2 *------------------------------------------------------------------
5 * Copyright (c) 2011-2013 Cisco and/or its affiliates.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at:
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 *------------------------------------------------------------------
20 #include <arpa/inet.h>
21 #include "cnat_syslog.h"
22 #include "platform_common.h"
24 #include "cnat_log_common.h"
25 #include <vppinfra/pool.h>
27 #define SYSLOG_DELIMITER ' '
28 #define SYSLOG_FIELD_ABSENT '-'
29 /* #define SHOW_SYSLOG_TIMESTAMP 1 TO DO. Remove this later */
31 * Defining the below macro here for now. Assumption is, syslog packets
32 * are sent out via same channel as that of NFV9.
33 * Has to be overridden if this assumption is false.
35 #define PLATFORM_SYSLOG_DISP_NODE_IDX PLATFORM_NFV9_DISP_NODE_IDX
37 cnat_syslog_global_info_t cnat_syslog_global_info;
38 cnat_syslog_logging_info_t *cnat_syslog_logging_info_pool;
39 cnat_syslog_global_counters_t cnat_syslog_global_counter;
40 extern u32 syslog_debug_flag;
42 #define CNAT_SYSLOG_DEBUG_CODE 2
44 #if CNAT_SYSLOG_DEBUG_CODE > 3
45 #define SYSLOG_COND if(my_instance_number == 0)
47 #define SYSLOG_DEBUG_PRINTF1(a) SYSLOG_COND printf(a);
48 #define SYSLOG_DEBUG_PRINTF2(a, b) SYSLOG_COND printf(a, b);
49 #define SYSLOG_DEBUG_PRINTF3(a, b, c) SYSLOG_COND printf(a, b, c);
50 #define SYSLOG_DEBUG_PRINTF4(a, b, c, d) SYSLOG_COND printf(a, b, c, d);
54 #define SYSLOG_DEBUG_PRINTF1(a)
55 #define SYSLOG_DEBUG_PRINTF2(a, b)
56 #define SYSLOG_DEBUG_PRINTF3(a, b, c)
57 #define SYSLOG_DEBUG_PRINTF4(a, b, c, d)
62 void syslog_params_show(u32 logging_index)
64 cnat_syslog_logging_info_t *log_info __attribute__((unused));
65 if(logging_index == EMPTY) {
66 PLATFORM_DEBUG_PRINT("\nSyslog logging not configured\n");
70 log_info = cnat_syslog_logging_info_pool + logging_index;
72 PLATFORM_DEBUG_PRINT("\nSyslog parameters --\n");
73 PLATFORM_DEBUG_PRINT("IPV4 address: %x, port %d, max log size %d\n",
74 log_info->ipv4_address,
75 log_info->port, log_info->max_length_minus_max_record_size);
76 PLATFORM_DEBUG_PRINT("Host name: %s, priority %d",
77 log_info->header_hostname, log_info->header_priority);
81 /* Util function to copy a number as ASCII in to a buf in a
82 * faster way (should be faster than sprintf)
85 const unsigned char ascii_numbers[][3] =
345 byte_to_ascii_decimal_unaligned(
346 unsigned char *ptr, unsigned char num)
348 *ptr++ = ascii_numbers[num][0];
349 if(PREDICT_FALSE(num < 10)) {
352 *ptr++ = ascii_numbers[num][1];
353 if(PREDICT_FALSE(num < 100)) {
356 *ptr++ = ascii_numbers[num][2];
360 /* Copies the dotted decimal format of ipv4
361 * in to the space provided and
362 * returns the number of bytes copied
365 copy_ipv4_addr(unsigned char *ptr, u32 ipv4)
367 unsigned char *temp = ptr;
368 temp += byte_to_ascii_decimal_unaligned(temp, (ipv4 >> 24));
370 temp += byte_to_ascii_decimal_unaligned(temp, ((ipv4 >> 16) & 0xFF));
372 temp += byte_to_ascii_decimal_unaligned(temp, ((ipv4 >> 8) & 0xFF));
374 temp += byte_to_ascii_decimal_unaligned(temp, (ipv4 & 0xFF));
381 * edt: * * cnat_syslog_fill_ip_header
383 * Tries to fill the fields of the IP header before it
384 * is sent to the L3 infra node.
386 * Argument: cnat_syslog_logging_info_t *logging_info
387 * structure that contains the packet context
390 void cnat_syslog_fill_ip_header (cnat_syslog_logging_info_t *logging_info)
395 * Fill in the IP header and port number of the Netflow collector
396 * The L3 Infra node will fill in the rest of the fields
398 ctx = logging_info->current_logging_context;
399 fill_ip_n_udp_hdr(ctx, logging_info->ipv4_address,
400 logging_info->port, logging_info->pkt_length);
405 void cnat_syslog_fill_ip_header (cnat_syslog_logging_info_t *logging_info)
412 void cnat_syslog_logging_init()
417 void cnat_syslog_log_mapping_create(cnat_main_db_entry_t * db,
418 cnat_vrfmap_t *vrfmap)
423 void cnat_syslog_log_mapping_delete(cnat_main_db_entry_t * db,
424 cnat_vrfmap_t *vrfmap)
429 void cnat_syslog_ds_lite_port_limit_exceeded(
431 dslite_table_entry_t *dslite_entry)
436 void cnat_syslog_nat44_mapping_create(cnat_main_db_entry_t *db,
437 cnat_vrfmap_t *vrfmap, cnat_session_entry_t * sdb
438 #ifndef NO_BULK_LOGGING
446 /* Following are in cnat_util.c which are not ported */
447 /* This function is defined in cnat_util.c which need to be ported */
448 cnat_icmp_msg_t icmp_msg_gen_allowed ()
453 void cnat_syslog_nat44_mapping_delete(cnat_main_db_entry_t *db,
454 cnat_vrfmap_t *vrfmap, cnat_session_entry_t *sdb
455 #ifndef NO_BULK_LOGGING
464 cnat_get_unix_time_in_seconds (void)
468 #else /* TOBE_PORTED */
470 cnat_syslog_dump_logging_context (u32 value1,
471 cnat_syslog_logging_info_t *logging_info,
477 if (PREDICT_TRUE(syslog_debug_flag == 0)) {
481 * Reduce the logging to few cores, to enable easier debugging
483 if ((my_instance_number & 0x7) != 0) {
486 printf("\nDumping %s packet at locn %d: time 0x%x",
487 (value2 == 1) ? "CURRENT" : "QUEUED",
489 cnat_get_unix_time_in_seconds());
491 printf("\ni_vrf 0x%x, ip_address 0x%x, port %d, pkt len %d",
492 0 /* TO DP Add vrf like nfv9_logging_info->i_vrf */,
493 logging_info->ipv4_address,
495 logging_info->pkt_length);
499 pkt_ptr = logging_info->current_logging_context->packet_data;
501 pkt_ptr = logging_info->queued_logging_context->packet_data;
505 * Dump along with 8 bytes of SHIM header
508 (logging_info->pkt_length + CNAT_NFV9_IP_HDR_OFFSET);
513 printf("\nL2_HEADER + SHIM_HEADER: \n");
514 } else if (i == CNAT_NFV9_IP_HDR_OFFSET) {
515 printf("\nIP_HEADER: \n");
516 } else if (i == CNAT_NFV9_UDP_HDR_OFFSET) {
517 printf("\nUDP_HEADER: \n");
518 } else if (i == CNAT_NFV9_HDR_OFFSET) {
519 printf("\nSyslog content..\n");
521 (logging_info->pkt_length + CNAT_NFV9_HDR_OFFSET)) {
522 printf("%c", (u8)(*(pkt_ptr + i)));
524 if((u8)(*(pkt_ptr + i)) == '[') /* new record begins */
532 c1 = (c3 >> 4) & 0xf;
535 ((c1 <= 9) ? (c1 + '0') : (c1 - 10 + 'a')),
536 ((c2 <= 9) ? (c2 + '0') : (c2 - 10 + 'a')));
545 * edt: * * cnat_syslog_send_pkt
547 * Tries to send a logging pkt. If the packet cannot be sent
548 * because of rewrite_output node cannot process it, queue
549 * it temporarily and try to send it later.
551 * Argument: cnat_syslog_logging_info_t *logging_info
552 * structure that contains the packet context
555 void cnat_syslog_send_pkt (cnat_syslog_logging_info_t *logging_info)
557 spp_node_t *output_node;
559 cnat_syslog_fill_ip_header(logging_info);
561 output_node = spp_get_nodes() +
562 cnat_syslog_global_info.cnat_syslog_disp_node_index;
564 cnat_syslog_dump_logging_context (2, logging_info, 1);
566 if (PREDICT_TRUE(output_node->sf.nused < SPP_MAXDISPATCH)) {
568 * Move the logging context to output node
570 logging_info->current_logging_context->current_length =
571 logging_info->pkt_length;
572 PLATFORM_SET_CTX_RU_TX_FROM_NODE(logging_info->current_logging_context, \
574 spp_dispatch_make_node_runnable(output_node);
575 output_node->sf.ctxs[output_node->sf.nused++] =
576 logging_info->current_logging_context;
578 if(PREDICT_FALSE(syslog_debug_flag > 10))
579 printf("\nSyslog: 2. Sending Current packet\n");
582 * Queue the context into the logging_info structure,
583 * We will try to send it later. Currently, we will
584 * restrict to only one context queued.
586 cnat_syslog_global_counter.downstream_constipation_count++;
587 if(PREDICT_FALSE(syslog_debug_flag > 10))
588 printf("\nSyslog: 2. Downstream congestion \n");
591 * Attach the current logging context which is full to the
592 * queued context list in logging_info structure
594 logging_info->queued_logging_context =
595 logging_info->current_logging_context;
599 * Whether the context is queued or not, set the current context index
600 * to EMPTY, as the earlier context can no more be used to send
601 * more logging records.
603 logging_info->current_logging_context = NULL;
608 * edt: * * cnat_syslog_send_queued_pkt
610 * Tries to send a logging pkt that has been queued earlier
611 * because it could not be sent due to downstream constipation
613 * Argument: cnat_syslog_logging_info_t *logging_info
614 * structure that contains the packet context
617 void cnat_syslog_send_queued_pkt (cnat_syslog_logging_info_t *logging_info)
619 spp_node_t *output_node;
621 output_node = spp_get_nodes() +
622 cnat_syslog_global_info.cnat_syslog_disp_node_index;
624 cnat_syslog_dump_logging_context(1, logging_info, 2);
626 if(PREDICT_TRUE(output_node->sf.nused < SPP_MAXDISPATCH)) {
628 * Move the logging context to output node
630 /** This looks like a bug to me .. need to confirm *****
631 logging_info->queued_logging_context->current_length =
632 nfv9_logging_info->pkt_length; ***/
633 PLATFORM_SET_CTX_RU_TX_FROM_NODE(logging_info->queued_logging_context,
635 spp_dispatch_make_node_runnable(output_node);
636 output_node->sf.ctxs[output_node->sf.nused++] =
637 logging_info->queued_logging_context;
639 SYSLOG_DEBUG_PRINTF1("\nSYSLOG: 1. Sending Queued packet\n")
642 * Context has been queued, it will be freed after the pkt
643 * is sent. Clear this from the logging_context_info structure
645 logging_info->queued_logging_context = NULL;
648 cnat_syslog_global_counter.downstream_constipation_count++;
653 * edt: * * handle_pending_syslog_pkts
655 * Timer handler for sending any pending syslog record
659 void handle_pending_syslog_pkts()
661 spp_node_t *output_node;
662 cnat_syslog_logging_info_t *my_logging_info = 0;
663 u32 current_timestamp = cnat_get_sys_up_time_in_ms();
666 output_node = spp_get_nodes() +
667 cnat_syslog_global_info.cnat_syslog_disp_node_index;
669 sf_nused = output_node->sf.nused;
671 pool_foreach (my_logging_info, cnat_syslog_logging_info_pool, ({
673 * Check if no more logging contexts can be queued
675 if (PREDICT_FALSE(sf_nused >= SPP_MAXDISPATCH)) {
678 if (my_logging_info->queued_logging_context)
679 cnat_syslog_send_queued_pkt (my_logging_info);
681 if(my_logging_info->current_logging_context &&
682 ((current_timestamp -
683 my_logging_info->current_logging_context_timestamp)
686 * If there is a current logging context and timestamp
687 * indicates it is pending for long, send it out
688 * Also if there is a queued context send it out as well
690 SYSLOG_DEBUG_PRINTF4("\nLOG_TIMER: queued %p, curr %p, sf_nused %d",
691 my_logging_info->queued_logging_context,
692 my_logging_info->current_logging_context,
694 cnat_syslog_send_pkt(my_logging_info);
699 const unsigned char hex_numbers_single_digit[] =
700 { '0', '1', '2', '3', '4', '5', '6', '7', '8',
701 '9', 'a', 'b', 'c', 'd', 'e', 'f' };
703 inline static int u16_to_ascii_decimal_aligned(
704 unsigned char *ptr, u16 num, u16 min_digits)
706 /* The logic below is replicated in
707 * function u16_to_ascii_decimal_unaligned
708 * except the use of min_digits
709 * Replication is done to optimize run time
710 * if you fix a bug here, check u16_to_ascii_decimal_unaligned
711 * as well (and vice versa)
713 unsigned char *temp = ptr;
714 int no_leading_zeros = 0;
716 if(num > 9999 || min_digits == 5) {
717 *temp++ = hex_numbers_single_digit[num/10000];
719 no_leading_zeros = 1;
722 if(no_leading_zeros || num > 999 || min_digits == 4) {
723 *temp++ = hex_numbers_single_digit[num/1000];
725 no_leading_zeros = 1;
728 if(no_leading_zeros || num > 99 || min_digits == 3) {
729 *temp++ = hex_numbers_single_digit[num/100];
731 no_leading_zeros = 1;
734 if(no_leading_zeros || num > 9 || min_digits == 2) {
735 *temp++ = hex_numbers_single_digit[num/10];
739 *temp++ = hex_numbers_single_digit[num];
744 inline static int u16_to_ascii_decimal_unaligned(
745 unsigned char *ptr, u16 num)
748 * return u16_to_ascii_decimal_aligned(ptr, num, 0);
749 * should do the job.. however, to opimize the run time
750 * the code of u16_to_ascii_decimal_aligned is being
751 * repeated here without the use of min_digits
752 * if you fix a bug here, please check
753 * u16_to_ascii_decimal_aligned as well (and vice versa)
755 unsigned char *temp = ptr;
756 int no_leading_zeros = 0;
759 *temp++ = hex_numbers_single_digit[num/10000];
761 no_leading_zeros = 1;
764 if(no_leading_zeros || num > 999) {
765 *temp++ = hex_numbers_single_digit[num/1000];
767 no_leading_zeros = 1;
770 if(no_leading_zeros || num > 99) {
771 *temp++ = hex_numbers_single_digit[num/100];
773 no_leading_zeros = 1;
776 if(no_leading_zeros || num > 9) {
777 *temp++ = hex_numbers_single_digit[num/10];
781 *temp++ = hex_numbers_single_digit[num];
786 static int syslog_get_timestamp(unsigned char *ts)
788 static const char *months[] = {"Jan ", "Feb ", "Mar ", "Apr ", "May ",
789 "Jun ", "Jul ", "Aug ", "Sep ", "Oct ", "Nov ", "Dec " };
791 unsigned char *temp = ts;
792 /* Inserts time stamp in the syslog format and returns lenght
793 * assumes that ts has sufficient space
795 /* China Telecom has demanded that the time stamp has to be
796 * in the format '2011 Jun 7 12:34:08'
798 time_t time = (time_t)cnat_get_unix_time_in_seconds();
801 gmtime_r(&time, &tm1);
802 /* Now put the pieces together */
804 ts += u16_to_ascii_decimal_unaligned(ts, (tm1.tm_year + 1900));
805 *ts++ = SYSLOG_DELIMITER;
807 memcpy(ts, months[tm1.tm_mon], 4);
808 ts += 4; /* DELIMITER taken care */
810 ts += u16_to_ascii_decimal_unaligned(ts, tm1.tm_mday);
811 *ts++ = SYSLOG_DELIMITER;
813 ts += u16_to_ascii_decimal_aligned(ts, tm1.tm_hour, 2);
816 ts += u16_to_ascii_decimal_aligned(ts, tm1.tm_min, 2);
819 ts += u16_to_ascii_decimal_aligned(ts, tm1.tm_sec, 2);
823 /* Ensure that the order of the below array matches with
824 * syslog_service_type enum
826 static char *syslog_service_string[] = { "NAT44", "DSLITE" };
828 /* Ensure that the order of below array matches with
829 * syslog_event_type_t enum
834 } syslog_event_description_type;
836 const static syslog_event_description_type sys_log_event[] = {
837 { "UserbasedA", 10 }, /* yes, 10 is strlen of "UserbasedA" */
838 { "UserbasedW", 10 },
839 { "SessionbasedA", 13 },
840 { "SessionbasedW", 13 },
841 { "SessionbasedAD", 14 },
842 { "SessionbasedWD", 14 },
843 { "Portblockrunout", 15 },
844 { "TCPseqmismatch", 14},
848 inline static int syslog_fill_header(const cnat_syslog_logging_info_t *log_info,
849 syslog_service_type_t s_type)
851 /* Forms the syslog header and returns the lenght
852 * Assumes that header has sufficient space
855 /* Sample header (as agreed for China Telecom requirements --
856 * <134> 1 2011 May 31 10:30:45 192.168.2.3 - - NAT44 -
859 unsigned char *temp, *header;
861 temp = header = (unsigned char *)
862 &(log_info->current_logging_context->packet_data[CNAT_NFV9_HDR_OFFSET]);
864 temp += byte_to_ascii_decimal_unaligned(temp,
865 log_info->header_priority);
867 *temp++ = SYSLOG_DELIMITER;
868 *temp++ = '1'; /* Syslog version -- always set to 1 */
869 *temp++ = SYSLOG_DELIMITER;
870 temp += syslog_get_timestamp(temp);
871 *temp++ = SYSLOG_DELIMITER;
872 count = strlen(log_info->header_hostname);
873 memcpy(temp, log_info->header_hostname, count);
875 *temp++ = SYSLOG_DELIMITER;
876 *temp++ = SYSLOG_FIELD_ABSENT; /* App name - nil value */
877 *temp++ = SYSLOG_DELIMITER;
878 *temp++ = SYSLOG_FIELD_ABSENT; /* Proc ID - nil value for now */
879 *temp++ = SYSLOG_DELIMITER;
881 count = strlen(syslog_service_string[s_type]);
882 memcpy(temp, syslog_service_string[s_type], count);
884 *temp++ = SYSLOG_DELIMITER;
885 *temp++ = SYSLOG_FIELD_ABSENT; /* No structured elements */
886 *temp++ = SYSLOG_DELIMITER;
887 #ifdef SHOW_SYSLOG_TIMESTAMP
888 printf("\nSysLog TS: %s : Length %d", header, temp - header);
889 #endif /* SHOW_SYSLOG_TIMESTAMP */
893 extern void cnat_logging_init();
895 /* one time call at the beginning */
896 void cnat_syslog_logging_init()
898 if(PREDICT_TRUE(cnat_syslog_global_info.cnat_syslog_init_done))
899 return; /* Already done */
902 cnat_syslog_global_info.cnat_syslog_disp_node_index =
903 spp_lookup_node_index(PLATFORM_SYSLOG_DISP_NODE_IDX);
904 ASSERT(cnat_syslog_global_info.cnat_syslog_disp_node_index != (u16)~0);
906 cnat_syslog_global_info.cnat_syslog_init_done = 1;
910 * edt: * * cnat_syslog_create_logging_context
912 * Tries to create a logging context with packet buffer
913 * to send a new logging packet
915 * Argument: cnat_syslog_logging_info_t *logging_info
916 * structure that contains the logging info and will store
917 * the packet context as well.
920 void cnat_syslog_create_logging_context (
921 cnat_syslog_logging_info_t *logging_info,
922 syslog_service_type_t s_type)
927 * If queued_logging_context_index is non-EMPTY, we already have a logging
928 * packet queued to be sent. First try sending this before allocating
929 * a new context. We can have only one active packet context per
930 * logging_info structure
933 if (PREDICT_FALSE(logging_info->queued_logging_context != NULL)) {
934 cnat_syslog_send_queued_pkt(logging_info);
936 * If we cannot still send the queued pkt, just return
937 * Downstream Constipation count would have increased anyway
939 if (logging_info->queued_logging_context != NULL) {
940 cnat_syslog_global_counter.logging_context_creation_deferred_count++;
946 * If no context can be allocated, return silently
947 * calling routine will handle updating the error counters
949 if (spp_ctx_alloc(&ctx, 1) < 1) {
950 cnat_syslog_global_counter.logging_context_creation_fail_count++;
951 SYSLOG_DEBUG_PRINTF1("\nCould not allocate ctx for syslog");
955 // Allocate packet buffer (used for AVSM currently)
956 PLATFORM_ALLOC_NFV9_PKT_BUFFER(ctx, 0);
958 logging_info->current_logging_context = ctx;
960 PLATFORM_SET_CTX_RU_TX_FROM_NODE(ctx, NODE_LOGGING);
962 ctx->flags = SPP_CTX_END_OF_PACKET;
963 ctx->next_ctx_this_packet = (spp_ctx_t*) SPP_CTX_NO_NEXT_CTX;
964 ctx->current_header = &ctx->packet_data[CNAT_NFV9_HDR_OFFSET];
966 logging_info->pkt_length = syslog_fill_header(logging_info, s_type);
967 logging_info->pkt_length += (CNAT_NFV9_HDR_OFFSET -
968 CNAT_NFV9_IP_HDR_OFFSET);
969 logging_info->current_logging_context_timestamp =
970 cnat_get_sys_up_time_in_ms();
974 inline static int u16_to_ascii_hex_unaligned(
975 unsigned char *ptr, u16 num)
977 unsigned char nibble, *temp;
978 int no_leading_zeros = 0;
980 nibble = (num >> 12);
982 *temp++ = hex_numbers_single_digit[nibble];
983 no_leading_zeros = 1;
986 nibble = (num >> 8) & 0xF;
987 if(nibble || no_leading_zeros) {
988 *temp++ = hex_numbers_single_digit[nibble];
989 no_leading_zeros = 1;
992 nibble = (num >> 4) & 0xF;
993 if(nibble || no_leading_zeros) {
994 *temp++ = hex_numbers_single_digit[nibble];
997 *temp++ = hex_numbers_single_digit[num & 0xF];
1002 inline static int ipv6_int_2_str(u32 ipv6[], unsigned char *ipv6_str)
1004 /* DC stands for Double Colon.
1005 * Refer http://tools.ietf.org/html/rfc5952 for
1006 * more details on text representations of
1009 #define DC_NOT_USED_YET 0
1010 #define DC_IN_USE 1 /* Zeros are skipped */
1011 #define DC_ALREADY_USED 2 /* Cannot skip zeros anymore */
1013 u16 *ipv6_temp = (u16 *)ipv6;
1014 unsigned char *temp = ipv6_str;
1015 int double_colon = DC_NOT_USED_YET;
1016 for(i = 0; i < 7; i++) {
1018 ipv6_str += u16_to_ascii_hex_unaligned(ipv6_str, ipv6_temp[i]);
1020 if(double_colon == DC_IN_USE) { /* Cannot use DC anymore */
1021 double_colon = DC_ALREADY_USED;
1024 if(double_colon == DC_IN_USE) {
1025 /* Skip this zero as well */
1027 } else if((ipv6_temp[i+1])
1028 /* DC makes sense if there is more than one contiguous zero */
1029 || (double_colon != DC_NOT_USED_YET)) {
1030 ipv6_str += u16_to_ascii_hex_unaligned(ipv6_str,
1033 } else { /* Start using DC */
1034 *ipv6_str++ = ':'; /* The 2nd colon */
1035 double_colon = DC_IN_USE;
1040 ipv6_str += u16_to_ascii_hex_unaligned(ipv6_str, ipv6_temp[7]);
1041 } else if(double_colon != DC_IN_USE) {
1046 return ipv6_str - temp;
1049 /* insert syslog record for nat44 */
1051 void cnat_syslog_insert_nat44_record(
1052 cnat_syslog_logging_info_t *log_info,
1053 cnat_main_db_entry_t *db, cnat_vrfmap_t *vrfmap,
1054 cnat_session_entry_t *sdb, int bulk_alloc, syslog_event_type_t e_type)
1056 /* This record should like this -
1057 * [EventName <L4> <Original Source IP> <Inside VRF Name>
1058 * <Original Source IPv6> < Translated Source IP> <Original Port>
1059 * <Translated First Source Port> <Translated Last Source Port>
1060 * <Destination ip address> <destination port>]
1062 u32 original_source = db->in2out_key.k.ipv4;
1063 u32 translated_ip = db->out2in_key.k.ipv4;
1064 cnat_user_db_entry_t *udb = cnat_user_db + db->user_index;
1065 unsigned char *temp, *record;
1066 u32 network_order_ipv6[4];
1068 SYSLOG_CONFIG_DEBUG_PRINTF(4,"In Function %s\n", __func__);
1069 temp = record = &(log_info->current_logging_context->packet_data[
1070 CNAT_NFV9_IP_HDR_OFFSET + log_info->pkt_length]);
1072 if (PREDICT_FALSE(!udb)) {
1073 SYSLOG_DEBUG_PRINTF1("\nnull udb!");
1077 /* Now we point to the location where record needs to be inserted */
1078 *record++ = '['; /* Open the record */
1080 /* Copy the record type */
1081 memcpy(record, sys_log_event[e_type].event_name,
1082 sys_log_event[e_type].name_length);
1083 record += sys_log_event[e_type].name_length;
1084 *record++ = SYSLOG_DELIMITER;
1086 /* Copy the Protocol type */
1088 e_type == sessionbased_assign || e_type == sessionbased_withdraw ||
1089 e_type == sessionbased_assignD || e_type == sessionbased_withdrawD)) {
1091 my_proto_mask = db->in2out_key.k.vrf & CNAT_PRO_MASK;
1092 if(PREDICT_TRUE(my_proto_mask == CNAT_TCP)) {
1094 } else if(PREDICT_TRUE(my_proto_mask == CNAT_UDP)) {
1097 } else if(PREDICT_TRUE(my_proto_mask == CNAT_ICMP)) {
1099 } else { /* Default, assume GRE (for PPTP) */
1104 *record++ = SYSLOG_FIELD_ABSENT;
1106 *record++ = SYSLOG_DELIMITER;
1108 /* Copy the Original Source IP */
1109 record += copy_ipv4_addr(record, original_source);
1110 *record++ = SYSLOG_DELIMITER;
1112 /* copy configured VRF NAME */
1113 memcpy(record, log_info->vrf_name, log_info->vrf_name_len);
1114 record += log_info->vrf_name_len;
1115 *record++ = SYSLOG_DELIMITER;
1117 /* No IPV6 source address for nat44 */
1118 *record++ = SYSLOG_FIELD_ABSENT;
1119 *record++ = SYSLOG_DELIMITER;
1121 /* Copy the translated IP address */
1122 record += copy_ipv4_addr(record, translated_ip);
1123 *record++ = SYSLOG_DELIMITER;
1125 /* Copy the Original port */
1126 if(e_type == sessionbased_assign || e_type == sessionbased_withdraw ||
1127 e_type == sessionbased_assignD || e_type == sessionbased_withdrawD) {
1128 record += u16_to_ascii_decimal_unaligned(
1129 record, db->in2out_key.k.port);
1131 *record++ = SYSLOG_FIELD_ABSENT;
1133 *record++ = SYSLOG_DELIMITER;
1135 /* Copy the start outside port */
1136 record += u16_to_ascii_decimal_unaligned(record, bulk_alloc);
1137 *record++ = SYSLOG_DELIMITER;
1139 /* Copy the last outside port */
1140 if(e_type == userbased_assign || e_type == userbased_withdraw) {
1141 record += u16_to_ascii_decimal_unaligned(record,
1142 (bulk_alloc + BULKSIZE_FROM_VRFMAP(vrfmap) - 1));
1144 *record++ = SYSLOG_FIELD_ABSENT;
1146 *record++ = SYSLOG_DELIMITER;
1148 /* Copy destination ip and port in case for DBL*/
1149 if(PREDICT_FALSE(e_type == sessionbased_assignD || e_type == sessionbased_withdrawD)) {
1150 if(PREDICT_TRUE(sdb == NULL)) {
1151 record += copy_ipv4_addr(record,db->dst_ipv4);
1152 *record++ = SYSLOG_DELIMITER;
1153 record += u16_to_ascii_decimal_unaligned(record, db->dst_port);
1155 record += copy_ipv4_addr(record, sdb->v4_dest_key.k.ipv4);
1156 *record++ = SYSLOG_DELIMITER;
1157 record += u16_to_ascii_decimal_unaligned(record, sdb->v4_dest_key.k.port);
1161 *record++ = SYSLOG_DELIMITER;
1164 *record++ = SYSLOG_DELIMITER;
1166 *record++ = ']'; /* End of the reocrd */
1168 log_info->pkt_length += record - temp;
1171 void cnat_syslog_insert_record(
1172 cnat_syslog_logging_info_t *log_info,
1173 cnat_main_db_entry_t *db, dslite_table_entry_t *dslite_entry,
1174 cnat_session_entry_t *sdb, int bulk_alloc, syslog_event_type_t e_type)
1176 /* This record should like this -
1177 * [EventName <L4> <Original Source IP> <Inside VRF Name>
1178 * <Original Source IPv6> < Translated Source IP> <Original Port>
1179 * <Translated First Source Port> <Translated Last Source Port>
1180 * <Destination ip address> <destination port>]
1182 u32 original_source = db->in2out_key.k.ipv4;
1183 u32 translated_ip = db->out2in_key.k.ipv4;
1184 cnat_user_db_entry_t *udb = cnat_user_db + db->user_index;
1185 unsigned char *temp, *record;
1186 u32 network_order_ipv6[4];
1188 temp = record = &(log_info->current_logging_context->packet_data[
1189 CNAT_NFV9_IP_HDR_OFFSET + log_info->pkt_length]);
1191 if (PREDICT_FALSE(!udb)) {
1192 SYSLOG_DEBUG_PRINTF1("\nnull udb!");
1196 /* Now we point to the location where record needs to be inserted */
1197 *record++ = '['; /* Open the record */
1199 /* Copy the record type */
1200 memcpy(record, sys_log_event[e_type].event_name,
1201 sys_log_event[e_type].name_length);
1202 record += sys_log_event[e_type].name_length;
1203 *record++ = SYSLOG_DELIMITER;
1205 /* Copy the Protocol type */
1207 e_type == sessionbased_assign || e_type == sessionbased_withdraw ||
1208 e_type == sessionbased_assignD || e_type == sessionbased_withdrawD)) {
1210 my_proto_mask = db->in2out_key.k.vrf & CNAT_PRO_MASK;
1211 if(PREDICT_TRUE(my_proto_mask == CNAT_TCP)) {
1213 } else if(PREDICT_TRUE(my_proto_mask == CNAT_UDP)) {
1220 *record++ = SYSLOG_FIELD_ABSENT;
1223 *record++ = SYSLOG_DELIMITER;
1225 /* Copy the Original Source IP */
1226 #ifdef DSLITE_USER_IPV4
1227 record += copy_ipv4_addr(record, original_source);
1230 * Do not include inside ipv4 address for B4 element level port limiting
1232 *record++ = SYSLOG_FIELD_ABSENT;
1234 *record++ = SYSLOG_DELIMITER;
1236 /* copy configured VRF NAME */
1237 memcpy(record, log_info->vrf_name, log_info->vrf_name_len);
1238 record += log_info->vrf_name_len;
1239 *record++ = SYSLOG_DELIMITER;
1241 /* Copy the IPV6 source address */
1242 /* CSCtt16960 Fix. */
1243 network_order_ipv6[0] = htonl(udb->ipv6[0]);
1244 network_order_ipv6[1] = htonl(udb->ipv6[1]);
1245 network_order_ipv6[2] = htonl(udb->ipv6[2]);
1246 network_order_ipv6[3] = htonl(udb->ipv6[3]);
1248 inet_ntop(AF_INET6,network_order_ipv6,record,INET6_ADDRSTRLEN);
1249 record += strlen(record);
1250 *record++ = SYSLOG_DELIMITER;
1252 /* Copy the translated IP address */
1253 record += copy_ipv4_addr(record, translated_ip);
1254 *record++ = SYSLOG_DELIMITER;
1256 /* Copy the Original port */
1257 if(e_type == sessionbased_assign || e_type == sessionbased_withdraw ||
1258 e_type == sessionbased_assignD || e_type == sessionbased_withdrawD) {
1259 record += u16_to_ascii_decimal_unaligned(
1260 record, db->in2out_key.k.port);
1262 *record++ = SYSLOG_FIELD_ABSENT;
1264 *record++ = SYSLOG_DELIMITER;
1266 /* Copy the start outside port */
1267 record += u16_to_ascii_decimal_unaligned(record, bulk_alloc);
1268 *record++ = SYSLOG_DELIMITER;
1270 /* Copy the last outside port */
1271 if(e_type == userbased_assign || e_type == userbased_withdraw) {
1272 record += u16_to_ascii_decimal_unaligned(record,
1273 (bulk_alloc + BULKSIZE_FROM_VRFMAP(dslite_entry) - 1));
1275 *record++ = SYSLOG_FIELD_ABSENT;
1277 *record++ = SYSLOG_DELIMITER;
1279 if(PREDICT_FALSE(e_type == sessionbased_assignD || e_type == sessionbased_withdrawD)) {
1281 record += copy_ipv4_addr(record, db->dst_ipv4);
1282 *record++ = SYSLOG_DELIMITER;
1283 record += u16_to_ascii_decimal_unaligned(record, db->dst_port);
1285 record += copy_ipv4_addr(record, sdb->v4_dest_key.k.ipv4);
1286 *record++ = SYSLOG_DELIMITER;
1287 record += u16_to_ascii_decimal_unaligned(record, sdb->v4_dest_key.k.port);
1291 *record++ = SYSLOG_DELIMITER;
1294 *record++ = SYSLOG_DELIMITER;
1296 *record++ = ']'; /* End of the reocrd */
1298 log_info->pkt_length += record - temp;
1301 #define SYSLOG_PRECHECK(entry, s_type) \
1302 if(PREDICT_FALSE((entry)->syslog_logging_index == EMPTY)) { \
1303 SYSLOG_DEBUG_PRINTF1("\n1. Log Mapping failed") \
1307 cnat_syslog_logging_info_pool + (entry)->syslog_logging_index; \
1308 if(PREDICT_FALSE(logging_info->current_logging_context == NULL)) { \
1309 cnat_syslog_create_logging_context(logging_info, s_type); \
1310 if(PREDICT_FALSE(logging_info->current_logging_context == NULL)) { \
1311 SYSLOG_DEBUG_PRINTF1("\n2. Log Mapping failed") \
1316 void cnat_syslog_nat44_mapping_create(cnat_main_db_entry_t *db,
1317 cnat_vrfmap_t *vrfmap, cnat_session_entry_t * sdb
1318 #ifndef NO_BULK_LOGGING
1323 cnat_syslog_logging_info_t *logging_info = 0;
1324 syslog_event_type_t e_type;
1327 SYSLOG_CONFIG_DEBUG_PRINTF(4,"In Function %s\n", __func__);
1328 SYSLOG_PRECHECK(vrfmap, NAT44)
1330 #ifndef NO_BULK_LOGGING
1331 if(bulk_alloc > 0) { /* new bulk alloc - use bulk add template */
1332 e_type = userbased_assign;
1333 start_port = bulk_alloc;
1334 } else if(bulk_alloc == CACHE_ALLOC_NO_LOG_REQUIRED) {
1335 return; /* No logging required.. bulk port usage */
1337 else { /* Individual logging .. fall back to old method */
1339 if(vrfmap->syslog_logging_policy == SESSION_LOG_ENABLE) {
1340 e_type = sessionbased_assignD;
1342 e_type = sessionbased_assign;
1344 start_port = db->out2in_key.k.port;
1345 #ifndef NO_BULK_LOGGING
1349 cnat_syslog_insert_nat44_record(logging_info, db, vrfmap, sdb,
1350 start_port, e_type);
1353 * If we have exceeded the packet length, let us send the
1354 * packet now. There is buffer of additional bytes beyond
1355 * max_pkt_length to ensure that the last add/delete record
1356 * can be stored safely.
1359 if (PREDICT_FALSE(logging_info->pkt_length >
1360 logging_info->max_length_minus_max_record_size)) {
1361 cnat_syslog_send_pkt(logging_info);
1365 void cnat_syslog_ds_lite_mapping_create(cnat_main_db_entry_t *db,
1366 dslite_table_entry_t *dslite_entry, cnat_session_entry_t *sdb
1367 #ifndef NO_BULK_LOGGING
1372 cnat_syslog_logging_info_t *logging_info = 0;
1373 syslog_event_type_t e_type;
1376 SYSLOG_PRECHECK(dslite_entry, DSLite)
1378 #ifndef NO_BULK_LOGGING
1379 if(bulk_alloc > 0) { /* new bulk alloc - use bulk add template */
1380 e_type = userbased_assign;
1381 start_port = bulk_alloc;
1382 } else if(bulk_alloc == CACHE_ALLOC_NO_LOG_REQUIRED) {
1383 return; /* No logging required.. bulk port usage */
1385 else { /* Individual logging .. fall back to old method */
1387 if(PREDICT_FALSE(dslite_entry->syslog_logging_policy == SESSION_LOG_ENABLE)) {
1388 e_type = sessionbased_assignD;
1390 e_type = sessionbased_assign;
1392 start_port = db->out2in_key.k.port;
1393 #ifndef NO_BULK_LOGGING
1397 cnat_syslog_insert_record(logging_info, db, dslite_entry, sdb,
1398 start_port, e_type);
1401 * If we have exceeded the packet length, let us send the
1402 * packet now. There is buffer of additional bytes beyond
1403 * max_pkt_length to ensure that the last add/delete record
1404 * can be stored safely.
1407 if (PREDICT_FALSE(logging_info->pkt_length >
1408 logging_info->max_length_minus_max_record_size)) {
1409 cnat_syslog_send_pkt(logging_info);
1413 void cnat_syslog_nat44_mapping_delete(cnat_main_db_entry_t *db,
1414 cnat_vrfmap_t *vrfmap, cnat_session_entry_t *sdb
1415 #ifndef NO_BULK_LOGGING
1420 cnat_syslog_logging_info_t *logging_info = 0;
1421 syslog_event_type_t e_type;
1424 SYSLOG_CONFIG_DEBUG_PRINTF(4,"In Function %s\n", __func__);
1425 SYSLOG_PRECHECK(vrfmap, NAT44)
1427 #ifndef NO_BULK_LOGGING
1428 if(bulk_alloc > 0) { /* new bulk alloc - use bulk add template */
1429 e_type = userbased_withdraw;
1430 start_port = bulk_alloc;
1431 } else if(bulk_alloc == CACHE_ALLOC_NO_LOG_REQUIRED) {
1432 return; /* No logging required.. bulk port usage */
1434 else { /* Individual logging .. fall back to old method */
1436 if(vrfmap->syslog_logging_policy == SESSION_LOG_ENABLE) {
1437 e_type = sessionbased_withdrawD;
1439 e_type = sessionbased_withdraw;
1441 start_port = db->out2in_key.k.port;
1442 #ifndef NO_BULK_LOGGING
1445 cnat_syslog_insert_nat44_record(logging_info, db, vrfmap, sdb,
1446 start_port, e_type);
1448 * If we have exceeded the packet length, let us send the
1449 * packet now. There is buffer of additional bytes beyond
1450 * max_pkt_length to ensure that the last add/delete record
1451 * can be stored safely.
1453 if (PREDICT_FALSE(logging_info->pkt_length >
1454 logging_info->max_length_minus_max_record_size)) {
1455 cnat_syslog_send_pkt(logging_info);
1459 void cnat_syslog_ds_lite_mapping_delete(cnat_main_db_entry_t *db,
1460 dslite_table_entry_t *dslite_entry, cnat_session_entry_t *sdb
1461 #ifndef NO_BULK_LOGGING
1466 cnat_syslog_logging_info_t *logging_info = 0;
1467 syslog_event_type_t e_type;
1470 SYSLOG_PRECHECK(dslite_entry, DSLite)
1472 #ifndef NO_BULK_LOGGING
1473 if(bulk_alloc > 0) { /* new bulk alloc - use bulk add template */
1474 e_type = userbased_withdraw;
1475 start_port = bulk_alloc;
1476 } else if(bulk_alloc == CACHE_ALLOC_NO_LOG_REQUIRED) {
1477 return; /* No logging required.. bulk port usage */
1479 else { /* Individual logging .. fall back to old method */
1481 if(PREDICT_FALSE(dslite_entry->syslog_logging_policy == SESSION_LOG_ENABLE)) {
1482 e_type = sessionbased_withdrawD;
1484 e_type = sessionbased_withdraw;
1486 start_port = db->out2in_key.k.port;
1487 #ifndef NO_BULK_LOGGING
1490 cnat_syslog_insert_record(logging_info, db, dslite_entry, sdb,
1491 start_port, e_type);
1494 * If we have exceeded the packet length, let us send the
1495 * packet now. There is buffer of additional bytes beyond
1496 * max_pkt_length to ensure that the last add/delete record
1497 * can be stored safely.
1500 if (PREDICT_FALSE(logging_info->pkt_length >
1501 logging_info->max_length_minus_max_record_size)) {
1502 cnat_syslog_send_pkt(logging_info);
1506 void cnat_syslog_dslite_insert_port_exceeded(
1507 cnat_syslog_logging_info_t *log_info,
1510 /* This record should like this -
1511 * [Portblockrunout <L4> <Original Source IP> <Inside VRF Name>
1512 * <Original Source IPv6> - <Original Port> - - - -]
1514 u32 network_order_ipv6[4];
1515 unsigned char *temp, *record;
1517 temp = record = &(log_info->current_logging_context->packet_data[
1518 CNAT_NFV9_IP_HDR_OFFSET + log_info->pkt_length]);
1520 /* Now we point to the location where record needs to be inserted */
1521 *record++ = '['; /* Open the record */
1523 /* Copy the record type */
1524 memcpy(record, sys_log_event[port_block_runout].event_name,
1525 sys_log_event[port_block_runout].name_length);
1526 record += sys_log_event[port_block_runout].name_length;
1527 *record++ = SYSLOG_DELIMITER;
1530 my_proto_mask = key->ipv4_key.k.vrf & CNAT_PRO_MASK;
1531 if(PREDICT_TRUE(my_proto_mask == CNAT_TCP)) {
1533 } else if(PREDICT_TRUE(my_proto_mask == CNAT_UDP)) {
1539 *record++ = SYSLOG_DELIMITER;
1541 /* Copy the Original Source IP */
1542 record += copy_ipv4_addr(record, key->ipv4_key.k.ipv4);
1543 *record++ = SYSLOG_DELIMITER;
1545 /* copy configured VRF NAME */
1546 memcpy(record, log_info->vrf_name, log_info->vrf_name_len);
1547 record += log_info->vrf_name_len;
1548 *record++ = SYSLOG_DELIMITER;
1550 /* Copy the IPV6 source address */
1551 network_order_ipv6[0] = htonl(key->ipv6[0]);
1552 network_order_ipv6[1] = htonl(key->ipv6[1]);
1553 network_order_ipv6[2] = htonl(key->ipv6[2]);
1554 network_order_ipv6[3] = htonl(key->ipv6[3]);
1556 inet_ntop(AF_INET6,network_order_ipv6,record,INET6_ADDRSTRLEN);
1557 record += strlen(record);
1558 *record++ = SYSLOG_DELIMITER;
1560 *record++ = SYSLOG_FIELD_ABSENT; /* No translated source ip */
1561 *record++ = SYSLOG_DELIMITER;
1563 record += u16_to_ascii_decimal_unaligned(
1564 record, key->ipv4_key.k.port);
1565 *record++ = SYSLOG_DELIMITER;
1567 *record++ = SYSLOG_FIELD_ABSENT; /* No translated start port */
1568 *record++ = SYSLOG_DELIMITER;
1570 *record++ = SYSLOG_FIELD_ABSENT; /* No translated end port */
1571 *record++ = SYSLOG_DELIMITER;
1573 /*No Destination Info*/
1575 *record++ = SYSLOG_DELIMITER;
1577 *record++ = SYSLOG_DELIMITER;
1579 *record++ = ']'; /* End of the reocrd */
1581 log_info->pkt_length += record - temp;
1584 void cnat_syslog_ds_lite_port_limit_exceeded(
1586 dslite_table_entry_t *dslite_entry)
1588 cnat_syslog_logging_info_t *logging_info = 0;
1590 SYSLOG_PRECHECK(dslite_entry, DSLite)
1592 cnat_syslog_dslite_insert_port_exceeded(logging_info, key);
1595 * If we have exceeded the packet length, let us send the
1596 * packet now. There is buffer of additional bytes beyond
1597 * max_pkt_length to ensure that the last add/delete record
1598 * can be stored safely.
1601 if (PREDICT_FALSE(logging_info->pkt_length >
1602 logging_info->max_length_minus_max_record_size)) {
1603 cnat_syslog_send_pkt(logging_info);
1607 void cnat_syslog_nat44_insert_port_exceeded(
1608 cnat_syslog_logging_info_t *log_info,
1611 /* This record should like this -
1612 * [Portblockrunout <L4> <Original Source IP> <Inside VRF Name>
1613 * - - <Original Port> - - - -]
1615 unsigned char *temp, *record;
1617 temp = record = &(log_info->current_logging_context->packet_data[
1618 CNAT_NFV9_IP_HDR_OFFSET + log_info->pkt_length]);
1620 /* Now we point to the location where record needs to be inserted */
1621 *record++ = '['; /* Open the record */
1623 /* Copy the record type */
1624 memcpy(record, sys_log_event[port_block_runout].event_name,
1625 sys_log_event[port_block_runout].name_length);
1626 record += sys_log_event[port_block_runout].name_length;
1627 *record++ = SYSLOG_DELIMITER;
1630 my_proto_mask = key->k.vrf & CNAT_PRO_MASK;
1631 if(PREDICT_TRUE(my_proto_mask == CNAT_TCP)) {
1633 } else if(PREDICT_TRUE(my_proto_mask == CNAT_UDP)) {
1639 *record++ = SYSLOG_DELIMITER;
1641 /* Copy the Original Source IP */
1642 record += copy_ipv4_addr(record, key->k.ipv4);
1643 *record++ = SYSLOG_DELIMITER;
1645 /* copy configured VRF NAME */
1646 memcpy(record, log_info->vrf_name, log_info->vrf_name_len);
1647 record += log_info->vrf_name_len;
1648 *record++ = SYSLOG_DELIMITER;
1650 /* No IPV6 source address for nat44 */
1652 *record++ = SYSLOG_DELIMITER;
1654 *record++ = '-'; /* No translated source ip */
1655 *record++ = SYSLOG_DELIMITER;
1657 record += u16_to_ascii_decimal_unaligned(
1658 record, key->k.port);
1659 *record++ = SYSLOG_DELIMITER;
1661 *record++ = '-'; /* No translated start port */
1662 *record++ = SYSLOG_DELIMITER;
1664 *record++ = '-'; /* No translated end port */
1665 *record++ = SYSLOG_DELIMITER;
1667 /*No Destination Info*/
1669 *record++ = SYSLOG_DELIMITER;
1671 *record++ = SYSLOG_DELIMITER;
1673 *record++ = ']'; /* End of the reocrd */
1675 log_info->pkt_length += record - temp;
1678 void cnat_syslog_nat44_port_limit_exceeded(
1680 cnat_vrfmap_t *vrfmap)
1682 cnat_syslog_logging_info_t *logging_info = 0;
1684 SYSLOG_PRECHECK(vrfmap, NAT44)
1686 cnat_syslog_nat44_insert_port_exceeded(logging_info, key);
1689 * If we have exceeded the packet length, let us send the
1690 * packet now. There is buffer of additional bytes beyond
1691 * max_pkt_length to ensure that the last add/delete record
1692 * can be stored safely.
1695 if (PREDICT_FALSE(logging_info->pkt_length >
1696 logging_info->max_length_minus_max_record_size)) {
1697 cnat_syslog_send_pkt(logging_info);
1701 void cnat_syslog_nat44_insert_tcp_seq_mismatch(
1702 cnat_syslog_logging_info_t *log_info,
1703 cnat_main_db_entry_t *db)
1705 /* This record should like this -
1706 * [TCPseqmismatch <L4> <Original Source IP> <Inside VRF Name>
1707 * - <Translated Source IP> <Original Port> <Translated Source Port> - - -]
1709 unsigned char *temp, *record;
1711 temp = record = &(log_info->current_logging_context->packet_data[
1712 CNAT_NFV9_IP_HDR_OFFSET + log_info->pkt_length]);
1714 /* Now we point to the location where record needs to be inserted */
1715 *record++ = '['; /* Open the record */
1717 /* Copy the record type */
1718 memcpy(record, sys_log_event[tcp_seq_mismatch].event_name,
1719 sys_log_event[tcp_seq_mismatch].name_length);
1720 record += sys_log_event[tcp_seq_mismatch].name_length;
1721 *record++ = SYSLOG_DELIMITER;
1723 /* Next field is TCP */
1725 *record++ = SYSLOG_DELIMITER;
1727 /* Copy the Original Source IP */
1728 record += copy_ipv4_addr(record, db->in2out_key.k.ipv4);
1729 *record++ = SYSLOG_DELIMITER;
1731 /* copy configured VRF NAME */
1732 memcpy(record, log_info->vrf_name, log_info->vrf_name_len);
1733 record += log_info->vrf_name_len;
1734 *record++ = SYSLOG_DELIMITER;
1736 /* No IPV6 source address for nat44 */
1738 *record++ = SYSLOG_DELIMITER;
1740 record += copy_ipv4_addr(record, db->out2in_key.k.ipv4);
1741 *record++ = SYSLOG_DELIMITER;
1743 record += u16_to_ascii_decimal_unaligned(
1744 record, db->in2out_key.k.port);
1745 *record++ = SYSLOG_DELIMITER;
1747 record += u16_to_ascii_decimal_unaligned(
1748 record, db->out2in_key.k.port);
1749 *record++ = SYSLOG_DELIMITER;
1751 *record++ = '-'; /* No translated end port */
1752 *record++ = SYSLOG_DELIMITER;
1754 /*No Destination Info*/
1756 *record++ = SYSLOG_DELIMITER;
1758 *record++ = SYSLOG_DELIMITER;
1760 *record++ = ']'; /* End of the reocrd */
1762 log_info->pkt_length += record - temp;
1765 void cnat_syslog_nat44_tcp_seq_mismatch(
1766 cnat_main_db_entry_t *db,
1767 cnat_vrfmap_t *vrfmap)
1769 cnat_syslog_logging_info_t *logging_info = 0;
1771 SYSLOG_PRECHECK(vrfmap, NAT44)
1773 cnat_syslog_nat44_insert_tcp_seq_mismatch(logging_info, db);
1776 * If we have exceeded the packet length, let us send the
1777 * packet now. There is buffer of additional bytes beyond
1778 * max_pkt_length to ensure that the last add/delete record
1779 * can be stored safely.
1782 if (PREDICT_FALSE(logging_info->pkt_length >
1783 logging_info->max_length_minus_max_record_size)) {
1784 cnat_syslog_send_pkt(logging_info);