2 * Copyright (c) 2004-2005 Gleb Smirnoff <glebius@FreeBSD.org>
3 * Copyright (c) 2001-2003 Roman V. Palagin <romanp@unshadow.net>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * $SourceForge: ng_netflow.c,v 1.30 2004/09/05 11:37:43 glebius Exp $
28 * $FreeBSD: src/sys/netgraph/netflow/ng_netflow.c,v 1.17 2008/04/16 16:47:14 kris Exp $
29 * $DragonFly: src/sys/netgraph7/netflow/ng_netflow.c,v 1.2 2008/06/26 23:05:40 dillon Exp $
32 #include <sys/param.h>
33 #include <sys/systm.h>
34 #include <sys/kernel.h>
35 #include <sys/limits.h>
37 #include <sys/socket.h>
38 #include <sys/syslog.h>
39 #include <sys/ctype.h>
42 #include <net/ethernet.h>
43 #include <net/if_arp.h>
44 #include <net/if_var.h>
45 #include <net/if_vlan_var.h>
47 #include <netinet/in.h>
48 #include <netinet/in_systm.h>
49 #include <netinet/ip.h>
50 #include <netinet/tcp.h>
51 #include <netinet/udp.h>
53 #include "ng_message.h"
56 #include "netflow/netflow.h"
57 #include "netflow/ng_netflow.h"
59 /* Netgraph methods */
60 static ng_constructor_t ng_netflow_constructor;
61 static ng_rcvmsg_t ng_netflow_rcvmsg;
62 static ng_close_t ng_netflow_close;
63 static ng_shutdown_t ng_netflow_rmnode;
64 static ng_newhook_t ng_netflow_newhook;
65 static ng_rcvdata_t ng_netflow_rcvdata;
66 static ng_disconnect_t ng_netflow_disconnect;
68 /* Parse type for struct ng_netflow_info */
69 static const struct ng_parse_struct_field ng_netflow_info_type_fields[]
70 = NG_NETFLOW_INFO_TYPE;
71 static const struct ng_parse_type ng_netflow_info_type = {
72 &ng_parse_struct_type,
73 &ng_netflow_info_type_fields
76 /* Parse type for struct ng_netflow_ifinfo */
77 static const struct ng_parse_struct_field ng_netflow_ifinfo_type_fields[]
78 = NG_NETFLOW_IFINFO_TYPE;
79 static const struct ng_parse_type ng_netflow_ifinfo_type = {
80 &ng_parse_struct_type,
81 &ng_netflow_ifinfo_type_fields
84 /* Parse type for struct ng_netflow_setdlt */
85 static const struct ng_parse_struct_field ng_netflow_setdlt_type_fields[]
86 = NG_NETFLOW_SETDLT_TYPE;
87 static const struct ng_parse_type ng_netflow_setdlt_type = {
88 &ng_parse_struct_type,
89 &ng_netflow_setdlt_type_fields
92 /* Parse type for ng_netflow_setifindex */
93 static const struct ng_parse_struct_field ng_netflow_setifindex_type_fields[]
94 = NG_NETFLOW_SETIFINDEX_TYPE;
95 static const struct ng_parse_type ng_netflow_setifindex_type = {
96 &ng_parse_struct_type,
97 &ng_netflow_setifindex_type_fields
100 /* Parse type for ng_netflow_settimeouts */
101 static const struct ng_parse_struct_field ng_netflow_settimeouts_type_fields[]
102 = NG_NETFLOW_SETTIMEOUTS_TYPE;
103 static const struct ng_parse_type ng_netflow_settimeouts_type = {
104 &ng_parse_struct_type,
105 &ng_netflow_settimeouts_type_fields
108 /* List of commands and how to convert arguments to/from ASCII */
109 static const struct ng_cmdlist ng_netflow_cmds[] = {
115 &ng_netflow_info_type
121 &ng_parse_uint16_type,
122 &ng_netflow_ifinfo_type
128 &ng_netflow_setdlt_type,
133 NGM_NETFLOW_SETIFINDEX,
135 &ng_netflow_setifindex_type,
140 NGM_NETFLOW_SETTIMEOUTS,
142 &ng_netflow_settimeouts_type,
149 /* Netgraph node type descriptor */
150 static struct ng_type ng_netflow_typestruct = {
151 .version = NG_ABI_VERSION,
152 .name = NG_NETFLOW_NODE_TYPE,
153 .constructor = ng_netflow_constructor,
154 .rcvmsg = ng_netflow_rcvmsg,
155 .close = ng_netflow_close,
156 .shutdown = ng_netflow_rmnode,
157 .newhook = ng_netflow_newhook,
158 .rcvdata = ng_netflow_rcvdata,
159 .disconnect = ng_netflow_disconnect,
160 .cmdlist = ng_netflow_cmds,
162 NETGRAPH_INIT(netflow, &ng_netflow_typestruct);
164 /* Called at node creation */
166 ng_netflow_constructor(node_p node)
171 /* Initialize private data */
172 MALLOC(priv, priv_p, sizeof(*priv), M_NETGRAPH, M_WAITOK | M_NULLOK);
175 bzero(priv, sizeof(*priv));
177 /* Make node and its data point at each other */
178 NG_NODE_SET_PRIVATE(node, priv);
181 /* Initialize timeouts to default values */
182 priv->info.nfinfo_inact_t = INACTIVE_TIMEOUT;
183 priv->info.nfinfo_act_t = ACTIVE_TIMEOUT;
185 /* Initialize callout handle */
186 callout_init(&priv->exp_callout, CALLOUT_MPSAFE);
188 /* Allocate memory and set up flow cache */
189 if ((error = ng_netflow_cache_init(priv)))
196 * ng_netflow supports two hooks: data and export.
197 * Incoming traffic is expected on data, and expired
198 * netflow datagrams are sent to export.
201 ng_netflow_newhook(node_p node, hook_p hook, const char *name)
203 const priv_p priv = NG_NODE_PRIVATE(node);
205 if (strncmp(name, NG_NETFLOW_HOOK_DATA, /* an iface hook? */
206 strlen(NG_NETFLOW_HOOK_DATA)) == 0) {
212 cp = name + strlen(NG_NETFLOW_HOOK_DATA);
213 if (!isdigit(*cp) || (cp[0] == '0' && cp[1] != '\0'))
216 ifnum = (int)strtoul(cp, &eptr, 10);
217 if (*eptr != '\0' || ifnum < 0 || ifnum >= NG_NETFLOW_MAXIFACES)
220 /* See if hook is already connected */
221 if (priv->ifaces[ifnum].hook != NULL)
224 iface = &priv->ifaces[ifnum];
226 /* Link private info and hook together */
227 NG_HOOK_SET_PRIVATE(hook, iface);
231 * In most cases traffic accounting is done on an
232 * Ethernet interface, so default data link type
233 * will be DLT_EN10MB.
235 iface->info.ifinfo_dlt = DLT_EN10MB;
237 } else if (strncmp(name, NG_NETFLOW_HOOK_OUT,
238 strlen(NG_NETFLOW_HOOK_OUT)) == 0) {
244 cp = name + strlen(NG_NETFLOW_HOOK_OUT);
245 if (!isdigit(*cp) || (cp[0] == '0' && cp[1] != '\0'))
248 ifnum = (int)strtoul(cp, &eptr, 10);
249 if (*eptr != '\0' || ifnum < 0 || ifnum >= NG_NETFLOW_MAXIFACES)
252 /* See if hook is already connected */
253 if (priv->ifaces[ifnum].out != NULL)
256 iface = &priv->ifaces[ifnum];
258 /* Link private info and hook together */
259 NG_HOOK_SET_PRIVATE(hook, iface);
262 } else if (strcmp(name, NG_NETFLOW_HOOK_EXPORT) == 0) {
264 if (priv->export != NULL)
269 #if 0 /* TODO: profile & test first */
271 * We send export dgrams in interrupt handlers and in
272 * callout threads. We'd better queue data for later
273 * netgraph ISR processing.
275 NG_HOOK_FORCE_QUEUE(NG_HOOK_PEER(hook));
278 /* Exporter is ready. Let's schedule expiry. */
279 callout_reset(&priv->exp_callout, (1*hz), &ng_netflow_expire,
287 /* Get a netgraph control message. */
289 ng_netflow_rcvmsg (node_p node, item_p item, hook_p lasthook)
291 const priv_p priv = NG_NODE_PRIVATE(node);
292 struct ng_mesg *resp = NULL;
296 NGI_GET_MSG(item, msg);
298 /* Deal with message according to cookie and command */
299 switch (msg->header.typecookie) {
300 case NGM_NETFLOW_COOKIE:
301 switch (msg->header.cmd) {
302 case NGM_NETFLOW_INFO:
304 struct ng_netflow_info *i;
306 NG_MKRESPONSE(resp, msg, sizeof(struct ng_netflow_info),
307 M_WAITOK | M_NULLOK);
308 i = (struct ng_netflow_info *)resp->data;
309 ng_netflow_copyinfo(priv, i);
313 case NGM_NETFLOW_IFINFO:
315 struct ng_netflow_ifinfo *i;
316 const uint16_t *index;
318 if (msg->header.arglen != sizeof(uint16_t))
321 index = (uint16_t *)msg->data;
322 if (*index >= NG_NETFLOW_MAXIFACES)
325 /* connected iface? */
326 if (priv->ifaces[*index].hook == NULL)
329 NG_MKRESPONSE(resp, msg,
330 sizeof(struct ng_netflow_ifinfo), M_WAITOK | M_NULLOK);
331 i = (struct ng_netflow_ifinfo *)resp->data;
332 memcpy((void *)i, (void *)&priv->ifaces[*index].info,
333 sizeof(priv->ifaces[*index].info));
337 case NGM_NETFLOW_SETDLT:
339 struct ng_netflow_setdlt *set;
340 struct ng_netflow_iface *iface;
342 if (msg->header.arglen != sizeof(struct ng_netflow_setdlt))
345 set = (struct ng_netflow_setdlt *)msg->data;
346 if (set->iface >= NG_NETFLOW_MAXIFACES)
348 iface = &priv->ifaces[set->iface];
350 /* connected iface? */
351 if (iface->hook == NULL)
356 iface->info.ifinfo_dlt = DLT_EN10MB;
359 iface->info.ifinfo_dlt = DLT_RAW;
366 case NGM_NETFLOW_SETIFINDEX:
368 struct ng_netflow_setifindex *set;
369 struct ng_netflow_iface *iface;
371 if (msg->header.arglen != sizeof(struct ng_netflow_setifindex))
374 set = (struct ng_netflow_setifindex *)msg->data;
375 if (set->iface >= NG_NETFLOW_MAXIFACES)
377 iface = &priv->ifaces[set->iface];
379 /* connected iface? */
380 if (iface->hook == NULL)
383 iface->info.ifinfo_index = set->index;
387 case NGM_NETFLOW_SETTIMEOUTS:
389 struct ng_netflow_settimeouts *set;
391 if (msg->header.arglen != sizeof(struct ng_netflow_settimeouts))
394 set = (struct ng_netflow_settimeouts *)msg->data;
396 priv->info.nfinfo_inact_t = set->inactive_timeout;
397 priv->info.nfinfo_act_t = set->active_timeout;
401 case NGM_NETFLOW_SHOW:
405 if (msg->header.arglen != sizeof(uint32_t))
408 last = (uint32_t *)msg->data;
410 NG_MKRESPONSE(resp, msg, NGRESP_SIZE, M_WAITOK | M_NULLOK);
415 error = ng_netflow_flow_show(priv, *last, resp);
420 ERROUT(EINVAL); /* unknown command */
425 ERROUT(EINVAL); /* incorrect cookie */
430 * Take care of synchronous response, if any.
431 * Free memory and return.
434 NG_RESPOND_MSG(error, node, item, resp);
440 /* Receive data on hook. */
442 ng_netflow_rcvdata (hook_p hook, item_p item)
444 const node_p node = NG_HOOK_NODE(hook);
445 const priv_p priv = NG_NODE_PRIVATE(node);
446 const iface_p iface = NG_HOOK_PRIVATE(hook);
447 struct mbuf *m = NULL;
452 if (hook == priv->export) {
454 * Data arrived on export hook.
455 * This must not happen.
457 log(LOG_ERR, "ng_netflow: incoming data on export hook!\n");
461 if (hook == iface->out) {
463 * Data arrived on out hook. Bypass it.
465 if (iface->hook == NULL)
468 NG_FWD_ITEM_HOOK(error, item, iface->hook);
474 /* Increase counters. */
475 iface->info.ifinfo_packets++;
478 * Depending on interface data link type and packet contents
479 * we pullup enough data, so that ng_netflow_flow_add() does not
480 * need to know about mbuf at all. We keep current length of data
481 * needed to be contiguous in pullup_len. mtod() is done at the
482 * very end one more time, since m can had changed after pulluping.
484 * In case of unrecognized data we don't return error, but just
485 * pass data to downstream hook, if it is available.
488 #define M_CHECK(length) do { \
489 pullup_len += length; \
490 if ((m)->m_pkthdr.len < (pullup_len)) { \
494 if ((m)->m_len < (pullup_len) && \
495 (((m) = m_pullup((m),(pullup_len))) == NULL)) { \
501 switch (iface->info.ifinfo_dlt) {
502 case DLT_EN10MB: /* Ethernet */
504 struct ether_header *eh;
507 M_CHECK(sizeof(struct ether_header));
508 eh = mtod(m, struct ether_header *);
510 /* Make sure this is IP frame. */
511 etype = ntohs(eh->ether_type);
514 M_CHECK(sizeof(struct ip));
515 eh = mtod(m, struct ether_header *);
516 ip = (struct ip *)(eh + 1);
520 struct ether_vlan_header *evh;
522 M_CHECK(sizeof(struct ether_vlan_header) -
523 sizeof(struct ether_header));
524 evh = mtod(m, struct ether_vlan_header *);
525 if (ntohs(evh->evl_proto) == ETHERTYPE_IP) {
526 M_CHECK(sizeof(struct ip));
527 ip = (struct ip *)(evh + 1);
532 goto bypass; /* pass this frame */
536 case DLT_RAW: /* IP packets */
537 M_CHECK(sizeof(struct ip));
538 ip = mtod(m, struct ip *);
545 if ((ip->ip_off & htons(IP_OFFMASK)) == 0) {
547 * In case of IP header with options, we haven't pulled
550 pullup_len += (ip->ip_hl << 2) - sizeof(struct ip);
554 M_CHECK(sizeof(struct tcphdr));
557 M_CHECK(sizeof(struct udphdr));
562 switch (iface->info.ifinfo_dlt) {
565 struct ether_header *eh;
567 eh = mtod(m, struct ether_header *);
568 switch (ntohs(eh->ether_type)) {
570 ip = (struct ip *)(eh + 1);
574 struct ether_vlan_header *evh;
576 evh = mtod(m, struct ether_vlan_header *);
577 ip = (struct ip *)(evh + 1);
581 panic("ng_netflow entered deadcode");
586 ip = mtod(m, struct ip *);
589 panic("ng_netflow entered deadcode");
594 error = ng_netflow_flow_add(priv, ip, iface, m->m_pkthdr.rcvif);
597 if (iface->out != NULL) {
598 /* XXX: error gets overwritten here */
599 NG_FWD_NEW_DATA(error, item, iface->out, m);
611 /* We will be shut down in a moment */
613 ng_netflow_close(node_p node)
615 const priv_p priv = NG_NODE_PRIVATE(node);
617 callout_drain(&priv->exp_callout);
618 ng_netflow_cache_flush(priv);
623 /* Do local shutdown processing. */
625 ng_netflow_rmnode(node_p node)
627 const priv_p priv = NG_NODE_PRIVATE(node);
629 NG_NODE_SET_PRIVATE(node, NULL);
630 NG_NODE_UNREF(priv->node);
632 FREE(priv, M_NETGRAPH);
637 /* Hook disconnection. */
639 ng_netflow_disconnect(hook_p hook)
641 node_p node = NG_HOOK_NODE(hook);
642 priv_p priv = NG_NODE_PRIVATE(node);
643 iface_p iface = NG_HOOK_PRIVATE(hook);
646 if (iface->hook == hook)
648 if (iface->out == hook)
652 /* if export hook disconnected stop running expire(). */
653 if (hook == priv->export) {
654 callout_drain(&priv->exp_callout);
658 /* Removal of the last link destroys the node. */
659 if (NG_NODE_NUMHOOKS(node) == 0)
660 ng_rmnode_self(node);