Lines Matching +full:max +full:- +full:rt
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2010-2011 Alexander V. Chernikov <melifaro@ipfw.ru>
5 * Copyright (c) 2004-2005 Gleb Smirnoff <glebius@FreeBSD.org>
6 * Copyright (c) 2001-2003 Roman V. Palagin <romanp@unshadow.net>
81 (NBUCKETS - 1))
87 (NBUCKETS - 1))
91 #define INACTIVE(fle) (time_uptime - fle->f.last > priv->nfinfo_inact_t)
92 #define AGED(fle) (time_uptime - fle->f.first > priv->nfinfo_act_t)
93 #define ISFREE(fle) (fle->f.packets == 0)
96 * 4 is a magical number: statistically number of 4-packet flows is
97 * bigger than 5,6,7...-packet flows by an order of magnitude. Most UDP/ICMP
98 * scans are 1 packet (~ 90% of flow cache). TCP scans are 2-packet in case
99 * of reachable host and 4-packet otherwise.
101 #define SMALL(fle) (fle->f.packets <= 4)
134 switch (r->r_ip_p) { in ip_hash()
137 return FULL_HASH(r->r_src.s_addr, r->r_dst.s_addr, in ip_hash()
138 r->r_sport, r->r_dport); in ip_hash()
140 return ADDR_HASH(r->r_src.s_addr, r->r_dst.s_addr); in ip_hash()
151 switch (r->r_ip_p) { in ip6_hash()
154 return FULL_HASH(r->src.r_src6.__u6_addr.__u6_addr32[3], in ip6_hash()
155 r->dst.r_dst6.__u6_addr.__u6_addr32[3], r->r_sport, in ip6_hash()
156 r->r_dport); in ip6_hash()
158 return ADDR_HASH(r->src.r_src6.__u6_addr.__u6_addr32[3], in ip6_hash()
159 r->dst.r_dst6.__u6_addr.__u6_addr32[3]); in ip6_hash()
174 mtx_lock(&fe->export_mtx); in get_export_dgram()
175 if (fe->exp.item != NULL) { in get_export_dgram()
176 item = fe->exp.item; in get_export_dgram()
177 fe->exp.item = NULL; in get_export_dgram()
179 mtx_unlock(&fe->export_mtx); in get_export_dgram()
192 dgram->header.count = 0; in get_export_dgram()
193 dgram->header.version = htons(NETFLOW_V5); in get_export_dgram()
194 dgram->header.pad = 0; in get_export_dgram()
201 * Re-attach incomplete datagram back to priv.
212 mtx_lock(&fe->export_mtx); in return_export_dgram()
213 if (fe->exp.item == NULL) { in return_export_dgram()
214 fe->exp.item = item; in return_export_dgram()
215 mtx_unlock(&fe->export_mtx); in return_export_dgram()
217 mtx_unlock(&fe->export_mtx); in return_export_dgram()
230 uint16_t version = fle->f.version; in expire_flow()
232 if ((priv->export != NULL) && (version == IPVERSION)) { in expire_flow()
235 priv->nfinfo_export_failed++; in expire_flow()
236 if (priv->export9 != NULL) in expire_flow()
237 priv->nfinfo_export9_failed++; in expire_flow()
239 uma_zfree_arg(priv->zone, fle, priv); in expire_flow()
249 if (priv->export9 != NULL) { in expire_flow()
252 priv->nfinfo_export9_failed++; in expire_flow()
254 uma_zfree_arg(priv->zone, fle, priv); in expire_flow()
257 uma_zfree_arg(priv->zone6, fle, priv); in expire_flow()
273 uma_zfree_arg(priv->zone, fle, priv); in expire_flow()
276 uma_zfree_arg(priv->zone6, fle, priv); in expire_flow()
285 i->nfinfo_bytes = counter_u64_fetch(priv->nfinfo_bytes); in ng_netflow_copyinfo()
286 i->nfinfo_packets = counter_u64_fetch(priv->nfinfo_packets); in ng_netflow_copyinfo()
287 i->nfinfo_bytes6 = counter_u64_fetch(priv->nfinfo_bytes6); in ng_netflow_copyinfo()
288 i->nfinfo_packets6 = counter_u64_fetch(priv->nfinfo_packets6); in ng_netflow_copyinfo()
289 i->nfinfo_sbytes = counter_u64_fetch(priv->nfinfo_sbytes); in ng_netflow_copyinfo()
290 i->nfinfo_spackets = counter_u64_fetch(priv->nfinfo_spackets); in ng_netflow_copyinfo()
291 i->nfinfo_sbytes6 = counter_u64_fetch(priv->nfinfo_sbytes6); in ng_netflow_copyinfo()
292 i->nfinfo_spackets6 = counter_u64_fetch(priv->nfinfo_spackets6); in ng_netflow_copyinfo()
293 i->nfinfo_act_exp = counter_u64_fetch(priv->nfinfo_act_exp); in ng_netflow_copyinfo()
294 i->nfinfo_inact_exp = counter_u64_fetch(priv->nfinfo_inact_exp); in ng_netflow_copyinfo()
296 i->nfinfo_used = uma_zone_get_cur(priv->zone); in ng_netflow_copyinfo()
298 i->nfinfo_used6 = uma_zone_get_cur(priv->zone6); in ng_netflow_copyinfo()
301 i->nfinfo_alloc_failed = priv->nfinfo_alloc_failed; in ng_netflow_copyinfo()
302 i->nfinfo_export_failed = priv->nfinfo_export_failed; in ng_netflow_copyinfo()
303 i->nfinfo_export9_failed = priv->nfinfo_export9_failed; in ng_netflow_copyinfo()
304 i->nfinfo_realloc_mbuf = priv->nfinfo_realloc_mbuf; in ng_netflow_copyinfo()
305 i->nfinfo_alloc_fibs = priv->nfinfo_alloc_fibs; in ng_netflow_copyinfo()
306 i->nfinfo_inact_t = priv->nfinfo_inact_t; in ng_netflow_copyinfo()
307 i->nfinfo_act_t = priv->nfinfo_act_t; in ng_netflow_copyinfo()
327 mtx_assert(&hsh->mtx, MA_OWNED); in hash_insert()
329 fle = uma_zalloc_arg(priv->zone, priv, M_NOWAIT); in hash_insert()
331 priv->nfinfo_alloc_failed++; in hash_insert()
339 fle->f.version = IPVERSION; in hash_insert()
340 bcopy(r, &fle->f.r, sizeof(struct flow_rec)); in hash_insert()
341 fle->f.bytes = plen; in hash_insert()
342 fle->f.packets = 1; in hash_insert()
343 fle->f.tcp_flags = tcp_flags; in hash_insert()
345 fle->f.first = fle->f.last = time_uptime; in hash_insert()
352 struct rtentry *rt; in hash_insert() local
355 rt = fib4_lookup_rt(r->fib, fle->f.r.r_dst, 0, NHR_NONE, &rnd); in hash_insert()
356 if (rt != NULL) { in hash_insert()
362 rt_get_inet_prefix_plen(rt, &addr, &plen, &scopeid); in hash_insert()
363 fle->f.fle_o_ifx = nh->nh_ifp->if_index; in hash_insert()
364 if (nh->gw_sa.sa_family == AF_INET) in hash_insert()
365 fle->f.next_hop = nh->gw4_sa.sin_addr; in hash_insert()
370 fle->f.dst_mask = plen; in hash_insert()
376 struct rtentry *rt; in hash_insert() local
379 rt = fib4_lookup_rt(r->fib, fle->f.r.r_src, 0, NHR_NONE, &rnd); in hash_insert()
380 if (rt != NULL) { in hash_insert()
385 rt_get_inet_prefix_plen(rt, &addr, &plen, &scopeid); in hash_insert()
386 fle->f.src_mask = plen; in hash_insert()
391 TAILQ_INSERT_TAIL(&hsh->head, fle, fle_hash); in hash_insert()
404 mtx_assert(&hsh6->mtx, MA_OWNED); in hash6_insert()
406 fle6 = uma_zalloc_arg(priv->zone6, priv, M_NOWAIT); in hash6_insert()
408 priv->nfinfo_alloc_failed++; in hash6_insert()
417 fle6->f.version = IP6VERSION; in hash6_insert()
418 bcopy(r, &fle6->f.r, sizeof(struct flow6_rec)); in hash6_insert()
419 fle6->f.bytes = plen; in hash6_insert()
420 fle6->f.packets = 1; in hash6_insert()
421 fle6->f.tcp_flags = tcp_flags; in hash6_insert()
423 fle6->f.first = fle6->f.last = time_uptime; in hash6_insert()
430 struct rtentry *rt; in hash6_insert() local
433 rt = fib6_lookup_rt(r->fib, &fle6->f.r.dst.r_dst6, 0, NHR_NONE, &rnd); in hash6_insert()
434 if (rt != NULL) { in hash6_insert()
440 rt_get_inet6_prefix_plen(rt, &addr, &plen, &scopeid); in hash6_insert()
441 fle6->f.fle_o_ifx = nh->nh_ifp->if_index; in hash6_insert()
442 if (nh->gw_sa.sa_family == AF_INET6) in hash6_insert()
443 fle6->f.n.next_hop6 = nh->gw6_sa.sin6_addr; in hash6_insert()
444 fle6->f.dst_mask = plen; in hash6_insert()
450 struct rtentry *rt; in hash6_insert() local
453 rt = fib6_lookup_rt(r->fib, &fle6->f.r.src.r_src6, 0, NHR_NONE, &rnd); in hash6_insert()
454 if (rt != NULL) { in hash6_insert()
459 rt_get_inet6_prefix_plen(rt, &addr, &plen, &scopeid); in hash6_insert()
460 fle6->f.src_mask = plen; in hash6_insert()
465 TAILQ_INSERT_TAIL(&hsh6->head, (struct flow_entry *)fle6, fle_hash); in hash6_insert()
472 * Non-static functions called from ng_netflow.c
483 priv->zone = uma_zcreate("NetFlow IPv4 cache", in ng_netflow_cache_init()
486 uma_zone_set_max(priv->zone, CACHESIZE); in ng_netflow_cache_init()
488 priv->zone6 = uma_zcreate("NetFlow IPv6 cache", in ng_netflow_cache_init()
491 uma_zone_set_max(priv->zone6, CACHESIZE); in ng_netflow_cache_init()
495 priv->hash = malloc(NBUCKETS * sizeof(struct flow_hash_entry), in ng_netflow_cache_init()
499 for (i = 0, hsh = priv->hash; i < NBUCKETS; i++, hsh++) { in ng_netflow_cache_init()
500 mtx_init(&hsh->mtx, "hash mutex", NULL, MTX_DEF); in ng_netflow_cache_init()
501 TAILQ_INIT(&hsh->head); in ng_netflow_cache_init()
506 priv->hash6 = malloc(NBUCKETS * sizeof(struct flow_hash_entry), in ng_netflow_cache_init()
510 for (i = 0, hsh = priv->hash6; i < NBUCKETS; i++, hsh++) { in ng_netflow_cache_init()
511 mtx_init(&hsh->mtx, "hash mutex", NULL, MTX_DEF); in ng_netflow_cache_init()
512 TAILQ_INIT(&hsh->head); in ng_netflow_cache_init()
516 priv->nfinfo_bytes = counter_u64_alloc(M_WAITOK); in ng_netflow_cache_init()
517 priv->nfinfo_packets = counter_u64_alloc(M_WAITOK); in ng_netflow_cache_init()
518 priv->nfinfo_bytes6 = counter_u64_alloc(M_WAITOK); in ng_netflow_cache_init()
519 priv->nfinfo_packets6 = counter_u64_alloc(M_WAITOK); in ng_netflow_cache_init()
520 priv->nfinfo_sbytes = counter_u64_alloc(M_WAITOK); in ng_netflow_cache_init()
521 priv->nfinfo_spackets = counter_u64_alloc(M_WAITOK); in ng_netflow_cache_init()
522 priv->nfinfo_sbytes6 = counter_u64_alloc(M_WAITOK); in ng_netflow_cache_init()
523 priv->nfinfo_spackets6 = counter_u64_alloc(M_WAITOK); in ng_netflow_cache_init()
524 priv->nfinfo_act_exp = counter_u64_alloc(M_WAITOK); in ng_netflow_cache_init()
525 priv->nfinfo_inact_exp = counter_u64_alloc(M_WAITOK); in ng_netflow_cache_init()
546 mtx_init(&fe->export_mtx, "export dgram lock", NULL, MTX_DEF); in ng_netflow_fib_init()
547 mtx_init(&fe->export9_mtx, "export9 dgram lock", NULL, MTX_DEF); in ng_netflow_fib_init()
548 fe->fib = fib; in ng_netflow_fib_init()
549 fe->domain_id = fib; in ng_netflow_fib_init()
551 if (atomic_cmpset_ptr((volatile uintptr_t *)&priv->fib_data[fib], in ng_netflow_fib_init()
556 mtx_destroy(&fe->export_mtx); in ng_netflow_fib_init()
557 mtx_destroy(&fe->export9_mtx); in ng_netflow_fib_init()
563 priv->nfinfo_alloc_fibs++; in ng_netflow_fib_init()
586 for (hsh = priv->hash, i = 0; i < NBUCKETS; hsh++, i++) in ng_netflow_cache_flush()
587 TAILQ_FOREACH_SAFE(fle, &hsh->head, fle_hash, fle1) { in ng_netflow_cache_flush()
588 TAILQ_REMOVE(&hsh->head, fle, fle_hash); in ng_netflow_cache_flush()
589 fe = priv_to_fib(priv, fle->f.r.fib); in ng_netflow_cache_flush()
593 for (hsh = priv->hash6, i = 0; i < NBUCKETS; hsh++, i++) in ng_netflow_cache_flush()
594 TAILQ_FOREACH_SAFE(fle, &hsh->head, fle_hash, fle1) { in ng_netflow_cache_flush()
595 TAILQ_REMOVE(&hsh->head, fle, fle_hash); in ng_netflow_cache_flush()
596 fe = priv_to_fib(priv, fle->f.r.fib); in ng_netflow_cache_flush()
601 uma_zdestroy(priv->zone); in ng_netflow_cache_flush()
603 for (i = 0, hsh = priv->hash; i < NBUCKETS; i++, hsh++) in ng_netflow_cache_flush()
604 mtx_destroy(&hsh->mtx); in ng_netflow_cache_flush()
607 if (priv->hash != NULL) in ng_netflow_cache_flush()
608 free(priv->hash, M_NETFLOW_HASH); in ng_netflow_cache_flush()
610 uma_zdestroy(priv->zone6); in ng_netflow_cache_flush()
612 for (i = 0, hsh = priv->hash6; i < NBUCKETS; i++, hsh++) in ng_netflow_cache_flush()
613 mtx_destroy(&hsh->mtx); in ng_netflow_cache_flush()
616 if (priv->hash6 != NULL) in ng_netflow_cache_flush()
617 free(priv->hash6, M_NETFLOW_HASH); in ng_netflow_cache_flush()
620 for (i = 0; i < priv->maxfibs; i++) { in ng_netflow_cache_flush()
624 if (fe->exp.item != NULL) in ng_netflow_cache_flush()
625 export_send(priv, fe, fe->exp.item, NG_QUEUE); in ng_netflow_cache_flush()
627 if (fe->exp.item9 != NULL) in ng_netflow_cache_flush()
628 export9_send(priv, fe, fe->exp.item9, in ng_netflow_cache_flush()
629 fe->exp.item9_opt, NG_QUEUE); in ng_netflow_cache_flush()
631 mtx_destroy(&fe->export_mtx); in ng_netflow_cache_flush()
632 mtx_destroy(&fe->export9_mtx); in ng_netflow_cache_flush()
636 counter_u64_free(priv->nfinfo_bytes); in ng_netflow_cache_flush()
637 counter_u64_free(priv->nfinfo_packets); in ng_netflow_cache_flush()
638 counter_u64_free(priv->nfinfo_bytes6); in ng_netflow_cache_flush()
639 counter_u64_free(priv->nfinfo_packets6); in ng_netflow_cache_flush()
640 counter_u64_free(priv->nfinfo_sbytes); in ng_netflow_cache_flush()
641 counter_u64_free(priv->nfinfo_spackets); in ng_netflow_cache_flush()
642 counter_u64_free(priv->nfinfo_sbytes6); in ng_netflow_cache_flush()
643 counter_u64_free(priv->nfinfo_spackets6); in ng_netflow_cache_flush()
644 counter_u64_free(priv->nfinfo_act_exp); in ng_netflow_cache_flush()
645 counter_u64_free(priv->nfinfo_inact_exp); in ng_netflow_cache_flush()
666 if (ip->ip_v != IPVERSION) in ng_netflow_flow_add()
669 hlen = ip->ip_hl << 2; in ng_netflow_flow_add()
676 r.r_src = ip->ip_src; in ng_netflow_flow_add()
677 r.r_dst = ip->ip_dst; in ng_netflow_flow_add()
678 r.fib = fe->fib; in ng_netflow_flow_add()
680 plen = ntohs(ip->ip_len); in ng_netflow_flow_add()
682 r.r_ip_p = ip->ip_p; in ng_netflow_flow_add()
683 r.r_tos = ip->ip_tos; in ng_netflow_flow_add()
691 * ip_proto = ip->ip_p and s_port, d_port set to zero. in ng_netflow_flow_add()
692 * I know, it looks like bug. But I don't want to re-implement in ng_netflow_flow_add()
693 * ip packet assebmling here. Anyway, (in)famous trafd works this way - in ng_netflow_flow_add()
696 if ((ip->ip_off & htons(IP_OFFMASK)) == 0) in ng_netflow_flow_add()
703 r.r_sport = tcp->th_sport; in ng_netflow_flow_add()
704 r.r_dport = tcp->th_dport; in ng_netflow_flow_add()
713 counter_u64_add(priv->nfinfo_packets, 1); in ng_netflow_flow_add()
714 counter_u64_add(priv->nfinfo_bytes, plen); in ng_netflow_flow_add()
717 hsh = &priv->hash[ip_hash(&r)]; in ng_netflow_flow_add()
719 mtx_lock(&hsh->mtx); in ng_netflow_flow_add()
727 TAILQ_FOREACH_REVERSE_SAFE(fle, &hsh->head, fhead, fle_hash, fle1) { in ng_netflow_flow_add()
728 if (bcmp(&r, &fle->f.r, sizeof(struct flow_rec)) == 0) in ng_netflow_flow_add()
731 TAILQ_REMOVE(&hsh->head, fle, fle_hash); in ng_netflow_flow_add()
732 expire_flow(priv, priv_to_fib(priv, fle->f.r.fib), in ng_netflow_flow_add()
734 counter_u64_add(priv->nfinfo_act_exp, 1); in ng_netflow_flow_add()
740 fle->f.bytes += plen; in ng_netflow_flow_add()
741 fle->f.packets ++; in ng_netflow_flow_add()
742 fle->f.tcp_flags |= tcp_flags; in ng_netflow_flow_add()
743 fle->f.last = time_uptime; in ng_netflow_flow_add()
747 * - it hit active timeout in ng_netflow_flow_add()
748 * - a TCP connection closed in ng_netflow_flow_add()
749 * - it is going to overflow counter in ng_netflow_flow_add()
752 (fle->f.bytes >= (CNTR_MAX - IF_MAXMTU)) ) { in ng_netflow_flow_add()
753 TAILQ_REMOVE(&hsh->head, fle, fle_hash); in ng_netflow_flow_add()
754 expire_flow(priv, priv_to_fib(priv, fle->f.r.fib), in ng_netflow_flow_add()
756 counter_u64_add(priv->nfinfo_act_exp, 1); in ng_netflow_flow_add()
763 if (fle != TAILQ_LAST(&hsh->head, fhead)) { in ng_netflow_flow_add()
764 TAILQ_REMOVE(&hsh->head, fle, fle_hash); in ng_netflow_flow_add()
765 TAILQ_INSERT_TAIL(&hsh->head, fle, fle_hash); in ng_netflow_flow_add()
771 mtx_unlock(&hsh->mtx); in ng_netflow_flow_add()
793 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) in ng_netflow_flow6_add()
798 r.src.r_src6 = ip6->ip6_src; in ng_netflow_flow6_add()
799 r.dst.r_dst6 = ip6->ip6_dst; in ng_netflow_flow6_add()
800 r.fib = fe->fib; in ng_netflow_flow6_add()
805 plen = ntohs(ip6->ip6_plen) + sizeof(struct ip6_hdr); in ng_netflow_flow6_add()
809 r.r_tos = ip->ip_tos; in ng_netflow_flow6_add()
832 counter_u64_add(priv->nfinfo_packets6, 1); in ng_netflow_flow6_add()
833 counter_u64_add(priv->nfinfo_bytes6, plen); in ng_netflow_flow6_add()
836 hsh = &priv->hash6[ip6_hash(&r)]; in ng_netflow_flow6_add()
838 mtx_lock(&hsh->mtx); in ng_netflow_flow6_add()
846 TAILQ_FOREACH_REVERSE_SAFE(fle, &hsh->head, fhead, fle_hash, fle1) { in ng_netflow_flow6_add()
847 if (fle->f.version != IP6VERSION) in ng_netflow_flow6_add()
850 if (bcmp(&r, &fle6->f.r, sizeof(struct flow6_rec)) == 0) in ng_netflow_flow6_add()
853 TAILQ_REMOVE(&hsh->head, fle, fle_hash); in ng_netflow_flow6_add()
854 expire_flow(priv, priv_to_fib(priv, fle->f.r.fib), fle, in ng_netflow_flow6_add()
856 counter_u64_add(priv->nfinfo_act_exp, 1); in ng_netflow_flow6_add()
863 fle6->f.bytes += plen; in ng_netflow_flow6_add()
864 fle6->f.packets ++; in ng_netflow_flow6_add()
865 fle6->f.tcp_flags |= tcp_flags; in ng_netflow_flow6_add()
866 fle6->f.last = time_uptime; in ng_netflow_flow6_add()
870 * - it hit active timeout in ng_netflow_flow6_add()
871 * - a TCP connection closed in ng_netflow_flow6_add()
872 * - it is going to overflow counter in ng_netflow_flow6_add()
875 (fle6->f.bytes >= (CNTR_MAX - IF_MAXMTU)) ) { in ng_netflow_flow6_add()
876 TAILQ_REMOVE(&hsh->head, fle, fle_hash); in ng_netflow_flow6_add()
877 expire_flow(priv, priv_to_fib(priv, fle->f.r.fib), fle, in ng_netflow_flow6_add()
879 counter_u64_add(priv->nfinfo_act_exp, 1); in ng_netflow_flow6_add()
886 if (fle != TAILQ_LAST(&hsh->head, fhead)) { in ng_netflow_flow6_add()
887 TAILQ_REMOVE(&hsh->head, fle, fle_hash); in ng_netflow_flow6_add()
888 TAILQ_INSERT_TAIL(&hsh->head, fle, fle_hash); in ng_netflow_flow6_add()
894 mtx_unlock(&hsh->mtx); in ng_netflow_flow6_add()
915 int i, max; in ng_netflow_flow_show() local
917 i = req->hash_id; in ng_netflow_flow_show()
918 if (i > NBUCKETS-1) in ng_netflow_flow_show()
922 if (req->version == 6) { in ng_netflow_flow_show()
923 resp->version = 6; in ng_netflow_flow_show()
924 hsh = priv->hash6 + i; in ng_netflow_flow_show()
925 max = NREC6_AT_ONCE; in ng_netflow_flow_show()
928 if (req->version == 4) { in ng_netflow_flow_show()
929 resp->version = 4; in ng_netflow_flow_show()
930 hsh = priv->hash + i; in ng_netflow_flow_show()
931 max = NREC_AT_ONCE; in ng_netflow_flow_show()
946 resp->nentries = 0; in ng_netflow_flow_show()
950 if (mtx_trylock(&hsh->mtx) == 0) { in ng_netflow_flow_show()
953 * relay decision to skip or re-request data in ng_netflow_flow_show()
956 resp->hash_id = i; in ng_netflow_flow_show()
957 resp->list_id = 0; in ng_netflow_flow_show()
962 TAILQ_FOREACH(fle, &hsh->head, fle_hash) { in ng_netflow_flow_show()
963 if (hsh->mtx.mtx_lock & MTX_WAITERS) { in ng_netflow_flow_show()
964 resp->hash_id = i; in ng_netflow_flow_show()
965 resp->list_id = list_id; in ng_netflow_flow_show()
966 mtx_unlock(&hsh->mtx); in ng_netflow_flow_show()
972 if (req->list_id > 0) { in ng_netflow_flow_show()
973 if (list_id < req->list_id) in ng_netflow_flow_show()
977 req->list_id = 0; in ng_netflow_flow_show()
980 if (req->version == 6) { in ng_netflow_flow_show()
984 bcopy(&fle6->f, data6 + resp->nentries, in ng_netflow_flow_show()
985 sizeof(fle6->f)); in ng_netflow_flow_show()
988 bcopy(&fle->f, data + resp->nentries, in ng_netflow_flow_show()
989 sizeof(fle->f)); in ng_netflow_flow_show()
990 resp->nentries++; in ng_netflow_flow_show()
991 if (resp->nentries == max) { in ng_netflow_flow_show()
992 resp->hash_id = i; in ng_netflow_flow_show()
997 resp->list_id = list_id + 1; in ng_netflow_flow_show()
998 mtx_unlock(&hsh->mtx); in ng_netflow_flow_show()
1002 mtx_unlock(&hsh->mtx); in ng_netflow_flow_show()
1005 resp->hash_id = resp->list_id = 0; in ng_netflow_flow_show()
1017 struct netflow_v5_header *header = &dgram->header; in export_send()
1022 m->m_len = m->m_pkthdr.len = sizeof(struct netflow_v5_record) * in export_send()
1023 header->count + sizeof(struct netflow_v5_header); in export_send()
1026 header->sys_uptime = htonl(MILLIUPTIME(time_uptime)); in export_send()
1028 header->unix_secs = htonl(ts.tv_sec); in export_send()
1029 header->unix_nsecs = htonl(ts.tv_nsec); in export_send()
1030 header->engine_type = 0; in export_send()
1031 header->engine_id = fe->domain_id; in export_send()
1032 header->pad = 0; in export_send()
1033 header->flow_seq = htonl(atomic_fetchadd_32(&fe->flow_seq, in export_send()
1034 header->count)); in export_send()
1035 header->count = htons(header->count); in export_send()
1037 if (priv->export != NULL) in export_send()
1038 NG_FWD_ITEM_HOOK_FLAGS(error, item, priv->export, flags); in export_send()
1051 struct netflow_v5_header *header = &dgram->header; in export_add()
1054 rec = &dgram->r[header->count]; in export_add()
1055 header->count ++; in export_add()
1057 KASSERT(header->count <= NETFLOW_V5_MAX_RECORDS, in export_add()
1061 rec->src_addr = fle->f.r.r_src.s_addr; in export_add()
1062 rec->dst_addr = fle->f.r.r_dst.s_addr; in export_add()
1063 rec->next_hop = fle->f.next_hop.s_addr; in export_add()
1064 rec->i_ifx = htons(fle->f.fle_i_ifx); in export_add()
1065 rec->o_ifx = htons(fle->f.fle_o_ifx); in export_add()
1066 rec->packets = htonl(fle->f.packets); in export_add()
1067 rec->octets = htonl(fle->f.bytes); in export_add()
1068 rec->first = htonl(MILLIUPTIME(fle->f.first)); in export_add()
1069 rec->last = htonl(MILLIUPTIME(fle->f.last)); in export_add()
1070 rec->s_port = fle->f.r.r_sport; in export_add()
1071 rec->d_port = fle->f.r.r_dport; in export_add()
1072 rec->flags = fle->f.tcp_flags; in export_add()
1073 rec->prot = fle->f.r.r_ip_p; in export_add()
1074 rec->tos = fle->f.r.r_tos; in export_add()
1075 rec->dst_mask = fle->f.dst_mask; in export_add()
1076 rec->src_mask = fle->f.src_mask; in export_add()
1077 rec->pad1 = 0; in export_add()
1078 rec->pad2 = 0; in export_add()
1081 rec->src_as = rec->dst_as = 0; in export_add()
1083 if (header->count == NETFLOW_V5_MAX_RECORDS) in export_add()
1101 used = uma_zone_get_cur(priv->zone); in ng_netflow_expire()
1102 for (hsh = priv->hash, i = 0; i < NBUCKETS; hsh++, i++) { in ng_netflow_expire()
1106 if (mtx_trylock(&hsh->mtx) == 0) in ng_netflow_expire()
1109 TAILQ_FOREACH_SAFE(fle, &hsh->head, fle_hash, fle1) { in ng_netflow_expire()
1114 if (hsh->mtx.mtx_lock & MTX_WAITERS) in ng_netflow_expire()
1126 TAILQ_REMOVE(&hsh->head, fle, fle_hash); in ng_netflow_expire()
1128 fle->f.r.fib), fle, NG_NOFLAGS); in ng_netflow_expire()
1129 used--; in ng_netflow_expire()
1130 counter_u64_add(priv->nfinfo_inact_exp, 1); in ng_netflow_expire()
1133 mtx_unlock(&hsh->mtx); in ng_netflow_expire()
1137 used = uma_zone_get_cur(priv->zone6); in ng_netflow_expire()
1138 for (hsh = priv->hash6, i = 0; i < NBUCKETS; hsh++, i++) { in ng_netflow_expire()
1144 if (mtx_trylock(&hsh->mtx) == 0) in ng_netflow_expire()
1147 TAILQ_FOREACH_SAFE(fle, &hsh->head, fle_hash, fle1) { in ng_netflow_expire()
1153 if (hsh->mtx.mtx_lock & MTX_WAITERS) in ng_netflow_expire()
1165 TAILQ_REMOVE(&hsh->head, fle, fle_hash); in ng_netflow_expire()
1167 fle->f.r.fib), fle, NG_NOFLAGS); in ng_netflow_expire()
1168 used--; in ng_netflow_expire()
1169 counter_u64_add(priv->nfinfo_inact_exp, 1); in ng_netflow_expire()
1172 mtx_unlock(&hsh->mtx); in ng_netflow_expire()
1177 callout_reset(&priv->exp_callout, (1*hz), &ng_netflow_expire, in ng_netflow_expire()