1 /*
2     pmacct (Promiscuous mode IP Accounting package)
3     pmacct is Copyright (C) 2003-2019 by Paolo Lucente
4 */
5 
6 /*
7     This program is free software; you can redistribute it and/or modify
8     it under the terms of the GNU General Public License as published by
9     the Free Software Foundation; either version 2 of the License, or
10     (at your option) any later version.
11 
12     This program is distributed in the hope that it will be useful,
13     but WITHOUT ANY WARRANTY; without even the implied warranty of
14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15     GNU General Public License for more details.
16 
17     You should have received a copy of the GNU General Public License
18     along with this program; if not, write to the Free Software
19     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
20 */
21 
22 #ifndef _IP_FLOW_H_
23 #define _IP_FLOW_H_
24 
25 /* defines */
26 #define FLOW_TABLE_HASHSZ 256
27 #define FLOW_GENERIC_LIFETIME 60
28 #define FLOW_TCPSYN_LIFETIME 60
29 #define FLOW_TCPEST_LIFETIME 432000
30 #define FLOW_TCPFIN_LIFETIME 30
31 #define FLOW_TCPRST_LIFETIME 10
32 #define FLOW_TABLE_PRUNE_INTERVAL 3600
33 #define FLOW_TABLE_EMER_PRUNE_INTERVAL 60
34 #define DEFAULT_FLOW_BUFFER_SIZE 16384000 /* 16 Mb */
35 
36 struct context_chain {
37   char *protocol;
38   void *data;
39   struct context_chain *next;
40 };
41 
42 /* structures */
43 struct ip_flow_common {
44   /*
45      [0] = forward flow data
46      [1] = reverse flow data
47   */
48   u_int16_t bucket;
49   struct timeval last[2];
50   u_int32_t last_tcp_seq;
51   u_int8_t tcp_flags[2];
52   u_int8_t proto;
53   /* classifier hooks */
54   pm_class_t class[2];
55   struct class_st cst[2];
56   struct context_chain *cc[2];
57   /* conntrack hooks */
58   void (*conntrack_helper)(time_t, struct packet_ptrs *);
59 };
60 
61 struct ip_flow {
62   struct ip_flow_common cmn;
63   u_int32_t ip_src;
64   u_int32_t ip_dst;
65   u_int16_t port_src;
66   u_int16_t port_dst;
67   char *bgp_src; /* pointer to bgp_node structure for source prefix, if any */
68   char *bgp_dst; /* pointer to bgp_node structure for destination prefix, if any */
69   struct ip_flow *lru_next;
70   struct ip_flow *lru_prev;
71   struct ip_flow *next;
72   struct ip_flow *prev;
73 };
74 
75 struct flow_lru_l {
76   struct ip_flow *root;
77   struct ip_flow *last;
78 };
79 
80 struct ip_flow6 {
81   struct ip_flow_common cmn;
82   u_int32_t ip_src[4];
83   u_int32_t ip_dst[4];
84   u_int16_t port_src;
85   u_int16_t port_dst;
86   struct ip_flow6 *lru_next;
87   struct ip_flow6 *lru_prev;
88   struct ip_flow6 *next;
89   struct ip_flow6 *prev;
90 };
91 
92 struct flow_lru_l6 {
93   struct ip_flow6 *root;
94   struct ip_flow6 *last;
95 };
96 
97 /* prototypes */
98 extern void init_ip_flow_handler(); /* wrapper */
99 extern void init_ip4_flow_handler();
100 extern void ip_flow_handler(struct packet_ptrs *);
101 extern void find_flow(struct timeval *, struct packet_ptrs *);
102 extern void create_flow(struct timeval *, struct ip_flow *, u_int8_t, unsigned int, struct packet_ptrs *, struct pm_iphdr *, struct pm_tlhdr *, unsigned int);
103 extern void prune_old_flows(struct timeval *);
104 
105 extern unsigned int hash_flow(u_int32_t, u_int32_t, u_int16_t, u_int16_t, u_int8_t);
106 extern unsigned int normalize_flow(u_int32_t *, u_int32_t *, u_int16_t *, u_int16_t *);
107 extern unsigned int is_expired(struct timeval *, struct ip_flow_common *);
108 extern unsigned int is_expired_uni(struct timeval *, struct ip_flow_common *, unsigned int);
109 extern void evaluate_tcp_flags(struct timeval *, struct packet_ptrs *, struct ip_flow_common *, unsigned int);
110 extern void clear_tcp_flow_cmn(struct ip_flow_common *, unsigned int);
111 
112 extern void init_ip6_flow_handler();
113 extern void ip_flow6_handler(struct packet_ptrs *);
114 extern unsigned int hash_flow6(u_int32_t, struct in6_addr *, struct in6_addr *);
115 extern unsigned int normalize_flow6(struct in6_addr *, struct in6_addr *, u_int16_t *, u_int16_t *);
116 extern void find_flow6(struct timeval *, struct packet_ptrs *);
117 extern void create_flow6(struct timeval *, struct ip_flow6 *, u_int8_t, unsigned int, struct packet_ptrs *, struct ip6_hdr *, struct pm_tlhdr *, unsigned int);
118 extern void prune_old_flows6(struct timeval *);
119 
120 /* global vars */
121 extern struct ip_flow **ip_flow_table;
122 extern struct flow_lru_l flow_lru_list;
123 
124 extern struct ip_flow6 **ip_flow_table6;
125 extern struct flow_lru_l6 flow_lru_list6;
126 
127 #endif /* _IP_FLOW_H_ */
128