svn commit: r238295 - stable/9/sys/netgraph/netflow
Alexander V. Chernikov
melifaro at FreeBSD.org
Mon Jul 9 11:53:07 UTC 2012
Author: melifaro
Date: Mon Jul 9 11:53:06 2012
New Revision: 238295
URL: http://svn.freebsd.org/changeset/base/238295
Log:
Merge r237162, r237163, r237164, r237226.
Fix improper L4 header handling for IPv6 packets passed via DLT_RAW.
Set netflow v9 observation domain value to fib number instead of node id.
This fixes multi-fib netflow v9 export.
Use time_uptime instead of getnanotime for accouting integer number of seconds.
Simplify IP pointer recovery in case of mbuf reallocation.
Approved by: ae(mentor)
Approved by: re
Modified:
stable/9/sys/netgraph/netflow/netflow_v9.c
stable/9/sys/netgraph/netflow/ng_netflow.c
Directory Properties:
stable/9/sys/ (props changed)
Modified: stable/9/sys/netgraph/netflow/netflow_v9.c
==============================================================================
--- stable/9/sys/netgraph/netflow/netflow_v9.c Mon Jul 9 10:59:39 2012 (r238294)
+++ stable/9/sys/netgraph/netflow/netflow_v9.c Mon Jul 9 11:53:06 2012 (r238295)
@@ -222,7 +222,7 @@ export9_send(priv_p priv, fib_export_p f
header->unix_secs = htonl(ts.tv_sec);
header->seq_num = htonl(atomic_fetchadd_32(&fe->flow9_seq, 1));
header->count = htons(t->count);
- header->source_id = htonl(NG_NODE_ID(priv->node));
+ header->source_id = htonl(fe->domain_id);
if (priv->export9 != NULL)
NG_FWD_ITEM_HOOK_FLAGS(error, item, priv->export9, flags);
@@ -416,16 +416,14 @@ get_export9_dgram(priv_p priv, fib_expor
* Check if we need to insert templates into packet
*/
- struct timespec ts;
struct netflow_v9_flowset_header *fl;
- getnanotime(&ts);
- if ((ts.tv_sec >= priv->templ_time + fe->templ_last_ts) ||
+ if ((time_uptime >= priv->templ_time + fe->templ_last_ts) ||
(fe->sent_packets >= priv->templ_packets + fe->templ_last_pkt)) {
- atomic_store_rel_32(&fe->templ_last_ts, ts.tv_sec);
- atomic_store_rel_32(&fe->templ_last_pkt, fe->sent_packets);
-
+ fe->templ_last_ts = time_uptime;
+ fe->templ_last_pkt = fe->sent_packets;
+
fl = priv->v9_flowsets[0];
m_append(m, ntohs(fl->length), (void *)fl);
t->flow_header = m->m_len;
Modified: stable/9/sys/netgraph/netflow/ng_netflow.c
==============================================================================
--- stable/9/sys/netgraph/netflow/ng_netflow.c Mon Jul 9 10:59:39 2012 (r238294)
+++ stable/9/sys/netgraph/netflow/ng_netflow.c Mon Jul 9 11:53:06 2012 (r238295)
@@ -560,8 +560,8 @@ ng_netflow_rcvdata (hook_p hook, item_p
struct ip6_hdr *ip6 = NULL;
struct m_tag *mtag;
int pullup_len = 0, off;
- uint8_t upper_proto = 0, is_frag = 0;
- int error = 0, bypass = 0, acct = 0;
+ uint8_t acct = 0, bypass = 0, is_frag = 0, upper_proto = 0;
+ int error = 0, l3_off = 0;
unsigned int src_if_index;
caddr_t upper_ptr = NULL;
fib_export_p fe;
@@ -666,6 +666,7 @@ ng_netflow_rcvdata (hook_p hook, item_p
M_CHECK(sizeof(struct ip));
eh = mtod(m, struct ether_header *);
ip = (struct ip *)(eh + 1);
+ l3_off = sizeof(struct ether_header);
break;
#ifdef INET6
case ETHERTYPE_IPV6:
@@ -676,6 +677,7 @@ ng_netflow_rcvdata (hook_p hook, item_p
M_CHECK(sizeof(struct ip6_hdr));
eh = mtod(m, struct ether_header *);
ip6 = (struct ip6_hdr *)(eh + 1);
+ l3_off = sizeof(struct ether_header);
break;
#endif
case ETHERTYPE_VLAN:
@@ -686,6 +688,7 @@ ng_netflow_rcvdata (hook_p hook, item_p
sizeof(struct ether_header));
evh = mtod(m, struct ether_vlan_header *);
etype = ntohs(evh->evl_proto);
+ l3_off = sizeof(struct ether_vlan_header);
if (etype == ETHERTYPE_IP) {
M_CHECK(sizeof(struct ip));
@@ -707,12 +710,13 @@ ng_netflow_rcvdata (hook_p hook, item_p
case DLT_RAW: /* IP packets */
M_CHECK(sizeof(struct ip));
ip = mtod(m, struct ip *);
+ /* l3_off is already zero */
#ifdef INET6
/* If INET6 is not defined IPv6 packets will be discarded in ng_netflow_flow_add() */
if (ip->ip_v == IP6VERSION) {
/* IPv6 packet */
ip = NULL;
- M_CHECK(sizeof(struct ip6_hdr));
+ M_CHECK(sizeof(struct ip6_hdr) - sizeof(struct ip));
ip6 = mtod(m, struct ip6_hdr *);
}
#endif
@@ -824,7 +828,10 @@ ng_netflow_rcvdata (hook_p hook, item_p
case IPPROTO_NONE:
goto loopend;
#endif
- /* Any unknow header (new extension or IPv6/IPv4 header for tunnels) */
+ /*
+ * Any unknow header (new extension or IPv6/IPv4
+ * header for tunnels) ends loop.
+ */
default:
goto loopend;
}
@@ -842,56 +849,11 @@ loopend:
/* Just in case of real reallocation in M_CHECK() / m_pullup() */
if (m != m_old) {
atomic_fetchadd_32(&priv->info.nfinfo_realloc_mbuf, 1);
- ip = NULL;
- ip6 = NULL;
- switch (iface->info.ifinfo_dlt) {
- case DLT_EN10MB: /* Ethernet */
- {
- struct ether_header *eh;
-
- eh = mtod(m, struct ether_header *);
- switch (ntohs(eh->ether_type)) {
- case ETHERTYPE_IP:
- ip = (struct ip *)(eh + 1);
- break;
-#ifdef INET6
- case ETHERTYPE_IPV6:
- ip6 = (struct ip6_hdr *)(eh + 1);
- break;
-#endif
- case ETHERTYPE_VLAN:
- {
- struct ether_vlan_header *evh;
-
- evh = mtod(m, struct ether_vlan_header *);
- if (ntohs(evh->evl_proto) == ETHERTYPE_IP) {
- ip = (struct ip *)(evh + 1);
- break;
-#ifdef INET6
- } else if (ntohs(evh->evl_proto) == ETHERTYPE_IPV6) {
- ip6 = (struct ip6_hdr *)(evh + 1);
- break;
-#endif
- }
- }
- default:
- panic("ng_netflow entered deadcode");
- }
- break;
- }
- case DLT_RAW: /* IP packets */
- ip = mtod(m, struct ip *);
-#ifdef INET6
- if (ip->ip_v == IP6VERSION) {
- /* IPv6 packet */
- ip = NULL;
- ip6 = mtod(m, struct ip6_hdr *);
- }
-#endif
- break;
- default:
- panic("ng_netflow entered deadcode");
- }
+ /* Restore ip/ipv6 pointer */
+ if (ip != NULL)
+ ip = (struct ip *)(mtod(m, caddr_t) + l3_off);
+ else if (ip6 != NULL)
+ ip6 = (struct ip6_hdr *)(mtod(m, caddr_t) + l3_off);
}
upper_ptr = (caddr_t)(mtod(m, caddr_t) + off);
More information about the svn-src-stable-9
mailing list