]> git.proxmox.com Git - mirror_ovs.git/blob - ofproto/ofproto-dpif-ipfix.c
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ofproto-dpif: Fix for recirc issue with mpls traffic with dp_hash
[mirror_ovs.git] / ofproto / ofproto-dpif-ipfix.c
1 /*
2 * Copyright (c) 2012, 2013, 2014, 2015, 2016, 2017 Nicira, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <config.h>
18 #include "ofproto-dpif-ipfix.h"
19 #include <sys/time.h>
20 #include "byte-order.h"
21 #include "collectors.h"
22 #include "flow.h"
23 #include "hash.h"
24 #include "openvswitch/hmap.h"
25 #include "netdev.h"
26 #include "openvswitch/list.h"
27 #include "openvswitch/ofp-ipfix.h"
28 #include "openvswitch/ofpbuf.h"
29 #include "ofproto.h"
30 #include "ofproto-dpif.h"
31 #include "dp-packet.h"
32 #include "packets.h"
33 #include "openvswitch/poll-loop.h"
34 #include "sset.h"
35 #include "util.h"
36 #include "timeval.h"
37 #include "openvswitch/vlog.h"
38
39 VLOG_DEFINE_THIS_MODULE(ipfix);
40
41 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
42 static struct ovs_mutex mutex = OVS_MUTEX_INITIALIZER;
43
44 /* This variable represents a number of exporters that have been created
45 * throughout OvS lifecycle. It's used to identify Exporting Process. Since
46 * it's NOT decreased when exporter is destroyed, it will eventually overflow.
47 * Considering the maximum value it can hold and the fact that Exporting
48 * Process may be re-started with a different ID, this shouldn't be a problem.
49 */
50 static uint32_t exporter_total_count;
51
52 /* Cf. IETF RFC 5101 Section 10.3.4. */
53 #define IPFIX_DEFAULT_COLLECTOR_PORT 4739
54
55 /* Cf. IETF RFC 5881 Setion 8. */
56 #define BFD_CONTROL_DEST_PORT 3784
57 #define BFD_ECHO_DEST_PORT 3785
58
59 enum ipfix_sampled_packet_type {
60 IPFIX_SAMPLED_PKT_UNKNOWN = 0x00,
61 IPFIX_SAMPLED_PKT_IPV4_OK = 0x01,
62 IPFIX_SAMPLED_PKT_IPV6_OK = 0x02,
63 IPFIX_SAMPLED_PKT_IPV4_ERROR = 0x03,
64 IPFIX_SAMPLED_PKT_IPV6_ERROR = 0x04,
65 IPFIX_SAMPLED_PKT_OTHERS = 0x05
66 };
67
68 /* The standard layer2SegmentId (ID 351) element is included in vDS to send
69 * the VxLAN tunnel's VNI. It is 64-bit long, the most significant byte is
70 * used to indicate the type of tunnel (0x01 = VxLAN, 0x02 = GRE) and the three
71 * least significant bytes hold the value of the layer 2 overlay network
72 * segment identifier: a 24-bit VxLAN tunnel's VNI or a 24-bit GRE tunnel's
73 * TNI. This is not compatible with STT, as implemented in OVS, as
74 * its tunnel IDs is 64-bit.
75 *
76 * Two new enterprise information elements are defined which are similar to
77 * laryerSegmentId but support 64-bit IDs:
78 * tunnelType (ID 891) and tunnelKey (ID 892).
79 *
80 * The enum dpif_ipfix_tunnel_type is to declare the types supported in the
81 * tunnelType element.
82 * The number of ipfix tunnel types includes two reserverd types: 0x04 and 0x06.
83 */
84 enum dpif_ipfix_tunnel_type {
85 DPIF_IPFIX_TUNNEL_UNKNOWN = 0x00,
86 DPIF_IPFIX_TUNNEL_VXLAN = 0x01,
87 DPIF_IPFIX_TUNNEL_GRE = 0x02,
88 DPIF_IPFIX_TUNNEL_LISP = 0x03,
89 DPIF_IPFIX_TUNNEL_STT = 0x04,
90 DPIF_IPFIX_TUNNEL_GENEVE = 0x07,
91 NUM_DPIF_IPFIX_TUNNEL
92 };
93
94 typedef struct ofputil_ipfix_stats ofproto_ipfix_stats;
95
96 struct dpif_ipfix_global_stats {
97 uint64_t dropped_packet_total_count;
98 uint64_t dropped_octet_total_count;
99 uint64_t packet_total_count;
100 uint64_t octet_total_count;
101 uint64_t octet_total_sum_of_squares;
102 uint64_t layer2_octet_total_count;
103 uint64_t tcp_ack_total_count;
104 uint64_t tcp_fin_total_count;
105 uint64_t tcp_psh_total_count;
106 uint64_t tcp_rst_total_count;
107 uint64_t tcp_syn_total_count;
108 uint64_t tcp_urg_total_count;
109 uint64_t post_mcast_packet_total_count;
110 uint64_t post_mcast_octet_total_count;
111 uint64_t in_ucast_packet_total_count;
112 uint64_t in_mcast_packet_total_count;
113 uint64_t in_bcast_packet_total_count;
114 uint64_t out_ucast_packet_total_count;
115 uint64_t out_bcast_packet_total_count;
116 };
117
118 struct dpif_ipfix_port {
119 struct hmap_node hmap_node; /* In struct dpif_ipfix's "ports" hmap. */
120 struct ofport *ofport; /* To retrieve port stats. */
121 odp_port_t odp_port;
122 enum dpif_ipfix_tunnel_type tunnel_type;
123 uint8_t tunnel_key_length;
124 uint32_t ifindex;
125 };
126
127 struct dpif_ipfix_exporter {
128 uint32_t exporter_id; /* Exporting Process identifier */
129 struct collectors *collectors;
130 uint32_t seq_number;
131 time_t last_template_set_time;
132 struct hmap cache_flow_key_map; /* ipfix_flow_cache_entry. */
133 struct ovs_list cache_flow_start_timestamp_list; /* ipfix_flow_cache_entry. */
134 uint32_t cache_active_timeout; /* In seconds. */
135 uint32_t cache_max_flows;
136 char *virtual_obs_id;
137 uint8_t virtual_obs_len;
138
139 ofproto_ipfix_stats ofproto_stats;
140 struct dpif_ipfix_global_stats ipfix_global_stats;
141 };
142
143 struct dpif_ipfix_bridge_exporter {
144 struct dpif_ipfix_exporter exporter;
145 struct ofproto_ipfix_bridge_exporter_options *options;
146 uint32_t probability;
147 };
148
149 struct dpif_ipfix_flow_exporter {
150 struct dpif_ipfix_exporter exporter;
151 struct ofproto_ipfix_flow_exporter_options *options;
152 };
153
154 struct dpif_ipfix_flow_exporter_map_node {
155 struct hmap_node node;
156 struct dpif_ipfix_flow_exporter exporter;
157 };
158
159 struct dpif_ipfix {
160 struct dpif_ipfix_bridge_exporter bridge_exporter;
161 struct hmap flow_exporter_map; /* dpif_ipfix_flow_exporter_map_node. */
162 struct hmap ports; /* Contains "struct dpif_ipfix_port"s.
163 * It makes port lookups faster in sampling
164 * upcalls. */
165 struct ovs_refcount ref_cnt;
166 };
167
168 #define IPFIX_VERSION 0x000a
169
170 /* When using UDP, IPFIX Template Records must be re-sent regularly.
171 * The standard default interval is 10 minutes (600 seconds).
172 * Cf. IETF RFC 5101 Section 10.3.6. */
173 #define IPFIX_TEMPLATE_INTERVAL 600
174
175 /* Cf. IETF RFC 5101 Section 3.1. */
176 OVS_PACKED(
177 struct ipfix_header {
178 ovs_be16 version; /* IPFIX_VERSION. */
179 ovs_be16 length; /* Length in bytes including this header. */
180 ovs_be32 export_time; /* Seconds since the epoch. */
181 ovs_be32 seq_number; /* Message sequence number. */
182 ovs_be32 obs_domain_id; /* Observation Domain ID. */
183 });
184 BUILD_ASSERT_DECL(sizeof(struct ipfix_header) == 16);
185
186 #define IPFIX_SET_ID_TEMPLATE 2
187 #define IPFIX_SET_ID_OPTION_TEMPLATE 3
188
189 enum ipfix_options_template {
190 IPFIX_OPTIONS_TEMPLATE_EXPORTER_STATS = 0,
191 NUM_IPFIX_OPTIONS_TEMPLATE
192 };
193
194 /* Cf. IETF RFC 5101 Section 3.3.2. */
195 OVS_PACKED(
196 struct ipfix_set_header {
197 ovs_be16 set_id; /* IPFIX_SET_ID_* or valid template ID for Data Sets. */
198 ovs_be16 length; /* Length of the set in bytes including header. */
199 });
200 BUILD_ASSERT_DECL(sizeof(struct ipfix_set_header) == 4);
201
202 /* Alternatives for templates at each layer. A template is defined by
203 * a combination of one value for each layer. */
204 enum ipfix_proto_l2 {
205 IPFIX_PROTO_L2_ETH = 0, /* No VLAN. */
206 IPFIX_PROTO_L2_VLAN,
207 NUM_IPFIX_PROTO_L2
208 };
209 enum ipfix_proto_l3 {
210 IPFIX_PROTO_L3_UNKNOWN = 0,
211 IPFIX_PROTO_L3_IPV4,
212 IPFIX_PROTO_L3_IPV6,
213 NUM_IPFIX_PROTO_L3
214 };
215 enum ipfix_proto_l4 {
216 IPFIX_PROTO_L4_UNKNOWN = 0,
217 IPFIX_PROTO_L4_TCP,
218 IPFIX_PROTO_L4_UDP,
219 IPFIX_PROTO_L4_SCTP,
220 IPFIX_PROTO_L4_ICMP,
221 NUM_IPFIX_PROTO_L4
222 };
223 enum ipfix_proto_tunnel {
224 IPFIX_PROTO_NOT_TUNNELED = 0,
225 IPFIX_PROTO_TUNNELED, /* Support gre, lisp and vxlan. */
226 NUM_IPFIX_PROTO_TUNNEL
227 };
228
229 /* Any Template ID > 255 is usable for Template Records. */
230 #define IPFIX_TEMPLATE_ID_MIN 256
231
232 /* Cf. IETF RFC 5101 Section 3.4.1. */
233 OVS_PACKED(
234 struct ipfix_template_record_header {
235 ovs_be16 template_id;
236 ovs_be16 field_count;
237 });
238 BUILD_ASSERT_DECL(sizeof(struct ipfix_template_record_header) == 4);
239
240 /* Cf. IETF RFC 5101 Section 3.4.2.2. */
241 OVS_PACKED(
242 struct ipfix_options_template_record_header {
243 ovs_be16 template_id; /* Template ID of Data Set is within 256-65535
244 range. */
245 ovs_be16 field_count; /* Number of all fields in this Options
246 * Template Record, including the Scope
247 * Fields. */
248 ovs_be16 scope_field_count; /* Number of scope fields. The number MUST BE
249 * greater than 0. */
250 });
251 BUILD_ASSERT_DECL(sizeof(struct ipfix_options_template_record_header) == 6);
252
253
254 enum ipfix_entity_id {
255 /* standard IPFIX elements */
256 #define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) IPFIX_ENTITY_ID_##ENUM = ID,
257 #include "ofproto/ipfix-entities.def"
258 /* non-standard IPFIX elements */
259 #define IPFIX_SET_ENTERPRISE(v) (((v) | 0x8000))
260 #define IPFIX_ENTERPRISE_ENTITY(ENUM, ID, SIZE, NAME, ENTERPRISE) \
261 IPFIX_ENTITY_ID_##ENUM = IPFIX_SET_ENTERPRISE(ID),
262 #include "ofproto/ipfix-enterprise-entities.def"
263 };
264
265 enum ipfix_entity_size {
266 /* standard IPFIX elements */
267 #define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) IPFIX_ENTITY_SIZE_##ENUM = SIZE,
268 #include "ofproto/ipfix-entities.def"
269 /* non-standard IPFIX elements */
270 #define IPFIX_ENTERPRISE_ENTITY(ENUM, ID, SIZE, NAME, ENTERPRISE) \
271 IPFIX_ENTITY_SIZE_##ENUM = SIZE,
272 #include "ofproto/ipfix-enterprise-entities.def"
273 };
274
275 enum ipfix_entity_enterprise {
276 /* standard IPFIX elements */
277 #define IPFIX_ENTITY(ENUM, ID, SIZE, NAME) IPFIX_ENTITY_ENTERPRISE_##ENUM = 0,
278 #include "ofproto/ipfix-entities.def"
279 /* non-standard IPFIX elements */
280 #define IPFIX_ENTERPRISE_ENTITY(ENUM, ID, SIZE, NAME, ENTERPRISE) \
281 IPFIX_ENTITY_ENTERPRISE_##ENUM = ENTERPRISE,
282 #include "ofproto/ipfix-enterprise-entities.def"
283 };
284
285 OVS_PACKED(
286 struct ipfix_template_field_specifier {
287 ovs_be16 element_id; /* IPFIX_ENTITY_ID_*. */
288 ovs_be16 field_length; /* Length of the field's value, in bytes.
289 * For Variable-Length element, it should be 65535.
290 */
291 ovs_be32 enterprise; /* Enterprise number */
292 });
293 BUILD_ASSERT_DECL(sizeof(struct ipfix_template_field_specifier) == 8);
294
295 /* Cf. IETF RFC 5102 Section 5.11.6. */
296 enum ipfix_flow_direction {
297 INGRESS_FLOW = 0x00,
298 EGRESS_FLOW = 0x01,
299 NUM_IPFIX_FLOW_DIRECTION
300 };
301
302 /* Part of data record flow key for common metadata and Ethernet entities. */
303 OVS_PACKED(
304 struct ipfix_data_record_flow_key_common {
305 ovs_be32 observation_point_id; /* OBSERVATION_POINT_ID */
306 uint8_t flow_direction; /* FLOW_DIRECTION */
307 struct eth_addr source_mac_address; /* SOURCE_MAC_ADDRESS */
308 struct eth_addr destination_mac_address; /* DESTINATION_MAC_ADDRESS */
309 ovs_be16 ethernet_type; /* ETHERNET_TYPE */
310 uint8_t ethernet_header_length; /* ETHERNET_HEADER_LENGTH */
311 });
312 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_common) == 20);
313
314 /* Part of data record flow key for interface information. Since some of the
315 * elements have variable length, members of this structure should be appended
316 * to the 'struct dp_packet' one by one. */
317 OVS_PACKED(
318 struct ipfix_data_record_flow_key_iface {
319 ovs_be32 if_index; /* (INGRESS | EGRESS)_INTERFACE */
320 ovs_be32 if_type; /* (INGRESS | EGRESS)_INTERFACE_TYPE */
321 uint8_t if_name_len; /* Variable length element: INTERFACE_NAME */
322 char *if_name;
323 uint8_t if_descr_len; /* Variable length element: INTERFACE_DESCRIPTION */
324 char *if_descr;
325 });
326 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_iface) ==
327 10 + 2 * sizeof(char *));
328
329 /* Part of data record flow key for VLAN entities. */
330 OVS_PACKED(
331 struct ipfix_data_record_flow_key_vlan {
332 ovs_be16 vlan_id; /* VLAN_ID */
333 ovs_be16 dot1q_vlan_id; /* DOT1Q_VLAN_ID */
334 uint8_t dot1q_priority; /* DOT1Q_PRIORITY */
335 });
336 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_vlan) == 5);
337
338 /* Part of data record flow key for IP entities. */
339 /* XXX: Replace IP_TTL with MINIMUM_TTL and MAXIMUM_TTL? */
340 OVS_PACKED(
341 struct ipfix_data_record_flow_key_ip {
342 uint8_t ip_version; /* IP_VERSION */
343 uint8_t ip_ttl; /* IP_TTL */
344 uint8_t protocol_identifier; /* PROTOCOL_IDENTIFIER */
345 uint8_t ip_diff_serv_code_point; /* IP_DIFF_SERV_CODE_POINT */
346 uint8_t ip_precedence; /* IP_PRECEDENCE */
347 uint8_t ip_class_of_service; /* IP_CLASS_OF_SERVICE */
348 });
349 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_ip) == 6);
350
351 /* Part of data record flow key for IPv4 entities. */
352 OVS_PACKED(
353 struct ipfix_data_record_flow_key_ipv4 {
354 ovs_be32 source_ipv4_address; /* SOURCE_IPV4_ADDRESS */
355 ovs_be32 destination_ipv4_address; /* DESTINATION_IPV4_ADDRESS */
356 });
357 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_ipv4) == 8);
358
359 /* Part of data record flow key for IPv6 entities. */
360 OVS_PACKED(
361 struct ipfix_data_record_flow_key_ipv6 {
362 uint8_t source_ipv6_address[16]; /* SOURCE_IPV6_ADDRESS */
363 uint8_t destination_ipv6_address[16]; /* DESTINATION_IPV6_ADDRESS */
364 ovs_be32 flow_label_ipv6; /* FLOW_LABEL_IPV6 */
365 });
366 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_ipv6) == 36);
367
368 /* Part of data record flow key for TCP/UDP/SCTP entities. */
369 OVS_PACKED(
370 struct ipfix_data_record_flow_key_transport {
371 ovs_be16 source_transport_port; /* SOURCE_TRANSPORT_PORT */
372 ovs_be16 destination_transport_port; /* DESTINATION_TRANSPORT_PORT */
373 });
374 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_transport) == 4);
375
376 /* Part of data record flow key for ICMP entities. */
377 OVS_PACKED(
378 struct ipfix_data_record_flow_key_icmp {
379 uint8_t icmp_type; /* ICMP_TYPE_IPV4 / ICMP_TYPE_IPV6 */
380 uint8_t icmp_code; /* ICMP_CODE_IPV4 / ICMP_CODE_IPV6 */
381 });
382 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_icmp) == 2);
383
384 static uint8_t tunnel_protocol[NUM_DPIF_IPFIX_TUNNEL] = {
385 0, /* reserved */
386 IPPROTO_UDP, /* DPIF_IPFIX_TUNNEL_VXLAN */
387 IPPROTO_GRE, /* DPIF_IPFIX_TUNNEL_GRE */
388 IPPROTO_UDP, /* DPIF_IPFIX_TUNNEL_LISP*/
389 IPPROTO_TCP, /* DPIF_IPFIX_TUNNEL_STT*/
390 0 , /* reserved */
391 IPPROTO_UDP, /* DPIF_IPFIX_TUNNEL_GENEVE*/
392 };
393
394 OVS_PACKED(
395 struct ipfix_data_record_flow_key_tunnel {
396 ovs_be32 tunnel_source_ipv4_address; /* TUNNEL_SOURCE_IPV4_ADDRESS */
397 ovs_be32 tunnel_destination_ipv4_address; /* TUNNEL_DESTINATION_IPV4_ADDRESS */
398 uint8_t tunnel_protocol_identifier; /* TUNNEL_PROTOCOL_IDENTIFIER */
399 ovs_be16 tunnel_source_transport_port; /* TUNNEL_SOURCE_TRANSPORT_PORT */
400 ovs_be16 tunnel_destination_transport_port; /* TUNNEL_DESTINATION_TRANSPORT_PORT */
401 uint8_t tunnel_type; /* TUNNEL_TYPE */
402 uint8_t tunnel_key_length; /* length of TUNNEL_KEY */
403 uint8_t tunnel_key[]; /* data of TUNNEL_KEY */
404 });
405 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_flow_key_tunnel) == 15);
406
407 /* Cf. IETF RFC 5102 Section 5.11.3. */
408 enum ipfix_flow_end_reason {
409 IDLE_TIMEOUT = 0x01,
410 ACTIVE_TIMEOUT = 0x02,
411 END_OF_FLOW_DETECTED = 0x03,
412 FORCED_END = 0x04,
413 LACK_OF_RESOURCES = 0x05
414 };
415
416 /* Exporting Process Reliability Statistics data record. */
417 OVS_PACKED(
418 struct ipfix_data_record_exporter_stats {
419 /* Scope Fields */
420 ovs_be32 exporting_process_id; /* EXPORTING_PROCESS_ID */
421
422 /* Fields */
423 ovs_be64 not_sent_packet_total_count; /* NOT_SENT_PACKET_TOTAL_COUNT */
424 });
425 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_exporter_stats) == 12);
426
427 /* Part of data record for common aggregated elements. */
428 OVS_PACKED(
429 struct ipfix_data_record_aggregated_common {
430 ovs_be32 flow_start_delta_microseconds; /* FLOW_START_DELTA_MICROSECONDS */
431 ovs_be32 flow_end_delta_microseconds; /* FLOW_END_DELTA_MICROSECONDS */
432 ovs_be64 dropped_packet_delta_count; /* DROPPED_PACKET_DELTA_COUNT */
433 ovs_be64 dropped_packet_total_count; /* DROPPED_PACKET_TOTAL_COUNT */
434 ovs_be64 packet_delta_count; /* PACKET_DELTA_COUNT */
435 ovs_be64 packet_total_count; /* PACKET_TOTAL_COUNT */
436 /* INGRESS_UNICAST_PACKET_TOTAL_COUNT */
437 ovs_be64 in_ucast_packet_total_count;
438 /* INGRESS_MULTICAST_PACKET_TOTAL_COUNT */
439 ovs_be64 in_mcast_packet_total_count;
440 /* INGRESS_BROADCAST_PACKET_TOTAL_COUNT */
441 ovs_be64 in_bcast_packet_total_count;
442 /* EGRESS_UNICAST_PACKET_TOTAL_COUNT */
443 ovs_be64 out_ucast_packet_total_count;
444 /* EGRESS_BROADCAST_PACKET_TOTAL_COUNT */
445 ovs_be64 out_bcast_packet_total_count;
446 ovs_be64 post_mcast_packet_delta_count; /* POST_MCAST_PACKET_DELTA_COUNT */
447 ovs_be64 post_mcast_packet_total_count; /* POST_MCAST_PACKET_TOTAL_COUNT */
448 ovs_be64 layer2_octet_delta_count; /* LAYER2_OCTET_DELTA_COUNT */
449 ovs_be64 layer2_octet_total_count; /* LAYER2_OCTET_TOTAL_COUNT */
450 uint8_t flow_end_reason; /* FLOW_END_REASON */
451 });
452 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_aggregated_common) == 113);
453
454 /* Part of data record for IP aggregated elements. */
455 OVS_PACKED(
456 struct ipfix_data_record_aggregated_ip {
457 ovs_be64 dropped_octet_delta_count; /* DROPPED_OCTET_DELTA_COUNT */
458 ovs_be64 dropped_octet_total_count; /* DROPPED_OCTET_TOTAL_COUNT */
459 ovs_be64 octet_delta_count; /* OCTET_DELTA_COUNT */
460 ovs_be64 octet_total_count; /* OCTET_TOTAL_COUNT */
461 ovs_be64 octet_delta_sum_of_squares; /* OCTET_DELTA_SUM_OF_SQUARES */
462 ovs_be64 octet_total_sum_of_squares; /* OCTET_TOTAL_SUM_OF_SQUARES */
463 ovs_be64 minimum_ip_total_length; /* MINIMUM_IP_TOTAL_LENGTH */
464 ovs_be64 maximum_ip_total_length; /* MAXIMUM_IP_TOTAL_LENGTH */
465 ovs_be64 post_mcast_octet_delta_count; /* POST_MCAST_OCTET_DELTA_COUNT */
466 ovs_be64 post_mcast_octet_total_count; /* POST_MCAST_OCTET_TOTAL_COUNT */
467 });
468 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_aggregated_ip) == 80);
469
470 /* Part of data record for TCP aggregated elements. */
471 OVS_PACKED(
472 struct ipfix_data_record_aggregated_tcp {
473 ovs_be64 tcp_ack_total_count; /* TCP_ACK_TOTAL_COUNT */
474 ovs_be64 tcp_fin_total_count; /* TCP_FIN_TOTAL_COUNT */
475 ovs_be64 tcp_psh_total_count; /* TCP_PSH_TOTAL_COUNT */
476 ovs_be64 tcp_rst_total_count; /* TCP_RST_TOTAL_COUNT */
477 ovs_be64 tcp_syn_total_count; /* TCP_SYN_TOTAL_COUNT */
478 ovs_be64 tcp_urg_total_count; /* TCP_URG_TOTAL_COUNT */
479 });
480 BUILD_ASSERT_DECL(sizeof(struct ipfix_data_record_aggregated_tcp) == 48);
481
482 /*
483 * Refer to RFC 7011, the length of Variable length element is 0~65535:
484 * In most case, it should be less than 255 octets:
485 * 0 1 2 3
486 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
487 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
488 * | Length (< 255)| Information Element |
489 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
490 * | ... continuing as needed |
491 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
492 *
493 * When it is greater than or equeal to 255 octets:
494 * 0 1 2 3
495 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
496 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
497 * | 255 | Length (0 to 65535) | IE |
498 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
499 * | ... continuing as needed |
500 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
501 *
502 *
503 * Now, only the virtual_obs_id whose length < 255 is implemented.
504 */
505
506 #define IPFIX_VIRTUAL_OBS_MAX_LEN 254
507
508 /*
509 * support tunnel key for:
510 * VxLAN: 24-bit VIN,
511 * GRE: 32-bit key,
512 * LISP: 24-bit instance ID
513 * STT: 64-bit key
514 */
515 #define MAX_TUNNEL_KEY_LEN 8
516
517 #define MAX_IF_NAME_LEN 64
518 #define MAX_IF_DESCR_LEN 128
519
520 /*
521 * Calculate interface information length in flow key.
522 * This is used to calculate max flow key length.
523 */
524 #define FLOW_KEY_IFACE_LEN \
525 (sizeof(struct ipfix_data_record_flow_key_iface) \
526 - 2 * sizeof(char *) \
527 + MAX_IF_NAME_LEN + MAX_IF_DESCR_LEN)
528
529 #define MAX_FLOW_KEY_LEN \
530 (sizeof(struct ipfix_data_record_flow_key_common) \
531 + FLOW_KEY_IFACE_LEN \
532 + sizeof(struct ipfix_data_record_flow_key_vlan) \
533 + sizeof(struct ipfix_data_record_flow_key_ip) \
534 + MAX(sizeof(struct ipfix_data_record_flow_key_ipv4), \
535 sizeof(struct ipfix_data_record_flow_key_ipv6)) \
536 + MAX(sizeof(struct ipfix_data_record_flow_key_icmp), \
537 sizeof(struct ipfix_data_record_flow_key_transport)) \
538 + sizeof(struct ipfix_data_record_flow_key_tunnel) \
539 + MAX_TUNNEL_KEY_LEN)
540
541 #define MAX_DATA_RECORD_LEN \
542 (MAX_FLOW_KEY_LEN \
543 + sizeof(struct ipfix_data_record_aggregated_common) \
544 + sizeof(struct ipfix_data_record_aggregated_ip) \
545 + sizeof(struct ipfix_data_record_aggregated_tcp))
546
547 #define MAX_OPTIONS_DATA_RECORD_LEN \
548 (sizeof(struct ipfix_data_record_exporter_stats))
549
550
551 /* Max length of a data set. To simplify the implementation, each
552 * data record is sent in a separate data set, so each data set
553 * contains at most one data record. */
554 #define MAX_DATA_SET_LEN \
555 (sizeof(struct ipfix_set_header) \
556 + MAX(MAX_DATA_RECORD_LEN, \
557 MAX_OPTIONS_DATA_RECORD_LEN))
558
559 /* Max length of an IPFIX message. Arbitrarily set to accommodate low
560 * MTU. */
561 #define MAX_MESSAGE_LEN 1024
562
563 /* Cache structures. */
564
565 /* Flow key. */
566 struct ipfix_flow_key {
567 uint32_t obs_domain_id;
568 uint16_t template_id;
569 size_t flow_key_msg_part_size;
570 uint64_t flow_key_msg_part[DIV_ROUND_UP(MAX_FLOW_KEY_LEN, 8)];
571 };
572
573 /* Flow cache entry. */
574 struct ipfix_flow_cache_entry {
575 struct hmap_node flow_key_map_node;
576 struct ovs_list cache_flow_start_timestamp_list_node;
577 struct ipfix_flow_key flow_key;
578 /* Common aggregated elements. */
579 uint64_t flow_start_timestamp_usec;
580 uint64_t flow_end_timestamp_usec;
581 uint64_t dropped_packet_delta_count;
582 uint64_t dropped_packet_total_count;
583 uint64_t packet_delta_count;
584 uint64_t packet_total_count;
585 uint64_t in_ucast_packet_total_count;
586 uint64_t in_mcast_packet_total_count;
587 uint64_t in_bcast_packet_total_count;
588 uint64_t out_ucast_packet_total_count;
589 uint64_t out_bcast_packet_total_count;
590 uint64_t post_mcast_packet_total_count;
591 uint64_t post_mcast_packet_delta_count;
592 uint64_t post_mcast_octet_total_count;
593 uint64_t post_mcast_octet_delta_count;
594 uint64_t layer2_octet_delta_count;
595 uint64_t layer2_octet_total_count;
596 uint64_t dropped_octet_delta_count;
597 uint64_t dropped_octet_total_count;
598 uint64_t octet_delta_count;
599 uint64_t octet_total_count;
600 uint64_t octet_delta_sum_of_squares; /* 0 if not IP. */
601 uint64_t octet_total_sum_of_squares; /* 0 if not IP. */
602 uint16_t minimum_ip_total_length; /* 0 if not IP. */
603 uint16_t maximum_ip_total_length; /* 0 if not IP. */
604 uint64_t tcp_packet_delta_count;
605 uint64_t tcp_ack_total_count;
606 uint64_t tcp_fin_total_count;
607 uint64_t tcp_psh_total_count;
608 uint64_t tcp_rst_total_count;
609 uint64_t tcp_syn_total_count;
610 uint64_t tcp_urg_total_count;
611 };
612
613 static void dpif_ipfix_cache_expire(struct dpif_ipfix_exporter *, bool,
614 const uint64_t, const uint32_t);
615
616 static void get_export_time_now(uint64_t *, uint32_t *);
617
618 static void dpif_ipfix_cache_expire_now(struct dpif_ipfix_exporter *, bool);
619
620 static bool
621 ofproto_ipfix_bridge_exporter_options_equal(
622 const struct ofproto_ipfix_bridge_exporter_options *a,
623 const struct ofproto_ipfix_bridge_exporter_options *b)
624 {
625 return (a->obs_domain_id == b->obs_domain_id
626 && a->obs_point_id == b->obs_point_id
627 && a->sampling_rate == b->sampling_rate
628 && a->cache_active_timeout == b->cache_active_timeout
629 && a->cache_max_flows == b->cache_max_flows
630 && a->enable_tunnel_sampling == b->enable_tunnel_sampling
631 && a->enable_input_sampling == b->enable_input_sampling
632 && a->enable_output_sampling == b->enable_output_sampling
633 && sset_equals(&a->targets, &b->targets)
634 && nullable_string_is_equal(a->virtual_obs_id, b->virtual_obs_id));
635 }
636
637 static struct ofproto_ipfix_bridge_exporter_options *
638 ofproto_ipfix_bridge_exporter_options_clone(
639 const struct ofproto_ipfix_bridge_exporter_options *old)
640 {
641 struct ofproto_ipfix_bridge_exporter_options *new =
642 xmemdup(old, sizeof *old);
643 sset_clone(&new->targets, &old->targets);
644 new->virtual_obs_id = nullable_xstrdup(old->virtual_obs_id);
645 return new;
646 }
647
648 static void
649 ofproto_ipfix_bridge_exporter_options_destroy(
650 struct ofproto_ipfix_bridge_exporter_options *options)
651 {
652 if (options) {
653 sset_destroy(&options->targets);
654 free(options->virtual_obs_id);
655 free(options);
656 }
657 }
658
659 static bool
660 ofproto_ipfix_flow_exporter_options_equal(
661 const struct ofproto_ipfix_flow_exporter_options *a,
662 const struct ofproto_ipfix_flow_exporter_options *b)
663 {
664 return (a->collector_set_id == b->collector_set_id
665 && a->cache_active_timeout == b->cache_active_timeout
666 && a->cache_max_flows == b->cache_max_flows
667 && a->enable_tunnel_sampling == b->enable_tunnel_sampling
668 && sset_equals(&a->targets, &b->targets)
669 && nullable_string_is_equal(a->virtual_obs_id, b->virtual_obs_id));
670 }
671
672 static struct ofproto_ipfix_flow_exporter_options *
673 ofproto_ipfix_flow_exporter_options_clone(
674 const struct ofproto_ipfix_flow_exporter_options *old)
675 {
676 struct ofproto_ipfix_flow_exporter_options *new =
677 xmemdup(old, sizeof *old);
678 sset_clone(&new->targets, &old->targets);
679 new->virtual_obs_id = nullable_xstrdup(old->virtual_obs_id);
680 return new;
681 }
682
683 static void
684 ofproto_ipfix_flow_exporter_options_destroy(
685 struct ofproto_ipfix_flow_exporter_options *options)
686 {
687 if (options) {
688 sset_destroy(&options->targets);
689 free(options->virtual_obs_id);
690 free(options);
691 }
692 }
693
694 static void
695 dpif_ipfix_exporter_init(struct dpif_ipfix_exporter *exporter)
696 {
697 exporter->exporter_id = ++exporter_total_count;
698 exporter->collectors = NULL;
699 exporter->seq_number = 1;
700 exporter->last_template_set_time = 0;
701 hmap_init(&exporter->cache_flow_key_map);
702 ovs_list_init(&exporter->cache_flow_start_timestamp_list);
703 exporter->cache_active_timeout = 0;
704 exporter->cache_max_flows = 0;
705 exporter->virtual_obs_id = NULL;
706 exporter->virtual_obs_len = 0;
707
708 memset(&exporter->ipfix_global_stats, 0,
709 sizeof(struct dpif_ipfix_global_stats));
710 }
711
712 static void
713 dpif_ipfix_exporter_clear(struct dpif_ipfix_exporter *exporter)
714 {
715 /* Flush the cache with flow end reason "forced end." */
716 dpif_ipfix_cache_expire_now(exporter, true);
717
718 collectors_destroy(exporter->collectors);
719 exporter->exporter_id = 0;
720 exporter->collectors = NULL;
721 exporter->seq_number = 1;
722 exporter->last_template_set_time = 0;
723 exporter->cache_active_timeout = 0;
724 exporter->cache_max_flows = 0;
725 free(exporter->virtual_obs_id);
726 exporter->virtual_obs_id = NULL;
727 exporter->virtual_obs_len = 0;
728
729 memset(&exporter->ipfix_global_stats, 0,
730 sizeof(struct dpif_ipfix_global_stats));
731 }
732
733 static void
734 dpif_ipfix_exporter_destroy(struct dpif_ipfix_exporter *exporter)
735 {
736 dpif_ipfix_exporter_clear(exporter);
737 hmap_destroy(&exporter->cache_flow_key_map);
738 }
739
740 static bool
741 dpif_ipfix_exporter_set_options(struct dpif_ipfix_exporter *exporter,
742 const struct sset *targets,
743 const uint32_t cache_active_timeout,
744 const uint32_t cache_max_flows,
745 const char *virtual_obs_id)
746 {
747 size_t virtual_obs_len;
748 collectors_destroy(exporter->collectors);
749 collectors_create(targets, IPFIX_DEFAULT_COLLECTOR_PORT,
750 &exporter->collectors);
751 if (exporter->collectors == NULL) {
752 VLOG_WARN_RL(&rl, "no collectors could be initialized, "
753 "IPFIX exporter disabled");
754 dpif_ipfix_exporter_clear(exporter);
755 return false;
756 }
757 exporter->cache_active_timeout = cache_active_timeout;
758 exporter->cache_max_flows = cache_max_flows;
759 virtual_obs_len = virtual_obs_id ? strlen(virtual_obs_id) : 0;
760 if (virtual_obs_len > IPFIX_VIRTUAL_OBS_MAX_LEN) {
761 VLOG_WARN_RL(&rl, "Virtual obsevation ID too long (%d bytes), "
762 "should not be longer than %d bytes.",
763 exporter->virtual_obs_len, IPFIX_VIRTUAL_OBS_MAX_LEN);
764 dpif_ipfix_exporter_clear(exporter);
765 return false;
766 }
767 exporter->virtual_obs_len = virtual_obs_len;
768 exporter->virtual_obs_id = nullable_xstrdup(virtual_obs_id);
769 return true;
770 }
771
772 static struct dpif_ipfix_port *
773 dpif_ipfix_find_port(const struct dpif_ipfix *di,
774 odp_port_t odp_port) OVS_REQUIRES(mutex)
775 {
776 struct dpif_ipfix_port *dip;
777
778 HMAP_FOR_EACH_IN_BUCKET (dip, hmap_node, hash_odp_port(odp_port),
779 &di->ports) {
780 if (dip->odp_port == odp_port) {
781 return dip;
782 }
783 }
784 return NULL;
785 }
786
787 static void
788 dpif_ipfix_del_port__(struct dpif_ipfix *di,
789 struct dpif_ipfix_port *dip)
790 OVS_REQUIRES(mutex)
791 {
792 hmap_remove(&di->ports, &dip->hmap_node);
793 free(dip);
794 }
795
796 static enum dpif_ipfix_tunnel_type
797 dpif_ipfix_tunnel_type(const struct ofport *ofport)
798 {
799 const char *type = netdev_get_type(ofport->netdev);
800
801 if (type == NULL) {
802 return DPIF_IPFIX_TUNNEL_UNKNOWN;
803 }
804 if (strcmp(type, "gre") == 0) {
805 return DPIF_IPFIX_TUNNEL_GRE;
806 } else if (strcmp(type, "vxlan") == 0) {
807 return DPIF_IPFIX_TUNNEL_VXLAN;
808 } else if (strcmp(type, "lisp") == 0) {
809 return DPIF_IPFIX_TUNNEL_LISP;
810 } else if (strcmp(type, "geneve") == 0) {
811 return DPIF_IPFIX_TUNNEL_GENEVE;
812 } else if (strcmp(type, "stt") == 0) {
813 return DPIF_IPFIX_TUNNEL_STT;
814 }
815
816 return DPIF_IPFIX_TUNNEL_UNKNOWN;
817 }
818
819 static uint8_t
820 dpif_ipfix_tunnel_key_length(enum dpif_ipfix_tunnel_type tunnel_type)
821 {
822
823 switch (tunnel_type) {
824 case DPIF_IPFIX_TUNNEL_GRE:
825 /* 32-bit key gre */
826 return 4;
827 case DPIF_IPFIX_TUNNEL_VXLAN:
828 case DPIF_IPFIX_TUNNEL_LISP:
829 case DPIF_IPFIX_TUNNEL_GENEVE:
830 return 3;
831 case DPIF_IPFIX_TUNNEL_STT:
832 return 8;
833 case DPIF_IPFIX_TUNNEL_UNKNOWN:
834 case NUM_DPIF_IPFIX_TUNNEL:
835 default:
836 return 0;
837 }
838 }
839
840 void
841 dpif_ipfix_add_port(struct dpif_ipfix *di, struct ofport *ofport,
842 odp_port_t odp_port) OVS_EXCLUDED(mutex)
843 {
844 struct dpif_ipfix_port *dip;
845 int64_t ifindex;
846
847 ovs_mutex_lock(&mutex);
848 dip = dpif_ipfix_find_port(di, odp_port);
849 if (dip) {
850 dpif_ipfix_del_port__(di, dip);
851 }
852
853 ifindex = netdev_get_ifindex(ofport->netdev);
854 if (ifindex < 0) {
855 ifindex = 0;
856 }
857
858 /* Add to table of ports. */
859 dip = xmalloc(sizeof *dip);
860 dip->ofport = ofport;
861 dip->odp_port = odp_port;
862 dip->tunnel_type = dpif_ipfix_tunnel_type(ofport);
863 dip->tunnel_key_length = dpif_ipfix_tunnel_key_length(dip->tunnel_type);
864 dip->ifindex = ifindex;
865 hmap_insert(&di->ports, &dip->hmap_node, hash_odp_port(odp_port));
866
867 ovs_mutex_unlock(&mutex);
868 }
869
870 void
871 dpif_ipfix_del_port(struct dpif_ipfix *di, odp_port_t odp_port)
872 OVS_EXCLUDED(mutex)
873 {
874 struct dpif_ipfix_port *dip;
875 ovs_mutex_lock(&mutex);
876 dip = dpif_ipfix_find_port(di, odp_port);
877 if (dip) {
878 dpif_ipfix_del_port__(di, dip);
879 }
880 ovs_mutex_unlock(&mutex);
881 }
882
883 static struct dpif_ipfix_port *
884 dpif_ipfix_find_tunnel_port(const struct dpif_ipfix *di, odp_port_t odp_port)
885 OVS_REQUIRES(mutex)
886 {
887 struct dpif_ipfix_port *dip = dpif_ipfix_find_port(di, odp_port);
888 return (dip && dip->tunnel_type != DPIF_IPFIX_TUNNEL_UNKNOWN) ? dip : NULL;
889 }
890
891 bool
892 dpif_ipfix_is_tunnel_port(const struct dpif_ipfix *di, odp_port_t odp_port)
893 OVS_EXCLUDED(mutex)
894 {
895 struct dpif_ipfix_port *dip;
896 ovs_mutex_lock(&mutex);
897 dip = dpif_ipfix_find_tunnel_port(di, odp_port);
898 ovs_mutex_unlock(&mutex);
899 return dip != NULL;
900 }
901
902 static void
903 dpif_ipfix_bridge_exporter_init(struct dpif_ipfix_bridge_exporter *exporter)
904 {
905 dpif_ipfix_exporter_init(&exporter->exporter);
906 exporter->options = NULL;
907 exporter->probability = 0;
908 }
909
910 static void
911 dpif_ipfix_bridge_exporter_clear(struct dpif_ipfix_bridge_exporter *exporter)
912 {
913 dpif_ipfix_exporter_clear(&exporter->exporter);
914 ofproto_ipfix_bridge_exporter_options_destroy(exporter->options);
915 exporter->options = NULL;
916 exporter->probability = 0;
917 }
918
919 static void
920 dpif_ipfix_bridge_exporter_destroy(struct dpif_ipfix_bridge_exporter *exporter)
921 {
922 dpif_ipfix_bridge_exporter_clear(exporter);
923 dpif_ipfix_exporter_destroy(&exporter->exporter);
924 }
925
926 static void
927 dpif_ipfix_bridge_exporter_set_options(
928 struct dpif_ipfix_bridge_exporter *exporter,
929 const struct ofproto_ipfix_bridge_exporter_options *options)
930 {
931 bool options_changed;
932
933 if (!options || sset_is_empty(&options->targets)) {
934 /* No point in doing any work if there are no targets. */
935 dpif_ipfix_bridge_exporter_clear(exporter);
936 return;
937 }
938
939 options_changed = (
940 !exporter->options
941 || !ofproto_ipfix_bridge_exporter_options_equal(
942 options, exporter->options));
943
944 /* Configure collectors if options have changed or if we're
945 * shortchanged in collectors (which indicates that opening one or
946 * more of the configured collectors failed, so that we should
947 * retry). */
948 if (options_changed
949 || collectors_count(exporter->exporter.collectors)
950 < sset_count(&options->targets)) {
951 if (!dpif_ipfix_exporter_set_options(
952 &exporter->exporter, &options->targets,
953 options->cache_active_timeout, options->cache_max_flows,
954 options->virtual_obs_id)) {
955 return;
956 }
957 }
958
959 /* Avoid reconfiguring if options didn't change. */
960 if (!options_changed) {
961 return;
962 }
963
964 ofproto_ipfix_bridge_exporter_options_destroy(exporter->options);
965 exporter->options = ofproto_ipfix_bridge_exporter_options_clone(options);
966 exporter->probability =
967 MAX(1, UINT32_MAX / exporter->options->sampling_rate);
968
969 /* Run over the cache as some entries might have expired after
970 * changing the timeouts. */
971 dpif_ipfix_cache_expire_now(&exporter->exporter, false);
972 }
973
974 static struct dpif_ipfix_flow_exporter_map_node*
975 dpif_ipfix_find_flow_exporter_map_node(
976 const struct dpif_ipfix *di, const uint32_t collector_set_id)
977 OVS_REQUIRES(mutex)
978 {
979 struct dpif_ipfix_flow_exporter_map_node *exporter_node;
980
981 HMAP_FOR_EACH_WITH_HASH (exporter_node, node,
982 hash_int(collector_set_id, 0),
983 &di->flow_exporter_map) {
984 if (exporter_node->exporter.options->collector_set_id
985 == collector_set_id) {
986 return exporter_node;
987 }
988 }
989
990 return NULL;
991 }
992
993 static void
994 dpif_ipfix_flow_exporter_init(struct dpif_ipfix_flow_exporter *exporter)
995 {
996 dpif_ipfix_exporter_init(&exporter->exporter);
997 exporter->options = NULL;
998 }
999
1000 static void
1001 dpif_ipfix_flow_exporter_clear(struct dpif_ipfix_flow_exporter *exporter)
1002 {
1003 dpif_ipfix_exporter_clear(&exporter->exporter);
1004 ofproto_ipfix_flow_exporter_options_destroy(exporter->options);
1005 exporter->options = NULL;
1006 }
1007
1008 static void
1009 dpif_ipfix_flow_exporter_destroy(struct dpif_ipfix_flow_exporter *exporter)
1010 {
1011 dpif_ipfix_flow_exporter_clear(exporter);
1012 dpif_ipfix_exporter_destroy(&exporter->exporter);
1013 }
1014
1015 static bool
1016 dpif_ipfix_flow_exporter_set_options(
1017 struct dpif_ipfix_flow_exporter *exporter,
1018 const struct ofproto_ipfix_flow_exporter_options *options)
1019 {
1020 bool options_changed;
1021
1022 if (sset_is_empty(&options->targets)) {
1023 /* No point in doing any work if there are no targets. */
1024 dpif_ipfix_flow_exporter_clear(exporter);
1025 return true;
1026 }
1027
1028 options_changed = (
1029 !exporter->options
1030 || !ofproto_ipfix_flow_exporter_options_equal(
1031 options, exporter->options));
1032
1033 /* Configure collectors if options have changed or if we're
1034 * shortchanged in collectors (which indicates that opening one or
1035 * more of the configured collectors failed, so that we should
1036 * retry). */
1037 if (options_changed
1038 || collectors_count(exporter->exporter.collectors)
1039 < sset_count(&options->targets)) {
1040 if (!dpif_ipfix_exporter_set_options(
1041 &exporter->exporter, &options->targets,
1042 options->cache_active_timeout, options->cache_max_flows,
1043 options->virtual_obs_id)) {
1044 return false;
1045 }
1046 }
1047
1048 /* Avoid reconfiguring if options didn't change. */
1049 if (!options_changed) {
1050 return true;
1051 }
1052
1053 ofproto_ipfix_flow_exporter_options_destroy(exporter->options);
1054 exporter->options = ofproto_ipfix_flow_exporter_options_clone(options);
1055
1056 /* Run over the cache as some entries might have expired after
1057 * changing the timeouts. */
1058 dpif_ipfix_cache_expire_now(&exporter->exporter, false);
1059
1060 return true;
1061 }
1062
1063 static void
1064 remove_flow_exporter(struct dpif_ipfix *di,
1065 struct dpif_ipfix_flow_exporter_map_node *node)
1066 {
1067 hmap_remove(&di->flow_exporter_map, &node->node);
1068 dpif_ipfix_flow_exporter_destroy(&node->exporter);
1069 free(node);
1070 }
1071
1072 void
1073 dpif_ipfix_set_options(
1074 struct dpif_ipfix *di,
1075 const struct ofproto_ipfix_bridge_exporter_options *bridge_exporter_options,
1076 const struct ofproto_ipfix_flow_exporter_options *flow_exporters_options,
1077 size_t n_flow_exporters_options) OVS_EXCLUDED(mutex)
1078 {
1079 int i;
1080 struct ofproto_ipfix_flow_exporter_options *options;
1081 struct dpif_ipfix_flow_exporter_map_node *node, *next;
1082
1083 ovs_mutex_lock(&mutex);
1084 dpif_ipfix_bridge_exporter_set_options(&di->bridge_exporter,
1085 bridge_exporter_options);
1086
1087 /* Add new flow exporters and update current flow exporters. */
1088 options = (struct ofproto_ipfix_flow_exporter_options *)
1089 flow_exporters_options;
1090 for (i = 0; i < n_flow_exporters_options; i++) {
1091 node = dpif_ipfix_find_flow_exporter_map_node(
1092 di, options->collector_set_id);
1093 if (!node) {
1094 node = xzalloc(sizeof *node);
1095 dpif_ipfix_flow_exporter_init(&node->exporter);
1096 hmap_insert(&di->flow_exporter_map, &node->node,
1097 hash_int(options->collector_set_id, 0));
1098 }
1099 if (!dpif_ipfix_flow_exporter_set_options(&node->exporter, options)) {
1100 remove_flow_exporter(di, node);
1101 }
1102 options++;
1103 }
1104
1105 /* Remove dropped flow exporters, if any needs to be removed. */
1106 HMAP_FOR_EACH_SAFE (node, next, node, &di->flow_exporter_map) {
1107 /* This is slow but doesn't take any extra memory, and
1108 * this table is not supposed to contain many rows anyway. */
1109 options = (struct ofproto_ipfix_flow_exporter_options *)
1110 flow_exporters_options;
1111 for (i = 0; i < n_flow_exporters_options; i++) {
1112 if (node->exporter.options->collector_set_id
1113 == options->collector_set_id) {
1114 break;
1115 }
1116 options++;
1117 }
1118 if (i == n_flow_exporters_options) { /* Not found. */
1119 remove_flow_exporter(di, node);
1120 }
1121 }
1122
1123 ovs_mutex_unlock(&mutex);
1124 }
1125
1126 struct dpif_ipfix *
1127 dpif_ipfix_create(void)
1128 {
1129 struct dpif_ipfix *di;
1130 di = xzalloc(sizeof *di);
1131 dpif_ipfix_bridge_exporter_init(&di->bridge_exporter);
1132 hmap_init(&di->flow_exporter_map);
1133 hmap_init(&di->ports);
1134 ovs_refcount_init(&di->ref_cnt);
1135 return di;
1136 }
1137
1138 struct dpif_ipfix *
1139 dpif_ipfix_ref(const struct dpif_ipfix *di_)
1140 {
1141 struct dpif_ipfix *di = CONST_CAST(struct dpif_ipfix *, di_);
1142 if (di) {
1143 ovs_refcount_ref(&di->ref_cnt);
1144 }
1145 return di;
1146 }
1147
1148 uint32_t
1149 dpif_ipfix_get_bridge_exporter_probability(const struct dpif_ipfix *di)
1150 OVS_EXCLUDED(mutex)
1151 {
1152 uint32_t ret;
1153 ovs_mutex_lock(&mutex);
1154 ret = di->bridge_exporter.probability;
1155 ovs_mutex_unlock(&mutex);
1156 return ret;
1157 }
1158
1159 bool
1160 dpif_ipfix_get_bridge_exporter_input_sampling(const struct dpif_ipfix *di)
1161 OVS_EXCLUDED(mutex)
1162 {
1163 bool ret = false;
1164 ovs_mutex_lock(&mutex);
1165 if (di->bridge_exporter.options) {
1166 ret = di->bridge_exporter.options->enable_input_sampling;
1167 }
1168 ovs_mutex_unlock(&mutex);
1169 return ret;
1170 }
1171
1172 bool
1173 dpif_ipfix_get_bridge_exporter_output_sampling(const struct dpif_ipfix *di)
1174 OVS_EXCLUDED(mutex)
1175 {
1176 bool ret = false;
1177 ovs_mutex_lock(&mutex);
1178 if (di->bridge_exporter.options) {
1179 ret = di->bridge_exporter.options->enable_output_sampling;
1180 }
1181 ovs_mutex_unlock(&mutex);
1182 return ret;
1183 }
1184
1185 bool
1186 dpif_ipfix_get_bridge_exporter_tunnel_sampling(const struct dpif_ipfix *di)
1187 OVS_EXCLUDED(mutex)
1188 {
1189 bool ret = false;
1190 ovs_mutex_lock(&mutex);
1191 if (di->bridge_exporter.options) {
1192 ret = di->bridge_exporter.options->enable_tunnel_sampling;
1193 }
1194 ovs_mutex_unlock(&mutex);
1195 return ret;
1196 }
1197
1198 bool
1199 dpif_ipfix_get_flow_exporter_tunnel_sampling(const struct dpif_ipfix *di,
1200 const uint32_t collector_set_id)
1201 OVS_EXCLUDED(mutex)
1202 {
1203 ovs_mutex_lock(&mutex);
1204 struct dpif_ipfix_flow_exporter_map_node *node
1205 = dpif_ipfix_find_flow_exporter_map_node(di, collector_set_id);
1206 bool ret = (node
1207 && node->exporter.options
1208 && node->exporter.options->enable_tunnel_sampling);
1209 ovs_mutex_unlock(&mutex);
1210
1211 return ret;
1212 }
1213
1214 static void
1215 dpif_ipfix_clear(struct dpif_ipfix *di) OVS_REQUIRES(mutex)
1216 {
1217 struct dpif_ipfix_flow_exporter_map_node *exp_node;
1218 struct dpif_ipfix_port *dip, *next;
1219
1220 dpif_ipfix_bridge_exporter_clear(&di->bridge_exporter);
1221
1222 HMAP_FOR_EACH_POP (exp_node, node, &di->flow_exporter_map) {
1223 dpif_ipfix_flow_exporter_destroy(&exp_node->exporter);
1224 free(exp_node);
1225 }
1226
1227 HMAP_FOR_EACH_SAFE (dip, next, hmap_node, &di->ports) {
1228 dpif_ipfix_del_port__(di, dip);
1229 }
1230 }
1231
1232 void
1233 dpif_ipfix_unref(struct dpif_ipfix *di) OVS_EXCLUDED(mutex)
1234 {
1235 if (di && ovs_refcount_unref_relaxed(&di->ref_cnt) == 1) {
1236 ovs_mutex_lock(&mutex);
1237 dpif_ipfix_clear(di);
1238 dpif_ipfix_bridge_exporter_destroy(&di->bridge_exporter);
1239 hmap_destroy(&di->flow_exporter_map);
1240 hmap_destroy(&di->ports);
1241 free(di);
1242 ovs_mutex_unlock(&mutex);
1243 }
1244 }
1245
1246 static void
1247 ipfix_init_header(uint32_t export_time_sec, uint32_t seq_number,
1248 uint32_t obs_domain_id, struct dp_packet *msg)
1249 {
1250 struct ipfix_header *hdr;
1251
1252 hdr = dp_packet_put_zeros(msg, sizeof *hdr);
1253 hdr->version = htons(IPFIX_VERSION);
1254 hdr->length = htons(sizeof *hdr); /* Updated in ipfix_send_msg. */
1255 hdr->export_time = htonl(export_time_sec);
1256 hdr->seq_number = htonl(seq_number);
1257 hdr->obs_domain_id = htonl(obs_domain_id);
1258 }
1259
1260 static size_t
1261 ipfix_send_msg(const struct collectors *collectors, struct dp_packet *msg)
1262 {
1263 struct ipfix_header *hdr;
1264 size_t tx_errors;
1265
1266 /* Adjust the length in the header. */
1267 hdr = dp_packet_data(msg);
1268 hdr->length = htons(dp_packet_size(msg));
1269
1270 tx_errors = collectors_send(collectors,
1271 dp_packet_data(msg), dp_packet_size(msg));
1272 dp_packet_set_size(msg, 0);
1273
1274 return tx_errors;
1275 }
1276
1277 static uint16_t
1278 ipfix_get_template_id(enum ipfix_proto_l2 l2, enum ipfix_proto_l3 l3,
1279 enum ipfix_proto_l4 l4, enum ipfix_proto_tunnel tunnel,
1280 enum ipfix_flow_direction flow_direction)
1281 {
1282 uint16_t template_id;
1283 template_id = l2;
1284 template_id = template_id * NUM_IPFIX_PROTO_L3 + l3;
1285 template_id = template_id * NUM_IPFIX_PROTO_L4 + l4;
1286 template_id = template_id * NUM_IPFIX_PROTO_TUNNEL + tunnel;
1287 template_id = template_id * NUM_IPFIX_FLOW_DIRECTION + flow_direction;
1288 return IPFIX_TEMPLATE_ID_MIN + template_id;
1289 }
1290
1291 static uint16_t
1292 ipfix_get_options_template_id(enum ipfix_options_template opt_tmpl_type)
1293 {
1294 /* Check what is the maximum possible Template ID for Template Record and
1295 * use it as a base number for Template ID in Options Template Record. */
1296 uint16_t max_tmpl_id = ipfix_get_template_id(NUM_IPFIX_PROTO_L2,
1297 NUM_IPFIX_PROTO_L3,
1298 NUM_IPFIX_PROTO_L4,
1299 NUM_IPFIX_PROTO_TUNNEL,
1300 NUM_IPFIX_FLOW_DIRECTION);
1301
1302 return max_tmpl_id + opt_tmpl_type;
1303 }
1304
1305
1306 static void
1307 ipfix_define_template_entity(enum ipfix_entity_id id,
1308 enum ipfix_entity_size size,
1309 enum ipfix_entity_enterprise enterprise,
1310 struct dp_packet *msg)
1311 {
1312 struct ipfix_template_field_specifier *field;
1313 size_t field_size;
1314
1315 if (enterprise) {
1316 field_size = sizeof *field;
1317 } else {
1318 /* No enterprise number */
1319 field_size = sizeof *field - sizeof(ovs_be32);
1320 }
1321 field = dp_packet_put_zeros(msg, field_size);
1322 field->element_id = htons(id);
1323 if (size) {
1324 field->field_length = htons(size);
1325 } else {
1326 /* RFC 5101, Section 7. Variable-Length Information Element */
1327 field->field_length = OVS_BE16_MAX;
1328 }
1329 if (enterprise) {
1330 field->enterprise = htonl(enterprise);
1331 }
1332
1333 }
1334
1335 #define DEF(ID) \
1336 { \
1337 ipfix_define_template_entity(IPFIX_ENTITY_ID_##ID, \
1338 IPFIX_ENTITY_SIZE_##ID, \
1339 IPFIX_ENTITY_ENTERPRISE_##ID, msg); \
1340 count++; \
1341 }
1342
1343 /* Defines The Exporting Process Reliability Statistics Options Template
1344 * fields, including scope fields. Updates 'scope_field_count' and
1345 * 'field_count' in Options Template Record Header. */
1346 static uint16_t
1347 ipfix_def_exporter_options_template_fields(size_t opt_tmpl_hdr_offset,
1348 struct dp_packet *msg)
1349 {
1350 uint16_t count = 0;
1351 struct ipfix_options_template_record_header *opt_tmpl_hdr;
1352
1353 /* 1. Scope Fields Specifiers */
1354 DEF(EXPORTING_PROCESS_ID);
1355
1356 /* Update 'scope_field_count' in options template header. */
1357 opt_tmpl_hdr = (struct ipfix_options_template_record_header *)
1358 ((uint8_t *)dp_packet_data(msg) + opt_tmpl_hdr_offset);
1359 opt_tmpl_hdr->scope_field_count = htons(count);
1360
1361 /* 2. Fields Specifiers */
1362 DEF(NOT_SENT_PACKET_TOTAL_COUNT);
1363
1364 /* Update 'field_count' in options template header. */
1365 opt_tmpl_hdr = (struct ipfix_options_template_record_header *)
1366 ((uint8_t *)dp_packet_data(msg) + opt_tmpl_hdr_offset);
1367 opt_tmpl_hdr->field_count = htons(count);
1368
1369 return count;
1370 }
1371
1372 static uint16_t
1373 ipfix_def_options_template_fields(enum ipfix_options_template opt_tmpl_type,
1374 size_t opt_tmpl_hdr_offset,
1375 struct dp_packet *msg)
1376 {
1377 switch (opt_tmpl_type) {
1378 case IPFIX_OPTIONS_TEMPLATE_EXPORTER_STATS:
1379 return ipfix_def_exporter_options_template_fields(opt_tmpl_hdr_offset,
1380 msg);
1381 break;
1382 case NUM_IPFIX_OPTIONS_TEMPLATE:
1383 default:
1384 OVS_NOT_REACHED();
1385 }
1386
1387 return 0;
1388 }
1389
1390 /* Defines fields in Template Record. Updates 'field_count' in Template Record
1391 * Header. */
1392 static uint16_t
1393 ipfix_define_template_fields(enum ipfix_proto_l2 l2, enum ipfix_proto_l3 l3,
1394 enum ipfix_proto_l4 l4, enum ipfix_proto_tunnel tunnel,
1395 enum ipfix_flow_direction flow_direction,
1396 bool virtual_obs_id_set,
1397 size_t tmpl_hdr_offset,
1398 struct dp_packet *msg)
1399 {
1400
1401 struct ipfix_template_record_header *tmpl_hdr;
1402 uint16_t count = 0;
1403
1404 /* 1. Flow key. */
1405
1406 DEF(OBSERVATION_POINT_ID);
1407 DEF(FLOW_DIRECTION);
1408
1409 /* Common Ethernet entities. */
1410 DEF(SOURCE_MAC_ADDRESS);
1411 DEF(DESTINATION_MAC_ADDRESS);
1412 DEF(ETHERNET_TYPE);
1413 DEF(ETHERNET_HEADER_LENGTH);
1414
1415 /* Interface Information Elements */
1416 DEF(INGRESS_INTERFACE);
1417 DEF(INGRESS_INTERFACE_TYPE);
1418 DEF(INTERFACE_NAME);
1419 DEF(INTERFACE_DESCRIPTION);
1420
1421 if (flow_direction == EGRESS_FLOW) {
1422 DEF(EGRESS_INTERFACE);
1423 DEF(EGRESS_INTERFACE_TYPE);
1424 DEF(INTERFACE_NAME);
1425 DEF(INTERFACE_DESCRIPTION);
1426 }
1427
1428 if (l2 == IPFIX_PROTO_L2_VLAN) {
1429 DEF(VLAN_ID);
1430 DEF(DOT1Q_VLAN_ID);
1431 DEF(DOT1Q_PRIORITY);
1432 }
1433
1434 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
1435 DEF(IP_VERSION);
1436 DEF(IP_TTL);
1437 DEF(PROTOCOL_IDENTIFIER);
1438 DEF(IP_DIFF_SERV_CODE_POINT);
1439 DEF(IP_PRECEDENCE);
1440 DEF(IP_CLASS_OF_SERVICE);
1441
1442 if (l3 == IPFIX_PROTO_L3_IPV4) {
1443 DEF(SOURCE_IPV4_ADDRESS);
1444 DEF(DESTINATION_IPV4_ADDRESS);
1445 if (l4 == IPFIX_PROTO_L4_TCP
1446 || l4 == IPFIX_PROTO_L4_UDP
1447 || l4 == IPFIX_PROTO_L4_SCTP) {
1448 DEF(SOURCE_TRANSPORT_PORT);
1449 DEF(DESTINATION_TRANSPORT_PORT);
1450 } else if (l4 == IPFIX_PROTO_L4_ICMP) {
1451 DEF(ICMP_TYPE_IPV4);
1452 DEF(ICMP_CODE_IPV4);
1453 }
1454 } else { /* l3 == IPFIX_PROTO_L3_IPV6 */
1455 DEF(SOURCE_IPV6_ADDRESS);
1456 DEF(DESTINATION_IPV6_ADDRESS);
1457 DEF(FLOW_LABEL_IPV6);
1458 if (l4 == IPFIX_PROTO_L4_TCP
1459 || l4 == IPFIX_PROTO_L4_UDP
1460 || l4 == IPFIX_PROTO_L4_SCTP) {
1461 DEF(SOURCE_TRANSPORT_PORT);
1462 DEF(DESTINATION_TRANSPORT_PORT);
1463 } else if (l4 == IPFIX_PROTO_L4_ICMP) {
1464 DEF(ICMP_TYPE_IPV6);
1465 DEF(ICMP_CODE_IPV6);
1466 }
1467 }
1468 }
1469
1470 if (tunnel != IPFIX_PROTO_NOT_TUNNELED) {
1471 DEF(TUNNEL_SOURCE_IPV4_ADDRESS);
1472 DEF(TUNNEL_DESTINATION_IPV4_ADDRESS);
1473 DEF(TUNNEL_PROTOCOL_IDENTIFIER);
1474 DEF(TUNNEL_SOURCE_TRANSPORT_PORT);
1475 DEF(TUNNEL_DESTINATION_TRANSPORT_PORT);
1476 DEF(TUNNEL_TYPE);
1477 DEF(TUNNEL_KEY);
1478 }
1479
1480 /* 2. Virtual observation ID, which is not a part of flow key. */
1481 if (virtual_obs_id_set) {
1482 DEF(VIRTUAL_OBS_ID);
1483 }
1484
1485 /* 3. Flow aggregated data. */
1486
1487 DEF(FLOW_START_DELTA_MICROSECONDS);
1488 DEF(FLOW_END_DELTA_MICROSECONDS);
1489 DEF(DROPPED_PACKET_DELTA_COUNT);
1490 DEF(DROPPED_PACKET_TOTAL_COUNT);
1491 DEF(PACKET_DELTA_COUNT);
1492 DEF(PACKET_TOTAL_COUNT);
1493 DEF(INGRESS_UNICAST_PACKET_TOTAL_COUNT);
1494 DEF(INGRESS_MULTICAST_PACKET_TOTAL_COUNT);
1495 DEF(INGRESS_BROADCAST_PACKET_TOTAL_COUNT);
1496 DEF(EGRESS_UNICAST_PACKET_TOTAL_COUNT);
1497 DEF(EGRESS_BROADCAST_PACKET_TOTAL_COUNT);
1498 DEF(POST_MCAST_PACKET_DELTA_COUNT);
1499 DEF(POST_MCAST_PACKET_TOTAL_COUNT);
1500 DEF(LAYER2_OCTET_DELTA_COUNT);
1501 DEF(LAYER2_OCTET_TOTAL_COUNT);
1502 DEF(FLOW_END_REASON);
1503
1504 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
1505 DEF(DROPPED_OCTET_DELTA_COUNT);
1506 DEF(DROPPED_OCTET_TOTAL_COUNT);
1507 DEF(OCTET_DELTA_COUNT);
1508 DEF(OCTET_TOTAL_COUNT);
1509 DEF(OCTET_DELTA_SUM_OF_SQUARES);
1510 DEF(OCTET_TOTAL_SUM_OF_SQUARES);
1511 DEF(MINIMUM_IP_TOTAL_LENGTH);
1512 DEF(MAXIMUM_IP_TOTAL_LENGTH);
1513 DEF(POST_MCAST_OCTET_DELTA_COUNT);
1514 DEF(POST_MCAST_OCTET_TOTAL_COUNT);
1515 }
1516
1517 if (l4 == IPFIX_PROTO_L4_TCP) {
1518 DEF(TCP_ACK_TOTAL_COUNT);
1519 DEF(TCP_FIN_TOTAL_COUNT);
1520 DEF(TCP_PSH_TOTAL_COUNT);
1521 DEF(TCP_RST_TOTAL_COUNT);
1522 DEF(TCP_SYN_TOTAL_COUNT);
1523 DEF(TCP_URG_TOTAL_COUNT);
1524 }
1525
1526 /* Update 'field_count' in template header. */
1527 tmpl_hdr = (struct ipfix_template_record_header *)
1528 ((uint8_t *)dp_packet_data(msg) + tmpl_hdr_offset);
1529 tmpl_hdr->field_count = htons(count);
1530
1531 return count;
1532 }
1533
1534 #undef DEF
1535
1536 static void
1537 ipfix_init_template_msg(uint32_t export_time_sec,
1538 uint32_t seq_number, uint32_t obs_domain_id,
1539 uint16_t set_id, struct dp_packet *msg,
1540 size_t *set_hdr_offset)
1541 {
1542 struct ipfix_set_header *set_hdr;
1543
1544 dp_packet_clear(msg);
1545
1546 ipfix_init_header(export_time_sec, seq_number, obs_domain_id, msg);
1547 *set_hdr_offset = dp_packet_size(msg);
1548
1549 /* Add a Set Header. */
1550 set_hdr = dp_packet_put_zeros(msg, sizeof *set_hdr);
1551 set_hdr->set_id = htons(set_id);
1552 }
1553
1554 static size_t
1555 ipfix_send_template_msg(const struct collectors *collectors,
1556 struct dp_packet *msg, size_t set_hdr_offset)
1557 {
1558 struct ipfix_set_header *set_hdr;
1559 size_t tx_errors;
1560
1561 /* Send template message. */
1562 set_hdr = (struct ipfix_set_header*)
1563 ((uint8_t*)dp_packet_data(msg) + set_hdr_offset);
1564 set_hdr->length = htons(dp_packet_size(msg) - set_hdr_offset);
1565
1566 tx_errors = ipfix_send_msg(collectors, msg);
1567
1568 return tx_errors;
1569 }
1570
1571 static void
1572 ipfix_add_options_template_record(enum ipfix_options_template opt_tmpl_type,
1573 struct dp_packet *msg)
1574 {
1575 struct ipfix_options_template_record_header *opt_tmpl_hdr;
1576 size_t opt_tmpl_hdr_offset;
1577
1578 opt_tmpl_hdr_offset = dp_packet_size(msg);
1579 opt_tmpl_hdr = dp_packet_put_zeros(msg, sizeof *opt_tmpl_hdr);
1580 opt_tmpl_hdr->template_id =
1581 htons(ipfix_get_options_template_id(opt_tmpl_type));
1582 ipfix_def_options_template_fields(opt_tmpl_type, opt_tmpl_hdr_offset, msg);
1583 }
1584
1585 static void
1586 ipfix_send_options_template_msgs(struct dpif_ipfix_exporter *exporter,
1587 uint32_t export_time_sec,
1588 uint32_t obs_domain_id,
1589 struct dp_packet *msg)
1590 {
1591 size_t set_hdr_offset;
1592 size_t tx_packets = 0;
1593 size_t tx_errors = 0, error_pkts;
1594 enum ipfix_options_template opt_tmpl_type;
1595
1596 ipfix_init_template_msg(export_time_sec, exporter->seq_number,
1597 obs_domain_id, IPFIX_SET_ID_OPTION_TEMPLATE, msg,
1598 &set_hdr_offset);
1599
1600 for (opt_tmpl_type = 0; opt_tmpl_type < NUM_IPFIX_OPTIONS_TEMPLATE;
1601 ++opt_tmpl_type) {
1602 if (dp_packet_size(msg) >= MAX_MESSAGE_LEN) {
1603 /* Send template message. */
1604 error_pkts = ipfix_send_template_msg(exporter->collectors, msg,
1605 set_hdr_offset);
1606 tx_errors += error_pkts;
1607 tx_packets += collectors_count(exporter->collectors) - error_pkts;
1608
1609 /* Reinitialize the template msg. */
1610 ipfix_init_template_msg(export_time_sec, exporter->seq_number,
1611 obs_domain_id,
1612 IPFIX_SET_ID_OPTION_TEMPLATE,
1613 msg,
1614 &set_hdr_offset);
1615 }
1616
1617 ipfix_add_options_template_record(opt_tmpl_type, msg);
1618 }
1619
1620 error_pkts = ipfix_send_template_msg(exporter->collectors, msg,
1621 set_hdr_offset);
1622 tx_errors += error_pkts;
1623 tx_packets += collectors_count(exporter->collectors) - error_pkts;
1624 exporter->ofproto_stats.tx_pkts += tx_packets;
1625 exporter->ofproto_stats.tx_errors += tx_errors;
1626 }
1627
1628 static void
1629 ipfix_add_template_record(enum ipfix_proto_l2 l2, enum ipfix_proto_l3 l3,
1630 enum ipfix_proto_l4 l4,
1631 enum ipfix_proto_tunnel tunnel,
1632 enum ipfix_flow_direction flow_direction,
1633 bool virtual_obs_id_set,
1634 struct dp_packet *msg)
1635 {
1636 struct ipfix_template_record_header *tmpl_hdr;
1637 size_t tmpl_hdr_offset = dp_packet_size(msg);
1638
1639 tmpl_hdr = dp_packet_put_zeros(msg, sizeof *tmpl_hdr);
1640 tmpl_hdr->template_id =
1641 htons(ipfix_get_template_id(l2, l3, l4, tunnel, flow_direction));
1642 ipfix_define_template_fields(l2, l3, l4, tunnel, flow_direction,
1643 virtual_obs_id_set, tmpl_hdr_offset, msg);
1644 }
1645
1646 static void
1647 ipfix_send_template_msgs(struct dpif_ipfix_exporter *exporter,
1648 uint32_t export_time_sec, uint32_t obs_domain_id)
1649 {
1650 uint64_t msg_stub[DIV_ROUND_UP(MAX_MESSAGE_LEN, 8)];
1651 struct dp_packet msg;
1652 dp_packet_use_stub(&msg, msg_stub, sizeof msg_stub);
1653
1654 size_t set_hdr_offset, error_pkts;
1655 size_t tx_packets = 0;
1656 size_t tx_errors = 0;
1657 enum ipfix_proto_l2 l2;
1658 enum ipfix_proto_l3 l3;
1659 enum ipfix_proto_l4 l4;
1660 enum ipfix_proto_tunnel tunnel;
1661 enum ipfix_flow_direction flow_direction;
1662
1663 ipfix_init_template_msg(export_time_sec, exporter->seq_number,
1664 obs_domain_id, IPFIX_SET_ID_TEMPLATE, &msg,
1665 &set_hdr_offset);
1666 /* Define one template for each possible combination of
1667 * protocols. */
1668 for (l2 = 0; l2 < NUM_IPFIX_PROTO_L2; l2++) {
1669 for (l3 = 0; l3 < NUM_IPFIX_PROTO_L3; l3++) {
1670 for (l4 = 0; l4 < NUM_IPFIX_PROTO_L4; l4++) {
1671 if (l3 == IPFIX_PROTO_L3_UNKNOWN &&
1672 l4 != IPFIX_PROTO_L4_UNKNOWN) {
1673 continue;
1674 }
1675 for (tunnel = 0; tunnel < NUM_IPFIX_PROTO_TUNNEL; tunnel++) {
1676 for (flow_direction = 0;
1677 flow_direction < NUM_IPFIX_FLOW_DIRECTION;
1678 flow_direction++) {
1679 /* When the size of the template packet reaches
1680 * MAX_MESSAGE_LEN(1024), send it out.
1681 * And then reinitialize the msg to construct a new
1682 * packet for the following templates.
1683 */
1684 if (dp_packet_size(&msg) >= MAX_MESSAGE_LEN) {
1685 /* Send template message. */
1686 error_pkts =
1687 ipfix_send_template_msg(exporter->collectors,
1688 &msg, set_hdr_offset);
1689 tx_errors += error_pkts;
1690 tx_packets +=
1691 collectors_count(exporter->collectors)
1692 - error_pkts;
1693
1694 /* Reinitialize the template msg. */
1695 ipfix_init_template_msg(export_time_sec,
1696 exporter->seq_number,
1697 obs_domain_id,
1698 IPFIX_SET_ID_TEMPLATE,
1699 &msg, &set_hdr_offset);
1700 }
1701
1702 ipfix_add_template_record(l2, l3, l4, tunnel,
1703 flow_direction,
1704 exporter->virtual_obs_id != NULL, &msg);
1705 }
1706 }
1707 }
1708 }
1709 }
1710
1711 /* Send template message. */
1712 error_pkts = ipfix_send_template_msg(exporter->collectors, &msg,
1713 set_hdr_offset);
1714 tx_errors += error_pkts;
1715 tx_packets += collectors_count(exporter->collectors) - error_pkts;
1716
1717 exporter->ofproto_stats.tx_pkts += tx_packets;
1718 exporter->ofproto_stats.tx_errors += tx_errors;
1719
1720 /* XXX: Add Options Template Sets, at least to define a Flow Keys
1721 * Option Template. */
1722
1723 /* At the moment only a single Options Template Set is used, which contains
1724 * Exporting Process Statistics. It means that there is no specific
1725 * Observation Domain ID relevant for the entire IPFIX message and it
1726 * should be set to 0. */
1727 ipfix_send_options_template_msgs(exporter, export_time_sec, 0U, &msg);
1728
1729 dp_packet_uninit(&msg);
1730 }
1731
1732 static inline uint32_t
1733 ipfix_hash_flow_key(const struct ipfix_flow_key *flow_key, uint32_t basis)
1734 {
1735 uint32_t hash;
1736 hash = hash_int(flow_key->obs_domain_id, basis);
1737 hash = hash_int(flow_key->template_id, hash);
1738 hash = hash_bytes(flow_key->flow_key_msg_part,
1739 flow_key->flow_key_msg_part_size, hash);
1740 return hash;
1741 }
1742
1743 static bool
1744 ipfix_flow_key_equal(const struct ipfix_flow_key *a,
1745 const struct ipfix_flow_key *b)
1746 {
1747 /* The template ID determines the flow key size, so not need to
1748 * compare it. */
1749 return (a->obs_domain_id == b->obs_domain_id
1750 && a->template_id == b->template_id
1751 && memcmp(a->flow_key_msg_part, b->flow_key_msg_part,
1752 a->flow_key_msg_part_size) == 0);
1753 }
1754
1755 static struct ipfix_flow_cache_entry*
1756 ipfix_cache_find_entry(const struct dpif_ipfix_exporter *exporter,
1757 const struct ipfix_flow_key *flow_key)
1758 {
1759 struct ipfix_flow_cache_entry *entry;
1760
1761 HMAP_FOR_EACH_WITH_HASH (entry, flow_key_map_node,
1762 ipfix_hash_flow_key(flow_key, 0),
1763 &exporter->cache_flow_key_map) {
1764 if (ipfix_flow_key_equal(&entry->flow_key, flow_key)) {
1765 return entry;
1766 }
1767 }
1768
1769 return NULL;
1770 }
1771
1772 static bool
1773 ipfix_cache_next_timeout_msec(const struct dpif_ipfix_exporter *exporter,
1774 long long int *next_timeout_msec)
1775 {
1776 struct ipfix_flow_cache_entry *entry;
1777
1778 LIST_FOR_EACH (entry, cache_flow_start_timestamp_list_node,
1779 &exporter->cache_flow_start_timestamp_list) {
1780 *next_timeout_msec = entry->flow_start_timestamp_usec / 1000LL
1781 + 1000LL * exporter->cache_active_timeout;
1782 return true;
1783 }
1784
1785 return false;
1786 }
1787
1788 static void
1789 ipfix_cache_aggregate_entries(struct ipfix_flow_cache_entry *from_entry,
1790 struct ipfix_flow_cache_entry *to_entry)
1791 {
1792 uint64_t *to_start, *to_end, *from_start, *from_end;
1793 uint16_t *to_min_len, *to_max_len, *from_min_len, *from_max_len;
1794
1795 to_start = &to_entry->flow_start_timestamp_usec;
1796 to_end = &to_entry->flow_end_timestamp_usec;
1797 from_start = &from_entry->flow_start_timestamp_usec;
1798 from_end = &from_entry->flow_end_timestamp_usec;
1799
1800 if (*to_start > *from_start) {
1801 *to_start = *from_start;
1802 }
1803 if (*to_end < *from_end) {
1804 *to_end = *from_end;
1805 }
1806
1807
1808 to_entry->dropped_packet_delta_count +=
1809 from_entry->dropped_packet_delta_count;
1810 to_entry->packet_delta_count += from_entry->packet_delta_count;
1811 to_entry->layer2_octet_delta_count += from_entry->layer2_octet_delta_count;
1812
1813 to_entry->dropped_packet_total_count =
1814 from_entry->dropped_packet_total_count;
1815 to_entry->packet_total_count = from_entry->packet_total_count;
1816 to_entry->in_ucast_packet_total_count =
1817 from_entry->in_ucast_packet_total_count;
1818 to_entry->in_mcast_packet_total_count =
1819 from_entry->in_mcast_packet_total_count;
1820 to_entry->in_bcast_packet_total_count =
1821 from_entry->in_bcast_packet_total_count;
1822 to_entry->out_ucast_packet_total_count =
1823 from_entry->out_ucast_packet_total_count;
1824 to_entry->out_bcast_packet_total_count =
1825 from_entry->out_bcast_packet_total_count;
1826 to_entry->layer2_octet_total_count = from_entry->layer2_octet_total_count;
1827 to_entry->post_mcast_packet_delta_count +=
1828 from_entry->post_mcast_packet_delta_count;
1829 to_entry->post_mcast_octet_delta_count +=
1830 from_entry->post_mcast_octet_delta_count;
1831
1832 to_entry->dropped_octet_delta_count +=
1833 from_entry->dropped_octet_delta_count;
1834 to_entry->octet_delta_count += from_entry->octet_delta_count;
1835 to_entry->octet_delta_sum_of_squares +=
1836 from_entry->octet_delta_sum_of_squares;
1837
1838 to_entry->dropped_octet_total_count =
1839 from_entry->dropped_octet_total_count;
1840 to_entry->octet_total_count = from_entry->octet_total_count;
1841 to_entry->octet_total_sum_of_squares =
1842 from_entry->octet_total_sum_of_squares;
1843
1844 to_entry->post_mcast_packet_total_count =
1845 from_entry->post_mcast_packet_total_count;
1846 to_entry->post_mcast_octet_total_count =
1847 from_entry->post_mcast_octet_total_count;
1848
1849 to_min_len = &to_entry->minimum_ip_total_length;
1850 to_max_len = &to_entry->maximum_ip_total_length;
1851 from_min_len = &from_entry->minimum_ip_total_length;
1852 from_max_len = &from_entry->maximum_ip_total_length;
1853
1854 if (!*to_min_len || (*from_min_len && *to_min_len > *from_min_len)) {
1855 *to_min_len = *from_min_len;
1856 }
1857 if (*to_max_len < *from_max_len) {
1858 *to_max_len = *from_max_len;
1859 }
1860
1861 to_entry->tcp_packet_delta_count += from_entry->tcp_packet_delta_count;
1862 to_entry->tcp_ack_total_count = from_entry->tcp_ack_total_count;
1863 to_entry->tcp_fin_total_count = from_entry->tcp_fin_total_count;
1864 to_entry->tcp_psh_total_count = from_entry->tcp_psh_total_count;
1865 to_entry->tcp_rst_total_count = from_entry->tcp_rst_total_count;
1866 to_entry->tcp_syn_total_count = from_entry->tcp_syn_total_count;
1867 to_entry->tcp_urg_total_count = from_entry->tcp_urg_total_count;
1868 }
1869
1870 /* Get statistics */
1871 static void
1872 ipfix_get_stats__(const struct dpif_ipfix_exporter *exporter,
1873 ofproto_ipfix_stats *stats)
1874 {
1875 memset(stats, 0xff, sizeof *stats);
1876
1877 if (!exporter) {
1878 return;
1879 }
1880
1881 *stats = exporter->ofproto_stats;
1882 }
1883
1884 static void
1885 ipfix_get_bridge_stats(const struct dpif_ipfix_bridge_exporter *exporter,
1886 ofproto_ipfix_stats *stats)
1887 {
1888 ipfix_get_stats__(&exporter->exporter, stats);
1889 }
1890
1891 static void
1892 ipfix_get_flow_stats(const struct dpif_ipfix_flow_exporter *exporter,
1893 ofproto_ipfix_stats *stats)
1894 {
1895 ipfix_get_stats__(&exporter->exporter, stats);
1896 stats->collector_set_id = exporter->options->collector_set_id;
1897 }
1898
1899 int
1900 dpif_ipfix_get_stats(const struct dpif_ipfix *di,
1901 bool bridge_ipfix,
1902 struct ovs_list *replies)
1903 OVS_EXCLUDED(mutex)
1904 {
1905 struct dpif_ipfix_flow_exporter_map_node *flow_exporter_node;
1906 struct ofputil_ipfix_stats ois;
1907
1908 ovs_mutex_lock(&mutex);
1909 if (bridge_ipfix) {
1910 if (!di->bridge_exporter.options) {
1911 ovs_mutex_unlock(&mutex);
1912 return OFPERR_NXST_NOT_CONFIGURED;
1913 }
1914
1915 ipfix_get_bridge_stats(&di->bridge_exporter, &ois);
1916 ofputil_append_ipfix_stat(replies, &ois);
1917 } else {
1918 if (hmap_count(&di->flow_exporter_map) == 0) {
1919 ovs_mutex_unlock(&mutex);
1920 return OFPERR_NXST_NOT_CONFIGURED;
1921 }
1922
1923 HMAP_FOR_EACH (flow_exporter_node, node,
1924 &di->flow_exporter_map) {
1925 ipfix_get_flow_stats(&flow_exporter_node->exporter, &ois);
1926 ofputil_append_ipfix_stat(replies, &ois);
1927 }
1928 }
1929 ovs_mutex_unlock(&mutex);
1930
1931 return 0;
1932 }
1933
1934 /* Update partial ipfix stats */
1935 static void
1936 ipfix_update_stats(struct dpif_ipfix_exporter *exporter,
1937 bool new_flow,
1938 size_t current_flows,
1939 enum ipfix_sampled_packet_type sampled_pkt_type)
1940 {
1941 if (new_flow) {
1942 exporter->ofproto_stats.total_flows++;
1943 exporter->ofproto_stats.current_flows = current_flows;
1944 }
1945 exporter->ofproto_stats.pkts++;
1946
1947 switch (sampled_pkt_type) {
1948 case IPFIX_SAMPLED_PKT_IPV4_OK:
1949 exporter->ofproto_stats.ipv4_pkts++;
1950 break;
1951 case IPFIX_SAMPLED_PKT_IPV6_OK:
1952 exporter->ofproto_stats.ipv6_pkts++;
1953 break;
1954 case IPFIX_SAMPLED_PKT_IPV4_ERROR:
1955 exporter->ofproto_stats.ipv4_error_pkts++;
1956 exporter->ofproto_stats.error_pkts++;
1957 break;
1958 case IPFIX_SAMPLED_PKT_IPV6_ERROR:
1959 exporter->ofproto_stats.ipv6_error_pkts++;
1960 exporter->ofproto_stats.error_pkts++;
1961 break;
1962 case IPFIX_SAMPLED_PKT_UNKNOWN:
1963 exporter->ofproto_stats.error_pkts++;
1964 break;
1965 case IPFIX_SAMPLED_PKT_OTHERS:
1966 default:
1967 break;
1968 }
1969 }
1970
1971 /* Returns the current time in the form used by IPFIX (microseconds since the
1972 * epoch). */
1973 static uint64_t
1974 ipfix_now(void)
1975 {
1976 return time_wall_msec() * 1000ULL;
1977 }
1978
1979 /* Add an entry into a flow cache. The entry is either aggregated into
1980 * an existing entry with the same flow key and free()d, or it is
1981 * inserted into the cache. And IPFIX stats will be updated */
1982 static void
1983 ipfix_cache_update(struct dpif_ipfix_exporter *exporter,
1984 struct ipfix_flow_cache_entry *entry,
1985 enum ipfix_sampled_packet_type sampled_pkt_type)
1986 {
1987 struct ipfix_flow_cache_entry *old_entry;
1988 size_t current_flows = 0;
1989
1990 old_entry = ipfix_cache_find_entry(exporter, &entry->flow_key);
1991
1992 if (old_entry == NULL) {
1993 hmap_insert(&exporter->cache_flow_key_map, &entry->flow_key_map_node,
1994 ipfix_hash_flow_key(&entry->flow_key, 0));
1995
1996 /* As the latest entry added into the cache, it should
1997 * logically have the highest flow_start_timestamp_usec, so
1998 * append it at the tail. */
1999 ovs_list_push_back(&exporter->cache_flow_start_timestamp_list,
2000 &entry->cache_flow_start_timestamp_list_node);
2001
2002 /* Enforce exporter->cache_max_flows limit. */
2003 current_flows = hmap_count(&exporter->cache_flow_key_map);
2004 ipfix_update_stats(exporter, true, current_flows, sampled_pkt_type);
2005 if (current_flows > exporter->cache_max_flows) {
2006 dpif_ipfix_cache_expire_now(exporter, false);
2007 }
2008 } else {
2009 ipfix_cache_aggregate_entries(entry, old_entry);
2010 free(entry);
2011 ipfix_update_stats(exporter, false, current_flows, sampled_pkt_type);
2012 }
2013 }
2014
2015 static void
2016 ipfix_destroy_iface_data_record(struct ipfix_data_record_flow_key_iface *data)
2017 {
2018 free(data->if_descr);
2019 free(data->if_name);
2020 }
2021
2022 /* Fills '*data' structure based on port number 'port_no'. Caller must destroy
2023 * 'data' with ipfix_destroy_iface_data_record(). */
2024 static int
2025 ipfix_get_iface_data_record(const struct dpif_ipfix *di, odp_port_t port_no,
2026 struct ipfix_data_record_flow_key_iface *data)
2027 OVS_REQUIRES(mutex)
2028 {
2029 struct dpif_ipfix_port *port;
2030 struct smap netdev_status;
2031
2032 port = dpif_ipfix_find_port(di, port_no);
2033 if (!port) {
2034 return -1;
2035 }
2036
2037 smap_init(&netdev_status);
2038 if (!netdev_get_status(port->ofport->netdev, &netdev_status)) {
2039 data->if_type = htonl(smap_get_ullong(&netdev_status, "if_type", 0));
2040 data->if_descr = nullable_xstrdup(smap_get(&netdev_status,
2041 "if_descr"));
2042 } else {
2043 data->if_type = 0;
2044 data->if_descr = NULL;
2045 }
2046
2047 smap_destroy(&netdev_status);
2048 data->if_index = htonl(port->ifindex);
2049 data->if_descr_len = data->if_descr ? strnlen(data->if_descr,
2050 MAX_IF_DESCR_LEN) : 0;
2051 data->if_name = nullable_xstrdup(netdev_get_name(port->ofport->netdev));
2052 data->if_name_len = data->if_name ? strnlen(data->if_name,
2053 MAX_IF_NAME_LEN) : 0;
2054
2055 return 0;
2056 }
2057
2058 static void
2059 ipfix_put_iface_data_record(const struct dpif_ipfix *di, odp_port_t port_no,
2060 struct dp_packet *msg)
2061 OVS_REQUIRES(mutex)
2062 {
2063 struct ipfix_data_record_flow_key_iface data;
2064 int err;
2065
2066 memset(&data, 0, sizeof(struct ipfix_data_record_flow_key_iface));
2067 err = ipfix_get_iface_data_record(di, port_no, &data);
2068 if (err == 0) {
2069 dp_packet_put(msg, &data.if_index, sizeof data.if_index);
2070 dp_packet_put(msg, &data.if_type, sizeof data.if_type);
2071 dp_packet_put(msg, &data.if_name_len, sizeof data.if_name_len);
2072 if (data.if_name_len) {
2073 dp_packet_put(msg, data.if_name, data.if_name_len);
2074 }
2075 dp_packet_put(msg, &data.if_descr_len, sizeof data.if_descr_len);
2076 if (data.if_descr_len) {
2077 dp_packet_put(msg, data.if_descr, data.if_descr_len);
2078 }
2079 ipfix_destroy_iface_data_record(&data);
2080 } else {
2081 dp_packet_put_zeros(msg, sizeof data.if_index);
2082 dp_packet_put_zeros(msg, sizeof data.if_type);
2083 dp_packet_put_zeros(msg, sizeof data.if_name_len);
2084 dp_packet_put_zeros(msg, sizeof data.if_descr_len);
2085 }
2086 }
2087
2088 static enum ipfix_sampled_packet_type
2089 ipfix_cache_entry_init(const struct dpif_ipfix *di,
2090 struct ipfix_flow_cache_entry *entry,
2091 const struct dp_packet *packet, const struct flow *flow,
2092 uint64_t packet_delta_count, uint32_t obs_domain_id,
2093 uint32_t obs_point_id, odp_port_t output_odp_port,
2094 enum nx_action_sample_direction direction,
2095 const struct dpif_ipfix_port *tunnel_port,
2096 const struct flow_tnl *tunnel_key,
2097 struct dpif_ipfix_global_stats *stats,
2098 const struct dpif_ipfix_actions *ipfix_actions)
2099 OVS_REQUIRES(mutex)
2100 {
2101 struct ipfix_flow_key *flow_key;
2102 struct dp_packet msg;
2103 enum ipfix_proto_l2 l2;
2104 enum ipfix_proto_l3 l3;
2105 enum ipfix_proto_l4 l4;
2106 enum ipfix_proto_tunnel tunnel = IPFIX_PROTO_NOT_TUNNELED;
2107 enum ipfix_sampled_packet_type sampled_pkt_type = IPFIX_SAMPLED_PKT_UNKNOWN;
2108 uint8_t ethernet_header_length;
2109 uint16_t ethernet_total_length;
2110 bool is_multicast = false;
2111 bool is_broadcast = false;
2112
2113 flow_key = &entry->flow_key;
2114 dp_packet_use_stub(&msg, flow_key->flow_key_msg_part,
2115 sizeof flow_key->flow_key_msg_part);
2116
2117 /* Choose the right template ID matching the protocols in the
2118 * sampled packet. */
2119 l2 = (flow->vlans[0].tci == 0) ? IPFIX_PROTO_L2_ETH : IPFIX_PROTO_L2_VLAN;
2120
2121 switch(ntohs(flow->dl_type)) {
2122 case ETH_TYPE_IP:
2123 l3 = IPFIX_PROTO_L3_IPV4;
2124 sampled_pkt_type = IPFIX_SAMPLED_PKT_IPV4_OK;
2125 switch(flow->nw_proto) {
2126 case IPPROTO_TCP:
2127 l4 = IPFIX_PROTO_L4_TCP;
2128 break;
2129 case IPPROTO_UDP:
2130 l4 = IPFIX_PROTO_L4_UDP;
2131 break;
2132 case IPPROTO_SCTP:
2133 l4 = IPFIX_PROTO_L4_SCTP;
2134 break;
2135 case IPPROTO_ICMP:
2136 l4 = IPFIX_PROTO_L4_ICMP;
2137 break;
2138 default:
2139 l4 = IPFIX_PROTO_L4_UNKNOWN;
2140 sampled_pkt_type = IPFIX_SAMPLED_PKT_IPV4_ERROR;
2141 }
2142 break;
2143 case ETH_TYPE_IPV6:
2144 l3 = IPFIX_PROTO_L3_IPV6;
2145 sampled_pkt_type = IPFIX_SAMPLED_PKT_IPV6_OK;
2146 switch(flow->nw_proto) {
2147 case IPPROTO_TCP:
2148 l4 = IPFIX_PROTO_L4_TCP;
2149 break;
2150 case IPPROTO_UDP:
2151 l4 = IPFIX_PROTO_L4_UDP;
2152 break;
2153 case IPPROTO_SCTP:
2154 l4 = IPFIX_PROTO_L4_SCTP;
2155 break;
2156 case IPPROTO_ICMPV6:
2157 l4 = IPFIX_PROTO_L4_ICMP;
2158 break;
2159 default:
2160 l4 = IPFIX_PROTO_L4_UNKNOWN;
2161 sampled_pkt_type = IPFIX_SAMPLED_PKT_IPV6_ERROR;
2162 }
2163 break;
2164 default:
2165 l3 = IPFIX_PROTO_L3_UNKNOWN;
2166 l4 = IPFIX_PROTO_L4_UNKNOWN;
2167 sampled_pkt_type = IPFIX_SAMPLED_PKT_OTHERS;
2168 }
2169
2170 if (tunnel_port && tunnel_key) {
2171 tunnel = IPFIX_PROTO_TUNNELED;
2172 }
2173
2174 uint8_t flow_direction =
2175 (direction == NX_ACTION_SAMPLE_INGRESS ? INGRESS_FLOW
2176 : direction == NX_ACTION_SAMPLE_EGRESS ? EGRESS_FLOW
2177 : output_odp_port == ODPP_NONE ? INGRESS_FLOW : EGRESS_FLOW);
2178
2179 flow_key->obs_domain_id = obs_domain_id;
2180 flow_key->template_id = ipfix_get_template_id(l2, l3, l4, tunnel,
2181 flow_direction);
2182
2183 /* The fields defined in the ipfix_data_record_* structs and sent
2184 * below must match exactly the templates defined in
2185 * ipfix_define_template_fields. */
2186
2187 ethernet_header_length = (l2 == IPFIX_PROTO_L2_VLAN)
2188 ? VLAN_ETH_HEADER_LEN : ETH_HEADER_LEN;
2189 ethernet_total_length = dp_packet_size(packet);
2190
2191 /* Common Ethernet entities. */
2192 {
2193 struct ipfix_data_record_flow_key_common *data_common;
2194
2195 data_common = dp_packet_put_zeros(&msg, sizeof *data_common);
2196 data_common->observation_point_id = htonl(obs_point_id);
2197 data_common->flow_direction = flow_direction;
2198 data_common->source_mac_address = flow->dl_src;
2199 data_common->destination_mac_address = flow->dl_dst;
2200 data_common->ethernet_type = flow->dl_type;
2201 data_common->ethernet_header_length = ethernet_header_length;
2202 }
2203
2204 /* Interface Information Elements */
2205 ipfix_put_iface_data_record(di, flow->in_port.odp_port, &msg);
2206
2207 if (flow_direction == EGRESS_FLOW) {
2208 ipfix_put_iface_data_record(di, output_odp_port, &msg);
2209 }
2210
2211 if (l2 == IPFIX_PROTO_L2_VLAN) {
2212 struct ipfix_data_record_flow_key_vlan *data_vlan;
2213 uint16_t vlan_id = vlan_tci_to_vid(flow->vlans[0].tci);
2214 uint8_t priority = vlan_tci_to_pcp(flow->vlans[0].tci);
2215
2216 data_vlan = dp_packet_put_zeros(&msg, sizeof *data_vlan);
2217 data_vlan->vlan_id = htons(vlan_id);
2218 data_vlan->dot1q_vlan_id = htons(vlan_id);
2219 data_vlan->dot1q_priority = priority;
2220 }
2221
2222 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
2223 struct ipfix_data_record_flow_key_ip *data_ip;
2224
2225 data_ip = dp_packet_put_zeros(&msg, sizeof *data_ip);
2226 data_ip->ip_version = (l3 == IPFIX_PROTO_L3_IPV4) ? 4 : 6;
2227 data_ip->ip_ttl = flow->nw_ttl;
2228 data_ip->protocol_identifier = flow->nw_proto;
2229 data_ip->ip_diff_serv_code_point = flow->nw_tos >> 2;
2230 data_ip->ip_precedence = flow->nw_tos >> 5;
2231 data_ip->ip_class_of_service = flow->nw_tos;
2232
2233 if (l3 == IPFIX_PROTO_L3_IPV4) {
2234 struct ipfix_data_record_flow_key_ipv4 *data_ipv4;
2235
2236 data_ipv4 = dp_packet_put_zeros(&msg, sizeof *data_ipv4);
2237 data_ipv4->source_ipv4_address = flow->nw_src;
2238 data_ipv4->destination_ipv4_address = flow->nw_dst;
2239 } else { /* l3 == IPFIX_PROTO_L3_IPV6 */
2240 struct ipfix_data_record_flow_key_ipv6 *data_ipv6;
2241
2242 data_ipv6 = dp_packet_put_zeros(&msg, sizeof *data_ipv6);
2243 memcpy(data_ipv6->source_ipv6_address, &flow->ipv6_src,
2244 sizeof flow->ipv6_src);
2245 memcpy(data_ipv6->destination_ipv6_address, &flow->ipv6_dst,
2246 sizeof flow->ipv6_dst);
2247 data_ipv6->flow_label_ipv6 = flow->ipv6_label;
2248 }
2249 }
2250
2251 if (l4 == IPFIX_PROTO_L4_TCP
2252 || l4 == IPFIX_PROTO_L4_UDP
2253 || l4 == IPFIX_PROTO_L4_SCTP) {
2254 struct ipfix_data_record_flow_key_transport *data_transport;
2255
2256 data_transport = dp_packet_put_zeros(&msg, sizeof *data_transport);
2257 data_transport->source_transport_port = flow->tp_src;
2258 data_transport->destination_transport_port = flow->tp_dst;
2259 } else if (l4 == IPFIX_PROTO_L4_ICMP) {
2260 struct ipfix_data_record_flow_key_icmp *data_icmp;
2261
2262 data_icmp = dp_packet_put_zeros(&msg, sizeof *data_icmp);
2263 data_icmp->icmp_type = ntohs(flow->tp_src) & 0xff;
2264 data_icmp->icmp_code = ntohs(flow->tp_dst) & 0xff;
2265 }
2266
2267 if (tunnel == IPFIX_PROTO_TUNNELED) {
2268 struct ipfix_data_record_flow_key_tunnel *data_tunnel;
2269 const uint8_t *tun_id;
2270
2271 data_tunnel = dp_packet_put_zeros(&msg, sizeof *data_tunnel +
2272 tunnel_port->tunnel_key_length);
2273 data_tunnel->tunnel_source_ipv4_address = tunnel_key->ip_src;
2274 data_tunnel->tunnel_destination_ipv4_address = tunnel_key->ip_dst;
2275 /* The tunnel_protocol_identifier is from tunnel_proto array, which
2276 * contains protocol_identifiers of each tunnel type.
2277 */
2278 data_tunnel->tunnel_protocol_identifier =
2279 tunnel_protocol[tunnel_port->tunnel_type];
2280 data_tunnel->tunnel_source_transport_port = tunnel_key->tp_src;
2281 data_tunnel->tunnel_destination_transport_port = tunnel_key->tp_dst;
2282 data_tunnel->tunnel_type = tunnel_port->tunnel_type;
2283 data_tunnel->tunnel_key_length = tunnel_port->tunnel_key_length;
2284 /* tun_id is in network order, and tunnel key is in low bits. */
2285 tun_id = (const uint8_t *) &tunnel_key->tun_id;
2286 memcpy(data_tunnel->tunnel_key,
2287 &tun_id[8 - tunnel_port->tunnel_key_length],
2288 tunnel_port->tunnel_key_length);
2289 }
2290
2291 flow_key->flow_key_msg_part_size = dp_packet_size(&msg);
2292
2293 if (eth_addr_is_broadcast(flow->dl_dst)) {
2294 is_broadcast = true;
2295 } else if (eth_addr_is_multicast(flow->dl_dst)) {
2296 is_multicast = true;
2297 }
2298
2299 {
2300 uint64_t layer2_octet_delta_count;
2301
2302 /* Calculate the total matched octet count by considering as
2303 * an approximation that all matched packets have the same
2304 * length. */
2305 layer2_octet_delta_count = packet_delta_count * ethernet_total_length;
2306
2307 entry->flow_end_timestamp_usec = ipfix_now();
2308 entry->flow_start_timestamp_usec = entry->flow_end_timestamp_usec;
2309
2310 if (ipfix_actions && ipfix_actions->output_action) {
2311 entry->dropped_packet_delta_count = 0;
2312 } else {
2313 entry->dropped_packet_delta_count = packet_delta_count;
2314 }
2315
2316 entry->packet_delta_count = packet_delta_count;
2317 entry->layer2_octet_delta_count = layer2_octet_delta_count;
2318
2319 stats->dropped_packet_total_count += entry->dropped_packet_delta_count;
2320 stats->packet_total_count += packet_delta_count;
2321 stats->layer2_octet_total_count += layer2_octet_delta_count;
2322
2323 entry->post_mcast_packet_delta_count = 0;
2324 if (is_broadcast) {
2325 if (flow_direction == INGRESS_FLOW) {
2326 stats->in_bcast_packet_total_count += packet_delta_count;
2327 } else if (flow_direction == EGRESS_FLOW) {
2328 stats->out_bcast_packet_total_count += packet_delta_count;
2329 }
2330 } else if (is_multicast) {
2331 if (flow_direction == INGRESS_FLOW) {
2332 stats->in_mcast_packet_total_count += packet_delta_count;
2333 } else if (flow_direction == EGRESS_FLOW) {
2334 entry->post_mcast_packet_delta_count = packet_delta_count;
2335 stats->post_mcast_packet_total_count += packet_delta_count;
2336 }
2337 } else {
2338 if (flow_direction == INGRESS_FLOW) {
2339 stats->in_ucast_packet_total_count += packet_delta_count;
2340 } else if (flow_direction == EGRESS_FLOW) {
2341 stats->out_ucast_packet_total_count += packet_delta_count;
2342 }
2343 }
2344
2345 entry->dropped_packet_total_count = stats->dropped_packet_total_count;
2346 entry->packet_total_count = stats->packet_total_count;
2347 entry->in_ucast_packet_total_count =
2348 stats->in_ucast_packet_total_count;
2349 entry->in_mcast_packet_total_count =
2350 stats->in_mcast_packet_total_count;
2351 entry->in_bcast_packet_total_count =
2352 stats->in_bcast_packet_total_count;
2353 entry->out_ucast_packet_total_count =
2354 stats->out_ucast_packet_total_count;
2355 entry->out_bcast_packet_total_count =
2356 stats->out_bcast_packet_total_count;
2357 entry->post_mcast_packet_total_count =
2358 stats->post_mcast_packet_total_count;
2359 entry->layer2_octet_total_count = stats->layer2_octet_total_count;
2360 }
2361
2362 if (l3 != IPFIX_PROTO_L3_UNKNOWN) {
2363 uint16_t ip_total_length =
2364 ethernet_total_length - ethernet_header_length;
2365 uint64_t octet_delta_count;
2366
2367 /* Calculate the total matched octet count by considering as
2368 * an approximation that all matched packets have the same
2369 * length. */
2370 octet_delta_count = packet_delta_count * ip_total_length;
2371
2372 if (ipfix_actions && ipfix_actions->output_action) {
2373 entry->dropped_octet_delta_count = 0;
2374 } else {
2375 entry->dropped_octet_delta_count = octet_delta_count;
2376 }
2377
2378 entry->octet_delta_count = octet_delta_count;
2379 entry->octet_delta_sum_of_squares = octet_delta_count * ip_total_length;
2380 entry->minimum_ip_total_length = ip_total_length;
2381 entry->maximum_ip_total_length = ip_total_length;
2382
2383 stats->dropped_octet_total_count += entry->dropped_octet_delta_count;
2384 stats->octet_total_count += octet_delta_count;
2385 stats->octet_total_sum_of_squares += entry->octet_delta_sum_of_squares;
2386
2387 if (is_multicast && flow_direction == EGRESS_FLOW) {
2388 entry->post_mcast_octet_delta_count = octet_delta_count;
2389 stats->post_mcast_octet_total_count += octet_delta_count;
2390 } else {
2391 entry->post_mcast_octet_delta_count = 0;
2392 }
2393 } else {
2394 entry->octet_delta_sum_of_squares = 0;
2395 entry->minimum_ip_total_length = 0;
2396 entry->maximum_ip_total_length = 0;
2397 }
2398
2399 entry->dropped_octet_total_count = stats->dropped_octet_total_count;
2400 entry->octet_total_sum_of_squares = stats->octet_total_sum_of_squares;
2401 entry->octet_total_count = stats->octet_total_count;
2402 entry->post_mcast_octet_total_count =
2403 stats->post_mcast_octet_total_count;
2404
2405 if (l4 == IPFIX_PROTO_L4_TCP) {
2406 uint16_t tcp_flags = ntohs(flow->tcp_flags);
2407 entry->tcp_packet_delta_count = packet_delta_count;
2408
2409 if (tcp_flags & TCP_ACK) {
2410 stats->tcp_ack_total_count += packet_delta_count;
2411 }
2412 if (tcp_flags & TCP_FIN) {
2413 stats->tcp_fin_total_count += packet_delta_count;
2414 }
2415 if (tcp_flags & TCP_PSH) {
2416 stats->tcp_psh_total_count += packet_delta_count;
2417 }
2418 if (tcp_flags & TCP_RST) {
2419 stats->tcp_rst_total_count += packet_delta_count;
2420 }
2421 if (tcp_flags & TCP_SYN) {
2422 stats->tcp_syn_total_count += packet_delta_count;
2423 }
2424 if (tcp_flags & TCP_URG) {
2425 stats->tcp_urg_total_count += packet_delta_count;
2426 }
2427 } else {
2428 entry->tcp_packet_delta_count = 0;
2429 }
2430
2431 entry->tcp_ack_total_count = stats->tcp_ack_total_count;
2432 entry->tcp_fin_total_count = stats->tcp_fin_total_count;
2433 entry->tcp_psh_total_count = stats->tcp_psh_total_count;
2434 entry->tcp_rst_total_count = stats->tcp_rst_total_count;
2435 entry->tcp_syn_total_count = stats->tcp_syn_total_count;
2436 entry->tcp_urg_total_count = stats->tcp_urg_total_count;
2437
2438 return sampled_pkt_type;
2439 }
2440
2441 /* Send each single data record in its own data set, to simplify the
2442 * implementation by avoiding having to group record by template ID
2443 * before sending. */
2444 static void
2445 ipfix_put_data_set(uint32_t export_time_sec,
2446 struct ipfix_flow_cache_entry *entry,
2447 enum ipfix_flow_end_reason flow_end_reason,
2448 const char *virtual_obs_id,
2449 uint8_t virtual_obs_len,
2450 struct dp_packet *msg)
2451 {
2452 size_t set_hdr_offset;
2453 struct ipfix_set_header *set_hdr;
2454
2455 set_hdr_offset = dp_packet_size(msg);
2456
2457 /* Put a Data Set. */
2458 set_hdr = dp_packet_put_zeros(msg, sizeof *set_hdr);
2459 set_hdr->set_id = htons(entry->flow_key.template_id);
2460
2461 /* Copy the flow key part of the data record. */
2462 dp_packet_put(msg, entry->flow_key.flow_key_msg_part,
2463 entry->flow_key.flow_key_msg_part_size);
2464
2465 /* Export virtual observation ID. */
2466 if (virtual_obs_id) {
2467 dp_packet_put(msg, &virtual_obs_len, sizeof(virtual_obs_len));
2468 dp_packet_put(msg, virtual_obs_id, virtual_obs_len);
2469 }
2470
2471 /* Put the non-key part of the data record. */
2472
2473 {
2474 struct ipfix_data_record_aggregated_common *data_aggregated_common;
2475 uint64_t export_time_usec, flow_start_delta_usec, flow_end_delta_usec;
2476
2477 /* Calculate the negative deltas relative to the export time
2478 * in seconds sent in the header, not the exact export
2479 * time. */
2480 export_time_usec = 1000000LL * export_time_sec;
2481 flow_start_delta_usec = export_time_usec
2482 - entry->flow_start_timestamp_usec;
2483 flow_end_delta_usec = export_time_usec
2484 - entry->flow_end_timestamp_usec;
2485
2486 data_aggregated_common = dp_packet_put_zeros(
2487 msg, sizeof *data_aggregated_common);
2488 data_aggregated_common->flow_start_delta_microseconds = htonl(
2489 flow_start_delta_usec);
2490 data_aggregated_common->flow_end_delta_microseconds = htonl(
2491 flow_end_delta_usec);
2492 data_aggregated_common->dropped_packet_delta_count = htonll(
2493 entry->dropped_packet_delta_count);
2494 data_aggregated_common->dropped_packet_total_count = htonll(
2495 entry->dropped_packet_total_count);
2496 data_aggregated_common->packet_delta_count = htonll(
2497 entry->packet_delta_count);
2498 data_aggregated_common->packet_total_count = htonll(
2499 entry->packet_total_count);
2500 data_aggregated_common->in_ucast_packet_total_count = htonll(
2501 entry->in_ucast_packet_total_count);
2502 data_aggregated_common->in_mcast_packet_total_count = htonll(
2503 entry->in_mcast_packet_total_count);
2504 data_aggregated_common->in_bcast_packet_total_count = htonll(
2505 entry->in_bcast_packet_total_count);
2506 data_aggregated_common->out_ucast_packet_total_count = htonll(
2507 entry->out_ucast_packet_total_count);
2508 data_aggregated_common->out_bcast_packet_total_count = htonll(
2509 entry->out_bcast_packet_total_count);
2510 data_aggregated_common->layer2_octet_delta_count = htonll(
2511 entry->layer2_octet_delta_count);
2512 data_aggregated_common->layer2_octet_total_count = htonll(
2513 entry->layer2_octet_total_count);
2514 data_aggregated_common->flow_end_reason = flow_end_reason;
2515 data_aggregated_common->post_mcast_packet_delta_count = htonll(
2516 entry->post_mcast_packet_delta_count);
2517 data_aggregated_common->post_mcast_packet_total_count = htonll(
2518 entry->post_mcast_packet_total_count);
2519 }
2520
2521 if (entry->octet_delta_sum_of_squares) { /* IP packet. */
2522 struct ipfix_data_record_aggregated_ip *data_aggregated_ip;
2523
2524 data_aggregated_ip = dp_packet_put_zeros(
2525 msg, sizeof *data_aggregated_ip);
2526 data_aggregated_ip->dropped_octet_delta_count = htonll(
2527 entry->dropped_octet_delta_count);
2528 data_aggregated_ip->dropped_octet_total_count = htonll(
2529 entry->dropped_octet_total_count);
2530 data_aggregated_ip->octet_delta_count = htonll(
2531 entry->octet_delta_count);
2532 data_aggregated_ip->octet_total_count = htonll(
2533 entry->octet_total_count);
2534 data_aggregated_ip->octet_delta_sum_of_squares = htonll(
2535 entry->octet_delta_sum_of_squares);
2536 data_aggregated_ip->octet_total_sum_of_squares = htonll(
2537 entry->octet_total_sum_of_squares);
2538 data_aggregated_ip->minimum_ip_total_length = htonll(
2539 entry->minimum_ip_total_length);
2540 data_aggregated_ip->maximum_ip_total_length = htonll(
2541 entry->maximum_ip_total_length);
2542 data_aggregated_ip->post_mcast_octet_delta_count = htonll(
2543 entry->post_mcast_octet_delta_count);
2544 data_aggregated_ip->post_mcast_octet_total_count = htonll(
2545 entry->post_mcast_octet_total_count);
2546 }
2547
2548 if (entry->tcp_packet_delta_count) {
2549 struct ipfix_data_record_aggregated_tcp *data_aggregated_tcp;
2550
2551 data_aggregated_tcp = dp_packet_put_zeros(
2552 msg, sizeof *data_aggregated_tcp);
2553 data_aggregated_tcp->tcp_ack_total_count = htonll(
2554 entry->tcp_ack_total_count);
2555 data_aggregated_tcp->tcp_fin_total_count = htonll(
2556 entry->tcp_fin_total_count);
2557 data_aggregated_tcp->tcp_psh_total_count = htonll(
2558 entry->tcp_psh_total_count);
2559 data_aggregated_tcp->tcp_rst_total_count = htonll(
2560 entry->tcp_rst_total_count);
2561 data_aggregated_tcp->tcp_syn_total_count = htonll(
2562 entry->tcp_syn_total_count);
2563 data_aggregated_tcp->tcp_urg_total_count = htonll(
2564 entry->tcp_urg_total_count);
2565 }
2566
2567 set_hdr = (struct ipfix_set_header*)((uint8_t*)dp_packet_data(msg) + set_hdr_offset);
2568 set_hdr->length = htons(dp_packet_size(msg) - set_hdr_offset);
2569 }
2570
2571 static void
2572 ipfix_put_exporter_data_set(uint32_t exporting_process_id,
2573 const ofproto_ipfix_stats *ofproto_stats,
2574 struct dp_packet *msg)
2575 {
2576 size_t set_hdr_offset;
2577 struct ipfix_set_header *set_hdr;
2578
2579 set_hdr_offset = dp_packet_size(msg);
2580
2581 /* Put a Data Set. */
2582 set_hdr = dp_packet_put_zeros(msg, sizeof *set_hdr);
2583 set_hdr->set_id = htons(
2584 ipfix_get_options_template_id(IPFIX_OPTIONS_TEMPLATE_EXPORTER_STATS));
2585
2586 {
2587 struct ipfix_data_record_exporter_stats *data_exporter_stats;
2588
2589 data_exporter_stats = dp_packet_put_zeros(
2590 msg, sizeof *data_exporter_stats);
2591
2592 data_exporter_stats->exporting_process_id =
2593 htonl(exporting_process_id);
2594 data_exporter_stats->not_sent_packet_total_count = htonll(
2595 ofproto_stats->tx_errors);
2596 }
2597
2598 set_hdr = (struct ipfix_set_header *)
2599 ((uint8_t *)dp_packet_data(msg) + set_hdr_offset);
2600 set_hdr->length = htons(dp_packet_size(msg) - set_hdr_offset);
2601 }
2602
2603 /* Send an IPFIX message with a single data set containing Exporting Process
2604 * Reliability Statistics. */
2605 static void
2606 ipfix_send_exporter_data_msg(struct dpif_ipfix_exporter *exporter,
2607 uint32_t export_time_sec)
2608 {
2609 uint64_t msg_stub[DIV_ROUND_UP(MAX_MESSAGE_LEN, 8)];
2610 struct dp_packet msg;
2611 size_t tx_errors;
2612
2613 dp_packet_use_stub(&msg, msg_stub, sizeof msg_stub);
2614
2615 /* In case of Exporting Process Statistics, Observation Domain ID should
2616 * be set to 0. */
2617 ipfix_init_header(export_time_sec, exporter->seq_number++, 0U, &msg);
2618 ipfix_put_exporter_data_set(exporter->exporter_id,
2619 &exporter->ofproto_stats, &msg);
2620 tx_errors = ipfix_send_msg(exporter->collectors, &msg);
2621
2622 dp_packet_uninit(&msg);
2623
2624 exporter->ofproto_stats.tx_pkts +=
2625 collectors_count(exporter->collectors) - tx_errors;
2626 exporter->ofproto_stats.tx_errors += tx_errors;
2627 }
2628
2629 /* Send an IPFIX message with a single data record. */
2630 static void
2631 ipfix_send_data_msg(struct dpif_ipfix_exporter *exporter,
2632 uint32_t export_time_sec,
2633 struct ipfix_flow_cache_entry *entry,
2634 enum ipfix_flow_end_reason flow_end_reason)
2635 {
2636 uint64_t msg_stub[DIV_ROUND_UP(MAX_MESSAGE_LEN, 8)];
2637 struct dp_packet msg;
2638 size_t tx_errors;
2639
2640 dp_packet_use_stub(&msg, msg_stub, sizeof msg_stub);
2641
2642 ipfix_init_header(export_time_sec, exporter->seq_number++,
2643 entry->flow_key.obs_domain_id, &msg);
2644 ipfix_put_data_set(export_time_sec, entry, flow_end_reason,
2645 exporter->virtual_obs_id, exporter->virtual_obs_len,
2646 &msg);
2647 tx_errors = ipfix_send_msg(exporter->collectors, &msg);
2648
2649 dp_packet_uninit(&msg);
2650
2651 exporter->ofproto_stats.current_flows--;
2652 exporter->ofproto_stats.tx_pkts +=
2653 collectors_count(exporter->collectors) - tx_errors;
2654 exporter->ofproto_stats.tx_errors += tx_errors;
2655 }
2656
2657 static void
2658 dpif_ipfix_sample(const struct dpif_ipfix *di,
2659 struct dpif_ipfix_exporter *exporter,
2660 const struct dp_packet *packet, const struct flow *flow,
2661 uint64_t packet_delta_count, uint32_t obs_domain_id,
2662 uint32_t obs_point_id, odp_port_t output_odp_port,
2663 enum nx_action_sample_direction direction,
2664 const struct dpif_ipfix_port *tunnel_port,
2665 const struct flow_tnl *tunnel_key,
2666 const struct dpif_ipfix_actions *ipfix_actions)
2667 OVS_REQUIRES(mutex)
2668 {
2669 struct ipfix_flow_cache_entry *entry;
2670 enum ipfix_sampled_packet_type sampled_packet_type;
2671
2672 /* Create a flow cache entry from the sample. */
2673 entry = xmalloc(sizeof *entry);
2674 sampled_packet_type =
2675 ipfix_cache_entry_init(di, entry, packet,
2676 flow, packet_delta_count,
2677 obs_domain_id, obs_point_id,
2678 output_odp_port, direction,
2679 tunnel_port, tunnel_key,
2680 &exporter->ipfix_global_stats,
2681 ipfix_actions);
2682
2683 ipfix_cache_update(exporter, entry, sampled_packet_type);
2684 }
2685
2686 static bool
2687 bridge_exporter_enabled(struct dpif_ipfix *di)
2688 {
2689 return di->bridge_exporter.probability > 0;
2690 }
2691
2692 void
2693 dpif_ipfix_bridge_sample(struct dpif_ipfix *di, const struct dp_packet *packet,
2694 const struct flow *flow,
2695 odp_port_t input_odp_port, odp_port_t output_odp_port,
2696 const struct flow_tnl *output_tunnel_key,
2697 const struct dpif_ipfix_actions *ipfix_actions)
2698 OVS_EXCLUDED(mutex)
2699 {
2700 uint64_t packet_delta_count;
2701 const struct flow_tnl *tunnel_key = NULL;
2702 struct dpif_ipfix_port * tunnel_port = NULL;
2703
2704 ovs_mutex_lock(&mutex);
2705 if (!bridge_exporter_enabled(di)) {
2706 ovs_mutex_unlock(&mutex);
2707 return;
2708 }
2709
2710 /* Skip BFD packets:
2711 * Bidirectional Forwarding Detection(BFD) packets are for monitoring
2712 * the tunnel link status and consumed by ovs itself. No need to
2713 * smaple them.
2714 * CF IETF RFC 5881, BFD control packet is the UDP packet with
2715 * destination port 3784, and BFD echo packet is the UDP packet with
2716 * destination port 3785.
2717 */
2718 if (is_ip_any(flow) &&
2719 flow->nw_proto == IPPROTO_UDP &&
2720 (flow->tp_dst == htons(BFD_CONTROL_DEST_PORT) ||
2721 flow->tp_dst == htons(BFD_ECHO_DEST_PORT))) {
2722 ovs_mutex_unlock(&mutex);
2723 return;
2724 }
2725
2726 /* Use the sampling probability as an approximation of the number
2727 * of matched packets. */
2728 packet_delta_count = UINT32_MAX / di->bridge_exporter.probability;
2729 if (di->bridge_exporter.options->enable_tunnel_sampling) {
2730 if (output_odp_port == ODPP_NONE && flow->tunnel.ip_dst) {
2731 /* Input tunnel. */
2732 tunnel_key = &flow->tunnel;
2733 tunnel_port = dpif_ipfix_find_tunnel_port(di, input_odp_port);
2734 }
2735 if (output_odp_port != ODPP_NONE && output_tunnel_key) {
2736 /* Output tunnel, output_tunnel_key must be valid. */
2737 tunnel_key = output_tunnel_key;
2738 tunnel_port = dpif_ipfix_find_tunnel_port(di, output_odp_port);
2739 }
2740 }
2741
2742 dpif_ipfix_sample(di, &di->bridge_exporter.exporter, packet, flow,
2743 packet_delta_count,
2744 di->bridge_exporter.options->obs_domain_id,
2745 di->bridge_exporter.options->obs_point_id,
2746 output_odp_port, NX_ACTION_SAMPLE_DEFAULT,
2747 tunnel_port, tunnel_key, ipfix_actions);
2748 ovs_mutex_unlock(&mutex);
2749 }
2750
2751 void
2752 dpif_ipfix_flow_sample(struct dpif_ipfix *di, const struct dp_packet *packet,
2753 const struct flow *flow,
2754 const struct user_action_cookie *cookie,
2755 odp_port_t input_odp_port,
2756 const struct flow_tnl *output_tunnel_key,
2757 const struct dpif_ipfix_actions *ipfix_actions)
2758 OVS_EXCLUDED(mutex)
2759 {
2760 struct dpif_ipfix_flow_exporter_map_node *node;
2761 const struct flow_tnl *tunnel_key = NULL;
2762 struct dpif_ipfix_port * tunnel_port = NULL;
2763 odp_port_t output_odp_port = cookie->flow_sample.output_odp_port;
2764 uint32_t collector_set_id = cookie->flow_sample.collector_set_id;
2765 uint16_t probability = cookie->flow_sample.probability;
2766
2767 /* Use the sampling probability as an approximation of the number
2768 * of matched packets. */
2769 uint64_t packet_delta_count = USHRT_MAX / probability;
2770
2771 ovs_mutex_lock(&mutex);
2772 node = dpif_ipfix_find_flow_exporter_map_node(di, collector_set_id);
2773 if (node) {
2774 if (node->exporter.options->enable_tunnel_sampling) {
2775 if (output_odp_port == ODPP_NONE && flow->tunnel.ip_dst) {
2776 /* Input tunnel. */
2777 tunnel_key = &flow->tunnel;
2778 tunnel_port = dpif_ipfix_find_tunnel_port(di, input_odp_port);
2779 }
2780 if (output_odp_port != ODPP_NONE && output_tunnel_key) {
2781 /* Output tunnel, output_tunnel_key must be valid. */
2782 tunnel_key = output_tunnel_key;
2783 tunnel_port = dpif_ipfix_find_tunnel_port(di, output_odp_port);
2784 }
2785 }
2786
2787 dpif_ipfix_sample(di, &node->exporter.exporter, packet, flow,
2788 packet_delta_count,
2789 cookie->flow_sample.obs_domain_id,
2790 cookie->flow_sample.obs_point_id,
2791 output_odp_port, cookie->flow_sample.direction,
2792 tunnel_port, tunnel_key, ipfix_actions);
2793 }
2794 ovs_mutex_unlock(&mutex);
2795 }
2796
2797 static void
2798 dpif_ipfix_cache_expire(struct dpif_ipfix_exporter *exporter,
2799 bool forced_end, const uint64_t export_time_usec,
2800 const uint32_t export_time_sec)
2801 {
2802 struct ipfix_flow_cache_entry *entry, *next_entry;
2803 uint64_t max_flow_start_timestamp_usec;
2804 bool template_msg_sent = false;
2805 enum ipfix_flow_end_reason flow_end_reason;
2806
2807 if (ovs_list_is_empty(&exporter->cache_flow_start_timestamp_list)) {
2808 return;
2809 }
2810
2811 max_flow_start_timestamp_usec = export_time_usec -
2812 1000000LL * exporter->cache_active_timeout;
2813
2814 LIST_FOR_EACH_SAFE (entry, next_entry, cache_flow_start_timestamp_list_node,
2815 &exporter->cache_flow_start_timestamp_list) {
2816 if (forced_end) {
2817 flow_end_reason = FORCED_END;
2818 } else if (entry->flow_start_timestamp_usec
2819 <= max_flow_start_timestamp_usec) {
2820 flow_end_reason = ACTIVE_TIMEOUT;
2821 } else if (hmap_count(&exporter->cache_flow_key_map)
2822 > exporter->cache_max_flows) {
2823 /* Enforce exporter->cache_max_flows. */
2824 flow_end_reason = LACK_OF_RESOURCES;
2825 } else {
2826 /* Remaining flows haven't expired yet. */
2827 break;
2828 }
2829
2830 ovs_list_remove(&entry->cache_flow_start_timestamp_list_node);
2831 hmap_remove(&exporter->cache_flow_key_map,
2832 &entry->flow_key_map_node);
2833
2834 /* XXX: Make frequency of the (Options) Template and Exporter Process
2835 * Statistics transmission configurable.
2836 * Cf. IETF RFC 5101 Section 4.3. and 10.3.6. */
2837 if (!template_msg_sent
2838 && (exporter->last_template_set_time + IPFIX_TEMPLATE_INTERVAL)
2839 <= export_time_sec) {
2840 ipfix_send_template_msgs(exporter, export_time_sec,
2841 entry->flow_key.obs_domain_id);
2842 exporter->last_template_set_time = export_time_sec;
2843 template_msg_sent = true;
2844
2845 /* Send Exporter Process Statistics. */
2846 ipfix_send_exporter_data_msg(exporter, export_time_sec);
2847 }
2848
2849 /* XXX: Group multiple data records for the same obs domain id
2850 * into the same message. */
2851 ipfix_send_data_msg(exporter, export_time_sec, entry, flow_end_reason);
2852 free(entry);
2853 }
2854 }
2855
2856 static void
2857 get_export_time_now(uint64_t *export_time_usec, uint32_t *export_time_sec)
2858 {
2859 *export_time_usec = ipfix_now();
2860
2861 /* The IPFIX start and end deltas are negative deltas relative to
2862 * the export time, so set the export time 1 second off to
2863 * calculate those deltas. */
2864 *export_time_sec = DIV_ROUND_UP(*export_time_usec, 1000000);
2865 }
2866
2867 static void
2868 dpif_ipfix_cache_expire_now(struct dpif_ipfix_exporter *exporter,
2869 bool forced_end)
2870 {
2871 uint64_t export_time_usec;
2872 uint32_t export_time_sec;
2873
2874 get_export_time_now(&export_time_usec, &export_time_sec);
2875 dpif_ipfix_cache_expire(exporter, forced_end, export_time_usec,
2876 export_time_sec);
2877 }
2878
2879 void
2880 dpif_ipfix_run(struct dpif_ipfix *di) OVS_EXCLUDED(mutex)
2881 {
2882 uint64_t export_time_usec;
2883 uint32_t export_time_sec;
2884 struct dpif_ipfix_flow_exporter_map_node *flow_exporter_node;
2885
2886 ovs_mutex_lock(&mutex);
2887 get_export_time_now(&export_time_usec, &export_time_sec);
2888 if (bridge_exporter_enabled(di)) {
2889 dpif_ipfix_cache_expire(
2890 &di->bridge_exporter.exporter, false, export_time_usec,
2891 export_time_sec);
2892 }
2893 HMAP_FOR_EACH (flow_exporter_node, node, &di->flow_exporter_map) {
2894 dpif_ipfix_cache_expire(
2895 &flow_exporter_node->exporter.exporter, false, export_time_usec,
2896 export_time_sec);
2897 }
2898 ovs_mutex_unlock(&mutex);
2899 }
2900
2901 void
2902 dpif_ipfix_wait(struct dpif_ipfix *di) OVS_EXCLUDED(mutex)
2903 {
2904 long long int next_timeout_msec = LLONG_MAX;
2905 struct dpif_ipfix_flow_exporter_map_node *flow_exporter_node;
2906
2907 ovs_mutex_lock(&mutex);
2908 if (bridge_exporter_enabled(di)) {
2909 if (ipfix_cache_next_timeout_msec(
2910 &di->bridge_exporter.exporter, &next_timeout_msec)) {
2911 poll_timer_wait_until(next_timeout_msec);
2912 }
2913 }
2914 HMAP_FOR_EACH (flow_exporter_node, node, &di->flow_exporter_map) {
2915 if (ipfix_cache_next_timeout_msec(
2916 &flow_exporter_node->exporter.exporter, &next_timeout_msec)) {
2917 poll_timer_wait_until(next_timeout_msec);
2918 }
2919 }
2920 ovs_mutex_unlock(&mutex);
2921 }
2922
2923 static void
2924 dpif_ipfix_read_sample_actions(const struct flow *flow,
2925 const struct nlattr *actions,
2926 size_t actions_len,
2927 struct dpif_ipfix_actions *ipfix_actions)
2928 {
2929 const struct nlattr *a;
2930 unsigned int left;
2931 uint32_t probability = 0;
2932 struct dpif_ipfix_actions sample_actions = {0};
2933
2934 if (actions_len == 0) {
2935 return;
2936 }
2937
2938 NL_ATTR_FOR_EACH (a, left, actions, actions_len) {
2939
2940 enum ovs_sample_attr type = nl_attr_type(a);
2941 switch (type) {
2942 case OVS_SAMPLE_ATTR_PROBABILITY:
2943 probability = nl_attr_get_u32(a);
2944 break;
2945
2946 case OVS_SAMPLE_ATTR_ACTIONS:
2947 dpif_ipfix_read_actions(flow, nl_attr_get(a), nl_attr_get_size(a),
2948 &sample_actions);
2949 break;
2950
2951 case OVS_SAMPLE_ATTR_UNSPEC:
2952 case __OVS_SAMPLE_ATTR_MAX:
2953 default:
2954 OVS_NOT_REACHED();
2955 }
2956 }
2957
2958 /* An output action inside sample action is truly an output if the sampling
2959 * probability is set to 100% */
2960 if (probability == UINT32_MAX && sample_actions.output_action == true) {
2961 ipfix_actions->output_action = true;
2962 }
2963 }
2964
2965 void
2966 dpif_ipfix_read_actions(const struct flow *flow,
2967 const struct nlattr *actions,
2968 size_t actions_len,
2969 struct dpif_ipfix_actions *ipfix_actions)
2970 {
2971 const struct nlattr *a;
2972 unsigned int left;
2973
2974 if (actions_len == 0) {
2975 return;
2976 }
2977
2978 NL_ATTR_FOR_EACH (a, left, actions, actions_len) {
2979 enum ovs_action_attr type = nl_attr_type(a);
2980 switch (type) {
2981 case OVS_ACTION_ATTR_OUTPUT:
2982 ipfix_actions->output_action = true;
2983 break;
2984 case OVS_ACTION_ATTR_SAMPLE:
2985 dpif_ipfix_read_sample_actions(flow, nl_attr_get(a),
2986 nl_attr_get_size(a), ipfix_actions);
2987 break;
2988 case OVS_ACTION_ATTR_CLONE:
2989 dpif_ipfix_read_actions(flow, nl_attr_get(a), nl_attr_get_size(a),
2990 ipfix_actions);
2991 break;
2992
2993 /* OVS_ACTION_ATTR_USERSPACE and OVS_ACTION_ATTR_RECIRC actions can
2994 * yield absolutely any kind of behavior. Let's assume that flow drops
2995 * the packet if there isn't another clear OVS_ACTION_ATTR_OUTPUT
2996 * action associated with packet */
2997 case OVS_ACTION_ATTR_USERSPACE:
2998 case OVS_ACTION_ATTR_RECIRC:
2999
3000 case OVS_ACTION_ATTR_TUNNEL_POP:
3001 case OVS_ACTION_ATTR_TUNNEL_PUSH:
3002 case OVS_ACTION_ATTR_TRUNC:
3003 case OVS_ACTION_ATTR_HASH:
3004 case OVS_ACTION_ATTR_CT:
3005 case OVS_ACTION_ATTR_CT_CLEAR:
3006 case OVS_ACTION_ATTR_METER:
3007 case OVS_ACTION_ATTR_SET_MASKED:
3008 case OVS_ACTION_ATTR_SET:
3009 case OVS_ACTION_ATTR_PUSH_VLAN:
3010 case OVS_ACTION_ATTR_POP_VLAN:
3011 case OVS_ACTION_ATTR_PUSH_MPLS:
3012 case OVS_ACTION_ATTR_POP_MPLS:
3013 case OVS_ACTION_ATTR_PUSH_ETH:
3014 case OVS_ACTION_ATTR_POP_ETH:
3015 case OVS_ACTION_ATTR_PUSH_NSH:
3016 case OVS_ACTION_ATTR_POP_NSH:
3017 case OVS_ACTION_ATTR_CHECK_PKT_LEN:
3018 case OVS_ACTION_ATTR_UNSPEC:
3019 case __OVS_ACTION_ATTR_MAX:
3020 default:
3021 break;
3022 }
3023 }
3024 }
openvswitch mirror