diff options
Diffstat (limited to 'src/vnet/ipfix-export/ipfix_doc.md')
-rw-r--r-- | src/vnet/ipfix-export/ipfix_doc.md | 375 |
1 files changed, 180 insertions, 195 deletions
diff --git a/src/vnet/ipfix-export/ipfix_doc.md b/src/vnet/ipfix-export/ipfix_doc.md index fba420ecf12..95db15cc341 100644 --- a/src/vnet/ipfix-export/ipfix_doc.md +++ b/src/vnet/ipfix-export/ipfix_doc.md @@ -13,37 +13,114 @@ vnet_flow_report_add_del_args_t structure, and call vnet_flow_report_add_del. ```{.c} #include <vnet/ipfix-export/flow_report.h> + /* Defined in flow_report.h, of interest when constructing reports */ + /* ipfix field definitions for a particular report */ typedef struct { + u32 info_element; + u32 size; + } ipfix_report_element_t; + + /* Report add/del argument structure */ + typedef struct + { + /* Callback to flush current ipfix packet / frame */ vnet_flow_data_callback_t *flow_data_callback; + + /* Callback to build the template packet rewrite string */ vnet_flow_rewrite_callback_t *rewrite_callback; + + /* List of ipfix elements in the report */ + ipfix_report_element_t *report_elements; + u32 n_report_elements; + /* Kept in flow report, used e.g. by flow classifier */ opaque_t opaque; + /* Add / delete a report */ int is_add; + /* Ipfix "domain-ID", see RFC, set as desired */ u32 domain_id; + /* ipfix packet source port, often set to UDP_DST_PORT_ipfix */ u16 src_port; + /* Set by ipfix infra, needed to send data packets */ + u32 *stream_indexp; } vnet_flow_report_add_del_args_t; + /* Private header file contents */ + + /* Report ipfix element definition */ + #define foreach_simple_report_ipfix_element \ + _(sourceIPv4Address, 4) \ + _(destinationIPv4Address, 4) \ + _(sourceTransportPort, 2) \ + _(destinationTransportPort, 2) \ + _(protocolIdentifier, 1) \ + _(flowStartMicroseconds, 8) \ + _(flowEndMicroseconds, 8) + + static ipfix_report_element_t simple_report_elements[] = { + #define _(a,b) {a,b}, + foreach_simple_report_ipfix_element + #undef _ + }; + + typedef struct + { + /** Buffers and frames, per thread */ + vlib_buffer_t **buffers_by_thread; + vlib_frame_t **frames_by_thread; + u32 *next_record_offset_by_thread; + + /** Template ID's */ + u16 *template_ids; + + /** Time reference pair */ + u64 usec_time_0; + f64 vlib_time_0; + + /** Stream index */ + u32 stream_index; + + /* Convenience */ + flow_report_main_t *flow_report_main; + vlib_main_t *vlib_main; + vnet_main_t *vnet_main; + } my_logging_main_t; + + extern my_logging_main_t my_logging_main; + ... + /* Recitations */ flow_report_main_t *frm = &flow_report_main; + my_logging_main_t *mlm = &my_logging_main; vnet_flow_report_add_del_args_t a; int rv; u16 template_id; ... - /* Set up time reference pair */ + /* Init function: set up time reference pair */ mlm->vlib_time_0 = vlib_time_now (vm); mlm->milisecond_time_0 = unix_time_now_nsec () * 1e-6; ... + /* Create a report */ memset (&a, 0, sizeof (a)); a.is_add = 1 /* to enable the report */; a.domain_id = 1 /* pick a domain ID */; a.src_port = UDP_DST_PORT_ipfix /* src port for reports */; - a.rewrite_callback = my_template_packet_rewrite_callback; + + /* Use the generic template packet rewrite string generator */ + a.rewrite_callback = vnet_flow_rewrite_generic_callback; + + /* Supply a list of ipfix report elements */ + a.report_elements = simple_report_elements; + a.n_report_elements = ARRAY_LEN (simple_report_elements); + + /* Pointer to the ipfix stream index, set by the report infra */ + a.stream_indexp = &mlm->stream_index; a.flow_data_callback = my_flow_data_callback; /* Create the report */ @@ -56,100 +133,13 @@ vnet_flow_report_add_del_args_t structure, and call vnet_flow_report_add_del. ``` -Several functions are worth describing in detail. +Several things are worth describing in more detail. -### template packet rewrite callback function +### vnet_flow_rewrite_generic_callback programming -This callback helps build ipfix template packets when required. We -should reduce the amount of cut-'n-paste coding, since only a fraction -of the code has anything to do with the specific ipfix template we're -trying to build. - -```{.c} - u8 * - my_template_packet_rewrite_callback (flow_report_main_t * frm, - flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, - u16 collector_port) - { - my_logging_main_t *mlm = &my_logging_main; /* typical */ - ip4_header_t *ip; - udp_header_t *udp; - ipfix_message_header_t *h; - ipfix_set_header_t *s; - ipfix_template_header_t *t; - ipfix_field_specifier_t *f; - ipfix_field_specifier_t *first_field; - u8 *rewrite = 0; - ip4_ipfix_template_packet_t *tp; - u32 field_count = 0; - flow_report_stream_t *stream; - - stream = &frm->streams[fr->stream_index]; - - field_count = number_of_fields_to_export; - - /* allocate rewrite space */ - vec_validate_aligned (rewrite, - sizeof (ip4_ipfix_template_packet_t) - + field_count * sizeof (ipfix_field_specifier_t) - 1, - CLIB_CACHE_LINE_BYTES); - - /* create the packet rewrite string */ - tp = (ip4_ipfix_template_packet_t *) rewrite; - ip = (ip4_header_t *) & tp->ip4; - udp = (udp_header_t *) (ip + 1); - h = (ipfix_message_header_t *) (udp + 1); - s = (ipfix_set_header_t *) (h + 1); - t = (ipfix_template_header_t *) (s + 1); - first_field = f = (ipfix_field_specifier_t *) (t + 1); - - ip->ip_version_and_header_length = 0x45; - ip->ttl = 254; - ip->protocol = IP_PROTOCOL_UDP; - ip->src_address.as_u32 = src_address->as_u32; - ip->dst_address.as_u32 = collector_address->as_u32; - udp->src_port = clib_host_to_net_u16 (stream->src_port); - udp->dst_port = clib_host_to_net_u16 (collector_port); - udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip)); - - /* FIXUP LATER: message header export_time */ - h->domain_id = clib_host_to_net_u32 (stream->domain_id); - - /* - * Add your favorite info elements to the template. See - * .../src/vnet/ipfix-export/ipfix_info_elements.h - * - * Highly advisable to make sure field count is correct! - */ - - f->e_id_length = ipfix_e_id_length (0, sourceIPv6Address, 16); - f++; - f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4); - f++; - - /* Back to the template packet... */ - ip = (ip4_header_t *) & tp->ip4; - udp = (udp_header_t *) (ip + 1); - - ASSERT (f - first_field); - /* Field count in this template */ - t->id_count = ipfix_id_count (fr->template_id, f - first_field); - - /* set length in octets */ - s->set_id_length = - ipfix_set_id_length (2 /* set_id */ , (u8 *) f - (u8 *) s); - - /* message length in octets */ - h->version_length = version_length ((u8 *) f - (u8 *) h); - - ip->length = clib_host_to_net_u16 ((u8 *) f - (u8 *) ip); - ip->checksum = ip4_header_checksum (ip); - - return rewrite; - } -``` +This generic callback helps build ipfix template packets. When +registering an ipfix report, pass an (array, count) +of ipfix elements as shown above. ### my_flow_data_callback @@ -185,10 +175,12 @@ This function creates the packet header for an ipfix data packet my_flow_report_header (flow_report_main_t * frm, vlib_buffer_t * b0, u32 * offset) { - snat_ipfix_logging_main_t *mlm = &my_logging_main; + my_logging_main_t *mlm = &my_logging_main; flow_report_stream_t *stream; ip4_ipfix_template_packet_t *tp; ipfix_message_header_t *h = 0; + + ipfix_set_header_t *s = 0; ip4_header_t *ip; udp_header_t *udp; @@ -219,97 +211,82 @@ This function creates the packet header for an ipfix data packet h->export_time = clib_host_to_net_u32 ((u32) (((f64) frm->unix_time_0) + - (vlib_time_now (frm->vlib_main) - - frm->vlib_time_0))); - h->sequence_number = clib_host_to_net_u32 (stream->sequence_number++); - h->domain_id = clib_host_to_net_u32 (stream->domain_id); + (vlib_time_now (frm->vlib_main) - + frm->vlib_time_0))); + h->sequence_number = clib_host_to_net_u32 (stream->sequence_number++); + h->domain_id = clib_host_to_net_u32 (stream->domain_id); - *offset = (u32) (((u8 *) (s + 1)) - (u8 *) tp); -} -``` - -### fixup and transmit a flow record - -```{.c} - + *offset = (u32) (((u8 *) (s + 1)) - (u8 *) tp); + } + ``` + + ### fixup and transmit a flow record + + ```{.c} + + static inline void + my_send_ipfix_pkt (flow_report_main_t * frm, + vlib_frame_t * f, vlib_buffer_t * b0, u16 template_id) + { + ip4_ipfix_template_packet_t *tp; + ipfix_message_header_t *h = 0; + ipfix_set_header_t *s = 0; + ip4_header_t *ip; + udp_header_t *udp; + vlib_main_t *vm = frm->vlib_main; + + tp = vlib_buffer_get_current (b0); + ip = (ip4_header_t *) & tp->ip4; + udp = (udp_header_t *) (ip + 1); + h = (ipfix_message_header_t *) (udp + 1); + s = (ipfix_set_header_t *) (h + 1); + + s->set_id_length = ipfix_set_id_length (template_id, + b0->current_length - + (sizeof (*ip) + sizeof (*udp) + + sizeof (*h))); + h->version_length = version_length (b0->current_length - + (sizeof (*ip) + sizeof (*udp))); + + ip->length = clib_host_to_net_u16 (b0->current_length); + ip->checksum = ip4_header_checksum (ip); + udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip)); + + if (frm->udp_checksum) + { + udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip); + if (udp->checksum == 0) + udp->checksum = 0xffff; + } + + ASSERT (ip->checksum == ip4_header_checksum (ip)); + + vlib_put_frame_to_node (vm, ip4_lookup_node.index, f); + } + ``` + + ### my_buffer_flow_record + + This is the key routine which paints individual flow records into + an ipfix packet under construction. It's pretty straightforward + (albeit stateful) vpp data-plane code. The code shown below is + thread-safe by construction. + + ```{.c} static inline void - my_send_ipfix_pkt (flow_report_main_t * frm, - vlib_frame_t * f, vlib_buffer_t * b0, u16 template_id) + my_buffer_flow_record_internal (my_flow_record_t * rp, int do_flush, + u32 thread_index) { - ip4_ipfix_template_packet_t *tp; - ipfix_message_header_t *h = 0; - ipfix_set_header_t *s = 0; - ip4_header_t *ip; - udp_header_t *udp; - vlib_main_t *vm = frm->vlib_main; - - tp = vlib_buffer_get_current (b0); - ip = (ip4_header_t *) & tp->ip4; - udp = (udp_header_t *) (ip + 1); - h = (ipfix_message_header_t *) (udp + 1); - s = (ipfix_set_header_t *) (h + 1); - - s->set_id_length = ipfix_set_id_length (template_id, - b0->current_length - - (sizeof (*ip) + sizeof (*udp) + - sizeof (*h))); - h->version_length = version_length (b0->current_length - - (sizeof (*ip) + sizeof (*udp))); - - ip->length = clib_host_to_net_u16 (b0->current_length); - ip->checksum = ip4_header_checksum (ip); - udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip)); - - if (frm->udp_checksum) - { - udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip); - if (udp->checksum == 0) - udp->checksum = 0xffff; - } - - ASSERT (ip->checksum == ip4_header_checksum (ip)); - - vlib_put_frame_to_node (vm, ip4_lookup_node.index, f); - } -``` - -### my_buffer_flow_record - -This is the key routine which paints individual flow records into -an ipfix packet under construction. It's pretty straightforward -(albeit stateful) vpp data-plane code. - - -```{.c} - static void - my_buffer_flow_record (u32 datum0, u32 datum1, ..., int do_flush) - { - my_logging_main_t *mlm = &my_logging_main; + vlib_main_t *vm = vlib_mains[thread_index]; + my_logging_main_t *mlm = &jvp_ipfix_main; flow_report_main_t *frm = &flow_report_main; vlib_frame_t *f; vlib_buffer_t *b0 = 0; u32 bi0 = ~0; u32 offset; - vlib_main_t *vm = frm->vlib_main; - u64 now; vlib_buffer_free_list_t *fl; - my_flow_record_t my_flow_record; - - if (!mlm->enabled) - return; - now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3); - now += mlm->milisecond_time_0; - - /* - * (maybe) set up a packed structure from datum0...datumN - * Otherwise, paint directly into the buffer below... - */ - my_flow_record.xxx = datum0; - my_flow_record.yyy = datum1; - - - b0 = mlm->my_data_buffer; + b0 = mlm->buffers_by_thread[thread_index]; if (PREDICT_FALSE (b0 == 0)) { @@ -322,28 +299,30 @@ an ipfix packet under construction. It's pretty straightforward return; } - b0 = mlm->my_data_buffer = vlib_get_buffer (vm, bi0); + b0 = vlib_get_buffer (vm, bi0); fl = vlib_buffer_get_free_list (vm, VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX); vlib_buffer_init_for_free_list (b0, fl); VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0); offset = 0; + mlm->buffers_by_thread[thread_index] = b0; } else { bi0 = vlib_get_buffer_index (vm, b0); - offset = mlm->my_next_record_offset; + offset = mlm->next_record_offset_by_thread[thread_index]; } - f = mlm->my_ipfix_frame; + f = mlm->frames_by_thread[thread_index]; if (PREDICT_FALSE (f == 0)) { u32 *to_next; f = vlib_get_frame_to_node (vm, ip4_lookup_node.index); - mlm->my_ipfix_frame = f; + mlm->frames_by_thread[thread_index] = f; to_next = vlib_frame_vector_args (f); to_next[0] = bi0; f->n_vectors = 1; + mlm->frames_by_thread[thread_index] = f; } if (PREDICT_FALSE (offset == 0)) @@ -351,25 +330,31 @@ an ipfix packet under construction. It's pretty straightforward if (PREDICT_TRUE (do_flush == 0)) { - /* paint time stamp into buffer */ - clib_memcpy (b0->data + offset, &time_stamp, sizeof (time_stamp)); - offset += sizeof (time_stamp); - /* Paint the new ipfix data record into the buffer */ - clib_memcpy (b0->data + offset, &my_flow_record, - sizeof (my_flow_record)); - offset += sizeof (my_flow_record); - b0->current_length += sizeof(my_flow_record); + clib_memcpy (b0->data + offset, rp, sizeof (*rp)); + offset += sizeof (*rp); + b0->current_length += sizeof (*rp); } - if (PREDICT_FALSE - (do_flush || (offset + sizeof (my_flow_record)) > frm->path_mtu)) + if (PREDICT_FALSE (do_flush || (offset + sizeof (*rp)) > frm->path_mtu)) { - my_send_ipfix_pkt (frm, f, b0, mlm->template_id); - mlm->my_ipfix_frame = 0; - mlm->my_data_buffer = 0; + /* Nothing to send? */ + if (offset == 0) + return; + + send_ipfix_pkt (frm, f, b0, mlm->template_ids[0]); + mlm->buffers_by_thread[thread_index] = 0; + mlm->frames_by_thread[thread_index] = 0; offset = 0; } - mlm->next_record_offset = offset; - } + mlm->next_record_offset_by_thread[thread_index] = offset; + } + + static void + my_buffer_flow_record (my_flow_record_t * rp, int do_flush) + { + u32 thread_index = vlib_get_thread_index(); + my_buffer_flow_record_internal (rp, do_flush, thread_index); + } + ``` |