Code Review / vpp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
NAT: syslog - sessions logging (VPP-1139)
[vpp.git] / src / plugins / nat / nat_syslog.c
1 /*
2  * Copyright (c) 2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 /**
16  * @file
17  * @brief NAT syslog logging
18  */
19
20 #include <vnet/fib/fib_table.h>
21 #include <vnet/ip/ip.h>
22 #include <vnet/syslog/syslog.h>
23
24 #include <nat/nat_syslog.h>
25 #include <nat/nat_inlines.h>
26
27
28 #define NAT_FACILITY SYSLOG_FACILITY_LOCAL0
29
30 #define NAT_APPNAME "NAT"
31
32 #define SADD_SDEL_SEVERITY SYSLOG_SEVERITY_INFORMATIONAL
33 #define APMADD_APMDEL_SEVERITY SYSLOG_SEVERITY_INFORMATIONAL
34
35 #define SADD_MSGID "SADD"
36 #define SDEL_MSGID "SDEL"
37 #define APMADD_MSGID "APMADD"
38 #define APMDEL_MSGID "APMDEL"
39
40 #define NSESS_SDID "nsess"
41 #define NAPMAP_SDID "napmap"
42
43 #define SSUBIX_SDPARAM_NAME "SSUBIX"
44 #define SVLAN_SDPARAM_NAME "SVLAN"
45 #define IATYP_SDPARAM_NAME "IATYP"
46 #define ISADDR_SDPARAM_NAME "ISADDR"
47 #define ISPORT_SDPARAM_NAME "ISPORT"
48 #define IDADDR_SDPARAM_NAME "IDADDR"
49 #define IDPORT_SDPARAM_NAME "IDPORT"
50 #define XATYP_SDPARAM_NAME "XATYP"
51 #define XSADDR_SDPARAM_NAME "XSADDR"
52 #define XSPORT_SDPARAM_NAME "XSPORT"
53 #define XDADDR_SDPARAM_NAME "XDADDR"
54 #define XDPORT_SDPARAM_NAME "XDPORT"
55 #define PROTO_SDPARAM_NAME "PROTO"
56 #define SV6ENC_SDPARAM_NAME "SV6ENC"
57
58 #define IATYP_IPV4 "IPv4"
59 #define IATYP_IPV6 "IPv6"
60
61 static inline void
62 nat_syslog_nat44_apmap (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
63                         u16 isport, ip4_address_t * xsaddr, u16 xsport,
64                         snat_protocol_t proto, u8 is_add,
65                         ip6_address_t * sv6enc)
66 {
67   syslog_msg_t syslog_msg;
68   fib_table_t *fib;
69
70   if (!syslog_is_enabled ())
71     return;
72
73   if (syslog_severity_filter_block (APMADD_APMDEL_SEVERITY))
74     return;
75
76   syslog_msg_init (&syslog_msg, NAT_FACILITY, APMADD_APMDEL_SEVERITY,
77                    NAT_APPNAME, is_add ? APMADD_MSGID : APMDEL_MSGID);
78
79   syslog_msg_sd_init (&syslog_msg, NAPMAP_SDID);
80   syslog_msg_add_sd_param (&syslog_msg, SSUBIX_SDPARAM_NAME, "%d", ssubix);
81   if (sv6enc)
82     {
83       syslog_msg_add_sd_param (&syslog_msg, SV6ENC_SDPARAM_NAME, "%U",
84                                format_ip6_address, sv6enc);
85     }
86   else
87     {
88       fib = fib_table_get (sfibix, FIB_PROTOCOL_IP4);
89       syslog_msg_add_sd_param (&syslog_msg, SVLAN_SDPARAM_NAME, "%d",
90                                fib->ft_table_id);
91     }
92   syslog_msg_add_sd_param (&syslog_msg, IATYP_SDPARAM_NAME, IATYP_IPV4);
93   syslog_msg_add_sd_param (&syslog_msg, ISADDR_SDPARAM_NAME, "%U",
94                            format_ip4_address, isaddr);
95   syslog_msg_add_sd_param (&syslog_msg, ISPORT_SDPARAM_NAME, "%d",
96                            clib_net_to_host_u16 (isport));
97   syslog_msg_add_sd_param (&syslog_msg, XATYP_SDPARAM_NAME, IATYP_IPV4);
98   syslog_msg_add_sd_param (&syslog_msg, XSADDR_SDPARAM_NAME, "%U",
99                            format_ip4_address, xsaddr);
100   syslog_msg_add_sd_param (&syslog_msg, XSPORT_SDPARAM_NAME, "%d",
101                            clib_net_to_host_u16 (xsport));
102   syslog_msg_add_sd_param (&syslog_msg, PROTO_SDPARAM_NAME, "%d",
103                            snat_proto_to_ip_proto (proto));
104
105   syslog_msg_send (&syslog_msg);
106 }
107
108 void
109 nat_syslog_nat44_apmadd (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
110                          u16 isport, ip4_address_t * xsaddr, u16 xsport,
111                          snat_protocol_t proto)
112 {
113   nat_syslog_nat44_apmap (ssubix, sfibix, isaddr, isport, xsaddr, xsport,
114                           proto, 1, 0);
115 }
116
117 void
118 nat_syslog_nat44_apmdel (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
119                          u16 isport, ip4_address_t * xsaddr, u16 xsport,
120                          snat_protocol_t proto)
121 {
122   nat_syslog_nat44_apmap (ssubix, sfibix, isaddr, isport, xsaddr, xsport,
123                           proto, 0, 0);
124 }
125
126 void
127 nat_syslog_dslite_apmadd (u32 ssubix, ip6_address_t * sv6enc,
128                           ip4_address_t * isaddr, u16 isport,
129                           ip4_address_t * xsaddr, u16 xsport,
130                           snat_protocol_t proto)
131 {
132   nat_syslog_nat44_apmap (ssubix, 0, isaddr, isport, xsaddr, xsport,
133                           proto, 1, sv6enc);
134 }
135
136 void
137 nat_syslog_dslite_apmdel (u32 ssubix, ip6_address_t * sv6enc,
138                           ip4_address_t * isaddr, u16 isport,
139                           ip4_address_t * xsaddr, u16 xsport,
140                           snat_protocol_t proto)
141 {
142   nat_syslog_nat44_apmap (ssubix, 0, isaddr, isport, xsaddr, xsport,
143                           proto, 0, sv6enc);
144 }
145
146 static inline void
147 nat_syslog_nat44_sess (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
148                        u16 isport, ip4_address_t * xsaddr, u16 xsport,
149                        ip4_address_t * idaddr, u16 idport,
150                        ip4_address_t * xdaddr, u16 xdport,
151                        snat_protocol_t proto, u8 is_add, u8 is_twicenat)
152 {
153   syslog_msg_t syslog_msg;
154   fib_table_t *fib;
155
156   if (!syslog_is_enabled ())
157     return;
158
159   if (syslog_severity_filter_block (SADD_SDEL_SEVERITY))
160     return;
161
162   fib = fib_table_get (sfibix, FIB_PROTOCOL_IP4);
163
164   syslog_msg_init (&syslog_msg, NAT_FACILITY, SADD_SDEL_SEVERITY, NAT_APPNAME,
165                    is_add ? SADD_MSGID : SDEL_MSGID);
166
167   syslog_msg_sd_init (&syslog_msg, NSESS_SDID);
168   syslog_msg_add_sd_param (&syslog_msg, SSUBIX_SDPARAM_NAME, "%d", ssubix);
169   syslog_msg_add_sd_param (&syslog_msg, SVLAN_SDPARAM_NAME, "%d",
170                            fib->ft_table_id);
171   syslog_msg_add_sd_param (&syslog_msg, IATYP_SDPARAM_NAME, IATYP_IPV4);
172   syslog_msg_add_sd_param (&syslog_msg, ISADDR_SDPARAM_NAME, "%U",
173                            format_ip4_address, isaddr);
174   syslog_msg_add_sd_param (&syslog_msg, ISPORT_SDPARAM_NAME, "%d",
175                            clib_net_to_host_u16 (isport));
176   syslog_msg_add_sd_param (&syslog_msg, XATYP_SDPARAM_NAME, IATYP_IPV4);
177   syslog_msg_add_sd_param (&syslog_msg, XSADDR_SDPARAM_NAME, "%U",
178                            format_ip4_address, xsaddr);
179   syslog_msg_add_sd_param (&syslog_msg, XSPORT_SDPARAM_NAME, "%d",
180                            clib_net_to_host_u16 (xsport));
181   syslog_msg_add_sd_param (&syslog_msg, PROTO_SDPARAM_NAME, "%d",
182                            snat_proto_to_ip_proto (proto));
183   syslog_msg_add_sd_param (&syslog_msg, XDADDR_SDPARAM_NAME, "%U",
184                            format_ip4_address, xdaddr);
185   syslog_msg_add_sd_param (&syslog_msg, XDPORT_SDPARAM_NAME, "%d",
186                            clib_net_to_host_u16 (xdport));
187   if (is_twicenat)
188     {
189       syslog_msg_add_sd_param (&syslog_msg, IDADDR_SDPARAM_NAME, "%U",
190                                format_ip4_address, idaddr);
191       syslog_msg_add_sd_param (&syslog_msg, IDPORT_SDPARAM_NAME, "%d",
192                                clib_net_to_host_u16 (idport));
193     }
194
195   syslog_msg_send (&syslog_msg);
196 }
197
198 void
199 nat_syslog_nat44_sadd (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
200                        u16 isport, ip4_address_t * idaddr, u16 idport,
201                        ip4_address_t * xsaddr, u16 xsport,
202                        ip4_address_t * xdaddr, u16 xdport,
203                        snat_protocol_t proto, u8 is_twicenat)
204 {
205   nat_syslog_nat44_sess (ssubix, sfibix, isaddr, isport, xsaddr, xsport,
206                          idaddr, idport, xdaddr, xdport, proto, 1,
207                          is_twicenat);
208 }
209
210 void
211 nat_syslog_nat44_sdel (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
212                        u16 isport, ip4_address_t * idaddr, u16 idport,
213                        ip4_address_t * xsaddr, u16 xsport,
214                        ip4_address_t * xdaddr, u16 xdport,
215                        snat_protocol_t proto, u8 is_twicenat)
216 {
217   nat_syslog_nat44_sess (ssubix, sfibix, isaddr, isport, xsaddr, xsport,
218                          idaddr, idport, xdaddr, xdport, proto, 0,
219                          is_twicenat);
220 }
221
222 static inline void
223 nat_syslog_nat64_sess (u32 sfibix, ip6_address_t * isaddr, u16 isport,
224                        ip4_address_t * xsaddr, u16 xsport,
225                        ip4_address_t * xdaddr, u16 xdport,
226                        snat_protocol_t proto, u8 is_add)
227 {
228   syslog_msg_t syslog_msg;
229   fib_table_t *fib;
230
231   if (!syslog_is_enabled ())
232     return;
233
234   if (syslog_severity_filter_block (SADD_SDEL_SEVERITY))
235     return;
236
237   fib = fib_table_get (sfibix, FIB_PROTOCOL_IP6);
238
239   syslog_msg_init (&syslog_msg, NAT_FACILITY, SADD_SDEL_SEVERITY, NAT_APPNAME,
240                    is_add ? SADD_MSGID : SDEL_MSGID);
241
242   syslog_msg_sd_init (&syslog_msg, NSESS_SDID);
243   syslog_msg_add_sd_param (&syslog_msg, SVLAN_SDPARAM_NAME, "%d",
244                            fib->ft_table_id);
245   syslog_msg_add_sd_param (&syslog_msg, IATYP_SDPARAM_NAME, IATYP_IPV6);
246   syslog_msg_add_sd_param (&syslog_msg, ISADDR_SDPARAM_NAME, "%U",
247                            format_ip6_address, isaddr);
248   syslog_msg_add_sd_param (&syslog_msg, ISPORT_SDPARAM_NAME, "%d",
249                            clib_net_to_host_u16 (isport));
250   syslog_msg_add_sd_param (&syslog_msg, XATYP_SDPARAM_NAME, IATYP_IPV4);
251   syslog_msg_add_sd_param (&syslog_msg, XSADDR_SDPARAM_NAME, "%U",
252                            format_ip4_address, xsaddr);
253   syslog_msg_add_sd_param (&syslog_msg, XSPORT_SDPARAM_NAME, "%d",
254                            clib_net_to_host_u16 (xsport));
255   syslog_msg_add_sd_param (&syslog_msg, PROTO_SDPARAM_NAME, "%d", proto);
256   syslog_msg_add_sd_param (&syslog_msg, XDADDR_SDPARAM_NAME, "%U",
257                            format_ip4_address, xdaddr);
258   syslog_msg_add_sd_param (&syslog_msg, XDPORT_SDPARAM_NAME, "%d",
259                            clib_net_to_host_u16 (xdport));
260
261   syslog_msg_send (&syslog_msg);
262 }
263
264 void
265 nat_syslog_nat64_sadd (u32 sfibix, ip6_address_t * isaddr, u16 isport,
266                        ip4_address_t * xsaddr, u16 xsport,
267                        ip4_address_t * xdaddr, u16 xdport,
268                        snat_protocol_t proto)
269 {
270   nat_syslog_nat64_sess (sfibix, isaddr, isport, xsaddr, xsport, xdaddr,
271                          xdport, proto, 1);
272 }
273
274 void
275 nat_syslog_nat64_sdel (u32 sfibix, ip6_address_t * isaddr, u16 isport,
276                        ip4_address_t * xsaddr, u16 xsport,
277                        ip4_address_t * xdaddr, u16 xdport,
278                        snat_protocol_t proto)
279 {
280   nat_syslog_nat64_sess (sfibix, isaddr, isport, xsaddr, xsport, xdaddr,
281                          xdport, proto, 0);
282 }
283
284 /*
285  * fd.io coding-style-patch-verification: ON
286  *
287  * Local Variables:
288  * eval: (c-set-style "gnu")
289  * End:
290  */
Vector Packet Processing