diff options
Diffstat (limited to 'src/vnet/ipfix-export')
-rw-r--r-- | src/vnet/ipfix-export/flow_api.c | 396 | ||||
-rw-r--r-- | src/vnet/ipfix-export/flow_report.c | 529 | ||||
-rw-r--r-- | src/vnet/ipfix-export/flow_report.h | 159 | ||||
-rw-r--r-- | src/vnet/ipfix-export/flow_report_classify.c | 556 | ||||
-rw-r--r-- | src/vnet/ipfix-export/flow_report_classify.h | 134 | ||||
-rw-r--r-- | src/vnet/ipfix-export/ipfix_export.api | 149 | ||||
-rw-r--r-- | src/vnet/ipfix-export/ipfix_info_elements.h | 443 | ||||
-rw-r--r-- | src/vnet/ipfix-export/ipfix_packet.h | 206 |
8 files changed, 2572 insertions, 0 deletions
diff --git a/src/vnet/ipfix-export/flow_api.c b/src/vnet/ipfix-export/flow_api.c new file mode 100644 index 00000000000..e6446ef7033 --- /dev/null +++ b/src/vnet/ipfix-export/flow_api.c @@ -0,0 +1,396 @@ +/* + *------------------------------------------------------------------ + * flow_api.c - flow api + * + * Copyright (c) 2016 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + *------------------------------------------------------------------ + */ + +#include <vnet/vnet.h> +#include <vlibmemory/api.h> + +#include <vnet/interface.h> +#include <vnet/api_errno.h> + +#include <vnet/fib/fib_table.h> +#include <vnet/ipfix-export/flow_report.h> +#include <vnet/ipfix-export/flow_report_classify.h> + +#include <vnet/vnet_msg_enum.h> + +#define vl_typedefs /* define message structures */ +#include <vnet/vnet_all_api_h.h> +#undef vl_typedefs + +#define vl_endianfun /* define message structures */ +#include <vnet/vnet_all_api_h.h> +#undef vl_endianfun + +/* instantiate all the print functions we know about */ +#define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) +#define vl_printfun +#include <vnet/vnet_all_api_h.h> +#undef vl_printfun + +#include <vlibapi/api_helper_macros.h> + +#define foreach_vpe_api_msg \ +_(SET_IPFIX_EXPORTER, set_ipfix_exporter) \ +_(IPFIX_EXPORTER_DUMP, ipfix_exporter_dump) \ +_(SET_IPFIX_CLASSIFY_STREAM, set_ipfix_classify_stream) \ +_(IPFIX_CLASSIFY_STREAM_DUMP, ipfix_classify_stream_dump) \ +_(IPFIX_CLASSIFY_TABLE_ADD_DEL, ipfix_classify_table_add_del) \ +_(IPFIX_CLASSIFY_TABLE_DUMP, ipfix_classify_table_dump) + +static void +vl_api_set_ipfix_exporter_t_handler (vl_api_set_ipfix_exporter_t * mp) +{ + vlib_main_t *vm = vlib_get_main (); + flow_report_main_t *frm = &flow_report_main; + vl_api_set_ipfix_exporter_reply_t *rmp; + ip4_address_t collector, src; + u16 collector_port = UDP_DST_PORT_ipfix; + u32 path_mtu; + u32 template_interval; + u8 udp_checksum; + u32 fib_id; + u32 fib_index = ~0; + int rv = 0; + + memcpy (collector.data, mp->collector_address, sizeof (collector.data)); + collector_port = ntohs (mp->collector_port); + if (collector_port == (u16) ~ 0) + collector_port = UDP_DST_PORT_ipfix; + memcpy (src.data, mp->src_address, sizeof (src.data)); + fib_id = ntohl (mp->vrf_id); + + ip4_main_t *im = &ip4_main; + if (fib_id == ~0) + { + fib_index = ~0; + } + else + { + uword *p = hash_get (im->fib_index_by_table_id, fib_id); + if (!p) + { + rv = VNET_API_ERROR_NO_SUCH_FIB; + goto out; + } + fib_index = p[0]; + } + + path_mtu = ntohl (mp->path_mtu); + if (path_mtu == ~0) + path_mtu = 512; // RFC 7011 section 10.3.3. + template_interval = ntohl (mp->template_interval); + if (template_interval == ~0) + template_interval = 20; + udp_checksum = mp->udp_checksum; + + if (collector.as_u32 == 0) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto out; + } + + if (src.as_u32 == 0) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto out; + } + + if (path_mtu > 1450 /* vpp does not support fragmentation */ ) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto out; + } + + if (path_mtu < 68) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto out; + } + + /* Reset report streams if we are reconfiguring IP addresses */ + if (frm->ipfix_collector.as_u32 != collector.as_u32 || + frm->src_address.as_u32 != src.as_u32 || + frm->collector_port != collector_port) + vnet_flow_reports_reset (frm); + + frm->ipfix_collector.as_u32 = collector.as_u32; + frm->collector_port = collector_port; + frm->src_address.as_u32 = src.as_u32; + frm->fib_index = fib_index; + frm->path_mtu = path_mtu; + frm->template_interval = template_interval; + frm->udp_checksum = udp_checksum; + + /* Turn on the flow reporting process */ + vlib_process_signal_event (vm, flow_report_process_node.index, 1, 0); + +out: + REPLY_MACRO (VL_API_SET_IPFIX_EXPORTER_REPLY); +} + +static void +vl_api_ipfix_exporter_dump_t_handler (vl_api_ipfix_exporter_dump_t * mp) +{ + flow_report_main_t *frm = &flow_report_main; + vl_api_registration_t *reg; + vl_api_ipfix_exporter_details_t *rmp; + ip4_main_t *im = &ip4_main; + u32 vrf_id; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return;; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_IPFIX_EXPORTER_DETAILS); + rmp->context = mp->context; + memcpy (rmp->collector_address, frm->ipfix_collector.data, + sizeof (frm->ipfix_collector.data)); + rmp->collector_port = htons (frm->collector_port); + memcpy (rmp->src_address, frm->src_address.data, + sizeof (frm->src_address.data)); + if (frm->fib_index == ~0) + vrf_id = ~0; + else + vrf_id = im->fibs[frm->fib_index].ft_table_id; + rmp->vrf_id = htonl (vrf_id); + rmp->path_mtu = htonl (frm->path_mtu); + rmp->template_interval = htonl (frm->template_interval); + rmp->udp_checksum = (frm->udp_checksum != 0); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void + vl_api_set_ipfix_classify_stream_t_handler + (vl_api_set_ipfix_classify_stream_t * mp) +{ + vl_api_set_ipfix_classify_stream_reply_t *rmp; + flow_report_classify_main_t *fcm = &flow_report_classify_main; + flow_report_main_t *frm = &flow_report_main; + u32 domain_id = 0; + u32 src_port = UDP_DST_PORT_ipfix; + int rv = 0; + + domain_id = ntohl (mp->domain_id); + src_port = ntohs (mp->src_port); + + if (fcm->src_port != 0 && + (fcm->domain_id != domain_id || fcm->src_port != (u16) src_port)) + { + int rv = vnet_stream_change (frm, fcm->domain_id, fcm->src_port, + domain_id, (u16) src_port); + ASSERT (rv == 0); + } + + fcm->domain_id = domain_id; + fcm->src_port = (u16) src_port; + + REPLY_MACRO (VL_API_SET_IPFIX_CLASSIFY_STREAM_REPLY); +} + +static void + vl_api_ipfix_classify_stream_dump_t_handler + (vl_api_ipfix_classify_stream_dump_t * mp) +{ + flow_report_classify_main_t *fcm = &flow_report_classify_main; + vl_api_registration_t *reg; + vl_api_ipfix_classify_stream_details_t *rmp; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_IPFIX_CLASSIFY_STREAM_DETAILS); + rmp->context = mp->context; + rmp->domain_id = htonl (fcm->domain_id); + rmp->src_port = htons (fcm->src_port); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void + vl_api_ipfix_classify_table_add_del_t_handler + (vl_api_ipfix_classify_table_add_del_t * mp) +{ + vl_api_ipfix_classify_table_add_del_reply_t *rmp; + flow_report_classify_main_t *fcm = &flow_report_classify_main; + flow_report_main_t *frm = &flow_report_main; + vnet_flow_report_add_del_args_t args; + ipfix_classify_table_t *table; + int is_add; + u32 classify_table_index; + u8 ip_version; + u8 transport_protocol; + int rv = 0; + + classify_table_index = ntohl (mp->table_id); + ip_version = mp->ip_version; + transport_protocol = mp->transport_protocol; + is_add = mp->is_add; + + if (fcm->src_port == 0) + { + /* call set_ipfix_classify_stream first */ + rv = VNET_API_ERROR_UNSPECIFIED; + goto out; + } + + memset (&args, 0, sizeof (args)); + + table = 0; + int i; + for (i = 0; i < vec_len (fcm->tables); i++) + if (ipfix_classify_table_index_valid (i)) + if (fcm->tables[i].classify_table_index == classify_table_index) + { + table = &fcm->tables[i]; + break; + } + + if (is_add) + { + if (table) + { + rv = VNET_API_ERROR_VALUE_EXIST; + goto out; + } + table = ipfix_classify_add_table (); + table->classify_table_index = classify_table_index; + } + else + { + if (!table) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto out; + } + } + + table->ip_version = ip_version; + table->transport_protocol = transport_protocol; + + args.opaque.as_uword = table - fcm->tables; + args.rewrite_callback = ipfix_classify_template_rewrite; + args.flow_data_callback = ipfix_classify_send_flows; + args.is_add = is_add; + args.domain_id = fcm->domain_id; + args.src_port = fcm->src_port; + + rv = vnet_flow_report_add_del (frm, &args, NULL); + + /* If deleting, or add failed */ + if (is_add == 0 || (rv && is_add)) + ipfix_classify_delete_table (table - fcm->tables); + +out: + REPLY_MACRO (VL_API_SET_IPFIX_CLASSIFY_STREAM_REPLY); +} + +static void +send_ipfix_classify_table_details (u32 table_index, + vl_api_registration_t * reg, u32 context) +{ + flow_report_classify_main_t *fcm = &flow_report_classify_main; + vl_api_ipfix_classify_table_details_t *mp; + + ipfix_classify_table_t *table = &fcm->tables[table_index]; + + mp = vl_msg_api_alloc (sizeof (*mp)); + memset (mp, 0, sizeof (*mp)); + mp->_vl_msg_id = ntohs (VL_API_IPFIX_CLASSIFY_TABLE_DETAILS); + mp->context = context; + mp->table_id = htonl (table->classify_table_index); + mp->ip_version = table->ip_version; + mp->transport_protocol = table->transport_protocol; + + vl_api_send_msg (reg, (u8 *) mp); +} + +static void + vl_api_ipfix_classify_table_dump_t_handler + (vl_api_ipfix_classify_table_dump_t * mp) +{ + flow_report_classify_main_t *fcm = &flow_report_classify_main; + vl_api_registration_t *reg; + u32 i; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + for (i = 0; i < vec_len (fcm->tables); i++) + if (ipfix_classify_table_index_valid (i)) + send_ipfix_classify_table_details (i, reg, mp->context); +} + +/* + * flow_api_hookup + * Add vpe's API message handlers to the table. + * vlib has alread mapped shared memory and + * added the client registration handlers. + * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process() + */ +#define vl_msg_name_crc_list +#include <vnet/vnet_all_api_h.h> +#undef vl_msg_name_crc_list + +static void +setup_message_id_table (api_main_t * am) +{ +#define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id); + foreach_vl_msg_name_crc_ipfix_export; +#undef _ +} + +static clib_error_t * +flow_api_hookup (vlib_main_t * vm) +{ + api_main_t *am = &api_main; + +#define _(N,n) \ + vl_msg_api_set_handlers(VL_API_##N, #n, \ + vl_api_##n##_t_handler, \ + vl_noop_handler, \ + vl_api_##n##_t_endian, \ + vl_api_##n##_t_print, \ + sizeof(vl_api_##n##_t), 1); + foreach_vpe_api_msg; +#undef _ + + /* + * Set up the (msg_name, crc, message-id) table + */ + setup_message_id_table (am); + + return 0; +} + +VLIB_API_INIT_FUNCTION (flow_api_hookup); + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipfix-export/flow_report.c b/src/vnet/ipfix-export/flow_report.c new file mode 100644 index 00000000000..793eedaeb38 --- /dev/null +++ b/src/vnet/ipfix-export/flow_report.c @@ -0,0 +1,529 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * flow_report.c + */ +#include <vnet/ipfix-export/flow_report.h> +#include <vnet/api_errno.h> + +flow_report_main_t flow_report_main; + +static_always_inline u8 +stream_index_valid (u32 index) +{ + flow_report_main_t *frm = &flow_report_main; + return index < vec_len (frm->streams) && + frm->streams[index].domain_id != ~0; +} + +static_always_inline flow_report_stream_t * +add_stream (void) +{ + flow_report_main_t *frm = &flow_report_main; + u32 i; + for (i = 0; i < vec_len (frm->streams); i++) + if (!stream_index_valid (i)) + return &frm->streams[i]; + u32 index = vec_len (frm->streams); + vec_validate (frm->streams, index); + return &frm->streams[index]; +} + +static_always_inline void +delete_stream (u32 index) +{ + flow_report_main_t *frm = &flow_report_main; + ASSERT (index < vec_len (frm->streams)); + ASSERT (frm->streams[index].domain_id != ~0); + frm->streams[index].domain_id = ~0; +} + +static i32 +find_stream (u32 domain_id, u16 src_port) +{ + flow_report_main_t *frm = &flow_report_main; + flow_report_stream_t *stream; + u32 i; + for (i = 0; i < vec_len (frm->streams); i++) + if (stream_index_valid (i)) + { + stream = &frm->streams[i]; + if (domain_id == stream->domain_id) + { + if (src_port != stream->src_port) + return -2; + return i; + } + else if (src_port == stream->src_port) + { + return -2; + } + } + return -1; +} + +int +send_template_packet (flow_report_main_t * frm, + flow_report_t * fr, u32 * buffer_indexp) +{ + u32 bi0; + vlib_buffer_t *b0; + ip4_ipfix_template_packet_t *tp; + ipfix_message_header_t *h; + ip4_header_t *ip; + udp_header_t *udp; + vlib_main_t *vm = frm->vlib_main; + flow_report_stream_t *stream; + vlib_buffer_free_list_t *fl; + + ASSERT (buffer_indexp); + + if (fr->update_rewrite || fr->rewrite == 0) + { + if (frm->ipfix_collector.as_u32 == 0 || frm->src_address.as_u32 == 0) + { + vlib_node_set_state (frm->vlib_main, flow_report_process_node.index, + VLIB_NODE_STATE_DISABLED); + return -1; + } + vec_free (fr->rewrite); + fr->update_rewrite = 1; + } + + if (fr->update_rewrite) + { + fr->rewrite = fr->rewrite_callback (frm, fr, + &frm->ipfix_collector, + &frm->src_address, + frm->collector_port); + fr->update_rewrite = 0; + } + + if (vlib_buffer_alloc (vm, &bi0, 1) != 1) + return -1; + + b0 = vlib_get_buffer (vm, bi0); + + /* Initialize the buffer */ + fl = vlib_buffer_get_free_list (vm, VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX); + vlib_buffer_init_for_free_list (b0, fl); + VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0); + + ASSERT (vec_len (fr->rewrite) < VLIB_BUFFER_DEFAULT_FREE_LIST_BYTES); + + clib_memcpy (b0->data, fr->rewrite, vec_len (fr->rewrite)); + b0->current_data = 0; + b0->current_length = vec_len (fr->rewrite); + b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT); + vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0; + vnet_buffer (b0)->sw_if_index[VLIB_TX] = frm->fib_index; + + tp = vlib_buffer_get_current (b0); + ip = (ip4_header_t *) & tp->ip4; + udp = (udp_header_t *) (ip + 1); + h = (ipfix_message_header_t *) (udp + 1); + + /* FIXUP: message header export_time */ + h->export_time = (u32) + (((f64) frm->unix_time_0) + + (vlib_time_now (frm->vlib_main) - frm->vlib_time_0)); + h->export_time = clib_host_to_net_u32 (h->export_time); + + stream = &frm->streams[fr->stream_index]; + + /* FIXUP: message header sequence_number. Templates do not increase it */ + h->sequence_number = clib_host_to_net_u32 (stream->sequence_number); + + /* FIXUP: udp length */ + udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip)); + + if (frm->udp_checksum) + { + /* RFC 7011 section 10.3.2. */ + udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip); + if (udp->checksum == 0) + udp->checksum = 0xffff; + } + + *buffer_indexp = bi0; + + fr->last_template_sent = vlib_time_now (vm); + + return 0; +} + +static uword +flow_report_process (vlib_main_t * vm, + vlib_node_runtime_t * rt, vlib_frame_t * f) +{ + flow_report_main_t *frm = &flow_report_main; + flow_report_t *fr; + u32 ip4_lookup_node_index; + vlib_node_t *ip4_lookup_node; + vlib_frame_t *nf = 0; + u32 template_bi; + u32 *to_next; + int send_template; + f64 now; + int rv; + uword event_type; + uword *event_data = 0; + + /* Wait for Godot... */ + vlib_process_wait_for_event_or_clock (vm, 1e9); + event_type = vlib_process_get_events (vm, &event_data); + if (event_type != 1) + clib_warning ("bogus kickoff event received, %d", event_type); + vec_reset_length (event_data); + + /* Enqueue pkts to ip4-lookup */ + ip4_lookup_node = vlib_get_node_by_name (vm, (u8 *) "ip4-lookup"); + ip4_lookup_node_index = ip4_lookup_node->index; + + while (1) + { + vlib_process_wait_for_event_or_clock (vm, 5.0); + event_type = vlib_process_get_events (vm, &event_data); + vec_reset_length (event_data); + + vec_foreach (fr, frm->reports) + { + now = vlib_time_now (vm); + + /* Need to send a template packet? */ + send_template = + now > (fr->last_template_sent + frm->template_interval); + send_template += fr->last_template_sent == 0; + template_bi = ~0; + rv = 0; + + if (send_template) + rv = send_template_packet (frm, fr, &template_bi); + + if (rv < 0) + continue; + + nf = vlib_get_frame_to_node (vm, ip4_lookup_node_index); + nf->n_vectors = 0; + to_next = vlib_frame_vector_args (nf); + + if (template_bi != ~0) + { + to_next[0] = template_bi; + to_next++; + nf->n_vectors++; + } + + nf = fr->flow_data_callback (frm, fr, + nf, to_next, ip4_lookup_node_index); + if (nf) + vlib_put_frame_to_node (vm, ip4_lookup_node_index, nf); + } + } + + return 0; /* not so much */ +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (flow_report_process_node) = { + .function = flow_report_process, + .type = VLIB_NODE_TYPE_PROCESS, + .name = "flow-report-process", +}; +/* *INDENT-ON* */ + +int +vnet_flow_report_add_del (flow_report_main_t * frm, + vnet_flow_report_add_del_args_t * a, + u16 * template_id) +{ + int i; + int found_index = ~0; + flow_report_t *fr; + flow_report_stream_t *stream; + u32 si; + + si = find_stream (a->domain_id, a->src_port); + if (si == -2) + return VNET_API_ERROR_INVALID_VALUE; + if (si == -1 && a->is_add == 0) + return VNET_API_ERROR_NO_SUCH_ENTRY; + + for (i = 0; i < vec_len (frm->reports); i++) + { + fr = vec_elt_at_index (frm->reports, i); + if (fr->opaque.as_uword == a->opaque.as_uword + && fr->rewrite_callback == a->rewrite_callback + && fr->flow_data_callback == a->flow_data_callback) + { + found_index = i; + if (template_id) + *template_id = fr->template_id; + break; + } + } + + if (a->is_add == 0) + { + if (found_index != ~0) + { + vec_delete (frm->reports, 1, found_index); + stream = &frm->streams[si]; + stream->n_reports--; + if (stream->n_reports == 0) + delete_stream (si); + return 0; + } + return VNET_API_ERROR_NO_SUCH_ENTRY; + } + + if (found_index != ~0) + return VNET_API_ERROR_VALUE_EXIST; + + if (si == -1) + { + stream = add_stream (); + stream->domain_id = a->domain_id; + stream->src_port = a->src_port; + stream->sequence_number = 0; + stream->n_reports = 0; + si = stream - frm->streams; + } + else + stream = &frm->streams[si]; + + stream->n_reports++; + + vec_add2 (frm->reports, fr, 1); + + fr->stream_index = si; + fr->template_id = 256 + stream->next_template_no; + stream->next_template_no = (stream->next_template_no + 1) % (65536 - 256); + fr->update_rewrite = 1; + fr->opaque = a->opaque; + fr->rewrite_callback = a->rewrite_callback; + fr->flow_data_callback = a->flow_data_callback; + + if (template_id) + *template_id = fr->template_id; + + return 0; +} + +clib_error_t * +flow_report_add_del_error_to_clib_error (int error) +{ + switch (error) + { + case 0: + return 0; + case VNET_API_ERROR_NO_SUCH_ENTRY: + return clib_error_return (0, "Flow report not found"); + case VNET_API_ERROR_VALUE_EXIST: + return clib_error_return (0, "Flow report already exists"); + case VNET_API_ERROR_INVALID_VALUE: + return clib_error_return (0, "Expecting either still unused values " + "for both domain_id and src_port " + "or already used values for both fields"); + default: + return clib_error_return (0, "vnet_flow_report_add_del returned %d", + error); + } +} + +void +vnet_flow_reports_reset (flow_report_main_t * frm) +{ + flow_report_t *fr; + u32 i; + + for (i = 0; i < vec_len (frm->streams); i++) + if (stream_index_valid (i)) + frm->streams[i].sequence_number = 0; + + vec_foreach (fr, frm->reports) + { + fr->update_rewrite = 1; + fr->last_template_sent = 0; + } +} + +void +vnet_stream_reset (flow_report_main_t * frm, u32 stream_index) +{ + flow_report_t *fr; + + frm->streams[stream_index].sequence_number = 0; + + vec_foreach (fr, frm->reports) + if (frm->reports->stream_index == stream_index) + { + fr->update_rewrite = 1; + fr->last_template_sent = 0; + } +} + +int +vnet_stream_change (flow_report_main_t * frm, + u32 old_domain_id, u16 old_src_port, + u32 new_domain_id, u16 new_src_port) +{ + i32 stream_index = find_stream (old_domain_id, old_src_port); + if (stream_index < 0) + return 1; + flow_report_stream_t *stream = &frm->streams[stream_index]; + stream->domain_id = new_domain_id; + stream->src_port = new_src_port; + if (old_domain_id != new_domain_id || old_src_port != new_src_port) + vnet_stream_reset (frm, stream_index); + return 0; +} + +static clib_error_t * +set_ipfix_exporter_command_fn (vlib_main_t * vm, + unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + flow_report_main_t *frm = &flow_report_main; + ip4_address_t collector, src; + u16 collector_port = UDP_DST_PORT_ipfix; + u32 fib_id; + u32 fib_index = ~0; + + collector.as_u32 = 0; + src.as_u32 = 0; + u32 path_mtu = 512; // RFC 7011 section 10.3.3. + u32 template_interval = 20; + u8 udp_checksum = 0; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "collector %U", unformat_ip4_address, &collector)) + ; + else if (unformat (input, "port %u", &collector_port)) + ; + else if (unformat (input, "src %U", unformat_ip4_address, &src)) + ; + else if (unformat (input, "fib-id %u", &fib_id)) + { + ip4_main_t *im = &ip4_main; + uword *p = hash_get (im->fib_index_by_table_id, fib_id); + if (!p) + return clib_error_return (0, "fib ID %d doesn't exist\n", fib_id); + fib_index = p[0]; + } + else if (unformat (input, "path-mtu %u", &path_mtu)) + ; + else if (unformat (input, "template-interval %u", &template_interval)) + ; + else if (unformat (input, "udp-checksum")) + udp_checksum = 1; + else + break; + } + + if (collector.as_u32 != 0 && src.as_u32 == 0) + return clib_error_return (0, "src address required"); + + if (path_mtu > 1450 /* vpp does not support fragmentation */ ) + return clib_error_return (0, "too big path-mtu value, maximum is 1450"); + + if (path_mtu < 68) + return clib_error_return (0, "too small path-mtu value, minimum is 68"); + + /* Reset report streams if we are reconfiguring IP addresses */ + if (frm->ipfix_collector.as_u32 != collector.as_u32 || + frm->src_address.as_u32 != src.as_u32 || + frm->collector_port != collector_port) + vnet_flow_reports_reset (frm); + + frm->ipfix_collector.as_u32 = collector.as_u32; + frm->collector_port = collector_port; + frm->src_address.as_u32 = src.as_u32; + frm->fib_index = fib_index; + frm->path_mtu = path_mtu; + frm->template_interval = template_interval; + frm->udp_checksum = udp_checksum; + + if (collector.as_u32) + vlib_cli_output (vm, "Collector %U, src address %U, " + "fib index %d, path MTU %u, " + "template resend interval %us, " + "udp checksum %s", + format_ip4_address, &frm->ipfix_collector, + format_ip4_address, &frm->src_address, + fib_index, path_mtu, template_interval, + udp_checksum ? "enabled" : "disabled"); + else + vlib_cli_output (vm, "IPFIX Collector is disabled"); + + /* Turn on the flow reporting process */ + vlib_process_signal_event (vm, flow_report_process_node.index, 1, 0); + return 0; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (set_ipfix_exporter_command, static) = { + .path = "set ipfix exporter", + .short_help = "set ipfix exporter " + "collector <ip4-address> [port <port>] " + "src <ip4-address> [fib-id <fib-id>] " + "[path-mtu <path-mtu>] " + "[template-interval <template-interval>]", + "[udp-checksum]", + .function = set_ipfix_exporter_command_fn, +}; +/* *INDENT-ON* */ + + +static clib_error_t * +ipfix_flush_command_fn (vlib_main_t * vm, + unformat_input_t * input, vlib_cli_command_t * cmd) +{ + /* poke the flow reporting process */ + vlib_process_signal_event (vm, flow_report_process_node.index, 1, 0); + return 0; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (ipfix_flush_command, static) = { + .path = "ipfix flush", + .short_help = "flush the current ipfix data [for make test]", + .function = ipfix_flush_command_fn, +}; +/* *INDENT-ON* */ + +static clib_error_t * +flow_report_init (vlib_main_t * vm) +{ + flow_report_main_t *frm = &flow_report_main; + + frm->vlib_main = vm; + frm->vnet_main = vnet_get_main (); + frm->unix_time_0 = time (0); + frm->vlib_time_0 = vlib_time_now (frm->vlib_main); + frm->fib_index = ~0; + + return 0; +} + +VLIB_INIT_FUNCTION (flow_report_init) +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipfix-export/flow_report.h b/src/vnet/ipfix-export/flow_report.h new file mode 100644 index 00000000000..b45ce06a880 --- /dev/null +++ b/src/vnet/ipfix-export/flow_report.h @@ -0,0 +1,159 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef __included_vnet_flow_report_h__ +#define __included_vnet_flow_report_h__ + +#include <vlib/vlib.h> +#include <vnet/vnet.h> +#include <vnet/pg/pg.h> +#include <vnet/ethernet/ethernet.h> +#include <vnet/ethernet/packet.h> +#include <vnet/ip/ip_packet.h> +#include <vnet/ip/ip4_packet.h> +#include <vnet/ip/ip6_packet.h> +#include <vnet/udp/udp.h> +#include <vlib/cli.h> +#include <vppinfra/error.h> +#include <vppinfra/hash.h> +#include <vppinfra/cache.h> + +#include <vnet/ipfix-export/ipfix_packet.h> + +/* Used to build the rewrite */ +typedef struct +{ + ip4_header_t ip4; + udp_header_t udp; + ipfix_template_packet_t ipfix; +} ip4_ipfix_template_packet_t; + +struct flow_report_main; +struct flow_report; + +typedef u8 *(vnet_flow_rewrite_callback_t) (struct flow_report_main *, + struct flow_report *, + ip4_address_t *, + ip4_address_t *, u16); + +typedef vlib_frame_t *(vnet_flow_data_callback_t) (struct flow_report_main *, + struct flow_report *, + vlib_frame_t *, u32 *, + u32); + +typedef union +{ + void *as_ptr; + uword as_uword; +} opaque_t; + +typedef struct +{ + u32 domain_id; + u32 sequence_number; + u16 src_port; + u16 n_reports; + u16 next_template_no; +} flow_report_stream_t; + +typedef struct flow_report +{ + /* ipfix rewrite, set by callback */ + u8 *rewrite; + u16 template_id; + u32 stream_index; + f64 last_template_sent; + int update_rewrite; + + /* Bitmap of fields to send */ + uword *fields_to_send; + + /* Opaque data */ + opaque_t opaque; + + /* build-the-rewrite callback */ + vnet_flow_rewrite_callback_t *rewrite_callback; + + /* Send-flow-data callback */ + vnet_flow_data_callback_t *flow_data_callback; +} flow_report_t; + +typedef struct flow_report_main +{ + flow_report_t *reports; + flow_report_stream_t *streams; + + /* ipfix collector ip address, port, our ip address, fib index */ + ip4_address_t ipfix_collector; + u16 collector_port; + ip4_address_t src_address; + u32 fib_index; + + /* Path MTU */ + u32 path_mtu; + + /* time interval in seconds after which to resend templates */ + u32 template_interval; + + /* UDP checksum calculation enable flag */ + u8 udp_checksum; + + /* time scale transform. Joy. */ + u32 unix_time_0; + f64 vlib_time_0; + + /* convenience variables */ + vlib_main_t *vlib_main; + vnet_main_t *vnet_main; +} flow_report_main_t; + +extern flow_report_main_t flow_report_main; + +extern vlib_node_registration_t flow_report_process_node; + +int vnet_flow_report_enable_disable (u32 sw_if_index, u32 table_index, + int enable_disable); +typedef struct +{ + vnet_flow_data_callback_t *flow_data_callback; + vnet_flow_rewrite_callback_t *rewrite_callback; + opaque_t opaque; + int is_add; + u32 domain_id; + u16 src_port; +} vnet_flow_report_add_del_args_t; + +int vnet_flow_report_add_del (flow_report_main_t * frm, + vnet_flow_report_add_del_args_t * a, + u16 * template_id); + +clib_error_t *flow_report_add_del_error_to_clib_error (int error); + +void vnet_flow_reports_reset (flow_report_main_t * frm); + +void vnet_stream_reset (flow_report_main_t * frm, u32 stream_index); + +int vnet_stream_change (flow_report_main_t * frm, + u32 old_domain_id, u16 old_src_port, + u32 new_domain_id, u16 new_src_port); + +#endif /* __included_vnet_flow_report_h__ */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipfix-export/flow_report_classify.c b/src/vnet/ipfix-export/flow_report_classify.c new file mode 100644 index 00000000000..46813ee6e1b --- /dev/null +++ b/src/vnet/ipfix-export/flow_report_classify.c @@ -0,0 +1,556 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include <vnet/ipfix-export/flow_report.h> +#include <vnet/ipfix-export/flow_report_classify.h> +#include <vnet/api_errno.h> + +/* Common prefix of tcp and udp headers + * containing only source and destination port fields */ +typedef struct +{ + u16 src_port, dst_port; +} tcpudp_header_t; + +flow_report_classify_main_t flow_report_classify_main; + +u8 * +ipfix_classify_template_rewrite (flow_report_main_t * frm, + flow_report_t * fr, + ip4_address_t * collector_address, + ip4_address_t * src_address, + u16 collector_port) +{ + flow_report_classify_main_t *fcm = &flow_report_classify_main; + vnet_classify_table_t *tblp; + vnet_classify_main_t *vcm = &vnet_classify_main; + u32 flow_table_index = fr->opaque.as_uword; + u8 *ip_start; + ip4_header_t *ip; + ip6_header_t *ip6; + tcpudp_header_t *tcpudp; + udp_header_t *udp; + ipfix_message_header_t *h; + ipfix_set_header_t *s; + ipfix_template_header_t *t; + ipfix_field_specifier_t *f; + ipfix_field_specifier_t *first_field; + u8 *rewrite = 0; + ip4_ipfix_template_packet_t *tp; + u32 field_count = 0; + u32 field_index = 0; + flow_report_stream_t *stream; + u8 ip_version; + u8 transport_protocol; + u8 *virt_mask; + u8 *real_mask; + + stream = &frm->streams[fr->stream_index]; + + ipfix_classify_table_t *table = &fcm->tables[flow_table_index]; + + ip_version = table->ip_version; + transport_protocol = table->transport_protocol; + + tblp = pool_elt_at_index (vcm->tables, table->classify_table_index); + + virt_mask = (u8 *) (tblp->mask - tblp->skip_n_vectors); + real_mask = (u8 *) (tblp->mask); + + /* Determine field count */ + ip_start = virt_mask + sizeof (ethernet_header_t); +#define _(field,mask,item,length) \ + if (((u8 *)&field >= real_mask) && (memcmp(&field, &mask, length) == 0)) \ + { \ + field_count++; \ + \ + fr->fields_to_send = clib_bitmap_set (fr->fields_to_send, \ + field_index, 1); \ + } \ + field_index++; + foreach_ipfix_field; +#undef _ + + /* Add packetTotalCount manually */ + field_count += 1; + + /* $$$ enterprise fields, at some later date */ + + /* allocate rewrite space */ + vec_validate_aligned (rewrite, + sizeof (ip4_ipfix_template_packet_t) + + field_count * sizeof (ipfix_field_specifier_t) - 1, + CLIB_CACHE_LINE_BYTES); + + tp = (ip4_ipfix_template_packet_t *) rewrite; + ip = (ip4_header_t *) & tp->ip4; + udp = (udp_header_t *) (ip + 1); + h = (ipfix_message_header_t *) (udp + 1); + s = (ipfix_set_header_t *) (h + 1); + t = (ipfix_template_header_t *) (s + 1); + first_field = f = (ipfix_field_specifier_t *) (t + 1); + + ip->ip_version_and_header_length = 0x45; + ip->ttl = 254; + ip->protocol = IP_PROTOCOL_UDP; + ip->src_address.as_u32 = src_address->as_u32; + ip->dst_address.as_u32 = collector_address->as_u32; + udp->src_port = clib_host_to_net_u16 (stream->src_port); + udp->dst_port = clib_host_to_net_u16 (collector_port); + udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip)); + + /* FIXUP: message header export_time */ + /* FIXUP: message header sequence_number */ + h->domain_id = clib_host_to_net_u32 (stream->domain_id); + + /* Take another trip through the mask and build the template */ + ip_start = virt_mask + sizeof (ethernet_header_t); +#define _(field,mask,item,length) \ + if (((u8 *)&field >= real_mask) && (memcmp(&field, &mask, length) == 0)) \ + { \ + f->e_id_length = ipfix_e_id_length (0 /* enterprise */, \ + item, length); \ + f++; \ + } + foreach_ipfix_field; +#undef _ + + /* Add packetTotalCount manually */ + f->e_id_length = + ipfix_e_id_length (0 /* enterprise */ , packetTotalCount, 8); + f++; + + /* Back to the template packet... */ + ip = (ip4_header_t *) & tp->ip4; + udp = (udp_header_t *) (ip + 1); + + ASSERT (f - first_field); + /* Field count in this template */ + t->id_count = ipfix_id_count (fr->template_id, f - first_field); + + /* set length in octets */ + s->set_id_length = + ipfix_set_id_length (2 /* set_id */ , (u8 *) f - (u8 *) s); + + /* message length in octets */ + h->version_length = version_length ((u8 *) f - (u8 *) h); + + ip->length = clib_host_to_net_u16 ((u8 *) f - (u8 *) ip); + ip->checksum = ip4_header_checksum (ip); + + return rewrite; +} + +vlib_frame_t * +ipfix_classify_send_flows (flow_report_main_t * frm, + flow_report_t * fr, + vlib_frame_t * f, u32 * to_next, u32 node_index) +{ + flow_report_classify_main_t *fcm = &flow_report_classify_main; + vnet_classify_main_t *vcm = &vnet_classify_main; + u32 flow_table_index = fr->opaque.as_uword; + vnet_classify_table_t *t; + vnet_classify_bucket_t *b; + vnet_classify_entry_t *v, *save_v; + vlib_buffer_t *b0 = 0; + u32 next_offset = 0; + u32 record_offset = 0; + u32 bi0 = ~0; + int i, j, k; + ip4_ipfix_template_packet_t *tp; + ipfix_message_header_t *h = 0; + ipfix_set_header_t *s = 0; + u8 *ip_start; + ip4_header_t *ip; + ip6_header_t *ip6; + tcpudp_header_t *tcpudp; + udp_header_t *udp; + int field_index; + u32 records_this_buffer; + u16 new_l0, old_l0; + ip_csum_t sum0; + vlib_main_t *vm = frm->vlib_main; + flow_report_stream_t *stream; + u8 ip_version; + u8 transport_protocol; + u8 *virt_key; + + stream = &frm->streams[fr->stream_index]; + + ipfix_classify_table_t *table = &fcm->tables[flow_table_index]; + + ip_version = table->ip_version; + transport_protocol = table->transport_protocol; + + t = pool_elt_at_index (vcm->tables, table->classify_table_index); + + while (__sync_lock_test_and_set (t->writer_lock, 1)) + ; + + for (i = 0; i < t->nbuckets; i++) + { + b = &t->buckets[i]; + if (b->offset == 0) + continue; + + save_v = vnet_classify_get_entry (t, b->offset); + for (j = 0; j < (1 << b->log2_pages); j++) + { + for (k = 0; k < t->entries_per_page; k++) + { + v = vnet_classify_entry_at_index + (t, save_v, j * t->entries_per_page + k); + + if (vnet_classify_entry_is_free (v)) + continue; + + /* OK, we have something to send... */ + if (PREDICT_FALSE (b0 == 0)) + { + if (vlib_buffer_alloc (vm, &bi0, 1) != 1) + goto flush; + b0 = vlib_get_buffer (vm, bi0); + + u32 copy_len = sizeof (ip4_header_t) + + sizeof (udp_header_t) + sizeof (ipfix_message_header_t); + clib_memcpy (b0->data, fr->rewrite, copy_len); + b0->current_data = 0; + b0->current_length = copy_len; + b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID; + vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0; + vnet_buffer (b0)->sw_if_index[VLIB_TX] = frm->fib_index; + + tp = vlib_buffer_get_current (b0); + ip = (ip4_header_t *) & tp->ip4; + udp = (udp_header_t *) (ip + 1); + h = (ipfix_message_header_t *) (udp + 1); + s = (ipfix_set_header_t *) (h + 1); + + /* FIXUP: message header export_time */ + h->export_time = (u32) + (((f64) frm->unix_time_0) + + (vlib_time_now (frm->vlib_main) - frm->vlib_time_0)); + h->export_time = clib_host_to_net_u32 (h->export_time); + + /* FIXUP: message header sequence_number */ + h->sequence_number = stream->sequence_number; + h->sequence_number = + clib_host_to_net_u32 (h->sequence_number); + + next_offset = (u32) (((u8 *) (s + 1)) - (u8 *) tp); + record_offset = next_offset; + records_this_buffer = 0; + } + + field_index = 0; + virt_key = (u8 *) (v->key - t->skip_n_vectors); + ip_start = virt_key + sizeof (ethernet_header_t); +#define _(field,mask,item,length) \ + if (clib_bitmap_get (fr->fields_to_send, field_index)) \ + { \ + clib_memcpy (b0->data + next_offset, &field, \ + length); \ + next_offset += length; \ + } \ + field_index++; + foreach_ipfix_field; +#undef _ + + /* Add packetTotalCount manually */ + { + u64 packets = clib_host_to_net_u64 (v->hits); + clib_memcpy (b0->data + next_offset, &packets, + sizeof (packets)); + next_offset += sizeof (packets); + } + records_this_buffer++; + stream->sequence_number++; + + /* Next record will have the same size as this record */ + u32 next_record_size = next_offset - record_offset; + record_offset = next_offset; + + if (next_offset + next_record_size > frm->path_mtu) + { + s->set_id_length = ipfix_set_id_length (fr->template_id, + next_offset - + (sizeof (*ip) + + sizeof (*udp) + + sizeof (*h))); + h->version_length = + version_length (next_offset - + (sizeof (*ip) + sizeof (*udp))); + b0->current_length = next_offset; + b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID; + + tp = vlib_buffer_get_current (b0); + ip = (ip4_header_t *) & tp->ip4; + udp = (udp_header_t *) (ip + 1); + + sum0 = ip->checksum; + old_l0 = ip->length; + new_l0 = clib_host_to_net_u16 ((u16) next_offset); + + sum0 = ip_csum_update (sum0, old_l0, new_l0, ip4_header_t, + length /* changed member */ ); + + ip->checksum = ip_csum_fold (sum0); + ip->length = new_l0; + udp->length = + clib_host_to_net_u16 (b0->current_length - sizeof (*ip)); + + if (frm->udp_checksum) + { + /* RFC 7011 section 10.3.2. */ + udp->checksum = + ip4_tcp_udp_compute_checksum (vm, b0, ip); + if (udp->checksum == 0) + udp->checksum = 0xffff; + } + + ASSERT (ip->checksum == ip4_header_checksum (ip)); + + to_next[0] = bi0; + f->n_vectors++; + to_next++; + + if (f->n_vectors == VLIB_FRAME_SIZE) + { + vlib_put_frame_to_node (vm, node_index, f); + f = vlib_get_frame_to_node (vm, node_index); + f->n_vectors = 0; + to_next = vlib_frame_vector_args (f); + } + b0 = 0; + bi0 = ~0; + } + } + } + } + +flush: + if (b0) + { + s->set_id_length = ipfix_set_id_length (fr->template_id, + next_offset - + (sizeof (*ip) + sizeof (*udp) + + sizeof (*h))); + h->version_length = version_length (next_offset - + (sizeof (*ip) + sizeof (*udp))); + b0->current_length = next_offset; + b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID; + + tp = vlib_buffer_get_current (b0); + ip = (ip4_header_t *) & tp->ip4; + udp = (udp_header_t *) (ip + 1); + + sum0 = ip->checksum; + old_l0 = ip->length; + new_l0 = clib_host_to_net_u16 ((u16) next_offset); + + sum0 = ip_csum_update (sum0, old_l0, new_l0, ip4_header_t, + length /* changed member */ ); + + ip->checksum = ip_csum_fold (sum0); + ip->length = new_l0; + udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip)); + + if (frm->udp_checksum) + { + /* RFC 7011 section 10.3.2. */ + udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip); + if (udp->checksum == 0) + udp->checksum = 0xffff; + } + + ASSERT (ip->checksum == ip4_header_checksum (ip)); + + to_next[0] = bi0; + f->n_vectors++; + + b0 = 0; + bi0 = ~0; + } + + *(t->writer_lock) = 0; + return f; +} + +static clib_error_t * +ipfix_classify_table_add_del_command_fn (vlib_main_t * vm, + unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + flow_report_classify_main_t *fcm = &flow_report_classify_main; + flow_report_main_t *frm = &flow_report_main; + vnet_flow_report_add_del_args_t args; + ipfix_classify_table_t *table; + int rv; + int is_add = -1; + u32 classify_table_index = ~0; + u8 ip_version = 0; + u8 transport_protocol = 255; + clib_error_t *error = 0; + + if (fcm->src_port == 0) + clib_error_return (0, "call 'set ipfix classify stream' first"); + + memset (&args, 0, sizeof (args)); + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "add")) + is_add = 1; + else if (unformat (input, "del")) + is_add = 0; + else if (unformat (input, "%d", &classify_table_index)) + ; + else if (unformat (input, "ip4")) + ip_version = 4; + else if (unformat (input, "ip6")) + ip_version = 6; + else if (unformat (input, "tcp")) + transport_protocol = 6; + else if (unformat (input, "udp")) + transport_protocol = 17; + else + return clib_error_return (0, "unknown input `%U'", + format_unformat_error, input); + } + + if (is_add == -1) + return clib_error_return (0, "expecting: add|del"); + if (classify_table_index == ~0) + return clib_error_return (0, "classifier table not specified"); + if (ip_version == 0) + return clib_error_return (0, "IP version not specified"); + + table = 0; + int i; + for (i = 0; i < vec_len (fcm->tables); i++) + if (ipfix_classify_table_index_valid (i)) + if (fcm->tables[i].classify_table_index == classify_table_index) + { + table = &fcm->tables[i]; + break; + } + + if (is_add) + { + if (table) + return clib_error_return (0, + "Specified classifier table already used"); + table = ipfix_classify_add_table (); + table->classify_table_index = classify_table_index; + } + else + { + if (!table) + return clib_error_return (0, + "Specified classifier table not registered"); + } + + table->ip_version = ip_version; + table->transport_protocol = transport_protocol; + + args.opaque.as_uword = table - fcm->tables; + args.rewrite_callback = ipfix_classify_template_rewrite; + args.flow_data_callback = ipfix_classify_send_flows; + args.is_add = is_add; + args.domain_id = fcm->domain_id; + args.src_port = fcm->src_port; + + rv = vnet_flow_report_add_del (frm, &args, NULL); + + error = flow_report_add_del_error_to_clib_error (rv); + + /* If deleting, or add failed */ + if (is_add == 0 || (rv && is_add)) + ipfix_classify_delete_table (table - fcm->tables); + + return error; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (ipfix_classify_table_add_del_command, static) = { + .path = "ipfix classify table", + .short_help = "ipfix classify table add|del <table-index>", + .function = ipfix_classify_table_add_del_command_fn, +}; +/* *INDENT-ON* */ + +static clib_error_t * +set_ipfix_classify_stream_command_fn (vlib_main_t * vm, + unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + flow_report_classify_main_t *fcm = &flow_report_classify_main; + flow_report_main_t *frm = &flow_report_main; + u32 domain_id = 1; + u32 src_port = UDP_DST_PORT_ipfix; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "domain %d", &domain_id)) + ; + else if (unformat (input, "src-port %d", &src_port)) + ; + else + return clib_error_return (0, "unknown input `%U'", + format_unformat_error, input); + } + + if (fcm->src_port != 0 && + (fcm->domain_id != domain_id || fcm->src_port != (u16) src_port)) + { + int rv = vnet_stream_change (frm, fcm->domain_id, fcm->src_port, + domain_id, (u16) src_port); + ASSERT (rv == 0); + } + + fcm->domain_id = domain_id; + fcm->src_port = (u16) src_port; + + return 0; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (set_ipfix_classify_stream_command, static) = { + .path = "set ipfix classify stream", + .short_help = "set ipfix classify stream" + "[domain <domain-id>] [src-port <src-port>]", + .function = set_ipfix_classify_stream_command_fn, +}; +/* *INDENT-ON* */ + +static clib_error_t * +flow_report_classify_init (vlib_main_t * vm) +{ + clib_error_t *error; + + if ((error = vlib_call_init_function (vm, flow_report_init))) + return error; + + return 0; +} + +VLIB_INIT_FUNCTION (flow_report_classify_init); + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipfix-export/flow_report_classify.h b/src/vnet/ipfix-export/flow_report_classify.h new file mode 100644 index 00000000000..0533b450122 --- /dev/null +++ b/src/vnet/ipfix-export/flow_report_classify.h @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef __included_flow_report_classify_h__ +#define __included_flow_report_classify_h__ + +#define foreach_ipfix_ip4_field \ +_(ip->src_address.as_u32, ((u32[]){0xFFFFFFFF}), sourceIPv4Address, 4) \ +_(ip->dst_address.as_u32, ((u32[]){0xFFFFFFFF}), destinationIPv4Address, 4) \ +_(ip->protocol, ((u8[]){0xFF}), protocolIdentifier, 1) + +#define foreach_ipfix_ip6_field \ +_(ip6->src_address.as_u8, \ + ((u32[]){0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}), \ + sourceIPv6Address, 16) \ +_(ip6->dst_address.as_u8, \ + ((u32[]){0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}), \ + destinationIPv6Address, 16) \ +_(ip6->protocol, ((u8[]){0xFF}), protocolIdentifier, 1) + +#define foreach_ipfix_tcpudp_field \ +_(tcpudp->src_port, ((u16[]){0xFFFF}), sourceTransportPort, 2) \ +_(tcpudp->dst_port, ((u16[]){0xFFFF}), destinationTransportPort, 2) + +#define foreach_ipfix_tcp_field \ +_(tcpudp->src_port, ((u16[]){0xFFFF}), tcpSourcePort, 2) \ +_(tcpudp->dst_port, ((u16[]){0xFFFF}), tcpDestinationPort, 2) + +#define foreach_ipfix_udp_field \ +_(tcpudp->src_port, ((u16[]){0xFFFF}), udpSourcePort, 2) \ +_(tcpudp->dst_port, ((u16[]){0xFFFF}), udpDestinationPort, 2) + +#define foreach_ipfix_transport_protocol_field \ + switch (transport_protocol) { \ + case 255: \ + foreach_ipfix_tcpudp_field; \ + break; \ + case 6: \ + foreach_ipfix_tcp_field; \ + break; \ + case 17: \ + foreach_ipfix_udp_field; \ + break; \ + } + +#define foreach_ipfix_field \ + if (ip_version == 4) { \ + ip = (ip4_header_t *)ip_start; \ + tcpudp = (tcpudp_header_t *)(ip+1); \ + foreach_ipfix_ip4_field; \ + } else { \ + ip6 = (ip6_header_t *)ip_start; \ + tcpudp = (tcpudp_header_t *)(ip6+1); \ + foreach_ipfix_ip6_field; \ + } \ + foreach_ipfix_transport_protocol_field + +typedef struct +{ + u32 classify_table_index; + u8 ip_version; + u8 transport_protocol; +} ipfix_classify_table_t; + +typedef struct +{ + u32 domain_id; + u16 src_port; + ipfix_classify_table_t *tables; +} flow_report_classify_main_t; + +extern flow_report_classify_main_t flow_report_classify_main; + +static_always_inline u8 +ipfix_classify_table_index_valid (u32 index) +{ + flow_report_classify_main_t *fcm = &flow_report_classify_main; + return index < vec_len (fcm->tables) && + fcm->tables[index].classify_table_index != ~0; +} + +static_always_inline ipfix_classify_table_t * +ipfix_classify_add_table (void) +{ + flow_report_classify_main_t *fcm = &flow_report_classify_main; + u32 i; + for (i = 0; i < vec_len (fcm->tables); i++) + if (!ipfix_classify_table_index_valid (i)) + return &fcm->tables[i]; + u32 index = vec_len (fcm->tables); + vec_validate (fcm->tables, index); + return &fcm->tables[index]; +} + +static_always_inline void +ipfix_classify_delete_table (u32 index) +{ + flow_report_classify_main_t *fcm = &flow_report_classify_main; + ASSERT (index < vec_len (fcm->tables)); + ASSERT (fcm->tables[index].classify_table_index != ~0); + fcm->tables[index].classify_table_index = ~0; +} + +u8 *ipfix_classify_template_rewrite (flow_report_main_t * frm, + flow_report_t * fr, + ip4_address_t * collector_address, + ip4_address_t * src_address, + u16 collector_port); + +vlib_frame_t *ipfix_classify_send_flows (flow_report_main_t * frm, + flow_report_t * fr, + vlib_frame_t * f, + u32 * to_next, u32 node_index); + +#endif /* __included_flow_report_classify_h__ */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipfix-export/ipfix_export.api b/src/vnet/ipfix-export/ipfix_export.api new file mode 100644 index 00000000000..9bd3790a430 --- /dev/null +++ b/src/vnet/ipfix-export/ipfix_export.api @@ -0,0 +1,149 @@ +/* + * Copyright (c) 2015-2016 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +option version = "1.0.0"; + +/** \brief Configure IPFIX exporter process request + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param collector_address - address of IPFIX collector + @param collector_port - port of IPFIX collector + @param src_address - address of IPFIX exporter + @param vrf_id - VRF / fib table ID + @param path_mtu - Path MTU between exporter and collector + @param template_interval - number of seconds after which to resend template + @param udp_checksum - UDP checksum calculation enable flag +*/ +autoreply define set_ipfix_exporter +{ + u32 client_index; + u32 context; + u8 collector_address[16]; + u16 collector_port; + u8 src_address[16]; + u32 vrf_id; + u32 path_mtu; + u32 template_interval; + u8 udp_checksum; +}; + +/** \brief IPFIX exporter dump request + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define ipfix_exporter_dump +{ + u32 client_index; + u32 context; +}; + +/** \brief Reply to IPFIX exporter dump request + @param context - sender context which was passed in the request + @param collector_address - address of IPFIX collector + @param collector_port - port of IPFIX collector + @param src_address - address of IPFIX exporter + @param fib_index - fib table index + @param path_mtu - Path MTU between exporter and collector + @param template_interval - number of seconds after which to resend template + @param udp_checksum - UDP checksum calculation enable flag +*/ +define ipfix_exporter_details +{ + u32 context; + u8 collector_address[16]; + u16 collector_port; + u8 src_address[16]; + u32 vrf_id; + u32 path_mtu; + u32 template_interval; + u8 udp_checksum; +}; + +/** \brief IPFIX classify stream configure request + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param domain_id - domain ID reported in IPFIX messages for classify stream + @param src_port - source port of UDP session for classify stream +*/ +autoreply define set_ipfix_classify_stream { + u32 client_index; + u32 context; + u32 domain_id; + u16 src_port; +}; + +/** \brief IPFIX classify stream dump request + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define ipfix_classify_stream_dump { + u32 client_index; + u32 context; +}; + +/** \brief Reply to IPFIX classify stream dump request + @param context - sender context, to match reply w/ request + @param domain_id - domain ID reported in IPFIX messages for classify stream + @param src_port - source port of UDP session for classify stream +*/ +define ipfix_classify_stream_details { + u32 context; + u32 domain_id; + u16 src_port; +}; + +/** \brief IPFIX add or delete classifier table request + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param table_id - classifier table ID + @param ip_version - version of IP used in the classifier table + @param transport_protocol - transport protocol used in the classifier table or 255 for unspecified +*/ +autoreply define ipfix_classify_table_add_del { + u32 client_index; + u32 context; + u32 table_id; + u8 ip_version; + u8 transport_protocol; + u8 is_add; +}; + +/** \brief IPFIX classify tables dump request + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define ipfix_classify_table_dump { + u32 client_index; + u32 context; +}; + +/** \brief Reply to IPFIX classify tables dump request + @param context - sender context, to match reply w/ request + @param table_id - classifier table ID + @param ip_version - version of IP used in the classifier table + @param transport_protocol - transport protocol used in the classifier table or 255 for unspecified +*/ +define ipfix_classify_table_details { + u32 context; + u32 table_id; + u8 ip_version; + u8 transport_protocol; +}; + +/* + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipfix-export/ipfix_info_elements.h b/src/vnet/ipfix-export/ipfix_info_elements.h new file mode 100644 index 00000000000..171cdfe702e --- /dev/null +++ b/src/vnet/ipfix-export/ipfix_info_elements.h @@ -0,0 +1,443 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef __included_ipfix_info_elements_h__ +#define __included_ipfix_info_elements_h__ + +#define foreach_ipfix_info_element_t \ +_(octetDeltaCount, 1, u64) \ +_(packetDeltaCount, 2, u64) \ +_(deltaFlowCount, 3, u64) \ +_(protocolIdentifier, 4, u8) \ +_(ipClassOfService, 5, u8) \ +_(tcpControlBits, 6, u16) \ +_(sourceTransportPort, 7, u16) \ +_(sourceIPv4Address, 8, ip4_address_t) \ +_(sourceIPv4PrefixLength, 9, u8) \ +_(ingressInterface, 10, u32) \ +_(destinationTransportPort, 11, u16) \ +_(destinationIPv4Address, 12, ip4_address_t) \ +_(destinationIPv4PrefixLength, 13, u8) \ +_(egressInterface, 14, u32) \ +_(ipNextHopIPv4Address, 15, ip4_address_t) \ +_(bgpSourceAsNumber, 16, u32) \ +_(bgpDestinationAsNumber, 17, u32) \ +_(bgpNextHopIPv4Address, 18, ip4_address_t) \ +_(postMCastPacketDeltaCount, 19, u64) \ +_(postMCastOctetDeltaCount, 20, u64) \ +_(flowEndSysUpTime, 21, u32) \ +_(flowStartSysUpTime, 22, u32) \ +_(postOctetDeltaCount, 23, u64) \ +_(postPacketDeltaCount, 24, u64) \ +_(minimumIpTotalLength, 25, u64) \ +_(maximumIpTotalLength, 26, u64) \ +_(sourceIPv6Address, 27, ip6_address_t) \ +_(destinationIPv6Address, 28, ip6_address_t) \ +_(sourceIPv6PrefixLength, 29, u8) \ +_(destinationIPv6PrefixLength, 30, u8) \ +_(flowLabelIPv6, 31, u32) \ +_(icmpTypeCodeIPv4, 32, u16) \ +_(igmpType, 33, u8) \ +_(samplingInterval, 34, u32) \ +_(samplingAlgorithm, 35, u8) \ +_(flowActiveTimeout, 36, u16) \ +_(flowIdleTimeout, 37, u16) \ +_(engineType, 38, u8) \ +_(engineId, 39, u8) \ +_(exportedOctetTotalCount, 40, u64) \ +_(exportedMessageTotalCount, 41, u64) \ +_(exportedFlowRecordTotalCount, 42, u64) \ +_(ipv4RouterSc, 43, ip4_address_t) \ +_(sourceIPv4Prefix, 44, ip4_address_t) \ +_(destinationIPv4Prefix, 45, ip4_address_t) \ +_(mplsTopLabelType, 46, u8) \ +_(mplsTopLabelIPv4Address, 47, ip4_address_t) \ +_(samplerId, 48, u8) \ +_(samplerMode, 49, u8) \ +_(samplerRandomInterval, 50, u32) \ +_(classId, 51, u8) \ +_(minimumTTL, 52, u8) \ +_(maximumTTL, 53, u8) \ +_(fragmentIdentification, 54, u32) \ +_(postIpClassOfService, 55, u8) \ +_(sourceMacAddress, 56, macAddress) \ +_(postDestinationMacAddress, 57, macAddress) \ +_(vlanId, 58, u16) \ +_(postVlanId, 59, u16) \ +_(ipVersion, 60, u8) \ +_(flowDirection, 61, u8) \ +_(ipNextHopIPv6Address, 62, ip6_address_t) \ +_(bgpNextHopIPv6Address, 63, ip6_address_t) \ +_(ipv6ExtensionHeaders, 64, u32) \ +_(mplsTopLabelStackSection, 70, octetArray) \ +_(mplsLabelStackSection2, 71, octetArray) \ +_(mplsLabelStackSection3, 72, octetArray) \ +_(mplsLabelStackSection4, 73, octetArray) \ +_(mplsLabelStackSection5, 74, octetArray) \ +_(mplsLabelStackSection6, 75, octetArray) \ +_(mplsLabelStackSection7, 76, octetArray) \ +_(mplsLabelStackSection8, 77, octetArray) \ +_(mplsLabelStackSection9, 78, octetArray) \ +_(mplsLabelStackSection10, 79, octetArray) \ +_(destinationMacAddress, 80, macAddress) \ +_(postSourceMacAddress, 81, macAddress) \ +_(interfaceName, 82, string) \ +_(interfaceDescription, 83, string) \ +_(samplerName, 84, string) \ +_(octetTotalCount, 85, u64) \ +_(packetTotalCount, 86, u64) \ +_(flagsAndSamplerId, 87, u32) \ +_(fragmentOffset, 88, u16) \ +_(forwardingStatus, 89, u32) \ +_(mplsVpnRouteDistinguisher, 90, octetArray) \ +_(mplsTopLabelPrefixLength, 91, u8) \ +_(srcTrafficIndex, 92, u32) \ +_(dstTrafficIndex, 93, u32) \ +_(applicationDescription, 94, string) \ +_(applicationId, 95, octetArray) \ +_(applicationName, 96, string) \ +_(Assigned, 97, for NetFlow v9 compatibility ) \ +_(postIpDiffServCodePoint, 98, u8) \ +_(multicastReplicationFactor, 99, u32) \ +_(className, 100, string) \ +_(classificationEngineId, 101, u8) \ +_(layer2packetSectionOffset, 102, u16) \ +_(layer2packetSectionSize, 103, u16) \ +_(layer2packetSectionData, 104, octetArray) \ +_(bgpNextAdjacentAsNumber, 128, u32) \ +_(bgpPrevAdjacentAsNumber, 129, u32) \ +_(exporterIPv4Address, 130, ip4_address_t) \ +_(exporterIPv6Address, 131, ip6_address_t) \ +_(droppedOctetDeltaCount, 132, u64) \ +_(droppedPacketDeltaCount, 133, u64) \ +_(droppedOctetTotalCount, 134, u64) \ +_(droppedPacketTotalCount, 135, u64) \ +_(flowEndReason, 136, u8) \ +_(commonPropertiesId, 137, u64) \ +_(observationPointId, 138, u64) \ +_(icmpTypeCodeIPv6, 139, u16) \ +_(mplsTopLabelIPv6Address, 140, ip6_address_t) \ +_(lineCardId, 141, u32) \ +_(portId, 142, u32) \ +_(meteringProcessId, 143, u32) \ +_(exportingProcessId, 144, u32) \ +_(templateId, 145, u16) \ +_(wlanChannelId, 146, u8) \ +_(wlanSSID, 147, string) \ +_(flowId, 148, u64) \ +_(observationDomainId, 149, u32) \ +_(flowStartSeconds, 150, dateTimeSeconds) \ +_(flowEndSeconds, 151, dateTimeSeconds) \ +_(flowStartMilliseconds, 152, dateTimeMilliseconds) \ +_(flowEndMilliseconds, 153, dateTimeMilliseconds) \ +_(flowStartMicroseconds, 154, dateTimeMicroseconds) \ +_(flowEndMicroseconds, 155, dateTimeMicroseconds) \ +_(flowStartNanoseconds, 156, dateTimeNanoseconds) \ +_(flowEndNanoseconds, 157, dateTimeNanoseconds) \ +_(flowStartDeltaMicroseconds, 158, u32) \ +_(flowEndDeltaMicroseconds, 159, u32) \ +_(systemInitTimeMilliseconds, 160, dateTimeMilliseconds) \ +_(flowDurationMilliseconds, 161, u32) \ +_(flowDurationMicroseconds, 162, u32) \ +_(observedFlowTotalCount, 163, u64) \ +_(ignoredPacketTotalCount, 164, u64) \ +_(ignoredOctetTotalCount, 165, u64) \ +_(notSentFlowTotalCount, 166, u64) \ +_(notSentPacketTotalCount, 167, u64) \ +_(notSentOctetTotalCount, 168, u64) \ +_(destinationIPv6Prefix, 169, ip6_address_t) \ +_(sourceIPv6Prefix, 170, ip6_address_t) \ +_(postOctetTotalCount, 171, u64) \ +_(postPacketTotalCount, 172, u64) \ +_(flowKeyIndicator, 173, u64) \ +_(postMCastPacketTotalCount, 174, u64) \ +_(postMCastOctetTotalCount, 175, u64) \ +_(icmpTypeIPv4, 176, u8) \ +_(icmpCodeIPv4, 177, u8) \ +_(icmpTypeIPv6, 178, u8) \ +_(icmpCodeIPv6, 179, u8) \ +_(udpSourcePort, 180, u16) \ +_(udpDestinationPort, 181, u16) \ +_(tcpSourcePort, 182, u16) \ +_(tcpDestinationPort, 183, u16) \ +_(tcpSequenceNumber, 184, u32) \ +_(tcpAcknowledgementNumber, 185, u32) \ +_(tcpWindowSize, 186, u16) \ +_(tcpUrgentPointer, 187, u16) \ +_(tcpHeaderLength, 188, u8) \ +_(ipHeaderLength, 189, u8) \ +_(totalLengthIPv4, 190, u16) \ +_(payloadLengthIPv6, 191, u16) \ +_(ipTTL, 192, u8) \ +_(nextHeaderIPv6, 193, u8) \ +_(mplsPayloadLength, 194, u32) \ +_(ipDiffServCodePoint, 195, u8) \ +_(ipPrecedence, 196, u8) \ +_(fragmentFlags, 197, u8) \ +_(octetDeltaSumOfSquares, 198, u64) \ +_(octetTotalSumOfSquares, 199, u64) \ +_(mplsTopLabelTTL, 200, u8) \ +_(mplsLabelStackLength, 201, u32) \ +_(mplsLabelStackDepth, 202, u32) \ +_(mplsTopLabelExp, 203, u8) \ +_(ipPayloadLength, 204, u32) \ +_(udpMessageLength, 205, u16) \ +_(isMulticast, 206, u8) \ +_(ipv4IHL, 207, u8) \ +_(ipv4Options, 208, u32) \ +_(tcpOptions, 209, u64) \ +_(paddingOctets, 210, octetArray) \ +_(collectorIPv4Address, 211, ip4_address_t) \ +_(collectorIPv6Address, 212, ip6_address_t) \ +_(exportInterface, 213, u32) \ +_(exportProtocolVersion, 214, u8) \ +_(exportTransportProtocol, 215, u8) \ +_(collectorTransportPort, 216, u16) \ +_(exporterTransportPort, 217, u16) \ +_(tcpSynTotalCount, 218, u64) \ +_(tcpFinTotalCount, 219, u64) \ +_(tcpRstTotalCount, 220, u64) \ +_(tcpPshTotalCount, 221, u64) \ +_(tcpAckTotalCount, 222, u64) \ +_(tcpUrgTotalCount, 223, u64) \ +_(ipTotalLength, 224, u64) \ +_(postNATSourceIPv4Address, 225, ip4_address_t) \ +_(postNATDestinationIPv4Address, 226, ip4_address_t) \ +_(postNAPTSourceTransportPort, 227, u16) \ +_(postNAPTDestinationTransportPort, 228, u16) \ +_(natOriginatingAddressRealm, 229, u8) \ +_(natEvent, 230, u8) \ +_(initiatorOctets, 231, u64) \ +_(responderOctets, 232, u64) \ +_(firewallEvent, 233, u8) \ +_(ingressVRFID, 234, u32) \ +_(egressVRFID, 235, u32) \ +_(VRFname, 236, string) \ +_(postMplsTopLabelExp, 237, u8) \ +_(tcpWindowScale, 238, u16) \ +_(biflowDirection, 239, u8) \ +_(ethernetHeaderLength, 240, u8) \ +_(ethernetPayloadLength, 241, u16) \ +_(ethernetTotalLength, 242, u16) \ +_(dot1qVlanId, 243, u16) \ +_(dot1qPriority, 244, u8) \ +_(dot1qCustomerVlanId, 245, u16) \ +_(dot1qCustomerPriority, 246, u8) \ +_(metroEvcId, 247, string) \ +_(metroEvcType, 248, u8) \ +_(pseudoWireId, 249, u32) \ +_(pseudoWireType, 250, u16) \ +_(pseudoWireControlWord, 251, u32) \ +_(ingressPhysicalInterface, 252, u32) \ +_(egressPhysicalInterface, 253, u32) \ +_(postDot1qVlanId, 254, u16) \ +_(postDot1qCustomerVlanId, 255, u16) \ +_(ethernetType, 256, u16) \ +_(postIpPrecedence, 257, u8) \ +_(collectionTimeMilliseconds, 258, dateTimeMilliseconds) \ +_(exportSctpStreamId, 259, u16) \ +_(maxExportSeconds, 260, dateTimeSeconds) \ +_(maxFlowEndSeconds, 261, dateTimeSeconds) \ +_(messageMD5Checksum, 262, octetArray) \ +_(messageScope, 263, u8) \ +_(minExportSeconds, 264, dateTimeSeconds) \ +_(minFlowStartSeconds, 265, dateTimeSeconds) \ +_(opaqueOctets, 266, octetArray) \ +_(sessionScope, 267, u8) \ +_(maxFlowEndMicroseconds, 268, dateTimeMicroseconds) \ +_(maxFlowEndMilliseconds, 269, dateTimeMilliseconds) \ +_(maxFlowEndNanoseconds, 270, dateTimeNanoseconds) \ +_(minFlowStartMicroseconds, 271, dateTimeMicroseconds) \ +_(minFlowStartMilliseconds, 272, dateTimeMilliseconds) \ +_(minFlowStartNanoseconds, 273, dateTimeNanoseconds) \ +_(collectorCertificate, 274, octetArray) \ +_(exporterCertificate, 275, octetArray) \ +_(dataRecordsReliability, 276, boolean) \ +_(observationPointType, 277, u8) \ +_(newConnectionDeltaCount, 278, u32) \ +_(connectionSumDurationSeconds, 279, u64) \ +_(connectionTransactionId, 280, u64) \ +_(postNATSourceIPv6Address, 281, ip6_address_t) \ +_(postNATDestinationIPv6Address, 282, ip6_address_t) \ +_(natPoolId, 283, u32) \ +_(natPoolName, 284, string) \ +_(anonymizationFlags, 285, u16) \ +_(anonymizationTechnique, 286, u16) \ +_(informationElementIndex, 287, u16) \ +_(p2pTechnology, 288, string) \ +_(tunnelTechnology, 289, string) \ +_(encryptedTechnology, 290, string) \ +_(basicList, 291, basicList) \ +_(subTemplateList, 292, subTemplateList) \ +_(subTemplateMultiList, 293, subTemplateMultiList) \ +_(bgpValidityState, 294, u8) \ +_(IPSecSPI, 295, u32) \ +_(greKey, 296, u32) \ +_(natType, 297, u8) \ +_(initiatorPackets, 298, u64) \ +_(responderPackets, 299, u64) \ +_(observationDomainName, 300, string) \ +_(selectionSequenceId, 301, u64) \ +_(selectorId, 302, u64) \ +_(informationElementId, 303, u16) \ +_(selectorAlgorithm, 304, u16) \ +_(samplingPacketInterval, 305, u32) \ +_(samplingPacketSpace, 306, u32) \ +_(samplingTimeInterval, 307, u32) \ +_(samplingTimeSpace, 308, u32) \ +_(samplingSize, 309, u32) \ +_(samplingPopulation, 310, u32) \ +_(samplingProbability, 311, float64) \ +_(dataLinkFrameSize, 312, u16) \ +_(ipHeaderPacketSection, 313, octetArray) \ +_(ipPayloadPacketSection, 314, octetArray) \ +_(dataLinkFrameSection, 315, octetArray) \ +_(mplsLabelStackSection, 316, octetArray) \ +_(mplsPayloadPacketSection, 317, octetArray) \ +_(selectorIdTotalPktsObserved, 318, u64) \ +_(selectorIdTotalPktsSelected, 319, u64) \ +_(absoluteError, 320, float64) \ +_(relativeError, 321, float64) \ +_(observationTimeSeconds, 322, dateTimeSeconds) \ +_(observationTimeMilliseconds, 323, dateTimeMilliseconds) \ +_(observationTimeMicroseconds, 324, dateTimeMicroseconds) \ +_(observationTimeNanoseconds, 325, dateTimeNanoseconds) \ +_(digestHashValue, 326, u64) \ +_(hashIPPayloadOffset, 327, u64) \ +_(hashIPPayloadSize, 328, u64) \ +_(hashOutputRangeMin, 329, u64) \ +_(hashOutputRangeMax, 330, u64) \ +_(hashSelectedRangeMin, 331, u64) \ +_(hashSelectedRangeMax, 332, u64) \ +_(hashDigestOutput, 333, boolean) \ +_(hashInitialiserValue, 334, u64) \ +_(selectorName, 335, string) \ +_(upperCILimit, 336, float64) \ +_(lowerCILimit, 337, float64) \ +_(confidenceLevel, 338, float64) \ +_(informationElementDataType, 339, u8) \ +_(informationElementDescription, 340, string) \ +_(informationElementName, 341, string) \ +_(informationElementRangeBegin, 342, u64) \ +_(informationElementRangeEnd, 343, u64) \ +_(informationElementSemantics, 344, u8) \ +_(informationElementUnits, 345, u16) \ +_(privateEnterpriseNumber, 346, u32) \ +_(virtualStationInterfaceId, 347, octetArray) \ +_(virtualStationInterfaceName, 348, string) \ +_(virtualStationUUID, 349, octetArray) \ +_(virtualStationName, 350, string) \ +_(layer2SegmentId, 351, u64) \ +_(layer2OctetDeltaCount, 352, u64) \ +_(layer2OctetTotalCount, 353, u64) \ +_(ingressUnicastPacketTotalCount, 354, u64) \ +_(ingressMulticastPacketTotalCount, 355, u64) \ +_(ingressBroadcastPacketTotalCount, 356, u64) \ +_(egressUnicastPacketTotalCount, 357, u64) \ +_(egressBroadcastPacketTotalCount, 358, u64) \ +_(monitoringIntervalStartMilliSeconds, 359, dateTimeMilliseconds) \ +_(monitoringIntervalEndMilliSeconds, 360, dateTimeMilliseconds) \ +_(portRangeStart, 361, u16) \ +_(portRangeEnd, 362, u16) \ +_(portRangeStepSize, 363, u16) \ +_(portRangeNumPorts, 364, u16) \ +_(staMacAddress, 365, macAddress) \ +_(staIPv4Address, 366, ip4_address_t) \ +_(wtpMacAddress, 367, macAddress ) \ +_(ingressInterfaceType, 368, u32) \ +_(egressInterfaceType, 369, u32) \ +_(rtpSequenceNumber, 370, u16) \ +_(userName, 371, string) \ +_(applicationCategoryName, 372, string) \ +_(applicationSubCategoryName, 373, string) \ +_(applicationGroupName, 374, string) \ +_(originalFlowsPresent, 375, u64) \ +_(originalFlowsInitiated, 376, u64) \ +_(originalFlowsCompleted, 377, u64) \ +_(distinctCountOfSourceIPAddress, 378, u64) \ +_(distinctCountOfDestinationIPAddress, 379, u64) \ +_(distinctCountOfSourceIPv4Address, 380, u32) \ +_(distinctCountOfDestinationIPv4Address, 381, u32) \ +_(distinctCountOfSourceIPv6Address, 382, u64) \ +_(distinctCountOfDestinationIPv6Address, 383, u64) \ +_(valueDistributionMethod, 384, u8) \ +_(rfc3550JitterMilliseconds, 385, u32) \ +_(rfc3550JitterMicroseconds, 386, u32) \ +_(rfc3550JitterNanoseconds, 387, u32) \ +_(dot1qDEI, 388, boolean) \ +_(dot1qCustomerDEI, 389, boolean) \ +_(flowSelectorAlgorithm, 390, u16) \ +_(flowSelectedOctetDeltaCount, 391, u64) \ +_(flowSelectedPacketDeltaCount, 392, u64) \ +_(flowSelectedFlowDeltaCount, 393, u64) \ +_(selectorIDTotalFlowsObserved, 394, u64) \ +_(selectorIDTotalFlowsSelected, 395, u64) \ +_(samplingFlowInterval, 396, u64) \ +_(samplingFlowSpacing, 397, u64) \ +_(flowSamplingTimeInterval, 398, u64) \ +_(flowSamplingTimeSpacing, 399, u64) \ +_(hashFlowDomain, 400, u16) \ +_(transportOctetDeltaCount, 401, u64) \ +_(transportPacketDeltaCount, 402, u64) \ +_(originalExporterIPv4Address, 403, ip4_address_t) \ +_(originalExporterIPv6Address, 404, ip6_address_t) \ +_(originalObservationDomainId, 405, u32) \ +_(intermediateProcessId, 406, u32) \ +_(ignoredDataRecordTotalCount, 407, u64) \ +_(dataLinkFrameType, 408, u16) \ +_(sectionOffset, 409, u16) \ +_(sectionExportedOctets, 410, u16) \ +_(dot1qServiceInstanceTag, 411, octetArray) \ +_(dot1qServiceInstanceId, 412, u32) \ +_(dot1qServiceInstancePriority, 413, u8) \ +_(dot1qCustomerSourceMacAddress, 414, macAddress) \ +_(dot1qCustomerDestinationMacAddress, 415, macAddress) \ +_(postLayer2OctetDeltaCount, 417, u64) \ +_(postMCastLayer2OctetDeltaCount, 418, u64) \ +_(postLayer2OctetTotalCount, 420, u64) \ +_(postMCastLayer2OctetTotalCount, 421, u64) \ +_(minimumLayer2TotalLength, 422, u64) \ +_(maximumLayer2TotalLength, 423, u64) \ +_(droppedLayer2OctetDeltaCount, 424, u64) \ +_(droppedLayer2OctetTotalCount, 425, u64) \ +_(ignoredLayer2OctetTotalCount, 426, u64) \ +_(notSentLayer2OctetTotalCount, 427, u64) \ +_(layer2OctetDeltaSumOfSquares, 428, u64) \ +_(layer2OctetTotalSumOfSquares, 429, u64) \ +_(layer2FrameDeltaCount, 430, u64) \ +_(layer2FrameTotalCount, 431, u64) \ +_(pseudoWireDestinationIPv4Address, 432, ip4_address_t) \ +_(ignoredLayer2FrameTotalCount, 433, u64) \ +_(natQuotaExceededEvent, 466, u32) \ +_(maxSessionEntries, 471, u32) \ +_(maxBIBEntries, 472, u32) \ +_(maxEntriesPerUser, 473, u32) \ +_(maxFragmentsPendingReassembly, 475, u32) + +typedef enum +{ +#define _(n,v,t) n = v, + foreach_ipfix_info_element_t +#undef _ +} ipfix_info_element_id_t; + +#endif /* __included_ipfix_info_elements_h__ */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipfix-export/ipfix_packet.h b/src/vnet/ipfix-export/ipfix_packet.h new file mode 100644 index 00000000000..8b026e4db27 --- /dev/null +++ b/src/vnet/ipfix-export/ipfix_packet.h @@ -0,0 +1,206 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef __included_ipfix_packet_h__ +#define __included_ipfix_packet_h__ + +#include <vnet/ipfix-export/ipfix_info_elements.h> + +/* From RFC-7011: + * https://tools.ietf.org/html/rfc7011 + */ + +typedef struct +{ + u32 version_length; + u32 export_time; + u32 sequence_number; + u32 domain_id; +} ipfix_message_header_t; + +static inline u32 +version_length (u16 length) +{ + return clib_host_to_net_u32 (0x000a0000 | length); +} + + +/* + * The Field Specifier format is shown in Figure G. + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |E| Information Element ident. | Field Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Enterprise Number | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * Figure G: Field Specifier Format + * + * Where: + * + * E + * + * Enterprise bit. This is the first bit of the Field Specifier. If + * this bit is zero, the Information Element identifier identifies an + * Information Element in [IANA-IPFIX], and the four-octet Enterprise + * Number field MUST NOT be present. If this bit is one, the + * Information Element identifier identifies an enterprise-specific + * Information Element, and the Enterprise Number field MUST be + * present. + */ + +typedef struct +{ + u32 e_id_length; + u32 enterprise; +} ipfix_enterprise_field_specifier_t; + +typedef struct +{ + u32 e_id_length; +} ipfix_field_specifier_t; + +static inline u32 +ipfix_e_id_length (int e, u16 id, u16 length) +{ + u32 value; + value = (e << 31) | ((id & 0x7FFF) << 16) | length; + return clib_host_to_net_u32 (value); +} + +/* + * Every Set contains a common header. This header is defined in + * Figure I. + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Set ID | Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * Figure I: Set Header Format + * + * Each Set Header field is exported in network format. The fields are + * defined as follows: + * + * Set ID + * + * Identifies the Set. A value of 2 is reserved for Template Sets. + * A value of 3 is reserved for Options Template Sets. Values from 4 + * to 255 are reserved for future use. Values 256 and above are used + * for Data Sets. The Set ID values of 0 and 1 are not used, for + * historical reasons [RFC3954]. + * + * Length + * + * Total length of the Set, in octets, including the Set Header, all + * records, and the optional padding. Because an individual Set MAY + * contain multiple records, the Length value MUST be used to + * determine the position of the next Set. + */ + +typedef struct +{ + u32 set_id_length; +} ipfix_set_header_t; + +static inline u32 +ipfix_set_id_length (u16 set_id, u16 length) +{ + return clib_host_to_net_u32 ((set_id << 16) | length); +} + +/* + * The format of the Template Record is shown in Figure J. It consists + * of a Template Record Header and one or more Field Specifiers. Field + * Specifiers are defined in Figure G above. + * + * +--------------------------------------------------+ + * | Template Record Header | + * +--------------------------------------------------+ + * | Field Specifier | + * +--------------------------------------------------+ + * | Field Specifier | + * +--------------------------------------------------+ + * ... + * +--------------------------------------------------+ + * | Field Specifier | + * +--------------------------------------------------+ + * + * Figure J: Template Record Format + * + * The format of the Template Record Header is shown in Figure K. + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Template ID (> 255) | Field Count | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * Figure K: Template Record Header Format + * + * The Template Record Header Field definitions are as follows: + * + * Template ID + * + * Each Template Record is given a unique Template ID in the range + * 256 to 65535. This uniqueness is local to the Transport Session + * and Observation Domain that generated the Template ID. Since + * Template IDs are used as Set IDs in the Sets they describe (see + * Section 3.4.3), values 0-255 are reserved for special Set types + * (e.g., Template Sets themselves), and Templates and Options + * Templates (see Section 3.4.2) cannot share Template IDs within a + * Transport Session and Observation Domain. There are no + * constraints regarding the order of the Template ID allocation. As + * Exporting Processes are free to allocate Template IDs as they see + * fit, Collecting Processes MUST NOT assume incremental Template + * IDs, or anything about the contents of a Template based on its + * Template ID alone. + * + * Field Count + * + * Number of fields in this Template Record. + */ + +typedef struct +{ + u32 id_count; +} ipfix_template_header_t; + +static inline u32 +ipfix_id_count (u16 id, u16 count) +{ + return clib_host_to_net_u32 ((id << 16) | count); +} + +/* Template packet */ +typedef struct +{ + ipfix_message_header_t h; + ipfix_set_header_t s; + ipfix_template_header_t t; + ipfix_field_specifier_t fields[0]; +} ipfix_template_packet_t; + +#endif /* __included_ipfix_packet_h__ */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ |