Commit Graph

29 Commits

Author SHA1 Message Date
maxim
3ccc5435bf o Replace disappeared URLs to Cisco docs by new ones, style.
No functional changes.
2006-04-25 20:01:50 +00:00
maxim
a579d0e62d o Set to zero engine_type, engine_id and pad (cisco calls it
sampling_interval) fields in netflow v5 header.  We do not use
them but some netflow tools show garbage.

PR:		kern/96296
Submitted by:	David Duchscher
Approved by:	glebius
MFC after:	1 week
2006-04-25 19:56:53 +00:00
glebius
1985b120c4 - Increase maximum number of interfaces to 2048.
- Regroup softc so that frequently used elements are
  grouped in the beginning, while the interfaces
  array is at the end.
2006-02-09 11:42:17 +00:00
glebius
50771bd3de Correct off-by-one errors.
Found with:	Coverity Prevent(tm)
2006-01-14 12:26:32 +00:00
glebius
fa0bd53669 When sending export datagram from interrupt thread, use NG_QUEUE
in flags. When sending export datagram from expiry thread, then
use default zero flags. This removes unpleasant contention of the
interrupt thread on mutexes (usually ng_ksocket's socket buffer
mutex).
2006-01-12 22:48:12 +00:00
glebius
7d18f42630 Mark appropriate commands with NGM_READONLY and NGM_HASREPLY and
bump type cookie.
2006-01-12 19:16:08 +00:00
glebius
f867a5733b In ng_netflow_disconnect() check whether we are working with "iface"
or with "out" hook, and clear the right pointer.

Reported by:	Vitaliy Ovsyannikov <V.Ovsyannikov kr.ru>
2005-12-28 12:56:59 +00:00
glebius
a2a648724d - Update the flow sequence before converting count to
network byte order.
- Update the flow sequence in one atomic op instead of two.

Reported by:	Denis Shaposhnikov <dsh vlink.ru>
Reported by:	Daniil Kharoun <kdl chelcom.ru>
PR:		kern/89417
2005-11-27 02:43:08 +00:00
rwatson
be4f357149 Normalize a significant number of kernel malloc type names:
- Prefer '_' to ' ', as it results in more easily parsed results in
  memory monitoring tools such as vmstat.

- Remove punctuation that is incompatible with using memory type names
  as file names, such as '/' characters.

- Disambiguate some collisions by adding subsystem prefixes to some
  memory types.

- Generally prefer lower case to upper case.

- If the same type is defined in multiple architecture directories,
  attempt to use the same name in additional cases.

Not all instances were caught in this change, so more work is required to
finish this conversion.  Similar changes are required for UMA zone names.
2005-10-31 15:41:29 +00:00
glebius
8462e72cfb Check that we have first fragment before pulling up TCP/UDP header. 2005-07-17 08:09:59 +00:00
glebius
cbf78c0d23 Catch up with new ng_package_data(). 2005-05-16 17:10:08 +00:00
glebius
1fd70549f8 - Gather statistics about failed mbuf+cluster+ng_item allocations.
- Adjust comments and variables names in nfinfo.
2005-05-12 13:52:49 +00:00
glebius
8455545285 A new version of NetFlow node.
The most significant changes are:
- Use UMA zone instead of own chunk of memory.
- Lock each hash entry separately.
- Expire items "actively" - interrupt method can expire flows
  from hash slot, when it searches through it.
- Remove global tailqueue. Make callout thread search through
  every hash slot.
- Export datagram is detached from private data and filled. If
  it is incomplete, it is attached back. Another thread will
  continue working with it.

Lesser, but also important speedups:
- Flows in hash slot are stored in tailqueue. Whenever a flow is
  hit, it is moved to the begging, so it can be located quicker.
- When callout thread works with hash slot it bails out if
  slot mutex is contested.
2005-05-11 11:26:24 +00:00
glebius
ce0cfd9c63 Remove goto. 2005-04-11 10:16:17 +00:00
glebius
4beb15977b Add a possibility to bypass unmodified accounted data to special
hook(s). Data received on these hook(s) is sent back to ifaceX hook(s).
2005-03-22 15:49:22 +00:00
glebius
b4470372ca Refactor node so that it does not modify mbuf contents. Next step would
be pass-thru mode, when traffic is not copied by ng_tee, but passed thru
ng_netflow.

Changes made:

- In ng_netflow_rcvdata() do all necessary pulluping: Ethernet header,
  IP header, and TCP/UDP header.
- Pass only pointer to struct ip to ng_netflow_flow_add(). Any TCP/UDP
  headers are guaranteed to by after it.
- Merge make_flow_rec() function into ng_netflow_flow_add().
2005-03-21 15:40:25 +00:00
glebius
f55027e9fb Refactor node so that it does not modify mbuf contents. Next step would
be pass-thru mode, when traffic is not copied by ng_tee, but passed thru
ng_netflow.

Changes made:

- In ng_netflow_rcvdata() do all necessary pulluping: Ethernet header,
  IP header, and TCP/UDP header.
- Pass only pointer to struct ip to ng_netflow_flow_add(). Any TCP/UDP
  headers are guaranteed to by after it.
- Merge make_flow_rec() function into ng_netflow_flow_add().
2005-03-21 15:34:03 +00:00
glebius
c3ce324b44 Plug item leak, which occured when m_pullup() failed. 2005-03-21 11:48:54 +00:00
glebius
c24d32c62d - Don't lose TCP flags of the first packet in a flow.
- Don't account length of the first packet in a flow twice.
2005-03-20 21:03:43 +00:00
glebius
698a8eb6dd Cisco uses milliseconds for uptime. This is stupid. Nobody cares of such
precision when IP packet may travel through internet for several seconds.
Also uptime measured in milliseconds overflows every 48+ days.
But we have to do same to keep compatibility with Cisco and flow-tools.

Make a macro MILLIUPTIME, which does overflowable multiplication to 1000.

Requested by:	Sergey Ryabin, Oleg Bulyzhin
MFC after:	1 week
2005-03-03 11:01:05 +00:00
glebius
becc1a2274 Expire aged flows in normal expiry thread. This fixes the problem, when
a node disconnected from all sources of traffic never purges its cache.
2005-02-05 10:00:04 +00:00
glebius
896de17746 Break long lines in code and comments. 2005-02-05 09:08:33 +00:00
glebius
7db04c586c In case of various tunneling protocols, mbuf may pass several interfaces
before entering ng_netflow. In this case it will have not NULL m_pkthdr.rcvif.
However, it will enter ng_iface soon with another index. So let in_ifIndex
value configured by user override m_pkthdr.rcvif.

Reported by:	Damir Bikmuhametov
MFC after:	1 week
2005-02-01 14:07:05 +00:00
glebius
2fa7cf8313 Use log() instead of printf(), to reduce flood on console.
MFC after:	1 week
2005-01-20 13:28:39 +00:00
glebius
dde029219c - Plug a memory leak in ng_netflow_cache_init().
- Initialize error to 0 in ng_netflow_flow_add() (a nop change).
- Update cache statistics holding workqueue mutex.

MFC after:	3 days
2004-12-28 12:11:32 +00:00
glebius
4f260d49bc - Use uint16_t to pass argument for NGM_NETFLOW_IFINFO, bump cookie.
- Always check that index number passed from userland
  is <= NG_NETFLOW_MAXIFACES. [1]
- Increase NG_NETFLOW_MAXIFACES up to 512. [2]

Noticed by:	Roman Palagin [1]
Requested by:	Yuri Y. Bushmelev [2]
MFC after:	1 week
2004-12-05 14:30:38 +00:00
glebius
57c6de1cee Removed bogus comment. 2004-11-01 20:52:24 +00:00
glebius
9b45af99f7 - Remove advertising clause from copyright [1]
- Change my email to glebius@FreeBSD.org

Requested by:	ru [1]
2004-09-17 19:58:03 +00:00
glebius
8546c37afe A netgraph node implementing Netflow version 5.
Supported by:	Bestcom ISP, Rinet ISP
Approved by:	julian (mentor)
2004-09-16 20:24:23 +00:00