diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -2892,6 +2892,9 @@ .It Cm pflowproto Ar n Set the protocol version. The default is version 5. +.It Cm pflowdomain Ar n +Set the observation domain. +This applies only to IPFIX. .Ss Packet Filter State Table Sychronisation Parameters The following parameters are specific to diff --git a/sbin/ifconfig/ifpflow.c b/sbin/ifconfig/ifpflow.c --- a/sbin/ifconfig/ifpflow.c +++ b/sbin/ifconfig/ifpflow.c @@ -122,7 +122,7 @@ printf("receiver: INVALID:INVALID "); break; } - printf("version: %d\n", preq.version); + printf("version: %d observation domain: %d\n", preq.version, preq.observation_dom); } static void @@ -261,12 +261,28 @@ err(1, "SIOCSETPFLOW"); } +static void +setpflow_domain(if_ctx *ctx, const char *val, int d __unused) +{ + struct pflowreq preq = {}; + struct ifreq ifr = {}; + + ifr.ifr_data = (caddr_t)&preq; + + preq.addrmask |= PFLOW_MASK_OBSERVATION_DOMAIN; + preq.observation_dom = strtol(val, NULL, 10); + + if (ioctl_ctx_ifr(ctx, SIOCSETPFLOW, &ifr) == -1) + err(1, "SIOCSETPFLOW"); +} + static struct cmd pflow_cmds[] = { DEF_CMD_ARG("flowsrc", setpflow_sender), DEF_CMD("-flowsrc", 1, unsetpflow_sender), DEF_CMD_ARG("flowdst", setpflow_receiver), DEF_CMD("-flowdst", 1, unsetpflow_receiver), DEF_CMD_ARG("pflowproto", setpflow_proto), + DEF_CMD_ARG("pflowdomain", setpflow_domain), }; static struct afswtch af_pflow = { .af_name = "af_pflow", diff --git a/sys/net/if_pflow.h b/sys/net/if_pflow.h --- a/sys/net/if_pflow.h +++ b/sys/net/if_pflow.h @@ -214,6 +214,7 @@ struct sockaddr *sc_flowdst; struct pflow_ipfix_tmpl sc_tmpl_ipfix; u_int8_t sc_version; + u_int32_t sc_observation_dom; struct mbuf *sc_mbuf; /* current cumulative mbuf */ struct mbuf *sc_mbuf6; /* current cumulative mbuf */ CK_LIST_ENTRY(pflow_softc) sc_next; @@ -275,13 +276,15 @@ * Configuration structure for SIOCSETPFLOW SIOCGETPFLOW */ struct pflowreq { + u_int16_t addrmask; struct sockaddr_storage flowsrc; struct sockaddr_storage flowdst; - u_int16_t addrmask; u_int8_t version; + u_int32_t observation_dom; #define PFLOW_MASK_SRCIP 0x01 #define PFLOW_MASK_DSTIP 0x02 #define PFLOW_MASK_VERSION 0x04 +#define PFLOW_MASK_OBSERVATION_DOMAIN 0x08 }; #define SIOCSETPFLOW _IOW('i', 253, struct ifreq) diff --git a/sys/netpfil/pf/if_pflow.c b/sys/netpfil/pf/if_pflow.c --- a/sys/netpfil/pf/if_pflow.c +++ b/sys/netpfil/pf/if_pflow.c @@ -218,6 +218,7 @@ pflowif = malloc(sizeof(*pflowif), M_DEVBUF, M_WAITOK|M_ZERO); mtx_init(&pflowif->sc_lock, "pflowlk", NULL, MTX_DEF); pflowif->sc_version = PFLOW_PROTO_DEFAULT; + pflowif->sc_observation_dom = PFLOW_ENGINE_TYPE; /* ipfix template init */ bzero(&pflowif->sc_tmpl_ipfix,sizeof(pflowif->sc_tmpl_ipfix)); @@ -526,6 +527,10 @@ } } + if (pflowr->addrmask & PFLOW_MASK_OBSERVATION_DOMAIN) { + sc->sc_observation_dom = pflowr->observation_dom; + } + if (sc->so == NULL) { if (pflowvalidsockaddr(sc->sc_flowdst, 0)) { error = socreate(sc->sc_flowdst->sa_family, @@ -617,6 +622,7 @@ memcpy(&pflowr.flowdst, sc->sc_flowdst, sc->sc_flowdst->sa_len); pflowr.version = sc->sc_version; + pflowr.observation_dom = sc->sc_observation_dom; PFLOW_UNLOCK(sc); if ((error = copyout(&pflowr, ifr_data_get_ptr(ifr), @@ -1263,7 +1269,7 @@ h10->time_sec = htonl(time_second); /* XXX 2038 */ h10->flow_sequence = htonl(sc->sc_sequence); sc->sc_sequence += count; - h10->observation_dom = htonl(PFLOW_ENGINE_TYPE); + h10->observation_dom = htonl(sc->sc_observation_dom); if (mbufq_enqueue(&sc->sc_outputqueue, m) == 0) swi_sched(sc->sc_swi_cookie, 0); @@ -1302,7 +1308,7 @@ pflow_ipfix_tmpl)); h10->time_sec = htonl(time_second); /* XXX 2038 */ h10->flow_sequence = htonl(sc->sc_sequence); - h10->observation_dom = htonl(PFLOW_ENGINE_TYPE); + h10->observation_dom = htonl(sc->sc_observation_dom); callout_reset(&sc->sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT * hz, pflow_timeout_tmpl, sc); diff --git a/tests/sys/netpfil/pf/pflow.sh b/tests/sys/netpfil/pf/pflow.sh --- a/tests/sys/netpfil/pf/pflow.sh +++ b/tests/sys/netpfil/pf/pflow.sh @@ -67,6 +67,12 @@ jexec alcatraz ifconfig ${pflow} pflowproto 5 atf_check -s exit:0 \ jexec alcatraz ifconfig ${pflow} pflowproto 10 + + # We can change the observation domain + atf_check -s exit:0 \ + jexec alcatraz ifconfig ${pflow} pflowdomain 13 + atf_check -s exit:0 -o match:".*domain: 13.*" \ + jexec alcatraz ifconfig ${pflow} } basic_cleanup()