Date: Mon, 9 Jul 2012 11:53:06 +0000 (UTC) From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r238295 - stable/9/sys/netgraph/netflow Message-ID: <201207091153.q69Br6hJ016434@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: melifaro Date: Mon Jul 9 11:53:06 2012 New Revision: 238295 URL: http://svn.freebsd.org/changeset/base/238295 Log: Merge r237162, r237163, r237164, r237226. Fix improper L4 header handling for IPv6 packets passed via DLT_RAW. Set netflow v9 observation domain value to fib number instead of node id. This fixes multi-fib netflow v9 export. Use time_uptime instead of getnanotime for accouting integer number of seconds. Simplify IP pointer recovery in case of mbuf reallocation. Approved by: ae(mentor) Approved by: re Modified: stable/9/sys/netgraph/netflow/netflow_v9.c stable/9/sys/netgraph/netflow/ng_netflow.c Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/netgraph/netflow/netflow_v9.c ============================================================================== --- stable/9/sys/netgraph/netflow/netflow_v9.c Mon Jul 9 10:59:39 2012 (r238294) +++ stable/9/sys/netgraph/netflow/netflow_v9.c Mon Jul 9 11:53:06 2012 (r238295) @@ -222,7 +222,7 @@ export9_send(priv_p priv, fib_export_p f header->unix_secs = htonl(ts.tv_sec); header->seq_num = htonl(atomic_fetchadd_32(&fe->flow9_seq, 1)); header->count = htons(t->count); - header->source_id = htonl(NG_NODE_ID(priv->node)); + header->source_id = htonl(fe->domain_id); if (priv->export9 != NULL) NG_FWD_ITEM_HOOK_FLAGS(error, item, priv->export9, flags); @@ -416,16 +416,14 @@ get_export9_dgram(priv_p priv, fib_expor * Check if we need to insert templates into packet */ - struct timespec ts; struct netflow_v9_flowset_header *fl; - getnanotime(&ts); - if ((ts.tv_sec >= priv->templ_time + fe->templ_last_ts) || + if ((time_uptime >= priv->templ_time + fe->templ_last_ts) || (fe->sent_packets >= priv->templ_packets + fe->templ_last_pkt)) { - atomic_store_rel_32(&fe->templ_last_ts, ts.tv_sec); - atomic_store_rel_32(&fe->templ_last_pkt, fe->sent_packets); - + fe->templ_last_ts = time_uptime; + fe->templ_last_pkt = fe->sent_packets; + fl = priv->v9_flowsets[0]; m_append(m, ntohs(fl->length), (void *)fl); t->flow_header = m->m_len; Modified: stable/9/sys/netgraph/netflow/ng_netflow.c ============================================================================== --- stable/9/sys/netgraph/netflow/ng_netflow.c Mon Jul 9 10:59:39 2012 (r238294) +++ stable/9/sys/netgraph/netflow/ng_netflow.c Mon Jul 9 11:53:06 2012 (r238295) @@ -560,8 +560,8 @@ ng_netflow_rcvdata (hook_p hook, item_p struct ip6_hdr *ip6 = NULL; struct m_tag *mtag; int pullup_len = 0, off; - uint8_t upper_proto = 0, is_frag = 0; - int error = 0, bypass = 0, acct = 0; + uint8_t acct = 0, bypass = 0, is_frag = 0, upper_proto = 0; + int error = 0, l3_off = 0; unsigned int src_if_index; caddr_t upper_ptr = NULL; fib_export_p fe; @@ -666,6 +666,7 @@ ng_netflow_rcvdata (hook_p hook, item_p M_CHECK(sizeof(struct ip)); eh = mtod(m, struct ether_header *); ip = (struct ip *)(eh + 1); + l3_off = sizeof(struct ether_header); break; #ifdef INET6 case ETHERTYPE_IPV6: @@ -676,6 +677,7 @@ ng_netflow_rcvdata (hook_p hook, item_p M_CHECK(sizeof(struct ip6_hdr)); eh = mtod(m, struct ether_header *); ip6 = (struct ip6_hdr *)(eh + 1); + l3_off = sizeof(struct ether_header); break; #endif case ETHERTYPE_VLAN: @@ -686,6 +688,7 @@ ng_netflow_rcvdata (hook_p hook, item_p sizeof(struct ether_header)); evh = mtod(m, struct ether_vlan_header *); etype = ntohs(evh->evl_proto); + l3_off = sizeof(struct ether_vlan_header); if (etype == ETHERTYPE_IP) { M_CHECK(sizeof(struct ip)); @@ -707,12 +710,13 @@ ng_netflow_rcvdata (hook_p hook, item_p case DLT_RAW: /* IP packets */ M_CHECK(sizeof(struct ip)); ip = mtod(m, struct ip *); + /* l3_off is already zero */ #ifdef INET6 /* If INET6 is not defined IPv6 packets will be discarded in ng_netflow_flow_add() */ if (ip->ip_v == IP6VERSION) { /* IPv6 packet */ ip = NULL; - M_CHECK(sizeof(struct ip6_hdr)); + M_CHECK(sizeof(struct ip6_hdr) - sizeof(struct ip)); ip6 = mtod(m, struct ip6_hdr *); } #endif @@ -824,7 +828,10 @@ ng_netflow_rcvdata (hook_p hook, item_p case IPPROTO_NONE: goto loopend; #endif - /* Any unknow header (new extension or IPv6/IPv4 header for tunnels) */ + /* + * Any unknow header (new extension or IPv6/IPv4 + * header for tunnels) ends loop. + */ default: goto loopend; } @@ -842,56 +849,11 @@ loopend: /* Just in case of real reallocation in M_CHECK() / m_pullup() */ if (m != m_old) { atomic_fetchadd_32(&priv->info.nfinfo_realloc_mbuf, 1); - ip = NULL; - ip6 = NULL; - switch (iface->info.ifinfo_dlt) { - case DLT_EN10MB: /* Ethernet */ - { - struct ether_header *eh; - - eh = mtod(m, struct ether_header *); - switch (ntohs(eh->ether_type)) { - case ETHERTYPE_IP: - ip = (struct ip *)(eh + 1); - break; -#ifdef INET6 - case ETHERTYPE_IPV6: - ip6 = (struct ip6_hdr *)(eh + 1); - break; -#endif - case ETHERTYPE_VLAN: - { - struct ether_vlan_header *evh; - - evh = mtod(m, struct ether_vlan_header *); - if (ntohs(evh->evl_proto) == ETHERTYPE_IP) { - ip = (struct ip *)(evh + 1); - break; -#ifdef INET6 - } else if (ntohs(evh->evl_proto) == ETHERTYPE_IPV6) { - ip6 = (struct ip6_hdr *)(evh + 1); - break; -#endif - } - } - default: - panic("ng_netflow entered deadcode"); - } - break; - } - case DLT_RAW: /* IP packets */ - ip = mtod(m, struct ip *); -#ifdef INET6 - if (ip->ip_v == IP6VERSION) { - /* IPv6 packet */ - ip = NULL; - ip6 = mtod(m, struct ip6_hdr *); - } -#endif - break; - default: - panic("ng_netflow entered deadcode"); - } + /* Restore ip/ipv6 pointer */ + if (ip != NULL) + ip = (struct ip *)(mtod(m, caddr_t) + l3_off); + else if (ip6 != NULL) + ip6 = (struct ip6_hdr *)(mtod(m, caddr_t) + l3_off); } upper_ptr = (caddr_t)(mtod(m, caddr_t) + off);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207091153.q69Br6hJ016434>