2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 #include <vppinfra/atomics.h>
19 #include <vnet/ipfix-export/flow_report.h>
20 #include <vnet/api_errno.h>
21 #include <vnet/udp/udp.h>
23 flow_report_main_t flow_report_main;
25 static_always_inline u8
26 stream_index_valid (ipfix_exporter_t *exp, u32 index)
28 return index < vec_len (exp->streams) && exp->streams[index].domain_id != ~0;
31 static_always_inline flow_report_stream_t *
32 add_stream (ipfix_exporter_t *exp)
35 for (i = 0; i < vec_len (exp->streams); i++)
36 if (!stream_index_valid (exp, i))
37 return &exp->streams[i];
38 u32 index = vec_len (exp->streams);
39 vec_validate (exp->streams, index);
40 return &exp->streams[index];
43 static_always_inline void
44 delete_stream (ipfix_exporter_t *exp, u32 index)
46 ASSERT (index < vec_len (exp->streams));
47 ASSERT (exp->streams[index].domain_id != ~0);
48 exp->streams[index].domain_id = ~0;
52 find_stream (ipfix_exporter_t *exp, u32 domain_id, u16 src_port)
54 flow_report_stream_t *stream;
56 for (i = 0; i < vec_len (exp->streams); i++)
57 if (stream_index_valid (exp, i))
59 stream = &exp->streams[i];
60 if (domain_id == stream->domain_id)
62 if (src_port != stream->src_port)
66 else if (src_port == stream->src_port)
75 send_template_packet (flow_report_main_t *frm, ipfix_exporter_t *exp,
76 flow_report_t *fr, u32 *buffer_indexp)
80 ip4_ipfix_template_packet_t *tp;
81 ipfix_message_header_t *h;
84 vlib_main_t *vm = frm->vlib_main;
85 flow_report_stream_t *stream;
87 ASSERT (buffer_indexp);
89 if (fr->update_rewrite || fr->rewrite == 0)
91 if (exp->ipfix_collector.as_u32 == 0 || exp->src_address.as_u32 == 0)
93 vlib_node_set_state (frm->vlib_main, flow_report_process_node.index,
94 VLIB_NODE_STATE_DISABLED);
97 vec_free (fr->rewrite);
98 fr->update_rewrite = 1;
101 if (fr->update_rewrite)
103 fr->rewrite = fr->rewrite_callback (
104 exp, fr, exp->collector_port, fr->report_elements,
105 fr->n_report_elements, fr->stream_indexp);
106 fr->update_rewrite = 0;
109 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
112 b0 = vlib_get_buffer (vm, bi0);
114 ASSERT (vec_len (fr->rewrite) < vlib_buffer_get_default_data_size (vm));
116 clib_memcpy_fast (b0->data, fr->rewrite, vec_len (fr->rewrite));
117 b0->current_data = 0;
118 b0->current_length = vec_len (fr->rewrite);
119 b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT);
120 vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
121 vnet_buffer (b0)->sw_if_index[VLIB_TX] = exp->fib_index;
123 tp = vlib_buffer_get_current (b0);
124 ip = (ip4_header_t *) & tp->ip4;
125 udp = (udp_header_t *) (ip + 1);
126 h = (ipfix_message_header_t *) (udp + 1);
128 /* FIXUP: message header export_time */
129 h->export_time = (u32)
130 (((f64) frm->unix_time_0) +
131 (vlib_time_now (frm->vlib_main) - frm->vlib_time_0));
132 h->export_time = clib_host_to_net_u32 (h->export_time);
134 stream = &exp->streams[fr->stream_index];
136 /* FIXUP: message header sequence_number. Templates do not increase it */
137 h->sequence_number = clib_host_to_net_u32 (stream->sequence_number);
139 /* FIXUP: udp length */
140 udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
142 if (exp->udp_checksum)
144 /* RFC 7011 section 10.3.2. */
145 udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
146 if (udp->checksum == 0)
147 udp->checksum = 0xffff;
150 *buffer_indexp = bi0;
152 fr->last_template_sent = vlib_time_now (vm);
158 vnet_flow_rewrite_generic_callback (ipfix_exporter_t *exp, flow_report_t *fr,
160 ipfix_report_element_t *report_elts,
161 u32 n_elts, u32 *stream_indexp)
165 ipfix_message_header_t *h;
166 ipfix_set_header_t *s;
167 ipfix_template_header_t *t;
168 ipfix_field_specifier_t *f;
169 ipfix_field_specifier_t *first_field;
171 ip4_ipfix_template_packet_t *tp;
172 flow_report_stream_t *stream;
174 ipfix_report_element_t *ep;
176 ASSERT (stream_indexp);
178 ASSERT (report_elts);
180 stream = &exp->streams[fr->stream_index];
181 *stream_indexp = fr->stream_index;
183 /* allocate rewrite space */
184 vec_validate_aligned (rewrite,
185 sizeof (ip4_ipfix_template_packet_t)
186 + n_elts * sizeof (ipfix_field_specifier_t) - 1,
187 CLIB_CACHE_LINE_BYTES);
189 /* create the packet rewrite string */
190 tp = (ip4_ipfix_template_packet_t *) rewrite;
191 ip = (ip4_header_t *) & tp->ip4;
192 udp = (udp_header_t *) (ip + 1);
193 h = (ipfix_message_header_t *) (udp + 1);
194 s = (ipfix_set_header_t *) (h + 1);
195 t = (ipfix_template_header_t *) (s + 1);
196 first_field = f = (ipfix_field_specifier_t *) (t + 1);
198 ip->ip_version_and_header_length = 0x45;
200 ip->protocol = IP_PROTOCOL_UDP;
201 ip->src_address.as_u32 = exp->src_address.as_u32;
202 ip->dst_address.as_u32 = exp->ipfix_collector.as_u32;
203 udp->src_port = clib_host_to_net_u16 (stream->src_port);
204 udp->dst_port = clib_host_to_net_u16 (collector_port);
205 udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip));
207 /* FIXUP LATER: message header export_time */
208 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
212 for (i = 0; i < n_elts; i++)
214 f->e_id_length = ipfix_e_id_length (0, ep->info_element, ep->size);
219 /* Back to the template packet... */
220 ip = (ip4_header_t *) & tp->ip4;
221 udp = (udp_header_t *) (ip + 1);
223 ASSERT (f - first_field);
224 /* Field count in this template */
225 t->id_count = ipfix_id_count (fr->template_id, f - first_field);
227 /* set length in octets */
229 ipfix_set_id_length (2 /* set_id */ , (u8 *) f - (u8 *) s);
231 /* message length in octets */
232 h->version_length = version_length ((u8 *) f - (u8 *) h);
234 ip->length = clib_host_to_net_u16 ((u8 *) f - (u8 *) ip);
235 ip->checksum = ip4_header_checksum (ip);
241 vnet_ipfix_exp_get_buffer (vlib_main_t *vm, ipfix_exporter_t *exp,
242 flow_report_t *fr, u32 thread_index)
247 if (fr->per_thread_data[thread_index].buffer)
248 return fr->per_thread_data[thread_index].buffer;
250 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
253 /* Initialize the buffer */
254 b0 = fr->per_thread_data[thread_index].buffer = vlib_get_buffer (vm, bi0);
256 b0->current_data = 0;
257 b0->current_length = exp->all_headers_size;
258 b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT);
259 vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
260 vnet_buffer (b0)->sw_if_index[VLIB_TX] = exp->fib_index;
261 fr->per_thread_data[thread_index].next_data_offset = b0->current_length;
267 * Send a buffer that is mostly populated. Has flow records but needs some
268 * header fields updated.
271 vnet_ipfix_exp_send_buffer (vlib_main_t *vm, ipfix_exporter_t *exp,
272 flow_report_t *fr, flow_report_stream_t *stream,
273 u32 thread_index, vlib_buffer_t *b0)
275 flow_report_main_t *frm = &flow_report_main;
277 ip4_ipfix_template_packet_t *tp;
278 ipfix_set_header_t *s;
279 ipfix_message_header_t *h;
283 /* nothing to send */
284 if (fr->per_thread_data[thread_index].next_data_offset <=
285 exp->all_headers_size)
288 tp = vlib_buffer_get_current (b0);
289 ip = (ip4_header_t *) &tp->ip4;
290 udp = (udp_header_t *) (ip + 1);
291 h = (ipfix_message_header_t *) (udp + 1);
292 s = (ipfix_set_header_t *) (h + 1);
294 ip->ip_version_and_header_length = 0x45;
296 ip->protocol = IP_PROTOCOL_UDP;
297 ip->flags_and_fragment_offset = 0;
298 ip->src_address.as_u32 = exp->src_address.as_u32;
299 ip->dst_address.as_u32 = exp->ipfix_collector.as_u32;
300 udp->src_port = clib_host_to_net_u16 (stream->src_port);
301 udp->dst_port = clib_host_to_net_u16 (exp->collector_port);
304 /* FIXUP: message header export_time */
306 (u32) (((f64) frm->unix_time_0) + (vlib_time_now (vm) - frm->vlib_time_0));
307 h->export_time = clib_host_to_net_u32 (h->export_time);
308 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
311 * RFC 7011: Section 3.2
313 * Incremental sequence counter modulo 2^32 of all IPFIX Data Records
314 * sent in the current stream from the current Observation Domain by
315 * the Exporting Process
318 clib_atomic_fetch_add (&stream->sequence_number,
319 fr->per_thread_data[thread_index].n_data_records);
320 h->sequence_number = clib_host_to_net_u32 (h->sequence_number);
323 * For data records we use the template ID as the set ID.
326 s->set_id_length = ipfix_set_id_length (
328 b0->current_length - (sizeof (*ip) + sizeof (*udp) + sizeof (*h)));
330 version_length (b0->current_length - (sizeof (*ip) + sizeof (*udp)));
332 ip->length = clib_host_to_net_u16 (b0->current_length);
334 ip->checksum = ip4_header_checksum (ip);
335 udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
337 if (exp->udp_checksum)
339 /* RFC 7011 section 10.3.2. */
340 udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
341 if (udp->checksum == 0)
342 udp->checksum = 0xffff;
345 ASSERT (ip4_header_checksum_is_valid (ip));
347 /* Find or allocate a frame */
348 f = fr->per_thread_data[thread_index].frame;
349 if (PREDICT_FALSE (f == 0))
352 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
353 fr->per_thread_data[thread_index].frame = f;
354 u32 bi0 = vlib_get_buffer_index (vm, b0);
356 /* Enqueue the buffer */
357 to_next = vlib_frame_vector_args (f);
362 vlib_put_frame_to_node (vm, ip4_lookup_node.index, f);
364 fr->per_thread_data[thread_index].frame = NULL;
365 fr->per_thread_data[thread_index].buffer = NULL;
366 fr->per_thread_data[thread_index].next_data_offset = 0;
370 flow_report_process (vlib_main_t * vm,
371 vlib_node_runtime_t * rt, vlib_frame_t * f)
373 flow_report_main_t *frm = &flow_report_main;
375 u32 ip4_lookup_node_index;
376 vlib_node_t *ip4_lookup_node;
377 vlib_frame_t *nf = 0;
382 f64 def_wait_time = 5.0;
385 uword *event_data = 0;
387 /* Wait for Godot... */
388 vlib_process_wait_for_event_or_clock (vm, 1e9);
389 event_type = vlib_process_get_events (vm, &event_data);
391 clib_warning ("bogus kickoff event received, %d", event_type);
392 vec_reset_length (event_data);
394 /* Enqueue pkts to ip4-lookup */
395 ip4_lookup_node = vlib_get_node_by_name (vm, (u8 *) "ip4-lookup");
396 ip4_lookup_node_index = ip4_lookup_node->index;
398 wait_time = def_wait_time;
402 vlib_process_wait_for_event_or_clock (vm, wait_time);
403 event_type = vlib_process_get_events (vm, &event_data);
404 vec_reset_length (event_data);
405 ipfix_exporter_t *exp;
406 pool_foreach (exp, frm->exporters)
409 /* 5s delay by default, possibly reduced by template intervals */
410 wait_time = def_wait_time;
412 vec_foreach (fr, exp->reports)
415 now = vlib_time_now (vm);
417 /* Need to send a template packet? */
419 now > (fr->last_template_sent + exp->template_interval);
420 send_template += fr->last_template_sent == 0;
425 rv = send_template_packet (frm, exp, fr, &template_bi);
431 * decide if template should be sent sooner than current wait
435 (fr->last_template_sent + exp->template_interval) - now;
436 wait_time = clib_min (wait_time, next_template);
438 nf = vlib_get_frame_to_node (vm, ip4_lookup_node_index);
440 to_next = vlib_frame_vector_args (nf);
442 if (template_bi != ~0)
444 to_next[0] = template_bi;
449 nf = fr->flow_data_callback (frm, exp, fr, nf, to_next,
450 ip4_lookup_node_index);
452 vlib_put_frame_to_node (vm, ip4_lookup_node_index, nf);
457 return 0; /* not so much */
461 VLIB_REGISTER_NODE (flow_report_process_node) = {
462 .function = flow_report_process,
463 .type = VLIB_NODE_TYPE_PROCESS,
464 .name = "flow-report-process",
469 vnet_flow_report_add_del (ipfix_exporter_t *exp,
470 vnet_flow_report_add_del_args_t *a, u16 *template_id)
473 int found_index = ~0;
475 flow_report_stream_t *stream;
477 vlib_thread_main_t *tm = &vlib_thread_main;
478 flow_report_main_t *frm = &flow_report_main;
479 vlib_main_t *vm = frm->vlib_main;
482 si = find_stream (exp, a->domain_id, a->src_port);
484 return VNET_API_ERROR_INVALID_VALUE;
485 if (si == -1 && a->is_add == 0)
486 return VNET_API_ERROR_NO_SUCH_ENTRY;
488 for (i = 0; i < vec_len (exp->reports); i++)
490 fr = vec_elt_at_index (exp->reports, i);
491 if (fr->opaque.as_uword == a->opaque.as_uword
492 && fr->rewrite_callback == a->rewrite_callback
493 && fr->flow_data_callback == a->flow_data_callback)
497 *template_id = fr->template_id;
504 if (found_index != ~0)
507 i < vec_len (exp->reports[found_index].per_thread_data); i++)
510 if (exp->reports[found_index].per_thread_data[i].buffer)
512 bi = vlib_get_buffer_index (
513 vm, exp->reports[found_index].per_thread_data[i].buffer);
514 vlib_buffer_free (vm, &bi, 1);
517 vec_free (exp->reports[found_index].per_thread_data);
519 vec_delete (exp->reports, 1, found_index);
520 stream = &exp->streams[si];
522 if (stream->n_reports == 0)
523 delete_stream (exp, si);
526 return VNET_API_ERROR_NO_SUCH_ENTRY;
529 if (found_index != ~0)
530 return VNET_API_ERROR_VALUE_EXIST;
534 stream = add_stream (exp);
535 stream->domain_id = a->domain_id;
536 stream->src_port = a->src_port;
537 stream->sequence_number = 0;
538 stream->n_reports = 0;
539 si = stream - exp->streams;
542 stream = &exp->streams[si];
546 vec_add2 (exp->reports, fr, 1);
548 fr->stream_index = si;
549 fr->template_id = 256 + stream->next_template_no;
550 stream->next_template_no = (stream->next_template_no + 1) % (65536 - 256);
551 fr->update_rewrite = 1;
552 fr->opaque = a->opaque;
553 fr->rewrite_callback = a->rewrite_callback;
554 fr->flow_data_callback = a->flow_data_callback;
555 fr->report_elements = a->report_elements;
556 fr->n_report_elements = a->n_report_elements;
557 fr->stream_indexp = a->stream_indexp;
558 vec_validate (fr->per_thread_data, tm->n_threads);
559 /* Store the flow_report index back in the args struct */
560 a->flow_report_index = fr - exp->reports;
563 for (int i = 0; i < fr->n_report_elements; i++)
564 size += fr->report_elements[i].size;
565 fr->data_record_size = size;
567 *template_id = fr->template_id;
573 flow_report_add_del_error_to_clib_error (int error)
579 case VNET_API_ERROR_NO_SUCH_ENTRY:
580 return clib_error_return (0, "Flow report not found");
581 case VNET_API_ERROR_VALUE_EXIST:
582 return clib_error_return (0, "Flow report already exists");
583 case VNET_API_ERROR_INVALID_VALUE:
584 return clib_error_return (0, "Expecting either still unused values "
585 "for both domain_id and src_port "
586 "or already used values for both fields");
588 return clib_error_return (0, "vnet_flow_report_add_del returned %d",
594 vnet_flow_reports_reset (ipfix_exporter_t *exp)
599 for (i = 0; i < vec_len (exp->streams); i++)
600 if (stream_index_valid (exp, i))
601 exp->streams[i].sequence_number = 0;
603 vec_foreach (fr, exp->reports)
605 fr->update_rewrite = 1;
606 fr->last_template_sent = 0;
611 vnet_stream_reset (ipfix_exporter_t *exp, u32 stream_index)
615 exp->streams[stream_index].sequence_number = 0;
617 vec_foreach (fr, exp->reports)
618 if (exp->reports->stream_index == stream_index)
620 fr->update_rewrite = 1;
621 fr->last_template_sent = 0;
626 vnet_stream_change (ipfix_exporter_t *exp, u32 old_domain_id, u16 old_src_port,
627 u32 new_domain_id, u16 new_src_port)
629 i32 stream_index = find_stream (exp, old_domain_id, old_src_port);
631 if (stream_index < 0)
633 flow_report_stream_t *stream = &exp->streams[stream_index];
634 stream->domain_id = new_domain_id;
635 stream->src_port = new_src_port;
636 if (old_domain_id != new_domain_id || old_src_port != new_src_port)
637 vnet_stream_reset (exp, stream_index);
641 static clib_error_t *
642 set_ipfix_exporter_command_fn (vlib_main_t * vm,
643 unformat_input_t * input,
644 vlib_cli_command_t * cmd)
646 flow_report_main_t *frm = &flow_report_main;
647 ip4_address_t collector, src;
648 u16 collector_port = UDP_DST_PORT_ipfix;
652 collector.as_u32 = 0;
654 u32 path_mtu = 512; // RFC 7011 section 10.3.3.
655 u32 template_interval = 20;
657 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
659 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
661 if (unformat (input, "collector %U", unformat_ip4_address, &collector))
663 else if (unformat (input, "port %U", unformat_udp_port,
666 else if (unformat (input, "src %U", unformat_ip4_address, &src))
668 else if (unformat (input, "fib-id %u", &fib_id))
670 ip4_main_t *im = &ip4_main;
671 uword *p = hash_get (im->fib_index_by_table_id, fib_id);
673 return clib_error_return (0, "fib ID %d doesn't exist\n", fib_id);
676 else if (unformat (input, "path-mtu %u", &path_mtu))
678 else if (unformat (input, "template-interval %u", &template_interval))
680 else if (unformat (input, "udp-checksum"))
686 if (collector.as_u32 != 0 && src.as_u32 == 0)
687 return clib_error_return (0, "src address required");
689 if (path_mtu > 1450 /* vpp does not support fragmentation */ )
690 return clib_error_return (0, "too big path-mtu value, maximum is 1450");
693 return clib_error_return (0, "too small path-mtu value, minimum is 68");
695 /* Calculate how much header data we need. */
696 exp->all_headers_size = sizeof (ip4_header_t) + sizeof (udp_header_t) +
697 sizeof (ipfix_message_header_t) +
698 sizeof (ipfix_set_header_t);
700 /* Reset report streams if we are reconfiguring IP addresses */
701 if (exp->ipfix_collector.as_u32 != collector.as_u32 ||
702 exp->src_address.as_u32 != src.as_u32 ||
703 exp->collector_port != collector_port)
704 vnet_flow_reports_reset (exp);
706 exp->ipfix_collector.as_u32 = collector.as_u32;
707 exp->collector_port = collector_port;
708 exp->src_address.as_u32 = src.as_u32;
709 exp->fib_index = fib_index;
710 exp->path_mtu = path_mtu;
711 exp->template_interval = template_interval;
712 exp->udp_checksum = udp_checksum;
714 if (collector.as_u32)
716 "Collector %U, src address %U, "
717 "fib index %d, path MTU %u, "
718 "template resend interval %us, "
720 format_ip4_address, exp->ipfix_collector,
721 format_ip4_address, exp->src_address, fib_index, path_mtu,
722 template_interval, udp_checksum ? "enabled" : "disabled");
724 vlib_cli_output (vm, "IPFIX Collector is disabled");
726 /* Turn on the flow reporting process */
727 vlib_process_signal_event (vm, flow_report_process_node.index, 1, 0);
732 VLIB_CLI_COMMAND (set_ipfix_exporter_command, static) = {
733 .path = "set ipfix exporter",
734 .short_help = "set ipfix exporter "
735 "collector <ip4-address> [port <port>] "
736 "src <ip4-address> [fib-id <fib-id>] "
737 "[path-mtu <path-mtu>] "
738 "[template-interval <template-interval>] "
740 .function = set_ipfix_exporter_command_fn,
745 static clib_error_t *
746 ipfix_flush_command_fn (vlib_main_t * vm,
747 unformat_input_t * input, vlib_cli_command_t * cmd)
749 /* poke the flow reporting process */
750 vlib_process_signal_event (vm, flow_report_process_node.index, 1, 0);
755 VLIB_CLI_COMMAND (ipfix_flush_command, static) = {
756 .path = "ipfix flush",
757 .short_help = "flush the current ipfix data [for make test]",
758 .function = ipfix_flush_command_fn,
762 static clib_error_t *
763 flow_report_init (vlib_main_t * vm)
765 flow_report_main_t *frm = &flow_report_main;
766 ipfix_exporter_t *exp;
769 frm->vnet_main = vnet_get_main ();
770 frm->unix_time_0 = time (0);
771 frm->vlib_time_0 = vlib_time_now (frm->vlib_main);
773 * Make sure that we can always access the first exporter for
774 * backwards compatibility reasons.
776 pool_alloc (frm->exporters, IPFIX_EXPORTERS_MAX);
777 pool_get (frm->exporters, exp);
778 /* Verify that this is at index 0 */
779 ASSERT (frm->exporters == exp);
784 VLIB_INIT_FUNCTION (flow_report_init);
786 * fd.io coding-style-patch-verification: ON
789 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob