2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #include <vnet/ipfix-export/flow_report.h>
16 #include <vnet/ipfix-export/flow_report_classify.h>
17 #include <vnet/api_errno.h>
18 #include <vnet/classify/vnet_classify.h>
19 #include <vnet/ip/ip4.h>
20 #include <vnet/udp/udp_local.h>
22 /* Common prefix of tcp and udp headers
23 * containing only source and destination port fields */
26 u16 src_port, dst_port;
29 flow_report_classify_main_t flow_report_classify_main;
32 ipfix_classify_template_rewrite (flow_report_main_t * frm,
34 ip4_address_t * collector_address,
35 ip4_address_t * src_address,
37 ipfix_report_element_t * elts,
38 u32 n_elts, u32 * stream_index)
40 flow_report_classify_main_t *fcm = &flow_report_classify_main;
41 vnet_classify_table_t *tblp;
42 vnet_classify_main_t *vcm = &vnet_classify_main;
43 u32 flow_table_index = fr->opaque.as_uword;
47 tcpudp_header_t *tcpudp;
49 ipfix_message_header_t *h;
50 ipfix_set_header_t *s;
51 ipfix_template_header_t *t;
52 ipfix_field_specifier_t *f;
53 ipfix_field_specifier_t *first_field;
55 ip4_ipfix_template_packet_t *tp;
58 flow_report_stream_t *stream;
60 u8 transport_protocol;
63 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
65 stream = &exp->streams[fr->stream_index];
67 ipfix_classify_table_t *table = &fcm->tables[flow_table_index];
69 ip_version = table->ip_version;
70 transport_protocol = table->transport_protocol;
72 tblp = pool_elt_at_index (vcm->tables, table->classify_table_index);
74 virt_mask = (u8 *) (tblp->mask - tblp->skip_n_vectors);
75 real_mask = (u8 *) (tblp->mask);
77 /* Determine field count */
78 ip_start = virt_mask + sizeof (ethernet_header_t);
79 #define _(field,mask,item,length) \
80 if (((u8 *)&field >= real_mask) && (memcmp(&field, &mask, length) == 0)) \
84 fr->fields_to_send = clib_bitmap_set (fr->fields_to_send, \
91 /* Add packetTotalCount manually */
94 /* $$$ enterprise fields, at some later date */
96 /* allocate rewrite space */
97 vec_validate_aligned (rewrite,
98 sizeof (ip4_ipfix_template_packet_t)
99 + field_count * sizeof (ipfix_field_specifier_t) - 1,
100 CLIB_CACHE_LINE_BYTES);
102 tp = (ip4_ipfix_template_packet_t *) rewrite;
103 ip = (ip4_header_t *) & tp->ip4;
104 udp = (udp_header_t *) (ip + 1);
105 h = (ipfix_message_header_t *) (udp + 1);
106 s = (ipfix_set_header_t *) (h + 1);
107 t = (ipfix_template_header_t *) (s + 1);
108 first_field = f = (ipfix_field_specifier_t *) (t + 1);
110 ip->ip_version_and_header_length = 0x45;
112 ip->protocol = IP_PROTOCOL_UDP;
113 ip->src_address.as_u32 = src_address->as_u32;
114 ip->dst_address.as_u32 = collector_address->as_u32;
115 udp->src_port = clib_host_to_net_u16 (stream->src_port);
116 udp->dst_port = clib_host_to_net_u16 (collector_port);
117 udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip));
119 /* FIXUP: message header export_time */
120 /* FIXUP: message header sequence_number */
121 h->domain_id = clib_host_to_net_u32 (stream->domain_id);
123 /* Take another trip through the mask and build the template */
124 ip_start = virt_mask + sizeof (ethernet_header_t);
125 #define _(field,mask,item,length) \
126 if (((u8 *)&field >= real_mask) && (memcmp(&field, &mask, length) == 0)) \
128 f->e_id_length = ipfix_e_id_length (0 /* enterprise */, \
135 /* Add packetTotalCount manually */
137 ipfix_e_id_length (0 /* enterprise */ , packetTotalCount, 8);
140 /* Back to the template packet... */
141 ip = (ip4_header_t *) & tp->ip4;
142 udp = (udp_header_t *) (ip + 1);
144 ASSERT (f - first_field);
145 /* Field count in this template */
146 t->id_count = ipfix_id_count (fr->template_id, f - first_field);
148 /* set length in octets */
150 ipfix_set_id_length (2 /* set_id */ , (u8 *) f - (u8 *) s);
152 /* message length in octets */
153 h->version_length = version_length ((u8 *) f - (u8 *) h);
155 ip->length = clib_host_to_net_u16 ((u8 *) f - (u8 *) ip);
156 ip->checksum = ip4_header_checksum (ip);
162 ipfix_classify_send_flows (flow_report_main_t * frm,
164 vlib_frame_t * f, u32 * to_next, u32 node_index)
166 flow_report_classify_main_t *fcm = &flow_report_classify_main;
167 vnet_classify_main_t *vcm = &vnet_classify_main;
168 u32 flow_table_index = fr->opaque.as_uword;
169 vnet_classify_table_t *t;
170 vnet_classify_bucket_t *b;
171 vnet_classify_entry_t *v, *save_v;
172 vlib_buffer_t *b0 = 0;
174 u32 record_offset = 0;
177 ip4_ipfix_template_packet_t *tp;
178 ipfix_message_header_t *h = 0;
179 ipfix_set_header_t *s = 0;
183 tcpudp_header_t *tcpudp;
186 u32 records_this_buffer;
189 vlib_main_t *vm = frm->vlib_main;
190 flow_report_stream_t *stream;
192 u8 transport_protocol;
194 ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
196 stream = &exp->streams[fr->stream_index];
198 ipfix_classify_table_t *table = &fcm->tables[flow_table_index];
200 ip_version = table->ip_version;
201 transport_protocol = table->transport_protocol;
203 t = pool_elt_at_index (vcm->tables, table->classify_table_index);
205 clib_spinlock_lock (&t->writer_lock);
207 for (i = 0; i < t->nbuckets; i++)
213 save_v = vnet_classify_get_entry (t, b->offset);
214 for (j = 0; j < (1 << b->log2_pages); j++)
216 for (k = 0; k < t->entries_per_page; k++)
218 v = vnet_classify_entry_at_index
219 (t, save_v, j * t->entries_per_page + k);
221 if (vnet_classify_entry_is_free (v))
224 /* OK, we have something to send... */
225 if (PREDICT_FALSE (b0 == 0))
227 if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
229 b0 = vlib_get_buffer (vm, bi0);
231 u32 copy_len = sizeof (ip4_header_t) +
232 sizeof (udp_header_t) + sizeof (ipfix_message_header_t);
233 clib_memcpy_fast (b0->data, fr->rewrite, copy_len);
234 b0->current_data = 0;
235 b0->current_length = copy_len;
236 b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;
237 vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
238 vnet_buffer (b0)->sw_if_index[VLIB_TX] = exp->fib_index;
240 tp = vlib_buffer_get_current (b0);
241 ip = (ip4_header_t *) & tp->ip4;
242 udp = (udp_header_t *) (ip + 1);
243 h = (ipfix_message_header_t *) (udp + 1);
244 s = (ipfix_set_header_t *) (h + 1);
246 /* FIXUP: message header export_time */
247 h->export_time = (u32)
248 (((f64) frm->unix_time_0) +
249 (vlib_time_now (frm->vlib_main) - frm->vlib_time_0));
250 h->export_time = clib_host_to_net_u32 (h->export_time);
252 /* FIXUP: message header sequence_number */
253 h->sequence_number = stream->sequence_number;
255 clib_host_to_net_u32 (h->sequence_number);
257 next_offset = (u32) (((u8 *) (s + 1)) - (u8 *) tp);
258 record_offset = next_offset;
259 records_this_buffer = 0;
263 virt_key = (u8 *) (v->key - t->skip_n_vectors);
264 ip_start = virt_key + sizeof (ethernet_header_t);
265 #define _(field,mask,item,length) \
266 if (clib_bitmap_get (fr->fields_to_send, field_index)) \
268 clib_memcpy_fast (b0->data + next_offset, &field, \
270 next_offset += length; \
276 /* Add packetTotalCount manually */
278 u64 packets = clib_host_to_net_u64 (v->hits);
279 clib_memcpy_fast (b0->data + next_offset, &packets,
281 next_offset += sizeof (packets);
283 records_this_buffer++;
284 stream->sequence_number++;
286 /* Next record will have the same size as this record */
287 u32 next_record_size = next_offset - record_offset;
288 record_offset = next_offset;
290 if (next_offset + next_record_size > exp->path_mtu)
292 s->set_id_length = ipfix_set_id_length (fr->template_id,
298 version_length (next_offset -
299 (sizeof (*ip) + sizeof (*udp)));
300 b0->current_length = next_offset;
301 b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;
303 tp = vlib_buffer_get_current (b0);
304 ip = (ip4_header_t *) & tp->ip4;
305 udp = (udp_header_t *) (ip + 1);
309 new_l0 = clib_host_to_net_u16 ((u16) next_offset);
311 sum0 = ip_csum_update (sum0, old_l0, new_l0, ip4_header_t,
312 length /* changed member */ );
314 ip->checksum = ip_csum_fold (sum0);
317 clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
319 if (exp->udp_checksum)
321 /* RFC 7011 section 10.3.2. */
323 ip4_tcp_udp_compute_checksum (vm, b0, ip);
324 if (udp->checksum == 0)
325 udp->checksum = 0xffff;
328 ASSERT (ip4_header_checksum_is_valid (ip));
334 if (f->n_vectors == VLIB_FRAME_SIZE)
336 vlib_put_frame_to_node (vm, node_index, f);
337 f = vlib_get_frame_to_node (vm, node_index);
339 to_next = vlib_frame_vector_args (f);
351 s->set_id_length = ipfix_set_id_length (fr->template_id,
353 (sizeof (*ip) + sizeof (*udp) +
355 h->version_length = version_length (next_offset -
356 (sizeof (*ip) + sizeof (*udp)));
357 b0->current_length = next_offset;
358 b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;
360 tp = vlib_buffer_get_current (b0);
361 ip = (ip4_header_t *) & tp->ip4;
362 udp = (udp_header_t *) (ip + 1);
366 new_l0 = clib_host_to_net_u16 ((u16) next_offset);
368 sum0 = ip_csum_update (sum0, old_l0, new_l0, ip4_header_t,
369 length /* changed member */ );
371 ip->checksum = ip_csum_fold (sum0);
373 udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
375 if (exp->udp_checksum)
377 /* RFC 7011 section 10.3.2. */
378 udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
379 if (udp->checksum == 0)
380 udp->checksum = 0xffff;
383 ASSERT (ip4_header_checksum_is_valid (ip));
392 clib_spinlock_unlock (&t->writer_lock);
396 static clib_error_t *
397 ipfix_classify_table_add_del_command_fn (vlib_main_t * vm,
398 unformat_input_t * input,
399 vlib_cli_command_t * cmd)
401 flow_report_classify_main_t *fcm = &flow_report_classify_main;
402 flow_report_main_t *frm = &flow_report_main;
403 vnet_flow_report_add_del_args_t args;
404 ipfix_classify_table_t *table;
407 u32 classify_table_index = ~0;
409 u8 transport_protocol = 255;
410 clib_error_t *error = 0;
412 if (fcm->src_port == 0)
413 clib_error_return (0, "call 'set ipfix classify stream' first");
415 clib_memset (&args, 0, sizeof (args));
417 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
419 if (unformat (input, "add"))
421 else if (unformat (input, "del"))
423 else if (unformat (input, "%d", &classify_table_index))
425 else if (unformat (input, "ip4"))
427 else if (unformat (input, "ip6"))
429 else if (unformat (input, "tcp"))
430 transport_protocol = 6;
431 else if (unformat (input, "udp"))
432 transport_protocol = 17;
434 return clib_error_return (0, "unknown input `%U'",
435 format_unformat_error, input);
439 return clib_error_return (0, "expecting: add|del");
440 if (classify_table_index == ~0)
441 return clib_error_return (0, "classifier table not specified");
443 return clib_error_return (0, "IP version not specified");
447 for (i = 0; i < vec_len (fcm->tables); i++)
448 if (ipfix_classify_table_index_valid (i))
449 if (fcm->tables[i].classify_table_index == classify_table_index)
451 table = &fcm->tables[i];
458 return clib_error_return (0,
459 "Specified classifier table already used");
460 table = ipfix_classify_add_table ();
461 table->classify_table_index = classify_table_index;
466 return clib_error_return (0,
467 "Specified classifier table not registered");
470 table->ip_version = ip_version;
471 table->transport_protocol = transport_protocol;
473 args.opaque.as_uword = table - fcm->tables;
474 args.rewrite_callback = ipfix_classify_template_rewrite;
475 args.flow_data_callback = ipfix_classify_send_flows;
476 args.is_add = is_add;
477 args.domain_id = fcm->domain_id;
478 args.src_port = fcm->src_port;
480 rv = vnet_flow_report_add_del (frm, &args, NULL);
482 error = flow_report_add_del_error_to_clib_error (rv);
484 /* If deleting, or add failed */
485 if (is_add == 0 || (rv && is_add))
486 ipfix_classify_delete_table (table - fcm->tables);
492 VLIB_CLI_COMMAND (ipfix_classify_table_add_del_command, static) = {
493 .path = "ipfix classify table",
494 .short_help = "ipfix classify table add|del <table-index>",
495 .function = ipfix_classify_table_add_del_command_fn,
499 static clib_error_t *
500 set_ipfix_classify_stream_command_fn (vlib_main_t * vm,
501 unformat_input_t * input,
502 vlib_cli_command_t * cmd)
504 flow_report_classify_main_t *fcm = &flow_report_classify_main;
505 flow_report_main_t *frm = &flow_report_main;
507 u32 src_port = UDP_DST_PORT_ipfix;
509 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
511 if (unformat (input, "domain %d", &domain_id))
513 else if (unformat (input, "src-port %d", &src_port))
516 return clib_error_return (0, "unknown input `%U'",
517 format_unformat_error, input);
520 if (fcm->src_port != 0 &&
521 (fcm->domain_id != domain_id || fcm->src_port != (u16) src_port))
523 int rv = vnet_stream_change (frm, fcm->domain_id, fcm->src_port,
524 domain_id, (u16) src_port);
528 fcm->domain_id = domain_id;
529 fcm->src_port = (u16) src_port;
535 VLIB_CLI_COMMAND (set_ipfix_classify_stream_command, static) = {
536 .path = "set ipfix classify stream",
537 .short_help = "set ipfix classify stream"
538 "[domain <domain-id>] [src-port <src-port>]",
539 .function = set_ipfix_classify_stream_command_fn,
543 static clib_error_t *
544 flow_report_classify_init (vlib_main_t * vm)
548 if ((error = vlib_call_init_function (vm, flow_report_init)))
554 VLIB_INIT_FUNCTION (flow_report_classify_init);
557 * fd.io coding-style-patch-verification: ON
560 * eval: (c-set-style "gnu")