diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2014-03-29 11:26:04 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2014-03-29 11:26:04 +0000 |
| commit | 50fec5e2276e5331282b099af728a5dc7fb8caa8 (patch) | |
| tree | 16b4d2b8bc5dbeffc7149cd52cafd91daa7a7d72 /sys/net | |
| parent | 4ca76a573207ccac1eb83ff8c2936e958da134e2 (diff) | |
Kill pflowproto 9, it's unfixable post 2038, a better, standardized
option is pflowproto 10. Also it duplicates a lot of code from
pflowproto 10 and will get in the way in the future.
OK benno@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/if_pflow.c | 453 | ||||
| -rw-r--r-- | sys/net/if_pflow.h | 95 |
2 files changed, 14 insertions, 534 deletions
diff --git a/sys/net/if_pflow.c b/sys/net/if_pflow.c index 07ddf122283..3eb2b7b4061 100644 --- a/sys/net/if_pflow.c +++ b/sys/net/if_pflow.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflow.c,v 1.40 2014/01/24 09:48:37 henning Exp $ */ +/* $OpenBSD: if_pflow.c,v 1.41 2014/03/29 11:26:03 florian Exp $ */ /* * Copyright (c) 2011 Florian Obser <florian@narrans.de> @@ -81,9 +81,7 @@ void pflowstart(struct ifnet *); struct mbuf *pflow_get_mbuf(struct pflow_softc *, u_int16_t); void pflow_flush(struct pflow_softc *); int pflow_sendout_v5(struct pflow_softc *); -int pflow_sendout_v9(struct pflow_softc *, sa_family_t); int pflow_sendout_ipfix(struct pflow_softc *, sa_family_t); -int pflow_sendout_v9_tmpl(struct pflow_softc *); int pflow_sendout_ipfix_tmpl(struct pflow_softc *); int pflow_sendout_mbuf(struct pflow_softc *, struct mbuf *); void pflow_timeout(void *); @@ -91,34 +89,22 @@ void pflow_timeout6(void *); void pflow_timeout_tmpl(void *); void copy_flow_data(struct pflow_flow *, struct pflow_flow *, struct pf_state *, struct pf_state_key *, int, int); -void copy_flow_v9_4_data(struct pflow_v9_flow4 *, struct pflow_v9_flow4 *, - struct pf_state *, struct pf_state_key *, struct pflow_softc *, int, - int); void copy_flow_ipfix_4_data(struct pflow_ipfix_flow4 *, struct pflow_ipfix_flow4 *, struct pf_state *, struct pf_state_key *, struct pflow_softc *, int, int); -void copy_flow_v9_6_data(struct pflow_v9_flow6 *, struct pflow_v9_flow6 *, - struct pf_state *, struct pf_state_key *, struct pflow_softc *, int, - int); void copy_flow_ipfix_6_data(struct pflow_ipfix_flow6 *, struct pflow_ipfix_flow6 *, struct pf_state *, struct pf_state_key *, struct pflow_softc *, int, int); int pflow_pack_flow(struct pf_state *, struct pf_state_key *, struct pflow_softc *); -int pflow_pack_flow_v9(struct pf_state *, struct pf_state_key *, - struct pflow_softc *); int pflow_pack_flow_ipfix(struct pf_state *, struct pf_state_key *, struct pflow_softc *); int pflow_get_dynport(void); int export_pflow_if(struct pf_state*, struct pf_state_key *, struct pflow_softc *); int copy_flow_to_m(struct pflow_flow *flow, struct pflow_softc *sc); -int copy_flow_v9_4_to_m(struct pflow_v9_flow4 *flow, struct pflow_softc - *sc); int copy_flow_ipfix_4_to_m(struct pflow_ipfix_flow4 *flow, struct pflow_softc *sc); -int copy_flow_v9_6_to_m(struct pflow_v9_flow6 *flow, struct pflow_softc - *sc); int copy_flow_ipfix_6_to_m(struct pflow_ipfix_flow6 *flow, struct pflow_softc *sc); @@ -153,94 +139,6 @@ pflow_clone_create(struct if_clone *ifc, int unit) pflowif->sc_sender_port = pflow_get_dynport(); pflowif->sc_version = PFLOW_PROTO_DEFAULT; - /* v9 template init */ - bzero(&pflowif->sc_tmpl_v9,sizeof(pflowif->sc_tmpl_v9)); - pflowif->sc_tmpl_v9.set_header.set_id = htons(PFLOW_V9_TMPL_SET_ID); - pflowif->sc_tmpl_v9.set_header.set_length = - htons(sizeof(struct pflow_v9_tmpl)); - - /* v9 IPv4 template */ - pflowif->sc_tmpl_v9.ipv4_tmpl.h.tmpl_id = htons(PFLOW_V9_TMPL_IPV4_ID); - pflowif->sc_tmpl_v9.ipv4_tmpl.h.field_count - = htons(PFLOW_V9_TMPL_IPV4_FIELD_COUNT); - pflowif->sc_tmpl_v9.ipv4_tmpl.src_ip.field_id = - htons(PFIX_IE_sourceIPv4Address); - pflowif->sc_tmpl_v9.ipv4_tmpl.src_ip.len = htons(4); - pflowif->sc_tmpl_v9.ipv4_tmpl.dest_ip.field_id = - htons(PFIX_IE_destinationIPv4Address); - pflowif->sc_tmpl_v9.ipv4_tmpl.dest_ip.len = htons(4); - pflowif->sc_tmpl_v9.ipv4_tmpl.if_index_in.field_id = - htons(PFIX_IE_ingressInterface); - pflowif->sc_tmpl_v9.ipv4_tmpl.if_index_in.len = htons(4); - pflowif->sc_tmpl_v9.ipv4_tmpl.if_index_out.field_id = - htons(PFIX_IE_egressInterface); - pflowif->sc_tmpl_v9.ipv4_tmpl.if_index_out.len = htons(4); - pflowif->sc_tmpl_v9.ipv4_tmpl.packets.field_id = - htons(PFIX_IE_packetDeltaCount); - pflowif->sc_tmpl_v9.ipv4_tmpl.packets.len = htons(8); - pflowif->sc_tmpl_v9.ipv4_tmpl.octets.field_id = - htons(PFIX_IE_octetDeltaCount); - pflowif->sc_tmpl_v9.ipv4_tmpl.octets.len = htons(8); - pflowif->sc_tmpl_v9.ipv4_tmpl.start.field_id = - htons(PFIX_IE_flowStartSysUpTime); - pflowif->sc_tmpl_v9.ipv4_tmpl.start.len = htons(4); - pflowif->sc_tmpl_v9.ipv4_tmpl.finish.field_id = - htons(PFIX_IE_flowEndSysUpTime); - pflowif->sc_tmpl_v9.ipv4_tmpl.finish.len = htons(4); - pflowif->sc_tmpl_v9.ipv4_tmpl.src_port.field_id = - htons(PFIX_IE_sourceTransportPort); - pflowif->sc_tmpl_v9.ipv4_tmpl.src_port.len = htons(2); - pflowif->sc_tmpl_v9.ipv4_tmpl.dest_port.field_id = - htons(PFIX_IE_destinationTransportPort); - pflowif->sc_tmpl_v9.ipv4_tmpl.dest_port.len = htons(2); - pflowif->sc_tmpl_v9.ipv4_tmpl.tos.field_id = - htons(PFIX_IE_ipClassOfService); - pflowif->sc_tmpl_v9.ipv4_tmpl.tos.len = htons(1); - pflowif->sc_tmpl_v9.ipv4_tmpl.protocol.field_id = - htons(PFIX_IE_protocolIdentifier); - pflowif->sc_tmpl_v9.ipv4_tmpl.protocol.len = htons(1); - - /* v9 IPv6 template */ - pflowif->sc_tmpl_v9.ipv6_tmpl.h.tmpl_id = htons(PFLOW_V9_TMPL_IPV6_ID); - pflowif->sc_tmpl_v9.ipv6_tmpl.h.field_count = - htons(PFLOW_V9_TMPL_IPV6_FIELD_COUNT); - pflowif->sc_tmpl_v9.ipv6_tmpl.src_ip.field_id = - htons(PFIX_IE_sourceIPv6Address); - pflowif->sc_tmpl_v9.ipv6_tmpl.src_ip.len = htons(16); - pflowif->sc_tmpl_v9.ipv6_tmpl.dest_ip.field_id = - htons(PFIX_IE_destinationIPv6Address); - pflowif->sc_tmpl_v9.ipv6_tmpl.dest_ip.len = htons(16); - pflowif->sc_tmpl_v9.ipv6_tmpl.if_index_in.field_id = - htons(PFIX_IE_ingressInterface); - pflowif->sc_tmpl_v9.ipv6_tmpl.if_index_in.len = htons(4); - pflowif->sc_tmpl_v9.ipv6_tmpl.if_index_out.field_id = - htons(PFIX_IE_egressInterface); - pflowif->sc_tmpl_v9.ipv6_tmpl.if_index_out.len = htons(4); - pflowif->sc_tmpl_v9.ipv6_tmpl.packets.field_id = - htons(PFIX_IE_packetDeltaCount); - pflowif->sc_tmpl_v9.ipv6_tmpl.packets.len = htons(8); - pflowif->sc_tmpl_v9.ipv6_tmpl.octets.field_id = - htons(PFIX_IE_octetDeltaCount); - pflowif->sc_tmpl_v9.ipv6_tmpl.octets.len = htons(8); - pflowif->sc_tmpl_v9.ipv6_tmpl.start.field_id = - htons(PFIX_IE_flowStartSysUpTime); - pflowif->sc_tmpl_v9.ipv6_tmpl.start.len = htons(4); - pflowif->sc_tmpl_v9.ipv6_tmpl.finish.field_id = - htons(PFIX_IE_flowEndSysUpTime); - pflowif->sc_tmpl_v9.ipv6_tmpl.finish.len = htons(4); - pflowif->sc_tmpl_v9.ipv6_tmpl.src_port.field_id = - htons(PFIX_IE_sourceTransportPort); - pflowif->sc_tmpl_v9.ipv6_tmpl.src_port.len = htons(2); - pflowif->sc_tmpl_v9.ipv6_tmpl.dest_port.field_id = - htons(PFIX_IE_destinationTransportPort); - pflowif->sc_tmpl_v9.ipv6_tmpl.dest_port.len = htons(2); - pflowif->sc_tmpl_v9.ipv6_tmpl.tos.field_id = - htons(PFIX_IE_ipClassOfService); - pflowif->sc_tmpl_v9.ipv6_tmpl.tos.len = htons(1); - pflowif->sc_tmpl_v9.ipv6_tmpl.protocol.field_id = - htons(PFIX_IE_protocolIdentifier); - pflowif->sc_tmpl_v9.ipv6_tmpl.protocol.len = htons(1); - /* ipfix template init */ bzero(&pflowif->sc_tmpl_ipfix,sizeof(pflowif->sc_tmpl_ipfix)); pflowif->sc_tmpl_ipfix.set_header.set_id = @@ -430,11 +328,7 @@ pflowioctl(struct ifnet *ifp, u_long cmd, caddr_t data) ifp->if_flags |= IFF_RUNNING; sc->sc_gcounter=pflowstats.pflow_flows; /* send templates on startup */ - if (sc->sc_version == PFLOW_PROTO_9) { - s = splnet(); - pflow_sendout_v9_tmpl(sc); - splx(s); - } else if (sc->sc_version == PFLOW_PROTO_10) { + if (sc->sc_version == PFLOW_PROTO_10) { s = splnet(); pflow_sendout_ipfix_tmpl(sc); splx(s); @@ -476,7 +370,6 @@ pflowioctl(struct ifnet *ifp, u_long cmd, caddr_t data) if (pflowr.addrmask & PFLOW_MASK_VERSION) { switch(pflowr.version) { case PFLOW_PROTO_5: - case PFLOW_PROTO_9: case PFLOW_PROTO_10: break; default: @@ -508,11 +401,7 @@ pflowioctl(struct ifnet *ifp, u_long cmd, caddr_t data) sc->sc_sender_port != 0) { ifp->if_flags |= IFF_RUNNING; sc->sc_gcounter=pflowstats.pflow_flows; - if (sc->sc_version == PFLOW_PROTO_9) { - s = splnet(); - pflow_sendout_v9_tmpl(sc); - splx(s); - } else if (sc->sc_version == PFLOW_PROTO_10) { + if (sc->sc_version == PFLOW_PROTO_10) { s = splnet(); pflow_sendout_ipfix_tmpl(sc); splx(s); @@ -540,7 +429,6 @@ pflow_init_timeouts(struct pflow_softc *sc) if (!timeout_initialized(&sc->sc_tmo)) timeout_set(&sc->sc_tmo, pflow_timeout, sc); break; - case PFLOW_PROTO_9: case PFLOW_PROTO_10: if (!timeout_initialized(&sc->sc_tmo_tmpl)) timeout_set(&sc->sc_tmo_tmpl, pflow_timeout_tmpl, sc); @@ -559,29 +447,18 @@ pflow_init_timeouts(struct pflow_softc *sc) int pflow_calc_mtu(struct pflow_softc *sc, int mtu, int hdrsz) { - if (sc->sc_version == PFLOW_PROTO_9) { - sc->sc_maxcount4 = (mtu - hdrsz - - sizeof(struct udpiphdr)) / sizeof(struct pflow_v9_flow4); - sc->sc_maxcount6 = (mtu - hdrsz - - sizeof(struct udpiphdr)) / sizeof(struct pflow_v9_flow6); - } else { - sc->sc_maxcount4 = (mtu - hdrsz - - sizeof(struct udpiphdr)) / sizeof(struct pflow_ipfix_flow4); - sc->sc_maxcount6 = (mtu - hdrsz - - sizeof(struct udpiphdr)) / sizeof(struct pflow_ipfix_flow6); - } + + sc->sc_maxcount4 = (mtu - hdrsz - + sizeof(struct udpiphdr)) / sizeof(struct pflow_ipfix_flow4); + sc->sc_maxcount6 = (mtu - hdrsz - + sizeof(struct udpiphdr)) / sizeof(struct pflow_ipfix_flow6); if (sc->sc_maxcount4 > PFLOW_MAXFLOWS) sc->sc_maxcount4 = PFLOW_MAXFLOWS; if (sc->sc_maxcount6 > PFLOW_MAXFLOWS) sc->sc_maxcount6 = PFLOW_MAXFLOWS; - if (sc->sc_version == PFLOW_PROTO_9) - return (hdrsz + sizeof(struct udpiphdr) + - MIN(sc->sc_maxcount4 * sizeof(struct pflow_v9_flow4), - sc->sc_maxcount6 * sizeof(struct pflow_v9_flow6))); - else - return (hdrsz + sizeof(struct udpiphdr) + - MIN(sc->sc_maxcount4 * sizeof(struct pflow_ipfix_flow4), - sc->sc_maxcount6 * sizeof(struct pflow_ipfix_flow6))); + return (hdrsz + sizeof(struct udpiphdr) + + MIN(sc->sc_maxcount4 * sizeof(struct pflow_ipfix_flow4), + sc->sc_maxcount6 * sizeof(struct pflow_ipfix_flow6))); } void @@ -604,10 +481,6 @@ pflow_setmtu(struct pflow_softc *sc, int mtu_req) sizeof(struct udpiphdr) + sc->sc_maxcount * sizeof(struct pflow_flow); break; - case PFLOW_PROTO_9: - sc->sc_if.if_mtu = - pflow_calc_mtu(sc, mtu, sizeof(struct pflow_v9_header)); - break; case PFLOW_PROTO_10: sc->sc_if.if_mtu = pflow_calc_mtu(sc, mtu, sizeof(struct pflow_v10_header)); @@ -704,80 +577,6 @@ copy_flow_data(struct pflow_flow *flow1, struct pflow_flow *flow2, } void -copy_flow_v9_4_data(struct pflow_v9_flow4 *flow1, struct pflow_v9_flow4 *flow2, - struct pf_state *st, struct pf_state_key *sk, struct pflow_softc *sc, - int src, int dst) -{ - flow1->src_ip = flow2->dest_ip = sk->addr[src].v4.s_addr; - flow1->src_port = flow2->dest_port = sk->port[src]; - flow1->dest_ip = flow2->src_ip = sk->addr[dst].v4.s_addr; - flow1->dest_port = flow2->src_port = sk->port[dst]; - - flow1->if_index_in = htonl(st->if_index_in); - flow1->if_index_out = htonl(st->if_index_out); - flow2->if_index_in = htonl(st->if_index_out); - flow2->if_index_out = htonl(st->if_index_in); - - flow1->flow_packets = htobe64(st->packets[0]); - flow2->flow_packets = htobe64(st->packets[1]); - flow1->flow_octets = htobe64(st->bytes[0]); - flow2->flow_octets = htobe64(st->bytes[1]); - - /* - * Pretend the flow was created or expired when the machine came - * up when creation is in the future of the last time a package - * was seen or was created / expired before this machine came up - * due to pfsync. - */ - flow1->flow_start = flow2->flow_start = st->creation < 0 || - st->creation > st->expire ? htonl(0) : htonl(st->creation * - 1000); - flow1->flow_finish = flow2->flow_finish = st->expire < 0 ? - htonl(0) : htonl(st->expire * 1000); - - flow1->protocol = flow2->protocol = sk->proto; - flow1->tos = flow2->tos = st->rule.ptr->tos; -} - -void -copy_flow_v9_6_data(struct pflow_v9_flow6 *flow1, struct pflow_v9_flow6 *flow2, - struct pf_state *st, struct pf_state_key *sk, struct pflow_softc *sc, - int src, int dst) -{ - bcopy(&sk->addr[src].v6, &flow1->src_ip, sizeof(flow1->src_ip)); - bcopy(&sk->addr[src].v6, &flow2->dest_ip, sizeof(flow2->dest_ip)); - flow1->src_port = flow2->dest_port = sk->port[src]; - bcopy(&sk->addr[dst].v6, &flow1->dest_ip, sizeof(flow1->dest_ip)); - bcopy(&sk->addr[dst].v6, &flow2->src_ip, sizeof(flow2->src_ip)); - flow1->dest_port = flow2->src_port = sk->port[dst]; - - flow1->if_index_in = htonl(st->if_index_in); - flow1->if_index_out = htonl(st->if_index_out); - flow2->if_index_in = htonl(st->if_index_out); - flow2->if_index_out = htonl(st->if_index_in); - - flow1->flow_packets = htobe64(st->packets[0]); - flow2->flow_packets = htobe64(st->packets[1]); - flow1->flow_octets = htobe64(st->bytes[0]); - flow2->flow_octets = htobe64(st->bytes[1]); - - /* - * Pretend the flow was created or expired when the machine came - * up when creation is in the future of the last time a package - * was seen or was created / expired before this machine came up - * due to pfsync. - */ - flow1->flow_start = flow2->flow_start = st->creation < 0 || - st->creation > st->expire ? htonl(0) : htonl(st->creation * - 1000); - flow1->flow_finish = flow2->flow_finish = st->expire < 0 ? - htonl(0) : htonl(st->expire * 1000); - - flow1->protocol = flow2->protocol = sk->proto; - flow1->tos = flow2->tos = st->rule.ptr->tos; -} - -void copy_flow_ipfix_4_data(struct pflow_ipfix_flow4 *flow1, struct pflow_ipfix_flow4 *flow2, struct pf_state *st, struct pf_state_key *sk, struct pflow_softc *sc, int src, int dst) @@ -867,8 +666,6 @@ export_pflow(struct pf_state *st) if( sk->af == AF_INET ) export_pflow_if(st, sk, sc); break; - case PFLOW_PROTO_9: - /* ... fall through ... */ case PFLOW_PROTO_10: if( sk->af == AF_INET || sk->af == AF_INET6 ) export_pflow_if(st, sk, sc); @@ -893,8 +690,6 @@ export_pflow_if(struct pf_state *st, struct pf_state_key *sk, if (!(ifp->if_flags & IFF_RUNNING)) return (0); - if (sc->sc_version == PFLOW_PROTO_9) - return (pflow_pack_flow_v9(st, sk, sc)); if (sc->sc_version == PFLOW_PROTO_10) return (pflow_pack_flow_ipfix(st, sk, sc)); @@ -963,67 +758,6 @@ copy_flow_to_m(struct pflow_flow *flow, struct pflow_softc *sc) } int -copy_flow_v9_4_to_m(struct pflow_v9_flow4 *flow, struct pflow_softc *sc) -{ - int s, ret = 0; - - s = splnet(); - if (sc->sc_mbuf == NULL) { - if ((sc->sc_mbuf = - pflow_get_mbuf(sc, PFLOW_V9_TMPL_IPV4_ID)) == NULL) { - splx(s); - return (ENOBUFS); - } - sc->sc_count4 = 0; - timeout_add_sec(&sc->sc_tmo, PFLOW_TIMEOUT); - } - m_copyback(sc->sc_mbuf, PFLOW_SET_HDRLEN + - (sc->sc_count4 * sizeof(struct pflow_v9_flow4)), - sizeof(struct pflow_v9_flow4), flow, M_NOWAIT); - - if (pflowstats.pflow_flows == sc->sc_gcounter) - pflowstats.pflow_flows++; - sc->sc_gcounter++; - sc->sc_count4++; - - if (sc->sc_count4 >= sc->sc_maxcount4) - ret = pflow_sendout_v9(sc, AF_INET); - splx(s); - return(ret); -} - -int -copy_flow_v9_6_to_m(struct pflow_v9_flow6 *flow, struct pflow_softc *sc) -{ - int s, ret = 0; - - s = splnet(); - if (sc->sc_mbuf6 == NULL) { - if ((sc->sc_mbuf6 = - pflow_get_mbuf(sc, PFLOW_V9_TMPL_IPV6_ID)) == NULL) { - splx(s); - return (ENOBUFS); - } - sc->sc_count6 = 0; - timeout_add_sec(&sc->sc_tmo6, PFLOW_TIMEOUT); - } - m_copyback(sc->sc_mbuf6, PFLOW_SET_HDRLEN + - (sc->sc_count6 * sizeof(struct pflow_v9_flow6)), - sizeof(struct pflow_v9_flow6), flow, M_NOWAIT); - - if (pflowstats.pflow_flows == sc->sc_gcounter) - pflowstats.pflow_flows++; - sc->sc_gcounter++; - sc->sc_count6++; - - if (sc->sc_count6 >= sc->sc_maxcount6) - ret = pflow_sendout_v9(sc, AF_INET6); - - splx(s); - return(ret); -} - -int copy_flow_ipfix_4_to_m(struct pflow_ipfix_flow4 *flow, struct pflow_softc *sc) { int s, ret = 0; @@ -1110,49 +844,6 @@ pflow_pack_flow(struct pf_state *st, struct pf_state_key *sk, } int -pflow_pack_flow_v9(struct pf_state *st, struct pf_state_key *sk, - struct pflow_softc *sc) -{ - struct pflow_v9_flow4 flow4_1, flow4_2; - struct pflow_v9_flow6 flow6_1, flow6_2; - int ret = 0; - if (sk->af == AF_INET) { - bzero(&flow4_1, sizeof(flow4_1)); - bzero(&flow4_2, sizeof(flow4_2)); - - if (st->direction == PF_OUT) - copy_flow_v9_4_data(&flow4_1, &flow4_2, st, sk, sc, 1, - 0); - else - copy_flow_v9_4_data(&flow4_1, &flow4_2, st, sk, sc, 0, - 1); - - if (st->bytes[0] != 0) /* first flow from state */ - ret = copy_flow_v9_4_to_m(&flow4_1, sc); - - if (st->bytes[1] != 0) /* second flow from state */ - ret = copy_flow_v9_4_to_m(&flow4_2, sc); - } else if (sk->af == AF_INET6) { - bzero(&flow6_1, sizeof(flow6_1)); - bzero(&flow6_2, sizeof(flow6_2)); - - if (st->direction == PF_OUT) - copy_flow_v9_6_data(&flow6_1, &flow6_2, st, sk, sc, 1, - 0); - else - copy_flow_v9_6_data(&flow6_1, &flow6_2, st, sk, sc, 0, - 1); - - if (st->bytes[0] != 0) /* first flow from state */ - ret = copy_flow_v9_6_to_m(&flow6_1, sc); - - if (st->bytes[1] != 0) /* second flow from state */ - ret = copy_flow_v9_6_to_m(&flow6_2, sc); - } - return (ret); -} - -int pflow_pack_flow_ipfix(struct pf_state *st, struct pf_state_key *sk, struct pflow_softc *sc) { @@ -1206,9 +897,6 @@ pflow_timeout(void *v) case PFLOW_PROTO_5: pflow_sendout_v5(sc); break; - case PFLOW_PROTO_9: - pflow_sendout_v9(sc, AF_INET); - break; case PFLOW_PROTO_10: pflow_sendout_ipfix(sc, AF_INET); break; @@ -1225,16 +913,7 @@ pflow_timeout6(void *v) int s; s = splnet(); - switch (sc->sc_version) { - case PFLOW_PROTO_9: - pflow_sendout_v9(sc, AF_INET6); - break; - case PFLOW_PROTO_10: - pflow_sendout_ipfix(sc, AF_INET6); - break; - default: /* NOTREACHED */ - break; - } + pflow_sendout_ipfix(sc, AF_INET6); splx(s); } @@ -1245,10 +924,7 @@ pflow_timeout_tmpl(void *v) int s; s = splnet(); - if (sc->sc_version == PFLOW_PROTO_9) - pflow_sendout_v9_tmpl(sc); - else if (sc->sc_version == PFLOW_PROTO_10) - pflow_sendout_ipfix_tmpl(sc); + pflow_sendout_ipfix_tmpl(sc); splx(s); } @@ -1260,10 +936,6 @@ pflow_flush(struct pflow_softc *sc) case PFLOW_PROTO_5: pflow_sendout_v5(sc); break; - case PFLOW_PROTO_9: - pflow_sendout_v9(sc, AF_INET); - pflow_sendout_v9(sc, AF_INET6); - break; case PFLOW_PROTO_10: pflow_sendout_ipfix(sc, AF_INET); pflow_sendout_ipfix(sc, AF_INET6); @@ -1310,64 +982,6 @@ pflow_sendout_v5(struct pflow_softc *sc) /* This must be called in splnet() */ int -pflow_sendout_v9(struct pflow_softc *sc, sa_family_t af) -{ - struct mbuf *m; - struct pflow_v9_header *h9; - struct pflow_set_header *set_hdr; - struct ifnet *ifp = &sc->sc_if; - int set_length; - - switch (af) { - case AF_INET: - m = sc->sc_mbuf; - timeout_del(&sc->sc_tmo); - if (m == NULL) - return (0); - sc->sc_mbuf = NULL; - set_length = sizeof(struct pflow_set_header) - + sc->sc_count4 * sizeof(struct pflow_v9_flow4); - break; - case AF_INET6: - m = sc->sc_mbuf6; - timeout_del(&sc->sc_tmo6); - if (m == NULL) - return (0); - sc->sc_mbuf6 = NULL; - set_length = sizeof(struct pflow_set_header) - + sc->sc_count6 * sizeof(struct pflow_v9_flow6); - break; - default: /* NOTREACHED */ - break; - } - - if (!(ifp->if_flags & IFF_RUNNING)) { - m_freem(m); - return (0); - } - - pflowstats.pflow_packets++; - set_hdr = mtod(m, struct pflow_set_header *); - set_hdr->set_length = htons(set_length); - - /* populate pflow_header */ - M_PREPEND(m, sizeof(struct pflow_v9_header), M_DONTWAIT); - if (m == NULL) { - pflowstats.pflow_onomem++; - return (ENOBUFS); - } - h9 = mtod(m, struct pflow_v9_header *); - h9->version = htons(PFLOW_PROTO_9); - h9->count = htons(1); - h9->uptime_ms = htonl(time_uptime * 1000); - h9->time_sec = htonl(time_second); /* XXX 2038 */ - h9->flow_sequence = htonl(sc->sc_gcounter); - h9->observation_dom = htonl(PFLOW_ENGINE_TYPE); - return (pflow_sendout_mbuf(sc, m)); -} - -/* This must be called in splnet() */ -int pflow_sendout_ipfix(struct pflow_softc *sc, sa_family_t af) { struct mbuf *m; @@ -1425,47 +1039,6 @@ pflow_sendout_ipfix(struct pflow_softc *sc, sa_family_t af) /* This must be called in splnet() */ int -pflow_sendout_v9_tmpl(struct pflow_softc *sc) -{ - struct mbuf *m; - struct pflow_v9_header *h9; - struct ifnet *ifp = &sc->sc_if; - - timeout_del(&sc->sc_tmo_tmpl); - - if (!(ifp->if_flags & IFF_RUNNING)) { - return (0); - } - m = pflow_get_mbuf(NULL, 0); - if (m == NULL) - return (0); - if (m_copyback(m, 0, sizeof(struct pflow_v9_tmpl), - &sc->sc_tmpl_v9, M_NOWAIT)) { - m_freem(m); - return (0); - } - pflowstats.pflow_packets++; - - /* populate pflow_header */ - M_PREPEND(m, sizeof(struct pflow_v9_header), M_DONTWAIT); - if (m == NULL) { - pflowstats.pflow_onomem++; - return (ENOBUFS); - } - h9 = mtod(m, struct pflow_v9_header *); - h9->version = htons(PFLOW_PROTO_9); - h9->count = htons(1); - h9->uptime_ms = htonl(time_uptime * 1000); - h9->time_sec = htonl(time_second); /* XXX 2038 */ - h9->flow_sequence = htonl(sc->sc_gcounter); - h9->observation_dom = htonl(PFLOW_ENGINE_TYPE); - - timeout_add_sec(&sc->sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT); - return (pflow_sendout_mbuf(sc, m)); -} - -/* This must be called in splnet() */ -int pflow_sendout_ipfix_tmpl(struct pflow_softc *sc) { struct mbuf *m; diff --git a/sys/net/if_pflow.h b/sys/net/if_pflow.h index b88fcb6a438..d5d06cd919d 100644 --- a/sys/net/if_pflow.h +++ b/sys/net/if_pflow.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflow.h,v 1.10 2014/01/20 10:46:53 benno Exp $ */ +/* $OpenBSD: if_pflow.h,v 1.11 2014/03/29 11:26:03 florian Exp $ */ /* * Copyright (c) 2008 Henning Brauer <henning@openbsd.org> @@ -29,7 +29,6 @@ #define PFLOW_TIMEOUT 30 #define PFLOW_TMPL_TIMEOUT 30 /* rfc 5101 10.3.6 (p.40) recommends 600 */ -#define PFLOW_V9_TMPL_SET_ID 0 #define PFLOW_IPFIX_TMPL_SET_ID 2 /* RFC 5102 Information Element Identifiers */ @@ -87,57 +86,11 @@ struct pflow_tmpl_hdr { u_int16_t field_count; } __packed; -/* field specifier rfc5101 sec 3.2, v9 uses the same format*/ struct pflow_tmpl_fspec { u_int16_t field_id; u_int16_t len; } __packed; -/* update pflow_clone_create() when changing pflow_v9_tmpl_ipv4 */ -struct pflow_v9_tmpl_ipv4 { - struct pflow_tmpl_hdr h; - struct pflow_tmpl_fspec src_ip; - struct pflow_tmpl_fspec dest_ip; - struct pflow_tmpl_fspec if_index_in; - struct pflow_tmpl_fspec if_index_out; - struct pflow_tmpl_fspec packets; - struct pflow_tmpl_fspec octets; - struct pflow_tmpl_fspec start; - struct pflow_tmpl_fspec finish; - struct pflow_tmpl_fspec src_port; - struct pflow_tmpl_fspec dest_port; - struct pflow_tmpl_fspec tos; - struct pflow_tmpl_fspec protocol; -#define PFLOW_V9_TMPL_IPV4_FIELD_COUNT 12 -#define PFLOW_V9_TMPL_IPV4_ID 256 -} __packed; - -/* update pflow_clone_create() when changing pflow_v9_tmpl_v6 */ -struct pflow_v9_tmpl_ipv6 { - struct pflow_tmpl_hdr h; - struct pflow_tmpl_fspec src_ip; - struct pflow_tmpl_fspec dest_ip; - struct pflow_tmpl_fspec if_index_in; - struct pflow_tmpl_fspec if_index_out; - struct pflow_tmpl_fspec packets; - struct pflow_tmpl_fspec octets; - struct pflow_tmpl_fspec start; - struct pflow_tmpl_fspec finish; - struct pflow_tmpl_fspec src_port; - struct pflow_tmpl_fspec dest_port; - struct pflow_tmpl_fspec tos; - struct pflow_tmpl_fspec protocol; -#define PFLOW_V9_TMPL_IPV6_FIELD_COUNT 12 -#define PFLOW_V9_TMPL_IPV6_ID 257 -} __packed; - -struct pflow_v9_tmpl { - struct pflow_set_header set_header; - struct pflow_v9_tmpl_ipv4 ipv4_tmpl; - struct pflow_v9_tmpl_ipv6 ipv6_tmpl; -} __packed; - - /* update pflow_clone_create() when changing pflow_ipfix_tmpl_ipv4 */ struct pflow_ipfix_tmpl_ipv4 { struct pflow_tmpl_hdr h; @@ -182,38 +135,6 @@ struct pflow_ipfix_tmpl { struct pflow_ipfix_tmpl_ipv6 ipv6_tmpl; } __packed; -struct pflow_v9_flow4 { - u_int32_t src_ip; /* sourceIPv4Address*/ - u_int32_t dest_ip; /* destinationIPv4Address */ - u_int32_t if_index_in; /* ingressInterface */ - u_int32_t if_index_out; /* egressInterface */ - u_int64_t flow_packets; /* packetDeltaCount */ - u_int64_t flow_octets; /* octetDeltaCount */ - u_int32_t flow_start; /* flowStartSysUpTime */ - u_int32_t flow_finish; /* flowEndSysUpTime */ - u_int16_t src_port; /* sourceTransportPort */ - u_int16_t dest_port; /* destinationTransportPort */ - u_int8_t tos; /* ipClassOfService */ - u_int8_t protocol; /* protocolIdentifier */ - /* XXX padding needed? */ -} __packed; - -struct pflow_v9_flow6 { - struct in6_addr src_ip; /* sourceIPv6Address */ - struct in6_addr dest_ip; /* destinationIPv6Address */ - u_int32_t if_index_in; /* ingressInterface */ - u_int32_t if_index_out; /* egressInterface */ - u_int64_t flow_packets; /* packetDeltaCount */ - u_int64_t flow_octets; /* octetDeltaCount */ - u_int32_t flow_start; /* flowStartSysUpTime */ - u_int32_t flow_finish; /* flowEndSysUpTime */ - u_int16_t src_port; /* sourceTransportPort */ - u_int16_t dest_port; /* destinationTransportPort */ - u_int8_t tos; /* ipClassOfService */ - u_int8_t protocol; /* protocolIdentifier */ - /* XXX padding needed? */ -} __packed; - struct pflow_ipfix_flow4 { u_int32_t src_ip; /* sourceIPv4Address*/ u_int32_t dest_ip; /* destinationIPv4Address */ @@ -268,7 +189,6 @@ struct pflow_softc { struct in_addr sc_receiver_ip; u_int16_t sc_receiver_port; u_char sc_send_templates; - struct pflow_v9_tmpl sc_tmpl_v9; struct pflow_ipfix_tmpl sc_tmpl_ipfix; u_int8_t sc_version; struct mbuf *sc_mbuf; /* current cumulative mbuf */ @@ -305,17 +225,6 @@ struct pflow_v10_header { #define PFLOW_IPFIX_HDRLEN sizeof(struct pflow_v10_header) -struct pflow_v9_header { - u_int16_t version; - u_int16_t count; - u_int32_t uptime_ms; - u_int32_t time_sec; - u_int32_t flow_sequence; - u_int32_t observation_dom; -} __packed; - -#define PFLOW_V9_HDRLEN sizeof(struct pflow_v9_header) - struct pflowstats { u_int64_t pflow_flows; u_int64_t pflow_packets; @@ -325,7 +234,6 @@ struct pflowstats { /* Supported flow protocols */ #define PFLOW_PROTO_5 5 /* original pflow */ -#define PFLOW_PROTO_9 9 /* version 9 */ #define PFLOW_PROTO_10 10 /* ipfix */ #define PFLOW_PROTO_MAX 11 @@ -338,7 +246,6 @@ struct pflow_protos { #define PFLOW_PROTOS { \ { "5", PFLOW_PROTO_5 }, \ - { "9", PFLOW_PROTO_9 }, \ { "10", PFLOW_PROTO_10 }, \ } |