Initial IPFIX implementation (#219)

* pfcp: fix User ID encoding/decoding
* flowtable: in interrupt mode, expire flows even w/o any traffic

As the interrupt mode is mostly used for debugging / running tests, it
does make sense to add extra flow expiration helper to it which makes
writing tests easier.

* Store full User ID in the session

Set field order and decoding of the flags.
See TS TS 29.244 clause 8.2.101

* Add vendor-specific IE for IPFIX template selection
* Test TP IPFIX policy reencode
* ipfix: add flowDirection
* ipfix: add initiator / responder delta counts
* Add NAT addr/port for a template
* ipfix: support multiple templates using a vendor-specific PFCP IE

For now, 2 kind of templates are supported: "default" and "dest"

* ipfix: implement per-NWI IPFIX policy selection
* Fix bihash template usage in flowtable

The use of BV()/BVT() macros was being affected by inclusion of
pre-templated bihash headers like vppinfra/bihash_24_8.h, causing
unpredictable behavior

* ipfix: support per-NWI IPFIX collector spec

Also, fix handling of table 0 in UPG NWI binapi

* e2e: use binapis for NWIs and test the multiple IPFIX exporters
* ipfix: add NAT fields
* format_tbcd: stop upon the 0xf nibble
* Use table IDs instead of FIB indices in binapi dump calls
* e2e: verify table IDs in binapi calls
* Add 'make genbinapi' for e2e tests
* cli: display table IDs instead of FIB ids in show upf nwi
* ipfix: fix thread safety of IPFIX contexts
* binapi: extend IPFIX policy name field to 64 bytes
* e2e: make sure IPFIX delta fields work across multiple reports
* ipfix: make it possible to disable IPFIX via FAR
* e2e: ipfix: verify disabling IPFIX via FAR
* e2e: fix copyright notice
* e2e: ipfix: add proxy test
* ipfix: make sure the first report isn't sent out immediately
* e2e: check that IPFIX reporting is delayed for each flow

Also, make sure that `postNAPTSourceTransportPort` is always correct
when NAT is being used. It's necessary to postpone NAT processing upon
the first packet to avoid having 0 in this field.

Co-authored-by: Sergey Matov <sergey.matov@travelping.com>

.github/workflows/main.yaml

@@ -30,7 +30,7 @@ env:
   # But don't forget to comment it back for a finished PR!
   # E2E_FOCUS: "TDF.*IPv4.*no proxy.*counts plain HTTP traffic"
 
-  E2E_PARALLEL_NODES: "10"
+  E2E_PARALLEL_NODES: "6"
 
 jobs:
   build:

.gitignore

@@ -9,4 +9,5 @@ artifacts
 *.log
 attic
 upf/version.h
-build-root
+build-root
+test/e2e/bin

CMakeLists.txt

@@ -93,6 +93,8 @@ set(UPF_PLUGIN_SOURCES
   upf/upf_app_db.c
   upf/upf_ipfilter.c
   upf/upf_app_dpo.c
+  upf/upf_ipfix.c
+  upf/upf_ipfix_templates.c
   upf/flowtable_init.c
   upf/flowtable.c
   upf/unittest.c
@@ -123,6 +125,8 @@ set(UPF_PLUGIN_HEADER_FILES
   upf/upf_app_db.h
   upf/flowtable.h
   upf/flowtable_tcp.h
+  upf/upf_ipfix.h
+  upf/upf_ipfix_templates.h
   upf/upf_gtpu_error.def
   upf/version.h
 )

Dockerfile

@@ -20,7 +20,8 @@ RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=private \
     /build-root/upf-plugin-dev_*.deb && \
     apt-get clean && \
     mkdir -p /install && \
-    cp -av /build-root/*.deb /install
+    cp -av /build-root/*.deb /install && \
+    git config --global --add safe.directory /src
 
 # this stage is used to copy out the debs
 FROM scratch as artifacts

Makefile

@@ -11,10 +11,17 @@ include vpp.spec
 install-hooks:
 	hack/install-hooks.sh
 
+# avoid rebuilding part of the source each time
 version:
-	echo "#ifndef UPG_VERSION" >upf/version.h
-	echo "#define UPG_VERSION \"$(VERSION)\"" >>upf/version.h
-	echo "#endif" >>upf/version.h
+	ver_tmp=`mktemp version-XXXXXXXX`; \
+	echo "#ifndef UPG_VERSION" >"$${ver_tmp}"; \
+	echo "#define UPG_VERSION \"$(VERSION)\"" >>"$${ver_tmp}"; \
+	echo "#endif" >>"$${ver_tmp}"; \
+	if ! cmp upf/version.h "$${ver_tmp}"; then \
+	  mv "$${ver_tmp}" upf/version.h; \
+	else \
+	  rm -f "$${ver_tmp}"; \
+	fi
 
 # TODO: checktyle shouldn't require VPP checkout but presently it's
 # needed for getting the build image tag
@@ -53,3 +60,6 @@ buildenv: version
 
 clean-buildenv:
 	hack/buildenv.sh clean
+
+genbinapi:
+	hack/buildenv.sh /bin/bash -c 'make install && hack/genbinapi.sh'

hack/genbinapi.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+set -o errtrace
+
+cd "$(dirname "${BASH_SOURCE}")/.."
+
+. vpp.spec
+
+API_FILES=(
+  upf
+)
+GOVPP_API_DIR="${PWD}/test/e2e/binapi"
+GOVPP_API_IMPORT_PREFIX=github.com/travelping/upg-vpp/test/e2e/binapi
+# export VPP_VERSION="${VPP_RELEASE}"
+
+# cp -v ./build-root/vpp_plugins/upf/upf.api.json /usr/share/vpp/api/plugins/
+
+cd test/e2e
+
+go mod tidy
+GOVPP_DIR=$(go list -f '{{.Dir}}' -m git.fd.io/govpp.git)
+
+workdir="$(mktemp -d)"
+
+if [[ ! ${workdir} || ! -d ${workdir} ]]; then
+  echo >&2 "Could not create temp dir"
+  exit 1
+fi
+
+function cleanup {
+  rm -rf "${workdir}"
+}
+
+trap cleanup EXIT
+
+function make_binapi_generator ()
+{
+  target_dir="${PWD}/bin"
+  mkdir -p "${target_dir}"
+  (
+    cd "${GOVPP_DIR}"
+    go build -o "${target_dir}" ./cmd/binapi-generator
+  )
+}
+
+function extract_binapi_files ()
+{
+  if [[ $(uname) = Linux && -d /src && -d /usr/share/vpp/api ]]; then
+    # inside the devenv container
+    tar -C /usr/share/vpp/api -c .
+  else
+    docker run --entrypoint /bin/tar "${VPP_IMAGE_BASE}_dev_debug" \
+           -C /usr/share/vpp/api -c .
+  fi |
+    tar -C "${workdir}" -xv --strip-components=1
+}
+
+function generate_govpp_apis ()
+{
+  mkdir -p "${GOVPP_API_DIR}"
+  bin/binapi-generator \
+    --input-dir="${workdir}" \
+    --output-dir="${GOVPP_API_DIR}" \
+    --import-prefix="${GOVPP_API_IMPORT_PREFIX}" \
+    --no-source-path-info \
+    --no-version-info \
+    "${API_FILES[@]}"
+}
+
+make_binapi_generator
+extract_binapi_files
+generate_govpp_apis