1 #ifndef SFLOW_DATA_H
2 #define SFLOW_DATA_H
3 
4 #include "sflow.h"
5 #include <setjmp.h>
6 
7 // Packet headers for sFLOW v4
8 enum INMPacket_information_type {
9   INMPACKETTYPE_HEADER  = 1,      /* Packet headers are sampled */
10   INMPACKETTYPE_IPV4    = 2,      /* IP version 4 data */
11   INMPACKETTYPE_IPV6    = 3       /* IP version 4 data */
12 };
13 
14 /* when I turn on optimisation with the Microsoft compiler it seems to change
15    the values of these enumerated types and break the program - not sure why */
16 enum INMSample_types {
17    FLOWSAMPLE  = 1,
18    COUNTERSSAMPLE = 2
19 };
20 
21 
22 /* same for tcp */
23 struct mytcphdr {
24     uint16_t th_sport; /* source port */
25     uint16_t th_dport; /* destination port */
26     uint32_t th_seq; /* sequence number */
27     uint32_t th_ack; /* acknowledgement number */
28     uint8_t th_off_and_unused;
29     uint8_t th_flags;
30     uint16_t th_win; /* window */
31     uint16_t th_sum; /* checksum */
32     uint16_t th_urp; /* urgent pointer */
33 };
34 
35 /* and UDP */
36 struct myudphdr {
37     uint16_t uh_sport; /* source port */
38     uint16_t uh_dport; /* destination port */
39     uint16_t uh_ulen; /* udp length */
40     uint16_t uh_sum; /* udp checksum */
41 };
42 
43 /* and ICMP */
44 struct myicmphdr {
45     uint8_t type; /* message type */
46     uint8_t code; /* type sub-code */
47     /* ignore the rest */
48 };
49 
50 
51 /* define my own IP header struct - to ease portability */
52 struct myiphdr {
53     uint8_t version_and_headerLen;
54     uint8_t tos;
55     uint16_t tot_len;
56     uint16_t id;
57     uint16_t frag_off;
58     uint8_t ttl;
59     uint8_t protocol;
60     uint16_t check;
61     uint32_t saddr;
62     uint32_t daddr;
63 };
64 
65 #define SASAMPLE_EXTENDED_DATA_SWITCH 1
66 #define SASAMPLE_EXTENDED_DATA_ROUTER 4
67 #define SASAMPLE_EXTENDED_DATA_GATEWAY 8
68 #define SASAMPLE_EXTENDED_DATA_USER 16
69 #define SASAMPLE_EXTENDED_DATA_URL 32
70 #define SASAMPLE_EXTENDED_DATA_MPLS 64
71 #define SASAMPLE_EXTENDED_DATA_NAT 128
72 #define SASAMPLE_EXTENDED_DATA_MPLS_TUNNEL 256
73 #define SASAMPLE_EXTENDED_DATA_MPLS_VC 512
74 #define SASAMPLE_EXTENDED_DATA_MPLS_FTN 1024
75 #define SASAMPLE_EXTENDED_DATA_MPLS_LDP_FEC 2048
76 #define SASAMPLE_EXTENDED_DATA_VLAN_TUNNEL 4096
77 #define SASAMPLE_EXTENDED_DATA_NAT_PORT 8192
78 
79 #define SA_MAX_EXTENDED_USER_LEN 200
80 #define SA_MAX_EXTENDED_URL_LEN 200
81 #define SA_MAX_EXTENDED_HOST_LEN 200
82 
83 typedef struct _SFSample {
84     SFLAddress sourceIP;
85     SFLAddress agent_addr;
86     uint32_t agentSubId;
87 
88     /* the raw pdu */
89     uint8_t* rawSample;
90     uint32_t rawSampleLen;
91     uint8_t* endp;
92     time_t pcapTimestamp;
93 
94     /* decode cursor */
95     uint32_t* datap;
96 
97     uint32_t datagramVersion;
98     uint32_t sampleType;
99     uint32_t elementType;
100     uint32_t ds_class;
101     uint32_t ds_index;
102 
103     /* generic interface counter sample */
104     SFLIf_counters ifCounters;
105 
106     /* sample stream info */
107     uint32_t sysUpTime;
108     uint32_t sequenceNo;
109     uint32_t sampledPacketSize;
110     uint32_t samplesGenerated;
111     uint32_t meanSkipCount;
112     uint32_t samplePool;
113     uint32_t dropEvents;
114 
115     /* the sampled header */
116     uint32_t packet_data_tag;
117     uint32_t headerProtocol;
118     uint8_t* header;
119     int headerLen;
120     uint32_t stripped;
121 
122     /* header decode */
123     int gotIPV4;
124     int gotIPV4Struct;
125     int offsetToIPV4;
126     int gotIPV6;
127     int gotIPV6Struct;
128     int offsetToIPV6;
129     int offsetToPayload;
130     SFLAddress ipsrc;
131     SFLAddress ipdst;
132     uint32_t dcd_ipProtocol;
133     uint32_t dcd_ipTos;
134     uint32_t dcd_ipTTL;
135     uint32_t dcd_sport;
136     uint32_t dcd_dport;
137     uint32_t dcd_tcpFlags;
138     uint32_t ip_fragmentOffset;
139     uint32_t udp_pduLen;
140 
141     /* ports */
142     uint32_t inputPortFormat;
143     uint32_t outputPortFormat;
144     uint32_t inputPort;
145     uint32_t outputPort;
146 
147     /* ethernet */
148     uint32_t eth_type;
149     uint32_t eth_len;
150     uint8_t eth_src[8];
151     uint8_t eth_dst[8];
152 
153     /* vlan */
154     uint32_t in_outer_vlan;
155     uint32_t in_vlan;
156     uint32_t in_priority;
157     uint32_t internalPriority;
158     uint32_t out_vlan;
159     uint32_t out_priority;
160     int vlanFilterReject;
161 
162     /* extended data fields */
163     uint32_t num_extended;
164     uint32_t extended_data_tag;
165 
166     /* IP forwarding info */
167     SFLAddress nextHop;
168     uint32_t srcMask;
169     uint32_t dstMask;
170 
171     /* BGP info */
172     SFLAddress bgp_nextHop;
173     uint32_t my_as;
174     uint32_t src_as;
175     uint32_t src_peer_as;
176     uint32_t dst_as_path_len;
177     uint32_t* dst_as_path;
178     /* note: version 4 dst as path segments just get printed, not stored here, however
179     * the dst_peer and dst_as are filled in, since those are used for netflow encoding
180     */
181     uint32_t dst_peer_as;
182     uint32_t dst_as;
183 
184     uint32_t communities_len;
185     uint32_t* communities;
186     uint32_t localpref;
187 
188 /* user id */
189     uint32_t src_user_charset;
190     uint32_t src_user_len;
191     char src_user[SA_MAX_EXTENDED_USER_LEN + 1];
192     uint32_t dst_user_charset;
193     uint32_t dst_user_len;
194     char dst_user[SA_MAX_EXTENDED_USER_LEN + 1];
195 
196 /* url */
197     uint32_t url_direction;
198     uint32_t url_len;
199     char url[SA_MAX_EXTENDED_URL_LEN + 1];
200     uint32_t host_len;
201     char host[SA_MAX_EXTENDED_HOST_LEN + 1];
202 
203     /* mpls */
204     SFLAddress mpls_nextHop;
205 
206     /* nat */
207     SFLAddress nat_src;
208     SFLAddress nat_dst;
209 
210     /* counter blocks */
211     uint32_t statsSamplingInterval;
212     uint32_t counterBlockVersion;
213 
214     /* exception handler context */
215     //jmp_buf env;
216 } SFSample;
217 
218 #endif // SFLOW_DATA_H
219