1 /*
2  * Argus Software.  Argus files - Modeler includes
3  * Copyright (c) 2000-2015 QoSient, LLC
4  * All rights reserved.
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2, or (at your option)
9  * any later version.
10 
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15 
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19  *
20  */
21 
22 /*
23  * $Id: //depot/argus/argus/argus/ArgusModeler.h#60 $
24  * $DateTime: 2015/06/29 16:17:25 $
25  * $Change: 3027 $
26  */
27 
28 
29 #ifndef ArgusModeler_h
30 #define ArgusModeler_h
31 
32 #define ARGUS_MARSTATUSTIMER	"60"
33 #define ARGUS_FARSTATUSTIMER	"5"
34 
35 #define ARGUS_INITIMEOUT	5
36 #define ARGUS_IPTIMEOUT		30
37 #define ARGUS_ARPTIMEOUT	5
38 #define ARGUS_TCPTIMEOUT	60
39 #define ARGUS_ICMPTIMEOUT	5
40 #define ARGUS_IGMPTIMEOUT	30
41 #define ARGUS_OTHERTIMEOUT	30
42 #define ARGUS_FRAGTIMEOUT	5
43 
44 #define ARGUS_MINSNAPLEN	96
45 #define ARGUS_MINIPHDRLEN	20
46 #define ARGUS_HASHTABLESIZE	0x10000
47 
48 #define ARGUS_REQUEST		0x01
49 #define ARGUS_REPLY		0x02
50 
51 #define ARGUS_RTP_PCMU		0
52 #define ARGUS_RTP_1016		1
53 #define ARGUS_RTP_G726		2
54 #define ARGUS_RTP_GSM		3
55 #define ARGUS_RTP_G723		4
56 #define ARGUS_RTP_DVI4_8K	5
57 #define ARGUS_RTP_DVI4_16K	6
58 #define ARGUS_RTP_PCMA		8
59 #define ARGUS_RTP_G722		9
60 #define ARGUS_RTP_L16_STEREO	10
61 #define ARGUS_RTP_L16_MONO	11
62 #define ARGUS_RTP_QCELP		12
63 #define ARGUS_RTP_MPA		14
64 #define ARGUS_RTP_G728		15
65 #define ARGUS_RTP_DVI4_11K	16
66 #define ARGUS_RTP_DVI4_22K	17
67 #define ARGUS_RTP_G729		18
68 #define ARGUS_RTP_CELB		25
69 #define ARGUS_RTP_JPEG		26
70 #define ARGUS_RTP_NV		28
71 #define ARGUS_RTP_H261		31
72 #define ARGUS_RTP_MPV		32
73 #define ARGUS_RTP_MP2T		33
74 #define ARGUS_RTP_H263		34
75 
76 #define ARGUS_SSH_MONITOR       0x20000
77 
78 #define ARGUS_ETHER_HDR		1
79 #define ARGUS_802_11_HDR	2
80 
81 #define ARGUS_DEBUG		0xFF
82 
83 #define ARGUS_RECORD_WRITTEN	0x00000001
84 #define ARGUSTIMEOUTQS		65534
85 
86 #define ARGUS_CLNS    129
87 #define ARGUS_ESIS    130
88 #define ARGUS_ISIS    131
89 #define ARGUS_NULLNS  132
90 
91 
92 /* True if  "l" bytes of "var" were captured */
93 #define BYTESCAPTURED(m, var, l) ((u_char *)&(var) <= m->ArgusThisSnapEnd - (l))
94 
95 /* True if "var" was captured */
96 #define STRUCTCAPTURED(m, var) BYTESCAPTURED(m, var, sizeof(var))
97 
98 /* Bail if "l" bytes of "var" were not captured */
99 #define BYTESCHECK(m, var, l) if (!BYTESCAPTURED(m, var, l)) goto trunc
100 
101 /* Bail if "var" was not captured */
102 #define STRUCTCHECK(m, var) BYTESCHECK(m, var, sizeof(var))
103 
104 #define LENCHECK(m, l) { if ((l) > len) goto bad; BYTESCHECK(m, *cp, l); }
105 
106 
107 #if defined(ARGUS_THREADS)
108 #include <pthread.h>
109 #endif
110 
111 #include <argus_encapsulations.h>
112 
113 #include <syslog.h>
114 #include <sys/types.h>
115 #include <sys/time.h>
116 #include <stdio.h>
117 #include <netinet/in.h>
118 #include <net/ppp.h>
119 
120 #if defined(HAVE_SOLARIS) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
121 #include <sys/socket.h>
122 
123 #if !defined(__OpenBSD__) || (defined(__OpenBSD__) && !defined(_NET_IF_H_))
124 #include <net/if.h>
125 #define _NET_IF_H_
126 #endif
127 #endif
128 
129 #if !defined(__OpenBSD__) || (defined(__OpenBSD__) && !defined(_NETINET_IF_SYSTEM_H_))
130 #include <netinet/in_systm.h>
131 #define _NETINET_IF_SYSTEM_H_
132 #endif
133 
134 #if !defined(__OpenBSD__)
135 #include <netinet/if_ether.h>
136 #endif
137 
138 #ifndef _NETINET_IP_H_
139 #include <netinet/ip.h>
140 #define _NETINET_IP_H_
141 #endif
142 
143 #ifndef _NETINET_IPV6_H_
144 #include <netinet/ip6.h>
145 #include <netinet/icmp6.h>
146 #define _NETINET_IPV6_H_
147 #endif
148 
149 #ifndef _NETINET_UDP_H_
150 #include <netinet/udp.h>
151 #define _NETINET_UDP_H_
152 #endif
153 
154 #include <netinet/tcp.h>
155 #include <netinet/ip_icmp.h>
156 #include <netinet/igmp.h>
157 #include <netinet/rtp.h>
158 
159 #include <argus_def.h>
160 #include <argus_out.h>
161 
162 struct AHHeader {
163    unsigned char  nxt, len;
164    unsigned short pad;
165    unsigned int   spi, replay, data;
166 };
167 
168 struct ArgusHashStruct {
169    unsigned int len, hash;
170 #if defined(__APPLE_CC__) || defined(__APPLE__)
171    unsigned int pad[2];
172    unsigned int key[24];
173 #else
174    unsigned int key[24];
175 #endif
176 };
177 
178 struct ArgusHashTableHeader {
179    struct ArgusHashTableHeader *nxt, *prv;
180    struct ArgusHashTable *htbl;
181    struct ArgusHashStruct hstruct;
182    void *object;
183 };
184 
185 
186 #define ARGUSHASHTABLETRACK	0x01
187 
188 struct ArgusHashTable {
189    unsigned int size;
190    int status;
191    int bins, items;
192 
193 #if defined(ARGUS_THREADS)
194    pthread_mutex_t lock;
195 #endif
196    struct ArgusHashTableHeader **array;
197 };
198 
199 #define ARGUS_MAX_MPLS_LABELS	4
200 
201 struct ArgusKeyStrokeConf {
202    int status, state, n_min;
203    int dc_min, dc_max, gs_max;
204    int ds_min, ds_max, gpc_max;
205    int ic_min, lcs_max;
206    float icr_min, icr_max;
207 };
208 
209 struct ArgusModelerStruct {
210    int state, status;
211 #if defined(ARGUS_THREADS)
212    pthread_t thread;
213    pthread_mutex_t lock;
214 #endif
215 
216    struct ArgusSourceStruct *ArgusSrc;
217    struct ArgusQueueStruct *ArgusStatusQueue;
218    struct ArgusQueueStruct *ArgusTimeOutQueues;
219    struct ArgusQueueStruct *ArgusTimeOutQueue[ARGUSTIMEOUTQS];
220    struct ArgusListStruct *ArgusOutputList;
221    struct ArgusHashTable *ArgusHashTable;
222    struct ArgusSystemFlow  *ArgusThisFlow;
223    struct ArgusHashStruct *hstruct;
224 
225    unsigned int ArgusTransactionNum;
226 
227    unsigned int ArgusThisInterface;
228    unsigned int ArgusThisEncaps;
229    unsigned int ArgusThisNetworkFlowType;
230    struct llc *ArgusThisLLC;
231    unsigned int ArgusThisAppFlowType;
232    int ArgusThisMplsLabelIndex;
233    unsigned int ArgusThisMplsLabel;
234    unsigned int ArgusThisPacket8021QEncaps;
235    unsigned char ArgusFlowType, ArgusFlowKey;
236    unsigned short ArgusOptionIndicator;
237 
238    int ArgusInProtocol, ArgusThisDir, ArgusTrackDuplicates;
239 
240    struct ArgusKeyStrokeConf ArgusKeyStroke;
241    struct ArgusUniStats *ArgusThisStats;
242 
243    struct ether_header *ArgusThisEpHdr;
244 
245    void *ArgusThisMacHdr;
246    void *ArgusThisIpHdr;
247    struct ip6_frag *ArgusThisIpv6Frag;
248    void *ArgusThisNetworkHdr;
249 
250    unsigned char *ArgusThisUpHdr;
251    unsigned char *ArgusThisSnapEnd;
252 
253    int ArgusControlMonitor;
254    int ArgusSnapLength;
255    int ArgusGenerateTime;
256    int ArgusGeneratePacketSize;
257 
258    int ArgusThisLength;
259    int ArgusThisBytes;
260 
261    struct timeval ArgusGlobalTime;
262    struct timeval ArgusStartTime;
263    struct timeval ArgusNowTime;
264    struct timeval ArgusUpdateInterval;
265    struct timeval ArgusUpdateTimer;
266 
267    long long ival;
268 
269    long long ArgusTotalPacket;
270    long long ArgusTotalFrags;
271    long long ArgusTotalIPPkts;
272    long long ArgusLastIPPkts;
273 
274    long long ArgusTotalNonIPPkts;
275    long long ArgusLastNonIPPkts;
276 
277    long long ArgusTotalNewFlows;
278    long long ArgusLastNewFlows;
279    long long ArgusTotalClosedFlows;
280    long long ArgusLastClosedFlows;
281 
282    long long ArgusTotalIPFlows;
283    long long ArgusLastIPFlows;
284 
285    long long ArgusTotalNonIPFlows;
286    long long ArgusLastNonIPFlows;
287 
288    long long ArgusTotalCacheHits;
289    long long ArgusTotalRecords;
290    long long ArgusTotalSends;
291    long long ArgusTotalQueued;
292    long long ArgusTotalBadSends;
293    long long ArgusLastRecords;
294 
295    long long ArgusTotalUpdates;
296    long long ArgusLastUpdates;
297 
298    struct timeval ArgusLastPacketTimer;
299    struct timeval ArgusAdjustedTimer;
300 
301    int ArgusMajorVersion;
302    int ArgusMinorVersion;
303    int ArgusSnapLen;
304 
305    int ArgusTunnelDiscovery;
306    int ArgusUserDataLen;
307    int ArgusAflag, ArgusTCPflag, Argusmflag;
308    int ArgusSelfSynchronize, vflag;
309 
310    int ArgusIPTimeout;
311    int ArgusTCPTimeout;
312    int ArgusICMPTimeout;
313    int ArgusIGMPTimeout;
314    int ArgusFRAGTimeout;
315    int ArgusARPTimeout;
316    int ArgusOtherTimeout;
317 
318    int ArgusReportAllTime;
319    int ArgusResponseStatus;
320 
321    struct timeval ArgusFarReportInterval;
322    struct timeval ArgusQueueInterval;
323    struct timeval ArgusListenInterval;
324 
325    unsigned int ArgusSeqNum;
326    unsigned int ArgusLocalNet;
327    unsigned int ArgusNetMask;
328    unsigned int ArgusLink;
329 };
330 
331 #include <ArgusUtil.h>
332 #include <ArgusSource.h>
333 #include <ArgusOutput.h>
334 #include <argus_isis.h>
335 
336 struct ArgusTimeStats {
337    unsigned int n;
338    float minval, maxval, sum;
339    long long sumsqrd;
340 };
341 
342 struct ArgusTimeStat {
343    struct timeval lasttime;
344    struct ArgusTimeStats act, idle;
345 };
346 
347 
348 #define ARGUS_NUM_KEYSTROKE_PKTS	8
349 #define ARGUS_KEYSTROKE_NONE		0
350 #define ARGUS_KEYSTROKE_TENTATIVE	1
351 #define ARGUS_KEYSTROKE_KNOWN		2
352 
353 struct ArgusKeyStrokePacket {
354    int status, n_pno;
355    struct ArgusTime ts;
356    unsigned int seq;
357    long long intpkt;
358 };
359 
360 struct ArgusKeyStrokeData {
361    struct ArgusKeyStrokePacket pkts[ARGUS_NUM_KEYSTROKE_PKTS];
362 };
363 
364 struct ArgusKeyStrokeState {
365    int status, n_pkts, n_strokes, prev_pno;
366    struct ArgusKeyStrokeData data;
367    struct ArgusTime prev_c_ts, prev_s_ts;
368 };
369 
370 struct ArgusFlowStruct {
371    struct ArgusQueueHeader qhdr;
372    struct ArgusHashTableHeader htblbuf, *htblhdr;
373    struct ArgusDSRHeader *dsrs[ARGUSMAXDSRTYPE];
374    struct ArgusQueueStruct frag;
375 
376    unsigned int state, status, dsrindex;
377    unsigned int ArgusEncaps;
378 
379    unsigned short trans, timeout;
380    unsigned short userlen;
381    signed char srcint, dstint;
382    unsigned short sipid, dipid;
383 
384 
385    struct ArgusTimeStat stime, dtime;
386    struct ArgusKeyStrokeState skey;
387    struct ArgusCanonRecord canon;
388 };
389 
390 struct erspan_ii_header {
391    u_int16_t ver_vlan;
392    u_int16_t cos_ent_session;
393    u_int32_t resvert_index;
394 };
395 
396 #define ERSPAN_VER(x)          ( ntohs(((struct erspan_ii_header *) x)->ver_vlan) >> 12 )
397 
398 
399 #if defined(ArgusModeler)
400 
401 #if defined(LBL_ALIGN)
402 #define ARGUS_MAXALIGNBUF  65536
403 unsigned char ArgusAlignBuffer[ARGUS_MAXALIGNBUF], *ArgusAlignBuf = ArgusAlignBuffer;
404 #endif
405 
406 struct ArgusModelerStruct *ArgusModel = NULL;
407 
408 struct llc ArgusThisLLCBuffer;
409 
410 unsigned char argusDSRTypes [ARGUSMAXDSRTYPE] = {
411    ARGUS_TRANSPORT_DSR, ARGUS_FLOW_DSR, ARGUS_TIME_DSR,
412    ARGUS_METER_DSR, ARGUS_AGR_DSR,
413 };
414 
415 
416 struct timeval ArgusQueueTime = {0, 0};
417 struct timeval ArgusQueueInterval = {0, 50000};
418 struct timeval ArgusListenTime = {0, 0};
419 struct timeval ArgusListenInterval = {0, 250000};
420 
421 struct ArgusModelerStruct *ArgusNewModeler(void);
422 struct ArgusModelerStruct *ArgusCloneModeler(struct ArgusModelerStruct *);
423 
424 void ArgusInitModeler(struct ArgusModelerStruct *);
425 void ArgusCloseModeler(struct ArgusModelerStruct *);
426 
427 int ArgusProcessEtherPacket (struct ArgusModelerStruct *, struct ether_header *, int, struct timeval *);
428 int ArgusProcessIpPacket (struct ArgusModelerStruct *, struct ip *, int, struct timeval *);
429 extern int ArgusProcessEtherHdr (struct ArgusModelerStruct *, struct ether_header *, int);
430 
431 unsigned short ArgusDiscoverNetworkProtocol (unsigned char *);
432 void ArgusParseMPLSLabel (unsigned int, unsigned int *, unsigned char *, unsigned char *, unsigned char *);
433 
434 void ArgusSendFlowRecord (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char);
435 
436 struct ArgusFlowStruct *ArgusNewFlow (struct ArgusModelerStruct *, struct ArgusSystemFlow *, struct ArgusHashStruct *, struct ArgusQueueStruct *);
437 extern struct ArgusFlowStruct *ArgusNewFragFlow (void);
438 
439 void ArgusTallyStats (struct ArgusModelerStruct *, struct ArgusFlowStruct *);
440 void ArgusTallyTime (struct ArgusFlowStruct *, unsigned char);
441 
442 unsigned short ArgusParseIPOptions (unsigned char *, int);
443 
444 void setArgusIpTimeout (struct ArgusModelerStruct *model, int value);
445 void setArgusTcpTimeout (struct ArgusModelerStruct *model, int value);
446 void setArgusIcmpTimeout (struct ArgusModelerStruct *model, int value);
447 void setArgusIgmpTimeout (struct ArgusModelerStruct *model, int value);
448 void setArgusFragTimeout (struct ArgusModelerStruct *model, int value);
449 void setArgusArpTimeout (struct ArgusModelerStruct *model, int value);
450 void setArgusOtherTimeout (struct ArgusModelerStruct *model, int value);
451 
452 void setArgusSynchronize (struct ArgusModelerStruct *, int);
453 
454 int getArgusKeystroke(struct ArgusModelerStruct *);
455 void setArgusKeystroke(struct ArgusModelerStruct *, int);
456 void setArgusKeystrokeVariable(struct ArgusModelerStruct *, char *);
457 
458 int getArgusTunnelDiscovery (struct ArgusModelerStruct *);
459 void setArgusTunnelDiscovery (struct ArgusModelerStruct *, int);
460 
461 int getArgusTrackDuplicates (struct ArgusModelerStruct *);
462 void setArgusTrackDuplicates (struct ArgusModelerStruct *, int);
463 
464 void setArgusFlowKey(struct ArgusModelerStruct *, int);
465 void setArgusFlowType(struct ArgusModelerStruct *, int);
466 
467 int getArgusAflag(struct ArgusModelerStruct *);
468 void setArgusAflag(struct ArgusModelerStruct *, int);
469 int getArgusTCPflag(struct ArgusModelerStruct *);
470 void setArgusTCPflag(struct ArgusModelerStruct *, int);
471 int getArgusmflag(struct ArgusModelerStruct *);
472 void setArgusmflag(struct ArgusModelerStruct *, int);
473 int getArgusUserDataLen(struct ArgusModelerStruct *);
474 void setArgusUserDataLen(struct ArgusModelerStruct *, int);
475 int getArgusControlMonitor(struct ArgusModelerStruct *);
476 void setArgusControlMonitor(struct ArgusModelerStruct *);
477 
478 int getArgusGenerateTime(struct ArgusModelerStruct *);
479 void setArgusGenerateTime(struct ArgusModelerStruct *, int);
480 int getArgusGeneratePacketSize(struct ArgusModelerStruct *);
481 void setArgusGeneratePacketSize(struct ArgusModelerStruct *, int);
482 void setArgusTimeReport(struct ArgusModelerStruct *, int);
483 
484 struct timeval *getArgusQueueInterval(struct ArgusModelerStruct *);
485 struct timeval *getArgusListenInterval(struct ArgusModelerStruct *);
486 
487 
488 extern struct udt_control_handshake *ArgusThisUdtHshake;
489 extern int ArgusParseUDTHeader (struct ArgusModelerStruct *, struct udt_header *, unsigned int *);
490 
491 int getArgusdflag(struct ArgusModelerStruct *);
492 void setArgusdflag(struct ArgusModelerStruct *, int);
493 
494 void setArgusLink(struct ArgusModelerStruct *, unsigned int);
495 void ArgusModelerCleanUp (struct ArgusModelerStruct *);
496 
497 void *ArgusCreateFlow (struct ArgusModelerStruct *, void *, int);
498 struct ArgusSystemFlow *ArgusCreateArpFlow (struct ArgusModelerStruct *, struct ether_header *);
499 void *ArgusCreateIPv4Flow (struct ArgusModelerStruct *, struct ip *);
500 void *ArgusCreateIPv6Flow (struct ArgusModelerStruct *, struct ip6_hdr *);
501 struct ArgusSystemFlow *ArgusCreateESPv6Flow (struct ArgusModelerStruct *, struct ip6_hdr *);
502 struct ArgusSystemFlow *ArgusCreateESPFlow (struct ArgusModelerStruct *, struct ip *);
503 struct ArgusSystemFlow *ArgusCreateLcpFlow (struct ArgusModelerStruct *, struct lcp_hdr *);
504 struct ArgusSystemFlow *ArgusCreateICMPv6Flow (struct ArgusModelerStruct *, struct icmp6_hdr *);
505 struct ArgusSystemFlow *ArgusCreateICMPFlow (struct ArgusModelerStruct *, struct ip *);
506 struct ArgusSystemFlow *ArgusCreateIGMPv6Flow (struct ArgusModelerStruct *, struct igmp *);
507 struct ArgusSystemFlow *ArgusCreateIGMPFlow (struct ArgusModelerStruct *, struct ip *);
508 struct ArgusSystemFlow *ArgusCreateFRAGFlow (struct ArgusModelerStruct *, void *, unsigned short);
509 struct ArgusSystemFlow *ArgusCreateIsisFlow (struct ArgusModelerStruct *model, struct isis_common_header *header);
510 struct ArgusSystemFlow *ArgusCreateUDTFlow (struct ArgusModelerStruct *, struct udt_header *);
511 struct ArgusSystemFlow *ArgusCreate80211Flow (struct ArgusModelerStruct *model, void *ptr);
512 
513 void ArgusUpdateBasicFlow (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char);
514 
515 void *ArgusQueueManager(void *);
516 
517 int ArgusCreateFlowKey (struct ArgusModelerStruct *, struct ArgusSystemFlow *, struct ArgusHashStruct *);
518 struct ArgusFlowStruct *ArgusFindFlow (struct ArgusModelerStruct *, struct ArgusHashStruct *);
519 
520 void ArgusICMPMappedFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char);
521 
522 struct ArgusFlowStruct *ArgusUpdateState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char, unsigned char);
523 struct ArgusFlowStruct *ArgusUpdateFlow (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char, unsigned char);
524 void ArgusUpdateAppState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char);
525 
526 void ArgusModelTransmit (void);
527 
528 int ArgusUpdateTime (struct ArgusModelerStruct *);
529 void ArgusTimeOut(struct ArgusFlowStruct *);
530 
531 int getArgusMajorVersion(struct ArgusModelerStruct *);
532 void setArgusMajorVersion(struct ArgusModelerStruct *, int);
533 
534 int getArgusMinorVersion(struct ArgusModelerStruct *);
535 void setArgusMinorVersion(struct ArgusModelerStruct *, int);
536 
537 int getArgusManReportInterval(struct ArgusModelerStruct *);
538 void setArgusManReportInterval(struct ArgusModelerStruct *, int);
539 
540 struct timeval *getArgusFarReportInterval(struct ArgusModelerStruct *);
541 void setArgusFarReportInterval(struct ArgusModelerStruct *, char *);
542 
543 int getArgusResponseStatus(struct ArgusModelerStruct *);
544 void setArgusResponseStatus(struct ArgusModelerStruct *, int value);
545 
546 int getArgusIpTimeout(struct ArgusModelerStruct *);
547 void setArgusIpTimeout(struct ArgusModelerStruct *, int);
548 
549 int getArgusTcpTimeout(struct ArgusModelerStruct *);
550 void setArgusTcpTimeout(struct ArgusModelerStruct *, int);
551 
552 int getArgusIcmpTimeout(struct ArgusModelerStruct *);
553 void setArgusIcmpTimeout(struct ArgusModelerStruct *, int);
554 
555 int getArgusIgmpTimeout(struct ArgusModelerStruct *);
556 void setArgusIgmpTimeout(struct ArgusModelerStruct *, int);
557 
558 int getArgusFragTimeout(struct ArgusModelerStruct *);
559 void setArgusFragTimeout(struct ArgusModelerStruct *, int);
560 
561 int getArgusArpTimeout(struct ArgusModelerStruct *);
562 void setArgusArpTimeout(struct ArgusModelerStruct *, int);
563 
564 int getArgusOtherTimeout(struct ArgusModelerStruct *);
565 void setArgusOtherTimeout(struct ArgusModelerStruct *, int);
566 
567 
568 unsigned int getArgusLocalNet(struct ArgusModelerStruct *);
569 void setArgusLocalNet(struct ArgusModelerStruct *, unsigned int);
570 
571 unsigned int getArgusNetMask(struct ArgusModelerStruct *);
572 void setArgusNetMask(struct ArgusModelerStruct *, unsigned int);
573 
574 
575 void ArgusSystemTimeout (struct ArgusModelerStruct *);
576 
577 struct ArgusRecord *ArgusGenerateRecord (struct ArgusModelerStruct *, struct ArgusRecordStruct *, unsigned char, struct ArgusRecord *);
578 struct ArgusRecordStruct *ArgusGenerateListRecord (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char);
579 struct ArgusRecordStruct *ArgusCopyRecordStruct (struct ArgusRecordStruct *);
580 
581 extern void ArgusTCPFlowRecord (struct ArgusNetworkStruct *, unsigned char);
582 extern void ArgusIBFlowRecord (struct ArgusNetworkStruct *, unsigned char);
583 extern void ArgusESPFlowRecord (struct ArgusNetworkStruct *, unsigned char);
584 extern void ArgusLCPFlowRecord (struct ArgusNetworkStruct *, unsigned char);
585 extern void ArgusUpdateTCPState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char *);
586 extern void ArgusUpdateUDPState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char *);
587 extern void ArgusUpdateArpState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char *);
588 extern  int ArgusUpdateFRAGState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char, unsigned short);
589 extern void ArgusUpdateESPState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char *);
590 
591 
592 #else /* #if defined(ArgusModeler) */
593 
594 extern struct ArgusModelerStruct *ArgusModel;
595 extern struct llc ArgusThisLLCBuffer;
596 
597 #if defined(LBL_ALIGN)
598 extern unsigned char *ArgusAlignBuf;
599 #endif
600 
601 #if defined(Argus)
602 void clearArgusConfiguration (struct ArgusModelerStruct *);
603 #endif
604 
605 extern struct ArgusModelerStruct *ArgusNewModeler(void);
606 extern struct ArgusModelerStruct *ArgusCloneModeler(struct ArgusModelerStruct *);
607 
608 extern void ArgusInitModeler(struct ArgusModelerStruct *);
609 extern void ArgusCloseModeler(struct ArgusModelerStruct *);
610 
611 extern int ArgusProcessEtherPacket (struct ArgusModelerStruct *, struct ether_header *, int, struct timeval *);
612 extern int ArgusProcessIpPacket (struct ArgusModelerStruct *, struct ip *, int, struct timeval *);
613 extern int ArgusProcessEtherHdr (struct ArgusModelerStruct *, struct ether_header *, int);
614 
615 extern unsigned short ArgusDiscoverNetworkProtocol (unsigned char *);
616 extern void ArgusParseMPLSLabel (unsigned int, unsigned int *, unsigned char *, unsigned char *, unsigned char *);
617 
618 extern void ArgusSendFlowRecord (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char);
619 
620 extern struct ArgusFlowStruct *ArgusNewFlow (struct ArgusModelerStruct *, struct ArgusSystemFlow *, struct ArgusHashStruct *, struct ArgusQueueStruct *);
621 extern struct ArgusFlowStruct *ArgusNewFragFlow (void);
622 
623 extern void ArgusTallyStats (struct ArgusModelerStruct *, struct ArgusFlowStruct *);
624 extern void ArgusTallyTime (struct ArgusFlowStruct *, unsigned char);
625 
626 extern unsigned short ArgusParseIPOptions (unsigned char *, int);
627 
628 extern void setArgusIpTimeout (struct ArgusModelerStruct *model, int value);
629 extern void setArgusTcpTimeout (struct ArgusModelerStruct *model, int value);
630 extern void setArgusIcmpTimeout (struct ArgusModelerStruct *model, int value);
631 extern void setArgusIgmpTimeout (struct ArgusModelerStruct *model, int value);
632 extern void setArgusFragTimeout (struct ArgusModelerStruct *model, int value);
633 extern void setArgusArpTimeout (struct ArgusModelerStruct *model, int value);
634 extern void setArgusOtherTimeout (struct ArgusModelerStruct *model, int value);
635 
636 extern void setArgusSynchronize (struct ArgusModelerStruct *, int);
637 
638 extern int getArgusKeystroke(struct ArgusModelerStruct *);
639 extern void setArgusKeystroke(struct ArgusModelerStruct *, int);
640 extern void setArgusKeystrokeVariable(struct ArgusModelerStruct *, char *);
641 
642 extern int getArgusTunnelDiscovery(struct ArgusModelerStruct *);
643 extern void setArgusTunnelDiscovery(struct ArgusModelerStruct *, int);
644 
645 extern int getArgusTrackDuplicates (struct ArgusModelerStruct *);
646 extern void setArgusTrackDuplicates (struct ArgusModelerStruct *, int);
647 
648 extern void setArgusFlowKey(struct ArgusModelerStruct *, int);
649 extern void setArgusFlowType(struct ArgusModelerStruct *, int);
650 
651 extern void setArgusCollector(struct ArgusModelerStruct *, int);
652 
653 extern int getArgusAflag(struct ArgusModelerStruct *);
654 extern void setArgusAflag(struct ArgusModelerStruct *, int);
655 extern int getArgusTCPflag(struct ArgusModelerStruct *);
656 extern void setArgusTCPflag(struct ArgusModelerStruct *, int);
657 extern int getArgusmflag(struct ArgusModelerStruct *);
658 extern void setArgusmflag(struct ArgusModelerStruct *, int);
659 extern int getArgusUserDataLen(struct ArgusModelerStruct *);
660 extern void setArgusUserDataLen(struct ArgusModelerStruct *, int);
661 extern int getArgusControlMonitor(struct ArgusModelerStruct *);
662 extern void setArgusControlMonitor(struct ArgusModelerStruct *);
663 
664 extern struct timeval ArgusQueueInterval;
665 extern struct timeval *getArgusQueueInterval(void);
666 
667 extern struct timeval ArgusListenInterval;
668 extern struct timeval *getArgusListenInterval(void);
669 
670 extern struct udt_control_handshake *ArgusThisUdtHshake;
671 extern int ArgusParseUDTHeader (struct ArgusModelerStruct *, struct udt_header *, unsigned int *);
672 
673 extern int getArgusGenerateTime(struct ArgusModelerStruct *);
674 extern void setArgusGenerateTime(struct ArgusModelerStruct *, int);
675 
676 extern int getArgusGeneratePacketSize(struct ArgusModelerStruct *);
677 extern void setArgusGeneratePacketSize(struct ArgusModelerStruct *, int);
678 
679 extern void setArgusTimeReport(struct ArgusModelerStruct *, int);
680 
681 extern int getArgusKeystroke(struct ArgusModelerStruct *);
682 extern void setArgusKeystroke(struct ArgusModelerStruct *, int);
683 
684 extern int getArgusdflag(struct ArgusModelerStruct *);
685 extern struct timeval *getArgusFarReportInterval(struct ArgusModelerStruct *);
686 
687 extern void setArgusdflag(struct ArgusModelerStruct *, int);
688 extern void setArgusFarReportInterval(struct ArgusModelerStruct *, char *);
689 
690 extern void setArgusLink(struct ArgusModelerStruct *, unsigned int);
691 extern void ArgusModelerCleanUp (struct ArgusModelerStruct *);
692 
693 extern struct ArgusSystemFlow *ArgusCreateFlow (struct ArgusModelerStruct *, void *, int);
694 extern struct ArgusSystemFlow *ArgusCreateArpFlow (struct ArgusModelerStruct *, struct ether_header *);
695 extern struct ArgusSystemFlow *ArgusCreatev4IPFlow (struct ArgusModelerStruct *, struct ip *);
696 extern struct ArgusSystemFlow *ArgusCreatev6IPFlow (struct ArgusModelerStruct *, struct ip *);
697 extern struct ArgusSystemFlow *ArgusCreateESPv6Flow (struct ArgusModelerStruct *, struct ip6_hdr *);
698 extern struct ArgusSystemFlow *ArgusCreateESPFlow (struct ArgusModelerStruct *, struct ip *);
699 extern struct ArgusSystemFlow *ArgusCreateLcpFlow (struct ArgusModelerStruct *, struct lcp_hdr *);
700 extern struct ArgusSystemFlow *ArgusCreateICMPv6Flow (struct ArgusModelerStruct *, struct icmp6_hdr *);
701 extern struct ArgusSystemFlow *ArgusCreateICMPFlow (struct ArgusModelerStruct *, struct ip *);
702 extern struct ArgusSystemFlow *ArgusCreateFRAGFlow (struct ArgusModelerStruct *, void *, unsigned short);
703 extern struct ArgusSystemFlow *ArgusCreateIsisFlow (struct ArgusModelerStruct *model, struct isis_common_header *header);
704 extern struct ArgusSystemFlow *ArgusCreateUDTFlow (struct ArgusModelerStruct *, struct udt_header *);
705 extern struct ArgusSystemFlow *ArgusCreate80211Flow (struct ArgusModelerStruct *model, void *ptr);
706 
707 
708 extern void ArgusUpdateBasicFlow (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char);
709 
710 extern void *ArgusQueueManager(void *);
711 
712 extern struct ArgusFlowStruct *ArgusFindFlow (struct ArgusModelerStruct *, struct ArgusHashStruct *);
713 extern int ArgusCreateFlowKey (struct ArgusModelerStruct *, struct ArgusSystemFlow *, struct ArgusHashStruct *);
714 
715 extern void ArgusICMPMappedFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char);
716 
717 extern struct ArgusFlowStruct *ArgusUpdateState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char, unsigned char);
718 extern struct ArgusFlowStruct *ArgusUpdateFlow (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char, unsigned char);
719 extern void ArgusUpdateAppState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char);
720 
721 extern void ArgusModelTransmit (void);
722 
723 extern int ArgusUpdateTime (struct ArgusModelerStruct *);
724 extern void ArgusTimeOut(struct ArgusFlowStruct *);
725 
726 extern int getArgusMajorVersion(struct ArgusModelerStruct *);
727 extern void setArgusMajorVersion(struct ArgusModelerStruct *, int);
728 
729 extern int getArgusMinorVersion(struct ArgusModelerStruct *);
730 extern void setArgusMinorVersion(struct ArgusModelerStruct *, int);
731 
732 extern int getArgusManReportInterval(struct ArgusModelerStruct *);
733 extern void setArgusManReportInterval(struct ArgusModelerStruct *, int);
734 
735 extern int getArgusStatusReportInterval(struct ArgusModelerStruct *);
736 extern void setArgusStatusReportInterval(struct ArgusModelerStruct *, int);
737 
738 extern int getArgusResponseStatus(struct ArgusModelerStruct *);
739 extern void setArgusResponseStatus(struct ArgusModelerStruct *, int value);
740 
741 extern int getArgusIPTimeout(struct ArgusModelerStruct *);
742 extern void setArgusIPTimeout(struct ArgusModelerStruct *, int);
743 
744 extern int getArgusTCPTimeout(struct ArgusModelerStruct *);
745 extern void setArgusTCPTimeout(struct ArgusModelerStruct *, int);
746 
747 extern int getArgusICMPTimeout(struct ArgusModelerStruct *);
748 extern void setArgusICMPTimeout(struct ArgusModelerStruct *, int);
749 
750 extern int getArgusIGMPTimeout(struct ArgusModelerStruct *);
751 extern void setArgusIGMPTimeout(struct ArgusModelerStruct *, int);
752 
753 extern int getArgusFRAGTimeout(struct ArgusModelerStruct *);
754 extern void setArgusFRAGTimeout(struct ArgusModelerStruct *, int);
755 
756 extern unsigned int getArgusLocalNet(struct ArgusModelerStruct *);
757 extern void setArgusLocalNet(struct ArgusModelerStruct *, unsigned int);
758 
759 extern unsigned int getArgusNetMask(struct ArgusModelerStruct *);
760 extern void setArgusNetMask(struct ArgusModelerStruct *, unsigned int);
761 
762 extern void ArgusSystemTimeout (struct ArgusModelerStruct *);
763 
764 extern struct ArgusRecord *ArgusGenerateRecord (struct ArgusModelerStruct *, struct ArgusRecordStruct *, unsigned char, struct ArgusRecord *);
765 extern struct ArgusRecordStruct *ArgusGenerateListRecord (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char);
766 extern struct ArgusRecordStruct *ArgusCopyRecordStruct (struct ArgusRecordStruct *);
767 
768 
769 #endif /* #if defined(ArgusModeler) else */
770 #endif /* #ifndef ArgusModeler_h */
771