]> git.proxmox.com Git - ovs.git/blame - ofproto/ofproto-dpif-ipfix.c
projects / ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovs-atomic-types: Move into ovs-atomic.h.
[ovs.git] / ofproto / ofproto-dpif-ipfix.c
CommitLineData
29089a54 1/*
c5f81b20 2 * Copyright (c) 2012, 2013 Nicira, Inc.
29089a54
RL		 3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <config.h>
18#include "ofproto-dpif-ipfix.h"
978427a5 19#include <sys/time.h>
29089a54
RL		 20#include "byte-order.h"
21#include "collectors.h"
22#include "flow.h"
23#include "hash.h"
24#include "hmap.h"
978427a5 25#include "list.h"
29089a54
RL		 26#include "ofpbuf.h"
27#include "ofproto.h"
28#include "packets.h"
978427a5 29#include "poll-loop.h"
29089a54
RL		 30#include "sset.h"
31#include "util.h"
32#include "timeval.h"
33#include "util.h"
34#include "vlog.h"
35
36VLOG_DEFINE_THIS_MODULE(ipfix);
37
38static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
626ace7b 39static struct ovs_mutex mutex = OVS_MUTEX_INITIALIZER;
29089a54
RL		 40
41/* Cf. IETF RFC 5101 Section 10.3.4. */
42#define IPFIX_DEFAULT_COLLECTOR_PORT 4739
43
44struct dpif_ipfix_exporter {
45 struct collectors *collectors;
46 uint32_t seq_number;
47 time_t last_template_set_time;
978427a5
RL		 48 struct hmap cache_flow_key_map; /* ipfix_flow_cache_entry. */
49 struct list cache_flow_start_timestamp_list; /* ipfix_flow_cache_entry. */
50 uint32_t cache_active_timeout; /* In seconds. */
51 uint32_t cache_max_flows;
29089a54
RL		 52};
53
54struct dpif_ipfix_bridge_exporter {
55 struct dpif_ipfix_exporter exporter;
56 struct ofproto_ipfix_bridge_exporter_options *options;
57 uint32_t probability;
58};
59
60struct dpif_ipfix_flow_exporter {
61 struct dpif_ipfix_exporter exporter;
62 struct ofproto_ipfix_flow_exporter_options *options;
63};
64
65struct dpif_ipfix_flow_exporter_map_node {
66 struct hmap_node node;
67 struct dpif_ipfix_flow_exporter exporter;
68};
69
70struct dpif_ipfix {
71 struct dpif_ipfix_bridge_exporter bridge_exporter;
978427a5 72 struct hmap flow_exporter_map; /* dpif_ipfix_flow_exporter_map_node. */
37bec3d3 73 struct ovs_refcount ref_cnt;
29089a54
RL		 74};
75
76#define IPFIX_VERSION 0x000a
77
78/* When using UDP, IPFIX Template Records must be re-sent regularly.
79 * The standard default interval is 10 minutes (600 seconds).
80 * Cf. IETF RFC 5101 Section 10.3.6. */
81#define IPFIX_TEMPLATE_INTERVAL 600
82
83/* Cf. IETF RFC 5101 Section 3.1. */
13b6bae6 84OVS_PACKED(
29089a54
RL		 85struct ipfix_header {
86 ovs_be16 version; /* IPFIX_VERSION. */
87 ovs_be16 length; /* Length in bytes including this header. */
88 ovs_be32 export_time; /* Seconds since the epoch. */
89 ovs_be32 seq_number; /* Message sequence number. */
90 ovs_be32 obs_domain_id; /* Observation Domain ID. */
13b6bae6 91});
29089a54
RL		 92BUILD_ASSERT_DECL(sizeof(struct ipfix_header) == 16);
93
94#define IPFIX_SET_ID_TEMPLATE 2
95#define IPFIX_SET_ID_OPTION_TEMPLATE 3
96
97/* Cf. IETF RFC 5101 Section 3.3.2. */
13b6bae6 98OVS_PACKED(
29089a54
RL		 99struct ipfix_set_header {
100 ovs_be16 set_id; /* IPFIX_SET_ID_* or valid template ID for Data Sets. */
101 ovs_be16 length; /* Length of the set in bytes including header. */
13b6bae6 102});
29089a54
RL		 103BUILD_ASSERT_DECL(sizeof(struct ipfix_set_header) == 4);
104
105/* Alternatives for templates at each layer. A template is defined by
106 * a combination of one value for each layer. */
107enum ipfix_proto_l2 {
108 IPFIX_PROTO_L2_ETH = 0, /* No VLAN. */
109 IPFIX_PROTO_L2_VLAN,
110 NUM_IPFIX_PROTO_L2
111};
112enum ipfix_proto_l3 {
113 IPFIX_PROTO_L3_UNKNOWN = 0,
114 IPFIX_PROTO_L3_IPV4,
115 IPFIX_PROTO_L3_IPV6,
116 NUM_IPFIX_PROTO_L3
117};
118enum ipfix_proto_l4 {
119 IPFIX_PROTO_L4_UNKNOWN = 0,
f51e8ccb
RL		 120 IPFIX_PROTO_L4_TCP_UDP_SCTP,
121 IPFIX_PROTO_L4_ICMP,
29089a54
RL		 122 NUM_IPFIX_PROTO_L4
123};
124
125/* Any Template ID > 255 is usable for Template Records. */
126#define IPFIX_TEMPLATE_ID_MIN 256
127
128/* Cf. IETF RFC 5101 Section 3.4.1. */
13b6bae6 129OVS_PACKED(
29089a54
RL		 130struct ipfix_template_record_header {
131 ovs_be16 template_id;
132 ovs_be16 field_count;
13b6bae6 133});
29089a54
RL		 134BUILD_ASSERT_DECL(sizeof(struct ipfix_template_record_header) == 4);
135
136enum ipfix_entity_id {
137#define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) IPFIX_ENTITY_ID_##ENUM = ID,
138#include "ofproto/ipfix-entities.def"
139};
140
141enum ipfix_entity_size {
142#define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) IPFIX_ENTITY_SIZE_##ENUM = SIZE,
143#include "ofproto/ipfix-entities.def"
144};
145
13b6bae6 146OVS_PACKED(
29089a54
RL		 147struct ipfix_template_field_specifier {
148 ovs_be16 element_id; /* IPFIX_ENTITY_ID_*. */
149 ovs_be16 field_length; /* Length of the field's value, in bytes. */
150 /* No Enterprise ID, since only standard element IDs are specified. */
13b6bae6 151});
29089a54
RL		 152BUILD_ASSERT_DECL(sizeof(struct ipfix_template_field_specifier) == 4);
153
978427a5 154/* Part of data record flow key for common metadata and Ethernet entities. */
13b6bae6 155OVS_PACKED(
978427a5 156struct ipfix_data_record_flow_key_common {
29089a54 157 ovs_be32 observation_point_id; /* OBSERVATION_POINT_ID */
29089a54
RL		 158 uint8_t source_mac_address[6]; /* SOURCE_MAC_ADDRESS */
159 uint8_t destination_mac_address[6]; /* DESTINATION_MAC_ADDRESS */
160 ovs_be16 ethernet_type; /* ETHERNET_TYPE */
29089a54 161 uint8_t ethernet_header_length; /* ETHERNET_HEADER_LENGTH */
13b6bae6 162});
978427a5 163BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_common) == 19);
29089a54 164
978427a5 165/* Part of data record flow key for VLAN entities. */
13b6bae6 166OVS_PACKED(
978427a5 167struct ipfix_data_record_flow_key_vlan {
29089a54
RL		 168 ovs_be16 vlan_id; /* VLAN_ID */
169 ovs_be16 dot1q_vlan_id; /* DOT1Q_VLAN_ID */
170 uint8_t dot1q_priority; /* DOT1Q_PRIORITY */
13b6bae6 171});
978427a5 172BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_vlan) == 5);
29089a54 173
978427a5
RL		 174/* Part of data record flow key for IP entities. */
175/* XXX: Replace IP_TTL with MINIMUM_TTL and MAXIMUM_TTL? */
13b6bae6 176OVS_PACKED(
978427a5 177struct ipfix_data_record_flow_key_ip {
29089a54
RL		 178 uint8_t ip_version; /* IP_VERSION */
179 uint8_t ip_ttl; /* IP_TTL */
180 uint8_t protocol_identifier; /* PROTOCOL_IDENTIFIER */
181 uint8_t ip_diff_serv_code_point; /* IP_DIFF_SERV_CODE_POINT */
182 uint8_t ip_precedence; /* IP_PRECEDENCE */
183 uint8_t ip_class_of_service; /* IP_CLASS_OF_SERVICE */
13b6bae6 184});
978427a5 185BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_ip) == 6);
29089a54 186
978427a5 187/* Part of data record flow key for IPv4 entities. */
13b6bae6 188OVS_PACKED(
978427a5 189struct ipfix_data_record_flow_key_ipv4 {
29089a54
RL		 190 ovs_be32 source_ipv4_address; /* SOURCE_IPV4_ADDRESS */
191 ovs_be32 destination_ipv4_address; /* DESTINATION_IPV4_ADDRESS */
13b6bae6 192});
978427a5 193BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_ipv4) == 8);
29089a54 194
978427a5 195/* Part of data record flow key for IPv6 entities. */
13b6bae6 196OVS_PACKED(
978427a5 197struct ipfix_data_record_flow_key_ipv6 {
29089a54
RL		 198 uint8_t source_ipv6_address[16]; /* SOURCE_IPV6_ADDRESS */
199 uint8_t destination_ipv6_address[16]; /* DESTINATION_IPV6_ADDRESS */
200 ovs_be32 flow_label_ipv6; /* FLOW_LABEL_IPV6 */
13b6bae6 201});
978427a5 202BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_ipv6) == 36);
29089a54 203
f51e8ccb 204/* Part of data record flow key for TCP/UDP/SCTP entities. */
13b6bae6 205OVS_PACKED(
f51e8ccb 206struct ipfix_data_record_flow_key_transport {
29089a54
RL		 207 ovs_be16 source_transport_port; /* SOURCE_TRANSPORT_PORT */
208 ovs_be16 destination_transport_port; /* DESTINATION_TRANSPORT_PORT */
13b6bae6 209});
f51e8ccb
RL		 210BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_transport) == 4);
211
212/* Part of data record flow key for ICMP entities. */
213OVS_PACKED(
214struct ipfix_data_record_flow_key_icmp {
215 uint8_t icmp_type; /* ICMP_TYPE_IPV4 / ICMP_TYPE_IPV6 */
216 uint8_t icmp_code; /* ICMP_CODE_IPV4 / ICMP_CODE_IPV6 */
217});
218BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_icmp) == 2);
978427a5
RL		 219
220/* Cf. IETF RFC 5102 Section 5.11.3. */
221enum ipfix_flow_end_reason {
222 IDLE_TIMEOUT = 0x01,
223 ACTIVE_TIMEOUT = 0x02,
224 END_OF_FLOW_DETECTED = 0x03,
225 FORCED_END = 0x04,
226 LACK_OF_RESOURCES = 0x05
227};
228
229/* Part of data record for common aggregated elements. */
230OVS_PACKED(
231struct ipfix_data_record_aggregated_common {
232 ovs_be32 flow_start_delta_microseconds; /* FLOW_START_DELTA_MICROSECONDS */
233 ovs_be32 flow_end_delta_microseconds; /* FLOW_END_DELTA_MICROSECONDS */
234 ovs_be64 packet_delta_count; /* PACKET_DELTA_COUNT */
235 ovs_be64 layer2_octet_delta_count; /* LAYER2_OCTET_DELTA_COUNT */
236 uint8_t flow_end_reason; /* FLOW_END_REASON */
237});
238BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_aggregated_common) == 25);
239
240/* Part of data record for IP aggregated elements. */
241OVS_PACKED(
242struct ipfix_data_record_aggregated_ip {
f51e8ccb 243 ovs_be64 octet_delta_count; /* OCTET_DELTA_COUNT */
978427a5
RL		 244 ovs_be64 octet_delta_sum_of_squares; /* OCTET_DELTA_SUM_OF_SQUARES */
245 ovs_be64 minimum_ip_total_length; /* MINIMUM_IP_TOTAL_LENGTH */
246 ovs_be64 maximum_ip_total_length; /* MAXIMUM_IP_TOTAL_LENGTH */
247});
f51e8ccb 248BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_aggregated_ip) == 32);
978427a5 249
f51e8ccb
RL		 250#define MAX_FLOW_KEY_LEN \
251 (sizeof(struct ipfix_data_record_flow_key_common) \
252 + sizeof(struct ipfix_data_record_flow_key_vlan) \
253 + sizeof(struct ipfix_data_record_flow_key_ip) \
254 + MAX(sizeof(struct ipfix_data_record_flow_key_ipv4), \
255 sizeof(struct ipfix_data_record_flow_key_ipv6)) \
256 + MAX(sizeof(struct ipfix_data_record_flow_key_icmp), \
257 sizeof(struct ipfix_data_record_flow_key_transport)))
978427a5
RL		 258
259#define MAX_DATA_RECORD_LEN \
260 (MAX_FLOW_KEY_LEN \
261 + sizeof(struct ipfix_data_record_aggregated_common) \
262 + sizeof(struct ipfix_data_record_aggregated_ip))
263
264/* Max length of a data set. To simplify the implementation, each
265 * data record is sent in a separate data set, so each data set
266 * contains at most one data record. */
267#define MAX_DATA_SET_LEN \
268 (sizeof(struct ipfix_set_header) \
269 + MAX_DATA_RECORD_LEN)
270
271/* Max length of an IPFIX message. Arbitrarily set to accomodate low
272 * MTU. */
273#define MAX_MESSAGE_LEN 1024
274
275/* Cache structures. */
276
277/* Flow key. */
278struct ipfix_flow_key {
279 uint32_t obs_domain_id;
280 uint16_t template_id;
281 size_t flow_key_msg_part_size;
282 uint64_t flow_key_msg_part[DIV_ROUND_UP(MAX_FLOW_KEY_LEN, 8)];
283};
284
285/* Flow cache entry. */
286struct ipfix_flow_cache_entry {
287 struct hmap_node flow_key_map_node;
288 struct list cache_flow_start_timestamp_list_node;
289 struct ipfix_flow_key flow_key;
290 /* Common aggregated elements. */
291 uint64_t flow_start_timestamp_usec;
292 uint64_t flow_end_timestamp_usec;
293 uint64_t packet_delta_count;
294 uint64_t layer2_octet_delta_count;
f51e8ccb 295 uint64_t octet_delta_count;
978427a5
RL		 296 uint64_t octet_delta_sum_of_squares; /* 0 if not IP. */
297 uint16_t minimum_ip_total_length; /* 0 if not IP. */
298 uint16_t maximum_ip_total_length; /* 0 if not IP. */
299};
300
301static void dpif_ipfix_cache_expire(struct dpif_ipfix_exporter *, bool,
302 const uint64_t, const uint32_t);
303
304static void get_export_time_now(uint64_t *, uint32_t *);
305
306static void dpif_ipfix_cache_expire_now(struct dpif_ipfix_exporter *, bool);
29089a54
RL		 307
308static bool
309ofproto_ipfix_bridge_exporter_options_equal(
310 const struct ofproto_ipfix_bridge_exporter_options *a,
311 const struct ofproto_ipfix_bridge_exporter_options *b)
312{
313 return (a->obs_domain_id == b->obs_domain_id
314 && a->obs_point_id == b->obs_point_id
315 && a->sampling_rate == b->sampling_rate
978427a5
RL		 316 && a->cache_active_timeout == b->cache_active_timeout
317 && a->cache_max_flows == b->cache_max_flows
29089a54
RL		 318 && sset_equals(&a->targets, &b->targets));
319}
320
321static struct ofproto_ipfix_bridge_exporter_options *
322ofproto_ipfix_bridge_exporter_options_clone(
323 const struct ofproto_ipfix_bridge_exporter_options *old)
324{
325 struct ofproto_ipfix_bridge_exporter_options *new =
326 xmemdup(old, sizeof *old);
327 sset_clone(&new->targets, &old->targets);
328 return new;
329}
330
331static void
332ofproto_ipfix_bridge_exporter_options_destroy(
333 struct ofproto_ipfix_bridge_exporter_options *options)
334{
335 if (options) {
336 sset_destroy(&options->targets);
337 free(options);
338 }
339}
340
341static bool
342ofproto_ipfix_flow_exporter_options_equal(
343 const struct ofproto_ipfix_flow_exporter_options *a,
344 const struct ofproto_ipfix_flow_exporter_options *b)
345{
346 return (a->collector_set_id == b->collector_set_id
978427a5
RL		 347 && a->cache_active_timeout == b->cache_active_timeout
348 && a->cache_max_flows == b->cache_max_flows
29089a54
RL		 349 && sset_equals(&a->targets, &b->targets));
350}
351
352static struct ofproto_ipfix_flow_exporter_options *
353ofproto_ipfix_flow_exporter_options_clone(
354 const struct ofproto_ipfix_flow_exporter_options *old)
355{
356 struct ofproto_ipfix_flow_exporter_options *new =
357 xmemdup(old, sizeof *old);
358 sset_clone(&new->targets, &old->targets);
359 return new;
360}
361
362static void
363ofproto_ipfix_flow_exporter_options_destroy(
364 struct ofproto_ipfix_flow_exporter_options *options)
365{
366 if (options) {
367 sset_destroy(&options->targets);
368 free(options);
369 }
370}
371
978427a5
RL		 372static void
373dpif_ipfix_exporter_init(struct dpif_ipfix_exporter *exporter)
374{
375 exporter->collectors = NULL;
376 exporter->seq_number = 1;
377 exporter->last_template_set_time = TIME_MIN;
378 hmap_init(&exporter->cache_flow_key_map);
379 list_init(&exporter->cache_flow_start_timestamp_list);
380 exporter->cache_active_timeout = 0;
381 exporter->cache_max_flows = 0;
382}
383
29089a54
RL		 384static void
385dpif_ipfix_exporter_clear(struct dpif_ipfix_exporter *exporter)
386{
978427a5
RL		 387 /* Flush the cache with flow end reason "forced end." */
388 dpif_ipfix_cache_expire_now(exporter, true);
389
29089a54
RL		 390 collectors_destroy(exporter->collectors);
391 exporter->collectors = NULL;
392 exporter->seq_number = 1;
393 exporter->last_template_set_time = TIME_MIN;
978427a5
RL		 394 exporter->cache_active_timeout = 0;
395 exporter->cache_max_flows = 0;
396}
397
398static void
399dpif_ipfix_exporter_destroy(struct dpif_ipfix_exporter *exporter)
400{
401 dpif_ipfix_exporter_clear(exporter);
402 hmap_destroy(&exporter->cache_flow_key_map);
29089a54
RL		 403}
404
405static bool
406dpif_ipfix_exporter_set_options(struct dpif_ipfix_exporter *exporter,
978427a5
RL		 407 const struct sset *targets,
408 const uint32_t cache_active_timeout,
409 const uint32_t cache_max_flows)
29089a54
RL		 410{
411 collectors_destroy(exporter->collectors);
412 collectors_create(targets, IPFIX_DEFAULT_COLLECTOR_PORT,
413 &exporter->collectors);
414 if (exporter->collectors == NULL) {
415 VLOG_WARN_RL(&rl, "no collectors could be initialized, "
416 "IPFIX exporter disabled");
417 dpif_ipfix_exporter_clear(exporter);
418 return false;
419 }
978427a5
RL		 420 exporter->cache_active_timeout = cache_active_timeout;
421 exporter->cache_max_flows = cache_max_flows;
29089a54
RL		 422 return true;
423}
424
978427a5
RL		 425static void
426dpif_ipfix_bridge_exporter_init(struct dpif_ipfix_bridge_exporter *exporter)
427{
428 dpif_ipfix_exporter_init(&exporter->exporter);
429 exporter->options = NULL;
430 exporter->probability = 0;
431}
432
29089a54
RL		 433static void
434dpif_ipfix_bridge_exporter_clear(struct dpif_ipfix_bridge_exporter *exporter)
435{
436 dpif_ipfix_exporter_clear(&exporter->exporter);
437 ofproto_ipfix_bridge_exporter_options_destroy(exporter->options);
438 exporter->options = NULL;
439 exporter->probability = 0;
440}
441
978427a5
RL		 442static void
443dpif_ipfix_bridge_exporter_destroy(struct dpif_ipfix_bridge_exporter *exporter)
444{
445 dpif_ipfix_bridge_exporter_clear(exporter);
446 dpif_ipfix_exporter_destroy(&exporter->exporter);
447}
448
29089a54
RL		 449static void
450dpif_ipfix_bridge_exporter_set_options(
451 struct dpif_ipfix_bridge_exporter *exporter,
452 const struct ofproto_ipfix_bridge_exporter_options *options)
453{
454 bool options_changed;
455
456 if (!options || sset_is_empty(&options->targets)) {
457 /* No point in doing any work if there are no targets. */
458 dpif_ipfix_bridge_exporter_clear(exporter);
459 return;
460 }
461
462 options_changed = (
463 !exporter->options
464 || !ofproto_ipfix_bridge_exporter_options_equal(
465 options, exporter->options));
466
467 /* Configure collectors if options have changed or if we're
468 * shortchanged in collectors (which indicates that opening one or
469 * more of the configured collectors failed, so that we should
470 * retry). */
471 if (options_changed
472 || collectors_count(exporter->exporter.collectors)
473 < sset_count(&options->targets)) {
978427a5
RL		 474 if (!dpif_ipfix_exporter_set_options(
475 &exporter->exporter, &options->targets,
476 options->cache_active_timeout, options->cache_max_flows)) {
29089a54
RL		 477 return;
478 }
479 }
480
481 /* Avoid reconfiguring if options didn't change. */
482 if (!options_changed) {
483 return;
484 }
485
486 ofproto_ipfix_bridge_exporter_options_destroy(exporter->options);
487 exporter->options = ofproto_ipfix_bridge_exporter_options_clone(options);
488 exporter->probability =
489 MAX(1, UINT32_MAX / exporter->options->sampling_rate);
978427a5
RL		 490
491 /* Run over the cache as some entries might have expired after
492 * changing the timeouts. */
493 dpif_ipfix_cache_expire_now(&exporter->exporter, false);
29089a54
RL		 494}
495
496static struct dpif_ipfix_flow_exporter_map_node*
497dpif_ipfix_find_flow_exporter_map_node(
498 const struct dpif_ipfix *di, const uint32_t collector_set_id)
978427a5 499 OVS_REQUIRES(mutex)
29089a54
RL		 500{
501 struct dpif_ipfix_flow_exporter_map_node *exporter_node;
502
503 HMAP_FOR_EACH_WITH_HASH (exporter_node, node,
504 hash_int(collector_set_id, 0),
505 &di->flow_exporter_map) {
506 if (exporter_node->exporter.options->collector_set_id
507 == collector_set_id) {
508 return exporter_node;
509 }
510 }
511
512 return NULL;
513}
514
978427a5
RL		 515static void
516dpif_ipfix_flow_exporter_init(struct dpif_ipfix_flow_exporter *exporter)
517{
518 dpif_ipfix_exporter_init(&exporter->exporter);
519 exporter->options = NULL;
520}
521
29089a54
RL		 522static void
523dpif_ipfix_flow_exporter_clear(struct dpif_ipfix_flow_exporter *exporter)
524{
525 dpif_ipfix_exporter_clear(&exporter->exporter);
526 ofproto_ipfix_flow_exporter_options_destroy(exporter->options);
527 exporter->options = NULL;
528}
529
978427a5
RL		 530static void
531dpif_ipfix_flow_exporter_destroy(struct dpif_ipfix_flow_exporter *exporter)
532{
533 dpif_ipfix_flow_exporter_clear(exporter);
534 dpif_ipfix_exporter_destroy(&exporter->exporter);
535}
536
29089a54
RL		 537static bool
538dpif_ipfix_flow_exporter_set_options(
539 struct dpif_ipfix_flow_exporter *exporter,
540 const struct ofproto_ipfix_flow_exporter_options *options)
541{
542 bool options_changed;
543
544 if (sset_is_empty(&options->targets)) {
545 /* No point in doing any work if there are no targets. */
546 dpif_ipfix_flow_exporter_clear(exporter);
547 return true;
548 }
549
550 options_changed = (
551 !exporter->options
552 || !ofproto_ipfix_flow_exporter_options_equal(
553 options, exporter->options));
554
555 /* Configure collectors if options have changed or if we're
556 * shortchanged in collectors (which indicates that opening one or
557 * more of the configured collectors failed, so that we should
558 * retry). */
559 if (options_changed
560 || collectors_count(exporter->exporter.collectors)
561 < sset_count(&options->targets)) {
978427a5
RL		 562 if (!dpif_ipfix_exporter_set_options(
563 &exporter->exporter, &options->targets,
564 options->cache_active_timeout, options->cache_max_flows)) {
29089a54
RL		 565 return false;
566 }
567 }
568
569 /* Avoid reconfiguring if options didn't change. */
570 if (!options_changed) {
571 return true;
572 }
573
574 ofproto_ipfix_flow_exporter_options_destroy(exporter->options);
575 exporter->options = ofproto_ipfix_flow_exporter_options_clone(options);
576
978427a5
RL		 577 /* Run over the cache as some entries might have expired after
578 * changing the timeouts. */
579 dpif_ipfix_cache_expire_now(&exporter->exporter, false);
580
29089a54
RL		 581 return true;
582}
583
584void
585dpif_ipfix_set_options(
586 struct dpif_ipfix *di,
587 const struct ofproto_ipfix_bridge_exporter_options *bridge_exporter_options,
588 const struct ofproto_ipfix_flow_exporter_options *flow_exporters_options,
626ace7b 589 size_t n_flow_exporters_options) OVS_EXCLUDED(mutex)
29089a54
RL		 590{
591 int i;
592 struct ofproto_ipfix_flow_exporter_options *options;
593 struct dpif_ipfix_flow_exporter_map_node *node, *next;
594 size_t n_broken_flow_exporters_options = 0;
595
626ace7b 596 ovs_mutex_lock(&mutex);
29089a54
RL		 597 dpif_ipfix_bridge_exporter_set_options(&di->bridge_exporter,
598 bridge_exporter_options);
599
600 /* Add new flow exporters and update current flow exporters. */
601 options = (struct ofproto_ipfix_flow_exporter_options *)
602 flow_exporters_options;
603 for (i = 0; i < n_flow_exporters_options; i++) {
604 node = dpif_ipfix_find_flow_exporter_map_node(
605 di, options->collector_set_id);
606 if (!node) {
607 node = xzalloc(sizeof *node);
978427a5 608 dpif_ipfix_flow_exporter_init(&node->exporter);
29089a54
RL		 609 hmap_insert(&di->flow_exporter_map, &node->node,
610 hash_int(options->collector_set_id, 0));
611 }
612 if (!dpif_ipfix_flow_exporter_set_options(&node->exporter, options)) {
613 n_broken_flow_exporters_options++;
614 }
615 options++;
616 }
617
618 ovs_assert(hmap_count(&di->flow_exporter_map) >=
619 (n_flow_exporters_options - n_broken_flow_exporters_options));
620
621 /* Remove dropped flow exporters, if any needs to be removed. */
622 if (hmap_count(&di->flow_exporter_map) > n_flow_exporters_options) {
623 HMAP_FOR_EACH_SAFE (node, next, node, &di->flow_exporter_map) {
624 /* This is slow but doesn't take any extra memory, and
625 * this table is not supposed to contain many rows anyway. */
626 options = (struct ofproto_ipfix_flow_exporter_options *)
627 flow_exporters_options;
628 for (i = 0; i < n_flow_exporters_options; i++) {
629 if (node->exporter.options->collector_set_id
630 == options->collector_set_id) {
631 break;
632 }
633 options++;
634 }
635 if (i == n_flow_exporters_options) { // Not found.
636 hmap_remove(&di->flow_exporter_map, &node->node);
978427a5 637 dpif_ipfix_flow_exporter_destroy(&node->exporter);
29089a54
RL		 638 free(node);
639 }
640 }
641 }
642
643 ovs_assert(hmap_count(&di->flow_exporter_map) ==
644 (n_flow_exporters_options - n_broken_flow_exporters_options));
626ace7b 645 ovs_mutex_unlock(&mutex);
29089a54
RL		 646}
647
648struct dpif_ipfix *
649dpif_ipfix_create(void)
650{
651 struct dpif_ipfix *di;
652 di = xzalloc(sizeof *di);
978427a5 653 dpif_ipfix_bridge_exporter_init(&di->bridge_exporter);
29089a54 654 hmap_init(&di->flow_exporter_map);
37bec3d3 655 ovs_refcount_init(&di->ref_cnt);
d857c8aa
EJ		 656 return di;
657}
658
659struct dpif_ipfix *
660dpif_ipfix_ref(const struct dpif_ipfix *di_)
661{
662 struct dpif_ipfix *di = CONST_CAST(struct dpif_ipfix *, di_);
663 if (di) {
37bec3d3 664 ovs_refcount_ref(&di->ref_cnt);
d857c8aa 665 }
29089a54
RL		 666 return di;
667}
668
669uint32_t
670dpif_ipfix_get_bridge_exporter_probability(const struct dpif_ipfix *di)
626ace7b 671 OVS_EXCLUDED(mutex)
29089a54 672{
626ace7b
EJ		 673 uint32_t ret;
674 ovs_mutex_lock(&mutex);
675 ret = di->bridge_exporter.probability;
676 ovs_mutex_unlock(&mutex);
677 return ret;
29089a54
RL		 678}
679
680static void
bd3950dd 681dpif_ipfix_clear(struct dpif_ipfix *di) OVS_REQUIRES(mutex)
29089a54 682{
978427a5 683 struct dpif_ipfix_flow_exporter_map_node *exp_node, *exp_next;
29089a54
RL		 684
685 dpif_ipfix_bridge_exporter_clear(&di->bridge_exporter);
686
978427a5
RL		 687 HMAP_FOR_EACH_SAFE (exp_node, exp_next, node, &di->flow_exporter_map) {
688 hmap_remove(&di->flow_exporter_map, &exp_node->node);
689 dpif_ipfix_flow_exporter_destroy(&exp_node->exporter);
690 free(exp_node);
29089a54
RL		 691 }
692}
693
694void
626ace7b 695dpif_ipfix_unref(struct dpif_ipfix *di) OVS_EXCLUDED(mutex)
29089a54 696{
37bec3d3 697 if (di && ovs_refcount_unref(&di->ref_cnt) == 1) {
626ace7b 698 ovs_mutex_lock(&mutex);
29089a54 699 dpif_ipfix_clear(di);
978427a5 700 dpif_ipfix_bridge_exporter_destroy(&di->bridge_exporter);
29089a54 701 hmap_destroy(&di->flow_exporter_map);
37bec3d3 702 ovs_refcount_destroy(&di->ref_cnt);
29089a54 703 free(di);
626ace7b 704 ovs_mutex_unlock(&mutex);
29089a54
RL		 705 }
706}
707
708static void
978427a5
RL		 709ipfix_init_header(uint32_t export_time_sec, uint32_t seq_number,
710 uint32_t obs_domain_id, struct ofpbuf *msg)
29089a54
RL		 711{
712 struct ipfix_header *hdr;
713
714 hdr = ofpbuf_put_zeros(msg, sizeof *hdr);
715 hdr->version = htons(IPFIX_VERSION);
716 hdr->length = htons(sizeof *hdr); /* Updated in ipfix_send_msg. */
978427a5 717 hdr->export_time = htonl(export_time_sec);
29089a54
RL		 718 hdr->seq_number = htonl(seq_number);
719 hdr->obs_domain_id = htonl(obs_domain_id);
720}
721
722static void
723ipfix_send_msg(const struct collectors *collectors, struct ofpbuf *msg)
724{
725 struct ipfix_header *hdr;
726
727 /* Adjust the length in the header. */
728 hdr = msg->data;
729 hdr->length = htons(msg->size);
730
731 collectors_send(collectors, msg->data, msg->size);
732 msg->size = 0;
733}
734
735static uint16_t
736ipfix_get_template_id(enum ipfix_proto_l2 l2, enum ipfix_proto_l3 l3,
737 enum ipfix_proto_l4 l4)
738{
739 uint16_t template_id;
740 template_id = l2;
741 template_id = template_id * NUM_IPFIX_PROTO_L3 + l3;
742 template_id = template_id * NUM_IPFIX_PROTO_L4 + l4;
743 return IPFIX_TEMPLATE_ID_MIN + template_id;
744}
745
746static void
747ipfix_define_template_entity(enum ipfix_entity_id id,
748 enum ipfix_entity_size size, struct ofpbuf *msg)
749{
750 struct ipfix_template_field_specifier *field;
751
752 field = ofpbuf_put_zeros(msg, sizeof *field);
753 field->element_id = htons(id);
754 field->field_length = htons(size);
755}
756
757static uint16_t
758ipfix_define_template_fields(enum ipfix_proto_l2 l2, enum ipfix_proto_l3 l3,
759 enum ipfix_proto_l4 l4, struct ofpbuf *msg)
760{
761 uint16_t count = 0;
762
763#define DEF(ID) \
764 { \
765 ipfix_define_template_entity(IPFIX_ENTITY_ID_##ID, \
766 IPFIX_ENTITY_SIZE_##ID, msg); \
767 count++; \
768 }
769
978427a5
RL		 770 /* 1. Flow key. */
771
29089a54 772 DEF(OBSERVATION_POINT_ID);
29089a54
RL		 773
774 /* Common Ethernet entities. */
775 DEF(SOURCE_MAC_ADDRESS);
776 DEF(DESTINATION_MAC_ADDRESS);
777 DEF(ETHERNET_TYPE);
29089a54
RL		 778 DEF(ETHERNET_HEADER_LENGTH);
779
780 if (l2 == IPFIX_PROTO_L2_VLAN) {
781 DEF(VLAN_ID);
782 DEF(DOT1Q_VLAN_ID);
783 DEF(DOT1Q_PRIORITY);
784 }
785
786 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
787 DEF(IP_VERSION);
788 DEF(IP_TTL);
789 DEF(PROTOCOL_IDENTIFIER);
790 DEF(IP_DIFF_SERV_CODE_POINT);
791 DEF(IP_PRECEDENCE);
792 DEF(IP_CLASS_OF_SERVICE);
793
794 if (l3 == IPFIX_PROTO_L3_IPV4) {
795 DEF(SOURCE_IPV4_ADDRESS);
796 DEF(DESTINATION_IPV4_ADDRESS);
f51e8ccb
RL		 797 if (l4 == IPFIX_PROTO_L4_TCP_UDP_SCTP) {
798 DEF(SOURCE_TRANSPORT_PORT);
799 DEF(DESTINATION_TRANSPORT_PORT);
800 } else if (l4 == IPFIX_PROTO_L4_ICMP) {
801 DEF(ICMP_TYPE_IPV4);
802 DEF(ICMP_CODE_IPV4);
803 }
29089a54
RL		 804 } else { /* l3 == IPFIX_PROTO_L3_IPV6 */
805 DEF(SOURCE_IPV6_ADDRESS);
806 DEF(DESTINATION_IPV6_ADDRESS);
807 DEF(FLOW_LABEL_IPV6);
f51e8ccb
RL		 808 if (l4 == IPFIX_PROTO_L4_TCP_UDP_SCTP) {
809 DEF(SOURCE_TRANSPORT_PORT);
810 DEF(DESTINATION_TRANSPORT_PORT);
811 } else if (l4 == IPFIX_PROTO_L4_ICMP) {
812 DEF(ICMP_TYPE_IPV6);
813 DEF(ICMP_CODE_IPV6);
814 }
29089a54
RL		 815 }
816 }
817
978427a5
RL		 818 /* 2. Flow aggregated data. */
819
820 DEF(FLOW_START_DELTA_MICROSECONDS);
821 DEF(FLOW_END_DELTA_MICROSECONDS);
822 DEF(PACKET_DELTA_COUNT);
823 DEF(LAYER2_OCTET_DELTA_COUNT);
824 DEF(FLOW_END_REASON);
825
826 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
f51e8ccb 827 DEF(OCTET_DELTA_COUNT);
978427a5
RL		 828 DEF(OCTET_DELTA_SUM_OF_SQUARES);
829 DEF(MINIMUM_IP_TOTAL_LENGTH);
830 DEF(MAXIMUM_IP_TOTAL_LENGTH);
831 }
832
29089a54
RL		 833#undef DEF
834
835 return count;
836}
837
838static void
839ipfix_send_template_msg(struct dpif_ipfix_exporter *exporter,
978427a5 840 uint32_t export_time_sec, uint32_t obs_domain_id)
29089a54 841{
978427a5 842 uint64_t msg_stub[DIV_ROUND_UP(MAX_MESSAGE_LEN, 8)];
29089a54
RL		 843 struct ofpbuf msg;
844 size_t set_hdr_offset, tmpl_hdr_offset;
845 struct ipfix_set_header *set_hdr;
846 struct ipfix_template_record_header *tmpl_hdr;
847 uint16_t field_count;
848 enum ipfix_proto_l2 l2;
849 enum ipfix_proto_l3 l3;
850 enum ipfix_proto_l4 l4;
851
852 ofpbuf_use_stub(&msg, msg_stub, sizeof msg_stub);
853
978427a5
RL		 854 ipfix_init_header(export_time_sec, exporter->seq_number, obs_domain_id,
855 &msg);
29089a54
RL		 856 set_hdr_offset = msg.size;
857
858 /* Add a Template Set. */
859 set_hdr = ofpbuf_put_zeros(&msg, sizeof *set_hdr);
860 set_hdr->set_id = htons(IPFIX_SET_ID_TEMPLATE);
861
862 /* Define one template for each possible combination of
863 * protocols. */
864 for (l2 = 0; l2 < NUM_IPFIX_PROTO_L2; l2++) {
865 for (l3 = 0; l3 < NUM_IPFIX_PROTO_L3; l3++) {
866 for (l4 = 0; l4 < NUM_IPFIX_PROTO_L4; l4++) {
867 if (l3 == IPFIX_PROTO_L3_UNKNOWN &&
868 l4 != IPFIX_PROTO_L4_UNKNOWN) {
869 continue;
870 }
871 tmpl_hdr_offset = msg.size;
872 tmpl_hdr = ofpbuf_put_zeros(&msg, sizeof *tmpl_hdr);
873 tmpl_hdr->template_id = htons(
874 ipfix_get_template_id(l2, l3, l4));
875 field_count = ipfix_define_template_fields(l2, l3, l4, &msg);
876 tmpl_hdr = (struct ipfix_template_record_header*)
877 ((uint8_t*)msg.data + tmpl_hdr_offset);
878 tmpl_hdr->field_count = htons(field_count);
879 }
880 }
881 }
882
883 set_hdr = (struct ipfix_set_header*)((uint8_t*)msg.data + set_hdr_offset);
884 set_hdr->length = htons(msg.size - set_hdr_offset);
885
fbd683d0 886 /* XXX: Add Options Template Sets, at least to define a Flow Keys
29089a54
RL		 887 * Option Template. */
888
889 ipfix_send_msg(exporter->collectors, &msg);
890
891 ofpbuf_uninit(&msg);
892}
893
978427a5
RL		 894static inline uint32_t
895ipfix_hash_flow_key(const struct ipfix_flow_key *flow_key, uint32_t basis)
896{
897 uint32_t hash;
898 hash = hash_int(flow_key->obs_domain_id, basis);
899 hash = hash_int(flow_key->template_id, hash);
900 hash = hash_bytes(flow_key->flow_key_msg_part,
901 flow_key->flow_key_msg_part_size, hash);
902 return hash;
903}
904
905static bool
906ipfix_flow_key_equal(const struct ipfix_flow_key *a,
907 const struct ipfix_flow_key *b)
908{
909 /* The template ID determines the flow key size, so not need to
910 * compare it. */
911 return (a->obs_domain_id == b->obs_domain_id
912 && a->template_id == b->template_id
913 && memcmp(a->flow_key_msg_part, b->flow_key_msg_part,
914 a->flow_key_msg_part_size) == 0);
915}
916
917static struct ipfix_flow_cache_entry*
918ipfix_cache_find_entry(const struct dpif_ipfix_exporter *exporter,
919 const struct ipfix_flow_key *flow_key)
920{
921 struct ipfix_flow_cache_entry *entry;
922
923 HMAP_FOR_EACH_WITH_HASH (entry, flow_key_map_node,
924 ipfix_hash_flow_key(flow_key, 0),
925 &exporter->cache_flow_key_map) {
926 if (ipfix_flow_key_equal(&entry->flow_key, flow_key)) {
927 return entry;
928 }
929 }
930
931 return NULL;
932}
933
934static bool
935ipfix_cache_next_timeout_msec(const struct dpif_ipfix_exporter *exporter,
936 long long int *next_timeout_msec)
937{
938 struct ipfix_flow_cache_entry *entry;
939
940 LIST_FOR_EACH (entry, cache_flow_start_timestamp_list_node,
941 &exporter->cache_flow_start_timestamp_list) {
942 *next_timeout_msec = entry->flow_start_timestamp_usec / 1000LL
943 + 1000LL * exporter->cache_active_timeout;
944 return true;
945 }
946
947 return false;
948}
949
950static void
951ipfix_cache_aggregate_entries(struct ipfix_flow_cache_entry *from_entry,
952 struct ipfix_flow_cache_entry *to_entry)
953{
954 uint64_t *to_start, *to_end, *from_start, *from_end;
955 uint16_t *to_min_len, *to_max_len, *from_min_len, *from_max_len;
956
957 to_start = &to_entry->flow_start_timestamp_usec;
958 to_end = &to_entry->flow_end_timestamp_usec;
959 from_start = &from_entry->flow_start_timestamp_usec;
960 from_end = &from_entry->flow_end_timestamp_usec;
961
962 if (*to_start > *from_start) {
963 *to_start = *from_start;
964 }
965 if (*to_end < *from_end) {
966 *to_end = *from_end;
967 }
968
969 to_entry->packet_delta_count += from_entry->packet_delta_count;
970 to_entry->layer2_octet_delta_count += from_entry->layer2_octet_delta_count;
971
f51e8ccb 972 to_entry->octet_delta_count += from_entry->octet_delta_count;
978427a5
RL		 973 to_entry->octet_delta_sum_of_squares +=
974 from_entry->octet_delta_sum_of_squares;
975
976 to_min_len = &to_entry->minimum_ip_total_length;
977 to_max_len = &to_entry->maximum_ip_total_length;
978 from_min_len = &from_entry->minimum_ip_total_length;
979 from_max_len = &from_entry->maximum_ip_total_length;
980
981 if (!*to_min_len || (*from_min_len && *to_min_len > *from_min_len)) {
982 *to_min_len = *from_min_len;
983 }
984 if (*to_max_len < *from_max_len) {
985 *to_max_len = *from_max_len;
986 }
987}
988
989/* Add an entry into a flow cache. The entry is either aggregated into
990 * an existing entry with the same flow key and free()d, or it is
991 * inserted into the cache. */
992static void
993ipfix_cache_update(struct dpif_ipfix_exporter *exporter,
994 struct ipfix_flow_cache_entry *entry)
995{
996 struct ipfix_flow_cache_entry *old_entry;
997
998 old_entry = ipfix_cache_find_entry(exporter, &entry->flow_key);
999
1000 if (old_entry == NULL) {
1001 hmap_insert(&exporter->cache_flow_key_map, &entry->flow_key_map_node,
1002 ipfix_hash_flow_key(&entry->flow_key, 0));
1003
1004 /* As the latest entry added into the cache, it should
1005 * logically have the highest flow_start_timestamp_usec, so
1006 * append it at the tail. */
1007 list_push_back(&exporter->cache_flow_start_timestamp_list,
1008 &entry->cache_flow_start_timestamp_list_node);
1009
1010 /* Enforce exporter->cache_max_flows limit. */
1011 if (hmap_count(&exporter->cache_flow_key_map)
1012 > exporter->cache_max_flows) {
1013 dpif_ipfix_cache_expire_now(exporter, false);
1014 }
1015 } else {
1016 ipfix_cache_aggregate_entries(entry, old_entry);
1017 free(entry);
1018 }
1019}
1020
29089a54 1021static void
978427a5
RL		 1022ipfix_cache_entry_init(struct ipfix_flow_cache_entry *entry,
1023 struct ofpbuf *packet, const struct flow *flow,
1024 uint64_t packet_delta_count, uint32_t obs_domain_id,
1025 uint32_t obs_point_id)
29089a54 1026{
978427a5 1027 struct ipfix_flow_key *flow_key;
29089a54 1028 struct ofpbuf msg;
29089a54
RL		 1029 enum ipfix_proto_l2 l2;
1030 enum ipfix_proto_l3 l3;
1031 enum ipfix_proto_l4 l4;
978427a5
RL		 1032 uint8_t ethernet_header_length;
1033 uint16_t ethernet_total_length;
29089a54 1034
978427a5
RL		 1035 flow_key = &entry->flow_key;
1036 ofpbuf_use_stack(&msg, flow_key->flow_key_msg_part,
1037 sizeof flow_key->flow_key_msg_part);
29089a54
RL		 1038
1039 /* Choose the right template ID matching the protocols in the
1040 * sampled packet. */
1041 l2 = (flow->vlan_tci == 0) ? IPFIX_PROTO_L2_ETH : IPFIX_PROTO_L2_VLAN;
1042
1043 switch(ntohs(flow->dl_type)) {
1044 case ETH_TYPE_IP:
1045 l3 = IPFIX_PROTO_L3_IPV4;
f51e8ccb
RL		 1046 switch(flow->nw_proto) {
1047 case IPPROTO_TCP:
1048 case IPPROTO_UDP:
1049 case IPPROTO_SCTP:
1050 l4 = IPFIX_PROTO_L4_TCP_UDP_SCTP;
1051 break;
1052 case IPPROTO_ICMP:
1053 l4 = IPFIX_PROTO_L4_ICMP;
1054 break;
1055 default:
1056 l4 = IPFIX_PROTO_L4_UNKNOWN;
1057 }
29089a54
RL		 1058 break;
1059 case ETH_TYPE_IPV6:
1060 l3 = IPFIX_PROTO_L3_IPV6;
29089a54 1061 switch(flow->nw_proto) {
f51e8ccb
RL		 1062 case IPPROTO_TCP:
1063 case IPPROTO_UDP:
1064 case IPPROTO_SCTP:
1065 l4 = IPFIX_PROTO_L4_TCP_UDP_SCTP;
1066 break;
1067 case IPPROTO_ICMPV6:
1068 l4 = IPFIX_PROTO_L4_ICMP;
29089a54 1069 break;
f51e8ccb
RL		 1070 default:
1071 l4 = IPFIX_PROTO_L4_UNKNOWN;
29089a54 1072 }
f51e8ccb
RL		 1073 break;
1074 default:
1075 l3 = IPFIX_PROTO_L3_UNKNOWN;
1076 l4 = IPFIX_PROTO_L4_UNKNOWN;
29089a54
RL		 1077 }
1078
978427a5
RL		 1079 flow_key->obs_domain_id = obs_domain_id;
1080 flow_key->template_id = ipfix_get_template_id(l2, l3, l4);
29089a54
RL		 1081
1082 /* The fields defined in the ipfix_data_record_* structs and sent
1083 * below must match exactly the templates defined in
1084 * ipfix_define_template_fields. */
1085
978427a5
RL		 1086 ethernet_header_length = (l2 == IPFIX_PROTO_L2_VLAN)
1087 ? VLAN_ETH_HEADER_LEN : ETH_HEADER_LEN;
1088 ethernet_total_length = packet->size;
1089
29089a54
RL		 1090 /* Common Ethernet entities. */
1091 {
978427a5 1092 struct ipfix_data_record_flow_key_common *data_common;
29089a54
RL		 1093
1094 data_common = ofpbuf_put_zeros(&msg, sizeof *data_common);
1095 data_common->observation_point_id = htonl(obs_point_id);
29089a54
RL		 1096 memcpy(data_common->source_mac_address, flow->dl_src,
1097 sizeof flow->dl_src);
1098 memcpy(data_common->destination_mac_address, flow->dl_dst,
1099 sizeof flow->dl_dst);
1100 data_common->ethernet_type = flow->dl_type;
29089a54
RL		 1101 data_common->ethernet_header_length = ethernet_header_length;
1102 }
1103
1104 if (l2 == IPFIX_PROTO_L2_VLAN) {
978427a5 1105 struct ipfix_data_record_flow_key_vlan *data_vlan;
29089a54
RL		 1106 uint16_t vlan_id = vlan_tci_to_vid(flow->vlan_tci);
1107 uint8_t priority = vlan_tci_to_pcp(flow->vlan_tci);
1108
1109 data_vlan = ofpbuf_put_zeros(&msg, sizeof *data_vlan);
1110 data_vlan->vlan_id = htons(vlan_id);
1111 data_vlan->dot1q_vlan_id = htons(vlan_id);
1112 data_vlan->dot1q_priority = priority;
1113 }
1114
1115 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
978427a5 1116 struct ipfix_data_record_flow_key_ip *data_ip;
29089a54
RL		 1117
1118 data_ip = ofpbuf_put_zeros(&msg, sizeof *data_ip);
1119 data_ip->ip_version = (l3 == IPFIX_PROTO_L3_IPV4) ? 4 : 6;
1120 data_ip->ip_ttl = flow->nw_ttl;
1121 data_ip->protocol_identifier = flow->nw_proto;
1122 data_ip->ip_diff_serv_code_point = flow->nw_tos >> 2;
1123 data_ip->ip_precedence = flow->nw_tos >> 5;
1124 data_ip->ip_class_of_service = flow->nw_tos;
1125
1126 if (l3 == IPFIX_PROTO_L3_IPV4) {
978427a5 1127 struct ipfix_data_record_flow_key_ipv4 *data_ipv4;
f51e8ccb 1128
29089a54
RL		 1129 data_ipv4 = ofpbuf_put_zeros(&msg, sizeof *data_ipv4);
1130 data_ipv4->source_ipv4_address = flow->nw_src;
1131 data_ipv4->destination_ipv4_address = flow->nw_dst;
1132 } else { /* l3 == IPFIX_PROTO_L3_IPV6 */
978427a5 1133 struct ipfix_data_record_flow_key_ipv6 *data_ipv6;
29089a54
RL		 1134
1135 data_ipv6 = ofpbuf_put_zeros(&msg, sizeof *data_ipv6);
1136 memcpy(data_ipv6->source_ipv6_address, &flow->ipv6_src,
1137 sizeof flow->ipv6_src);
1138 memcpy(data_ipv6->destination_ipv6_address, &flow->ipv6_dst,
1139 sizeof flow->ipv6_dst);
1140 data_ipv6->flow_label_ipv6 = flow->ipv6_label;
1141 }
1142 }
1143
f51e8ccb
RL		 1144 if (l4 == IPFIX_PROTO_L4_TCP_UDP_SCTP) {
1145 struct ipfix_data_record_flow_key_transport *data_transport;
1146
1147 data_transport = ofpbuf_put_zeros(&msg, sizeof *data_transport);
1148 data_transport->source_transport_port = flow->tp_src;
1149 data_transport->destination_transport_port = flow->tp_dst;
1150 } else if (l4 == IPFIX_PROTO_L4_ICMP) {
1151 struct ipfix_data_record_flow_key_icmp *data_icmp;
29089a54 1152
f51e8ccb
RL		 1153 data_icmp = ofpbuf_put_zeros(&msg, sizeof *data_icmp);
1154 data_icmp->icmp_type = ntohs(flow->tp_src) & 0xff;
1155 data_icmp->icmp_code = ntohs(flow->tp_dst) & 0xff;
29089a54
RL		 1156 }
1157
978427a5
RL		 1158 flow_key->flow_key_msg_part_size = msg.size;
1159
1160 {
1161 struct timeval now;
1162 uint64_t layer2_octet_delta_count;
1163
1164 /* Calculate the total matched octet count by considering as
1165 * an approximation that all matched packets have the same
1166 * length. */
1167 layer2_octet_delta_count = packet_delta_count * ethernet_total_length;
1168
1169 xgettimeofday(&now);
1170 entry->flow_end_timestamp_usec = now.tv_usec + 1000000LL * now.tv_sec;
1171 entry->flow_start_timestamp_usec = entry->flow_end_timestamp_usec;
1172 entry->packet_delta_count = packet_delta_count;
1173 entry->layer2_octet_delta_count = layer2_octet_delta_count;
1174 }
1175
1176 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
1177 uint16_t ip_total_length =
1178 ethernet_total_length - ethernet_header_length;
f51e8ccb
RL		 1179 uint64_t octet_delta_count;
1180
1181 /* Calculate the total matched octet count by considering as
1182 * an approximation that all matched packets have the same
1183 * length. */
1184 octet_delta_count = packet_delta_count * ip_total_length;
978427a5 1185
f51e8ccb
RL		 1186 entry->octet_delta_count = octet_delta_count;
1187 entry->octet_delta_sum_of_squares = octet_delta_count * ip_total_length;
978427a5
RL		 1188 entry->minimum_ip_total_length = ip_total_length;
1189 entry->maximum_ip_total_length = ip_total_length;
1190 } else {
1191 entry->octet_delta_sum_of_squares = 0;
1192 entry->minimum_ip_total_length = 0;
1193 entry->maximum_ip_total_length = 0;
1194 }
1195}
1196
1197/* Send each single data record in its own data set, to simplify the
1198 * implementation by avoiding having to group record by template ID
1199 * before sending. */
1200static void
1201ipfix_put_data_set(uint32_t export_time_sec,
1202 struct ipfix_flow_cache_entry *entry,
1203 enum ipfix_flow_end_reason flow_end_reason,
1204 struct ofpbuf *msg)
1205{
1206 size_t set_hdr_offset;
1207 struct ipfix_set_header *set_hdr;
1208
1209 set_hdr_offset = msg->size;
1210
1211 /* Put a Data Set. */
1212 set_hdr = ofpbuf_put_zeros(msg, sizeof *set_hdr);
1213 set_hdr->set_id = htons(entry->flow_key.template_id);
1214
1215 /* Copy the flow key part of the data record. */
1216
1217 ofpbuf_put(msg, entry->flow_key.flow_key_msg_part,
1218 entry->flow_key.flow_key_msg_part_size);
1219
1220 /* Put the non-key part of the data record. */
1221
1222 {
1223 struct ipfix_data_record_aggregated_common *data_aggregated_common;
1224 uint64_t export_time_usec, flow_start_delta_usec, flow_end_delta_usec;
1225
1226 /* Calculate the negative deltas relative to the export time
1227 * in seconds sent in the header, not the exact export
1228 * time. */
1229 export_time_usec = 1000000LL * export_time_sec;
1230 flow_start_delta_usec = export_time_usec
1231 - entry->flow_start_timestamp_usec;
1232 flow_end_delta_usec = export_time_usec
1233 - entry->flow_end_timestamp_usec;
1234
1235 data_aggregated_common = ofpbuf_put_zeros(
1236 msg, sizeof *data_aggregated_common);
1237 data_aggregated_common->flow_start_delta_microseconds = htonl(
1238 flow_start_delta_usec);
1239 data_aggregated_common->flow_end_delta_microseconds = htonl(
1240 flow_end_delta_usec);
1241 data_aggregated_common->packet_delta_count = htonll(
1242 entry->packet_delta_count);
1243 data_aggregated_common->layer2_octet_delta_count = htonll(
1244 entry->layer2_octet_delta_count);
1245 data_aggregated_common->flow_end_reason = flow_end_reason;
1246 }
1247
1248 if (entry->octet_delta_sum_of_squares) { /* IP packet. */
1249 struct ipfix_data_record_aggregated_ip *data_aggregated_ip;
1250
1251 data_aggregated_ip = ofpbuf_put_zeros(
1252 msg, sizeof *data_aggregated_ip);
f51e8ccb
RL		 1253 data_aggregated_ip->octet_delta_count = htonll(
1254 entry->octet_delta_count);
978427a5
RL		 1255 data_aggregated_ip->octet_delta_sum_of_squares = htonll(
1256 entry->octet_delta_sum_of_squares);
1257 data_aggregated_ip->minimum_ip_total_length = htonll(
1258 entry->minimum_ip_total_length);
1259 data_aggregated_ip->maximum_ip_total_length = htonll(
1260 entry->maximum_ip_total_length);
1261 }
29089a54 1262
978427a5
RL		 1263 set_hdr = (struct ipfix_set_header*)((uint8_t*)msg->data + set_hdr_offset);
1264 set_hdr->length = htons(msg->size - set_hdr_offset);
1265}
1266
1267/* Send an IPFIX message with a single data record. */
1268static void
1269ipfix_send_data_msg(struct dpif_ipfix_exporter *exporter,
1270 uint32_t export_time_sec,
1271 struct ipfix_flow_cache_entry *entry,
1272 enum ipfix_flow_end_reason flow_end_reason)
1273{
1274 uint64_t msg_stub[DIV_ROUND_UP(MAX_MESSAGE_LEN, 8)];
1275 struct ofpbuf msg;
1276 ofpbuf_use_stub(&msg, msg_stub, sizeof msg_stub);
1277
1278 ipfix_init_header(export_time_sec, exporter->seq_number++,
1279 entry->flow_key.obs_domain_id, &msg);
1280 ipfix_put_data_set(export_time_sec, entry, flow_end_reason, &msg);
29089a54
RL		 1281 ipfix_send_msg(exporter->collectors, &msg);
1282
1283 ofpbuf_uninit(&msg);
1284}
1285
1286static void
1287dpif_ipfix_sample(struct dpif_ipfix_exporter *exporter,
1288 struct ofpbuf *packet, const struct flow *flow,
1289 uint64_t packet_delta_count, uint32_t obs_domain_id,
1290 uint32_t obs_point_id)
1291{
978427a5 1292 struct ipfix_flow_cache_entry *entry;
29089a54 1293
978427a5
RL		 1294 /* Create a flow cache entry from the sample. */
1295 entry = xmalloc(sizeof *entry);
1296 ipfix_cache_entry_init(entry, packet, flow, packet_delta_count,
1297 obs_domain_id, obs_point_id);
1298 ipfix_cache_update(exporter, entry);
29089a54
RL		 1299}
1300
1301void
1302dpif_ipfix_bridge_sample(struct dpif_ipfix *di, struct ofpbuf *packet,
626ace7b 1303 const struct flow *flow) OVS_EXCLUDED(mutex)
29089a54 1304{
626ace7b
EJ		 1305 uint64_t packet_delta_count;
1306
1307 ovs_mutex_lock(&mutex);
29089a54
RL		 1308 /* Use the sampling probability as an approximation of the number
1309 * of matched packets. */
626ace7b 1310 packet_delta_count = UINT32_MAX / di->bridge_exporter.probability;
29089a54
RL		 1311 dpif_ipfix_sample(&di->bridge_exporter.exporter, packet, flow,
1312 packet_delta_count,
1313 di->bridge_exporter.options->obs_domain_id,
1314 di->bridge_exporter.options->obs_point_id);
626ace7b 1315 ovs_mutex_unlock(&mutex);
29089a54
RL		 1316}
1317
1318void
1319dpif_ipfix_flow_sample(struct dpif_ipfix *di, struct ofpbuf *packet,
1320 const struct flow *flow, uint32_t collector_set_id,
1321 uint16_t probability, uint32_t obs_domain_id,
626ace7b 1322 uint32_t obs_point_id) OVS_EXCLUDED(mutex)
29089a54
RL		 1323{
1324 struct dpif_ipfix_flow_exporter_map_node *node;
1325 /* Use the sampling probability as an approximation of the number
1326 * of matched packets. */
1327 uint64_t packet_delta_count = USHRT_MAX / probability;
1328
626ace7b 1329 ovs_mutex_lock(&mutex);
29089a54 1330 node = dpif_ipfix_find_flow_exporter_map_node(di, collector_set_id);
626ace7b
EJ		 1331 if (node) {
1332 dpif_ipfix_sample(&node->exporter.exporter, packet, flow,
1333 packet_delta_count, obs_domain_id, obs_point_id);
29089a54 1334 }
626ace7b 1335 ovs_mutex_unlock(&mutex);
29089a54 1336}
978427a5
RL		 1337
1338static void
1339dpif_ipfix_cache_expire(struct dpif_ipfix_exporter *exporter,
1340 bool forced_end, const uint64_t export_time_usec,
1341 const uint32_t export_time_sec)
1342{
1343 struct ipfix_flow_cache_entry *entry, *next_entry;
1344 uint64_t max_flow_start_timestamp_usec;
1345 bool template_msg_sent = false;
1346 enum ipfix_flow_end_reason flow_end_reason;
1347
1348 if (list_is_empty(&exporter->cache_flow_start_timestamp_list)) {
1349 return;
1350 }
1351
1352 max_flow_start_timestamp_usec = export_time_usec -
1353 1000000LL * exporter->cache_active_timeout;
1354
1355 LIST_FOR_EACH_SAFE (entry, next_entry, cache_flow_start_timestamp_list_node,
1356 &exporter->cache_flow_start_timestamp_list) {
1357 if (forced_end) {
1358 flow_end_reason = FORCED_END;
1359 } else if (entry->flow_start_timestamp_usec
1360 <= max_flow_start_timestamp_usec) {
1361 flow_end_reason = ACTIVE_TIMEOUT;
1362 } else if (hmap_count(&exporter->cache_flow_key_map)
1363 > exporter->cache_max_flows) {
1364 /* Enforce exporter->cache_max_flows. */
1365 flow_end_reason = LACK_OF_RESOURCES;
1366 } else {
1367 /* Remaining flows haven't expired yet. */
1368 break;
1369 }
1370
1371 list_remove(&entry->cache_flow_start_timestamp_list_node);
1372 hmap_remove(&exporter->cache_flow_key_map,
1373 &entry->flow_key_map_node);
1374
1375 if (!template_msg_sent
1376 && (exporter->last_template_set_time + IPFIX_TEMPLATE_INTERVAL)
1377 <= export_time_sec) {
1378 ipfix_send_template_msg(exporter, export_time_sec,
1379 entry->flow_key.obs_domain_id);
1380 exporter->last_template_set_time = export_time_sec;
1381 template_msg_sent = true;
1382 }
1383
1384 /* XXX: Group multiple data records for the same obs domain id
1385 * into the same message. */
1386 ipfix_send_data_msg(exporter, export_time_sec, entry, flow_end_reason);
1387 free(entry);
1388 }
1389}
1390
1391static void
1392get_export_time_now(uint64_t *export_time_usec, uint32_t *export_time_sec)
1393{
1394 struct timeval export_time;
1395 xgettimeofday(&export_time);
1396
1397 *export_time_usec = export_time.tv_usec + 1000000LL * export_time.tv_sec;
1398
1399 /* The IPFIX start and end deltas are negative deltas relative to
1400 * the export time, so set the export time 1 second off to
1401 * calculate those deltas. */
1402 if (export_time.tv_usec == 0) {
1403 *export_time_sec = export_time.tv_sec;
1404 } else {
1405 *export_time_sec = export_time.tv_sec + 1;
1406 }
1407}
1408
1409static void
1410dpif_ipfix_cache_expire_now(struct dpif_ipfix_exporter *exporter,
1411 bool forced_end)
1412{
1413 uint64_t export_time_usec;
1414 uint32_t export_time_sec;
1415
1416 get_export_time_now(&export_time_usec, &export_time_sec);
1417 dpif_ipfix_cache_expire(exporter, forced_end, export_time_usec,
1418 export_time_sec);
1419}
1420
1421void
1422dpif_ipfix_run(struct dpif_ipfix *di) OVS_EXCLUDED(mutex)
1423{
1424 uint64_t export_time_usec;
1425 uint32_t export_time_sec;
1426 struct dpif_ipfix_flow_exporter_map_node *flow_exporter_node;
1427
1428 ovs_mutex_lock(&mutex);
1429 get_export_time_now(&export_time_usec, &export_time_sec);
1430 if (di->bridge_exporter.probability > 0) { /* Bridge exporter enabled. */
1431 dpif_ipfix_cache_expire(
1432 &di->bridge_exporter.exporter, false, export_time_usec,
1433 export_time_sec);
1434 }
1435 HMAP_FOR_EACH (flow_exporter_node, node, &di->flow_exporter_map) {
1436 dpif_ipfix_cache_expire(
1437 &flow_exporter_node->exporter.exporter, false, export_time_usec,
1438 export_time_sec);
1439 }
1440 ovs_mutex_unlock(&mutex);
1441}
1442
1443void
1444dpif_ipfix_wait(struct dpif_ipfix *di) OVS_EXCLUDED(mutex)
1445{
1446 long long int next_timeout_msec = LLONG_MAX;
1447 struct dpif_ipfix_flow_exporter_map_node *flow_exporter_node;
1448
1449 ovs_mutex_lock(&mutex);
1450 if (di->bridge_exporter.probability > 0) { /* Bridge exporter enabled. */
1451 if (ipfix_cache_next_timeout_msec(
1452 &di->bridge_exporter.exporter, &next_timeout_msec)) {
1453 poll_timer_wait_until(next_timeout_msec);
1454 }
1455 }
1456 HMAP_FOR_EACH (flow_exporter_node, node, &di->flow_exporter_map) {
1457 if (ipfix_cache_next_timeout_msec(
1458 &flow_exporter_node->exporter.exporter, &next_timeout_msec)) {
1459 poll_timer_wait_until(next_timeout_msec);
1460 }
1461 }
1462 ovs_mutex_unlock(&mutex);
1463}
openvswitch packages for PVE