u8 nat_event;
u32 src_ip;
u32 nat_src_ip;
- nat_protocol_t nat_proto;
+ ip_protocol_t proto;
u16 src_port;
u16 nat_src_port;
u32 vrf_id;
* @returns template packet
*/
static inline u8 *
-nat_template_rewrite (flow_report_main_t * frm,
- flow_report_t * fr,
- ip4_address_t * collector_address,
- ip4_address_t * src_address,
- u16 collector_port,
- nat_event_t event, quota_exceed_event_t quota_event)
+nat_template_rewrite (ipfix_exporter_t *exp, flow_report_t *fr,
+ u16 collector_port, nat_event_t event,
+ quota_exceed_event_t quota_event)
{
nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
ip4_header_t *ip;
flow_report_stream_t *stream;
u32 stream_index;
- stream = &frm->streams[fr->stream_index];
+ stream = &exp->streams[fr->stream_index];
stream_index = clib_atomic_fetch_or(&silm->stream_index, 0);
clib_atomic_cmp_and_swap (&silm->stream_index,
ip->ip_version_and_header_length = 0x45;
ip->ttl = 254;
ip->protocol = IP_PROTOCOL_UDP;
- ip->src_address.as_u32 = src_address->as_u32;
- ip->dst_address.as_u32 = collector_address->as_u32;
+ ip->src_address.as_u32 = exp->src_address.ip.ip4.as_u32;
+ ip->dst_address.as_u32 = exp->ipfix_collector.ip.ip4.as_u32;
udp->src_port = clib_host_to_net_u16 (stream->src_port);
udp->dst_port = clib_host_to_net_u16 (collector_port);
udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip));
}
u8 *
-nat_template_rewrite_addr_exhausted (flow_report_main_t * frm,
- flow_report_t * fr,
- ip4_address_t * collector_address,
- ip4_address_t * src_address,
- u16 collector_port,
- ipfix_report_element_t *elts,
- u32 n_elts, u32 *stream_index)
+nat_template_rewrite_addr_exhausted (ipfix_exporter_t *exp, flow_report_t *fr,
+ u16 collector_port,
+ ipfix_report_element_t *elts, u32 n_elts,
+ u32 *stream_index)
{
- return nat_template_rewrite (frm, fr, collector_address, src_address,
- collector_port, NAT_ADDRESSES_EXHAUTED, 0);
+ return nat_template_rewrite (exp, fr, collector_port, NAT_ADDRESSES_EXHAUTED,
+ 0);
}
u8 *
-nat_template_rewrite_nat44_session (flow_report_main_t * frm,
- flow_report_t * fr,
- ip4_address_t * collector_address,
- ip4_address_t * src_address,
- u16 collector_port,
- ipfix_report_element_t *elts,
- u32 n_elts, u32 *stream_index)
+nat_template_rewrite_nat44_session (ipfix_exporter_t *exp, flow_report_t *fr,
+ u16 collector_port,
+ ipfix_report_element_t *elts, u32 n_elts,
+ u32 *stream_index)
{
- return nat_template_rewrite (frm, fr, collector_address, src_address,
- collector_port, NAT44_SESSION_CREATE, 0);
+ return nat_template_rewrite (exp, fr, collector_port, NAT44_SESSION_CREATE,
+ 0);
}
u8 *
-nat_template_rewrite_max_entries_per_usr (flow_report_main_t * frm,
- flow_report_t * fr,
- ip4_address_t * collector_address,
- ip4_address_t * src_address,
- u16 collector_port,
- ipfix_report_element_t *elts,
- u32 n_elts, u32 *stream_index)
+nat_template_rewrite_max_entries_per_usr (
+ ipfix_exporter_t *exp, flow_report_t *fr, ip4_address_t *collector_address,
+ ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts,
+ u32 n_elts, u32 *stream_index)
{
- return nat_template_rewrite (frm, fr, collector_address, src_address,
- collector_port, QUOTA_EXCEEDED,
- MAX_ENTRIES_PER_USER);
+ return nat_template_rewrite (exp, fr, collector_port, QUOTA_EXCEEDED,
+ MAX_ENTRIES_PER_USER);
}
u8 *
-nat_template_rewrite_max_sessions (flow_report_main_t * frm,
- flow_report_t * fr,
- ip4_address_t * collector_address,
- ip4_address_t * src_address,
+nat_template_rewrite_max_sessions (ipfix_exporter_t *exp, flow_report_t *fr,
u16 collector_port,
- ipfix_report_element_t *elts,
- u32 n_elts, u32 *stream_index)
+ ipfix_report_element_t *elts, u32 n_elts,
+ u32 *stream_index)
{
- return nat_template_rewrite (frm, fr, collector_address, src_address,
- collector_port, QUOTA_EXCEEDED,
- MAX_SESSION_ENTRIES);
+ return nat_template_rewrite (exp, fr, collector_port, QUOTA_EXCEEDED,
+ MAX_SESSION_ENTRIES);
}
u8 *
-nat_template_rewrite_max_bibs (flow_report_main_t * frm,
- flow_report_t * fr,
- ip4_address_t * collector_address,
- ip4_address_t * src_address,
+nat_template_rewrite_max_bibs (ipfix_exporter_t *exp, flow_report_t *fr,
u16 collector_port,
- ipfix_report_element_t *elts,
- u32 n_elts, u32 *stream_index)
+ ipfix_report_element_t *elts, u32 n_elts,
+ u32 *stream_index)
{
- return nat_template_rewrite (frm, fr, collector_address, src_address,
- collector_port, QUOTA_EXCEEDED,
- MAX_BIB_ENTRIES);
+ return nat_template_rewrite (exp, fr, collector_port, QUOTA_EXCEEDED,
+ MAX_BIB_ENTRIES);
}
u8 *
-nat_template_rewrite_nat64_bib (flow_report_main_t * frm,
- flow_report_t * fr,
- ip4_address_t * collector_address,
- ip4_address_t * src_address,
- u16 collector_port,
- ipfix_report_element_t *elts,
- u32 n_elts, u32 *stream_index)
+nat_template_rewrite_nat64_bib (ipfix_exporter_t *exp, flow_report_t *fr,
+ u16 collector_port,
+ ipfix_report_element_t *elts, u32 n_elts,
+ u32 *stream_index)
{
- return nat_template_rewrite (frm, fr, collector_address, src_address,
- collector_port, NAT64_BIB_CREATE, 0);
+ return nat_template_rewrite (exp, fr, collector_port, NAT64_BIB_CREATE, 0);
}
u8 *
-nat_template_rewrite_nat64_session (flow_report_main_t * frm,
- flow_report_t * fr,
- ip4_address_t * collector_address,
- ip4_address_t * src_address,
- u16 collector_port,
- ipfix_report_element_t *elts,
- u32 n_elts, u32 *stream_index)
+nat_template_rewrite_nat64_session (ipfix_exporter_t *exp, flow_report_t *fr,
+ u16 collector_port,
+ ipfix_report_element_t *elts, u32 n_elts,
+ u32 *stream_index)
{
- return nat_template_rewrite (frm, fr, collector_address, src_address,
- collector_port, NAT64_SESSION_CREATE, 0);
+ return nat_template_rewrite (exp, fr, collector_port, NAT64_SESSION_CREATE,
+ 0);
}
static inline void
ip4_header_t *ip;
udp_header_t *udp;
vlib_main_t *vm = vlib_get_main ();
-
+ ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
+
stream_index = clib_atomic_fetch_or(&silm->stream_index, 0);
- stream = &frm->streams[stream_index];
+ stream = &exp->streams[stream_index];
b0->current_data = 0;
b0->current_length = sizeof (*ip) + sizeof (*udp) + sizeof (*h) +
sizeof (*s);
b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT);
vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
- vnet_buffer (b0)->sw_if_index[VLIB_TX] = frm->fib_index;
+ vnet_buffer (b0)->sw_if_index[VLIB_TX] = exp->fib_index;
tp = vlib_buffer_get_current (b0);
ip = (ip4_header_t *) & tp->ip4;
udp = (udp_header_t *) (ip + 1);
ip->ttl = 254;
ip->protocol = IP_PROTOCOL_UDP;
ip->flags_and_fragment_offset = 0;
- ip->src_address.as_u32 = frm->src_address.as_u32;
- ip->dst_address.as_u32 = frm->ipfix_collector.as_u32;
+ ip->src_address.as_u32 = exp->src_address.ip.ip4.as_u32;
+ ip->dst_address.as_u32 = exp->ipfix_collector.ip.ip4.as_u32;
udp->src_port = clib_host_to_net_u16 (stream->src_port);
- udp->dst_port = clib_host_to_net_u16 (frm->collector_port);
+ udp->dst_port = clib_host_to_net_u16 (exp->collector_port);
udp->checksum = 0;
h->export_time = clib_host_to_net_u32 ((u32)
ip4_header_t *ip;
udp_header_t *udp;
vlib_main_t *vm = vlib_get_main ();
+ ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
tp = vlib_buffer_get_current (b0);
ip = (ip4_header_t *) & tp->ip4;
ip->checksum = ip4_header_checksum (ip);
udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
- if (frm->udp_checksum)
+ if (exp->udp_checksum)
{
udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
if (udp->checksum == 0)
static void
nat_ipfix_logging_nat44_ses (u32 thread_index, u8 nat_event, u32 src_ip,
- u32 nat_src_ip, nat_protocol_t nat_proto,
- u16 src_port, u16 nat_src_port, u32 fib_index,
- int do_flush)
+ u32 nat_src_ip, ip_protocol_t proto, u16 src_port,
+ u16 nat_src_port, u32 fib_index, int do_flush)
{
nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
u32 offset;
vlib_main_t *vm = vlib_get_main ();
u64 now;
- u8 proto;
u16 template_id;
u32 vrf_id;
-
- proto = nat_proto_to_ip_proto (nat_proto);
+ ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
now += silm->milisecond_time_0;
b0->current_length += NAT44_SESSION_CREATE_LEN;
}
- if (PREDICT_FALSE
- (do_flush || (offset + NAT44_SESSION_CREATE_LEN) > frm->path_mtu))
+ if (PREDICT_FALSE (do_flush ||
+ (offset + NAT44_SESSION_CREATE_LEN) > exp->path_mtu))
{
template_id = clib_atomic_fetch_or (
&silm->nat44_session_template_id,
u64 now;
u8 nat_event = NAT_ADDRESSES_EXHAUTED;
u16 template_id;
+ ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
now += silm->milisecond_time_0;
b0->current_length += NAT_ADDRESSES_EXHAUTED_LEN;
}
- if (PREDICT_FALSE
- (do_flush || (offset + NAT_ADDRESSES_EXHAUTED_LEN) > frm->path_mtu))
+ if (PREDICT_FALSE (do_flush ||
+ (offset + NAT_ADDRESSES_EXHAUTED_LEN) > exp->path_mtu))
{
template_id = clib_atomic_fetch_or (
&silm->addr_exhausted_template_id,
u8 nat_event = QUOTA_EXCEEDED;
u32 quota_event = clib_host_to_net_u32 (MAX_ENTRIES_PER_USER);
u16 template_id;
+ ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
now += silm->milisecond_time_0;
b0->current_length += MAX_ENTRIES_PER_USER_LEN;
}
- if (PREDICT_FALSE
- (do_flush || (offset + MAX_ENTRIES_PER_USER_LEN) > frm->path_mtu))
+ if (PREDICT_FALSE (do_flush ||
+ (offset + MAX_ENTRIES_PER_USER_LEN) > exp->path_mtu))
{
template_id = clib_atomic_fetch_or (
&silm->max_entries_per_user_template_id,
u8 nat_event = QUOTA_EXCEEDED;
u32 quota_event = clib_host_to_net_u32 (MAX_SESSION_ENTRIES);
u16 template_id;
+ ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
now += silm->milisecond_time_0;
b0->current_length += MAX_SESSIONS_LEN;
}
- if (PREDICT_FALSE
- (do_flush || (offset + MAX_SESSIONS_LEN) > frm->path_mtu))
+ if (PREDICT_FALSE (do_flush || (offset + MAX_SESSIONS_LEN) > exp->path_mtu))
{
template_id = clib_atomic_fetch_or (
&silm->max_sessions_template_id,
u8 nat_event = QUOTA_EXCEEDED;
u32 quota_event = clib_host_to_net_u32 (MAX_BIB_ENTRIES);
u16 template_id;
+ ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
now += silm->milisecond_time_0;
b0->current_length += MAX_BIBS_LEN;
}
- if (PREDICT_FALSE
- (do_flush || (offset + MAX_BIBS_LEN) > frm->path_mtu))
+ if (PREDICT_FALSE (do_flush || (offset + MAX_BIBS_LEN) > exp->path_mtu))
{
template_id = clib_atomic_fetch_or (
&silm->max_bibs_template_id,
vlib_main_t *vm = vlib_get_main ();
u64 now;
u16 template_id;
+ ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
now += silm->milisecond_time_0;
b0->current_length += NAT64_BIB_LEN;
}
- if (PREDICT_FALSE
- (do_flush || (offset + NAT64_BIB_LEN) > frm->path_mtu))
+ if (PREDICT_FALSE (do_flush || (offset + NAT64_BIB_LEN) > exp->path_mtu))
{
template_id = clib_atomic_fetch_or (
&silm->nat64_bib_template_id,
vlib_main_t *vm = vlib_get_main ();
u64 now;
u16 template_id;
+ ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0);
now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
now += silm->milisecond_time_0;
b0->current_length += NAT64_SES_LEN;
}
- if (PREDICT_FALSE
- (do_flush || (offset + NAT64_SES_LEN) > frm->path_mtu))
+ if (PREDICT_FALSE (do_flush || (offset + NAT64_SES_LEN) > exp->path_mtu))
{
template_id = clib_atomic_fetch_or (
&silm->nat64_ses_template_id,
/**
* @brief Generate NAT44 session create event
- *
- * @param thread_index thread index
- * @param src_ip source IPv4 address
- * @param nat_src_ip transaltes source IPv4 address
- * @param nat_proto NAT transport protocol
- * @param src_port source port
- * @param nat_src_port translated source port
- * @param vrf_id VRF ID
*/
void
-nat_ipfix_logging_nat44_ses_create (u32 thread_index,
- u32 src_ip,
- u32 nat_src_ip,
- nat_protocol_t nat_proto,
- u16 src_port,
- u16 nat_src_port, u32 fib_index)
+nat_ipfix_logging_nat44_ses_create (u32 thread_index, u32 src_ip,
+ u32 nat_src_ip, ip_protocol_t proto,
+ u16 src_port, u16 nat_src_port,
+ u32 fib_index)
{
skip_if_disabled ();
nat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_CREATE, src_ip,
- nat_src_ip, nat_proto, src_port, nat_src_port,
- fib_index, 0);
+ nat_src_ip, proto, src_port, nat_src_port,
+ fib_index, 0);
}
/**
* @brief Generate NAT44 session delete event
- *
- * @param thread_index thread index
- * @param src_ip source IPv4 address
- * @param nat_src_ip transaltes source IPv4 address
- * @param nat_proto NAT transport protocol
- * @param src_port source port
- * @param nat_src_port translated source port
- * @param vrf_id VRF ID
*/
void
-nat_ipfix_logging_nat44_ses_delete (u32 thread_index,
- u32 src_ip,
- u32 nat_src_ip,
- nat_protocol_t nat_proto,
- u16 src_port,
- u16 nat_src_port, u32 fib_index)
+nat_ipfix_logging_nat44_ses_delete (u32 thread_index, u32 src_ip,
+ u32 nat_src_ip, ip_protocol_t proto,
+ u16 src_port, u16 nat_src_port,
+ u32 fib_index)
{
skip_if_disabled ();
nat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_DELETE, src_ip,
- nat_src_ip, nat_proto, src_port, nat_src_port,
- fib_index, 0);
+ nat_src_ip, proto, src_port, nat_src_port,
+ fib_index, 0);
}
/**
void
nat_ipfix_logging_addresses_exhausted (u32 thread_index, u32 pool_id)
{
- //TODO: This event SHOULD be rate limited
+ nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
+ static f64 *last_sent = 0;
+
skip_if_disabled ();
+ /* TODO: make rate configurable, use 1pps so far */
+ clib_spinlock_lock_if_init (&silm->addr_exhausted_lock);
+ f64 now = vlib_time_now (vlib_get_main ());
+ vec_validate (last_sent, pool_id);
+ if (now < last_sent[pool_id] + 1.0)
+ {
+ clib_spinlock_unlock_if_init (&silm->addr_exhausted_lock);
+ return;
+ }
+ last_sent[pool_id] = now;
+ clib_spinlock_unlock_if_init (&silm->addr_exhausted_lock);
+
nat_ipfix_logging_addr_exhausted (thread_index, pool_id, 0);
}
void
nat_ipfix_logging_max_sessions (u32 thread_index, u32 limit)
{
- //TODO: This event SHOULD be rate limited
+ nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
+ static f64 last_sent = 0;
+
skip_if_disabled ();
+ /* TODO: make rate configurable, use 1pps so far */
+ clib_spinlock_lock_if_init (&silm->max_sessions_lock);
+ f64 now = vlib_time_now (vlib_get_main ());
+ if (now < last_sent + 1.0)
+ {
+ clib_spinlock_unlock_if_init (&silm->max_sessions_lock);
+ return;
+ }
+ last_sent = now;
+ clib_spinlock_unlock_if_init (&silm->max_sessions_lock);
+
nat_ipfix_logging_max_ses (thread_index, limit, 0);
}
void
nat_ipfix_logging_max_bibs (u32 thread_index, u32 limit)
{
- //TODO: This event SHOULD be rate limited
+ nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
+ static f64 last_sent = 0;
+
skip_if_disabled ();
+ /* TODO: make rate configurable, use 1pps so far */
+ clib_spinlock_lock_if_init (&silm->max_bibs_lock);
+ f64 now = vlib_time_now (vlib_get_main ());
+ if (now < last_sent + 1.0)
+ {
+ clib_spinlock_unlock_if_init (&silm->max_bibs_lock);
+ return;
+ }
+ last_sent = now;
+ clib_spinlock_unlock_if_init (&silm->max_bibs_lock);
+
nat_ipfix_logging_max_bib (thread_index, limit, 0);
}
}
vlib_frame_t *
-data_callback (flow_report_main_t * frm, flow_report_t * fr,
- vlib_frame_t * f, u32 * to_next, u32 node_index)
+data_callback (flow_report_main_t *frm, ipfix_exporter_t *exp,
+ flow_report_t *fr, vlib_frame_t *f, u32 *to_next,
+ u32 node_index)
{
nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
- if (PREDICT_FALSE (++silm->call_counter >= vec_len (frm->reports)))
+ if (PREDICT_FALSE (++silm->call_counter >= vec_len (exp->reports)))
{
nat_ipfix_flush_from_main();
silm->call_counter = 0;
nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port)
{
nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main;
- flow_report_main_t *frm = &flow_report_main;
+ ipfix_exporter_t *exp = &flow_report_main.exporters[0];
vnet_flow_report_add_del_args_t a;
int rv;
u8 e = enable ? 1 : 0;
a.flow_data_callback = data_callback;
a.rewrite_callback = nat_template_rewrite_nat44_session;
- rv = vnet_flow_report_add_del (frm, &a, NULL);
+ rv = vnet_flow_report_add_del (exp, &a, NULL);
if (rv)
{
//nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
}
a.rewrite_callback = nat_template_rewrite_addr_exhausted;
- rv = vnet_flow_report_add_del (frm, &a, NULL);
+ rv = vnet_flow_report_add_del (exp, &a, NULL);
if (rv)
{
//nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
}
a.rewrite_callback = nat_template_rewrite_max_sessions;
- rv = vnet_flow_report_add_del (frm, &a, NULL);
+ rv = vnet_flow_report_add_del (exp, &a, NULL);
if (rv)
{
//nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
}
a.rewrite_callback = nat_template_rewrite_max_bibs;
- rv = vnet_flow_report_add_del (frm, &a, NULL);
+ rv = vnet_flow_report_add_del (exp, &a, NULL);
if (rv)
{
//nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
}
a.rewrite_callback = nat_template_rewrite_nat64_bib;
- rv = vnet_flow_report_add_del (frm, &a, NULL);
+ rv = vnet_flow_report_add_del (exp, &a, NULL);
if (rv)
{
//nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
}
a.rewrite_callback = nat_template_rewrite_nat64_session;
- rv = vnet_flow_report_add_del (frm, &a, NULL);
+ rv = vnet_flow_report_add_del (exp, &a, NULL);
if (rv)
{
//nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
// if endpoint dependent per user max entries is also required
/*
a.rewrite_callback = nat_template_rewrite_max_entries_per_usr;
- rv = vnet_flow_report_add_del (frm, &a, NULL);
+ rv = vnet_flow_report_add_del (exp, &a, NULL);
if (rv)
{
//nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
silm->milisecond_time_0 = unix_time_now_nsec () * 1e-6;
vec_validate (silm->per_thread_data, tm->n_vlib_mains - 1);
+
+ /* Set up rate-limit */
+ clib_spinlock_init (&silm->addr_exhausted_lock);
+ clib_spinlock_init (&silm->max_sessions_lock);
+ clib_spinlock_init (&silm->max_bibs_lock);
}
static uword
return 0;
}
-/* *INDENT-OFF* */
VLIB_REGISTER_NODE (nat_ipfix_flush_node) = {
.function = ipfix_flush_process,
.name = "nat-ipfix-flush",
.type = VLIB_NODE_TYPE_INPUT,
.state = VLIB_NODE_STATE_INTERRUPT,
};
-/* *INDENT-ON* */
Code Review / vpp.git / blobdiff