1 /* 2 pmacct (Promiscuous mode IP Accounting package) 3 pmacct is Copyright (C) 2003-2020 by Paolo Lucente 4 */ 5 6 /* 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 2 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program; if not, write to the Free Software 19 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 20 */ 21 22 #ifndef PMACCT_DATA_H 23 #define PMACCT_DATA_H 24 25 /* defines */ 26 #define PLUGIN_ID_CORE 0 27 #define PLUGIN_ID_MEMORY 1 28 #define PLUGIN_ID_PRINT 2 29 #define PLUGIN_ID_NFPROBE 3 30 #define PLUGIN_ID_SFPROBE 4 31 #define PLUGIN_ID_MYSQL 5 32 #define PLUGIN_ID_PGSQL 6 33 #define PLUGIN_ID_SQLITE3 7 34 #define PLUGIN_ID_TEE 8 35 #define PLUGIN_ID_MONGODB 9 36 #define PLUGIN_ID_AMQP 10 37 #define PLUGIN_ID_KAFKA 11 38 #define PLUGIN_ID_UNKNOWN 255 39 40 /* vars */ 41 extern int protocols_number; 42 43 /* structures */ 44 static const struct _primitives_matrix_struct _primitives_matrix[] = { 45 /* primitive, pmacctd, uacctd, nfacctd, sfacctd, pmtelemetryd, pmbgpd, pmbmpd */ 46 {"L2", 1, 1, 1, 1, 0, 0, 0, ""}, 47 {"cos", 1, 0, 1, 1, 0, 0, 0, "Ethernet CoS, 802.1P"}, 48 {"etype", 1, 0, 1, 1, 0, 0, 0, "Ethernet Ethertype"}, 49 {"src_mac", 1, 1, 1, 1, 0, 0, 0, "Source MAC address"}, 50 {"dst_mac", 1, 1, 1, 1, 0, 0, 0, "Destination MAC address"}, 51 {"vlan", 1, 1, 1, 1, 0, 0, 0, "Ethernet VLAN, 802.1Q"}, 52 {"L3", 1, 1, 1, 1, 0, 0, 0, ""}, 53 {"src_host", 1, 1, 1, 1, 0, 0, 0, "Source IPv4/IPv6 address"}, 54 {"dst_host", 1, 1, 1, 1, 0, 0, 0, "Destination IPv4/IPv6 address"}, 55 {"src_mask", 1, 1, 1, 1, 0, 0, 0, "Source network mask"}, 56 {"dst_mask", 1, 1, 1, 1, 0, 0, 0, "Destination network mask"}, 57 {"src_net", 1, 1, 1, 1, 0, 0, 0, "Source IPv4/IPv6 prefix"}, 58 {"dst_net", 1, 1, 1, 1, 0, 0, 0, "Destination IPv4/IPv6 prefix"}, 59 {"proto", 1, 1, 1, 1, 0, 0, 0, "IP protocol"}, 60 {"tos", 1, 1, 1, 1, 0, 0, 0, "IP ToS"}, 61 {"L4", 1, 1, 1, 1, 0, 0, 0, ""}, 62 {"src_port", 1, 1, 1, 1, 0, 0, 0, "Source TCP/UDP port"}, 63 {"dst_port", 1, 1, 1, 1, 0, 0, 0, "Destination TCP/UDP port"}, 64 {"tcpflags", 1, 1, 1, 1, 0, 0, 0, "TCP flags"}, 65 {"BGP", 1, 1, 1, 1, 0, 0, 0, ""}, 66 {"src_as", 1, 1, 1, 1, 0, 0, 0, "Source ASN"}, 67 {"dst_as", 1, 1, 1, 1, 0, 0, 0, "Destination ASN"}, 68 {"as_path", 1, 1, 1, 1, 0, 0, 0, "AS PATH"}, 69 {"std_comm", 1, 1, 1, 1, 0, 0, 0, "Standard Communities"}, 70 {"ext_comm", 1, 1, 1, 1, 0, 0, 0, "Extended Communities"}, 71 {"lrg_comm", 1, 1, 1, 1, 0, 0, 0, "Large Communities"}, 72 {"local_pref", 1, 1, 1, 1, 0, 0, 0, "Local Preference"}, 73 {"med", 1, 1, 1, 1, 0, 0, 0, "Multi-Exit Discriminator"}, 74 {"src_as_path", 1, 1, 1, 1, 0, 0, 0, "Source AS PATH (via reverse BGP lookup)"}, 75 {"src_std_comm", 1, 1, 1, 1, 0, 0, 0, "Source Standard Communities (via reverse BGP lookup)"}, 76 {"src_ext_comm", 1, 1, 1, 1, 0, 0, 0, "Source Extended Communities (via reverse BGP lookup)"}, 77 {"src_lrg_comm", 1, 1, 1, 1, 0, 0, 0, "Source Large Communities (via reverse BGP lookup)"}, 78 {"src_local_pref", 1, 1, 1, 1, 0, 0, 0, "Source Local Preference (by default via reverse BGP lookup)"}, 79 {"src_med", 1, 1, 1, 1, 0, 0, 0, "Source MED (by default via reverse BGP lookup)"}, 80 {"peer_src_as", 1, 1, 1, 1, 0, 0, 0, "Source peer ASN (by default via reverse BGP lookup)"}, 81 {"peer_dst_as", 1, 1, 1, 1, 0, 0, 0, "Destination peer ASN"}, 82 {"peer_dst_ip", 1, 1, 1, 1, 0, 0, 0, "BGP next-hop"}, 83 {"NAT", 1, 1, 1, 1, 0, 0, 0, ""}, 84 {"fw_event", 0, 0, 1, 0, 0, 0, 0, "Firewall event ID"}, 85 {"nat_event", 0, 0, 1, 0, 0, 0, 0, "NAT event ID"}, 86 {"post_nat_src_host", 0, 0, 1, 0, 0, 0, 0, "Source IPv4/IPv6 address after NAT translation"}, 87 {"post_nat_dst_host", 0, 0, 1, 0, 0, 0, 0, "Destination IPv4/IPv6 address after NAT translation"}, 88 {"post_nat_src_port", 0, 0, 1, 0, 0, 0, 0, "Source TCP/UDP port after NAT translation"}, 89 {"post_nat_dst_port", 0, 0, 1, 0, 0, 0, 0, "Destination TCP/UDP port after NAT translation"}, 90 {"TUNNEL", 1, 1, 1, 1, 0, 0, 0, ""}, 91 {"vxlan", 1, 1, 1, 1, 0, 0, 0, "VXLAN Network Identifier"}, 92 {"tunnel_src_mac", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Source MAC address"}, 93 {"tunnel_dst_mac", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Destination MAC address"}, 94 {"tunnel_src_host", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Source IPv4/IPv6 address"}, 95 {"tunnel_dst_host", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Destination IPv4/IPv6 address"}, 96 {"tunnel_proto", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner IP protocol"}, 97 {"tunnel_tos", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner IP ToS"}, 98 {"tunnel_src_port", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Source TCP/UDP port"}, 99 {"tunnel_dst_port", 1, 1, 0, 1, 0, 0, 0, "Tunnel inner Destination TCP/UDP port"}, 100 {"MPLS", 1, 1, 1, 1, 0, 0, 0, ""}, 101 {"mpls_label_bottom", 1, 1, 1, 0, 0, 0, 0, "Bottom MPLS label"}, 102 {"mpls_label_top", 1, 1, 1, 0, 0, 0, 0, "Top MPLS label"}, 103 {"mpls_stack_depth", 1, 1, 1, 0, 0, 0, 0, "MPLS stack depth"}, 104 {"mpls_vpn_rd", 0, 0, 1, 1, 0, 0, 0, "MPLS L3 VPN Route Distinguisher"}, 105 {"mpls_pw_id", 0, 0, 1, 1, 0, 0, 0, "MPLS L2 VPN Pseudowire ID"}, 106 {"MISC", 1, 1, 1, 1, 0, 0, 0, ""}, 107 {"class", 1, 1, 1, 1, 0, 0, 0, "L7 protocol classification"}, 108 {"flows", 0, 0, 1, 0, 0, 0, 0, "IP flows"}, 109 {"src_host_country", 1, 1, 1, 1, 0, 0, 0, "Source IP address GeoIP resolution: country"}, 110 {"dst_host_country", 1, 1, 1, 1, 0, 0, 0, "Destination IP address GeoIP resolution: country"}, 111 {"src_host_pocode", 1, 1, 1, 1, 0, 0, 0, "Source IP address GeoIP resolution: postal code"}, 112 {"dst_host_pocode", 1, 1, 1, 1, 0, 0, 0, "Destination IP address GeoIP resolution: postal code"}, 113 {"src_host_coords", 1, 1, 1, 1, 0, 0, 0, "Source IP address GeoIP resolution: lat/lon coordinates"}, 114 {"dst_host_coords", 1, 1, 1, 1, 0, 0, 0, "Destination IP address GeoIP resolution: lat/lon coordinates"}, 115 {"in_iface", 0, 1, 1, 1, 0, 0, 0, "Input interface, SNMP ifIndex"}, 116 {"out_iface", 0, 1, 1, 1, 0, 0, 0, "Output interface, SNMP ifIndex"}, 117 {"peer_src_ip", 0, 0, 1, 1, 0, 0, 0, "IP address or identificator of telemetry exporting device"}, 118 {"sampling_rate", 1, 1, 1, 1, 0, 0, 0, "Sampling rate"}, 119 {"sampling_direction", 0, 0, 1, 0, 0, 0, 0, "Sampling direction (ie. ingress vs egress)"}, 120 {"tag", 1, 1, 1, 1, 0, 0, 0, "Numeric tag, ie. as result of pre_tag_map evaluation"}, 121 {"tag2", 1, 1, 1, 1, 0, 0, 0, "Numeric tag, ie. as result of pre_tag_map evaluation"}, 122 {"label", 1, 1, 1, 1, 0, 0, 0, "String label, ie. as result of pre_tag_map evaluation"}, 123 {"export_proto_seqno", 0, 0, 1, 1, 0, 0, 0, "Export protocol (ie. NetFlow) sequence number"}, 124 {"export_proto_version", 0, 0, 1, 1, 0, 0, 0, "Export protocol (ie. NetFlow) version"}, 125 {"export_proto_sysid", 0, 0, 1, 1, 0, 0, 0, "Export protocol ID (ie. sFlow subAgentID, IPFIX Obs Domain ID)"}, 126 {"src_roa", 1, 1, 1, 1, 0, 0, 0, "RPKI validation status for source IP prefix"}, 127 {"dst_roa", 1, 1, 1, 1, 0, 0, 0, "RPKI validation status for destination IP prefix"}, 128 {"TIME", 1, 1, 1, 1, 0, 0, 0, ""}, 129 {"timestamp_start", 0, 0, 1, 0, 0, 0, 0, "Flow start time or observation time at the exporter"}, 130 {"timestamp_end", 0, 0, 1, 0, 0, 0, 0, "Flow end time"}, 131 {"timestamp_arrival", 1, 1, 1, 1, 0, 0, 0, "Observation time at the collector"}, 132 {"", 0, 0, 0, 0, 0, 0, 0, ""} 133 }; 134 135 static const struct _protocols_struct _protocols[] = { 136 {"0", 0}, 137 {"icmp", 1}, 138 {"igmp", 2}, 139 {"ggp", 3}, 140 {"ipencap", 4}, 141 {"5", 5}, 142 {"tcp", 6}, 143 {"7", 7}, 144 {"egp", 8}, 145 {"igp", 9}, 146 {"10", 10}, 147 {"11", 11}, 148 {"12", 12}, 149 {"13", 13}, 150 {"14", 14}, 151 {"15", 15}, 152 {"16", 16}, 153 {"udp", 17}, 154 {"mux", 18}, 155 {"19", 19}, 156 {"20", 20}, 157 {"21", 21}, 158 {"22", 22}, 159 {"23", 23}, 160 {"24", 24}, 161 {"25", 25}, 162 {"26", 26}, 163 {"27", 27}, 164 {"28", 28}, 165 {"29", 29}, 166 {"30", 30}, 167 {"31", 31}, 168 {"32", 32}, 169 {"33", 33}, 170 {"34", 34}, 171 {"35", 35}, 172 {"36", 36}, 173 {"37", 37}, 174 {"38", 38}, 175 {"39", 39}, 176 {"40", 40}, 177 {"ipv6", 41}, 178 {"42", 42}, 179 {"ipv6-route", 43}, 180 {"ipv6-frag", 44}, 181 {"45", 45}, 182 {"rsvp", 46}, 183 {"gre", 47}, 184 {"48", 48}, 185 {"49", 49}, 186 {"esp", 50}, 187 {"ah", 51}, 188 {"52", 52}, 189 {"53", 53}, 190 {"54", 54}, 191 {"mobile", 55}, 192 {"tlsp", 56}, 193 {"57", 57}, 194 {"ipv6-icmp", 58}, 195 {"ipv6-nonxt", 59}, 196 {"ipv6-opts", 60}, 197 {"61", 61}, 198 {"62", 62}, 199 {"63", 63}, 200 {"64", 64}, 201 {"65", 65}, 202 {"66", 66}, 203 {"67", 67}, 204 {"68", 68}, 205 {"69", 69}, 206 {"70", 70}, 207 {"71", 71}, 208 {"72", 72}, 209 {"73", 73}, 210 {"74", 74}, 211 {"75", 75}, 212 {"76", 76}, 213 {"77", 77}, 214 {"78", 78}, 215 {"79", 79}, 216 {"iso-ip", 80}, 217 {"81", 81}, 218 {"82", 82}, 219 {"vines", 83}, 220 {"84", 84}, 221 {"85", 85}, 222 {"86", 86}, 223 {"87", 87}, 224 {"eigrp", 88}, 225 {"ospf", 89}, 226 {"90", 90}, 227 {"larp", 91}, 228 {"92", 92}, 229 {"ax.25", 93}, 230 {"ipip", 94}, 231 {"95", 95}, 232 {"96", 96}, 233 {"97", 97}, 234 {"encap", 98}, 235 {"99", 99}, 236 {"100", 100}, 237 {"101", 101}, 238 {"pnni", 102}, 239 {"pim", 103}, 240 {"104", 104}, 241 {"105", 105}, 242 {"106", 106}, 243 {"107", 107}, 244 {"IPcomp", 108}, 245 {"109", 109}, 246 {"110", 110}, 247 {"ipx-in-ip", 111}, 248 {"vrrp", 112}, 249 {"113", 113}, 250 {"114", 114}, 251 {"l2tp", 115}, 252 {"116", 116}, 253 {"117", 117}, 254 {"118", 118}, 255 {"119", 119}, 256 {"120", 120}, 257 {"121", 121}, 258 {"122", 122}, 259 {"123", 123}, 260 {"isis", 124}, 261 {"125", 125}, 262 {"126", 126}, 263 {"127", 127}, 264 {"128", 128}, 265 {"129", 129}, 266 {"130", 130}, 267 {"131", 131}, 268 {"sctp", 132}, 269 {"fc", 133}, 270 {"", -1}, 271 }; 272 273 /* cps = custom primitive semantics */ 274 static const char __attribute__((unused)) *cps_type[] = { 275 "", 276 "u", 277 "x", 278 "s", 279 "s", 280 "s", 281 "s" 282 }; 283 284 static const int __attribute__((unused)) cps_flen[] = { 285 0, 286 3, 287 5, 288 0, 289 10, 290 0, 291 0, 292 0, 293 20 294 }; 295 296 static const char __attribute__((unused)) *bgp_origin[] = { 297 "i", 298 "e", 299 "u", 300 "" 301 }; 302 303 static const char __attribute__((unused)) *rpki_roa[] = { 304 "u", 305 "i", 306 "v", 307 "V", 308 "U" 309 }; 310 311 extern struct tunnel_entry tunnel_handlers_list[]; 312 extern struct _devices_struct _devices[]; 313 314 #endif //PMACCT_DATA_H 315