Add a possibility to bypass unmodified accounted data to special

hook(s). Data received on these hook(s) is sent back to ifaceX hook(s).
svn path=/head/; revision=143988
2024-10-19 02:29:40 +00:00 · 2005-03-22 15:49:22 +00:00 · 2005-03-22 15:49:22 +00:00 · 9818b82ff3 · 2020-12-20 02:59:44 +00:00
commit 9818b82ff3
parent 15d8421a27
2 changed files with 50 additions and 5 deletions
--- a/sys/netgraph/netflow/ng_netflow.c
+++ b/sys/netgraph/netflow/ng_netflow.c
@ -235,6 +235,31 @@ ng_netflow_newhook(node_p node, hook_p hook, const char *name)
 		 */
 		iface->info.ifinfo_dlt = DLT_EN10MB;

+	} else if (strncmp(name, NG_NETFLOW_HOOK_OUT,
+	    strlen(NG_NETFLOW_HOOK_OUT)) == 0) {
+		iface_p iface;
+		int ifnum = -1;
+		const char *cp;
+		char *eptr;
+
+		cp = name + strlen(NG_NETFLOW_HOOK_OUT);
+		if (!isdigit(*cp) || (cp[0] == '0' && cp[1] != '\0'))
+			return (EINVAL);
+
+		ifnum = (int)strtoul(cp, &eptr, 10);
+		if (*eptr != '\0' || ifnum < 0 || ifnum >= NG_NETFLOW_MAXIFACES)
+			return (EINVAL);
+
+		/* See if hook is already connected */
+		if (priv->ifaces[ifnum].out != NULL)
+			return (EISCONN);
+
+		iface = &priv->ifaces[ifnum];
+
+		/* Link private info and hook together */
+		NG_HOOK_SET_PRIVATE(hook, iface);
+		iface->out = hook;
+
 	} else if (strcmp(name, NG_NETFLOW_HOOK_EXPORT) == 0) {

 		if (priv->export != NULL)
@ -411,12 +436,11 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
 	const node_p node = NG_HOOK_NODE(hook);
 	const priv_p priv = NG_NODE_PRIVATE(node);
 	const iface_p iface = NG_HOOK_PRIVATE(hook);
-	struct mbuf *m;
+	struct mbuf *m = NULL;
 	struct ip *ip;
 	int pullup_len = 0;
 	int error = 0;

-	NGI_GET_M(item, m);
 	if (hook == priv->export) {
 		/*
 		 * Data arrived on export hook.
@ -426,6 +450,19 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
 		ERROUT(EINVAL);
 	};

+	if (hook == iface->out) {
+		/*
+		 * Data arrived on out hook. Bypass it.
+		 */
+		if (iface->hook == NULL)
+			ERROUT(ENOTCONN);
+
+		NG_FWD_ITEM_HOOK(error, item, iface->hook);
+		return (error);
+	}
+
+	NGI_GET_M(item, m);
+
 	/* Increase counters. */
 	iface->info.ifinfo_packets++;

@ -444,7 +481,7 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
 	pullup_len += length;					\
 	if ((m)->m_pkthdr.len < (pullup_len)) {			\
 		error = EINVAL;					\
-		goto done;					\
+		goto bypass;					\
 	} 							\
 	if ((m)->m_len < (pullup_len) &&			\
 	   (((m) = m_pullup((m),(pullup_len))) == NULL)) {	\
@ -471,7 +508,7 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
 			ip = (struct ip *)(eh + 1);
 			break;
 		default:
-			goto done;	/* pass this frame */
+			goto bypass;	/* pass this frame */
 		}
 		break;
 	    }
@ -480,7 +517,7 @@ ng_netflow_rcvdata (hook_p hook, item_p item)
 		ip = mtod(m, struct ip *);
 		break;
 	default:
-		goto done;
+		goto bypass;
 		break;
 	}

@ -519,6 +556,12 @@ ng_netflow_rcvdata (hook_p hook, item_p item)

 	error = ng_netflow_flow_add(priv, ip, iface, m->m_pkthdr.rcvif);

+bypass:
+	if (iface->out != NULL) {
+		/* XXX: error gets overwritten here */
+		NG_FWD_NEW_DATA(error, item, iface->out, m);
+		return (error);
+	}
 done:
 	if (item)
 		NG_FREE_ITEM(item);
--- a/sys/netgraph/netflow/ng_netflow.h
+++ b/sys/netgraph/netflow/ng_netflow.h
@ -39,6 +39,7 @@
 /* Hook names */

 #define	NG_NETFLOW_HOOK_DATA	"iface"
+#define	NG_NETFLOW_HOOK_OUT	"out"
 #define NG_NETFLOW_HOOK_EXPORT	"export"

 /* Netgraph commands understood by netflow node */
@ -205,6 +206,7 @@ struct flow_entry {
 /* Private hook data */
 struct ng_netflow_iface {
 	hook_p		hook;		/* NULL when disconnected */
+	hook_p		out;		/* NULL when no bypass hook */
 	struct ng_netflow_ifinfo	info;
 };