FD.io VPP  v17.07.01-10-g3be13f0
Vector Packet Processing
snat_ipfix_logging.c
Go to the documentation of this file.
1 /*
2  * snat_ipfix_logging.c - NAT Events IPFIX logging
3  *
4  * Copyright (c) 2016 Cisco and/or its affiliates.
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 
18 #include <vnet/flow/flow_report.h>
19 #include <vlibmemory/api.h>
20 #include <snat/snat.h>
22 
24 
25 #define NAT44_SESSION_CREATE_LEN 26
26 #define NAT_ADDRESSES_EXHAUTED_LEN 13
27 #define MAX_ENTRIES_PER_USER_LEN 17
28 
29 #define NAT44_SESSION_CREATE_FIELD_COUNT 8
30 #define NAT_ADDRESSES_EXHAUTED_FIELD_COUNT 3
31 #define MAX_ENTRIES_PER_USER_FIELD_COUNT 4
32 
33 typedef struct {
42 
43 typedef struct {
46 
47 typedef struct {
50 
51 /**
52  * @brief Create an IPFIX template packet rewrite string
53  *
54  * @param frm flow report main
55  * @param fr flow report
56  * @param collector_address collector address
57  * @param src_address source address
58  * @param collector_port collector
59  * @param event NAT event ID
60  * @param quota_event NAT quota exceeded event ID
61  *
62  * @returns template packet
63  */
64 static inline u8 *
66  flow_report_t * fr,
67  ip4_address_t * collector_address,
68  ip4_address_t * src_address,
69  u16 collector_port,
70  nat_event_t event,
71  quota_exceed_event_t quota_event)
72 {
74  ip4_header_t *ip;
75  udp_header_t *udp;
80  ipfix_field_specifier_t *first_field;
81  u8 *rewrite = 0;
83  u32 field_count = 0;
84  flow_report_stream_t *stream;
85 
86  stream = &frm->streams[fr->stream_index];
87  silm->stream_index = fr->stream_index;
88 
89  if (event == NAT_ADDRESSES_EXHAUTED)
90  {
93  }
94  else if (event == NAT44_SESSION_CREATE)
95  {
98  }
99  else if (event == QUOTA_EXCEEDED)
100  {
101  if (quota_event == MAX_ENTRIES_PER_USER)
102  {
103  field_count = MAX_ENTRIES_PER_USER_FIELD_COUNT;
105  }
106  }
107 
108  /* allocate rewrite space */
109  vec_validate_aligned (rewrite,
111  + field_count * sizeof (ipfix_field_specifier_t) - 1,
113 
114  tp = (ip4_ipfix_template_packet_t *) rewrite;
115  ip = (ip4_header_t *) & tp->ip4;
116  udp = (udp_header_t *) (ip + 1);
117  h = (ipfix_message_header_t *) (udp + 1);
118  s = (ipfix_set_header_t *) (h + 1);
119  t = (ipfix_template_header_t *) (s + 1);
120  first_field = f = (ipfix_field_specifier_t *) (t + 1);
121 
122  ip->ip_version_and_header_length = 0x45;
123  ip->ttl = 254;
124  ip->protocol = IP_PROTOCOL_UDP;
125  ip->src_address.as_u32 = src_address->as_u32;
126  ip->dst_address.as_u32 = collector_address->as_u32;
127  udp->src_port = clib_host_to_net_u16 (stream->src_port);
128  udp->dst_port = clib_host_to_net_u16 (collector_port);
129  udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip));
130 
131  /* FIXUP: message header export_time */
132  h->domain_id = clib_host_to_net_u32 (stream->domain_id);
133 
134  /* Add TLVs to the template */
135  if (event == NAT_ADDRESSES_EXHAUTED)
136  {
137  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
138  f++;
139  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
140  f++;
141  f->e_id_length = ipfix_e_id_length (0, natPoolId, 4);
142  f++;
143  }
144  else if (event == NAT44_SESSION_CREATE)
145  {
146  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
147  f++;
148  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
149  f++;
150  f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
151  f++;
152  f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
153  f++;
154  f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
155  f++;
156  f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
157  f++;
158  f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
159  f++;
160  f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
161  f++;
162  }
163  else if (event == QUOTA_EXCEEDED)
164  {
165  if (quota_event == MAX_ENTRIES_PER_USER)
166  {
167  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
168  8);
169  f++;
170  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
171  f++;
172  f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
173  f++;
174  f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
175  f++;
176  }
177  }
178 
179  /* Back to the template packet... */
180  ip = (ip4_header_t *) & tp->ip4;
181  udp = (udp_header_t *) (ip + 1);
182 
183  ASSERT (f - first_field);
184  /* Field count in this template */
185  t->id_count = ipfix_id_count (fr->template_id, f - first_field);
186 
187  /* set length in octets */
188  s->set_id_length =
189  ipfix_set_id_length (2 /* set_id */ , (u8 *) f - (u8 *) s);
190 
191  /* message length in octets */
192  h->version_length = version_length ((u8 *) f - (u8 *) h);
193 
194  ip->length = clib_host_to_net_u16 ((u8 *) f - (u8 *) ip);
195  ip->checksum = ip4_header_checksum (ip);
196 
197  return rewrite;
198 }
199 
200 u8 *
202  flow_report_t * fr,
203  ip4_address_t * collector_address,
204  ip4_address_t * src_address,
205  u16 collector_port)
206 {
207  return snat_template_rewrite (frm, fr, collector_address, src_address,
208  collector_port, NAT_ADDRESSES_EXHAUTED, 0);
209 }
210 
211 u8 *
213  flow_report_t * fr,
214  ip4_address_t * collector_address,
215  ip4_address_t * src_address,
216  u16 collector_port)
217 {
218  return snat_template_rewrite (frm, fr, collector_address, src_address,
219  collector_port, NAT44_SESSION_CREATE, 0);
220 }
221 
222 u8 *
224  flow_report_t * fr,
225  ip4_address_t * collector_address,
226  ip4_address_t * src_address,
227  u16 collector_port)
228 {
229  return snat_template_rewrite (frm, fr, collector_address, src_address,
230  collector_port, QUOTA_EXCEEDED,
232 }
233 
234 static inline void
236  vlib_buffer_t * b0,
237  u32 * offset)
238 {
240  flow_report_stream_t *stream;
242  ipfix_message_header_t * h = 0;
243  ipfix_set_header_t * s = 0;
244  ip4_header_t * ip;
245  udp_header_t * udp;
246 
247  stream = &frm->streams[silm->stream_index];
248 
249  b0->current_data = 0;
250  b0->current_length = sizeof (*ip) + sizeof (*udp) + sizeof (*h) +
251  sizeof (*s);
253  vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
254  vnet_buffer (b0)->sw_if_index[VLIB_TX] = frm->fib_index;
255  tp = vlib_buffer_get_current (b0);
256  ip = (ip4_header_t *) &tp->ip4;
257  udp = (udp_header_t *) (ip+1);
258  h = (ipfix_message_header_t *)(udp+1);
259  s = (ipfix_set_header_t *)(h+1);
260 
261  ip->ip_version_and_header_length = 0x45;
262  ip->ttl = 254;
263  ip->protocol = IP_PROTOCOL_UDP;
267  udp->src_port = clib_host_to_net_u16 (stream->src_port);
268  udp->dst_port = clib_host_to_net_u16 (frm->collector_port);
269  udp->checksum = 0;
270 
271  h->export_time = clib_host_to_net_u32 (
272  (u32) (((f64)frm->unix_time_0) + (vlib_time_now(frm->vlib_main) -
273  frm->vlib_time_0)));
274  h->sequence_number = clib_host_to_net_u32 (stream->sequence_number++);
275  h->domain_id = clib_host_to_net_u32 (stream->domain_id);
276 
277  *offset = (u32) (((u8 *)(s+1)) - (u8 *)tp);
278 }
279 
280 static inline void
282  vlib_frame_t * f,
283  vlib_buffer_t * b0,
284  u16 template_id)
285 {
287  ipfix_message_header_t * h = 0;
288  ipfix_set_header_t * s = 0;
289  ip4_header_t * ip;
290  udp_header_t * udp;
291  vlib_main_t * vm = frm->vlib_main;
292 
293  tp = vlib_buffer_get_current (b0);
294  ip = (ip4_header_t *) & tp->ip4;
295  udp = (udp_header_t *) (ip + 1);
296  h = (ipfix_message_header_t *) (udp + 1);
297  s = (ipfix_set_header_t *) (h + 1);
298 
299  s->set_id_length = ipfix_set_id_length (template_id,
300  b0->current_length -
301  (sizeof (*ip) + sizeof (*udp) +
302  sizeof (*h)));
304  (sizeof (*ip) + sizeof (*udp)));
305 
306  ip->length = clib_host_to_net_u16 (b0->current_length);
307  ip->checksum = ip4_header_checksum (ip);
308  udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
309 
310  if (frm->udp_checksum)
311  {
312  udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
313  if (udp->checksum == 0)
314  udp->checksum = 0xffff;
315  }
316 
317  ASSERT (ip->checksum == ip4_header_checksum (ip));
318 
320 }
321 
322 static void
323 snat_ipfix_logging_nat44_ses (u8 nat_event, u32 src_ip, u32 nat_src_ip,
324  snat_protocol_t snat_proto, u16 src_port,
325  u16 nat_src_port, u32 vrf_id, int do_flush)
326 {
329  vlib_frame_t *f;
330  vlib_buffer_t *b0 = 0;
331  u32 bi0 = ~0;
332  u32 offset;
333  vlib_main_t * vm = frm->vlib_main;
334  u64 now;
336  u8 proto = ~0;
337 
338  if (!silm->enabled)
339  return;
340 
341  proto = snat_proto_to_ip_proto (snat_proto);
342 
343  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
344  now += silm->milisecond_time_0;
345 
346  b0 = silm->nat44_session_buffer;
347 
348  if (PREDICT_FALSE (b0 == 0))
349  {
350  if (do_flush)
351  return;
352 
353  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
354  {
355  clib_warning ("can't allocate buffer for NAT IPFIX event");
356  return;
357  }
358 
359  b0 = silm->nat44_session_buffer =
360  vlib_get_buffer (vm, bi0);
364  offset = 0;
365  }
366  else
367  {
368  bi0 = vlib_get_buffer_index (vm, b0);
369  offset = silm->nat44_session_next_record_offset;
370  }
371 
372  f = silm->nat44_session_frame;
373  if (PREDICT_FALSE (f == 0))
374  {
375  u32 * to_next;
376  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
377  silm->nat44_session_frame = f;
378  to_next = vlib_frame_vector_args (f);
379  to_next[0] = bi0;
380  f->n_vectors = 1;
381  }
382 
383  if (PREDICT_FALSE (offset == 0))
384  snat_ipfix_header_create (frm, b0, &offset);
385 
386  if (PREDICT_TRUE (do_flush == 0))
387  {
388  u64 time_stamp = clib_host_to_net_u64 (now);
389  clib_memcpy (b0->data + offset, &time_stamp, sizeof (time_stamp));
390  offset += sizeof (time_stamp);
391 
392  clib_memcpy (b0->data + offset, &nat_event, sizeof (nat_event));
393  offset += sizeof (nat_event);
394 
395  clib_memcpy (b0->data + offset, &src_ip, sizeof (src_ip));
396  offset += sizeof (src_ip);
397 
398  clib_memcpy (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
399  offset += sizeof (nat_src_ip);
400 
401  clib_memcpy (b0->data + offset, &proto, sizeof (proto));
402  offset += sizeof (proto);
403 
404  clib_memcpy (b0->data + offset, &src_port, sizeof (src_port));
405  offset += sizeof (src_port);
406 
407  clib_memcpy (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
408  offset += sizeof (nat_src_port);
409 
410  clib_memcpy (b0->data + offset, &vrf_id, sizeof(vrf_id));
411  offset += sizeof (vrf_id);
412 
414  }
415 
416  if (PREDICT_FALSE (do_flush || (offset + NAT44_SESSION_CREATE_LEN) > frm->path_mtu))
417  {
418  snat_ipfix_send (frm, f, b0, silm->nat44_session_template_id);
419  silm->nat44_session_frame = 0;
420  silm->nat44_session_buffer = 0;
421  offset = 0;
422  }
424  }
425 
426 static void
427 snat_ipfix_logging_addr_exhausted (u32 pool_id, int do_flush)
428 {
431  vlib_frame_t *f;
432  vlib_buffer_t *b0 = 0;
433  u32 bi0 = ~0;
434  u32 offset;
435  vlib_main_t * vm = frm->vlib_main;
436  u64 now;
438  u8 nat_event = NAT_ADDRESSES_EXHAUTED;
439 
440  if (!silm->enabled)
441  return;
442 
443  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
444  now += silm->milisecond_time_0;
445 
446  b0 = silm->addr_exhausted_buffer;
447 
448  if (PREDICT_FALSE (b0 == 0))
449  {
450  if (do_flush)
451  return;
452 
453  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
454  {
455  clib_warning ("can't allocate buffer for NAT IPFIX event");
456  return;
457  }
458 
459  b0 = silm->addr_exhausted_buffer =
460  vlib_get_buffer (vm, bi0);
464  offset = 0;
465  }
466  else
467  {
468  bi0 = vlib_get_buffer_index (vm, b0);
469  offset = silm->addr_exhausted_next_record_offset;
470  }
471 
472  f = silm->addr_exhausted_frame;
473  if (PREDICT_FALSE (f == 0))
474  {
475  u32 * to_next;
476  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
477  silm->addr_exhausted_frame = f;
478  to_next = vlib_frame_vector_args (f);
479  to_next[0] = bi0;
480  f->n_vectors = 1;
481  }
482 
483  if (PREDICT_FALSE (offset == 0))
484  snat_ipfix_header_create (frm, b0, &offset);
485 
486  if (PREDICT_TRUE (do_flush == 0))
487  {
488  u64 time_stamp = clib_host_to_net_u64 (now);
489  clib_memcpy (b0->data + offset, &time_stamp, sizeof (time_stamp));
490  offset += sizeof (time_stamp);
491 
492  clib_memcpy (b0->data + offset, &nat_event, sizeof (nat_event));
493  offset += sizeof (nat_event);
494 
495  clib_memcpy (b0->data + offset, &pool_id, sizeof(pool_id));
496  offset += sizeof (pool_id);
497 
499  }
500 
501  if (PREDICT_FALSE (do_flush || (offset + NAT_ADDRESSES_EXHAUTED_LEN) > frm->path_mtu))
502  {
503  snat_ipfix_send (frm, f, b0, silm->addr_exhausted_template_id);
504  silm->addr_exhausted_frame = 0;
505  silm->addr_exhausted_buffer = 0;
506  offset = 0;
507  }
509 }
510 
511 static void
513 {
516  vlib_frame_t *f;
517  vlib_buffer_t *b0 = 0;
518  u32 bi0 = ~0;
519  u32 offset;
520  vlib_main_t * vm = frm->vlib_main;
521  u64 now;
523  u8 nat_event = QUOTA_EXCEEDED;
524  u32 quota_event = MAX_ENTRIES_PER_USER;
525 
526  if (!silm->enabled)
527  return;
528 
529  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
530  now += silm->milisecond_time_0;
531 
532  b0 = silm->max_entries_per_user_buffer;
533 
534  if (PREDICT_FALSE (b0 == 0))
535  {
536  if (do_flush)
537  return;
538 
539  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
540  {
541  clib_warning ("can't allocate buffer for NAT IPFIX event");
542  return;
543  }
544 
545  b0 = silm->max_entries_per_user_buffer =
546  vlib_get_buffer (vm, bi0);
550  offset = 0;
551  }
552  else
553  {
554  bi0 = vlib_get_buffer_index (vm, b0);
556  }
557 
558  f = silm->max_entries_per_user_frame;
559  if (PREDICT_FALSE (f == 0))
560  {
561  u32 * to_next;
562  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
563  silm->max_entries_per_user_frame = f;
564  to_next = vlib_frame_vector_args (f);
565  to_next[0] = bi0;
566  f->n_vectors = 1;
567  }
568 
569  if (PREDICT_FALSE (offset == 0))
570  snat_ipfix_header_create (frm, b0, &offset);
571 
572  if (PREDICT_TRUE (do_flush == 0))
573  {
574  u64 time_stamp = clib_host_to_net_u64 (now);
575  clib_memcpy (b0->data + offset, &time_stamp, sizeof (time_stamp));
576  offset += sizeof (time_stamp);
577 
578  clib_memcpy (b0->data + offset, &nat_event, sizeof (nat_event));
579  offset += sizeof (nat_event);
580 
581  clib_memcpy (b0->data + offset, &quota_event, sizeof(quota_event));
582  offset += sizeof (quota_event);
583 
584  clib_memcpy (b0->data + offset, &src_ip, sizeof (src_ip));
585  offset += sizeof (src_ip);
586 
588  }
589 
590  if (PREDICT_FALSE (do_flush || (offset + MAX_ENTRIES_PER_USER_LEN) > frm->path_mtu))
591  {
593  silm->max_entries_per_user_frame = 0;
594  silm->max_entries_per_user_buffer = 0;
595  offset = 0;
596  }
598 }
599 
600 static void
602 {
604  a->snat_proto, a->src_port, a->nat_src_port,
605  a->vrf_id, 0);
606 }
607 
608 /**
609  * @brief Generate NAT44 session create event
610  *
611  * @param src_ip source IPv4 address
612  * @param nat_src_ip transaltes source IPv4 address
613  * @param snat_proto SNAT transport protocol
614  * @param src_port source port
615  * @param nat_src_port translated source port
616  * @param vrf_id VRF ID
617  */
618 void
620  u32 nat_src_ip,
621  snat_protocol_t snat_proto,
622  u16 src_port,
623  u16 nat_src_port,
624  u32 vrf_id)
625 {
627 
629  a.src_ip = src_ip;
630  a.nat_src_ip = nat_src_ip;
631  a.snat_proto = snat_proto;
632  a.src_port = src_port;
633  a.nat_src_port = nat_src_port;
634  a.vrf_id = vrf_id;
635 
637  sizeof (a));
638 }
639 
640 /**
641  * @brief Generate NAT44 session delete event
642  *
643  * @param src_ip source IPv4 address
644  * @param nat_src_ip transaltes source IPv4 address
645  * @param snat_proto SNAT transport protocol
646  * @param src_port source port
647  * @param nat_src_port translated source port
648  * @param vrf_id VRF ID
649  */
650 void
652  u32 nat_src_ip,
653  snat_protocol_t snat_proto,
654  u16 src_port,
655  u16 nat_src_port,
656  u32 vrf_id)
657 {
659 
661  a.src_ip = src_ip;
662  a.nat_src_ip = nat_src_ip;
663  a.snat_proto = snat_proto;
664  a.src_port = src_port;
665  a.nat_src_port = nat_src_port;
666  a.vrf_id = vrf_id;
667 
669  sizeof (a));
670 }
671 
672 vlib_frame_t *
674  flow_report_t * fr,
675  vlib_frame_t * f,
676  u32 * to_next,
677  u32 node_index)
678 {
679  snat_ipfix_logging_nat44_ses(0, 0, 0, 0, 0, 0, 0, 1);
680  return f;
681 }
682 
683 static void
686 {
688 }
689 
690 /**
691  * @brief Generate NAT addresses exhausted event
692  *
693  * @param pool_id NAT pool ID
694  */
695 void
697 {
698  //TODO: This event SHOULD be rate limited
700 
701  a.pool_id = pool_id;
702 
704  (u8 *) &a, sizeof (a));
705 }
706 
707 vlib_frame_t *
709  flow_report_t * fr,
710  vlib_frame_t * f,
711  u32 * to_next,
712  u32 node_index)
713 {
715  return f;
716 }
717 
718 static void
721 {
723 }
724 
725 /**
726  * @brief Generate maximum entries per user exceeded event
727  *
728  * @param src_ip source IPv4 address
729  */
730 void
732 {
733  //TODO: This event SHOULD be rate limited
735 
736  a.src_ip = src_ip;
737 
739  (u8 *) &a, sizeof (a));
740 }
741 
742 vlib_frame_t *
744  flow_report_t * fr,
745  vlib_frame_t * f,
746  u32 * to_next,
747  u32 node_index)
748 {
750  return f;
751 }
752 
753 /**
754  * @brief Enable/disable SNAT IPFIX logging
755  *
756  * @param enable 1 if enable, 0 if disable
757  * @param domain_id observation domain ID
758  * @param src_port source port number
759  *
760  * @returns 0 if success
761  */
762 int
763 snat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port)
764 {
765  snat_main_t * sm = &snat_main;
769  int rv;
770  u8 e = enable ? 1 : 0;
771 
772  if (silm->enabled == e)
773  return 0;
774 
775  silm->enabled = e;
776 
777  memset (&a, 0, sizeof (a));
778  a.is_add = enable;
779  a.domain_id = domain_id ? domain_id : 1;
780  a.src_port = src_port ? src_port : UDP_DST_PORT_ipfix;
781 
782  if (sm->deterministic)
783  {
786 
787  rv = vnet_flow_report_add_del (frm, &a, NULL);
788  if (rv)
789  {
790  clib_warning ("vnet_flow_report_add_del returned %d", rv);
791  return -1;
792  }
793  }
794  else
795  {
798 
799  rv = vnet_flow_report_add_del (frm, &a, NULL);
800  if (rv)
801  {
802  clib_warning ("vnet_flow_report_add_del returned %d", rv);
803  return -1;
804  }
805 
808 
809  rv = vnet_flow_report_add_del (frm, &a, NULL);
810  if (rv)
811  {
812  clib_warning ("vnet_flow_report_add_del returned %d", rv);
813  return -1;
814  }
815  }
816 
817  return 0;
818 }
819 
820 /**
821  * @brief Initialize SNAT IPFIX logging
822  *
823  * @param vm vlib main
824  */
825 void
827 {
829 
830  silm->enabled = 0;
831 
832  /* Set up time reference pair */
833  silm->vlib_time_0 = vlib_time_now (vm);
834  silm->milisecond_time_0 = unix_time_now_nsec () * 1e-6;
835 }
vlib_frame_t * vlib_get_frame_to_node(vlib_main_t *vm, u32 to_node_index)
Definition: main.c:187
vlib_frame_t * max_entries_per_user_frame
void snat_ipfix_logging_max_entries_per_user(u32 src_ip)
Generate maximum entries per user exceeded event.
a
Definition: bitmap.h:516
ip4_address_t src_address
Definition: ip4_packet.h:164
static void snat_ipfix_logging_nat44_ses(u8 nat_event, u32 src_ip, u32 nat_src_ip, snat_protocol_t snat_proto, u16 src_port, u16 nat_src_port, u32 vrf_id, int do_flush)
static u8 * snat_template_rewrite(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, nat_event_t event, quota_exceed_event_t quota_event)
Create an IPFIX template packet rewrite string.
static void snat_ipfix_send(flow_report_main_t *frm, vlib_frame_t *f, vlib_buffer_t *b0, u16 template_id)
#define PREDICT_TRUE(x)
Definition: clib.h:98
vlib_frame_t * addr_exhausted_frame
static u32 ipfix_e_id_length(int e, u16 id, u16 length)
Definition: ipfix_packet.h:72
#define NULL
Definition: clib.h:55
static f64 vlib_time_now(vlib_main_t *vm)
Definition: main.h:192
u32 stream_index
Definition: flow_report.h:72
int vnet_flow_report_add_del(flow_report_main_t *frm, vnet_flow_report_add_del_args_t *a, u16 *template_id)
Definition: flow_report.c:239
ip4_address_t src_address
Definition: flow_report.h:96
void snat_ipfix_logging_init(vlib_main_t *vm)
Initialize SNAT IPFIX logging.
static void snat_ipfix_logging_addr_exhausted(u32 pool_id, int do_flush)
int snat_ipfix_logging_enable_disable(int enable, u32 domain_id, u16 src_port)
Enable/disable SNAT IPFIX logging.
static void snat_ipfix_logging_max_entries_per_usr(u32 src_ip, int do_flush)
u16 flags_and_fragment_offset
Definition: ip4_packet.h:145
u8 enabled
S-NAT IPFIX logging enabled.
void snat_ipfix_logging_nat44_ses_delete(u32 src_ip, u32 nat_src_ip, snat_protocol_t snat_proto, u16 src_port, u16 nat_src_port, u32 vrf_id)
Generate NAT44 session delete event.
u8 * snat_template_rewrite_max_entries_per_usr(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port)
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
Definition: vec.h:447
ip4_address_t ipfix_collector
Definition: flow_report.h:94
vlib_node_registration_t ip4_lookup_node
(constructor) VLIB_REGISTER_NODE (ip4_lookup_node)
Definition: ip4_forward.c:479
quota_exceed_event_t
flow_report_stream_t * streams
Definition: flow_report.h:91
i16 current_data
signed offset in data[], pre_data[] that we are currently processing.
Definition: buffer.h:67
ip4_address_t dst_address
Definition: ip4_packet.h:164
static void snat_ipfix_logging_max_entries_per_usr_rpc_cb(snat_ipfix_logging_max_entries_per_user_args_t *a)
#define VLIB_BUFFER_TOTAL_LENGTH_VALID
Definition: buffer.h:89
vnet_flow_rewrite_callback_t * rewrite_callback
Definition: flow_report.h:125
static void snat_ipfix_logging_nat44_ses_rpc_cb(snat_ipfix_logging_nat44_ses_args_t *a)
unsigned long u64
Definition: types.h:89
static u32 vlib_get_buffer_index(vlib_main_t *vm, void *p)
Translate buffer pointer into buffer index.
Definition: buffer_funcs.h:70
#define NAT44_SESSION_CREATE_FIELD_COUNT
flow_report_main_t flow_report_main
Definition: flow_report.c:21
u16 current_length
Nbytes between current data and the end of this buffer.
Definition: buffer.h:71
vlib_frame_t * nat44_session_frame
frames containing ipfix buffers
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:188
#define VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX
Definition: buffer.h:402
snat_main_t snat_main
Definition: jvpp_snat.h:39
#define VLIB_BUFFER_FLOW_REPORT
Definition: buffer.h:92
#define PREDICT_FALSE(x)
Definition: clib.h:97
static u32 version_length(u16 length)
Definition: ipfix_packet.h:31
#define NAT44_SESSION_CREATE_LEN
u64 milisecond_time_0
Time reference pair.
u16 n_vectors
Definition: node.h:345
vlib_buffer_t * nat44_session_buffer
ipfix buffers under construction
snat_ipfix_logging_main_t snat_ipfix_logging_main
u8 * snat_template_rewrite_addr_exhausted(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port)
#define NAT_ADDRESSES_EXHAUTED_LEN
static u32 ipfix_id_count(u16 id, u16 count)
Definition: ipfix_packet.h:175
#define clib_warning(format, args...)
Definition: error.h:59
#define clib_memcpy(a, b, c)
Definition: string.h:69
void vl_api_rpc_call_main_thread(void *fp, u8 *data, u32 data_length)
Definition: memory_vlib.c:1328
static u64 unix_time_now_nsec(void)
Definition: time.h:238
static u8 snat_proto_to_ip_proto(snat_protocol_t snat_proto)
Definition: snat.h:402
u16 nat44_session_template_id
template IDs
snat_protocol_t
Definition: snat.h:98
void snat_ipfix_logging_addresses_exhausted(u32 pool_id)
Generate NAT addresses exhausted event.
#define ASSERT(truth)
unsigned int u32
Definition: types.h:88
vlib_main_t * vlib_main
Definition: flow_report.h:113
u16 ip4_tcp_udp_compute_checksum(vlib_main_t *vm, vlib_buffer_t *p0, ip4_header_t *ip0)
Definition: ip4_forward.c:1445
vlib_buffer_t * addr_exhausted_buffer
#define NAT_ADDRESSES_EXHAUTED_FIELD_COUNT
u16 template_id
Definition: flow_report.h:71
static void snat_ipfix_header_create(flow_report_main_t *frm, vlib_buffer_t *b0, u32 *offset)
void snat_ipfix_logging_nat44_ses_create(u32 src_ip, u32 nat_src_ip, snat_protocol_t snat_proto, u16 src_port, u16 nat_src_port, u32 vrf_id)
Generate NAT44 session create event.
u8 * snat_template_rewrite_nat44_session(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port)
template key/value backing page structure
Definition: bihash_doc.h:44
static u32 ipfix_set_id_length(u16 set_id, u16 length)
Definition: ipfix_packet.h:114
Definition: defs.h:47
unsigned short u16
Definition: types.h:57
vlib_frame_t * snat_data_callback_max_entries_per_usr(flow_report_main_t *frm, flow_report_t *fr, vlib_frame_t *f, u32 *to_next, u32 node_index)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
double f64
Definition: types.h:142
unsigned char u8
Definition: types.h:56
static void snat_ipfix_logging_addr_exhausted_rpc_cb(snat_ipfix_logging_addr_exhausted_args_t *a)
#define VLIB_BUFFER_TRACE_TRAJECTORY_INIT(b)
Definition: buffer.h:496
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:269
vlib_frame_t * snat_data_callback_addr_exhausted(flow_report_main_t *frm, flow_report_t *fr, vlib_frame_t *f, u32 *to_next, u32 node_index)
vnet_flow_data_callback_t * flow_data_callback
Definition: flow_report.h:124
struct clib_bihash_value offset
template key/value backing page structure
vlib_buffer_t * max_entries_per_user_buffer
static void vlib_buffer_init_for_free_list(vlib_buffer_t *dst, vlib_buffer_free_list_t *fl)
Definition: buffer_funcs.h:777
#define vnet_buffer(b)
Definition: buffer.h:304
u8 data[0]
Packet data.
Definition: buffer.h:152
void vlib_put_frame_to_node(vlib_main_t *vm, u32 to_node_index, vlib_frame_t *f)
Definition: main.c:196
u8 ip_version_and_header_length
Definition: ip4_packet.h:132
static vlib_buffer_free_list_t * vlib_buffer_get_free_list(vlib_main_t *vm, u32 free_list_index)
Definition: buffer_funcs.h:385
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:67
u32 flags
buffer flags: VLIB_BUFFER_IS_TRACED: trace this buffer.
Definition: buffer.h:74
static u32 vlib_buffer_alloc(vlib_main_t *vm, u32 *buffers, u32 n_buffers)
Allocate buffers into supplied array.
Definition: buffer_funcs.h:245
vlib_frame_t * snat_data_callback_nat44_session(flow_report_main_t *frm, flow_report_t *fr, vlib_frame_t *f, u32 *to_next, u32 node_index)
nat_event_t
#define MAX_ENTRIES_PER_USER_LEN
#define MAX_ENTRIES_PER_USER_FIELD_COUNT
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:57
static u16 ip4_header_checksum(ip4_header_t *i)
Definition: ip4_packet.h:239
Definition: defs.h:46
u32 nat44_session_next_record_offset
next record offset