1 /* 2 * Argus Software. Argus files - Modeler includes 3 * Copyright (c) 2000-2015 QoSient, LLC 4 * All rights reserved. 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2, or (at your option) 9 * any later version. 10 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 * 20 */ 21 22 /* 23 * $Id: //depot/argus/argus/argus/ArgusModeler.h#60 $ 24 * $DateTime: 2015/06/29 16:17:25 $ 25 * $Change: 3027 $ 26 */ 27 28 29 #ifndef ArgusModeler_h 30 #define ArgusModeler_h 31 32 #define ARGUS_MARSTATUSTIMER "60" 33 #define ARGUS_FARSTATUSTIMER "5" 34 35 #define ARGUS_INITIMEOUT 5 36 #define ARGUS_IPTIMEOUT 30 37 #define ARGUS_ARPTIMEOUT 5 38 #define ARGUS_TCPTIMEOUT 60 39 #define ARGUS_ICMPTIMEOUT 5 40 #define ARGUS_IGMPTIMEOUT 30 41 #define ARGUS_OTHERTIMEOUT 30 42 #define ARGUS_FRAGTIMEOUT 5 43 44 #define ARGUS_MINSNAPLEN 96 45 #define ARGUS_MINIPHDRLEN 20 46 #define ARGUS_HASHTABLESIZE 0x10000 47 48 #define ARGUS_REQUEST 0x01 49 #define ARGUS_REPLY 0x02 50 51 #define ARGUS_RTP_PCMU 0 52 #define ARGUS_RTP_1016 1 53 #define ARGUS_RTP_G726 2 54 #define ARGUS_RTP_GSM 3 55 #define ARGUS_RTP_G723 4 56 #define ARGUS_RTP_DVI4_8K 5 57 #define ARGUS_RTP_DVI4_16K 6 58 #define ARGUS_RTP_PCMA 8 59 #define ARGUS_RTP_G722 9 60 #define ARGUS_RTP_L16_STEREO 10 61 #define ARGUS_RTP_L16_MONO 11 62 #define ARGUS_RTP_QCELP 12 63 #define ARGUS_RTP_MPA 14 64 #define ARGUS_RTP_G728 15 65 #define ARGUS_RTP_DVI4_11K 16 66 #define ARGUS_RTP_DVI4_22K 17 67 #define ARGUS_RTP_G729 18 68 #define ARGUS_RTP_CELB 25 69 #define ARGUS_RTP_JPEG 26 70 #define ARGUS_RTP_NV 28 71 #define ARGUS_RTP_H261 31 72 #define ARGUS_RTP_MPV 32 73 #define ARGUS_RTP_MP2T 33 74 #define ARGUS_RTP_H263 34 75 76 #define ARGUS_SSH_MONITOR 0x20000 77 78 #define ARGUS_ETHER_HDR 1 79 #define ARGUS_802_11_HDR 2 80 81 #define ARGUS_DEBUG 0xFF 82 83 #define ARGUS_RECORD_WRITTEN 0x00000001 84 #define ARGUSTIMEOUTQS 65534 85 86 #define ARGUS_CLNS 129 87 #define ARGUS_ESIS 130 88 #define ARGUS_ISIS 131 89 #define ARGUS_NULLNS 132 90 91 92 /* True if "l" bytes of "var" were captured */ 93 #define BYTESCAPTURED(m, var, l) ((u_char *)&(var) <= m->ArgusThisSnapEnd - (l)) 94 95 /* True if "var" was captured */ 96 #define STRUCTCAPTURED(m, var) BYTESCAPTURED(m, var, sizeof(var)) 97 98 /* Bail if "l" bytes of "var" were not captured */ 99 #define BYTESCHECK(m, var, l) if (!BYTESCAPTURED(m, var, l)) goto trunc 100 101 /* Bail if "var" was not captured */ 102 #define STRUCTCHECK(m, var) BYTESCHECK(m, var, sizeof(var)) 103 104 #define LENCHECK(m, l) { if ((l) > len) goto bad; BYTESCHECK(m, *cp, l); } 105 106 107 #if defined(ARGUS_THREADS) 108 #include <pthread.h> 109 #endif 110 111 #include <argus_encapsulations.h> 112 113 #include <syslog.h> 114 #include <sys/types.h> 115 #include <sys/time.h> 116 #include <stdio.h> 117 #include <netinet/in.h> 118 #include <net/ppp.h> 119 120 #if defined(HAVE_SOLARIS) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) 121 #include <sys/socket.h> 122 123 #if !defined(__OpenBSD__) || (defined(__OpenBSD__) && !defined(_NET_IF_H_)) 124 #include <net/if.h> 125 #define _NET_IF_H_ 126 #endif 127 #endif 128 129 #if !defined(__OpenBSD__) || (defined(__OpenBSD__) && !defined(_NETINET_IF_SYSTEM_H_)) 130 #include <netinet/in_systm.h> 131 #define _NETINET_IF_SYSTEM_H_ 132 #endif 133 134 #if !defined(__OpenBSD__) 135 #include <netinet/if_ether.h> 136 #endif 137 138 #ifndef _NETINET_IP_H_ 139 #include <netinet/ip.h> 140 #define _NETINET_IP_H_ 141 #endif 142 143 #ifndef _NETINET_IPV6_H_ 144 #include <netinet/ip6.h> 145 #include <netinet/icmp6.h> 146 #define _NETINET_IPV6_H_ 147 #endif 148 149 #ifndef _NETINET_UDP_H_ 150 #include <netinet/udp.h> 151 #define _NETINET_UDP_H_ 152 #endif 153 154 #include <netinet/tcp.h> 155 #include <netinet/ip_icmp.h> 156 #include <netinet/igmp.h> 157 #include <netinet/rtp.h> 158 159 #include <argus_def.h> 160 #include <argus_out.h> 161 162 struct AHHeader { 163 unsigned char nxt, len; 164 unsigned short pad; 165 unsigned int spi, replay, data; 166 }; 167 168 struct ArgusHashStruct { 169 unsigned int len, hash; 170 #if defined(__APPLE_CC__) || defined(__APPLE__) 171 unsigned int pad[2]; 172 unsigned int key[24]; 173 #else 174 unsigned int key[24]; 175 #endif 176 }; 177 178 struct ArgusHashTableHeader { 179 struct ArgusHashTableHeader *nxt, *prv; 180 struct ArgusHashTable *htbl; 181 struct ArgusHashStruct hstruct; 182 void *object; 183 }; 184 185 186 #define ARGUSHASHTABLETRACK 0x01 187 188 struct ArgusHashTable { 189 unsigned int size; 190 int status; 191 int bins, items; 192 193 #if defined(ARGUS_THREADS) 194 pthread_mutex_t lock; 195 #endif 196 struct ArgusHashTableHeader **array; 197 }; 198 199 #define ARGUS_MAX_MPLS_LABELS 4 200 201 struct ArgusKeyStrokeConf { 202 int status, state, n_min; 203 int dc_min, dc_max, gs_max; 204 int ds_min, ds_max, gpc_max; 205 int ic_min, lcs_max; 206 float icr_min, icr_max; 207 }; 208 209 struct ArgusModelerStruct { 210 int state, status; 211 #if defined(ARGUS_THREADS) 212 pthread_t thread; 213 pthread_mutex_t lock; 214 #endif 215 216 struct ArgusSourceStruct *ArgusSrc; 217 struct ArgusQueueStruct *ArgusStatusQueue; 218 struct ArgusQueueStruct *ArgusTimeOutQueues; 219 struct ArgusQueueStruct *ArgusTimeOutQueue[ARGUSTIMEOUTQS]; 220 struct ArgusListStruct *ArgusOutputList; 221 struct ArgusHashTable *ArgusHashTable; 222 struct ArgusSystemFlow *ArgusThisFlow; 223 struct ArgusHashStruct *hstruct; 224 225 unsigned int ArgusTransactionNum; 226 227 unsigned int ArgusThisInterface; 228 unsigned int ArgusThisEncaps; 229 unsigned int ArgusThisNetworkFlowType; 230 struct llc *ArgusThisLLC; 231 unsigned int ArgusThisAppFlowType; 232 int ArgusThisMplsLabelIndex; 233 unsigned int ArgusThisMplsLabel; 234 unsigned int ArgusThisPacket8021QEncaps; 235 unsigned char ArgusFlowType, ArgusFlowKey; 236 unsigned short ArgusOptionIndicator; 237 238 int ArgusInProtocol, ArgusThisDir, ArgusTrackDuplicates; 239 240 struct ArgusKeyStrokeConf ArgusKeyStroke; 241 struct ArgusUniStats *ArgusThisStats; 242 243 struct ether_header *ArgusThisEpHdr; 244 245 void *ArgusThisMacHdr; 246 void *ArgusThisIpHdr; 247 struct ip6_frag *ArgusThisIpv6Frag; 248 void *ArgusThisNetworkHdr; 249 250 unsigned char *ArgusThisUpHdr; 251 unsigned char *ArgusThisSnapEnd; 252 253 int ArgusControlMonitor; 254 int ArgusSnapLength; 255 int ArgusGenerateTime; 256 int ArgusGeneratePacketSize; 257 258 int ArgusThisLength; 259 int ArgusThisBytes; 260 261 struct timeval ArgusGlobalTime; 262 struct timeval ArgusStartTime; 263 struct timeval ArgusNowTime; 264 struct timeval ArgusUpdateInterval; 265 struct timeval ArgusUpdateTimer; 266 267 long long ival; 268 269 long long ArgusTotalPacket; 270 long long ArgusTotalFrags; 271 long long ArgusTotalIPPkts; 272 long long ArgusLastIPPkts; 273 274 long long ArgusTotalNonIPPkts; 275 long long ArgusLastNonIPPkts; 276 277 long long ArgusTotalNewFlows; 278 long long ArgusLastNewFlows; 279 long long ArgusTotalClosedFlows; 280 long long ArgusLastClosedFlows; 281 282 long long ArgusTotalIPFlows; 283 long long ArgusLastIPFlows; 284 285 long long ArgusTotalNonIPFlows; 286 long long ArgusLastNonIPFlows; 287 288 long long ArgusTotalCacheHits; 289 long long ArgusTotalRecords; 290 long long ArgusTotalSends; 291 long long ArgusTotalQueued; 292 long long ArgusTotalBadSends; 293 long long ArgusLastRecords; 294 295 long long ArgusTotalUpdates; 296 long long ArgusLastUpdates; 297 298 struct timeval ArgusLastPacketTimer; 299 struct timeval ArgusAdjustedTimer; 300 301 int ArgusMajorVersion; 302 int ArgusMinorVersion; 303 int ArgusSnapLen; 304 305 int ArgusTunnelDiscovery; 306 int ArgusUserDataLen; 307 int ArgusAflag, ArgusTCPflag, Argusmflag; 308 int ArgusSelfSynchronize, vflag; 309 310 int ArgusIPTimeout; 311 int ArgusTCPTimeout; 312 int ArgusICMPTimeout; 313 int ArgusIGMPTimeout; 314 int ArgusFRAGTimeout; 315 int ArgusARPTimeout; 316 int ArgusOtherTimeout; 317 318 int ArgusReportAllTime; 319 int ArgusResponseStatus; 320 321 struct timeval ArgusFarReportInterval; 322 struct timeval ArgusQueueInterval; 323 struct timeval ArgusListenInterval; 324 325 unsigned int ArgusSeqNum; 326 unsigned int ArgusLocalNet; 327 unsigned int ArgusNetMask; 328 unsigned int ArgusLink; 329 }; 330 331 #include <ArgusUtil.h> 332 #include <ArgusSource.h> 333 #include <ArgusOutput.h> 334 #include <argus_isis.h> 335 336 struct ArgusTimeStats { 337 unsigned int n; 338 float minval, maxval, sum; 339 long long sumsqrd; 340 }; 341 342 struct ArgusTimeStat { 343 struct timeval lasttime; 344 struct ArgusTimeStats act, idle; 345 }; 346 347 348 #define ARGUS_NUM_KEYSTROKE_PKTS 8 349 #define ARGUS_KEYSTROKE_NONE 0 350 #define ARGUS_KEYSTROKE_TENTATIVE 1 351 #define ARGUS_KEYSTROKE_KNOWN 2 352 353 struct ArgusKeyStrokePacket { 354 int status, n_pno; 355 struct ArgusTime ts; 356 unsigned int seq; 357 long long intpkt; 358 }; 359 360 struct ArgusKeyStrokeData { 361 struct ArgusKeyStrokePacket pkts[ARGUS_NUM_KEYSTROKE_PKTS]; 362 }; 363 364 struct ArgusKeyStrokeState { 365 int status, n_pkts, n_strokes, prev_pno; 366 struct ArgusKeyStrokeData data; 367 struct ArgusTime prev_c_ts, prev_s_ts; 368 }; 369 370 struct ArgusFlowStruct { 371 struct ArgusQueueHeader qhdr; 372 struct ArgusHashTableHeader htblbuf, *htblhdr; 373 struct ArgusDSRHeader *dsrs[ARGUSMAXDSRTYPE]; 374 struct ArgusQueueStruct frag; 375 376 unsigned int state, status, dsrindex; 377 unsigned int ArgusEncaps; 378 379 unsigned short trans, timeout; 380 unsigned short userlen; 381 signed char srcint, dstint; 382 unsigned short sipid, dipid; 383 384 385 struct ArgusTimeStat stime, dtime; 386 struct ArgusKeyStrokeState skey; 387 struct ArgusCanonRecord canon; 388 }; 389 390 struct erspan_ii_header { 391 u_int16_t ver_vlan; 392 u_int16_t cos_ent_session; 393 u_int32_t resvert_index; 394 }; 395 396 #define ERSPAN_VER(x) ( ntohs(((struct erspan_ii_header *) x)->ver_vlan) >> 12 ) 397 398 399 #if defined(ArgusModeler) 400 401 #if defined(LBL_ALIGN) 402 #define ARGUS_MAXALIGNBUF 65536 403 unsigned char ArgusAlignBuffer[ARGUS_MAXALIGNBUF], *ArgusAlignBuf = ArgusAlignBuffer; 404 #endif 405 406 struct ArgusModelerStruct *ArgusModel = NULL; 407 408 struct llc ArgusThisLLCBuffer; 409 410 unsigned char argusDSRTypes [ARGUSMAXDSRTYPE] = { 411 ARGUS_TRANSPORT_DSR, ARGUS_FLOW_DSR, ARGUS_TIME_DSR, 412 ARGUS_METER_DSR, ARGUS_AGR_DSR, 413 }; 414 415 416 struct timeval ArgusQueueTime = {0, 0}; 417 struct timeval ArgusQueueInterval = {0, 50000}; 418 struct timeval ArgusListenTime = {0, 0}; 419 struct timeval ArgusListenInterval = {0, 250000}; 420 421 struct ArgusModelerStruct *ArgusNewModeler(void); 422 struct ArgusModelerStruct *ArgusCloneModeler(struct ArgusModelerStruct *); 423 424 void ArgusInitModeler(struct ArgusModelerStruct *); 425 void ArgusCloseModeler(struct ArgusModelerStruct *); 426 427 int ArgusProcessEtherPacket (struct ArgusModelerStruct *, struct ether_header *, int, struct timeval *); 428 int ArgusProcessIpPacket (struct ArgusModelerStruct *, struct ip *, int, struct timeval *); 429 extern int ArgusProcessEtherHdr (struct ArgusModelerStruct *, struct ether_header *, int); 430 431 unsigned short ArgusDiscoverNetworkProtocol (unsigned char *); 432 void ArgusParseMPLSLabel (unsigned int, unsigned int *, unsigned char *, unsigned char *, unsigned char *); 433 434 void ArgusSendFlowRecord (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char); 435 436 struct ArgusFlowStruct *ArgusNewFlow (struct ArgusModelerStruct *, struct ArgusSystemFlow *, struct ArgusHashStruct *, struct ArgusQueueStruct *); 437 extern struct ArgusFlowStruct *ArgusNewFragFlow (void); 438 439 void ArgusTallyStats (struct ArgusModelerStruct *, struct ArgusFlowStruct *); 440 void ArgusTallyTime (struct ArgusFlowStruct *, unsigned char); 441 442 unsigned short ArgusParseIPOptions (unsigned char *, int); 443 444 void setArgusIpTimeout (struct ArgusModelerStruct *model, int value); 445 void setArgusTcpTimeout (struct ArgusModelerStruct *model, int value); 446 void setArgusIcmpTimeout (struct ArgusModelerStruct *model, int value); 447 void setArgusIgmpTimeout (struct ArgusModelerStruct *model, int value); 448 void setArgusFragTimeout (struct ArgusModelerStruct *model, int value); 449 void setArgusArpTimeout (struct ArgusModelerStruct *model, int value); 450 void setArgusOtherTimeout (struct ArgusModelerStruct *model, int value); 451 452 void setArgusSynchronize (struct ArgusModelerStruct *, int); 453 454 int getArgusKeystroke(struct ArgusModelerStruct *); 455 void setArgusKeystroke(struct ArgusModelerStruct *, int); 456 void setArgusKeystrokeVariable(struct ArgusModelerStruct *, char *); 457 458 int getArgusTunnelDiscovery (struct ArgusModelerStruct *); 459 void setArgusTunnelDiscovery (struct ArgusModelerStruct *, int); 460 461 int getArgusTrackDuplicates (struct ArgusModelerStruct *); 462 void setArgusTrackDuplicates (struct ArgusModelerStruct *, int); 463 464 void setArgusFlowKey(struct ArgusModelerStruct *, int); 465 void setArgusFlowType(struct ArgusModelerStruct *, int); 466 467 int getArgusAflag(struct ArgusModelerStruct *); 468 void setArgusAflag(struct ArgusModelerStruct *, int); 469 int getArgusTCPflag(struct ArgusModelerStruct *); 470 void setArgusTCPflag(struct ArgusModelerStruct *, int); 471 int getArgusmflag(struct ArgusModelerStruct *); 472 void setArgusmflag(struct ArgusModelerStruct *, int); 473 int getArgusUserDataLen(struct ArgusModelerStruct *); 474 void setArgusUserDataLen(struct ArgusModelerStruct *, int); 475 int getArgusControlMonitor(struct ArgusModelerStruct *); 476 void setArgusControlMonitor(struct ArgusModelerStruct *); 477 478 int getArgusGenerateTime(struct ArgusModelerStruct *); 479 void setArgusGenerateTime(struct ArgusModelerStruct *, int); 480 int getArgusGeneratePacketSize(struct ArgusModelerStruct *); 481 void setArgusGeneratePacketSize(struct ArgusModelerStruct *, int); 482 void setArgusTimeReport(struct ArgusModelerStruct *, int); 483 484 struct timeval *getArgusQueueInterval(struct ArgusModelerStruct *); 485 struct timeval *getArgusListenInterval(struct ArgusModelerStruct *); 486 487 488 extern struct udt_control_handshake *ArgusThisUdtHshake; 489 extern int ArgusParseUDTHeader (struct ArgusModelerStruct *, struct udt_header *, unsigned int *); 490 491 int getArgusdflag(struct ArgusModelerStruct *); 492 void setArgusdflag(struct ArgusModelerStruct *, int); 493 494 void setArgusLink(struct ArgusModelerStruct *, unsigned int); 495 void ArgusModelerCleanUp (struct ArgusModelerStruct *); 496 497 void *ArgusCreateFlow (struct ArgusModelerStruct *, void *, int); 498 struct ArgusSystemFlow *ArgusCreateArpFlow (struct ArgusModelerStruct *, struct ether_header *); 499 void *ArgusCreateIPv4Flow (struct ArgusModelerStruct *, struct ip *); 500 void *ArgusCreateIPv6Flow (struct ArgusModelerStruct *, struct ip6_hdr *); 501 struct ArgusSystemFlow *ArgusCreateESPv6Flow (struct ArgusModelerStruct *, struct ip6_hdr *); 502 struct ArgusSystemFlow *ArgusCreateESPFlow (struct ArgusModelerStruct *, struct ip *); 503 struct ArgusSystemFlow *ArgusCreateLcpFlow (struct ArgusModelerStruct *, struct lcp_hdr *); 504 struct ArgusSystemFlow *ArgusCreateICMPv6Flow (struct ArgusModelerStruct *, struct icmp6_hdr *); 505 struct ArgusSystemFlow *ArgusCreateICMPFlow (struct ArgusModelerStruct *, struct ip *); 506 struct ArgusSystemFlow *ArgusCreateIGMPv6Flow (struct ArgusModelerStruct *, struct igmp *); 507 struct ArgusSystemFlow *ArgusCreateIGMPFlow (struct ArgusModelerStruct *, struct ip *); 508 struct ArgusSystemFlow *ArgusCreateFRAGFlow (struct ArgusModelerStruct *, void *, unsigned short); 509 struct ArgusSystemFlow *ArgusCreateIsisFlow (struct ArgusModelerStruct *model, struct isis_common_header *header); 510 struct ArgusSystemFlow *ArgusCreateUDTFlow (struct ArgusModelerStruct *, struct udt_header *); 511 struct ArgusSystemFlow *ArgusCreate80211Flow (struct ArgusModelerStruct *model, void *ptr); 512 513 void ArgusUpdateBasicFlow (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char); 514 515 void *ArgusQueueManager(void *); 516 517 int ArgusCreateFlowKey (struct ArgusModelerStruct *, struct ArgusSystemFlow *, struct ArgusHashStruct *); 518 struct ArgusFlowStruct *ArgusFindFlow (struct ArgusModelerStruct *, struct ArgusHashStruct *); 519 520 void ArgusICMPMappedFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); 521 522 struct ArgusFlowStruct *ArgusUpdateState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char, unsigned char); 523 struct ArgusFlowStruct *ArgusUpdateFlow (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char, unsigned char); 524 void ArgusUpdateAppState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char); 525 526 void ArgusModelTransmit (void); 527 528 int ArgusUpdateTime (struct ArgusModelerStruct *); 529 void ArgusTimeOut(struct ArgusFlowStruct *); 530 531 int getArgusMajorVersion(struct ArgusModelerStruct *); 532 void setArgusMajorVersion(struct ArgusModelerStruct *, int); 533 534 int getArgusMinorVersion(struct ArgusModelerStruct *); 535 void setArgusMinorVersion(struct ArgusModelerStruct *, int); 536 537 int getArgusManReportInterval(struct ArgusModelerStruct *); 538 void setArgusManReportInterval(struct ArgusModelerStruct *, int); 539 540 struct timeval *getArgusFarReportInterval(struct ArgusModelerStruct *); 541 void setArgusFarReportInterval(struct ArgusModelerStruct *, char *); 542 543 int getArgusResponseStatus(struct ArgusModelerStruct *); 544 void setArgusResponseStatus(struct ArgusModelerStruct *, int value); 545 546 int getArgusIpTimeout(struct ArgusModelerStruct *); 547 void setArgusIpTimeout(struct ArgusModelerStruct *, int); 548 549 int getArgusTcpTimeout(struct ArgusModelerStruct *); 550 void setArgusTcpTimeout(struct ArgusModelerStruct *, int); 551 552 int getArgusIcmpTimeout(struct ArgusModelerStruct *); 553 void setArgusIcmpTimeout(struct ArgusModelerStruct *, int); 554 555 int getArgusIgmpTimeout(struct ArgusModelerStruct *); 556 void setArgusIgmpTimeout(struct ArgusModelerStruct *, int); 557 558 int getArgusFragTimeout(struct ArgusModelerStruct *); 559 void setArgusFragTimeout(struct ArgusModelerStruct *, int); 560 561 int getArgusArpTimeout(struct ArgusModelerStruct *); 562 void setArgusArpTimeout(struct ArgusModelerStruct *, int); 563 564 int getArgusOtherTimeout(struct ArgusModelerStruct *); 565 void setArgusOtherTimeout(struct ArgusModelerStruct *, int); 566 567 568 unsigned int getArgusLocalNet(struct ArgusModelerStruct *); 569 void setArgusLocalNet(struct ArgusModelerStruct *, unsigned int); 570 571 unsigned int getArgusNetMask(struct ArgusModelerStruct *); 572 void setArgusNetMask(struct ArgusModelerStruct *, unsigned int); 573 574 575 void ArgusSystemTimeout (struct ArgusModelerStruct *); 576 577 struct ArgusRecord *ArgusGenerateRecord (struct ArgusModelerStruct *, struct ArgusRecordStruct *, unsigned char, struct ArgusRecord *); 578 struct ArgusRecordStruct *ArgusGenerateListRecord (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char); 579 struct ArgusRecordStruct *ArgusCopyRecordStruct (struct ArgusRecordStruct *); 580 581 extern void ArgusTCPFlowRecord (struct ArgusNetworkStruct *, unsigned char); 582 extern void ArgusIBFlowRecord (struct ArgusNetworkStruct *, unsigned char); 583 extern void ArgusESPFlowRecord (struct ArgusNetworkStruct *, unsigned char); 584 extern void ArgusLCPFlowRecord (struct ArgusNetworkStruct *, unsigned char); 585 extern void ArgusUpdateTCPState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char *); 586 extern void ArgusUpdateUDPState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char *); 587 extern void ArgusUpdateArpState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char *); 588 extern int ArgusUpdateFRAGState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char, unsigned short); 589 extern void ArgusUpdateESPState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char *); 590 591 592 #else /* #if defined(ArgusModeler) */ 593 594 extern struct ArgusModelerStruct *ArgusModel; 595 extern struct llc ArgusThisLLCBuffer; 596 597 #if defined(LBL_ALIGN) 598 extern unsigned char *ArgusAlignBuf; 599 #endif 600 601 #if defined(Argus) 602 void clearArgusConfiguration (struct ArgusModelerStruct *); 603 #endif 604 605 extern struct ArgusModelerStruct *ArgusNewModeler(void); 606 extern struct ArgusModelerStruct *ArgusCloneModeler(struct ArgusModelerStruct *); 607 608 extern void ArgusInitModeler(struct ArgusModelerStruct *); 609 extern void ArgusCloseModeler(struct ArgusModelerStruct *); 610 611 extern int ArgusProcessEtherPacket (struct ArgusModelerStruct *, struct ether_header *, int, struct timeval *); 612 extern int ArgusProcessIpPacket (struct ArgusModelerStruct *, struct ip *, int, struct timeval *); 613 extern int ArgusProcessEtherHdr (struct ArgusModelerStruct *, struct ether_header *, int); 614 615 extern unsigned short ArgusDiscoverNetworkProtocol (unsigned char *); 616 extern void ArgusParseMPLSLabel (unsigned int, unsigned int *, unsigned char *, unsigned char *, unsigned char *); 617 618 extern void ArgusSendFlowRecord (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char); 619 620 extern struct ArgusFlowStruct *ArgusNewFlow (struct ArgusModelerStruct *, struct ArgusSystemFlow *, struct ArgusHashStruct *, struct ArgusQueueStruct *); 621 extern struct ArgusFlowStruct *ArgusNewFragFlow (void); 622 623 extern void ArgusTallyStats (struct ArgusModelerStruct *, struct ArgusFlowStruct *); 624 extern void ArgusTallyTime (struct ArgusFlowStruct *, unsigned char); 625 626 extern unsigned short ArgusParseIPOptions (unsigned char *, int); 627 628 extern void setArgusIpTimeout (struct ArgusModelerStruct *model, int value); 629 extern void setArgusTcpTimeout (struct ArgusModelerStruct *model, int value); 630 extern void setArgusIcmpTimeout (struct ArgusModelerStruct *model, int value); 631 extern void setArgusIgmpTimeout (struct ArgusModelerStruct *model, int value); 632 extern void setArgusFragTimeout (struct ArgusModelerStruct *model, int value); 633 extern void setArgusArpTimeout (struct ArgusModelerStruct *model, int value); 634 extern void setArgusOtherTimeout (struct ArgusModelerStruct *model, int value); 635 636 extern void setArgusSynchronize (struct ArgusModelerStruct *, int); 637 638 extern int getArgusKeystroke(struct ArgusModelerStruct *); 639 extern void setArgusKeystroke(struct ArgusModelerStruct *, int); 640 extern void setArgusKeystrokeVariable(struct ArgusModelerStruct *, char *); 641 642 extern int getArgusTunnelDiscovery(struct ArgusModelerStruct *); 643 extern void setArgusTunnelDiscovery(struct ArgusModelerStruct *, int); 644 645 extern int getArgusTrackDuplicates (struct ArgusModelerStruct *); 646 extern void setArgusTrackDuplicates (struct ArgusModelerStruct *, int); 647 648 extern void setArgusFlowKey(struct ArgusModelerStruct *, int); 649 extern void setArgusFlowType(struct ArgusModelerStruct *, int); 650 651 extern void setArgusCollector(struct ArgusModelerStruct *, int); 652 653 extern int getArgusAflag(struct ArgusModelerStruct *); 654 extern void setArgusAflag(struct ArgusModelerStruct *, int); 655 extern int getArgusTCPflag(struct ArgusModelerStruct *); 656 extern void setArgusTCPflag(struct ArgusModelerStruct *, int); 657 extern int getArgusmflag(struct ArgusModelerStruct *); 658 extern void setArgusmflag(struct ArgusModelerStruct *, int); 659 extern int getArgusUserDataLen(struct ArgusModelerStruct *); 660 extern void setArgusUserDataLen(struct ArgusModelerStruct *, int); 661 extern int getArgusControlMonitor(struct ArgusModelerStruct *); 662 extern void setArgusControlMonitor(struct ArgusModelerStruct *); 663 664 extern struct timeval ArgusQueueInterval; 665 extern struct timeval *getArgusQueueInterval(void); 666 667 extern struct timeval ArgusListenInterval; 668 extern struct timeval *getArgusListenInterval(void); 669 670 extern struct udt_control_handshake *ArgusThisUdtHshake; 671 extern int ArgusParseUDTHeader (struct ArgusModelerStruct *, struct udt_header *, unsigned int *); 672 673 extern int getArgusGenerateTime(struct ArgusModelerStruct *); 674 extern void setArgusGenerateTime(struct ArgusModelerStruct *, int); 675 676 extern int getArgusGeneratePacketSize(struct ArgusModelerStruct *); 677 extern void setArgusGeneratePacketSize(struct ArgusModelerStruct *, int); 678 679 extern void setArgusTimeReport(struct ArgusModelerStruct *, int); 680 681 extern int getArgusKeystroke(struct ArgusModelerStruct *); 682 extern void setArgusKeystroke(struct ArgusModelerStruct *, int); 683 684 extern int getArgusdflag(struct ArgusModelerStruct *); 685 extern struct timeval *getArgusFarReportInterval(struct ArgusModelerStruct *); 686 687 extern void setArgusdflag(struct ArgusModelerStruct *, int); 688 extern void setArgusFarReportInterval(struct ArgusModelerStruct *, char *); 689 690 extern void setArgusLink(struct ArgusModelerStruct *, unsigned int); 691 extern void ArgusModelerCleanUp (struct ArgusModelerStruct *); 692 693 extern struct ArgusSystemFlow *ArgusCreateFlow (struct ArgusModelerStruct *, void *, int); 694 extern struct ArgusSystemFlow *ArgusCreateArpFlow (struct ArgusModelerStruct *, struct ether_header *); 695 extern struct ArgusSystemFlow *ArgusCreatev4IPFlow (struct ArgusModelerStruct *, struct ip *); 696 extern struct ArgusSystemFlow *ArgusCreatev6IPFlow (struct ArgusModelerStruct *, struct ip *); 697 extern struct ArgusSystemFlow *ArgusCreateESPv6Flow (struct ArgusModelerStruct *, struct ip6_hdr *); 698 extern struct ArgusSystemFlow *ArgusCreateESPFlow (struct ArgusModelerStruct *, struct ip *); 699 extern struct ArgusSystemFlow *ArgusCreateLcpFlow (struct ArgusModelerStruct *, struct lcp_hdr *); 700 extern struct ArgusSystemFlow *ArgusCreateICMPv6Flow (struct ArgusModelerStruct *, struct icmp6_hdr *); 701 extern struct ArgusSystemFlow *ArgusCreateICMPFlow (struct ArgusModelerStruct *, struct ip *); 702 extern struct ArgusSystemFlow *ArgusCreateFRAGFlow (struct ArgusModelerStruct *, void *, unsigned short); 703 extern struct ArgusSystemFlow *ArgusCreateIsisFlow (struct ArgusModelerStruct *model, struct isis_common_header *header); 704 extern struct ArgusSystemFlow *ArgusCreateUDTFlow (struct ArgusModelerStruct *, struct udt_header *); 705 extern struct ArgusSystemFlow *ArgusCreate80211Flow (struct ArgusModelerStruct *model, void *ptr); 706 707 708 extern void ArgusUpdateBasicFlow (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char); 709 710 extern void *ArgusQueueManager(void *); 711 712 extern struct ArgusFlowStruct *ArgusFindFlow (struct ArgusModelerStruct *, struct ArgusHashStruct *); 713 extern int ArgusCreateFlowKey (struct ArgusModelerStruct *, struct ArgusSystemFlow *, struct ArgusHashStruct *); 714 715 extern void ArgusICMPMappedFlowRecord (struct ArgusFlowStruct *, struct ArgusRecord *, unsigned char); 716 717 extern struct ArgusFlowStruct *ArgusUpdateState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char, unsigned char); 718 extern struct ArgusFlowStruct *ArgusUpdateFlow (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char, unsigned char); 719 extern void ArgusUpdateAppState (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char); 720 721 extern void ArgusModelTransmit (void); 722 723 extern int ArgusUpdateTime (struct ArgusModelerStruct *); 724 extern void ArgusTimeOut(struct ArgusFlowStruct *); 725 726 extern int getArgusMajorVersion(struct ArgusModelerStruct *); 727 extern void setArgusMajorVersion(struct ArgusModelerStruct *, int); 728 729 extern int getArgusMinorVersion(struct ArgusModelerStruct *); 730 extern void setArgusMinorVersion(struct ArgusModelerStruct *, int); 731 732 extern int getArgusManReportInterval(struct ArgusModelerStruct *); 733 extern void setArgusManReportInterval(struct ArgusModelerStruct *, int); 734 735 extern int getArgusStatusReportInterval(struct ArgusModelerStruct *); 736 extern void setArgusStatusReportInterval(struct ArgusModelerStruct *, int); 737 738 extern int getArgusResponseStatus(struct ArgusModelerStruct *); 739 extern void setArgusResponseStatus(struct ArgusModelerStruct *, int value); 740 741 extern int getArgusIPTimeout(struct ArgusModelerStruct *); 742 extern void setArgusIPTimeout(struct ArgusModelerStruct *, int); 743 744 extern int getArgusTCPTimeout(struct ArgusModelerStruct *); 745 extern void setArgusTCPTimeout(struct ArgusModelerStruct *, int); 746 747 extern int getArgusICMPTimeout(struct ArgusModelerStruct *); 748 extern void setArgusICMPTimeout(struct ArgusModelerStruct *, int); 749 750 extern int getArgusIGMPTimeout(struct ArgusModelerStruct *); 751 extern void setArgusIGMPTimeout(struct ArgusModelerStruct *, int); 752 753 extern int getArgusFRAGTimeout(struct ArgusModelerStruct *); 754 extern void setArgusFRAGTimeout(struct ArgusModelerStruct *, int); 755 756 extern unsigned int getArgusLocalNet(struct ArgusModelerStruct *); 757 extern void setArgusLocalNet(struct ArgusModelerStruct *, unsigned int); 758 759 extern unsigned int getArgusNetMask(struct ArgusModelerStruct *); 760 extern void setArgusNetMask(struct ArgusModelerStruct *, unsigned int); 761 762 extern void ArgusSystemTimeout (struct ArgusModelerStruct *); 763 764 extern struct ArgusRecord *ArgusGenerateRecord (struct ArgusModelerStruct *, struct ArgusRecordStruct *, unsigned char, struct ArgusRecord *); 765 extern struct ArgusRecordStruct *ArgusGenerateListRecord (struct ArgusModelerStruct *, struct ArgusFlowStruct *, unsigned char); 766 extern struct ArgusRecordStruct *ArgusCopyRecordStruct (struct ArgusRecordStruct *); 767 768 769 #endif /* #if defined(ArgusModeler) else */ 770 #endif /* #ifndef ArgusModeler_h */ 771