FD.io VPP  v19.08.2-294-g37e99c22d
Vector Packet Processing
nat_ipfix_logging.c
Go to the documentation of this file.
1 /*
2  * nat_ipfix_logging.c - NAT Events IPFIX logging
3  *
4  * Copyright (c) 2016 Cisco and/or its affiliates.
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 
19 #include <vlibmemory/api.h>
20 #include <nat/nat_inlines.h>
21 #include <nat/nat_ipfix_logging.h>
22 #include <vppinfra/atomics.h>
23 
26 
27 #define NAT44_SESSION_CREATE_LEN 26
28 #define NAT_ADDRESSES_EXHAUTED_LEN 13
29 #define MAX_ENTRIES_PER_USER_LEN 21
30 #define MAX_SESSIONS_LEN 17
31 #define MAX_BIBS_LEN 17
32 #define MAX_FRAGMENTS_IP4_LEN 21
33 #define MAX_FRAGMENTS_IP6_LEN 33
34 #define NAT64_BIB_LEN 38
35 #define NAT64_SES_LEN 62
36 
37 #define NAT44_SESSION_CREATE_FIELD_COUNT 8
38 #define NAT_ADDRESSES_EXHAUTED_FIELD_COUNT 3
39 #define MAX_ENTRIES_PER_USER_FIELD_COUNT 5
40 #define MAX_SESSIONS_FIELD_COUNT 4
41 #define MAX_BIBS_FIELD_COUNT 4
42 #define MAX_FRAGMENTS_FIELD_COUNT 5
43 #define NAT64_BIB_FIELD_COUNT 8
44 #define NAT64_SES_FIELD_COUNT 12
45 
46 typedef struct
47 {
56 
57 typedef struct
58 {
61 
62 typedef struct
63 {
67 
68 typedef struct
69 {
72 
73 typedef struct
74 {
77 
78 typedef struct
79 {
83 
84 typedef struct
85 {
87  u64 src[2];
89 
90 typedef struct
91 {
93  u64 src_ip[2];
98  u64 dst_ip[2];
104 
105 typedef struct
106 {
115 
116 #define skip_if_disabled() \
117 do { \
118  snat_ipfix_logging_main_t *silm = &snat_ipfix_logging_main; \
119  if (PREDICT_TRUE (!clib_atomic_fetch_or(&silm->enabled, 0))) \
120  return; \
121 } while (0)
122 
123 #define update_template_id(old_id, new_id) \
124 do { \
125  u16 template_id = clib_atomic_fetch_or(old_id, 0); \
126  clib_atomic_cmp_and_swap(old_id, template_id, new_id); \
127 } while (0)
128 
129 /**
130  * @brief Create an IPFIX template packet rewrite string
131  *
132  * @param frm flow report main
133  * @param fr flow report
134  * @param collector_address collector address
135  * @param src_address source address
136  * @param collector_port collector
137  * @param event NAT event ID
138  * @param quota_event NAT quota exceeded event ID
139  *
140  * @returns template packet
141  */
142 static inline u8 *
144  flow_report_t * fr,
145  ip4_address_t * collector_address,
147  u16 collector_port,
148  nat_event_t event, quota_exceed_event_t quota_event)
149 {
151  ip4_header_t *ip;
152  udp_header_t *udp;
157  ipfix_field_specifier_t *first_field;
158  u8 *rewrite = 0;
160  u32 field_count = 0;
161  flow_report_stream_t *stream;
162  u32 stream_index;
163 
164  stream = &frm->streams[fr->stream_index];
165 
166  stream_index = clib_atomic_fetch_or(&silm->stream_index, 0);
168  stream_index, fr->stream_index);
169 
170  if (event == NAT_ADDRESSES_EXHAUTED)
171  {
173 
175  fr->template_id);
176  }
177  else if (event == NAT44_SESSION_CREATE)
178  {
179  field_count = NAT44_SESSION_CREATE_FIELD_COUNT;
180 
182  fr->template_id);
183  }
184  else if (event == NAT64_BIB_CREATE)
185  {
186  field_count = NAT64_BIB_FIELD_COUNT;
187 
189  fr->template_id);
190  }
191  else if (event == NAT64_SESSION_CREATE)
192  {
193  field_count = NAT64_SES_FIELD_COUNT;
194 
196  fr->template_id);
197  }
198  else if (event == QUOTA_EXCEEDED)
199  {
200  if (quota_event == MAX_ENTRIES_PER_USER)
201  {
202  field_count = MAX_ENTRIES_PER_USER_FIELD_COUNT;
203 
205  fr->template_id);
206 
207  }
208  else if (quota_event == MAX_SESSION_ENTRIES)
209  {
210  field_count = MAX_SESSIONS_FIELD_COUNT;
211 
213  fr->template_id);
214  }
215  else if (quota_event == MAX_BIB_ENTRIES)
216  {
217  field_count = MAX_BIBS_FIELD_COUNT;
218 
220  fr->template_id);
221  }
222  else if (quota_event == MAX_FRAGMENTS_PENDING_REASSEMBLY)
223  {
224  field_count = MAX_FRAGMENTS_FIELD_COUNT;
225 
227  fr->template_id);
228  }
229  else if (quota_event == MAX_FRAGMENTS_PENDING_REASSEMBLY_IP6)
230  {
231  field_count = MAX_FRAGMENTS_FIELD_COUNT;
232 
234  fr->template_id);
235  }
236  }
237 
238  /* allocate rewrite space */
239  vec_validate_aligned (rewrite,
241  + field_count * sizeof (ipfix_field_specifier_t) - 1,
243 
244  tp = (ip4_ipfix_template_packet_t *) rewrite;
245  ip = (ip4_header_t *) & tp->ip4;
246  udp = (udp_header_t *) (ip + 1);
247  h = (ipfix_message_header_t *) (udp + 1);
248  s = (ipfix_set_header_t *) (h + 1);
249  t = (ipfix_template_header_t *) (s + 1);
250  first_field = f = (ipfix_field_specifier_t *) (t + 1);
251 
252  ip->ip_version_and_header_length = 0x45;
253  ip->ttl = 254;
254  ip->protocol = IP_PROTOCOL_UDP;
255  ip->src_address.as_u32 = src_address->as_u32;
256  ip->dst_address.as_u32 = collector_address->as_u32;
257  udp->src_port = clib_host_to_net_u16 (stream->src_port);
258  udp->dst_port = clib_host_to_net_u16 (collector_port);
259  udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip));
260 
261  /* FIXUP: message header export_time */
262  h->domain_id = clib_host_to_net_u32 (stream->domain_id);
263 
264  /* Add TLVs to the template */
265  if (event == NAT_ADDRESSES_EXHAUTED)
266  {
267  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
268  f++;
269  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
270  f++;
271  f->e_id_length = ipfix_e_id_length (0, natPoolId, 4);
272  f++;
273  }
274  else if (event == NAT44_SESSION_CREATE)
275  {
276  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
277  f++;
278  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
279  f++;
280  f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
281  f++;
282  f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
283  f++;
284  f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
285  f++;
286  f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
287  f++;
288  f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
289  f++;
290  f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
291  f++;
292  }
293  else if (event == NAT64_BIB_CREATE)
294  {
295  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
296  f++;
297  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
298  f++;
299  f->e_id_length = ipfix_e_id_length (0, sourceIPv6Address, 16);
300  f++;
301  f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
302  f++;
303  f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
304  f++;
305  f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
306  f++;
307  f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
308  f++;
309  f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
310  f++;
311  }
312  else if (event == NAT64_SESSION_CREATE)
313  {
314  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds, 8);
315  f++;
316  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
317  f++;
318  f->e_id_length = ipfix_e_id_length (0, sourceIPv6Address, 16);
319  f++;
320  f->e_id_length = ipfix_e_id_length (0, postNATSourceIPv4Address, 4);
321  f++;
322  f->e_id_length = ipfix_e_id_length (0, protocolIdentifier, 1);
323  f++;
324  f->e_id_length = ipfix_e_id_length (0, sourceTransportPort, 2);
325  f++;
326  f->e_id_length = ipfix_e_id_length (0, postNAPTSourceTransportPort, 2);
327  f++;
328  f->e_id_length = ipfix_e_id_length (0, destinationIPv6Address, 16);
329  f++;
330  f->e_id_length = ipfix_e_id_length (0, postNATDestinationIPv4Address, 4);
331  f++;
332  f->e_id_length = ipfix_e_id_length (0, destinationTransportPort, 2);
333  f++;
334  f->e_id_length = ipfix_e_id_length (0, postNAPTDestinationTransportPort,
335  2);
336  f++;
337  f->e_id_length = ipfix_e_id_length (0, ingressVRFID, 4);
338  f++;
339  }
340  else if (event == QUOTA_EXCEEDED)
341  {
342  if (quota_event == MAX_ENTRIES_PER_USER)
343  {
344  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
345  8);
346  f++;
347  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
348  f++;
349  f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
350  f++;
351  f->e_id_length = ipfix_e_id_length (0, maxEntriesPerUser, 4);
352  f++;
353  f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
354  f++;
355  }
356  else if (quota_event == MAX_SESSION_ENTRIES)
357  {
358  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
359  8);
360  f++;
361  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
362  f++;
363  f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
364  f++;
365  f->e_id_length = ipfix_e_id_length (0, maxSessionEntries, 4);
366  f++;
367  }
368  else if (quota_event == MAX_BIB_ENTRIES)
369  {
370  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
371  8);
372  f++;
373  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
374  f++;
375  f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
376  f++;
377  f->e_id_length = ipfix_e_id_length (0, maxBIBEntries, 4);
378  f++;
379  }
380  else if (quota_event == MAX_FRAGMENTS_PENDING_REASSEMBLY)
381  {
382  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
383  8);
384  f++;
385  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
386  f++;
387  f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
388  f++;
389  f->e_id_length = ipfix_e_id_length (0, maxFragmentsPendingReassembly,
390  4);
391  f++;
392  f->e_id_length = ipfix_e_id_length (0, sourceIPv4Address, 4);
393  f++;
394  }
395  else if (quota_event == MAX_FRAGMENTS_PENDING_REASSEMBLY_IP6)
396  {
397  f->e_id_length = ipfix_e_id_length (0, observationTimeMilliseconds,
398  8);
399  f++;
400  f->e_id_length = ipfix_e_id_length (0, natEvent, 1);
401  f++;
402  f->e_id_length = ipfix_e_id_length (0, natQuotaExceededEvent, 4);
403  f++;
404  f->e_id_length = ipfix_e_id_length (0, maxFragmentsPendingReassembly,
405  4);
406  f++;
407  f->e_id_length = ipfix_e_id_length (0, sourceIPv6Address, 16);
408  f++;
409  }
410  }
411 
412  /* Back to the template packet... */
413  ip = (ip4_header_t *) & tp->ip4;
414  udp = (udp_header_t *) (ip + 1);
415 
416  ASSERT (f - first_field);
417  /* Field count in this template */
418  t->id_count = ipfix_id_count (fr->template_id, f - first_field);
419 
420  /* set length in octets */
421  s->set_id_length =
422  ipfix_set_id_length (2 /* set_id */ , (u8 *) f - (u8 *) s);
423 
424  /* message length in octets */
425  h->version_length = version_length ((u8 *) f - (u8 *) h);
426 
427  ip->length = clib_host_to_net_u16 ((u8 *) f - (u8 *) ip);
428  ip->checksum = ip4_header_checksum (ip);
429 
430  return rewrite;
431 }
432 
433 u8 *
435  flow_report_t * fr,
436  ip4_address_t * collector_address,
438  u16 collector_port,
440  u32 n_elts, u32 *stream_index)
441 {
442  return snat_template_rewrite (frm, fr, collector_address, src_address,
443  collector_port, NAT_ADDRESSES_EXHAUTED, 0);
444 }
445 
446 u8 *
448  flow_report_t * fr,
449  ip4_address_t * collector_address,
451  u16 collector_port,
453  u32 n_elts, u32 *stream_index)
454 {
455  return snat_template_rewrite (frm, fr, collector_address, src_address,
456  collector_port, NAT44_SESSION_CREATE, 0);
457 }
458 
459 u8 *
461  flow_report_t * fr,
462  ip4_address_t * collector_address,
464  u16 collector_port,
466  u32 n_elts, u32 *stream_index)
467 {
468  return snat_template_rewrite (frm, fr, collector_address, src_address,
469  collector_port, QUOTA_EXCEEDED,
471 }
472 
473 u8 *
475  flow_report_t * fr,
476  ip4_address_t * collector_address,
478  u16 collector_port,
480  u32 n_elts, u32 *stream_index)
481 {
482  return snat_template_rewrite (frm, fr, collector_address, src_address,
483  collector_port, QUOTA_EXCEEDED,
485 }
486 
487 u8 *
489  flow_report_t * fr,
490  ip4_address_t * collector_address,
492  u16 collector_port,
494  u32 n_elts, u32 *stream_index)
495 {
496  return snat_template_rewrite (frm, fr, collector_address, src_address,
497  collector_port, QUOTA_EXCEEDED,
499 }
500 
501 u8 *
503  flow_report_t * fr,
504  ip4_address_t * collector_address,
506  u16 collector_port,
508  u32 n_elts, u32 *stream_index)
509 {
510  return snat_template_rewrite (frm, fr, collector_address, src_address,
511  collector_port, QUOTA_EXCEEDED,
513 }
514 
515 u8 *
517  flow_report_t * fr,
518  ip4_address_t * collector_address,
520  u16 collector_port,
522  u32 n_elts, u32 *stream_index)
523 {
524  return snat_template_rewrite (frm, fr, collector_address, src_address,
525  collector_port, QUOTA_EXCEEDED,
527 }
528 
529 u8 *
531  flow_report_t * fr,
532  ip4_address_t * collector_address,
534  u16 collector_port,
536  u32 n_elts, u32 *stream_index)
537 {
538  return snat_template_rewrite (frm, fr, collector_address, src_address,
539  collector_port, NAT64_BIB_CREATE, 0);
540 }
541 
542 u8 *
544  flow_report_t * fr,
545  ip4_address_t * collector_address,
547  u16 collector_port,
549  u32 n_elts, u32 *stream_index)
550 {
551  return snat_template_rewrite (frm, fr, collector_address, src_address,
552  collector_port, NAT64_SESSION_CREATE, 0);
553 }
554 
555 static inline void
557  vlib_buffer_t * b0, u32 * offset)
558 {
560  flow_report_stream_t *stream;
563  ipfix_set_header_t *s = 0;
564  u32 sequence_number;
565  u32 stream_index;
566  ip4_header_t *ip;
567  udp_header_t *udp;
569 
570  stream_index = clib_atomic_fetch_or(&silm->stream_index, 0);
571  stream = &frm->streams[stream_index];
572 
573  b0->current_data = 0;
574  b0->current_length = sizeof (*ip) + sizeof (*udp) + sizeof (*h) +
575  sizeof (*s);
576  b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT);
577  vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0;
578  vnet_buffer (b0)->sw_if_index[VLIB_TX] = frm->fib_index;
579  tp = vlib_buffer_get_current (b0);
580  ip = (ip4_header_t *) & tp->ip4;
581  udp = (udp_header_t *) (ip + 1);
582  h = (ipfix_message_header_t *) (udp + 1);
583  s = (ipfix_set_header_t *) (h + 1);
584 
585  ip->ip_version_and_header_length = 0x45;
586  ip->ttl = 254;
587  ip->protocol = IP_PROTOCOL_UDP;
591  udp->src_port = clib_host_to_net_u16 (stream->src_port);
592  udp->dst_port = clib_host_to_net_u16 (frm->collector_port);
593  udp->checksum = 0;
594 
595  h->export_time = clib_host_to_net_u32 ((u32)
596  (((f64) frm->unix_time_0) +
597  (vlib_time_now (vm) -
598  frm->vlib_time_0)));
599 
600  sequence_number = clib_atomic_fetch_add (&stream->sequence_number, 1);
601  h->sequence_number = clib_host_to_net_u32 (sequence_number);
602  h->domain_id = clib_host_to_net_u32 (stream->domain_id);
603 
604  *offset = (u32) (((u8 *) (s + 1)) - (u8 *) tp);
605 }
606 
607 static inline void
609  vlib_frame_t * f, vlib_buffer_t * b0, u16 template_id)
610 {
613  ipfix_set_header_t *s = 0;
614  ip4_header_t *ip;
615  udp_header_t *udp;
616  vlib_main_t *vm = frm->vlib_main;
617 
618  tp = vlib_buffer_get_current (b0);
619  ip = (ip4_header_t *) & tp->ip4;
620  udp = (udp_header_t *) (ip + 1);
621  h = (ipfix_message_header_t *) (udp + 1);
622  s = (ipfix_set_header_t *) (h + 1);
623 
624  s->set_id_length = ipfix_set_id_length (template_id,
625  b0->current_length -
626  (sizeof (*ip) + sizeof (*udp) +
627  sizeof (*h)));
629  (sizeof (*ip) + sizeof (*udp)));
630 
631  ip->length = clib_host_to_net_u16 (b0->current_length);
632  ip->checksum = ip4_header_checksum (ip);
633  udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip));
634 
635  if (frm->udp_checksum)
636  {
637  udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip);
638  if (udp->checksum == 0)
639  udp->checksum = 0xffff;
640  }
641 
642  ASSERT (ip->checksum == ip4_header_checksum (ip));
643 
645 }
646 
647 static void
648 snat_ipfix_logging_nat44_ses (u32 thread_index, u8 nat_event, u32 src_ip,
649  u32 nat_src_ip, snat_protocol_t snat_proto,
650  u16 src_port, u16 nat_src_port, u32 vrf_id,
651  int do_flush)
652 {
654  snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
656  vlib_frame_t *f;
657  vlib_buffer_t *b0 = 0;
658  u32 bi0 = ~0;
659  u32 offset;
660  vlib_main_t *vm = frm->vlib_main;
661  u64 now;
662  u8 proto = ~0;
663  u16 template_id;
664 
665  proto = snat_proto_to_ip_proto (snat_proto);
666 
667  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
668  now += silm->milisecond_time_0;
669 
670  b0 = sitd->nat44_session_buffer;
671 
672  if (PREDICT_FALSE (b0 == 0))
673  {
674  if (do_flush)
675  return;
676 
677  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
678  {
679  nat_elog_err ("can't allocate buffer for NAT IPFIX event");
680  return;
681  }
682 
683  b0 = sitd->nat44_session_buffer = vlib_get_buffer (vm, bi0);
685  offset = 0;
686  }
687  else
688  {
689  bi0 = vlib_get_buffer_index (vm, b0);
690  offset = sitd->nat44_session_next_record_offset;
691  }
692 
693  f = sitd->nat44_session_frame;
694  if (PREDICT_FALSE (f == 0))
695  {
696  u32 *to_next;
697  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
698  sitd->nat44_session_frame = f;
699  to_next = vlib_frame_vector_args (f);
700  to_next[0] = bi0;
701  f->n_vectors = 1;
702  }
703 
704  if (PREDICT_FALSE (offset == 0))
705  snat_ipfix_header_create (frm, b0, &offset);
706 
707  if (PREDICT_TRUE (do_flush == 0))
708  {
709  u64 time_stamp = clib_host_to_net_u64 (now);
710  clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
711  offset += sizeof (time_stamp);
712 
713  clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
714  offset += sizeof (nat_event);
715 
716  clib_memcpy_fast (b0->data + offset, &src_ip, sizeof (src_ip));
717  offset += sizeof (src_ip);
718 
719  clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
720  offset += sizeof (nat_src_ip);
721 
722  clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
723  offset += sizeof (proto);
724 
725  clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
726  offset += sizeof (src_port);
727 
728  clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
729  offset += sizeof (nat_src_port);
730 
731  clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
732  offset += sizeof (vrf_id);
733 
735  }
736 
737  if (PREDICT_FALSE
738  (do_flush || (offset + NAT44_SESSION_CREATE_LEN) > frm->path_mtu))
739  {
740  template_id = clib_atomic_fetch_or (
742  0);
743  snat_ipfix_send (frm, f, b0, template_id);
744  sitd->nat44_session_frame = 0;
745  sitd->nat44_session_buffer = 0;
746  offset = 0;
747  }
749 }
750 
751 static void
752 snat_ipfix_logging_addr_exhausted (u32 thread_index, u32 pool_id, int do_flush)
753 {
755  snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
757  vlib_frame_t *f;
758  vlib_buffer_t *b0 = 0;
759  u32 bi0 = ~0;
760  u32 offset;
761  vlib_main_t *vm = frm->vlib_main;
762  u64 now;
763  u8 nat_event = NAT_ADDRESSES_EXHAUTED;
764  u16 template_id;
765 
766  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
767  now += silm->milisecond_time_0;
768 
769  b0 = sitd->addr_exhausted_buffer;
770 
771  if (PREDICT_FALSE (b0 == 0))
772  {
773  if (do_flush)
774  return;
775 
776  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
777  {
778  nat_elog_err ("can't allocate buffer for NAT IPFIX event");
779  return;
780  }
781 
782  b0 = sitd->addr_exhausted_buffer = vlib_get_buffer (vm, bi0);
784  offset = 0;
785  }
786  else
787  {
788  bi0 = vlib_get_buffer_index (vm, b0);
789  offset = sitd->addr_exhausted_next_record_offset;
790  }
791 
792  f = sitd->addr_exhausted_frame;
793  if (PREDICT_FALSE (f == 0))
794  {
795  u32 *to_next;
796  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
797  sitd->addr_exhausted_frame = f;
798  to_next = vlib_frame_vector_args (f);
799  to_next[0] = bi0;
800  f->n_vectors = 1;
801  }
802 
803  if (PREDICT_FALSE (offset == 0))
804  snat_ipfix_header_create (frm, b0, &offset);
805 
806  if (PREDICT_TRUE (do_flush == 0))
807  {
808  u64 time_stamp = clib_host_to_net_u64 (now);
809  clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
810  offset += sizeof (time_stamp);
811 
812  clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
813  offset += sizeof (nat_event);
814 
815  clib_memcpy_fast (b0->data + offset, &pool_id, sizeof (pool_id));
816  offset += sizeof (pool_id);
817 
819  }
820 
821  if (PREDICT_FALSE
822  (do_flush || (offset + NAT_ADDRESSES_EXHAUTED_LEN) > frm->path_mtu))
823  {
824  template_id = clib_atomic_fetch_or (
826  0);
827  snat_ipfix_send (frm, f, b0, template_id);
828  sitd->addr_exhausted_frame = 0;
829  sitd->addr_exhausted_buffer = 0;
830  offset = 0;
831  }
833 }
834 
835 static void
837  u32 limit, u32 src_ip, int do_flush)
838 {
840  snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
842  vlib_frame_t *f;
843  vlib_buffer_t *b0 = 0;
844  u32 bi0 = ~0;
845  u32 offset;
846  vlib_main_t *vm = frm->vlib_main;
847  u64 now;
848  u8 nat_event = QUOTA_EXCEEDED;
849  u32 quota_event = MAX_ENTRIES_PER_USER;
850  u16 template_id;
851 
852  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
853  now += silm->milisecond_time_0;
854 
855  b0 = sitd->max_entries_per_user_buffer;
856 
857  if (PREDICT_FALSE (b0 == 0))
858  {
859  if (do_flush)
860  return;
861 
862  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
863  {
864  nat_elog_err ("can't allocate buffer for NAT IPFIX event");
865  return;
866  }
867 
868  b0 = sitd->max_entries_per_user_buffer = vlib_get_buffer (vm, bi0);
870  offset = 0;
871  }
872  else
873  {
874  bi0 = vlib_get_buffer_index (vm, b0);
876  }
877 
878  f = sitd->max_entries_per_user_frame;
879  if (PREDICT_FALSE (f == 0))
880  {
881  u32 *to_next;
882  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
883  sitd->max_entries_per_user_frame = f;
884  to_next = vlib_frame_vector_args (f);
885  to_next[0] = bi0;
886  f->n_vectors = 1;
887  }
888 
889  if (PREDICT_FALSE (offset == 0))
890  snat_ipfix_header_create (frm, b0, &offset);
891 
892  if (PREDICT_TRUE (do_flush == 0))
893  {
894  u64 time_stamp = clib_host_to_net_u64 (now);
895  clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
896  offset += sizeof (time_stamp);
897 
898  clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
899  offset += sizeof (nat_event);
900 
901  clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
902  offset += sizeof (quota_event);
903 
904  clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
905  offset += sizeof (limit);
906 
907  clib_memcpy_fast (b0->data + offset, &src_ip, sizeof (src_ip));
908  offset += sizeof (src_ip);
909 
911  }
912 
913  if (PREDICT_FALSE
914  (do_flush || (offset + MAX_ENTRIES_PER_USER_LEN) > frm->path_mtu))
915  {
916  template_id = clib_atomic_fetch_or (
918  0);
919  snat_ipfix_send (frm, f, b0, template_id);
920  sitd->max_entries_per_user_frame = 0;
921  sitd->max_entries_per_user_buffer = 0;
922  offset = 0;
923  }
925 }
926 
927 static void
928 nat_ipfix_logging_max_ses (u32 thread_index, u32 limit, int do_flush)
929 {
931  snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
933  vlib_frame_t *f;
934  vlib_buffer_t *b0 = 0;
935  u32 bi0 = ~0;
936  u32 offset;
937  vlib_main_t *vm = frm->vlib_main;
938  u64 now;
939  u8 nat_event = QUOTA_EXCEEDED;
940  u32 quota_event = MAX_SESSION_ENTRIES;
941  u16 template_id;
942 
943  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
944  now += silm->milisecond_time_0;
945 
946  b0 = sitd->max_sessions_buffer;
947 
948  if (PREDICT_FALSE (b0 == 0))
949  {
950  if (do_flush)
951  return;
952 
953  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
954  {
955  nat_elog_err ("can't allocate buffer for NAT IPFIX event");
956  return;
957  }
958 
959  b0 = sitd->max_sessions_buffer = vlib_get_buffer (vm, bi0);
961  offset = 0;
962  }
963  else
964  {
965  bi0 = vlib_get_buffer_index (vm, b0);
966  offset = sitd->max_sessions_next_record_offset;
967  }
968 
969  f = sitd->max_sessions_frame;
970  if (PREDICT_FALSE (f == 0))
971  {
972  u32 *to_next;
973  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
974  sitd->max_sessions_frame = f;
975  to_next = vlib_frame_vector_args (f);
976  to_next[0] = bi0;
977  f->n_vectors = 1;
978  }
979 
980  if (PREDICT_FALSE (offset == 0))
981  snat_ipfix_header_create (frm, b0, &offset);
982 
983  if (PREDICT_TRUE (do_flush == 0))
984  {
985  u64 time_stamp = clib_host_to_net_u64 (now);
986  clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
987  offset += sizeof (time_stamp);
988 
989  clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
990  offset += sizeof (nat_event);
991 
992  clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
993  offset += sizeof (quota_event);
994 
995  clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
996  offset += sizeof (limit);
997 
999  }
1000 
1001  if (PREDICT_FALSE
1002  (do_flush || (offset + MAX_SESSIONS_LEN) > frm->path_mtu))
1003  {
1004  template_id = clib_atomic_fetch_or (
1005  &silm->max_sessions_template_id,
1006  0);
1007  snat_ipfix_send (frm, f, b0, template_id);
1008  sitd->max_sessions_frame = 0;
1009  sitd->max_sessions_buffer = 0;
1010  offset = 0;
1011  }
1013 }
1014 
1015 static void
1016 nat_ipfix_logging_max_bib (u32 thread_index, u32 limit, int do_flush)
1017 {
1019  snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1021  vlib_frame_t *f;
1022  vlib_buffer_t *b0 = 0;
1023  u32 bi0 = ~0;
1024  u32 offset;
1025  vlib_main_t *vm = frm->vlib_main;
1026  u64 now;
1027  u8 nat_event = QUOTA_EXCEEDED;
1028  u32 quota_event = MAX_BIB_ENTRIES;
1029  u16 template_id;
1030 
1031  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1032  now += silm->milisecond_time_0;
1033 
1034  b0 = sitd->max_bibs_buffer;
1035 
1036  if (PREDICT_FALSE (b0 == 0))
1037  {
1038  if (do_flush)
1039  return;
1040 
1041  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1042  {
1043  nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1044  return;
1045  }
1046 
1047  b0 = sitd->max_bibs_buffer = vlib_get_buffer (vm, bi0);
1049  offset = 0;
1050  }
1051  else
1052  {
1053  bi0 = vlib_get_buffer_index (vm, b0);
1054  offset = sitd->max_bibs_next_record_offset;
1055  }
1056 
1057  f = sitd->max_bibs_frame;
1058  if (PREDICT_FALSE (f == 0))
1059  {
1060  u32 *to_next;
1061  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1062  sitd->max_bibs_frame = f;
1063  to_next = vlib_frame_vector_args (f);
1064  to_next[0] = bi0;
1065  f->n_vectors = 1;
1066  }
1067 
1068  if (PREDICT_FALSE (offset == 0))
1069  snat_ipfix_header_create (frm, b0, &offset);
1070 
1071  if (PREDICT_TRUE (do_flush == 0))
1072  {
1073  u64 time_stamp = clib_host_to_net_u64 (now);
1074  clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1075  offset += sizeof (time_stamp);
1076 
1077  clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1078  offset += sizeof (nat_event);
1079 
1080  clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
1081  offset += sizeof (quota_event);
1082 
1083  clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
1084  offset += sizeof (limit);
1085 
1087  }
1088 
1089  if (PREDICT_FALSE
1090  (do_flush || (offset + MAX_BIBS_LEN) > frm->path_mtu))
1091  {
1092  template_id = clib_atomic_fetch_or (
1093  &silm->max_bibs_template_id,
1094  0);
1095  snat_ipfix_send (frm, f, b0, template_id);
1096  sitd->max_bibs_frame = 0;
1097  sitd->max_bibs_buffer = 0;
1098  offset = 0;
1099  }
1101 }
1102 
1103 static void
1105  u32 limit, u32 src, int do_flush)
1106 {
1108  snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1110  vlib_frame_t *f;
1111  vlib_buffer_t *b0 = 0;
1112  u32 bi0 = ~0;
1113  u32 offset;
1114  vlib_main_t *vm = frm->vlib_main;
1115  u64 now;
1116  u8 nat_event = QUOTA_EXCEEDED;
1117  u32 quota_event = MAX_FRAGMENTS_PENDING_REASSEMBLY;
1118  u16 template_id;
1119 
1120  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1121  now += silm->milisecond_time_0;
1122 
1123  b0 = sitd->max_frags_ip4_buffer;
1124 
1125  if (PREDICT_FALSE (b0 == 0))
1126  {
1127  if (do_flush)
1128  return;
1129 
1130  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1131  {
1132  nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1133  return;
1134  }
1135 
1136  b0 = sitd->max_frags_ip4_buffer = vlib_get_buffer (vm, bi0);
1138  offset = 0;
1139  }
1140  else
1141  {
1142  bi0 = vlib_get_buffer_index (vm, b0);
1143  offset = sitd->max_frags_ip4_next_record_offset;
1144  }
1145 
1146  f = sitd->max_frags_ip4_frame;
1147  if (PREDICT_FALSE (f == 0))
1148  {
1149  u32 *to_next;
1150  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1151  sitd->max_frags_ip4_frame = f;
1152  to_next = vlib_frame_vector_args (f);
1153  to_next[0] = bi0;
1154  f->n_vectors = 1;
1155  }
1156 
1157  if (PREDICT_FALSE (offset == 0))
1158  snat_ipfix_header_create (frm, b0, &offset);
1159 
1160  if (PREDICT_TRUE (do_flush == 0))
1161  {
1162  u64 time_stamp = clib_host_to_net_u64 (now);
1163  clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1164  offset += sizeof (time_stamp);
1165 
1166  clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1167  offset += sizeof (nat_event);
1168 
1169  clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
1170  offset += sizeof (quota_event);
1171 
1172  clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
1173  offset += sizeof (limit);
1174 
1175  clib_memcpy_fast (b0->data + offset, &src, sizeof (src));
1176  offset += sizeof (src);
1177 
1179  }
1180 
1181  if (PREDICT_FALSE
1182  (do_flush || (offset + MAX_BIBS_LEN) > frm->path_mtu))
1183  {
1184  template_id = clib_atomic_fetch_or (
1186  0);
1187  snat_ipfix_send (frm, f, b0, template_id);
1188  sitd->max_frags_ip4_frame = 0;
1189  sitd->max_frags_ip4_buffer = 0;
1190  offset = 0;
1191  }
1193 }
1194 
1195 static void
1197  u32 limit, ip6_address_t * src, int do_flush)
1198 {
1200  snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1202  vlib_frame_t *f;
1203  vlib_buffer_t *b0 = 0;
1204  u32 bi0 = ~0;
1205  u32 offset;
1206  vlib_main_t *vm = frm->vlib_main;
1207  u64 now;
1208  u8 nat_event = QUOTA_EXCEEDED;
1209  u32 quota_event = MAX_FRAGMENTS_PENDING_REASSEMBLY;
1210  u16 template_id;
1211 
1212  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1213  now += silm->milisecond_time_0;
1214 
1215  b0 = sitd->max_frags_ip6_buffer;
1216 
1217  if (PREDICT_FALSE (b0 == 0))
1218  {
1219  if (do_flush)
1220  return;
1221 
1222  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1223  {
1224  nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1225  return;
1226  }
1227 
1228  b0 = sitd->max_frags_ip6_buffer = vlib_get_buffer (vm, bi0);
1230  offset = 0;
1231  }
1232  else
1233  {
1234  bi0 = vlib_get_buffer_index (vm, b0);
1235  offset = sitd->max_frags_ip6_next_record_offset;
1236  }
1237 
1238  f = sitd->max_frags_ip6_frame;
1239  if (PREDICT_FALSE (f == 0))
1240  {
1241  u32 *to_next;
1242  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1243  sitd->max_frags_ip6_frame = f;
1244  to_next = vlib_frame_vector_args (f);
1245  to_next[0] = bi0;
1246  f->n_vectors = 1;
1247  }
1248 
1249  if (PREDICT_FALSE (offset == 0))
1250  snat_ipfix_header_create (frm, b0, &offset);
1251 
1252  if (PREDICT_TRUE (do_flush == 0))
1253  {
1254  u64 time_stamp = clib_host_to_net_u64 (now);
1255  clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1256  offset += sizeof (time_stamp);
1257 
1258  clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1259  offset += sizeof (nat_event);
1260 
1261  clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
1262  offset += sizeof (quota_event);
1263 
1264  clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
1265  offset += sizeof (limit);
1266 
1267  clib_memcpy_fast (b0->data + offset, src, sizeof (ip6_address_t));
1268  offset += sizeof (ip6_address_t);
1269 
1271  }
1272 
1273  if (PREDICT_FALSE
1274  (do_flush || (offset + MAX_BIBS_LEN) > frm->path_mtu))
1275  {
1276  template_id = clib_atomic_fetch_or (
1278  0);
1279  snat_ipfix_send (frm, f, b0, template_id);
1280  sitd->max_frags_ip6_frame = 0;
1281  sitd->max_frags_ip6_buffer = 0;
1282  offset = 0;
1283  }
1285 }
1286 
1287 static void
1288 nat_ipfix_logging_nat64_bibe (u32 thread_index, u8 nat_event,
1289  ip6_address_t * src_ip, u32 nat_src_ip,
1290  u8 proto, u16 src_port, u16 nat_src_port,
1291  u32 vrf_id, int do_flush)
1292 {
1294  snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1296  vlib_frame_t *f;
1297  vlib_buffer_t *b0 = 0;
1298  u32 bi0 = ~0;
1299  u32 offset;
1300  vlib_main_t *vm = frm->vlib_main;
1301  u64 now;
1302  u16 template_id;
1303 
1304  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1305  now += silm->milisecond_time_0;
1306 
1307  b0 = sitd->nat64_bib_buffer;
1308 
1309  if (PREDICT_FALSE (b0 == 0))
1310  {
1311  if (do_flush)
1312  return;
1313 
1314  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1315  {
1316  nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1317  return;
1318  }
1319 
1320  b0 = sitd->nat64_bib_buffer = vlib_get_buffer (vm, bi0);
1322  offset = 0;
1323  }
1324  else
1325  {
1326  bi0 = vlib_get_buffer_index (vm, b0);
1327  offset = sitd->nat64_bib_next_record_offset;
1328  }
1329 
1330  f = sitd->nat64_bib_frame;
1331  if (PREDICT_FALSE (f == 0))
1332  {
1333  u32 *to_next;
1334  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1335  sitd->nat64_bib_frame = f;
1336  to_next = vlib_frame_vector_args (f);
1337  to_next[0] = bi0;
1338  f->n_vectors = 1;
1339  }
1340 
1341  if (PREDICT_FALSE (offset == 0))
1342  snat_ipfix_header_create (frm, b0, &offset);
1343 
1344  if (PREDICT_TRUE (do_flush == 0))
1345  {
1346  u64 time_stamp = clib_host_to_net_u64 (now);
1347  clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1348  offset += sizeof (time_stamp);
1349 
1350  clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1351  offset += sizeof (nat_event);
1352 
1353  clib_memcpy_fast (b0->data + offset, src_ip, sizeof (ip6_address_t));
1354  offset += sizeof (ip6_address_t);
1355 
1356  clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
1357  offset += sizeof (nat_src_ip);
1358 
1359  clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
1360  offset += sizeof (proto);
1361 
1362  clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
1363  offset += sizeof (src_port);
1364 
1365  clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
1366  offset += sizeof (nat_src_port);
1367 
1368  clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
1369  offset += sizeof (vrf_id);
1370 
1372  }
1373 
1374  if (PREDICT_FALSE
1375  (do_flush || (offset + NAT64_BIB_LEN) > frm->path_mtu))
1376  {
1377  template_id = clib_atomic_fetch_or (
1378  &silm->nat64_bib_template_id,
1379  0);
1380  snat_ipfix_send (frm, f, b0, template_id);
1381  sitd->nat64_bib_frame = 0;
1382  sitd->nat64_bib_buffer = 0;
1383  offset = 0;
1384  }
1386 }
1387 
1388 static void
1389 nat_ipfix_logging_nat64_ses (u32 thread_index, u8 nat_event,
1390  ip6_address_t * src_ip, u32 nat_src_ip,
1391  u8 proto, u16 src_port, u16 nat_src_port,
1392  ip6_address_t * dst_ip, u32 nat_dst_ip,
1393  u16 dst_port, u16 nat_dst_port,
1394  u32 vrf_id, int do_flush)
1395 {
1397  snat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index];
1399  vlib_frame_t *f;
1400  vlib_buffer_t *b0 = 0;
1401  u32 bi0 = ~0;
1402  u32 offset;
1403  vlib_main_t *vm = frm->vlib_main;
1404  u64 now;
1405  u16 template_id;
1406 
1407  now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
1408  now += silm->milisecond_time_0;
1409 
1410  b0 = sitd->nat64_ses_buffer;
1411 
1412  if (PREDICT_FALSE (b0 == 0))
1413  {
1414  if (do_flush)
1415  return;
1416 
1417  if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
1418  {
1419  nat_elog_err ("can't allocate buffer for NAT IPFIX event");
1420  return;
1421  }
1422 
1423  b0 = sitd->nat64_ses_buffer = vlib_get_buffer (vm, bi0);
1425  offset = 0;
1426  }
1427  else
1428  {
1429  bi0 = vlib_get_buffer_index (vm, b0);
1430  offset = sitd->nat64_ses_next_record_offset;
1431  }
1432 
1433  f = sitd->nat64_ses_frame;
1434  if (PREDICT_FALSE (f == 0))
1435  {
1436  u32 *to_next;
1437  f = vlib_get_frame_to_node (vm, ip4_lookup_node.index);
1438  sitd->nat64_ses_frame = f;
1439  to_next = vlib_frame_vector_args (f);
1440  to_next[0] = bi0;
1441  f->n_vectors = 1;
1442  }
1443 
1444  if (PREDICT_FALSE (offset == 0))
1445  snat_ipfix_header_create (frm, b0, &offset);
1446 
1447  if (PREDICT_TRUE (do_flush == 0))
1448  {
1449  u64 time_stamp = clib_host_to_net_u64 (now);
1450  clib_memcpy_fast (b0->data + offset, &time_stamp, sizeof (time_stamp));
1451  offset += sizeof (time_stamp);
1452 
1453  clib_memcpy_fast (b0->data + offset, &nat_event, sizeof (nat_event));
1454  offset += sizeof (nat_event);
1455 
1456  clib_memcpy_fast (b0->data + offset, src_ip, sizeof (ip6_address_t));
1457  offset += sizeof (ip6_address_t);
1458 
1459  clib_memcpy_fast (b0->data + offset, &nat_src_ip, sizeof (nat_src_ip));
1460  offset += sizeof (nat_src_ip);
1461 
1462  clib_memcpy_fast (b0->data + offset, &proto, sizeof (proto));
1463  offset += sizeof (proto);
1464 
1465  clib_memcpy_fast (b0->data + offset, &src_port, sizeof (src_port));
1466  offset += sizeof (src_port);
1467 
1468  clib_memcpy_fast (b0->data + offset, &nat_src_port, sizeof (nat_src_port));
1469  offset += sizeof (nat_src_port);
1470 
1471  clib_memcpy_fast (b0->data + offset, dst_ip, sizeof (ip6_address_t));
1472  offset += sizeof (ip6_address_t);
1473 
1474  clib_memcpy_fast (b0->data + offset, &nat_dst_ip, sizeof (nat_dst_ip));
1475  offset += sizeof (nat_dst_ip);
1476 
1477  clib_memcpy_fast (b0->data + offset, &dst_port, sizeof (dst_port));
1478  offset += sizeof (dst_port);
1479 
1480  clib_memcpy_fast (b0->data + offset, &nat_dst_port, sizeof (nat_dst_port));
1481  offset += sizeof (nat_dst_port);
1482 
1483  clib_memcpy_fast (b0->data + offset, &vrf_id, sizeof (vrf_id));
1484  offset += sizeof (vrf_id);
1485 
1487  }
1488 
1489  if (PREDICT_FALSE
1490  (do_flush || (offset + NAT64_SES_LEN) > frm->path_mtu))
1491  {
1492  template_id = clib_atomic_fetch_or (
1493  &silm->nat64_ses_template_id,
1494  0);
1495  snat_ipfix_send (frm, f, b0, template_id);
1496  sitd->nat64_ses_frame = 0;
1497  sitd->nat64_ses_buffer = 0;
1498  offset = 0;
1499  }
1501 }
1502 
1503 void
1504 snat_ipfix_flush (u32 thread_index)
1505 {
1506  int do_flush = 1;
1507 
1508  snat_ipfix_logging_nat44_ses (thread_index,
1509  0, 0, 0, 0, 0, 0, 0, do_flush);
1510  snat_ipfix_logging_addr_exhausted (thread_index, 0, do_flush);
1511  snat_ipfix_logging_max_entries_per_usr (thread_index, 0, 0, do_flush);
1512  nat_ipfix_logging_max_ses (thread_index, 0, do_flush);
1513  nat_ipfix_logging_max_bib (thread_index, 0, do_flush);
1514  nat_ipfix_logging_max_frag_ip4 (thread_index, 0, 0, do_flush);
1515  nat_ipfix_logging_max_frag_ip6 (thread_index, 0, 0, do_flush);
1516  nat_ipfix_logging_nat64_bibe (thread_index,
1517  0, 0, 0, 0, 0, 0, 0, do_flush);
1518  nat_ipfix_logging_nat64_ses (thread_index,
1519  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, do_flush);
1520 }
1521 
1522 void
1524 {
1526  vlib_main_t *worker_vm;
1527  int i;
1528 
1529  if (PREDICT_TRUE (!clib_atomic_fetch_or(&silm->enabled, 0)))
1530  return;
1531 
1532  if (PREDICT_FALSE (!silm->worker_vms))
1533  {
1534  for (i = 1; i < vec_len (vlib_mains); i++)
1535  {
1536  worker_vm = vlib_mains[i];
1537  if (worker_vm)
1538  vec_add1 (silm->worker_vms, worker_vm);
1539  }
1540  }
1541 
1542  /* Trigger flush for each worker thread */
1543  for (i = 0; i < vec_len (silm->worker_vms); i++)
1544  {
1545  worker_vm = silm->worker_vms[i];
1546  if (worker_vm)
1548  snat_ipfix_flush_node.index);
1549  }
1550 
1551  /* Finally flush main thread */
1552  snat_ipfix_flush (0);
1553 }
1554 
1555 /**
1556  * @brief Generate NAT44 session create event
1557  *
1558  * @param thread_index thread index
1559  * @param src_ip source IPv4 address
1560  * @param nat_src_ip transaltes source IPv4 address
1561  * @param snat_proto NAT transport protocol
1562  * @param src_port source port
1563  * @param nat_src_port translated source port
1564  * @param vrf_id VRF ID
1565  */
1566 void
1568  u32 src_ip,
1569  u32 nat_src_ip,
1570  snat_protocol_t snat_proto,
1571  u16 src_port,
1572  u16 nat_src_port, u32 vrf_id)
1573 {
1574  skip_if_disabled ();
1575 
1576  snat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_CREATE, src_ip,
1577  nat_src_ip, snat_proto, src_port, nat_src_port,
1578  vrf_id, 0);
1579 }
1580 
1581 /**
1582  * @brief Generate NAT44 session delete event
1583  *
1584  * @param thread_index thread index
1585  * @param src_ip source IPv4 address
1586  * @param nat_src_ip transaltes source IPv4 address
1587  * @param snat_proto NAT transport protocol
1588  * @param src_port source port
1589  * @param nat_src_port translated source port
1590  * @param vrf_id VRF ID
1591  */
1592 void
1594  u32 src_ip,
1595  u32 nat_src_ip,
1596  snat_protocol_t snat_proto,
1597  u16 src_port,
1598  u16 nat_src_port, u32 vrf_id)
1599 {
1600  skip_if_disabled ();
1601 
1602  snat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_DELETE, src_ip,
1603  nat_src_ip, snat_proto, src_port, nat_src_port,
1604  vrf_id, 0);
1605 }
1606 
1607 /**
1608  * @brief Generate NAT addresses exhausted event
1609  *
1610  * @param thread_index thread index
1611  * @param pool_id NAT pool ID
1612  */
1613 void
1615 {
1616  //TODO: This event SHOULD be rate limited
1617  skip_if_disabled ();
1618 
1619  snat_ipfix_logging_addr_exhausted (thread_index, pool_id, 0);
1620 }
1621 
1622 /**
1623  * @brief Generate maximum entries per user exceeded event
1624  *
1625  * @param thread_index thread index
1626  * @param limit maximum NAT entries that can be created per user
1627  * @param src_ip source IPv4 address
1628  */
1629 void
1631 {
1632  //TODO: This event SHOULD be rate limited
1633  skip_if_disabled ();
1634 
1635  snat_ipfix_logging_max_entries_per_usr (thread_index, limit, src_ip, 0);
1636 }
1637 
1638 vlib_frame_t *
1641  flow_report_t * fr,
1642  vlib_frame_t * f,
1643  u32 * to_next, u32 node_index)
1644 {
1646 
1647  return f;
1648 }
1649 
1650 /**
1651  * @brief Generate maximum session entries exceeded event
1652  *
1653  * @param thread_index thread index
1654  * @param limit configured limit
1655  */
1656 void
1658 {
1659  //TODO: This event SHOULD be rate limited
1660  skip_if_disabled ();
1661 
1662  nat_ipfix_logging_max_ses (thread_index, limit, 0);
1663 }
1664 
1665 /**
1666  * @brief Generate maximum BIB entries exceeded event
1667  *
1668  * @param thread_index thread index
1669  * @param limit configured limit
1670  */
1671 void
1672 nat_ipfix_logging_max_bibs (u32 thread_index, u32 limit)
1673 {
1674  //TODO: This event SHOULD be rate limited
1675  skip_if_disabled ();
1676 
1677  nat_ipfix_logging_max_bib (thread_index, limit, 0);
1678 }
1679 
1680 /**
1681  * @brief Generate maximum IPv4 fragments pending reassembly exceeded event
1682  *
1683  * @param thread_index thread index
1684  * @param limit configured limit
1685  * @param src source IPv4 address
1686  */
1687 void
1689  u32 limit, ip4_address_t * src)
1690 {
1691  //TODO: This event SHOULD be rate limited
1692  skip_if_disabled ();
1693 
1694  nat_ipfix_logging_max_frag_ip4 (thread_index, limit, src->as_u32, 0);
1695 }
1696 
1697 /**
1698  * @brief Generate maximum IPv6 fragments pending reassembly exceeded event
1699  *
1700  * @param thread_index thread index
1701  * @param limit configured limit
1702  * @param src source IPv6 address
1703  */
1704 void
1706  u32 limit, ip6_address_t * src)
1707 {
1708  //TODO: This event SHOULD be rate limited
1709  skip_if_disabled ();
1710 
1711  nat_ipfix_logging_max_frag_ip6 (thread_index, limit, src, 0);
1712 }
1713 
1714 /**
1715  * @brief Generate NAT64 BIB create and delete events
1716  *
1717  * @param thread_index thread index
1718  * @param src_ip source IPv6 address
1719  * @param nat_src_ip transaltes source IPv4 address
1720  * @param proto L4 protocol
1721  * @param src_port source port
1722  * @param nat_src_port translated source port
1723  * @param vrf_id VRF ID
1724  * @param is_create non-zero value if create event otherwise delete event
1725  */
1726 void
1728  ip4_address_t * nat_src_ip, u8 proto,
1729  u16 src_port, u16 nat_src_port, u32 vrf_id,
1730  u8 is_create)
1731 {
1732  u8 nat_event;
1733 
1734  skip_if_disabled ();
1735 
1736  nat_event = is_create ? NAT64_BIB_CREATE : NAT64_BIB_DELETE;
1737 
1738  nat_ipfix_logging_nat64_bibe (thread_index, nat_event, src_ip,
1739  nat_src_ip->as_u32, proto, src_port,
1740  nat_src_port, vrf_id, 0);
1741 }
1742 
1743 /**
1744  * @brief Generate NAT64 session create and delete events
1745  *
1746  * @param thread_index thread index
1747  * @param src_ip source IPv6 address
1748  * @param nat_src_ip transaltes source IPv4 address
1749  * @param proto L4 protocol
1750  * @param src_port source port
1751  * @param nat_src_port translated source port
1752  * @param dst_ip destination IPv6 address
1753  * @param nat_dst_ip destination IPv4 address
1754  * @param dst_port destination port
1755  * @param nat_dst_port translated destination port
1756  * @param vrf_id VRF ID
1757  * @param is_create non-zero value if create event otherwise delete event
1758  */
1759 void
1762  ip4_address_t * nat_src_ip, u8 proto,
1763  u16 src_port, u16 nat_src_port,
1765  ip4_address_t * nat_dst_ip, u16 dst_port,
1766  u16 nat_dst_port, u32 vrf_id, u8 is_create)
1767 {
1768  u8 nat_event;
1769 
1770  skip_if_disabled ();
1771 
1772  nat_event = is_create ? NAT64_SESSION_CREATE : NAT64_SESSION_DELETE;
1773 
1774  nat_ipfix_logging_nat64_ses (thread_index, nat_event, src_ip,
1775  nat_src_ip->as_u32, proto, src_port,
1776  nat_src_port, dst_ip, nat_dst_ip->as_u32,
1777  dst_port, nat_dst_port, vrf_id, 0);
1778 }
1779 
1780 vlib_frame_t *
1782  vlib_frame_t * f, u32 * to_next, u32 node_index)
1783 {
1785 
1786  if (PREDICT_FALSE (++silm->call_counter >= vec_len (frm->reports)))
1787  {
1789  silm->call_counter = 0;
1790  }
1791 
1792  return f;
1793 }
1794 
1795 /**
1796  * @brief Enable/disable NAT plugin IPFIX logging
1797  *
1798  * @param enable 1 if enable, 0 if disable
1799  * @param domain_id observation domain ID
1800  * @param src_port source port number
1801  *
1802  * @returns 0 if success
1803  */
1804 int
1806 {
1807  snat_main_t *sm = &snat_main;
1811  int rv;
1812  u8 e = enable ? 1 : 0;
1813 
1814  if (clib_atomic_cmp_and_swap (&silm->enabled, e ^ 1, e) == e)
1815  return 0;
1816 
1817  clib_memset (&a, 0, sizeof (a));
1818  a.is_add = enable;
1819  a.domain_id = domain_id ? domain_id : 1;
1820  a.src_port = src_port ? src_port : UDP_DST_PORT_ipfix;
1822 
1823  if (sm->deterministic)
1824  {
1826 
1827  rv = vnet_flow_report_add_del (frm, &a, NULL);
1828  if (rv)
1829  {
1830  nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1831  return -1;
1832  }
1833  }
1834  else
1835  {
1837 
1838  rv = vnet_flow_report_add_del (frm, &a, NULL);
1839  if (rv)
1840  {
1841  nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1842  return -1;
1843  }
1844 
1846 
1847  rv = vnet_flow_report_add_del (frm, &a, NULL);
1848  if (rv)
1849  {
1850  nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1851  return -1;
1852  }
1853 
1855 
1856  rv = vnet_flow_report_add_del (frm, &a, NULL);
1857  if (rv)
1858  {
1859  nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1860  return -1;
1861  }
1862 
1864 
1865  rv = vnet_flow_report_add_del (frm, &a, NULL);
1866  if (rv)
1867  {
1868  nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1869  return -1;
1870  }
1871 
1873 
1874  rv = vnet_flow_report_add_del (frm, &a, NULL);
1875  if (rv)
1876  {
1877  nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1878  return -1;
1879  }
1880 
1882 
1883  rv = vnet_flow_report_add_del (frm, &a, NULL);
1884  if (rv)
1885  {
1886  nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1887  return -1;
1888  }
1889 
1891 
1892  rv = vnet_flow_report_add_del (frm, &a, NULL);
1893  if (rv)
1894  {
1895  nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1896  return -1;
1897  }
1898 
1900 
1901  rv = vnet_flow_report_add_del (frm, &a, NULL);
1902  if (rv)
1903  {
1904  nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1905  return -1;
1906  }
1907 
1908  if (sm->endpoint_dependent)
1909  {
1911 
1912  rv = vnet_flow_report_add_del (frm, &a, NULL);
1913  if (rv)
1914  {
1915  nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
1916  return -1;
1917  }
1918  }
1919  }
1920 
1921  return 0;
1922 }
1923 
1924 /**
1925  * @brief Initialize NAT plugin IPFIX logging
1926  *
1927  * @param vm vlib main
1928  */
1929 void
1931 {
1934 
1935  silm->enabled = 0;
1936  silm->worker_vms = 0;
1937  silm->call_counter = 0;
1938 
1939  /* Set up time reference pair */
1940  silm->vlib_time_0 = vlib_time_now (vm);
1941  silm->milisecond_time_0 = unix_time_now_nsec () * 1e-6;
1942 
1943  vec_validate (silm->per_thread_data, tm->n_vlib_mains - 1);
1944 }
1945 
1946 static uword
1948  vlib_node_runtime_t *rt,
1949  vlib_frame_t *f)
1950 {
1952  return 0;
1953 }
1954 
1955 /* *INDENT-OFF* */
1956 VLIB_REGISTER_NODE (snat_ipfix_flush_node) = {
1957  .function = ipfix_flush_process,
1958  .name = "snat-ipfix-flush",
1959  .type = VLIB_NODE_TYPE_INPUT,
1960  .state = VLIB_NODE_STATE_INTERRUPT,
1961 };
1962 /* *INDENT-ON* */
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:439
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index, VLIB_BUFFER_IS_TRACED: trace this buffer.
Definition: buffer.h:124
void snat_ipfix_logging_max_entries_per_user(u32 thread_index, u32 limit, u32 src_ip)
Generate maximum entries per user exceeded event.
u8 * snat_template_rewrite_addr_exhausted(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts, u32 n_elts, u32 *stream_index)
a
Definition: bitmap.h:538
#define MAX_FRAGMENTS_IP6_LEN
ip4_address_t src_address
Definition: ip4_packet.h:170
u8 * nat_template_rewrite_max_sessions(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts, u32 n_elts, u32 *stream_index)
void snat_ipfix_flush_from_main(void)
#define PREDICT_TRUE(x)
Definition: clib.h:113
i16 current_data
signed offset in data[], pre_data[] that we are currently processing.
Definition: buffer.h:110
unsigned long u64
Definition: types.h:89
vlib_buffer_t * max_frags_ip4_buffer
static void vlib_node_set_interrupt_pending(vlib_main_t *vm, u32 node_index)
Definition: node_funcs.h:197
#define clib_memcpy_fast(a, b, c)
Definition: string.h:81
static u32 ipfix_e_id_length(int e, u16 id, u16 length)
Definition: ipfix_packet.h:77
vlib_buffer_t * addr_exhausted_buffer
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
static f64 vlib_time_now(vlib_main_t *vm)
Definition: main.h:279
#define NAT44_SESSION_CREATE_FIELD_COUNT
u32 stream_index
Definition: flow_report.h:91
int vnet_flow_report_add_del(flow_report_main_t *frm, vnet_flow_report_add_del_args_t *a, u16 *template_id)
Definition: flow_report.c:334
u32 thread_index
Definition: main.h:218
u8 * nat_template_rewrite_max_bibs(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts, u32 n_elts, u32 *stream_index)
u16 current_length
Nbytes between current data and the end of this buffer.
Definition: buffer.h:113
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:522
vl_api_address_t src
Definition: gre.api:51
int i
static uword ipfix_flush_process(vlib_main_t *vm, vlib_node_runtime_t *rt, vlib_frame_t *f)
ip4_address_t src_address
Definition: flow_report.h:119
static void nat_ipfix_logging_nat64_bibe(u32 thread_index, u8 nat_event, ip6_address_t *src_ip, u32 nat_src_ip, u8 proto, u16 src_port, u16 nat_src_port, u32 vrf_id, int do_flush)
u16 flags_and_fragment_offset
Definition: ip4_packet.h:151
u8 enabled
NAT plugin IPFIX logging enabled.
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
Definition: vec.h:450
#define MAX_SESSIONS_FIELD_COUNT
vlib_main_t ** vlib_mains
Definition: buffer.c:332
snat_ipfix_per_thread_data_t * per_thread_data
unsigned char u8
Definition: types.h:56
u8 deterministic
Definition: nat.h:661
ip4_address_t ipfix_collector
Definition: flow_report.h:117
double f64
Definition: types.h:142
vlib_node_registration_t ip4_lookup_node
(constructor) VLIB_REGISTER_NODE (ip4_lookup_node)
Definition: ip4_forward.c:101
#define NAT64_SES_LEN
u8 * snat_template_rewrite_nat44_session(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts, u32 n_elts, u32 *stream_index)
u16 src_port
Definition: udp.api:41
flow_report_stream_t * streams
Definition: flow_report.h:114
static void nat_ipfix_logging_max_frag_ip4(u32 thread_index, u32 limit, u32 src, int do_flush)
#define update_template_id(old_id, new_id)
vlib_frame_t * deterministic_nat_data_callback(flow_report_main_t *frm, flow_report_t *fr, vlib_frame_t *f, u32 *to_next, u32 node_index)
void nat_ipfix_logging_max_bibs(u32 thread_index, u32 limit)
Generate maximum BIB entries exceeded event.
ip4_address_t dst_address
Definition: ip4_packet.h:170
vnet_flow_rewrite_callback_t * rewrite_callback
Definition: flow_report.h:149
snat_ipfix_logging_main_t snat_ipfix_logging_main
vlib_frame_t * vlib_get_frame_to_node(vlib_main_t *vm, u32 to_node_index)
Definition: main.c:185
#define clib_atomic_fetch_or(a, b)
Definition: atomics.h:27
void snat_ipfix_logging_init(vlib_main_t *vm)
Initialize NAT plugin IPFIX logging.
int snat_ipfix_logging_enable_disable(int enable, u32 domain_id, u16 src_port)
Enable/disable NAT plugin IPFIX logging.
#define NAT44_SESSION_CREATE_LEN
void snat_ipfix_logging_addresses_exhausted(u32 thread_index, u32 pool_id)
Generate NAT addresses exhausted event.
unsigned int u32
Definition: types.h:88
void nat_ipfix_logging_max_fragments_ip4(u32 thread_index, u32 limit, ip4_address_t *src)
Generate maximum IPv4 fragments pending reassembly exceeded event.
u8 * snat_template_rewrite_max_entries_per_usr(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts, u32 n_elts, u32 *stream_index)
static u8 * snat_template_rewrite(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, nat_event_t event, quota_exceed_event_t quota_event)
Create an IPFIX template packet rewrite string.
static void snat_ipfix_send(flow_report_main_t *frm, vlib_frame_t *f, vlib_buffer_t *b0, u16 template_id)
void nat_ipfix_logging_max_sessions(u32 thread_index, u32 limit)
Generate maximum session entries exceeded event.
#define MAX_FRAGMENTS_FIELD_COUNT
static u32 vlib_get_buffer_index(vlib_main_t *vm, void *p)
Translate buffer pointer into buffer index.
Definition: buffer_funcs.h:257
flow_report_t * reports
Definition: flow_report.h:113
void snat_ipfix_flush(u32 thread_index)
static void nat_ipfix_logging_max_bib(u32 thread_index, u32 limit, int do_flush)
#define nat_elog_warn_X1(nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1)
Definition: nat.h:1030
flow_report_main_t flow_report_main
Definition: flow_report.c:21
quota_exceed_event_t
vlib_main_t ** worker_vms
vector of worker vlib mains
vlib_frame_t * data_callback(flow_report_main_t *frm, flow_report_t *fr, vlib_frame_t *f, u32 *to_next, u32 node_index)
#define NAT_ADDRESSES_EXHAUTED_LEN
unsigned short u16
Definition: types.h:57
void vlib_put_frame_to_node(vlib_main_t *vm, u32 to_node_index, vlib_frame_t *f)
Definition: main.c:194
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:229
#define PREDICT_FALSE(x)
Definition: clib.h:112
static void snat_ipfix_logging_nat44_ses(u32 thread_index, u8 nat_event, u32 src_ip, u32 nat_src_ip, snat_protocol_t snat_proto, u16 src_port, u16 nat_src_port, u32 vrf_id, int do_flush)
vlib_frame_t * max_entries_per_user_frame
void nat_ipfix_logging_max_fragments_ip6(u32 thread_index, u32 limit, ip6_address_t *src)
Generate maximum IPv6 fragments pending reassembly exceeded event.
vl_api_address_union_t src_address
Definition: ip_types.api:97
void nat_ipfix_logging_nat64_bib(u32 thread_index, ip6_address_t *src_ip, ip4_address_t *nat_src_ip, u8 proto, u16 src_port, u16 nat_src_port, u32 vrf_id, u8 is_create)
Generate NAT64 BIB create and delete events.
static u32 version_length(u16 length)
Definition: ipfix_packet.h:33
u16 call_counter
nat data callbacks call counter
#define MAX_BIBS_LEN
u64 milisecond_time_0
Time reference pair.
vlib_node_registration_t snat_ipfix_flush_node
(constructor) VLIB_REGISTER_NODE (snat_ipfix_flush_node)
snat_main_t snat_main
Definition: nat.c:39
static void nat_ipfix_logging_nat64_ses(u32 thread_index, u8 nat_event, ip6_address_t *src_ip, u32 nat_src_ip, u8 proto, u16 src_port, u16 nat_src_port, ip6_address_t *dst_ip, u32 nat_dst_ip, u16 dst_port, u16 nat_dst_port, u32 vrf_id, int do_flush)
void snat_ipfix_logging_nat44_ses_delete(u32 thread_index, u32 src_ip, u32 nat_src_ip, snat_protocol_t snat_proto, u16 src_port, u16 nat_src_port, u32 vrf_id)
Generate NAT44 session delete event.
static void snat_ipfix_logging_addr_exhausted(u32 thread_index, u32 pool_id, int do_flush)
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:169
static u8 snat_proto_to_ip_proto(snat_protocol_t snat_proto)
Definition: nat_inlines.h:162
u16 n_vectors
Definition: node.h:397
vlib_main_t * vm
Definition: buffer.c:323
vlib_buffer_t * max_entries_per_user_buffer
static u32 ipfix_id_count(u16 id, u16 count)
Definition: ipfix_packet.h:184
u8 data[]
Packet data.
Definition: buffer.h:181
static void nat_ipfix_logging_max_ses(u32 thread_index, u32 limit, int do_flush)
static u64 unix_time_now_nsec(void)
Definition: time.h:270
void nat_ipfix_logging_nat64_session(u32 thread_index, ip6_address_t *src_ip, ip4_address_t *nat_src_ip, u8 proto, u16 src_port, u16 nat_src_port, ip6_address_t *dst_ip, ip4_address_t *nat_dst_ip, u16 dst_port, u16 nat_dst_port, u32 vrf_id, u8 is_create)
Generate NAT64 session create and delete events.
u16 nat44_session_template_id
template IDs
u8 * nat_template_rewrite_nat64_session(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts, u32 n_elts, u32 *stream_index)
#define clib_atomic_cmp_and_swap(addr, old, new)
Definition: atomics.h:37
#define MAX_BIBS_FIELD_COUNT
#define ASSERT(truth)
vlib_main_t * vlib_main
Definition: flow_report.h:136
u16 ip4_tcp_udp_compute_checksum(vlib_main_t *vm, vlib_buffer_t *p0, ip4_header_t *ip0)
Definition: ip4_forward.c:1299
#define MAX_FRAGMENTS_IP4_LEN
vlib_frame_t * nat44_session_frame
frames containing ipfix buffers
u16 template_id
Definition: flow_report.h:90
u8 * nat_template_rewrite_nat64_bib(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts, u32 n_elts, u32 *stream_index)
static void nat_ipfix_logging_max_frag_ip6(u32 thread_index, u32 limit, ip6_address_t *src, int do_flush)
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
#define clib_atomic_fetch_add(a, b)
Definition: atomics.h:23
vlib_buffer_t * nat44_session_buffer
ipfix buffers under construction
vl_api_address_t src_ip
Definition: udp.api:43
struct _vlib_node_registration vlib_node_registration_t
template key/value backing page structure
Definition: bihash_doc.h:44
static u32 ipfix_set_id_length(u16 set_id, u16 length)
Definition: ipfix_packet.h:121
u8 * nat_template_rewrite_max_frags_ip4(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts, u32 n_elts, u32 *stream_index)
Definition: defs.h:47
nat_event_t
#define nat_elog_err(nat_elog_str)
Definition: nat.h:1021
vl_api_address_t ip
Definition: l2.api:489
#define MAX_ENTRIES_PER_USER_LEN
#define MAX_ENTRIES_PER_USER_FIELD_COUNT
u32 nat44_session_next_record_offset
next record offset
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
static void snat_ipfix_logging_max_entries_per_usr(u32 thread_index, u32 limit, u32 src_ip, int do_flush)
#define VLIB_BUFFER_TRACE_TRAJECTORY_INIT(b)
Definition: buffer.h:489
VLIB buffer representation.
Definition: buffer.h:102
#define skip_if_disabled()
u64 uword
Definition: types.h:112
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:244
snat_protocol_t
Definition: nat.h:191
vnet_flow_data_callback_t * flow_data_callback
Definition: flow_report.h:148
struct clib_bihash_value offset
template key/value backing page structure
vl_api_address_t dst_ip
Definition: udp.api:44
#define NAT_ADDRESSES_EXHAUTED_FIELD_COUNT
#define vnet_buffer(b)
Definition: buffer.h:365
#define NAT64_SES_FIELD_COUNT
static vlib_thread_main_t * vlib_get_thread_main()
Definition: global_funcs.h:32
#define NAT64_BIB_LEN
static void snat_ipfix_header_create(flow_report_main_t *frm, vlib_buffer_t *b0, u32 *offset)
vlib_buffer_t * max_frags_ip6_buffer
#define MAX_SESSIONS_LEN
u8 endpoint_dependent
Definition: nat.h:663
u16 dst_port
Definition: udp.api:42
u8 ip_version_and_header_length
Definition: ip4_packet.h:138
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
u8 * nat_template_rewrite_max_frags_ip6(flow_report_main_t *frm, flow_report_t *fr, ip4_address_t *collector_address, ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts, u32 n_elts, u32 *stream_index)
static u32 vlib_buffer_alloc(vlib_main_t *vm, u32 *buffers, u32 n_buffers)
Allocate buffers into supplied array.
Definition: buffer_funcs.h:612
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:85
static u16 ip4_header_checksum(ip4_header_t *i)
Definition: ip4_packet.h:247
Definition: defs.h:46
vl_api_fib_path_nh_proto_t proto
Definition: fib_types.api:125
#define NAT64_BIB_FIELD_COUNT
void snat_ipfix_logging_nat44_ses_create(u32 thread_index, u32 src_ip, u32 nat_src_ip, snat_protocol_t snat_proto, u16 src_port, u16 nat_src_port, u32 vrf_id)
Generate NAT44 session create event.