1 /* 2 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 3 ** Copyright (C) 2010-2013 Sourcefire, Inc. 4 ** Author: Michael R. Altizer <mialtize@cisco.com> 5 ** 6 ** This program is free software; you can redistribute it and/or modify 7 ** it under the terms of the GNU General Public License Version 2 as 8 ** published by the Free Software Foundation. You may not use, modify or 9 ** distribute this program under any other version of the GNU General 10 ** Public License. 11 ** 12 ** This program is distributed in the hope that it will be useful, 13 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 ** GNU General Public License for more details. 16 ** 17 ** You should have received a copy of the GNU General Public License 18 ** along with this program; if not, write to the Free Software 19 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 */ 21 22 #ifndef _DAQ_COMMON_H 23 #define _DAQ_COMMON_H 24 25 #ifdef __cplusplus 26 extern "C" { 27 #endif 28 29 #include <netinet/in.h> 30 #include <sys/time.h> 31 #include <stdint.h> 32 #include <unistd.h> 33 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) 34 #include <sys/socket.h> 35 #endif 36 37 // Comprehensive version number covering all elements of this header 38 #define DAQ_COMMON_API_VERSION 0x00030003 39 40 #ifndef DAQ_SO_PUBLIC 41 # ifdef HAVE_VISIBILITY 42 # define DAQ_SO_PUBLIC __attribute__ ((visibility("default"))) 43 # define DAQ_SO_PRIVATE __attribute__ ((visibility("hidden"))) 44 # else 45 # define DAQ_SO_PUBLIC 46 # define DAQ_SO_PRIVATE 47 # endif 48 #endif 49 50 #define DAQ_LINKAGE DAQ_SO_PUBLIC 51 52 typedef const struct _daq_module_api *DAQ_Module_h; 53 typedef struct _daq_module_config *DAQ_ModuleConfig_h; 54 typedef struct _daq_config *DAQ_Config_h; 55 typedef struct _daq_instance *DAQ_Instance_h; 56 typedef struct _daq_module_instance *DAQ_ModuleInstance_h; 57 typedef const struct _daq_msg *DAQ_Msg_h; 58 59 #define DAQ_SUCCESS 0 /* Success! */ 60 #define DAQ_ERROR -1 /* Generic error */ 61 #define DAQ_ERROR_NOMEM -2 /* Out of memory error */ 62 #define DAQ_ERROR_NODEV -3 /* No such device error */ 63 #define DAQ_ERROR_NOTSUP -4 /* Functionality is unsupported error */ 64 #define DAQ_ERROR_NOMOD -5 /* No module specified error */ 65 #define DAQ_ERROR_NOCTX -6 /* No context specified error */ 66 #define DAQ_ERROR_INVAL -7 /* Invalid argument/request error */ 67 #define DAQ_ERROR_EXISTS -8 /* Argument or device already exists */ 68 #define DAQ_ERROR_AGAIN -9 /* Try again */ 69 70 typedef enum 71 { 72 DAQ_RSTAT_OK = 0, 73 DAQ_RSTAT_WOULD_BLOCK, 74 DAQ_RSTAT_TIMEOUT, 75 DAQ_RSTAT_EOF, 76 DAQ_RSTAT_INTERRUPTED, 77 DAQ_RSTAT_NOBUF, 78 DAQ_RSTAT_ERROR, 79 DAQ_RSTAT_INVALID, 80 MAX_DAQ_RSTAT 81 } DAQ_RecvStatus; 82 83 typedef enum 84 { 85 DAQ_MSG_TYPE_PACKET = 1, /* Packet data */ 86 DAQ_MSG_TYPE_PAYLOAD, /* Payload data */ 87 DAQ_MSG_TYPE_SOF, /* Start of Flow statistics */ 88 DAQ_MSG_TYPE_EOF, /* End of Flow statistics */ 89 DAQ_MSG_TYPE_HA_STATE, /* HA State blob */ 90 LAST_BUILTIN_DAQ_MSG_TYPE = 1024, /* End of reserved space for "official" DAQ message types. 91 Any externally defined message types should be larger than this. */ 92 MAX_DAQ_MSG_TYPE = UINT16_MAX 93 } DAQ_MsgType; 94 95 /* NOTE: The internals of this message structure are only visible for performance reasons and 96 for use by DAQ modules. Applications should use the pseudo-opaque DAQ_Msg_h and the inline 97 accessor functions (daq_msg_*) from daq.h. */ 98 99 /* The DAQ message structure. Ordered by element size to avoid padding. */ 100 #define DAQ_MSG_META_SLOTS 8 101 typedef struct _daq_msg 102 { 103 void *hdr; /* Pointer to the message header structure for this message */ 104 uint8_t *data; /* Pointer to the variable-length message data (Optional) */ 105 void *meta[DAQ_MSG_META_SLOTS]; /* Dynamic message metadata slots */ 106 DAQ_ModuleInstance_h owner; /* Handle for the module instance this message belongs to */ 107 void *priv; /* Pointer to module instance's private data for this message (Optional) */ 108 size_t hdr_len; /* Length of the header structure pointed to by 'hdr' */ 109 DAQ_MsgType type; /* Message type (one of DAQ_MsgType or from the user-defined range) */ 110 uint32_t data_len; /* Length of the data pointed to by 'data'. Should be 0 if 'data' is NULL */ 111 } DAQ_Msg_t; 112 113 /* The DAQ packet header structure. */ 114 #define DAQ_PKT_FLAG_OPAQUE_IS_VALID 0x0001 /* The DAQ module actively set the opaque value in the DAQ packet header. */ 115 #define DAQ_PKT_FLAG_NOT_FORWARDING 0x0002 /* The DAQ module will not be actively forwarding this packet 116 regardless of the verdict (e.g, Passive or Inline Tap interfaces). */ 117 #define DAQ_PKT_FLAG_PRE_ROUTING 0x0004 /* The packet is being routed via us but packet modifications 118 (MAC and TTL) have not yet been made. */ 119 #define DAQ_PKT_FLAG_IGNORE_VLAN 0x0008 /* Ignore vlan tags in the packet */ 120 #define DAQ_PKT_FLAG_FLOWID_IS_VALID 0x0010 /* The DAQ module actively set the flow ID value in the DAQ packet header. */ 121 #define DAQ_PKT_FLAG_LOCALLY_DESTINED 0x0020 /* The packet is destined for local delivery */ 122 #define DAQ_PKT_FLAG_LOCALLY_ORIGINATED 0x0040 /* The packet was originated locally */ 123 #define DAQ_PKT_FLAG_SCRUBBED_TCP_OPTS 0x0080 /* Scrubbed tcp options may be available */ 124 #define DAQ_PKT_FLAG_HA_STATE_AVAIL 0x0100 /* HA State is availble for the flow this packet is associated with. */ 125 #define DAQ_PKT_FLAG_ERROR_PACKET 0x0200 /* Lower level reports that the packet has errors. */ 126 #define DAQ_PKT_FLAG_TRACE_ENABLED 0x0400 /* Tracing due to packet trace or capture with trace */ 127 #define DAQ_PKT_FLAG_SIMULATED 0x0800 /* Packet is simulated/virtual */ 128 #define DAQ_PKT_FLAG_NEW_FLOW 0x1000 /* The packet was the first of a new flow. */ 129 #define DAQ_PKT_FLAG_REV_FLOW 0x2000 /* The packet is going the reverse direction of the flow initiator.*/ 130 #define DAQ_PKT_FLAG_DEBUG_ENABLED 0x4000 /* The packet has been flagged for debugging by the lower layer. */ 131 #define DAQ_PKT_FLAG_SIGNIFICANT_GROUPS 0x8000 /* Interface groups should be used for flow classification. */ 132 133 #define DAQ_PKTHDR_UNKNOWN -1 /* Ingress or Egress not known */ 134 #define DAQ_PKTHDR_FLOOD -2 /* Egress is flooding */ 135 typedef struct _daq_pkt_hdr 136 { 137 struct timeval ts; /* Timestamp */ 138 uint32_t pktlen; /* Original length of this packet (off the wire) */ 139 int32_t ingress_index; /* Index of the inbound interface. */ 140 int32_t egress_index; /* Index of the outbound interface. */ 141 int16_t ingress_group; /* Index of the inbound group. */ 142 int16_t egress_group; /* Index of the outbound group. */ 143 uint32_t opaque; /* Opaque context value from the DAQ module or underlying hardware. 144 Directly related to the opaque value in DAQ_FlowStats_t. */ 145 uint32_t flow_id; /* Flow ID value provided from the DAQ module or underlying hardware. */ 146 uint32_t flags; /* Flags for the packet (DAQ_PKT_FLAG_*) */ 147 uint16_t address_space_id; /* Unique ID of the address space */ 148 } DAQ_PktHdr_t; 149 150 #define DAQ_PKT_META_NAPT_INFO 0 151 #define DAQ_PKT_META_DECODE_DATA 1 152 #define DAQ_PKT_META_TCP_ACK_DATA 2 153 154 /* "Real" address and port information for Network Address and Port Translated (NAPT'd) connections. 155 This represents the destination addresses and ports seen on egress in both directions. */ 156 #define DAQ_NAPT_INFO_FLAG_SIP_V6 0x01 /* The source address is IPv6 */ 157 #define DAQ_NAPT_INFO_FLAG_DIP_V6 0x02 /* The destination address is IPv6 */ 158 typedef struct _daq_napt_info 159 { 160 struct in6_addr src_addr; 161 struct in6_addr dst_addr; 162 uint16_t src_port; 163 uint16_t dst_port; 164 uint8_t flags; 165 uint8_t ip_layer; 166 } DAQ_NAPTInfo_t; 167 168 /* Decoded packet information parsed from the Packet message's data. Currently, all fields refer 169 to the first protocol of each layer encountered (no information is conveyed about encapsulated 170 duplicate protocols like IP-in-IP). The offsets for layers not found are set to 171 DAQ_PKT_DECODE_OFFSET_INVALID. */ 172 typedef union _daq_pkt_decode_flags 173 { 174 uint32_t all; 175 176 struct 177 { 178 uint32_t l2:1; /* Parsed known L2 protocol */ 179 uint32_t l2_checksum:1; /* L2 checksum was calculated and validated. */ 180 uint32_t l3:1; /* Parsed known L3 protocol */ 181 uint32_t l3_checksum:1; /* L3 checksum was calculated and validated. */ 182 uint32_t l4:1; /* Parsed known L4 protocol */ 183 uint32_t l4_checksum:1; /* L4 checksum was calculated and validated. */ 184 185 uint32_t checksum_error:1; /* One or more checksum errors were encountered during parsing. */ 186 187 uint32_t vlan:1; /* Parsed VLAN header */ 188 uint32_t vlan_qinq:1; /* Stacked VLAN header (QinQ) found and parsed */ 189 190 /* Well-known L2 protocols (found and parsed) */ 191 uint32_t ethernet:1; /* Ethernet II */ 192 193 /* Well-known L3 protocols (found and parsed) */ 194 uint32_t ipv4:1; /* IPv4 */ 195 uint32_t ipv6:1; /* IPv6 */ 196 197 /* Well-known L4 protocols (found and parsed) */ 198 uint32_t udp:1; /* UDP */ 199 uint32_t tcp:1; /* TCP */ 200 uint32_t icmp:1; /* ICMP */ 201 202 /* Decoded TCP observations */ 203 uint32_t tcp_opt_mss:1; /* TCP Option MSS seen */ 204 uint32_t tcp_opt_ws:1; /* TCP Option Window Scale seen */ 205 uint32_t tcp_opt_ts:1; /* TCP Option Timestamp seen */ 206 } bits; 207 } DAQ_PktDecodeFlags_t; 208 209 #define DAQ_PKT_DECODE_OFFSET_INVALID 0xffff 210 typedef struct _daq_pkt_decode_data 211 { 212 DAQ_PktDecodeFlags_t flags; 213 uint16_t l2_offset; /* Start of the first L2 header. */ 214 uint16_t l3_offset; /* Start of the first L3 header. */ 215 uint16_t l4_offset; /* Start of the first L4 header. */ 216 uint16_t payload_offset; /* First byte past all successfully decoded headers. */ 217 uint16_t checksum_offset; /* End of the last decoded header without checksum errors. */ 218 } DAQ_PktDecodeData_t; 219 220 /* Relevant contents of empty TCP ACK packets that have been elided by the dataplane. This 221 metadata should only be populated on a subsequent TCP data packet on the same flow headed in 222 the opposite direction. */ 223 typedef struct _daq_pkt_tcp_ack_data 224 { 225 uint32_t tcp_ack_seq_num; /* TCP Ack Number for elided ACK (in network byte order) */ 226 uint16_t tcp_window_size; /* TCP Window Size for elided ACK (in network byte order) */ 227 } DAQ_PktTcpAckData_t; 228 229 typedef struct _daq_flow_desc 230 { 231 /* Interface/Flow ID/Address Space Information */ 232 int32_t ingress_index; /* Index of the inbound interface */ 233 int32_t egress_index; /* Index of the outbound interface */ 234 int16_t ingress_group; /* Index of the inbound group */ 235 int16_t egress_group; /* Index of the outbound group */ 236 uint32_t flow_id; /* Flow ID value provided from the DAQ module or underlying hardware. */ 237 uint16_t addr_space_id; /* Address space this traffic belongs to */ 238 /* L2 Information */ 239 uint16_t vlan_tag; 240 /* L3 Information */ 241 union 242 { 243 struct in_addr in_addr; 244 struct in6_addr in6_addr; 245 } src_addr; 246 union 247 { 248 struct in_addr in_addr; 249 struct in6_addr in6_addr; 250 } dst_addr; 251 uint8_t family; 252 /* L4 Information */ 253 uint8_t protocol; 254 uint16_t src_port; 255 uint16_t dst_port; 256 } DAQ_FlowDesc_t; 257 258 #define DAQ_PLD_FLAG_REVERSED 0x1 /* L3/L4 addresses/ports are the reverse of the flow desc */ 259 typedef struct _daq_payload_hdr 260 { 261 struct timeval ts; /* Timestamp */ 262 uint32_t flags; /* Flags for the payload (DAQ_PLD_FLAG_*) */ 263 DAQ_FlowDesc_t flow_desc; /* Description of the flow this payload came from */ 264 } DAQ_PayloadHdr_t; 265 266 /* HA state binary blob descriptor used for DAQ_MSG_TYPE_HA_STATE. */ 267 typedef struct _daq_ha_state_data 268 { 269 uint32_t length; 270 void *data; 271 } DAQ_HA_State_Data_t; 272 273 #define DAQ_FS_FLAG_SIGNIFICANT_GROUPS 0x1 274 #define DAQ_FS_FLAG_LOGGING_OPTIONAL 0x2 275 276 /* Flow statistics structure used for DAQ_MSG_TYPE_SOF and DAQ_MSG_TYPE_EOF. */ 277 typedef struct _daq_flow_stats 278 { 279 int16_t ingress_group; 280 int16_t egress_group; 281 int32_t ingress_intf; 282 int32_t egress_intf; 283 /* The IP addresses should be IPv6 or IPv6 representation of IPv4 (::FFFF:<ipv4>) */ 284 uint8_t initiator_ip[16]; 285 uint8_t responder_ip[16]; 286 uint16_t initiator_port; 287 uint16_t responder_port; 288 uint32_t opaque; 289 uint64_t initiator_pkts; /* Not populated for SoF stats. */ 290 uint64_t responder_pkts; /* Not populated for SoF stats. */ 291 uint64_t initiator_bytes; /* Not populated for SoF stats. */ 292 uint64_t responder_bytes; /* Not populated for SoF stats. */ 293 /* QoS related variables */ 294 uint64_t initiator_pkts_dropped; /* Not populated for SoF stats. */ 295 uint64_t responder_pkts_dropped; /* Not populated for SoF stats. */ 296 uint64_t initiator_bytes_dropped; /* Not populated for SoF stats. */ 297 uint64_t responder_bytes_dropped; /* Not populated for SoF stats. */ 298 uint8_t is_qos_applied_on_src_intf; /* Not populated for SoF stats. */ 299 struct timeval sof_timestamp; 300 struct timeval eof_timestamp; /* Not populated for SoF stats. */ 301 uint16_t vlan_tag; 302 uint16_t address_space_id; 303 uint8_t protocol; 304 uint8_t flags; 305 } DAQ_FlowStats_t; 306 307 /* Packet verdicts passed to daq_msg_finalize(). */ 308 typedef enum 309 { 310 DAQ_VERDICT_PASS, /* Pass the packet. */ 311 DAQ_VERDICT_BLOCK, /* Block the packet. */ 312 DAQ_VERDICT_REPLACE, /* Pass a packet that has been modified in-place. (No resizing allowed!) */ 313 DAQ_VERDICT_WHITELIST, /* Pass the packet and fastpath all future packets in the same flow systemwide. */ 314 DAQ_VERDICT_BLACKLIST, /* Block the packet and block all future packets in the same flow systemwide. */ 315 DAQ_VERDICT_IGNORE, /* Pass the packet and fastpath all future packets in the same flow for this application. */ 316 MAX_DAQ_VERDICT 317 } DAQ_Verdict; 318 319 typedef enum 320 { 321 DAQ_MODE_NONE, 322 DAQ_MODE_PASSIVE, 323 DAQ_MODE_INLINE, 324 DAQ_MODE_READ_FILE, 325 MAX_DAQ_MODE 326 } DAQ_Mode; 327 328 #define DAQ_VAR_DESC_REQUIRES_ARGUMENT 0x01 329 #define DAQ_VAR_DESC_FORBIDS_ARGUMENT 0x02 330 typedef struct _daq_variable_desc 331 { 332 const char *name; 333 const char *description; 334 uint32_t flags; 335 } DAQ_VariableDesc_t; 336 337 typedef enum 338 { 339 DAQ_STATE_UNINITIALIZED, 340 DAQ_STATE_INITIALIZED, 341 DAQ_STATE_STARTED, 342 DAQ_STATE_STOPPED, 343 DAQ_STATE_UNKNOWN, 344 MAX_DAQ_STATE 345 } DAQ_State; 346 347 typedef struct _daq_stats 348 { 349 uint64_t hw_packets_received; /* Packets received by the hardware */ 350 uint64_t hw_packets_dropped; /* Packets dropped by the hardware */ 351 uint64_t packets_received; /* Packets received by this instance */ 352 uint64_t packets_filtered; /* Packets filtered by this instance's BPF */ 353 uint64_t packets_injected; /* Packets injected by this instance */ 354 uint64_t verdicts[MAX_DAQ_VERDICT]; /* Counters of packets handled per-verdict. */ 355 } DAQ_Stats_t; 356 357 typedef struct _daq_msg_pool_info 358 { 359 uint32_t size; 360 uint32_t available; 361 size_t mem_size; 362 } DAQ_MsgPoolInfo_t; 363 364 365 /* DAQ module type flags */ 366 #define DAQ_TYPE_FILE_CAPABLE 0x01 /* can read from a file */ 367 #define DAQ_TYPE_INTF_CAPABLE 0x02 /* can open live interfaces */ 368 #define DAQ_TYPE_INLINE_CAPABLE 0x04 /* can form an inline bridge */ 369 #define DAQ_TYPE_MULTI_INSTANCE 0x08 /* can be instantiated multiple times */ 370 #define DAQ_TYPE_NO_UNPRIV 0x10 /* can not run unprivileged */ 371 #define DAQ_TYPE_WRAPPER 0x20 /* must decorate another DAQ module */ 372 373 /* DAQ module capability flags */ 374 #define DAQ_CAPA_NONE 0x00000000 /* no capabilities */ 375 #define DAQ_CAPA_BLOCK 0x00000001 /* can block packets */ 376 #define DAQ_CAPA_REPLACE 0x00000002 /* can replace/modify packet data (up to the original data size) */ 377 #define DAQ_CAPA_INJECT 0x00000004 /* can inject packets */ 378 #define DAQ_CAPA_WHITELIST 0x00000008 /* can whitelist flows */ 379 #define DAQ_CAPA_BLACKLIST 0x00000010 /* can blacklist flows */ 380 #define DAQ_CAPA_UNPRIV_START 0x00000020 /* can call start() without root privileges */ 381 #define DAQ_CAPA_INTERRUPT 0x00000040 /* can call interrupt() to abort a receive call early */ 382 #define DAQ_CAPA_BPF 0x00000080 /* can call set_filter() to establish a BPF */ 383 #define DAQ_CAPA_DEVICE_INDEX 0x00000100 /* can consistently fill the device_index field in DAQ_PktHdr */ 384 #define DAQ_CAPA_INJECT_RAW 0x00000200 /* injection of raw packets (no layer-2 headers) */ 385 #define DAQ_CAPA_DECODE_GTP 0x00000400 /* decodes and tracks flows within GTP. */ 386 #define DAQ_CAPA_DECODE_TEREDO 0x00000800 /* decodes and tracks flows within Teredo. */ 387 #define DAQ_CAPA_DECODE_GRE 0x00001000 /* decodes and tracks flows within GRE. */ 388 #define DAQ_CAPA_DECODE_4IN4 0x00002000 /* decodes and tracks flows of IPv4 within IPv4. */ 389 #define DAQ_CAPA_DECODE_6IN4 0x00004000 /* decodes and tracks flows of IPv6 within IPv4. */ 390 #define DAQ_CAPA_DECODE_4IN6 0x00008000 /* decodes and tracks flows of IPv4 within IPv6. */ 391 #define DAQ_CAPA_DECODE_6IN6 0x00010000 /* decodes and tracks flows of IPv6 within IPv6. */ 392 #define DAQ_CAPA_DECODE_MPLS 0x00020000 /* decodes and tracks flows within MPLS. */ 393 #define DAQ_CAPA_DECODE_VXLAN 0x00040000 /* decodes and tracks flows within VXLAN. */ 394 395 /* 396 * DAQ I/O Controls (DIOCTLs) 397 */ 398 typedef enum 399 { 400 DIOCTL_GET_DEVICE_INDEX = 1, 401 DIOCTL_SET_FLOW_OPAQUE, 402 DIOCTL_SET_FLOW_HA_STATE, 403 DIOCTL_GET_FLOW_HA_STATE, 404 DIOCTL_SET_FLOW_QOS_ID, 405 DIOCTL_SET_PACKET_TRACE_DATA, 406 DIOCTL_SET_PACKET_VERDICT_REASON, 407 DIOCTL_SET_FLOW_PRESERVE, 408 DIOCTL_GET_FLOW_TCP_SCRUBBED_SYN, 409 DIOCTL_GET_FLOW_TCP_SCRUBBED_SYN_ACK, 410 DIOCTL_CREATE_EXPECTED_FLOW, 411 DIOCTL_DIRECT_INJECT_PAYLOAD, 412 DIOCTL_DIRECT_INJECT_RESET, 413 LAST_BUILTIN_DIOCTL_CMD = 1024, /* End of reserved space for "official" DAQ ioctl commands. 414 Any externally defined ioctl commands should be larger than this. */ 415 MAX_DIOCTL_CMD = UINT16_MAX 416 } DAQ_IoctlCmd; 417 418 /* 419 * Command: DIOCTL_GET_DEVICE_INDEX 420 * Description: Given a device name, query the index (as used in ingress/egress_index) associated with it. 421 * Argument: DIOCTL_QueryDeviceIndex 422 */ 423 typedef struct 424 { 425 const char *device; // [in] Device name being queried 426 int index; // [out] Index of the queried device 427 } DIOCTL_QueryDeviceIndex; 428 429 /* 430 * Command: DIOCTL_SET_FLOW_OPAQUE 431 * Description: Set a 32-bit opaque value on the flow associated with the DAQ message. 432 * Argument: DIOCTL_SetFlowOpaque 433 */ 434 typedef struct 435 { 436 DAQ_Msg_h msg; // [in] Message belonging to the flow to be modified 437 uint32_t value; // [in] The 32-bit opaque value to be set 438 } DIOCTL_SetFlowOpaque; 439 440 /* 441 * Command: DIOCTL_SET_FLOW_HA_STATE 442 * Description: Store a binary HA state blob on the flow associated with the DAQ message. 443 * Argument: DIOCTL_FlowHAState 444 * 445 * Command: DIOCTL_GET_FLOW_HA_STATE 446 * Description: Retrieve the binary HA state blob on the flow associated with the DAQ message. 447 * Argument: DIOCTL_FlowHAState 448 */ 449 typedef struct 450 { 451 DAQ_Msg_h msg; // [in] Message belonging to the flow to be modified 452 uint8_t *data; // [in] (SET_FLOW_HA_STATE) / [out] (GET_FLOW_HA_STATE) HA state blob data 453 uint32_t length; // [in] (SET_FLOW_HA_STATE) / [out] (GET_FLOW_HA_STATE) HA state blob size 454 } DIOCTL_FlowHAState; 455 456 /* 457 * Command: DIOCTL_SET_FLOW_QOS_ID 458 * Description: Set the rule ID on the flow associated with the DAQ message. 459 * Argument: DIOCTL_SetFlowQosID 460 */ 461 typedef struct 462 { 463 DAQ_Msg_h msg; // [in] Message belonging to the flow to be modified 464 uint64_t qos_id; // [in] QoS Rule ID (low 32b), QoS Flags (high 32b) 465 } DIOCTL_SetFlowQosID; 466 467 /* 468 * Command: DIOCTL_SET_PACKET_TRACE_DATA 469 * Description: Add verdict reason and tracing text to the packet associated with the DAQ message. 470 * Argument: DIOCTL_SetPacketTraceData 471 */ 472 typedef struct 473 { 474 DAQ_Msg_h msg; // [in] Message to add tracing data to 475 uint8_t verdict_reason; // [in] Magic integer (0-255) reflecting the reason for the application's 476 // verdict on this message 477 uint32_t trace_data_len; // [in] Tracing data length 478 uint8_t *trace_data; // [in] Tracing data (ASCII text) 479 } DIOCTL_SetPacketTraceData; 480 481 /* 482 * Command: DIOCTL_SET_PACKET_VERDICT_REASON 483 * Description: Add verdict reason to the packet associated with the DAQ message. 484 * Argument: DIOCTL_SetPacketVerdictReason 485 */ 486 typedef struct 487 { 488 DAQ_Msg_h msg; // [in] Message to add verdict reason to 489 uint8_t verdict_reason; // [in] Magic integer (0-255) reflecting the reason for the application's 490 // verdict on this message 491 } DIOCTL_SetPacketVerdictReason; 492 493 /* 494 * Command: DIOCTL_SET_FLOW_PRESERVE 495 * Description: Enable preserving the flow associated with the DAQ message when the 496 * application is unavailable. 497 * Argument: DAQ_Msg_h (Message belonging to the flow to be modified) 498 */ 499 500 /* 501 * Command: DIOCTL_GET_FLOW_TCP_SCRUBBED_SYN 502 * Description: Retrieve unmodified TCP options from the SYN for the flow associated with the DAQ message. 503 * Argument: DIOCTL_GetFlowScrubbedTcp 504 * 505 * Command: DIOCTL_GET_FLOW_TCP_SCRUBBED_SYN_ACK 506 * Description: Retrieve unmodified TCP options from the SYN-ACK for the flow associated with the DAQ message. 507 * Argument: DIOCTL_GetFlowScrubbedTcp 508 */ 509 typedef enum 510 { 511 DAQ_TCP_OPTS_MSS_CHANGED = 0x01, 512 DAQ_TCP_OPTS_WIN_SCALE_CHANGED = 0x02, 513 DAQ_TCP_OPTS_SACK_CHANGED = 0x04, 514 DAQ_TCP_OPTS_TS_CHANGED = 0x08, 515 } DAQ_TCP_Opts_flags_t; 516 517 typedef struct _daq_tcp_opts 518 { 519 uint8_t flags; // DAQ_TCP_OPTS_* 520 uint8_t window_scale; 521 uint16_t mss; 522 uint8_t window_scale_position; 523 uint8_t ts_position; 524 uint8_t mss_position; 525 uint8_t sack_ok_position; 526 uint32_t ts_value; 527 } DAQ_TCP_Opts_t; 528 529 typedef struct 530 { 531 DAQ_Msg_h msg; // [in] Message associated with the flow being queried 532 DAQ_TCP_Opts_t *tcp_opts; // [out] Original TCP options prior to modification by the dataplane 533 } DIOCTL_GetFlowScrubbedTcp; 534 535 /* 536 * Command: DIOCTL_CREATE_EXPECTED_FLOW 537 * Description: Create an expected flow in the dataplane based on an N-tuple with some optional wildcards. 538 * Argument: DIOCTL_CreateExpectedFlow 539 */ 540 #define DAQ_EFLOW_TUNNEL_TYPE_NON_TUNNEL 0 541 #define DAQ_EFLOW_TUNNEL_TYPE_GTP_TUNNEL 1 542 #define DAQ_EFLOW_TUNNEL_TYPE_MPLS_TUNNEL 2 543 #define DAQ_EFLOW_TUNNEL_TYPE_OTHER_TUNNEL 3 544 typedef struct _daq_eflow_key 545 { 546 uint16_t src_af; /* AF_INET or AF_INET6 */ 547 uint16_t dst_af; /* AF_INET or AF_INET6 */ 548 union 549 { 550 struct in_addr src_ip4; 551 struct in6_addr src_ip6; 552 } sa; 553 union 554 { 555 struct in_addr dst_ip4; 556 struct in6_addr dst_ip6; 557 } da; 558 uint8_t protocol; /* TCP or UDP (IPPROTO_TCP or IPPROTO_UDP )*/ 559 uint16_t src_port; /* TCP/UDP source port */ 560 uint16_t dst_port; /* TCP/UDP destination port */ 561 uint16_t address_space_id; /* Address Space ID */ 562 uint16_t tunnel_type; /* Tunnel type (DAQ_DP_TUNNEL_TYPE_*) */ 563 uint16_t vlan_id; /* VLAN ID */ 564 uint16_t vlan_cnots; /* VLAN ID is a C-Tag (0x8100) rather than an S-Tag (0x8a88) */ 565 } DAQ_EFlow_Key_t; 566 567 #define DAQ_EFLOW_FLOAT 0x01 /* the expected flow can float to a different reader */ 568 #define DAQ_EFLOW_ALLOW_MULTIPLE 0x02 /* allow multiple connections to use the same expected flow entry */ 569 #define DAQ_EFLOW_PERSIST 0x04 /* expected flow entry persists even if control channel terminates */ 570 #define DAQ_EFLOW_BIDIRECTIONAL 0x08 /* create expected flow in both direction */ 571 572 typedef struct 573 { 574 DAQ_Msg_h ctrl_msg; // [in] Message containing the companion control channel packet 575 DAQ_EFlow_Key_t key; // [in] Flow key describing the expected flow 576 unsigned flags; /* DAQ_EFLOW_* flags*/ 577 unsigned timeout_ms;/* timeout of the expected flow entry in milliseconds */ 578 uint8_t* data; /* [Future] opaque data blob to return with the expected flow */ 579 unsigned length; /* [Future] length of the opaque data blob */ 580 } DIOCTL_CreateExpectedFlow; 581 582 /* 583 * Command: DIOCTL_DIRECT_INJECT_PAYLOAD 584 * Description: Directly inject L5 payload data on a flow relative to the reference message. The module 585 * should handle any packetizing necessary to get the data onto the wire. 586 * Argument: DIOCTL_DirectInjectPayload 587 */ 588 typedef struct 589 { 590 const uint8_t *data; 591 uint32_t length; 592 } DAQ_DIPayloadSegment; 593 594 typedef struct 595 { 596 DAQ_Msg_h msg; // [in] Message belonging to the flow to be injected on 597 const DAQ_DIPayloadSegment **segments; // [in] Array of data segments to be injected 598 uint8_t num_segments; // [in] Number of elements in the data segment array 599 uint8_t reverse; // [in] If non-zero, inject the data in the opposite direction 600 // relative to the message 601 } DIOCTL_DirectInjectPayload; 602 603 /* 604 * Command: DIOCTL_DIRECT_INJECT_RESET 605 * Description: Directly inject an L4 reset on a flow relative to the reference message. The module 606 * should handle any packet generation necessary to get the reset onto the wire. 607 * Argument: DIOCTL_DirectInjectReset 608 */ 609 #define DAQ_DIR_FORWARD 0 // Forward injection 610 #define DAQ_DIR_REVERSE 1 // Reverse injection 611 #define DAQ_DIR_BOTH 2 // Both forward and reverse injection 612 typedef struct 613 { 614 DAQ_Msg_h msg; // [in] Message belonging to the flow to be injected on 615 uint8_t direction; // [in] Direction in which to inject the reset relative to the message (DAQ_DIR_*) 616 } DIOCTL_DirectInjectReset; 617 618 #ifdef __cplusplus 619 } 620 #endif 621 622 #endif /* _DAQ_COMMON_H */ 623