[Midnightbsd-cvs] src [9932] trunk/sys/netgraph/netflow: sync with freebsd
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Fri May 25 16:03:07 EDT 2018
Revision: 9932
http://svnweb.midnightbsd.org/src/?rev=9932
Author: laffer1
Date: 2018-05-25 16:03:07 -0400 (Fri, 25 May 2018)
Log Message:
-----------
sync with freebsd
Modified Paths:
--------------
trunk/sys/netgraph/netflow/netflow.c
trunk/sys/netgraph/netflow/netflow.h
trunk/sys/netgraph/netflow/netflow_v9.c
trunk/sys/netgraph/netflow/netflow_v9.h
trunk/sys/netgraph/netflow/ng_netflow.c
trunk/sys/netgraph/netflow/ng_netflow.h
Modified: trunk/sys/netgraph/netflow/netflow.c
===================================================================
--- trunk/sys/netgraph/netflow/netflow.c 2018-05-25 20:02:41 UTC (rev 9931)
+++ trunk/sys/netgraph/netflow/netflow.c 2018-05-25 20:03:07 UTC (rev 9932)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (c) 2010-2011 Alexander V. Chernikov <melifaro at ipfw.ru>
* Copyright (c) 2004-2005 Gleb Smirnoff <glebius at FreeBSD.org>
@@ -28,8 +29,8 @@
* $SourceForge: netflow.c,v 1.41 2004/09/05 11:41:10 glebius Exp $
*/
-static const char rcs_id[] =
- "@(#) $FreeBSD$";
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD: stable/10/sys/netgraph/netflow/netflow.c 260278 2014-01-04 19:04:53Z dim $");
#include "opt_inet6.h"
#include "opt_route.h"
@@ -91,19 +92,19 @@
*/
#define SMALL(fle) (fle->f.packets <= 4)
-
-MALLOC_DECLARE(M_NETFLOW_HASH);
MALLOC_DEFINE(M_NETFLOW_HASH, "netflow_hash", "NetFlow hash");
static int export_add(item_p, struct flow_entry *);
static int export_send(priv_p, fib_export_p, item_p, int);
-static int hash_insert(priv_p, struct flow_hash_entry *, struct flow_rec *, int, uint8_t);
+static int hash_insert(priv_p, struct flow_hash_entry *, struct flow_rec *,
+ int, uint8_t, uint8_t);
#ifdef INET6
-static int hash6_insert(priv_p, struct flow_hash_entry *, struct flow6_rec *, int, uint8_t);
+static int hash6_insert(priv_p, struct flow_hash_entry *, struct flow6_rec *,
+ int, uint8_t, uint8_t);
#endif
-static __inline void expire_flow(priv_p, fib_export_p, struct flow_entry *, int);
+static void expire_flow(priv_p, fib_export_p, struct flow_entry *, int);
/*
* Generate hash for a given flow record.
@@ -115,9 +116,10 @@
* all globally unique (it's not fully true, there is FC00::/7 for example,
* but chances of address overlap are MUCH smaller)
*/
-static __inline uint32_t
+static inline uint32_t
ip_hash(struct flow_rec *r)
{
+
switch (r->r_ip_p) {
case IPPROTO_TCP:
case IPPROTO_UDP:
@@ -130,9 +132,10 @@
#ifdef INET6
/* Generate hash for a given flow6 record. Use lower 4 octets from v6 addresses */
-static __inline uint32_t
+static inline uint32_t
ip6_hash(struct flow6_rec *r)
{
+
switch (r->r_ip_p) {
case IPPROTO_TCP:
case IPPROTO_UDP:
@@ -214,7 +217,7 @@
struct netflow_v5_export_dgram *dgram;
struct mbuf *m;
- m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
+ m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
if (m == NULL)
return (NULL);
item = ng_package_data(m, NG_NOFLAGS);
@@ -224,7 +227,6 @@
dgram->header.count = 0;
dgram->header.version = htons(NETFLOW_V5);
dgram->header.pad = 0;
-
}
return (item);
@@ -236,6 +238,7 @@
static void
return_export_dgram(priv_p priv, fib_export_p fe, item_p item, int flags)
{
+
/*
* It may happen on SMP, that some thread has already
* put its item there, in this case we bail out and
@@ -255,7 +258,7 @@
* The flow is over. Call export_add() and free it. If datagram is
* full, then call export_send().
*/
-static __inline void
+static void
expire_flow(priv_p priv, fib_export_p fe, struct flow_entry *fle, int flags)
{
struct netflow_export_item exp;
@@ -267,7 +270,7 @@
atomic_add_32(&priv->info.nfinfo_export_failed, 1);
if (priv->export9 != NULL)
atomic_add_32(&priv->info.nfinfo_export9_failed, 1);
- /* fle definitely contains IPv4 flow */
+ /* fle definitely contains IPv4 flow. */
uma_zfree_arg(priv->zone, fle, priv);
return;
}
@@ -289,7 +292,8 @@
uma_zfree_arg(priv->zone6, fle, priv);
#endif
else
- panic("ng_netflow: Unknown IP proto: %d", version);
+ panic("ng_netflow: Unknown IP proto: %d",
+ version);
return;
}
@@ -296,7 +300,8 @@
if (export9_add(exp.item9, exp.item9_opt, fle) > 0)
export9_send(priv, fe, exp.item9, exp.item9_opt, flags);
else
- return_export9_dgram(priv, fe, exp.item9, exp.item9_opt, NG_QUEUE);
+ return_export9_dgram(priv, fe, exp.item9,
+ exp.item9_opt, NG_QUEUE);
}
if (version == IPVERSION)
@@ -311,6 +316,7 @@
void
ng_netflow_copyinfo(priv_p priv, struct ng_netflow_info *i)
{
+
/* XXX: atomic */
memcpy((void *)i, (void *)&priv->info, sizeof(priv->info));
}
@@ -325,9 +331,9 @@
* as this was done in previous version. Need to test & profile
* to be sure.
*/
-static __inline int
+static int
hash_insert(priv_p priv, struct flow_hash_entry *hsh, struct flow_rec *r,
- int plen, uint8_t tcp_flags)
+ int plen, uint8_t flags, uint8_t tcp_flags)
{
struct flow_entry *fle;
struct sockaddr_in sin;
@@ -345,7 +351,6 @@
* Now fle is totally ours. It is detached from all lists,
* we can safely edit it.
*/
-
fle->f.version = IPVERSION;
bcopy(r, &fle->f.r, sizeof(struct flow_rec));
fle->f.bytes = plen;
@@ -358,44 +363,48 @@
* First we do route table lookup on destination address. So we can
* fill in out_ifx, dst_mask, nexthop, and dst_as in future releases.
*/
- bzero(&sin, sizeof(sin));
- sin.sin_len = sizeof(struct sockaddr_in);
- sin.sin_family = AF_INET;
- sin.sin_addr = fle->f.r.r_dst;
- rt = rtalloc1_fib((struct sockaddr *)&sin, 0, 0, r->fib);
- if (rt != NULL) {
- fle->f.fle_o_ifx = rt->rt_ifp->if_index;
+ if ((flags & NG_NETFLOW_CONF_NODSTLOOKUP) == 0) {
+ bzero(&sin, sizeof(sin));
+ sin.sin_len = sizeof(struct sockaddr_in);
+ sin.sin_family = AF_INET;
+ sin.sin_addr = fle->f.r.r_dst;
+ rt = rtalloc1_fib((struct sockaddr *)&sin, 0, 0, r->fib);
+ if (rt != NULL) {
+ fle->f.fle_o_ifx = rt->rt_ifp->if_index;
- if (rt->rt_flags & RTF_GATEWAY &&
- rt->rt_gateway->sa_family == AF_INET)
- fle->f.next_hop =
- ((struct sockaddr_in *)(rt->rt_gateway))->sin_addr;
+ if (rt->rt_flags & RTF_GATEWAY &&
+ rt->rt_gateway->sa_family == AF_INET)
+ fle->f.next_hop =
+ ((struct sockaddr_in *)(rt->rt_gateway))->sin_addr;
- if (rt_mask(rt))
- fle->f.dst_mask = bitcount32(((struct sockaddr_in *)
- rt_mask(rt))->sin_addr.s_addr);
- else if (rt->rt_flags & RTF_HOST)
- /* Give up. We can't determine mask :( */
- fle->f.dst_mask = 32;
+ if (rt_mask(rt))
+ fle->f.dst_mask =
+ bitcount32(((struct sockaddr_in *)rt_mask(rt))->sin_addr.s_addr);
+ else if (rt->rt_flags & RTF_HOST)
+ /* Give up. We can't determine mask :( */
+ fle->f.dst_mask = 32;
- RTFREE_LOCKED(rt);
+ RTFREE_LOCKED(rt);
+ }
}
/* Do route lookup on source address, to fill in src_mask. */
- bzero(&sin, sizeof(sin));
- sin.sin_len = sizeof(struct sockaddr_in);
- sin.sin_family = AF_INET;
- sin.sin_addr = fle->f.r.r_src;
- rt = rtalloc1_fib((struct sockaddr *)&sin, 0, 0, r->fib);
- if (rt != NULL) {
- if (rt_mask(rt))
- fle->f.src_mask = bitcount32(((struct sockaddr_in *)
- rt_mask(rt))->sin_addr.s_addr);
- else if (rt->rt_flags & RTF_HOST)
- /* Give up. We can't determine mask :( */
- fle->f.src_mask = 32;
+ if ((flags & NG_NETFLOW_CONF_NOSRCLOOKUP) == 0) {
+ bzero(&sin, sizeof(sin));
+ sin.sin_len = sizeof(struct sockaddr_in);
+ sin.sin_family = AF_INET;
+ sin.sin_addr = fle->f.r.r_src;
+ rt = rtalloc1_fib((struct sockaddr *)&sin, 0, 0, r->fib);
+ if (rt != NULL) {
+ if (rt_mask(rt))
+ fle->f.src_mask =
+ bitcount32(((struct sockaddr_in *)rt_mask(rt))->sin_addr.s_addr);
+ else if (rt->rt_flags & RTF_HOST)
+ /* Give up. We can't determine mask :( */
+ fle->f.src_mask = 32;
- RTFREE_LOCKED(rt);
+ RTFREE_LOCKED(rt);
+ }
}
/* Push new flow at the and of hash. */
@@ -410,10 +419,10 @@
bitcount32((x).__u6_addr.__u6_addr32[1]) + \
bitcount32((x).__u6_addr.__u6_addr32[2]) + \
bitcount32((x).__u6_addr.__u6_addr32[3])
-/* XXX: Do we need inline here ? */
-static __inline int
+#define RT_MASK6(x) (ipv6_masklen(((struct sockaddr_in6 *)rt_mask(x))->sin6_addr))
+static int
hash6_insert(priv_p priv, struct flow_hash_entry *hsh6, struct flow6_rec *r,
- int plen, uint8_t tcp_flags)
+ int plen, uint8_t flags, uint8_t tcp_flags)
{
struct flow6_entry *fle6;
struct sockaddr_in6 *src, *dst;
@@ -445,49 +454,53 @@
* First we do route table lookup on destination address. So we can
* fill in out_ifx, dst_mask, nexthop, and dst_as in future releases.
*/
- bzero(&rin6, sizeof(struct route_in6));
- dst = (struct sockaddr_in6 *)&rin6.ro_dst;
- dst->sin6_len = sizeof(struct sockaddr_in6);
- dst->sin6_family = AF_INET6;
- dst->sin6_addr = r->dst.r_dst6;
+ if ((flags & NG_NETFLOW_CONF_NODSTLOOKUP) == 0) {
+ bzero(&rin6, sizeof(struct route_in6));
+ dst = (struct sockaddr_in6 *)&rin6.ro_dst;
+ dst->sin6_len = sizeof(struct sockaddr_in6);
+ dst->sin6_family = AF_INET6;
+ dst->sin6_addr = r->dst.r_dst6;
- rin6.ro_rt = rtalloc1_fib((struct sockaddr *)dst, 0, 0, r->fib);
+ rin6.ro_rt = rtalloc1_fib((struct sockaddr *)dst, 0, 0, r->fib);
- if (rin6.ro_rt != NULL) {
- rt = rin6.ro_rt;
- fle6->f.fle_o_ifx = rt->rt_ifp->if_index;
+ if (rin6.ro_rt != NULL) {
+ rt = rin6.ro_rt;
+ fle6->f.fle_o_ifx = rt->rt_ifp->if_index;
- if (rt->rt_flags & RTF_GATEWAY &&
- rt->rt_gateway->sa_family == AF_INET6)
- fle6->f.n.next_hop6 =
- ((struct sockaddr_in6 *)(rt->rt_gateway))->sin6_addr;
+ if (rt->rt_flags & RTF_GATEWAY &&
+ rt->rt_gateway->sa_family == AF_INET6)
+ fle6->f.n.next_hop6 =
+ ((struct sockaddr_in6 *)(rt->rt_gateway))->sin6_addr;
- if (rt_mask(rt))
- fle6->f.dst_mask = ipv6_masklen(((struct sockaddr_in6 *)rt_mask(rt))->sin6_addr);
- else
- fle6->f.dst_mask = 128;
+ if (rt_mask(rt))
+ fle6->f.dst_mask = RT_MASK6(rt);
+ else
+ fle6->f.dst_mask = 128;
- RTFREE_LOCKED(rt);
+ RTFREE_LOCKED(rt);
+ }
}
- /* Do route lookup on source address, to fill in src_mask. */
- bzero(&rin6, sizeof(struct route_in6));
- src = (struct sockaddr_in6 *)&rin6.ro_dst;
- src->sin6_len = sizeof(struct sockaddr_in6);
- src->sin6_family = AF_INET6;
- src->sin6_addr = r->src.r_src6;
+ if ((flags & NG_NETFLOW_CONF_NODSTLOOKUP) == 0) {
+ /* Do route lookup on source address, to fill in src_mask. */
+ bzero(&rin6, sizeof(struct route_in6));
+ src = (struct sockaddr_in6 *)&rin6.ro_dst;
+ src->sin6_len = sizeof(struct sockaddr_in6);
+ src->sin6_family = AF_INET6;
+ src->sin6_addr = r->src.r_src6;
- rin6.ro_rt = rtalloc1_fib((struct sockaddr *)src, 0, 0, r->fib);
+ rin6.ro_rt = rtalloc1_fib((struct sockaddr *)src, 0, 0, r->fib);
- if (rin6.ro_rt != NULL) {
- rt = rin6.ro_rt;
+ if (rin6.ro_rt != NULL) {
+ rt = rin6.ro_rt;
- if (rt_mask(rt))
- fle6->f.src_mask = ipv6_masklen(((struct sockaddr_in6 *)rt_mask(rt))->sin6_addr);
- else
- fle6->f.src_mask = 128;
+ if (rt_mask(rt))
+ fle6->f.src_mask = RT_MASK6(rt);
+ else
+ fle6->f.src_mask = 128;
- RTFREE_LOCKED(rt);
+ RTFREE_LOCKED(rt);
+ }
}
/* Push new flow at the and of hash. */
@@ -495,6 +508,8 @@
return (0);
}
+#undef ipv6_masklen
+#undef RT_MASK6
#endif
@@ -510,12 +525,14 @@
int i;
/* Initialize cache UMA zone. */
- priv->zone = uma_zcreate("NetFlow IPv4 cache", sizeof(struct flow_entry),
- uma_ctor_flow, uma_dtor_flow, NULL, NULL, UMA_ALIGN_CACHE, 0);
+ priv->zone = uma_zcreate("NetFlow IPv4 cache",
+ sizeof(struct flow_entry), uma_ctor_flow, uma_dtor_flow, NULL,
+ NULL, UMA_ALIGN_CACHE, 0);
uma_zone_set_max(priv->zone, CACHESIZE);
#ifdef INET6
- priv->zone6 = uma_zcreate("NetFlow IPv6 cache", sizeof(struct flow6_entry),
- uma_ctor_flow6, uma_dtor_flow6, NULL, NULL, UMA_ALIGN_CACHE, 0);
+ priv->zone6 = uma_zcreate("NetFlow IPv6 cache",
+ sizeof(struct flow6_entry), uma_ctor_flow6, uma_dtor_flow6, NULL,
+ NULL, UMA_ALIGN_CACHE, 0);
uma_zone_set_max(priv->zone6, CACHESIZE);
#endif
@@ -556,8 +573,9 @@
if (fe != NULL)
return (0);
- if ((fe = malloc(sizeof(struct fib_export), M_NETGRAPH, M_NOWAIT | M_ZERO)) == NULL)
- return (1);
+ if ((fe = malloc(sizeof(struct fib_export), M_NETGRAPH,
+ M_NOWAIT | M_ZERO)) == NULL)
+ return (ENOMEM);
mtx_init(&fe->export_mtx, "export dgram lock", NULL, MTX_DEF);
mtx_init(&fe->export9_mtx, "export9 dgram lock", NULL, MTX_DEF);
@@ -564,15 +582,18 @@
fe->fib = fib;
fe->domain_id = fib;
- if (atomic_cmpset_ptr((volatile uintptr_t *)&priv->fib_data[fib], (uintptr_t)NULL, (uintptr_t)fe) == 0) {
+ if (atomic_cmpset_ptr((volatile uintptr_t *)&priv->fib_data[fib],
+ (uintptr_t)NULL, (uintptr_t)fe) == 0) {
/* FIB already set up by other ISR */
- CTR3(KTR_NET, "ng_netflow(): fib init: %d setup %p but got %p", fib, fe, priv_to_fib(priv, fib));
+ CTR3(KTR_NET, "ng_netflow(): fib init: %d setup %p but got %p",
+ fib, fe, priv_to_fib(priv, fib));
mtx_destroy(&fe->export_mtx);
mtx_destroy(&fe->export9_mtx);
free(fe, M_NETGRAPH);
} else {
/* Increase counter for statistics */
- CTR3(KTR_NET, "ng_netflow(): fib %d setup to %p (%p)", fib, fe, priv_to_fib(priv, fib));
+ CTR3(KTR_NET, "ng_netflow(): fib %d setup to %p (%p)",
+ fib, fe, priv_to_fib(priv, fib));
atomic_fetchadd_32(&priv->info.nfinfo_alloc_fibs, 1);
}
@@ -638,7 +659,8 @@
export_send(priv, fe, fe->exp.item, NG_QUEUE);
if (fe->exp.item9 != NULL)
- export9_send(priv, fe, fe->exp.item9, fe->exp.item9_opt, NG_QUEUE);
+ export9_send(priv, fe, fe->exp.item9,
+ fe->exp.item9_opt, NG_QUEUE);
mtx_destroy(&fe->export_mtx);
mtx_destroy(&fe->export9_mtx);
@@ -650,26 +672,24 @@
/* Insert packet from into flow cache. */
int
-ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip, caddr_t upper_ptr, uint8_t upper_proto,
- uint8_t is_frag, unsigned int src_if_index)
+ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip,
+ caddr_t upper_ptr, uint8_t upper_proto, uint8_t flags,
+ unsigned int src_if_index)
{
- register struct flow_entry *fle, *fle1;
+ struct flow_entry *fle, *fle1;
struct flow_hash_entry *hsh;
struct flow_rec r;
int hlen, plen;
int error = 0;
+ uint16_t eproto;
uint8_t tcp_flags = 0;
- uint16_t eproto;
- /* Try to fill flow_rec r */
bzero(&r, sizeof(r));
- /* check version */
+
if (ip->ip_v != IPVERSION)
return (EINVAL);
- /* verify min header length */
hlen = ip->ip_hl << 2;
-
if (hlen < sizeof(struct ip))
return (EINVAL);
@@ -681,7 +701,6 @@
r.r_dst = ip->ip_dst;
r.fib = fe->fib;
- /* save packet length */
plen = ntohs(ip->ip_len);
r.r_ip_p = ip->ip_p;
@@ -701,8 +720,8 @@
if ((ip->ip_off & htons(IP_OFFMASK)) == 0)
switch(r.r_ip_p) {
case IPPROTO_TCP:
- {
- register struct tcphdr *tcp;
+ {
+ struct tcphdr *tcp;
tcp = (struct tcphdr *)((caddr_t )ip + hlen);
r.r_sport = tcp->th_sport;
@@ -709,8 +728,8 @@
r.r_dport = tcp->th_dport;
tcp_flags = tcp->th_flags;
break;
- }
- case IPPROTO_UDP:
+ }
+ case IPPROTO_UDP:
r.r_ports = *(uint32_t *)((caddr_t )ip + hlen);
break;
}
@@ -735,7 +754,8 @@
break;
if ((INACTIVE(fle) && SMALL(fle)) || AGED(fle)) {
TAILQ_REMOVE(&hsh->head, fle, fle_hash);
- expire_flow(priv, priv_to_fib(priv, fle->f.r.fib), fle, NG_QUEUE);
+ expire_flow(priv, priv_to_fib(priv, fle->f.r.fib),
+ fle, NG_QUEUE);
atomic_add_32(&priv->info.nfinfo_act_exp, 1);
}
}
@@ -756,7 +776,8 @@
if (tcp_flags & TH_FIN || tcp_flags & TH_RST || AGED(fle) ||
(fle->f.bytes >= (CNTR_MAX - IF_MAXMTU)) ) {
TAILQ_REMOVE(&hsh->head, fle, fle_hash);
- expire_flow(priv, priv_to_fib(priv, fle->f.r.fib), fle, NG_QUEUE);
+ expire_flow(priv, priv_to_fib(priv, fle->f.r.fib),
+ fle, NG_QUEUE);
atomic_add_32(&priv->info.nfinfo_act_exp, 1);
} else {
/*
@@ -770,7 +791,7 @@
}
}
} else /* A new flow entry. */
- error = hash_insert(priv, hsh, &r, plen, tcp_flags);
+ error = hash_insert(priv, hsh, &r, plen, flags, tcp_flags);
mtx_unlock(&hsh->mtx);
@@ -780,13 +801,14 @@
#ifdef INET6
/* Insert IPv6 packet from into flow cache. */
int
-ng_netflow_flow6_add(priv_p priv, fib_export_p fe, struct ip6_hdr *ip6, caddr_t upper_ptr, uint8_t upper_proto,
- uint8_t is_frag, unsigned int src_if_index)
+ng_netflow_flow6_add(priv_p priv, fib_export_p fe, struct ip6_hdr *ip6,
+ caddr_t upper_ptr, uint8_t upper_proto, uint8_t flags,
+ unsigned int src_if_index)
{
- register struct flow_entry *fle = NULL, *fle1;
- register struct flow6_entry *fle6;
- struct flow_hash_entry *hsh;
- struct flow6_rec r;
+ struct flow_entry *fle = NULL, *fle1;
+ struct flow6_entry *fle6;
+ struct flow_hash_entry *hsh;
+ struct flow6_rec r;
int plen;
int error = 0;
uint8_t tcp_flags = 0;
@@ -804,32 +826,28 @@
/* Assume L4 template by default */
r.flow_type = NETFLOW_V9_FLOW_V6_L4;
- /* save packet length */
plen = ntohs(ip6->ip6_plen) + sizeof(struct ip6_hdr);
+#if 0
/* XXX: set DSCP/CoS value */
-#if 0
r.r_tos = ip->ip_tos;
#endif
- if (is_frag == 0) {
+ if ((flags & NG_NETFLOW_IS_FRAG) == 0) {
switch(upper_proto) {
case IPPROTO_TCP:
- {
- register struct tcphdr *tcp;
+ {
+ struct tcphdr *tcp;
tcp = (struct tcphdr *)upper_ptr;
r.r_ports = *(uint32_t *)upper_ptr;
tcp_flags = tcp->th_flags;
break;
- }
+ }
case IPPROTO_UDP:
case IPPROTO_SCTP:
- {
r.r_ports = *(uint32_t *)upper_ptr;
break;
}
-
- }
}
r.r_ip_p = upper_proto;
@@ -896,7 +914,7 @@
}
}
} else /* A new flow entry. */
- error = hash6_insert(priv, hsh, &r, plen, tcp_flags);
+ error = hash6_insert(priv, hsh, &r, plen, flags, tcp_flags);
mtx_unlock(&hsh->mtx);
@@ -1133,7 +1151,8 @@
if ((INACTIVE(fle) && (SMALL(fle) ||
(used > (NBUCKETS*2)))) || AGED(fle)) {
TAILQ_REMOVE(&hsh->head, fle, fle_hash);
- expire_flow(priv, priv_to_fib(priv, fle->f.r.fib), fle, NG_NOFLAGS);
+ expire_flow(priv, priv_to_fib(priv,
+ fle->f.r.fib), fle, NG_NOFLAGS);
used--;
atomic_add_32(&priv->info.nfinfo_inact_exp, 1);
}
Modified: trunk/sys/netgraph/netflow/netflow.h
===================================================================
--- trunk/sys/netgraph/netflow/netflow.h 2018-05-25 20:02:41 UTC (rev 9931)
+++ trunk/sys/netgraph/netflow/netflow.h 2018-05-25 20:03:07 UTC (rev 9932)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (c) 2010-2011 Alexander V. Chernikov <melifaro at ipfw.ru>
* Copyright (c) 2004 Gleb Smirnoff <glebius at FreeBSD.org>
@@ -25,7 +26,7 @@
* SUCH DAMAGE.
*
* $SourceForge: netflow.h,v 1.8 2004/09/16 17:05:11 glebius Exp $
- * $FreeBSD$
+ * $FreeBSD: stable/10/sys/netgraph/netflow/netflow.h 219182 2011-03-02 16:15:11Z glebius $
*/
/* netflow timeouts in seconds */
Modified: trunk/sys/netgraph/netflow/netflow_v9.c
===================================================================
--- trunk/sys/netgraph/netflow/netflow_v9.c 2018-05-25 20:02:41 UTC (rev 9931)
+++ trunk/sys/netgraph/netflow/netflow_v9.c 2018-05-25 20:03:07 UTC (rev 9932)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (c) 2010 Alexander V. Chernikov <melifaro at ipfw.ru>
* All rights reserved.
@@ -23,11 +24,11 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD$
+ * $FreeBSD: stable/10/sys/netgraph/netflow/netflow_v9.c 260278 2014-01-04 19:04:53Z dim $
*/
-static const char rcs_id[] =
- "@(#) $FreeBSD$";
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD: stable/10/sys/netgraph/netflow/netflow_v9.c 260278 2014-01-04 19:04:53Z dim $");
#include "opt_inet6.h"
#include "opt_route.h"
@@ -386,7 +387,7 @@
uint16_t mtu = priv->mtu;
/* Allocate entire packet at once, allowing easy m_append() calls */
- m = m_getm(NULL, mtu, M_DONTWAIT, MT_DATA);
+ m = m_getm(NULL, mtu, M_NOWAIT, MT_DATA);
if (m == NULL)
return (NULL);
Modified: trunk/sys/netgraph/netflow/netflow_v9.h
===================================================================
--- trunk/sys/netgraph/netflow/netflow_v9.h 2018-05-25 20:02:41 UTC (rev 9931)
+++ trunk/sys/netgraph/netflow/netflow_v9.h 2018-05-25 20:03:07 UTC (rev 9932)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (c) 2010 Alexander V. Chernikov <melifaro at ipfw.ru>
* All rights reserved.
@@ -23,7 +24,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD$
+ * $FreeBSD: stable/10/sys/netgraph/netflow/netflow_v9.h 219182 2011-03-02 16:15:11Z glebius $
*/
#ifndef _NETFLOW_V9_H_
Modified: trunk/sys/netgraph/netflow/ng_netflow.c
===================================================================
--- trunk/sys/netgraph/netflow/ng_netflow.c 2018-05-25 20:02:41 UTC (rev 9931)
+++ trunk/sys/netgraph/netflow/ng_netflow.c 2018-05-25 20:03:07 UTC (rev 9932)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (c) 2010-2011 Alexander V. Chernikov <melifaro at ipfw.ru>
* Copyright (c) 2004-2005 Gleb Smirnoff <glebius at FreeBSD.org>
@@ -28,8 +29,8 @@
* $SourceForge: ng_netflow.c,v 1.30 2004/09/05 11:37:43 glebius Exp $
*/
-static const char rcs_id[] =
- "@(#) $FreeBSD$";
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD: stable/10/sys/netgraph/netflow/ng_netflow.c 314667 2017-03-04 13:03:31Z avg $");
#include "opt_inet6.h"
#include "opt_route.h"
@@ -258,7 +259,7 @@
priv->ifaces[i].info.conf = NG_NETFLOW_CONF_INGRESS;
/* Initialize callout handle */
- callout_init(&priv->exp_callout, CALLOUT_MPSAFE);
+ callout_init(&priv->exp_callout, 1);
/* Allocate memory and set up flow cache */
ng_netflow_cache_init(priv);
@@ -379,7 +380,7 @@
case NGM_NETFLOW_COOKIE:
switch (msg->header.cmd) {
case NGM_NETFLOW_INFO:
- {
+ {
struct ng_netflow_info *i;
NG_MKRESPONSE(resp, msg, sizeof(struct ng_netflow_info),
@@ -388,9 +389,9 @@
ng_netflow_copyinfo(priv, i);
break;
- }
+ }
case NGM_NETFLOW_IFINFO:
- {
+ {
struct ng_netflow_ifinfo *i;
const uint16_t *index;
@@ -412,13 +413,14 @@
sizeof(priv->ifaces[*index].info));
break;
- }
+ }
case NGM_NETFLOW_SETDLT:
- {
+ {
struct ng_netflow_setdlt *set;
struct ng_netflow_iface *iface;
- if (msg->header.arglen != sizeof(struct ng_netflow_setdlt))
+ if (msg->header.arglen !=
+ sizeof(struct ng_netflow_setdlt))
ERROUT(EINVAL);
set = (struct ng_netflow_setdlt *)msg->data;
@@ -441,13 +443,14 @@
ERROUT(EINVAL);
}
break;
- }
+ }
case NGM_NETFLOW_SETIFINDEX:
- {
+ {
struct ng_netflow_setifindex *set;
struct ng_netflow_iface *iface;
- if (msg->header.arglen != sizeof(struct ng_netflow_setifindex))
+ if (msg->header.arglen !=
+ sizeof(struct ng_netflow_setifindex))
ERROUT(EINVAL);
set = (struct ng_netflow_setifindex *)msg->data;
@@ -462,12 +465,13 @@
iface->info.ifinfo_index = set->index;
break;
- }
+ }
case NGM_NETFLOW_SETTIMEOUTS:
- {
+ {
struct ng_netflow_settimeouts *set;
- if (msg->header.arglen != sizeof(struct ng_netflow_settimeouts))
+ if (msg->header.arglen !=
+ sizeof(struct ng_netflow_settimeouts))
ERROUT(EINVAL);
set = (struct ng_netflow_settimeouts *)msg->data;
@@ -476,12 +480,13 @@
priv->info.nfinfo_act_t = set->active_timeout;
break;
- }
+ }
case NGM_NETFLOW_SETCONFIG:
- {
+ {
struct ng_netflow_setconfig *set;
- if (msg->header.arglen != sizeof(struct ng_netflow_setconfig))
+ if (msg->header.arglen !=
+ sizeof(struct ng_netflow_setconfig))
ERROUT(EINVAL);
set = (struct ng_netflow_setconfig *)msg->data;
@@ -492,12 +497,13 @@
priv->ifaces[set->iface].info.conf = set->conf;
break;
- }
+ }
case NGM_NETFLOW_SETTEMPLATE:
- {
+ {
struct ng_netflow_settemplate *set;
- if (msg->header.arglen != sizeof(struct ng_netflow_settemplate))
+ if (msg->header.arglen !=
+ sizeof(struct ng_netflow_settemplate))
ERROUT(EINVAL);
set = (struct ng_netflow_settemplate *)msg->data;
@@ -506,12 +512,13 @@
priv->templ_time = set->time;
break;
- }
+ }
case NGM_NETFLOW_SETMTU:
- {
+ {
struct ng_netflow_setmtu *set;
- if (msg->header.arglen != sizeof(struct ng_netflow_setmtu))
+ if (msg->header.arglen !=
+ sizeof(struct ng_netflow_setmtu))
ERROUT(EINVAL);
set = (struct ng_netflow_setmtu *)msg->data;
@@ -521,10 +528,10 @@
priv->mtu = set->mtu;
break;
- }
+ }
case NGM_NETFLOW_SHOW:
- {
- if (msg->header.arglen != sizeof(struct ngnf_show_header))
+ if (msg->header.arglen !=
+ sizeof(struct ngnf_show_header))
ERROUT(EINVAL);
NG_MKRESPONSE(resp, msg, NGRESP_SIZE, M_NOWAIT);
@@ -540,18 +547,17 @@
NG_FREE_MSG(resp);
break;
- }
case NGM_NETFLOW_V9INFO:
- {
+ {
struct ng_netflow_v9info *i;
- NG_MKRESPONSE(resp, msg, sizeof(struct ng_netflow_v9info),
- M_NOWAIT);
+ NG_MKRESPONSE(resp, msg,
+ sizeof(struct ng_netflow_v9info), M_NOWAIT);
i = (struct ng_netflow_v9info *)resp->data;
ng_netflow_copyv9info(priv, i);
break;
- }
+ }
default:
ERROUT(EINVAL); /* unknown command */
break;
@@ -586,7 +592,7 @@
struct ip6_hdr *ip6 = NULL;
struct m_tag *mtag;
int pullup_len = 0, off;
- uint8_t acct = 0, bypass = 0, is_frag = 0, upper_proto = 0;
+ uint8_t acct = 0, bypass = 0, flags = 0, upper_proto = 0;
int error = 0, l3_off = 0;
unsigned int src_if_index;
caddr_t upper_ptr = NULL;
@@ -613,8 +619,8 @@
} else
ERROUT(EINVAL);
- if ((!bypass) &&
- (iface->info.conf & (NG_NETFLOW_CONF_ONCE | NG_NETFLOW_CONF_THISONCE))) {
+ if ((!bypass) && (iface->info.conf &
+ (NG_NETFLOW_CONF_ONCE | NG_NETFLOW_CONF_THISONCE))) {
mtag = m_tag_locate(NGI_M(item), MTAG_NETFLOW,
MTAG_NETFLOW_CALLED, NULL);
while (mtag != NULL) {
@@ -636,7 +642,8 @@
return (error);
}
- if (iface->info.conf & (NG_NETFLOW_CONF_ONCE | NG_NETFLOW_CONF_THISONCE)) {
+ if (iface->info.conf &
+ (NG_NETFLOW_CONF_ONCE | NG_NETFLOW_CONF_THISONCE)) {
mtag = m_tag_alloc(MTAG_NETFLOW, MTAG_NETFLOW_CALLED,
sizeof(ng_ID_t), M_NOWAIT);
if (mtag) {
@@ -645,6 +652,9 @@
}
}
+ /* Import configuration flags related to flow creation */
+ flags = iface->info.conf & NG_NETFLOW_FLOW_FLAGS;
+
NGI_GET_M(item, m);
m_old = m;
@@ -698,7 +708,8 @@
case ETHERTYPE_IPV6:
/*
* m_pullup() called by M_CHECK() pullups
- * kern.ipc.max_protohdr (default 60 bytes) which is enough
+ * kern.ipc.max_protohdr (default 60 bytes)
+ * which is enough.
*/
M_CHECK(sizeof(struct ip6_hdr));
eh = mtod(m, struct ether_header *);
@@ -738,9 +749,11 @@
ip = mtod(m, struct ip *);
/* l3_off is already zero */
#ifdef INET6
- /* If INET6 is not defined IPv6 packets will be discarded in ng_netflow_flow_add() */
+ /*
+ * If INET6 is not defined IPv6 packets
+ * will be discarded in ng_netflow_flow_add().
+ */
if (ip->ip_v == IP6VERSION) {
- /* IPv6 packet */
ip = NULL;
M_CHECK(sizeof(struct ip6_hdr) - sizeof(struct ip));
ip6 = mtod(m, struct ip6_hdr *);
@@ -769,8 +782,8 @@
upper_proto = ip->ip_p;
/*
- * XXX: in case of wrong upper layer header we will forward this packet
- * but skip this record in netflow
+ * XXX: in case of wrong upper layer header we will
+ * forward this packet but skip this record in netflow.
*/
switch (ip->ip_p) {
case IPPROTO_TCP:
@@ -784,8 +797,11 @@
break;
}
} else if (ip != NULL) {
- /* Nothing to save except upper layer proto, since this is packet fragment */
- is_frag = 1;
+ /*
+ * Nothing to save except upper layer proto,
+ * since this is a packet fragment.
+ */
+ flags |= NG_NETFLOW_IS_FRAG;
upper_proto = ip->ip_p;
if ((ip->ip_v != IPVERSION) ||
((ip->ip_hl << 2) < sizeof(struct ip)))
@@ -792,16 +808,14 @@
goto bypass;
#ifdef INET6
} else if (ip6 != NULL) {
- /* Check if we can export */
- if (priv->export9 == NULL)
- goto bypass;
-
- /* Loop thru IPv6 extended headers to get upper layer header / frag */
int cur = ip6->ip6_nxt, hdr_off = 0;
struct ip6_ext *ip6e;
struct ip6_frag *ip6f;
- /* Save upper layer info */
+ if (priv->export9 == NULL)
+ goto bypass;
+
+ /* Save upper layer info. */
off = pullup_len;
upper_proto = cur;
@@ -808,10 +822,15 @@
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION)
goto bypass;
- while (42) {
+ /*
+ * Loop thru IPv6 extended headers to get upper
+ * layer header / frag.
+ */
+ for (;;) {
switch (cur) {
/*
- * Same as in IPv4, we can forward 'bad' packet without accounting
+ * Same as in IPv4, we can forward a 'bad'
+ * packet without accounting.
*/
case IPPROTO_TCP:
M_CHECK(sizeof(struct tcphdr));
@@ -828,7 +847,8 @@
case IPPROTO_ROUTING:
case IPPROTO_DSTOPTS:
M_CHECK(sizeof(struct ip6_ext));
- ip6e = (struct ip6_ext *)(mtod(m, caddr_t) + off);
+ ip6e = (struct ip6_ext *)(mtod(m, caddr_t) +
+ off);
upper_proto = ip6e->ip6e_nxt;
hdr_off = (ip6e->ip6e_len + 1) << 3;
break;
@@ -836,7 +856,8 @@
/* RFC4302, can be before DSTOPTS */
case IPPROTO_AH:
M_CHECK(sizeof(struct ip6_ext));
- ip6e = (struct ip6_ext *)(mtod(m, caddr_t) + off);
+ ip6e = (struct ip6_ext *)(mtod(m, caddr_t) +
+ off);
upper_proto = ip6e->ip6e_nxt;
hdr_off = (ip6e->ip6e_len + 2) << 2;
break;
@@ -843,11 +864,12 @@
case IPPROTO_FRAGMENT:
M_CHECK(sizeof(struct ip6_frag));
- ip6f = (struct ip6_frag *)(mtod(m, caddr_t) + off);
+ ip6f = (struct ip6_frag *)(mtod(m, caddr_t) +
+ off);
upper_proto = ip6f->ip6f_nxt;
hdr_off = sizeof(struct ip6_frag);
off += hdr_off;
- is_frag = 1;
+ flags |= NG_NETFLOW_IS_FRAG;
goto loopend;
#if 0
@@ -855,7 +877,7 @@
goto loopend;
#endif
/*
- * Any unknow header (new extension or IPv6/IPv4
+ * Any unknown header (new extension or IPv6/IPv4
* header for tunnels) ends loop.
*/
default:
@@ -912,10 +934,12 @@
}
if (ip != NULL)
- error = ng_netflow_flow_add(priv, fe, ip, upper_ptr, upper_proto, is_frag, src_if_index);
+ error = ng_netflow_flow_add(priv, fe, ip, upper_ptr,
+ upper_proto, flags, src_if_index);
#ifdef INET6
else if (ip6 != NULL)
- error = ng_netflow_flow6_add(priv, fe, ip6, upper_ptr, upper_proto, is_frag, src_if_index);
+ error = ng_netflow_flow6_add(priv, fe, ip6, upper_ptr,
+ upper_proto, flags, src_if_index);
#endif
else
goto bypass;
@@ -926,10 +950,12 @@
if (acct == 0) {
/* Accounting failure */
if (ip != NULL) {
- atomic_fetchadd_32(&priv->info.nfinfo_spackets, 1);
+ atomic_fetchadd_32(&priv->info.nfinfo_spackets,
+ 1);
priv->info.nfinfo_sbytes += m_length(m, NULL);
} else if (ip6 != NULL) {
- atomic_fetchadd_32(&priv->info.nfinfo_spackets6, 1);
+ atomic_fetchadd_32(&priv->info.nfinfo_spackets6,
+ 1);
priv->info.nfinfo_sbytes6 += m_length(m, NULL);
}
}
Modified: trunk/sys/netgraph/netflow/ng_netflow.h
===================================================================
--- trunk/sys/netgraph/netflow/ng_netflow.h 2018-05-25 20:02:41 UTC (rev 9931)
+++ trunk/sys/netgraph/netflow/ng_netflow.h 2018-05-25 20:03:07 UTC (rev 9932)
@@ -1,3 +1,4 @@
+/* $MidnightBSD$ */
/*-
* Copyright (c) 2010-2011 Alexander V. Chernikov <melifaro at ipfw.ru>
* Copyright (c) 2004-2005 Gleb Smirnoff <glebius at FreeBSD.org>
@@ -26,7 +27,7 @@
* SUCH DAMAGE.
*
* $SourceForge: ng_netflow.h,v 1.26 2004/09/04 15:44:55 glebius Exp $
- * $FreeBSD$
+ * $FreeBSD: stable/10/sys/netgraph/netflow/ng_netflow.h 255202 2013-09-04 10:17:50Z glebius $
*/
#ifndef _NG_NETFLOW_H_
@@ -90,7 +91,7 @@
uint32_t ifinfo_packets; /* number of packets for this iface */
uint8_t ifinfo_dlt; /* Data Link Type, DLT_XXX */
#define MAXDLTNAMELEN 20
- u_int16_t ifinfo_index; /* connected iface index */
+ uint16_t ifinfo_index; /* connected iface index */
uint32_t conf;
};
@@ -98,13 +99,13 @@
/* This structure is passed to NGM_NETFLOW_SETDLT message */
struct ng_netflow_setdlt {
uint16_t iface; /* which iface dlt change */
- uint8_t dlt; /* DLT_XXX from bpf.h */
+ uint8_t dlt; /* DLT_XXX from bpf.h */
};
/* This structure is passed to NGM_NETFLOW_SETIFINDEX */
struct ng_netflow_setifindex {
- u_int16_t iface; /* which iface index change */
- u_int16_t index; /* new index */
+ uint16_t iface; /* which iface index change */
+ uint16_t index; /* new index */
};
/* This structure is passed to NGM_NETFLOW_SETTIMEOUTS */
@@ -113,15 +114,21 @@
uint32_t active_timeout; /* flow active timeout */
};
-#define NG_NETFLOW_CONF_INGRESS 1
-#define NG_NETFLOW_CONF_EGRESS 2
-#define NG_NETFLOW_CONF_ONCE 4
-#define NG_NETFLOW_CONF_THISONCE 8
+#define NG_NETFLOW_CONF_INGRESS 0x01 /* Account on ingress */
+#define NG_NETFLOW_CONF_EGRESS 0x02 /* Account on egress */
+#define NG_NETFLOW_CONF_ONCE 0x04 /* Add tag to account only once */
+#define NG_NETFLOW_CONF_THISONCE 0x08 /* Account once in current node */
+#define NG_NETFLOW_CONF_NOSRCLOOKUP 0x10 /* No radix lookup on src */
+#define NG_NETFLOW_CONF_NODSTLOOKUP 0x20 /* No radix lookup on dst */
+#define NG_NETFLOW_IS_FRAG 0x01
+#define NG_NETFLOW_FLOW_FLAGS (NG_NETFLOW_CONF_NOSRCLOOKUP|\
+ NG_NETFLOW_CONF_NODSTLOOKUP)
+
/* This structure is passed to NGM_NETFLOW_SETCONFIG */
struct ng_netflow_setconfig {
- u_int16_t iface; /* which iface config change */
- u_int32_t conf; /* new config */
+ uint16_t iface; /* which iface config change */
+ uint32_t conf; /* new config */
};
/* This structure is passed to NGM_NETFLOW_SETTEMPLATE */
@@ -139,7 +146,7 @@
struct ngnf_show_header {
u_char version; /* IPv4 or IPv6 */
uint32_t hash_id; /* current hash index */
- uint32_t list_id; /* current record number in given hash */
+ uint32_t list_id; /* current record number in hash */
uint32_t nentries; /* number of records in response */
};
@@ -158,7 +165,7 @@
/* This is unique data, which identifies flow */
struct flow_rec {
- uint16_t flow_type; /* IPv4 L4/L3 flow, see NETFLOW_V9_FLOW* */
+ uint16_t flow_type;
uint16_t fib;
struct in_addr r_src;
struct in_addr r_dst;
@@ -181,7 +188,7 @@
/* This is unique data, which identifies flow */
struct flow6_rec {
- uint16_t flow_type; /* IPv4 L4/L3 Ipv6 L4/L3 flow, see NETFLOW_V9_FLOW* */
+ uint16_t flow_type;
uint16_t fib;
union {
struct in_addr r_src;
@@ -218,18 +225,18 @@
/* A flow entry which accumulates statistics */
struct flow_entry_data {
- uint16_t version; /* Protocol version */
- struct flow_rec r;
- struct in_addr next_hop;
- uint16_t fle_o_ifx; /* output interface index */
-#define fle_i_ifx r.misc.i.i_ifx
+ uint16_t version; /* Protocol version */
+ struct flow_rec r;
+ struct in_addr next_hop;
+ uint16_t fle_o_ifx; /* output interface index */
+#define fle_i_ifx r.misc.i.i_ifx
uint8_t dst_mask; /* destination route mask bits */
uint8_t src_mask; /* source route mask bits */
- u_long packets;
- u_long bytes;
- long first; /* uptime on first packet */
- long last; /* uptime on last packet */
- u_char tcp_flags; /* cumulative OR */
+ u_long packets;
+ u_long bytes;
+ long first; /* uptime on first packet */
+ long last; /* uptime on last packet */
+ u_char tcp_flags; /* cumulative OR */
};
struct flow6_entry_data {
@@ -236,18 +243,18 @@
uint16_t version; /* Protocol version */
struct flow6_rec r;
union {
- struct in_addr next_hop;
- struct in6_addr next_hop6;
+ struct in_addr next_hop;
+ struct in6_addr next_hop6;
} n;
- uint16_t fle_o_ifx; /* output interface index */
-#define fle_i_ifx r.misc.i.i_ifx
+ uint16_t fle_o_ifx; /* output interface index */
+#define fle_i_ifx r.misc.i.i_ifx
uint8_t dst_mask; /* destination route mask bits */
uint8_t src_mask; /* source route mask bits */
- u_long packets;
- u_long bytes;
- long first; /* uptime on first packet */
- long last; /* uptime on last packet */
- u_char tcp_flags; /* cumulative OR */
+ u_long packets;
+ u_long bytes;
+ long first; /* uptime on first packet */
+ long last; /* uptime on last packet */
+ u_char tcp_flags; /* cumulative OR */
};
/*
@@ -254,12 +261,12 @@
* How many flow records we will transfer at once
* without overflowing socket receive buffer
*/
-#define NREC_AT_ONCE 1000
-#define NREC6_AT_ONCE (NREC_AT_ONCE * sizeof(struct flow_entry_data) / \
- sizeof(struct flow6_entry_data))
-#define NGRESP_SIZE (sizeof(struct ngnf_show_header) + (NREC_AT_ONCE * \
- sizeof(struct flow_entry_data)))
-#define SORCVBUF_SIZE (NGRESP_SIZE + 2 * sizeof(struct ng_mesg))
+#define NREC_AT_ONCE 1000
+#define NREC6_AT_ONCE (NREC_AT_ONCE * sizeof(struct flow_entry_data) / \
+ sizeof(struct flow6_entry_data))
+#define NGRESP_SIZE (sizeof(struct ngnf_show_header) + (NREC_AT_ONCE * \
+ sizeof(struct flow_entry_data)))
+#define SORCVBUF_SIZE (NGRESP_SIZE + 2 * sizeof(struct ng_mesg))
/* Everything below is for kernel */
@@ -277,35 +284,35 @@
/* Parsing declarations */
/* Parse the info structure */
-#define NG_NETFLOW_INFO_TYPE { \
- { "IPv4 bytes", &ng_parse_uint64_type }, \
- { "IPv4 packets", &ng_parse_uint32_type }, \
- { "IPv6 bytes", &ng_parse_uint64_type }, \
- { "IPv6 packets", &ng_parse_uint32_type }, \
- { "IPv4 skipped bytes", &ng_parse_uint64_type }, \
- { "IPv4 skipped packets", &ng_parse_uint32_type }, \
- { "IPv6 skipped bytes", &ng_parse_uint64_type }, \
- { "IPv6 skipped packets", &ng_parse_uint32_type }, \
- { "IPv4 records used", &ng_parse_uint32_type },\
- { "IPv6 records used", &ng_parse_uint32_type },\
- { "Failed allocations", &ng_parse_uint32_type },\
- { "V5 failed exports", &ng_parse_uint32_type },\
- { "V9 failed exports", &ng_parse_uint32_type },\
- { "mbuf reallocations", &ng_parse_uint32_type },\
- { "fibs allocated", &ng_parse_uint32_type },\
- { "Active expiries", &ng_parse_uint32_type },\
- { "Inactive expiries", &ng_parse_uint32_type },\
- { "Inactive timeout", &ng_parse_uint32_type },\
- { "Active timeout", &ng_parse_uint32_type },\
- { NULL } \
+#define NG_NETFLOW_INFO_TYPE { \
+ { "IPv4 bytes", &ng_parse_uint64_type },\
+ { "IPv4 packets", &ng_parse_uint32_type },\
+ { "IPv6 bytes", &ng_parse_uint64_type },\
+ { "IPv6 packets", &ng_parse_uint32_type },\
+ { "IPv4 skipped bytes", &ng_parse_uint64_type },\
+ { "IPv4 skipped packets", &ng_parse_uint32_type },\
+ { "IPv6 skipped bytes", &ng_parse_uint64_type },\
+ { "IPv6 skipped packets", &ng_parse_uint32_type },\
+ { "IPv4 records used", &ng_parse_uint32_type },\
+ { "IPv6 records used", &ng_parse_uint32_type },\
+ { "Failed allocations", &ng_parse_uint32_type },\
+ { "V5 failed exports", &ng_parse_uint32_type },\
+ { "V9 failed exports", &ng_parse_uint32_type },\
+ { "mbuf reallocations", &ng_parse_uint32_type },\
+ { "fibs allocated", &ng_parse_uint32_type },\
+ { "Active expiries", &ng_parse_uint32_type },\
+ { "Inactive expiries", &ng_parse_uint32_type },\
+ { "Inactive timeout", &ng_parse_uint32_type },\
+ { "Active timeout", &ng_parse_uint32_type },\
+ { NULL } \
}
/* Parse the ifinfo structure */
#define NG_NETFLOW_IFINFO_TYPE { \
- { "packets", &ng_parse_uint32_type }, \
- { "data link type", &ng_parse_uint8_type }, \
- { "index", &ng_parse_uint16_type }, \
- { "conf", &ng_parse_uint32_type }, \
+ { "packets", &ng_parse_uint32_type },\
+ { "data link type", &ng_parse_uint8_type }, \
+ { "index", &ng_parse_uint16_type },\
+ { "conf", &ng_parse_uint32_type },\
{ NULL } \
}
@@ -312,7 +319,7 @@
/* Parse the setdlt structure */
#define NG_NETFLOW_SETDLT_TYPE { \
{ "iface", &ng_parse_uint16_type }, \
- { "dlt", &ng_parse_uint8_type }, \
+ { "dlt", &ng_parse_uint8_type }, \
{ NULL } \
}
@@ -351,11 +358,11 @@
}
/* Parse the v9info structure */
-#define NG_NETFLOW_V9INFO_TYPE { \
+#define NG_NETFLOW_V9INFO_TYPE { \
{ "v9 template packets", &ng_parse_uint16_type },\
- { "v9 template time", &ng_parse_uint16_type },\
- { "v9 MTU", &ng_parse_uint16_type },\
- { NULL } \
+ { "v9 template time", &ng_parse_uint16_type },\
+ { "v9 MTU", &ng_parse_uint16_type },\
+ { NULL } \
}
/* Private hook data */
@@ -376,18 +383,23 @@
/* Structure contatining fib-specific data */
struct fib_export {
- uint32_t fib; /* kernel fib id */
- struct netflow_export_item exp; /* Various data used for export */
- struct mtx export_mtx; /* exp.item mutex */
- struct mtx export9_mtx; /* exp.item9 mutex */
- uint32_t flow_seq; /* current V5 flow sequence */
- uint32_t flow9_seq; /* current V9 flow sequence */
- uint32_t domain_id; /* Observartion domain id */
+ uint32_t fib; /* kernel fib id */
+
+ /* Various data used for export */
+ struct netflow_export_item exp;
+
+ struct mtx export_mtx; /* exp.item mutex */
+ struct mtx export9_mtx; /* exp.item9 mutex */
+ uint32_t flow_seq; /* current V5 flow sequence */
+ uint32_t flow9_seq; /* current V9 flow sequence */
+ uint32_t domain_id; /* Observartion domain id */
/* Netflow V9 counters */
- uint32_t templ_last_ts; /* unixtime of last template announce */
- uint32_t templ_last_pkt; /* packets count on last template announce */
- uint32_t sent_packets; /* packets sent by exporter; */
- struct netflow_v9_packet_opt *export9_opt; /* current packet specific options */
+ uint32_t templ_last_ts; /* unixtime of last template announce */
+ uint32_t templ_last_pkt; /* packet count on last announce */
+ uint32_t sent_packets; /* packets sent by exporter; */
+
+ /* Current packet specific options */
+ struct netflow_v9_packet_opt *export9_opt;
};
typedef struct fib_export *fib_export_p;
@@ -394,19 +406,18 @@
/* Structure describing our flow engine */
struct netflow {
- node_p node; /* link to the node itself */
- hook_p export; /* export data goes there */
- hook_p export9; /* Netflow V9 export data goes there */
+ node_p node; /* link to the node itself */
+ hook_p export; /* export data goes there */
+ hook_p export9; /* Netflow V9 export data goes there */
+ struct ng_netflow_info info;
+ struct callout exp_callout; /* expiry periodic job */
- struct ng_netflow_info info;
- struct callout exp_callout; /* expiry periodic job */
-
/*
* Flow entries are allocated in uma(9) zone zone. They are
* indexed by hash hash. Each hash element consist of tailqueue
* head and mutex to protect this element.
*/
-#define CACHESIZE (65536*4)
+#define CACHESIZE (65536*16)
#define CACHELOWAT (CACHESIZE * 3/4)
#define CACHEHIGHWAT (CACHESIZE * 9/10)
uma_zone_t zone;
@@ -429,9 +440,10 @@
uma_zone_t zone6;
struct flow_hash_entry *hash6;
#endif
+
/* Multiple FIB support */
- fib_export_p *fib_data; /* array of pointers to per-fib data */
- uint16_t maxfibs; /* number of allocated fibs */
+ fib_export_p *fib_data; /* vector to per-fib data */
+ uint16_t maxfibs; /* number of allocated fibs */
/* Netflow v9 configuration options */
/*
@@ -438,14 +450,19 @@
* RFC 3954 clause 7.3
* "Both options MUST be configurable by the user on the Exporter."
*/
- uint16_t templ_time; /* time between sending templates */
- uint16_t templ_packets; /* packets between sending templates */
+ uint16_t templ_time; /* time between sending templates */
+ uint16_t templ_packets; /* packets between sending templates */
#define NETFLOW_V9_MAX_FLOWSETS 2
- u_char flowsets_count; /* current flowsets used */
- u_char flowset_records[NETFLOW_V9_MAX_FLOWSETS - 1]; /* Count of records in each flowset */
- uint16_t mtu; /* export interface MTU */
- struct netflow_v9_flowset_header *v9_flowsets[NETFLOW_V9_MAX_FLOWSETS - 1]; /* Pointers to pre-compiled flowsets */
+ u_char flowsets_count; /* current flowsets used */
+ /* Count of records in each flowset */
+ u_char flowset_records[NETFLOW_V9_MAX_FLOWSETS - 1];
+ uint16_t mtu; /* export interface MTU */
+
+ /* Pointers to pre-compiled flowsets */
+ struct netflow_v9_flowset_header
+ *v9_flowsets[NETFLOW_V9_MAX_FLOWSETS - 1];
+
struct ng_netflow_iface ifaces[NG_NETFLOW_MAXIFACES];
};
@@ -486,18 +503,22 @@
void ng_netflow_copyinfo(priv_p, struct ng_netflow_info *);
void ng_netflow_copyv9info(priv_p, struct ng_netflow_v9info *);
timeout_t ng_netflow_expire;
-int ng_netflow_flow_add(priv_p, fib_export_p, struct ip *, caddr_t, uint8_t, uint8_t, unsigned int);
-int ng_netflow_flow6_add(priv_p, fib_export_p, struct ip6_hdr *, caddr_t , uint8_t, uint8_t, unsigned int);
-int ng_netflow_flow_show(priv_p, struct ngnf_show_header *req, struct ngnf_show_header *resp);
-
+int ng_netflow_flow_add(priv_p, fib_export_p, struct ip *, caddr_t,
+ uint8_t, uint8_t, unsigned int);
+int ng_netflow_flow6_add(priv_p, fib_export_p, struct ip6_hdr *, caddr_t,
+ uint8_t, uint8_t, unsigned int);
+int ng_netflow_flow_show(priv_p, struct ngnf_show_header *req,
+ struct ngnf_show_header *resp);
void ng_netflow_v9_cache_init(priv_p);
void ng_netflow_v9_cache_flush(priv_p);
-item_p get_export9_dgram(priv_p, fib_export_p, struct netflow_v9_packet_opt **);
+item_p get_export9_dgram(priv_p, fib_export_p,
+ struct netflow_v9_packet_opt **);
void return_export9_dgram(priv_p, fib_export_p, item_p,
- struct netflow_v9_packet_opt *, int);
-int export9_add(item_p, struct netflow_v9_packet_opt *, struct flow_entry *);
-int export9_send(priv_p, fib_export_p, item_p, struct netflow_v9_packet_opt *,
- int);
+ struct netflow_v9_packet_opt *, int);
+int export9_add(item_p, struct netflow_v9_packet_opt *,
+ struct flow_entry *);
+int export9_send(priv_p, fib_export_p, item_p,
+ struct netflow_v9_packet_opt *, int);
#endif /* _KERNEL */
#endif /* _NG_NETFLOW_H_ */
More information about the Midnightbsd-cvs
mailing list