+/*
+ * Copyright (c) 2009, 2010 InMon Corp.
+ * Copyright (c) 2009 Nicira Networks.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <config.h>
+#include "ofproto-sflow.h"
+#include <inttypes.h>
+#include <stdlib.h>
+#include "collectors.h"
+#include "dpif.h"
+#include "compiler.h"
+#include "netdev.h"
+#include "ofpbuf.h"
+#include "ofproto.h"
+#include "poll-loop.h"
+#include "port-array.h"
+#include "sflow_api.h"
+#include "socket-util.h"
+#include "timeval.h"
+
+#define THIS_MODULE VLM_sflow
+#include "vlog.h"
+
+struct ofproto_sflow_port {
+ struct netdev *netdev; /* Underlying network device, for stats. */
+ SFLDataSource_instance dsi; /* sFlow library's notion of port number. */
+};
+
+struct ofproto_sflow {
+ struct ofproto *ofproto;
+ struct collectors *collectors;
+ SFLAgent *sflow_agent;
+ struct ofproto_sflow_options *options;
+ struct dpif *dpif;
+ time_t next_tick;
+ size_t n_flood, n_all;
+ struct port_array ports; /* Indexed by ODP port number. */
+};
+
+#define RECEIVER_INDEX 1
+
+static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+
+static bool
+ofproto_sflow_options_equal(const struct ofproto_sflow_options *a,
+ const struct ofproto_sflow_options *b)
+{
+ return (svec_equal(&a->targets, &b->targets)
+ && a->sampling_rate == b->sampling_rate
+ && a->polling_interval == b->polling_interval
+ && a->header_len == b->header_len
+ && a->sub_id == b->sub_id
+ && !strcmp(a->agent_device, b->agent_device)
+ && !strcmp(a->control_ip, b->control_ip));
+}
+
+static struct ofproto_sflow_options *
+ofproto_sflow_options_clone(const struct ofproto_sflow_options *old)
+{
+ struct ofproto_sflow_options *new = xmemdup(old, sizeof *old);
+ new->agent_device = old->agent_device ? xstrdup(old->agent_device) : NULL;
+ new->control_ip = old->control_ip ? xstrdup(old->control_ip) : NULL;
+ return new;
+}
+
+static void
+ofproto_sflow_options_destroy(struct ofproto_sflow_options *options)
+{
+ if (options) {
+ free(options->agent_device);
+ free(options->control_ip);
+ free(options);
+ }
+}
+
+/* sFlow library callback to allocate memory. */
+static void *
+sflow_agent_alloc_cb(void *magic UNUSED, SFLAgent *agent UNUSED, size_t bytes)
+{
+ return calloc(1, bytes);
+}
+
+/* sFlow library callback to free memory. */
+static int
+sflow_agent_free_cb(void *magic UNUSED, SFLAgent *agent UNUSED, void *obj)
+{
+ free(obj);
+ return 0;
+}
+
+/* sFlow library callback to report error. */
+static void
+sflow_agent_error_cb(void *magic UNUSED, SFLAgent *agent UNUSED, char *msg)
+{
+ VLOG_WARN("sFlow agent error: %s", msg);
+}
+
+/* sFlow library callback to send datagram. */
+static void
+sflow_agent_send_packet_cb(void *os_, SFLAgent *agent UNUSED,
+ SFLReceiver *receiver UNUSED, u_char *pkt,
+ uint32_t pktLen)
+{
+ struct ofproto_sflow *os = os_;
+ collectors_send(os->collectors, pkt, pktLen);
+}
+
+static void
+sflow_agent_get_counters(void *os_, SFLPoller *poller,
+ SFL_COUNTERS_SAMPLE_TYPE *cs)
+{
+ struct ofproto_sflow *os = os_;
+ SFLCounters_sample_element elem;
+ struct ofproto_sflow_port *osp;
+ SFLIf_counters *counters;
+ struct netdev_stats stats;
+ enum netdev_flags flags;
+ uint32_t current;
+
+ osp = port_array_get(&os->ports, poller->bridgePort);
+ if (!osp) {
+ return;
+ }
+
+ elem.tag = SFLCOUNTERS_GENERIC;
+ counters = &elem.counterBlock.generic;
+ counters->ifIndex = SFL_DS_INDEX(poller->dsi);
+ counters->ifType = 6;
+ if (!netdev_get_features(osp->netdev, ¤t, NULL, NULL, NULL)) {
+ counters->ifSpeed = netdev_features_to_bps(current);
+ counters->ifDirection = (netdev_features_is_full_duplex(current)
+ ? 1 : 2);
+ } else {
+ counters->ifSpeed = 100000000;
+ counters->ifDirection = 1;
+ }
+ if (!netdev_get_flags(osp->netdev, &flags) && flags & NETDEV_UP) {
+ bool carrier;
+
+ counters->ifStatus = 1; /* ifAdminStatus up. */
+ if (!netdev_get_carrier(osp->netdev, &carrier) && carrier) {
+ counters->ifStatus |= 2; /* ifOperStatus us. */
+ }
+ } else {
+ counters->ifStatus = 0; /* Down. */
+ }
+
+ /* XXX
+ 1. Is the multicast counter filled in?
+ 2. Does the multicast counter include broadcasts?
+ 3. Does the rx_packets counter include multicasts/broadcasts?
+ */
+ netdev_get_stats(osp->netdev, &stats);
+ counters->ifInOctets = stats.rx_bytes;
+ counters->ifInUcastPkts = stats.rx_packets;
+ counters->ifInMulticastPkts = stats.multicast;
+ counters->ifInBroadcastPkts = -1;
+ counters->ifInDiscards = stats.rx_dropped;
+ counters->ifInErrors = stats.rx_errors;
+ counters->ifInUnknownProtos = -1;
+ counters->ifOutOctets = stats.tx_bytes;
+ counters->ifOutUcastPkts = stats.tx_packets;
+ counters->ifOutMulticastPkts = -1;
+ counters->ifOutBroadcastPkts = -1;
+ counters->ifOutDiscards = stats.tx_dropped;
+ counters->ifOutErrors = stats.tx_errors;
+ counters->ifPromiscuousMode = 0;
+
+ SFLADD_ELEMENT(cs, &elem);
+ sfl_poller_writeCountersSample(poller, cs);
+}
+
+/* Obtains an address to use for the local sFlow agent and stores it into
+ * '*agent_addr'. Returns true if successful, false on failure.
+ *
+ * The sFlow agent address should be a local IP address that is persistent and
+ * reachable over the network, if possible. The IP address associated with
+ * 'agent_device' is used if it has one, and otherwise 'control_ip', the IP
+ * address used to talk to the controller. */
+static bool
+sflow_choose_agent_address(const char *agent_device, const char *control_ip,
+ SFLAddress *agent_addr)
+{
+ struct in_addr in4;
+
+ memset(agent_addr, 0, sizeof *agent_addr);
+ agent_addr->type = SFLADDRESSTYPE_IP_V4;
+
+ if (agent_device) {
+ struct netdev *netdev;
+
+ if (!netdev_open(agent_device, NETDEV_ETH_TYPE_NONE, &netdev)) {
+ int error = netdev_get_in4(netdev, &in4, NULL);
+ netdev_close(netdev);
+ if (!error) {
+ goto success;
+ }
+ }
+ }
+
+ if (control_ip && !lookup_ip(control_ip, &in4)) {
+ goto success;
+ }
+
+ VLOG_ERR("could not determine IP address for sFlow agent");
+ return false;
+
+success:
+ agent_addr->address.ip_v4.addr = in4.s_addr;
+ return true;
+}
+
+void
+ofproto_sflow_clear(struct ofproto_sflow *os)
+{
+ struct ofproto_sflow_port *osp;
+ unsigned int odp_port;
+
+ if (os->sflow_agent) {
+ sfl_agent_release(os->sflow_agent);
+ os->sflow_agent = NULL;
+ }
+ collectors_destroy(os->collectors);
+ os->collectors = NULL;
+ ofproto_sflow_options_destroy(os->options);
+ os->options = NULL;
+
+ PORT_ARRAY_FOR_EACH (osp, &os->ports, odp_port) {
+ ofproto_sflow_del_port(os, odp_port);
+ }
+ port_array_clear(&os->ports);
+
+ /* Turn off sampling to save CPU cycles. */
+ dpif_set_sflow_probability(os->dpif, 0);
+}
+
+bool
+ofproto_sflow_is_enabled(const struct ofproto_sflow *os)
+{
+ return os->collectors != NULL;
+}
+
+struct ofproto_sflow *
+ofproto_sflow_create(struct dpif *dpif)
+{
+ struct ofproto_sflow *os;
+
+ os = xcalloc(1, sizeof *os);
+ os->dpif = dpif;
+ os->next_tick = time_now() + 1;
+ port_array_init(&os->ports);
+ return os;
+}
+
+void
+ofproto_sflow_destroy(struct ofproto_sflow *os)
+{
+ if (os) {
+ ofproto_sflow_clear(os);
+ port_array_destroy(&os->ports);
+ free(os);
+ }
+}
+
+static void
+ofproto_sflow_add_poller(struct ofproto_sflow *os,
+ struct ofproto_sflow_port *osp, uint16_t odp_port)
+{
+ SFLPoller *poller = sfl_agent_addPoller(os->sflow_agent, &osp->dsi, os,
+ sflow_agent_get_counters);
+ sfl_poller_set_sFlowCpInterval(poller, os->options->polling_interval);
+ sfl_poller_set_sFlowCpReceiver(poller, RECEIVER_INDEX);
+ sfl_poller_set_bridgePort(poller, odp_port);
+}
+
+void
+ofproto_sflow_add_port(struct ofproto_sflow *os, uint16_t odp_port,
+ const char *netdev_name)
+{
+ struct ofproto_sflow_port *osp;
+ struct netdev *netdev;
+ uint32_t ifindex;
+ int error;
+
+ ofproto_sflow_del_port(os, odp_port);
+
+ /* Open network device. */
+ error = netdev_open(netdev_name, NETDEV_ETH_TYPE_NONE, &netdev);
+ if (error) {
+ VLOG_WARN_RL(&rl, "failed to open network device \"%s\": %s",
+ netdev_name, strerror(error));
+ return;
+ }
+
+ /* Add to table of ports. */
+ osp = xmalloc(sizeof *osp);
+ osp->netdev = netdev;
+ ifindex = netdev_get_ifindex(netdev);
+ if (ifindex <= 0) {
+ ifindex = (os->sflow_agent->subId << 16) + odp_port;
+ }
+ SFL_DS_SET(osp->dsi, 0, ifindex, 0);
+ port_array_set(&os->ports, odp_port, osp);
+
+ /* Add poller. */
+ if (os->sflow_agent) {
+ ofproto_sflow_add_poller(os, osp, odp_port);
+ }
+}
+
+void
+ofproto_sflow_del_port(struct ofproto_sflow *os, uint16_t odp_port)
+{
+ struct ofproto_sflow_port *osp = port_array_get(&os->ports, odp_port);
+ if (osp) {
+ if (os->sflow_agent) {
+ sfl_agent_removePoller(os->sflow_agent, &osp->dsi);
+ }
+ netdev_close(osp->netdev);
+ free(osp);
+ port_array_set(&os->ports, odp_port, NULL);
+ }
+}
+
+void
+ofproto_sflow_set_options(struct ofproto_sflow *os,
+ const struct ofproto_sflow_options *options)
+{
+ struct ofproto_sflow_port *osp;
+ SFLDataSource_instance dsi;
+ bool options_changed;
+ SFLSampler *sampler;
+ SFLReceiver *receiver;
+ unsigned int odp_port;
+ SFLAddress agentIP;
+ time_t now;
+ int error;
+
+ options_changed = (!os->options
+ || !ofproto_sflow_options_equal(options, os->options));
+
+ /* Configure collectors if options have changed or if we're shortchanged in
+ * collectors (which indicates that opening one or more of the configured
+ * collectors failed, so that we should retry). */
+ if (options_changed
+ || collectors_count(os->collectors) < options->targets.n) {
+ collectors_destroy(os->collectors);
+ error = collectors_create(&options->targets,
+ SFL_DEFAULT_COLLECTOR_PORT, &os->collectors);
+ if (os->collectors == NULL) {
+ VLOG_WARN_RL(&rl, "no configured collectors, sFlow disabled");
+ ofproto_sflow_clear(os);
+ return;
+ }
+ }
+
+ /* Avoid reconfiguring if options didn't change. */
+ if (!options_changed) {
+ return;
+ }
+ ofproto_sflow_options_destroy(os->options);
+ os->options = ofproto_sflow_options_clone(options);
+
+ /* Choose agent IP address. */
+ if (!sflow_choose_agent_address(options->agent_device,
+ options->control_ip, &agentIP)) {
+ ofproto_sflow_clear(os);
+ return;
+ }
+
+ /* Create agent. */
+ VLOG_INFO("creating sFlow agent %d", options->sub_id);
+ if (os->sflow_agent) {
+ sfl_agent_release(os->sflow_agent);
+ }
+ os->sflow_agent = xcalloc(1, sizeof *os->sflow_agent);
+ now = time_now();
+ sfl_agent_init(os->sflow_agent,
+ &agentIP,
+ options->sub_id,
+ now, /* Boot time. */
+ now, /* Current time. */
+ os, /* Pointer supplied to callbacks. */
+ sflow_agent_alloc_cb,
+ sflow_agent_free_cb,
+ sflow_agent_error_cb,
+ sflow_agent_send_packet_cb);
+
+ receiver = sfl_agent_addReceiver(os->sflow_agent);
+ sfl_receiver_set_sFlowRcvrOwner(receiver, "OpenVSwitch sFlow");
+ sfl_receiver_set_sFlowRcvrTimeout(receiver, 0xffffffff);
+
+ /* Add a single sampler to represent the whole switch (special <ifIndex>:0
+ * datasource). The alternative is to model a physical switch more closely
+ * and instantiate a separate sampler object for each interface, but then
+ * unicasts would have to be offered to two samplers, and
+ * broadcasts/multicasts would have to be offered to all of them. Doing it
+ * this way with a single <ifindex>:0 sampler is much more efficient for a
+ * virtual switch, and is allowed by the sFlow standard.
+ */
+ SFL_DS_SET(dsi, 0, 0, 0);
+ sampler = sfl_agent_addSampler(os->sflow_agent, &dsi);
+ sfl_sampler_set_sFlowFsReceiver(sampler, RECEIVER_INDEX);
+ sfl_sampler_set_sFlowFsPacketSamplingRate(sampler, options->sampling_rate);
+ sfl_sampler_set_sFlowFsMaximumHeaderSize(sampler, options->header_len);
+
+ /* Set the sampling_rate down in the datapath. */
+ dpif_set_sflow_probability(os->dpif,
+ MAX(1, UINT32_MAX / options->sampling_rate));
+
+ /* Add the currently known ports. */
+ PORT_ARRAY_FOR_EACH (osp, &os->ports, odp_port) {
+ ofproto_sflow_add_poller(os, osp, odp_port);
+ }
+}
+
+void
+ofproto_sflow_received(struct ofproto_sflow *os, struct odp_msg *msg)
+{
+ SFL_FLOW_SAMPLE_TYPE fs;
+ SFLFlow_sample_element hdrElem;
+ SFLSampled_header *header;
+ SFLFlow_sample_element switchElem;
+ SFLSampler *sampler = os->sflow_agent->samplers;
+ const struct odp_sflow_sample_header *hdr;
+ const union odp_action *actions;
+ struct ofpbuf payload;
+ size_t n_actions, n_outputs;
+ size_t min_size;
+ flow_t flow;
+ size_t i;
+
+ /* Get odp_sflow_sample_header. */
+ min_size = sizeof *msg + sizeof *hdr;
+ if (min_size > msg->length) {
+ VLOG_WARN_RL(&rl, "sFlow packet too small (%"PRIu32" < %zu)",
+ msg->length, min_size);
+ return;
+ }
+ hdr = (const struct odp_sflow_sample_header *) (msg + 1);
+
+ /* Get actions. */
+ n_actions = hdr->n_actions;
+ if (n_actions > 65536 / sizeof *actions) {
+ VLOG_WARN_RL(&rl, "too many actions in sFlow packet (%"PRIu32" > %zu)",
+ 65536 / sizeof *actions, n_actions);
+ return;
+ }
+ min_size += n_actions * sizeof *actions;
+ if (min_size > msg->length) {
+ VLOG_WARN_RL(&rl, "sFlow packet with %zu actions too small "
+ "(%"PRIu32" < %zu)",
+ n_actions, msg->length, min_size);
+ return;
+ }
+ actions = (const union odp_action *) (hdr + 1);
+
+ /* Get packet payload and extract flow. */
+ payload.data = (union odp_action *) (actions + n_actions);
+ payload.size = msg->length - min_size;
+ flow_extract(&payload, msg->port, &flow);
+
+ /* Build a flow sample */
+ memset(&fs, 0, sizeof fs);
+ fs.input = msg->port == ODPP_LOCAL ? 0x3fffffff : msg->port;
+ fs.output = 0; /* Filled in correctly below. */
+ fs.sample_pool = hdr->sample_pool;
+
+ /* Sampled header. */
+ memset(&hdrElem, 0, sizeof hdrElem);
+ hdrElem.tag = SFLFLOW_HEADER;
+ header = &hdrElem.flowType.header;
+ header->header_protocol = SFLHEADER_ETHERNET_ISO8023;
+ header->frame_length = payload.size;
+ header->stripped = 4; /* Ethernet FCS stripped off. */
+ header->header_length = MIN(payload.size,
+ sampler->sFlowFsMaximumHeaderSize);
+ header->header_bytes = payload.data;
+
+ /* Add extended switch element. */
+ memset(&switchElem, 0, sizeof(switchElem));
+ switchElem.tag = SFLFLOW_EX_SWITCH;
+ switchElem.flowType.sw.src_vlan = flow.dl_vlan;
+ switchElem.flowType.sw.src_priority = -1; /* XXX */
+ switchElem.flowType.sw.dst_vlan = -1; /* Filled in correctly below. */
+ switchElem.flowType.sw.dst_priority = switchElem.flowType.sw.src_priority;
+
+ /* Figure out the output ports. */
+ n_outputs = 0;
+ for (i = 0; i < n_actions; i++) {
+ const union odp_action *a = &actions[i];
+
+ switch (a->type) {
+ case ODPAT_OUTPUT:
+ fs.output = a->output.port;
+ n_outputs++;
+ break;
+
+ case ODPAT_OUTPUT_GROUP:
+ n_outputs += (a->output_group.group == DP_GROUP_FLOOD ? os->n_flood
+ : a->output_group.group == DP_GROUP_ALL ? os->n_all
+ : 0);
+ break;
+
+ case ODPAT_SET_VLAN_VID:
+ switchElem.flowType.sw.dst_vlan = a->vlan_vid.vlan_vid;
+ break;
+
+ case ODPAT_SET_VLAN_PCP:
+ switchElem.flowType.sw.dst_priority = a->vlan_pcp.vlan_pcp;
+ break;
+
+ default:
+ break;
+ }
+ }
+ if (n_outputs > 1 || !fs.output) {
+ /* Setting the high bit means "multiple output ports". */
+ fs.output = 0x80000000 | n_outputs;
+ }
+
+ /* Submit the flow sample to be encoded into the next datagram. */
+ SFLADD_ELEMENT(&fs, &hdrElem);
+ SFLADD_ELEMENT(&fs, &switchElem);
+ sfl_sampler_writeFlowSample(sampler, &fs);
+}
+
+void
+ofproto_sflow_set_group_sizes(struct ofproto_sflow *os,
+ size_t n_flood, size_t n_all)
+{
+ os->n_flood = n_flood;
+ os->n_all = n_all;
+}
+
+void
+ofproto_sflow_run(struct ofproto_sflow *os)
+{
+ if (ofproto_sflow_is_enabled(os)) {
+ time_t now = time_now();
+ if (now >= os->next_tick) {
+ sfl_agent_tick(os->sflow_agent, now);
+ os->next_tick = now + 1;
+ }
+ }
+}
+
+void
+ofproto_sflow_wait(struct ofproto_sflow *os)
+{
+ if (ofproto_sflow_is_enabled(os)) {
+ poll_timer_wait(os->next_tick * 1000 - time_msec());
+ }
+}