2 * nat_ipfix_logging.c - NAT Events IPFIX logging
4 * Copyright (c) 2016 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/ipfix-export/flow_report.h>
19 #include <vlibmemory/api.h>
20 #include <nat/nat_inlines.h>
21 #include <nat/nat_ipfix_logging.h>
22 #include <vppinfra/atomics.h>
24 vlib_node_registration_t snat_ipfix_flush_node;
25 snat_ipfix_logging_main_t snat_ipfix_logging_main;
27 #define NAT44_SESSION_CREATE_LEN 26
28 #define NAT_ADDRESSES_EXHAUTED_LEN 13
29 #define MAX_ENTRIES_PER_USER_LEN 21
30 #define MAX_SESSIONS_LEN 17
31 #define MAX_BIBS_LEN 17
32 #define MAX_FRAGMENTS_IP4_LEN 21
33 #define MAX_FRAGMENTS_IP6_LEN 33
34 #define NAT64_BIB_LEN 38
35 #define NAT64_SES_LEN 62
37 #define NAT44_SESSION_CREATE_FIELD_COUNT 8
38 #define NAT_ADDRESSES_EXHAUTED_FIELD_COUNT 3
39 #define MAX_ENTRIES_PER_USER_FIELD_COUNT 5
40 #define MAX_SESSIONS_FIELD_COUNT 4
41 #define MAX_BIBS_FIELD_COUNT 4
42 #define MAX_FRAGMENTS_FIELD_COUNT 5
43 #define NAT64_BIB_FIELD_COUNT 8
44 #define NAT64_SES_FIELD_COUNT 12
51 nat_protocol_t nat_proto;
55 } snat_ipfix_logging_nat44_ses_args_t;
60 } snat_ipfix_logging_addr_exhausted_args_t;
66 } snat_ipfix_logging_max_entries_per_user_args_t;
71 } nat_ipfix_logging_max_sessions_args_t;
76 } nat_ipfix_logging_max_bibs_args_t;
82 } nat_ipfix_logging_max_frags_ip4_args_t;
88 } nat_ipfix_logging_max_frags_ip6_args_t;
103 } nat_ipfix_logging_nat64_ses_args_t;
114 } nat_ipfix_logging_nat64_bib_args_t;
116 #define skip_if_disabled() \
118 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main; \
119 if (PREDICT_TRUE (!clib_atomic_fetch_or(&silm->enabled, 0))) \
123 #define update_template_id(old_id, new_id) \
125 u16 template_id = clib_atomic_fetch_or(old_id, 0); \
126 clib_atomic_cmp_and_swap(old_id, template_id, new_id); \
130 * @brief Create an IPFIX template packet rewrite string
132 * @param frm flow report main
133 * @param fr flow report
134 * @param collector_address collector address
135 * @param src_address source address
136 * @param collector_port collector
137 * @param event NAT event ID
138 * @param quota_event NAT quota exceeded event ID
140 * @returns template packet
143 snat_template_rewrite (flow_report_main_t * frm,
145 ip4_address_t * collector_address,
146 ip4_address_t * src_address,
148 nat_event_t event, quota_exceed_event_t quota_event)
150 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
153 ipfix_message_header_t *h;
154 ipfix_set_header_t *s;
155 ipfix_template_header_t *t;
156 ipfix_field_specifier_t *f;
157 ipfix_field_specifier_t *first_field;
159 ip4_ipfix_template_packet_t *tp;
161 flow_report_stream_t *stream;
164 stream = &frm->streams[fr->stream_index];
166 stream_index = clib_atomic_fetch_or(&silm->stream_index, 0);
167 clib_atomic_cmp_and_swap (&silm->stream_index,
168 stream_index, fr->stream_index);
170 if (event == NAT_ADDRESSES_EXHAUTED)
172 field_count = NAT_ADDRESSES_EXHAUTED_FIELD_COUNT;
174 update_template_id(&silm->addr_exhausted_template_id,
177 else if (event == NAT44_SESSION_CREATE)
179 field_count = NAT44_SESSION_CREATE_FIELD_COUNT;
181 update_template_id(&silm->nat44_session_template_id,
184 else if (event == NAT64_BIB_CREATE)
186 field_count = NAT64_BIB_FIELD_COUNT;
188 update_template_id(&silm->nat64_bib_template_id,
191 else if (event == NAT64_SESSION_CREATE)
193 field_count = NAT64_SES_FIELD_COUNT;
195 update_template_id(&silm->nat64_ses_template_id,
198 else if (event == QUOTA_EXCEEDED)
200 if (quota_event == MAX_ENTRIES_PER_USER)
202 field_count = MAX_ENTRIES_PER_USER_FIELD_COUNT;
204 update_template_id(&silm->max_entries_per_user_template_id,
208 else if (quota_event == MAX_SESSION_ENTRIES)
210 field_count = MAX_SESSIONS_FIELD_COUNT;
212 update_template_id(&silm->max_sessions_template_id,
215 else if (quota_event == MAX_BIB_ENTRIES)
217 field_count = MAX_BIBS_FIELD_COUNT;
219 update_template_id(&silm->max_bibs_template_id,
224 /* allocate rewrite space */
225 vec_validate_aligned (rewrite,
226 sizeof (ip4_ipfix_template_packet_t)
227 + field_count * sizeof (ipfix_field_specifier_t) - 1,
228 CLIB_CACHE_LINE_BYTES);
230 tp = (ip4_ipfix_template_packet_t *) rewrite;
231 ip = (ip4_header_t *) & tp->ip4;
232 udp = (udp_header_t *) (ip + 1);
233 h = (ipfix_message_header_t *) (udp + 1);
234 s = (ipfix_set_header_t *) (h + 1);
235 t = (ipfix_template_header_t *) (s + 1);
236 first_field = f = (ipfix_field_specifier_t *) (t + 1);
238 ip->ip_version_and_header_length = 0x45;
240 ip->protocol = IP_PROTOCOL_UDP;
241 ip->src_address.as_u32 = src_address->as_u32;
242 ip->dst_address.as_u32 = collector_address->as_u32;
243 udp->src_port = clib_host_to_net_u16 (stream->src_port);
244 udp->dst_port = clib_host_to_net_u16 (collector_port);
245 udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip));
247 /* FIXUP: message header export_time */
248 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
250 /* Add TLVs to the template */
251 if (event == NAT_ADDRESSES_EXHAUTED)
253 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
255 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
257 f->e_id_length = ipfix_e_id_length (0, natPoolId, 4);
260 else if (event == NAT44_SESSION_CREATE)
262 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
264 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
266 f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
268 f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
270 f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
272 f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
274 f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
276 f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
279 else if (event == NAT64_BIB_CREATE)
281 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
283 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
285 f->e_id_length = ipfix_e_id_length (0, sourceIPv6Address, 16);
287 f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
289 f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
291 f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
293 f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
295 f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
298 else if (event == NAT64_SESSION_CREATE)
300 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
302 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
304 f->e_id_length = ipfix_e_id_length (0, sourceIPv6Address, 16);
306 f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
308 f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
310 f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
312 f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
314 f->e_id_length = ipfix_e_id_length (0, destinationIPv6Address, 16);
316 f->e_id_length = ipfix_e_id_length (0, postNATDestinationIPv4Address, 4);
318 f->e_id_length = ipfix_e_id_length (0, destinationTransportPort, 2);
320 f->e_id_length = ipfix_e_id_length (0, postNAPTDestinationTransportPort,
323 f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
326 else if (event == QUOTA_EXCEEDED)
328 if (quota_event == MAX_ENTRIES_PER_USER)
330 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
333 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
335 f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
337 f->e_id_length = ipfix_e_id_length (0, maxEntriesPerUser, 4);
339 f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
342 else if (quota_event == MAX_SESSION_ENTRIES)
344 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
347 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
349 f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
351 f->e_id_length = ipfix_e_id_length (0, maxSessionEntries, 4);
354 else if (quota_event == MAX_BIB_ENTRIES)
356 f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
359 f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
361 f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
363 f->e_id_length = ipfix_e_id_length (0, maxBIBEntries, 4);
368 /* Back to the template packet... */
369 ip = (ip4_header_t *) & tp->ip4;
370 udp = (udp_header_t *) (ip + 1);
372 ASSERT (f - first_field);
373 /* Field count in this template */
374 t->id_count = ipfix_id_count (fr->template_id, f - first_field);
376 /* set length in octets */
378 ipfix_set_id_length (2 /* set_id */ , (u8 *) f - (u8 *) s);
380 /* message length in octets */
381 h->version_length = version_length ((u8 *) f - (u8 *) h);
383 ip->length = clib_host_to_net_u16 ((u8 *) f - (u8 *) ip);
384 ip->checksum = ip4_header_checksum (ip);
390 snat_template_rewrite_addr_exhausted (flow_report_main_t * frm,
392 ip4_address_t * collector_address,
393 ip4_address_t * src_address,
395 ipfix_report_element_t *elts,
396 u32 n_elts, u32 *stream_index)
398 return snat_template_rewrite (frm, fr, collector_address, src_address,
399 collector_port, NAT_ADDRESSES_EXHAUTED, 0);
403 snat_template_rewrite_nat44_session (flow_report_main_t * frm,
405 ip4_address_t * collector_address,
406 ip4_address_t * src_address,
408 ipfix_report_element_t *elts,
409 u32 n_elts, u32 *stream_index)
411 return snat_template_rewrite (frm, fr, collector_address, src_address,
412 collector_port, NAT44_SESSION_CREATE, 0);
416 snat_template_rewrite_max_entries_per_usr (flow_report_main_t * frm,
418 ip4_address_t * collector_address,
419 ip4_address_t * src_address,
421 ipfix_report_element_t *elts,
422 u32 n_elts, u32 *stream_index)
424 return snat_template_rewrite (frm, fr, collector_address, src_address,
425 collector_port, QUOTA_EXCEEDED,
426 MAX_ENTRIES_PER_USER);
430 nat_template_rewrite_max_sessions (flow_report_main_t * frm,
432 ip4_address_t * collector_address,
433 ip4_address_t * src_address,
435 ipfix_report_element_t *elts,
436 u32 n_elts, u32 *stream_index)
438 return snat_template_rewrite (frm, fr, collector_address, src_address,
439 collector_port, QUOTA_EXCEEDED,
440 MAX_SESSION_ENTRIES);
444 nat_template_rewrite_max_bibs (flow_report_main_t * frm,
446 ip4_address_t * collector_address,
447 ip4_address_t * src_address,
449 ipfix_report_element_t *elts,
450 u32 n_elts, u32 *stream_index)
452 return snat_template_rewrite (frm, fr, collector_address, src_address,
453 collector_port, QUOTA_EXCEEDED,
458 nat_template_rewrite_nat64_bib (flow_report_main_t * frm,
460 ip4_address_t * collector_address,
461 ip4_address_t * src_address,
463 ipfix_report_element_t *elts,
464 u32 n_elts, u32 *stream_index)
466 return snat_template_rewrite (frm, fr, collector_address, src_address,
467 collector_port, NAT64_BIB_CREATE, 0);
471 nat_template_rewrite_nat64_session (flow_report_main_t * frm,
473 ip4_address_t * collector_address,
474 ip4_address_t * src_address,
476 ipfix_report_element_t *elts,
477 u32 n_elts, u32 *stream_index)
479 return snat_template_rewrite (frm, fr, collector_address, src_address,
480 collector_port, NAT64_SESSION_CREATE, 0);
484 snat_ipfix_header_create (flow_report_main_t * frm,
485 vlib_buffer_t * b0, u32 * offset)
487 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
488 flow_report_stream_t *stream;
489 ip4_ipfix_template_packet_t *tp;
490 ipfix_message_header_t *h = 0;
491 ipfix_set_header_t *s = 0;
496 vlib_main_t *vm = vlib_get_main ();
498 stream_index = clib_atomic_fetch_or(&silm->stream_index, 0);
499 stream = &frm->streams[stream_index];
501 b0->current_data = 0;
502 b0->current_length = sizeof (*ip) + sizeof (*udp) + sizeof (*h) +
504 b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT);
505 vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
506 vnet_buffer (b0)->sw_if_index[VLIB_TX] = frm->fib_index;
507 tp = vlib_buffer_get_current (b0);
508 ip = (ip4_header_t *) & tp->ip4;
509 udp = (udp_header_t *) (ip + 1);
510 h = (ipfix_message_header_t *) (udp + 1);
511 s = (ipfix_set_header_t *) (h + 1);
513 ip->ip_version_and_header_length = 0x45;
515 ip->protocol = IP_PROTOCOL_UDP;
516 ip->flags_and_fragment_offset = 0;
517 ip->src_address.as_u32 = frm->src_address.as_u32;
518 ip->dst_address.as_u32 = frm->ipfix_collector.as_u32;
519 udp->src_port = clib_host_to_net_u16 (stream->src_port);
520 udp->dst_port = clib_host_to_net_u16 (frm->collector_port);
523 h->export_time = clib_host_to_net_u32 ((u32)
524 (((f64) frm->unix_time_0) +
525 (vlib_time_now (vm) -
528 sequence_number = clib_atomic_fetch_add (&stream->sequence_number, 1);
529 h->sequence_number = clib_host_to_net_u32 (sequence_number);
530 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
532 *offset = (u32) (((u8 *) (s + 1)) - (u8 *) tp);
536 snat_ipfix_send (u32 thread_index, flow_report_main_t * frm,
537 vlib_frame_t * f, vlib_buffer_t * b0, u16 template_id)
539 ip4_ipfix_template_packet_t *tp;
540 ipfix_message_header_t *h = 0;
541 ipfix_set_header_t *s = 0;
544 vlib_main_t *vm = vlib_mains[thread_index];
546 tp = vlib_buffer_get_current (b0);
547 ip = (ip4_header_t *) & tp->ip4;
548 udp = (udp_header_t *) (ip + 1);
549 h = (ipfix_message_header_t *) (udp + 1);
550 s = (ipfix_set_header_t *) (h + 1);
552 s->set_id_length = ipfix_set_id_length (template_id,
554 (sizeof (*ip) + sizeof (*udp) +
556 h->version_length = version_length (b0->current_length -
557 (sizeof (*ip) + sizeof (*udp)));
559 ip->length = clib_host_to_net_u16 (b0->current_length);
560 ip->checksum = ip4_header_checksum (ip);
561 udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
563 if (frm->udp_checksum)
565 udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
566 if (udp->checksum == 0)
567 udp->checksum = 0xffff;
570 ASSERT (ip->checksum == ip4_header_checksum (ip));
572 vlib_put_frame_to_node (vm, ip4_lookup_node.index, f);
576 snat_ipfix_logging_nat44_ses (u32 thread_index, u8 nat_event, u32 src_ip,
577 u32 nat_src_ip, nat_protocol_t nat_proto,
578 u16 src_port, u16 nat_src_port, u32 vrf_id,
581 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
582 snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
583 flow_report_main_t *frm = &flow_report_main;
585 vlib_buffer_t *b0 = 0;
588 vlib_main_t *vm = vlib_mains[thread_index];
593 proto = nat_proto_to_ip_proto (nat_proto);
595 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
596 now += silm->milisecond_time_0;
598 b0 = sitd->nat44_session_buffer;
600 if (PREDICT_FALSE (b0 == 0))
605 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
607 nat_elog_err ("can't allocate buffer for NAT IPFIX event");
611 b0 = sitd->nat44_session_buffer = vlib_get_buffer (vm, bi0);
612 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
617 bi0 = vlib_get_buffer_index (vm, b0);
618 offset = sitd->nat44_session_next_record_offset;
621 f = sitd->nat44_session_frame;
622 if (PREDICT_FALSE (f == 0))
625 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
626 sitd->nat44_session_frame = f;
627 to_next = vlib_frame_vector_args (f);
632 if (PREDICT_FALSE (offset == 0))
633 snat_ipfix_header_create (frm, b0, &offset);
635 if (PREDICT_TRUE (do_flush == 0))
637 u64 time_stamp = clib_host_to_net_u64 (now);
638 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
639 offset += sizeof (time_stamp);
641 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
642 offset += sizeof (nat_event);
644 clib_memcpy_fast (b0->data + offset, &src_ip, sizeof (src_ip));
645 offset += sizeof (src_ip);
647 clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
648 offset += sizeof (nat_src_ip);
650 clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
651 offset += sizeof (proto);
653 clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
654 offset += sizeof (src_port);
656 clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
657 offset += sizeof (nat_src_port);
659 clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
660 offset += sizeof (vrf_id);
662 b0->current_length += NAT44_SESSION_CREATE_LEN;
666 (do_flush || (offset + NAT44_SESSION_CREATE_LEN) > frm->path_mtu))
668 template_id = clib_atomic_fetch_or (
669 &silm->nat44_session_template_id,
671 snat_ipfix_send (thread_index, frm, f, b0, template_id);
672 sitd->nat44_session_frame = 0;
673 sitd->nat44_session_buffer = 0;
676 sitd->nat44_session_next_record_offset = offset;
680 snat_ipfix_logging_addr_exhausted (u32 thread_index, u32 pool_id, int do_flush)
682 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
683 snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
684 flow_report_main_t *frm = &flow_report_main;
686 vlib_buffer_t *b0 = 0;
689 vlib_main_t *vm = vlib_mains[thread_index];
691 u8 nat_event = NAT_ADDRESSES_EXHAUTED;
694 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
695 now += silm->milisecond_time_0;
697 b0 = sitd->addr_exhausted_buffer;
699 if (PREDICT_FALSE (b0 == 0))
704 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
706 nat_elog_err ("can't allocate buffer for NAT IPFIX event");
710 b0 = sitd->addr_exhausted_buffer = vlib_get_buffer (vm, bi0);
711 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
716 bi0 = vlib_get_buffer_index (vm, b0);
717 offset = sitd->addr_exhausted_next_record_offset;
720 f = sitd->addr_exhausted_frame;
721 if (PREDICT_FALSE (f == 0))
724 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
725 sitd->addr_exhausted_frame = f;
726 to_next = vlib_frame_vector_args (f);
731 if (PREDICT_FALSE (offset == 0))
732 snat_ipfix_header_create (frm, b0, &offset);
734 if (PREDICT_TRUE (do_flush == 0))
736 u64 time_stamp = clib_host_to_net_u64 (now);
737 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
738 offset += sizeof (time_stamp);
740 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
741 offset += sizeof (nat_event);
743 clib_memcpy_fast (b0->data + offset, &pool_id, sizeof (pool_id));
744 offset += sizeof (pool_id);
746 b0->current_length += NAT_ADDRESSES_EXHAUTED_LEN;
750 (do_flush || (offset + NAT_ADDRESSES_EXHAUTED_LEN) > frm->path_mtu))
752 template_id = clib_atomic_fetch_or (
753 &silm->addr_exhausted_template_id,
755 snat_ipfix_send (thread_index, frm, f, b0, template_id);
756 sitd->addr_exhausted_frame = 0;
757 sitd->addr_exhausted_buffer = 0;
760 sitd->addr_exhausted_next_record_offset = offset;
764 snat_ipfix_logging_max_entries_per_usr (u32 thread_index,
765 u32 limit, u32 src_ip, int do_flush)
767 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
768 snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
769 flow_report_main_t *frm = &flow_report_main;
771 vlib_buffer_t *b0 = 0;
774 vlib_main_t *vm = vlib_mains[thread_index];
776 u8 nat_event = QUOTA_EXCEEDED;
777 u32 quota_event = MAX_ENTRIES_PER_USER;
780 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
781 now += silm->milisecond_time_0;
783 b0 = sitd->max_entries_per_user_buffer;
785 if (PREDICT_FALSE (b0 == 0))
790 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
792 nat_elog_err ("can't allocate buffer for NAT IPFIX event");
796 b0 = sitd->max_entries_per_user_buffer = vlib_get_buffer (vm, bi0);
797 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
802 bi0 = vlib_get_buffer_index (vm, b0);
803 offset = sitd->max_entries_per_user_next_record_offset;
806 f = sitd->max_entries_per_user_frame;
807 if (PREDICT_FALSE (f == 0))
810 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
811 sitd->max_entries_per_user_frame = f;
812 to_next = vlib_frame_vector_args (f);
817 if (PREDICT_FALSE (offset == 0))
818 snat_ipfix_header_create (frm, b0, &offset);
820 if (PREDICT_TRUE (do_flush == 0))
822 u64 time_stamp = clib_host_to_net_u64 (now);
823 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
824 offset += sizeof (time_stamp);
826 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
827 offset += sizeof (nat_event);
829 clib_memcpy_fast (b0->data + offset, "a_event, sizeof (quota_event));
830 offset += sizeof (quota_event);
832 clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
833 offset += sizeof (limit);
835 clib_memcpy_fast (b0->data + offset, &src_ip, sizeof (src_ip));
836 offset += sizeof (src_ip);
838 b0->current_length += MAX_ENTRIES_PER_USER_LEN;
842 (do_flush || (offset + MAX_ENTRIES_PER_USER_LEN) > frm->path_mtu))
844 template_id = clib_atomic_fetch_or (
845 &silm->max_entries_per_user_template_id,
847 snat_ipfix_send (thread_index, frm, f, b0, template_id);
848 sitd->max_entries_per_user_frame = 0;
849 sitd->max_entries_per_user_buffer = 0;
852 sitd->max_entries_per_user_next_record_offset = offset;
856 nat_ipfix_logging_max_ses (u32 thread_index, u32 limit, int do_flush)
858 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
859 snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
860 flow_report_main_t *frm = &flow_report_main;
862 vlib_buffer_t *b0 = 0;
865 vlib_main_t *vm = vlib_mains[thread_index];
867 u8 nat_event = QUOTA_EXCEEDED;
868 u32 quota_event = MAX_SESSION_ENTRIES;
871 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
872 now += silm->milisecond_time_0;
874 b0 = sitd->max_sessions_buffer;
876 if (PREDICT_FALSE (b0 == 0))
881 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
883 nat_elog_err ("can't allocate buffer for NAT IPFIX event");
887 b0 = sitd->max_sessions_buffer = vlib_get_buffer (vm, bi0);
888 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
893 bi0 = vlib_get_buffer_index (vm, b0);
894 offset = sitd->max_sessions_next_record_offset;
897 f = sitd->max_sessions_frame;
898 if (PREDICT_FALSE (f == 0))
901 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
902 sitd->max_sessions_frame = f;
903 to_next = vlib_frame_vector_args (f);
908 if (PREDICT_FALSE (offset == 0))
909 snat_ipfix_header_create (frm, b0, &offset);
911 if (PREDICT_TRUE (do_flush == 0))
913 u64 time_stamp = clib_host_to_net_u64 (now);
914 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
915 offset += sizeof (time_stamp);
917 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
918 offset += sizeof (nat_event);
920 clib_memcpy_fast (b0->data + offset, "a_event, sizeof (quota_event));
921 offset += sizeof (quota_event);
923 clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
924 offset += sizeof (limit);
926 b0->current_length += MAX_SESSIONS_LEN;
930 (do_flush || (offset + MAX_SESSIONS_LEN) > frm->path_mtu))
932 template_id = clib_atomic_fetch_or (
933 &silm->max_sessions_template_id,
935 snat_ipfix_send (thread_index, frm, f, b0, template_id);
936 sitd->max_sessions_frame = 0;
937 sitd->max_sessions_buffer = 0;
940 sitd->max_sessions_next_record_offset = offset;
944 nat_ipfix_logging_max_bib (u32 thread_index, u32 limit, int do_flush)
946 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
947 snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
948 flow_report_main_t *frm = &flow_report_main;
950 vlib_buffer_t *b0 = 0;
953 vlib_main_t *vm = vlib_mains[thread_index];
955 u8 nat_event = QUOTA_EXCEEDED;
956 u32 quota_event = MAX_BIB_ENTRIES;
959 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
960 now += silm->milisecond_time_0;
962 b0 = sitd->max_bibs_buffer;
964 if (PREDICT_FALSE (b0 == 0))
969 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
971 nat_elog_err ("can't allocate buffer for NAT IPFIX event");
975 b0 = sitd->max_bibs_buffer = vlib_get_buffer (vm, bi0);
976 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
981 bi0 = vlib_get_buffer_index (vm, b0);
982 offset = sitd->max_bibs_next_record_offset;
985 f = sitd->max_bibs_frame;
986 if (PREDICT_FALSE (f == 0))
989 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
990 sitd->max_bibs_frame = f;
991 to_next = vlib_frame_vector_args (f);
996 if (PREDICT_FALSE (offset == 0))
997 snat_ipfix_header_create (frm, b0, &offset);
999 if (PREDICT_TRUE (do_flush == 0))
1001 u64 time_stamp = clib_host_to_net_u64 (now);
1002 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1003 offset += sizeof (time_stamp);
1005 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1006 offset += sizeof (nat_event);
1008 clib_memcpy_fast (b0->data + offset, "a_event, sizeof (quota_event));
1009 offset += sizeof (quota_event);
1011 clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
1012 offset += sizeof (limit);
1014 b0->current_length += MAX_BIBS_LEN;
1018 (do_flush || (offset + MAX_BIBS_LEN) > frm->path_mtu))
1020 template_id = clib_atomic_fetch_or (
1021 &silm->max_bibs_template_id,
1023 snat_ipfix_send (thread_index, frm, f, b0, template_id);
1024 sitd->max_bibs_frame = 0;
1025 sitd->max_bibs_buffer = 0;
1028 sitd->max_bibs_next_record_offset = offset;
1032 nat_ipfix_logging_nat64_bibe (u32 thread_index, u8 nat_event,
1033 ip6_address_t * src_ip, u32 nat_src_ip,
1034 u8 proto, u16 src_port, u16 nat_src_port,
1035 u32 vrf_id, int do_flush)
1037 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
1038 snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1039 flow_report_main_t *frm = &flow_report_main;
1041 vlib_buffer_t *b0 = 0;
1044 vlib_main_t *vm = vlib_mains[thread_index];
1048 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1049 now += silm->milisecond_time_0;
1051 b0 = sitd->nat64_bib_buffer;
1053 if (PREDICT_FALSE (b0 == 0))
1058 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1060 nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1064 b0 = sitd->nat64_bib_buffer = vlib_get_buffer (vm, bi0);
1065 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
1070 bi0 = vlib_get_buffer_index (vm, b0);
1071 offset = sitd->nat64_bib_next_record_offset;
1074 f = sitd->nat64_bib_frame;
1075 if (PREDICT_FALSE (f == 0))
1078 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1079 sitd->nat64_bib_frame = f;
1080 to_next = vlib_frame_vector_args (f);
1085 if (PREDICT_FALSE (offset == 0))
1086 snat_ipfix_header_create (frm, b0, &offset);
1088 if (PREDICT_TRUE (do_flush == 0))
1090 u64 time_stamp = clib_host_to_net_u64 (now);
1091 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1092 offset += sizeof (time_stamp);
1094 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1095 offset += sizeof (nat_event);
1097 clib_memcpy_fast (b0->data + offset, src_ip, sizeof (ip6_address_t));
1098 offset += sizeof (ip6_address_t);
1100 clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
1101 offset += sizeof (nat_src_ip);
1103 clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
1104 offset += sizeof (proto);
1106 clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
1107 offset += sizeof (src_port);
1109 clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
1110 offset += sizeof (nat_src_port);
1112 clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
1113 offset += sizeof (vrf_id);
1115 b0->current_length += NAT64_BIB_LEN;
1119 (do_flush || (offset + NAT64_BIB_LEN) > frm->path_mtu))
1121 template_id = clib_atomic_fetch_or (
1122 &silm->nat64_bib_template_id,
1124 snat_ipfix_send (thread_index, frm, f, b0, template_id);
1125 sitd->nat64_bib_frame = 0;
1126 sitd->nat64_bib_buffer = 0;
1129 sitd->nat64_bib_next_record_offset = offset;
1133 nat_ipfix_logging_nat64_ses (u32 thread_index, u8 nat_event,
1134 ip6_address_t * src_ip, u32 nat_src_ip,
1135 u8 proto, u16 src_port, u16 nat_src_port,
1136 ip6_address_t * dst_ip, u32 nat_dst_ip,
1137 u16 dst_port, u16 nat_dst_port,
1138 u32 vrf_id, int do_flush)
1140 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
1141 snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1142 flow_report_main_t *frm = &flow_report_main;
1144 vlib_buffer_t *b0 = 0;
1147 vlib_main_t *vm = vlib_mains[thread_index];
1151 now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1152 now += silm->milisecond_time_0;
1154 b0 = sitd->nat64_ses_buffer;
1156 if (PREDICT_FALSE (b0 == 0))
1161 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1163 nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1167 b0 = sitd->nat64_ses_buffer = vlib_get_buffer (vm, bi0);
1168 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
1173 bi0 = vlib_get_buffer_index (vm, b0);
1174 offset = sitd->nat64_ses_next_record_offset;
1177 f = sitd->nat64_ses_frame;
1178 if (PREDICT_FALSE (f == 0))
1181 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1182 sitd->nat64_ses_frame = f;
1183 to_next = vlib_frame_vector_args (f);
1188 if (PREDICT_FALSE (offset == 0))
1189 snat_ipfix_header_create (frm, b0, &offset);
1191 if (PREDICT_TRUE (do_flush == 0))
1193 u64 time_stamp = clib_host_to_net_u64 (now);
1194 clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1195 offset += sizeof (time_stamp);
1197 clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1198 offset += sizeof (nat_event);
1200 clib_memcpy_fast (b0->data + offset, src_ip, sizeof (ip6_address_t));
1201 offset += sizeof (ip6_address_t);
1203 clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
1204 offset += sizeof (nat_src_ip);
1206 clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
1207 offset += sizeof (proto);
1209 clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
1210 offset += sizeof (src_port);
1212 clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
1213 offset += sizeof (nat_src_port);
1215 clib_memcpy_fast (b0->data + offset, dst_ip, sizeof (ip6_address_t));
1216 offset += sizeof (ip6_address_t);
1218 clib_memcpy_fast (b0->data + offset, &nat_dst_ip, sizeof (nat_dst_ip));
1219 offset += sizeof (nat_dst_ip);
1221 clib_memcpy_fast (b0->data + offset, &dst_port, sizeof (dst_port));
1222 offset += sizeof (dst_port);
1224 clib_memcpy_fast (b0->data + offset, &nat_dst_port, sizeof (nat_dst_port));
1225 offset += sizeof (nat_dst_port);
1227 clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
1228 offset += sizeof (vrf_id);
1230 b0->current_length += NAT64_SES_LEN;
1234 (do_flush || (offset + NAT64_SES_LEN) > frm->path_mtu))
1236 template_id = clib_atomic_fetch_or (
1237 &silm->nat64_ses_template_id,
1239 snat_ipfix_send (thread_index, frm, f, b0, template_id);
1240 sitd->nat64_ses_frame = 0;
1241 sitd->nat64_ses_buffer = 0;
1244 sitd->nat64_ses_next_record_offset = offset;
1248 snat_ipfix_flush (u32 thread_index)
1252 snat_ipfix_logging_nat44_ses (thread_index,
1253 0, 0, 0, 0, 0, 0, 0, do_flush);
1254 snat_ipfix_logging_addr_exhausted (thread_index, 0, do_flush);
1255 snat_ipfix_logging_max_entries_per_usr (thread_index, 0, 0, do_flush);
1256 nat_ipfix_logging_max_ses (thread_index, 0, do_flush);
1257 nat_ipfix_logging_max_bib (thread_index, 0, do_flush);
1258 nat_ipfix_logging_nat64_bibe (thread_index,
1259 0, 0, 0, 0, 0, 0, 0, do_flush);
1260 nat_ipfix_logging_nat64_ses (thread_index,
1261 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, do_flush);
1265 snat_ipfix_flush_from_main (void)
1267 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
1268 vlib_main_t *worker_vm;
1271 if (PREDICT_TRUE (!clib_atomic_fetch_or(&silm->enabled, 0)))
1274 if (PREDICT_FALSE (!silm->worker_vms))
1276 for (i = 1; i < vec_len (vlib_mains); i++)
1278 worker_vm = vlib_mains[i];
1280 vec_add1 (silm->worker_vms, worker_vm);
1284 /* Trigger flush for each worker thread */
1285 for (i = 0; i < vec_len (silm->worker_vms); i++)
1287 worker_vm = silm->worker_vms[i];
1289 vlib_node_set_interrupt_pending (worker_vm,
1290 snat_ipfix_flush_node.index);
1293 /* Finally flush main thread */
1294 snat_ipfix_flush (0);
1298 * @brief Generate NAT44 session create event
1300 * @param thread_index thread index
1301 * @param src_ip source IPv4 address
1302 * @param nat_src_ip transaltes source IPv4 address
1303 * @param nat_proto NAT transport protocol
1304 * @param src_port source port
1305 * @param nat_src_port translated source port
1306 * @param vrf_id VRF ID
1309 snat_ipfix_logging_nat44_ses_create (u32 thread_index,
1312 nat_protocol_t nat_proto,
1314 u16 nat_src_port, u32 vrf_id)
1316 skip_if_disabled ();
1318 snat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_CREATE, src_ip,
1319 nat_src_ip, nat_proto, src_port, nat_src_port,
1324 * @brief Generate NAT44 session delete event
1326 * @param thread_index thread index
1327 * @param src_ip source IPv4 address
1328 * @param nat_src_ip transaltes source IPv4 address
1329 * @param nat_proto NAT transport protocol
1330 * @param src_port source port
1331 * @param nat_src_port translated source port
1332 * @param vrf_id VRF ID
1335 snat_ipfix_logging_nat44_ses_delete (u32 thread_index,
1338 nat_protocol_t nat_proto,
1340 u16 nat_src_port, u32 vrf_id)
1342 skip_if_disabled ();
1344 snat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_DELETE, src_ip,
1345 nat_src_ip, nat_proto, src_port, nat_src_port,
1350 * @brief Generate NAT addresses exhausted event
1352 * @param thread_index thread index
1353 * @param pool_id NAT pool ID
1356 snat_ipfix_logging_addresses_exhausted (u32 thread_index, u32 pool_id)
1358 //TODO: This event SHOULD be rate limited
1359 skip_if_disabled ();
1361 snat_ipfix_logging_addr_exhausted (thread_index, pool_id, 0);
1365 * @brief Generate maximum entries per user exceeded event
1367 * @param thread_index thread index
1368 * @param limit maximum NAT entries that can be created per user
1369 * @param src_ip source IPv4 address
1372 snat_ipfix_logging_max_entries_per_user (u32 thread_index, u32 limit, u32 src_ip)
1374 //TODO: This event SHOULD be rate limited
1375 skip_if_disabled ();
1377 snat_ipfix_logging_max_entries_per_usr (thread_index, limit, src_ip, 0);
1381 deterministic_nat_data_callback
1382 (flow_report_main_t * frm,
1385 u32 * to_next, u32 node_index)
1387 snat_ipfix_flush_from_main();
1393 * @brief Generate maximum session entries exceeded event
1395 * @param thread_index thread index
1396 * @param limit configured limit
1399 nat_ipfix_logging_max_sessions (u32 thread_index, u32 limit)
1401 //TODO: This event SHOULD be rate limited
1402 skip_if_disabled ();
1404 nat_ipfix_logging_max_ses (thread_index, limit, 0);
1408 * @brief Generate maximum BIB entries exceeded event
1410 * @param thread_index thread index
1411 * @param limit configured limit
1414 nat_ipfix_logging_max_bibs (u32 thread_index, u32 limit)
1416 //TODO: This event SHOULD be rate limited
1417 skip_if_disabled ();
1419 nat_ipfix_logging_max_bib (thread_index, limit, 0);
1423 * @brief Generate NAT64 BIB create and delete events
1425 * @param thread_index thread index
1426 * @param src_ip source IPv6 address
1427 * @param nat_src_ip transaltes source IPv4 address
1428 * @param proto L4 protocol
1429 * @param src_port source port
1430 * @param nat_src_port translated source port
1431 * @param vrf_id VRF ID
1432 * @param is_create non-zero value if create event otherwise delete event
1435 nat_ipfix_logging_nat64_bib (u32 thread_index, ip6_address_t * src_ip,
1436 ip4_address_t * nat_src_ip, u8 proto,
1437 u16 src_port, u16 nat_src_port, u32 vrf_id,
1442 skip_if_disabled ();
1444 nat_event = is_create ? NAT64_BIB_CREATE : NAT64_BIB_DELETE;
1446 nat_ipfix_logging_nat64_bibe (thread_index, nat_event, src_ip,
1447 nat_src_ip->as_u32, proto, src_port,
1448 nat_src_port, vrf_id, 0);
1452 * @brief Generate NAT64 session create and delete events
1454 * @param thread_index thread index
1455 * @param src_ip source IPv6 address
1456 * @param nat_src_ip transaltes source IPv4 address
1457 * @param proto L4 protocol
1458 * @param src_port source port
1459 * @param nat_src_port translated source port
1460 * @param dst_ip destination IPv6 address
1461 * @param nat_dst_ip destination IPv4 address
1462 * @param dst_port destination port
1463 * @param nat_dst_port translated destination port
1464 * @param vrf_id VRF ID
1465 * @param is_create non-zero value if create event otherwise delete event
1468 nat_ipfix_logging_nat64_session (u32 thread_index,
1469 ip6_address_t * src_ip,
1470 ip4_address_t * nat_src_ip, u8 proto,
1471 u16 src_port, u16 nat_src_port,
1472 ip6_address_t * dst_ip,
1473 ip4_address_t * nat_dst_ip, u16 dst_port,
1474 u16 nat_dst_port, u32 vrf_id, u8 is_create)
1478 skip_if_disabled ();
1480 nat_event = is_create ? NAT64_SESSION_CREATE : NAT64_SESSION_DELETE;
1482 nat_ipfix_logging_nat64_ses (thread_index, nat_event, src_ip,
1483 nat_src_ip->as_u32, proto, src_port,
1484 nat_src_port, dst_ip, nat_dst_ip->as_u32,
1485 dst_port, nat_dst_port, vrf_id, 0);
1489 data_callback (flow_report_main_t * frm, flow_report_t * fr,
1490 vlib_frame_t * f, u32 * to_next, u32 node_index)
1492 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
1494 if (PREDICT_FALSE (++silm->call_counter >= vec_len (frm->reports)))
1496 snat_ipfix_flush_from_main();
1497 silm->call_counter = 0;
1504 * @brief Enable/disable NAT plugin IPFIX logging
1506 * @param enable 1 if enable, 0 if disable
1507 * @param domain_id observation domain ID
1508 * @param src_port source port number
1510 * @returns 0 if success
1513 snat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port)
1515 snat_main_t *sm = &snat_main;
1516 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
1517 flow_report_main_t *frm = &flow_report_main;
1518 vnet_flow_report_add_del_args_t a;
1520 u8 e = enable ? 1 : 0;
1522 if (clib_atomic_cmp_and_swap (&silm->enabled, e ^ 1, e) == e)
1525 clib_memset (&a, 0, sizeof (a));
1527 a.domain_id = domain_id ? domain_id : 1;
1528 a.src_port = src_port ? src_port : UDP_DST_PORT_ipfix;
1529 a.flow_data_callback = data_callback;
1531 if (sm->deterministic)
1533 a.rewrite_callback = snat_template_rewrite_max_entries_per_usr;
1535 rv = vnet_flow_report_add_del (frm, &a, NULL);
1538 nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1544 a.rewrite_callback = snat_template_rewrite_nat44_session;
1546 rv = vnet_flow_report_add_del (frm, &a, NULL);
1549 nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1553 a.rewrite_callback = snat_template_rewrite_addr_exhausted;
1555 rv = vnet_flow_report_add_del (frm, &a, NULL);
1558 nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1562 a.rewrite_callback = nat_template_rewrite_max_sessions;
1564 rv = vnet_flow_report_add_del (frm, &a, NULL);
1567 nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1571 a.rewrite_callback = nat_template_rewrite_max_bibs;
1573 rv = vnet_flow_report_add_del (frm, &a, NULL);
1576 nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1580 a.rewrite_callback = nat_template_rewrite_nat64_bib;
1582 rv = vnet_flow_report_add_del (frm, &a, NULL);
1585 nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1589 a.rewrite_callback = nat_template_rewrite_nat64_session;
1591 rv = vnet_flow_report_add_del (frm, &a, NULL);
1594 nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1598 if (sm->endpoint_dependent)
1600 a.rewrite_callback = snat_template_rewrite_max_entries_per_usr;
1602 rv = vnet_flow_report_add_del (frm, &a, NULL);
1605 nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1615 * @brief Initialize NAT plugin IPFIX logging
1617 * @param vm vlib main
1620 snat_ipfix_logging_init (vlib_main_t * vm)
1622 snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main;
1623 vlib_thread_main_t *tm = vlib_get_thread_main ();
1626 silm->worker_vms = 0;
1627 silm->call_counter = 0;
1629 /* Set up time reference pair */
1630 silm->vlib_time_0 = vlib_time_now (vm);
1631 silm->milisecond_time_0 = unix_time_now_nsec () * 1e-6;
1633 vec_validate (silm->per_thread_data, tm->n_vlib_mains - 1);
1637 ipfix_flush_process (vlib_main_t *vm,
1638 vlib_node_runtime_t *rt,
1641 snat_ipfix_flush(vm->thread_index);
1646 VLIB_REGISTER_NODE (snat_ipfix_flush_node) = {
1647 .function = ipfix_flush_process,
1648 .name = "snat-ipfix-flush",
1649 .type = VLIB_NODE_TYPE_INPUT,
1650 .state = VLIB_NODE_STATE_INTERRUPT,