1 /* 2 * Argus Software Common include files - parsing 3 * Copyright (c) 2000-2015 QoSient, LLC 4 * All rights reserved. 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2, or (at your option) 9 * any later version. 10 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 * 20 */ 21 22 /* 23 * $Id: //depot/argus/argus/include/argus_parse.h#17 $ 24 * $DateTime: 2015/04/06 10:38:44 $ 25 * $Change: 2973 $ 26 */ 27 28 #if !defined(Argus_parse_h) 29 #define Argus_parse_h 30 31 #include <unistd.h> 32 #include <stdlib.h> 33 #include <netdb.h> 34 35 #include <syslog.h> 36 37 #include <argus_out.h> 38 #include <argus_def.h> 39 #include <argus_util.h> 40 41 42 #if !defined(MAXPATHNAMELEN) 43 #define MAXPATHNAMELEN BUFSIZ 44 #endif 45 46 #define ARGUS_DEFAULTPORT 561 47 48 #define ARGUS_ENCODE_ASCII 0 49 #define ARGUS_ENCODE_64 1 50 #define ARGUS_ENCODE_32 2 51 52 struct naddrmem { 53 struct naddrmem *nxt; 54 unsigned int addr; 55 unsigned short port; 56 }; 57 58 struct ArgusInterfaceStruct { 59 int value; 60 char *label; 61 char *desc; 62 }; 63 64 struct ArgusModeStruct { 65 struct ArgusModeStruct *nxt; 66 char *mode; 67 }; 68 69 #define MAXSTRLEN 4096 70 #define MAXTIME 100000 71 #define READ_REMOTE_CON 0x40000000 72 #define READ_LOCAL_CON 0x20000000 73 74 #define ARGUS_MAX_REMOTE_CONN 64 75 #define HASHNAMESIZE 4096 76 77 78 #if defined(ArgusParse) 79 80 struct timeval RaClientTimeout = {1,0}; 81 #define MAXPROCSTATE 7 82 83 char *process_state_strings [MAXPROCSTATE] = { 84 "REQ", "ACC", "EST", "CLO", "TIM", "RST", "FIN", 85 }; 86 87 struct timeval ArgusGlobalTime; 88 struct timeval ArgusNowTime; 89 90 struct bpf_program ArgusFilterCode; 91 92 char *RaInputFilter[] = {NULL, NULL}; 93 94 struct tm *RaTmStruct = NULL, RaTmStructBuf; 95 char *RaTimeFormat = "%d %b %y %T"; 96 char RaFieldDelimiter = '\0'; 97 98 int RaPrintStartTime = 0; 99 int RaPrintLastTime = 0; 100 int RaCloseInputFd = 1; 101 102 struct ArgusFarHeaderStruct *ArgusThisFarHdrs[32]; 103 104 struct naddrmem *naddrtable [HASHNAMESIZE]; 105 106 void clearArgusWfile(void); 107 void setArgusWfile(char *, char *); 108 109 char *exceptfile = NULL, *wfile = NULL; 110 111 struct ARGUS_INPUT *ArgusInput = NULL; 112 struct ARGUS_INPUT *ArgusInputFileList = NULL; 113 struct ARGUS_INPUT *ArgusRemoteHostList = NULL; 114 115 struct ArgusModeStruct *ArgusModeList = NULL; 116 117 char *tag_string = "Argus Version "; 118 int major_version = VERSION_MAJOR; 119 int minor_version = VERSION_MINOR; 120 int read_size = 0, detail = 0; 121 int read_mode = 0; 122 123 struct ArgusRecord *initCon = NULL; 124 125 unsigned int ArgusLocalNet, ArgusNetMask; 126 127 char ArgusOriginalBuffer[MAXSTRLEN]; 128 struct ArgusRecord *ArgusOriginal = (struct ArgusRecord *) ArgusOriginalBuffer; 129 130 int totalrecords = 0; 131 int farrecords = 0; 132 int marrecords = 0; 133 134 int explicit_date = 0; 135 136 time_t starTimeFilter_t = 0; 137 time_t lastTimeFilter_t = 0; 138 139 time_t lasttime_t = 0; 140 time_t startime_t = 0; 141 142 struct tm starTimeFilter; 143 struct tm lastTimeFilter; 144 145 char *ArgusProgramName = NULL; 146 char *ArgusProgramArgs = NULL; 147 char *ArgusProgramOptions = NULL; 148 char *dataarg = NULL; 149 char *timearg = NULL; 150 char *servicesfile = NULL; 151 struct bpf_program ArgusFilterCode; 152 153 int ArgusGrepSource = 0; 154 int ArgusGrepDestination = 0; 155 156 int RaWriteOut = 1; 157 158 long long tcp_dst_count = 0; 159 long long tcp_src_count = 0; 160 long long udp_dst_count = 0; 161 long long udp_src_count = 0; 162 long long icmp_dst_count = 0; 163 long long icmp_src_count = 0; 164 long long ip_dst_count = 0; 165 long long ip_src_count = 0; 166 long long arp_dst_count = 0; 167 long long arp_src_count = 0; 168 long long nonip_dst_count = 0; 169 long long nonip_src_count = 0; 170 171 long long tcp_dst_bytes = 0; 172 long long tcp_src_bytes = 0; 173 long long udp_dst_bytes = 0; 174 long long udp_src_bytes = 0; 175 long long icmp_dst_bytes = 0; 176 long long icmp_src_bytes = 0; 177 long long ip_dst_bytes = 0; 178 long long ip_src_bytes = 0; 179 long long arp_dst_bytes = 0; 180 long long arp_src_bytes = 0; 181 long long nonip_dst_bytes = 0; 182 long long nonip_src_bytes = 0; 183 184 int hfield = 15; 185 int pfield = 5; 186 int Aflag = 0; 187 int aflag = 0; 188 int Bflag = 0; 189 int bflag = 0; 190 int eflag = 0; 191 char *estr = NULL; 192 int Dflag = 0; 193 int Eflag = 0; 194 int fflag = 0; 195 int gflag = 0; 196 int idflag = 0; 197 int Gflag = 0; 198 int cflag = 0; 199 int Cflag = 0; 200 int jflag = 0; 201 int Lflag = -1; 202 int lflag = 0; 203 int mflag = 0; 204 char *Mflag = NULL; 205 int nflag = 0; 206 int Nflag = 0; 207 int Normflag = 0; 208 int Netflag = 0; 209 int notNetflag = 0; 210 int oflag = 0; 211 int Oflag = 0; 212 int Wflag = 0; 213 int Fflag = 0; 214 int Hflag = 0; 215 char *Hstr = NULL; 216 int pflag = 0; 217 int Pflag = 0; 218 char *sflag = NULL; 219 int dflag = 0; 220 221 int qflag = 0; 222 int tflag = 0; 223 int uflag = 0; 224 char *ustr = NULL; 225 char *pstr = NULL; 226 int Uflag = 6; 227 int vflag = 0; 228 int Vflag = 0; 229 int iflag = 0; 230 231 int Iflag = 0; 232 int Tflag = 0; 233 int rflag = 0; 234 int Rflag = 0; 235 int Sflag = 0; 236 int xflag = 0; 237 int Xflag = 0; 238 int XMLflag = 0; 239 240 int zflag = 0; 241 int Zflag = 0; 242 243 long thiszone; 244 245 int total_nets = 0; 246 int total_hosts = 0; 247 248 struct ARGUS_INPUT *ArgusRemoteFDs[ARGUS_MAX_REMOTE_CONN]; 249 int ArgusActiveServers = 0; 250 251 extern int ArgusAuthenticate (struct ARGUS_INPUT *); 252 extern void ArgusClientInit (void); 253 extern void usage (void); 254 255 extern void process_man (struct ArgusRecord *); 256 extern void process_tcp (struct ArgusRecord *); 257 extern void process_icmp (struct ArgusRecord *); 258 extern void process_udp (struct ArgusRecord *); 259 extern void process_ip (struct ArgusRecord *); 260 extern void process_arp (struct ArgusRecord *); 261 extern void process_non_ip (struct ArgusRecord *); 262 263 void ArgusShutDown (int); 264 extern void RaParseComplete (int); 265 266 void argus_parse_init (struct ARGUS_INPUT *); 267 char *argus_lookupdev(char *); 268 269 void read_udp_services (char *); 270 271 int ArgusHandleDatum (struct ArgusRecord *, struct bpf_program *); 272 void ArgusReformatRecord (struct ArgusRecord *, struct ArgusRecord *); 273 274 int ArgusReadConnection (struct ARGUS_INPUT *, char *); 275 void ArgusReadStream (void); 276 void ArgusProcessRecord (struct ArgusRecord *); 277 278 void ArgusGenerateCanonicalRecord (struct ArgusRecord *, struct ArgusCanonicalRecord *); 279 280 int ArgusGetServerSocket (struct ARGUS_INPUT *); 281 int ArgusAddFileList (char *); 282 void ArgusDeleteFileList (void); 283 int ArgusAddHostList (char *, int); 284 int ArgusAddModeList (char *); 285 void ArgusDeleteHostList (void); 286 287 int ArgusWriteNewLogfile (char *, struct ArgusRecord *); 288 289 int check_time (struct ArgusRecord *); 290 int parseUserDataArg (char **, char **, int); 291 int parseTimeArg (char **, char **, int, struct tm *); 292 int check_time_format (struct tm *tm, char *str); 293 int parseTime (struct tm *, struct tm *, char *); 294 295 #if defined(_LITTLE_ENDIAN) 296 void ArgusNtoH (struct ArgusRecord *argus); 297 void ArgusHtoN (struct ArgusRecord *argus); 298 #endif 299 300 301 #else /* ArgusParse */ 302 303 extern char *ArgusProgramName; 304 extern char *ArgusProgramArgs; 305 extern char *process_state_strings []; 306 307 extern int ArgusGrepSource; 308 extern int ArgusGrepDestination; 309 310 extern struct timeval ArgusGlobalTime; 311 extern struct timeval ArgusNowTime; 312 313 extern char *RaSortAlgorithmStrings[]; 314 extern int RaSortIndex; 315 316 extern struct tm *RaTmStruct; 317 extern char *RaInputFilter[]; 318 extern char *RaTimeFormat; 319 extern char RaFieldDelimiter; 320 321 extern int RaPrintStartTime; 322 extern int RaPrintLastTime; 323 extern int RaCloseInputFd; 324 325 extern u_int ArgusThisFarStatus; 326 extern struct ArgusFarHeaderStruct *ArgusThisFarHdrs[]; 327 328 extern struct naddrmem *naddrtable [HASHNAMESIZE]; 329 330 extern struct ArgusListStruct *ArgusWfileList; 331 extern char *exceptfile, *wfile; 332 333 extern struct ARGUS_INPUT *ArgusInput; 334 extern struct ARGUS_INPUT *ArgusInputFileList; 335 extern struct ARGUS_INPUT *ArgusRemoteHostList; 336 extern struct ArgusModeStruct *ArgusModeList; 337 338 extern char *tag_string; 339 extern int major_version; 340 extern int minor_version; 341 extern int read_size; 342 extern int read_mode; 343 344 extern struct ArgusRecord *initCon; 345 346 extern unsigned int ArgusLocalNet, ArgusNetMask; 347 348 extern struct ArgusRecord *ArgusOriginal; 349 350 extern int totalrecords; 351 extern int farrecords; 352 extern int marrecords; 353 extern int explicit_date; 354 355 extern time_t lasttime_t; 356 extern time_t startime_t; 357 358 extern struct tm starTimeFilter; 359 extern struct tm lastTimeFilter; 360 361 extern char *progname; 362 extern char *dataarg; 363 extern char *timearg; 364 extern char *servicesfile; 365 366 extern char *ArgusFlowModelFile; 367 extern struct bpf_program ArgusFilterCode; 368 369 extern char *cmdline; /* For David Brumley's amazingly long cmdlines ;o) */ 370 371 extern int RaWriteOut; 372 373 extern long long tcp_dst_count; 374 extern long long tcp_src_count; 375 extern long long udp_dst_count; 376 extern long long udp_src_count; 377 extern long long icmp_dst_count; 378 extern long long icmp_src_count; 379 extern long long ip_dst_count; 380 extern long long ip_src_count; 381 extern long long arp_dst_count; 382 extern long long arp_src_count; 383 extern long long nonip_dst_count; 384 extern long long nonip_src_count; 385 386 extern long long tcp_dst_bytes; 387 extern long long tcp_src_bytes; 388 extern long long udp_dst_bytes; 389 extern long long udp_src_bytes; 390 extern long long icmp_dst_bytes; 391 extern long long icmp_src_bytes; 392 extern long long ip_dst_bytes; 393 extern long long ip_src_bytes; 394 extern long long arp_dst_bytes; 395 extern long long arp_src_bytes; 396 extern long long nonip_dst_bytes; 397 extern long long nonip_src_bytes; 398 399 extern int hfield; 400 extern int pfield; 401 extern int Aflag; 402 extern int aflag; 403 extern int Bflag; 404 extern int bflag; 405 extern int eflag; 406 extern char *estr; 407 extern int Dflag; 408 extern int Eflag; 409 extern int fflag; 410 extern int gflag; 411 extern int idflag; 412 extern int Gflag; 413 extern int cflag; 414 extern int Cflag; 415 extern int jflag; 416 extern int Lflag; 417 extern int lflag; 418 extern int mflag; 419 extern char *Mflag; 420 extern int nflag; 421 extern int Nflag; 422 extern int Normflag; 423 extern int Netflag; 424 extern int notNetflag; 425 extern int oflag; 426 extern int Oflag; 427 extern int Wflag; 428 extern int Fflag; 429 extern int Hflag; 430 extern char *Hstr; 431 extern int pflag; 432 extern int Pflag; 433 extern char *sflag; 434 extern int dflag; 435 436 extern int qflag; 437 extern int tflag; 438 extern int uflag; 439 extern char *ustr; 440 extern char *pstr; 441 extern int Uflag; 442 extern int vflag; 443 extern int Vflag; 444 extern int iflag; 445 446 extern int Iflag; 447 extern int Tflag; 448 extern int rflag; 449 extern int Rflag; 450 extern int Sflag; 451 extern int xflag; 452 extern int Xflag; 453 extern int XMLflag; 454 extern int zflag; 455 extern int Zflag; 456 457 extern long thiszone; 458 459 extern int total_nets; 460 extern int total_hosts; 461 462 extern struct ARGUS_INPUT *ArgusRemoteFDs[ARGUS_MAX_REMOTE_CONN]; 463 extern int ArgusActiveServers; 464 465 extern void ArgusShutDown (int); 466 extern void argus_parse_init (struct ARGUS_INPUT *); 467 extern char *argus_lookupdev(char *); 468 469 extern void read_udp_services (char *); 470 471 extern int ArgusHandleDatum (struct ArgusRecord *, struct bpf_program *); 472 extern void ArgusReformatRecord (struct ArgusRecord *, struct ArgusRecord *); 473 extern int ArgusReadRemoteConnection (int, struct bpf_program *); 474 extern int ArgusReadConnection (struct ARGUS_INPUT *, char *); 475 extern void ArgusReadStream (void); 476 extern void ArgusProcessRecord (struct ArgusRecord *); 477 478 extern void ArgusReadRemote (int, struct bpf_program *); 479 extern int read_file (int fd, struct bpf_program *); 480 extern void ArgusProcessRecord (struct ArgusRecord *); 481 extern void ArgusGenerateCanonicalRecord (struct ArgusRecord *, struct ArgusCanonicalRecord *); 482 483 extern int ArgusGetServerSocket (struct ARGUS_INPUT *); 484 extern int ArgusAddFileList (char *); 485 extern void ArgusDeleteFileList (void); 486 extern int ArgusAddHostList (char *, int); 487 extern int ArgusAddModeList (char *); 488 extern void ArgusDeleteHostList (void); 489 490 extern int ArgusWriteNewLogfile (char *, struct ArgusRecord *); 491 492 extern int check_time (struct ArgusRecord *); 493 extern int parseUserDataArg (char **, char **, int); 494 extern int parseTimeArg (char **, char **, int, struct tm *); 495 extern int check_time_format (struct tm *tm, char *str); 496 extern int parseTime (struct tm *, struct tm *, char *); 497 498 #if defined(_LITTLE_ENDIAN) 499 extern void ArgusNtoH (struct ArgusRecord *argus); 500 extern void ArgusHtoN (struct ArgusRecord *argus); 501 #endif 502 503 #endif 504 505 #if defined(RaMuxSource) || defined(RadiumSource) 506 #if !defined(NFC_AGGREGATIONDEFINITION_H) 507 #define NFC_AGGREGATIONDEFINITION_H 508 509 /* $Id: //depot/argus/argus/include/argus_parse.h#17 $ 510 * $Source: $ 511 *------------------------------------------------------------------ 512 * Definition of "Key" and "Value" fields used for purpose of 513 * aggregation 514 * 515 * Cisco NetFlow FlowCollector 3.0 516 * 517 * September 1998, Anders Fung 518 * 519 * Copyright (c) 1996-1998 by Cisco Systems, Inc. 520 * All rights reserved. 521 *------------------------------------------------------------------ 522 * $Log: argus_parse.h,v $ 523 * Revision 1.1 2003/04/16 20:53:57 qosient 524 * Modified for argus to argus conversion 525 * 526 * Revision 1.12 2003/02/05 23:43:53 qosient 527 * Updated for new year in the copyright 528 * 529 * Revision 1.11 2002/04/01 22:41:01 qosient 530 * Updated 531 * 532 * Revision 1.10 2002/04/01 15:39:32 qosient 533 * Update for handling loss of remote when connected to multiple remotes. 534 * Increase ARGUS_MAX_REMOTE_NUM and RADIUM_MAX_REMOTE_NUM. 535 * 536 * Revision 1.9 2002/03/25 17:49:49 qosient 537 * Updated for correct copyright 538 * 539 * Revision 1.8 2002/03/25 17:38:32 qosient 540 * Updated for correct interface status reporting 541 * 542 * Revision 1.6 2002/02/02 16:01:27 qosient 543 * Updated for next versions of DSRs 544 * 545 * Revision 1.5 2002/02/01 14:10:00 qosient 546 * Updated for libpcap-0.7.1 port 547 * 548 * Revision 1.4 2002/01/04 22:15:08 qosient 549 * Updated 550 * 551 * Revision 1.3 2001/12/17 18:12:45 qosient 552 * Mods to move ramux to radium 553 * 554 * Revision 1.2 2001/10/24 20:47:53 qosient 555 * Updated 556 * 557 * Revision 1.5 2001/10/22 20:20:07 qosient 558 * Updated and fixed for Lflag having bad default value 559 * 560 * Revision 1.4 2001/10/18 17:15:29 qosient 561 * Fixed for output file fd handling issues, primarily for rapop 562 * 563 * Revision 1.3 2001/10/15 20:07:29 qosient 564 * Updated for ramux issues with authentication. Stopped erasing password. 565 * 566 * Revision 1.2 2001/09/12 05:09:30 qosient 567 * Updated 568 * 569 * Revision 1.1.1.1 2001/09/08 22:01:48 qosient 570 * Argus Clients 1.0 571 * 572 * Revision 1.6 2001/09/03 04:58:51 argus 573 * Lots of mods 574 * 575 * Revision 1.5 2001/07/17 12:38:45 argus 576 * Updated 577 * 578 * Revision 1.4 2001/07/10 18:18:10 argus 579 * Mods for ramon and rasort port 580 * 581 * Revision 1.3 2001/06/09 14:10:09 argus 582 * Minor changes for -H option and formatting 583 * 584 * Revision 1.2 2001/06/07 19:50:45 argus 585 * Updated 586 * 587 * Revision 1.1.1.1 2001/06/03 16:07:57 argus 588 * Start of argus client distribution 589 * 590 * Revision 1.1.1.1 2001/03/24 05:14:27 argus 591 * Imported from argus-2.0.0 592 * 593 * Revision 1.39 2001/03/06 23:30:41 argus 594 * Fix for Davids incredibly long command lines. 595 * 596 * Revision 1.38 2001/02/03 21:39:08 argus 597 * Mods to support -d option 598 * 599 * Revision 1.37 2000/12/19 16:19:41 argus 600 * Mods to get ramon() to the same level as ra() with regard to dynamic 601 * labels. Also FreeBSD/NetBSD port support for racount(). 602 * 603 * Revision 1.36 2000/12/19 05:59:03 argus 604 * Mods to help in getting pretty output when not using -n. 605 * 606 * Revision 1.35 2000/12/10 20:59:13 argus 607 * Mods to add support for RA_AUTH_PASS (pstr) 608 * 609 * Revision 1.34 2000/12/07 19:00:39 argus 610 * Mods to convert from ArgusError to ArgusLog 611 * 612 * Revision 1.33 2000/12/07 17:51:48 argus 613 * Move Uflag (precision option) to -p option. 614 * 615 * Revision 1.32 2000/11/23 01:58:29 argus 616 * Mods to support GSSAPI authentication 617 * 618 * Revision 1.31 2000/11/16 15:20:34 argus 619 * Update for SASL 620 * 621 * Revision 1.30 2000/11/13 21:51:38 argus 622 * Mods to support ragrep(). 623 * 624 * Revision 1.29 2000/11/13 15:05:14 argus 625 * Fixes for raxml not printing out user data in all protocol types. 626 * 627 * Revision 1.28 2000/10/31 19:35:01 argus 628 * Mods to support new timestats and user data. 629 * 630 * Revision 1.27 2000/10/27 13:45:42 argus 631 * Fix support for multiple remote sources. 632 * 633 * Revision 1.26 2000/10/27 01:48:50 argus 634 * Fixes for multiple source data. 635 * 636 * Revision 1.25 2000/10/26 15:38:09 argus 637 * Mods for qflag defintions and some constants 638 * 639 * Revision 1.24 2000/10/25 22:23:30 argus 640 * Mods to try to fix the LITTLE_ENDIAN issues for Neil. 641 * 642 * Revision 1.23 2000/10/16 21:55:48 argus 643 * support for various .rc's. 644 * 645 * Revision 1.22 2000/10/11 12:51:37 argus 646 * Added Zflag 647 * 648 * Revision 1.21 2000/10/10 14:50:51 argus 649 * Fixes to support XML printing (print_time changes) and a bunch to support 650 * TCP fixes. 651 * 652 * Revision 1.20 2000/10/05 15:04:47 argus 653 * Addition of output labels for ra data. 654 * 655 * Revision 1.19 2000/10/03 23:04:29 argus 656 * Mods for more complete cisco netflow parsing and -CS support. Needs testing. 657 * 658 * Revision 1.18 2000/10/01 14:27:45 argus 659 * Put the filter in a global so we can all get to it. 660 * 661 * Revision 1.17 2000/09/30 15:03:13 argus 662 * Addition of netflow record definitions. 663 * 664 *------------------------------------------------------------------ 665 * $Endlog$ 666 */ 667 668 /* 669 * AGGREGATION_DEFINITION describes the "Key" and "Value" fields seen in 670 * the datafile. The definition comprise of keywords and delimiters. 671 * By reading the AGGREGATION_DEFINITION, one can interpret what and in what 672 * order are the "Key" and "Value" fields being presented in the datafile. 673 * Datafile consumers can also deduce what aggregation scheme is used 674 * by parsing AGGREGATION_DEFINITION.. 675 * 676 * The order of keywords seen in the AGGREGATION_DEFINITION represents the true 677 * order of the "Key" and "Value" fields presented in the datafile. Each 678 * keyword is delimited by either '|' or ','. 679 * 680 * As part of the new changes to the datafile header, the FORMAT field 681 * will have a value of "B". Please note that the FORMAT may change 682 * if there is any change to any of the existing keywords, definition format, 683 * adding new keyword, or any other header changes. 684 * Also, the delimiter used in the datafile will be prepended at the 685 * beginning of each header. Since AGGREGATION_DEFINITION becomes the 2nd 686 * line of the header, the 1st line of the header will append a 687 * new field, namely "Header", which describes the total number of 688 * lines in the header. 689 * 690 * The AGGREGATION_DEFINITION keywords have the following assignemnts ... 691 * 692 * keyword Description 693 * ------- ----------------------- 694 * srcaddr Source IP Address 695 * dstaddr Destination IP Address 696 * src_subnet Source SubNet 697 * dst_subnet Destination SubNet 698 * src_mask Source SubNet Mask 699 * dst_mask Destination SubNet Mask 700 * src_user_subnet Source User SubNet 701 * dst_user_subnet Destination User SubNet 702 * src_as Source AS 703 * dst_as Destination AS 704 * srcport Source Port 705 * dstport Destination Port 706 * prot Prot field 707 * protocol Protocol (srcport, dstport, and prot lookup) 708 * input Input Interface 709 * output Output Interface 710 * tos Type of Service 711 * nexthop Next Hop IP Address 712 * 713 * pkts Packets 714 * octets Octets 715 * flows Flow Count 716 * starttime First Flow Stamp (UTC sec) 717 * endtime Last Flow Stamp (UTC sec) 718 * activetime Total Active Time (msec) 719 */ 720 721 /* Key Fields */ 722 #define SRC_ADDR "srcaddr" 723 #define DST_ADDR "dstaddr" 724 #define SRC_SUBNET "src_subnet" 725 #define DST_SUBNET "dst_subnet" 726 #define SRC_SUBNET_MASK "src_mask" 727 #define DST_SUBNET_MASK "dst_mask" 728 #define SRC_USER_SUBNET "src_user_subnet" 729 #define DST_USER_SUBNET "dst_user_subnet" 730 #define SRC_AS "src_as" 731 #define DST_AS "dst_as" 732 #define SRC_PORT "srcport" 733 #define DST_PORT "dstport" 734 #define PROT "prot" 735 #define PROTOCOL_KEY "protocol" 736 #define IN_INTF "input" 737 #define OUT_INTF "output" 738 #define TOS_BIT "tos" 739 #define NEXT_HOP "nexthop" 740 741 /* Value Fields */ 742 #define PACKET "pkts" 743 #define OCTET "octets" 744 #define FLOW_CNT "flows" 745 #define F_FLOW_STAMP "starttime" 746 #define L_FLOW_STAMP "endtime" 747 #define TOT_ACTIVE_TIME "activetime" 748 749 /* Delimiter */ /* Could be either "|" or "," */ 750 #define DEL "%c" 751 752 /* Aggregation Mask */ 753 const char * const SourceNodeDef = SRC_ADDR DEL 754 PACKET DEL OCTET DEL FLOW_CNT; 755 756 const char * const DestNodeDef = DST_ADDR DEL 757 PACKET DEL OCTET DEL FLOW_CNT; 758 759 const char * const HostMatrixDef = SRC_ADDR DEL 760 DST_ADDR DEL 761 PACKET DEL OCTET DEL FLOW_CNT; 762 763 const char * const SourcePortDef = SRC_PORT DEL 764 PACKET DEL OCTET DEL FLOW_CNT; 765 766 const char * const DestPortDef = DST_PORT DEL 767 PACKET DEL OCTET DEL FLOW_CNT; 768 769 const char * const ProtocolDef = PROTOCOL_KEY DEL 770 PACKET DEL OCTET DEL FLOW_CNT; 771 772 const char * const DetailSourceNodeDef = SRC_ADDR DEL 773 SRC_PORT DEL 774 DST_PORT DEL 775 PROTOCOL_KEY DEL 776 PACKET DEL OCTET DEL FLOW_CNT; 777 778 const char * const DetailDestNodeDef = DST_ADDR DEL 779 SRC_PORT DEL 780 DST_PORT DEL 781 PROTOCOL_KEY DEL 782 PACKET DEL OCTET DEL FLOW_CNT; 783 784 const char * const DetailHostMatrixDef = SRC_ADDR DEL 785 DST_ADDR DEL 786 SRC_PORT DEL 787 DST_PORT DEL 788 PROTOCOL_KEY DEL 789 PACKET DEL OCTET DEL FLOW_CNT DEL 790 F_FLOW_STAMP DEL L_FLOW_STAMP; 791 792 const char * const DetailInterfaceDef = SRC_ADDR DEL 793 DST_ADDR DEL 794 IN_INTF DEL 795 OUT_INTF DEL 796 NEXT_HOP DEL 797 PACKET DEL OCTET DEL FLOW_CNT; 798 799 const char * const CallRecordDef = SRC_ADDR DEL 800 DST_ADDR DEL 801 SRC_PORT DEL 802 DST_PORT DEL 803 PROT DEL 804 TOS_BIT DEL 805 PACKET DEL OCTET DEL FLOW_CNT DEL 806 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 807 TOT_ACTIVE_TIME; 808 809 const char * const ASMatrixDef = SRC_AS DEL 810 DST_AS DEL 811 PACKET DEL OCTET DEL FLOW_CNT; 812 813 const char * const DetailASMatrixDef = SRC_ADDR DEL 814 DST_ADDR DEL 815 SRC_AS DEL 816 DST_AS DEL 817 IN_INTF DEL 818 OUT_INTF DEL 819 SRC_PORT DEL 820 DST_PORT DEL 821 PROTOCOL_KEY DEL 822 PACKET DEL OCTET DEL FLOW_CNT; 823 824 const char * const NetMatrixDef = SRC_SUBNET DEL 825 SRC_SUBNET_MASK DEL 826 IN_INTF DEL 827 DST_SUBNET DEL 828 DST_SUBNET_MASK DEL 829 OUT_INTF DEL 830 PACKET DEL OCTET DEL FLOW_CNT; 831 832 const char * const ASHostMatrixDef = SRC_ADDR DEL 833 DST_ADDR DEL 834 SRC_AS DEL 835 DST_AS DEL 836 PACKET DEL OCTET DEL FLOW_CNT DEL 837 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 838 TOT_ACTIVE_TIME; 839 840 const char * const HostMatrixInterfaceDef 841 = SRC_ADDR DEL 842 DST_ADDR DEL 843 IN_INTF DEL 844 OUT_INTF DEL 845 PROTOCOL_KEY DEL 846 PACKET DEL OCTET DEL FLOW_CNT; 847 848 const char * const DetailCallRecordDef = SRC_ADDR DEL 849 DST_ADDR DEL 850 SRC_PORT DEL 851 DST_PORT DEL 852 IN_INTF DEL 853 OUT_INTF DEL 854 PROTOCOL_KEY DEL 855 TOS_BIT DEL 856 PACKET DEL OCTET DEL FLOW_CNT DEL 857 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 858 TOT_ACTIVE_TIME; 859 860 const char * const RouterASDef = SRC_AS DEL 861 DST_AS DEL 862 IN_INTF DEL 863 OUT_INTF DEL 864 PACKET DEL OCTET DEL FLOW_CNT DEL 865 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 866 TOT_ACTIVE_TIME; 867 868 const char * const RouterProtoPortDef = SRC_PORT DEL 869 DST_PORT DEL 870 PROT DEL 871 PACKET DEL OCTET DEL FLOW_CNT DEL 872 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 873 TOT_ACTIVE_TIME; 874 875 const char * const RouterSrcPrefixDef = SRC_SUBNET DEL 876 SRC_SUBNET_MASK DEL 877 IN_INTF DEL 878 SRC_AS DEL 879 PACKET DEL OCTET DEL FLOW_CNT DEL 880 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 881 TOT_ACTIVE_TIME; 882 883 const char * const RouterDstPrefixDef = DST_SUBNET DEL 884 DST_SUBNET_MASK DEL 885 OUT_INTF DEL 886 DST_AS DEL 887 PACKET DEL OCTET DEL FLOW_CNT DEL 888 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 889 TOT_ACTIVE_TIME; 890 891 const char * const RouterPrefixDef = SRC_SUBNET DEL 892 DST_SUBNET DEL 893 SRC_SUBNET_MASK DEL 894 DST_SUBNET_MASK DEL 895 IN_INTF DEL 896 OUT_INTF DEL 897 SRC_AS DEL 898 DST_AS DEL 899 PACKET DEL OCTET DEL FLOW_CNT DEL 900 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 901 TOT_ACTIVE_TIME; 902 #endif 903 904 905 #if !defined(NFC_DATAFILE_H) 906 #define NFC_DATAFILE_H 907 /* 908 *------------------------------------------------------------------ 909 * $Id: //depot/argus/argus/include/argus_parse.h#17 $ 910 * $Source: $ 911 *------------------------------------------------------------------ 912 * Definition of datafile formats. 913 * 914 * Binary datafile : Each binary datafiles contains a header and 915 * a list of records. 916 * 917 * The header contains format, aggregation, 918 * agg_version, source, period, starttime, endtime, 919 * activetime, flows, missed, and records. 920 * 921 * Each record structure contains a set of "Keys" 922 * and a "Values" that is specific to the 923 * aggregation scheme being used. 924 * 925 * Cisco NetFlow FlowCollector 3.0 926 * 927 * October 1998, Anders Fung 928 * 929 * Copyright (c) 1998 by Cisco Systems, Inc. 930 * All rights reserved. 931 *------------------------------------------------------------------ 932 * $Log: argus_parse.h,v $ 933 * Revision 1.1 2003/04/16 20:53:57 qosient 934 * Modified for argus to argus conversion 935 * 936 * Revision 1.12 2003/02/05 23:43:53 qosient 937 * Updated for new year in the copyright 938 * 939 * Revision 1.11 2002/04/01 22:41:01 qosient 940 * Updated 941 * 942 * Revision 1.10 2002/04/01 15:39:32 qosient 943 * Update for handling loss of remote when connected to multiple remotes. 944 * Increase ARGUS_MAX_REMOTE_NUM and RADIUM_MAX_REMOTE_NUM. 945 * 946 * Revision 1.9 2002/03/25 17:49:49 qosient 947 * Updated for correct copyright 948 * 949 * Revision 1.8 2002/03/25 17:38:32 qosient 950 * Updated for correct interface status reporting 951 * 952 * Revision 1.6 2002/02/02 16:01:27 qosient 953 * Updated for next versions of DSRs 954 * 955 * Revision 1.5 2002/02/01 14:10:00 qosient 956 * Updated for libpcap-0.7.1 port 957 * 958 * Revision 1.4 2002/01/04 22:15:08 qosient 959 * Updated 960 * 961 * Revision 1.3 2001/12/17 18:12:45 qosient 962 * Mods to move ramux to radium 963 * 964 * Revision 1.2 2001/10/24 20:47:53 qosient 965 * Updated 966 * 967 * Revision 1.5 2001/10/22 20:20:07 qosient 968 * Updated and fixed for Lflag having bad default value 969 * 970 * Revision 1.4 2001/10/18 17:15:29 qosient 971 * Fixed for output file fd handling issues, primarily for rapop 972 * 973 * Revision 1.3 2001/10/15 20:07:29 qosient 974 * Updated for ramux issues with authentication. Stopped erasing password. 975 * 976 * Revision 1.2 2001/09/12 05:09:30 qosient 977 * Updated 978 * 979 * Revision 1.1.1.1 2001/09/08 22:01:48 qosient 980 * Argus Clients 1.0 981 * 982 * Revision 1.6 2001/09/03 04:58:51 argus 983 * Lots of mods 984 * 985 * Revision 1.5 2001/07/17 12:38:45 argus 986 * Updated 987 * 988 * Revision 1.4 2001/07/10 18:18:10 argus 989 * Mods for ramon and rasort port 990 * 991 * Revision 1.3 2001/06/09 14:10:09 argus 992 * Minor changes for -H option and formatting 993 * 994 * Revision 1.2 2001/06/07 19:50:45 argus 995 * Updated 996 * 997 * Revision 1.1.1.1 2001/06/03 16:07:57 argus 998 * Start of argus client distribution 999 * 1000 * Revision 1.1.1.1 2001/03/24 05:14:27 argus 1001 * Imported from argus-2.0.0 1002 * 1003 * Revision 1.39 2001/03/06 23:30:41 argus 1004 * Fix for Davids incredibly long command lines. 1005 * 1006 * Revision 1.38 2001/02/03 21:39:08 argus 1007 * Mods to support -d option 1008 * 1009 * Revision 1.37 2000/12/19 16:19:41 argus 1010 * Mods to get ramon() to the same level as ra() with regard to dynamic 1011 * labels. Also FreeBSD/NetBSD port support for racount(). 1012 * 1013 * Revision 1.36 2000/12/19 05:59:03 argus 1014 * Mods to help in getting pretty output when not using -n. 1015 * 1016 * Revision 1.35 2000/12/10 20:59:13 argus 1017 * Mods to add support for RA_AUTH_PASS (pstr) 1018 * 1019 * Revision 1.34 2000/12/07 19:00:39 argus 1020 * Mods to convert from ArgusError to ArgusLog 1021 * 1022 * Revision 1.33 2000/12/07 17:51:48 argus 1023 * Move Uflag (precision option) to -p option. 1024 * 1025 * Revision 1.32 2000/11/23 01:58:29 argus 1026 * Mods to support GSSAPI authentication 1027 * 1028 * Revision 1.31 2000/11/16 15:20:34 argus 1029 * Update for SASL 1030 * 1031 * Revision 1.30 2000/11/13 21:51:38 argus 1032 * Mods to support ragrep(). 1033 * 1034 * Revision 1.29 2000/11/13 15:05:14 argus 1035 * Fixes for raxml not printing out user data in all protocol types. 1036 * 1037 * Revision 1.28 2000/10/31 19:35:01 argus 1038 * Mods to support new timestats and user data. 1039 * 1040 * Revision 1.27 2000/10/27 13:45:42 argus 1041 * Fix support for multiple remote sources. 1042 * 1043 * Revision 1.26 2000/10/27 01:48:50 argus 1044 * Fixes for multiple source data. 1045 * 1046 * Revision 1.25 2000/10/26 15:38:09 argus 1047 * Mods for qflag defintions and some constants 1048 * 1049 * Revision 1.24 2000/10/25 22:23:30 argus 1050 * Mods to try to fix the LITTLE_ENDIAN issues for Neil. 1051 * 1052 * Revision 1.23 2000/10/16 21:55:48 argus 1053 * support for various .rc's. 1054 * 1055 * Revision 1.22 2000/10/11 12:51:37 argus 1056 * Added Zflag 1057 * 1058 * Revision 1.21 2000/10/10 14:50:51 argus 1059 * Fixes to support XML printing (print_time changes) and a bunch to support 1060 * TCP fixes. 1061 * 1062 * Revision 1.20 2000/10/05 15:04:47 argus 1063 * Addition of output labels for ra data. 1064 * 1065 * Revision 1.19 2000/10/03 23:04:29 argus 1066 * Mods for more complete cisco netflow parsing and -CS support. Needs testing. 1067 * 1068 * Revision 1.18 2000/10/01 14:27:45 argus 1069 * Put the filter in a global so we can all get to it. 1070 * 1071 * Revision 1.17 2000/09/30 15:03:13 argus 1072 * Addition of netflow record definitions. 1073 * 1074 *------------------------------------------------------------------ 1075 * $Endlog$ 1076 */ 1077 1078 1079 #define LABEL_LEN 16 1080 #define IP_LEN 15 1081 #define ASCII_HEADER_LEN 511 1082 #define BIN_FILE_SUFFIX ".bin" 1083 1084 1085 #if !defined(__NFC__) 1086 enum Aggregation 1087 { 1088 noAgg, /* reserved */ 1089 RawFlows, /* Not supported in binary files */ 1090 SourceNode, 1091 DestNode, 1092 HostMatrix, 1093 SourcePort, 1094 DestPort, 1095 Protocol, 1096 DetailDestNode, 1097 DetailHostMatrix, 1098 DetailInterface, 1099 CallRecord, 1100 ASMatrix, 1101 NetMatrix, 1102 DetailSourceNode, 1103 DetailASMatrix, 1104 ASHostMatrix, 1105 HostMatrixInterface, 1106 DetailCallRecord, 1107 RouterAS, 1108 RouterProtoPort, 1109 RouterSrcPrefix, 1110 RouterDstPrefix, 1111 RouterPrefix 1112 }; 1113 #endif 1114 1115 1116 typedef struct { 1117 u_short format; /* Header format, it is 2 in this round */ 1118 char newline; /* Newline character, '\n' */ 1119 char ascii_header[ASCII_HEADER_LEN]; /* Header in ASCII */ 1120 u_char aggregation; /* Aggregation scheme used */ 1121 u_char agg_version; /* Version of the aggregation scheme used */ 1122 char source[IP_LEN]; /* Source IP/Name */ 1123 u_char period; /* Aggregation period, 0 means PARTIAL */ 1124 u_long starttime; /* Beginning of aggregation period */ 1125 u_long endtime; /* End of aggregation period */ 1126 u_long flows; /* Number of flows aggregated */ 1127 int missed; /* Number of flows missed, -1 means not avail*/ 1128 u_long records; /* Number of records in this datafile */ 1129 } BinaryHeaderF2; 1130 1131 #define HEADER_FORMAT_2 2 1132 1133 1134 typedef struct { 1135 /* Keys */ 1136 u_long srcaddr; /* Source IP */ 1137 1138 /* Values */ 1139 u_long pkts; /* Packet count */ 1140 u_long octets; /* Byte count */ 1141 u_long flows; /* Flow count */ 1142 1143 } BinaryRecord_SourceNode_V1; 1144 1145 #define SOURCENODE_V1 1 1146 1147 1148 typedef struct { 1149 /* Keys */ 1150 u_long dstaddr; /* Destination IP */ 1151 1152 /* Values */ 1153 u_long pkts; /* Packet count */ 1154 u_long octets; /* Byte count */ 1155 u_long flows; /* Flow count */ 1156 } BinaryRecord_DestNode_V1; 1157 1158 #define DESTNODE_V1 1 1159 1160 1161 typedef struct { 1162 /* Keys */ 1163 u_long srcaddr; /* Source IP */ 1164 u_long dstaddr; /* Destination IP */ 1165 1166 /* Values */ 1167 u_long pkts; /* Packet count */ 1168 u_long octets; /* Byte count */ 1169 u_long flows; /* Flow count */ 1170 } BinaryRecord_HostMatrix_V1; 1171 1172 #define HOSTMATRIX_V1 1 1173 1174 1175 typedef struct { 1176 /* Keys */ 1177 char srcport[LABEL_LEN]; /* Source Port Key */ 1178 1179 /* Values */ 1180 u_long pkts; /* Packet count */ 1181 u_long octets; /* Byte count */ 1182 u_long flows; /* Flow count */ 1183 } BinaryRecord_SourcePort_V1; 1184 1185 #define SOURCEPORT_V1 1 1186 1187 1188 typedef struct { 1189 /* Keys */ 1190 char dstport[LABEL_LEN]; /* Destination Port Key */ 1191 1192 /* Values */ 1193 u_long pkts; /* Packet count */ 1194 u_long octets; /* Byte count */ 1195 u_long flows; /* Flow count */ 1196 } BinaryRecord_DestPort_V1; 1197 1198 #define DESTPORT_V1 1 1199 1200 1201 typedef struct { 1202 /* Keys */ 1203 char protocol[LABEL_LEN];/* Protocol Key */ 1204 1205 /* Values */ 1206 u_long pkts; /* Packet count */ 1207 u_long octets; /* Byte count */ 1208 u_long flows; /* Flow count */ 1209 } BinaryRecord_Protocol_V1; 1210 1211 #define PROTOCOL_V1 1 1212 1213 1214 typedef struct { 1215 /* Keys */ 1216 u_long srcaddr; /* Source IP */ 1217 char srcport[LABEL_LEN]; /* Source Port Key */ 1218 char dstport[LABEL_LEN]; /* Destination Port Key */ 1219 char protocol[LABEL_LEN];/* Protocol Key */ 1220 1221 /* Values */ 1222 u_long pkts; /* Packet count */ 1223 u_long octets; /* Byte count */ 1224 u_long flows; /* Flow count */ 1225 } BinaryRecord_DetailSourceNode_V1; 1226 1227 #define DETAIL_SOURCENODE_V1 1 1228 1229 1230 typedef struct { 1231 /* Keys */ 1232 u_long dstaddr; /* Destination IP */ 1233 char srcport[LABEL_LEN]; /* Source Port Key */ 1234 char dstport[LABEL_LEN]; /* Destination Port Key */ 1235 char protocol[LABEL_LEN];/* Protocol Key */ 1236 1237 /* Values */ 1238 u_long pkts; /* Packet count */ 1239 u_long octets; /* Byte count */ 1240 u_long flows; /* Flow count */ 1241 } BinaryRecord_DetailDestNode_V1; 1242 1243 #define DETAIL_DESTNODE_V1 1 1244 1245 1246 typedef struct { 1247 /* Keys */ 1248 u_long srcaddr; /* Source IP */ 1249 u_long dstaddr; /* Destination IP */ 1250 char srcport[LABEL_LEN]; /* Source Port Key */ 1251 char dstport[LABEL_LEN]; /* Destination Port Key */ 1252 char protocol[LABEL_LEN];/* Protocol Key */ 1253 1254 /* Values */ 1255 u_long pkts; /* Packet count */ 1256 u_long octets; /* Byte count */ 1257 u_long flows; /* Flow count */ 1258 u_long starttime; /* Start time */ 1259 u_long endtime; /* End time */ 1260 } BinaryRecord_DetailHostMatrix_V1; 1261 1262 #define DETAIL_HOSTMATRIX_V1 1 1263 1264 1265 typedef struct { 1266 /* Keys */ 1267 u_long srcaddr; /* Source IP */ 1268 u_long dstaddr; /* Destination IP */ 1269 u_short input; /* Input Interface Number */ 1270 u_short output; /* Output Interface Number */ 1271 u_long nexthop; /* Next Hop IP */ 1272 1273 /* Values */ 1274 u_long pkts; /* Packet count */ 1275 u_long octets; /* Byte count */ 1276 u_long flows; /* Flow count */ 1277 } BinaryRecord_DetailInterface_V1; 1278 1279 #define DETAIL_INTERFACE_V1 1 1280 1281 1282 typedef struct { 1283 /* Keys */ 1284 u_long srcaddr; /* Source IP */ 1285 u_long dstaddr; /* Destination IP */ 1286 u_short srcport; /* Source Port Number */ 1287 u_short dstport; /* Destination Port Number */ 1288 u_char prot; /* Protocol Number */ 1289 u_char tos; /* Type of Service */ 1290 u_short reserved; /* Data alignment */ 1291 1292 /* Values */ 1293 u_long pkts; /* Packet count */ 1294 u_long octets; /* Byte count */ 1295 u_long flows; /* Flow count */ 1296 u_long starttime; /* Start time */ 1297 u_long endtime; /* End time */ 1298 u_long activetime; /* Total Active Time */ 1299 } BinaryRecord_CallRecord_V1; 1300 1301 #define CALLRECORD_V1 1 1302 1303 1304 typedef struct { 1305 /* Keys */ 1306 char src_as[LABEL_LEN]; /* Source AS */ 1307 char dst_as[LABEL_LEN]; /* Destination AS */ 1308 1309 /* Values */ 1310 u_long pkts; /* Packet count */ 1311 u_long octets; /* Byte count */ 1312 u_long flows; /* Flow count */ 1313 } BinaryRecord_ASMatrix_V1; 1314 1315 #define ASMATRIX_V1 1 1316 1317 1318 typedef struct { 1319 /* Keys */ 1320 u_long srcaddr; /* Source IP */ 1321 u_long dstaddr; /* Destination IP */ 1322 char src_as[LABEL_LEN]; /* Source AS */ 1323 char dst_as[LABEL_LEN]; /* Destination AS */ 1324 u_short input; /* Input Interface Number */ 1325 u_short output; /* Output Interface Number */ 1326 char srcport[LABEL_LEN]; /* Source Port Key */ 1327 char dstport[LABEL_LEN]; /* Destination Port Key */ 1328 char protocol[LABEL_LEN];/* Protocol Key */ 1329 1330 /* Values */ 1331 u_long pkts; /* Packet count */ 1332 u_long octets; /* Byte count */ 1333 u_long flows; /* Flow count */ 1334 } BinaryRecord_DetailASMatrix_V1; 1335 1336 #define DETAIL_ASMATRIX_V1 1 1337 1338 1339 typedef struct { 1340 /* Keys */ 1341 u_long src_subnet; /* Source SubNet */ 1342 u_short src_mask; /* Source SubNet Mask */ 1343 u_short input; /* Input Interface Number */ 1344 u_long dst_subnet; /* Destination SubNet */ 1345 u_short dst_mask; /* Destination SubNet Mask */ 1346 u_short output; /* Output Interface Number */ 1347 1348 /* Values */ 1349 u_long pkts; /* Packet count */ 1350 u_long octets; /* Byte count */ 1351 u_long flows; /* Flow count */ 1352 } BinaryRecord_NetMatrix_V1; 1353 1354 #define NETMATRIX_V1 1 1355 1356 1357 typedef struct { 1358 /* Keys */ 1359 char src_as[LABEL_LEN]; /* Source AS */ 1360 char dst_as[LABEL_LEN]; /* Destination AS */ 1361 u_short input; /* Input Interface Number */ 1362 u_short output; /* Output Interface Number */ 1363 1364 /* Values */ 1365 u_long pkts; /* Packet count */ 1366 u_long octets; /* Byte count */ 1367 u_long flows; /* Flow count */ 1368 u_long starttime; /* Start time */ 1369 u_long endtime; /* End time */ 1370 u_long activetime; /* Total Active Time */ 1371 } BinaryRecord_RouterAS_V1; 1372 1373 #define ROUTERAS_V1 1 1374 1375 1376 typedef struct { 1377 /* Keys */ 1378 char srcport[LABEL_LEN]; /* Source Port Key */ 1379 char dstport[LABEL_LEN]; /* Destination Port Key */ 1380 u_char prot; /* Protocol Number */ 1381 u_char pad; /* Data alignment */ 1382 u_short reserved; /* Data alignment */ 1383 1384 /* Values */ 1385 u_long pkts; /* Packet count */ 1386 u_long octets; /* Byte count */ 1387 u_long flows; /* Flow count */ 1388 u_long starttime; /* Start time */ 1389 u_long endtime; /* End time */ 1390 u_long activetime; /* Total Active Time */ 1391 } BinaryRecord_RouterProtoPort_V1; 1392 1393 #define ROUTERPROTOPORT_V1 1 1394 1395 1396 typedef struct { 1397 /* Keys */ 1398 u_long src_subnet; /* Source SubNet */ 1399 u_short src_mask; /* Source SubNet Mask */ 1400 u_short input; /* Input Interface Number */ 1401 char src_as[LABEL_LEN]; /* Source AS */ 1402 1403 /* Values */ 1404 u_long pkts; /* Packet count */ 1405 u_long octets; /* Byte count */ 1406 u_long flows; /* Flow count */ 1407 u_long starttime; /* Start time */ 1408 u_long endtime; /* End time */ 1409 u_long activetime; /* Total Active Time */ 1410 } BinaryRecord_RouterSrcPrefix_V1; 1411 1412 #define ROUTERSRCPREFIX_V1 1 1413 1414 1415 typedef struct { 1416 /* Keys */ 1417 u_long dst_subnet; /* Destination SubNet */ 1418 u_short dst_mask; /* Destination SubNet Mask */ 1419 u_short output; /* Output Interface Number */ 1420 char dst_as[LABEL_LEN]; /* Destination AS */ 1421 1422 /* Values */ 1423 u_long pkts; /* Packet count */ 1424 u_long octets; /* Byte count */ 1425 u_long flows; /* Flow count */ 1426 u_long starttime; /* Start time */ 1427 u_long endtime; /* End time */ 1428 u_long activetime; /* Total Active Time */ 1429 } BinaryRecord_RouterDstPrefix_V1; 1430 1431 #define ROUTERDSTPREFIX_V1 1 1432 1433 1434 typedef struct { 1435 /* Keys */ 1436 u_long src_subnet; /* Source SubNet */ 1437 u_long dst_subnet; /* Destination SubNet */ 1438 u_short src_mask; /* Source SubNet Mask */ 1439 u_short dst_mask; /* Destination SubNet Mask */ 1440 u_short input; /* Input Interface Number */ 1441 u_short output; /* Output Interface Number */ 1442 char src_as[LABEL_LEN]; /* Source AS */ 1443 char dst_as[LABEL_LEN]; /* Destination AS */ 1444 1445 /* Values */ 1446 u_long pkts; /* Packet count */ 1447 u_long octets; /* Byte count */ 1448 u_long flows; /* Flow count */ 1449 u_long starttime; /* Start time */ 1450 u_long endtime; /* End time */ 1451 u_long activetime; /* Total Active Time */ 1452 } BinaryRecord_RouterPrefix_V1; 1453 1454 #define ROUTERPREFIX_V1 1 1455 1456 1457 typedef struct { 1458 /* Keys */ 1459 u_long srcaddr; /* Source IP */ 1460 u_long dstaddr; /* Destination IP */ 1461 char src_as[LABEL_LEN]; /* Source AS */ 1462 char dst_as[LABEL_LEN]; /* Destination AS */ 1463 1464 /* Values */ 1465 u_long pkts; /* Packet count */ 1466 u_long octets; /* Byte count */ 1467 u_long flows; /* Flow count */ 1468 u_long starttime; /* Start time */ 1469 u_long endtime; /* End time */ 1470 u_long activetime; /* Total Active Time */ 1471 } BinaryRecord_ASHostMatrix_V1; 1472 1473 #define ASHOSTMATRIX_V1 1 1474 1475 1476 typedef struct { 1477 /* Keys */ 1478 u_long srcaddr; /* Source IP */ 1479 u_long dstaddr; /* Destination IP */ 1480 u_short input; /* Input Interface Number */ 1481 u_short output; /* Output Interface Number */ 1482 char protocol[LABEL_LEN];/* Protocol Key */ 1483 1484 /* Values */ 1485 u_long pkts; /* Packet count */ 1486 u_long octets; /* Byte count */ 1487 u_long flows; /* Flow count */ 1488 } BinaryRecord_HostMatrixInterface_V1; 1489 1490 #define HOSTMATRIXINTERFACE_V1 1 1491 1492 1493 typedef struct { 1494 /* Keys */ 1495 u_long srcaddr; /* Source IP */ 1496 u_long dstaddr; /* Destination IP */ 1497 char srcport[LABEL_LEN]; /* Source Port Key */ 1498 char dstport[LABEL_LEN]; /* Destination Port Key */ 1499 u_short input; /* Input Interface Number */ 1500 u_short output; /* Output Interface Number */ 1501 char protocol[LABEL_LEN];/* Protocol Key */ 1502 u_char tos; /* Type of Service */ 1503 u_char pad; /* Data alignment */ 1504 u_short reserved; /* Data alignment */ 1505 1506 /* Values */ 1507 u_long pkts; /* Packet count */ 1508 u_long octets; /* Byte count */ 1509 u_long flows; /* Flow count */ 1510 u_long starttime; /* Start time */ 1511 u_long endtime; /* End time */ 1512 u_long activetime; /* Total Active Time */ 1513 } BinaryRecord_DetailCallRecord_V1; 1514 1515 #define DETAILCALLRECORD_V1 1 1516 1517 1518 typedef struct { 1519 BinaryHeaderF2 header; 1520 union { 1521 BinaryRecord_SourceNode_V1 * srcnode; 1522 BinaryRecord_DestNode_V1 * dstnode; 1523 BinaryRecord_HostMatrix_V1 * hostmatrix; 1524 BinaryRecord_SourcePort_V1 * srcport; 1525 BinaryRecord_DestPort_V1 * dstport; 1526 BinaryRecord_Protocol_V1 * protocol; 1527 BinaryRecord_DetailSourceNode_V1 * detailsrcnode; 1528 BinaryRecord_DetailDestNode_V1 * detaildstnode; 1529 BinaryRecord_DetailHostMatrix_V1 * detailhostmatix; 1530 BinaryRecord_DetailInterface_V1 * detailinterface; 1531 BinaryRecord_CallRecord_V1 * callrecord; 1532 BinaryRecord_ASMatrix_V1 * asmatrix; 1533 BinaryRecord_DetailASMatrix_V1 * detailasmatrix; 1534 BinaryRecord_NetMatrix_V1 * netmatrix; 1535 BinaryRecord_ASHostMatrix_V1 * ashostmatrix; 1536 BinaryRecord_HostMatrixInterface_V1 * hostmatrixinterface; 1537 BinaryRecord_DetailCallRecord_V1 * detailcallrecord; 1538 BinaryRecord_RouterAS_V1 * routeras; 1539 BinaryRecord_RouterProtoPort_V1 * routerprotoport; 1540 BinaryRecord_RouterSrcPrefix_V1 * routersrcprefix; 1541 BinaryRecord_RouterDstPrefix_V1 * routerdstprefix; 1542 BinaryRecord_RouterPrefix_V1 * routerprefix; 1543 } record; 1544 } BinaryDatafile; 1545 1546 1547 #define MAX_BINARY_HEADER_F2 \ 1548 (sizeof(BinaryHeaderF2)) 1549 1550 #define MAX_BINARY_RECORD_SOURCE_NODE_SIZE \ 1551 (sizeof(BinaryRecord_SourceNode_V1)) 1552 1553 #define MAX_BINARY_RECORD_DESTINATION_NODE_SIZE \ 1554 (sizeof(BinaryRecord_DestNode_V1)) 1555 1556 #define MAX_BINARY_RECORD_HOST_MATRIX_SIZE \ 1557 (sizeof(BinaryRecord_HostMatrix_V1)) 1558 1559 #define MAX_BINARY_RECORD_SOURCE_PORT_SIZE \ 1560 (sizeof(BinaryRecord_SourcePort_V1)) 1561 1562 #define MAX_BINARY_RECORD_DESTINATION_PORT_SIZE \ 1563 (sizeof(BinaryRecord_DestPort_V1)) 1564 1565 #define MAX_BINARY_RECORD_PROTOCOL_SIZE \ 1566 (sizeof(BinaryRecord_Protocol_V1)) 1567 1568 #define MAX_BINARY_RECORD_DETAIL_SOURCE_NODE_SIZE \ 1569 (sizeof(BinaryRecord_DetailSourceNode_V1)) 1570 1571 #define MAX_BINARY_RECORD_DETAIL_DESTINATION_NODE_SIZE \ 1572 (sizeof(BinaryRecord_DetailDestNode_V1)) 1573 1574 #define MAX_BINARY_RECORD_DETAIL_HOST_MATRIX_SIZE \ 1575 (sizeof(BinaryRecord_DetailHostMatrix_V1)) 1576 1577 #define MAX_BINARY_RECORD_DETAIL_INTERFACE_SIZE \ 1578 (sizeof(BinaryRecord_DetailInterface_V1)) 1579 1580 #define MAX_BINARY_RECORD_CALL_RECORD_SIZE \ 1581 (sizeof(BinaryRecord_CallRecord_V1)) 1582 1583 #define MAX_BINARY_RECORD_AS_MATRIX_SIZE \ 1584 (sizeof(BinaryRecord_ASMatrix_V1)) 1585 1586 #define MAX_BINARY_RECORD_DETAIL_AS_MATRIX_SIZE \ 1587 (sizeof(BinaryRecord_DetailASMatrix_V1)) 1588 1589 #define MAX_BINARY_RECORD_NET_MATRIX_SIZE \ 1590 (sizeof(BinaryRecord_NetMatrix_V1)) 1591 1592 #define MAX_BINARY_RECORD_AS_HOST_MATRIX_SIZE \ 1593 (sizeof(BinaryRecord_ASHostMatrix_V1)) 1594 1595 #define MAX_BINARY_RECORD_HOST_MATRIX_INTERFACE_SIZE \ 1596 (sizeof(BinaryRecord_HostMatrixInterface_V1)) 1597 1598 #define MAX_BINARY_RECORD_DETAIL_CALL_RECORD_SIZE \ 1599 (sizeof(BinaryRecord_DetailCallRecord_V1)) 1600 1601 #define MAX_BINARY_RECORD_ROUTER_AS_SIZE \ 1602 (sizeof(BinaryRecord_RouterAS_V1)) 1603 1604 #define MAX_BINARY_RECORD_ROUTER_PROTO_PORT_SIZE \ 1605 (sizeof(BinaryRecord_RouterProtoPort_V1)) 1606 1607 #define MAX_BINARY_RECORD_ROUTER_SRC_PREFIX_SIZE \ 1608 (sizeof(BinaryRecord_RouterSrcPrefix_V1)) 1609 1610 #define MAX_BINARY_RECORD_ROUTER_DST_PREFIX_SIZE \ 1611 (sizeof(BinaryRecord_RouterDstPrefix_V1)) 1612 1613 #define MAX_BINARY_RECORD_ROUTER_PREFIX_SIZE \ 1614 (sizeof(BinaryRecord_RouterPrefix_V1)) 1615 1616 #endif /* __NFC_DATAFILE_H__ */ 1617 1618 #endif /* RaMuxSource || RadiumSource */ 1619 #endif /* ArgusParse_h */ 1620 1621