1 /* $OpenBSD: if_pflow.c,v 1.40 2014/01/24 09:48:37 henning Exp $ */ 2 3 /* 4 * Copyright (c) 2011 Florian Obser <florian@narrans.de> 5 * Copyright (c) 2011 Sebastian Benoit <benoit-lists@fb12.de> 6 * Copyright (c) 2008 Henning Brauer <henning@openbsd.org> 7 * Copyright (c) 2008 Joerg Goltermann <jg@osn.de> 8 * 9 * Permission to use, copy, modify, and distribute this software for any 10 * purpose with or without fee is hereby granted, provided that the above 11 * copyright notice and this permission notice appear in all copies. 12 * 13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 17 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN 18 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 19 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 20 */ 21 22 #include <sys/types.h> 23 #include <sys/malloc.h> 24 #include <sys/param.h> 25 #include <sys/systm.h> 26 #include <sys/mbuf.h> 27 #include <sys/socket.h> 28 #include <sys/timeout.h> 29 #include <sys/ioctl.h> 30 #include <sys/kernel.h> 31 #include <sys/sysctl.h> 32 #include <dev/rndvar.h> 33 34 #include <net/if.h> 35 #include <net/if_types.h> 36 #include <net/bpf.h> 37 #include <net/route.h> 38 #include <netinet/in.h> 39 #include <netinet/if_ether.h> 40 #include <netinet/tcp.h> 41 42 #ifdef INET 43 #include <netinet/in.h> 44 #include <netinet/in_systm.h> 45 #include <netinet/ip.h> 46 #include <netinet/ip_var.h> 47 #include <netinet/udp.h> 48 #include <netinet/udp_var.h> 49 #include <netinet/in_pcb.h> 50 #endif /* INET */ 51 52 #include <net/pfvar.h> 53 #include <net/if_pflow.h> 54 55 #include "bpfilter.h" 56 #include "pflow.h" 57 58 #define PFLOW_MINMTU \ 59 (sizeof(struct pflow_header) + sizeof(struct pflow_flow)) 60 61 #ifdef PFLOWDEBUG 62 #define DPRINTF(x) do { printf x ; } while (0) 63 #else 64 #define DPRINTF(x) 65 #endif 66 67 SLIST_HEAD(, pflow_softc) pflowif_list; 68 struct pflowstats pflowstats; 69 70 void pflowattach(int); 71 int pflow_clone_create(struct if_clone *, int); 72 int pflow_clone_destroy(struct ifnet *); 73 void pflow_init_timeouts(struct pflow_softc *); 74 int pflow_calc_mtu(struct pflow_softc *, int, int); 75 void pflow_setmtu(struct pflow_softc *, int); 76 int pflowoutput(struct ifnet *, struct mbuf *, struct sockaddr *, 77 struct rtentry *); 78 int pflowioctl(struct ifnet *, u_long, caddr_t); 79 void pflowstart(struct ifnet *); 80 81 struct mbuf *pflow_get_mbuf(struct pflow_softc *, u_int16_t); 82 void pflow_flush(struct pflow_softc *); 83 int pflow_sendout_v5(struct pflow_softc *); 84 int pflow_sendout_v9(struct pflow_softc *, sa_family_t); 85 int pflow_sendout_ipfix(struct pflow_softc *, sa_family_t); 86 int pflow_sendout_v9_tmpl(struct pflow_softc *); 87 int pflow_sendout_ipfix_tmpl(struct pflow_softc *); 88 int pflow_sendout_mbuf(struct pflow_softc *, struct mbuf *); 89 void pflow_timeout(void *); 90 void pflow_timeout6(void *); 91 void pflow_timeout_tmpl(void *); 92 void copy_flow_data(struct pflow_flow *, struct pflow_flow *, 93 struct pf_state *, struct pf_state_key *, int, int); 94 void copy_flow_v9_4_data(struct pflow_v9_flow4 *, struct pflow_v9_flow4 *, 95 struct pf_state *, struct pf_state_key *, struct pflow_softc *, int, 96 int); 97 void copy_flow_ipfix_4_data(struct pflow_ipfix_flow4 *, 98 struct pflow_ipfix_flow4 *, struct pf_state *, struct pf_state_key *, 99 struct pflow_softc *, int, int); 100 void copy_flow_v9_6_data(struct pflow_v9_flow6 *, struct pflow_v9_flow6 *, 101 struct pf_state *, struct pf_state_key *, struct pflow_softc *, int, 102 int); 103 void copy_flow_ipfix_6_data(struct pflow_ipfix_flow6 *, 104 struct pflow_ipfix_flow6 *, struct pf_state *, struct pf_state_key *, 105 struct pflow_softc *, int, int); 106 int pflow_pack_flow(struct pf_state *, struct pf_state_key *, 107 struct pflow_softc *); 108 int pflow_pack_flow_v9(struct pf_state *, struct pf_state_key *, 109 struct pflow_softc *); 110 int pflow_pack_flow_ipfix(struct pf_state *, struct pf_state_key *, 111 struct pflow_softc *); 112 int pflow_get_dynport(void); 113 int export_pflow_if(struct pf_state*, struct pf_state_key *, 114 struct pflow_softc *); 115 int copy_flow_to_m(struct pflow_flow *flow, struct pflow_softc *sc); 116 int copy_flow_v9_4_to_m(struct pflow_v9_flow4 *flow, struct pflow_softc 117 *sc); 118 int copy_flow_ipfix_4_to_m(struct pflow_ipfix_flow4 *flow, 119 struct pflow_softc *sc); 120 int copy_flow_v9_6_to_m(struct pflow_v9_flow6 *flow, struct pflow_softc 121 *sc); 122 int copy_flow_ipfix_6_to_m(struct pflow_ipfix_flow6 *flow, 123 struct pflow_softc *sc); 124 125 struct if_clone pflow_cloner = 126 IF_CLONE_INITIALIZER("pflow", pflow_clone_create, 127 pflow_clone_destroy); 128 129 void 130 pflowattach(int npflow) 131 { 132 SLIST_INIT(&pflowif_list); 133 if_clone_attach(&pflow_cloner); 134 } 135 136 int 137 pflow_clone_create(struct if_clone *ifc, int unit) 138 { 139 struct ifnet *ifp; 140 struct pflow_softc *pflowif; 141 142 if ((pflowif = malloc(sizeof(*pflowif), 143 M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL) 144 return (ENOMEM); 145 146 pflowif->sc_imo.imo_membership = malloc( 147 (sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_IPMOPTS, 148 M_WAITOK|M_ZERO); 149 pflowif->sc_imo.imo_max_memberships = IP_MIN_MEMBERSHIPS; 150 pflowif->sc_receiver_ip.s_addr = INADDR_ANY; 151 pflowif->sc_receiver_port = 0; 152 pflowif->sc_sender_ip.s_addr = INADDR_ANY; 153 pflowif->sc_sender_port = pflow_get_dynport(); 154 pflowif->sc_version = PFLOW_PROTO_DEFAULT; 155 156 /* v9 template init */ 157 bzero(&pflowif->sc_tmpl_v9,sizeof(pflowif->sc_tmpl_v9)); 158 pflowif->sc_tmpl_v9.set_header.set_id = htons(PFLOW_V9_TMPL_SET_ID); 159 pflowif->sc_tmpl_v9.set_header.set_length = 160 htons(sizeof(struct pflow_v9_tmpl)); 161 162 /* v9 IPv4 template */ 163 pflowif->sc_tmpl_v9.ipv4_tmpl.h.tmpl_id = htons(PFLOW_V9_TMPL_IPV4_ID); 164 pflowif->sc_tmpl_v9.ipv4_tmpl.h.field_count 165 = htons(PFLOW_V9_TMPL_IPV4_FIELD_COUNT); 166 pflowif->sc_tmpl_v9.ipv4_tmpl.src_ip.field_id = 167 htons(PFIX_IE_sourceIPv4Address); 168 pflowif->sc_tmpl_v9.ipv4_tmpl.src_ip.len = htons(4); 169 pflowif->sc_tmpl_v9.ipv4_tmpl.dest_ip.field_id = 170 htons(PFIX_IE_destinationIPv4Address); 171 pflowif->sc_tmpl_v9.ipv4_tmpl.dest_ip.len = htons(4); 172 pflowif->sc_tmpl_v9.ipv4_tmpl.if_index_in.field_id = 173 htons(PFIX_IE_ingressInterface); 174 pflowif->sc_tmpl_v9.ipv4_tmpl.if_index_in.len = htons(4); 175 pflowif->sc_tmpl_v9.ipv4_tmpl.if_index_out.field_id = 176 htons(PFIX_IE_egressInterface); 177 pflowif->sc_tmpl_v9.ipv4_tmpl.if_index_out.len = htons(4); 178 pflowif->sc_tmpl_v9.ipv4_tmpl.packets.field_id = 179 htons(PFIX_IE_packetDeltaCount); 180 pflowif->sc_tmpl_v9.ipv4_tmpl.packets.len = htons(8); 181 pflowif->sc_tmpl_v9.ipv4_tmpl.octets.field_id = 182 htons(PFIX_IE_octetDeltaCount); 183 pflowif->sc_tmpl_v9.ipv4_tmpl.octets.len = htons(8); 184 pflowif->sc_tmpl_v9.ipv4_tmpl.start.field_id = 185 htons(PFIX_IE_flowStartSysUpTime); 186 pflowif->sc_tmpl_v9.ipv4_tmpl.start.len = htons(4); 187 pflowif->sc_tmpl_v9.ipv4_tmpl.finish.field_id = 188 htons(PFIX_IE_flowEndSysUpTime); 189 pflowif->sc_tmpl_v9.ipv4_tmpl.finish.len = htons(4); 190 pflowif->sc_tmpl_v9.ipv4_tmpl.src_port.field_id = 191 htons(PFIX_IE_sourceTransportPort); 192 pflowif->sc_tmpl_v9.ipv4_tmpl.src_port.len = htons(2); 193 pflowif->sc_tmpl_v9.ipv4_tmpl.dest_port.field_id = 194 htons(PFIX_IE_destinationTransportPort); 195 pflowif->sc_tmpl_v9.ipv4_tmpl.dest_port.len = htons(2); 196 pflowif->sc_tmpl_v9.ipv4_tmpl.tos.field_id = 197 htons(PFIX_IE_ipClassOfService); 198 pflowif->sc_tmpl_v9.ipv4_tmpl.tos.len = htons(1); 199 pflowif->sc_tmpl_v9.ipv4_tmpl.protocol.field_id = 200 htons(PFIX_IE_protocolIdentifier); 201 pflowif->sc_tmpl_v9.ipv4_tmpl.protocol.len = htons(1); 202 203 /* v9 IPv6 template */ 204 pflowif->sc_tmpl_v9.ipv6_tmpl.h.tmpl_id = htons(PFLOW_V9_TMPL_IPV6_ID); 205 pflowif->sc_tmpl_v9.ipv6_tmpl.h.field_count = 206 htons(PFLOW_V9_TMPL_IPV6_FIELD_COUNT); 207 pflowif->sc_tmpl_v9.ipv6_tmpl.src_ip.field_id = 208 htons(PFIX_IE_sourceIPv6Address); 209 pflowif->sc_tmpl_v9.ipv6_tmpl.src_ip.len = htons(16); 210 pflowif->sc_tmpl_v9.ipv6_tmpl.dest_ip.field_id = 211 htons(PFIX_IE_destinationIPv6Address); 212 pflowif->sc_tmpl_v9.ipv6_tmpl.dest_ip.len = htons(16); 213 pflowif->sc_tmpl_v9.ipv6_tmpl.if_index_in.field_id = 214 htons(PFIX_IE_ingressInterface); 215 pflowif->sc_tmpl_v9.ipv6_tmpl.if_index_in.len = htons(4); 216 pflowif->sc_tmpl_v9.ipv6_tmpl.if_index_out.field_id = 217 htons(PFIX_IE_egressInterface); 218 pflowif->sc_tmpl_v9.ipv6_tmpl.if_index_out.len = htons(4); 219 pflowif->sc_tmpl_v9.ipv6_tmpl.packets.field_id = 220 htons(PFIX_IE_packetDeltaCount); 221 pflowif->sc_tmpl_v9.ipv6_tmpl.packets.len = htons(8); 222 pflowif->sc_tmpl_v9.ipv6_tmpl.octets.field_id = 223 htons(PFIX_IE_octetDeltaCount); 224 pflowif->sc_tmpl_v9.ipv6_tmpl.octets.len = htons(8); 225 pflowif->sc_tmpl_v9.ipv6_tmpl.start.field_id = 226 htons(PFIX_IE_flowStartSysUpTime); 227 pflowif->sc_tmpl_v9.ipv6_tmpl.start.len = htons(4); 228 pflowif->sc_tmpl_v9.ipv6_tmpl.finish.field_id = 229 htons(PFIX_IE_flowEndSysUpTime); 230 pflowif->sc_tmpl_v9.ipv6_tmpl.finish.len = htons(4); 231 pflowif->sc_tmpl_v9.ipv6_tmpl.src_port.field_id = 232 htons(PFIX_IE_sourceTransportPort); 233 pflowif->sc_tmpl_v9.ipv6_tmpl.src_port.len = htons(2); 234 pflowif->sc_tmpl_v9.ipv6_tmpl.dest_port.field_id = 235 htons(PFIX_IE_destinationTransportPort); 236 pflowif->sc_tmpl_v9.ipv6_tmpl.dest_port.len = htons(2); 237 pflowif->sc_tmpl_v9.ipv6_tmpl.tos.field_id = 238 htons(PFIX_IE_ipClassOfService); 239 pflowif->sc_tmpl_v9.ipv6_tmpl.tos.len = htons(1); 240 pflowif->sc_tmpl_v9.ipv6_tmpl.protocol.field_id = 241 htons(PFIX_IE_protocolIdentifier); 242 pflowif->sc_tmpl_v9.ipv6_tmpl.protocol.len = htons(1); 243 244 /* ipfix template init */ 245 bzero(&pflowif->sc_tmpl_ipfix,sizeof(pflowif->sc_tmpl_ipfix)); 246 pflowif->sc_tmpl_ipfix.set_header.set_id = 247 htons(PFLOW_IPFIX_TMPL_SET_ID); 248 pflowif->sc_tmpl_ipfix.set_header.set_length = 249 htons(sizeof(struct pflow_ipfix_tmpl)); 250 251 /* ipfix IPv4 template */ 252 pflowif->sc_tmpl_ipfix.ipv4_tmpl.h.tmpl_id = 253 htons(PFLOW_IPFIX_TMPL_IPV4_ID); 254 pflowif->sc_tmpl_ipfix.ipv4_tmpl.h.field_count 255 = htons(PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT); 256 pflowif->sc_tmpl_ipfix.ipv4_tmpl.src_ip.field_id = 257 htons(PFIX_IE_sourceIPv4Address); 258 pflowif->sc_tmpl_ipfix.ipv4_tmpl.src_ip.len = htons(4); 259 pflowif->sc_tmpl_ipfix.ipv4_tmpl.dest_ip.field_id = 260 htons(PFIX_IE_destinationIPv4Address); 261 pflowif->sc_tmpl_ipfix.ipv4_tmpl.dest_ip.len = htons(4); 262 pflowif->sc_tmpl_ipfix.ipv4_tmpl.if_index_in.field_id = 263 htons(PFIX_IE_ingressInterface); 264 pflowif->sc_tmpl_ipfix.ipv4_tmpl.if_index_in.len = htons(4); 265 pflowif->sc_tmpl_ipfix.ipv4_tmpl.if_index_out.field_id = 266 htons(PFIX_IE_egressInterface); 267 pflowif->sc_tmpl_ipfix.ipv4_tmpl.if_index_out.len = htons(4); 268 pflowif->sc_tmpl_ipfix.ipv4_tmpl.packets.field_id = 269 htons(PFIX_IE_packetDeltaCount); 270 pflowif->sc_tmpl_ipfix.ipv4_tmpl.packets.len = htons(8); 271 pflowif->sc_tmpl_ipfix.ipv4_tmpl.octets.field_id = 272 htons(PFIX_IE_octetDeltaCount); 273 pflowif->sc_tmpl_ipfix.ipv4_tmpl.octets.len = htons(8); 274 pflowif->sc_tmpl_ipfix.ipv4_tmpl.start.field_id = 275 htons(PFIX_IE_flowStartMilliseconds); 276 pflowif->sc_tmpl_ipfix.ipv4_tmpl.start.len = htons(8); 277 pflowif->sc_tmpl_ipfix.ipv4_tmpl.finish.field_id = 278 htons(PFIX_IE_flowEndMilliseconds); 279 pflowif->sc_tmpl_ipfix.ipv4_tmpl.finish.len = htons(8); 280 pflowif->sc_tmpl_ipfix.ipv4_tmpl.src_port.field_id = 281 htons(PFIX_IE_sourceTransportPort); 282 pflowif->sc_tmpl_ipfix.ipv4_tmpl.src_port.len = htons(2); 283 pflowif->sc_tmpl_ipfix.ipv4_tmpl.dest_port.field_id = 284 htons(PFIX_IE_destinationTransportPort); 285 pflowif->sc_tmpl_ipfix.ipv4_tmpl.dest_port.len = htons(2); 286 pflowif->sc_tmpl_ipfix.ipv4_tmpl.tos.field_id = 287 htons(PFIX_IE_ipClassOfService); 288 pflowif->sc_tmpl_ipfix.ipv4_tmpl.tos.len = htons(1); 289 pflowif->sc_tmpl_ipfix.ipv4_tmpl.protocol.field_id = 290 htons(PFIX_IE_protocolIdentifier); 291 pflowif->sc_tmpl_ipfix.ipv4_tmpl.protocol.len = htons(1); 292 293 /* ipfix IPv6 template */ 294 pflowif->sc_tmpl_ipfix.ipv6_tmpl.h.tmpl_id = 295 htons(PFLOW_IPFIX_TMPL_IPV6_ID); 296 pflowif->sc_tmpl_ipfix.ipv6_tmpl.h.field_count = 297 htons(PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT); 298 pflowif->sc_tmpl_ipfix.ipv6_tmpl.src_ip.field_id = 299 htons(PFIX_IE_sourceIPv6Address); 300 pflowif->sc_tmpl_ipfix.ipv6_tmpl.src_ip.len = htons(16); 301 pflowif->sc_tmpl_ipfix.ipv6_tmpl.dest_ip.field_id = 302 htons(PFIX_IE_destinationIPv6Address); 303 pflowif->sc_tmpl_ipfix.ipv6_tmpl.dest_ip.len = htons(16); 304 pflowif->sc_tmpl_ipfix.ipv6_tmpl.if_index_in.field_id = 305 htons(PFIX_IE_ingressInterface); 306 pflowif->sc_tmpl_ipfix.ipv6_tmpl.if_index_in.len = htons(4); 307 pflowif->sc_tmpl_ipfix.ipv6_tmpl.if_index_out.field_id = 308 htons(PFIX_IE_egressInterface); 309 pflowif->sc_tmpl_ipfix.ipv6_tmpl.if_index_out.len = htons(4); 310 pflowif->sc_tmpl_ipfix.ipv6_tmpl.packets.field_id = 311 htons(PFIX_IE_packetDeltaCount); 312 pflowif->sc_tmpl_ipfix.ipv6_tmpl.packets.len = htons(8); 313 pflowif->sc_tmpl_ipfix.ipv6_tmpl.octets.field_id = 314 htons(PFIX_IE_octetDeltaCount); 315 pflowif->sc_tmpl_ipfix.ipv6_tmpl.octets.len = htons(8); 316 pflowif->sc_tmpl_ipfix.ipv6_tmpl.start.field_id = 317 htons(PFIX_IE_flowStartMilliseconds); 318 pflowif->sc_tmpl_ipfix.ipv6_tmpl.start.len = htons(8); 319 pflowif->sc_tmpl_ipfix.ipv6_tmpl.finish.field_id = 320 htons(PFIX_IE_flowEndMilliseconds); 321 pflowif->sc_tmpl_ipfix.ipv6_tmpl.finish.len = htons(8); 322 pflowif->sc_tmpl_ipfix.ipv6_tmpl.src_port.field_id = 323 htons(PFIX_IE_sourceTransportPort); 324 pflowif->sc_tmpl_ipfix.ipv6_tmpl.src_port.len = htons(2); 325 pflowif->sc_tmpl_ipfix.ipv6_tmpl.dest_port.field_id = 326 htons(PFIX_IE_destinationTransportPort); 327 pflowif->sc_tmpl_ipfix.ipv6_tmpl.dest_port.len = htons(2); 328 pflowif->sc_tmpl_ipfix.ipv6_tmpl.tos.field_id = 329 htons(PFIX_IE_ipClassOfService); 330 pflowif->sc_tmpl_ipfix.ipv6_tmpl.tos.len = htons(1); 331 pflowif->sc_tmpl_ipfix.ipv6_tmpl.protocol.field_id = 332 htons(PFIX_IE_protocolIdentifier); 333 pflowif->sc_tmpl_ipfix.ipv6_tmpl.protocol.len = htons(1); 334 335 ifp = &pflowif->sc_if; 336 snprintf(ifp->if_xname, sizeof ifp->if_xname, "pflow%d", unit); 337 ifp->if_softc = pflowif; 338 ifp->if_ioctl = pflowioctl; 339 ifp->if_output = pflowoutput; 340 ifp->if_start = pflowstart; 341 ifp->if_type = IFT_PFLOW; 342 IFQ_SET_MAXLEN(&ifp->if_snd, IFQ_MAXLEN); 343 ifp->if_hdrlen = PFLOW_HDRLEN; 344 ifp->if_flags = IFF_UP; 345 ifp->if_flags &= ~IFF_RUNNING; /* not running, need receiver */ 346 pflow_setmtu(pflowif, ETHERMTU); 347 pflow_init_timeouts(pflowif); 348 if_attach(ifp); 349 if_alloc_sadl(ifp); 350 351 #if NBPFILTER > 0 352 bpfattach(&pflowif->sc_if.if_bpf, ifp, DLT_RAW, 0); 353 #endif 354 355 /* Insert into list of pflows */ 356 SLIST_INSERT_HEAD(&pflowif_list, pflowif, sc_next); 357 return (0); 358 } 359 360 int 361 pflow_clone_destroy(struct ifnet *ifp) 362 { 363 struct pflow_softc *sc = ifp->if_softc; 364 int s; 365 366 s = splnet(); 367 if (timeout_initialized(&sc->sc_tmo)) 368 timeout_del(&sc->sc_tmo); 369 if (timeout_initialized(&sc->sc_tmo6)) 370 timeout_del(&sc->sc_tmo6); 371 if (timeout_initialized(&sc->sc_tmo_tmpl)) 372 timeout_del(&sc->sc_tmo_tmpl); 373 pflow_flush(sc); 374 if_detach(ifp); 375 SLIST_REMOVE(&pflowif_list, sc, pflow_softc, sc_next); 376 free(sc->sc_imo.imo_membership, M_IPMOPTS); 377 free(sc, M_DEVBUF); 378 splx(s); 379 return (0); 380 } 381 382 /* 383 * Start output on the pflow interface. 384 */ 385 void 386 pflowstart(struct ifnet *ifp) 387 { 388 struct mbuf *m; 389 int s; 390 391 for (;;) { 392 s = splnet(); 393 IF_DROP(&ifp->if_snd); 394 IF_DEQUEUE(&ifp->if_snd, m); 395 splx(s); 396 397 if (m == NULL) 398 return; 399 m_freem(m); 400 } 401 } 402 403 int 404 pflowoutput(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 405 struct rtentry *rt) 406 { 407 m_freem(m); 408 return (0); 409 } 410 411 /* ARGSUSED */ 412 int 413 pflowioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 414 { 415 struct proc *p = curproc; 416 struct pflow_softc *sc = ifp->if_softc; 417 struct ifreq *ifr = (struct ifreq *)data; 418 struct pflowreq pflowr; 419 int s, error; 420 421 switch (cmd) { 422 case SIOCSIFADDR: 423 case SIOCAIFADDR: 424 case SIOCSIFDSTADDR: 425 case SIOCSIFFLAGS: 426 if ((ifp->if_flags & IFF_UP) && 427 sc->sc_receiver_ip.s_addr != INADDR_ANY && 428 sc->sc_receiver_port != 0 && 429 sc->sc_sender_port != 0) { 430 ifp->if_flags |= IFF_RUNNING; 431 sc->sc_gcounter=pflowstats.pflow_flows; 432 /* send templates on startup */ 433 if (sc->sc_version == PFLOW_PROTO_9) { 434 s = splnet(); 435 pflow_sendout_v9_tmpl(sc); 436 splx(s); 437 } else if (sc->sc_version == PFLOW_PROTO_10) { 438 s = splnet(); 439 pflow_sendout_ipfix_tmpl(sc); 440 splx(s); 441 } 442 } else 443 ifp->if_flags &= ~IFF_RUNNING; 444 break; 445 case SIOCSIFMTU: 446 if (ifr->ifr_mtu < PFLOW_MINMTU) 447 return (EINVAL); 448 if (ifr->ifr_mtu > MCLBYTES) 449 ifr->ifr_mtu = MCLBYTES; 450 s = splnet(); 451 if (ifr->ifr_mtu < ifp->if_mtu) 452 pflow_flush(sc); 453 pflow_setmtu(sc, ifr->ifr_mtu); 454 splx(s); 455 break; 456 457 case SIOCGETPFLOW: 458 bzero(&pflowr, sizeof(pflowr)); 459 460 pflowr.sender_ip = sc->sc_sender_ip; 461 pflowr.receiver_ip = sc->sc_receiver_ip; 462 pflowr.receiver_port = sc->sc_receiver_port; 463 pflowr.version = sc->sc_version; 464 465 if ((error = copyout(&pflowr, ifr->ifr_data, 466 sizeof(pflowr)))) 467 return (error); 468 break; 469 470 case SIOCSETPFLOW: 471 if ((error = suser(p, 0)) != 0) 472 return (error); 473 if ((error = copyin(ifr->ifr_data, &pflowr, 474 sizeof(pflowr)))) 475 return (error); 476 if (pflowr.addrmask & PFLOW_MASK_VERSION) { 477 switch(pflowr.version) { 478 case PFLOW_PROTO_5: 479 case PFLOW_PROTO_9: 480 case PFLOW_PROTO_10: 481 break; 482 default: 483 return(EINVAL); 484 } 485 } 486 s = splnet(); 487 488 pflow_flush(sc); 489 490 if (pflowr.addrmask & PFLOW_MASK_DSTIP) 491 sc->sc_receiver_ip.s_addr = pflowr.receiver_ip.s_addr; 492 if (pflowr.addrmask & PFLOW_MASK_DSTPRT) 493 sc->sc_receiver_port = pflowr.receiver_port; 494 if (pflowr.addrmask & PFLOW_MASK_SRCIP) 495 sc->sc_sender_ip.s_addr = pflowr.sender_ip.s_addr; 496 /* error check is above */ 497 if (pflowr.addrmask & PFLOW_MASK_VERSION) 498 sc->sc_version = pflowr.version; 499 500 pflow_setmtu(sc, ETHERMTU); 501 pflow_init_timeouts(sc); 502 503 splx(s); 504 505 if ((ifp->if_flags & IFF_UP) && 506 sc->sc_receiver_ip.s_addr != INADDR_ANY && 507 sc->sc_receiver_port != 0 && 508 sc->sc_sender_port != 0) { 509 ifp->if_flags |= IFF_RUNNING; 510 sc->sc_gcounter=pflowstats.pflow_flows; 511 if (sc->sc_version == PFLOW_PROTO_9) { 512 s = splnet(); 513 pflow_sendout_v9_tmpl(sc); 514 splx(s); 515 } else if (sc->sc_version == PFLOW_PROTO_10) { 516 s = splnet(); 517 pflow_sendout_ipfix_tmpl(sc); 518 splx(s); 519 } 520 } else 521 ifp->if_flags &= ~IFF_RUNNING; 522 523 break; 524 525 default: 526 return (ENOTTY); 527 } 528 return (0); 529 } 530 531 void 532 pflow_init_timeouts(struct pflow_softc *sc) 533 { 534 switch (sc->sc_version) { 535 case PFLOW_PROTO_5: 536 if (timeout_initialized(&sc->sc_tmo6)) 537 timeout_del(&sc->sc_tmo6); 538 if (timeout_initialized(&sc->sc_tmo_tmpl)) 539 timeout_del(&sc->sc_tmo_tmpl); 540 if (!timeout_initialized(&sc->sc_tmo)) 541 timeout_set(&sc->sc_tmo, pflow_timeout, sc); 542 break; 543 case PFLOW_PROTO_9: 544 case PFLOW_PROTO_10: 545 if (!timeout_initialized(&sc->sc_tmo_tmpl)) 546 timeout_set(&sc->sc_tmo_tmpl, pflow_timeout_tmpl, sc); 547 if (!timeout_initialized(&sc->sc_tmo)) 548 timeout_set(&sc->sc_tmo, pflow_timeout, sc); 549 if (!timeout_initialized(&sc->sc_tmo6)) 550 timeout_set(&sc->sc_tmo6, pflow_timeout6, sc); 551 552 timeout_add_sec(&sc->sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT); 553 break; 554 default: /* NOTREACHED */ 555 break; 556 } 557 } 558 559 int 560 pflow_calc_mtu(struct pflow_softc *sc, int mtu, int hdrsz) 561 { 562 if (sc->sc_version == PFLOW_PROTO_9) { 563 sc->sc_maxcount4 = (mtu - hdrsz - 564 sizeof(struct udpiphdr)) / sizeof(struct pflow_v9_flow4); 565 sc->sc_maxcount6 = (mtu - hdrsz - 566 sizeof(struct udpiphdr)) / sizeof(struct pflow_v9_flow6); 567 } else { 568 sc->sc_maxcount4 = (mtu - hdrsz - 569 sizeof(struct udpiphdr)) / sizeof(struct pflow_ipfix_flow4); 570 sc->sc_maxcount6 = (mtu - hdrsz - 571 sizeof(struct udpiphdr)) / sizeof(struct pflow_ipfix_flow6); 572 } 573 if (sc->sc_maxcount4 > PFLOW_MAXFLOWS) 574 sc->sc_maxcount4 = PFLOW_MAXFLOWS; 575 if (sc->sc_maxcount6 > PFLOW_MAXFLOWS) 576 sc->sc_maxcount6 = PFLOW_MAXFLOWS; 577 if (sc->sc_version == PFLOW_PROTO_9) 578 return (hdrsz + sizeof(struct udpiphdr) + 579 MIN(sc->sc_maxcount4 * sizeof(struct pflow_v9_flow4), 580 sc->sc_maxcount6 * sizeof(struct pflow_v9_flow6))); 581 else 582 return (hdrsz + sizeof(struct udpiphdr) + 583 MIN(sc->sc_maxcount4 * sizeof(struct pflow_ipfix_flow4), 584 sc->sc_maxcount6 * sizeof(struct pflow_ipfix_flow6))); 585 } 586 587 void 588 pflow_setmtu(struct pflow_softc *sc, int mtu_req) 589 { 590 int mtu; 591 592 if (sc->sc_pflow_ifp && sc->sc_pflow_ifp->if_mtu < mtu_req) 593 mtu = sc->sc_pflow_ifp->if_mtu; 594 else 595 mtu = mtu_req; 596 597 switch (sc->sc_version) { 598 case PFLOW_PROTO_5: 599 sc->sc_maxcount = (mtu - sizeof(struct pflow_header) - 600 sizeof(struct udpiphdr)) / sizeof(struct pflow_flow); 601 if (sc->sc_maxcount > PFLOW_MAXFLOWS) 602 sc->sc_maxcount = PFLOW_MAXFLOWS; 603 sc->sc_if.if_mtu = sizeof(struct pflow_header) + 604 sizeof(struct udpiphdr) + 605 sc->sc_maxcount * sizeof(struct pflow_flow); 606 break; 607 case PFLOW_PROTO_9: 608 sc->sc_if.if_mtu = 609 pflow_calc_mtu(sc, mtu, sizeof(struct pflow_v9_header)); 610 break; 611 case PFLOW_PROTO_10: 612 sc->sc_if.if_mtu = 613 pflow_calc_mtu(sc, mtu, sizeof(struct pflow_v10_header)); 614 break; 615 default: /* NOTREACHED */ 616 break; 617 } 618 } 619 620 struct mbuf * 621 pflow_get_mbuf(struct pflow_softc *sc, u_int16_t set_id) 622 { 623 struct pflow_set_header set_hdr; 624 struct pflow_header h; 625 struct mbuf *m; 626 627 MGETHDR(m, M_DONTWAIT, MT_DATA); 628 if (m == NULL) { 629 pflowstats.pflow_onomem++; 630 return (NULL); 631 } 632 633 MCLGET(m, M_DONTWAIT); 634 if ((m->m_flags & M_EXT) == 0) { 635 m_free(m); 636 pflowstats.pflow_onomem++; 637 return (NULL); 638 } 639 640 m->m_len = m->m_pkthdr.len = 0; 641 m->m_pkthdr.rcvif = NULL; 642 643 if (sc == NULL) /* get only a new empty mbuf */ 644 return (m); 645 646 if (sc->sc_version == PFLOW_PROTO_5) { 647 /* populate pflow_header */ 648 h.reserved1 = 0; 649 h.reserved2 = 0; 650 h.count = 0; 651 h.version = htons(PFLOW_PROTO_5); 652 h.flow_sequence = htonl(sc->sc_gcounter); 653 h.engine_type = PFLOW_ENGINE_TYPE; 654 h.engine_id = PFLOW_ENGINE_ID; 655 m_copyback(m, 0, PFLOW_HDRLEN, &h, M_NOWAIT); 656 657 sc->sc_count = 0; 658 timeout_add_sec(&sc->sc_tmo, PFLOW_TIMEOUT); 659 } else { 660 /* populate pflow_set_header */ 661 set_hdr.set_length = 0; 662 set_hdr.set_id = htons(set_id); 663 m_copyback(m, 0, PFLOW_SET_HDRLEN, &set_hdr, M_NOWAIT); 664 } 665 666 return (m); 667 } 668 669 void 670 copy_flow_data(struct pflow_flow *flow1, struct pflow_flow *flow2, 671 struct pf_state *st, struct pf_state_key *sk, int src, int dst) 672 { 673 flow1->src_ip = flow2->dest_ip = sk->addr[src].v4.s_addr; 674 flow1->src_port = flow2->dest_port = sk->port[src]; 675 flow1->dest_ip = flow2->src_ip = sk->addr[dst].v4.s_addr; 676 flow1->dest_port = flow2->src_port = sk->port[dst]; 677 678 flow1->dest_as = flow2->src_as = 679 flow1->src_as = flow2->dest_as = 0; 680 flow1->if_index_in = htons(st->if_index_in); 681 flow1->if_index_out = htons(st->if_index_out); 682 flow2->if_index_in = htons(st->if_index_out); 683 flow2->if_index_out = htons(st->if_index_in); 684 flow1->dest_mask = flow2->src_mask = 685 flow1->src_mask = flow2->dest_mask = 0; 686 687 flow1->flow_packets = htonl(st->packets[0]); 688 flow2->flow_packets = htonl(st->packets[1]); 689 flow1->flow_octets = htonl(st->bytes[0]); 690 flow2->flow_octets = htonl(st->bytes[1]); 691 692 /* 693 * Pretend the flow was created or expired when the machine came up 694 * when creation is in the future of the last time a package was seen 695 * or was created / expired before this machine came up due to pfsync. 696 */ 697 flow1->flow_start = flow2->flow_start = st->creation < 0 || 698 st->creation > st->expire ? htonl(0) : htonl(st->creation * 1000); 699 flow1->flow_finish = flow2->flow_finish = st->expire < 0 ? htonl(0) : 700 htonl(st->expire * 1000); 701 flow1->tcp_flags = flow2->tcp_flags = 0; 702 flow1->protocol = flow2->protocol = sk->proto; 703 flow1->tos = flow2->tos = st->rule.ptr->tos; 704 } 705 706 void 707 copy_flow_v9_4_data(struct pflow_v9_flow4 *flow1, struct pflow_v9_flow4 *flow2, 708 struct pf_state *st, struct pf_state_key *sk, struct pflow_softc *sc, 709 int src, int dst) 710 { 711 flow1->src_ip = flow2->dest_ip = sk->addr[src].v4.s_addr; 712 flow1->src_port = flow2->dest_port = sk->port[src]; 713 flow1->dest_ip = flow2->src_ip = sk->addr[dst].v4.s_addr; 714 flow1->dest_port = flow2->src_port = sk->port[dst]; 715 716 flow1->if_index_in = htonl(st->if_index_in); 717 flow1->if_index_out = htonl(st->if_index_out); 718 flow2->if_index_in = htonl(st->if_index_out); 719 flow2->if_index_out = htonl(st->if_index_in); 720 721 flow1->flow_packets = htobe64(st->packets[0]); 722 flow2->flow_packets = htobe64(st->packets[1]); 723 flow1->flow_octets = htobe64(st->bytes[0]); 724 flow2->flow_octets = htobe64(st->bytes[1]); 725 726 /* 727 * Pretend the flow was created or expired when the machine came 728 * up when creation is in the future of the last time a package 729 * was seen or was created / expired before this machine came up 730 * due to pfsync. 731 */ 732 flow1->flow_start = flow2->flow_start = st->creation < 0 || 733 st->creation > st->expire ? htonl(0) : htonl(st->creation * 734 1000); 735 flow1->flow_finish = flow2->flow_finish = st->expire < 0 ? 736 htonl(0) : htonl(st->expire * 1000); 737 738 flow1->protocol = flow2->protocol = sk->proto; 739 flow1->tos = flow2->tos = st->rule.ptr->tos; 740 } 741 742 void 743 copy_flow_v9_6_data(struct pflow_v9_flow6 *flow1, struct pflow_v9_flow6 *flow2, 744 struct pf_state *st, struct pf_state_key *sk, struct pflow_softc *sc, 745 int src, int dst) 746 { 747 bcopy(&sk->addr[src].v6, &flow1->src_ip, sizeof(flow1->src_ip)); 748 bcopy(&sk->addr[src].v6, &flow2->dest_ip, sizeof(flow2->dest_ip)); 749 flow1->src_port = flow2->dest_port = sk->port[src]; 750 bcopy(&sk->addr[dst].v6, &flow1->dest_ip, sizeof(flow1->dest_ip)); 751 bcopy(&sk->addr[dst].v6, &flow2->src_ip, sizeof(flow2->src_ip)); 752 flow1->dest_port = flow2->src_port = sk->port[dst]; 753 754 flow1->if_index_in = htonl(st->if_index_in); 755 flow1->if_index_out = htonl(st->if_index_out); 756 flow2->if_index_in = htonl(st->if_index_out); 757 flow2->if_index_out = htonl(st->if_index_in); 758 759 flow1->flow_packets = htobe64(st->packets[0]); 760 flow2->flow_packets = htobe64(st->packets[1]); 761 flow1->flow_octets = htobe64(st->bytes[0]); 762 flow2->flow_octets = htobe64(st->bytes[1]); 763 764 /* 765 * Pretend the flow was created or expired when the machine came 766 * up when creation is in the future of the last time a package 767 * was seen or was created / expired before this machine came up 768 * due to pfsync. 769 */ 770 flow1->flow_start = flow2->flow_start = st->creation < 0 || 771 st->creation > st->expire ? htonl(0) : htonl(st->creation * 772 1000); 773 flow1->flow_finish = flow2->flow_finish = st->expire < 0 ? 774 htonl(0) : htonl(st->expire * 1000); 775 776 flow1->protocol = flow2->protocol = sk->proto; 777 flow1->tos = flow2->tos = st->rule.ptr->tos; 778 } 779 780 void 781 copy_flow_ipfix_4_data(struct pflow_ipfix_flow4 *flow1, 782 struct pflow_ipfix_flow4 *flow2, struct pf_state *st, 783 struct pf_state_key *sk, struct pflow_softc *sc, int src, int dst) 784 { 785 flow1->src_ip = flow2->dest_ip = sk->addr[src].v4.s_addr; 786 flow1->src_port = flow2->dest_port = sk->port[src]; 787 flow1->dest_ip = flow2->src_ip = sk->addr[dst].v4.s_addr; 788 flow1->dest_port = flow2->src_port = sk->port[dst]; 789 790 flow1->if_index_in = htonl(st->if_index_in); 791 flow1->if_index_out = htonl(st->if_index_out); 792 flow2->if_index_in = htonl(st->if_index_out); 793 flow2->if_index_out = htonl(st->if_index_in); 794 795 flow1->flow_packets = htobe64(st->packets[0]); 796 flow2->flow_packets = htobe64(st->packets[1]); 797 flow1->flow_octets = htobe64(st->bytes[0]); 798 flow2->flow_octets = htobe64(st->bytes[1]); 799 800 /* 801 * Pretend the flow was created when the machine came up when creation 802 * is in the future of the last time a package was seen due to pfsync. 803 */ 804 if (st->creation > st->expire) 805 flow1->flow_start = flow2->flow_start = htobe64((time_second - 806 time_uptime)*1000); 807 else 808 flow1->flow_start = flow2->flow_start = htobe64((time_second - 809 (time_uptime - st->creation))*1000); 810 flow1->flow_finish = flow2->flow_finish = htobe64((time_second - 811 (time_uptime - st->expire))*1000); 812 813 flow1->protocol = flow2->protocol = sk->proto; 814 flow1->tos = flow2->tos = st->rule.ptr->tos; 815 } 816 817 void 818 copy_flow_ipfix_6_data(struct pflow_ipfix_flow6 *flow1, 819 struct pflow_ipfix_flow6 *flow2, struct pf_state *st, 820 struct pf_state_key *sk, struct pflow_softc *sc, int src, int dst) 821 { 822 bcopy(&sk->addr[src].v6, &flow1->src_ip, sizeof(flow1->src_ip)); 823 bcopy(&sk->addr[src].v6, &flow2->dest_ip, sizeof(flow2->dest_ip)); 824 flow1->src_port = flow2->dest_port = sk->port[src]; 825 bcopy(&sk->addr[dst].v6, &flow1->dest_ip, sizeof(flow1->dest_ip)); 826 bcopy(&sk->addr[dst].v6, &flow2->src_ip, sizeof(flow2->src_ip)); 827 flow1->dest_port = flow2->src_port = sk->port[dst]; 828 829 flow1->if_index_in = htonl(st->if_index_in); 830 flow1->if_index_out = htonl(st->if_index_out); 831 flow2->if_index_in = htonl(st->if_index_out); 832 flow2->if_index_out = htonl(st->if_index_in); 833 834 flow1->flow_packets = htobe64(st->packets[0]); 835 flow2->flow_packets = htobe64(st->packets[1]); 836 flow1->flow_octets = htobe64(st->bytes[0]); 837 flow2->flow_octets = htobe64(st->bytes[1]); 838 839 /* 840 * Pretend the flow was created when the machine came up when creation 841 * is in the future of the last time a package was seen due to pfsync. 842 */ 843 if (st->creation > st->expire) 844 flow1->flow_start = flow2->flow_start = htobe64((time_second - 845 time_uptime)*1000); 846 else 847 flow1->flow_start = flow2->flow_start = htobe64((time_second - 848 (time_uptime - st->creation))*1000); 849 flow1->flow_finish = flow2->flow_finish = htobe64((time_second - 850 (time_uptime - st->expire))*1000); 851 852 flow1->protocol = flow2->protocol = sk->proto; 853 flow1->tos = flow2->tos = st->rule.ptr->tos; 854 } 855 856 int 857 export_pflow(struct pf_state *st) 858 { 859 struct pflow_softc *sc = NULL; 860 struct pf_state_key *sk; 861 862 sk = st->key[st->direction == PF_IN ? PF_SK_WIRE : PF_SK_STACK]; 863 864 SLIST_FOREACH(sc, &pflowif_list, sc_next) { 865 switch (sc->sc_version) { 866 case PFLOW_PROTO_5: 867 if( sk->af == AF_INET ) 868 export_pflow_if(st, sk, sc); 869 break; 870 case PFLOW_PROTO_9: 871 /* ... fall through ... */ 872 case PFLOW_PROTO_10: 873 if( sk->af == AF_INET || sk->af == AF_INET6 ) 874 export_pflow_if(st, sk, sc); 875 break; 876 default: /* NOTREACHED */ 877 break; 878 } 879 } 880 881 return (0); 882 } 883 884 int 885 export_pflow_if(struct pf_state *st, struct pf_state_key *sk, 886 struct pflow_softc *sc) 887 { 888 struct pf_state pfs_copy; 889 struct ifnet *ifp = &sc->sc_if; 890 u_int64_t bytes[2]; 891 int ret = 0; 892 893 if (!(ifp->if_flags & IFF_RUNNING)) 894 return (0); 895 896 if (sc->sc_version == PFLOW_PROTO_9) 897 return (pflow_pack_flow_v9(st, sk, sc)); 898 if (sc->sc_version == PFLOW_PROTO_10) 899 return (pflow_pack_flow_ipfix(st, sk, sc)); 900 901 /* PFLOW_PROTO_5 */ 902 if ((st->bytes[0] < (u_int64_t)PFLOW_MAXBYTES) 903 && (st->bytes[1] < (u_int64_t)PFLOW_MAXBYTES)) 904 return (pflow_pack_flow(st, sk, sc)); 905 906 /* flow > PFLOW_MAXBYTES need special handling */ 907 bcopy(st, &pfs_copy, sizeof(pfs_copy)); 908 bytes[0] = pfs_copy.bytes[0]; 909 bytes[1] = pfs_copy.bytes[1]; 910 911 while (bytes[0] > PFLOW_MAXBYTES) { 912 pfs_copy.bytes[0] = PFLOW_MAXBYTES; 913 pfs_copy.bytes[1] = 0; 914 915 if ((ret = pflow_pack_flow(&pfs_copy, sk, sc)) != 0) 916 return (ret); 917 if ((bytes[0] - PFLOW_MAXBYTES) > 0) 918 bytes[0] -= PFLOW_MAXBYTES; 919 } 920 921 while (bytes[1] > (u_int64_t)PFLOW_MAXBYTES) { 922 pfs_copy.bytes[1] = PFLOW_MAXBYTES; 923 pfs_copy.bytes[0] = 0; 924 925 if ((ret = pflow_pack_flow(&pfs_copy, sk, sc)) != 0) 926 return (ret); 927 if ((bytes[1] - PFLOW_MAXBYTES) > 0) 928 bytes[1] -= PFLOW_MAXBYTES; 929 } 930 931 pfs_copy.bytes[0] = bytes[0]; 932 pfs_copy.bytes[1] = bytes[1]; 933 934 return (pflow_pack_flow(&pfs_copy, sk, sc)); 935 } 936 937 int 938 copy_flow_to_m(struct pflow_flow *flow, struct pflow_softc *sc) 939 { 940 int s, ret = 0; 941 942 s = splnet(); 943 if (sc->sc_mbuf == NULL) { 944 if ((sc->sc_mbuf = pflow_get_mbuf(sc, 0)) == NULL) { 945 splx(s); 946 return (ENOBUFS); 947 } 948 } 949 m_copyback(sc->sc_mbuf, PFLOW_HDRLEN + 950 (sc->sc_count * sizeof(struct pflow_flow)), 951 sizeof(struct pflow_flow), flow, M_NOWAIT); 952 953 if (pflowstats.pflow_flows == sc->sc_gcounter) 954 pflowstats.pflow_flows++; 955 sc->sc_gcounter++; 956 sc->sc_count++; 957 958 if (sc->sc_count >= sc->sc_maxcount) 959 ret = pflow_sendout_v5(sc); 960 961 splx(s); 962 return(ret); 963 } 964 965 int 966 copy_flow_v9_4_to_m(struct pflow_v9_flow4 *flow, struct pflow_softc *sc) 967 { 968 int s, ret = 0; 969 970 s = splnet(); 971 if (sc->sc_mbuf == NULL) { 972 if ((sc->sc_mbuf = 973 pflow_get_mbuf(sc, PFLOW_V9_TMPL_IPV4_ID)) == NULL) { 974 splx(s); 975 return (ENOBUFS); 976 } 977 sc->sc_count4 = 0; 978 timeout_add_sec(&sc->sc_tmo, PFLOW_TIMEOUT); 979 } 980 m_copyback(sc->sc_mbuf, PFLOW_SET_HDRLEN + 981 (sc->sc_count4 * sizeof(struct pflow_v9_flow4)), 982 sizeof(struct pflow_v9_flow4), flow, M_NOWAIT); 983 984 if (pflowstats.pflow_flows == sc->sc_gcounter) 985 pflowstats.pflow_flows++; 986 sc->sc_gcounter++; 987 sc->sc_count4++; 988 989 if (sc->sc_count4 >= sc->sc_maxcount4) 990 ret = pflow_sendout_v9(sc, AF_INET); 991 splx(s); 992 return(ret); 993 } 994 995 int 996 copy_flow_v9_6_to_m(struct pflow_v9_flow6 *flow, struct pflow_softc *sc) 997 { 998 int s, ret = 0; 999 1000 s = splnet(); 1001 if (sc->sc_mbuf6 == NULL) { 1002 if ((sc->sc_mbuf6 = 1003 pflow_get_mbuf(sc, PFLOW_V9_TMPL_IPV6_ID)) == NULL) { 1004 splx(s); 1005 return (ENOBUFS); 1006 } 1007 sc->sc_count6 = 0; 1008 timeout_add_sec(&sc->sc_tmo6, PFLOW_TIMEOUT); 1009 } 1010 m_copyback(sc->sc_mbuf6, PFLOW_SET_HDRLEN + 1011 (sc->sc_count6 * sizeof(struct pflow_v9_flow6)), 1012 sizeof(struct pflow_v9_flow6), flow, M_NOWAIT); 1013 1014 if (pflowstats.pflow_flows == sc->sc_gcounter) 1015 pflowstats.pflow_flows++; 1016 sc->sc_gcounter++; 1017 sc->sc_count6++; 1018 1019 if (sc->sc_count6 >= sc->sc_maxcount6) 1020 ret = pflow_sendout_v9(sc, AF_INET6); 1021 1022 splx(s); 1023 return(ret); 1024 } 1025 1026 int 1027 copy_flow_ipfix_4_to_m(struct pflow_ipfix_flow4 *flow, struct pflow_softc *sc) 1028 { 1029 int s, ret = 0; 1030 1031 s = splnet(); 1032 if (sc->sc_mbuf == NULL) { 1033 if ((sc->sc_mbuf = 1034 pflow_get_mbuf(sc, PFLOW_IPFIX_TMPL_IPV4_ID)) == NULL) { 1035 splx(s); 1036 return (ENOBUFS); 1037 } 1038 sc->sc_count4 = 0; 1039 timeout_add_sec(&sc->sc_tmo, PFLOW_TIMEOUT); 1040 } 1041 m_copyback(sc->sc_mbuf, PFLOW_SET_HDRLEN + 1042 (sc->sc_count4 * sizeof(struct pflow_ipfix_flow4)), 1043 sizeof(struct pflow_ipfix_flow4), flow, M_NOWAIT); 1044 1045 if (pflowstats.pflow_flows == sc->sc_gcounter) 1046 pflowstats.pflow_flows++; 1047 sc->sc_gcounter++; 1048 sc->sc_count4++; 1049 1050 if (sc->sc_count4 >= sc->sc_maxcount4) 1051 ret = pflow_sendout_ipfix(sc, AF_INET); 1052 splx(s); 1053 return(ret); 1054 } 1055 1056 int 1057 copy_flow_ipfix_6_to_m(struct pflow_ipfix_flow6 *flow, struct pflow_softc *sc) 1058 { 1059 int s, ret = 0; 1060 1061 s = splnet(); 1062 if (sc->sc_mbuf6 == NULL) { 1063 if ((sc->sc_mbuf6 = 1064 pflow_get_mbuf(sc, PFLOW_IPFIX_TMPL_IPV6_ID)) == NULL) { 1065 splx(s); 1066 return (ENOBUFS); 1067 } 1068 sc->sc_count6 = 0; 1069 timeout_add_sec(&sc->sc_tmo6, PFLOW_TIMEOUT); 1070 } 1071 m_copyback(sc->sc_mbuf6, PFLOW_SET_HDRLEN + 1072 (sc->sc_count6 * sizeof(struct pflow_ipfix_flow6)), 1073 sizeof(struct pflow_ipfix_flow6), flow, M_NOWAIT); 1074 1075 if (pflowstats.pflow_flows == sc->sc_gcounter) 1076 pflowstats.pflow_flows++; 1077 sc->sc_gcounter++; 1078 sc->sc_count6++; 1079 1080 if (sc->sc_count6 >= sc->sc_maxcount6) 1081 ret = pflow_sendout_ipfix(sc, AF_INET6); 1082 1083 splx(s); 1084 return(ret); 1085 } 1086 1087 int 1088 pflow_pack_flow(struct pf_state *st, struct pf_state_key *sk, 1089 struct pflow_softc *sc) 1090 { 1091 struct pflow_flow flow1; 1092 struct pflow_flow flow2; 1093 int ret = 0; 1094 1095 bzero(&flow1, sizeof(flow1)); 1096 bzero(&flow2, sizeof(flow2)); 1097 1098 if (st->direction == PF_OUT) 1099 copy_flow_data(&flow1, &flow2, st, sk, 1, 0); 1100 else 1101 copy_flow_data(&flow1, &flow2, st, sk, 0, 1); 1102 1103 if (st->bytes[0] != 0) /* first flow from state */ 1104 ret = copy_flow_to_m(&flow1, sc); 1105 1106 if (st->bytes[1] != 0) /* second flow from state */ 1107 ret = copy_flow_to_m(&flow2, sc); 1108 1109 return (ret); 1110 } 1111 1112 int 1113 pflow_pack_flow_v9(struct pf_state *st, struct pf_state_key *sk, 1114 struct pflow_softc *sc) 1115 { 1116 struct pflow_v9_flow4 flow4_1, flow4_2; 1117 struct pflow_v9_flow6 flow6_1, flow6_2; 1118 int ret = 0; 1119 if (sk->af == AF_INET) { 1120 bzero(&flow4_1, sizeof(flow4_1)); 1121 bzero(&flow4_2, sizeof(flow4_2)); 1122 1123 if (st->direction == PF_OUT) 1124 copy_flow_v9_4_data(&flow4_1, &flow4_2, st, sk, sc, 1, 1125 0); 1126 else 1127 copy_flow_v9_4_data(&flow4_1, &flow4_2, st, sk, sc, 0, 1128 1); 1129 1130 if (st->bytes[0] != 0) /* first flow from state */ 1131 ret = copy_flow_v9_4_to_m(&flow4_1, sc); 1132 1133 if (st->bytes[1] != 0) /* second flow from state */ 1134 ret = copy_flow_v9_4_to_m(&flow4_2, sc); 1135 } else if (sk->af == AF_INET6) { 1136 bzero(&flow6_1, sizeof(flow6_1)); 1137 bzero(&flow6_2, sizeof(flow6_2)); 1138 1139 if (st->direction == PF_OUT) 1140 copy_flow_v9_6_data(&flow6_1, &flow6_2, st, sk, sc, 1, 1141 0); 1142 else 1143 copy_flow_v9_6_data(&flow6_1, &flow6_2, st, sk, sc, 0, 1144 1); 1145 1146 if (st->bytes[0] != 0) /* first flow from state */ 1147 ret = copy_flow_v9_6_to_m(&flow6_1, sc); 1148 1149 if (st->bytes[1] != 0) /* second flow from state */ 1150 ret = copy_flow_v9_6_to_m(&flow6_2, sc); 1151 } 1152 return (ret); 1153 } 1154 1155 int 1156 pflow_pack_flow_ipfix(struct pf_state *st, struct pf_state_key *sk, 1157 struct pflow_softc *sc) 1158 { 1159 struct pflow_ipfix_flow4 flow4_1, flow4_2; 1160 struct pflow_ipfix_flow6 flow6_1, flow6_2; 1161 int ret = 0; 1162 if (sk->af == AF_INET) { 1163 bzero(&flow4_1, sizeof(flow4_1)); 1164 bzero(&flow4_2, sizeof(flow4_2)); 1165 1166 if (st->direction == PF_OUT) 1167 copy_flow_ipfix_4_data(&flow4_1, &flow4_2, st, sk, sc, 1168 1, 0); 1169 else 1170 copy_flow_ipfix_4_data(&flow4_1, &flow4_2, st, sk, sc, 1171 0, 1); 1172 1173 if (st->bytes[0] != 0) /* first flow from state */ 1174 ret = copy_flow_ipfix_4_to_m(&flow4_1, sc); 1175 1176 if (st->bytes[1] != 0) /* second flow from state */ 1177 ret = copy_flow_ipfix_4_to_m(&flow4_2, sc); 1178 } else if (sk->af == AF_INET6) { 1179 bzero(&flow6_1, sizeof(flow6_1)); 1180 bzero(&flow6_2, sizeof(flow6_2)); 1181 1182 if (st->direction == PF_OUT) 1183 copy_flow_ipfix_6_data(&flow6_1, &flow6_2, st, sk, sc, 1184 1, 0); 1185 else 1186 copy_flow_ipfix_6_data(&flow6_1, &flow6_2, st, sk, sc, 1187 0, 1); 1188 1189 if (st->bytes[0] != 0) /* first flow from state */ 1190 ret = copy_flow_ipfix_6_to_m(&flow6_1, sc); 1191 1192 if (st->bytes[1] != 0) /* second flow from state */ 1193 ret = copy_flow_ipfix_6_to_m(&flow6_2, sc); 1194 } 1195 return (ret); 1196 } 1197 1198 void 1199 pflow_timeout(void *v) 1200 { 1201 struct pflow_softc *sc = v; 1202 int s; 1203 1204 s = splnet(); 1205 switch (sc->sc_version) { 1206 case PFLOW_PROTO_5: 1207 pflow_sendout_v5(sc); 1208 break; 1209 case PFLOW_PROTO_9: 1210 pflow_sendout_v9(sc, AF_INET); 1211 break; 1212 case PFLOW_PROTO_10: 1213 pflow_sendout_ipfix(sc, AF_INET); 1214 break; 1215 default: /* NOTREACHED */ 1216 break; 1217 } 1218 splx(s); 1219 } 1220 1221 void 1222 pflow_timeout6(void *v) 1223 { 1224 struct pflow_softc *sc = v; 1225 int s; 1226 1227 s = splnet(); 1228 switch (sc->sc_version) { 1229 case PFLOW_PROTO_9: 1230 pflow_sendout_v9(sc, AF_INET6); 1231 break; 1232 case PFLOW_PROTO_10: 1233 pflow_sendout_ipfix(sc, AF_INET6); 1234 break; 1235 default: /* NOTREACHED */ 1236 break; 1237 } 1238 splx(s); 1239 } 1240 1241 void 1242 pflow_timeout_tmpl(void *v) 1243 { 1244 struct pflow_softc *sc = v; 1245 int s; 1246 1247 s = splnet(); 1248 if (sc->sc_version == PFLOW_PROTO_9) 1249 pflow_sendout_v9_tmpl(sc); 1250 else if (sc->sc_version == PFLOW_PROTO_10) 1251 pflow_sendout_ipfix_tmpl(sc); 1252 splx(s); 1253 } 1254 1255 /* This must be called in splnet() */ 1256 void 1257 pflow_flush(struct pflow_softc *sc) 1258 { 1259 switch (sc->sc_version) { 1260 case PFLOW_PROTO_5: 1261 pflow_sendout_v5(sc); 1262 break; 1263 case PFLOW_PROTO_9: 1264 pflow_sendout_v9(sc, AF_INET); 1265 pflow_sendout_v9(sc, AF_INET6); 1266 break; 1267 case PFLOW_PROTO_10: 1268 pflow_sendout_ipfix(sc, AF_INET); 1269 pflow_sendout_ipfix(sc, AF_INET6); 1270 break; 1271 default: /* NOTREACHED */ 1272 break; 1273 } 1274 } 1275 1276 1277 /* This must be called in splnet() */ 1278 int 1279 pflow_sendout_v5(struct pflow_softc *sc) 1280 { 1281 struct mbuf *m = sc->sc_mbuf; 1282 struct pflow_header *h; 1283 struct ifnet *ifp = &sc->sc_if; 1284 struct timespec tv; 1285 1286 timeout_del(&sc->sc_tmo); 1287 1288 if (m == NULL) 1289 return (0); 1290 1291 sc->sc_mbuf = NULL; 1292 if (!(ifp->if_flags & IFF_RUNNING)) { 1293 m_freem(m); 1294 return (0); 1295 } 1296 1297 pflowstats.pflow_packets++; 1298 h = mtod(m, struct pflow_header *); 1299 h->count = htons(sc->sc_count); 1300 1301 /* populate pflow_header */ 1302 h->uptime_ms = htonl(time_uptime * 1000); 1303 1304 getnanotime(&tv); 1305 h->time_sec = htonl(tv.tv_sec); /* XXX 2038 */ 1306 h->time_nanosec = htonl(tv.tv_nsec); 1307 1308 return (pflow_sendout_mbuf(sc, m)); 1309 } 1310 1311 /* This must be called in splnet() */ 1312 int 1313 pflow_sendout_v9(struct pflow_softc *sc, sa_family_t af) 1314 { 1315 struct mbuf *m; 1316 struct pflow_v9_header *h9; 1317 struct pflow_set_header *set_hdr; 1318 struct ifnet *ifp = &sc->sc_if; 1319 int set_length; 1320 1321 switch (af) { 1322 case AF_INET: 1323 m = sc->sc_mbuf; 1324 timeout_del(&sc->sc_tmo); 1325 if (m == NULL) 1326 return (0); 1327 sc->sc_mbuf = NULL; 1328 set_length = sizeof(struct pflow_set_header) 1329 + sc->sc_count4 * sizeof(struct pflow_v9_flow4); 1330 break; 1331 case AF_INET6: 1332 m = sc->sc_mbuf6; 1333 timeout_del(&sc->sc_tmo6); 1334 if (m == NULL) 1335 return (0); 1336 sc->sc_mbuf6 = NULL; 1337 set_length = sizeof(struct pflow_set_header) 1338 + sc->sc_count6 * sizeof(struct pflow_v9_flow6); 1339 break; 1340 default: /* NOTREACHED */ 1341 break; 1342 } 1343 1344 if (!(ifp->if_flags & IFF_RUNNING)) { 1345 m_freem(m); 1346 return (0); 1347 } 1348 1349 pflowstats.pflow_packets++; 1350 set_hdr = mtod(m, struct pflow_set_header *); 1351 set_hdr->set_length = htons(set_length); 1352 1353 /* populate pflow_header */ 1354 M_PREPEND(m, sizeof(struct pflow_v9_header), M_DONTWAIT); 1355 if (m == NULL) { 1356 pflowstats.pflow_onomem++; 1357 return (ENOBUFS); 1358 } 1359 h9 = mtod(m, struct pflow_v9_header *); 1360 h9->version = htons(PFLOW_PROTO_9); 1361 h9->count = htons(1); 1362 h9->uptime_ms = htonl(time_uptime * 1000); 1363 h9->time_sec = htonl(time_second); /* XXX 2038 */ 1364 h9->flow_sequence = htonl(sc->sc_gcounter); 1365 h9->observation_dom = htonl(PFLOW_ENGINE_TYPE); 1366 return (pflow_sendout_mbuf(sc, m)); 1367 } 1368 1369 /* This must be called in splnet() */ 1370 int 1371 pflow_sendout_ipfix(struct pflow_softc *sc, sa_family_t af) 1372 { 1373 struct mbuf *m; 1374 struct pflow_v10_header *h10; 1375 struct pflow_set_header *set_hdr; 1376 struct ifnet *ifp = &sc->sc_if; 1377 int set_length; 1378 1379 switch (af) { 1380 case AF_INET: 1381 m = sc->sc_mbuf; 1382 timeout_del(&sc->sc_tmo); 1383 if (m == NULL) 1384 return (0); 1385 sc->sc_mbuf = NULL; 1386 set_length = sizeof(struct pflow_set_header) 1387 + sc->sc_count4 * sizeof(struct pflow_ipfix_flow4); 1388 break; 1389 case AF_INET6: 1390 m = sc->sc_mbuf6; 1391 timeout_del(&sc->sc_tmo6); 1392 if (m == NULL) 1393 return (0); 1394 sc->sc_mbuf6 = NULL; 1395 set_length = sizeof(struct pflow_set_header) 1396 + sc->sc_count6 * sizeof(struct pflow_ipfix_flow6); 1397 break; 1398 default: /* NOTREACHED */ 1399 break; 1400 } 1401 1402 if (!(ifp->if_flags & IFF_RUNNING)) { 1403 m_freem(m); 1404 return (0); 1405 } 1406 1407 pflowstats.pflow_packets++; 1408 set_hdr = mtod(m, struct pflow_set_header *); 1409 set_hdr->set_length = htons(set_length); 1410 1411 /* populate pflow_header */ 1412 M_PREPEND(m, sizeof(struct pflow_v10_header), M_DONTWAIT); 1413 if (m == NULL) { 1414 pflowstats.pflow_onomem++; 1415 return (ENOBUFS); 1416 } 1417 h10 = mtod(m, struct pflow_v10_header *); 1418 h10->version = htons(PFLOW_PROTO_10); 1419 h10->length = htons(PFLOW_IPFIX_HDRLEN + set_length); 1420 h10->time_sec = htonl(time_second); /* XXX 2038 */ 1421 h10->flow_sequence = htonl(sc->sc_gcounter); 1422 h10->observation_dom = htonl(PFLOW_ENGINE_TYPE); 1423 return (pflow_sendout_mbuf(sc, m)); 1424 } 1425 1426 /* This must be called in splnet() */ 1427 int 1428 pflow_sendout_v9_tmpl(struct pflow_softc *sc) 1429 { 1430 struct mbuf *m; 1431 struct pflow_v9_header *h9; 1432 struct ifnet *ifp = &sc->sc_if; 1433 1434 timeout_del(&sc->sc_tmo_tmpl); 1435 1436 if (!(ifp->if_flags & IFF_RUNNING)) { 1437 return (0); 1438 } 1439 m = pflow_get_mbuf(NULL, 0); 1440 if (m == NULL) 1441 return (0); 1442 if (m_copyback(m, 0, sizeof(struct pflow_v9_tmpl), 1443 &sc->sc_tmpl_v9, M_NOWAIT)) { 1444 m_freem(m); 1445 return (0); 1446 } 1447 pflowstats.pflow_packets++; 1448 1449 /* populate pflow_header */ 1450 M_PREPEND(m, sizeof(struct pflow_v9_header), M_DONTWAIT); 1451 if (m == NULL) { 1452 pflowstats.pflow_onomem++; 1453 return (ENOBUFS); 1454 } 1455 h9 = mtod(m, struct pflow_v9_header *); 1456 h9->version = htons(PFLOW_PROTO_9); 1457 h9->count = htons(1); 1458 h9->uptime_ms = htonl(time_uptime * 1000); 1459 h9->time_sec = htonl(time_second); /* XXX 2038 */ 1460 h9->flow_sequence = htonl(sc->sc_gcounter); 1461 h9->observation_dom = htonl(PFLOW_ENGINE_TYPE); 1462 1463 timeout_add_sec(&sc->sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT); 1464 return (pflow_sendout_mbuf(sc, m)); 1465 } 1466 1467 /* This must be called in splnet() */ 1468 int 1469 pflow_sendout_ipfix_tmpl(struct pflow_softc *sc) 1470 { 1471 struct mbuf *m; 1472 struct pflow_v10_header *h10; 1473 struct ifnet *ifp = &sc->sc_if; 1474 1475 timeout_del(&sc->sc_tmo_tmpl); 1476 1477 if (!(ifp->if_flags & IFF_RUNNING)) { 1478 return (0); 1479 } 1480 m = pflow_get_mbuf(NULL, 0); 1481 if (m == NULL) 1482 return (0); 1483 if (m_copyback(m, 0, sizeof(struct pflow_ipfix_tmpl), 1484 &sc->sc_tmpl_ipfix, M_NOWAIT)) { 1485 m_freem(m); 1486 return (0); 1487 } 1488 pflowstats.pflow_packets++; 1489 1490 /* populate pflow_header */ 1491 M_PREPEND(m, sizeof(struct pflow_v10_header), M_DONTWAIT); 1492 if (m == NULL) { 1493 pflowstats.pflow_onomem++; 1494 return (ENOBUFS); 1495 } 1496 h10 = mtod(m, struct pflow_v10_header *); 1497 h10->version = htons(PFLOW_PROTO_10); 1498 h10->length = htons(PFLOW_IPFIX_HDRLEN + sizeof(struct 1499 pflow_ipfix_tmpl)); 1500 h10->time_sec = htonl(time_second); /* XXX 2038 */ 1501 h10->flow_sequence = htonl(sc->sc_gcounter); 1502 h10->observation_dom = htonl(PFLOW_ENGINE_TYPE); 1503 1504 timeout_add_sec(&sc->sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT); 1505 return (pflow_sendout_mbuf(sc, m)); 1506 } 1507 1508 int 1509 pflow_sendout_mbuf(struct pflow_softc *sc, struct mbuf *m) 1510 { 1511 struct udpiphdr *ui; 1512 u_int16_t len = m->m_pkthdr.len; 1513 #if NBPFILTER > 0 1514 struct ifnet *ifp = &sc->sc_if; 1515 #endif 1516 struct ip *ip; 1517 int err; 1518 1519 /* UDP Header*/ 1520 M_PREPEND(m, sizeof(struct udpiphdr), M_DONTWAIT); 1521 if (m == NULL) { 1522 pflowstats.pflow_onomem++; 1523 return (ENOBUFS); 1524 } 1525 1526 ui = mtod(m, struct udpiphdr *); 1527 ui->ui_pr = IPPROTO_UDP; 1528 ui->ui_src = sc->sc_sender_ip; 1529 ui->ui_sport = sc->sc_sender_port; 1530 ui->ui_dst = sc->sc_receiver_ip; 1531 ui->ui_dport = sc->sc_receiver_port; 1532 ui->ui_ulen = htons(sizeof(struct udphdr) + len); 1533 ui->ui_sum = 0; 1534 m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT; 1535 m->m_pkthdr.rdomain = sc->sc_if.if_rdomain; 1536 1537 ip = (struct ip *)ui; 1538 ip->ip_v = IPVERSION; 1539 ip->ip_hl = sizeof(struct ip) >> 2; 1540 ip->ip_id = htons(ip_randomid()); 1541 ip->ip_off = htons(IP_DF); 1542 ip->ip_tos = IPTOS_LOWDELAY; 1543 ip->ip_ttl = IPDEFTTL; 1544 ip->ip_len = htons(sizeof(struct udpiphdr) + len); 1545 1546 #if NBPFILTER > 0 1547 if (ifp->if_bpf) 1548 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1549 #endif 1550 1551 sc->sc_if.if_opackets++; 1552 sc->sc_if.if_obytes += m->m_pkthdr.len; 1553 1554 if ((err = ip_output(m, NULL, NULL, IP_RAWOUTPUT, &sc->sc_imo, NULL))) { 1555 pflowstats.pflow_oerrors++; 1556 sc->sc_if.if_oerrors++; 1557 } 1558 return (err); 1559 } 1560 1561 int 1562 pflow_get_dynport(void) 1563 { 1564 u_int16_t tmp, low, high, cut; 1565 1566 low = ipport_hifirstauto; /* sysctl */ 1567 high = ipport_hilastauto; 1568 1569 cut = arc4random_uniform(1 + high - low) + low; 1570 1571 for (tmp = cut; tmp <= high; ++(tmp)) { 1572 if (!in_baddynamic(tmp, IPPROTO_UDP)) 1573 return (htons(tmp)); 1574 } 1575 1576 for (tmp = cut - 1; tmp >= low; --(tmp)) { 1577 if (!in_baddynamic(tmp, IPPROTO_UDP)) 1578 return (htons(tmp)); 1579 } 1580 1581 return (htons(ipport_hilastauto)); /* XXX */ 1582 } 1583 1584 int 1585 pflow_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, 1586 void *newp, size_t newlen) 1587 { 1588 if (namelen != 1) 1589 return (ENOTDIR); 1590 1591 switch (name[0]) { 1592 case NET_PFLOW_STATS: 1593 if (newp != NULL) 1594 return (EPERM); 1595 return (sysctl_struct(oldp, oldlenp, newp, newlen, 1596 &pflowstats, sizeof(pflowstats))); 1597 default: 1598 return (EOPNOTSUPP); 1599 } 1600 return (0); 1601 } 1602