xref: /openbsd/sys/net/if_pflow.h (revision 0b9ea278) 
1 /*	$OpenBSD: if_pflow.h,v 1.23 2023/12/16 22:16:02 mvs Exp $	*/
2 
3 /*
4  * Copyright (c) 2008 Henning Brauer <henning@openbsd.org>
5  * Copyright (c) 2008 Joerg Goltermann <jg@osn.de>
6  *
7  * Permission to use, copy, modify, and distribute this software for any
8  * purpose with or without fee is hereby granted, provided that the above
9  * copyright notice and this permission notice appear in all copies.
10  *
11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
16  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
17  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 #ifndef _NET_IF_PFLOW_H_
21 #define _NET_IF_PFLOW_H_
22 
23 #define PFLOW_ID_LEN	sizeof(u_int64_t)
24 
25 #define PFLOW_MAXFLOWS 30
26 #define PFLOW_ENGINE_TYPE 42
27 #define PFLOW_ENGINE_ID 42
28 #define PFLOW_MAXBYTES 0xffffffff
29 #define PFLOW_TIMEOUT 30
30 #define PFLOW_TMPL_TIMEOUT 30 /* rfc 5101 10.3.6 (p.40) recommends 600 */
31 
32 #define PFLOW_IPFIX_TMPL_SET_ID 2
33 
34 /* RFC 5102 Information Element Identifiers */
35 
36 #define PFIX_IE_octetDeltaCount			  1
37 #define PFIX_IE_packetDeltaCount		  2
38 #define PFIX_IE_protocolIdentifier		  4
39 #define PFIX_IE_ipClassOfService		  5
40 #define PFIX_IE_sourceTransportPort		  7
41 #define PFIX_IE_sourceIPv4Address		  8
42 #define PFIX_IE_ingressInterface		 10
43 #define PFIX_IE_destinationTransportPort	 11
44 #define PFIX_IE_destinationIPv4Address		 12
45 #define PFIX_IE_egressInterface			 14
46 #define PFIX_IE_flowEndSysUpTime		 21
47 #define PFIX_IE_flowStartSysUpTime		 22
48 #define PFIX_IE_sourceIPv6Address		 27
49 #define PFIX_IE_destinationIPv6Address		 28
50 #define PFIX_IE_flowStartMilliseconds		152
51 #define PFIX_IE_flowEndMilliseconds		153
52 
53 struct pflow_flow {
54 	u_int32_t	src_ip;
55 	u_int32_t	dest_ip;
56 	u_int32_t	nexthop_ip;
57 	u_int16_t	if_index_in;
58 	u_int16_t	if_index_out;
59 	u_int32_t	flow_packets;
60 	u_int32_t	flow_octets;
61 	u_int32_t	flow_start;
62 	u_int32_t	flow_finish;
63 	u_int16_t	src_port;
64 	u_int16_t	dest_port;
65 	u_int8_t	pad1;
66 	u_int8_t	tcp_flags;
67 	u_int8_t	protocol;
68 	u_int8_t	tos;
69 	u_int16_t	src_as;
70 	u_int16_t	dest_as;
71 	u_int8_t	src_mask;
72 	u_int8_t	dest_mask;
73 	u_int16_t	pad2;
74 } __packed;
75 
76 struct pflow_set_header {
77 	u_int16_t	set_id;
78 	u_int16_t	set_length; /* total length of the set,
79 				       in octets, including the set header */
80 } __packed;
81 
82 #define PFLOW_SET_HDRLEN sizeof(struct pflow_set_header)
83 
84 struct pflow_tmpl_hdr {
85 	u_int16_t	tmpl_id;
86 	u_int16_t	field_count;
87 } __packed;
88 
89 struct pflow_tmpl_fspec {
90 	u_int16_t	field_id;
91 	u_int16_t	len;
92 } __packed;
93 
94 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_ipv4 */
95 struct pflow_ipfix_tmpl_ipv4 {
96 	struct pflow_tmpl_hdr	h;
97 	struct pflow_tmpl_fspec	src_ip;
98 	struct pflow_tmpl_fspec	dest_ip;
99 	struct pflow_tmpl_fspec	if_index_in;
100 	struct pflow_tmpl_fspec	if_index_out;
101 	struct pflow_tmpl_fspec	packets;
102 	struct pflow_tmpl_fspec	octets;
103 	struct pflow_tmpl_fspec	start;
104 	struct pflow_tmpl_fspec	finish;
105 	struct pflow_tmpl_fspec	src_port;
106 	struct pflow_tmpl_fspec	dest_port;
107 	struct pflow_tmpl_fspec	tos;
108 	struct pflow_tmpl_fspec	protocol;
109 #define PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT 12
110 #define PFLOW_IPFIX_TMPL_IPV4_ID 256
111 } __packed;
112 
113 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_v6 */
114 struct pflow_ipfix_tmpl_ipv6 {
115 	struct pflow_tmpl_hdr	h;
116 	struct pflow_tmpl_fspec	src_ip;
117 	struct pflow_tmpl_fspec	dest_ip;
118 	struct pflow_tmpl_fspec	if_index_in;
119 	struct pflow_tmpl_fspec	if_index_out;
120 	struct pflow_tmpl_fspec	packets;
121 	struct pflow_tmpl_fspec	octets;
122 	struct pflow_tmpl_fspec	start;
123 	struct pflow_tmpl_fspec	finish;
124 	struct pflow_tmpl_fspec	src_port;
125 	struct pflow_tmpl_fspec	dest_port;
126 	struct pflow_tmpl_fspec	tos;
127 	struct pflow_tmpl_fspec	protocol;
128 #define PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT 12
129 #define PFLOW_IPFIX_TMPL_IPV6_ID 257
130 } __packed;
131 
132 struct pflow_ipfix_tmpl {
133 	struct pflow_set_header	set_header;
134 	struct pflow_ipfix_tmpl_ipv4	ipv4_tmpl;
135 	struct pflow_ipfix_tmpl_ipv6	ipv6_tmpl;
136 } __packed;
137 
138 struct pflow_ipfix_flow4 {
139 	u_int32_t	src_ip;		/* sourceIPv4Address*/
140 	u_int32_t	dest_ip;	/* destinationIPv4Address */
141 	u_int32_t	if_index_in;	/* ingressInterface */
142 	u_int32_t	if_index_out;	/* egressInterface */
143 	u_int64_t	flow_packets;	/* packetDeltaCount */
144 	u_int64_t	flow_octets;	/* octetDeltaCount */
145 	int64_t		flow_start;	/* flowStartMilliseconds */
146 	int64_t		flow_finish;	/* flowEndMilliseconds */
147 	u_int16_t	src_port;	/* sourceTransportPort */
148 	u_int16_t	dest_port;	/* destinationTransportPort */
149 	u_int8_t	tos;		/* ipClassOfService */
150 	u_int8_t	protocol;	/* protocolIdentifier */
151 	/* XXX padding needed? */
152 } __packed;
153 
154 struct pflow_ipfix_flow6 {
155 	struct in6_addr src_ip;		/* sourceIPv6Address */
156 	struct in6_addr dest_ip;	/* destinationIPv6Address */
157 	u_int32_t	if_index_in;	/* ingressInterface */
158 	u_int32_t	if_index_out;	/* egressInterface */
159 	u_int64_t	flow_packets;	/* packetDeltaCount */
160 	u_int64_t	flow_octets;	/* octetDeltaCount */
161 	int64_t		flow_start;	/* flowStartMilliseconds */
162 	int64_t		flow_finish;	/* flowEndMilliseconds */
163 	u_int16_t	src_port;	/* sourceTransportPort */
164 	u_int16_t	dest_port;	/* destinationTransportPort */
165 	u_int8_t	tos;		/* ipClassOfService */
166 	u_int8_t	protocol;	/* protocolIdentifier */
167 	/* XXX padding needed? */
168 } __packed;
169 
170 #ifdef _KERNEL
171 
172 #include <sys/smr.h>
173 
174 /*
175  * Locks used to protect struct members and global data
176  *       I       immutable after creation
177  *       m       this pflow_softc' `sc_mtx'
178  *       p       this pflow_softc' `sc_lock'
179  */
180 
181 struct pflow_softc {
182 	struct mutex		 sc_mtx;
183 	struct rwlock		 sc_lock;
184 
185 	int			 sc_dying;	/* [p] */
186 	struct ifnet		 sc_if;
187 
188 	unsigned int		 sc_count;	/* [m] */
189 	unsigned int		 sc_count4;	/* [m] */
190 	unsigned int		 sc_count6;	/* [m] */
191 	unsigned int		 sc_maxcount;	/* [m] */
192 	unsigned int		 sc_maxcount4;	/* [m] */
193 	unsigned int		 sc_maxcount6;	/* [m] */
194 	u_int32_t		 sc_gcounter;	/* [m] */
195 	u_int32_t		 sc_sequence;	/* [m] */
196 	struct timeout		 sc_tmo;
197 	struct timeout		 sc_tmo6;
198 	struct timeout		 sc_tmo_tmpl;
199 	struct mbuf_queue	 sc_outputqueue;
200 	struct task		 sc_outputtask;
201 	struct socket		*so;		/* [p] */
202 	struct mbuf		*send_nam;	/* [p] */
203 	struct sockaddr		*sc_flowsrc;	/* [p] */
204 	struct sockaddr		*sc_flowdst;	/* [p] */
205 	struct pflow_ipfix_tmpl	 sc_tmpl_ipfix;	/* [I] */
206 	u_int8_t		 sc_version;	/* [m] */
207 	struct mbuf		*sc_mbuf;	/* [m] current cumulative
208 						    mbuf */
209 	struct mbuf		*sc_mbuf6;	/* [m] current cumulative
210 						    mbuf */
211 	SMR_SLIST_ENTRY(pflow_softc) sc_next;
212 };
213 
214 extern struct pflow_softc	*pflowif;
215 
216 #endif /* _KERNEL */
217 
218 struct pflow_header {
219 	u_int16_t	version;
220 	u_int16_t	count;
221 	u_int32_t	uptime_ms;
222 	u_int32_t	time_sec;
223 	u_int32_t	time_nanosec;
224 	u_int32_t	flow_sequence;
225 	u_int8_t	engine_type;
226 	u_int8_t	engine_id;
227 	u_int8_t	reserved1;
228 	u_int8_t	reserved2;
229 } __packed;
230 
231 #define PFLOW_HDRLEN sizeof(struct pflow_header)
232 
233 struct pflow_v10_header {
234 	u_int16_t	version;
235 	u_int16_t	length;
236 	u_int32_t	time_sec;
237 	u_int32_t	flow_sequence;
238 	u_int32_t	observation_dom;
239 } __packed;
240 
241 #define PFLOW_IPFIX_HDRLEN sizeof(struct pflow_v10_header)
242 
243 struct pflowstats {
244 	u_int64_t	pflow_flows;
245 	u_int64_t	pflow_packets;
246 	u_int64_t	pflow_onomem;
247 	u_int64_t	pflow_oerrors;
248 };
249 
250 /* Supported flow protocols */
251 #define PFLOW_PROTO_5	5	/* original pflow */
252 #define PFLOW_PROTO_10	10	/* ipfix */
253 #define PFLOW_PROTO_MAX	11
254 
255 #define PFLOW_PROTO_DEFAULT PFLOW_PROTO_5
256 
257 struct pflow_protos {
258 	const char	*ppr_name;
259 	u_int8_t	 ppr_proto;
260 };
261 
262 #define PFLOW_PROTOS {                                 \
263 		{ "5",	PFLOW_PROTO_5 },	       \
264 		{ "10",	PFLOW_PROTO_10 },	       \
265 }
266 
267 /*
268  * Configuration structure for SIOCSETPFLOW SIOCGETPFLOW
269  */
270 struct pflowreq {
271 	struct sockaddr_storage	flowsrc;
272 	struct sockaddr_storage	flowdst;
273 	u_int16_t		addrmask;
274 	u_int8_t		version;
275 #define PFLOW_MASK_SRCIP	0x01
276 #define PFLOW_MASK_DSTIP	0x02
277 #define PFLOW_MASK_VERSION	0x04
278 };
279 
280 #ifdef _KERNEL
281 int export_pflow(struct pf_state *);
282 int pflow_sysctl(int *, u_int,  void *, size_t *, void *, size_t);
283 #endif /* _KERNEL */
284 
285 #endif /* _NET_IF_PFLOW_H_ */
286