Expose NetFlow to vswitchd configuration.

diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
index b8533b92db59a017318469ba5bb3a1ed45e0cc5a..b2f8cc10dc778898d8038ee97904f591a2a6ae24 100644 (file)
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -154,6 +154,10 @@ struct bridge {
     bool sent_config_request;   /* Successfully sent config request? */
     bool sent_features_request; /* Successfully sent features request? */
 
+    /* Support for NetFlow. */
+    char *netflow_host;         /* NULL if no NetFlow logging; otherwise a 
+                                 * "host:port" string. */
+
     /* Support for remote controllers. */
     char *controller;           /* NULL if there is no remote controller;
                                  * "discover" to do controller discovery;
@@ -623,6 +627,9 @@ start_secchan(struct bridge *br)
         svec_add_nocopy(&argv, xasprintf("--log-file=%s.secchan-%s",
                                          vlog_get_log_file(), br->name));
     }
+    if (br->netflow_host) {
+        svec_add_nocopy(&argv, xasprintf("--netflow=%s", br->netflow_host));
+    }
     if (!br->controller) {
         svec_add(&argv, "--out-of-band");
         svec_add(&argv, "--max-backoff=1");
@@ -697,6 +704,7 @@ bridge_destroy(struct bridge *br)
         for (i = 0; i < br->n_ports; i++) {
             port_destroy(br->ports[i]);
         }
+        free(br->netflow_host);
         free(br->controller);
         svec_destroy(&br->secchan_opts);
         ft_destroy(br->ft);
@@ -831,8 +839,10 @@ bridge_reconfigure_one(struct bridge *br)
 {
     struct svec old_ports, new_ports, ifaces;
     const char *controller;
+    const char *netflow_host;
     size_t i, j;
     char *ctl;
+    char *nf;
 
     /* Collect old and new ports. */
     svec_init(&old_ports);
@@ -903,6 +913,17 @@ bridge_reconfigure_one(struct bridge *br)
     free(br->controller);
     br->controller = ctl;
 
+    /* Configure NetFlow. */
+    netflow_host = cfg_get_string(0, "netflow.%s.host", br->name);
+    nf = netflow_host ? xstrdup(netflow_host) : NULL;
+    if ((nf == NULL) != (br->netflow_host == NULL)
+        || (nf && br->netflow_host && strcmp(nf, br->netflow_host))) {
+        br->sc_retries = 0;
+        kill_secchan(br);
+    }
+    free(br->netflow_host);
+    br->netflow_host = nf;
+
     /* Allow arbitrary secchan options if a remote controller is configured. */
     svec_clear(&br->secchan_opts);
     if (ctl) {

diff --git a/vswitchd/vswitchd.8.in b/vswitchd/vswitchd.8.in
index e6ee169483fafeee98295528e7dd4309b3110f90..76ad20e4741b519b33657868858241ea1a3918ee 100644 (file)
--- a/vswitchd/vswitchd.8.in
+++ b/vswitchd/vswitchd.8.in
@@ -39,6 +39,9 @@ Port mirroring, with optional VLAN tagging.
 802.1D Spanning Tree Protocol support.
 .
 .IP \(bu
+NetFlow v5 flow logging.
+.
+.IP \(bu
 Connectivity to an external OpenFlow controller, such as NOX.
 .
 .PP

diff --git a/vswitchd/vswitchd.conf.5 b/vswitchd/vswitchd.conf.5
index fba3805686c6d3b980b67c78615deae233493dee..00ec60faa2dd25b474c117726ad737b82ec0997d 100644 (file)
--- a/vswitchd/vswitchd.conf.5
+++ b/vswitchd/vswitchd.conf.5
@@ -336,6 +336,25 @@ set to 64:
         port.eth2.priority = 64
 .fi
 .RE
+.SS "NetFlow v5 Flow Logging"
+NetFlow provides a number of details about terminating flows, such as the 
+principals involved and duration.  A bridge may be configured to send 
+NetFlow v5 records to a collector when flows end.  To enable, define the
+key \fBnetflow.\fIbridge\fB.host\fR to a NetFlow collector in the form 
+\fIhost\fB:\fIport\fR.  Records from \fIbridge\fR will be sent to 
+\fIhost\fR on UDP \fIport\fR.
+.PP
+The following syntax sends NetFlow records for \fBmybr\fR to the NetFlow
+collector \fBnflow.example.com\fR on UDP port \fB9995\fR:
+.PP
+.RS
+.nf
+
+[netflow "mybr"]
+        host = nflow.example.com:9995
+
+.fi
+.RE
 .SS "OpenFlow controller connectivity"
 By default, \fBvswitchd\fR performs all configured bridging and
 switching locally.  It can also be configured to connect a given