Cleanup: wrap long lines, cleanup comments, etc.
This commit is contained in:
Gleb Smirnoff
parent
7868ec506b
commit
a23a2dd138
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=248724
@ -91,19 +91,19 @@ static const char rcs_id[] =
|
||||
*/
|
||||
#define SMALL(fle) (fle->f.packets <= 4)
|
||||
|
||||
|
||||
MALLOC_DECLARE(M_NETFLOW_HASH);
|
||||
MALLOC_DEFINE(M_NETFLOW_HASH, "netflow_hash", "NetFlow hash");
|
||||
|
||||
static int export_add(item_p, struct flow_entry *);
|
||||
static int export_send(priv_p, fib_export_p, item_p, int);
|
||||
|
||||
static int hash_insert(priv_p, struct flow_hash_entry *, struct flow_rec *, int, uint8_t, uint8_t);
|
||||
static int hash_insert(priv_p, struct flow_hash_entry *, struct flow_rec *,
|
||||
int, uint8_t, uint8_t);
|
||||
#ifdef INET6
|
||||
static int hash6_insert(priv_p, struct flow_hash_entry *, struct flow6_rec *, int, uint8_t, uint8_t);
|
||||
static int hash6_insert(priv_p, struct flow_hash_entry *, struct flow6_rec *,
|
||||
int, uint8_t, uint8_t);
|
||||
#endif
|
||||
|
||||
static __inline void expire_flow(priv_p, fib_export_p, struct flow_entry *, int);
|
||||
static void expire_flow(priv_p, fib_export_p, struct flow_entry *, int);
|
||||
|
||||
/*
|
||||
* Generate hash for a given flow record.
|
||||
@ -115,9 +115,10 @@ static __inline void expire_flow(priv_p, fib_export_p, struct flow_entry *, int)
|
||||
* all globally unique (it's not fully true, there is FC00::/7 for example,
|
||||
* but chances of address overlap are MUCH smaller)
|
||||
*/
|
||||
static __inline uint32_t
|
||||
static inline uint32_t
|
||||
ip_hash(struct flow_rec *r)
|
||||
{
|
||||
|
||||
switch (r->r_ip_p) {
|
||||
case IPPROTO_TCP:
|
||||
case IPPROTO_UDP:
|
||||
@ -130,9 +131,10 @@ ip_hash(struct flow_rec *r)
|
||||
|
||||
#ifdef INET6
|
||||
/* Generate hash for a given flow6 record. Use lower 4 octets from v6 addresses */
|
||||
static __inline uint32_t
|
||||
static inline uint32_t
|
||||
ip6_hash(struct flow6_rec *r)
|
||||
{
|
||||
|
||||
switch (r->r_ip_p) {
|
||||
case IPPROTO_TCP:
|
||||
case IPPROTO_UDP:
|
||||
@ -224,7 +226,6 @@ get_export_dgram(priv_p priv, fib_export_p fe)
|
||||
dgram->header.count = 0;
|
||||
dgram->header.version = htons(NETFLOW_V5);
|
||||
dgram->header.pad = 0;
|
||||
|
||||
}
|
||||
|
||||
return (item);
|
||||
@ -236,6 +237,7 @@ get_export_dgram(priv_p priv, fib_export_p fe)
|
||||
static void
|
||||
return_export_dgram(priv_p priv, fib_export_p fe, item_p item, int flags)
|
||||
{
|
||||
|
||||
/*
|
||||
* It may happen on SMP, that some thread has already
|
||||
* put its item there, in this case we bail out and
|
||||
@ -255,7 +257,7 @@ return_export_dgram(priv_p priv, fib_export_p fe, item_p item, int flags)
|
||||
* The flow is over. Call export_add() and free it. If datagram is
|
||||
* full, then call export_send().
|
||||
*/
|
||||
static __inline void
|
||||
static void
|
||||
expire_flow(priv_p priv, fib_export_p fe, struct flow_entry *fle, int flags)
|
||||
{
|
||||
struct netflow_export_item exp;
|
||||
@ -267,7 +269,7 @@ expire_flow(priv_p priv, fib_export_p fe, struct flow_entry *fle, int flags)
|
||||
atomic_add_32(&priv->info.nfinfo_export_failed, 1);
|
||||
if (priv->export9 != NULL)
|
||||
atomic_add_32(&priv->info.nfinfo_export9_failed, 1);
|
||||
/* fle definitely contains IPv4 flow */
|
||||
/* fle definitely contains IPv4 flow. */
|
||||
uma_zfree_arg(priv->zone, fle, priv);
|
||||
return;
|
||||
}
|
||||
@ -289,14 +291,16 @@ expire_flow(priv_p priv, fib_export_p fe, struct flow_entry *fle, int flags)
|
||||
uma_zfree_arg(priv->zone6, fle, priv);
|
||||
#endif
|
||||
else
|
||||
panic("ng_netflow: Unknown IP proto: %d", version);
|
||||
panic("ng_netflow: Unknown IP proto: %d",
|
||||
version);
|
||||
return;
|
||||
}
|
||||
|
||||
if (export9_add(exp.item9, exp.item9_opt, fle) > 0)
|
||||
export9_send(priv, fe, exp.item9, exp.item9_opt, flags);
|
||||
else
|
||||
return_export9_dgram(priv, fe, exp.item9, exp.item9_opt, NG_QUEUE);
|
||||
return_export9_dgram(priv, fe, exp.item9,
|
||||
exp.item9_opt, NG_QUEUE);
|
||||
}
|
||||
|
||||
if (version == IPVERSION)
|
||||
@ -311,6 +315,7 @@ expire_flow(priv_p priv, fib_export_p fe, struct flow_entry *fle, int flags)
|
||||
void
|
||||
ng_netflow_copyinfo(priv_p priv, struct ng_netflow_info *i)
|
||||
{
|
||||
|
||||
/* XXX: atomic */
|
||||
memcpy((void *)i, (void *)&priv->info, sizeof(priv->info));
|
||||
}
|
||||
@ -345,7 +350,6 @@ hash_insert(priv_p priv, struct flow_hash_entry *hsh, struct flow_rec *r,
|
||||
* Now fle is totally ours. It is detached from all lists,
|
||||
* we can safely edit it.
|
||||
*/
|
||||
|
||||
fle->f.version = IPVERSION;
|
||||
bcopy(r, &fle->f.r, sizeof(struct flow_rec));
|
||||
fle->f.bytes = plen;
|
||||
@ -373,8 +377,8 @@ hash_insert(priv_p priv, struct flow_hash_entry *hsh, struct flow_rec *r,
|
||||
((struct sockaddr_in *)(rt->rt_gateway))->sin_addr;
|
||||
|
||||
if (rt_mask(rt))
|
||||
fle->f.dst_mask = bitcount32(((struct sockaddr_in *)
|
||||
rt_mask(rt))->sin_addr.s_addr);
|
||||
fle->f.dst_mask =
|
||||
bitcount32(((struct sockaddr_in *)rt_mask(rt))->sin_addr.s_addr);
|
||||
else if (rt->rt_flags & RTF_HOST)
|
||||
/* Give up. We can't determine mask :( */
|
||||
fle->f.dst_mask = 32;
|
||||
@ -392,8 +396,8 @@ hash_insert(priv_p priv, struct flow_hash_entry *hsh, struct flow_rec *r,
|
||||
rt = rtalloc1_fib((struct sockaddr *)&sin, 0, 0, r->fib);
|
||||
if (rt != NULL) {
|
||||
if (rt_mask(rt))
|
||||
fle->f.src_mask = bitcount32(((struct sockaddr_in *)
|
||||
rt_mask(rt))->sin_addr.s_addr);
|
||||
fle->f.src_mask =
|
||||
bitcount32(((struct sockaddr_in *)rt_mask(rt))->sin_addr.s_addr);
|
||||
else if (rt->rt_flags & RTF_HOST)
|
||||
/* Give up. We can't determine mask :( */
|
||||
fle->f.src_mask = 32;
|
||||
@ -449,8 +453,7 @@ hash6_insert(priv_p priv, struct flow_hash_entry *hsh6, struct flow6_rec *r,
|
||||
* First we do route table lookup on destination address. So we can
|
||||
* fill in out_ifx, dst_mask, nexthop, and dst_as in future releases.
|
||||
*/
|
||||
if ((flags & NG_NETFLOW_CONF_NODSTLOOKUP) == 0)
|
||||
{
|
||||
if ((flags & NG_NETFLOW_CONF_NODSTLOOKUP) == 0) {
|
||||
bzero(&rin6, sizeof(struct route_in6));
|
||||
dst = (struct sockaddr_in6 *)&rin6.ro_dst;
|
||||
dst->sin6_len = sizeof(struct sockaddr_in6);
|
||||
@ -477,8 +480,7 @@ hash6_insert(priv_p priv, struct flow_hash_entry *hsh6, struct flow6_rec *r,
|
||||
}
|
||||
}
|
||||
|
||||
if ((flags & NG_NETFLOW_CONF_NODSTLOOKUP) == 0)
|
||||
{
|
||||
if ((flags & NG_NETFLOW_CONF_NODSTLOOKUP) == 0) {
|
||||
/* Do route lookup on source address, to fill in src_mask. */
|
||||
bzero(&rin6, sizeof(struct route_in6));
|
||||
src = (struct sockaddr_in6 *)&rin6.ro_dst;
|
||||
@ -522,12 +524,14 @@ ng_netflow_cache_init(priv_p priv)
|
||||
int i;
|
||||
|
||||
/* Initialize cache UMA zone. */
|
||||
priv->zone = uma_zcreate("NetFlow IPv4 cache", sizeof(struct flow_entry),
|
||||
uma_ctor_flow, uma_dtor_flow, NULL, NULL, UMA_ALIGN_CACHE, 0);
|
||||
priv->zone = uma_zcreate("NetFlow IPv4 cache",
|
||||
sizeof(struct flow_entry), uma_ctor_flow, uma_dtor_flow, NULL,
|
||||
NULL, UMA_ALIGN_CACHE, 0);
|
||||
uma_zone_set_max(priv->zone, CACHESIZE);
|
||||
#ifdef INET6
|
||||
priv->zone6 = uma_zcreate("NetFlow IPv6 cache", sizeof(struct flow6_entry),
|
||||
uma_ctor_flow6, uma_dtor_flow6, NULL, NULL, UMA_ALIGN_CACHE, 0);
|
||||
priv->zone6 = uma_zcreate("NetFlow IPv6 cache",
|
||||
sizeof(struct flow6_entry), uma_ctor_flow6, uma_dtor_flow6, NULL,
|
||||
NULL, UMA_ALIGN_CACHE, 0);
|
||||
uma_zone_set_max(priv->zone6, CACHESIZE);
|
||||
#endif
|
||||
|
||||
@ -568,7 +572,8 @@ ng_netflow_fib_init(priv_p priv, int fib)
|
||||
if (fe != NULL)
|
||||
return (0);
|
||||
|
||||
if ((fe = malloc(sizeof(struct fib_export), M_NETGRAPH, M_NOWAIT | M_ZERO)) == NULL)
|
||||
if ((fe = malloc(sizeof(struct fib_export), M_NETGRAPH,
|
||||
M_NOWAIT | M_ZERO)) == NULL)
|
||||
return (1);
|
||||
|
||||
mtx_init(&fe->export_mtx, "export dgram lock", NULL, MTX_DEF);
|
||||
@ -576,15 +581,18 @@ ng_netflow_fib_init(priv_p priv, int fib)
|
||||
fe->fib = fib;
|
||||
fe->domain_id = fib;
|
||||
|
||||
if (atomic_cmpset_ptr((volatile uintptr_t *)&priv->fib_data[fib], (uintptr_t)NULL, (uintptr_t)fe) == 0) {
|
||||
if (atomic_cmpset_ptr((volatile uintptr_t *)&priv->fib_data[fib],
|
||||
(uintptr_t)NULL, (uintptr_t)fe) == 0) {
|
||||
/* FIB already set up by other ISR */
|
||||
CTR3(KTR_NET, "ng_netflow(): fib init: %d setup %p but got %p", fib, fe, priv_to_fib(priv, fib));
|
||||
CTR3(KTR_NET, "ng_netflow(): fib init: %d setup %p but got %p",
|
||||
fib, fe, priv_to_fib(priv, fib));
|
||||
mtx_destroy(&fe->export_mtx);
|
||||
mtx_destroy(&fe->export9_mtx);
|
||||
free(fe, M_NETGRAPH);
|
||||
} else {
|
||||
/* Increase counter for statistics */
|
||||
CTR3(KTR_NET, "ng_netflow(): fib %d setup to %p (%p)", fib, fe, priv_to_fib(priv, fib));
|
||||
CTR3(KTR_NET, "ng_netflow(): fib %d setup to %p (%p)",
|
||||
fib, fe, priv_to_fib(priv, fib));
|
||||
atomic_fetchadd_32(&priv->info.nfinfo_alloc_fibs, 1);
|
||||
}
|
||||
|
||||
@ -650,7 +658,8 @@ ng_netflow_cache_flush(priv_p priv)
|
||||
export_send(priv, fe, fe->exp.item, NG_QUEUE);
|
||||
|
||||
if (fe->exp.item9 != NULL)
|
||||
export9_send(priv, fe, fe->exp.item9, fe->exp.item9_opt, NG_QUEUE);
|
||||
export9_send(priv, fe, fe->exp.item9,
|
||||
fe->exp.item9_opt, NG_QUEUE);
|
||||
|
||||
mtx_destroy(&fe->export_mtx);
|
||||
mtx_destroy(&fe->export9_mtx);
|
||||
@ -662,26 +671,24 @@ ng_netflow_cache_flush(priv_p priv)
|
||||
|
||||
/* Insert packet from into flow cache. */
|
||||
int
|
||||
ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip, caddr_t upper_ptr, uint8_t upper_proto,
|
||||
uint8_t flags, unsigned int src_if_index)
|
||||
ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip,
|
||||
caddr_t upper_ptr, uint8_t upper_proto, uint8_t flags,
|
||||
unsigned int src_if_index)
|
||||
{
|
||||
register struct flow_entry *fle, *fle1;
|
||||
struct flow_entry *fle, *fle1;
|
||||
struct flow_hash_entry *hsh;
|
||||
struct flow_rec r;
|
||||
int hlen, plen;
|
||||
int error = 0;
|
||||
uint8_t tcp_flags = 0;
|
||||
uint16_t eproto;
|
||||
uint8_t tcp_flags = 0;
|
||||
|
||||
/* Try to fill flow_rec r */
|
||||
bzero(&r, sizeof(r));
|
||||
/* check version */
|
||||
|
||||
if (ip->ip_v != IPVERSION)
|
||||
return (EINVAL);
|
||||
|
||||
/* verify min header length */
|
||||
hlen = ip->ip_hl << 2;
|
||||
|
||||
if (hlen < sizeof(struct ip))
|
||||
return (EINVAL);
|
||||
|
||||
@ -693,7 +700,6 @@ ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip, caddr_t upper_p
|
||||
r.r_dst = ip->ip_dst;
|
||||
r.fib = fe->fib;
|
||||
|
||||
/* save packet length */
|
||||
plen = ntohs(ip->ip_len);
|
||||
|
||||
r.r_ip_p = ip->ip_p;
|
||||
@ -713,16 +719,16 @@ ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip, caddr_t upper_p
|
||||
if ((ip->ip_off & htons(IP_OFFMASK)) == 0)
|
||||
switch(r.r_ip_p) {
|
||||
case IPPROTO_TCP:
|
||||
{
|
||||
register struct tcphdr *tcp;
|
||||
{
|
||||
struct tcphdr *tcp;
|
||||
|
||||
tcp = (struct tcphdr *)((caddr_t )ip + hlen);
|
||||
r.r_sport = tcp->th_sport;
|
||||
r.r_dport = tcp->th_dport;
|
||||
tcp_flags = tcp->th_flags;
|
||||
break;
|
||||
}
|
||||
case IPPROTO_UDP:
|
||||
}
|
||||
case IPPROTO_UDP:
|
||||
r.r_ports = *(uint32_t *)((caddr_t )ip + hlen);
|
||||
break;
|
||||
}
|
||||
@ -747,7 +753,8 @@ ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip, caddr_t upper_p
|
||||
break;
|
||||
if ((INACTIVE(fle) && SMALL(fle)) || AGED(fle)) {
|
||||
TAILQ_REMOVE(&hsh->head, fle, fle_hash);
|
||||
expire_flow(priv, priv_to_fib(priv, fle->f.r.fib), fle, NG_QUEUE);
|
||||
expire_flow(priv, priv_to_fib(priv, fle->f.r.fib),
|
||||
fle, NG_QUEUE);
|
||||
atomic_add_32(&priv->info.nfinfo_act_exp, 1);
|
||||
}
|
||||
}
|
||||
@ -768,7 +775,8 @@ ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip, caddr_t upper_p
|
||||
if (tcp_flags & TH_FIN || tcp_flags & TH_RST || AGED(fle) ||
|
||||
(fle->f.bytes >= (CNTR_MAX - IF_MAXMTU)) ) {
|
||||
TAILQ_REMOVE(&hsh->head, fle, fle_hash);
|
||||
expire_flow(priv, priv_to_fib(priv, fle->f.r.fib), fle, NG_QUEUE);
|
||||
expire_flow(priv, priv_to_fib(priv, fle->f.r.fib),
|
||||
fle, NG_QUEUE);
|
||||
atomic_add_32(&priv->info.nfinfo_act_exp, 1);
|
||||
} else {
|
||||
/*
|
||||
@ -792,13 +800,14 @@ ng_netflow_flow_add(priv_p priv, fib_export_p fe, struct ip *ip, caddr_t upper_p
|
||||
#ifdef INET6
|
||||
/* Insert IPv6 packet from into flow cache. */
|
||||
int
|
||||
ng_netflow_flow6_add(priv_p priv, fib_export_p fe, struct ip6_hdr *ip6, caddr_t upper_ptr, uint8_t upper_proto,
|
||||
uint8_t flags, unsigned int src_if_index)
|
||||
ng_netflow_flow6_add(priv_p priv, fib_export_p fe, struct ip6_hdr *ip6,
|
||||
caddr_t upper_ptr, uint8_t upper_proto, uint8_t flags,
|
||||
unsigned int src_if_index)
|
||||
{
|
||||
register struct flow_entry *fle = NULL, *fle1;
|
||||
register struct flow6_entry *fle6;
|
||||
struct flow_hash_entry *hsh;
|
||||
struct flow6_rec r;
|
||||
struct flow_entry *fle = NULL, *fle1;
|
||||
struct flow6_entry *fle6;
|
||||
struct flow_hash_entry *hsh;
|
||||
struct flow6_rec r;
|
||||
int plen;
|
||||
int error = 0;
|
||||
uint8_t tcp_flags = 0;
|
||||
@ -816,32 +825,28 @@ ng_netflow_flow6_add(priv_p priv, fib_export_p fe, struct ip6_hdr *ip6, caddr_t
|
||||
/* Assume L4 template by default */
|
||||
r.flow_type = NETFLOW_V9_FLOW_V6_L4;
|
||||
|
||||
/* save packet length */
|
||||
plen = ntohs(ip6->ip6_plen) + sizeof(struct ip6_hdr);
|
||||
|
||||
/* XXX: set DSCP/CoS value */
|
||||
#if 0
|
||||
/* XXX: set DSCP/CoS value */
|
||||
r.r_tos = ip->ip_tos;
|
||||
#endif
|
||||
if ((flags & NG_NETFLOW_IS_FRAG) == 0) {
|
||||
switch(upper_proto) {
|
||||
case IPPROTO_TCP:
|
||||
{
|
||||
register struct tcphdr *tcp;
|
||||
{
|
||||
struct tcphdr *tcp;
|
||||
|
||||
tcp = (struct tcphdr *)upper_ptr;
|
||||
r.r_ports = *(uint32_t *)upper_ptr;
|
||||
tcp_flags = tcp->th_flags;
|
||||
break;
|
||||
}
|
||||
}
|
||||
case IPPROTO_UDP:
|
||||
case IPPROTO_SCTP:
|
||||
{
|
||||
r.r_ports = *(uint32_t *)upper_ptr;
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
r.r_ip_p = upper_proto;
|
||||
@ -1145,7 +1150,8 @@ ng_netflow_expire(void *arg)
|
||||
if ((INACTIVE(fle) && (SMALL(fle) ||
|
||||
(used > (NBUCKETS*2)))) || AGED(fle)) {
|
||||
TAILQ_REMOVE(&hsh->head, fle, fle_hash);
|
||||
expire_flow(priv, priv_to_fib(priv, fle->f.r.fib), fle, NG_NOFLAGS);
|
||||
expire_flow(priv, priv_to_fib(priv,
|
||||
fle->f.r.fib), fle, NG_NOFLAGS);
|
||||
used--;
|
||||
atomic_add_32(&priv->info.nfinfo_inact_exp, 1);
|
||||
}
|
||||
|
||||
@ -379,7 +379,7 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
|
||||
case NGM_NETFLOW_COOKIE:
|
||||
switch (msg->header.cmd) {
|
||||
case NGM_NETFLOW_INFO:
|
||||
{
|
||||
{
|
||||
struct ng_netflow_info *i;
|
||||
|
||||
NG_MKRESPONSE(resp, msg, sizeof(struct ng_netflow_info),
|
||||
@ -388,9 +388,9 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
|
||||
ng_netflow_copyinfo(priv, i);
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
case NGM_NETFLOW_IFINFO:
|
||||
{
|
||||
{
|
||||
struct ng_netflow_ifinfo *i;
|
||||
const uint16_t *index;
|
||||
|
||||
@ -412,13 +412,14 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
|
||||
sizeof(priv->ifaces[*index].info));
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
case NGM_NETFLOW_SETDLT:
|
||||
{
|
||||
{
|
||||
struct ng_netflow_setdlt *set;
|
||||
struct ng_netflow_iface *iface;
|
||||
|
||||
if (msg->header.arglen != sizeof(struct ng_netflow_setdlt))
|
||||
if (msg->header.arglen !=
|
||||
sizeof(struct ng_netflow_setdlt))
|
||||
ERROUT(EINVAL);
|
||||
|
||||
set = (struct ng_netflow_setdlt *)msg->data;
|
||||
@ -441,13 +442,14 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
|
||||
ERROUT(EINVAL);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
case NGM_NETFLOW_SETIFINDEX:
|
||||
{
|
||||
{
|
||||
struct ng_netflow_setifindex *set;
|
||||
struct ng_netflow_iface *iface;
|
||||
|
||||
if (msg->header.arglen != sizeof(struct ng_netflow_setifindex))
|
||||
if (msg->header.arglen !=
|
||||
sizeof(struct ng_netflow_setifindex))
|
||||
ERROUT(EINVAL);
|
||||
|
||||
set = (struct ng_netflow_setifindex *)msg->data;
|
||||
@ -462,12 +464,13 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
|
||||
iface->info.ifinfo_index = set->index;
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
case NGM_NETFLOW_SETTIMEOUTS:
|
||||
{
|
||||
{
|
||||
struct ng_netflow_settimeouts *set;
|
||||
|
||||
if (msg->header.arglen != sizeof(struct ng_netflow_settimeouts))
|
||||
if (msg->header.arglen !=
|
||||
sizeof(struct ng_netflow_settimeouts))
|
||||
ERROUT(EINVAL);
|
||||
|
||||
set = (struct ng_netflow_settimeouts *)msg->data;
|
||||
@ -476,12 +479,13 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
|
||||
priv->info.nfinfo_act_t = set->active_timeout;
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
case NGM_NETFLOW_SETCONFIG:
|
||||
{
|
||||
{
|
||||
struct ng_netflow_setconfig *set;
|
||||
|
||||
if (msg->header.arglen != sizeof(struct ng_netflow_setconfig))
|
||||
if (msg->header.arglen !=
|
||||
sizeof(struct ng_netflow_setconfig))
|
||||
ERROUT(EINVAL);
|
||||
|
||||
set = (struct ng_netflow_setconfig *)msg->data;
|
||||
@ -492,12 +496,13 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
|
||||
priv->ifaces[set->iface].info.conf = set->conf;
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
case NGM_NETFLOW_SETTEMPLATE:
|
||||
{
|
||||
{
|
||||
struct ng_netflow_settemplate *set;
|
||||
|
||||
if (msg->header.arglen != sizeof(struct ng_netflow_settemplate))
|
||||
if (msg->header.arglen !=
|
||||
sizeof(struct ng_netflow_settemplate))
|
||||
ERROUT(EINVAL);
|
||||
|
||||
set = (struct ng_netflow_settemplate *)msg->data;
|
||||
@ -506,12 +511,13 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
|
||||
priv->templ_time = set->time;
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
case NGM_NETFLOW_SETMTU:
|
||||
{
|
||||
{
|
||||
struct ng_netflow_setmtu *set;
|
||||
|
||||
if (msg->header.arglen != sizeof(struct ng_netflow_setmtu))
|
||||
if (msg->header.arglen !=
|
||||
sizeof(struct ng_netflow_setmtu))
|
||||
ERROUT(EINVAL);
|
||||
|
||||
set = (struct ng_netflow_setmtu *)msg->data;
|
||||
@ -521,10 +527,10 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
|
||||
priv->mtu = set->mtu;
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
case NGM_NETFLOW_SHOW:
|
||||
{
|
||||
if (msg->header.arglen != sizeof(struct ngnf_show_header))
|
||||
if (msg->header.arglen !=
|
||||
sizeof(struct ngnf_show_header))
|
||||
ERROUT(EINVAL);
|
||||
|
||||
NG_MKRESPONSE(resp, msg, NGRESP_SIZE, M_NOWAIT);
|
||||
@ -540,18 +546,17 @@ ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
|
||||
NG_FREE_MSG(resp);
|
||||
|
||||
break;
|
||||
}
|
||||
case NGM_NETFLOW_V9INFO:
|
||||
{
|
||||
{
|
||||
struct ng_netflow_v9info *i;
|
||||
|
||||
NG_MKRESPONSE(resp, msg, sizeof(struct ng_netflow_v9info),
|
||||
M_NOWAIT);
|
||||
NG_MKRESPONSE(resp, msg,
|
||||
sizeof(struct ng_netflow_v9info), M_NOWAIT);
|
||||
i = (struct ng_netflow_v9info *)resp->data;
|
||||
ng_netflow_copyv9info(priv, i);
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
default:
|
||||
ERROUT(EINVAL); /* unknown command */
|
||||
break;
|
||||
@ -613,8 +618,8 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
} else
|
||||
ERROUT(EINVAL);
|
||||
|
||||
if ((!bypass) &&
|
||||
(iface->info.conf & (NG_NETFLOW_CONF_ONCE | NG_NETFLOW_CONF_THISONCE))) {
|
||||
if ((!bypass) && (iface->info.conf &
|
||||
(NG_NETFLOW_CONF_ONCE | NG_NETFLOW_CONF_THISONCE))) {
|
||||
mtag = m_tag_locate(NGI_M(item), MTAG_NETFLOW,
|
||||
MTAG_NETFLOW_CALLED, NULL);
|
||||
while (mtag != NULL) {
|
||||
@ -636,7 +641,8 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
return (error);
|
||||
}
|
||||
|
||||
if (iface->info.conf & (NG_NETFLOW_CONF_ONCE | NG_NETFLOW_CONF_THISONCE)) {
|
||||
if (iface->info.conf &
|
||||
(NG_NETFLOW_CONF_ONCE | NG_NETFLOW_CONF_THISONCE)) {
|
||||
mtag = m_tag_alloc(MTAG_NETFLOW, MTAG_NETFLOW_CALLED,
|
||||
sizeof(ng_ID_t), M_NOWAIT);
|
||||
if (mtag) {
|
||||
@ -701,7 +707,8 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
case ETHERTYPE_IPV6:
|
||||
/*
|
||||
* m_pullup() called by M_CHECK() pullups
|
||||
* kern.ipc.max_protohdr (default 60 bytes) which is enough
|
||||
* kern.ipc.max_protohdr (default 60 bytes)
|
||||
* which is enough.
|
||||
*/
|
||||
M_CHECK(sizeof(struct ip6_hdr));
|
||||
eh = mtod(m, struct ether_header *);
|
||||
@ -741,9 +748,11 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
ip = mtod(m, struct ip *);
|
||||
/* l3_off is already zero */
|
||||
#ifdef INET6
|
||||
/* If INET6 is not defined IPv6 packets will be discarded in ng_netflow_flow_add() */
|
||||
/*
|
||||
* If INET6 is not defined IPv6 packets
|
||||
* will be discarded in ng_netflow_flow_add().
|
||||
*/
|
||||
if (ip->ip_v == IP6VERSION) {
|
||||
/* IPv6 packet */
|
||||
ip = NULL;
|
||||
M_CHECK(sizeof(struct ip6_hdr) - sizeof(struct ip));
|
||||
ip6 = mtod(m, struct ip6_hdr *);
|
||||
@ -772,8 +781,8 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
upper_proto = ip->ip_p;
|
||||
|
||||
/*
|
||||
* XXX: in case of wrong upper layer header we will forward this packet
|
||||
* but skip this record in netflow
|
||||
* XXX: in case of wrong upper layer header we will
|
||||
* forward this packet but skip this record in netflow.
|
||||
*/
|
||||
switch (ip->ip_p) {
|
||||
case IPPROTO_TCP:
|
||||
@ -787,7 +796,10 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
break;
|
||||
}
|
||||
} else if (ip != NULL) {
|
||||
/* Nothing to save except upper layer proto, since this is packet fragment */
|
||||
/*
|
||||
* Nothing to save except upper layer proto,
|
||||
* since this is a packet fragment.
|
||||
*/
|
||||
flags |= NG_NETFLOW_IS_FRAG;
|
||||
upper_proto = ip->ip_p;
|
||||
if ((ip->ip_v != IPVERSION) ||
|
||||
@ -795,26 +807,29 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
goto bypass;
|
||||
#ifdef INET6
|
||||
} else if (ip6 != NULL) {
|
||||
/* Check if we can export */
|
||||
if (priv->export9 == NULL)
|
||||
goto bypass;
|
||||
|
||||
/* Loop thru IPv6 extended headers to get upper layer header / frag */
|
||||
int cur = ip6->ip6_nxt, hdr_off = 0;
|
||||
struct ip6_ext *ip6e;
|
||||
struct ip6_frag *ip6f;
|
||||
|
||||
/* Save upper layer info */
|
||||
if (priv->export9 == NULL)
|
||||
goto bypass;
|
||||
|
||||
/* Save upper layer info. */
|
||||
off = pullup_len;
|
||||
upper_proto = cur;
|
||||
|
||||
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION)
|
||||
goto bypass;
|
||||
|
||||
while (42) {
|
||||
/*
|
||||
* Loop thru IPv6 extended headers to get upper
|
||||
* layer header / frag.
|
||||
*/
|
||||
for (;;) {
|
||||
switch (cur) {
|
||||
/*
|
||||
* Same as in IPv4, we can forward 'bad' packet without accounting
|
||||
* Same as in IPv4, we can forward a 'bad'
|
||||
* packet without accounting.
|
||||
*/
|
||||
case IPPROTO_TCP:
|
||||
M_CHECK(sizeof(struct tcphdr));
|
||||
@ -831,7 +846,8 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
case IPPROTO_ROUTING:
|
||||
case IPPROTO_DSTOPTS:
|
||||
M_CHECK(sizeof(struct ip6_ext));
|
||||
ip6e = (struct ip6_ext *)(mtod(m, caddr_t) + off);
|
||||
ip6e = (struct ip6_ext *)(mtod(m, caddr_t) +
|
||||
off);
|
||||
upper_proto = ip6e->ip6e_nxt;
|
||||
hdr_off = (ip6e->ip6e_len + 1) << 3;
|
||||
break;
|
||||
@ -839,14 +855,16 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
/* RFC4302, can be before DSTOPTS */
|
||||
case IPPROTO_AH:
|
||||
M_CHECK(sizeof(struct ip6_ext));
|
||||
ip6e = (struct ip6_ext *)(mtod(m, caddr_t) + off);
|
||||
ip6e = (struct ip6_ext *)(mtod(m, caddr_t) +
|
||||
off);
|
||||
upper_proto = ip6e->ip6e_nxt;
|
||||
hdr_off = (ip6e->ip6e_len + 2) << 2;
|
||||
break;
|
||||
|
||||
case IPPROTO_FRAGMENT:
|
||||
M_CHECK(sizeof(struct ip6_frag));
|
||||
ip6f = (struct ip6_frag *)(mtod(m, caddr_t) + off);
|
||||
ip6f = (struct ip6_frag *)(mtod(m, caddr_t) +
|
||||
off);
|
||||
upper_proto = ip6f->ip6f_nxt;
|
||||
hdr_off = sizeof(struct ip6_frag);
|
||||
off += hdr_off;
|
||||
@ -915,10 +933,12 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
}
|
||||
|
||||
if (ip != NULL)
|
||||
error = ng_netflow_flow_add(priv, fe, ip, upper_ptr, upper_proto, flags, src_if_index);
|
||||
error = ng_netflow_flow_add(priv, fe, ip, upper_ptr,
|
||||
upper_proto, flags, src_if_index);
|
||||
#ifdef INET6
|
||||
else if (ip6 != NULL)
|
||||
error = ng_netflow_flow6_add(priv, fe, ip6, upper_ptr, upper_proto, flags, src_if_index);
|
||||
error = ng_netflow_flow6_add(priv, fe, ip6, upper_ptr,
|
||||
upper_proto, flags, src_if_index);
|
||||
#endif
|
||||
else
|
||||
goto bypass;
|
||||
@ -929,10 +949,12 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
|
||||
if (acct == 0) {
|
||||
/* Accounting failure */
|
||||
if (ip != NULL) {
|
||||
atomic_fetchadd_32(&priv->info.nfinfo_spackets, 1);
|
||||
atomic_fetchadd_32(&priv->info.nfinfo_spackets,
|
||||
1);
|
||||
priv->info.nfinfo_sbytes += m_length(m, NULL);
|
||||
} else if (ip6 != NULL) {
|
||||
atomic_fetchadd_32(&priv->info.nfinfo_spackets6, 1);
|
||||
atomic_fetchadd_32(&priv->info.nfinfo_spackets6,
|
||||
1);
|
||||
priv->info.nfinfo_sbytes6 += m_length(m, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user