1 /* 2 ** Copyright (C) 2011-2020 by Carnegie Mellon University. 3 ** 4 ** @OPENSOURCE_LICENSE_START@ 5 ** See license information in ../../LICENSE.txt 6 ** @OPENSOURCE_LICENSE_END@ 7 */ 8 9 /* 10 ** silk_types.h 11 ** 12 ** A place to gather commonly used defines, typedefs, and enumerations. 13 ** 14 */ 15 16 #ifndef _SILK_TYPES_H 17 #define _SILK_TYPES_H 18 #ifdef __cplusplus 19 extern "C" { 20 #endif 21 22 #include <silk/silk.h> 23 24 RCSIDENTVAR(rcsID_SILK_TYPES_H, "$SiLK: silk_types.h ef14e54179be 2020-04-14 21:57:45Z mthomas $"); 25 26 /** 27 * @file 28 * 29 * The typedefs and some common macros used throughout the SiLK 30 * code base. 31 * 32 * This file is part of libsilk. 33 */ 34 35 36 /* ***** IP ADDRESS / SOCKADDR ********************************** */ 37 38 /** 39 * The IP address structure. Most code should use skipaddr_t 40 * instead of skIPUnion_t. Users should not deference directly, 41 * use the macros specified in skipaddr.h to get/set the value. 42 */ 43 typedef union skipunion_un { 44 uint32_t ipu_ipv4; 45 #if SK_ENABLE_IPV6 46 uint8_t ipu_ipv6[16]; 47 #endif 48 } skIPUnion_t; 49 50 /** 51 * An IP address structure that knows the version of IP address it 52 * contains. Do not deference directly, instead use the macros 53 * specified in skipaddr.h to get/set the value 54 */ 55 typedef struct skipaddr_st { 56 skIPUnion_t ip_ip; 57 #if SK_ENABLE_IPV6 58 unsigned ip_is_v6 :1; 59 #endif 60 } skipaddr_t; 61 62 /** 63 * Flags that determine the string representation of an IP as 64 * returned by skipaddrString() and other functions declared in 65 * utils.h 66 */ 67 typedef enum { 68 /** 69 * Canonical format: dotted quad for IPv4 and colon-separated 70 * hexadecimal for IPv6. This format calls the inet_ntop(3) 71 * function which uses a mixture of IPv4 and IPV6 addresss for 72 * IPv6 addresses that occur in the ::ffff:0:0/96 and ::/96 73 * netblocks (except ::/127), such as ::192.0.2.1 and 74 * ::ffff:192.0.2.1. 75 * 76 * The maximum length of this string is 15 for IPv4, 39 for IPv6, 77 * 18 for IPv4/CIDR, 43 for IPv6/CIDR. 78 * 79 * May be used with SKIPADDR_ZEROPAD and either SKIPADDR_MAP_V4 80 * or SKIPADDR_UNMAP_V6. 81 */ 82 SKIPADDR_CANONICAL = 0, 83 /** 84 * Value as an integer number, printed as decimal. 85 * 86 * The maximum length of this string is 10 for IPv4, 39 for IPv6, 87 * 13 for IPv4/CIDR, 43 for IPv6/CIDR. 88 * 89 * May be used with SKIPADDR_ZEROPAD and either SKIPADDR_MAP_V4 90 * or SKIPADDR_UNMAP_V6. 91 */ 92 SKIPADDR_DECIMAL = 1u, 93 /** 94 * Value as an integer number, printed as hexadecimal. 95 * 96 * The maximum length of this string is 8 for IPv4, 32 for IPv6, 97 * 11 for IPv4/CIDR, 36 for IPv6/CIDR. 98 * 99 * May be used with SKIPADDR_ZEROPAD and either 100 * SKIPADDR_MAP_V4 or SKIPADDR_UNMAP_V6. 101 */ 102 SKIPADDR_HEXADECIMAL = 2u, 103 /** 104 * Print IPv4 addresses in the canonical form. Print IPv6 in the 105 * canonical form but use only hexadecimal numbers and never a 106 * mixture of IPv4 and IPv6. That is, prints ::c000:201 instead 107 * of ::192.0.2.1. 108 * 109 * May be used with SKIPADDR_ZEROPAD and either SKIPADDR_MAP_V4 110 * or SKIPADDR_UNMAP_V6. 111 * 112 * Since SiLK 3.17.0. 113 */ 114 SKIPADDR_NO_MIXED = 3u, 115 /** 116 * Apply any other formatting, and then pad with zeros to expand 117 * the string to the maximum width: Each IPv4 octet has three 118 * characters, each IPv6 hexadectet has 4 characters, decimal and 119 * hexadecimal numbers have leading zeros. Useful for string 120 * comparisons. 121 * 122 * May be used with any other skipaddr_flags_t. 123 */ 124 SKIPADDR_ZEROPAD = (1u << 7), 125 /** 126 * Map each IPv4 address into the IPv6 ::ffff:0:0/96 netblock and 127 * then apply other formatting. Has no effect on IPv6 addresses. 128 * 129 * May be used with any other skipaddr_flags_t except 130 * SKIPADDR_UNMAP_V6. 131 * 132 * Since SiLK 3.17.0. 133 */ 134 SKIPADDR_MAP_V4 = (1u << 8), 135 /** 136 * For each IPv4-mapped IPv6 address (i.e., IPv6 addresses in the 137 * ::ffff:0:0/96 netblock), convert the address to IPv4 and then 138 * apply other formatting. Has no effect on IPv4 addresses or on 139 * IPv6 addresses outside of the ::ffff:0:0/96 netblock. 140 * 141 * May be used with any other skipaddr_flags_t except 142 * SKIPADDR_MAP_V4 and SKIPADDR_FORCE_IPV6. 143 * 144 * Since SiLK 3.17.0. 145 */ 146 SKIPADDR_UNMAP_V6 = (1u << 9), 147 /** 148 * Map each IPv4 address into the IPv6 ::ffff:0:0/96 netblock and 149 * then apply the SKIPADDR_NO_MIXED format. 150 * 151 * May be used with SKIPADDR_ZEROPAD. 152 */ 153 SKIPADDR_FORCE_IPV6 = (SKIPADDR_MAP_V4 | SKIPADDR_NO_MIXED) 154 } skipaddr_flags_t; 155 156 /** 157 * Minimum required size of character buffer that holds the printed 158 * representation of an IP address. skipaddrString() expects (and 159 * assumes) a buffer of at least this size. 160 * 161 * The length is taken from INET6_ADDRSTRLEN used by inet_ntop(), 162 * which can return "0000:0000:0000:0000:0000:ffff:000.000.000.000" 163 */ 164 #define SKIPADDR_STRLEN 46 165 #define SK_NUM2DOT_STRLEN SKIPADDR_STRLEN 166 167 /** 168 * Minimum required size of character buffer that holds the printed 169 * representation of an IP address, a slash ('/'), and a CIDR 170 * prefix (netblock) designation. skipaddrCidrString() expects 171 * (and assumes) a buffer of at least this size. 172 * 173 * Since SiLK 3.18.0. 174 */ 175 #define SKIPADDR_CIDR_STRLEN (SKIPADDR_STRLEN + 4) 176 177 /** 178 * How to handle IPv6 Flow records. 179 */ 180 typedef enum sk_ipv6policy_en { 181 /** completely ignore IPv6 flows */ 182 SK_IPV6POLICY_IGNORE = -2, 183 /** convert IPv6 flows to IPv4 if possible, else ignore */ 184 SK_IPV6POLICY_ASV4 = -1, 185 /** mix IPv4 and IPv6 flows in the result--this is the default */ 186 SK_IPV6POLICY_MIX = 0, 187 /** force IPv4 flows to be converted to IPv6 */ 188 SK_IPV6POLICY_FORCE = 1, 189 /** only return IPv6 flows that were marked as IPv6 */ 190 SK_IPV6POLICY_ONLY = 2 191 } sk_ipv6policy_t; 192 193 /** 194 * A special structure of IP Addresses. It is defined in utils.h 195 */ 196 typedef struct skIPWildcard_st skIPWildcard_t; 197 198 199 /** 200 * A union that encompasses the various struct sockaddr types. 201 * Macros and functions for manipulating these are in utils.h. 202 */ 203 typedef union sk_sockaddr_un { 204 struct sockaddr sa; 205 struct sockaddr_in v4; 206 struct sockaddr_in6 v6; 207 struct sockaddr_un un; 208 } sk_sockaddr_t; 209 210 /** 211 * The sk_sockaddr_array_t structure represents multiple 212 * representations of an address and/or port. Macros and functions 213 * for manipulating these are in utils.h. 214 */ 215 typedef struct sk_sockaddr_array_st { 216 /* the host-name/-address or NULL for INADDR_ANY */ 217 char *name; 218 /* the host:port pair; uses '*' for INADDR_ANY */ 219 char *host_port_pair; 220 /* array of sockets */ 221 sk_sockaddr_t *addrs; 222 /* number of entries in 'addrs' */ 223 uint32_t num_addrs; 224 } sk_sockaddr_array_t; 225 226 227 /* ***** TIME *************************************************** */ 228 229 /** 230 * sktime_t is milliseconds since the UNIX epoch. Macros and 231 * functions for manipulating these are in utils.h. 232 * 233 * Value is signed, like time_t. 234 */ 235 typedef int64_t sktime_t; 236 237 /** 238 * Minimum size of buffer to pass to sktimestamp_r(). 239 */ 240 #define SKTIMESTAMP_STRLEN 28 241 242 243 /* ***** FLOW RECORDS (RWREC) *********************************** */ 244 245 /** 246 * The generic SiLK Flow record returned from ANY file format 247 * containing packed SiLK Flow records. It is defined in rwrec.h 248 */ 249 typedef struct rwGenericRec_V5_st rwGenericRec_V5; 250 typedef rwGenericRec_V5 rwRec; 251 252 /** 253 * The maximum size of a SiLK Flow record. 254 */ 255 #define SK_MAX_RECORD_SIZE 104 256 257 /** 258 * Number of possible SNMP interface index values 259 */ 260 #define SK_SNMP_INDEX_LIMIT 65536 261 262 263 264 /* ***** STREAM / FILE FORMATS ********************************** */ 265 266 /** 267 * Interface to a file containing SiLK Data---flow records or 268 * IPsets, etc---is an skstream_t. See skstream.h. 269 */ 270 typedef struct skstream_st skstream_t; 271 272 /** 273 * Type to hold the ID of the various SiLK file formats. The 274 * format IDs begin with FT_ and are listed in silk_files.h. 275 */ 276 typedef uint8_t sk_file_format_t; 277 typedef sk_file_format_t fileFormat_t SK_GCC_DEPRECATED; 278 279 /** 280 * The value for an invalid or unrecognized file format. 281 * 282 * Since SiLK 3.13.0. 283 */ 284 #define SK_INVALID_FILE_FORMAT ((sk_file_format_t)0xFF) 285 286 /** 287 * The strlen() of the names of file formats will be this size or 288 * less. 289 */ 290 #define SK_MAX_STRLEN_FILE_FORMAT 32 291 292 /** 293 * A version of the file format. 294 */ 295 typedef uint8_t sk_file_version_t; 296 typedef sk_file_version_t fileVersion_t SK_GCC_DEPRECATED; 297 298 /** 299 * Value meaning that any file version is valid 300 */ 301 #define SK_RECORD_VERSION_ANY ((sk_file_version_t)0xFF) 302 303 /** 304 * The compression method used to write the data section of a file. 305 * The known compression methods are listed in silk_files.h. 306 */ 307 typedef uint8_t sk_compmethod_t; 308 309 /** 310 * The value for an invalid or unrecognized compression method 311 */ 312 #define SK_INVALID_COMPMETHOD ((sk_compmethod_t)0xFF) 313 314 /** 315 * Values that specify how a stream/file is to be opened. 316 */ 317 typedef enum { 318 SK_IO_READ = 1, 319 SK_IO_WRITE = 2, 320 SK_IO_APPEND = 4 321 } skstream_mode_t; 322 323 /** 324 * What type of content the stream contains 325 */ 326 typedef enum { 327 /** stream contains line-oriented text */ 328 SK_CONTENT_TEXT = (1 << 0), 329 /** stream contains a SiLK file header and SiLK Flow data */ 330 SK_CONTENT_SILK_FLOW = (1 << 1), 331 /** stream contains a SiLK file header and data (non-Flow data) */ 332 SK_CONTENT_SILK = (1 << 2), 333 /** stream contains binary data other than SiLK */ 334 SK_CONTENT_OTHERBINARY = (1 << 3) 335 } skcontent_t; 336 337 338 339 /* ***** CLASS / TYPE / SENSORS ********************************* */ 340 341 /* Most of the functions for manipulating these are declared in 342 * sksite.h */ 343 344 /** 345 * Type to hold a class ID. A class is not actually stored in 346 * packed records (see sk_flowtype_id_t). 347 */ 348 typedef uint8_t sk_class_id_t; 349 typedef sk_class_id_t classID_t SK_GCC_DEPRECATED; 350 351 /** 352 * The maximum number of classes that may be allocated. (All valid 353 * class IDs must be less than this number.) 354 */ 355 #define SK_MAX_NUM_CLASSES ((sk_class_id_t)32) 356 357 /** 358 * The value for an invalid or unrecognized class. 359 */ 360 #define SK_INVALID_CLASS ((sk_class_id_t)0xFF) 361 362 /** 363 * A flowtype is a class/type pair. It has a unique name and 364 * unique ID. 365 */ 366 typedef uint8_t sk_flowtype_id_t; 367 typedef sk_flowtype_id_t flowtypeID_t SK_GCC_DEPRECATED; 368 369 /** 370 * The maximum number of flowtypes that may be allocated. (All 371 * valid flowtype IDs must be less than this number.) 372 */ 373 #define SK_MAX_NUM_FLOWTYPES ((sk_flowtype_id_t)0xFF) 374 375 /** 376 * The value for an invalid or unrecognized flow-type value 377 */ 378 #define SK_INVALID_FLOWTYPE ((sk_flowtype_id_t)0xFF) 379 380 /** 381 * The strlen() of the names of flowtypes, classes, and types will 382 * be this size or less. Add 1 to allow for the NUL byte. 383 */ 384 #define SK_MAX_STRLEN_FLOWTYPE 32 385 386 /** 387 * Type to hold a sensor ID. Usually, a sensor is a router or 388 * other flow collector. 389 */ 390 typedef uint16_t sk_sensor_id_t; 391 typedef sk_sensor_id_t sensorID_t SK_GCC_DEPRECATED; 392 393 /** 394 * The maximum number of sensors that may be allocated. (All valid 395 * sensor IDs must be less than this number. 396 */ 397 #define SK_MAX_NUM_SENSORS ((sk_sensor_id_t)0xFFFF) 398 399 /** 400 * The value for an invalid or unrecognized sensor. 401 */ 402 #define SK_INVALID_SENSOR ((sk_sensor_id_t)0xFFFF) 403 404 /** 405 * The maximum length of a sensor name, not including the final 406 * NUL. 407 */ 408 #define SK_MAX_STRLEN_SENSOR 64 409 410 /** 411 * Type to hold a sensor group ID. This is not actually stored in 412 * packed records. 413 */ 414 typedef uint8_t sk_sensorgroup_id_t; 415 typedef sk_sensorgroup_id_t sensorgroupID_t SK_GCC_DEPRECATED; 416 417 /** 418 * The maximum number of sensorgroups that may be allocated. (All 419 * valid sensorgroup IDs must be less than this number.) 420 */ 421 #define SK_MAX_NUM_SENSORGROUPS ((sk_sensorgroup_id_t)0xFF) 422 423 /** 424 * The value for an invalid or unrecognized sensor. 425 */ 426 #define SK_INVALID_SENSORGROUP ((sk_sensorgroup_id_t)0xFF) 427 428 429 430 /* ***** BITMPAP / LINKED-LIST / VECTOR ************************* */ 431 432 /** 433 * Bitmap of integers. It is defined in utils.h. 434 */ 435 typedef struct sk_bitmap_st sk_bitmap_t; 436 437 438 /** 439 * Signature of a doubly-linked list. See skdllist.h. 440 */ 441 struct sk_dllist_st; 442 typedef struct sk_dllist_st sk_dllist_t; 443 444 /** 445 * Signature of an iterator for a doubly linked list 446 */ 447 struct sk_dll_iter_st; 448 typedef struct sk_dll_iter_st sk_dll_iter_t; 449 struct sk_dll_iter_st { 450 void *data; 451 sk_dll_iter_t *link[2]; 452 }; 453 454 /** 455 * A stringmap maps strings to integer IDs. It is used for parsing 456 * the user's argument to --fields. See skstringmap.h. 457 */ 458 typedef sk_dllist_t sk_stringmap_t; 459 460 /** 461 * Growable array. See skvector.h. 462 */ 463 typedef struct sk_vector_st sk_vector_t; 464 465 466 467 /* ***** IPSET ************************************************** */ 468 469 /** 470 * Data structure to hold a set of IP addresses. See skipset.h. 471 */ 472 typedef struct skipset_st skipset_t; 473 474 475 476 /* ***** MISCELLANEOUS ****************************************** */ 477 478 /** 479 * An enumeration type for endianess. 480 */ 481 typedef enum silk_endian_en { 482 SILK_ENDIAN_BIG, 483 SILK_ENDIAN_LITTLE, 484 SILK_ENDIAN_NATIVE, 485 SILK_ENDIAN_ANY 486 } silk_endian_t; 487 488 489 /** 490 * The status of an iterator. 491 */ 492 typedef enum skIteratorStatus_en { 493 /** More entries */ 494 SK_ITERATOR_OK=0, 495 /** No more entries */ 496 SK_ITERATOR_NO_MORE_ENTRIES 497 } skIteratorStatus_t; 498 499 /** 500 * The type of message functions. These should use the same 501 * semantics as printf. 502 */ 503 typedef int (*sk_msg_fn_t)(const char *, ...) 504 SK_CHECK_TYPEDEF_PRINTF(1, 2); 505 506 /** 507 * The type of message functions with the arguments expanded to a 508 * variable argument list. 509 */ 510 typedef int (*sk_msg_vargs_fn_t)(const char *, va_list) 511 SK_CHECK_TYPEDEF_PRINTF(1, 0); 512 513 #ifdef __cplusplus 514 } 515 #endif 516 #endif /* _SILK_TYPES_H */ 517 518 /* 519 ** Local Variables: 520 ** mode:c 521 ** indent-tabs-mode:nil 522 ** c-basic-offset:4 523 ** End: 524 */ 525