Commit Graph

25 Commits

Author SHA1 Message Date
Gleb Smirnoff
ea7e163882 o Eliminate flow6_hash_entry in favor of flow_hash_entry. We don't need
a separate struct to start a slist of semi-opaque structs. This
  makes some code more compact.
o Rewrite ng_netflow_flow_show() and its API/ABI:
  - Support for IPv6 is added.
  - Request and response now use same struct. Structure specifies
    version (6 or 4), index of last retrieved hash, and also index
    of last retrieved entry in the hash entry.
2011-07-05 14:48:39 +00:00
Gleb Smirnoff
b6770143c4 ng_netflow_cache_init() can be void. 2011-04-18 09:14:23 +00:00
Gleb Smirnoff
674d86bf91 Node constructor methods are supposed to be called in syscall
context always. Convert nodes to consistently use M_WAITOK flag
for memory allocation.

Reviewed by:	julian
2011-04-18 09:12:27 +00:00
Gleb Smirnoff
5dcd9c1061 Add support for NetFlow version 9 into ng_netflow(4) node.
Submitted by:	Alexander V. Chernikov <melifaro ipfw.ru>
2011-03-02 16:15:11 +00:00
Gleb Smirnoff
cecdd23f87 Remove disabled code. In 99% cases exports are send to ng_ksocket(4), which
already forces queued mode, so what was suggested in disabled code is already
done.
2010-03-25 10:13:21 +00:00
Alexander Motin
b1f26c738c Fix copy-paste bug in NGM_NETFLOW_SETCONFIG argument size verification.
PR:		kern/134220
Submitted by:	Eugene Mychlo
MFC after:	1 week
2009-05-13 02:26:34 +00:00
Dag-Erling Smørgrav
1ede983cc9 Retire the MALLOC and FREE macros. They are an abomination unto style(9).
MFC after:	3 months
2008-10-23 15:53:51 +00:00
Alexander Motin
1a6dd09529 Add ability to generate egress netflow instead or in addition to ingress.
Use mbuf tagging for accounted packets to not account packets twice when
both ingress and egress netflow enabled.
To keep compatibility new "setconfig" message added to control new
functionality. By default node works as before, doing only ingress
accounting without using mbuf tags.

Reviewed by:	glebius
2008-10-08 10:37:07 +00:00
Kris Kennaway
c637bc9203 Replace callout_init(..., 1) with callout_init(..., CALLOUT_MPSAFE) for
better grep-compliance and to standardize with the rest of the kernel.

Reviewed by:	       jhb
MFC after:	       1 week
2008-04-16 16:47:14 +00:00
Alexander Motin
102fe25ee0 Revert previous commit.
glebius@ noticed that it was not a bug, but undocumented feature.
2008-02-03 10:30:45 +00:00
Alexander Motin
57f2b25dfa Run expire even without export hook connected.
PR:	kern/119839
2008-01-27 15:01:16 +00:00
Gleb Smirnoff
dc7359b8dd Bump maximum number of interface hooks to the maximum possible value.
This will increase the memory consumption for more than 1 Mb, but this
is required for operation on multiinterface access concentrators running
mpd.

Requested by:	Alexander Motin
2007-03-28 13:59:13 +00:00
Gleb Smirnoff
7801dc7cb3 Recognize 802.1q frames in Ethernet input and process them.
PR:		kern/101162
Submitted by:	CoolDavid (Tseng Guo-Fu) <cooldavid cdpa.nsysu.edu.tw>
2006-10-11 15:27:13 +00:00
Gleb Smirnoff
f3d231b46b Correct off-by-one errors.
Found with:	Coverity Prevent(tm)
2006-01-14 12:26:32 +00:00
Gleb Smirnoff
747cdba40e In ng_netflow_disconnect() check whether we are working with "iface"
or with "out" hook, and clear the right pointer.

Reported by:	Vitaliy Ovsyannikov <V.Ovsyannikov kr.ru>
2005-12-28 12:56:59 +00:00
Gleb Smirnoff
ed2fc9673b Check that we have first fragment before pulling up TCP/UDP header. 2005-07-17 08:09:59 +00:00
Gleb Smirnoff
494e177ada A new version of NetFlow node.
The most significant changes are:
- Use UMA zone instead of own chunk of memory.
- Lock each hash entry separately.
- Expire items "actively" - interrupt method can expire flows
  from hash slot, when it searches through it.
- Remove global tailqueue. Make callout thread search through
  every hash slot.
- Export datagram is detached from private data and filled. If
  it is incomplete, it is attached back. Another thread will
  continue working with it.

Lesser, but also important speedups:
- Flows in hash slot are stored in tailqueue. Whenever a flow is
  hit, it is moved to the begging, so it can be located quicker.
- When callout thread works with hash slot it bails out if
  slot mutex is contested.
2005-05-11 11:26:24 +00:00
Gleb Smirnoff
9818b82ff3 Add a possibility to bypass unmodified accounted data to special
hook(s). Data received on these hook(s) is sent back to ifaceX hook(s).
2005-03-22 15:49:22 +00:00
Gleb Smirnoff
2b38b68736 Refactor node so that it does not modify mbuf contents. Next step would
be pass-thru mode, when traffic is not copied by ng_tee, but passed thru
ng_netflow.

Changes made:

- In ng_netflow_rcvdata() do all necessary pulluping: Ethernet header,
  IP header, and TCP/UDP header.
- Pass only pointer to struct ip to ng_netflow_flow_add(). Any TCP/UDP
  headers are guaranteed to by after it.
- Merge make_flow_rec() function into ng_netflow_flow_add().
2005-03-21 15:40:25 +00:00
Gleb Smirnoff
1d03bd1684 Refactor node so that it does not modify mbuf contents. Next step would
be pass-thru mode, when traffic is not copied by ng_tee, but passed thru
ng_netflow.

Changes made:

- In ng_netflow_rcvdata() do all necessary pulluping: Ethernet header,
  IP header, and TCP/UDP header.
- Pass only pointer to struct ip to ng_netflow_flow_add(). Any TCP/UDP
  headers are guaranteed to by after it.
- Merge make_flow_rec() function into ng_netflow_flow_add().
2005-03-21 15:34:03 +00:00
Gleb Smirnoff
0e406d0f63 Plug item leak, which occured when m_pullup() failed. 2005-03-21 11:48:54 +00:00
Gleb Smirnoff
18c54fe665 Use log() instead of printf(), to reduce flood on console.
MFC after:	1 week
2005-01-20 13:28:39 +00:00
Gleb Smirnoff
176119c455 - Use uint16_t to pass argument for NGM_NETFLOW_IFINFO, bump cookie.
- Always check that index number passed from userland
  is <= NG_NETFLOW_MAXIFACES. [1]
- Increase NG_NETFLOW_MAXIFACES up to 512. [2]

Noticed by:	Roman Palagin [1]
Requested by:	Yuri Y. Bushmelev [2]
MFC after:	1 week
2004-12-05 14:30:38 +00:00
Gleb Smirnoff
0b7925df73 - Remove advertising clause from copyright [1]
- Change my email to glebius@FreeBSD.org

Requested by:	ru [1]
2004-09-17 19:58:03 +00:00
Gleb Smirnoff
a752e82d3a A netgraph node implementing Netflow version 5.
Supported by:	Bestcom ISP, Rinet ISP
Approved by:	julian (mentor)
2004-09-16 20:24:23 +00:00