_ipfix_send (thread_index, frm, f, b0, template_id);
675 sitd->nat44_session_frame = 0;
676 sitd->nat44_session_buffer = 0;
679 sitd->nat44_session_next_record_offset = offset;
683 nat_ipfix_logging_addr_exhausted (u32 thread_index, u32 pool_id, int do_flush)
685 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
686 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
687 flow_report_main_t *frm = &flow_report_main;
689 vlib_buffer_t *b0 = 0;
692 vlib_main_t *vm = vlib_mains[thread_index];
694 u8 nat_event = NAT_ADDRESSES_EXHAUTED;
697 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
698 now += silm->milisecond_time_0;
700 b0 = sitd->addr_exhausted_buffer;
702 if (PREDICT_FALSE (b0 == 0))
707 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
709 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
713 b0 = sitd->addr_exhausted_buffer = vlib_get_buffer (vm, bi0);
714 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
719 bi0 = vlib_get_buffer_index (vm, b0);
720 offset = sitd->addr_exhausted_next_record_offset;
723 f = sitd->addr_exhausted_frame;
724 if (PREDICT_FALSE (f == 0))
727 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
728 sitd->addr_exhausted_frame = f;
729 to_next = vlib_frame_vector_args (f);
734 if (PREDICT_FALSE (offset == 0))
735 nat_ipfix_header_create (frm, b0, &offset);
737 if (PREDICT_TRUE (do_flush == 0))
739 u64 time_stamp = clib_host_to_net_u64 (now);
740 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
741 offset += sizeof (time_stamp);
743 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
744 offset += sizeof (nat_event);
746 clib_memcpy_fast (b0->data + offset, &pool_id, sizeof (pool_id));
747 offset += sizeof (pool_id);
749 b0->current_length += NAT_ADDRESSES_EXHAUTED_LEN;
753 (do_flush || (offset + NAT_ADDRESSES_EXHAUTED_LEN) > frm->path_mtu))
755 template_id = clib_atomic_fetch_or (
756 &silm->addr_exhausted_template_id,
758 nat_ipfix_send (thread_index, frm, f, b0, template_id);
759 sitd->addr_exhausted_frame = 0;
760 sitd->addr_exhausted_buffer = 0;
763 sitd->addr_exhausted_next_record_offset = offset;
767 nat_ipfix_logging_max_entries_per_usr (u32 thread_index,
768 u32 limit, u32 src_ip, int do_flush)
770 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
771 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
772 flow_report_main_t *frm = &flow_report_main;
774 vlib_buffer_t *b0 = 0;
777 vlib_main_t *vm = vlib_mains[thread_index];
779 u8 nat_event = QUOTA_EXCEEDED;
780 u32 quota_event = MAX_ENTRIES_PER_USER;
783 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
784 now += silm->milisecond_time_0;
786 b0 = sitd->max_entries_per_user_buffer;
788 if (PREDICT_FALSE (b0 == 0))
793 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
795 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
799 b0 = sitd->max_entries_per_user_buffer = vlib_get_buffer (vm, bi0);
800 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
805 bi0 = vlib_get_buffer_index (vm, b0);
806 offset = sitd->max_entries_per_user_next_record_offset;
809 f = sitd->max_entries_per_user_frame;
810 if (PREDICT_FALSE (f == 0))
813 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
814 sitd->max_entries_per_user_frame = f;
815 to_next = vlib_frame_vector_args (f);
820 if (PREDICT_FALSE (offset == 0))
821 nat_ipfix_header_create (frm, b0, &offset);
823 if (PREDICT_TRUE (do_flush == 0))
825 u64 time_stamp = clib_host_to_net_u64 (now);
826 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
827 offset += sizeof (time_stamp);
829 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
830 offset += sizeof (nat_event);
832 clib_memcpy_fast (b0->data + offset, "a_event, sizeof (quota_event));
833 offset += sizeof (quota_event);
835 clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
836 offset += sizeof (limit);
838 clib_memcpy_fast (b0->data + offset, &src_ip, sizeof (src_ip));
839 offset += sizeof (src_ip);
841 b0->current_length += MAX_ENTRIES_PER_USER_LEN;
845 (do_flush || (offset + MAX_ENTRIES_PER_USER_LEN) > frm->path_mtu))
847 template_id = clib_atomic_fetch_or (
848 &silm->max_entries_per_user_template_id,
850 nat_ipfix_send (thread_index, frm, f, b0, template_id);
851 sitd->max_entries_per_user_frame = 0;
852 sitd->max_entries_per_user_buffer = 0;
855 sitd->max_entries_per_user_next_record_offset = offset;
859 nat_ipfix_logging_max_ses (u32 thread_index, u32 limit, int do_flush)
861 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
862 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
863 flow_report_main_t *frm = &flow_report_main;
865 vlib_buffer_t *b0 = 0;
868 vlib_main_t *vm = vlib_mains[thread_index];
870 u8 nat_event = QUOTA_EXCEEDED;
871 u32 quota_event = MAX_SESSION_ENTRIES;
874 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
875 now += silm->milisecond_time_0;
877 b0 = sitd->max_sessions_buffer;
879 if (PREDICT_FALSE (b0 == 0))
884 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
886 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
890 b0 = sitd->max_sessions_buffer = vlib_get_buffer (vm, bi0);
891 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
896 bi0 = vlib_get_buffer_index (vm, b0);
897 offset = sitd->max_sessions_next_record_offset;
900 f = sitd->max_sessions_frame;
901 if (PREDICT_FALSE (f == 0))
904 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
905 sitd->max_sessions_frame = f;
906 to_next = vlib_frame_vector_args (f);
911 if (PREDICT_FALSE (offset == 0))
912 nat_ipfix_header_create (frm, b0, &offset);
914 if (PREDICT_TRUE (do_flush == 0))
916 u64 time_stamp = clib_host_to_net_u64 (now);
917 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
918 offset += sizeof (time_stamp);
920 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
921 offset += sizeof (nat_event);
923 clib_memcpy_fast (b0->data + offset, "a_event, sizeof (quota_event));
924 offset += sizeof (quota_event);
926 clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
927 offset += sizeof (limit);
929 b0->current_length += MAX_SESSIONS_LEN;
933 (do_flush || (offset + MAX_SESSIONS_LEN) > frm->path_mtu))
935 template_id = clib_atomic_fetch_or (
936 &silm->max_sessions_template_id,
938 nat_ipfix_send (thread_index, frm, f, b0, template_id);
939 sitd->max_sessions_frame = 0;
940 sitd->max_sessions_buffer = 0;
943 sitd->max_sessions_next_record_offset = offset;
947 nat_ipfix_logging_max_bib (u32 thread_index, u32 limit, int do_flush)
949 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
950 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
951 flow_report_main_t *frm = &flow_report_main;
953 vlib_buffer_t *b0 = 0;
956 vlib_main_t *vm = vlib_mains[thread_index];
958 u8 nat_event = QUOTA_EXCEEDED;
959 u32 quota_event = MAX_BIB_ENTRIES;
962 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
963 now += silm->milisecond_time_0;
965 b0 = sitd->max_bibs_buffer;
967 if (PREDICT_FALSE (b0 == 0))
972 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
974 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
978 b0 = sitd->max_bibs_buffer = vlib_get_buffer (vm, bi0);
979 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
984 bi0 = vlib_get_buffer_index (vm, b0);
985 offset = sitd->max_bibs_next_record_offset;
988 f = sitd->max_bibs_frame;
989 if (PREDICT_FALSE (f == 0))
992 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
993 sitd->max_bibs_frame = f;
994 to_next = vlib_frame_vector_args (f);
999 if (PREDICT_FALSE (offset == 0))
1000 nat_ipfix_header_create (frm, b0, &offset);
1002 if (PREDICT_TRUE (do_flush == 0))
1004 u64 time_stamp = clib_host_to_net_u64 (now);
1005 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1006 offset += sizeof (time_stamp);
1008 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1009 offset += sizeof (nat_event);
1011 clib_memcpy_fast (b0->data + offset, "a_event, sizeof (quota_event));
1012 offset += sizeof (quota_event);
1014 clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
1015 offset += sizeof (limit);
1017 b0->current_length += MAX_BIBS_LEN;
1021 (do_flush || (offset + MAX_BIBS_LEN) > frm->path_mtu))
1023 template_id = clib_atomic_fetch_or (
1024 &silm->max_bibs_template_id,
1026 nat_ipfix_send (thread_index, frm, f, b0, template_id);
1027 sitd->max_bibs_frame = 0;
1028 sitd->max_bibs_buffer = 0;
1031 sitd->max_bibs_next_record_offset = offset;
1035 nat_ipfix_logging_nat64_bibe (u32 thread_index, u8 nat_event,
1036 ip6_address_t * src_ip, u32 nat_src_ip,
1037 u8 proto, u16 src_port, u16 nat_src_port,
1038 u32 vrf_id, int do_flush)
1040 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1041 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1042 flow_report_main_t *frm = &flow_report_main;
1044 vlib_buffer_t *b0 = 0;
1047 vlib_main_t *vm = vlib_mains[thread_index];
1051 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1052 now += silm->milisecond_time_0;
1054 b0 = sitd->nat64_bib_buffer;
1056 if (PREDICT_FALSE (b0 == 0))
1061 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1063 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1067 b0 = sitd->nat64_bib_buffer = vlib_get_buffer (vm, bi0);
1068 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
1073 bi0 = vlib_get_buffer_index (vm, b0);
1074 offset = sitd->nat64_bib_next_record_offset;
1077 f = sitd->nat64_bib_frame;
1078 if (PREDICT_FALSE (f == 0))
1081 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1082 sitd->nat64_bib_frame = f;
1083 to_next = vlib_frame_vector_args (f);
1088 if (PREDICT_FALSE (offset == 0))
1089 nat_ipfix_header_create (frm, b0, &offset);
1091 if (PREDICT_TRUE (do_flush == 0))
1093 u64 time_stamp = clib_host_to_net_u64 (now);
1094 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1095 offset += sizeof (time_stamp);
1097 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1098 offset += sizeof (nat_event);
1100 clib_memcpy_fast (b0->data + offset, src_ip, sizeof (ip6_address_t));
1101 offset += sizeof (ip6_address_t);
1103 clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
1104 offset += sizeof (nat_src_ip);
1106 clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
1107 offset += sizeof (proto);
1109 clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
1110 offset += sizeof (src_port);
1112 clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
1113 offset += sizeof (nat_src_port);
1115 vrf_id = clib_host_to_net_u32 (vrf_id);
1116 clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
1117 offset += sizeof (vrf_id);
1119 b0->current_length += NAT64_BIB_LEN;
1123 (do_flush || (offset + NAT64_BIB_LEN) > frm->path_mtu))
1125 template_id = clib_atomic_fetch_or (
1126 &silm->nat64_bib_template_id,
1128 nat_ipfix_send (thread_index, frm, f, b0, template_id);
1129 sitd->nat64_bib_frame = 0;
1130 sitd->nat64_bib_buffer = 0;
1133 sitd->nat64_bib_next_record_offset = offset;
1137 nat_ipfix_logging_nat64_ses (u32 thread_index, u8 nat_event,
1138 ip6_address_t * src_ip, u32 nat_src_ip,
1139 u8 proto, u16 src_port, u16 nat_src_port,
1140 ip6_address_t * dst_ip, u32 nat_dst_ip,
1141 u16 dst_port, u16 nat_dst_port,
1142 u32 vrf_id, int do_flush)
1144 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1145 nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1146 flow_report_main_t *frm = &flow_report_main;
1148 vlib_buffer_t *b0 = 0;
1151 vlib_main_t *vm = vlib_mains[thread_index];
1155 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1156 now += silm->milisecond_time_0;
1158 b0 = sitd->nat64_ses_buffer;
1160 if (PREDICT_FALSE (b0 == 0))
1165 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1167 //nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1171 b0 = sitd->nat64_ses_buffer = vlib_get_buffer (vm, bi0);
1172 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
1177 bi0 = vlib_get_buffer_index (vm, b0);
1178 offset = sitd->nat64_ses_next_record_offset;
1181 f = sitd->nat64_ses_frame;
1182 if (PREDICT_FALSE (f == 0))
1185 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1186 sitd->nat64_ses_frame = f;
1187 to_next = vlib_frame_vector_args (f);
1192 if (PREDICT_FALSE (offset == 0))
1193 nat_ipfix_header_create (frm, b0, &offset);
1195 if (PREDICT_TRUE (do_flush == 0))
1197 u64 time_stamp = clib_host_to_net_u64 (now);
1198 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1199 offset += sizeof (time_stamp);
1201 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1202 offset += sizeof (nat_event);
1204 clib_memcpy_fast (b0->data + offset, src_ip, sizeof (ip6_address_t));
1205 offset += sizeof (ip6_address_t);
1207 clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
1208 offset += sizeof (nat_src_ip);
1210 clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
1211 offset += sizeof (proto);
1213 clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
1214 offset += sizeof (src_port);
1216 clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
1217 offset += sizeof (nat_src_port);
1219 clib_memcpy_fast (b0->data + offset, dst_ip, sizeof (ip6_address_t));
1220 offset += sizeof (ip6_address_t);
1222 clib_memcpy_fast (b0->data + offset, &nat_dst_ip, sizeof (nat_dst_ip));
1223 offset += sizeof (nat_dst_ip);
1225 clib_memcpy_fast (b0->data + offset, &dst_port, sizeof (dst_port));
1226 offset += sizeof (dst_port);
1228 clib_memcpy_fast (b0->data + offset, &nat_dst_port, sizeof (nat_dst_port));
1229 offset += sizeof (nat_dst_port);
1231 vrf_id = clib_host_to_net_u32 (vrf_id);
1232 clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
1233 offset += sizeof (vrf_id);
1235 b0->current_length += NAT64_SES_LEN;
1239 (do_flush || (offset + NAT64_SES_LEN) > frm->path_mtu))
1241 template_id = clib_atomic_fetch_or (
1242 &silm->nat64_ses_template_id,
1244 nat_ipfix_send (thread_index, frm, f, b0, template_id);
1245 sitd->nat64_ses_frame = 0;
1246 sitd->nat64_ses_buffer = 0;
1249 sitd->nat64_ses_next_record_offset = offset;
1253 nat_ipfix_flush (u32 thread_index)
1257 nat_ipfix_logging_nat44_ses (thread_index,
1258 0, 0, 0, 0, 0, 0, 0, do_flush);
1259 nat_ipfix_logging_addr_exhausted (thread_index, 0, do_flush);
1260 nat_ipfix_logging_max_entries_per_usr (thread_index, 0, 0, do_flush);
1261 nat_ipfix_logging_max_ses (thread_index, 0, do_flush);
1262 nat_ipfix_logging_max_bib (thread_index, 0, do_flush);
1263 nat_ipfix_logging_nat64_bibe (thread_index,
1264 0, 0, 0, 0, 0, 0, 0, do_flush);
1265 nat_ipfix_logging_nat64_ses (thread_index,
1266 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, do_flush);
1270 nat_ipfix_flush_from_main (void)
1272 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1273 vlib_main_t *worker_vm;
1276 if (PREDICT_TRUE (!clib_atomic_fetch_or(&silm->enabled, 0)))
1279 if (PREDICT_FALSE (!silm->worker_vms))
1281 for (i = 1; i < vec_len (vlib_mains); i++)
1283 worker_vm = vlib_mains[i];
1285 vec_add1 (silm->worker_vms, worker_vm);
1289 /* Trigger flush for each worker thread */
1290 for (i = 0; i < vec_len (silm->worker_vms); i++)
1292 worker_vm = silm->worker_vms[i];
1294 vlib_node_set_interrupt_pending (worker_vm,
1295 nat_ipfix_flush_node.index);
1298 /* Finally flush main thread */
1299 nat_ipfix_flush (0);
1303 * @brief Generate NAT44 session create event
1305 * @param thread_index thread index
1306 * @param src_ip source IPv4 address
1307 * @param nat_src_ip transaltes source IPv4 address
1308 * @param nat_proto NAT transport protocol
1309 * @param src_port source port
1310 * @param nat_src_port translated source port
1311 * @param vrf_id VRF ID
1314 nat_ipfix_logging_nat44_ses_create (u32 thread_index,
1317 nat_protocol_t nat_proto,
1319 u16 nat_src_port, u32 vrf_id)
1321 skip_if_disabled ();
1323 nat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_CREATE, src_ip,
1324 nat_src_ip, nat_proto, src_port, nat_src_port,
1329 * @brief Generate NAT44 session delete event
1331 * @param thread_index thread index
1332 * @param src_ip source IPv4 address
1333 * @param nat_src_ip transaltes source IPv4 address
1334 * @param nat_proto NAT transport protocol
1335 * @param src_port source port
1336 * @param nat_src_port translated source port
1337 * @param vrf_id VRF ID
1340 nat_ipfix_logging_nat44_ses_delete (u32 thread_index,
1343 nat_protocol_t nat_proto,
1345 u16 nat_src_port, u32 vrf_id)
1347 skip_if_disabled ();
1349 nat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_DELETE, src_ip,
1350 nat_src_ip, nat_proto, src_port, nat_src_port,
1355 * @brief Generate NAT addresses exhausted event
1357 * @param thread_index thread index
1358 * @param pool_id NAT pool ID
1361 nat_ipfix_logging_addresses_exhausted (u32 thread_index, u32 pool_id)
1363 //TODO: This event SHOULD be rate limited
1364 skip_if_disabled ();
1366 nat_ipfix_logging_addr_exhausted (thread_index, pool_id, 0);
1370 * @brief Generate maximum entries per user exceeded event
1372 * @param thread_index thread index
1373 * @param limit maximum NAT entries that can be created per user
1374 * @param src_ip source IPv4 address
1377 nat_ipfix_logging_max_entries_per_user (u32 thread_index, u32 limit, u32 src_ip)
1379 //TODO: This event SHOULD be rate limited
1380 skip_if_disabled ();
1382 nat_ipfix_logging_max_entries_per_usr (thread_index, limit, src_ip, 0);
1386 deterministic_nat_data_callback
1387 (flow_report_main_t * frm,
1390 u32 * to_next, u32 node_index)
1392 nat_ipfix_flush_from_main();
1398 * @brief Generate maximum session entries exceeded event
1400 * @param thread_index thread index
1401 * @param limit configured limit
1404 nat_ipfix_logging_max_sessions (u32 thread_index, u32 limit)
1406 //TODO: This event SHOULD be rate limited
1407 skip_if_disabled ();
1409 nat_ipfix_logging_max_ses (thread_index, limit, 0);
1413 * @brief Generate maximum BIB entries exceeded event
1415 * @param thread_index thread index
1416 * @param limit configured limit
1419 nat_ipfix_logging_max_bibs (u32 thread_index, u32 limit)
1421 //TODO: This event SHOULD be rate limited
1422 skip_if_disabled ();
1424 nat_ipfix_logging_max_bib (thread_index, limit, 0);
1428 * @brief Generate NAT64 BIB create and delete events
1430 * @param thread_index thread index
1431 * @param src_ip source IPv6 address
1432 * @param nat_src_ip transaltes source IPv4 address
1433 * @param proto L4 protocol
1434 * @param src_port source port
1435 * @param nat_src_port translated source port
1436 * @param vrf_id VRF ID
1437 * @param is_create non-zero value if create event otherwise delete event
1440 nat_ipfix_logging_nat64_bib (u32 thread_index, ip6_address_t * src_ip,
1441 ip4_address_t * nat_src_ip, u8 proto,
1442 u16 src_port, u16 nat_src_port, u32 vrf_id,
1447 skip_if_disabled ();
1449 nat_event = is_create ? NAT64_BIB_CREATE : NAT64_BIB_DELETE;
1451 nat_ipfix_logging_nat64_bibe (thread_index, nat_event, src_ip,
1452 nat_src_ip->as_u32, proto, src_port,
1453 nat_src_port, vrf_id, 0);
1457 * @brief Generate NAT64 session create and delete events
1459 * @param thread_index thread index
1460 * @param src_ip source IPv6 address
1461 * @param nat_src_ip transaltes source IPv4 address
1462 * @param proto L4 protocol
1463 * @param src_port source port
1464 * @param nat_src_port translated source port
1465 * @param dst_ip destination IPv6 address
1466 * @param nat_dst_ip destination IPv4 address
1467 * @param dst_port destination port
1468 * @param nat_dst_port translated destination port
1469 * @param vrf_id VRF ID
1470 * @param is_create non-zero value if create event otherwise delete event
1473 nat_ipfix_logging_nat64_session (u32 thread_index,
1474 ip6_address_t * src_ip,
1475 ip4_address_t * nat_src_ip, u8 proto,
1476 u16 src_port, u16 nat_src_port,
1477 ip6_address_t * dst_ip,
1478 ip4_address_t * nat_dst_ip, u16 dst_port,
1479 u16 nat_dst_port, u32 vrf_id, u8 is_create)
1483 skip_if_disabled ();
1485 nat_event = is_create ? NAT64_SESSION_CREATE : NAT64_SESSION_DELETE;
1487 nat_ipfix_logging_nat64_ses (thread_index, nat_event, src_ip,
1488 nat_src_ip->as_u32, proto, src_port,
1489 nat_src_port, dst_ip, nat_dst_ip->as_u32,
1490 dst_port, nat_dst_port, vrf_id, 0);
1494 data_callback (flow_report_main_t * frm, flow_report_t * fr,
1495 vlib_frame_t * f, u32 * to_next, u32 node_index)
1497 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1499 if (PREDICT_FALSE (++silm->call_counter >= vec_len (frm->reports)))
1501 nat_ipfix_flush_from_main();
1502 silm->call_counter = 0;
1509 * @brief Enable/disable NAT plugin IPFIX logging
1511 * @param enable 1 if enable, 0 if disable
1512 * @param domain_id observation domain ID
1513 * @param src_port source port number
1515 * @returns 0 if success
1518 nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port)
1520 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1521 flow_report_main_t *frm = &flow_report_main;
1522 vnet_flow_report_add_del_args_t a;
1524 u8 e = enable ? 1 : 0;
1526 if (clib_atomic_cmp_and_swap (&silm->enabled, e ^ 1, e) == e)
1529 clib_memset (&a, 0, sizeof (a));
1531 a.domain_id = domain_id ? domain_id : 1;
1532 a.src_port = src_port ? src_port : UDP_DST_PORT_ipfix;
1533 a.flow_data_callback = data_callback;
1535 a.rewrite_callback = nat_template_rewrite_nat44_session;
1536 rv = vnet_flow_report_add_del (frm, &a, NULL);
1539 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1543 a.rewrite_callback = nat_template_rewrite_addr_exhausted;
1544 rv = vnet_flow_report_add_del (frm, &a, NULL);
1547 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1551 a.rewrite_callback = nat_template_rewrite_max_sessions;
1552 rv = vnet_flow_report_add_del (frm, &a, NULL);
1555 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1559 a.rewrite_callback = nat_template_rewrite_max_bibs;
1560 rv = vnet_flow_report_add_del (frm, &a, NULL);
1563 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1567 a.rewrite_callback = nat_template_rewrite_nat64_bib;
1568 rv = vnet_flow_report_add_del (frm, &a, NULL);
1571 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1575 a.rewrite_callback = nat_template_rewrite_nat64_session;
1576 rv = vnet_flow_report_add_del (frm, &a, NULL);
1579 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1583 // if endpoint dependent per user max entries is also required
1585 a.rewrite_callback = nat_template_rewrite_max_entries_per_usr;
1586 rv = vnet_flow_report_add_del (frm, &a, NULL);
1589 //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1598 * @brief Initialize NAT plugin IPFIX logging
1600 * @param vm vlib main
1603 nat_ipfix_logging_init (vlib_main_t * vm)
1605 nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
1606 vlib_thread_main_t *tm = vlib_get_thread_main ();
1609 silm->worker_vms = 0;
1610 silm->call_counter = 0;
1612 /* Set up time reference pair */
1613 silm->vlib_time_0 = vlib_time_now (vm);
1614 silm->milisecond_time_0 = unix_time_now_nsec () * 1e-6;
1616 vec_validate (silm->per_thread_data, tm->n_vlib_mains - 1);
1620 ipfix_flush_process (vlib_main_t *vm,
1621 vlib_node_runtime_t *rt,
1624 nat_ipfix_flush(vm->thread_index);
1629 VLIB_REGISTER_NODE (nat_ipfix_flush_node) = {
1630 .function = ipfix_flush_process,
1631 .name = "nat-ipfix-flush",
1632 .type = VLIB_NODE_TYPE_INPUT,
1633 .state = VLIB_NODE_STATE_INTERRUPT,