1 /*-
2 * Copyright (c) 2004-2005 Gleb Smirnoff <glebius@FreeBSD.org>
3 * Copyright (c) 2001-2003 Roman V. Palagin <romanp@unshadow.net>
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 *
27 * $SourceForge: netflow.c,v 1.41 2004/09/05 11:41:10 glebius Exp $
28 */
29
30 static const char rcs_id[] =
31 "@(#) $FreeBSD: src/sys/netgraph/netflow/netflow.c,v 1.3.2.8 2005/05/11 10:45:31 glebius Exp $";
32
33 #include <sys/param.h>
34 #include <sys/kernel.h>
35 #include <sys/limits.h>
36 #include <sys/mbuf.h>
37 #include <sys/syslog.h>
38 #include <sys/systm.h>
39 #include <sys/socket.h>
40
41 #include <net/if.h>
42 #include <net/if_var.h>
43 #include <net/if_dl.h>
44 #include <net/route.h>
45 #include <netinet/in.h>
46 #include <netinet/in_systm.h>
47 #include <netinet/ip.h>
48 #include <netinet/tcp.h>
49 #include <netinet/udp.h>
50
51 #include <netgraph/ng_message.h>
52 #include <netgraph/netgraph.h>
53
54 #include <netgraph/netflow/netflow.h>
55 #include <netgraph/netflow/ng_netflow.h>
56
57 #define NBUCKETS (4096) /* must be power of 2 */
58
59 /* This hash is for TCP or UDP packets */
60 #define FULL_HASH(addr1,addr2,port1,port2)\
61 (((addr1 >> 16) ^ \
62 (addr2 & 0x00FF) ^ \
63 ((port1 ^ port2) << 8) )& \
64 (NBUCKETS - 1))
65
66 /* This hash for all other IP packets */
67 #define ADDR_HASH(addr1,addr2)\
68 (((addr1 >> 16) ^ \
69 (addr2 & 0x00FF) )& \
70 (NBUCKETS - 1))
71
72 /* Macros to shorten logical constructions */
73 /* XXX: priv must exist in namespace */
74 #define INACTIVE(fle) (time_uptime - fle->f.last > priv->info.nfinfo_inact_t)
75 #define AGED(fle) (time_uptime - fle->f.first > priv->info.nfinfo_act_t)
76 #define ISFREE(fle) (fle->f.packets == 0)
77
78 /*
79 * 4 is a magical number: statistically number of 4-packet flows is
80 * bigger than 5,6,7...-packet flows by an order of magnitude. Most UDP/ICMP
81 * scans are 1 packet (~ 90% of flow cache). TCP scans are 2-packet in case
82 * of reachable host and 4-packet otherwise.
83 */
84 #define SMALL(fle) (fle->f.packets <= 4)
85
86 /*
87 * Cisco uses milliseconds for uptime. Bad idea, since it overflows
88 * every 48+ days. But we will do same to keep compatibility. This macro
89 * does overflowable multiplication to 1000.
90 */
91 #define MILLIUPTIME(t) (((t) << 9) + /* 512 */ \
92 ((t) << 8) + /* 256 */ \
93 ((t) << 7) + /* 128 */ \
94 ((t) << 6) + /* 64 */ \
95 ((t) << 5) + /* 32 */ \
96 ((t) << 3)) /* 8 */
97
98 MALLOC_DECLARE(M_NETFLOW);
99 MALLOC_DEFINE(M_NETFLOW, "NetFlow", "flow cache");
100
101 static int export_add(priv_p , struct flow_entry *);
102 static int export_send(priv_p );
103
104 /* Generate hash for a given flow record */
105 static __inline uint32_t
106 ip_hash(struct flow_rec *r)
107 {
108 switch (r->r_ip_p) {
109 case IPPROTO_TCP:
110 case IPPROTO_UDP:
111 return FULL_HASH(r->r_src.s_addr, r->r_dst.s_addr,
112 r->r_sport, r->r_dport);
113 default:
114 return ADDR_HASH(r->r_src.s_addr, r->r_dst.s_addr);
115 }
116 }
117
118 /* Lookup for record in given slot */
119 static __inline struct flow_entry *
120 hash_lookup(struct flow_hash_entry *h, int slot, struct flow_rec *r)
121 {
122 struct flow_entry *fle;
123
124 LIST_FOREACH(fle, &(h[slot].head), fle_hash)
125 if (bcmp(r, &fle->f.r, sizeof(struct flow_rec)) == 0)
126 return (fle);
127
128 return (NULL);
129 }
130
131 /* Get a flow entry from free list */
132 static __inline struct flow_entry *
133 alloc_flow(priv_p priv, int *flows)
134 {
135 register struct flow_entry *fle;
136
137 mtx_lock(&priv->free_mtx);
138
139 if (SLIST_EMPTY(&priv->free_list)) {
140 mtx_unlock(&priv->free_mtx);
141 return(NULL);
142 }
143
144 fle = SLIST_FIRST(&priv->free_list);
145 SLIST_REMOVE_HEAD(&priv->free_list, fle_free);
146
147 priv->info.nfinfo_used++;
148 priv->info.nfinfo_free--;
149
150 if (flows != NULL)
151 *flows = priv->info.nfinfo_used;
152
153 mtx_unlock(&priv->free_mtx);
154
155 return (fle);
156 }
157
158 /* Insert flow entry into a free list. */
159 static __inline int
160 free_flow(priv_p priv, struct flow_entry *fle)
161 {
162 int flows;
163
164 mtx_lock(&priv->free_mtx);
165 fle->f.packets = 0;
166 SLIST_INSERT_HEAD(&priv->free_list, fle, fle_free);
167 flows = priv->info.nfinfo_used--;
168 priv->info.nfinfo_free++;
169 mtx_unlock(&priv->free_mtx);
170
171 return flows;
172 }
173
174 #define NGNF_GETUSED(priv, rval) do { \
175 mtx_lock(&priv->free_mtx); \
176 rval = priv->info.nfinfo_used; \
177 mtx_unlock(&priv->free_mtx); \
178 } while (0)
179
180 /* Insert flow entry into expire list. */
181 /* XXX: Flow must be detached from work queue, but not from cache */
182 static __inline void
183 expire_flow(priv_p priv, struct flow_entry *fle)
184 {
185 mtx_assert(&priv->work_mtx, MA_OWNED);
186 LIST_REMOVE(fle, fle_hash);
187
188 mtx_lock(&priv->expire_mtx);
189 SLIST_INSERT_HEAD(&priv->expire_list, fle, fle_free);
190 mtx_unlock(&priv->expire_mtx);
191 }
192
193 /* Get a snapshot of node statistics */
194 void
195 ng_netflow_copyinfo(priv_p priv, struct ng_netflow_info *i)
196 {
197 mtx_lock(&priv->free_mtx);
198 memcpy((void *)i, (void *)&priv->info, sizeof(priv->info));
199 mtx_unlock(&priv->free_mtx);
200 }
201
202 /* Calculate number of bits in netmask */
203 #define g21 0x55555555ul /* = 0101_0101_0101_0101_0101_0101_0101_0101 */
204 #define g22 0x33333333ul /* = 0011_0011_0011_0011_0011_0011_0011_0011 */
205 #define g23 0x0f0f0f0ful /* = 0000_1111_0000_1111_0000_1111_0000_1111 */
206 static __inline u_char
207 bit_count(uint32_t v)
208 {
209 v = (v & g21) + ((v >> 1) & g21);
210 v = (v & g22) + ((v >> 2) & g22);
211 v = (v + (v >> 4)) & g23;
212 return (v + (v >> 8) + (v >> 16) + (v >> 24)) & 0x3f;
213 }
214
215 /*
216 * Insert a record into defined slot.
217 *
218 * First we get for us a free flow entry, then fill in all
219 * possible fields in it. Then obtain lock on flow cache
220 * and insert flow entry.
221 */
222 static __inline int
223 hash_insert(priv_p priv, int slot, struct flow_rec *r, int plen,
224 uint8_t tcp_flags)
225 {
226 struct flow_hash_entry *h = priv->hash;
227 struct flow_entry *fle;
228 struct route ro;
229 struct sockaddr_in *sin;
230
231 fle = alloc_flow(priv, NULL);
232 if (fle == NULL)
233 return (ENOMEM);
234
235 /*
236 * Now fle is totally ours. It is detached from all lists,
237 * we can safely edit it.
238 */
239
240 bcopy(r, &fle->f.r, sizeof(struct flow_rec));
241 fle->f.bytes = plen;
242 fle->f.packets = 1;
243 fle->f.tcp_flags = tcp_flags;
244
245 fle->f.first = fle->f.last = time_uptime;
246
247 /*
248 * First we do route table lookup on destination address. So we can
249 * fill in out_ifx, dst_mask, nexthop, and dst_as in future releases.
250 */
251 bzero((caddr_t)&ro, sizeof(ro));
252 sin = (struct sockaddr_in *)&ro.ro_dst;
253 sin->sin_len = sizeof(*sin);
254 sin->sin_family = AF_INET;
255 sin->sin_addr = fle->f.r.r_dst;
256 rtalloc_ign(&ro, RTF_CLONING);
257 if (ro.ro_rt != NULL) {
258 struct rtentry *rt = ro.ro_rt;
259
260 fle->f.fle_o_ifx = rt->rt_ifp->if_index;
261
262 if (rt->rt_flags & RTF_GATEWAY &&
263 rt->rt_gateway->sa_family == AF_INET)
264 fle->f.next_hop =
265 ((struct sockaddr_in *)(rt->rt_gateway))->sin_addr;
266
267 if (rt_mask(rt))
268 fle->f.dst_mask =
269 bit_count(((struct sockaddr_in *)rt_mask(rt))->sin_addr.s_addr);
270 else if (rt->rt_flags & RTF_HOST)
271 /* Give up. We can't determine mask :( */
272 fle->f.dst_mask = 32;
273
274 RTFREE(ro.ro_rt);
275 }
276
277 /* Do route lookup on source address, to fill in src_mask. */
278
279 bzero((caddr_t)&ro, sizeof(ro));
280 sin = (struct sockaddr_in *)&ro.ro_dst;
281 sin->sin_len = sizeof(*sin);
282 sin->sin_family = AF_INET;
283 sin->sin_addr = fle->f.r.r_src;
284 rtalloc_ign(&ro, RTF_CLONING);
285 if (ro.ro_rt != NULL) {
286 struct rtentry *rt = ro.ro_rt;
287
288 if (rt_mask(rt))
289 fle->f.src_mask =
290 bit_count(((struct sockaddr_in *)rt_mask(rt))->sin_addr.s_addr);
291 else if (rt->rt_flags & RTF_HOST)
292 /* Give up. We can't determine mask :( */
293 fle->f.src_mask = 32;
294
295 RTFREE(ro.ro_rt);
296 }
297
298 /* Push new flow entry into flow cache */
299 mtx_lock(&priv->work_mtx);
300 LIST_INSERT_HEAD(&(h[slot].head), fle, fle_hash);
301 TAILQ_INSERT_TAIL(&priv->work_queue, fle, fle_work);
302 mtx_unlock(&priv->work_mtx);
303
304 return (0);
305 }
306
307
308 /*
309 * Non-static functions called from ng_netflow.c
310 */
311
312 /* Allocate memory and set up flow cache */
313 int
314 ng_netflow_cache_init(priv_p priv)
315 {
316 struct flow_entry *fle;
317 int i;
318
319 /* allocate cache */
320 MALLOC(priv->cache, struct flow_entry *,
321 CACHESIZE * sizeof(struct flow_entry),
322 M_NETFLOW, M_WAITOK | M_ZERO);
323
324 if (priv->cache == NULL)
325 return (ENOMEM);
326
327 /* allocate hash */
328 MALLOC(priv->hash, struct flow_hash_entry *,
329 NBUCKETS * sizeof(struct flow_hash_entry),
330 M_NETFLOW, M_WAITOK | M_ZERO);
331
332 if (priv->hash == NULL) {
333 FREE(priv->cache, M_NETFLOW);
334 return (ENOMEM);
335 }
336
337 TAILQ_INIT(&priv->work_queue);
338 SLIST_INIT(&priv->free_list);
339 SLIST_INIT(&priv->expire_list);
340
341 mtx_init(&priv->work_mtx, "ng_netflow cache mutex", NULL, MTX_DEF);
342 mtx_init(&priv->free_mtx, "ng_netflow free mutex", NULL, MTX_DEF);
343 mtx_init(&priv->expire_mtx, "ng_netflow expire mutex", NULL, MTX_DEF);
344
345 /* build free list */
346 for (i = 0, fle = priv->cache; i < CACHESIZE; i++, fle++)
347 SLIST_INSERT_HEAD(&priv->free_list, fle, fle_free);
348
349 priv->info.nfinfo_free = CACHESIZE;
350
351 return (0);
352 }
353
354 /* Free all flow cache memory. Called from node close method. */
355 void
356 ng_netflow_cache_flush(priv_p priv)
357 {
358 register struct flow_entry *fle;
359 int i;
360
361 /*
362 * We are going to free probably billable data.
363 * Expire everything before freeing it.
364 * No locking is required since callout is already drained.
365 */
366
367 for (i = 0, fle = priv->cache; i < CACHESIZE; i++, fle++)
368 if (!ISFREE(fle))
369 /* ignore errors now */
370 (void )export_add(priv, fle);
371
372 mtx_destroy(&priv->work_mtx);
373 mtx_destroy(&priv->free_mtx);
374 mtx_destroy(&priv->expire_mtx);
375
376 /* free hash memory */
377 if (priv->hash)
378 FREE(priv->hash, M_NETFLOW);
379
380 /* free flow cache */
381 if (priv->cache)
382 FREE(priv->cache, M_NETFLOW);
383
384 }
385
386 /* Insert packet from &m into flow cache. */
387 int
388 ng_netflow_flow_add(priv_p priv, struct ip *ip, iface_p iface,
389 struct ifnet *ifp)
390 {
391 struct flow_hash_entry *h = priv->hash;
392 register struct flow_entry *fle;
393 struct flow_rec r;
394 int hlen, plen;
395 uint32_t slot;
396 uint8_t tcp_flags = 0;
397
398 /* Try to fill flow_rec r */
399 bzero(&r, sizeof(r));
400 /* check version */
401 if (ip->ip_v != IPVERSION)
402 return (EINVAL);
403
404 /* verify min header length */
405 hlen = ip->ip_hl << 2;
406
407 if (hlen < sizeof(struct ip))
408 return (EINVAL);
409
410 r.r_src = ip->ip_src;
411 r.r_dst = ip->ip_dst;
412
413 /* save packet length */
414 plen = ntohs(ip->ip_len);
415
416 r.r_ip_p = ip->ip_p;
417 r.r_tos = ip->ip_tos;
418
419 /* Configured in_ifx overrides mbuf's */
420 if (iface->info.ifinfo_index == 0) {
421 if (ifp != NULL)
422 r.r_i_ifx = ifp->if_index;
423 } else
424 r.r_i_ifx = iface->info.ifinfo_index;
425
426 /*
427 * XXX NOTE: only first fragment of fragmented TCP, UDP and
428 * ICMP packet will be recorded with proper s_port and d_port.
429 * Following fragments will be recorded simply as IP packet with
430 * ip_proto = ip->ip_p and s_port, d_port set to zero.
431 * I know, it looks like bug. But I don't want to re-implement
432 * ip packet assebmling here. Anyway, (in)famous trafd works this way -
433 * and nobody complains yet :)
434 */
435 if ((ip->ip_off & htons(IP_OFFMASK)) == 0)
436 switch(r.r_ip_p) {
437 case IPPROTO_TCP:
438 {
439 register struct tcphdr *tcp;
440
441 tcp = (struct tcphdr *)((caddr_t )ip + hlen);
442 r.r_sport = tcp->th_sport;
443 r.r_dport = tcp->th_dport;
444 tcp_flags = tcp->th_flags;
445 break;
446 }
447 case IPPROTO_UDP:
448 r.r_ports = *(uint32_t *)((caddr_t )ip + hlen);
449 break;
450 }
451
452 slot = ip_hash(&r);
453
454 mtx_lock(&priv->work_mtx);
455
456 /* Update node statistics. */
457 priv->info.nfinfo_packets ++;
458 priv->info.nfinfo_bytes += plen;
459
460 fle = hash_lookup(h, slot, &r); /* New flow entry or existent? */
461
462 if (fle) { /* an existent entry */
463
464 TAILQ_REMOVE(&priv->work_queue, fle, fle_work);
465
466 fle->f.bytes += plen;
467 fle->f.packets ++;
468 fle->f.tcp_flags |= tcp_flags;
469 fle->f.last = time_uptime;
470
471 /*
472 * We have the following reasons to expire flow in active way:
473 * - it hit active timeout
474 * - a TCP connection closed
475 * - it is going to overflow counter
476 */
477 if (tcp_flags & TH_FIN || tcp_flags & TH_RST || AGED(fle) ||
478 (fle->f.bytes >= (UINT_MAX - IF_MAXMTU)) )
479 expire_flow(priv, fle);
480 else
481 TAILQ_INSERT_TAIL(&priv->work_queue, fle, fle_work);
482
483 mtx_unlock(&priv->work_mtx);
484
485 } else { /* a new flow entry */
486
487 mtx_unlock(&priv->work_mtx);
488 return hash_insert(priv, slot, &r, plen, tcp_flags);
489
490 }
491
492 mtx_assert(&priv->work_mtx, MA_NOTOWNED);
493 mtx_assert(&priv->expire_mtx, MA_NOTOWNED);
494 mtx_assert(&priv->free_mtx, MA_NOTOWNED);
495
496 return (0);
497 }
498
499 /*
500 * Return records from cache. netgraph(4) guarantees us that we
501 * are locked against ng_netflow_rcvdata(). However we can
502 * work with ng_netflow_expire() in parrallel. XXX: Is it dangerous?
503 *
504 * TODO: matching particular IP should be done in kernel, here.
505 */
506 int
507 ng_netflow_flow_show(priv_p priv, uint32_t last, struct ng_mesg *resp)
508 {
509 struct flow_entry *fle;
510 struct ngnf_flows *data;
511
512 data = (struct ngnf_flows *)resp->data;
513 data->last = 0;
514 data->nentries = 0;
515
516 /* Check if this is a first run */
517 if (last == 0)
518 fle = priv->cache;
519 else {
520 if (last > CACHESIZE-1)
521 return (EINVAL);
522 fle = priv->cache + last;
523 }
524
525 /*
526 * We will transfer not more than NREC_AT_ONCE. More data
527 * will come in next message.
528 * We send current stop point to userland, and userland should return
529 * it back to us.
530 */
531 for (; last < CACHESIZE; fle++, last++) {
532 if (ISFREE(fle))
533 continue;
534 bcopy(&fle->f, &(data->entries[data->nentries]),
535 sizeof(fle->f));
536 data->nentries ++;
537 if (data->nentries == NREC_AT_ONCE) {
538 if (++last < CACHESIZE)
539 data->last = (++fle - priv->cache);
540 return (0);
541 }
542 }
543
544 return (0);
545 }
546
547 /* We have full datagram in privdata. Send it to export hook. */
548 static int
549 export_send(priv_p priv)
550 {
551 struct netflow_v5_header *header = &priv->dgram.header;
552 struct timespec ts;
553 struct mbuf *m;
554 int error = 0;
555 int mlen;
556
557 header->sys_uptime = htonl(MILLIUPTIME(time_uptime));
558
559 getnanotime(&ts);
560 header->unix_secs = htonl(ts.tv_sec);
561 header->unix_nsecs = htonl(ts.tv_nsec);
562
563 /* Flow sequence contains number of first record */
564 header->flow_seq = htonl(priv->flow_seq - header->count);
565
566 mlen = sizeof(struct netflow_v5_header) +
567 sizeof(struct netflow_v5_record) * header->count;
568
569 header->count = htons(header->count);
570 if ((m = m_devget((caddr_t)header, mlen, 0, NULL, NULL)) == NULL) {
571 log(LOG_CRIT, "ng_netflow: m_devget() failed, losing export "
572 "dgram\n");
573 header->count = 0;
574 return(ENOBUFS);
575 }
576
577 header->count = 0;
578
579 /* Giant is required in sosend() at this moment. */
580 NET_LOCK_GIANT();
581 NG_SEND_DATA_ONLY(error, priv->export, m);
582 NET_UNLOCK_GIANT();
583
584 if (error)
585 NG_FREE_M(m);
586
587 return (error);
588 }
589
590
591 /* Create export datagram. */
592 static int
593 export_add(priv_p priv, struct flow_entry *fle)
594 {
595 struct netflow_v5_header *header = &priv->dgram.header;
596 struct netflow_v5_record *rec;
597
598 if (header->count == 0 ) { /* first record */
599 rec = &priv->dgram.r[0];
600 header->count = 1;
601 } else { /* continue filling datagram */
602 rec = &priv->dgram.r[header->count];
603 header->count ++;
604 }
605
606 /* Fill in export record */
607 rec->src_addr = fle->f.r.r_src.s_addr;
608 rec->dst_addr = fle->f.r.r_dst.s_addr;
609 rec->next_hop = fle->f.next_hop.s_addr;
610 rec->i_ifx = htons(fle->f.fle_i_ifx);
611 rec->o_ifx = htons(fle->f.fle_o_ifx);
612 rec->packets = htonl(fle->f.packets);
613 rec->octets = htonl(fle->f.bytes);
614 rec->first = htonl(MILLIUPTIME(fle->f.first));
615 rec->last = htonl(MILLIUPTIME(fle->f.last));
616 rec->s_port = fle->f.r.r_sport;
617 rec->d_port = fle->f.r.r_dport;
618 rec->flags = fle->f.tcp_flags;
619 rec->prot = fle->f.r.r_ip_p;
620 rec->tos = fle->f.r.r_tos;
621 rec->dst_mask = fle->f.dst_mask;
622 rec->src_mask = fle->f.src_mask;
623
624 priv->flow_seq++;
625
626 if (header->count == NETFLOW_V5_MAX_RECORDS) /* end of datagram */
627 return export_send(priv);
628
629 return (0);
630 }
631
632 /* Periodic flow expiry run. */
633 void
634 ng_netflow_expire(void *arg)
635 {
636 register struct flow_entry *fle, *fle1;
637 priv_p priv = (priv_p )arg;
638 uint32_t used;
639 int error = 0;
640
641 /* First pack actively expired entries */
642 mtx_lock(&priv->expire_mtx);
643 while (!SLIST_EMPTY(&(priv->expire_list))) {
644 fle = SLIST_FIRST(&(priv->expire_list));
645 SLIST_REMOVE_HEAD(&(priv->expire_list), fle_free);
646 mtx_unlock(&priv->expire_mtx);
647
648 /*
649 * While we have dropped the lock, expire_flow() may
650 * insert another flow into top of the list.
651 * This is not harmful for us, since we have already
652 * detached our own.
653 */
654
655 if ((error = export_add(priv, fle)) != 0)
656 log(LOG_CRIT, "ng_netflow: export_add() failed: %u\n",
657 error);
658 (void )free_flow(priv, fle);
659
660 mtx_lock(&priv->expire_mtx);
661 }
662 mtx_unlock(&priv->expire_mtx);
663
664 NGNF_GETUSED(priv, used);
665 mtx_lock(&priv->work_mtx);
666 TAILQ_FOREACH_SAFE(fle, &(priv->work_queue), fle_work, fle1) {
667 /*
668 * When cache size has not reached CACHELOWAT yet, we keep
669 * both inactive and active flows in cache. Doing this, we
670 * reduce number of exports, since many inactive flows may
671 * wake up and continue their life. However, we make an
672 * exclusion for scans. It is very rare situation that
673 * inactive 1-packet flow will wake up.
674 * When cache has reached CACHELOWAT, we expire all inactive
675 * flows, until cache gets to a sane size.
676 */
677 if (used <= CACHELOWAT && !INACTIVE(fle))
678 goto finish;
679
680 if ((INACTIVE(fle) && (SMALL(fle) || (used > CACHELOWAT))) ||
681 AGED(fle)) {
682
683 /* Detach flow entry from cache */
684 LIST_REMOVE(fle, fle_hash);
685 TAILQ_REMOVE(&priv->work_queue, fle, fle_work);
686
687 /*
688 * While we are sending to collector, unlock cache.
689 * XXX: it can happen, however with a small probability,
690 * that item, we are holding now, can be moved to the
691 * top of flow cache by node thread. In this case our
692 * expire thread stops checking. Since this is not
693 * fatal we will just ignore it now.
694 */
695 mtx_unlock(&priv->work_mtx);
696
697 if ((error = export_add(priv, fle)) != 0)
698 log(LOG_CRIT, "ng_netflow: export_add() "
699 "failed: %u\n", error);
700
701 used = free_flow(priv, fle);
702
703 mtx_lock(&priv->work_mtx);
704 }
705 }
706
707 finish:
708 mtx_unlock(&priv->work_mtx);
709
710 mtx_assert(&priv->expire_mtx, MA_NOTOWNED);
711 mtx_assert(&priv->free_mtx, MA_NOTOWNED);
712
713 /* schedule next expire */
714 callout_reset(&priv->exp_callout, (1*hz), &ng_netflow_expire,
715 (void *)priv);
716
717 }
Cache object: 1f256932d01a65072dd555754396f413
|