1 /* 2 pmacct (Promiscuous mode IP Accounting package) 3 pmacct is Copyright (C) 2003-2019 by Paolo Lucente 4 */ 5 6 /* 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 2 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program; if not, write to the Free Software 19 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 20 */ 21 22 /* 23 much of the sflow v2/v4/v5 definitions are based on sFlow toolkit 3.8 and 24 later which is Copyright (C) InMon Corporation 2001 ALL RIGHTS RESERVED 25 */ 26 27 #ifndef SFACCTD_H 28 #define SFACCTD_H 29 30 /* defines */ 31 #define DEFAULT_SFACCTD_PORT 6343 32 #define SFLOW_MIN_MSG_SIZE 200 33 #define SFLOW_MAX_MSG_SIZE 65536 /* inflated ? */ 34 #define MAX_SF_CNT_LOG_ENTRIES 1024 35 36 enum INMPacket_information_type { 37 INMPACKETTYPE_HEADER = 1, /* Packet headers are sampled */ 38 INMPACKETTYPE_IPV4 = 2, /* IP version 4 data */ 39 INMPACKETTYPE_IPV6 = 3 /* IP version 4 data */ 40 }; 41 42 enum INMExtended_information_type { 43 INMEXTENDED_SWITCH = 1, /* Extended switch information */ 44 INMEXTENDED_ROUTER = 2, /* Extended router information */ 45 INMEXTENDED_GATEWAY = 3, /* Extended gateway router information */ 46 INMEXTENDED_USER = 4, /* Extended TACAS/RADIUS user information */ 47 INMEXTENDED_URL = 5 /* Extended URL information */ 48 }; 49 50 enum INMCounters_version { 51 INMCOUNTERSVERSION_GENERIC = 1, 52 INMCOUNTERSVERSION_ETHERNET = 2, 53 INMCOUNTERSVERSION_TOKENRING = 3, 54 INMCOUNTERSVERSION_FDDI = 4, 55 INMCOUNTERSVERSION_VG = 5, 56 INMCOUNTERSVERSION_WAN = 6, 57 INMCOUNTERSVERSION_VLAN = 7 58 }; 59 60 typedef struct _SFSample { 61 struct timeval *ts; 62 struct in_addr sourceIP; 63 SFLAddress agent_addr; 64 u_int32_t agentSubId; 65 66 /* the raw pdu */ 67 u_char *rawSample; 68 u_int32_t rawSampleLen; 69 u_char *endp; 70 u_int32_t *datap; 71 72 u_int32_t datagramVersion; 73 u_int32_t sampleType; 74 u_int32_t ds_class; 75 u_int32_t ds_index; 76 77 /* generic interface counter sample */ 78 SFLIf_counters ifCounters; 79 80 /* sample stream info */ 81 u_int32_t sysUpTime; 82 u_int32_t sequenceNo; 83 u_int32_t cntSequenceNo; 84 u_int32_t sampledPacketSize; 85 u_int32_t samplesGenerated; 86 u_int32_t meanSkipCount; 87 u_int32_t samplePool; 88 u_int32_t dropEvents; 89 90 /* the sampled header */ 91 u_int32_t packet_data_tag; 92 u_int32_t headerProtocol; 93 u_char *header; 94 int headerLen; 95 u_int32_t stripped; 96 97 /* header decode */ 98 int gotIPV4; 99 int offsetToIPV4; 100 int gotIPV6; 101 int offsetToIPV6; 102 struct in_addr dcd_srcIP; 103 struct in_addr dcd_dstIP; 104 u_int32_t dcd_ipProtocol; 105 u_int32_t dcd_ipTos; 106 u_int32_t dcd_ipTTL; 107 u_int32_t dcd_sport; 108 u_int32_t dcd_dport; 109 u_int32_t dcd_tcpFlags; 110 u_int32_t ip_fragmentOffset; 111 u_int32_t udp_pduLen; 112 113 /* ports */ 114 u_int32_t inputPortFormat; 115 u_int32_t outputPortFormat; 116 u_int32_t inputPort; 117 u_int32_t outputPort; 118 119 /* ethernet */ 120 u_int32_t eth_type; 121 u_int32_t eth_len; 122 u_char eth_src[8]; 123 u_char eth_dst[8]; 124 125 /* vlan */ 126 u_int32_t in_vlan; 127 u_int32_t in_priority; 128 u_int32_t internalPriority; 129 u_int32_t out_vlan; 130 u_int32_t out_priority; 131 132 /* MPLS hack */ 133 SFLLabelStack lstk; 134 SFLLabelStack lstk_out; 135 136 /* extended data fields */ 137 u_int32_t num_extended; 138 u_int32_t extended_data_tag; 139 #define SASAMPLE_EXTENDED_DATA_SWITCH 1 140 #define SASAMPLE_EXTENDED_DATA_ROUTER 4 141 #define SASAMPLE_EXTENDED_DATA_GATEWAY 8 142 #define SASAMPLE_EXTENDED_DATA_USER 16 143 #define SASAMPLE_EXTENDED_DATA_URL 32 144 #define SASAMPLE_EXTENDED_DATA_MPLS 64 145 #define SASAMPLE_EXTENDED_DATA_NAT 128 146 #define SASAMPLE_EXTENDED_DATA_MPLS_TUNNEL 256 147 #define SASAMPLE_EXTENDED_DATA_MPLS_VC 512 148 #define SASAMPLE_EXTENDED_DATA_MPLS_FTN 1024 149 #define SASAMPLE_EXTENDED_DATA_MPLS_LDP_FEC 2048 150 #define SASAMPLE_EXTENDED_DATA_VLAN_TUNNEL 4096 151 152 /* IP forwarding info */ 153 SFLAddress nextHop; 154 u_int32_t srcMask; 155 u_int32_t dstMask; 156 157 /* BGP info */ 158 SFLAddress bgp_nextHop; 159 u_int32_t my_as; 160 u_int32_t src_as; 161 u_int32_t src_peer_as; 162 163 u_int32_t dst_as_path_len; 164 char dst_as_path[LARGEBUFLEN]; 165 166 u_int32_t dst_peer_as; 167 u_int32_t dst_as; 168 169 u_int32_t communities_len; 170 char comms[LARGEBUFLEN]; 171 u_int32_t localpref; 172 173 /* user id */ 174 #define SA_MAX_EXTENDED_USER_LEN 200 175 u_int32_t src_user_charset; 176 u_int32_t src_user_len; 177 char src_user[SA_MAX_EXTENDED_USER_LEN+1]; 178 u_int32_t dst_user_charset; 179 u_int32_t dst_user_len; 180 char dst_user[SA_MAX_EXTENDED_USER_LEN+1]; 181 182 /* url */ 183 #define SA_MAX_EXTENDED_URL_LEN 200 184 #define SA_MAX_EXTENDED_HOST_LEN 200 185 u_int32_t url_direction; 186 u_int32_t url_len; 187 char url[SA_MAX_EXTENDED_URL_LEN+1]; 188 u_int32_t host_len; 189 char host[SA_MAX_EXTENDED_HOST_LEN+1]; 190 191 /* mpls */ 192 SFLAddress mpls_nextHop; 193 u_int32_t mpls_vll_vc_id; 194 u_int32_t mpls_tunnel_id; 195 196 /* nat */ 197 SFLAddress nat_src; 198 SFLAddress nat_dst; 199 200 /* vxlan */ 201 u_int32_t vni; 202 203 /* counter blocks */ 204 u_int32_t statsSamplingInterval; 205 u_int32_t counterBlockVersion; 206 207 /* classification */ 208 pm_class_t class; 209 #if defined (WITH_NDPI) 210 pm_class2_t ndpi_class; 211 #endif 212 213 pm_id_t tag; 214 pm_id_t tag2; 215 216 SFLAddress ipsrc; 217 SFLAddress ipdst; 218 219 struct packet_ptrs hdr_ptrs; 220 struct pcap_pkthdr hdr_pcap; 221 222 void *sppi; 223 } SFSample; 224 225 /* define my own IP header struct - to ease portability */ 226 struct SF_iphdr 227 { 228 u_int8_t version_and_headerLen; 229 u_int8_t tos; 230 u_int16_t tot_len; 231 u_int16_t id; 232 u_int16_t frag_off; 233 u_int8_t ttl; 234 u_int8_t protocol; 235 u_int16_t check; 236 u_int32_t saddr; 237 u_int32_t daddr; 238 }; 239 240 /* same for tcp */ 241 struct SF_tcphdr 242 { 243 u_int16_t th_sport; 244 u_int16_t th_dport; 245 u_int32_t th_seq; 246 u_int32_t th_ack; 247 u_int8_t th_off_and_unused; 248 u_int8_t th_flags; 249 u_int16_t th_win; 250 u_int16_t th_sum; 251 u_int16_t th_urp; 252 }; 253 254 /* and UDP */ 255 struct SF_udphdr { 256 u_int16_t uh_sport; 257 u_int16_t uh_dport; 258 u_int16_t uh_ulen; 259 u_int16_t uh_sum; 260 }; 261 262 /* and ICMP */ 263 struct SF_icmphdr 264 { 265 u_int8_t type; 266 u_int8_t code; 267 /* ignore the rest */ 268 }; 269 270 struct SF_dissect { 271 u_char *hdrBasePtr; 272 u_char *hdrEndPtr; 273 u_int32_t hdrLen; 274 u_char *flowBasePtr; 275 u_char *flowEndPtr; 276 u_int32_t flowLen; 277 u_int32_t *samplesInPkt; 278 }; 279 280 extern u_int8_t SF_evaluate_flow_type(struct packet_ptrs *); 281 extern void set_vector_sample_type(struct packet_ptrs_vector *, u_int32_t); 282 extern void reset_mac(struct packet_ptrs *); 283 extern void reset_mac_vlan(struct packet_ptrs *); 284 extern void reset_ip4(struct packet_ptrs *); 285 extern void reset_ip6(struct packet_ptrs *); 286 extern void SF_notify_malf_packet(short int, char *, char *, struct sockaddr *); 287 extern int SF_find_id(struct id_table *, struct packet_ptrs *, pm_id_t *, pm_id_t *); 288 extern void SF_compute_once(); 289 290 extern char *getPointer(SFSample *); 291 extern u_int32_t getData32(SFSample *); 292 extern u_int32_t getData32_nobswap(SFSample *); 293 extern u_int64_t getData64(SFSample *); 294 extern u_int32_t getAddress(SFSample *, SFLAddress *); 295 extern void skipBytes(SFSample *, int); 296 extern int skipBytesAndCheck(SFSample *, int); 297 extern int lengthCheck(SFSample *, u_char *, u_int32_t); 298 extern u_int32_t getString(SFSample *, char *, u_int32_t); 299 300 extern void process_SFv2v4_packet(SFSample *, struct packet_ptrs_vector *, struct plugin_requests *, struct sockaddr *); 301 extern void process_SFv5_packet(SFSample *, struct packet_ptrs_vector *, struct plugin_requests *, struct sockaddr *); 302 extern void process_SF_raw_packet(SFSample *, struct packet_ptrs_vector *, struct plugin_requests *, struct sockaddr *); 303 extern void readv2v4FlowSample(SFSample *, struct packet_ptrs_vector *, struct plugin_requests *); 304 extern void readv5FlowSample(SFSample *, int, struct packet_ptrs_vector *, struct plugin_requests *, int); 305 extern void readv2v4CountersSample(SFSample *, struct packet_ptrs_vector *); 306 extern void readv5CountersSample(SFSample *, int, struct packet_ptrs_vector *); 307 extern void finalizeSample(SFSample *, struct packet_ptrs_vector *, struct plugin_requests *); 308 extern void InterSampleCleanup(SFSample *); 309 extern void decodeMpls(SFSample *, u_char **); 310 extern void decodePPP(SFSample *); 311 extern void decodeLinkLayer(SFSample *); 312 extern void decodeIPLayer4(SFSample *, u_char *, u_int32_t); 313 extern void decodeIPV4(SFSample *); 314 extern void decodeIPV6(SFSample *); 315 extern void decodeVXLAN(SFSample *, u_char *); 316 extern void readExtendedSwitch(SFSample *); 317 extern void readExtendedRouter(SFSample *); 318 extern void readExtendedGateway_v2(SFSample *); 319 extern void readExtendedGateway(SFSample *); 320 extern void readExtendedUser(SFSample *); 321 extern void readExtendedUrl(SFSample *); 322 extern void mplsLabelStack(SFSample *, u_int8_t); 323 extern void readExtendedMpls(SFSample *); 324 extern void readExtendedNat(SFSample *); 325 extern void readExtendedMplsTunnel(SFSample *); 326 extern void readExtendedMplsVC(SFSample *); 327 extern void readExtendedMplsFTN(SFSample *); 328 extern void readExtendedMplsLDP_FEC(SFSample *); 329 extern void readExtendedVlanTunnel(SFSample *); 330 extern void readExtendedProcess(SFSample *); 331 extern void readFlowSample_header(SFSample *); 332 extern void readFlowSample_ethernet(SFSample *); 333 extern void readFlowSample_IPv4(SFSample *); 334 extern void readFlowSample_IPv6(SFSample *); 335 336 extern int sf_cnt_log_msg(struct bgp_peer *, SFSample *, int, u_int32_t, char *, int, u_int32_t); 337 extern int readCounters_generic(struct bgp_peer *, SFSample *, char *, int, void *); 338 extern int readCounters_ethernet(struct bgp_peer *, SFSample *, char *, int, void *); 339 extern int readCounters_vlan(struct bgp_peer *, SFSample *, char *, int, void *); 340 extern void sfacctd_counter_init_amqp_host(); 341 extern int sfacctd_counter_init_kafka_host(); 342 extern void sf_cnt_link_misc_structs(struct bgp_misc_structs *); 343 extern void sf_flow_sample_hdr_decode(SFSample *); 344 345 extern struct xflow_status_entry *sfv245_check_status(SFSample *spp, struct packet_ptrs *, struct sockaddr *); 346 extern void sfv245_check_counter_log_init(struct packet_ptrs *); 347 348 extern void usage_daemon(char *); 349 extern void compute_once(); 350 351 #ifdef WITH_KAFKA 352 extern void SF_init_kafka_host(void *); 353 #endif 354 355 #ifdef WITH_ZMQ 356 extern void SF_init_zmq_host(void *, int *); 357 #endif 358 359 /* global variables */ 360 extern int sfacctd_counter_backend_methods; 361 extern struct bgp_misc_structs *sf_cnt_misc_db; 362 extern struct host_addr debug_a; 363 extern char debug_agent_addr[50]; 364 extern u_int16_t debug_agent_port; 365 366 #endif //SFACCTD_H 367