1 /* 2 * Argus Software 3 * Copyright (c) 2000-2016 QoSient, LLC 4 * All rights reserved. 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2, or (at your option) 9 * any later version. 10 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 * 20 */ 21 22 /* 23 * $Id: //depot/argus/clients/include/argus_client.h#72 $ 24 * $DateTime: 2016/06/01 15:17:28 $ 25 * $Change: 3148 $ 26 */ 27 28 29 #ifndef ArgusClient_h 30 #define ArgusClient_h 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 #include <unistd.h> 37 38 #include <sys/types.h> 39 #include <stdio.h> 40 41 #include <errno.h> 42 #include <fcntl.h> 43 44 #include <string.h> 45 #include <sys/time.h> 46 47 #include <netinet/in.h> 48 #include <string.h> 49 #include <sys/stat.h> 50 51 #include <argus_compat.h> 52 53 #if defined(ARGUS_THREADS) 54 #include <pthread.h> 55 #endif 56 57 #ifdef ARGUS_SASL 58 #include <sasl/sasl.h> 59 #endif 60 61 #include <argus_filter.h> 62 #include <argus_debug.h> 63 #include <argus_label.h> 64 #include <argus_def.h> 65 #include <argus_out.h> 66 67 #include <argus_int.h> 68 #include <argus_histo.h> 69 70 71 #define RA_TRANSDURATION 1 72 #define RA_MEAN 2 73 #define RA_DELTADURATION 3 74 75 #define RA_MODELNAMETAGSTR "RACLUSTER_MODEL_NAME=" 76 #define RA_PRESERVETAGSTR "RACLUSTER_PRESERVE_FIELDS=" 77 #define RA_REPORTTAGSTR "RACLUSTER_REPORT_AGGREGATION=" 78 #define RA_AUTOCORRECTSTR "RACLUSTER_AUTO_CORRECTION=" 79 #define RA_HISTOGRAM "RACLUSTER_HISTOGRAM=" 80 #define RA_AGGMETRIC "RACLUSTER_AGG_METRIC=" 81 82 83 #define RA_MODELIST 1 84 #define RA_FLOWLIST 2 85 86 #define RA_FLOWPOLICYFIELDNUM 11 87 #define RA_MODELPOLICYFIELDNUM 8 88 89 #define RA_LABELSTRING 0 90 #define RA_POLICYID 1 91 #define RA_POLICYTYPE 2 92 #define RA_POLICYSRCADDR 3 93 #define RA_POLICYDSTADDR 4 94 #define RA_POLICYPROTO 5 95 #define RA_POLICYSRCPORT 6 96 #define RA_POLICYDSTPORT 7 97 #define RA_POLICYMODELST 8 98 #define RA_POLICYTIMEOUT 9 99 #define RA_POLICYIDLETIMEOUT 10 100 101 #define RA_MODIFIED 0x10000000 102 103 #define RA_CON 1 104 #define RA_DONE 2 105 106 #define RA_HASHTABLESIZE 0x10000 107 #define RA_SVCPASSED 0x010000 108 #define RA_SVCFAILED 0x020000 109 #define RA_SVCINCOMPLETE 0x040000 110 #define RA_SVCTEST (RA_SVCFAILED|RA_SVCPASSED|RA_SVCINCOMPLETE) 111 #define RA_SVCDISCOVERY 0x080000 112 #define RA_SVCMULTICAST 0x100000 113 114 115 #define ARGUS_FAR_SRCADDR_MODIFIED 0x0100 116 #define ARGUS_FAR_DSTADDR_MODIFIED 0x0200 117 #define ARGUS_FAR_PROTO_MODIFIED 0x0400 118 #define ARGUS_FAR_SRCPORT_MODIFIED 0x0800 119 #define ARGUS_FAR_DSTPORT_MODIFIED 0x1000 120 #define ARGUS_FAR_TPVAL_MODIFIED 0x2000 121 122 #define ARGUS_FAR_RECORDREVERSE 0x4000 123 124 #define ARGUS_MAX_STREAM 0x400000 125 #define ARGUS_MAX_BUFFER_READ 0x100000 126 127 #define ARGUS_READINGPREHDR 1 128 #define ARGUS_READINGHDR 2 129 #define ARGUS_READINGBLOCK 4 130 #define ARGUS_READINGDATAGRAM 8 131 132 133 #define TSEQ_HASHSIZE 9029 134 #define HASHNAMESIZE 8192 135 136 #define RASIGLENGTH 32 137 138 #define RA_SRV_ROOT 0 139 #define RA_SRV_LEFT 1 140 #define RA_SRV_RIGHT 2 141 142 #define ARGUSMAXSIGFILE 0x80000 143 #define RA_SRC_SERVICES 0 144 #define RA_DST_SERVICES 1 145 146 #define RA_SVC_WILDCARD 4 147 148 149 150 typedef struct ArgusRecord * (*ArgusNetFlowHandler)(struct ArgusParserStruct *, struct ArgusInput *, uint8_t **, int *); 151 152 153 struct ArgusInput { 154 struct ArgusQueueHeader qhdr; 155 struct ArgusQueueStruct *queue; 156 157 #if defined(ARGUS_THREADS) 158 pthread_t tid; 159 pthread_mutex_t lock; 160 #endif 161 162 int type, mode, index; 163 int fd, in, out; 164 unsigned int offset; 165 166 int major_version, minor_version; 167 unsigned int status; 168 #if defined(HAVE_GETADDRINFO) 169 struct addrinfo *host; 170 #else 171 struct hostent *host; 172 #endif 173 struct in_addr addr; 174 long long ostart, ostop; 175 unsigned short portnum; 176 char *hostname, *filename, *servname; 177 char *user, *pass; 178 179 FILE *file, *pipe; 180 unsigned int ArgusLocalNet, ArgusNetMask; 181 unsigned int ArgusID, ArgusIDType; 182 struct timeval ArgusStartTime, ArgusLastTime; 183 long long ArgusTimeDrift; 184 int ArgusMarInterval; 185 struct stat statbuf; 186 int ArgusBufferLen; 187 unsigned char *ArgusReadBuffer, *ArgusConvBuffer; 188 unsigned char *ArgusReadPtr, *ArgusConvPtr, *ArgusReadBlockPtr; 189 int ArgusReadSocketCnt, ArgusReadSocketSize; 190 int ArgusReadSocketState, ArgusReadCiscoVersion; 191 int ArgusReadSocketNum, ArgusReadSize; 192 ArgusNetFlowHandler ArgusCiscoNetFlowParse; 193 194 #ifdef ARGUS_SASL 195 sasl_conn_t *sasl_conn; 196 int ArgusSaslBufCnt; 197 unsigned char *ArgusSaslBuffer; 198 #endif 199 200 struct ArgusRecord ArgusInitCon, ArgusManStart; 201 struct ArgusRecord *ArgusOriginal; 202 203 struct ArgusCanonRecord ArgusGenerateRecordCanonBuf; 204 struct ArgusRecordStruct ArgusGenerateRecordStructBuf; 205 206 char ArgusGenerateRecordLabelBuf[MAXBUFFERLEN]; 207 208 char ArgusOriginalBuffer[MAXARGUSRECORD]; 209 210 char ArgusSrcUserData[0x10000]; 211 char ArgusDstUserData[0x10000]; 212 213 unsigned char ArgusSrcActDist[256]; 214 unsigned char ArgusSrcIdleDist[256]; 215 unsigned char ArgusDstActDist[256]; 216 unsigned char ArgusDstIdleDist[256]; 217 }; 218 219 220 #define RASIGLENGTH 32 221 222 #define RA_SRV_ROOT 0 223 #define RA_SRV_LEFT 1 224 #define RA_SRV_RIGHT 2 225 226 #define NTAMMAXSIGFILE 2048 227 #define RA_SRC_SERVICES 0 228 #define RA_DST_SERVICES 1 229 230 #define RA_SVC_WILDCARD 4 231 232 233 struct ArgusServiceRecord { 234 u_int status; 235 struct ArgusRecordStruct *argus; 236 struct RaSrvSignature *sig; 237 }; 238 239 240 struct RaSrvSignature { 241 struct ArgusQueueHeader qhdr; 242 char *name; 243 unsigned char proto; 244 unsigned short port; 245 int count, status; 246 unsigned int srcmask, dstmask; 247 unsigned char src[RASIGLENGTH], dst[RASIGLENGTH]; 248 }; 249 250 struct RaSrvTreeNode { 251 struct RaSrvTreeNode *l, *r; 252 struct RaSrvSignature *srv; 253 }; 254 255 256 257 #define ARGUSMONITOR_EQUAL 0x01000000 258 #define ARGUSMONITOR_NOTEQUAL 0x02000000 259 260 261 #ifndef NFC_AGGREGATIONDEFINITION_H 262 #define NFC_AGGREGATIONDEFINITION_H 263 /* 264 * AGGREGATION_DEFINITION describes the "Key" and "Value" fields seen in 265 * the datafile. The definition comprise of keywords and delimiters. 266 * By reading the AGGREGATION_DEFINITION, one can interpret what and in what 267 * order are the "Key" and "Value" fields being presented in the datafile. 268 * Datafile consumers can also deduce what aggregation scheme is used 269 * by parsing AGGREGATION_DEFINITION.. 270 * 271 * The order of keywords seen in the AGGREGATION_DEFINITION represents the true 272 * order of the "Key" and "Value" fields presented in the datafile. Each 273 * keyword is delimited by either '|' or ','. 274 * 275 * As part of the new changes to the datafile header, the FORMAT field 276 * will have a value of "B". Please note that the FORMAT may change 277 * if there is any change to any of the existing keywords, definition format, 278 * adding new keyword, or any other header changes. 279 * Also, the delimiter used in the datafile will be prepended at the 280 * beginning of each header. Since AGGREGATION_DEFINITION becomes the 2nd 281 * line of the header, the 1st line of the header will append a 282 * new field, namely "Header", which describes the total number of 283 * lines in the header. 284 * 285 * The AGGREGATION_DEFINITION keywords have the following assignemnts ... 286 * 287 * keyword Description 288 * ------- ----------------------- 289 * srcaddr Source IP Address 290 * dstaddr Destination IP Address 291 * src_subnet Source SubNet 292 * dst_subnet Destination SubNet 293 * src_mask Source SubNet Mask 294 * dst_mask Destination SubNet Mask 295 * src_user_subnet Source User SubNet 296 * dst_user_subnet Destination User SubNet 297 * src_as Source AS 298 * dst_as Destination AS 299 * srcport Source Port 300 * dstport Destination Port 301 * prot Prot field 302 * protocol Protocol (srcport, dstport, and prot lookup) 303 * input Input Interface 304 * output Output Interface 305 * tos Type of Service 306 * nexthop Next Hop IP Address 307 * 308 * pkts Packets 309 * octets Octets 310 * flows Flow Count 311 * starttime First Flow Stamp (UTC sec) 312 * endtime Last Flow Stamp (UTC sec) 313 * activetime Total Active Time (msec) 314 */ 315 316 /* Key Fields */ 317 #define SRC_ADDR "srcaddr" 318 #define DST_ADDR "dstaddr" 319 #define SRC_SUBNET "src_subnet" 320 #define DST_SUBNET "dst_subnet" 321 #define SRC_SUBNET_MASK "src_mask" 322 #define DST_SUBNET_MASK "dst_mask" 323 #define SRC_USER_SUBNET "src_user_subnet" 324 #define DST_USER_SUBNET "dst_user_subnet" 325 #define SRC_AS "src_as" 326 #define DST_AS "dst_as" 327 #define SRC_PORT "srcport" 328 #define DST_PORT "dstport" 329 #define PROT "prot" 330 #define PROTOCOL_KEY "protocol" 331 #define IN_INTF "input" 332 #define OUT_INTF "output" 333 #define TOS_BIT "tos" 334 #define NEXT_HOP "nexthop" 335 336 /* Value Fields */ 337 #define PACKET "pkts" 338 #define OCTET "octets" 339 #define FLOW_CNT "flows" 340 #define F_FLOW_STAMP "starttime" 341 #define L_FLOW_STAMP "endtime" 342 #define TOT_ACTIVE_TIME "activetime" 343 344 /* Delimiter */ /* Could be either "|" or "," */ 345 #define DEL "%c" 346 347 #ifdef ArgusClient 348 /* Aggregation Mask */ 349 const char * const SourceNodeDef = SRC_ADDR DEL 350 PACKET DEL OCTET DEL FLOW_CNT; 351 352 const char * const DestNodeDef = DST_ADDR DEL 353 PACKET DEL OCTET DEL FLOW_CNT; 354 355 const char * const HostMatrixDef = SRC_ADDR DEL 356 DST_ADDR DEL 357 PACKET DEL OCTET DEL FLOW_CNT; 358 359 const char * const SourcePortDef = SRC_PORT DEL 360 PACKET DEL OCTET DEL FLOW_CNT; 361 362 const char * const DestPortDef = DST_PORT DEL 363 PACKET DEL OCTET DEL FLOW_CNT; 364 365 const char * const ProtocolDef = PROTOCOL_KEY DEL 366 PACKET DEL OCTET DEL FLOW_CNT; 367 368 const char * const DetailSourceNodeDef = SRC_ADDR DEL 369 SRC_PORT DEL 370 DST_PORT DEL 371 PROTOCOL_KEY DEL 372 PACKET DEL OCTET DEL FLOW_CNT; 373 374 const char * const DetailDestNodeDef = DST_ADDR DEL 375 SRC_PORT DEL 376 DST_PORT DEL 377 PROTOCOL_KEY DEL 378 PACKET DEL OCTET DEL FLOW_CNT; 379 380 const char * const DetailHostMatrixDef = SRC_ADDR DEL 381 DST_ADDR DEL 382 SRC_PORT DEL 383 DST_PORT DEL 384 PROTOCOL_KEY DEL 385 PACKET DEL OCTET DEL FLOW_CNT DEL 386 F_FLOW_STAMP DEL L_FLOW_STAMP; 387 388 const char * const DetailInterfaceDef = SRC_ADDR DEL 389 DST_ADDR DEL 390 IN_INTF DEL 391 OUT_INTF DEL 392 NEXT_HOP DEL 393 PACKET DEL OCTET DEL FLOW_CNT; 394 395 const char * const CallRecordDef = SRC_ADDR DEL 396 DST_ADDR DEL 397 SRC_PORT DEL 398 DST_PORT DEL 399 PROT DEL 400 TOS_BIT DEL 401 PACKET DEL OCTET DEL FLOW_CNT DEL 402 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 403 TOT_ACTIVE_TIME; 404 405 const char * const ASMatrixDef = SRC_AS DEL 406 DST_AS DEL 407 PACKET DEL OCTET DEL FLOW_CNT; 408 409 const char * const DetailASMatrixDef = SRC_ADDR DEL 410 DST_ADDR DEL 411 SRC_AS DEL 412 DST_AS DEL 413 IN_INTF DEL 414 OUT_INTF DEL 415 SRC_PORT DEL 416 DST_PORT DEL 417 PROTOCOL_KEY DEL 418 PACKET DEL OCTET DEL FLOW_CNT; 419 420 const char * const NetMatrixDef = SRC_SUBNET DEL 421 SRC_SUBNET_MASK DEL 422 IN_INTF DEL 423 DST_SUBNET DEL 424 DST_SUBNET_MASK DEL 425 OUT_INTF DEL 426 PACKET DEL OCTET DEL FLOW_CNT; 427 428 const char * const ASHostMatrixDef = SRC_ADDR DEL 429 DST_ADDR DEL 430 SRC_AS DEL 431 DST_AS DEL 432 PACKET DEL OCTET DEL FLOW_CNT DEL 433 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 434 TOT_ACTIVE_TIME; 435 436 const char * const HostMatrixInterfaceDef 437 = SRC_ADDR DEL 438 DST_ADDR DEL 439 IN_INTF DEL 440 OUT_INTF DEL 441 PROTOCOL_KEY DEL 442 PACKET DEL OCTET DEL FLOW_CNT; 443 444 const char * const DetailCallRecordDef = SRC_ADDR DEL 445 DST_ADDR DEL 446 SRC_PORT DEL 447 DST_PORT DEL 448 IN_INTF DEL 449 OUT_INTF DEL 450 PROTOCOL_KEY DEL 451 TOS_BIT DEL 452 PACKET DEL OCTET DEL FLOW_CNT DEL 453 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 454 TOT_ACTIVE_TIME; 455 456 const char * const RouterASDef = SRC_AS DEL 457 DST_AS DEL 458 IN_INTF DEL 459 OUT_INTF DEL 460 PACKET DEL OCTET DEL FLOW_CNT DEL 461 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 462 TOT_ACTIVE_TIME; 463 464 const char * const RouterProtoPortDef = SRC_PORT DEL 465 DST_PORT DEL 466 PROT DEL 467 PACKET DEL OCTET DEL FLOW_CNT DEL 468 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 469 TOT_ACTIVE_TIME; 470 471 const char * const RouterSrcPrefixDef = SRC_SUBNET DEL 472 SRC_SUBNET_MASK DEL 473 IN_INTF DEL 474 SRC_AS DEL 475 PACKET DEL OCTET DEL FLOW_CNT DEL 476 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 477 TOT_ACTIVE_TIME; 478 479 const char * const RouterDstPrefixDef = DST_SUBNET DEL 480 DST_SUBNET_MASK DEL 481 OUT_INTF DEL 482 DST_AS DEL 483 PACKET DEL OCTET DEL FLOW_CNT DEL 484 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 485 TOT_ACTIVE_TIME; 486 487 const char * const RouterPrefixDef = SRC_SUBNET DEL 488 DST_SUBNET DEL 489 SRC_SUBNET_MASK DEL 490 DST_SUBNET_MASK DEL 491 IN_INTF DEL 492 OUT_INTF DEL 493 SRC_AS DEL 494 DST_AS DEL 495 PACKET DEL OCTET DEL FLOW_CNT DEL 496 F_FLOW_STAMP DEL L_FLOW_STAMP DEL 497 TOT_ACTIVE_TIME; 498 #endif /*ArgusClient*/ 499 #endif 500 501 502 #ifndef NFC_DATAFILE_H 503 #define NFC_DATAFILE_H 504 505 #define LABEL_LEN 16 506 #define IP_LEN 15 507 #define ASCII_HEADER_LEN 511 508 #define BIN_FILE_SUFFIX ".bin" 509 510 511 #ifndef __NFC__ 512 enum Aggregation 513 { 514 NetflownoAgg, /* reserved */ 515 NetflowRawFlows, /* Not supported in binary files */ 516 NetflowSourceNode, 517 NetflowDestNode, 518 NetflowHostMatrix, 519 NetflowSourcePort, 520 NetflowDestPort, 521 NetflowProtocol, 522 NetflowDetailDestNode, 523 NetflowDetailHostMatrix, 524 NetflowDetailInterface, 525 NetflowCallRecord, 526 NetflowASMatrix, 527 NetflowNetMatrix, 528 NetflowDetailSourceNode, 529 NetflowDetailASMatrix, 530 NetflowASHostMatrix, 531 NetflowHostMatrixInterface, 532 NetflowDetailCallRecord, 533 NetflowRouterAS, 534 NetflowRouterProtoPort, 535 NetflowRouterSrcPrefix, 536 NetflowRouterDstPrefix, 537 NetflowRouterPrefix 538 }; 539 #endif 540 541 542 typedef struct { 543 uint16_t format; /* Header format, it is 2 in this round */ 544 char newline; /* Newline character, '\n' */ 545 char ascii_header[ASCII_HEADER_LEN]; /* Header in ASCII */ 546 uint8_t aggregation; /* Aggregation scheme used */ 547 uint8_t agg_version; /* Version of the aggregation scheme used */ 548 char source[IP_LEN]; /* Source IP/Name */ 549 uint8_t period; /* Aggregation period, 0 means PARTIAL */ 550 uint32_t starttime; /* Beginning of aggregation period */ 551 uint32_t endtime; /* End of aggregation period */ 552 uint32_t flows; /* Number of flows aggregated */ 553 int missed; /* Number of flows missed, -1 means not avail*/ 554 uint32_t records; /* Number of records in this datafile */ 555 } BinaryHeaderF2; 556 557 #define HEADER_FORMAT_2 2 558 559 560 typedef struct { 561 /* Keys */ 562 uint32_t srcaddr; /* Source IP */ 563 564 /* Values */ 565 uint32_t pkts; /* Packet count */ 566 uint32_t octets; /* Byte count */ 567 uint32_t flows; /* Flow count */ 568 569 } BinaryRecord_SourceNode_V1; 570 571 #define SOURCENODE_V1 1 572 573 574 typedef struct { 575 /* Keys */ 576 uint32_t dstaddr; /* Destination IP */ 577 578 /* Values */ 579 uint32_t pkts; /* Packet count */ 580 uint32_t octets; /* Byte count */ 581 uint32_t flows; /* Flow count */ 582 } BinaryRecord_DestNode_V1; 583 584 #define DESTNODE_V1 1 585 586 587 typedef struct { 588 /* Keys */ 589 uint32_t srcaddr; /* Source IP */ 590 uint32_t dstaddr; /* Destination IP */ 591 592 /* Values */ 593 uint32_t pkts; /* Packet count */ 594 uint32_t octets; /* Byte count */ 595 uint32_t flows; /* Flow count */ 596 } BinaryRecord_HostMatrix_V1; 597 598 #define HOSTMATRIX_V1 1 599 600 601 typedef struct { 602 /* Keys */ 603 char srcport[LABEL_LEN]; /* Source Port Key */ 604 605 /* Values */ 606 uint32_t pkts; /* Packet count */ 607 uint32_t octets; /* Byte count */ 608 uint32_t flows; /* Flow count */ 609 } BinaryRecord_SourcePort_V1; 610 611 #define SOURCEPORT_V1 1 612 613 614 typedef struct { 615 /* Keys */ 616 char dstport[LABEL_LEN]; /* Destination Port Key */ 617 618 /* Values */ 619 uint32_t pkts; /* Packet count */ 620 uint32_t octets; /* Byte count */ 621 uint32_t flows; /* Flow count */ 622 } BinaryRecord_DestPort_V1; 623 624 #define DESTPORT_V1 1 625 626 627 typedef struct { 628 /* Keys */ 629 char protocol[LABEL_LEN];/* Protocol Key */ 630 631 /* Values */ 632 uint32_t pkts; /* Packet count */ 633 uint32_t octets; /* Byte count */ 634 uint32_t flows; /* Flow count */ 635 } BinaryRecord_Protocol_V1; 636 637 #define PROTOCOL_V1 1 638 639 640 typedef struct { 641 /* Keys */ 642 uint32_t srcaddr; /* Source IP */ 643 char srcport[LABEL_LEN]; /* Source Port Key */ 644 char dstport[LABEL_LEN]; /* Destination Port Key */ 645 char protocol[LABEL_LEN];/* Protocol Key */ 646 647 /* Values */ 648 uint32_t pkts; /* Packet count */ 649 uint32_t octets; /* Byte count */ 650 uint32_t flows; /* Flow count */ 651 } BinaryRecord_DetailSourceNode_V1; 652 653 #define DETAIL_SOURCENODE_V1 1 654 655 656 typedef struct { 657 /* Keys */ 658 uint32_t dstaddr; /* Destination IP */ 659 char srcport[LABEL_LEN]; /* Source Port Key */ 660 char dstport[LABEL_LEN]; /* Destination Port Key */ 661 char protocol[LABEL_LEN];/* Protocol Key */ 662 663 /* Values */ 664 uint32_t pkts; /* Packet count */ 665 uint32_t octets; /* Byte count */ 666 uint32_t flows; /* Flow count */ 667 } BinaryRecord_DetailDestNode_V1; 668 669 #define DETAIL_DESTNODE_V1 1 670 671 672 typedef struct { 673 /* Keys */ 674 uint32_t srcaddr; /* Source IP */ 675 uint32_t dstaddr; /* Destination IP */ 676 char srcport[LABEL_LEN]; /* Source Port Key */ 677 char dstport[LABEL_LEN]; /* Destination Port Key */ 678 char protocol[LABEL_LEN];/* Protocol Key */ 679 680 /* Values */ 681 uint32_t pkts; /* Packet count */ 682 uint32_t octets; /* Byte count */ 683 uint32_t flows; /* Flow count */ 684 uint32_t starttime; /* Start time */ 685 uint32_t endtime; /* End time */ 686 } BinaryRecord_DetailHostMatrix_V1; 687 688 #define DETAIL_HOSTMATRIX_V1 1 689 690 691 typedef struct { 692 /* Keys */ 693 uint32_t srcaddr; /* Source IP */ 694 uint32_t dstaddr; /* Destination IP */ 695 uint16_t input; /* Input Interface Number */ 696 uint16_t output; /* Output Interface Number */ 697 uint32_t nexthop; /* Next Hop IP */ 698 699 /* Values */ 700 uint32_t pkts; /* Packet count */ 701 uint32_t octets; /* Byte count */ 702 uint32_t flows; /* Flow count */ 703 } BinaryRecord_DetailInterface_V1; 704 705 #define DETAIL_INTERFACE_V1 1 706 707 708 typedef struct { 709 /* Keys */ 710 uint32_t srcaddr; /* Source IP */ 711 uint32_t dstaddr; /* Destination IP */ 712 uint16_t srcport; /* Source Port Number */ 713 uint16_t dstport; /* Destination Port Number */ 714 uint8_t prot; /* Protocol Number */ 715 uint8_t tos; /* Type of Service */ 716 uint16_t reserved; /* Data alignment */ 717 718 /* Values */ 719 uint32_t pkts; /* Packet count */ 720 uint32_t octets; /* Byte count */ 721 uint32_t flows; /* Flow count */ 722 uint32_t starttime; /* Start time */ 723 uint32_t endtime; /* End time */ 724 uint32_t activetime; /* Total Active Time */ 725 } BinaryRecord_CallRecord_V1; 726 727 #define CALLRECORD_V1 1 728 729 730 typedef struct { 731 /* Keys */ 732 char src_as[LABEL_LEN]; /* Source AS */ 733 char dst_as[LABEL_LEN]; /* Destination AS */ 734 735 /* Values */ 736 uint32_t pkts; /* Packet count */ 737 uint32_t octets; /* Byte count */ 738 uint32_t flows; /* Flow count */ 739 } BinaryRecord_ASMatrix_V1; 740 741 #define ASMATRIX_V1 1 742 743 744 typedef struct { 745 /* Keys */ 746 uint32_t srcaddr; /* Source IP */ 747 uint32_t dstaddr; /* Destination IP */ 748 char src_as[LABEL_LEN]; /* Source AS */ 749 char dst_as[LABEL_LEN]; /* Destination AS */ 750 uint16_t input; /* Input Interface Number */ 751 uint16_t output; /* Output Interface Number */ 752 char srcport[LABEL_LEN]; /* Source Port Key */ 753 char dstport[LABEL_LEN]; /* Destination Port Key */ 754 char protocol[LABEL_LEN];/* Protocol Key */ 755 756 /* Values */ 757 uint32_t pkts; /* Packet count */ 758 uint32_t octets; /* Byte count */ 759 uint32_t flows; /* Flow count */ 760 } BinaryRecord_DetailASMatrix_V1; 761 762 #define DETAIL_ASMATRIX_V1 1 763 764 765 typedef struct { 766 /* Keys */ 767 uint32_t src_subnet; /* Source SubNet */ 768 uint16_t src_mask; /* Source SubNet Mask */ 769 uint16_t input; /* Input Interface Number */ 770 uint32_t dst_subnet; /* Destination SubNet */ 771 uint16_t dst_mask; /* Destination SubNet Mask */ 772 uint16_t output; /* Output Interface Number */ 773 774 /* Values */ 775 uint32_t pkts; /* Packet count */ 776 uint32_t octets; /* Byte count */ 777 uint32_t flows; /* Flow count */ 778 } BinaryRecord_NetMatrix_V1; 779 780 #define NETMATRIX_V1 1 781 782 783 typedef struct { 784 /* Keys */ 785 char src_as[LABEL_LEN]; /* Source AS */ 786 char dst_as[LABEL_LEN]; /* Destination AS */ 787 uint16_t input; /* Input Interface Number */ 788 uint16_t output; /* Output Interface Number */ 789 790 /* Values */ 791 uint32_t pkts; /* Packet count */ 792 uint32_t octets; /* Byte count */ 793 uint32_t flows; /* Flow count */ 794 uint32_t starttime; /* Start time */ 795 uint32_t endtime; /* End time */ 796 uint32_t activetime; /* Total Active Time */ 797 } BinaryRecord_RouterAS_V1; 798 799 #define ROUTERAS_V1 1 800 801 802 typedef struct { 803 /* Keys */ 804 char srcport[LABEL_LEN]; /* Source Port Key */ 805 char dstport[LABEL_LEN]; /* Destination Port Key */ 806 uint8_t prot; /* Protocol Number */ 807 uint8_t pad; /* Data alignment */ 808 uint16_t reserved; /* Data alignment */ 809 810 /* Values */ 811 uint32_t pkts; /* Packet count */ 812 uint32_t octets; /* Byte count */ 813 uint32_t flows; /* Flow count */ 814 uint32_t starttime; /* Start time */ 815 uint32_t endtime; /* End time */ 816 uint32_t activetime; /* Total Active Time */ 817 } BinaryRecord_RouterProtoPort_V1; 818 819 #define ROUTERPROTOPORT_V1 1 820 821 822 typedef struct { 823 /* Keys */ 824 uint32_t src_subnet; /* Source SubNet */ 825 uint16_t src_mask; /* Source SubNet Mask */ 826 uint16_t input; /* Input Interface Number */ 827 char src_as[LABEL_LEN]; /* Source AS */ 828 829 /* Values */ 830 uint32_t pkts; /* Packet count */ 831 uint32_t octets; /* Byte count */ 832 uint32_t flows; /* Flow count */ 833 uint32_t starttime; /* Start time */ 834 uint32_t endtime; /* End time */ 835 uint32_t activetime; /* Total Active Time */ 836 } BinaryRecord_RouterSrcPrefix_V1; 837 838 #define ROUTERSRCPREFIX_V1 1 839 840 841 typedef struct { 842 /* Keys */ 843 uint32_t dst_subnet; /* Destination SubNet */ 844 uint16_t dst_mask; /* Destination SubNet Mask */ 845 uint16_t output; /* Output Interface Number */ 846 char dst_as[LABEL_LEN]; /* Destination AS */ 847 848 /* Values */ 849 uint32_t pkts; /* Packet count */ 850 uint32_t octets; /* Byte count */ 851 uint32_t flows; /* Flow count */ 852 uint32_t starttime; /* Start time */ 853 uint32_t endtime; /* End time */ 854 uint32_t activetime; /* Total Active Time */ 855 } BinaryRecord_RouterDstPrefix_V1; 856 857 #define ROUTERDSTPREFIX_V1 1 858 859 860 typedef struct { 861 /* Keys */ 862 uint32_t src_subnet; /* Source SubNet */ 863 uint32_t dst_subnet; /* Destination SubNet */ 864 uint16_t src_mask; /* Source SubNet Mask */ 865 uint16_t dst_mask; /* Destination SubNet Mask */ 866 uint16_t input; /* Input Interface Number */ 867 uint16_t output; /* Output Interface Number */ 868 char src_as[LABEL_LEN]; /* Source AS */ 869 char dst_as[LABEL_LEN]; /* Destination AS */ 870 871 /* Values */ 872 uint32_t pkts; /* Packet count */ 873 uint32_t octets; /* Byte count */ 874 uint32_t flows; /* Flow count */ 875 uint32_t starttime; /* Start time */ 876 uint32_t endtime; /* End time */ 877 uint32_t activetime; /* Total Active Time */ 878 } BinaryRecord_RouterPrefix_V1; 879 880 #define ROUTERPREFIX_V1 1 881 882 883 typedef struct { 884 /* Keys */ 885 uint32_t srcaddr; /* Source IP */ 886 uint32_t dstaddr; /* Destination IP */ 887 char src_as[LABEL_LEN]; /* Source AS */ 888 char dst_as[LABEL_LEN]; /* Destination AS */ 889 890 /* Values */ 891 uint32_t pkts; /* Packet count */ 892 uint32_t octets; /* Byte count */ 893 uint32_t flows; /* Flow count */ 894 uint32_t starttime; /* Start time */ 895 uint32_t endtime; /* End time */ 896 uint32_t activetime; /* Total Active Time */ 897 } BinaryRecord_ASHostMatrix_V1; 898 899 #define ASHOSTMATRIX_V1 1 900 901 902 typedef struct { 903 /* Keys */ 904 uint32_t srcaddr; /* Source IP */ 905 uint32_t dstaddr; /* Destination IP */ 906 uint16_t input; /* Input Interface Number */ 907 uint16_t output; /* Output Interface Number */ 908 char protocol[LABEL_LEN];/* Protocol Key */ 909 910 /* Values */ 911 uint32_t pkts; /* Packet count */ 912 uint32_t octets; /* Byte count */ 913 uint32_t flows; /* Flow count */ 914 } BinaryRecord_HostMatrixInterface_V1; 915 916 #define HOSTMATRIXINTERFACE_V1 1 917 918 919 typedef struct { 920 /* Keys */ 921 uint32_t srcaddr; /* Source IP */ 922 uint32_t dstaddr; /* Destination IP */ 923 char srcport[LABEL_LEN]; /* Source Port Key */ 924 char dstport[LABEL_LEN]; /* Destination Port Key */ 925 uint16_t input; /* Input Interface Number */ 926 uint16_t output; /* Output Interface Number */ 927 char protocol[LABEL_LEN];/* Protocol Key */ 928 uint8_t tos; /* Type of Service */ 929 uint8_t pad; /* Data alignment */ 930 uint16_t reserved; /* Data alignment */ 931 932 /* Values */ 933 uint32_t pkts; /* Packet count */ 934 uint32_t octets; /* Byte count */ 935 uint32_t flows; /* Flow count */ 936 uint32_t starttime; /* Start time */ 937 uint32_t endtime; /* End time */ 938 uint32_t activetime; /* Total Active Time */ 939 } BinaryRecord_DetailCallRecord_V1; 940 941 #define DETAILCALLRECORD_V1 1 942 943 944 typedef struct { 945 BinaryHeaderF2 header; 946 union { 947 BinaryRecord_SourceNode_V1 * srcnode; 948 BinaryRecord_DestNode_V1 * dstnode; 949 BinaryRecord_HostMatrix_V1 * hostmatrix; 950 BinaryRecord_SourcePort_V1 * srcport; 951 BinaryRecord_DestPort_V1 * dstport; 952 BinaryRecord_Protocol_V1 * protocol; 953 BinaryRecord_DetailSourceNode_V1 * detailsrcnode; 954 BinaryRecord_DetailDestNode_V1 * detaildstnode; 955 BinaryRecord_DetailHostMatrix_V1 * detailhostmatix; 956 BinaryRecord_DetailInterface_V1 * detailinterface; 957 BinaryRecord_CallRecord_V1 * callrecord; 958 BinaryRecord_ASMatrix_V1 * asmatrix; 959 BinaryRecord_DetailASMatrix_V1 * detailasmatrix; 960 BinaryRecord_NetMatrix_V1 * netmatrix; 961 BinaryRecord_ASHostMatrix_V1 * ashostmatrix; 962 BinaryRecord_HostMatrixInterface_V1 * hostmatrixinterface; 963 BinaryRecord_DetailCallRecord_V1 * detailcallrecord; 964 BinaryRecord_RouterAS_V1 * routeras; 965 BinaryRecord_RouterProtoPort_V1 * routerprotoport; 966 BinaryRecord_RouterSrcPrefix_V1 * routersrcprefix; 967 BinaryRecord_RouterDstPrefix_V1 * routerdstprefix; 968 BinaryRecord_RouterPrefix_V1 * routerprefix; 969 } record; 970 } BinaryDatafile; 971 972 973 #define MAX_BINARY_HEADER_F2 \ 974 (sizeof(BinaryHeaderF2)) 975 976 #define MAX_BINARY_RECORD_SOURCE_NODE_SIZE \ 977 (sizeof(BinaryRecord_SourceNode_V1)) 978 979 #define MAX_BINARY_RECORD_DESTINATION_NODE_SIZE \ 980 (sizeof(BinaryRecord_DestNode_V1)) 981 982 #define MAX_BINARY_RECORD_HOST_MATRIX_SIZE \ 983 (sizeof(BinaryRecord_HostMatrix_V1)) 984 985 #define MAX_BINARY_RECORD_SOURCE_PORT_SIZE \ 986 (sizeof(BinaryRecord_SourcePort_V1)) 987 988 #define MAX_BINARY_RECORD_DESTINATION_PORT_SIZE \ 989 (sizeof(BinaryRecord_DestPort_V1)) 990 991 #define MAX_BINARY_RECORD_PROTOCOL_SIZE \ 992 (sizeof(BinaryRecord_Protocol_V1)) 993 994 #define MAX_BINARY_RECORD_DETAIL_SOURCE_NODE_SIZE \ 995 (sizeof(BinaryRecord_DetailSourceNode_V1)) 996 997 #define MAX_BINARY_RECORD_DETAIL_DESTINATION_NODE_SIZE \ 998 (sizeof(BinaryRecord_DetailDestNode_V1)) 999 1000 #define MAX_BINARY_RECORD_DETAIL_HOST_MATRIX_SIZE \ 1001 (sizeof(BinaryRecord_DetailHostMatrix_V1)) 1002 1003 #define MAX_BINARY_RECORD_DETAIL_INTERFACE_SIZE \ 1004 (sizeof(BinaryRecord_DetailInterface_V1)) 1005 1006 #define MAX_BINARY_RECORD_CALL_RECORD_SIZE \ 1007 (sizeof(BinaryRecord_CallRecord_V1)) 1008 1009 #define MAX_BINARY_RECORD_AS_MATRIX_SIZE \ 1010 (sizeof(BinaryRecord_ASMatrix_V1)) 1011 1012 #define MAX_BINARY_RECORD_DETAIL_AS_MATRIX_SIZE \ 1013 (sizeof(BinaryRecord_DetailASMatrix_V1)) 1014 1015 #define MAX_BINARY_RECORD_NET_MATRIX_SIZE \ 1016 (sizeof(BinaryRecord_NetMatrix_V1)) 1017 1018 #define MAX_BINARY_RECORD_AS_HOST_MATRIX_SIZE \ 1019 (sizeof(BinaryRecord_ASHostMatrix_V1)) 1020 1021 #define MAX_BINARY_RECORD_HOST_MATRIX_INTERFACE_SIZE \ 1022 (sizeof(BinaryRecord_HostMatrixInterface_V1)) 1023 1024 #define MAX_BINARY_RECORD_DETAIL_CALL_RECORD_SIZE \ 1025 (sizeof(BinaryRecord_DetailCallRecord_V1)) 1026 1027 #define MAX_BINARY_RECORD_ROUTER_AS_SIZE \ 1028 (sizeof(BinaryRecord_RouterAS_V1)) 1029 1030 #define MAX_BINARY_RECORD_ROUTER_PROTO_PORT_SIZE \ 1031 (sizeof(BinaryRecord_RouterProtoPort_V1)) 1032 1033 #define MAX_BINARY_RECORD_ROUTER_SRC_PREFIX_SIZE \ 1034 (sizeof(BinaryRecord_RouterSrcPrefix_V1)) 1035 1036 #define MAX_BINARY_RECORD_ROUTER_DST_PREFIX_SIZE \ 1037 (sizeof(BinaryRecord_RouterDstPrefix_V1)) 1038 1039 #define MAX_BINARY_RECORD_ROUTER_PREFIX_SIZE \ 1040 (sizeof(BinaryRecord_RouterPrefix_V1)) 1041 1042 #endif /* __NFC_DATAFILE_H__ */ 1043 1044 1045 #if defined(ARGUS_SOLARIS) 1046 #include <sys/socket.h> 1047 #endif 1048 1049 extern void ArgusLog (int, char *, ...); 1050 extern int ArgusExitStatus; 1051 1052 #ifdef ArgusClient 1053 1054 #if defined(ARGUS_SASL) 1055 int ArgusMaxSsf = 0; 1056 int ArgusMinSsf = 0; 1057 #endif 1058 1059 char *appOptstring = NULL; 1060 1061 struct RaSrvTreeNode *RaSrcTCPServicesTree[RASIGLENGTH]; 1062 struct RaSrvTreeNode *RaDstTCPServicesTree[RASIGLENGTH]; 1063 struct RaSrvTreeNode *RaSrcUDPServicesTree[RASIGLENGTH]; 1064 struct RaSrvTreeNode *RaDstUDPServicesTree[RASIGLENGTH]; 1065 1066 struct RaSrvSignature **RaSignatureFile = NULL; 1067 struct RaQueueStruct *RaSrvQueue = NULL; 1068 char RaSrvTreeArray[MAXSTRLEN]; 1069 char *sigbuf[ARGUSMAXSIGFILE]; 1070 1071 1072 extern struct ArgusInput *ArgusInput; 1073 extern struct ArgusDSRHeader *ArgusThisDsrs[]; 1074 1075 extern signed long long tcp_dst_bytes, tcp_src_bytes; 1076 extern signed long long udp_dst_bytes, udp_src_bytes; 1077 extern signed long long icmp_dst_bytes, icmp_src_bytes; 1078 extern signed long long ip_dst_bytes, ip_src_bytes; 1079 1080 extern void ArgusDebug (int, char *, ...); 1081 extern int setArgusRemoteFilter(struct ArgusParserStruct *, unsigned char *); 1082 1083 void ArgusClientInit(struct ArgusParserStruct *); 1084 void RaArgusInputComplete (struct ArgusInput *); 1085 void RaParseComplete (int); 1086 1087 int RaParseType (char *); 1088 struct ArgusISOAddr *RaParseISOAddr (struct ArgusParserStruct *, char *); 1089 struct ArgusCIDRAddr *RaParseCIDRAddr (struct ArgusParserStruct *, char *); 1090 1091 void ArgusClientTimeout (void); 1092 void parse_arg (int, char**); 1093 void usage (void); 1094 1095 void RaClearConfiguration (struct ArgusParserStruct *); 1096 1097 char *ArgusMergeLabel(struct ArgusLabelStruct *, struct ArgusLabelStruct *, char *buf, int len, int type); 1098 struct ArgusRecordStruct *ArgusCopyRecordStruct (struct ArgusRecordStruct *); 1099 void RaDeleteArgusRecordStruct (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1100 1101 struct timeval *RaGetStartTime (struct ArgusRecordStruct *, struct timeval *); 1102 struct timeval *RaGetLastTime (struct ArgusRecordStruct *, struct timeval *); 1103 1104 signed long long RaGetActiveDuration (struct ArgusRecordStruct *); 1105 signed long long RaGetuSecDuration (struct ArgusRecordStruct *); 1106 signed long long RaGetuSecAvgDuration (struct ArgusRecordStruct *); 1107 1108 float RaGetFloatSrcDuration(struct ArgusRecordStruct *); 1109 float RaGetFloatDstDuration(struct ArgusRecordStruct *); 1110 float RaGetFloatDuration(struct ArgusRecordStruct *); 1111 float RaGetFloatMean(struct ArgusRecordStruct *); 1112 float RaGetFloatSum(struct ArgusRecordStruct *); 1113 float RaGetFloatMin(struct ArgusRecordStruct *); 1114 float RaGetFloatMax(struct ArgusRecordStruct *); 1115 float RaGetFloatIdleTime(struct ArgusRecordStruct *); 1116 1117 void RaProcessRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1118 void RaProcessManRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1119 void RaProcessEventRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1120 void RaProcessFragRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1121 void RaProcessTCPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1122 void RaProcessICMPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1123 void RaProcessIGMPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1124 void RaProcessUDPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1125 void RaProcessIPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1126 void RaProcessARPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1127 void RaProcessNonIPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1128 1129 struct RaFlowModelStruct *RaReadFlowModelFile (struct ArgusParserStruct *, char **); 1130 1131 void *ArgusProcessInputList (void *); 1132 void ArgusReadFileStream (struct ArgusParserStruct *parser, struct ArgusInput *); 1133 void *ArgusConnectRemotes (void *); 1134 void *ArgusConnectRemote (void *); 1135 1136 void ArgusCloseInput(struct ArgusParserStruct *parser, struct ArgusInput *); 1137 int ArgusReadStreamSocket (struct ArgusParserStruct *parser, struct ArgusInput *); 1138 1139 extern void ArgusLog (int, char *, ...); 1140 extern int RaSendArgusRecord(struct ArgusRecordStruct *); 1141 1142 extern void ArgusClientTimeout (void); 1143 extern void clearArgusWfile(struct ArgusParserStruct *); 1144 extern unsigned char *ArgusConvertRecord (struct ArgusInput *, char *); 1145 1146 int ArgusWriteConnection (struct ArgusParserStruct *parser, struct ArgusInput *, uint8_t *, int); 1147 1148 char *RaGenerateLabel(struct ArgusParserStruct *, struct ArgusRecordStruct *); 1149 1150 int RaParseProbeResourceFile (char **); 1151 int RaProbeMonitorsThisAddr (unsigned int, unsigned int); 1152 int ArgusProcessFileIndependantly = 0; 1153 1154 struct ArgusAggregatorStruct *ArgusParseAggregator (struct ArgusParserStruct *, char *, char **); 1155 1156 struct ArgusRecordStruct *ArgusGenerateRecordStruct (struct ArgusParserStruct *, struct ArgusInput *, struct ArgusRecord *); 1157 struct ArgusRecord *ArgusGenerateRecord (struct ArgusRecordStruct *, unsigned char, char *); 1158 int ArgusGenerateCiscoRecord (struct ArgusRecordStruct *, unsigned char, char *); 1159 1160 void ArgusDeleteRecordStruct (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1161 1162 struct ArgusRecordStruct *ArgusFindRecord (struct ArgusHashTable *, struct ArgusHashStruct *); 1163 struct ArgusMaskStruct *ArgusSelectMaskDefs(struct ArgusRecordStruct *ns); 1164 struct ArgusMaskStruct *ArgusSelectRevMaskDefs(struct ArgusRecordStruct *ns); 1165 1166 struct ArgusHashTable *ArgusNewHashTable (size_t); 1167 void ArgusDeleteHashTable (struct ArgusHashTable *); 1168 1169 struct ArgusHashStruct *ArgusGenerateHashStruct (struct ArgusAggregatorStruct *, struct ArgusRecordStruct *, struct ArgusFlow *); 1170 struct ArgusHashStruct *ArgusGenerateReverseHashStruct (struct ArgusAggregatorStruct *, struct ArgusRecordStruct *, struct ArgusFlow *); 1171 struct ArgusHashStruct *ArgusGenerateHintStruct (struct ArgusAggregatorStruct *, struct ArgusRecordStruct *); 1172 struct ArgusHashTableHdr *ArgusAddHashEntry (struct ArgusHashTable *, void *, struct ArgusHashStruct *); 1173 struct ArgusHashTableHdr *ArgusFindHashEntry (struct ArgusHashTable *, struct ArgusHashStruct *); 1174 void ArgusRemoveHashEntry (struct ArgusHashTableHdr **); 1175 void ArgusEmptyHashTable (struct ArgusHashTable *); 1176 1177 struct ArgusListStruct *ArgusNewList (void); 1178 void ArgusDeleteList (struct ArgusListStruct *, int); 1179 int ArgusListEmpty (struct ArgusListStruct *); 1180 int ArgusGetListCount(struct ArgusListStruct *); 1181 int ArgusPushFrontList(struct ArgusListStruct *, struct ArgusListRecord *, int); 1182 int ArgusPushBackList(struct ArgusListStruct *, struct ArgusListRecord *, int); 1183 struct ArgusListRecord *ArgusFrontList(struct ArgusListStruct *); 1184 struct ArgusListRecord *ArgusBackList(struct ArgusListStruct *); 1185 struct ArgusListRecord *ArgusPopBackList(struct ArgusListStruct *, int); 1186 struct ArgusListRecord *ArgusPopFrontList(struct ArgusListStruct *, int); 1187 1188 int ArgusProcessServiceAvailability (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1189 int ArgusCheckTime (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1190 int ArgusCheckTimeout (struct ArgusParserStruct *, struct ArgusRecordStruct *, struct ArgusRecordStruct *); 1191 1192 int RaTestUserData(struct RaBinStruct *, struct ArgusRecordStruct *, struct ArgusRecordStruct *, int); 1193 void ArgusMergeUserData(struct RaBinStruct *, struct ArgusRecordStruct *, struct ArgusRecordStruct *); 1194 void RaProcessSrvRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1195 struct RaBinProcessStruct *RaNewBinProcess (struct ArgusParserStruct *, int); 1196 void RaPrintOutQueue (struct RaBinStruct *, struct ArgusQueueStruct *, int); 1197 1198 int RaReadSrvSignature(struct ArgusParserStruct *, struct ArgusLabelerStruct *, char *); 1199 struct RaSrvSignature *RaValidateService(struct ArgusParserStruct *, struct ArgusRecordStruct *); 1200 1201 extern struct ArgusLabelerStruct *ArgusNewLabeler (struct ArgusParserStruct *, int); 1202 1203 int ArgusHistoMetricParse (struct ArgusParserStruct *, struct ArgusAggregatorStruct *); 1204 int ArgusHistoTallyMetric (struct ArgusParserStruct *, struct ArgusRecordStruct *, double); 1205 1206 struct RaBinStruct *RaNewBin (struct ArgusParserStruct *, struct RaBinProcessStruct *, struct ArgusRecordStruct *, long long, int); 1207 void RaDeleteBin (struct ArgusParserStruct *, struct RaBinStruct *); 1208 1209 void ArgusAlignConfig(struct ArgusParserStruct *, struct ArgusAdjustStruct *); 1210 void ArgusAlignInit(struct ArgusParserStruct *, struct ArgusRecordStruct *, struct ArgusAdjustStruct *); 1211 struct ArgusRecordStruct *ArgusAlignRecord(struct ArgusParserStruct *, struct ArgusRecordStruct *, struct ArgusAdjustStruct *); 1212 1213 int ArgusInsertRecord (struct ArgusParserStruct *, struct RaBinProcessStruct *, struct ArgusRecordStruct *, int); 1214 void ArgusCalculatePeriod (struct ArgusRecordStruct *, struct ArgusAdjustStruct *); 1215 1216 void ArgusAdjustTransactions (struct ArgusRecordStruct *, double, double); 1217 void ArgusAdjustSrcLoss (struct ArgusRecordStruct *, struct ArgusRecordStruct *, double); 1218 void ArgusAdjustDstLoss (struct ArgusRecordStruct *, struct ArgusRecordStruct *, double); 1219 1220 int ArgusReadSflowStreamSocket (struct ArgusParserStruct *, struct ArgusInput *); 1221 int ArgusReadSflowDatagramSocket (struct ArgusParserStruct *, struct ArgusInput *); 1222 1223 int ArgusReadCiscoStreamSocket (struct ArgusParserStruct *, struct ArgusInput *); 1224 int ArgusReadCiscoDatagramSocket (struct ArgusParserStruct *, struct ArgusInput *); 1225 1226 1227 #else /* ArgusClient */ 1228 1229 1230 #if defined(ARGUS_SASL) 1231 extern int ArgusMaxSsf; 1232 extern int ArgusMinSsf; 1233 #endif /* ARGUS_SASL */ 1234 1235 extern char *appOptstring; 1236 1237 extern struct RaSrvTreeNode *RaSrcTCPServicesTree[RASIGLENGTH]; 1238 extern struct RaSrvTreeNode *RaDstTCPServicesTree[RASIGLENGTH]; 1239 extern struct RaSrvTreeNode *RaSrcUDPServicesTree[RASIGLENGTH]; 1240 extern struct RaSrvTreeNode *RaDstUDPServicesTree[RASIGLENGTH]; 1241 1242 extern struct RaSrvSignature **RaSignatureFile; 1243 extern struct RaQueueStruct *RaSrvQueue; 1244 extern char RaSrvTreeArray[MAXSTRLEN]; 1245 extern char *sigbuf[ARGUSMAXSIGFILE]; 1246 1247 1248 extern void ArgusDebug (int, char *, ...); 1249 extern int setArgusRemoteFilter(struct ArgusParserStruct *, char *); 1250 1251 extern void ArgusClientInit(struct ArgusParserStruct *); 1252 extern void RaArgusInputComplete (struct ArgusInput *); 1253 extern void RaParseComplete (int); 1254 1255 extern int RaParseType (char *); 1256 extern struct ArgusISOAddr *RaParseISOAddr (struct ArgusParserStruct *, char *); 1257 extern struct ArgusCIDRAddr *RaParseCIDRAddr (struct ArgusParserStruct *, char *); 1258 1259 extern void ArgusClientTimeout (void); 1260 extern void parse_arg (int, char**); 1261 extern void usage (void); 1262 1263 extern char *ArgusMergeLabel(struct ArgusLabelStruct *, struct ArgusLabelStruct *, char *buf, int len, int type); 1264 extern struct ArgusRecordStruct *ArgusCopyRecordStruct (struct ArgusRecordStruct *); 1265 extern void RaDeleteArgusRecordStruct (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1266 1267 extern struct timeval *RaGetStartTime (struct ArgusRecordStruct *, struct timeval *); 1268 extern struct timeval *RaGetLastTime (struct ArgusRecordStruct *, struct timeval *); 1269 1270 extern signed long long RaGetActiveDuration (struct ArgusRecordStruct *); 1271 extern signed long long RaGetuSecDuration (struct ArgusRecordStruct *); 1272 extern signed long long RaGetuSecAvgDuration (struct ArgusRecordStruct *); 1273 1274 extern float RaGetFloatSrcDuration(struct ArgusRecordStruct *); 1275 extern float RaGetFloatDstDuration(struct ArgusRecordStruct *); 1276 extern float RaGetFloatDuration(struct ArgusRecordStruct *); 1277 extern float RaGetFloatMean(struct ArgusRecordStruct *); 1278 extern float RaGetFloatSum(struct ArgusRecordStruct *); 1279 extern float RaGetFloatMin(struct ArgusRecordStruct *); 1280 extern float RaGetFloatMax(struct ArgusRecordStruct *); 1281 extern float RaGetFloatIdleTime(struct ArgusRecordStruct *); 1282 1283 extern void RaProcessRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1284 extern void RaProcessManRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1285 extern void RaProcessEventRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1286 extern void RaProcessFragRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1287 extern void RaProcessTCPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1288 extern void RaProcessICMPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1289 extern void RaProcessIGMPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1290 extern void RaProcessUDPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1291 extern void RaProcessIPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1292 extern void RaProcessARPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1293 extern void RaProcessNonIPRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1294 1295 extern struct RaFlowModelStruct *RaReadFlowModelFile (struct ArgusParserStruct *, char **); 1296 1297 extern void *ArgusProcessInputList (void *); 1298 extern void ArgusReadFileStream (struct ArgusParserStruct *parser, struct ArgusInput *); 1299 extern void *ArgusConnectRemotes (void *); 1300 extern void *ArgusConnectRemote (void *); 1301 1302 extern void ArgusCloseInput(struct ArgusParserStruct *parser, struct ArgusInput *); 1303 extern int ArgusReadStreamSocket (struct ArgusParserStruct *parser, struct ArgusInput *); 1304 1305 extern void ArgusLog (int, char *, ...); 1306 1307 extern char *RaGenerateLabel(struct ArgusParserStruct *, struct ArgusRecordStruct *); 1308 1309 extern int RaSendArgusRecord(struct ArgusRecordStruct *); 1310 extern int RaProbeMonitorsThisAddr (unsigned int, unsigned int); 1311 extern int ArgusProcessFileIndependantly; 1312 1313 extern struct ArgusAggregatorStruct *ArgusParseAggregator (struct ArgusParserStruct *, char *, char **); 1314 extern struct ArgusRecordStruct *ArgusGenerateRecordStruct (struct ArgusParserStruct *, struct ArgusInput *, struct ArgusRecord *); 1315 extern struct ArgusRecord *ArgusGenerateRecord (struct ArgusRecordStruct *, unsigned char, char *); 1316 extern int ArgusGenerateCiscoRecord (struct ArgusRecordStruct *, unsigned char, char *); 1317 1318 extern void ArgusDeleteRecordStruct (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1319 extern struct ArgusRecordStruct *ArgusFindRecord (struct ArgusHashTable *, struct ArgusHashStruct *); 1320 1321 extern struct ArgusMaskStruct *ArgusSelectMaskDefs(struct ArgusRecordStruct *ns); 1322 extern struct ArgusMaskStruct *ArgusSelectRevMaskDefs(struct ArgusRecordStruct *ns); 1323 1324 extern struct ArgusHashTable *ArgusNewHashTable (size_t); 1325 extern void ArgusDeleteHashTable (struct ArgusHashTable *); 1326 extern struct ArgusHashStruct *ArgusGenerateHashStruct (struct ArgusAggregatorStruct *, struct ArgusRecordStruct *, struct ArgusFlow *); 1327 extern struct ArgusHashStruct *ArgusGenerateReverseHashStruct (struct ArgusAggregatorStruct *, struct ArgusRecordStruct *, struct ArgusFlow *); 1328 extern struct ArgusHashStruct *ArgusGenerateHintStruct (struct ArgusAggregatorStruct *, struct ArgusRecordStruct *); 1329 extern struct ArgusHashTableHdr *ArgusAddHashEntry (struct ArgusHashTable *, struct ArgusRecordStruct *, struct ArgusHashStruct *); 1330 extern struct ArgusHashTableHdr *ArgusFindHashEntry (struct ArgusHashTable *, struct ArgusHashStruct *); 1331 extern void ArgusRemoveHashEntry (struct ArgusHashTableHdr **); 1332 extern void ArgusEmptyHashTable (struct ArgusHashTable *); 1333 1334 extern struct ArgusListStruct *ArgusNewList (void); 1335 extern void ArgusDeleteList (struct ArgusListStruct *, int); 1336 extern int ArgusListEmpty (struct ArgusListStruct *); 1337 extern int ArgusGetListCount(struct ArgusListStruct *); 1338 extern int ArgusPushFrontList(struct ArgusListStruct *, struct ArgusListRecord *, int); 1339 extern int ArgusPushBackList(struct ArgusListStruct *, struct ArgusListRecord *, int); 1340 extern struct ArgusListRecord *ArgusFrontList(struct ArgusListStruct *); 1341 extern struct ArgusListRecord *ArgusBackList(struct ArgusListStruct *); 1342 extern struct ArgusListRecord *ArgusPopBackList(struct ArgusListStruct *, int); 1343 extern struct ArgusListRecord *ArgusPopFrontList(struct ArgusListStruct *, int); 1344 1345 extern int RaTestUserData(struct RaBinStruct *, struct ArgusRecordStruct *, struct ArgusRecordStruct *, int); 1346 extern void ArgusMergeUserData(struct RaBinStruct *, struct ArgusRecordStruct *, struct ArgusRecordStruct *); 1347 extern void RaProcessSrvRecord (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1348 extern struct RaBinProcessStruct *RaNewBinProcess (struct ArgusParserStruct *, int); 1349 extern void RaPrintOutQueue (struct RaBinStruct *, struct ArgusQueueStruct *, int); 1350 1351 extern int RaReadSrvSignature(struct ArgusParserStruct *, struct ArgusLabelerStruct *, char *); 1352 extern struct RaSrvSignature *RaValidateService(struct ArgusParserStruct *, struct ArgusRecordStruct *); 1353 1354 extern struct ArgusLabelerStruct *ArgusNewLabeler (struct ArgusParserStruct *, int); 1355 1356 extern int ArgusProcessServiceAvailability (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1357 extern int ArgusCheckTime (struct ArgusParserStruct *, struct ArgusRecordStruct *); 1358 extern int ArgusCheckTimeout (struct ArgusParserStruct *, struct ArgusRecordStruct *, struct ArgusRecordStruct *); 1359 1360 extern int ArgusHistoMetricParse (struct ArgusParserStruct *, struct ArgusAggregatorStruct *); 1361 extern int ArgusHistoTallyMetric (struct ArgusParserStruct *, struct ArgusRecordStruct *, double); 1362 1363 extern struct RaBinStruct *RaNewBin (struct ArgusParserStruct *, struct RaBinProcessStruct *, struct ArgusRecordStruct *, long long, int); 1364 extern void RaDeleteBin (struct ArgusParserStruct *, struct RaBinStruct *); 1365 1366 extern void ArgusAlignConfig(struct ArgusParserStruct *, struct ArgusAdjustStruct *); 1367 extern void ArgusAlignInit(struct ArgusParserStruct *, struct ArgusRecordStruct *, struct ArgusAdjustStruct *); 1368 extern struct ArgusRecordStruct *ArgusAlignRecord(struct ArgusParserStruct *, struct ArgusRecordStruct *, struct ArgusAdjustStruct *); 1369 extern int ArgusInsertRecord (struct ArgusParserStruct *, struct RaBinProcessStruct *, struct ArgusRecordStruct *, int); 1370 extern void ArgusCalculatePeriod (struct ArgusRecordStruct *, struct ArgusAdjustStruct *); 1371 1372 extern void ArgusAdjustSrcLoss (struct ArgusRecordStruct *, struct ArgusRecordStruct *, double); 1373 extern void ArgusAdjustDstLoss (struct ArgusRecordStruct *, struct ArgusRecordStruct *, double); 1374 1375 extern int ArgusReadCiscoStreamSocket (struct ArgusParserStruct *, struct ArgusInput *); 1376 extern int ArgusReadCiscoDatagramSocket (struct ArgusParserStruct *, struct ArgusInput *); 1377 1378 extern int ArgusReadSflowStreamSocket (struct ArgusParserStruct *, struct ArgusInput *); 1379 extern int ArgusReadSflowDatagramSocket (struct ArgusParserStruct *, struct ArgusInput *); 1380 1381 1382 #endif 1383 #ifdef __cplusplus 1384 } 1385 #endif 1386 #endif 1387