LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19477 Commits
1 Branch
46 MiB
Tree: 2fef01837d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2fef01837d'
${ noResults }
openwrt-packages-dist/net/ulogd/patches/040-ipfix-template.patch

432 lines
13 KiB
Raw Normal View History

ulogd2: Backport upstream patches IPFIX support was requested. Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years ago
 
  1. From cc919f7013d2d76c8bef0b9c562c1faf98a095a3 Mon Sep 17 00:00:00 2001
  2. From: Ander Juaristi <a@juaristi.eus>
  3. Date: Fri, 26 Apr 2019 09:58:07 +0200
  4. Subject: IPFIX: Introduce template record support
  5. 

  6. This commit adds the ability to send template records
  7. to the remote collector.
  8. 

  9. In addition, it also introduces a new
  10. configuration parameter 'send_template', which tells when template
  11. records should be sent. It accepts the following string values:
  12. 

  13.  - "once": Send the template record only the first time (might be coalesced
  14.     with data records).
  15.  - "always": Send the template record always, with every data record that is sent
  16.     to the collector (multiple data records might be sent together).
  17.  - "never": Assume the collector knows the schema already. Do not send template records.
  18. 

  19. If omitted, the default value for 'send_template' is "once".
  20. 

  21. Signed-off-by: Ander Juaristi <a@juaristi.eus>
  22. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  23. ---

  24.  include/ulogd/ipfix_protocol.h    |  1 +
  25.  output/ipfix/ipfix.c              | 97 +++++++++++++++++++++++++++++++++++++--
  26.  output/ipfix/ipfix.h              | 22 ++++-----
  27.  output/ipfix/ulogd_output_IPFIX.c | 56 ++++++++++++----------
  28.  4 files changed, 139 insertions(+), 37 deletions(-)
  29. 

  30. diff --git a/include/ulogd/ipfix_protocol.h b/include/ulogd/ipfix_protocol.h

  31. index aef47f0..01dd96a 100644

  32. --- a/include/ulogd/ipfix_protocol.h

  33. +++ b/include/ulogd/ipfix_protocol.h

  34. @@ -129,6 +129,7 @@ enum {

  35.  	/* reserved */
  36.  	IPFIX_fragmentOffsetIPv4	= 88,
  37.  	/* reserved */
  38. +	IPFIX_applicationId		= 95,

  39.  	IPFIX_bgpNextAdjacentAsNumber	= 128,
  40.  	IPFIX_bgpPrevAdjacentAsNumber	= 129,
  41.  	IPFIX_exporterIPv4Address	= 130,
  42. diff --git a/output/ipfix/ipfix.c b/output/ipfix/ipfix.c

  43. index 60a4c7f..4bb432a 100644

  44. --- a/output/ipfix/ipfix.c

  45. +++ b/output/ipfix/ipfix.c

  46. @@ -2,6 +2,7 @@

  47.   * ipfix.c
  48.   *
  49.   * Holger Eitzenberger, 2009.
  50. + * Ander Juaristi, 2019

  51.   */
  52.  
  53.  /* These forward declarations are needed since ulogd.h doesn't like to be the first */
  54. @@ -13,25 +14,107 @@

  55.  
  56.  #include <ulogd/ulogd.h>
  57.  #include <ulogd/common.h>
  58. +#include <ulogd/ipfix_protocol.h>

  59. +

  60. +struct ipfix_templ_elem {

  61. +	uint16_t id;

  62. +	uint16_t len;

  63. +};

  64. +

  65. +struct ipfix_templ {

  66. +	unsigned int num_templ_elements;

  67. +	struct ipfix_templ_elem templ_elements[];

  68. +};

  69. +

  70. +/* Template fields modeled after vy_ipfix_data */

  71. +static const struct ipfix_templ template = {

  72. +	.num_templ_elements = 10,

  73. +	.templ_elements = {

  74. +		{

  75. +			.id = IPFIX_sourceIPv4Address,

  76. +			.len = sizeof(uint32_t)

  77. +		},

  78. +		{

  79. +			.id = IPFIX_destinationIPv4Address,

  80. +			.len = sizeof(uint32_t)

  81. +		},

  82. +		{

  83. +			.id = IPFIX_packetTotalCount,

  84. +			.len = sizeof(uint32_t)

  85. +		},

  86. +		{

  87. +			.id = IPFIX_octetTotalCount,

  88. +			.len = sizeof(uint32_t)

  89. +		},

  90. +		{

  91. +			.id = IPFIX_flowStartSeconds,

  92. +			.len = sizeof(uint32_t)

  93. +		},

  94. +		{

  95. +			.id = IPFIX_flowEndSeconds,

  96. +			.len = sizeof(uint32_t)

  97. +		},

  98. +		{

  99. +			.id = IPFIX_sourceTransportPort,

  100. +			.len = sizeof(uint16_t)

  101. +		},

  102. +		{

  103. +			.id = IPFIX_destinationTransportPort,

  104. +			.len = sizeof(uint16_t)

  105. +		},

  106. +		{

  107. +			.id = IPFIX_protocolIdentifier,

  108. +			.len = sizeof(uint8_t)

  109. +		},

  110. +		{

  111. +			.id = IPFIX_applicationId,

  112. +			.len = sizeof(uint32_t)

  113. +		}

  114. +	}

  115. +};

  116.  
  117. -struct ipfix_msg *ipfix_msg_alloc(size_t len, uint32_t oid)

  118. +struct ipfix_msg *ipfix_msg_alloc(size_t len, uint32_t oid, int tid)

  119.  {
  120.  	struct ipfix_msg *msg;
  121.  	struct ipfix_hdr *hdr;
  122. +	struct ipfix_templ_hdr *templ_hdr;

  123. +	struct ipfix_templ_elem *elem;

  124. +	unsigned int i = 0;

  125.  
  126. -	if (len < IPFIX_HDRLEN + IPFIX_SET_HDRLEN)

  127. +	if ((tid > 0 && len < IPFIX_HDRLEN + IPFIX_TEMPL_HDRLEN(template.num_templ_elements) + IPFIX_SET_HDRLEN) ||

  128. +	    (len < IPFIX_HDRLEN + IPFIX_SET_HDRLEN))

  129.  		return NULL;
  130.  
  131.  	msg = malloc(sizeof(struct ipfix_msg) + len);
  132.  	memset(msg, 0, sizeof(struct ipfix_msg));
  133. -	msg->tail = msg->data + IPFIX_HDRLEN;

  134. +	msg->tid = tid;

  135.  	msg->end = msg->data + len;
  136. +	msg->tail = msg->data + IPFIX_HDRLEN;

  137. +	if (tid > 0)

  138. +		msg->tail += IPFIX_TEMPL_HDRLEN(template.num_templ_elements);

  139.  
  140. +	/* Initialize message header */

  141.  	hdr = ipfix_msg_hdr(msg);
  142.  	memset(hdr, 0, IPFIX_HDRLEN);
  143.  	hdr->version = htons(IPFIX_VERSION);
  144.  	hdr->oid = htonl(oid);
  145.  
  146. +	if (tid > 0) {

  147. +		/* Initialize template record header */

  148. +		templ_hdr = ipfix_msg_templ_hdr(msg);

  149. +		templ_hdr->sid = htons(2);

  150. +		templ_hdr->tid = htons(tid);

  151. +		templ_hdr->len = htons(IPFIX_TEMPL_HDRLEN(template.num_templ_elements));

  152. +		templ_hdr->cnt = htons(template.num_templ_elements);

  153. +

  154. +		while (i < template.num_templ_elements) {

  155. +			elem = (struct ipfix_templ_elem *) &templ_hdr->data[i * 4];

  156. +			elem->id = htons(template.templ_elements[i].id);

  157. +			elem->len = htons(template.templ_elements[i].len);

  158. +			i++;

  159. +		}

  160. +	}

  161. +

  162.  	return msg;
  163.  }
  164.  
  165. @@ -47,6 +130,14 @@ void ipfix_msg_free(struct ipfix_msg *msg)

  166.  	free(msg);
  167.  }
  168.  
  169. +struct ipfix_templ_hdr *ipfix_msg_templ_hdr(const struct ipfix_msg *msg)

  170. +{

  171. +	if (msg->tid > 0)

  172. +		return (struct ipfix_templ_hdr *) (msg->data + IPFIX_HDRLEN);

  173. +

  174. +	return NULL;

  175. +}

  176. +

  177.  struct ipfix_hdr *ipfix_msg_hdr(const struct ipfix_msg *msg)
  178.  {
  179.  	return (struct ipfix_hdr *)msg->data;
  180. diff --git a/output/ipfix/ipfix.h b/output/ipfix/ipfix.h

  181. index cdb5a6f..93945fb 100644

  182. --- a/output/ipfix/ipfix.h

  183. +++ b/output/ipfix/ipfix.h

  184. @@ -2,6 +2,7 @@

  185.   * ipfix.h
  186.   *
  187.   * Holger Eitzenberger <holger@eitzenberger.org>, 2009.
  188. + * Ander Juaristi <a@juaristi.eus>, 2019

  189.   */
  190.  #ifndef IPFIX_H
  191.  #define IPFIX_H
  192. @@ -20,17 +21,21 @@ struct ipfix_hdr {

  193.  	uint8_t data[];
  194.  } __packed;
  195.  
  196. -#define IPFIX_HDRLEN	sizeof(struct ipfix_hdr)

  197. +#define IPFIX_HDRLEN		sizeof(struct ipfix_hdr)

  198.  
  199.  /*
  200.   * IDs 0-255 are reserved for Template Sets.  IDs of Data Sets are > 255.
  201.   */
  202.  struct ipfix_templ_hdr {
  203. -	uint16_t id;

  204. +	uint16_t sid;

  205. +	uint16_t len;

  206. +	uint16_t tid;

  207.  	uint16_t cnt;
  208.  	uint8_t data[];
  209.  } __packed;
  210.  
  211. +#define IPFIX_TEMPL_HDRLEN(nfields)	sizeof(struct ipfix_templ_hdr) + (sizeof(uint16_t) * 2 * nfields)

  212. +

  213.  struct ipfix_set_hdr {
  214.  #define IPFIX_SET_TEMPL			2
  215.  #define IPFIX_SET_OPT_TEMPL		3
  216. @@ -46,6 +51,7 @@ struct ipfix_msg {

  217.  	uint8_t *tail;
  218.  	uint8_t *end;
  219.  	unsigned nrecs;
  220. +	int tid;

  221.  	struct ipfix_set_hdr *last_set;
  222.  	uint8_t data[];
  223.  };
  224. @@ -53,18 +59,14 @@ struct ipfix_msg {

  225.  struct vy_ipfix_data {
  226.  	struct in_addr saddr;
  227.  	struct in_addr daddr;
  228. -	uint16_t ifi_in;

  229. -	uint16_t ifi_out;

  230.  	uint32_t packets;
  231.  	uint32_t bytes;
  232.  	uint32_t start;				/* Unix time */
  233.  	uint32_t end;				/* Unix time */
  234.  	uint16_t sport;
  235.  	uint16_t dport;
  236. -	uint32_t aid;				/* Application ID */

  237.  	uint8_t l4_proto;
  238. -	uint8_t dscp;

  239. -	uint16_t __padding;

  240. +	uint32_t aid;				/* Application ID */

  241.  } __packed;
  242.  
  243.  #define VY_IPFIX_SID		256
  244. @@ -73,13 +75,11 @@ struct vy_ipfix_data {

  245.  #define VY_IPFIX_PKT_LEN	(IPFIX_HDRLEN + IPFIX_SET_HDRLEN \
  246.  							 + VY_IPFIX_FLOWS * sizeof(struct vy_ipfix_data))
  247.  
  248. -/* template management */

  249. -size_t ipfix_rec_len(uint16_t);

  250. -

  251.  /* message handling */
  252. -struct ipfix_msg *ipfix_msg_alloc(size_t, uint32_t);

  253. +struct ipfix_msg *ipfix_msg_alloc(size_t, uint32_t, int);

  254.  void ipfix_msg_free(struct ipfix_msg *);
  255.  struct ipfix_hdr *ipfix_msg_hdr(const struct ipfix_msg *);
  256. +struct ipfix_templ_hdr *ipfix_msg_templ_hdr(const struct ipfix_msg *);

  257.  size_t ipfix_msg_len(const struct ipfix_msg *);
  258.  void *ipfix_msg_data(struct ipfix_msg *);
  259.  struct ipfix_set_hdr *ipfix_msg_add_set(struct ipfix_msg *, uint16_t);
  260. diff --git a/output/ipfix/ulogd_output_IPFIX.c b/output/ipfix/ulogd_output_IPFIX.c

  261. index ec143b1..5b59003 100644

  262. --- a/output/ipfix/ulogd_output_IPFIX.c

  263. +++ b/output/ipfix/ulogd_output_IPFIX.c

  264. @@ -3,6 +3,9 @@

  265.   *
  266.   * ulogd IPFIX Exporter plugin.
  267.   *
  268. + * (C) 2009 by Holger Eitzenberger <holger@eitzenberger.org>, Astaro AG

  269. + * (C) 2019 by Ander Juaristi <a@juaristi.eus>

  270. + *

  271.   * This program is distributed in the hope that it will be useful,
  272.   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  273.   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  274. @@ -11,8 +14,6 @@

  275.   * You should have received a copy of the GNU General Public License
  276.   * along with this program; if not, write to the Free Software
  277.   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  278. - *

  279. - * Holger Eitzenberger <holger@eitzenberger.org>  Astaro AG 2009

  280.   */
  281.  #include <unistd.h>
  282.  #include <time.h>
  283. @@ -28,6 +29,7 @@

  284.  #define DEFAULT_MTU		512 /* RFC 5101, 10.3.3 */
  285.  #define DEFAULT_PORT		4739 /* RFC 5101, 10.3.4 */
  286.  #define DEFAULT_SPORT		4740
  287. +#define DEFAULT_SEND_TEMPLATE	"once"

  288.  
  289.  enum {
  290.  	OID_CE = 0,
  291. @@ -35,16 +37,18 @@ enum {

  292.  	PORT_CE,
  293.  	PROTO_CE,
  294.  	MTU_CE,
  295. +	SEND_TEMPLATE_CE

  296.  };
  297.  
  298. -#define oid_ce(x)	(x->ces[OID_CE])

  299. -#define host_ce(x)	(x->ces[HOST_CE])

  300. -#define port_ce(x)	(x->ces[PORT_CE])

  301. -#define proto_ce(x)	(x->ces[PROTO_CE])

  302. -#define mtu_ce(x)	(x->ces[MTU_CE])

  303. +#define oid_ce(x)		(x->ces[OID_CE])

  304. +#define host_ce(x)		(x->ces[HOST_CE])

  305. +#define port_ce(x)		(x->ces[PORT_CE])

  306. +#define proto_ce(x)		(x->ces[PROTO_CE])

  307. +#define mtu_ce(x)		(x->ces[MTU_CE])

  308. +#define send_template_ce(x)	(x->ces[SEND_TEMPLATE_CE])

  309.  
  310.  static const struct config_keyset ipfix_kset = {
  311. -	.num_ces = 5,

  312. +	.num_ces = 6,

  313.  	.ces = {
  314.  		{
  315.  			.key = "oid",
  316. @@ -70,20 +74,21 @@ static const struct config_keyset ipfix_kset = {

  317.  			.key = "mtu",
  318.  			.type = CONFIG_TYPE_INT,
  319.  			.u.value = DEFAULT_MTU
  320. +		},

  321. +		{

  322. +			.key = "send_template",

  323. +			.type = CONFIG_TYPE_STRING,

  324. +			.u.string = DEFAULT_SEND_TEMPLATE

  325.  		}
  326.  	}
  327.  };
  328.  
  329. -struct ipfix_templ {

  330. -	struct ipfix_templ *next;

  331. -};

  332. -

  333.  struct ipfix_priv {
  334.  	struct ulogd_fd ufd;
  335.  	uint32_t seqno;
  336.  	struct ipfix_msg *msg;		/* current message */
  337.  	struct llist_head list;
  338. -	struct ipfix_templ *templates;

  339. +	int tid;

  340.  	int proto;
  341.  	struct ulogd_timer timer;
  342.  	struct sockaddr_in sa;
  343. @@ -258,8 +263,8 @@ static void ipfix_timer_cb(struct ulogd_timer *t, void *data)

  344.  static int ipfix_configure(struct ulogd_pluginstance *pi, struct ulogd_pluginstance_stack *stack)
  345.  {
  346.  	struct ipfix_priv *priv = (struct ipfix_priv *) &pi->private;
  347. +	char *host, *proto, *send_template;

  348.  	int oid, port, mtu, ret;
  349. -	char *host, *proto;

  350.  	char addr[16];
  351.  
  352.  	ret = config_parse_file(pi->id, pi->config_kset);
  353. @@ -271,6 +276,7 @@ static int ipfix_configure(struct ulogd_pluginstance *pi, struct ulogd_pluginsta

  354.  	port = port_ce(pi->config_kset).u.value;
  355.  	proto = proto_ce(pi->config_kset).u.string;
  356.  	mtu = mtu_ce(pi->config_kset).u.value;
  357. +	send_template = send_template_ce(pi->config_kset).u.string;

  358.  
  359.  	if (!oid) {
  360.  		ulogd_log(ULOGD_FATAL, "invalid Observation ID\n");
  361. @@ -303,6 +309,8 @@ static int ipfix_configure(struct ulogd_pluginstance *pi, struct ulogd_pluginsta

  362.  
  363.  	ulogd_init_timer(&priv->timer, pi, ipfix_timer_cb);
  364.  
  365. +	priv->tid = (strcmp(send_template, "never") ? VY_IPFIX_SID : -1);

  366. +

  367.  	ulogd_log(ULOGD_INFO, "using IPFIX Collector at %s:%d (MTU %d)\n",
  368.  		  inet_ntop(AF_INET, &priv->sa.sin_addr, addr, sizeof(addr)),
  369.  		  port, mtu);
  370. @@ -410,25 +418,30 @@ static int ipfix_stop(struct ulogd_pluginstance *pi)

  371.  static int ipfix_interp(struct ulogd_pluginstance *pi)
  372.  {
  373.  	struct ipfix_priv *priv = (struct ipfix_priv *) &pi->private;
  374. +	char saddr[16], daddr[16], *send_template;

  375.  	struct vy_ipfix_data *data;
  376.  	int oid, mtu, ret;
  377. -	char addr[16];

  378.  
  379.  	if (!(GET_FLAGS(pi->input.keys, InIpSaddr) & ULOGD_RETF_VALID))
  380.  		return ULOGD_IRET_OK;
  381.  
  382.  	oid = oid_ce(pi->config_kset).u.value;
  383.  	mtu = mtu_ce(pi->config_kset).u.value;
  384. +	send_template = send_template_ce(pi->config_kset).u.string;

  385.  
  386.  again:
  387.  	if (!priv->msg) {
  388. -		priv->msg = ipfix_msg_alloc(mtu, oid);

  389. +		priv->msg = ipfix_msg_alloc(mtu, oid, priv->tid);

  390.  		if (!priv->msg) {
  391.  			/* just drop this flow */
  392.  			ulogd_log(ULOGD_ERROR, "out of memory, dropping flow\n");
  393.  			return ULOGD_IRET_OK;
  394.  		}
  395.  		ipfix_msg_add_set(priv->msg, VY_IPFIX_SID);
  396. +

  397. +		/* template sent - do not send it again the next time */

  398. +		if (priv->tid == VY_IPFIX_SID && strcmp(send_template, "once") == 0)

  399. +			priv->tid = -1;

  400.  	}
  401.  
  402.  	data = ipfix_msg_add_data(priv->msg, sizeof(struct vy_ipfix_data));
  403. @@ -439,8 +452,6 @@ again:

  404.  		goto again;
  405.  	}
  406.  
  407. -	data->ifi_in = data->ifi_out = 0;

  408. -

  409.  	data->saddr.s_addr = ikey_get_u32(&pi->input.keys[InIpSaddr]);
  410.  	data->daddr.s_addr = ikey_get_u32(&pi->input.keys[InIpDaddr]);
  411.  
  412. @@ -462,13 +473,12 @@ again:

  413.  		data->aid = htonl(ikey_get_u32(&pi->input.keys[InCtMark]));
  414.  
  415.  	data->l4_proto = ikey_get_u8(&pi->input.keys[InIpProto]);
  416. -	data->__padding = 0;

  417.  
  418.  	ulogd_log(ULOGD_DEBUG, "Got new packet (packets = %u, bytes = %u, flow = (%u, %u), saddr = %s, daddr = %s, sport = %u, dport = %u)\n",
  419. -			ntohl(data->packets), ntohl(data->bytes), ntohl(data->start), ntohl(data->end),

  420. -			inet_ntop(AF_INET, &data->saddr.s_addr, addr, sizeof(addr)),

  421. -			inet_ntop(AF_INET, &data->daddr.s_addr, addr, sizeof(addr)),

  422. -			ntohs(data->sport), ntohs(data->dport));

  423. +		  ntohl(data->packets), ntohl(data->bytes), ntohl(data->start), ntohl(data->end),

  424. +		  inet_ntop(AF_INET, &data->saddr.s_addr, saddr, sizeof(saddr)),

  425. +		  inet_ntop(AF_INET, &data->daddr.s_addr, daddr, sizeof(daddr)),

  426. +		  ntohs(data->sport), ntohs(data->dport));

  427.  
  428.  	if ((ret = send_msgs(pi)) < 0)
  429.  		return ret;
  430. -- 

  431. cgit v1.2.1
  432.