1 /* 2 * Argus Software. Common include files. Client 3 * Copyright (C) 2000-2015 QoSient, LLC. 4 * All Rights Reserved 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2, or (at your option) 9 * any later version. 10 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 * 20 */ 21 22 /* 23 * $Id: //depot/argus/argus/include/argus_client.h#16 $ 24 * $DateTime: 2015/04/06 10:38:44 $ 25 * $Change: 2973 $ 26 */ 27 28 29 #if !defined(ArgusClient_h) 30 #define ArgusClient_h 31 #endif 32 33 34 #include <unistd.h> 35 36 #include <sys/types.h> 37 #include <stdio.h> 38 39 #include <errno.h> 40 #include <fcntl.h> 41 42 #include <string.h> 43 #include <sys/time.h> 44 45 #include <netinet/in.h> 46 #include <string.h> 47 #include <sys/stat.h> 48 49 #include <argus_compat.h> 50 51 #ifdef ARGUS_SASL 52 #include <sasl/sasl.h> 53 #endif 54 55 #include <argus_def.h> 56 #include <argus_out.h> 57 #include <argus_os.h> 58 59 60 #define RA_TRANSDURATION 1 61 #define RA_AVGDURATION 2 62 #define RA_DELTADURATION 3 63 64 #define RA_MODELNAMETAGSTR "RAGATOR_MODEL_NAME=" 65 #define RA_PRESERVETAGSTR "RAGATOR_PRESERVE_FIELDS=" 66 #define RA_REPORTTAGSTR "RAGATOR_REPORT_AGGREGATION=" 67 #define RA_AUTOCORRECTSTR "RAGATOR_AUTO_CORRECTION=" 68 #define RA_HISTOGRAM "RAGATOR_HISTOGRAM=" 69 #define RA_MODELTAGSTR "Model" 70 #define RA_FLOWTAGSTR "Flow" 71 72 #define RA_MODELIST 1 73 #define RA_FLOWLIST 2 74 75 #define RA_FLOWPOLICYFIELDNUM 11 76 #define RA_MODELPOLICYFIELDNUM 8 77 78 #define RA_LABELSTRING 0 79 #define RA_POLICYID 1 80 #define RA_POLICYTYPE 2 81 #define RA_POLICYSRCADDR 3 82 #define RA_POLICYDSTADDR 4 83 #define RA_POLICYPROTO 5 84 #define RA_POLICYSRCPORT 6 85 #define RA_POLICYDSTPORT 7 86 #define RA_POLICYMODELST 8 87 #define RA_POLICYTIMEOUT 9 88 #define RA_POLICYIDLETIMEOUT 10 89 90 #define RA_MODIFIED 0x10000000 91 92 #define RA_CON 1 93 #define RA_DONE 2 94 95 #define RA_HASHTABLESIZE 0x1000 96 #define RA_SVCPASSED 0x010000 97 #define RA_SVCFAILED 0x020000 98 #define RA_SVCINCOMPLETE 0x040000 99 #define RA_SVCTEST (RA_SVCFAILED|RA_SVCPASSED|RA_SVCINCOMPLETE) 100 #define RA_SVCDISCOVERY 0x080000 101 #define RA_SVCMULTICAST 0x100000 102 103 104 #define ARGUS_FAR_SRCADDR_MODIFIED 0x0100 105 #define ARGUS_FAR_DSTADDR_MODIFIED 0x0200 106 #define ARGUS_FAR_PROTO_MODIFIED 0x0400 107 #define ARGUS_FAR_SRCPORT_MODIFIED 0x0800 108 #define ARGUS_FAR_DSTPORT_MODIFIED 0x1000 109 #define ARGUS_FAR_TPVAL_MODIFIED 0x2000 110 111 #define ARGUS_FAR_RECORDREVERSE 0x4000 112 113 #define ARGUS_MAX_S_OPTIONS 34 114 #define ARGUS_MAX_SORT_ALG 34 115 #define MAX_SORT_ALG_TYPES 28 116 117 #define RASORTTIME 0 118 #define RASORTSTARTTIME 1 119 #define RASORTLASTTIME 2 120 #define RASORTTRANS 3 121 #define RASORTDURATION 4 122 #define RASORTAVGDURATION 5 123 #define RASORTSRCADDR 6 124 #define RASORTDSTADDR 7 125 #define RASORTPROTOCOL 8 126 #define RASORTIPID 9 127 #define RASORTSRCPORT 10 128 #define RASORTDSTPORT 11 129 #define RASORTSRCTOS 12 130 #define RASORTDSTTOS 13 131 #define RASORTSRCTTL 14 132 #define RASORTDSTTTL 15 133 #define RASORTBYTECOUNT 16 134 #define RASORTSRCBYTECOUNT 17 135 #define RASORTDSTBYTECOUNT 18 136 #define RASORTPKTSCOUNT 19 137 #define RASORTSRCPKTSCOUNT 20 138 #define RASORTDSTPKTSCOUNT 21 139 #define RASORTLOAD 22 140 #define RASORTRATE 23 141 #define RASORTLOSS 24 142 #define RASORTTRANREF 25 143 #define RASORTSEQ 26 144 #define RASORTSRCID 27 145 146 #define ARGUS_READINGPREHDR 1 147 #define ARGUS_READINGHDR 2 148 #define ARGUS_READINGBLOCK 4 149 #define ARGUS_READINGDATAGRAM 8 150 151 152 #define TSEQ_HASHSIZE 9029 153 154 #define ARGUS_MAX_PRINT_ALG 67 155 #define MAX_PRINT_ALG_TYPES 67 156 157 typedef struct ArgusRecord * (*ArgusNetFlowHandler)(u_char **); 158 159 160 struct ArgusInput { 161 struct ArgusInput *nxt; 162 unsigned int status; 163 int mode, fd, in, out, offset; 164 int ostart, ostop; 165 u_int addr; 166 unsigned short portnum; 167 char *hostname, *filename; 168 FILE *pipe; 169 int major_version, minor_version; 170 unsigned int ArgusLocalNet, ArgusNetMask; 171 struct timeval ArgusLastTime; 172 int ArgusMarInterval; 173 struct stat statbuf; 174 unsigned char *ArgusReadBuffer, *ArgusConvBuffer; 175 unsigned char *ArgusReadPtr, *ArgusConvPtr, *ArgusReadBlockPtr; 176 int ArgusReadSocketCnt, ArgusReadSocketSize; 177 int ArgusReadSocketState, ArgusReadCiscoVersion; 178 int ArgusReadSocketNum, ArgusReadSize; 179 ArgusNetFlowHandler ArgusCiscoNetFlowParse; 180 181 #ifdef ARGUS_SASL 182 sasl_conn_t *sasl_conn; 183 int ArgusSaslBufCnt; 184 unsigned char *ArgusSaslBuffer; 185 #endif 186 187 struct ArgusRecord ArgusInitCon, ArgusManStart; 188 }; 189 190 struct ArgusOutputStruct { 191 char *filename; 192 struct stat statbuf; 193 FILE *fd; 194 }; 195 196 #define ARGUSMONITOR_EQUAL 0x01000000 197 #define ARGUSMONITOR_NOTEQUAL 0x02000000 198 199 struct RaFlowModelStruct { 200 char *desc; 201 int pindex, mindex; 202 int preserve, report, autocorrect; 203 int *histotimevalues; 204 int histostart, histoend, histobins; 205 int histotimeseries; 206 207 struct RaPolicyStruct **policy; 208 struct RaPolicyStruct **model; 209 }; 210 211 struct RaPolicyStruct { 212 u_int RaEntryType, RaPolicyId; 213 struct ArgusCIDRAddr src, dst; 214 u_short type; 215 u_char proto, pad; 216 u_short sport, dport; 217 u_int RaModelId, ArgusTimeout, ArgusIdleTimeout; 218 char *str; 219 }; 220 221 222 #if defined(HAVE_SOLARIS) 223 #include <sys/socket.h> 224 #endif 225 226 #define RA_MODIFIED 0x10000000 227 228 229 extern void ArgusLog (int, char *, ...); 230 231 232 #ifdef ArgusClient 233 234 235 #if defined(ARGUS_SASL) 236 int ArgusMaxSsf = 128; 237 int ArgusMinSsf = 40; 238 #endif 239 240 char *appOptstring = NULL; 241 242 char *RaPrintKeyWords[MAX_PRINT_ALG_TYPES] = { 243 "time", 244 "startime", 245 "lasttime", 246 "trans", 247 "dur", 248 "avgdur", 249 "snet", 250 "saddr", 251 "dnet", 252 "daddr", 253 "proto", 254 "sport", 255 "dport", 256 "tos", 257 "stos", 258 "dtos", 259 "sttl", 260 "dttl", 261 "bytes", 262 "sbytes", 263 "dbytes", 264 "pkts", 265 "spkts", 266 "dpkts", 267 "sload", 268 "dload", 269 "load", 270 "loss", 271 "ploss", 272 "srate", 273 "drate", 274 "rate", 275 "srcid", 276 "ind", 277 "mac", 278 "dir", 279 "jitter", 280 "sjitter", 281 "djitter", 282 "status", 283 "ddur", 284 "dstime", 285 "dltime", 286 "dspkts", 287 "ddpkts", 288 "dsbytes", 289 "ddbytes", 290 "pdspkts", 291 "pddpkts", 292 "pdsbytes", 293 "pddbytes", 294 "user", 295 "tcpext", 296 "win", 297 "jdelay", 298 "ldelay", 299 "seq", 300 "bins", 301 "binnum", 302 "mpls", 303 "vlan", 304 "vid", 305 "vpri", 306 "ipid", 307 "srng", 308 "erng", 309 "svc", 310 }; 311 312 extern struct ArgusInput *ArgusInput; 313 extern char *ArgusProgramName; 314 extern char *ArgusProgramOptions; 315 extern struct ArgusDSRHeader *ArgusThisDsrs[]; 316 317 extern signed long long tcp_dst_bytes, tcp_src_bytes; 318 extern signed long long udp_dst_bytes, udp_src_bytes; 319 extern signed long long icmp_dst_bytes, icmp_src_bytes; 320 extern signed long long ip_dst_bytes, ip_src_bytes; 321 322 extern void ArgusDebug (int, char *, ...); 323 extern int setArgusRemoteFilter(unsigned char *); 324 325 void ArgusClientInit(struct ArgusParserStruct *); 326 void RaArgusInputComplete (struct ArgusInput *); 327 void RaParseComplete (int); 328 329 int RaParseType (char *); 330 331 void ArgusClientTimeout (void); 332 void parse_arg (int, char**); 333 void usage (void); 334 335 struct ArgusRecordStruct *RaCopyArgusRecordStruct (struct ArgusRecordStruct *); 336 signed long long RaGetActiveDuration (struct ArgusRecordStruct *); 337 signed long long RaGetuSecDuration (struct ArgusRecordStruct *); 338 signed long long RaGetuSecAvgDuration (struct ArgusRecordStruct *); 339 340 char RaLabelStr[1024], *RaLabel; 341 342 void RaProcessRecord (struct ArgusRecordStruct *); 343 void RaProcessManRecord (struct ArgusRecordStruct *); 344 void RaProcessFragRecord (struct ArgusRecordStruct *); 345 void RaProcessTCPRecord (struct ArgusRecordStruct *); 346 void RaProcessICMPRecord (struct ArgusRecordStruct *); 347 void RaProcessIGMPRecord (struct ArgusRecordStruct *); 348 void RaProcessUDPRecord (struct ArgusRecordStruct *); 349 void RaProcessIPRecord (struct ArgusRecordStruct *); 350 void RaProcessARPRecord (struct ArgusRecordStruct *); 351 void RaProcessNonIPRecord (struct ArgusRecordStruct *); 352 353 extern void ArgusLog (int, char *, ...); 354 extern int RaSendArgusRecord(struct ArgusRecordStruct *); 355 356 extern void ArgusClientTimeout (void); 357 int ArgusWriteConnection (struct ArgusInput *, u_char *, int); 358 359 char *RaGenerateLabel(struct ArgusParserStruct *, struct ArgusRecordStruct *); 360 361 int RaParseProbeResourceFile (char **); 362 int RaProbeMonitorsThisAddr (unsigned int, unsigned int); 363 364 struct ArgusRecordStruct *ArgusGenerateRecordStruct (struct ArgusRecord *); 365 struct ArgusRecord *ArgusGenerateRecord (struct ArgusRecordStruct *, unsigned char); 366 367 void ArgusDeleteRecordStruct (struct ArgusRecordStruct *); 368 369 struct ArgusListStruct *ArgusNewList (void); 370 void ArgusDeleteList (struct ArgusListStruct *, int); 371 int ArgusListEmpty (struct ArgusListStruct *); 372 int ArgusGetListCount(struct ArgusListStruct *); 373 void ArgusPushFrontList(struct ArgusListStruct *, void *, int); 374 void ArgusPushBackList(struct ArgusListStruct *, void *, int); 375 void *ArgusFrontList(struct ArgusListStruct *); 376 void *ArgusBackList(struct ArgusListStruct *); 377 void *ArgusPopBackList(struct ArgusListStruct *, int); 378 void *ArgusPopFrontList(struct ArgusListStruct *, int); 379 380 int ArgusCheckTime (struct ArgusRecordStruct *); 381 382 #else /* ArgusClient */ 383 384 385 #if defined(ARGUS_SASL) 386 extern int ArgusMaxSsf; 387 extern int ArgusMinSsf; 388 #endif /* ARGUS_SASL */ 389 390 extern char *appOptstring; 391 392 extern char *RaPrintKeyWords[MAX_PRINT_ALG_TYPES]; 393 extern char *ArgusProgramName; 394 extern char *ArgusProgramOptions; 395 396 extern void ArgusDebug (int, char *, ...); 397 extern int setArgusRemoteFilter(unsigned char *); 398 399 extern void ArgusClientInit(struct ArgusParserStruct *); 400 extern void RaArgusInputComplete (struct ArgusInput *); 401 extern void RaParseComplete (int); 402 403 extern int RaParseType (char *); 404 405 extern void ArgusClientTimeout (void); 406 extern void parse_arg (int, char**); 407 extern void usage (void); 408 409 extern struct ArgusRecordStruct *RaCopyArgusRecordStruct (struct ArgusRecordStruct *); 410 extern signed long long RaGetActiveDuration (struct ArgusRecordStruct *); 411 extern signed long long RaGetuSecDuration (struct ArgusRecordStruct *); 412 extern signed long long RaGetuSecAvgDuration (struct ArgusRecordStruct *); 413 414 extern char RaLabelStr[1024], *RaLabel; 415 416 extern void RaProcessRecord (struct ArgusRecordStruct *); 417 extern void RaProcessManRecord (struct ArgusRecordStruct *); 418 extern void RaProcessFragRecord (struct ArgusRecordStruct *); 419 extern void RaProcessTCPRecord (struct ArgusRecordStruct *); 420 extern void RaProcessICMPRecord (struct ArgusRecordStruct *); 421 extern void RaProcessIGMPRecord (struct ArgusRecordStruct *); 422 extern void RaProcessUDPRecord (struct ArgusRecordStruct *); 423 extern void RaProcessIPRecord (struct ArgusRecordStruct *); 424 extern void RaProcessARPRecord (struct ArgusRecordStruct *); 425 extern void RaProcessNonIPRecord (struct ArgusRecordStruct *); 426 427 extern void ArgusLog (int, char *, ...); 428 429 extern char *RaGenerateLabel(struct ArgusParserStruct *, struct ArgusRecordStruct *); 430 431 extern int RaSendArgusRecord(struct ArgusRecordStruct *); 432 extern int RaProbeMonitorsThisAddr (unsigned int, unsigned int); 433 434 extern struct ArgusRecordStruct *ArgusGenerateRecordStruct (struct ArgusRecord *); 435 extern struct ArgusRecord *ArgusGenerateRecord (struct ArgusRecordStruct *, unsigned char); 436 437 extern void ArgusDeleteRecordStruct (struct ArgusRecordStruct *); 438 439 extern struct ArgusListStruct *ArgusNewList (void); 440 extern void ArgusDeleteList (struct ArgusListStruct *, int); 441 extern int ArgusListEmpty (struct ArgusListStruct *); 442 extern int ArgusGetListCount(struct ArgusListStruct *); 443 extern void ArgusPushFrontList(struct ArgusListStruct *, void *); 444 extern void ArgusPushBackList(struct ArgusListStruct *, void *); 445 extern void *ArgusFrontList(struct ArgusListStruct *); 446 extern void *ArgusBackList(struct ArgusListStruct *); 447 extern void *ArgusPopBackList(struct ArgusListStruct *); 448 extern void *ArgusPopFrontList(struct ArgusListStruct *); 449 450 extern int ArgusCheckTime (struct ArgusRecordStruct *); 451 452 #endif 453