2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 #include <vppinfra/atomics.h>
19 #include <vnet/ipfix-export/flow_report.h>
20 #include <vnet/api_errno.h>
21 #include <vnet/udp/udp.h>
23 flow_report_main_t flow_report_main;
25 static_always_inline u8
26 stream_index_valid (ipfix_exporter_t *exp, u32 index)
28 return index < vec_len (exp->streams) && exp->streams[index].domain_id != ~0;
31 static_always_inline flow_report_stream_t *
32 add_stream (ipfix_exporter_t *exp)
35 for (i = 0; i < vec_len (exp->streams); i++)
36 if (!stream_index_valid (exp, i))
37 return &exp->streams[i];
38 u32 index = vec_len (exp->streams);
39 vec_validate (exp->streams, index);
40 return &exp->streams[index];
43 static_always_inline void
44 delete_stream (ipfix_exporter_t *exp, u32 index)
46 ASSERT (index < vec_len (exp->streams));
47 ASSERT (exp->streams[index].domain_id != ~0);
48 exp->streams[index].domain_id = ~0;
52 find_stream (ipfix_exporter_t *exp, u32 domain_id, u16 src_port)
54 flow_report_stream_t *stream;
56 for (i = 0; i < vec_len (exp->streams); i++)
57 if (stream_index_valid (exp, i))
59 stream = &exp->streams[i];
60 if (domain_id == stream->domain_id)
62 if (src_port != stream->src_port)
66 else if (src_port == stream->src_port)
75 send_template_packet (flow_report_main_t *frm, ipfix_exporter_t *exp,
76 flow_report_t *fr, u32 *buffer_indexp)
80 ip4_ipfix_template_packet_t *tp;
81 ipfix_message_header_t *h;
84 vlib_main_t *vm = frm->vlib_main;
85 flow_report_stream_t *stream;
87 ASSERT (buffer_indexp);
89 if (fr->update_rewrite || fr->rewrite == 0)
91 if (exp->ipfix_collector.as_u32 == 0 || exp->src_address.as_u32 == 0)
93 vlib_node_set_state (frm->vlib_main, flow_report_process_node.index,
94 VLIB_NODE_STATE_DISABLED);
97 vec_free (fr->rewrite);
98 fr->update_rewrite = 1;
101 if (fr->update_rewrite)
103 fr->rewrite = fr->rewrite_callback (
104 exp, fr, &exp->ipfix_collector, &exp->src_address, exp->collector_port,
105 fr->report_elements, fr->n_report_elements, fr->stream_indexp);
106 fr->update_rewrite = 0;
109 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
112 b0 = vlib_get_buffer (vm, bi0);
114 ASSERT (vec_len (fr->rewrite) < vlib_buffer_get_default_data_size (vm));
116 clib_memcpy_fast (b0->data, fr->rewrite, vec_len (fr->rewrite));
117 b0->current_data = 0;
118 b0->current_length = vec_len (fr->rewrite);
119 b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT);
120 vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
121 vnet_buffer (b0)->sw_if_index[VLIB_TX] = exp->fib_index;
123 tp = vlib_buffer_get_current (b0);
124 ip = (ip4_header_t *) & tp->ip4;
125 udp = (udp_header_t *) (ip + 1);
126 h = (ipfix_message_header_t *) (udp + 1);
128 /* FIXUP: message header export_time */
129 h->export_time = (u32)
130 (((f64) frm->unix_time_0) +
131 (vlib_time_now (frm->vlib_main) - frm->vlib_time_0));
132 h->export_time = clib_host_to_net_u32 (h->export_time);
134 stream = &exp->streams[fr->stream_index];
136 /* FIXUP: message header sequence_number. Templates do not increase it */
137 h->sequence_number = clib_host_to_net_u32 (stream->sequence_number);
139 /* FIXUP: udp length */
140 udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
142 if (exp->udp_checksum)
144 /* RFC 7011 section 10.3.2. */
145 udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
146 if (udp->checksum == 0)
147 udp->checksum = 0xffff;
150 *buffer_indexp = bi0;
152 fr->last_template_sent = vlib_time_now (vm);
158 vnet_flow_rewrite_generic_callback (ipfix_exporter_t *exp, flow_report_t *fr,
159 ip4_address_t *collector_address,
160 ip4_address_t *src_address,
162 ipfix_report_element_t *report_elts,
163 u32 n_elts, u32 *stream_indexp)
167 ipfix_message_header_t *h;
168 ipfix_set_header_t *s;
169 ipfix_template_header_t *t;
170 ipfix_field_specifier_t *f;
171 ipfix_field_specifier_t *first_field;
173 ip4_ipfix_template_packet_t *tp;
174 flow_report_stream_t *stream;
176 ipfix_report_element_t *ep;
178 ASSERT (stream_indexp);
180 ASSERT (report_elts);
182 stream = &exp->streams[fr->stream_index];
183 *stream_indexp = fr->stream_index;
185 /* allocate rewrite space */
186 vec_validate_aligned (rewrite,
187 sizeof (ip4_ipfix_template_packet_t)
188 + n_elts * sizeof (ipfix_field_specifier_t) - 1,
189 CLIB_CACHE_LINE_BYTES);
191 /* create the packet rewrite string */
192 tp = (ip4_ipfix_template_packet_t *) rewrite;
193 ip = (ip4_header_t *) & tp->ip4;
194 udp = (udp_header_t *) (ip + 1);
195 h = (ipfix_message_header_t *) (udp + 1);
196 s = (ipfix_set_header_t *) (h + 1);
197 t = (ipfix_template_header_t *) (s + 1);
198 first_field = f = (ipfix_field_specifier_t *) (t + 1);
200 ip->ip_version_and_header_length = 0x45;
202 ip->protocol = IP_PROTOCOL_UDP;
203 ip->src_address.as_u32 = src_address->as_u32;
204 ip->dst_address.as_u32 = collector_address->as_u32;
205 udp->src_port = clib_host_to_net_u16 (stream->src_port);
206 udp->dst_port = clib_host_to_net_u16 (collector_port);
207 udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip));
209 /* FIXUP LATER: message header export_time */
210 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
214 for (i = 0; i < n_elts; i++)
216 f->e_id_length = ipfix_e_id_length (0, ep->info_element, ep->size);
221 /* Back to the template packet... */
222 ip = (ip4_header_t *) & tp->ip4;
223 udp = (udp_header_t *) (ip + 1);
225 ASSERT (f - first_field);
226 /* Field count in this template */
227 t->id_count = ipfix_id_count (fr->template_id, f - first_field);
229 /* set length in octets */
231 ipfix_set_id_length (2 /* set_id */ , (u8 *) f - (u8 *) s);
233 /* message length in octets */
234 h->version_length = version_length ((u8 *) f - (u8 *) h);
236 ip->length = clib_host_to_net_u16 ((u8 *) f - (u8 *) ip);
237 ip->checksum = ip4_header_checksum (ip);
243 vnet_ipfix_exp_get_buffer (vlib_main_t *vm, ipfix_exporter_t *exp,
244 flow_report_t *fr, u32 thread_index)
249 if (fr->per_thread_data[thread_index].buffer)
250 return fr->per_thread_data[thread_index].buffer;
252 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
255 /* Initialize the buffer */
256 b0 = fr->per_thread_data[thread_index].buffer = vlib_get_buffer (vm, bi0);
258 b0->current_data = 0;
259 b0->current_length = exp->all_headers_size;
260 b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT);
261 vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
262 vnet_buffer (b0)->sw_if_index[VLIB_TX] = exp->fib_index;
263 fr->per_thread_data[thread_index].next_data_offset = b0->current_length;
269 * Send a buffer that is mostly populated. Has flow records but needs some
270 * header fields updated.
273 vnet_ipfix_exp_send_buffer (vlib_main_t *vm, ipfix_exporter_t *exp,
274 flow_report_t *fr, flow_report_stream_t *stream,
275 u32 thread_index, vlib_buffer_t *b0)
277 flow_report_main_t *frm = &flow_report_main;
279 ip4_ipfix_template_packet_t *tp;
280 ipfix_set_header_t *s;
281 ipfix_message_header_t *h;
285 /* nothing to send */
286 if (fr->per_thread_data[thread_index].next_data_offset <=
287 exp->all_headers_size)
290 tp = vlib_buffer_get_current (b0);
291 ip = (ip4_header_t *) &tp->ip4;
292 udp = (udp_header_t *) (ip + 1);
293 h = (ipfix_message_header_t *) (udp + 1);
294 s = (ipfix_set_header_t *) (h + 1);
296 ip->ip_version_and_header_length = 0x45;
298 ip->protocol = IP_PROTOCOL_UDP;
299 ip->flags_and_fragment_offset = 0;
300 ip->src_address.as_u32 = exp->src_address.as_u32;
301 ip->dst_address.as_u32 = exp->ipfix_collector.as_u32;
302 udp->src_port = clib_host_to_net_u16 (stream->src_port);
303 udp->dst_port = clib_host_to_net_u16 (exp->collector_port);
306 /* FIXUP: message header export_time */
308 (u32) (((f64) frm->unix_time_0) + (vlib_time_now (vm) - frm->vlib_time_0));
309 h->export_time = clib_host_to_net_u32 (h->export_time);
310 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
313 * RFC 7011: Section 3.2
315 * Incremental sequence counter modulo 2^32 of all IPFIX Data Records
316 * sent in the current stream from the current Observation Domain by
317 * the Exporting Process
320 clib_atomic_fetch_add (&stream->sequence_number,
321 fr->per_thread_data[thread_index].n_data_records);
322 h->sequence_number = clib_host_to_net_u32 (h->sequence_number);
325 * For data records we use the template ID as the set ID.
328 s->set_id_length = ipfix_set_id_length (
330 b0->current_length - (sizeof (*ip) + sizeof (*udp) + sizeof (*h)));
332 version_length (b0->current_length - (sizeof (*ip) + sizeof (*udp)));
334 ip->length = clib_host_to_net_u16 (b0->current_length);
336 ip->checksum = ip4_header_checksum (ip);
337 udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
339 if (exp->udp_checksum)
341 /* RFC 7011 section 10.3.2. */
342 udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
343 if (udp->checksum == 0)
344 udp->checksum = 0xffff;
347 ASSERT (ip4_header_checksum_is_valid (ip));
349 /* Find or allocate a frame */
350 f = fr->per_thread_data[thread_index].frame;
351 if (PREDICT_FALSE (f == 0))
354 f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
355 fr->per_thread_data[thread_index].frame = f;
356 u32 bi0 = vlib_get_buffer_index (vm, b0);
358 /* Enqueue the buffer */
359 to_next = vlib_frame_vector_args (f);
364 vlib_put_frame_to_node (vm, ip4_lookup_node.index, f);
366 fr->per_thread_data[thread_index].frame = NULL;
367 fr->per_thread_data[thread_index].buffer = NULL;
368 fr->per_thread_data[thread_index].next_data_offset = 0;
372 flow_report_process (vlib_main_t * vm,
373 vlib_node_runtime_t * rt, vlib_frame_t * f)
375 flow_report_main_t *frm = &flow_report_main;
377 u32 ip4_lookup_node_index;
378 vlib_node_t *ip4_lookup_node;
379 vlib_frame_t *nf = 0;
384 f64 def_wait_time = 5.0;
387 uword *event_data = 0;
389 /* Wait for Godot... */
390 vlib_process_wait_for_event_or_clock (vm, 1e9);
391 event_type = vlib_process_get_events (vm, &event_data);
393 clib_warning ("bogus kickoff event received, %d", event_type);
394 vec_reset_length (event_data);
396 /* Enqueue pkts to ip4-lookup */
397 ip4_lookup_node = vlib_get_node_by_name (vm, (u8 *) "ip4-lookup");
398 ip4_lookup_node_index = ip4_lookup_node->index;
400 wait_time = def_wait_time;
404 vlib_process_wait_for_event_or_clock (vm, wait_time);
405 event_type = vlib_process_get_events (vm, &event_data);
406 vec_reset_length (event_data);
407 ipfix_exporter_t *exp;
408 pool_foreach (exp, frm->exporters)
411 /* 5s delay by default, possibly reduced by template intervals */
412 wait_time = def_wait_time;
414 vec_foreach (fr, exp->reports)
417 now = vlib_time_now (vm);
419 /* Need to send a template packet? */
421 now > (fr->last_template_sent + exp->template_interval);
422 send_template += fr->last_template_sent == 0;
427 rv = send_template_packet (frm, exp, fr, &template_bi);
433 * decide if template should be sent sooner than current wait
437 (fr->last_template_sent + exp->template_interval) - now;
438 wait_time = clib_min (wait_time, next_template);
440 nf = vlib_get_frame_to_node (vm, ip4_lookup_node_index);
442 to_next = vlib_frame_vector_args (nf);
444 if (template_bi != ~0)
446 to_next[0] = template_bi;
451 nf = fr->flow_data_callback (frm, exp, fr, nf, to_next,
452 ip4_lookup_node_index);
454 vlib_put_frame_to_node (vm, ip4_lookup_node_index, nf);
459 return 0; /* not so much */
463 VLIB_REGISTER_NODE (flow_report_process_node) = {
464 .function = flow_report_process,
465 .type = VLIB_NODE_TYPE_PROCESS,
466 .name = "flow-report-process",
471 vnet_flow_report_add_del (ipfix_exporter_t *exp,
472 vnet_flow_report_add_del_args_t *a, u16 *template_id)
475 int found_index = ~0;
477 flow_report_stream_t *stream;
479 vlib_thread_main_t *tm = &vlib_thread_main;
480 flow_report_main_t *frm = &flow_report_main;
481 vlib_main_t *vm = frm->vlib_main;
484 si = find_stream (exp, a->domain_id, a->src_port);
486 return VNET_API_ERROR_INVALID_VALUE;
487 if (si == -1 && a->is_add == 0)
488 return VNET_API_ERROR_NO_SUCH_ENTRY;
490 for (i = 0; i < vec_len (exp->reports); i++)
492 fr = vec_elt_at_index (exp->reports, i);
493 if (fr->opaque.as_uword == a->opaque.as_uword
494 && fr->rewrite_callback == a->rewrite_callback
495 && fr->flow_data_callback == a->flow_data_callback)
499 *template_id = fr->template_id;
506 if (found_index != ~0)
509 i < vec_len (exp->reports[found_index].per_thread_data); i++)
512 if (exp->reports[found_index].per_thread_data[i].buffer)
514 bi = vlib_get_buffer_index (
515 vm, exp->reports[found_index].per_thread_data[i].buffer);
516 vlib_buffer_free (vm, &bi, 1);
519 vec_free (exp->reports[found_index].per_thread_data);
521 vec_delete (exp->reports, 1, found_index);
522 stream = &exp->streams[si];
524 if (stream->n_reports == 0)
525 delete_stream (exp, si);
528 return VNET_API_ERROR_NO_SUCH_ENTRY;
531 if (found_index != ~0)
532 return VNET_API_ERROR_VALUE_EXIST;
536 stream = add_stream (exp);
537 stream->domain_id = a->domain_id;
538 stream->src_port = a->src_port;
539 stream->sequence_number = 0;
540 stream->n_reports = 0;
541 si = stream - exp->streams;
544 stream = &exp->streams[si];
548 vec_add2 (exp->reports, fr, 1);
550 fr->stream_index = si;
551 fr->template_id = 256 + stream->next_template_no;
552 stream->next_template_no = (stream->next_template_no + 1) % (65536 - 256);
553 fr->update_rewrite = 1;
554 fr->opaque = a->opaque;
555 fr->rewrite_callback = a->rewrite_callback;
556 fr->flow_data_callback = a->flow_data_callback;
557 fr->report_elements = a->report_elements;
558 fr->n_report_elements = a->n_report_elements;
559 fr->stream_indexp = a->stream_indexp;
560 vec_validate (fr->per_thread_data, tm->n_threads);
561 /* Store the flow_report index back in the args struct */
562 a->flow_report_index = fr - exp->reports;
565 for (int i = 0; i < fr->n_report_elements; i++)
566 size += fr->report_elements[i].size;
567 fr->data_record_size = size;
569 *template_id = fr->template_id;
575 flow_report_add_del_error_to_clib_error (int error)
581 case VNET_API_ERROR_NO_SUCH_ENTRY:
582 return clib_error_return (0, "Flow report not found");
583 case VNET_API_ERROR_VALUE_EXIST:
584 return clib_error_return (0, "Flow report already exists");
585 case VNET_API_ERROR_INVALID_VALUE:
586 return clib_error_return (0, "Expecting either still unused values "
587 "for both domain_id and src_port "
588 "or already used values for both fields");
590 return clib_error_return (0, "vnet_flow_report_add_del returned %d",
596 vnet_flow_reports_reset (ipfix_exporter_t *exp)
601 for (i = 0; i < vec_len (exp->streams); i++)
602 if (stream_index_valid (exp, i))
603 exp->streams[i].sequence_number = 0;
605 vec_foreach (fr, exp->reports)
607 fr->update_rewrite = 1;
608 fr->last_template_sent = 0;
613 vnet_stream_reset (ipfix_exporter_t *exp, u32 stream_index)
617 exp->streams[stream_index].sequence_number = 0;
619 vec_foreach (fr, exp->reports)
620 if (exp->reports->stream_index == stream_index)
622 fr->update_rewrite = 1;
623 fr->last_template_sent = 0;
628 vnet_stream_change (ipfix_exporter_t *exp, u32 old_domain_id, u16 old_src_port,
629 u32 new_domain_id, u16 new_src_port)
631 i32 stream_index = find_stream (exp, old_domain_id, old_src_port);
633 if (stream_index < 0)
635 flow_report_stream_t *stream = &exp->streams[stream_index];
636 stream->domain_id = new_domain_id;
637 stream->src_port = new_src_port;
638 if (old_domain_id != new_domain_id || old_src_port != new_src_port)
639 vnet_stream_reset (exp, stream_index);
643 static clib_error_t *
644 set_ipfix_exporter_command_fn (vlib_main_t * vm,
645 unformat_input_t * input,
646 vlib_cli_command_t * cmd)
648 flow_report_main_t *frm = &flow_report_main;
649 ip4_address_t collector, src;
650 u16 collector_port = UDP_DST_PORT_ipfix;
654 collector.as_u32 = 0;
656 u32 path_mtu = 512; // RFC 7011 section 10.3.3.
657 u32 template_interval = 20;
659 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
661 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
663 if (unformat (input, "collector %U", unformat_ip4_address, &collector))
665 else if (unformat (input, "port %U", unformat_udp_port,
668 else if (unformat (input, "src %U", unformat_ip4_address, &src))
670 else if (unformat (input, "fib-id %u", &fib_id))
672 ip4_main_t *im = &ip4_main;
673 uword *p = hash_get (im->fib_index_by_table_id, fib_id);
675 return clib_error_return (0, "fib ID %d doesn't exist\n", fib_id);
678 else if (unformat (input, "path-mtu %u", &path_mtu))
680 else if (unformat (input, "template-interval %u", &template_interval))
682 else if (unformat (input, "udp-checksum"))
688 if (collector.as_u32 != 0 && src.as_u32 == 0)
689 return clib_error_return (0, "src address required");
691 if (path_mtu > 1450 /* vpp does not support fragmentation */ )
692 return clib_error_return (0, "too big path-mtu value, maximum is 1450");
695 return clib_error_return (0, "too small path-mtu value, minimum is 68");
697 /* Calculate how much header data we need. */
698 exp->all_headers_size = sizeof (ip4_header_t) + sizeof (udp_header_t) +
699 sizeof (ipfix_message_header_t) +
700 sizeof (ipfix_set_header_t);
702 /* Reset report streams if we are reconfiguring IP addresses */
703 if (exp->ipfix_collector.as_u32 != collector.as_u32 ||
704 exp->src_address.as_u32 != src.as_u32 ||
705 exp->collector_port != collector_port)
706 vnet_flow_reports_reset (exp);
708 exp->ipfix_collector.as_u32 = collector.as_u32;
709 exp->collector_port = collector_port;
710 exp->src_address.as_u32 = src.as_u32;
711 exp->fib_index = fib_index;
712 exp->path_mtu = path_mtu;
713 exp->template_interval = template_interval;
714 exp->udp_checksum = udp_checksum;
716 if (collector.as_u32)
718 "Collector %U, src address %U, "
719 "fib index %d, path MTU %u, "
720 "template resend interval %us, "
722 format_ip4_address, exp->ipfix_collector,
723 format_ip4_address, exp->src_address, fib_index, path_mtu,
724 template_interval, udp_checksum ? "enabled" : "disabled");
726 vlib_cli_output (vm, "IPFIX Collector is disabled");
728 /* Turn on the flow reporting process */
729 vlib_process_signal_event (vm, flow_report_process_node.index, 1, 0);
734 VLIB_CLI_COMMAND (set_ipfix_exporter_command, static) = {
735 .path = "set ipfix exporter",
736 .short_help = "set ipfix exporter "
737 "collector <ip4-address> [port <port>] "
738 "src <ip4-address> [fib-id <fib-id>] "
739 "[path-mtu <path-mtu>] "
740 "[template-interval <template-interval>] "
742 .function = set_ipfix_exporter_command_fn,
747 static clib_error_t *
748 ipfix_flush_command_fn (vlib_main_t * vm,
749 unformat_input_t * input, vlib_cli_command_t * cmd)
751 /* poke the flow reporting process */
752 vlib_process_signal_event (vm, flow_report_process_node.index, 1, 0);
757 VLIB_CLI_COMMAND (ipfix_flush_command, static) = {
758 .path = "ipfix flush",
759 .short_help = "flush the current ipfix data [for make test]",
760 .function = ipfix_flush_command_fn,
764 static clib_error_t *
765 flow_report_init (vlib_main_t * vm)
767 flow_report_main_t *frm = &flow_report_main;
768 ipfix_exporter_t *exp;
771 frm->vnet_main = vnet_get_main ();
772 frm->unix_time_0 = time (0);
773 frm->vlib_time_0 = vlib_time_now (frm->vlib_main);
775 * Make sure that we can always access the first exporter for
776 * backwards compatibility reasons.
778 pool_alloc (frm->exporters, IPFIX_EXPORTERS_MAX);
779 pool_get (frm->exporters, exp);
780 /* Verify that this is at index 0 */
781 ASSERT (frm->exporters == exp);
786 VLIB_INIT_FUNCTION (flow_report_init);
788 * fd.io coding-style-patch-verification: ON
791 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob