1 /* 2 * Argus Software 3 * Copyright (c) 2000-2016 QoSient, LLC 4 * All rights reserved. 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2, or (at your option) 9 * any later version. 10 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 * 20 */ 21 22 /* 23 * $Id: //depot/argus/clients/include/argus_label.h#27 $ 24 * $DateTime: 2016/06/01 15:17:28 $ 25 * $Change: 3148 $ 26 */ 27 28 #ifndef ArgusLabeler_h 29 #define ArgusLabeler_h 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #if defined(ARGUS_GEOIP) 36 #include <GeoIP.h> 37 #endif 38 39 #define ARGUS_LABELER_COCODE 0x01 40 #define ARGUS_LABELER_ADDRESS 0x02 41 42 #define ARGUS_TREE_DEBUG 0x100 43 #define ARGUS_TREE_DEBUG_NODE 0x200 44 45 46 #define ARGUS_TREE 0x01 47 #define ARGUS_TREE_VISITED 0x02 48 #define ARGUS_NODE 0x04 49 #define ARGUS_VISITED 0x10 50 #define ARGUS_MOL 0x20 51 #define ARGUS_GRAPH 0x30 52 53 #define ARGUS_UNION 0x01 54 #define ARGUS_INTERSECT 0x02 55 #define ARGUS_REPLACE 0x03 56 57 struct ArgusGeoIPCityObject { 58 char *field, *format; 59 int length, index, offset, value; 60 }; 61 62 struct ArgusLabelerStruct { 63 int status, mask, inserts, prune; 64 int RaPrintLabelTreeMode; 65 int RaLabelIanaAddress; 66 int RaLabelIeeeAddress; 67 int RaLabelCountryCode; 68 int RaLabelBindName; 69 int RaLabelIanaPort; 70 int RaLabelArgusFlow; 71 72 #if defined(ARGUS_GEOIP) 73 int RaLabelGeoIPAsn; 74 GeoIP *RaGeoIPv4AsnObject; 75 GeoIP *RaGeoIPv6AsnObject; 76 77 int RaLabelGeoIPCity; 78 GeoIP *RaGeoIPv4CityObject; 79 GeoIP *RaGeoIPv6CityObject; 80 int RaLabelGeoIPCityLabels[16]; 81 #endif 82 83 struct RaPolicyStruct *drap, *rap; 84 struct RaFlowModelStruct *fmodel; 85 struct ArgusQueueStruct *queue; 86 struct ArgusHashTable htable; 87 struct ArgusHashStruct hstruct; 88 89 struct RaAddressStruct **ArgusAddrTree; 90 struct RaAddressStruct **ArgusRIRTree; 91 92 struct RaPortStruct **ArgusTCPPortLabels; 93 struct RaPortStruct **ArgusUDPPortLabels; 94 struct ArgusQueueStruct *ArgusFlowQueue; 95 }; 96 97 #define ARGUS_EXACT_MATCH 0x00 98 #define ARGUS_LONGEST_MATCH 0x01 99 #define ARGUS_ANY_MATCH 0x02 100 #define ARGUS_NODE_MATCH 0x04 101 102 struct RaAddressStruct { 103 struct ArgusQueueHeader qhdr; 104 struct RaAddressStruct *l, *r, *p; 105 struct ArgusRecordStruct *ns; 106 107 struct ArgusCIDRAddr addr; 108 109 int offset, count, status; 110 char *str, *label, *dns; 111 char cco[4]; 112 float x, y, z; 113 }; 114 115 116 struct RaPortStruct { 117 struct ArgusQueueHeader qhdr; 118 unsigned short proto, start, end; 119 int offset, count, status; 120 char *label, *desc; 121 }; 122 123 124 struct RaFlowLabelStruct { 125 struct ArgusQueueHeader qhdr; 126 int status, cont; 127 char *filterstr, *labelstr, *grepstr, *colorstr; 128 struct nff_program filter; 129 }; 130 131 132 #if defined(ArgusLabel) 133 134 /* 135 struct ArgusGeoIPCityObject { 136 char *field, *format; 137 int length, index, offset, value; 138 } 139 */ 140 141 #define ARGUS_GEOIP_TOTAL_OBJECTS 14 142 143 struct ArgusGeoIPCityObject ArgusGeoIPCityObjects[ARGUS_GEOIP_TOTAL_OBJECTS] = { 144 { "", "%s", 0, 0, 0, 0}, 145 #define ARGUS_GEOIP_COUNTRY_CODE 1 146 { "cco", "%s", 3, 2, 0, ARGUS_GEOIP_COUNTRY_CODE}, 147 #define ARGUS_GEOIP_COUNTRY_CODE_3 2 148 { "cco3", "%s", 4, 3, 0, ARGUS_GEOIP_COUNTRY_CODE_3}, 149 #define ARGUS_GEOIP_COUNTRY_NAME 3 150 { "cname", "%s", 5, 128, 0, ARGUS_GEOIP_COUNTRY_NAME}, 151 #define ARGUS_GEOIP_REGION 4 152 { "region", "%s", 6, 128, 0, ARGUS_GEOIP_REGION}, 153 #define ARGUS_GEOIP_CITY_NAME 5 154 { "city", "%s", 4, 128, 0, ARGUS_GEOIP_CITY_NAME}, 155 #define ARGUS_GEOIP_POSTAL_CODE 6 156 { "pcode", "%s", 5, 16, 0, ARGUS_GEOIP_POSTAL_CODE}, 157 #define ARGUS_GEOIP_LATITUDE 7 158 { "lat", "%f", 3, 16, 0, ARGUS_GEOIP_LATITUDE}, 159 #define ARGUS_GEOIP_LONGITUDE 8 160 { "lon", "%f", 3, 16, 0, ARGUS_GEOIP_LONGITUDE}, 161 #define ARGUS_GEOIP_METRO_CODE 9 162 { "metro", "%d", 5, 16, 0, ARGUS_GEOIP_METRO_CODE}, 163 #define ARGUS_GEOIP_AREA_CODE 10 164 { "area", "%d", 4, 16, 0, ARGUS_GEOIP_AREA_CODE}, 165 #define ARGUS_GEOIP_CHARACTER_SET 11 166 { "charset", "%d", 7, 16, 0, ARGUS_GEOIP_CHARACTER_SET}, 167 #define ARGUS_GEOIP_CONTINENT_CODE 12 168 { "cont", "%s", 4, 16, 0, ARGUS_GEOIP_CONTINENT_CODE}, 169 #define ARGUS_GEOIP_NETMASK 13 170 { "netmask", "%d", 7, 4, 0, ARGUS_GEOIP_NETMASK}, 171 }; 172 173 int RaLabelParseResourceFile (struct ArgusParserStruct *, struct ArgusLabelerStruct *, char *); 174 175 struct ArgusLabelerStruct *ArgusNewLabeler (struct ArgusParserStruct *, int); 176 void ArgusDeleteLabeler (struct ArgusParserStruct *, struct ArgusLabelerStruct *); 177 178 struct ArgusLabelerStruct *ArgusLabeler = NULL; 179 struct ArgusRecordStruct *ArgusLabelRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 180 int ArgusAddToRecordLabel (struct ArgusParserStruct *, struct ArgusRecordStruct *, char *); 181 182 183 void RaPrintLabelTree (struct ArgusLabelerStruct *, struct RaAddressStruct *, int, int); 184 185 struct RaAddressStruct *RaFindAddress (struct ArgusParserStruct *, struct RaAddressStruct *, struct RaAddressStruct *, int); 186 struct RaAddressStruct *RaInsertAddress (struct ArgusParserStruct *, struct ArgusLabelerStruct *, struct RaAddressStruct *, struct RaAddressStruct *, int); 187 188 char *RaPruneAddressTree (struct ArgusLabelerStruct *, struct RaAddressStruct *); 189 190 int RaReadAddressConfig (struct ArgusParserStruct *, struct ArgusLabelerStruct *, char *); 191 int RaReadPortConfig (struct ArgusParserStruct *, struct ArgusLabelerStruct *, char *); 192 int RaReadFlowLabels (struct ArgusParserStruct *, struct ArgusLabelerStruct *, char *); 193 194 void RaMapLabelMol (struct ArgusLabelerStruct *, struct RaAddressStruct *, int, int, int, int); 195 void RaPrintLabelMol (struct ArgusLabelerStruct *, struct RaAddressStruct *, int, int, int, int); 196 void RaPrintLabelTree (struct ArgusLabelerStruct *, struct RaAddressStruct *, int, int); 197 198 int RaCountryCodeLabel (struct ArgusParserStruct *, struct ArgusRecordStruct *); 199 char *RaAddressLabel (struct ArgusParserStruct *, struct ArgusRecordStruct *); 200 char *RaLabelIANAAddressType (struct ArgusParserStruct *, struct ArgusRecordStruct *); 201 char *RaFetchIPv4AddressLabel(struct ArgusParserStruct *, unsigned int *); 202 char *RaPortLabel (struct ArgusParserStruct *, struct ArgusRecordStruct *, char *, int); 203 char *RaFlowLabel (struct ArgusParserStruct *, struct ArgusRecordStruct *, char *, int); 204 char *RaFlowColor (struct ArgusParserStruct *, struct ArgusRecordStruct *); 205 char *RaFetchIPPortLabel(struct ArgusParserStruct *, unsigned short, unsigned short); 206 207 #else 208 209 extern int RaLabelParseResourceFile (struct ArgusParserStruct *, struct ArgusLabelerStruct *, char *); 210 211 extern struct ArgusLabelerStruct *ArgusNewLabeler (struct ArgusParserStruct *, int); 212 extern void ArgusDeleteLabeler (struct ArgusParserStruct *, struct ArgusLabelerStruct *); 213 extern struct ArgusLabelerStruct *ArgusLabeler; 214 extern void RaPrintLabelTree (struct ArgusLabelerStruct *, struct RaAddressStruct *, int, int); 215 216 extern struct ArgusRecordStruct *ArgusLabelRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 217 extern int ArgusAddToRecordLabel (struct ArgusParserStruct *, struct ArgusRecordStruct *, char *); 218 219 extern struct RaAddressStruct *RaFindAddress (struct ArgusParserStruct *, struct RaAddressStruct *, struct RaAddressStruct *, int); 220 extern struct RaAddressStruct *RaInsertAddress (struct ArgusParserStruct *, struct ArgusLabelerStruct *, struct RaAddressStruct *, struct RaAddressStruct *, int); 221 extern char *RaPruneAddressTree (struct ArgusLabelerStruct *, struct RaAddressStruct *, int); 222 223 extern int RaReadAddressConfig (struct ArgusParserStruct *, struct ArgusLabelerStruct *, char *); 224 extern int RaReadPortConfig (struct ArgusParserStruct *, struct ArgusLabelerStruct *, char *); 225 extern int RaReadFlowLabels (struct ArgusParserStruct *, struct ArgusLabelerStruct *, char *); 226 227 extern void RaMapLabelMol (struct ArgusLabelerStruct *, struct RaAddressStruct *, int, int, int, int); 228 extern void RaPrintLabelMol (struct ArgusLabelerStruct *, struct RaAddressStruct *, int, int, int, int); 229 extern void RaPrintLabelTree (struct ArgusLabelerStruct *, struct RaAddressStruct *, int, int); 230 231 extern int RaCountryCodeLabel (struct ArgusParserStruct *, struct ArgusRecordStruct *); 232 extern char *RaAddressLabel (struct ArgusParserStruct *, struct ArgusRecordStruct *); 233 extern char *RaLabelIANAAddressType (struct ArgusParserStruct *, struct ArgusRecordStruct *); 234 extern char *RaFetchIPv4AddressLabel(struct ArgusParserStruct *, unsigned int *); 235 extern char *RaPortLabel (struct ArgusParserStruct *, struct ArgusRecordStruct *, char *, int); 236 extern char *RaFlowLabel (struct ArgusParserStruct *, struct ArgusRecordStruct *, char *, int); 237 extern char *RaFlowColor (struct ArgusParserStruct *, struct ArgusRecordStruct *); 238 extern char *RaFetchIPPortLabel(struct ArgusParserStruct *, unsigned short, unsigned short); 239 240 #endif 241 #ifdef __cplusplus 242 } 243 #endif 244 #endif 245 246