1 /*
2     pmacct (Promiscuous mode IP Accounting package)
3     pmacct is Copyright (C) 2003-2020 by Paolo Lucente
4 */
5 
6 /*
7     This program is free software; you can redistribute it and/or modify
8     it under the terms of the GNU General Public License as published by
9     the Free Software Foundation; either version 2 of the License, or
10     (at your option) any later version.
11 
12     This program is distributed in the hope that it will be useful,
13     but WITHOUT ANY WARRANTY; without even the implied warranty of
14     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15     GNU General Public License for more details.
16 
17     You should have received a copy of the GNU General Public License
18     along with this program; if not, write to the Free Software
19     Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
20 */
21 
22 #ifndef PMACCT_DATA_H
23 #define PMACCT_DATA_H
24 
25 /* defines */
26 #define PLUGIN_ID_CORE          0
27 #define PLUGIN_ID_MEMORY        1
28 #define PLUGIN_ID_PRINT         2
29 #define PLUGIN_ID_NFPROBE       3
30 #define PLUGIN_ID_SFPROBE       4
31 #define PLUGIN_ID_MYSQL		5
32 #define PLUGIN_ID_PGSQL         6
33 #define PLUGIN_ID_SQLITE3       7
34 #define PLUGIN_ID_TEE		8
35 #define PLUGIN_ID_MONGODB	9
36 #define PLUGIN_ID_AMQP		10
37 #define PLUGIN_ID_KAFKA		11
38 #define PLUGIN_ID_UNKNOWN	255
39 
40 /* vars */
41 extern int protocols_number;
42 
43 /* structures */
44 static const struct _primitives_matrix_struct _primitives_matrix[] = {
45   /* primitive, pmacctd, uacctd, nfacctd, sfacctd, pmtelemetryd, pmbgpd, pmbmpd */
46   {"L2", 1, 1, 1, 1, 0, 0, 0, ""},
47   {"cos", 1, 0, 1, 1, 0, 0, 0, "Ethernet CoS, 802.1P"},
48   {"etype", 1, 0, 1, 1, 0, 0, 0, "Ethernet Ethertype"},
49   {"src_mac", 1, 1, 1, 1, 0, 0, 0, "Source MAC address"},
50   {"dst_mac", 1, 1, 1, 1, 0, 0, 0, "Destination MAC address"},
51   {"vlan", 1, 1, 1, 1, 0, 0, 0, "Ethernet VLAN, 802.1Q"},
52   {"L3", 1, 1, 1, 1, 0, 0, 0, ""},
53   {"src_host", 1, 1, 1, 1, 0, 0, 0, "Source IPv4/IPv6 address"},
54   {"dst_host", 1, 1, 1, 1, 0, 0, 0, "Destination IPv4/IPv6 address"},
55   {"src_mask", 1, 1, 1, 1, 0, 0, 0, "Source network mask"},
56   {"dst_mask", 1, 1, 1, 1, 0, 0, 0, "Destination network mask"},
57   {"src_net", 1, 1, 1, 1, 0, 0, 0, "Source IPv4/IPv6 prefix"},
58   {"dst_net", 1, 1, 1, 1, 0, 0, 0, "Destination IPv4/IPv6 prefix"},
59   {"proto", 1, 1, 1, 1, 0, 0, 0, "IP protocol"},
60   {"tos", 1, 1, 1, 1, 0, 0, 0, "IP ToS"},
61   {"L4", 1, 1, 1, 1, 0, 0, 0, ""},
62   {"src_port", 1, 1, 1, 1, 0, 0, 0, "Source TCP/UDP port"},
63   {"dst_port", 1, 1, 1, 1, 0, 0, 0, "Destination TCP/UDP port"},
64   {"tcpflags", 1, 1, 1, 1, 0, 0, 0, "TCP flags"},
65   {"BGP", 1, 1, 1, 1, 0, 0, 0, ""},
66   {"src_as", 1, 1, 1, 1, 0, 0, 0, "Source ASN"},
67   {"dst_as", 1, 1, 1, 1, 0, 0, 0, "Destination ASN"},
68   {"as_path", 1, 1, 1, 1, 0, 0, 0, "AS PATH"},
69   {"std_comm", 1, 1, 1, 1, 0, 0, 0, "Standard Communities"},
70   {"ext_comm", 1, 1, 1, 1, 0, 0, 0, "Extended Communities"},
71   {"lrg_comm", 1, 1, 1, 1, 0, 0, 0, "Large Communities"},
72   {"local_pref", 1, 1, 1, 1, 0, 0, 0, "Local Preference"},
73   {"med", 1, 1, 1, 1, 0, 0, 0, "Multi-Exit Discriminator"},
74   {"src_as_path", 1, 1, 1, 1, 0, 0, 0, "Source AS PATH (via reverse BGP lookup)"},
75   {"src_std_comm", 1, 1, 1, 1, 0, 0, 0, "Source Standard Communities (via reverse BGP lookup)"},
76   {"src_ext_comm", 1, 1, 1, 1, 0, 0, 0, "Source Extended Communities (via reverse BGP lookup)"},
77   {"src_lrg_comm", 1, 1, 1, 1, 0, 0, 0, "Source Large Communities (via reverse BGP lookup)"},
78   {"src_local_pref", 1, 1, 1, 1, 0, 0, 0, "Source Local Preference (by default via reverse BGP lookup)"},
79   {"src_med", 1, 1, 1, 1, 0, 0, 0, "Source MED (by default via reverse BGP lookup)"},
80   {"peer_src_as", 1, 1, 1, 1, 0, 0, 0, "Source peer ASN (by default via reverse BGP lookup)"},
81   {"peer_dst_as", 1, 1, 1, 1, 0, 0, 0, "Destination peer ASN"},
82   {"peer_dst_ip", 1, 1, 1, 1, 0, 0, 0, "BGP next-hop"},
83   {"NAT", 1, 1, 1, 1, 0, 0, 0, ""},
84   {"fw_event", 0, 0, 1, 0, 0, 0, 0, "Firewall event ID"},
85   {"nat_event", 0, 0, 1, 0, 0, 0, 0, "NAT event ID"},
86   {"post_nat_src_host", 0, 0, 1, 0, 0, 0, 0, "Source IPv4/IPv6 address after NAT translation"},
87   {"post_nat_dst_host", 0, 0, 1, 0, 0, 0, 0, "Destination IPv4/IPv6 address after NAT translation"},
88   {"post_nat_src_port", 0, 0, 1, 0, 0, 0, 0, "Source TCP/UDP port after NAT translation"},
89   {"post_nat_dst_port", 0, 0, 1, 0, 0, 0, 0, "Destination TCP/UDP port after NAT translation"},
90   {"TUNNEL", 1, 1, 1, 1, 0, 0, 0, ""},
91   {"vxlan", 1, 1, 1, 1, 0, 0, 0, "VXLAN Network Identifier"},
92   {"tunnel_src_mac", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Source MAC address"},
93   {"tunnel_dst_mac", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Destination MAC address"},
94   {"tunnel_src_host", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Source IPv4/IPv6 address"},
95   {"tunnel_dst_host", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Destination IPv4/IPv6 address"},
96   {"tunnel_proto", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner IP protocol"},
97   {"tunnel_tos", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner IP ToS"},
98   {"tunnel_src_port", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Source TCP/UDP port"},
99   {"tunnel_dst_port", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Destination TCP/UDP port"},
100   {"MPLS", 1, 1, 1, 1, 0, 0, 0, ""},
101   {"mpls_label_bottom", 1, 1, 1, 0, 0, 0, 0, "Bottom MPLS label"},
102   {"mpls_label_top", 1, 1, 1, 0, 0, 0, 0, "Top MPLS label"},
103   {"mpls_stack_depth", 1, 1, 1, 0, 0, 0, 0, "MPLS stack depth"},
104   {"mpls_vpn_rd", 0, 0, 1, 1, 0, 0, 0, "MPLS L3 VPN Route Distinguisher"},
105   {"mpls_pw_id", 0, 0, 1, 1, 0, 0, 0, "MPLS L2 VPN Pseudowire ID"},
106   {"MISC", 1, 1, 1, 1, 0, 0, 0, ""},
107   {"class", 1, 1, 1, 1, 0, 0, 0, "L7 protocol classification"},
108   {"flows", 0, 0, 1, 0, 0, 0, 0, "IP flows"},
109   {"src_host_country", 1, 1, 1, 1, 0, 0, 0, "Source IP address GeoIP resolution: country"},
110   {"dst_host_country", 1, 1, 1, 1, 0, 0, 0, "Destination IP address GeoIP resolution: country"},
111   {"src_host_pocode", 1, 1, 1, 1, 0, 0, 0, "Source IP address GeoIP resolution: postal code"},
112   {"dst_host_pocode", 1, 1, 1, 1, 0, 0, 0, "Destination IP address GeoIP resolution: postal code"},
113   {"src_host_coords", 1, 1, 1, 1, 0, 0, 0, "Source IP address GeoIP resolution: lat/lon coordinates"},
114   {"dst_host_coords", 1, 1, 1, 1, 0, 0, 0, "Destination IP address GeoIP resolution: lat/lon coordinates"},
115   {"in_iface", 0, 1, 1, 1, 0, 0, 0, "Input interface, SNMP ifIndex"},
116   {"out_iface", 0, 1, 1, 1, 0, 0, 0, "Output interface, SNMP ifIndex"},
117   {"peer_src_ip", 0, 0, 1, 1, 0, 0, 0, "IP address or identificator of telemetry exporting device"},
118   {"sampling_rate", 1, 1, 1, 1, 0, 0, 0, "Sampling rate"},
119   {"sampling_direction", 0, 0, 1, 0, 0, 0, 0, "Sampling direction (ie. ingress vs egress)"},
120   {"tag", 1, 1, 1, 1, 0, 0, 0, "Numeric tag, ie. as result of pre_tag_map evaluation"},
121   {"tag2", 1, 1, 1, 1, 0, 0, 0, "Numeric tag, ie. as result of pre_tag_map evaluation"},
122   {"label", 1, 1, 1, 1, 0, 0, 0, "String label, ie. as result of pre_tag_map evaluation"},
123   {"export_proto_seqno", 0, 0, 1, 1, 0, 0, 0, "Export protocol (ie. NetFlow) sequence number"},
124   {"export_proto_version", 0, 0, 1, 1, 0, 0, 0, "Export protocol (ie. NetFlow) version"},
125   {"export_proto_sysid", 0, 0, 1, 1, 0, 0, 0, "Export protocol ID (ie. sFlow subAgentID, IPFIX Obs Domain ID)"},
126   {"src_roa", 1, 1, 1, 1, 0, 0, 0, "RPKI validation status for source IP prefix"},
127   {"dst_roa", 1, 1, 1, 1, 0, 0, 0, "RPKI validation status for destination IP prefix"},
128   {"TIME", 1, 1, 1, 1, 0, 0, 0, ""},
129   {"timestamp_start", 0, 0, 1, 0, 0, 0, 0, "Flow start time or observation time at the exporter"},
130   {"timestamp_end", 0, 0, 1, 0, 0, 0, 0, "Flow end time"},
131   {"timestamp_arrival", 1, 1, 1, 1, 0, 0, 0, "Observation time at the collector"},
132   {"", 0, 0, 0, 0, 0, 0, 0, ""}
133 };
134 
135 static const struct _protocols_struct _protocols[] = {
136   {"0", 0},
137   {"icmp", 1},
138   {"igmp", 2},
139   {"ggp", 3},
140   {"ipencap", 4},
141   {"5", 5},
142   {"tcp", 6},
143   {"7", 7},
144   {"egp", 8},
145   {"igp", 9},
146   {"10", 10},
147   {"11", 11},
148   {"12", 12},
149   {"13", 13},
150   {"14", 14},
151   {"15", 15},
152   {"16", 16},
153   {"udp", 17},
154   {"mux", 18},
155   {"19", 19},
156   {"20", 20},
157   {"21", 21},
158   {"22", 22},
159   {"23", 23},
160   {"24", 24},
161   {"25", 25},
162   {"26", 26},
163   {"27", 27},
164   {"28", 28},
165   {"29", 29},
166   {"30", 30},
167   {"31", 31},
168   {"32", 32},
169   {"33", 33},
170   {"34", 34},
171   {"35", 35},
172   {"36", 36},
173   {"37", 37},
174   {"38", 38},
175   {"39", 39},
176   {"40", 40},
177   {"ipv6", 41},
178   {"42", 42},
179   {"ipv6-route", 43},
180   {"ipv6-frag", 44},
181   {"45", 45},
182   {"rsvp", 46},
183   {"gre", 47},
184   {"48", 48},
185   {"49", 49},
186   {"esp", 50},
187   {"ah", 51},
188   {"52", 52},
189   {"53", 53},
190   {"54", 54},
191   {"mobile", 55},
192   {"tlsp", 56},
193   {"57", 57},
194   {"ipv6-icmp", 58},
195   {"ipv6-nonxt", 59},
196   {"ipv6-opts", 60},
197   {"61", 61},
198   {"62", 62},
199   {"63", 63},
200   {"64", 64},
201   {"65", 65},
202   {"66", 66},
203   {"67", 67},
204   {"68", 68},
205   {"69", 69},
206   {"70", 70},
207   {"71", 71},
208   {"72", 72},
209   {"73", 73},
210   {"74", 74},
211   {"75", 75},
212   {"76", 76},
213   {"77", 77},
214   {"78", 78},
215   {"79", 79},
216   {"iso-ip", 80},
217   {"81", 81},
218   {"82", 82},
219   {"vines", 83},
220   {"84", 84},
221   {"85", 85},
222   {"86", 86},
223   {"87", 87},
224   {"eigrp", 88},
225   {"ospf", 89},
226   {"90", 90},
227   {"larp", 91},
228   {"92", 92},
229   {"ax.25", 93},
230   {"ipip", 94},
231   {"95", 95},
232   {"96", 96},
233   {"97", 97},
234   {"encap", 98},
235   {"99", 99},
236   {"100", 100},
237   {"101", 101},
238   {"pnni", 102},
239   {"pim", 103},
240   {"104", 104},
241   {"105", 105},
242   {"106", 106},
243   {"107", 107},
244   {"IPcomp", 108},
245   {"109", 109},
246   {"110", 110},
247   {"ipx-in-ip", 111},
248   {"vrrp", 112},
249   {"113", 113},
250   {"114", 114},
251   {"l2tp", 115},
252   {"116", 116},
253   {"117", 117},
254   {"118", 118},
255   {"119", 119},
256   {"120", 120},
257   {"121", 121},
258   {"122", 122},
259   {"123", 123},
260   {"isis", 124},
261   {"125", 125},
262   {"126", 126},
263   {"127", 127},
264   {"128", 128},
265   {"129", 129},
266   {"130", 130},
267   {"131", 131},
268   {"sctp", 132},
269   {"fc", 133},
270   {"", -1},
271 };
272 
273 /* cps = custom primitive semantics */
274 static const char __attribute__((unused)) *cps_type[] = {
275   "",
276   "u",
277   "x",
278   "s",
279   "s",
280   "s",
281   "s"
282 };
283 
284 static const int __attribute__((unused)) cps_flen[] = {
285   0,
286   3,
287   5,
288   0,
289   10,
290   0,
291   0,
292   0,
293   20
294 };
295 
296 static const char __attribute__((unused)) *bgp_origin[] = {
297   "i",
298   "e",
299   "u",
300   ""
301 };
302 
303 static const char __attribute__((unused)) *rpki_roa[] = {
304   "u",
305   "i",
306   "v",
307   "V",
308   "U"
309 };
310 
311 extern struct tunnel_entry tunnel_handlers_list[];
312 extern struct _devices_struct _devices[];
313 
314 #endif //PMACCT_DATA_H
315