git: 85b71dcfc999 - main - pflow: allow observation domain to be configured

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Tue, 16 Jan 2024 08:52:00 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=85b71dcfc99952c0b8d78be93a0104873e8f81f7

commit 85b71dcfc99952c0b8d78be93a0104873e8f81f7
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-12-08 10:00:30 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-01-16 08:45:54 +0000

    pflow: allow observation domain to be configured
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D43113
---
 sbin/pflowctl/pflowctl.8      |  2 ++
 sbin/pflowctl/pflowctl.c      | 15 ++++++++++++++-
 sys/net/pflow.h               |  3 +++
 sys/netpfil/pf/pflow.c        | 14 +++++++++++---
 tests/sys/netpfil/pf/pflow.sh |  6 ++++++
 5 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/sbin/pflowctl/pflowctl.8 b/sbin/pflowctl/pflowctl.8
index e2e19b7ddfa0..5140d5febb84 100644
--- a/sbin/pflowctl/pflowctl.8
+++ b/sbin/pflowctl/pflowctl.8
@@ -68,6 +68,8 @@ set the source IP address (and optionally port).
 set the destination IP address (and optionally port).
 .It Cm proto
 set the protocol version.
+.It Cm domain
+set the observation domain.
 Valid values are 5 and 10.
 .El
 .Pp
diff --git a/sbin/pflowctl/pflowctl.c b/sbin/pflowctl/pflowctl.c
index 046919867ff2..7be85d8b6ad4 100644
--- a/sbin/pflowctl/pflowctl.c
+++ b/sbin/pflowctl/pflowctl.c
@@ -252,6 +252,7 @@ struct pflowctl_get {
 	int version;
 	struct pflowctl_sockaddr src;
 	struct pflowctl_sockaddr dst;
+	uint32_t obs_dom;
 };
 #define	_IN(_field)	offsetof(struct genlmsghdr, _field)
 #define	_OUT(_field)	offsetof(struct pflowctl_get, _field)
@@ -260,6 +261,7 @@ static struct snl_attr_parser ap_get[] = {
 	{ .type = PFLOWNL_GET_VERSION, .off = _OUT(version), .cb = snl_attr_get_int16 },
 	{ .type = PFLOWNL_GET_SRC, .off = _OUT(src), .arg = &sockaddr_parser, .cb = snl_attr_get_nested },
 	{ .type = PFLOWNL_GET_DST, .off = _OUT(dst), .arg = &sockaddr_parser, .cb = snl_attr_get_nested },
+	{ .type = PFLOWNL_GET_OBSERVATION_DOMAIN, .off = _OUT(obs_dom), .cb = snl_attr_get_uint32 },
 };
 static struct snl_field_parser fp_get[] = {};
 #undef _IN
@@ -338,7 +340,7 @@ get(int id)
 		if (! snl_parse_nlmsg(&ss, hdr, &get_parser, &g))
 			continue;
 
-		printf("pflow%d: version %d", g.id, g.version);
+		printf("pflow%d: version %d domain %d", g.id, g.version, g.obs_dom);
 		print_sockaddr(" src ", &g.src.storage);
 		print_sockaddr(" dst ", &g.dst.storage);
 		printf("\n");
@@ -355,6 +357,7 @@ struct pflowctl_set {
 	uint16_t version;
 	struct sockaddr_storage src;
 	struct sockaddr_storage dst;
+	uint32_t obs_dom;
 };
 static inline bool
 snl_add_msg_attr_sockaddr(struct snl_writer *nw, int attrtype, struct sockaddr_storage *s)
@@ -408,6 +411,8 @@ do_set(struct pflowctl_set *s)
 		snl_add_msg_attr_sockaddr(&nw, PFLOWNL_SET_SRC, &s->src);
 	if (s->dst.ss_len != 0)
 		snl_add_msg_attr_sockaddr(&nw, PFLOWNL_SET_DST, &s->dst);
+	if (s->obs_dom != 0)
+		snl_add_msg_attr_u32(&nw, PFLOWNL_SET_OBSERVATION_DOMAIN, s->obs_dom);
 
 	hdr = snl_finalize_msg(&nw);
 	if (hdr == NULL)
@@ -505,6 +510,14 @@ set(char *idstr, int argc, char *argv[])
 
 			s.version = strtol(argv[1], NULL, 10);
 
+			argc -= 2;
+			argv += 2;
+		} else if (strcmp(argv[0], "domain") == 0) {
+			if (argc < 2)
+				usage();
+
+			s.obs_dom = strtol(argv[1], NULL, 10);
+
 			argc -= 2;
 			argv += 2;
 		} else {
diff --git a/sys/net/pflow.h b/sys/net/pflow.h
index 2b7dfe24b5fc..4a63f7640629 100644
--- a/sys/net/pflow.h
+++ b/sys/net/pflow.h
@@ -216,6 +216,7 @@ struct pflow_softc {
 	struct sockaddr		*sc_flowdst;
 	struct pflow_ipfix_tmpl	 sc_tmpl_ipfix;
 	u_int8_t		 sc_version;
+	u_int32_t		 sc_observation_dom;
 	struct mbuf		*sc_mbuf;	/* current cumulative mbuf */
 	struct mbuf		*sc_mbuf6;	/* current cumulative mbuf */
 	CK_LIST_ENTRY(pflow_softc) sc_next;
@@ -315,6 +316,7 @@ enum pflow_get_type_t {
 	PFLOWNL_GET_VERSION	= 2, /* u16 */
 	PFLOWNL_GET_SRC		= 3, /* struct sockaddr_storage */
 	PFLOWNL_GET_DST		= 4, /* struct sockaddr_storage */
+	PFLOWNL_GET_OBSERVATION_DOMAIN = 5, /* u32 */
 };
 
 enum pflow_set_type_t {
@@ -323,6 +325,7 @@ enum pflow_set_type_t {
 	PFLOWNL_SET_VERSION	= 2, /* u16 */
 	PFLOWNL_SET_SRC		= 3, /* struct sockaddr_storage */
 	PFLOWNL_SET_DST		= 4, /* struct sockaddr_storage */
+	PFLOWNL_SET_OBSERVATION_DOMAIN = 5, /* u32 */
 };
 
 #ifdef _KERNEL
diff --git a/sys/netpfil/pf/pflow.c b/sys/netpfil/pf/pflow.c
index 9a192c396c2d..398851bf17d0 100644
--- a/sys/netpfil/pf/pflow.c
+++ b/sys/netpfil/pf/pflow.c
@@ -210,6 +210,7 @@ pflow_create(int unit)
 	pflowif = malloc(sizeof(*pflowif), M_DEVBUF, M_WAITOK|M_ZERO);
 	mtx_init(&pflowif->sc_lock, "pflowlk", NULL, MTX_DEF);
 	pflowif->sc_version = PFLOW_PROTO_DEFAULT;
+	pflowif->sc_observation_dom = PFLOW_ENGINE_TYPE;
 
 	/* ipfix template init */
 	bzero(&pflowif->sc_tmpl_ipfix,sizeof(pflowif->sc_tmpl_ipfix));
@@ -421,7 +422,7 @@ pflowvalidsockaddr(const struct sockaddr *sa, int ignore_port)
 	}
 }
 
-static int
+int
 pflow_calc_mtu(struct pflow_softc *sc, int mtu, int hdrsz)
 {
 
@@ -1010,7 +1011,7 @@ pflow_sendout_ipfix(struct pflow_softc *sc, sa_family_t af)
 	h10->time_sec = htonl(time_second);		/* XXX 2038 */
 	h10->flow_sequence = htonl(sc->sc_sequence);
 	sc->sc_sequence += count;
-	h10->observation_dom = htonl(PFLOW_ENGINE_TYPE);
+	h10->observation_dom = htonl(sc->sc_observation_dom);
 	if (mbufq_enqueue(&sc->sc_outputqueue, m) == 0)
 		swi_sched(sc->sc_swi_cookie, 0);
 
@@ -1045,7 +1046,7 @@ pflow_sendout_ipfix_tmpl(struct pflow_softc *sc)
 	    pflow_ipfix_tmpl));
 	h10->time_sec = htonl(time_second);		/* XXX 2038 */
 	h10->flow_sequence = htonl(sc->sc_sequence);
-	h10->observation_dom = htonl(PFLOW_ENGINE_TYPE);
+	h10->observation_dom = htonl(sc->sc_observation_dom);
 
 	callout_reset(&sc->sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT * hz,
 	    pflow_timeout_tmpl, sc);
@@ -1257,6 +1258,8 @@ pflow_nl_get(struct nlmsghdr *hdr, struct nl_pstate *npt)
 		nlattr_add_sockaddr(nw, PFLOWNL_GET_SRC, sc->sc_flowsrc);
 	if (sc->sc_flowdst)
 		nlattr_add_sockaddr(nw, PFLOWNL_GET_DST, sc->sc_flowdst);
+	nlattr_add_u32(nw, PFLOWNL_GET_OBSERVATION_DOMAIN,
+	    sc->sc_observation_dom);
 
 	if (! nlmsg_end(nw)) {
 		nlmsg_abort(nw);
@@ -1306,6 +1309,7 @@ struct pflow_parsed_set {
 	uint16_t version;
 	struct sockaddr_storage src;
 	struct sockaddr_storage dst;
+	uint32_t observation_dom;
 };
 #define	_IN(_field)	offsetof(struct genlmsghdr, _field)
 #define	_OUT(_field)	offsetof(struct pflow_parsed_set, _field)
@@ -1314,6 +1318,7 @@ static const struct nlattr_parser nla_p_set[] = {
 	{ .type = PFLOWNL_SET_VERSION, .off = _OUT(version), .cb = nlattr_get_uint16 },
 	{ .type = PFLOWNL_SET_SRC, .off = _OUT(src), .arg = &addr_parser, .cb = nlattr_get_nested },
 	{ .type = PFLOWNL_SET_DST, .off = _OUT(dst), .arg = &addr_parser, .cb = nlattr_get_nested },
+	{ .type = PFLOWNL_SET_OBSERVATION_DOMAIN, .off = _OUT(observation_dom), .cb = nlattr_get_uint32 },
 };
 static const struct nlfield_parser nlf_p_set[] = {};
 #undef _IN
@@ -1438,6 +1443,9 @@ pflow_set(struct pflow_softc *sc, const struct pflow_parsed_set *pflowr, struct
 		sc->so = NULL;
 	}
 
+	if (pflowr->observation_dom != 0)
+		sc->sc_observation_dom = pflowr->observation_dom;
+
 	/* error check is above */
 	if (pflowr->version != 0)
 		sc->sc_version = pflowr->version;
diff --git a/tests/sys/netpfil/pf/pflow.sh b/tests/sys/netpfil/pf/pflow.sh
index 73e041fca693..12d194d84c14 100644
--- a/tests/sys/netpfil/pf/pflow.sh
+++ b/tests/sys/netpfil/pf/pflow.sh
@@ -67,6 +67,12 @@ basic_body()
 	    jexec alcatraz pflowctl -s ${pflow} proto 5
 	atf_check -s exit:0 \
 	    jexec alcatraz pflowctl -s ${pflow} proto 10
+
+	# We can change the observation domain
+	atf_check -s exit:0 \
+	    jexec alcatraz pflowctl -s ${pflow} domain 13
+	atf_check -s exit:0 -o match:".*domain 13.*" \
+	    jexec alcatraz pflowctl -l
 }
 
 basic_cleanup()