]> git.proxmox.com Git - mirror_ovs.git/blob - ofproto/ofproto-dpif-ipfix.c
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
userspace: Switching of L3 packets in L2 pipeline
[mirror_ovs.git] / ofproto / ofproto-dpif-ipfix.c
1 /*
2 * Copyright (c) 2012, 2013, 2014, 2015, 2016 Nicira, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <config.h>
18 #include "ofproto-dpif-ipfix.h"
19 #include <sys/time.h>
20 #include "byte-order.h"
21 #include "collectors.h"
22 #include "flow.h"
23 #include "hash.h"
24 #include "openvswitch/hmap.h"
25 #include "netdev.h"
26 #include "openvswitch/list.h"
27 #include "openvswitch/ofpbuf.h"
28 #include "ofproto.h"
29 #include "ofproto-dpif.h"
30 #include "dp-packet.h"
31 #include "packets.h"
32 #include "poll-loop.h"
33 #include "sset.h"
34 #include "util.h"
35 #include "timeval.h"
36 #include "openvswitch/vlog.h"
37
38 VLOG_DEFINE_THIS_MODULE(ipfix);
39
40 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
41 static struct ovs_mutex mutex = OVS_MUTEX_INITIALIZER;
42
43 /* Cf. IETF RFC 5101 Section 10.3.4. */
44 #define IPFIX_DEFAULT_COLLECTOR_PORT 4739
45
46 /* Cf. IETF RFC 5881 Setion 8. */
47 #define BFD_CONTROL_DEST_PORT 3784
48 #define BFD_ECHO_DEST_PORT 3785
49
50 enum ipfix_sampled_packet_type {
51 IPFIX_SAMPLED_PKT_UNKNOWN = 0x00,
52 IPFIX_SAMPLED_PKT_IPV4_OK = 0x01,
53 IPFIX_SAMPLED_PKT_IPV6_OK = 0x02,
54 IPFIX_SAMPLED_PKT_IPV4_ERROR = 0x03,
55 IPFIX_SAMPLED_PKT_IPV6_ERROR = 0x04,
56 IPFIX_SAMPLED_PKT_OTHERS = 0x05
57 };
58
59 /* The standard layer2SegmentId (ID 351) element is included in vDS to send
60 * the VxLAN tunnel's VNI. It is 64-bit long, the most significant byte is
61 * used to indicate the type of tunnel (0x01 = VxLAN, 0x02 = GRE) and the three
62 * least significant bytes hold the value of the layer 2 overlay network
63 * segment identifier: a 24-bit VxLAN tunnel's VNI or a 24-bit GRE tunnel's
64 * TNI. This is not compatible with STT, as implemented in OVS, as
65 * its tunnel IDs is 64-bit.
66 *
67 * Two new enterprise information elements are defined which are similar to
68 * laryerSegmentId but support 64-bit IDs:
69 * tunnelType (ID 891) and tunnelKey (ID 892).
70 *
71 * The enum dpif_ipfix_tunnel_type is to declare the types supported in the
72 * tunnelType element.
73 * The number of ipfix tunnel types includes two reserverd types: 0x04 and 0x06.
74 */
75 enum dpif_ipfix_tunnel_type {
76 DPIF_IPFIX_TUNNEL_UNKNOWN = 0x00,
77 DPIF_IPFIX_TUNNEL_VXLAN = 0x01,
78 DPIF_IPFIX_TUNNEL_GRE = 0x02,
79 DPIF_IPFIX_TUNNEL_LISP = 0x03,
80 DPIF_IPFIX_TUNNEL_STT = 0x04,
81 DPIF_IPFIX_TUNNEL_GENEVE = 0x07,
82 NUM_DPIF_IPFIX_TUNNEL
83 };
84
85 typedef struct ofputil_ipfix_stats ofproto_ipfix_stats;
86
87 struct dpif_ipfix_global_stats {
88 uint64_t packet_total_count;
89 uint64_t octet_total_count;
90 uint64_t octet_total_sum_of_squares;
91 uint64_t layer2_octet_total_count;
92 uint64_t tcp_ack_total_count;
93 uint64_t tcp_fin_total_count;
94 uint64_t tcp_psh_total_count;
95 uint64_t tcp_rst_total_count;
96 uint64_t tcp_syn_total_count;
97 uint64_t tcp_urg_total_count;
98 };
99
100 struct dpif_ipfix_port {
101 struct hmap_node hmap_node; /* In struct dpif_ipfix's "tunnel_ports" hmap. */
102 struct ofport *ofport; /* To retrieve port stats. */
103 odp_port_t odp_port;
104 enum dpif_ipfix_tunnel_type tunnel_type;
105 uint8_t tunnel_key_length;
106 };
107
108 struct dpif_ipfix_exporter {
109 struct collectors *collectors;
110 uint32_t seq_number;
111 time_t last_template_set_time;
112 struct hmap cache_flow_key_map; /* ipfix_flow_cache_entry. */
113 struct ovs_list cache_flow_start_timestamp_list; /* ipfix_flow_cache_entry. */
114 uint32_t cache_active_timeout; /* In seconds. */
115 uint32_t cache_max_flows;
116 char *virtual_obs_id;
117 uint8_t virtual_obs_len;
118
119 ofproto_ipfix_stats ofproto_stats;
120 struct dpif_ipfix_global_stats ipfix_global_stats;
121 };
122
123 struct dpif_ipfix_bridge_exporter {
124 struct dpif_ipfix_exporter exporter;
125 struct ofproto_ipfix_bridge_exporter_options *options;
126 uint32_t probability;
127 };
128
129 struct dpif_ipfix_flow_exporter {
130 struct dpif_ipfix_exporter exporter;
131 struct ofproto_ipfix_flow_exporter_options *options;
132 };
133
134 struct dpif_ipfix_flow_exporter_map_node {
135 struct hmap_node node;
136 struct dpif_ipfix_flow_exporter exporter;
137 };
138
139 struct dpif_ipfix {
140 struct dpif_ipfix_bridge_exporter bridge_exporter;
141 struct hmap flow_exporter_map; /* dpif_ipfix_flow_exporter_map_node. */
142 struct hmap tunnel_ports; /* Contains "struct dpif_ipfix_port"s.
143 * It makes tunnel port lookups faster in
144 * sampling upcalls. */
145 struct ovs_refcount ref_cnt;
146 };
147
148 #define IPFIX_VERSION 0x000a
149
150 /* When using UDP, IPFIX Template Records must be re-sent regularly.
151 * The standard default interval is 10 minutes (600 seconds).
152 * Cf. IETF RFC 5101 Section 10.3.6. */
153 #define IPFIX_TEMPLATE_INTERVAL 600
154
155 /* Cf. IETF RFC 5101 Section 3.1. */
156 OVS_PACKED(
157 struct ipfix_header {
158 ovs_be16 version; /* IPFIX_VERSION. */
159 ovs_be16 length; /* Length in bytes including this header. */
160 ovs_be32 export_time; /* Seconds since the epoch. */
161 ovs_be32 seq_number; /* Message sequence number. */
162 ovs_be32 obs_domain_id; /* Observation Domain ID. */
163 });
164 BUILD_ASSERT_DECL(sizeof(struct ipfix_header) == 16);
165
166 #define IPFIX_SET_ID_TEMPLATE 2
167 #define IPFIX_SET_ID_OPTION_TEMPLATE 3
168
169 /* Cf. IETF RFC 5101 Section 3.3.2. */
170 OVS_PACKED(
171 struct ipfix_set_header {
172 ovs_be16 set_id; /* IPFIX_SET_ID_* or valid template ID for Data Sets. */
173 ovs_be16 length; /* Length of the set in bytes including header. */
174 });
175 BUILD_ASSERT_DECL(sizeof(struct ipfix_set_header) == 4);
176
177 /* Alternatives for templates at each layer. A template is defined by
178 * a combination of one value for each layer. */
179 enum ipfix_proto_l2 {
180 IPFIX_PROTO_L2_ETH = 0, /* No VLAN. */
181 IPFIX_PROTO_L2_VLAN,
182 NUM_IPFIX_PROTO_L2
183 };
184 enum ipfix_proto_l3 {
185 IPFIX_PROTO_L3_UNKNOWN = 0,
186 IPFIX_PROTO_L3_IPV4,
187 IPFIX_PROTO_L3_IPV6,
188 NUM_IPFIX_PROTO_L3
189 };
190 enum ipfix_proto_l4 {
191 IPFIX_PROTO_L4_UNKNOWN = 0,
192 IPFIX_PROTO_L4_TCP,
193 IPFIX_PROTO_L4_UDP,
194 IPFIX_PROTO_L4_SCTP,
195 IPFIX_PROTO_L4_ICMP,
196 NUM_IPFIX_PROTO_L4
197 };
198 enum ipfix_proto_tunnel {
199 IPFIX_PROTO_NOT_TUNNELED = 0,
200 IPFIX_PROTO_TUNNELED, /* Support gre, lisp and vxlan. */
201 NUM_IPFIX_PROTO_TUNNEL
202 };
203
204 /* Any Template ID > 255 is usable for Template Records. */
205 #define IPFIX_TEMPLATE_ID_MIN 256
206
207 /* Cf. IETF RFC 5101 Section 3.4.1. */
208 OVS_PACKED(
209 struct ipfix_template_record_header {
210 ovs_be16 template_id;
211 ovs_be16 field_count;
212 });
213 BUILD_ASSERT_DECL(sizeof(struct ipfix_template_record_header) == 4);
214
215 enum ipfix_entity_id {
216 /* standard IPFIX elements */
217 #define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) IPFIX_ENTITY_ID_##ENUM = ID,
218 #include "ofproto/ipfix-entities.def"
219 /* non-standard IPFIX elements */
220 #define IPFIX_SET_ENTERPRISE(v) (((v) | 0x8000))
221 #define IPFIX_ENTERPRISE_ENTITY(ENUM, ID, SIZE, NAME, ENTERPRISE) \
222 IPFIX_ENTITY_ID_##ENUM = IPFIX_SET_ENTERPRISE(ID),
223 #include "ofproto/ipfix-enterprise-entities.def"
224 };
225
226 enum ipfix_entity_size {
227 /* standard IPFIX elements */
228 #define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) IPFIX_ENTITY_SIZE_##ENUM = SIZE,
229 #include "ofproto/ipfix-entities.def"
230 /* non-standard IPFIX elements */
231 #define IPFIX_ENTERPRISE_ENTITY(ENUM, ID, SIZE, NAME, ENTERPRISE) \
232 IPFIX_ENTITY_SIZE_##ENUM = SIZE,
233 #include "ofproto/ipfix-enterprise-entities.def"
234 };
235
236 enum ipfix_entity_enterprise {
237 /* standard IPFIX elements */
238 #define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) IPFIX_ENTITY_ENTERPRISE_##ENUM = 0,
239 #include "ofproto/ipfix-entities.def"
240 /* non-standard IPFIX elements */
241 #define IPFIX_ENTERPRISE_ENTITY(ENUM, ID, SIZE, NAME, ENTERPRISE) \
242 IPFIX_ENTITY_ENTERPRISE_##ENUM = ENTERPRISE,
243 #include "ofproto/ipfix-enterprise-entities.def"
244 };
245
246 OVS_PACKED(
247 struct ipfix_template_field_specifier {
248 ovs_be16 element_id; /* IPFIX_ENTITY_ID_*. */
249 ovs_be16 field_length; /* Length of the field's value, in bytes.
250 * For Variable-Length element, it should be 65535.
251 */
252 ovs_be32 enterprise; /* Enterprise number */
253 });
254 BUILD_ASSERT_DECL(sizeof(struct ipfix_template_field_specifier) == 8);
255
256 /* Cf. IETF RFC 5102 Section 5.11.6. */
257 enum ipfix_flow_direction {
258 INGRESS_FLOW = 0x00,
259 EGRESS_FLOW = 0x01
260 };
261
262 /* Part of data record flow key for common metadata and Ethernet entities. */
263 OVS_PACKED(
264 struct ipfix_data_record_flow_key_common {
265 ovs_be32 observation_point_id; /* OBSERVATION_POINT_ID */
266 uint8_t flow_direction; /* FLOW_DIRECTION */
267 struct eth_addr source_mac_address; /* SOURCE_MAC_ADDRESS */
268 struct eth_addr destination_mac_address; /* DESTINATION_MAC_ADDRESS */
269 ovs_be16 ethernet_type; /* ETHERNET_TYPE */
270 uint8_t ethernet_header_length; /* ETHERNET_HEADER_LENGTH */
271 });
272 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_common) == 20);
273
274 /* Part of data record flow key for VLAN entities. */
275 OVS_PACKED(
276 struct ipfix_data_record_flow_key_vlan {
277 ovs_be16 vlan_id; /* VLAN_ID */
278 ovs_be16 dot1q_vlan_id; /* DOT1Q_VLAN_ID */
279 uint8_t dot1q_priority; /* DOT1Q_PRIORITY */
280 });
281 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_vlan) == 5);
282
283 /* Part of data record flow key for IP entities. */
284 /* XXX: Replace IP_TTL with MINIMUM_TTL and MAXIMUM_TTL? */
285 OVS_PACKED(
286 struct ipfix_data_record_flow_key_ip {
287 uint8_t ip_version; /* IP_VERSION */
288 uint8_t ip_ttl; /* IP_TTL */
289 uint8_t protocol_identifier; /* PROTOCOL_IDENTIFIER */
290 uint8_t ip_diff_serv_code_point; /* IP_DIFF_SERV_CODE_POINT */
291 uint8_t ip_precedence; /* IP_PRECEDENCE */
292 uint8_t ip_class_of_service; /* IP_CLASS_OF_SERVICE */
293 });
294 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_ip) == 6);
295
296 /* Part of data record flow key for IPv4 entities. */
297 OVS_PACKED(
298 struct ipfix_data_record_flow_key_ipv4 {
299 ovs_be32 source_ipv4_address; /* SOURCE_IPV4_ADDRESS */
300 ovs_be32 destination_ipv4_address; /* DESTINATION_IPV4_ADDRESS */
301 });
302 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_ipv4) == 8);
303
304 /* Part of data record flow key for IPv6 entities. */
305 OVS_PACKED(
306 struct ipfix_data_record_flow_key_ipv6 {
307 uint8_t source_ipv6_address[16]; /* SOURCE_IPV6_ADDRESS */
308 uint8_t destination_ipv6_address[16]; /* DESTINATION_IPV6_ADDRESS */
309 ovs_be32 flow_label_ipv6; /* FLOW_LABEL_IPV6 */
310 });
311 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_ipv6) == 36);
312
313 /* Part of data record flow key for TCP/UDP/SCTP entities. */
314 OVS_PACKED(
315 struct ipfix_data_record_flow_key_transport {
316 ovs_be16 source_transport_port; /* SOURCE_TRANSPORT_PORT */
317 ovs_be16 destination_transport_port; /* DESTINATION_TRANSPORT_PORT */
318 });
319 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_transport) == 4);
320
321 /* Part of data record flow key for ICMP entities. */
322 OVS_PACKED(
323 struct ipfix_data_record_flow_key_icmp {
324 uint8_t icmp_type; /* ICMP_TYPE_IPV4 / ICMP_TYPE_IPV6 */
325 uint8_t icmp_code; /* ICMP_CODE_IPV4 / ICMP_CODE_IPV6 */
326 });
327 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_icmp) == 2);
328
329 static uint8_t tunnel_protocol[NUM_DPIF_IPFIX_TUNNEL] = {
330 0, /* reserved */
331 IPPROTO_UDP, /* DPIF_IPFIX_TUNNEL_VXLAN */
332 IPPROTO_GRE, /* DPIF_IPFIX_TUNNEL_GRE */
333 IPPROTO_UDP, /* DPIF_IPFIX_TUNNEL_LISP*/
334 IPPROTO_TCP, /* DPIF_IPFIX_TUNNEL_STT*/
335 0 , /* reserved */
336 IPPROTO_UDP, /* DPIF_IPFIX_TUNNEL_GENEVE*/
337 };
338
339 OVS_PACKED(
340 struct ipfix_data_record_flow_key_tunnel {
341 ovs_be32 tunnel_source_ipv4_address; /* TUNNEL_SOURCE_IPV4_ADDRESS */
342 ovs_be32 tunnel_destination_ipv4_address; /* TUNNEL_DESTINATION_IPV4_ADDRESS */
343 uint8_t tunnel_protocol_identifier; /* TUNNEL_PROTOCOL_IDENTIFIER */
344 ovs_be16 tunnel_source_transport_port; /* TUNNEL_SOURCE_TRANSPORT_PORT */
345 ovs_be16 tunnel_destination_transport_port; /* TUNNEL_DESTINATION_TRANSPORT_PORT */
346 uint8_t tunnel_type; /* TUNNEL_TYPE */
347 uint8_t tunnel_key_length; /* length of TUNNEL_KEY */
348 uint8_t tunnel_key[]; /* data of TUNNEL_KEY */
349 });
350 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_tunnel) == 15);
351
352 /* Cf. IETF RFC 5102 Section 5.11.3. */
353 enum ipfix_flow_end_reason {
354 IDLE_TIMEOUT = 0x01,
355 ACTIVE_TIMEOUT = 0x02,
356 END_OF_FLOW_DETECTED = 0x03,
357 FORCED_END = 0x04,
358 LACK_OF_RESOURCES = 0x05
359 };
360
361 /* Part of data record for common aggregated elements. */
362 OVS_PACKED(
363 struct ipfix_data_record_aggregated_common {
364 ovs_be32 flow_start_delta_microseconds; /* FLOW_START_DELTA_MICROSECONDS */
365 ovs_be32 flow_end_delta_microseconds; /* FLOW_END_DELTA_MICROSECONDS */
366 ovs_be64 packet_delta_count; /* PACKET_DELTA_COUNT */
367 ovs_be64 packet_total_count; /* PACKET_TOTAL_COUNT */
368 ovs_be64 layer2_octet_delta_count; /* LAYER2_OCTET_DELTA_COUNT */
369 ovs_be64 layer2_octet_total_count; /* LAYER2_OCTET_TOTAL_COUNT */
370 uint8_t flow_end_reason; /* FLOW_END_REASON */
371 });
372 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_aggregated_common) == 41);
373
374 /* Part of data record for IP aggregated elements. */
375 OVS_PACKED(
376 struct ipfix_data_record_aggregated_ip {
377 ovs_be64 octet_delta_count; /* OCTET_DELTA_COUNT */
378 ovs_be64 octet_total_count; /* OCTET_TOTAL_COUNT */
379 ovs_be64 octet_delta_sum_of_squares; /* OCTET_DELTA_SUM_OF_SQUARES */
380 ovs_be64 octet_total_sum_of_squares; /* OCTET_TOTAL_SUM_OF_SQUARES */
381 ovs_be64 minimum_ip_total_length; /* MINIMUM_IP_TOTAL_LENGTH */
382 ovs_be64 maximum_ip_total_length; /* MAXIMUM_IP_TOTAL_LENGTH */
383 });
384 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_aggregated_ip) == 48);
385
386 /* Part of data record for TCP aggregated elements. */
387 OVS_PACKED(
388 struct ipfix_data_record_aggregated_tcp {
389 ovs_be64 tcp_ack_total_count; /* TCP_ACK_TOTAL_COUNT */
390 ovs_be64 tcp_fin_total_count; /* TCP_FIN_TOTAL_COUNT */
391 ovs_be64 tcp_psh_total_count; /* TCP_PSH_TOTAL_COUNT */
392 ovs_be64 tcp_rst_total_count; /* TCP_RST_TOTAL_COUNT */
393 ovs_be64 tcp_syn_total_count; /* TCP_SYN_TOTAL_COUNT */
394 ovs_be64 tcp_urg_total_count; /* TCP_URG_TOTAL_COUNT */
395 });
396 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_aggregated_tcp) == 48);
397
398 /*
399 * Refer to RFC 7011, the length of Variable length element is 0~65535:
400 * In most case, it should be less than 255 octets:
401 * 0 1 2 3
402 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
403 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
404 * | Length (< 255)| Information Element |
405 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
406 * | ... continuing as needed |
407 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
408 *
409 * When it is greater than or equeal to 255 octets:
410 * 0 1 2 3
411 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
412 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
413 * | 255 | Length (0 to 65535) | IE |
414 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
415 * | ... continuing as needed |
416 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
417 *
418 *
419 * Now, only the virtual_obs_id whose length < 255 is implemented.
420 */
421
422 #define IPFIX_VIRTUAL_OBS_MAX_LEN 254
423
424 /*
425 * support tunnel key for:
426 * VxLAN: 24-bit VIN,
427 * GRE: 32-bit key,
428 * LISP: 24-bit instance ID
429 * STT: 64-bit key
430 */
431 #define MAX_TUNNEL_KEY_LEN 8
432
433 #define MAX_FLOW_KEY_LEN \
434 (sizeof(struct ipfix_data_record_flow_key_common) \
435 + sizeof(struct ipfix_data_record_flow_key_vlan) \
436 + sizeof(struct ipfix_data_record_flow_key_ip) \
437 + MAX(sizeof(struct ipfix_data_record_flow_key_ipv4), \
438 sizeof(struct ipfix_data_record_flow_key_ipv6)) \
439 + MAX(sizeof(struct ipfix_data_record_flow_key_icmp), \
440 sizeof(struct ipfix_data_record_flow_key_transport)) \
441 + sizeof(struct ipfix_data_record_flow_key_tunnel) \
442 + MAX_TUNNEL_KEY_LEN)
443
444 #define MAX_DATA_RECORD_LEN \
445 (MAX_FLOW_KEY_LEN \
446 + sizeof(struct ipfix_data_record_aggregated_common) \
447 + sizeof(struct ipfix_data_record_aggregated_ip) \
448 + sizeof(struct ipfix_data_record_aggregated_tcp))
449
450 /* Max length of a data set. To simplify the implementation, each
451 * data record is sent in a separate data set, so each data set
452 * contains at most one data record. */
453 #define MAX_DATA_SET_LEN \
454 (sizeof(struct ipfix_set_header) \
455 + MAX_DATA_RECORD_LEN)
456
457 /* Max length of an IPFIX message. Arbitrarily set to accommodate low
458 * MTU. */
459 #define MAX_MESSAGE_LEN 1024
460
461 /* Cache structures. */
462
463 /* Flow key. */
464 struct ipfix_flow_key {
465 uint32_t obs_domain_id;
466 uint16_t template_id;
467 size_t flow_key_msg_part_size;
468 uint64_t flow_key_msg_part[DIV_ROUND_UP(MAX_FLOW_KEY_LEN, 8)];
469 };
470
471 /* Flow cache entry. */
472 struct ipfix_flow_cache_entry {
473 struct hmap_node flow_key_map_node;
474 struct ovs_list cache_flow_start_timestamp_list_node;
475 struct ipfix_flow_key flow_key;
476 /* Common aggregated elements. */
477 uint64_t flow_start_timestamp_usec;
478 uint64_t flow_end_timestamp_usec;
479 uint64_t packet_delta_count;
480 uint64_t packet_total_count;
481 uint64_t layer2_octet_delta_count;
482 uint64_t layer2_octet_total_count;
483 uint64_t octet_delta_count;
484 uint64_t octet_total_count;
485 uint64_t octet_delta_sum_of_squares; /* 0 if not IP. */
486 uint64_t octet_total_sum_of_squares; /* 0 if not IP. */
487 uint16_t minimum_ip_total_length; /* 0 if not IP. */
488 uint16_t maximum_ip_total_length; /* 0 if not IP. */
489 uint64_t tcp_packet_delta_count;
490 uint64_t tcp_ack_total_count;
491 uint64_t tcp_fin_total_count;
492 uint64_t tcp_psh_total_count;
493 uint64_t tcp_rst_total_count;
494 uint64_t tcp_syn_total_count;
495 uint64_t tcp_urg_total_count;
496 };
497
498 static void dpif_ipfix_cache_expire(struct dpif_ipfix_exporter *, bool,
499 const uint64_t, const uint32_t);
500
501 static void get_export_time_now(uint64_t *, uint32_t *);
502
503 static void dpif_ipfix_cache_expire_now(struct dpif_ipfix_exporter *, bool);
504
505 static bool
506 ofproto_ipfix_bridge_exporter_options_equal(
507 const struct ofproto_ipfix_bridge_exporter_options *a,
508 const struct ofproto_ipfix_bridge_exporter_options *b)
509 {
510 return (a->obs_domain_id == b->obs_domain_id
511 && a->obs_point_id == b->obs_point_id
512 && a->sampling_rate == b->sampling_rate
513 && a->cache_active_timeout == b->cache_active_timeout
514 && a->cache_max_flows == b->cache_max_flows
515 && a->enable_tunnel_sampling == b->enable_tunnel_sampling
516 && a->enable_input_sampling == b->enable_input_sampling
517 && a->enable_output_sampling == b->enable_output_sampling
518 && sset_equals(&a->targets, &b->targets)
519 && nullable_string_is_equal(a->virtual_obs_id, b->virtual_obs_id));
520 }
521
522 static struct ofproto_ipfix_bridge_exporter_options *
523 ofproto_ipfix_bridge_exporter_options_clone(
524 const struct ofproto_ipfix_bridge_exporter_options *old)
525 {
526 struct ofproto_ipfix_bridge_exporter_options *new =
527 xmemdup(old, sizeof *old);
528 sset_clone(&new->targets, &old->targets);
529 new->virtual_obs_id = nullable_xstrdup(old->virtual_obs_id);
530 return new;
531 }
532
533 static void
534 ofproto_ipfix_bridge_exporter_options_destroy(
535 struct ofproto_ipfix_bridge_exporter_options *options)
536 {
537 if (options) {
538 sset_destroy(&options->targets);
539 free(options->virtual_obs_id);
540 free(options);
541 }
542 }
543
544 static bool
545 ofproto_ipfix_flow_exporter_options_equal(
546 const struct ofproto_ipfix_flow_exporter_options *a,
547 const struct ofproto_ipfix_flow_exporter_options *b)
548 {
549 return (a->collector_set_id == b->collector_set_id
550 && a->cache_active_timeout == b->cache_active_timeout
551 && a->cache_max_flows == b->cache_max_flows
552 && a->enable_tunnel_sampling == b->enable_tunnel_sampling
553 && sset_equals(&a->targets, &b->targets)
554 && nullable_string_is_equal(a->virtual_obs_id, b->virtual_obs_id));
555 }
556
557 static struct ofproto_ipfix_flow_exporter_options *
558 ofproto_ipfix_flow_exporter_options_clone(
559 const struct ofproto_ipfix_flow_exporter_options *old)
560 {
561 struct ofproto_ipfix_flow_exporter_options *new =
562 xmemdup(old, sizeof *old);
563 sset_clone(&new->targets, &old->targets);
564 new->virtual_obs_id = nullable_xstrdup(old->virtual_obs_id);
565 return new;
566 }
567
568 static void
569 ofproto_ipfix_flow_exporter_options_destroy(
570 struct ofproto_ipfix_flow_exporter_options *options)
571 {
572 if (options) {
573 sset_destroy(&options->targets);
574 free(options->virtual_obs_id);
575 free(options);
576 }
577 }
578
579 static void
580 dpif_ipfix_exporter_init(struct dpif_ipfix_exporter *exporter)
581 {
582 exporter->collectors = NULL;
583 exporter->seq_number = 1;
584 exporter->last_template_set_time = 0;
585 hmap_init(&exporter->cache_flow_key_map);
586 ovs_list_init(&exporter->cache_flow_start_timestamp_list);
587 exporter->cache_active_timeout = 0;
588 exporter->cache_max_flows = 0;
589 exporter->virtual_obs_id = NULL;
590 exporter->virtual_obs_len = 0;
591
592 memset(&exporter->ipfix_global_stats, 0,
593 sizeof(struct dpif_ipfix_global_stats));
594 }
595
596 static void
597 dpif_ipfix_exporter_clear(struct dpif_ipfix_exporter *exporter)
598 {
599 /* Flush the cache with flow end reason "forced end." */
600 dpif_ipfix_cache_expire_now(exporter, true);
601
602 collectors_destroy(exporter->collectors);
603 exporter->collectors = NULL;
604 exporter->seq_number = 1;
605 exporter->last_template_set_time = 0;
606 exporter->cache_active_timeout = 0;
607 exporter->cache_max_flows = 0;
608 free(exporter->virtual_obs_id);
609 exporter->virtual_obs_id = NULL;
610 exporter->virtual_obs_len = 0;
611
612 memset(&exporter->ipfix_global_stats, 0,
613 sizeof(struct dpif_ipfix_global_stats));
614 }
615
616 static void
617 dpif_ipfix_exporter_destroy(struct dpif_ipfix_exporter *exporter)
618 {
619 dpif_ipfix_exporter_clear(exporter);
620 hmap_destroy(&exporter->cache_flow_key_map);
621 }
622
623 static bool
624 dpif_ipfix_exporter_set_options(struct dpif_ipfix_exporter *exporter,
625 const struct sset *targets,
626 const uint32_t cache_active_timeout,
627 const uint32_t cache_max_flows,
628 const char *virtual_obs_id)
629 {
630 size_t virtual_obs_len;
631 collectors_destroy(exporter->collectors);
632 collectors_create(targets, IPFIX_DEFAULT_COLLECTOR_PORT,
633 &exporter->collectors);
634 if (exporter->collectors == NULL) {
635 VLOG_WARN_RL(&rl, "no collectors could be initialized, "
636 "IPFIX exporter disabled");
637 dpif_ipfix_exporter_clear(exporter);
638 return false;
639 }
640 exporter->cache_active_timeout = cache_active_timeout;
641 exporter->cache_max_flows = cache_max_flows;
642 virtual_obs_len = virtual_obs_id ? strlen(virtual_obs_id) : 0;
643 if (virtual_obs_len > IPFIX_VIRTUAL_OBS_MAX_LEN) {
644 VLOG_WARN_RL(&rl, "Virtual obsevation ID too long (%d bytes), "
645 "should not be longer than %d bytes.",
646 exporter->virtual_obs_len, IPFIX_VIRTUAL_OBS_MAX_LEN);
647 dpif_ipfix_exporter_clear(exporter);
648 return false;
649 }
650 exporter->virtual_obs_len = virtual_obs_len;
651 exporter->virtual_obs_id = nullable_xstrdup(virtual_obs_id);
652 return true;
653 }
654
655 static struct dpif_ipfix_port *
656 dpif_ipfix_find_port(const struct dpif_ipfix *di,
657 odp_port_t odp_port) OVS_REQUIRES(mutex)
658 {
659 struct dpif_ipfix_port *dip;
660
661 HMAP_FOR_EACH_IN_BUCKET (dip, hmap_node, hash_odp_port(odp_port),
662 &di->tunnel_ports) {
663 if (dip->odp_port == odp_port) {
664 return dip;
665 }
666 }
667 return NULL;
668 }
669
670 static void
671 dpif_ipfix_del_port(struct dpif_ipfix *di,
672 struct dpif_ipfix_port *dip)
673 OVS_REQUIRES(mutex)
674 {
675 hmap_remove(&di->tunnel_ports, &dip->hmap_node);
676 free(dip);
677 }
678
679 void
680 dpif_ipfix_add_tunnel_port(struct dpif_ipfix *di, struct ofport *ofport,
681 odp_port_t odp_port) OVS_EXCLUDED(mutex)
682 {
683 struct dpif_ipfix_port *dip;
684 const char *type;
685
686 ovs_mutex_lock(&mutex);
687 dip = dpif_ipfix_find_port(di, odp_port);
688 if (dip) {
689 dpif_ipfix_del_port(di, dip);
690 }
691
692 type = netdev_get_type(ofport->netdev);
693 if (type == NULL) {
694 goto out;
695 }
696
697 /* Add to table of tunnel ports. */
698 dip = xmalloc(sizeof *dip);
699 dip->ofport = ofport;
700 dip->odp_port = odp_port;
701 if (strcmp(type, "gre") == 0) {
702 /* 32-bit key gre */
703 dip->tunnel_type = DPIF_IPFIX_TUNNEL_GRE;
704 dip->tunnel_key_length = 4;
705 } else if (strcmp(type, "vxlan") == 0) {
706 dip->tunnel_type = DPIF_IPFIX_TUNNEL_VXLAN;
707 dip->tunnel_key_length = 3;
708 } else if (strcmp(type, "lisp") == 0) {
709 dip->tunnel_type = DPIF_IPFIX_TUNNEL_LISP;
710 dip->tunnel_key_length = 3;
711 } else if (strcmp(type, "geneve") == 0) {
712 dip->tunnel_type = DPIF_IPFIX_TUNNEL_GENEVE;
713 dip->tunnel_key_length = 3;
714 } else if (strcmp(type, "stt") == 0) {
715 dip->tunnel_type = DPIF_IPFIX_TUNNEL_STT;
716 dip->tunnel_key_length = 8;
717 } else {
718 free(dip);
719 goto out;
720 }
721 hmap_insert(&di->tunnel_ports, &dip->hmap_node, hash_odp_port(odp_port));
722
723 out:
724 ovs_mutex_unlock(&mutex);
725 }
726
727 void
728 dpif_ipfix_del_tunnel_port(struct dpif_ipfix *di, odp_port_t odp_port)
729 OVS_EXCLUDED(mutex)
730 {
731 struct dpif_ipfix_port *dip;
732 ovs_mutex_lock(&mutex);
733 dip = dpif_ipfix_find_port(di, odp_port);
734 if (dip) {
735 dpif_ipfix_del_port(di, dip);
736 }
737 ovs_mutex_unlock(&mutex);
738 }
739
740 bool
741 dpif_ipfix_get_tunnel_port(const struct dpif_ipfix *di, odp_port_t odp_port)
742 OVS_EXCLUDED(mutex)
743 {
744 struct dpif_ipfix_port *dip;
745 ovs_mutex_lock(&mutex);
746 dip = dpif_ipfix_find_port(di, odp_port);
747 ovs_mutex_unlock(&mutex);
748 return dip != NULL;
749 }
750
751 static void
752 dpif_ipfix_bridge_exporter_init(struct dpif_ipfix_bridge_exporter *exporter)
753 {
754 dpif_ipfix_exporter_init(&exporter->exporter);
755 exporter->options = NULL;
756 exporter->probability = 0;
757 }
758
759 static void
760 dpif_ipfix_bridge_exporter_clear(struct dpif_ipfix_bridge_exporter *exporter)
761 {
762 dpif_ipfix_exporter_clear(&exporter->exporter);
763 ofproto_ipfix_bridge_exporter_options_destroy(exporter->options);
764 exporter->options = NULL;
765 exporter->probability = 0;
766 }
767
768 static void
769 dpif_ipfix_bridge_exporter_destroy(struct dpif_ipfix_bridge_exporter *exporter)
770 {
771 dpif_ipfix_bridge_exporter_clear(exporter);
772 dpif_ipfix_exporter_destroy(&exporter->exporter);
773 }
774
775 static void
776 dpif_ipfix_bridge_exporter_set_options(
777 struct dpif_ipfix_bridge_exporter *exporter,
778 const struct ofproto_ipfix_bridge_exporter_options *options)
779 {
780 bool options_changed;
781
782 if (!options || sset_is_empty(&options->targets)) {
783 /* No point in doing any work if there are no targets. */
784 dpif_ipfix_bridge_exporter_clear(exporter);
785 return;
786 }
787
788 options_changed = (
789 !exporter->options
790 || !ofproto_ipfix_bridge_exporter_options_equal(
791 options, exporter->options));
792
793 /* Configure collectors if options have changed or if we're
794 * shortchanged in collectors (which indicates that opening one or
795 * more of the configured collectors failed, so that we should
796 * retry). */
797 if (options_changed
798 || collectors_count(exporter->exporter.collectors)
799 < sset_count(&options->targets)) {
800 if (!dpif_ipfix_exporter_set_options(
801 &exporter->exporter, &options->targets,
802 options->cache_active_timeout, options->cache_max_flows,
803 options->virtual_obs_id)) {
804 return;
805 }
806 }
807
808 /* Avoid reconfiguring if options didn't change. */
809 if (!options_changed) {
810 return;
811 }
812
813 ofproto_ipfix_bridge_exporter_options_destroy(exporter->options);
814 exporter->options = ofproto_ipfix_bridge_exporter_options_clone(options);
815 exporter->probability =
816 MAX(1, UINT32_MAX / exporter->options->sampling_rate);
817
818 /* Run over the cache as some entries might have expired after
819 * changing the timeouts. */
820 dpif_ipfix_cache_expire_now(&exporter->exporter, false);
821 }
822
823 static struct dpif_ipfix_flow_exporter_map_node*
824 dpif_ipfix_find_flow_exporter_map_node(
825 const struct dpif_ipfix *di, const uint32_t collector_set_id)
826 OVS_REQUIRES(mutex)
827 {
828 struct dpif_ipfix_flow_exporter_map_node *exporter_node;
829
830 HMAP_FOR_EACH_WITH_HASH (exporter_node, node,
831 hash_int(collector_set_id, 0),
832 &di->flow_exporter_map) {
833 if (exporter_node->exporter.options->collector_set_id
834 == collector_set_id) {
835 return exporter_node;
836 }
837 }
838
839 return NULL;
840 }
841
842 static void
843 dpif_ipfix_flow_exporter_init(struct dpif_ipfix_flow_exporter *exporter)
844 {
845 dpif_ipfix_exporter_init(&exporter->exporter);
846 exporter->options = NULL;
847 }
848
849 static void
850 dpif_ipfix_flow_exporter_clear(struct dpif_ipfix_flow_exporter *exporter)
851 {
852 dpif_ipfix_exporter_clear(&exporter->exporter);
853 ofproto_ipfix_flow_exporter_options_destroy(exporter->options);
854 exporter->options = NULL;
855 }
856
857 static void
858 dpif_ipfix_flow_exporter_destroy(struct dpif_ipfix_flow_exporter *exporter)
859 {
860 dpif_ipfix_flow_exporter_clear(exporter);
861 dpif_ipfix_exporter_destroy(&exporter->exporter);
862 }
863
864 static bool
865 dpif_ipfix_flow_exporter_set_options(
866 struct dpif_ipfix_flow_exporter *exporter,
867 const struct ofproto_ipfix_flow_exporter_options *options)
868 {
869 bool options_changed;
870
871 if (sset_is_empty(&options->targets)) {
872 /* No point in doing any work if there are no targets. */
873 dpif_ipfix_flow_exporter_clear(exporter);
874 return true;
875 }
876
877 options_changed = (
878 !exporter->options
879 || !ofproto_ipfix_flow_exporter_options_equal(
880 options, exporter->options));
881
882 /* Configure collectors if options have changed or if we're
883 * shortchanged in collectors (which indicates that opening one or
884 * more of the configured collectors failed, so that we should
885 * retry). */
886 if (options_changed
887 || collectors_count(exporter->exporter.collectors)
888 < sset_count(&options->targets)) {
889 if (!dpif_ipfix_exporter_set_options(
890 &exporter->exporter, &options->targets,
891 options->cache_active_timeout, options->cache_max_flows,
892 options->virtual_obs_id)) {
893 return false;
894 }
895 }
896
897 /* Avoid reconfiguring if options didn't change. */
898 if (!options_changed) {
899 return true;
900 }
901
902 ofproto_ipfix_flow_exporter_options_destroy(exporter->options);
903 exporter->options = ofproto_ipfix_flow_exporter_options_clone(options);
904
905 /* Run over the cache as some entries might have expired after
906 * changing the timeouts. */
907 dpif_ipfix_cache_expire_now(&exporter->exporter, false);
908
909 return true;
910 }
911
912 static void
913 remove_flow_exporter(struct dpif_ipfix *di,
914 struct dpif_ipfix_flow_exporter_map_node *node)
915 {
916 hmap_remove(&di->flow_exporter_map, &node->node);
917 dpif_ipfix_flow_exporter_destroy(&node->exporter);
918 free(node);
919 }
920
921 void
922 dpif_ipfix_set_options(
923 struct dpif_ipfix *di,
924 const struct ofproto_ipfix_bridge_exporter_options *bridge_exporter_options,
925 const struct ofproto_ipfix_flow_exporter_options *flow_exporters_options,
926 size_t n_flow_exporters_options) OVS_EXCLUDED(mutex)
927 {
928 int i;
929 struct ofproto_ipfix_flow_exporter_options *options;
930 struct dpif_ipfix_flow_exporter_map_node *node, *next;
931
932 ovs_mutex_lock(&mutex);
933 dpif_ipfix_bridge_exporter_set_options(&di->bridge_exporter,
934 bridge_exporter_options);
935
936 /* Add new flow exporters and update current flow exporters. */
937 options = (struct ofproto_ipfix_flow_exporter_options *)
938 flow_exporters_options;
939 for (i = 0; i < n_flow_exporters_options; i++) {
940 node = dpif_ipfix_find_flow_exporter_map_node(
941 di, options->collector_set_id);
942 if (!node) {
943 node = xzalloc(sizeof *node);
944 dpif_ipfix_flow_exporter_init(&node->exporter);
945 hmap_insert(&di->flow_exporter_map, &node->node,
946 hash_int(options->collector_set_id, 0));
947 }
948 if (!dpif_ipfix_flow_exporter_set_options(&node->exporter, options)) {
949 remove_flow_exporter(di, node);
950 }
951 options++;
952 }
953
954 /* Remove dropped flow exporters, if any needs to be removed. */
955 HMAP_FOR_EACH_SAFE (node, next, node, &di->flow_exporter_map) {
956 /* This is slow but doesn't take any extra memory, and
957 * this table is not supposed to contain many rows anyway. */
958 options = (struct ofproto_ipfix_flow_exporter_options *)
959 flow_exporters_options;
960 for (i = 0; i < n_flow_exporters_options; i++) {
961 if (node->exporter.options->collector_set_id
962 == options->collector_set_id) {
963 break;
964 }
965 options++;
966 }
967 if (i == n_flow_exporters_options) { // Not found.
968 remove_flow_exporter(di, node);
969 }
970 }
971
972 ovs_mutex_unlock(&mutex);
973 }
974
975 struct dpif_ipfix *
976 dpif_ipfix_create(void)
977 {
978 struct dpif_ipfix *di;
979 di = xzalloc(sizeof *di);
980 dpif_ipfix_bridge_exporter_init(&di->bridge_exporter);
981 hmap_init(&di->flow_exporter_map);
982 hmap_init(&di->tunnel_ports);
983 ovs_refcount_init(&di->ref_cnt);
984 return di;
985 }
986
987 struct dpif_ipfix *
988 dpif_ipfix_ref(const struct dpif_ipfix *di_)
989 {
990 struct dpif_ipfix *di = CONST_CAST(struct dpif_ipfix *, di_);
991 if (di) {
992 ovs_refcount_ref(&di->ref_cnt);
993 }
994 return di;
995 }
996
997 uint32_t
998 dpif_ipfix_get_bridge_exporter_probability(const struct dpif_ipfix *di)
999 OVS_EXCLUDED(mutex)
1000 {
1001 uint32_t ret;
1002 ovs_mutex_lock(&mutex);
1003 ret = di->bridge_exporter.probability;
1004 ovs_mutex_unlock(&mutex);
1005 return ret;
1006 }
1007
1008 bool
1009 dpif_ipfix_get_bridge_exporter_input_sampling(const struct dpif_ipfix *di)
1010 OVS_EXCLUDED(mutex)
1011 {
1012 bool ret = false;
1013 ovs_mutex_lock(&mutex);
1014 if (di->bridge_exporter.options) {
1015 ret = di->bridge_exporter.options->enable_input_sampling;
1016 }
1017 ovs_mutex_unlock(&mutex);
1018 return ret;
1019 }
1020
1021 bool
1022 dpif_ipfix_get_bridge_exporter_output_sampling(const struct dpif_ipfix *di)
1023 OVS_EXCLUDED(mutex)
1024 {
1025 bool ret = false;
1026 ovs_mutex_lock(&mutex);
1027 if (di->bridge_exporter.options) {
1028 ret = di->bridge_exporter.options->enable_output_sampling;
1029 }
1030 ovs_mutex_unlock(&mutex);
1031 return ret;
1032 }
1033
1034 bool
1035 dpif_ipfix_get_bridge_exporter_tunnel_sampling(const struct dpif_ipfix *di)
1036 OVS_EXCLUDED(mutex)
1037 {
1038 bool ret = false;
1039 ovs_mutex_lock(&mutex);
1040 if (di->bridge_exporter.options) {
1041 ret = di->bridge_exporter.options->enable_tunnel_sampling;
1042 }
1043 ovs_mutex_unlock(&mutex);
1044 return ret;
1045 }
1046
1047 bool
1048 dpif_ipfix_get_flow_exporter_tunnel_sampling(const struct dpif_ipfix *di,
1049 const uint32_t collector_set_id)
1050 OVS_EXCLUDED(mutex)
1051 {
1052 ovs_mutex_lock(&mutex);
1053 struct dpif_ipfix_flow_exporter_map_node *node
1054 = dpif_ipfix_find_flow_exporter_map_node(di, collector_set_id);
1055 bool ret = (node
1056 && node->exporter.options
1057 && node->exporter.options->enable_tunnel_sampling);
1058 ovs_mutex_unlock(&mutex);
1059
1060 return ret;
1061 }
1062
1063 static void
1064 dpif_ipfix_clear(struct dpif_ipfix *di) OVS_REQUIRES(mutex)
1065 {
1066 struct dpif_ipfix_flow_exporter_map_node *exp_node;
1067 struct dpif_ipfix_port *dip, *next;
1068
1069 dpif_ipfix_bridge_exporter_clear(&di->bridge_exporter);
1070
1071 HMAP_FOR_EACH_POP (exp_node, node, &di->flow_exporter_map) {
1072 dpif_ipfix_flow_exporter_destroy(&exp_node->exporter);
1073 free(exp_node);
1074 }
1075
1076 HMAP_FOR_EACH_SAFE (dip, next, hmap_node, &di->tunnel_ports) {
1077 dpif_ipfix_del_port(di, dip);
1078 }
1079 }
1080
1081 void
1082 dpif_ipfix_unref(struct dpif_ipfix *di) OVS_EXCLUDED(mutex)
1083 {
1084 if (di && ovs_refcount_unref_relaxed(&di->ref_cnt) == 1) {
1085 ovs_mutex_lock(&mutex);
1086 dpif_ipfix_clear(di);
1087 dpif_ipfix_bridge_exporter_destroy(&di->bridge_exporter);
1088 hmap_destroy(&di->flow_exporter_map);
1089 hmap_destroy(&di->tunnel_ports);
1090 free(di);
1091 ovs_mutex_unlock(&mutex);
1092 }
1093 }
1094
1095 static void
1096 ipfix_init_header(uint32_t export_time_sec, uint32_t seq_number,
1097 uint32_t obs_domain_id, struct dp_packet *msg)
1098 {
1099 struct ipfix_header *hdr;
1100
1101 hdr = dp_packet_put_zeros(msg, sizeof *hdr);
1102 hdr->version = htons(IPFIX_VERSION);
1103 hdr->length = htons(sizeof *hdr); /* Updated in ipfix_send_msg. */
1104 hdr->export_time = htonl(export_time_sec);
1105 hdr->seq_number = htonl(seq_number);
1106 hdr->obs_domain_id = htonl(obs_domain_id);
1107 }
1108
1109 static size_t
1110 ipfix_send_msg(const struct collectors *collectors, struct dp_packet *msg)
1111 {
1112 struct ipfix_header *hdr;
1113 size_t tx_errors;
1114
1115 /* Adjust the length in the header. */
1116 hdr = dp_packet_data(msg);
1117 hdr->length = htons(dp_packet_size(msg));
1118
1119 tx_errors = collectors_send(collectors,
1120 dp_packet_data(msg), dp_packet_size(msg));
1121 dp_packet_set_size(msg, 0);
1122
1123 return tx_errors;
1124 }
1125
1126 static uint16_t
1127 ipfix_get_template_id(enum ipfix_proto_l2 l2, enum ipfix_proto_l3 l3,
1128 enum ipfix_proto_l4 l4, enum ipfix_proto_tunnel tunnel)
1129 {
1130 uint16_t template_id;
1131 template_id = l2;
1132 template_id = template_id * NUM_IPFIX_PROTO_L3 + l3;
1133 template_id = template_id * NUM_IPFIX_PROTO_L4 + l4;
1134 template_id = template_id * NUM_IPFIX_PROTO_TUNNEL + tunnel;
1135 return IPFIX_TEMPLATE_ID_MIN + template_id;
1136 }
1137
1138 static void
1139 ipfix_define_template_entity(enum ipfix_entity_id id,
1140 enum ipfix_entity_size size,
1141 enum ipfix_entity_enterprise enterprise,
1142 struct dp_packet *msg)
1143 {
1144 struct ipfix_template_field_specifier *field;
1145 size_t field_size;
1146
1147 if (enterprise) {
1148 field_size = sizeof *field;
1149 } else {
1150 /* No enterprise number */
1151 field_size = sizeof *field - sizeof(ovs_be32);
1152 }
1153 field = dp_packet_put_zeros(msg, field_size);
1154 field->element_id = htons(id);
1155 if (size) {
1156 field->field_length = htons(size);
1157 } else {
1158 /* RFC 5101, Section 7. Variable-Length Information Element */
1159 field->field_length = OVS_BE16_MAX;
1160 }
1161 if (enterprise) {
1162 field->enterprise = htonl(enterprise);
1163 }
1164
1165 }
1166
1167 static uint16_t
1168 ipfix_define_template_fields(enum ipfix_proto_l2 l2, enum ipfix_proto_l3 l3,
1169 enum ipfix_proto_l4 l4, enum ipfix_proto_tunnel tunnel,
1170 bool virtual_obs_id_set,
1171 struct dp_packet *msg)
1172 {
1173 uint16_t count = 0;
1174
1175 #define DEF(ID) \
1176 { \
1177 ipfix_define_template_entity(IPFIX_ENTITY_ID_##ID, \
1178 IPFIX_ENTITY_SIZE_##ID, \
1179 IPFIX_ENTITY_ENTERPRISE_##ID, msg); \
1180 count++; \
1181 }
1182
1183 /* 1. Flow key. */
1184
1185 DEF(OBSERVATION_POINT_ID);
1186 DEF(FLOW_DIRECTION);
1187
1188 /* Common Ethernet entities. */
1189 DEF(SOURCE_MAC_ADDRESS);
1190 DEF(DESTINATION_MAC_ADDRESS);
1191 DEF(ETHERNET_TYPE);
1192 DEF(ETHERNET_HEADER_LENGTH);
1193
1194 if (l2 == IPFIX_PROTO_L2_VLAN) {
1195 DEF(VLAN_ID);
1196 DEF(DOT1Q_VLAN_ID);
1197 DEF(DOT1Q_PRIORITY);
1198 }
1199
1200 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
1201 DEF(IP_VERSION);
1202 DEF(IP_TTL);
1203 DEF(PROTOCOL_IDENTIFIER);
1204 DEF(IP_DIFF_SERV_CODE_POINT);
1205 DEF(IP_PRECEDENCE);
1206 DEF(IP_CLASS_OF_SERVICE);
1207
1208 if (l3 == IPFIX_PROTO_L3_IPV4) {
1209 DEF(SOURCE_IPV4_ADDRESS);
1210 DEF(DESTINATION_IPV4_ADDRESS);
1211 if (l4 == IPFIX_PROTO_L4_TCP
1212 || l4 == IPFIX_PROTO_L4_UDP
1213 || l4 == IPFIX_PROTO_L4_SCTP) {
1214 DEF(SOURCE_TRANSPORT_PORT);
1215 DEF(DESTINATION_TRANSPORT_PORT);
1216 } else if (l4 == IPFIX_PROTO_L4_ICMP) {
1217 DEF(ICMP_TYPE_IPV4);
1218 DEF(ICMP_CODE_IPV4);
1219 }
1220 } else { /* l3 == IPFIX_PROTO_L3_IPV6 */
1221 DEF(SOURCE_IPV6_ADDRESS);
1222 DEF(DESTINATION_IPV6_ADDRESS);
1223 DEF(FLOW_LABEL_IPV6);
1224 if (l4 == IPFIX_PROTO_L4_TCP
1225 || l4 == IPFIX_PROTO_L4_UDP
1226 || l4 == IPFIX_PROTO_L4_SCTP) {
1227 DEF(SOURCE_TRANSPORT_PORT);
1228 DEF(DESTINATION_TRANSPORT_PORT);
1229 } else if (l4 == IPFIX_PROTO_L4_ICMP) {
1230 DEF(ICMP_TYPE_IPV6);
1231 DEF(ICMP_CODE_IPV6);
1232 }
1233 }
1234 }
1235
1236 if (tunnel != IPFIX_PROTO_NOT_TUNNELED) {
1237 DEF(TUNNEL_SOURCE_IPV4_ADDRESS);
1238 DEF(TUNNEL_DESTINATION_IPV4_ADDRESS);
1239 DEF(TUNNEL_PROTOCOL_IDENTIFIER);
1240 DEF(TUNNEL_SOURCE_TRANSPORT_PORT);
1241 DEF(TUNNEL_DESTINATION_TRANSPORT_PORT);
1242 DEF(TUNNEL_TYPE);
1243 DEF(TUNNEL_KEY);
1244 }
1245
1246 /* 2. Virtual observation ID, which is not a part of flow key. */
1247 if (virtual_obs_id_set) {
1248 DEF(VIRTUAL_OBS_ID);
1249 }
1250
1251 /* 3. Flow aggregated data. */
1252
1253 DEF(FLOW_START_DELTA_MICROSECONDS);
1254 DEF(FLOW_END_DELTA_MICROSECONDS);
1255 DEF(PACKET_DELTA_COUNT);
1256 DEF(PACKET_TOTAL_COUNT);
1257 DEF(LAYER2_OCTET_DELTA_COUNT);
1258 DEF(LAYER2_OCTET_TOTAL_COUNT);
1259 DEF(FLOW_END_REASON);
1260
1261 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
1262 DEF(OCTET_DELTA_COUNT);
1263 DEF(OCTET_TOTAL_COUNT);
1264 DEF(OCTET_DELTA_SUM_OF_SQUARES);
1265 DEF(OCTET_TOTAL_SUM_OF_SQUARES);
1266 DEF(MINIMUM_IP_TOTAL_LENGTH);
1267 DEF(MAXIMUM_IP_TOTAL_LENGTH);
1268 }
1269
1270 if (l4 == IPFIX_PROTO_L4_TCP) {
1271 DEF(TCP_ACK_TOTAL_COUNT);
1272 DEF(TCP_FIN_TOTAL_COUNT);
1273 DEF(TCP_PSH_TOTAL_COUNT);
1274 DEF(TCP_RST_TOTAL_COUNT);
1275 DEF(TCP_SYN_TOTAL_COUNT);
1276 DEF(TCP_URG_TOTAL_COUNT);
1277 }
1278 #undef DEF
1279
1280 return count;
1281 }
1282
1283 static void
1284 ipfix_init_template_msg(void *msg_stub, uint32_t export_time_sec,
1285 uint32_t seq_number, uint32_t obs_domain_id,
1286 struct dp_packet *msg, size_t *set_hdr_offset)
1287 {
1288 struct ipfix_set_header *set_hdr;
1289
1290 dp_packet_use_stub(msg, msg_stub, sizeof msg_stub);
1291
1292 ipfix_init_header(export_time_sec, seq_number, obs_domain_id, msg);
1293 *set_hdr_offset = dp_packet_size(msg);
1294
1295 /* Add a Template Set. */
1296 set_hdr = dp_packet_put_zeros(msg, sizeof *set_hdr);
1297 set_hdr->set_id = htons(IPFIX_SET_ID_TEMPLATE);
1298 }
1299
1300 static size_t
1301 ipfix_send_template_msg(const struct collectors *collectors,
1302 struct dp_packet *msg, size_t set_hdr_offset)
1303 {
1304 struct ipfix_set_header *set_hdr;
1305 size_t tx_errors;
1306
1307 /* Send template message. */
1308 set_hdr = (struct ipfix_set_header*)
1309 ((uint8_t*)dp_packet_data(msg) + set_hdr_offset);
1310 set_hdr->length = htons(dp_packet_size(msg) - set_hdr_offset);
1311
1312 tx_errors = ipfix_send_msg(collectors, msg);
1313
1314 dp_packet_uninit(msg);
1315
1316 return tx_errors;
1317 }
1318
1319 static void
1320 ipfix_send_template_msgs(struct dpif_ipfix_exporter *exporter,
1321 uint32_t export_time_sec, uint32_t obs_domain_id)
1322 {
1323 uint64_t msg_stub[DIV_ROUND_UP(MAX_MESSAGE_LEN, 8)];
1324 struct dp_packet msg;
1325 size_t set_hdr_offset, tmpl_hdr_offset, error_pkts;
1326 struct ipfix_template_record_header *tmpl_hdr;
1327 uint16_t field_count;
1328 size_t tx_packets = 0;
1329 size_t tx_errors = 0;
1330 enum ipfix_proto_l2 l2;
1331 enum ipfix_proto_l3 l3;
1332 enum ipfix_proto_l4 l4;
1333 enum ipfix_proto_tunnel tunnel;
1334
1335 ipfix_init_template_msg(msg_stub, export_time_sec, exporter->seq_number,
1336 obs_domain_id, &msg, &set_hdr_offset);
1337 /* Define one template for each possible combination of
1338 * protocols. */
1339 for (l2 = 0; l2 < NUM_IPFIX_PROTO_L2; l2++) {
1340 for (l3 = 0; l3 < NUM_IPFIX_PROTO_L3; l3++) {
1341 for (l4 = 0; l4 < NUM_IPFIX_PROTO_L4; l4++) {
1342 if (l3 == IPFIX_PROTO_L3_UNKNOWN &&
1343 l4 != IPFIX_PROTO_L4_UNKNOWN) {
1344 continue;
1345 }
1346 for (tunnel = 0; tunnel < NUM_IPFIX_PROTO_TUNNEL; tunnel++) {
1347 /* When the size of the template packet reaches
1348 * MAX_MESSAGE_LEN(1024), send it out.
1349 * And then reinitialize the msg to construct a new
1350 * packet for the following templates.
1351 */
1352 if (dp_packet_size(&msg) >= MAX_MESSAGE_LEN) {
1353 /* Send template message. */
1354 error_pkts = ipfix_send_template_msg(exporter->collectors,
1355 &msg, set_hdr_offset);
1356 tx_errors += error_pkts;
1357 tx_packets += collectors_count(exporter->collectors) - error_pkts;
1358
1359 /* Reinitialize the template msg. */
1360 ipfix_init_template_msg(msg_stub, export_time_sec,
1361 exporter->seq_number,
1362 obs_domain_id, &msg,
1363 &set_hdr_offset);
1364 }
1365
1366 tmpl_hdr_offset = dp_packet_size(&msg);
1367 tmpl_hdr = dp_packet_put_zeros(&msg, sizeof *tmpl_hdr);
1368 tmpl_hdr->template_id = htons(
1369 ipfix_get_template_id(l2, l3, l4, tunnel));
1370 field_count = ipfix_define_template_fields(
1371 l2, l3, l4, tunnel, exporter->virtual_obs_id != NULL,
1372 &msg);
1373 tmpl_hdr = (struct ipfix_template_record_header*)
1374 ((uint8_t*)dp_packet_data(&msg) + tmpl_hdr_offset);
1375 tmpl_hdr->field_count = htons(field_count);
1376 }
1377 }
1378 }
1379 }
1380
1381 /* Send template message. */
1382 error_pkts = ipfix_send_template_msg(exporter->collectors, &msg, set_hdr_offset);
1383 tx_errors += error_pkts;
1384 tx_packets += collectors_count(exporter->collectors) - error_pkts;
1385
1386 exporter->ofproto_stats.tx_pkts += tx_packets;
1387 exporter->ofproto_stats.tx_errors += tx_errors;
1388
1389 /* XXX: Add Options Template Sets, at least to define a Flow Keys
1390 * Option Template. */
1391
1392 }
1393
1394 static inline uint32_t
1395 ipfix_hash_flow_key(const struct ipfix_flow_key *flow_key, uint32_t basis)
1396 {
1397 uint32_t hash;
1398 hash = hash_int(flow_key->obs_domain_id, basis);
1399 hash = hash_int(flow_key->template_id, hash);
1400 hash = hash_bytes(flow_key->flow_key_msg_part,
1401 flow_key->flow_key_msg_part_size, hash);
1402 return hash;
1403 }
1404
1405 static bool
1406 ipfix_flow_key_equal(const struct ipfix_flow_key *a,
1407 const struct ipfix_flow_key *b)
1408 {
1409 /* The template ID determines the flow key size, so not need to
1410 * compare it. */
1411 return (a->obs_domain_id == b->obs_domain_id
1412 && a->template_id == b->template_id
1413 && memcmp(a->flow_key_msg_part, b->flow_key_msg_part,
1414 a->flow_key_msg_part_size) == 0);
1415 }
1416
1417 static struct ipfix_flow_cache_entry*
1418 ipfix_cache_find_entry(const struct dpif_ipfix_exporter *exporter,
1419 const struct ipfix_flow_key *flow_key)
1420 {
1421 struct ipfix_flow_cache_entry *entry;
1422
1423 HMAP_FOR_EACH_WITH_HASH (entry, flow_key_map_node,
1424 ipfix_hash_flow_key(flow_key, 0),
1425 &exporter->cache_flow_key_map) {
1426 if (ipfix_flow_key_equal(&entry->flow_key, flow_key)) {
1427 return entry;
1428 }
1429 }
1430
1431 return NULL;
1432 }
1433
1434 static bool
1435 ipfix_cache_next_timeout_msec(const struct dpif_ipfix_exporter *exporter,
1436 long long int *next_timeout_msec)
1437 {
1438 struct ipfix_flow_cache_entry *entry;
1439
1440 LIST_FOR_EACH (entry, cache_flow_start_timestamp_list_node,
1441 &exporter->cache_flow_start_timestamp_list) {
1442 *next_timeout_msec = entry->flow_start_timestamp_usec / 1000LL
1443 + 1000LL * exporter->cache_active_timeout;
1444 return true;
1445 }
1446
1447 return false;
1448 }
1449
1450 static void
1451 ipfix_cache_aggregate_entries(struct ipfix_flow_cache_entry *from_entry,
1452 struct ipfix_flow_cache_entry *to_entry)
1453 {
1454 uint64_t *to_start, *to_end, *from_start, *from_end;
1455 uint16_t *to_min_len, *to_max_len, *from_min_len, *from_max_len;
1456
1457 to_start = &to_entry->flow_start_timestamp_usec;
1458 to_end = &to_entry->flow_end_timestamp_usec;
1459 from_start = &from_entry->flow_start_timestamp_usec;
1460 from_end = &from_entry->flow_end_timestamp_usec;
1461
1462 if (*to_start > *from_start) {
1463 *to_start = *from_start;
1464 }
1465 if (*to_end < *from_end) {
1466 *to_end = *from_end;
1467 }
1468
1469 to_entry->packet_delta_count += from_entry->packet_delta_count;
1470 to_entry->layer2_octet_delta_count += from_entry->layer2_octet_delta_count;
1471
1472 to_entry->packet_total_count = from_entry->packet_total_count;
1473 to_entry->layer2_octet_total_count = from_entry->layer2_octet_total_count;
1474
1475 to_entry->octet_delta_count += from_entry->octet_delta_count;
1476 to_entry->octet_delta_sum_of_squares +=
1477 from_entry->octet_delta_sum_of_squares;
1478
1479 to_entry->octet_total_count = from_entry->octet_total_count;
1480 to_entry->octet_total_sum_of_squares =
1481 from_entry->octet_total_sum_of_squares;
1482
1483 to_min_len = &to_entry->minimum_ip_total_length;
1484 to_max_len = &to_entry->maximum_ip_total_length;
1485 from_min_len = &from_entry->minimum_ip_total_length;
1486 from_max_len = &from_entry->maximum_ip_total_length;
1487
1488 if (!*to_min_len || (*from_min_len && *to_min_len > *from_min_len)) {
1489 *to_min_len = *from_min_len;
1490 }
1491 if (*to_max_len < *from_max_len) {
1492 *to_max_len = *from_max_len;
1493 }
1494
1495 to_entry->tcp_packet_delta_count += from_entry->tcp_packet_delta_count;
1496 to_entry->tcp_ack_total_count = from_entry->tcp_ack_total_count;
1497 to_entry->tcp_fin_total_count = from_entry->tcp_fin_total_count;
1498 to_entry->tcp_psh_total_count = from_entry->tcp_psh_total_count;
1499 to_entry->tcp_rst_total_count = from_entry->tcp_rst_total_count;
1500 to_entry->tcp_syn_total_count = from_entry->tcp_syn_total_count;
1501 to_entry->tcp_urg_total_count = from_entry->tcp_urg_total_count;
1502 }
1503
1504 /* Get statistics */
1505 static void
1506 ipfix_get_stats__(const struct dpif_ipfix_exporter *exporter,
1507 ofproto_ipfix_stats *stats)
1508 {
1509 memset(stats, 0xff, sizeof *stats);
1510
1511 if (!exporter) {
1512 return;
1513 }
1514
1515 *stats = exporter->ofproto_stats;
1516 }
1517
1518 static void
1519 ipfix_get_bridge_stats(const struct dpif_ipfix_bridge_exporter *exporter,
1520 ofproto_ipfix_stats *stats)
1521 {
1522 ipfix_get_stats__(&exporter->exporter, stats);
1523 }
1524
1525 static void
1526 ipfix_get_flow_stats(const struct dpif_ipfix_flow_exporter *exporter,
1527 ofproto_ipfix_stats *stats)
1528 {
1529 ipfix_get_stats__(&exporter->exporter, stats);
1530 stats->collector_set_id = exporter->options->collector_set_id;
1531 }
1532
1533 int
1534 dpif_ipfix_get_stats(const struct dpif_ipfix *di,
1535 bool bridge_ipfix,
1536 struct ovs_list *replies)
1537 OVS_EXCLUDED(mutex)
1538 {
1539 struct dpif_ipfix_flow_exporter_map_node *flow_exporter_node;
1540 struct ofputil_ipfix_stats ois;
1541
1542 ovs_mutex_lock(&mutex);
1543 if (bridge_ipfix) {
1544 if (!di->bridge_exporter.options) {
1545 ovs_mutex_unlock(&mutex);
1546 return OFPERR_NXST_NOT_CONFIGURED;
1547 }
1548
1549 ipfix_get_bridge_stats(&di->bridge_exporter, &ois);
1550 ofputil_append_ipfix_stat(replies, &ois);
1551 } else {
1552 if (hmap_count(&di->flow_exporter_map) == 0) {
1553 ovs_mutex_unlock(&mutex);
1554 return OFPERR_NXST_NOT_CONFIGURED;
1555 }
1556
1557 HMAP_FOR_EACH (flow_exporter_node, node,
1558 &di->flow_exporter_map) {
1559 ipfix_get_flow_stats(&flow_exporter_node->exporter, &ois);
1560 ofputil_append_ipfix_stat(replies, &ois);
1561 }
1562 }
1563 ovs_mutex_unlock(&mutex);
1564
1565 return 0;
1566 }
1567
1568 /* Update partial ipfix stats */
1569 static void
1570 ipfix_update_stats(struct dpif_ipfix_exporter *exporter,
1571 bool new_flow,
1572 size_t current_flows,
1573 enum ipfix_sampled_packet_type sampled_pkt_type)
1574 {
1575 if (new_flow) {
1576 exporter->ofproto_stats.total_flows++;
1577 exporter->ofproto_stats.current_flows = current_flows;
1578 }
1579 exporter->ofproto_stats.pkts++;
1580
1581 switch (sampled_pkt_type) {
1582 case IPFIX_SAMPLED_PKT_IPV4_OK:
1583 exporter->ofproto_stats.ipv4_pkts++;
1584 break;
1585 case IPFIX_SAMPLED_PKT_IPV6_OK:
1586 exporter->ofproto_stats.ipv6_pkts++;
1587 break;
1588 case IPFIX_SAMPLED_PKT_IPV4_ERROR:
1589 exporter->ofproto_stats.ipv4_error_pkts++;
1590 exporter->ofproto_stats.error_pkts++;
1591 break;
1592 case IPFIX_SAMPLED_PKT_IPV6_ERROR:
1593 exporter->ofproto_stats.ipv6_error_pkts++;
1594 exporter->ofproto_stats.error_pkts++;
1595 break;
1596 case IPFIX_SAMPLED_PKT_UNKNOWN:
1597 exporter->ofproto_stats.error_pkts++;
1598 break;
1599 case IPFIX_SAMPLED_PKT_OTHERS:
1600 default:
1601 break;
1602 }
1603 }
1604
1605 /* Add an entry into a flow cache. The entry is either aggregated into
1606 * an existing entry with the same flow key and free()d, or it is
1607 * inserted into the cache. And IPFIX stats will be updated */
1608 static void
1609 ipfix_cache_update(struct dpif_ipfix_exporter *exporter,
1610 struct ipfix_flow_cache_entry *entry,
1611 enum ipfix_sampled_packet_type sampled_pkt_type)
1612 {
1613 struct ipfix_flow_cache_entry *old_entry;
1614 size_t current_flows = 0;
1615
1616 old_entry = ipfix_cache_find_entry(exporter, &entry->flow_key);
1617
1618 if (old_entry == NULL) {
1619 hmap_insert(&exporter->cache_flow_key_map, &entry->flow_key_map_node,
1620 ipfix_hash_flow_key(&entry->flow_key, 0));
1621
1622 /* As the latest entry added into the cache, it should
1623 * logically have the highest flow_start_timestamp_usec, so
1624 * append it at the tail. */
1625 ovs_list_push_back(&exporter->cache_flow_start_timestamp_list,
1626 &entry->cache_flow_start_timestamp_list_node);
1627
1628 /* Enforce exporter->cache_max_flows limit. */
1629 current_flows = hmap_count(&exporter->cache_flow_key_map);
1630 ipfix_update_stats(exporter, true, current_flows, sampled_pkt_type);
1631 if (current_flows > exporter->cache_max_flows) {
1632 dpif_ipfix_cache_expire_now(exporter, false);
1633 }
1634 } else {
1635 ipfix_cache_aggregate_entries(entry, old_entry);
1636 free(entry);
1637 ipfix_update_stats(exporter, false, current_flows, sampled_pkt_type);
1638 }
1639 }
1640
1641 static enum ipfix_sampled_packet_type
1642 ipfix_cache_entry_init(struct ipfix_flow_cache_entry *entry,
1643 const struct dp_packet *packet, const struct flow *flow,
1644 uint64_t packet_delta_count, uint32_t obs_domain_id,
1645 uint32_t obs_point_id, odp_port_t output_odp_port,
1646 enum nx_action_sample_direction direction,
1647 const struct dpif_ipfix_port *tunnel_port,
1648 const struct flow_tnl *tunnel_key,
1649 struct dpif_ipfix_global_stats *stats)
1650 {
1651 struct ipfix_flow_key *flow_key;
1652 struct dp_packet msg;
1653 enum ipfix_proto_l2 l2;
1654 enum ipfix_proto_l3 l3;
1655 enum ipfix_proto_l4 l4;
1656 enum ipfix_proto_tunnel tunnel = IPFIX_PROTO_NOT_TUNNELED;
1657 enum ipfix_sampled_packet_type sampled_pkt_type = IPFIX_SAMPLED_PKT_UNKNOWN;
1658 uint8_t ethernet_header_length;
1659 uint16_t ethernet_total_length;
1660
1661 flow_key = &entry->flow_key;
1662 dp_packet_use_stub(&msg, flow_key->flow_key_msg_part,
1663 sizeof flow_key->flow_key_msg_part);
1664
1665 /* Choose the right template ID matching the protocols in the
1666 * sampled packet. */
1667 l2 = (flow->vlans[0].tci == 0) ? IPFIX_PROTO_L2_ETH : IPFIX_PROTO_L2_VLAN;
1668
1669 switch(ntohs(flow->dl_type)) {
1670 case ETH_TYPE_IP:
1671 l3 = IPFIX_PROTO_L3_IPV4;
1672 sampled_pkt_type = IPFIX_SAMPLED_PKT_IPV4_OK;
1673 switch(flow->nw_proto) {
1674 case IPPROTO_TCP:
1675 l4 = IPFIX_PROTO_L4_TCP;
1676 break;
1677 case IPPROTO_UDP:
1678 l4 = IPFIX_PROTO_L4_UDP;
1679 break;
1680 case IPPROTO_SCTP:
1681 l4 = IPFIX_PROTO_L4_SCTP;
1682 break;
1683 case IPPROTO_ICMP:
1684 l4 = IPFIX_PROTO_L4_ICMP;
1685 break;
1686 default:
1687 l4 = IPFIX_PROTO_L4_UNKNOWN;
1688 sampled_pkt_type = IPFIX_SAMPLED_PKT_IPV4_ERROR;
1689 }
1690 break;
1691 case ETH_TYPE_IPV6:
1692 l3 = IPFIX_PROTO_L3_IPV6;
1693 sampled_pkt_type = IPFIX_SAMPLED_PKT_IPV6_OK;
1694 switch(flow->nw_proto) {
1695 case IPPROTO_TCP:
1696 l4 = IPFIX_PROTO_L4_TCP;
1697 break;
1698 case IPPROTO_UDP:
1699 l4 = IPFIX_PROTO_L4_UDP;
1700 break;
1701 case IPPROTO_SCTP:
1702 l4 = IPFIX_PROTO_L4_SCTP;
1703 break;
1704 case IPPROTO_ICMPV6:
1705 l4 = IPFIX_PROTO_L4_ICMP;
1706 break;
1707 default:
1708 l4 = IPFIX_PROTO_L4_UNKNOWN;
1709 sampled_pkt_type = IPFIX_SAMPLED_PKT_IPV6_ERROR;
1710 }
1711 break;
1712 default:
1713 l3 = IPFIX_PROTO_L3_UNKNOWN;
1714 l4 = IPFIX_PROTO_L4_UNKNOWN;
1715 sampled_pkt_type = IPFIX_SAMPLED_PKT_OTHERS;
1716 }
1717
1718 if (tunnel_port && tunnel_key) {
1719 tunnel = IPFIX_PROTO_TUNNELED;
1720 }
1721
1722 flow_key->obs_domain_id = obs_domain_id;
1723 flow_key->template_id = ipfix_get_template_id(l2, l3, l4, tunnel);
1724
1725 /* The fields defined in the ipfix_data_record_* structs and sent
1726 * below must match exactly the templates defined in
1727 * ipfix_define_template_fields. */
1728
1729 ethernet_header_length = (l2 == IPFIX_PROTO_L2_VLAN)
1730 ? VLAN_ETH_HEADER_LEN : ETH_HEADER_LEN;
1731 ethernet_total_length = dp_packet_size(packet);
1732
1733 /* Common Ethernet entities. */
1734 {
1735 struct ipfix_data_record_flow_key_common *data_common;
1736
1737 data_common = dp_packet_put_zeros(&msg, sizeof *data_common);
1738 data_common->observation_point_id = htonl(obs_point_id);
1739 data_common->flow_direction =
1740 (direction == NX_ACTION_SAMPLE_INGRESS ? INGRESS_FLOW
1741 : direction == NX_ACTION_SAMPLE_EGRESS ? EGRESS_FLOW
1742 : output_odp_port == ODPP_NONE ? INGRESS_FLOW : EGRESS_FLOW);
1743 data_common->source_mac_address = flow->dl_src;
1744 data_common->destination_mac_address = flow->dl_dst;
1745 data_common->ethernet_type = flow->dl_type;
1746 data_common->ethernet_header_length = ethernet_header_length;
1747 }
1748
1749 if (l2 == IPFIX_PROTO_L2_VLAN) {
1750 struct ipfix_data_record_flow_key_vlan *data_vlan;
1751 uint16_t vlan_id = vlan_tci_to_vid(flow->vlans[0].tci);
1752 uint8_t priority = vlan_tci_to_pcp(flow->vlans[0].tci);
1753
1754 data_vlan = dp_packet_put_zeros(&msg, sizeof *data_vlan);
1755 data_vlan->vlan_id = htons(vlan_id);
1756 data_vlan->dot1q_vlan_id = htons(vlan_id);
1757 data_vlan->dot1q_priority = priority;
1758 }
1759
1760 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
1761 struct ipfix_data_record_flow_key_ip *data_ip;
1762
1763 data_ip = dp_packet_put_zeros(&msg, sizeof *data_ip);
1764 data_ip->ip_version = (l3 == IPFIX_PROTO_L3_IPV4) ? 4 : 6;
1765 data_ip->ip_ttl = flow->nw_ttl;
1766 data_ip->protocol_identifier = flow->nw_proto;
1767 data_ip->ip_diff_serv_code_point = flow->nw_tos >> 2;
1768 data_ip->ip_precedence = flow->nw_tos >> 5;
1769 data_ip->ip_class_of_service = flow->nw_tos;
1770
1771 if (l3 == IPFIX_PROTO_L3_IPV4) {
1772 struct ipfix_data_record_flow_key_ipv4 *data_ipv4;
1773
1774 data_ipv4 = dp_packet_put_zeros(&msg, sizeof *data_ipv4);
1775 data_ipv4->source_ipv4_address = flow->nw_src;
1776 data_ipv4->destination_ipv4_address = flow->nw_dst;
1777 } else { /* l3 == IPFIX_PROTO_L3_IPV6 */
1778 struct ipfix_data_record_flow_key_ipv6 *data_ipv6;
1779
1780 data_ipv6 = dp_packet_put_zeros(&msg, sizeof *data_ipv6);
1781 memcpy(data_ipv6->source_ipv6_address, &flow->ipv6_src,
1782 sizeof flow->ipv6_src);
1783 memcpy(data_ipv6->destination_ipv6_address, &flow->ipv6_dst,
1784 sizeof flow->ipv6_dst);
1785 data_ipv6->flow_label_ipv6 = flow->ipv6_label;
1786 }
1787 }
1788
1789 if (l4 == IPFIX_PROTO_L4_TCP
1790 || l4 == IPFIX_PROTO_L4_UDP
1791 || l4 == IPFIX_PROTO_L4_SCTP) {
1792 struct ipfix_data_record_flow_key_transport *data_transport;
1793
1794 data_transport = dp_packet_put_zeros(&msg, sizeof *data_transport);
1795 data_transport->source_transport_port = flow->tp_src;
1796 data_transport->destination_transport_port = flow->tp_dst;
1797 } else if (l4 == IPFIX_PROTO_L4_ICMP) {
1798 struct ipfix_data_record_flow_key_icmp *data_icmp;
1799
1800 data_icmp = dp_packet_put_zeros(&msg, sizeof *data_icmp);
1801 data_icmp->icmp_type = ntohs(flow->tp_src) & 0xff;
1802 data_icmp->icmp_code = ntohs(flow->tp_dst) & 0xff;
1803 }
1804
1805 if (tunnel == IPFIX_PROTO_TUNNELED) {
1806 struct ipfix_data_record_flow_key_tunnel *data_tunnel;
1807 const uint8_t *tun_id;
1808
1809 data_tunnel = dp_packet_put_zeros(&msg, sizeof *data_tunnel +
1810 tunnel_port->tunnel_key_length);
1811 data_tunnel->tunnel_source_ipv4_address = tunnel_key->ip_src;
1812 data_tunnel->tunnel_destination_ipv4_address = tunnel_key->ip_dst;
1813 /* The tunnel_protocol_identifier is from tunnel_proto array, which
1814 * contains protocol_identifiers of each tunnel type.
1815 */
1816 data_tunnel->tunnel_protocol_identifier =
1817 tunnel_protocol[tunnel_port->tunnel_type];
1818 data_tunnel->tunnel_source_transport_port = tunnel_key->tp_src;
1819 data_tunnel->tunnel_destination_transport_port = tunnel_key->tp_dst;
1820 data_tunnel->tunnel_type = tunnel_port->tunnel_type;
1821 data_tunnel->tunnel_key_length = tunnel_port->tunnel_key_length;
1822 /* tun_id is in network order, and tunnel key is in low bits. */
1823 tun_id = (const uint8_t *) &tunnel_key->tun_id;
1824 memcpy(data_tunnel->tunnel_key,
1825 &tun_id[8 - tunnel_port->tunnel_key_length],
1826 tunnel_port->tunnel_key_length);
1827 }
1828
1829 flow_key->flow_key_msg_part_size = dp_packet_size(&msg);
1830
1831 {
1832 struct timeval now;
1833 uint64_t layer2_octet_delta_count;
1834
1835 /* Calculate the total matched octet count by considering as
1836 * an approximation that all matched packets have the same
1837 * length. */
1838 layer2_octet_delta_count = packet_delta_count * ethernet_total_length;
1839
1840 xgettimeofday(&now);
1841 entry->flow_end_timestamp_usec = now.tv_usec + 1000000LL * now.tv_sec;
1842 entry->flow_start_timestamp_usec = entry->flow_end_timestamp_usec;
1843 entry->packet_delta_count = packet_delta_count;
1844 entry->layer2_octet_delta_count = layer2_octet_delta_count;
1845
1846 stats->packet_total_count += packet_delta_count;
1847 stats->layer2_octet_total_count += layer2_octet_delta_count;
1848 entry->packet_total_count = stats->packet_total_count;
1849 entry->layer2_octet_total_count = stats->layer2_octet_total_count;
1850
1851 }
1852
1853 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
1854 uint16_t ip_total_length =
1855 ethernet_total_length - ethernet_header_length;
1856 uint64_t octet_delta_count;
1857
1858 /* Calculate the total matched octet count by considering as
1859 * an approximation that all matched packets have the same
1860 * length. */
1861 octet_delta_count = packet_delta_count * ip_total_length;
1862
1863 entry->octet_delta_count = octet_delta_count;
1864 entry->octet_delta_sum_of_squares = octet_delta_count * ip_total_length;
1865 entry->minimum_ip_total_length = ip_total_length;
1866 entry->maximum_ip_total_length = ip_total_length;
1867
1868 stats->octet_total_count += octet_delta_count;
1869 stats->octet_total_sum_of_squares += entry->octet_delta_sum_of_squares;
1870
1871 } else {
1872 entry->octet_delta_sum_of_squares = 0;
1873 entry->minimum_ip_total_length = 0;
1874 entry->maximum_ip_total_length = 0;
1875 }
1876
1877 entry->octet_total_sum_of_squares = stats->octet_total_sum_of_squares;
1878 entry->octet_total_count = stats->octet_total_count;
1879
1880 if (l4 == IPFIX_PROTO_L4_TCP) {
1881 uint16_t tcp_flags = ntohs(flow->tcp_flags);
1882 entry->tcp_packet_delta_count = packet_delta_count;
1883
1884 if (tcp_flags & TCP_ACK) {
1885 stats->tcp_ack_total_count += packet_delta_count;
1886 }
1887 if (tcp_flags & TCP_FIN) {
1888 stats->tcp_fin_total_count += packet_delta_count;
1889 }
1890 if (tcp_flags & TCP_PSH) {
1891 stats->tcp_psh_total_count += packet_delta_count;
1892 }
1893 if (tcp_flags & TCP_RST) {
1894 stats->tcp_rst_total_count += packet_delta_count;
1895 }
1896 if (tcp_flags & TCP_SYN) {
1897 stats->tcp_syn_total_count += packet_delta_count;
1898 }
1899 if (tcp_flags & TCP_URG) {
1900 stats->tcp_urg_total_count += packet_delta_count;
1901 }
1902 } else {
1903 entry->tcp_packet_delta_count = 0;
1904 }
1905
1906 entry->tcp_ack_total_count = stats->tcp_ack_total_count;
1907 entry->tcp_fin_total_count = stats->tcp_fin_total_count;
1908 entry->tcp_psh_total_count = stats->tcp_psh_total_count;
1909 entry->tcp_rst_total_count = stats->tcp_rst_total_count;
1910 entry->tcp_syn_total_count = stats->tcp_syn_total_count;
1911 entry->tcp_urg_total_count = stats->tcp_urg_total_count;
1912
1913 return sampled_pkt_type;
1914 }
1915
1916 /* Send each single data record in its own data set, to simplify the
1917 * implementation by avoiding having to group record by template ID
1918 * before sending. */
1919 static void
1920 ipfix_put_data_set(uint32_t export_time_sec,
1921 struct ipfix_flow_cache_entry *entry,
1922 enum ipfix_flow_end_reason flow_end_reason,
1923 const char *virtual_obs_id,
1924 uint8_t virtual_obs_len,
1925 struct dp_packet *msg)
1926 {
1927 size_t set_hdr_offset;
1928 struct ipfix_set_header *set_hdr;
1929
1930 set_hdr_offset = dp_packet_size(msg);
1931
1932 /* Put a Data Set. */
1933 set_hdr = dp_packet_put_zeros(msg, sizeof *set_hdr);
1934 set_hdr->set_id = htons(entry->flow_key.template_id);
1935
1936 /* Copy the flow key part of the data record. */
1937
1938 dp_packet_put(msg, entry->flow_key.flow_key_msg_part,
1939 entry->flow_key.flow_key_msg_part_size);
1940
1941 /* Export virtual observation ID. */
1942 if (virtual_obs_id) {
1943 dp_packet_put(msg, &virtual_obs_len, sizeof(virtual_obs_len));
1944 dp_packet_put(msg, virtual_obs_id, virtual_obs_len);
1945 }
1946
1947 /* Put the non-key part of the data record. */
1948
1949 {
1950 struct ipfix_data_record_aggregated_common *data_aggregated_common;
1951 uint64_t export_time_usec, flow_start_delta_usec, flow_end_delta_usec;
1952
1953 /* Calculate the negative deltas relative to the export time
1954 * in seconds sent in the header, not the exact export
1955 * time. */
1956 export_time_usec = 1000000LL * export_time_sec;
1957 flow_start_delta_usec = export_time_usec
1958 - entry->flow_start_timestamp_usec;
1959 flow_end_delta_usec = export_time_usec
1960 - entry->flow_end_timestamp_usec;
1961
1962 data_aggregated_common = dp_packet_put_zeros(
1963 msg, sizeof *data_aggregated_common);
1964 data_aggregated_common->flow_start_delta_microseconds = htonl(
1965 flow_start_delta_usec);
1966 data_aggregated_common->flow_end_delta_microseconds = htonl(
1967 flow_end_delta_usec);
1968 data_aggregated_common->packet_delta_count = htonll(
1969 entry->packet_delta_count);
1970 data_aggregated_common->packet_total_count = htonll(
1971 entry->packet_total_count);
1972 data_aggregated_common->layer2_octet_delta_count = htonll(
1973 entry->layer2_octet_delta_count);
1974 data_aggregated_common->layer2_octet_total_count = htonll(
1975 entry->layer2_octet_total_count);
1976 data_aggregated_common->flow_end_reason = flow_end_reason;
1977 }
1978
1979 if (entry->octet_delta_sum_of_squares) { /* IP packet. */
1980 struct ipfix_data_record_aggregated_ip *data_aggregated_ip;
1981
1982 data_aggregated_ip = dp_packet_put_zeros(
1983 msg, sizeof *data_aggregated_ip);
1984 data_aggregated_ip->octet_delta_count = htonll(
1985 entry->octet_delta_count);
1986 data_aggregated_ip->octet_total_count = htonll(
1987 entry->octet_total_count);
1988 data_aggregated_ip->octet_delta_sum_of_squares = htonll(
1989 entry->octet_delta_sum_of_squares);
1990 data_aggregated_ip->octet_total_sum_of_squares = htonll(
1991 entry->octet_total_sum_of_squares);
1992 data_aggregated_ip->minimum_ip_total_length = htonll(
1993 entry->minimum_ip_total_length);
1994 data_aggregated_ip->maximum_ip_total_length = htonll(
1995 entry->maximum_ip_total_length);
1996 }
1997
1998 if (entry->tcp_packet_delta_count) {
1999 struct ipfix_data_record_aggregated_tcp *data_aggregated_tcp;
2000
2001 data_aggregated_tcp = dp_packet_put_zeros(
2002 msg, sizeof *data_aggregated_tcp);
2003 data_aggregated_tcp->tcp_ack_total_count = htonll(
2004 entry->tcp_ack_total_count);
2005 data_aggregated_tcp->tcp_fin_total_count = htonll(
2006 entry->tcp_fin_total_count);
2007 data_aggregated_tcp->tcp_psh_total_count = htonll(
2008 entry->tcp_psh_total_count);
2009 data_aggregated_tcp->tcp_rst_total_count = htonll(
2010 entry->tcp_rst_total_count);
2011 data_aggregated_tcp->tcp_syn_total_count = htonll(
2012 entry->tcp_syn_total_count);
2013 data_aggregated_tcp->tcp_urg_total_count = htonll(
2014 entry->tcp_urg_total_count);
2015 }
2016
2017 set_hdr = (struct ipfix_set_header*)((uint8_t*)dp_packet_data(msg) + set_hdr_offset);
2018 set_hdr->length = htons(dp_packet_size(msg) - set_hdr_offset);
2019 }
2020
2021 /* Send an IPFIX message with a single data record. */
2022 static void
2023 ipfix_send_data_msg(struct dpif_ipfix_exporter *exporter,
2024 uint32_t export_time_sec,
2025 struct ipfix_flow_cache_entry *entry,
2026 enum ipfix_flow_end_reason flow_end_reason)
2027 {
2028 uint64_t msg_stub[DIV_ROUND_UP(MAX_MESSAGE_LEN, 8)];
2029 struct dp_packet msg;
2030 size_t tx_errors;
2031
2032 dp_packet_use_stub(&msg, msg_stub, sizeof msg_stub);
2033
2034 ipfix_init_header(export_time_sec, exporter->seq_number++,
2035 entry->flow_key.obs_domain_id, &msg);
2036 ipfix_put_data_set(export_time_sec, entry, flow_end_reason,
2037 exporter->virtual_obs_id, exporter->virtual_obs_len,
2038 &msg);
2039 tx_errors = ipfix_send_msg(exporter->collectors, &msg);
2040
2041 dp_packet_uninit(&msg);
2042
2043 exporter->ofproto_stats.current_flows--;
2044 exporter->ofproto_stats.tx_pkts +=
2045 collectors_count(exporter->collectors) - tx_errors;
2046 exporter->ofproto_stats.tx_errors += tx_errors;
2047 }
2048
2049 static void
2050 dpif_ipfix_sample(struct dpif_ipfix_exporter *exporter,
2051 const struct dp_packet *packet, const struct flow *flow,
2052 uint64_t packet_delta_count, uint32_t obs_domain_id,
2053 uint32_t obs_point_id, odp_port_t output_odp_port,
2054 enum nx_action_sample_direction direction,
2055 const struct dpif_ipfix_port *tunnel_port,
2056 const struct flow_tnl *tunnel_key)
2057 {
2058 struct ipfix_flow_cache_entry *entry;
2059 enum ipfix_sampled_packet_type sampled_packet_type;
2060
2061 /* Create a flow cache entry from the sample. */
2062 entry = xmalloc(sizeof *entry);
2063 sampled_packet_type =
2064 ipfix_cache_entry_init(entry, packet,
2065 flow, packet_delta_count,
2066 obs_domain_id, obs_point_id,
2067 output_odp_port, direction,
2068 tunnel_port, tunnel_key,
2069 &exporter->ipfix_global_stats);
2070
2071 ipfix_cache_update(exporter, entry, sampled_packet_type);
2072 }
2073
2074 static bool
2075 bridge_exporter_enabled(struct dpif_ipfix *di)
2076 {
2077 return di->bridge_exporter.probability > 0;
2078 }
2079
2080 void
2081 dpif_ipfix_bridge_sample(struct dpif_ipfix *di, const struct dp_packet *packet,
2082 const struct flow *flow,
2083 odp_port_t input_odp_port, odp_port_t output_odp_port,
2084 const struct flow_tnl *output_tunnel_key)
2085 OVS_EXCLUDED(mutex)
2086 {
2087 uint64_t packet_delta_count;
2088 const struct flow_tnl *tunnel_key = NULL;
2089 struct dpif_ipfix_port * tunnel_port = NULL;
2090
2091 ovs_mutex_lock(&mutex);
2092 if (!bridge_exporter_enabled(di)) {
2093 ovs_mutex_unlock(&mutex);
2094 return;
2095 }
2096
2097 /* Skip BFD packets:
2098 * Bidirectional Forwarding Detection(BFD) packets are for monitoring
2099 * the tunnel link status and consumed by ovs itself. No need to
2100 * smaple them.
2101 * CF IETF RFC 5881, BFD control packet is the UDP packet with
2102 * destination port 3784, and BFD echo packet is the UDP packet with
2103 * destination port 3785.
2104 */
2105 if (is_ip_any(flow) &&
2106 flow->nw_proto == IPPROTO_UDP &&
2107 (flow->tp_dst == htons(BFD_CONTROL_DEST_PORT) ||
2108 flow->tp_dst == htons(BFD_ECHO_DEST_PORT))) {
2109 ovs_mutex_unlock(&mutex);
2110 return;
2111 }
2112
2113 /* Use the sampling probability as an approximation of the number
2114 * of matched packets. */
2115 packet_delta_count = UINT32_MAX / di->bridge_exporter.probability;
2116 if (di->bridge_exporter.options->enable_tunnel_sampling) {
2117 if (output_odp_port == ODPP_NONE && flow->tunnel.ip_dst) {
2118 /* Input tunnel. */
2119 tunnel_key = &flow->tunnel;
2120 tunnel_port = dpif_ipfix_find_port(di, input_odp_port);
2121 }
2122 if (output_odp_port != ODPP_NONE && output_tunnel_key) {
2123 /* Output tunnel, output_tunnel_key must be valid. */
2124 tunnel_key = output_tunnel_key;
2125 tunnel_port = dpif_ipfix_find_port(di, output_odp_port);
2126 }
2127 }
2128
2129 dpif_ipfix_sample(&di->bridge_exporter.exporter, packet, flow,
2130 packet_delta_count,
2131 di->bridge_exporter.options->obs_domain_id,
2132 di->bridge_exporter.options->obs_point_id,
2133 output_odp_port, NX_ACTION_SAMPLE_DEFAULT,
2134 tunnel_port, tunnel_key);
2135 ovs_mutex_unlock(&mutex);
2136 }
2137
2138 void
2139 dpif_ipfix_flow_sample(struct dpif_ipfix *di, const struct dp_packet *packet,
2140 const struct flow *flow,
2141 const union user_action_cookie *cookie,
2142 odp_port_t input_odp_port,
2143 const struct flow_tnl *output_tunnel_key)
2144 OVS_EXCLUDED(mutex)
2145 {
2146 struct dpif_ipfix_flow_exporter_map_node *node;
2147 const struct flow_tnl *tunnel_key = NULL;
2148 struct dpif_ipfix_port * tunnel_port = NULL;
2149 odp_port_t output_odp_port = cookie->flow_sample.output_odp_port;
2150 uint32_t collector_set_id = cookie->flow_sample.collector_set_id;
2151 uint16_t probability = cookie->flow_sample.probability;
2152
2153 /* Use the sampling probability as an approximation of the number
2154 * of matched packets. */
2155 uint64_t packet_delta_count = USHRT_MAX / probability;
2156
2157 ovs_mutex_lock(&mutex);
2158 node = dpif_ipfix_find_flow_exporter_map_node(di, collector_set_id);
2159 if (node) {
2160 if (node->exporter.options->enable_tunnel_sampling) {
2161 if (output_odp_port == ODPP_NONE && flow->tunnel.ip_dst) {
2162 /* Input tunnel. */
2163 tunnel_key = &flow->tunnel;
2164 tunnel_port = dpif_ipfix_find_port(di, input_odp_port);
2165 }
2166 if (output_odp_port != ODPP_NONE && output_tunnel_key) {
2167 /* Output tunnel, output_tunnel_key must be valid. */
2168 tunnel_key = output_tunnel_key;
2169 tunnel_port = dpif_ipfix_find_port(di, output_odp_port);
2170 }
2171 }
2172
2173 dpif_ipfix_sample(&node->exporter.exporter, packet, flow,
2174 packet_delta_count,
2175 cookie->flow_sample.obs_domain_id,
2176 cookie->flow_sample.obs_point_id,
2177 output_odp_port, cookie->flow_sample.direction,
2178 tunnel_port, tunnel_key);
2179 }
2180 ovs_mutex_unlock(&mutex);
2181 }
2182
2183 static void
2184 dpif_ipfix_cache_expire(struct dpif_ipfix_exporter *exporter,
2185 bool forced_end, const uint64_t export_time_usec,
2186 const uint32_t export_time_sec)
2187 {
2188 struct ipfix_flow_cache_entry *entry, *next_entry;
2189 uint64_t max_flow_start_timestamp_usec;
2190 bool template_msg_sent = false;
2191 enum ipfix_flow_end_reason flow_end_reason;
2192
2193 if (ovs_list_is_empty(&exporter->cache_flow_start_timestamp_list)) {
2194 return;
2195 }
2196
2197 max_flow_start_timestamp_usec = export_time_usec -
2198 1000000LL * exporter->cache_active_timeout;
2199
2200 LIST_FOR_EACH_SAFE (entry, next_entry, cache_flow_start_timestamp_list_node,
2201 &exporter->cache_flow_start_timestamp_list) {
2202 if (forced_end) {
2203 flow_end_reason = FORCED_END;
2204 } else if (entry->flow_start_timestamp_usec
2205 <= max_flow_start_timestamp_usec) {
2206 flow_end_reason = ACTIVE_TIMEOUT;
2207 } else if (hmap_count(&exporter->cache_flow_key_map)
2208 > exporter->cache_max_flows) {
2209 /* Enforce exporter->cache_max_flows. */
2210 flow_end_reason = LACK_OF_RESOURCES;
2211 } else {
2212 /* Remaining flows haven't expired yet. */
2213 break;
2214 }
2215
2216 ovs_list_remove(&entry->cache_flow_start_timestamp_list_node);
2217 hmap_remove(&exporter->cache_flow_key_map,
2218 &entry->flow_key_map_node);
2219
2220 if (!template_msg_sent
2221 && (exporter->last_template_set_time + IPFIX_TEMPLATE_INTERVAL)
2222 <= export_time_sec) {
2223 ipfix_send_template_msgs(exporter, export_time_sec,
2224 entry->flow_key.obs_domain_id);
2225 exporter->last_template_set_time = export_time_sec;
2226 template_msg_sent = true;
2227 }
2228
2229 /* XXX: Group multiple data records for the same obs domain id
2230 * into the same message. */
2231 ipfix_send_data_msg(exporter, export_time_sec, entry, flow_end_reason);
2232 free(entry);
2233 }
2234 }
2235
2236 static void
2237 get_export_time_now(uint64_t *export_time_usec, uint32_t *export_time_sec)
2238 {
2239 struct timeval export_time;
2240 xgettimeofday(&export_time);
2241
2242 *export_time_usec = export_time.tv_usec + 1000000LL * export_time.tv_sec;
2243
2244 /* The IPFIX start and end deltas are negative deltas relative to
2245 * the export time, so set the export time 1 second off to
2246 * calculate those deltas. */
2247 if (export_time.tv_usec == 0) {
2248 *export_time_sec = export_time.tv_sec;
2249 } else {
2250 *export_time_sec = export_time.tv_sec + 1;
2251 }
2252 }
2253
2254 static void
2255 dpif_ipfix_cache_expire_now(struct dpif_ipfix_exporter *exporter,
2256 bool forced_end)
2257 {
2258 uint64_t export_time_usec;
2259 uint32_t export_time_sec;
2260
2261 get_export_time_now(&export_time_usec, &export_time_sec);
2262 dpif_ipfix_cache_expire(exporter, forced_end, export_time_usec,
2263 export_time_sec);
2264 }
2265
2266 void
2267 dpif_ipfix_run(struct dpif_ipfix *di) OVS_EXCLUDED(mutex)
2268 {
2269 uint64_t export_time_usec;
2270 uint32_t export_time_sec;
2271 struct dpif_ipfix_flow_exporter_map_node *flow_exporter_node;
2272
2273 ovs_mutex_lock(&mutex);
2274 get_export_time_now(&export_time_usec, &export_time_sec);
2275 if (bridge_exporter_enabled(di)) {
2276 dpif_ipfix_cache_expire(
2277 &di->bridge_exporter.exporter, false, export_time_usec,
2278 export_time_sec);
2279 }
2280 HMAP_FOR_EACH (flow_exporter_node, node, &di->flow_exporter_map) {
2281 dpif_ipfix_cache_expire(
2282 &flow_exporter_node->exporter.exporter, false, export_time_usec,
2283 export_time_sec);
2284 }
2285 ovs_mutex_unlock(&mutex);
2286 }
2287
2288 void
2289 dpif_ipfix_wait(struct dpif_ipfix *di) OVS_EXCLUDED(mutex)
2290 {
2291 long long int next_timeout_msec = LLONG_MAX;
2292 struct dpif_ipfix_flow_exporter_map_node *flow_exporter_node;
2293
2294 ovs_mutex_lock(&mutex);
2295 if (bridge_exporter_enabled(di)) {
2296 if (ipfix_cache_next_timeout_msec(
2297 &di->bridge_exporter.exporter, &next_timeout_msec)) {
2298 poll_timer_wait_until(next_timeout_msec);
2299 }
2300 }
2301 HMAP_FOR_EACH (flow_exporter_node, node, &di->flow_exporter_map) {
2302 if (ipfix_cache_next_timeout_msec(
2303 &flow_exporter_node->exporter.exporter, &next_timeout_msec)) {
2304 poll_timer_wait_until(next_timeout_msec);
2305 }
2306 }
2307 ovs_mutex_unlock(&mutex);
2308 }
openvswitch mirror