1 /* 2 * Copyright (c) 2001 Mark Fullmer and The Ohio State University 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $Id: ftlib.h,v 1.94 2005/05/10 15:51:33 maf Exp $ 27 */ 28 29 #ifndef FTLIB_H 30 #define FTLIB_H 31 32 #include <sys/types.h> 33 #include <sys/time.h> 34 #include <sys/socket.h> 35 #include <sys/uio.h> 36 #include <netinet/in_systm.h> 37 #include <netinet/in.h> 38 #include <netinet/ip.h> 39 #include <netinet/udp.h> 40 #include <arpa/nameser.h> 41 #include <sys/resource.h> 42 #include <stdio.h> 43 #include <zlib.h> 44 45 #ifndef BIG_ENDIAN 46 #define BIG_ENDIAN 4321 47 #endif 48 49 #ifndef LITTLE_ENDIAN 50 #define LITTLE_ENDIAN 1234 51 #endif 52 53 #ifndef BYTE_ORDER 54 #define BYTE_ORDER BIG_ENDIAN 55 #endif 56 57 #define SWAPINT32(y) y = \ 58 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)); 59 60 #define SWAPINT16(y) y = \ 61 ( (((y)&0xff)<<8) | (((y)&0xff00)>>8) ); 62 63 #include "ftqueue.h" 64 65 /* 66 * compatability 67 */ 68 struct mymsghdr { 69 void *msg_name; /* optional address */ 70 int msg_namelen; /* size of address */ 71 struct iovec *msg_iov; /* scatter/gather array */ 72 int msg_iovlen; /* # elements in msg_iov */ 73 void *msg_control; /* ancillary data, see below */ 74 int msg_controllen; /* ancillary data buffer len */ 75 int msg_flags; /* flags on received message */ 76 }; 77 78 /* 79 * misc 80 */ 81 #define FT_OPT_PERCENT 0x1 82 #define FT_OPT_NAMES 0x2 83 #define FT_OPT_NOBUF 0x4 84 #define FT_OPT_TALLY 0x8 85 #define FT_OPT_WIDE 0x10 86 87 /* 88 * stream header flags and options 89 */ 90 #define FT_HEADER_LITTLE_ENDIAN 1 /* stream data is little endian */ 91 #define FT_HEADER_BIG_ENDIAN 2 /* stream data is big endian */ 92 #define FT_HEADER_FLAG_DONE 0x1 /* complete, safe to read */ 93 #define FT_HEADER_FLAG_COMPRESS 0x2 /* compression enabled */ 94 #define FT_HEADER_FLAG_MULT_PDU 0x4 /* multiple PDU's XXX not used */ 95 #define FT_HEADER_FLAG_STREAMING 0x8 /* stream ie flow-cat */ 96 #define FT_HEADER_FLAG_XLATE 0x10 /* stream translated from old fmt */ 97 #define FT_HEADER_FLAG_PRELOADED 0x20 /* streaming & preloaded header */ 98 #define FT_HEADER_D_VERSION_UNKNOWN 0xFFFF /* unknown export format */ 99 #define FT_HEADER_MAGIC1 0xCF /* magic number of stream */ 100 #define FT_HEADER_MAGIC2 0x10 101 102 #define FT_HEADER1_CMNT_LEN 256 /* length of comment buffer */ 103 #define FT_HEADER1_HN_LEN 68 /* length of hostname buffer */ 104 105 #define FT_HOSTNAME_LEN 256 106 107 /* stream flags */ 108 #define FT_IO_FLAG_ZINIT 0x1 /* compression initialized */ 109 #define FT_IO_FLAG_NO_SWAP 0x2 /* do not swap on write */ 110 #define FT_IO_FLAG_READ 0x4 /* stream is open for reading */ 111 #define FT_IO_FLAG_WRITE 0x8 /* stream is open for writing */ 112 #define FT_IO_FLAG_HEADER_DONE 0x10 /* header written */ 113 #define FT_IO_FLAG_MMAP 0x20 /* use mmap() for reading */ 114 115 #define FT_PDU_V1_MAXFLOWS 24 /* max records in V1 packet */ 116 #define FT_PDU_V5_MAXFLOWS 30 /* max records in V5 packet */ 117 #define FT_PDU_V6_MAXFLOWS 27 /* max records in V6 packet */ 118 #define FT_PDU_V7_MAXFLOWS 27 /* max records in V7 packet */ 119 #define FT_PDU_V8_1_MAXFLOWS 51 /* max records in V8 AS packet */ 120 #define FT_PDU_V8_2_MAXFLOWS 51 /* max records in V8 PROTO PORT packet */ 121 #define FT_PDU_V8_3_MAXFLOWS 44 /* max records in V8 SRC PREFIX packet */ 122 #define FT_PDU_V8_4_MAXFLOWS 44 /* max records in V8 DST PREFIX packet */ 123 #define FT_PDU_V8_5_MAXFLOWS 35 /* max records in V8 PREFIX packet */ 124 #define FT_PDU_V8_6_MAXFLOWS 44 /* max records in V8 DESTONLY packet */ 125 #define FT_PDU_V8_7_MAXFLOWS 35 /* max records in V8 SRC_DEST packet */ 126 #define FT_PDU_V8_8_MAXFLOWS 32 /* max records in V8 FULL_FLOW packet */ 127 #define FT_PDU_V8_9_MAXFLOWS 44 /* max records in V8 AS_TOS packet */ 128 #define FT_PDU_V8_10_MAXFLOWS 44 /* max records in V8 PROT_PORT_TOS packet */ 129 #define FT_PDU_V8_11_MAXFLOWS 44 /* max records in V8 SRC_PREFIX_TOS packet */ 130 #define FT_PDU_V8_12_MAXFLOWS 44 /* max records in V8 DST_PREFIX_TOS packet */ 131 #define FT_PDU_V8_13_MAXFLOWS 35 /* max records in V8 PREFIX_TOS packet */ 132 #define FT_PDU_V8_14_MAXFLOWS 35 /* max records in V8 PREFIX_PORT_TOS packet */ 133 134 #define FT_PDU_V8_1_VERSION 2 /* version of AS packet */ 135 #define FT_PDU_V8_2_VERSION 2 /* version of PROTO PORT packet */ 136 #define FT_PDU_V8_3_VERSION 2 /* version of SRC PREFIX packet */ 137 #define FT_PDU_V8_4_VERSION 2 /* version of DST PREFIX packet */ 138 #define FT_PDU_V8_5_VERSION 2 /* version of PREFIX packet */ 139 #define FT_PDU_V8_6_VERSION 2 /* version of DESTONLY packet */ 140 #define FT_PDU_V8_7_VERSION 2 /* version of SRC_DEST packet */ 141 #define FT_PDU_V8_8_VERSION 2 /* version of FULL_FLOW packet */ 142 #define FT_PDU_V8_9_VERSION 2 /* version of AS_TOS packet */ 143 #define FT_PDU_V8_10_VERSION 2 /* version of PROT_PORT_TOS packet */ 144 #define FT_PDU_V8_11_VERSION 2 /* version of SRC_PREFIX_TOS packet */ 145 #define FT_PDU_V8_12_VERSION 2 /* version of DST_PREFIX_TOS packet */ 146 #define FT_PDU_V8_13_VERSION 2 /* version of PREFIX_TOS packet */ 147 #define FT_PDU_V8_14_VERSION 2 /* version of PREFIX_PORT_TOS packet */ 148 149 #define FT_PORT 9991 /* default listen port */ 150 #define FT_IO_NBUFS 256 /* buffers to read/write */ 151 #define FT_Z_BUFSIZE 16384 /* inflate/deflate buffer size */ 152 #define FT_D_BUFSIZE 32768 /* stream data buffer size */ 153 #define FT_RCV_BUFSIZE 2048 /* enough to handle largest export */ 154 #define FT_SO_SND_BUFSIZE 1500 /* UDP send socket buffer size */ 155 #define FT_SO_RCV_BUFSIZE (4*1024*1024) /* UDP recv socket buffer size */ 156 157 #define FT_IO_SVERSION 3 /* stream version */ 158 159 #define FT_IO_MAXREC 512 /* >= max size of a flow record fts3_* */ 160 161 #define FT_IO_MAXDECODE 4096 /* must be >= max possible size a pdu 162 * could expand into stream records. For 163 * example 27 v7 streams at 60 bytes 164 * is 1620 bytes 165 */ 166 167 #define FT_IO_MAXENCODE 4096 /* must be >= max possible size a pdu 168 * could be. really 169 * MAX(sizeof(ftpdu_*)) + size of 170 * ip+udp header (20+8) 171 */ 172 173 #define FT_IO_MAXHEADER 16384 /* max size of header */ 174 175 176 177 #define FT_SEQ_RESET 1000 /* maximum number of sequence numbers 178 * that will be counted as lost before 179 * assuming reset. 180 */ 181 182 #define FT_ENC_FLAGS_IPHDR 0x1 /* leave room for IP header */ 183 184 #define FT_ENC_IPHDR_LEN 28 /* IP + UDP header length */ 185 186 #define FT_FILE_SORT 0x1 /* sort entries */ 187 #define FT_FILE_INIT 0x2 /* initialize */ 188 #define FT_FILE_SKIPTMP 0x4 /* skip tmp files */ 189 #define FT_FILE_CHECKNAMES 0x8 /* check filenames for sanity */ 190 191 #define FT_LP_MAXLINE 1024 /* maximum length of line */ 192 193 /* TLV_ - stream value 194 * DEC_ - bit in internal header to indicate successful decode 195 */ 196 197 #define FT_TLV_NULL 0x0 /* 0 : null */ 198 #define FT_TLV_VENDOR 0x1 /* uint8_t : vendor (1=cisco) */ 199 #define FT_FIELD_VENDOR 0x00000001L 200 #define FT_TLV_EX_VER 0x2 /* uint16_t : export version */ 201 #define FT_FIELD_EX_VER 0x00000002L 202 #define FT_TLV_AGG_VER 0x3 /* uint8_t : aggregation version */ 203 #define FT_FIELD_AGG_VER 0x00000004L 204 #define FT_TLV_AGG_METHOD 0x4 /* uint8_t : aggregation method */ 205 #define FT_FIELD_AGG_METHOD 0x00000008L 206 #define FT_TLV_EXPORTER_IP 0x5 /* uint32_t : IP of exporter */ 207 #define FT_FIELD_EXPORTER_IP 0x00000010L 208 #define FT_TLV_CAP_START 0x6 /* uint32_t : capture start time */ 209 #define FT_FIELD_CAP_START 0x00000020L 210 #define FT_TLV_CAP_END 0x7 /* uint32_t : capture end time */ 211 #define FT_FIELD_CAP_END 0x00000040L 212 #define FT_TLV_HEADER_FLAGS 0x8 /* uint32_t : FT_HEADER_FLAG_* */ 213 #define FT_FIELD_HEADER_FLAGS 0x00000080L 214 #define FT_TLV_ROT_SCHEDULE 0x9 /* uint32_t : rotation schedule */ 215 #define FT_FIELD_ROT_SCHEDULE 0x00000100L 216 #define FT_TLV_FLOW_COUNT 0xA /* uint32_t : num flows */ 217 #define FT_FIELD_FLOW_COUNT 0x00000200L 218 #define FT_TLV_FLOW_LOST 0xB /* uint32_t : lost flows */ 219 #define FT_FIELD_FLOW_LOST 0x00000400L 220 #define FT_TLV_FLOW_MISORDERED 0xC /* uint32_t : misordered flows */ 221 #define FT_FIELD_FLOW_MISORDERED 0x00000800L 222 #define FT_TLV_PKT_CORRUPT 0xD /* uint32_t : corrupt packets */ 223 #define FT_FIELD_PKT_CORRUPT 0x00001000L 224 #define FT_TLV_SEQ_RESET 0xE /* uint32_t : times sequence # was so 225 * far off lost/misordered 226 * state could not be 227 * determined */ 228 #define FT_FIELD_SEQ_RESET 0x00002000L 229 #define FT_TLV_CAP_HOSTNAME 0xF /* string : hostname of capture dev */ 230 #define FT_FIELD_CAP_HOSTNAME 0x00004000L 231 #define FT_TLV_COMMENTS 0x10 /* string : comments */ 232 #define FT_FIELD_COMMENTS 0x00008000L 233 #define FT_TLV_IF_NAME 0x11 /* uint32_t uint16_t string 234 * IP address of device 235 * ifIndex of interface 236 * interface name */ 237 #define FT_FIELD_IF_NAME 0x00010000L 238 #define FT_TLV_IF_ALIAS 0x12 /* uint32_t uint16_t uint16_t string 239 * IP address of device 240 * ifIndex count 241 * ifIndex of interface (count times) 242 * alias name */ 243 #define FT_FIELD_IF_ALIAS 0x00020000L 244 245 #define FT_TLV_INTERRUPT 0x13 /* uint8_t : interrupt processing 246 * code for interrupt (0) */ 247 #define FT_FIELD_INTERRUPT 0x00040000L 248 249 #define FT_VENDOR_CISCO 0x1 /* Cisco exporter */ 250 251 #define FT_CHASH_SORTED 0x1 252 #define FT_CHASH_SORT_ASCENDING 0x2 253 #define FT_CHASH_SORT_16 0x4 254 #define FT_CHASH_SORT_32 0x8 255 #define FT_CHASH_SORT_40 0x10 256 #define FT_CHASH_SORT_64 0x20 257 #define FT_CHASH_SORT_DOUBLE 0x40 258 #define FT_CHASH_SORT_8 0x80 259 260 261 /* possible fields in export */ 262 #define FT_XFIELD_UNIX_SECS 0x0000000000000001LL 263 #define FT_XFIELD_UNIX_NSECS 0x0000000000000002LL 264 #define FT_XFIELD_SYSUPTIME 0x0000000000000004LL 265 #define FT_XFIELD_EXADDR 0x0000000000000008LL 266 267 #define FT_XFIELD_DFLOWS 0x0000000000000010LL 268 #define FT_XFIELD_DPKTS 0x0000000000000020LL 269 #define FT_XFIELD_DOCTETS 0x0000000000000040LL 270 #define FT_XFIELD_FIRST 0x0000000000000080LL 271 272 #define FT_XFIELD_LAST 0x0000000000000100LL 273 #define FT_XFIELD_ENGINE_TYPE 0x0000000000000200LL 274 #define FT_XFIELD_ENGINE_ID 0x0000000000000400LL 275 276 #define FT_XFIELD_SRCADDR 0x0000000000001000LL 277 #define FT_XFIELD_DSTADDR 0x0000000000002000LL 278 279 #define FT_XFIELD_NEXTHOP 0x0000000000010000LL 280 #define FT_XFIELD_INPUT 0x0000000000020000LL 281 #define FT_XFIELD_OUTPUT 0x0000000000040000LL 282 #define FT_XFIELD_SRCPORT 0x0000000000080000LL 283 284 #define FT_XFIELD_DSTPORT 0x0000000000100000LL 285 #define FT_XFIELD_PROT 0x0000000000200000LL 286 #define FT_XFIELD_TOS 0x0000000000400000LL 287 #define FT_XFIELD_TCP_FLAGS 0x0000000000800000LL 288 289 #define FT_XFIELD_SRC_MASK 0x0000000001000000LL 290 #define FT_XFIELD_DST_MASK 0x0000000002000000LL 291 #define FT_XFIELD_SRC_AS 0x0000000004000000LL 292 #define FT_XFIELD_DST_AS 0x0000000008000000LL 293 294 #define FT_XFIELD_IN_ENCAPS 0x0000000010000000LL 295 #define FT_XFIELD_OUT_ENCAPS 0x0000000020000000LL 296 #define FT_XFIELD_PEER_NEXTHOP 0x0000000040000000LL 297 #define FT_XFIELD_ROUTER_SC 0x0000000080000000LL 298 299 #define FT_XFIELD_EXTRA_PKTS 0x0000000100000000LL 300 #define FT_XFIELD_MARKED_TOS 0x0000000200000000LL 301 #define FT_XFIELD_SRC_TAG 0x0000000400000000LL 302 #define FT_XFIELD_DST_TAG 0x0000000800000000LL 303 304 #define FT_XFIELD_V1_MASK 0x0000000000FF31EFLL 305 #define FT_XFIELD_V5_MASK 0x000000000FFF37EFLL 306 #define FT_XFIELD_V6_MASK 0x000000007FFF37EFLL 307 #define FT_XFIELD_V7_MASK 0x000000008FFF37EFLL 308 #define FT_XFIELD_V8_1_MASK 0x000000000C0607FFLL 309 #define FT_XFIELD_V8_2_MASK 0x00000000003807FFLL 310 #define FT_XFIELD_V8_3_MASK 0x00000000050217FFLL 311 #define FT_XFIELD_V8_4_MASK 0x000000000A0427FFLL 312 #define FT_XFIELD_V8_5_MASK 0x000000000F0637FFLL 313 #define FT_XFIELD_V8_6_MASK 0x00000003804427EFLL 314 #define FT_XFIELD_V8_7_MASK 0x00000003804637EFLL 315 #define FT_XFIELD_V8_8_MASK 0x00000003807E37EFLL 316 #define FT_XFIELD_V8_9_MASK 0x000000000C4607FFLL 317 #define FT_XFIELD_V8_10_MASK 0x00000000007807FFLL 318 #define FT_XFIELD_V8_11_MASK 0x00000000054217FFLL 319 #define FT_XFIELD_V8_12_MASK 0x000000000A4427FFLL 320 #define FT_XFIELD_V8_13_MASK 0x000000000F4637FFLL 321 #define FT_XFIELD_V8_14_MASK 0x00000000037E37FFLL 322 #define FT_XFIELD_V1005_MASK 0x0000000C0FFF37EFLL 323 #define FT_XFIELD_TAGGING_MASK 0x000000000FFF37EFLL 324 325 #define FT_XFIELD_ASC_UNIX_SECS "unix_secs" 326 #define FT_XFIELD_ASC_UNIX_NSECS "unix_nsecs" 327 #define FT_XFIELD_ASC_SYSUPTIME "sysuptime" 328 #define FT_XFIELD_ASC_EXADDR "exaddr" 329 330 #define FT_XFIELD_ASC_DFLOWS "dflows" 331 #define FT_XFIELD_ASC_DPKTS "dpkts" 332 #define FT_XFIELD_ASC_DOCTETS "doctets" 333 #define FT_XFIELD_ASC_FIRST "first" 334 335 #define FT_XFIELD_ASC_LAST "last" 336 #define FT_XFIELD_ASC_ENGINE_TYPE "engine_type" 337 #define FT_XFIELD_ASC_ENGINE_ID "engine_id" 338 339 #define FT_XFIELD_ASC_SRCADDR "srcaddr" 340 #define FT_XFIELD_ASC_DSTADDR "dstaddr" 341 342 #define FT_XFIELD_ASC_NEXTHOP "nexthop" 343 #define FT_XFIELD_ASC_INPUT "input" 344 #define FT_XFIELD_ASC_OUTPUT "output" 345 #define FT_XFIELD_ASC_SRCPORT "srcport" 346 347 #define FT_XFIELD_ASC_DSTPORT "dstport" 348 #define FT_XFIELD_ASC_PROT "prot" 349 #define FT_XFIELD_ASC_TOS "tos" 350 #define FT_XFIELD_ASC_TCP_FLAGS "tcp_flags" 351 352 #define FT_XFIELD_ASC_SRC_MASK "src_mask" 353 #define FT_XFIELD_ASC_DST_MASK "dst_mask" 354 #define FT_XFIELD_ASC_SRC_AS "src_as" 355 #define FT_XFIELD_ASC_DST_AS "dst_as" 356 357 #define FT_XFIELD_ASC_IN_ENCAPS "in_encaps" 358 #define FT_XFIELD_ASC_OUT_ENCAPS "out_encaps" 359 #define FT_XFIELD_ASC_PEER_NEXTHOP "peer_nexthop" 360 #define FT_XFIELD_ASC_ROUTER_SC "router_sc" 361 362 #define FT_XFIELD_ASC_MARKED_TOS "marked_tos" 363 #define FT_XFIELD_ASC_EXTRA_PKTS "extra_pkts" 364 #define FT_XFIELD_ASC_SRC_TAG "src_tag" 365 #define FT_XFIELD_ASC_DST_TAG "dst_tag" 366 367 struct ftipmask { 368 uint32_t src_mask; 369 uint32_t dst_mask; 370 uint32_t mcast_mask; 371 uint32_t mcast_val; 372 }; 373 374 375 struct fttlv { 376 uint16_t t, l; /* type, length */ 377 char *v; /* value */ 378 }; 379 380 struct ftprof { 381 struct timeval t0; /* start time */ 382 struct timeval t1; /* end time */ 383 struct rusage r0; /* system resources used */ 384 uint64_t nflows; /* total # of flows processed */ 385 }; 386 387 struct ftset { 388 int byte_order; 389 int z_level; 390 char *hostname; 391 char *comments; 392 char hnbuf[FT_HOSTNAME_LEN]; 393 uint16_t as_sub; 394 }; 395 396 struct fttime { 397 time_t secs; 398 time_t msecs; 399 }; 400 401 struct ftver { 402 uint8_t s_version; 403 uint8_t agg_version; 404 uint8_t agg_method; 405 uint8_t set; 406 uint16_t d_version; 407 }; 408 409 struct ftdecode { 410 char buf[FT_IO_MAXDECODE]; /* buffer PDU decoded into - num records */ 411 int count; /* number of stream records */ 412 int rec_size; /* size of stream record */ 413 int byte_order; /* byte order to decode to */ 414 uint32_t exporter_ip; /* ip address of exporter */ 415 uint16_t as_sub; /* replace AS0 with this */ 416 }; 417 418 struct ftencode { 419 char buf[FT_IO_MAXENCODE]; /* buffer stream encodes into */ 420 char *buf_enc; /* actual encode buffer, will not be &buf if 421 FT_ENC_FLAGS_IPHDR is set */ 422 int buf_size; /* bytes used in buf_enc */ 423 struct ftver ver; /* version of stream encoding */ 424 uint32_t seq_next[65536]; /* sequence number for each engine_type & id */ 425 int flags; /* FT_ENC_FLAGS */ 426 int d_sum; /* data checksum for buf_enc */ 427 }; 428 429 struct ftpdu { 430 char buf[FT_RCV_BUFSIZE]; /* raw packet */ 431 int bused; /* length of buf used */ 432 struct ftver ftv; /* version of PDU */ 433 struct ftdecode ftd; /* decoded records */ 434 int (*decodef) /* decode function */ 435 (struct ftpdu *ftpdu); 436 }; 437 438 struct ftseq { 439 uint32_t seq[65536]; /* sequence number for each engine_type & id */ 440 uint8_t seq_set[65536]; /* initial sequence number received? */ 441 uint32_t seq_rcv, seq_exp, 442 seq_lost; /* sequence # received / expecting / lost */ 443 }; 444 445 struct ftheader_gen { 446 uint8_t magic1; /* 0xCF */ 447 uint8_t magic2; /* 0x10 (cisco flow) */ 448 uint8_t byte_order; /* 1 for little endian (VAX) */ 449 /* 2 for big endian (Motorolla) */ 450 uint8_t s_version; /* flow stream format version 1 or 3 */ 451 }; 452 453 struct ftnet { 454 struct sockaddr_in loc_addr; /* local side */ 455 struct sockaddr_in rem_addr; /* remote side (exporter) */ 456 uint32_t loc_ip; /* local IP */ 457 uint32_t rem_ip; /* remote IP */ 458 uint16_t dst_port; /* exporter UDP destination port */ 459 int fd; /* fd receiving flows on */ 460 struct mymsghdr msg; /* recvmsg data */ 461 struct { 462 #ifdef IP_RECVDSTADDR 463 #ifdef CMSG_DATA 464 char cbuf[CMSG_SPACE(sizeof(struct sockaddr_storage))]; 465 #else 466 struct cmsghdr hdr; 467 struct in_addr ip; 468 #endif /* CMSG_DATA */ 469 #else 470 #ifdef IP_PKTINFO 471 struct cmsghdr hdr; 472 struct in_pktinfo pktinfo; 473 #endif /* else */ 474 #endif /* IP RECVDSTADDR */ 475 } msgip; 476 struct iovec iov[1]; /* msg buffer */ 477 }; 478 479 struct ftmap_ifalias { 480 uint32_t ip; 481 uint16_t entries; 482 uint16_t *ifIndex_list; 483 char *name; 484 FT_LIST_ENTRY (ftmap_ifalias) chain; 485 }; 486 487 struct ftmap_ifname { 488 uint32_t ip; 489 uint16_t ifIndex; 490 char *name; 491 FT_LIST_ENTRY (ftmap_ifname) chain; 492 }; 493 494 struct ftmap { 495 FT_LIST_HEAD(ftmap_ifaliash, ftmap_ifalias) ifalias; 496 FT_LIST_HEAD(ftmap_ifnameh, ftmap_ifname) ifname; 497 }; 498 499 #define FT_TAG_TYPE_MATCH_SRC_AS 0x1 500 #define FT_TAG_TYPE_MATCH_DST_AS 0x2 501 #define FT_TAG_TYPE_MATCH_AS 0x3 502 #define FT_TAG_TYPE_MATCH_TOS 0x4 503 #define FT_TAG_TYPE_MATCH_NEXTHOP 0x8 504 505 #define FT_TAG_TYPE_MATCH_SRC_PREFIX 0x10 506 #define FT_TAG_TYPE_MATCH_DST_PREFIX 0x20 507 #define FT_TAG_TYPE_MATCH_PREFIX 0x30 508 #define FT_TAG_TYPE_MATCH_ANY 0x40 509 #define FT_TAG_TYPE_MATCH_EXPORTER 0x80 510 511 #define FT_TAG_TYPE_MATCH_SRC_TCP_PORT 0x100 512 #define FT_TAG_TYPE_MATCH_DST_TCP_PORT 0x200 513 #define FT_TAG_TYPE_MATCH_TCP_PORT 0x300 514 #define FT_TAG_TYPE_MATCH_SRC_IP 0x400 515 #define FT_TAG_TYPE_MATCH_DST_IP 0x800 516 #define FT_TAG_TYPE_MATCH_IP 0xC00 517 518 #define FT_TAG_TYPE_MATCH_SRC_UDP_PORT 0x1000 519 #define FT_TAG_TYPE_MATCH_DST_UDP_PORT 0x2000 520 #define FT_TAG_TYPE_MATCH_UDP_PORT 0x3000 521 #define FT_TAG_TYPE_MATCH_IN_INTERFACE 0x4000 522 #define FT_TAG_TYPE_MATCH_OUT_INTERFACE 0x8000 523 #define FT_TAG_TYPE_MATCH_INTERFACE 0xC000 524 525 #define FT_TAG_DEF_FILTER_EXPORTER 0x1 526 #define FT_TAG_DEF_FILTER_INPUT 0x2 527 #define FT_TAG_DEF_FILTER_OUTPUT 0x4 528 #define FT_TAG_DEF_ACTIVE_DEFAULT 0x8 /* default_defs list is not empty */ 529 #define FT_TAG_DEF_ACTIVE_HASH 0x10 /* exp_hash is not empty */ 530 531 532 #define FT_TAG_SET_DST_TAG 0x001 533 #define FT_TAG_SET_SRC_TAG 0x002 534 #define FT_TAG_SET_TAG 0x003 535 536 #define FT_TAG_OR_DST_TAG 0x004 537 #define FT_TAG_OR_SRC_TAG 0x008 538 #define FT_TAG_OR_TAG 0x00C 539 540 struct fttag { 541 FT_SLIST_HEAD(defshead, fttag_def) defs; /* list of definitions */ 542 FT_SLIST_HEAD(acthead, fttag_action) actions; /* list of actions */ 543 int flags; 544 }; 545 546 struct ftxfield_table { 547 char *name; 548 uint64_t val; 549 }; 550 551 /* internal representation of header */ 552 struct ftiheader { 553 uint32_t size; /* size of header written */ 554 uint32_t fields; /* decoded fields - FT_FIELD_* */ 555 uint8_t magic1; /* 0xCF */ 556 uint8_t magic2; /* 0xL0 (cisco flow) */ 557 uint8_t byte_order; /* 1 for little endian (VAX) */ 558 /* 2 for big endian (Motorolla) */ 559 uint8_t s_version; /* flow stream format version 1 or 2 */ 560 uint16_t d_version; /* 1 or 5 - stream version 1 */ 561 /* 1,5,7,8 - stream version 2 */ 562 uint8_t agg_version; /* v8 aggregation version */ 563 uint8_t agg_method; /* v8 aggregation method */ 564 uint32_t exporter_ip; /* IP address of exporter */ 565 uint32_t cap_start; /* start time of flow capture */ 566 uint32_t cap_end; /* end time of flow capture */ 567 uint32_t flags; /* FT_HEADER_FLAG_* */ 568 uint32_t rotation; /* rotation schedule */ 569 uint32_t flows_count; /* # flows */ 570 uint32_t flows_lost; /* # lost flows */ 571 uint32_t flows_misordered; /* # misordered flows */ 572 uint32_t pkts_corrupt; /* # corrupt packets */ 573 uint32_t seq_reset; /* # times sequence # was so far off 574 * lost/misordered state could not be 575 * guessed */ 576 uint8_t vendor; /* vendor ID FT_VENDOR */ 577 uint8_t filler1; 578 uint16_t filler2; 579 char *cap_hostname; /* hostname of capture device */ 580 char *comments; /* comments */ 581 struct ftmap *ftmap; /* mappings */ 582 uint32_t enc_len; /* length of encoded header */ 583 }; 584 585 586 struct fts1header { 587 /* 588 * following four 4 fields are not byte order dependent 589 */ 590 uint8_t magic1; /* 0xCF */ 591 uint8_t magic2; /* 0xL0 (cisco flow) */ 592 uint8_t byte_order; /* 1 for little endian (VAX) */ 593 /* 2 for big endian (Motorolla) */ 594 uint8_t s_version; /* flow stream format version 1 or 2 */ 595 /* 596 * byte order specified by byte_order 597 */ 598 uint16_t d_version; /* 1 or 5 - stream version 1 */ 599 /* 1,5,7,8 - stream version 2 */ 600 uint32_t start; /* start time of flow capture */ 601 uint32_t end; /* end time of flow capture */ 602 uint32_t flags; /* FT_HEADER_FLAG_* */ 603 uint32_t rotation; /* rotation schedule */ 604 uint32_t nflows; /* # of flows */ 605 uint32_t pdu_drops; /* # of dropped pdu's detected */ 606 uint32_t pdu_misordered; /* # of detected misordered packets */ 607 char hostname[FT_HEADER1_HN_LEN]; /* 0 terminated name of capture device */ 608 char comments[FT_HEADER1_CMNT_LEN]; /* 0 terminated ascii comments */ 609 }; 610 611 /* offsets to all possible entries in export structure */ 612 613 struct fts3rec_offsets { 614 struct ftver ftv; 615 uint64_t xfields; 616 uint16_t unix_secs; 617 uint16_t unix_nsecs; 618 uint16_t sysUpTime; 619 uint16_t exaddr; 620 uint16_t srcaddr; 621 uint16_t dstaddr; 622 uint16_t nexthop; 623 uint16_t input; 624 uint16_t output; 625 uint16_t dFlows; 626 uint16_t dPkts; 627 uint16_t dOctets; 628 uint16_t First; 629 uint16_t Last; 630 uint16_t srcport; 631 uint16_t dstport; 632 uint16_t prot; 633 uint16_t tos; 634 uint16_t tcp_flags; 635 uint16_t pad; 636 uint16_t engine_type; 637 uint16_t engine_id; 638 uint16_t src_mask; 639 uint16_t dst_mask; 640 uint16_t src_as; 641 uint16_t dst_as; 642 uint16_t in_encaps; 643 uint16_t out_encaps; 644 uint16_t peer_nexthop; 645 uint16_t router_sc; 646 uint16_t src_tag; 647 uint16_t dst_tag; 648 uint16_t extra_pkts; 649 uint16_t marked_tos; 650 }; 651 652 /* "all" fields */ 653 struct fts3rec_all { 654 uint32_t *unix_secs; 655 uint32_t *unix_nsecs; 656 uint32_t *sysUpTime; 657 uint32_t *exaddr; 658 uint32_t *srcaddr; 659 uint32_t *dstaddr; 660 uint32_t *nexthop; 661 uint16_t *input; 662 uint16_t *output; 663 uint32_t *dFlows; 664 uint32_t *dPkts; 665 uint32_t *dOctets; 666 uint32_t *First; 667 uint32_t *Last; 668 uint16_t *srcport; 669 uint16_t *dstport; 670 uint8_t *prot; 671 uint8_t *tos; 672 uint8_t *tcp_flags; 673 uint8_t *engine_type; 674 uint8_t *engine_id; 675 uint8_t *src_mask; 676 uint8_t *dst_mask; 677 uint16_t *src_as; 678 uint16_t *dst_as; 679 uint8_t *in_encaps; 680 uint8_t *out_encaps; 681 uint32_t *peer_nexthop; 682 uint32_t *router_sc; 683 uint32_t *src_tag; 684 uint32_t *dst_tag; 685 uint32_t *extra_pkts; 686 uint8_t *marked_tos; 687 }; 688 689 /* "all" fields */ 690 struct fts3rec_all2 { 691 uint64_t dFlows64; 692 uint64_t dPkts64; 693 uint64_t dOctets64; 694 uint32_t unix_secs; 695 uint32_t unix_nsecs; 696 uint32_t sysUpTime; 697 uint32_t exaddr; 698 uint32_t srcaddr; 699 uint32_t dstaddr; 700 uint32_t nexthop; 701 uint16_t input; 702 uint16_t output; 703 uint32_t dFlows; 704 uint32_t dPkts; 705 uint32_t dOctets; 706 uint32_t First; 707 uint32_t Last; 708 uint16_t srcport; 709 uint16_t dstport; 710 uint8_t prot; 711 uint8_t tos; 712 uint8_t tcp_flags; 713 uint8_t engine_type; 714 uint8_t engine_id; 715 uint8_t src_mask; 716 uint8_t dst_mask; 717 uint16_t src_as; 718 uint16_t dst_as; 719 uint8_t in_encaps; 720 uint8_t out_encaps; 721 uint32_t peer_nexthop; 722 uint32_t router_sc; 723 uint32_t src_tag; 724 uint32_t dst_tag; 725 uint32_t extra_pkts; 726 uint8_t marked_tos; 727 }; 728 729 #define FT_RECGET_UNIX_SECS(A,B,C) A.unix_secs =\ 730 *((uint32_t*)(B+(C).unix_secs)); 731 #define FT_RECGET_UNIX_NSECS(A,B,C) A.unix_nsecs =\ 732 *((uint32_t*)(B+(C).unix_nsecs)); 733 #define FT_RECGET_SYSUPTIME(A,B,C) A.sysUpTime =\ 734 *((uint32_t*)(B+(C).sysUpTime)); 735 #define FT_RECGET_EXADDR(A,B,C) A.exaddr =\ 736 *((uint32_t*)(B+(C).exaddr)); 737 #define FT_RECGET_DFLOWS(A,B,C) A.dFlows =\ 738 *((uint32_t*)(B+(C).dFlows)); 739 #define FT_RECGET64_DFLOWS(A,B,C) A.dFlows64 =\ 740 *((uint32_t*)(B+(C).dFlows)); 741 #define FT_RECGET_DPKTS(A,B,C) A.dPkts =\ 742 *((uint32_t*)(B+(C).dPkts)); 743 #define FT_RECGET64_DPKTS(A,B,C) A.dPkts64 =\ 744 *((uint32_t*)(B+(C).dPkts)); 745 #define FT_RECGET_DOCTETS(A,B,C) A.dOctets =\ 746 *((uint32_t*)(B+(C).dOctets)); 747 #define FT_RECGET64_DOCTETS(A,B,C) A.dOctets64 =\ 748 *((uint32_t*)(B+(C).dOctets)); 749 #define FT_RECGET_FIRST(A,B,C) A.First =\ 750 *((uint32_t*)(B+(C).First)); 751 #define FT_RECGET_LAST(A,B,C) A.Last =\ 752 *((uint32_t*)(B+(C).Last)); 753 #define FT_RECGET_ENGINE_TYPE(A,B,C) A.engine_type =\ 754 *((uint8_t*)(B+(C).engine_type)); 755 #define FT_RECGET_ENGINE_ID(A,B,C) A.engine_id =\ 756 *((uint8_t*)(B+(C).engine_id)); 757 #define FT_RECGET_SRCADDR(A,B,C) A.srcaddr =\ 758 *((uint32_t*)(B+(C).srcaddr)); 759 #define FT_RECGET_DSTADDR(A,B,C) A.dstaddr =\ 760 *((uint32_t*)(B+(C).dstaddr)); 761 #define FT_RECGET_NEXTHOP(A,B,C) A.nexthop =\ 762 *((uint32_t*)(B+(C).nexthop)); 763 #define FT_RECGET_INPUT(A,B,C) A.input =\ 764 *((uint16_t*)(B+(C).input)); 765 #define FT_RECGET_OUTPUT(A,B,C) A.output =\ 766 *((uint16_t*)(B+(C).output)); 767 #define FT_RECGET_SRCPORT(A,B,C) A.srcport =\ 768 *((uint16_t*)(B+(C).srcport)); 769 #define FT_RECGET_DSTPORT(A,B,C) A.dstport =\ 770 *((uint16_t*)(B+(C).dstport)); 771 #define FT_RECGET_PROT(A,B,C) A.prot =\ 772 *((uint8_t*)(B+(C).prot)); 773 #define FT_RECGET_TOS(A,B,C) A.tos =\ 774 *((uint8_t*)(B+(C).tos)); 775 #define FT_RECGET_TCP_FLAGS(A,B,C) A.tcp_flags =\ 776 *((uint8_t*)(B+(C).tcp_flags)); 777 #define FT_RECGET_SRC_MASK(A,B,C) A.src_mask =\ 778 *((uint8_t*)(B+(C).src_mask)); 779 #define FT_RECGET_DST_MASK(A,B,C) A.dst_mask =\ 780 *((uint8_t*)(B+(C).dst_mask)); 781 #define FT_RECGET_SRC_AS(A,B,C) A.src_as =\ 782 *((uint16_t*)(B+(C).src_as)); 783 #define FT_RECGET_DST_AS(A,B,C) A.dst_as =\ 784 *((uint16_t*)(B+(C).dst_as)); 785 #define FT_RECGET_IN_ENCAPS(A,B,C) A.in_encaps =\ 786 *((uint8_t*)(B+(C).in_encaps)); 787 #define FT_RECGET_OUT_ENCAPS(A,B,C) A.out_encaps =\ 788 *((uint8_t*)(B+(C).out_encaps)); 789 #define FT_RECGET_PEER_NEXTHOP(A,B,C) A.peer_nexthop =\ 790 *((uint32_t*)(B+(C).peer_nexthop)); 791 #define FT_RECGET_EXTRA_PKTS(A,B,C) A.extra_pkts =\ 792 *((uint32_t*)(B+(C).extra_pkts)); 793 #define FT_RECGET_MARKED_TOS(A,B,C) A.marked_tos =\ 794 *((uint8_t*)(B+(C).marked_tos)); 795 #define FT_RECGET_SRC_TAG(A,B,C) A.src_tag =\ 796 *((uint32_t*)(B+(C).src_tag)); 797 #define FT_RECGET_DST_TAG(A,B,C) A.dst_tag =\ 798 *((uint32_t*)(B+(C).dst_tag)); 799 800 struct fts3rec_gen { 801 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 802 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 803 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 804 uint32_t exaddr; /* Exporter IP address */ 805 uint32_t srcaddr; /* Source IP Address */ 806 uint32_t dstaddr; /* Destination IP Address */ 807 uint32_t nexthop; /* Next hop router's IP Address */ 808 uint16_t input; /* Input interface index */ 809 uint16_t output; /* Output interface index */ 810 uint32_t dPkts; /* Packets sent in Duration */ 811 uint32_t dOctets; /* Octets sent in Duration. */ 812 uint32_t First; /* SysUptime at start of flow */ 813 uint32_t Last; /* and of last packet of flow */ 814 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 815 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 816 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 817 uint8_t tos; /* IP Type-of-Service */ 818 uint8_t tcp_flags; /* OR of TCP header bits */ 819 uint8_t pad; 820 }; 821 822 struct fts3rec_v5_gen { 823 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 824 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 825 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 826 uint32_t exaddr; /* Exporter IP address */ 827 uint32_t srcaddr; /* Source IP Address */ 828 uint32_t dstaddr; /* Destination IP Address */ 829 uint32_t nexthop; /* Next hop router's IP Address */ 830 uint16_t input; /* Input interface index */ 831 uint16_t output; /* Output interface index */ 832 uint32_t dPkts; /* Packets sent in Duration */ 833 uint32_t dOctets; /* Octets sent in Duration. */ 834 uint32_t First; /* SysUptime at start of flow */ 835 uint32_t Last; /* and of last packet of flow */ 836 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 837 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 838 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 839 uint8_t tos; /* IP Type-of-Service */ 840 uint8_t tcp_flags; /* OR of TCP header bits */ 841 uint8_t pad; 842 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 843 uint8_t engine_id; /* Slot number of the flow switching engine */ 844 uint8_t src_mask; /* mask length of source address */ 845 uint8_t dst_mask; /* mask length of destination address */ 846 uint16_t src_as; /* AS of source address */ 847 uint16_t dst_as; /* AS of destination address */ 848 }; 849 850 struct fts3rec_v1 { 851 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 852 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 853 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 854 uint32_t exaddr; /* Exporter IP address */ 855 uint32_t srcaddr; /* Source IP Address */ 856 uint32_t dstaddr; /* Destination IP Address */ 857 uint32_t nexthop; /* Next hop router's IP Address */ 858 uint16_t input; /* Input interface index */ 859 uint16_t output; /* Output interface index */ 860 uint32_t dPkts; /* Packets sent in Duration */ 861 uint32_t dOctets; /* Octets sent in Duration. */ 862 uint32_t First; /* SysUptime at start of flow */ 863 uint32_t Last; /* and of last packet of flow */ 864 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 865 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 866 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 867 uint8_t tos; /* IP Type-of-Service */ 868 uint8_t tcp_flags; /* OR of TCP header bits */ 869 uint8_t pad; 870 uint32_t reserved; 871 }; 872 873 /* note the v5 struct is a subset of v6 and v7. v6 and v7 are assumed 874 * to be in the same order so the engine_* src_mask, dst_mask, src_as and 875 * dst_as are in the same place. v5 is like a generic v5, v6, v7 876 */ 877 struct fts3rec_v5 { 878 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 879 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 880 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 881 uint32_t exaddr; /* Exporter IP address */ 882 uint32_t srcaddr; /* Source IP Address */ 883 uint32_t dstaddr; /* Destination IP Address */ 884 uint32_t nexthop; /* Next hop router's IP Address */ 885 uint16_t input; /* Input interface index */ 886 uint16_t output; /* Output interface index */ 887 uint32_t dPkts; /* Packets sent in Duration */ 888 uint32_t dOctets; /* Octets sent in Duration. */ 889 uint32_t First; /* SysUptime at start of flow */ 890 uint32_t Last; /* and of last packet of flow */ 891 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 892 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 893 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 894 uint8_t tos; /* IP Type-of-Service */ 895 uint8_t tcp_flags; /* OR of TCP header bits */ 896 uint8_t pad; 897 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 898 uint8_t engine_id; /* Slot number of the flow switching engine */ 899 uint8_t src_mask; /* mask length of source address */ 900 uint8_t dst_mask; /* mask length of destination address */ 901 uint16_t src_as; /* AS of source address */ 902 uint16_t dst_as; /* AS of destination address */ 903 }; 904 905 struct fts3rec_v6 { 906 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 907 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 908 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 909 uint32_t exaddr; /* Exporter IP address */ 910 uint32_t srcaddr; /* Source IP Address */ 911 uint32_t dstaddr; /* Destination IP Address */ 912 uint32_t nexthop; /* Next hop router's IP Address */ 913 uint16_t input; /* Input interface index */ 914 uint16_t output; /* Output interface index */ 915 uint32_t dPkts; /* Packets sent in Duration */ 916 uint32_t dOctets; /* Octets sent in Duration. */ 917 uint32_t First; /* SysUptime at start of flow */ 918 uint32_t Last; /* and of last packet of flow */ 919 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 920 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 921 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 922 uint8_t tos; /* IP Type-of-Service */ 923 uint8_t tcp_flags; /* OR of TCP header bits */ 924 uint8_t pad; 925 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 926 uint8_t engine_id; /* Slot number of the flow switching engine */ 927 uint8_t src_mask; /* mask length of source address */ 928 uint8_t dst_mask; /* mask length of destination address */ 929 uint16_t src_as; /* AS of source address */ 930 uint16_t dst_as; /* AS of destination address */ 931 uint8_t in_encaps; /* size in bytes of the input encapsulation */ 932 uint8_t out_encaps; /* size in bytes of the output encapsulation */ 933 uint16_t pad2; 934 uint32_t peer_nexthop; /* IP address of the next hop within the peer */ 935 }; 936 937 struct fts3rec_v7 { 938 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 939 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 940 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 941 uint32_t exaddr; /* Exporter IP address */ 942 uint32_t srcaddr; /* Source IP Address */ 943 uint32_t dstaddr; /* Destination IP Address */ 944 uint32_t nexthop; /* Next hop router's IP Address */ 945 uint16_t input; /* Input interface index */ 946 uint16_t output; /* Output interface index */ 947 uint32_t dPkts; /* Packets sent in Duration */ 948 uint32_t dOctets; /* Octets sent in Duration. */ 949 uint32_t First; /* SysUptime at start of flow */ 950 uint32_t Last; /* and of last packet of flow */ 951 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 952 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 953 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 954 uint8_t tos; /* IP Type-of-Service */ 955 uint8_t tcp_flags; /* OR of TCP header bits */ 956 uint8_t flags; /* Reason flow discarded, etc */ 957 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 958 uint8_t engine_id; /* Slot number of the flow switching engine */ 959 uint8_t src_mask; /* mask length of source address */ 960 uint8_t dst_mask; /* mask length of destination address */ 961 uint16_t src_as; /* AS of source address */ 962 uint16_t dst_as; /* AS of destination address */ 963 uint32_t router_sc; /* ID of router shortcut by switch */ 964 }; 965 966 struct fts3rec_v8_1 { 967 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 968 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 969 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 970 uint32_t exaddr; /* Exporter IP address */ 971 uint32_t dFlows; /* Number of flows */ 972 uint32_t dPkts; /* Packets sent in duration */ 973 uint32_t dOctets; /* Octets sent in duration */ 974 uint32_t First; /* SysUpTime at start of flow */ 975 uint32_t Last; /* and of last packet of flow */ 976 uint16_t src_as; /* originating AS of source address */ 977 uint16_t dst_as; /* originating AS of destination address */ 978 uint16_t input; /* input interface index */ 979 uint16_t output; /* output interface index */ 980 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 981 uint8_t engine_id; /* Slot number of the flow switching engine */ 982 uint16_t pad; 983 }; 984 985 986 struct fts3rec_v8_2 { 987 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 988 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 989 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 990 uint32_t exaddr; /* Exporter IP address */ 991 uint32_t dFlows; /* Number of flows */ 992 uint32_t dPkts; /* Packets sent in duration */ 993 uint32_t dOctets; /* Octets sent in duration */ 994 uint32_t First; /* SysUpTime at start of flow */ 995 uint32_t Last; /* and of last packet of flow */ 996 uint8_t prot; /* IP protocol */ 997 uint8_t pad; 998 uint16_t reserved; 999 uint16_t srcport; /* TCP/UDP source port number of equivalent */ 1000 uint16_t dstport; /* TCP/UDP dst port number of equivalent */ 1001 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1002 uint8_t engine_id; /* Slot number of the flow switching engine */ 1003 uint16_t pad2; 1004 }; 1005 1006 struct fts3rec_v8_3 { 1007 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1008 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1009 uint32_t exaddr; /* Exporter IP address */ 1010 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1011 uint32_t dFlows; /* Number of flows */ 1012 uint32_t dPkts; /* Packets sent in duration */ 1013 uint32_t dOctets; /* Octets sent in duration */ 1014 uint32_t First; /* SysUpTime at start of flow */ 1015 uint32_t Last; /* and of last packet of flow */ 1016 uint32_t srcaddr; 1017 uint8_t src_mask; 1018 uint8_t pad; 1019 uint16_t src_as; 1020 uint16_t input; 1021 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1022 uint8_t engine_id; /* Slot number of the flow switching engine */ 1023 }; 1024 1025 struct fts3rec_v8_4 { 1026 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1027 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1028 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1029 uint32_t exaddr; /* Exporter IP address */ 1030 uint32_t dFlows; /* Number of flows */ 1031 uint32_t dPkts; /* Packets sent in duration */ 1032 uint32_t dOctets; /* Octets sent in duration */ 1033 uint32_t First; /* SysUpTime at start of flow */ 1034 uint32_t Last; /* and of last packet of flow */ 1035 uint32_t dstaddr; 1036 uint8_t dst_mask; 1037 uint8_t pad; 1038 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1039 uint8_t engine_id; /* Slot number of the flow switching engine */ 1040 uint16_t dst_as; 1041 uint16_t output; 1042 }; 1043 1044 struct fts3rec_v8_5 { 1045 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1046 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1047 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1048 uint32_t exaddr; /* Exporter IP address */ 1049 uint32_t dFlows; /* Number of flows */ 1050 uint32_t dPkts; /* Packets sent in duration */ 1051 uint32_t dOctets; /* Octets sent in duration */ 1052 uint32_t First; /* SysUpTime at start of flow */ 1053 uint32_t Last; /* and of last packet of flow */ 1054 uint32_t srcaddr; 1055 uint32_t dstaddr; 1056 uint8_t dst_mask; 1057 uint8_t src_mask; 1058 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1059 uint8_t engine_id; /* Slot number of the flow switching engine */ 1060 uint16_t src_as; 1061 uint16_t dst_as; 1062 uint16_t input; 1063 uint16_t output; 1064 }; 1065 1066 struct fts3rec_v8_6 { 1067 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1068 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1069 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1070 uint32_t exaddr; /* Exporter IP address */ 1071 uint32_t dPkts; /* Packets sent in duration */ 1072 uint32_t dOctets; /* Octets sent in duration */ 1073 uint32_t First; /* SysUpTime at start of flow */ 1074 uint32_t Last; /* and of last packet of flow */ 1075 uint32_t dstaddr; /* destination IP address */ 1076 uint32_t extra_pkts; /* packets that exceed the contract */ 1077 uint32_t router_sc; /* IP address of the router being shortcut */ 1078 uint16_t output; /* output interface index */ 1079 uint16_t pad; 1080 uint8_t tos; /* tos */ 1081 uint8_t marked_tos; /* tos of pkts that exceeded the contract */ 1082 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1083 uint8_t engine_id; /* Slot number of the flow switching engine */ 1084 }; 1085 1086 struct fts3rec_v8_7 { 1087 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1088 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1089 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1090 uint32_t exaddr; /* Exporter IP address */ 1091 uint32_t dPkts; /* Packets sent in duration */ 1092 uint32_t dOctets; /* Octets sent in duration */ 1093 uint32_t First; /* SysUpTime at start of flow */ 1094 uint32_t Last; /* and of last packet of flow */ 1095 uint32_t dstaddr; /* destination IP address */ 1096 uint32_t srcaddr; /* source IP address */ 1097 uint32_t extra_pkts; /* packets that exceed the contract */ 1098 uint32_t router_sc; /* IP address of the router being shortcut */ 1099 uint16_t output; /* output interface index */ 1100 uint16_t input; /* input interface index */ 1101 uint8_t tos; /* tos */ 1102 uint8_t marked_tos; /* tos of pkts that exceeded the contract */ 1103 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1104 uint8_t engine_id; /* Slot number of the flow switching engine */ 1105 }; 1106 1107 struct fts3rec_v8_8 { 1108 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1109 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1110 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1111 uint32_t exaddr; /* Exporter IP address */ 1112 uint32_t dPkts; /* Packets sent in duration */ 1113 uint32_t dOctets; /* Octets sent in duration */ 1114 uint32_t First; /* SysUpTime at start of flow */ 1115 uint32_t Last; /* and of last packet of flow */ 1116 uint32_t dstaddr; /* destination IP address */ 1117 uint32_t srcaddr; /* source IP address */ 1118 uint32_t extra_pkts; /* packets that exceed the contract */ 1119 uint32_t router_sc; /* IP address of the router being shortcut */ 1120 uint16_t dstport; /* TCP/UDP destination port */ 1121 uint16_t srcport; /* TCP/UDP source port */ 1122 uint16_t output; /* output interface index */ 1123 uint16_t input; /* input interface index */ 1124 uint8_t tos; /* tos */ 1125 uint8_t marked_tos; /* tos of pkts that exceeded the contract */ 1126 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1127 uint8_t engine_id; /* Slot number of the flow switching engine */ 1128 uint8_t prot; /* IP protocol */ 1129 uint8_t pad1; 1130 uint16_t pad2; 1131 }; 1132 1133 struct fts3rec_v8_9 { 1134 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1135 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1136 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1137 uint32_t exaddr; /* Exporter IP address */ 1138 uint32_t dFlows; /* Number of flows */ 1139 uint32_t dPkts; /* Packets sent in duration */ 1140 uint32_t dOctets; /* Octets sent in duration */ 1141 uint32_t First; /* SysUpTime at start of flow */ 1142 uint32_t Last; /* and of last packet of flow */ 1143 uint16_t src_as; /* originating AS of source address */ 1144 uint16_t dst_as; /* originating AS of destination address */ 1145 uint16_t input; /* input interface index */ 1146 uint16_t output; /* output interface index */ 1147 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1148 uint8_t engine_id; /* Slot number of the flow switching engine */ 1149 uint8_t tos; /* ToS */ 1150 uint8_t pad; 1151 }; 1152 1153 struct fts3rec_v8_10 { 1154 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1155 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1156 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1157 uint32_t exaddr; /* Exporter IP address */ 1158 uint32_t dFlows; /* Number of flows */ 1159 uint32_t dPkts; /* Packets sent in duration */ 1160 uint32_t dOctets; /* Octets sent in duration */ 1161 uint32_t First; /* SysUpTime at start of flow */ 1162 uint32_t Last; /* and of last packet of flow */ 1163 uint16_t srcport; /* TCP/UDP source port number of equivalent */ 1164 uint16_t dstport; /* TCP/UDP dst port number of equivalent */ 1165 uint16_t input; /* input interface index */ 1166 uint16_t output; /* output interface index */ 1167 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1168 uint8_t engine_id; /* Slot number of the flow switching engine */ 1169 uint8_t prot; /* IP protocol */ 1170 uint8_t tos; /* ToS */ 1171 }; 1172 1173 struct fts3rec_v8_11 { 1174 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1175 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1176 uint32_t exaddr; /* Exporter IP address */ 1177 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1178 uint32_t dFlows; /* Number of flows */ 1179 uint32_t dPkts; /* Packets sent in duration */ 1180 uint32_t dOctets; /* Octets sent in duration */ 1181 uint32_t First; /* SysUpTime at start of flow */ 1182 uint32_t Last; /* and of last packet of flow */ 1183 uint32_t srcaddr; /* Source Prefix */ 1184 uint8_t src_mask; /* Source Prefix mask length */ 1185 uint8_t tos; /* ToS */ 1186 uint16_t src_as; /* Source AS */ 1187 uint16_t input; /* input interface index */ 1188 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1189 uint8_t engine_id; /* Slot number of the flow switching engine */ 1190 }; 1191 1192 struct fts3rec_v8_12 { 1193 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1194 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1195 uint32_t exaddr; /* Exporter IP address */ 1196 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1197 uint32_t dFlows; /* Number of flows */ 1198 uint32_t dPkts; /* Packets sent in duration */ 1199 uint32_t dOctets; /* Octets sent in duration */ 1200 uint32_t First; /* SysUpTime at start of flow */ 1201 uint32_t Last; /* and of last packet of flow */ 1202 uint32_t dstaddr; /* Destination Prefix */ 1203 uint16_t output; /* output interface index */ 1204 uint16_t dst_as; /* Destination AS */ 1205 uint8_t dst_mask; /* Destination Prefix mask length */ 1206 uint8_t tos; /* ToS */ 1207 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1208 uint8_t engine_id; /* Slot number of the flow switching engine */ 1209 }; 1210 1211 struct fts3rec_v8_13 { 1212 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1213 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1214 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1215 uint32_t exaddr; /* Exporter IP address */ 1216 uint32_t dFlows; /* Number of flows */ 1217 uint32_t dPkts; /* Packets sent in duration */ 1218 uint32_t dOctets; /* Octets sent in duration */ 1219 uint32_t First; /* SysUpTime at start of flow */ 1220 uint32_t Last; /* and of last packet of flow */ 1221 uint32_t srcaddr; /* Source Prefix */ 1222 uint32_t dstaddr; /* Destination Prefix */ 1223 uint16_t src_as; /* Source AS */ 1224 uint16_t dst_as; /* Destination AS */ 1225 uint16_t input; /* input interface */ 1226 uint16_t output; /* output interface */ 1227 uint8_t dst_mask; /* Destination Prefix mask length */ 1228 uint8_t src_mask; /* Source Prefix mask length */ 1229 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1230 uint8_t engine_id; /* Slot number of the flow switching engine */ 1231 uint8_t tos; /* ToS */ 1232 uint8_t pad1; 1233 uint16_t pad2; 1234 }; 1235 1236 struct fts3rec_v8_14 { 1237 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1238 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1239 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1240 uint32_t exaddr; /* Exporter IP address */ 1241 uint32_t dFlows; /* Number of flows */ 1242 uint32_t dPkts; /* Packets sent in duration */ 1243 uint32_t dOctets; /* Octets sent in duration */ 1244 uint32_t First; /* SysUpTime at start of flow */ 1245 uint32_t Last; /* and of last packet of flow */ 1246 uint32_t srcaddr; /* Source Prefix */ 1247 uint32_t dstaddr; /* Destination Prefix */ 1248 uint16_t srcport; /* Source Port */ 1249 uint16_t dstport; /* Destination Port */ 1250 uint16_t input; /* input interface */ 1251 uint16_t output; /* output interface */ 1252 uint8_t dst_mask; /* Destination Prefix mask length */ 1253 uint8_t src_mask; /* Source Prefix mask length */ 1254 uint8_t engine_type;/* Type of flow switching engine (RP,VIP,etc.) */ 1255 uint8_t engine_id; /* Slot number of the flow switching engine */ 1256 uint8_t tos; /* ToS */ 1257 uint8_t prot; /* IP protocol */ 1258 uint16_t pad2; 1259 }; 1260 1261 1262 /* 1263 * internal formats 1264 */ 1265 1266 /* tagged v5 */ 1267 struct fts3rec_v1005 { 1268 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1269 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1270 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1271 uint32_t exaddr; /* Exporter IP address */ 1272 uint32_t srcaddr; /* Source IP Address */ 1273 uint32_t dstaddr; /* Destination IP Address */ 1274 uint32_t nexthop; /* Next hop router's IP Address */ 1275 uint16_t input; /* Input interface index */ 1276 uint16_t output; /* Output interface index */ 1277 uint32_t dPkts; /* Packets sent in Duration */ 1278 uint32_t dOctets; /* Octets sent in Duration. */ 1279 uint32_t First; /* SysUptime at start of flow */ 1280 uint32_t Last; /* and of last packet of flow */ 1281 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 1282 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 1283 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 1284 uint8_t tos; /* IP Type-of-Service */ 1285 uint8_t tcp_flags; /* OR of TCP header bits */ 1286 uint8_t pad; 1287 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1288 uint8_t engine_id; /* Slot number of the flow switching engine */ 1289 uint8_t src_mask; /* mask length of source address */ 1290 uint8_t dst_mask; /* mask length of destination address */ 1291 uint16_t src_as; /* AS of source address */ 1292 uint16_t dst_as; /* AS of destination address */ 1293 uint32_t src_tag; /* Local TAG for source address */ 1294 uint32_t dst_tag; /* Local TAG for destination address */ 1295 }; 1296 1297 struct fts1rec_compat { 1298 uint32_t unix_secs; /* offset from real time the flow started */ 1299 uint32_t unix_msecs; /* "" */ 1300 uint32_t srcaddr; /* Source IP Address */ 1301 uint32_t dstaddr; /* Destination IP Address */ 1302 uint32_t nexthop; /* Next hop router's IP Address */ 1303 uint16_t input; /* Input interface index */ 1304 uint16_t output; /* Output interface index */ 1305 uint32_t dPkts; /* Packets sent in Duration */ 1306 uint32_t dOctets; /* Octets sent in Duration. */ 1307 uint32_t First; /* SysUptime at start of flow */ 1308 uint32_t Last; /* and of last packet of flow */ 1309 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 1310 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 1311 uint16_t pad; 1312 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 1313 uint8_t tos; /* IP Type-of-Service */ 1314 uint8_t flags; /* Reason flow was discarded, etc... */ 1315 uint8_t tcp_retx_cnt; /* Number of mis-seq with delay > 1sec */ 1316 uint8_t tcp_retx_secs; /* Cumulative secs between mis-sequenced pkts */ 1317 uint8_t tcp_misseq_cnt; /* Number of mis-sequenced tcp pkts seen */ 1318 uint16_t src_as; /* originating AS of source address */ 1319 uint16_t dst_as; /* originating AS of destination address */ 1320 uint8_t src_mask; /* source address prefix mask bits */ 1321 uint8_t dst_mask; /* destination address prefix mask bits */ 1322 uint16_t drops; /* ?? */ 1323 }; 1324 1325 struct ftio { 1326 caddr_t mr; /* mmap region */ 1327 size_t mr_size; /* size of mmap'd region */ 1328 int rec_size; /* size of stream record */ 1329 struct ftiheader fth; /* header */ 1330 char *d_buf; /* records */ 1331 uint32_t d_start; /* offset to next byte in d_buf */ 1332 uint32_t d_end; /* available bytes in d_buf */ 1333 char *z_buf; /* zlib inflate/deflate buffer */ 1334 int z_level; /* compression level */ 1335 z_stream zs; /* zlib io */ 1336 int flags; /* FT_IO_FLAG_* */ 1337 int fd; /* file description of stream */ 1338 uint64_t xfield; /* FT_XFIELD* available when reading */ 1339 void (*swapf)(struct ftio *ftio); /* swap function */ 1340 uint64_t rec_total; /* records read/written */ 1341 struct fts3rec_v1 compat_v1; /* backwards compatability */ 1342 struct fts3rec_v5 compat_v5; /* backwards compatability */ 1343 struct fts3rec_offsets fo; /* offsets to fields */ 1344 int debug; 1345 }; 1346 1347 struct ftpdu_header_small { 1348 uint16_t version; /* 1 for now. */ 1349 uint16_t count; /* The number of records in the PDU */ 1350 }; 1351 1352 struct ftpdu_header { 1353 /* common header for everything except v1 */ 1354 uint16_t version; /* 1 for now. */ 1355 uint16_t count; /* The number of records in the PDU */ 1356 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1357 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1358 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1359 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1360 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1361 uint8_t engine_id; /* Slot number of the flow switching engine */ 1362 uint8_t aggregation; /* Aggregation method being used */ 1363 uint8_t agg_version; /* Version of the aggregation export */ 1364 }; 1365 1366 struct ftpdu_v1 { 1367 /* 16 byte header */ 1368 uint16_t version; /* 1 for now. */ 1369 uint16_t count; /* The number of records in the PDU */ 1370 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1371 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1372 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1373 /* 48 byte payload */ 1374 struct ftrec_v1 { 1375 uint32_t srcaddr; /* Source IP Address */ 1376 uint32_t dstaddr; /* Destination IP Address */ 1377 uint32_t nexthop; /* Next hop router's IP Address */ 1378 uint16_t input; /* Input interface index */ 1379 uint16_t output; /* Output interface index */ 1380 uint32_t dPkts; /* Packets sent in Duration */ 1381 uint32_t dOctets; /* Octets sent in Duration. */ 1382 uint32_t First; /* SysUptime at start of flow */ 1383 uint32_t Last; /* and of last packet of flow */ 1384 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 1385 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 1386 uint16_t pad; 1387 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 1388 uint8_t tos; /* IP Type-of-Service */ 1389 uint8_t flags; /* Reason flow was discarded, etc... */ 1390 uint8_t tcp_retx_cnt; /* Number of mis-seq with delay > 1sec */ 1391 uint8_t tcp_retx_secs; /* Cumulative secs between mis-sequenced pkts */ 1392 uint8_t tcp_misseq_cnt; /* Number of mis-sequenced tcp pkts seen */ 1393 uint32_t reserved; 1394 } records[FT_PDU_V1_MAXFLOWS]; 1395 }; 1396 1397 struct ftpdu_v5 { 1398 /* 24 byte header */ 1399 uint16_t version; /* 5 */ 1400 uint16_t count; /* The number of records in the PDU */ 1401 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1402 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1403 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1404 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1405 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1406 uint8_t engine_id; /* Slot number of the flow switching engine */ 1407 uint16_t reserved; 1408 /* 48 byte payload */ 1409 struct ftrec_v5 { 1410 uint32_t srcaddr; /* Source IP Address */ 1411 uint32_t dstaddr; /* Destination IP Address */ 1412 uint32_t nexthop; /* Next hop router's IP Address */ 1413 uint16_t input; /* Input interface index */ 1414 uint16_t output; /* Output interface index */ 1415 uint32_t dPkts; /* Packets sent in Duration */ 1416 uint32_t dOctets; /* Octets sent in Duration. */ 1417 uint32_t First; /* SysUptime at start of flow */ 1418 uint32_t Last; /* and of last packet of flow */ 1419 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 1420 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 1421 uint8_t pad; 1422 uint8_t tcp_flags; /* Cumulative OR of tcp flags */ 1423 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 1424 uint8_t tos; /* IP Type-of-Service */ 1425 uint16_t src_as; /* originating AS of source address */ 1426 uint16_t dst_as; /* originating AS of destination address */ 1427 uint8_t src_mask; /* source address prefix mask bits */ 1428 uint8_t dst_mask; /* destination address prefix mask bits */ 1429 uint16_t drops; 1430 } records[FT_PDU_V5_MAXFLOWS]; 1431 }; 1432 1433 struct ftpdu_v6 { 1434 /* 24 byte header */ 1435 uint16_t version; /* 6 */ 1436 uint16_t count; /* The number of records in the PDU */ 1437 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1438 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1439 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1440 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1441 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1442 uint8_t engine_id; /* Slot number of the flow switching engine */ 1443 uint16_t reserved; 1444 /* 48 byte payload */ 1445 struct ftrec_v6 { 1446 uint32_t srcaddr; /* Source IP Address */ 1447 uint32_t dstaddr; /* Destination IP Address */ 1448 uint32_t nexthop; /* Next hop router's IP Address */ 1449 uint16_t input; /* Input interface index */ 1450 uint16_t output; /* Output interface index */ 1451 uint32_t dPkts; /* Packets sent in Duration */ 1452 uint32_t dOctets; /* Octets sent in Duration. */ 1453 uint32_t First; /* SysUptime at start of flow */ 1454 uint32_t Last; /* and of last packet of flow */ 1455 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 1456 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 1457 uint8_t pad; 1458 uint8_t tcp_flags; /* Cumulative OR of tcp flags */ 1459 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 1460 uint8_t tos; /* IP Type-of-Service */ 1461 uint16_t src_as; /* originating AS of source address */ 1462 uint16_t dst_as; /* originating AS of destination address */ 1463 uint8_t src_mask; /* source address prefix mask bits */ 1464 uint8_t dst_mask; /* destination address prefix mask bits */ 1465 uint8_t in_encaps; /* size in bytes of the input encapsulation */ 1466 uint8_t out_encaps; /* size in bytes of the output encapsulation */ 1467 uint32_t peer_nexthop; /* IP address of the next hop within the peer */ 1468 } records[FT_PDU_V6_MAXFLOWS]; 1469 }; 1470 1471 struct ftpdu_v7 { 1472 /* 24 byte header */ 1473 uint16_t version; /* 7 */ 1474 uint16_t count; /* The number of records in the PDU */ 1475 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1476 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1477 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1478 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1479 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1480 uint8_t engine_id; /* Slot number of the flow switching engine */ 1481 uint16_t reserved; 1482 /* 48 byte payload */ 1483 struct ftrec_v7 { 1484 uint32_t srcaddr; /* Source IP Address */ 1485 uint32_t dstaddr; /* Destination IP Address */ 1486 uint32_t nexthop; /* Next hop router's IP Address */ 1487 uint16_t input; /* Input interface index */ 1488 uint16_t output; /* Output interface index */ 1489 uint32_t dPkts; /* Packets sent in Duration */ 1490 uint32_t dOctets; /* Octets sent in Duration. */ 1491 uint32_t First; /* SysUptime at start of flow */ 1492 uint32_t Last; /* and of last packet of flow */ 1493 uint16_t srcport; /* TCP/UDP source port number or equivalent */ 1494 uint16_t dstport; /* TCP/UDP destination port number or equiv */ 1495 uint8_t pad; 1496 uint8_t tcp_flags; /* Cumulative OR of tcp flags */ 1497 uint8_t prot; /* IP protocol, e.g., 6=TCP, 17=UDP, ... */ 1498 uint8_t tos; /* IP Type-of-Service */ 1499 uint16_t src_as; /* originating AS of source address */ 1500 uint16_t dst_as; /* originating AS of destination address */ 1501 uint8_t src_mask; /* source address prefix mask bits */ 1502 uint8_t dst_mask; /* destination address prefix mask bits */ 1503 uint16_t drops; 1504 uint32_t router_sc; /* Router which is shortcut by switch */ 1505 } records[FT_PDU_V7_MAXFLOWS]; 1506 }; 1507 1508 /* Generic v8 pdu */ 1509 struct ftpdu_v8_gen { 1510 /* 28 byte header */ 1511 uint16_t version; /* 8 */ 1512 uint16_t count; /* The number of records in the PDU */ 1513 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1514 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1515 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1516 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1517 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1518 uint8_t engine_id; /* Slot number of the flow switching engine */ 1519 uint8_t aggregation; /* Aggregation method being used */ 1520 uint8_t agg_version; /* Version of the aggregation export */ 1521 uint32_t reserved; 1522 }; 1523 1524 struct ftpdu_v8_1 { 1525 /* 28 byte header */ 1526 uint16_t version; /* 8 */ 1527 uint16_t count; /* The number of records in the PDU */ 1528 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1529 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1530 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1531 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1532 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1533 uint8_t engine_id; /* Slot number of the flow switching engine */ 1534 uint8_t aggregation; /* Aggregation method being used */ 1535 uint8_t agg_version; /* Version of the aggregation export */ 1536 uint32_t reserved; 1537 /* 28 byte payload */ 1538 struct ftrec_v8_1 { 1539 uint32_t dFlows; /* Number of flows */ 1540 uint32_t dPkts; /* Packets sent in duration */ 1541 uint32_t dOctets; /* Octets sent in duration */ 1542 uint32_t First; /* SysUpTime at start of flow */ 1543 uint32_t Last; /* and of last packet of flow */ 1544 uint16_t src_as; /* originating AS of source address */ 1545 uint16_t dst_as; /* originating AS of destination address */ 1546 uint16_t input; /* input interface index */ 1547 uint16_t output; /* output interface index */ 1548 } records[FT_PDU_V8_1_MAXFLOWS]; 1549 }; 1550 1551 struct ftpdu_v8_2 { 1552 /* 28 byte header */ 1553 uint16_t version; /* 8 */ 1554 uint16_t count; /* The number of records in the PDU */ 1555 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1556 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1557 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1558 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1559 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1560 uint8_t engine_id; /* Slot number of the flow switching engine */ 1561 uint8_t aggregation; /* Aggregation method being used */ 1562 uint8_t agg_version; /* Version of the aggregation export */ 1563 uint32_t reserved; 1564 /* 28 byte payload */ 1565 struct ftrec_v8_2 { 1566 uint32_t dFlows; /* Number of flows */ 1567 uint32_t dPkts; /* Packets sent in duration */ 1568 uint32_t dOctets; /* Octets sent in duration */ 1569 uint32_t First; /* SysUpTime at start of flow */ 1570 uint32_t Last; /* and of last packet of flow */ 1571 uint8_t prot; /* IP protocol */ 1572 uint8_t pad; 1573 uint16_t reserved; 1574 uint16_t srcport; /* TCP/UDP source port number of equivalent */ 1575 uint16_t dstport; /* TCP/UDP dst port number of equivalent */ 1576 } records[FT_PDU_V8_2_MAXFLOWS]; 1577 }; 1578 1579 1580 struct ftpdu_v8_3 { 1581 /* 28 byte header */ 1582 uint16_t version; /* 8 */ 1583 uint16_t count; /* The number of records in the PDU */ 1584 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1585 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1586 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1587 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1588 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1589 uint8_t engine_id; /* Slot number of the flow switching engine */ 1590 uint8_t aggregation; /* Aggregation method being used */ 1591 uint8_t agg_version; /* Version of the aggregation export */ 1592 uint32_t reserved; 1593 /* 32 byte payload */ 1594 struct ftrec_v8_3 { 1595 uint32_t dFlows; /* Number of flows */ 1596 uint32_t dPkts; /* Packets sent in duration */ 1597 uint32_t dOctets; /* Octets sent in duration */ 1598 uint32_t First; /* SysUpTime at start of flow */ 1599 uint32_t Last; /* and of last packet of flow */ 1600 uint32_t src_prefix; 1601 uint8_t src_mask; 1602 uint8_t pad; 1603 uint16_t src_as; 1604 uint16_t input; 1605 uint16_t reserved; 1606 } records[FT_PDU_V8_3_MAXFLOWS]; 1607 }; 1608 1609 1610 struct ftpdu_v8_4 { 1611 /* 28 byte header */ 1612 uint16_t version; /* 8 */ 1613 uint16_t count; /* The number of records in the PDU */ 1614 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1615 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1616 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1617 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1618 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1619 uint8_t engine_id; /* Slot number of the flow switching engine */ 1620 uint8_t aggregation; /* Aggregation method being used */ 1621 uint8_t agg_version; /* Version of the aggregation export */ 1622 uint32_t reserved; 1623 /* 32 byte payload */ 1624 struct ftrec_v8_4 { 1625 uint32_t dFlows; /* Number of flows */ 1626 uint32_t dPkts; /* Packets sent in duration */ 1627 uint32_t dOctets; /* Octets sent in duration */ 1628 uint32_t First; /* SysUpTime at start of flow */ 1629 uint32_t Last; /* and of last packet of flow */ 1630 uint32_t dst_prefix; 1631 uint8_t dst_mask; 1632 uint8_t pad; 1633 uint16_t dst_as; 1634 uint16_t output; 1635 uint16_t reserved; 1636 } records[FT_PDU_V8_4_MAXFLOWS]; 1637 }; 1638 1639 1640 struct ftpdu_v8_5 { 1641 /* 28 byte header */ 1642 uint16_t version; /* 8 */ 1643 uint16_t count; /* The number of records in the PDU */ 1644 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1645 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1646 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1647 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1648 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1649 uint8_t engine_id; /* Slot number of the flow switching engine */ 1650 uint8_t aggregation; /* Aggregation method being used */ 1651 uint8_t agg_version; /* Version of the aggregation export */ 1652 uint32_t reserved; 1653 /* 40 byte payload */ 1654 struct ftrec_v8_5 { 1655 uint32_t dFlows; /* Number of flows */ 1656 uint32_t dPkts; /* Packets sent in duration */ 1657 uint32_t dOctets; /* Octets sent in duration */ 1658 uint32_t First; /* SysUpTime at start of flow */ 1659 uint32_t Last; /* and of last packet of flow */ 1660 uint32_t src_prefix; 1661 uint32_t dst_prefix; 1662 uint8_t dst_mask; 1663 uint8_t src_mask; 1664 uint16_t reserved; 1665 uint16_t src_as; 1666 uint16_t dst_as; 1667 uint16_t input; 1668 uint16_t output; 1669 } records[FT_PDU_V8_5_MAXFLOWS]; 1670 }; 1671 1672 struct ftpdu_v8_6 { 1673 /* 28 byte header */ 1674 uint16_t version; /* 8 */ 1675 uint16_t count; /* The number of records in the PDU */ 1676 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1677 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1678 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1679 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1680 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1681 uint8_t engine_id; /* Slot number of the flow switching engine */ 1682 uint8_t aggregation; /* Aggregation method being used */ 1683 uint8_t agg_version; /* Version of the aggregation export */ 1684 uint32_t reserved; 1685 /* 32 byte payload */ 1686 struct ftrec_v8_6 { 1687 uint32_t dstaddr; /* destination IP address */ 1688 uint32_t dPkts; /* Packets sent in duration */ 1689 uint32_t dOctets; /* Octets sent in duration */ 1690 uint32_t First; /* SysUpTime at start of flow */ 1691 uint32_t Last; /* and of last packet of flow */ 1692 uint16_t output; /* output interface index */ 1693 uint8_t tos; /* tos */ 1694 uint8_t marked_tos; /* tos of pkts that exceeded the contract */ 1695 uint32_t extra_pkts; /* packets that exceed the contract */ 1696 uint32_t router_sc; /* IP address of the router being shortcut */ 1697 } records[FT_PDU_V8_6_MAXFLOWS]; 1698 }; 1699 1700 struct ftpdu_v8_7 { 1701 /* 28 byte header */ 1702 uint16_t version; /* 8 */ 1703 uint16_t count; /* The number of records in the PDU */ 1704 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1705 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1706 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1707 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1708 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1709 uint8_t engine_id; /* Slot number of the flow switching engine */ 1710 uint8_t aggregation; /* Aggregation method being used */ 1711 uint8_t agg_version; /* Version of the aggregation export */ 1712 uint32_t reserved; 1713 /* 40 byte payload */ 1714 struct ftrec_v8_7 { 1715 uint32_t dstaddr; /* destination IP address */ 1716 uint32_t srcaddr; /* source address */ 1717 uint32_t dPkts; /* Packets sent in duration */ 1718 uint32_t dOctets; /* Octets sent in duration */ 1719 uint32_t First; /* SysUpTime at start of flow */ 1720 uint32_t Last; /* and of last packet of flow */ 1721 uint16_t output; /* output interface index */ 1722 uint16_t input; /* input interface index */ 1723 uint8_t tos; /* tos */ 1724 uint8_t marked_tos; /* tos of pkts that exceeded the contract */ 1725 uint16_t reserved; 1726 uint32_t extra_pkts; /* packets that exceed the contract */ 1727 uint32_t router_sc; /* IP address of the router being shortcut */ 1728 } records[FT_PDU_V8_7_MAXFLOWS]; 1729 }; 1730 1731 struct ftpdu_v8_8 { 1732 /* 28 byte header */ 1733 uint16_t version; /* 8 */ 1734 uint16_t count; /* The number of records in the PDU */ 1735 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1736 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1737 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1738 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1739 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1740 uint8_t engine_id; /* Slot number of the flow switching engine */ 1741 uint8_t aggregation; /* Aggregation method being used */ 1742 uint8_t agg_version; /* Version of the aggregation export */ 1743 uint32_t reserved; 1744 /* 44 byte payload */ 1745 struct ftrec_v8_8 { 1746 uint32_t dstaddr; /* destination IP address */ 1747 uint32_t srcaddr; /* source IP address */ 1748 uint16_t dstport; /* TCP/UDP destination port */ 1749 uint16_t srcport; /* TCP/UDP source port */ 1750 uint32_t dPkts; /* Packets sent in duration */ 1751 uint32_t dOctets; /* Octets sent in duration */ 1752 uint32_t First; /* SysUpTime at start of flow */ 1753 uint32_t Last; /* and of last packet of flow */ 1754 uint16_t output; /* output interface index */ 1755 uint16_t input; /* input interface index */ 1756 uint8_t tos; /* tos */ 1757 uint8_t prot; /* protocol */ 1758 uint8_t marked_tos; /* tos of pkts that exceeded the contract */ 1759 uint8_t reserved; 1760 uint32_t extra_pkts; /* packets that exceed the contract */ 1761 uint32_t router_sc; /* IP address of the router being shortcut */ 1762 } records[FT_PDU_V8_8_MAXFLOWS]; 1763 }; 1764 1765 1766 struct ftpdu_v8_9 { 1767 /* 28 byte header */ 1768 uint16_t version; /* 8 */ 1769 uint16_t count; /* The number of records in the PDU */ 1770 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1771 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1772 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1773 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1774 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1775 uint8_t engine_id; /* Slot number of the flow switching engine */ 1776 uint8_t aggregation; /* Aggregation method being used */ 1777 uint8_t agg_version; /* Version of the aggregation export */ 1778 uint32_t reserved; 1779 /* 32 byte payload */ 1780 struct ftrec_v8_9 { 1781 uint32_t dFlows; /* Number of flows */ 1782 uint32_t dPkts; /* Packets sent in duration */ 1783 uint32_t dOctets; /* Octets sent in duration */ 1784 uint32_t First; /* SysUpTime at start of flow */ 1785 uint32_t Last; /* and of last packet of flow */ 1786 uint16_t src_as; /* originating AS of source address */ 1787 uint16_t dst_as; /* originating AS of destination address */ 1788 uint16_t input; /* input interface index */ 1789 uint16_t output; /* output interface index */ 1790 uint8_t tos; /* tos */ 1791 uint8_t pad; 1792 uint16_t reserved; 1793 } records[FT_PDU_V8_9_MAXFLOWS]; 1794 }; 1795 1796 struct ftpdu_v8_10 { 1797 /* 28 byte header */ 1798 uint16_t version; /* 8 */ 1799 uint16_t count; /* The number of records in the PDU */ 1800 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1801 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1802 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1803 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1804 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1805 uint8_t engine_id; /* Slot number of the flow switching engine */ 1806 uint8_t aggregation; /* Aggregation method being used */ 1807 uint8_t agg_version; /* Version of the aggregation export */ 1808 uint32_t reserved; 1809 /* 32 byte payload */ 1810 struct ftrec_v8_10 { 1811 uint32_t dFlows; /* Number of flows */ 1812 uint32_t dPkts; /* Packets sent in duration */ 1813 uint32_t dOctets; /* Octets sent in duration */ 1814 uint32_t First; /* SysUpTime at start of flow */ 1815 uint32_t Last; /* and of last packet of flow */ 1816 uint8_t prot; /* IP protocol */ 1817 uint8_t tos; /* tos */ 1818 uint16_t reserved; 1819 uint16_t srcport; /* TCP/UDP source port number of equivalent */ 1820 uint16_t dstport; /* TCP/UDP dst port number of equivalent */ 1821 uint16_t input; /* input interface */ 1822 uint16_t output; /* output interface index */ 1823 } records[FT_PDU_V8_10_MAXFLOWS]; 1824 }; 1825 1826 struct ftpdu_v8_11 { 1827 /* 28 byte header */ 1828 uint16_t version; /* 8 */ 1829 uint16_t count; /* The number of records in the PDU */ 1830 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1831 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1832 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1833 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1834 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1835 uint8_t engine_id; /* Slot number of the flow switching engine */ 1836 uint8_t aggregation; /* Aggregation method being used */ 1837 uint8_t agg_version; /* Version of the aggregation export */ 1838 uint32_t reserved; 1839 /* 32 byte payload */ 1840 struct ftrec_v8_11 { 1841 uint32_t dFlows; /* Number of flows */ 1842 uint32_t dPkts; /* Packets sent in duration */ 1843 uint32_t dOctets; /* Octets sent in duration */ 1844 uint32_t First; /* SysUpTime at start of flow */ 1845 uint32_t Last; /* and of last packet of flow */ 1846 uint32_t src_prefix; /* Source Prefix */ 1847 uint8_t src_mask; /* Source Prefix mask length */ 1848 uint8_t tos; /* tos */ 1849 uint16_t src_as; /* Source AS */ 1850 uint16_t input; /* input interface */ 1851 uint16_t reserved; 1852 } records[FT_PDU_V8_11_MAXFLOWS]; 1853 }; 1854 1855 struct ftpdu_v8_12 { 1856 /* 28 byte header */ 1857 uint16_t version; /* 8 */ 1858 uint16_t count; /* The number of records in the PDU */ 1859 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1860 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1861 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1862 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1863 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1864 uint8_t engine_id; /* Slot number of the flow switching engine */ 1865 uint8_t aggregation; /* Aggregation method being used */ 1866 uint8_t agg_version; /* Version of the aggregation export */ 1867 uint32_t reserved; 1868 /* 32 byte payload */ 1869 struct ftrec_v8_12 { 1870 uint32_t dFlows; /* Number of flows */ 1871 uint32_t dPkts; /* Packets sent in duration */ 1872 uint32_t dOctets; /* Octets sent in duration */ 1873 uint32_t First; /* SysUpTime at start of flow */ 1874 uint32_t Last; /* and of last packet of flow */ 1875 uint32_t dst_prefix; /* Destination Prefix */ 1876 uint8_t dst_mask; /* Destination Prefix mask length */ 1877 uint8_t tos; /* tos */ 1878 uint16_t dst_as; /* Destination AS */ 1879 uint16_t output; /* output interface */ 1880 uint16_t reserved; 1881 } records[FT_PDU_V8_12_MAXFLOWS]; 1882 }; 1883 1884 struct ftpdu_v8_13 { 1885 /* 28 byte header */ 1886 uint16_t version; /* 8 */ 1887 uint16_t count; /* The number of records in the PDU */ 1888 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1889 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1890 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1891 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1892 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1893 uint8_t engine_id; /* Slot number of the flow switching engine */ 1894 uint8_t aggregation; /* Aggregation method being used */ 1895 uint8_t agg_version; /* Version of the aggregation export */ 1896 uint32_t reserved; 1897 /* 40 byte payload */ 1898 struct ftrec_v8_13 { 1899 uint32_t dFlows; /* Number of flows */ 1900 uint32_t dPkts; /* Packets sent in duration */ 1901 uint32_t dOctets; /* Octets sent in duration */ 1902 uint32_t First; /* SysUpTime at start of flow */ 1903 uint32_t Last; /* and of last packet of flow */ 1904 uint32_t src_prefix; /* Source Prefix */ 1905 uint32_t dst_prefix; /* Destination Prefix */ 1906 uint8_t dst_mask; /* Destination Prefix mask length */ 1907 uint8_t src_mask; /* Source Prefix mask length */ 1908 uint8_t tos; /* tos */ 1909 uint8_t pad; 1910 uint16_t src_as; /* Source AS */ 1911 uint16_t dst_as; /* Destination AS */ 1912 uint16_t input; /* input interface */ 1913 uint16_t output; /* output interface */ 1914 } records[FT_PDU_V8_13_MAXFLOWS]; 1915 }; 1916 1917 struct ftpdu_v8_14 { 1918 /* 28 byte header */ 1919 uint16_t version; /* 8 */ 1920 uint16_t count; /* The number of records in the PDU */ 1921 uint32_t sysUpTime; /* Current time in millisecs since router booted */ 1922 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 1923 uint32_t unix_nsecs; /* Residual nanoseconds since 0000 UTC 1970 */ 1924 uint32_t flow_sequence; /* Seq counter of total flows seen */ 1925 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 1926 uint8_t engine_id; /* Slot number of the flow switching engine */ 1927 uint8_t aggregation; /* Aggregation method being used */ 1928 uint8_t agg_version; /* Version of the aggregation export */ 1929 uint32_t reserved; 1930 /* 40 byte payload */ 1931 struct ftrec_v8_14 { 1932 uint32_t dFlows; /* Number of flows */ 1933 uint32_t dPkts; /* Packets sent in duration */ 1934 uint32_t dOctets; /* Octets sent in duration */ 1935 uint32_t First; /* SysUpTime at start of flow */ 1936 uint32_t Last; /* and of last packet of flow */ 1937 uint32_t src_prefix; /* Source Prefix */ 1938 uint32_t dst_prefix; /* Destination Prefix */ 1939 uint8_t dst_mask; /* Destination Prefix mask length */ 1940 uint8_t src_mask; /* Source Prefix mask length */ 1941 uint8_t tos; /* tos */ 1942 uint8_t prot; /* protocol */ 1943 uint16_t srcport; /* Source port */ 1944 uint16_t dstport; /* Destination port */ 1945 uint16_t input; /* input interface */ 1946 uint16_t output; /* output interface */ 1947 } records[FT_PDU_V8_14_MAXFLOWS]; 1948 }; 1949 1950 1951 enum ftfil_mode { FT_FIL_MODE_UNSET, FT_FIL_MODE_PERMIT, FT_FIL_MODE_DENY }; 1952 1953 enum ftfil_primitive_type { FT_FIL_PRIMITIVE_TYPE_UNSET, 1954 FT_FIL_PRIMITIVE_TYPE_AS, 1955 FT_FIL_PRIMITIVE_TYPE_IP_PREFIX, 1956 FT_FIL_PRIMITIVE_TYPE_IP_ADDRESS, 1957 FT_FIL_PRIMITIVE_TYPE_IP_MASK, 1958 FT_FIL_PRIMITIVE_TYPE_IP_PROTOCOL, 1959 FT_FIL_PRIMITIVE_TYPE_IP_PORT, 1960 FT_FIL_PRIMITIVE_TYPE_IP_PREFIX_LEN, 1961 FT_FIL_PRIMITIVE_TYPE_IP_TOS, 1962 FT_FIL_PRIMITIVE_TYPE_IP_TCP_FLAGS, 1963 FT_FIL_PRIMITIVE_TYPE_IF_INDEX, 1964 FT_FIL_PRIMITIVE_TYPE_COUNTER, 1965 FT_FIL_PRIMITIVE_TYPE_TIME_DATE, 1966 FT_FIL_PRIMITIVE_TYPE_ENGINE, 1967 FT_FIL_PRIMITIVE_TYPE_TAG, 1968 FT_FIL_PRIMITIVE_TYPE_TAG_MASK, 1969 FT_FIL_PRIMITIVE_TYPE_TIME, 1970 FT_FIL_PRIMITIVE_TYPE_DOUBLE, 1971 FT_FIL_PRIMITIVE_TYPE_RATE, }; 1972 1973 struct ftfil_match_item { 1974 FT_STAILQ_ENTRY(ftfil_match_item) chain; /* list (AND) */ 1975 void *lookup; /* data for evaluator */ 1976 int (*eval)(void *lookup, void *rec, struct fts3rec_offsets *fo); 1977 char *tmp_type; /* temporary pointer to FT_FIL_DEFINITION_MATCH_* word */ 1978 char *tmp_primitive; /* temporary pointer to primitive name */ 1979 }; 1980 1981 struct ftfil_match { 1982 FT_STAILQ_ENTRY(ftfil_match) chain; /* list (OR) */ 1983 FT_STAILQ_HEAD(filmatihead, ftfil_match_item) items; /* list (AND) */ 1984 }; 1985 1986 struct ftfil_def { 1987 FT_SLIST_ENTRY(ftfil_def) chain; /* list */ 1988 FT_STAILQ_HEAD(filmathead, ftfil_match) matches; 1989 char *name; /* name of the def */ 1990 uint64_t xfields; /* required flow fields - FT_XFIELD_* */ 1991 int invert; /* invert the PERMIT/DENY? */ 1992 }; 1993 1994 struct ftfil_primitive { 1995 FT_SLIST_ENTRY(ftfil_primitive) chain; /* list */ 1996 enum ftfil_primitive_type type; /* FT_FIL_PRIMITIVE_TYPE_* */ 1997 char *name; /* name of the filter */ 1998 void *lookup; /* data associated with filter */ 1999 }; 2000 2001 struct ftfil { 2002 FT_SLIST_HEAD(fildefshead, ftfil_def) defs; /* definitions */ 2003 FT_SLIST_HEAD(filprimhead, ftfil_primitive) primitives; /* primitives */ 2004 struct ftfil_def *active_def; 2005 }; 2006 2007 struct ftmask_def { 2008 FT_SLIST_ENTRY(ftmask_def) chain; /* list */ 2009 struct radix_node_head *rhead; 2010 char *name; /* name of the def */ 2011 }; 2012 2013 struct ftmask { 2014 FT_SLIST_HEAD(maskdefshead, ftmask_def) defs; /* definitions */ 2015 struct ftmask_def *active_def; 2016 }; 2017 2018 int ftmask_load(struct ftmask *ftmask, const char *fname); 2019 void ftmask_free(struct ftmask *ftmask); 2020 struct ftmask_def *ftmask_def_find(struct ftmask *ftmask, const char *name); 2021 int ftmask_def_eval(struct ftmask_def *active_def, 2022 char *rec, struct fts3rec_offsets *fo); 2023 2024 /* ftxlate */ 2025 2026 struct ftxlate { 2027 FT_SLIST_HEAD(xdefshead, ftxlate_def) defs; /* list of definitions */ 2028 FT_SLIST_HEAD(xacthead, ftxlate_action) actions; /* list of actions */ 2029 struct ftfil ftfil; 2030 int ftfil_init; /* ftfil initialized? */ 2031 char *filter_fname; 2032 int flags; 2033 struct ftvar *ftvar; 2034 }; 2035 2036 /* area of struct generic to v1, v5, v6, v7 formats */ 2037 2038 struct ftfile_entry { 2039 char *name; 2040 off_t size; 2041 uint32_t start; 2042 int skip; /* skip this during processing */ 2043 FT_TAILQ_ENTRY(ftfile_entry) chain; 2044 }; 2045 2046 struct ftfile_entries { 2047 FT_TAILQ_HEAD(talkqhead, ftfile_entry) head; 2048 uint64_t num_bytes; /* space used by all flow files except current */ 2049 uint64_t max_bytes; /* min space before removing files 0=disable */ 2050 uint32_t max_files; /* max num of files to keep before removing 0=disable */ 2051 uint32_t num_files; /* number of files in the queue */ 2052 int expiring; /* expiring in use? */ 2053 }; 2054 2055 2056 struct ftchash_chunk { 2057 void *base; /* base pointer */ 2058 uint32_t next; /* offset to next free record */ 2059 FT_SLIST_ENTRY(ftchash_chunk) chain; /* next */ 2060 }; 2061 2062 struct ftchash { 2063 unsigned int h_size; /* hash_table_size */ 2064 unsigned int d_size; /* data entry size */ 2065 unsigned int key_size; /* size of key */ 2066 int chunk_size; /* chunk size (entries * d_size */ 2067 uint64_t entries; /* entries in hash table */ 2068 void *traverse_rec; /* record when traversing */ 2069 struct ftchash_chunk *traverse_chunk; /* chunk when traversing */ 2070 uint64_t traverse_srec; /* sorted rec when traversing */ 2071 struct ftchash_chunk *active_chunk; /* currently active chunk */ 2072 /* memory chunk list */ 2073 FT_SLIST_HEAD(ftchash_chunkh, ftchash_chunk) chunk_list; 2074 /* hash table buckets */ 2075 FT_SLIST_HEAD(ftchash_bhead, ftchash_rec_gen) *buckets; 2076 struct ftchash_rec_gen **sorted_recs; /* array of pointers to sorted 2077 records */ 2078 int sort_flags; /* sorted version available? */ 2079 }; 2080 2081 struct ftchash_rec_gen { 2082 FT_SLIST_ENTRY(ftchash_rec_gen) chain; 2083 uint32_t data; 2084 }; 2085 2086 struct ftchash_rec_prefixs { 2087 FT_SLIST_ENTRY(ftchash_rec_ips) chain; 2088 uint32_t prefix; 2089 uint8_t mask; /* mask */ 2090 uint8_t fil1; 2091 uint16_t fil2; 2092 }; 2093 2094 struct ftchash_rec_tags { 2095 FT_SLIST_ENTRY(ftchash_rec_ips) chain; 2096 uint32_t tag; 2097 }; 2098 2099 struct ftps { 2100 double avg_pps, avg_bps; /* packets/bytes per second */ 2101 double max_pps, max_bps; /* packets/bytes per second */ 2102 double min_pps, min_bps; /* packets/bytes per second */ 2103 }; 2104 2105 struct ftchash_rec_prefixh { 2106 FT_SLIST_ENTRY(ftchash_rec_prefix) chain; 2107 uint32_t prefix; /* prefix */ 2108 uint8_t mask; /* mask */ 2109 uint8_t fil1; 2110 uint16_t fil2; 2111 uint64_t nrecs; /* flow records */ 2112 uint64_t nflows; /* flows */ 2113 uint64_t noctets; /* octets */ 2114 uint64_t npackets; /* packets */ 2115 uint64_t etime; /* duration */ 2116 uint64_t nprefixes; /* number of prefixes seen */ 2117 struct ftchash *ftch; /* second list */ 2118 struct ftps ps; /* per second counters */ 2119 }; 2120 2121 struct ftchash_rec_c32 { 2122 FT_SLIST_ENTRY(ftchash_rec_c32) chain; 2123 uint32_t c32; /* 32 bit quantity */ 2124 uint64_t nrecs; /* flow records */ 2125 uint64_t nflows; /* flows */ 2126 uint64_t noctets; /* octets */ 2127 uint64_t npackets; /* packets */ 2128 uint64_t etime; /* duration */ 2129 struct ftps ps; /* per second counters */ 2130 }; 2131 2132 struct ftchash_rec_c64 { 2133 FT_SLIST_ENTRY(ftchash_rec_c64) chain; 2134 uint64_t c64; /* 64 bit quantity */ 2135 uint64_t nrecs; /* flow records */ 2136 uint64_t nflows; /* flows */ 2137 uint64_t noctets; /* octets */ 2138 uint64_t npackets; /* packets */ 2139 uint64_t etime; /* duration */ 2140 struct ftps ps; /* per second counters */ 2141 }; 2142 2143 struct ftchash_rec_c322 { 2144 FT_SLIST_ENTRY(ftchash_rec_c322) chain; 2145 uint32_t c32a; /* 32 bit quantity */ 2146 uint32_t c32b; /* 32 bit quantity */ 2147 uint64_t nrecs; /* flow records */ 2148 uint64_t nflows; /* flows */ 2149 uint64_t noctets; /* octets */ 2150 uint64_t npackets; /* packets */ 2151 uint64_t etime; /* duration */ 2152 struct ftps ps; /* per second counters */ 2153 }; 2154 2155 struct ftchash_rec_prefix16 { 2156 FT_SLIST_ENTRY(ftchash_rec_prefix16) chain; 2157 uint32_t prefix; /* 32 bit quantity */ 2158 uint8_t mask; /* 8 bit quantity */ 2159 uint8_t fill; /* 8 bit quantity */ 2160 uint16_t c16; /* 16 bit quantity */ 2161 uint64_t nrecs; /* flow records */ 2162 uint64_t nflows; /* flows */ 2163 uint64_t noctets; /* octets */ 2164 uint64_t npackets; /* packets */ 2165 uint64_t etime; /* duration */ 2166 struct ftps ps; /* per second counters */ 2167 }; 2168 2169 struct ftchash_rec_prefix162 { 2170 FT_SLIST_ENTRY(ftchash_rec_prefix16) chain; 2171 uint32_t prefix; /* 32 bit quantity */ 2172 uint8_t mask; /* 8 bit quantity */ 2173 uint8_t fill; /* 8 bit quantity */ 2174 uint16_t c16a; /* 16 bit quantity */ 2175 uint16_t c16b; /* 16 bit quantity */ 2176 uint16_t fill2; /* 16 bit quanity */ 2177 uint64_t nrecs; /* flow records */ 2178 uint64_t nflows; /* flows */ 2179 uint64_t noctets; /* octets */ 2180 uint64_t npackets; /* packets */ 2181 uint64_t etime; /* duration */ 2182 struct ftps ps; /* per second counters */ 2183 }; 2184 2185 struct ftchash_rec_prefix216 { 2186 FT_SLIST_ENTRY(ftchash_rec_prefix216) chain; 2187 uint32_t src_prefix; /* 32 bit quantity */ 2188 uint8_t src_mask; /* 8 bit quantity */ 2189 uint8_t fill; /* 8 bit quantity */ 2190 uint16_t c16; /* 16 bit quantity */ 2191 uint32_t dst_prefix; /* 32 bit quantity */ 2192 uint8_t dst_mask; /* 8 bit quantity */ 2193 uint8_t fill2; /* 8 bit quantity */ 2194 uint16_t fill3; /* 16 bit quantity */ 2195 uint64_t nrecs; /* flow records */ 2196 uint64_t nflows; /* flows */ 2197 uint64_t noctets; /* octets */ 2198 uint64_t npackets; /* packets */ 2199 uint64_t etime; /* duration */ 2200 struct ftps ps; /* per second counters */ 2201 }; 2202 2203 struct ftchash_rec_prefix2162 { 2204 FT_SLIST_ENTRY(ftchash_rec_prefix2162) chain; 2205 uint32_t src_prefix; /* 32 bit quantity */ 2206 uint8_t src_mask; /* 8 bit quantity */ 2207 uint8_t fill; /* 8 bit quantity */ 2208 uint16_t c16a; /* 16 bit quantity */ 2209 uint32_t dst_prefix; /* 32 bit quantity */ 2210 uint8_t dst_mask; /* 8 bit quantity */ 2211 uint8_t fill2; /* 8 bit quantity */ 2212 uint16_t c16b; /* 16 bit quantity */ 2213 uint64_t nrecs; /* flow records */ 2214 uint64_t nflows; /* flows */ 2215 uint64_t noctets; /* octets */ 2216 uint64_t npackets; /* packets */ 2217 uint64_t etime; /* duration */ 2218 struct ftps ps; /* per second counters */ 2219 }; 2220 2221 struct ftchash_rec_ip { 2222 FT_SLIST_ENTRY(ftchash_rec_ip) chain; 2223 uint32_t addr; /* ip address */ 2224 uint64_t nrecs; /* flow records */ 2225 uint64_t nflows; /* flows */ 2226 uint64_t noctets; /* octets */ 2227 uint64_t npackets; /* packets */ 2228 uint64_t etime; /* duration */ 2229 struct ftps ps; /* per second counters */ 2230 }; 2231 2232 struct ftchash_rec_ip2 { 2233 FT_SLIST_ENTRY(ftchash_rec_ip2) chain; 2234 uint32_t src_addr; /* ip address */ 2235 uint32_t dst_addr; /* ip address */ 2236 uint64_t nrecs; /* flow records */ 2237 uint64_t nflows; /* flows */ 2238 uint64_t noctets; /* octets */ 2239 uint64_t npackets; /* packets */ 2240 uint64_t etime; /* duration */ 2241 struct ftps ps; /* per second counters */ 2242 }; 2243 2244 struct ftchash_rec_c162 { 2245 FT_SLIST_ENTRY(ftchash_rec_162) chain; 2246 uint16_t c16a; /* 16 bit quantity # */ 2247 uint16_t c16b; /* 16 bit quantity # */ 2248 uint64_t nrecs; /* flow records */ 2249 uint64_t nflows; /* flows */ 2250 uint64_t noctets; /* octets */ 2251 uint64_t npackets; /* packets */ 2252 uint64_t etime; /* duration */ 2253 struct ftps ps; /* per second counters */ 2254 }; 2255 2256 struct ftchash_rec_c163 { 2257 FT_SLIST_ENTRY(ftchash_rec_163) chain; 2258 uint16_t c16a; /* 16 bit quantity # */ 2259 uint16_t c16b; /* 16 bit quantity # */ 2260 uint16_t c16c; /* 16 bit quantity # */ 2261 uint16_t fill; /* 16 bit quantity # */ 2262 uint64_t nrecs; /* flow records */ 2263 uint64_t nflows; /* flows */ 2264 uint64_t noctets; /* octets */ 2265 uint64_t npackets; /* packets */ 2266 uint64_t etime; /* duration */ 2267 struct ftps ps; /* per second counters */ 2268 }; 2269 2270 struct ftchash_rec_c164 { 2271 FT_SLIST_ENTRY(ftchash_rec_164) chain; 2272 uint16_t c16a; /* 16 bit quantity # */ 2273 uint16_t c16b; /* 16 bit quantity # */ 2274 uint16_t c16c; /* 16 bit quantity # */ 2275 uint16_t c16d; /* 16 bit quantity # */ 2276 uint64_t nrecs; /* flow records */ 2277 uint64_t nflows; /* flows */ 2278 uint64_t noctets; /* octets */ 2279 uint64_t npackets; /* packets */ 2280 uint64_t etime; /* duration */ 2281 struct ftps ps; /* per second counters */ 2282 }; 2283 2284 struct ftchash_rec_as2 { 2285 FT_SLIST_ENTRY(ftchash_rec_as2) chain; 2286 uint16_t src_as; /* AS # */ 2287 uint16_t dst_as; /* AS # */ 2288 uint64_t nflows; /* flows */ 2289 uint64_t noctets; /* octets */ 2290 uint64_t npackets; /* packets */ 2291 uint64_t etime; /* duration */ 2292 struct ftps ps; /* per second counters */ 2293 }; 2294 2295 struct ftchash_rec_if2 { 2296 FT_SLIST_ENTRY(ftchash_rec_if2) chain; 2297 uint16_t input; /* interface ifIndex */ 2298 uint16_t output; /* interface ifIndex */ 2299 uint64_t nflows; /* flows */ 2300 uint64_t noctets; /* octets */ 2301 uint64_t npackets; /* packets */ 2302 uint64_t etime; /* duration */ 2303 struct ftps ps; /* per second counters */ 2304 }; 2305 2306 struct ftchash_rec_prefix { 2307 FT_SLIST_ENTRY(ftchash_rec_ip) chain; 2308 uint32_t prefix; /* prefix */ 2309 uint8_t mask; /* mask */ 2310 uint8_t fil1; 2311 uint16_t fil2; 2312 uint64_t nrecs; /* flow records */ 2313 uint64_t nflows; /* flows */ 2314 uint64_t noctets; /* octets */ 2315 uint64_t npackets; /* packets */ 2316 uint64_t etime; /* duration */ 2317 struct ftps ps; /* per second counters */ 2318 }; 2319 2320 struct ftchash_rec_prefix_tag { 2321 FT_SLIST_ENTRY(ftchash_rec_ip) chain; 2322 uint32_t prefix; /* prefix */ 2323 uint8_t mask; /* mask */ 2324 uint8_t fil1; 2325 uint16_t fil2; 2326 uint32_t tag; /* tag */ 2327 uint64_t nrecs; /* flow records */ 2328 uint64_t nflows; /* flows */ 2329 uint64_t noctets; /* octets */ 2330 uint64_t npackets; /* packets */ 2331 uint64_t etime; /* duration */ 2332 struct ftps ps; /* per second counters */ 2333 }; 2334 2335 struct ftchash_rec_prefix2 { 2336 FT_SLIST_ENTRY(ftchash_rec_ip) chain; 2337 uint32_t src_prefix; /* prefix */ 2338 uint8_t src_mask; /* mask */ 2339 uint8_t fil1; 2340 uint16_t fil2; 2341 uint32_t dst_prefix; /* prefix */ 2342 uint8_t dst_mask; /* mask */ 2343 uint8_t fil3; 2344 uint16_t fil4; 2345 uint64_t nrecs; /* flow records */ 2346 uint64_t nflows; /* flows */ 2347 uint64_t noctets; /* octets */ 2348 uint64_t npackets; /* packets */ 2349 uint64_t etime; /* duration */ 2350 struct ftps ps; /* per second counters */ 2351 }; 2352 2353 struct ftchash_rec_prefix2tag2 { 2354 FT_SLIST_ENTRY(ftchash_rec_ip) chain; 2355 uint32_t src_prefix; /* prefix */ 2356 uint8_t src_mask; /* mask */ 2357 uint8_t fil1; 2358 uint16_t fil2; 2359 uint32_t dst_prefix; /* prefix */ 2360 uint8_t dst_mask; /* mask */ 2361 uint8_t fil3; 2362 uint16_t fil4; 2363 uint32_t src_tag; /* source tag */ 2364 uint32_t dst_tag; /* destination tag */ 2365 uint64_t nrecs; /* flow records */ 2366 uint64_t nflows; /* flows */ 2367 uint64_t noctets; /* octets */ 2368 uint64_t npackets; /* packets */ 2369 uint64_t etime; /* duration */ 2370 struct ftps ps; /* per second counters */ 2371 }; 2372 2373 struct ftchash_rec_flow1 { 2374 FT_SLIST_ENTRY(ftchash_rec_ip) chain; 2375 uint32_t src_prefix; /* prefix */ 2376 uint8_t src_mask; /* mask */ 2377 uint8_t prot; /* protocol */ 2378 uint16_t src_port; /* source port */ 2379 uint32_t dst_prefix; /* prefix */ 2380 uint8_t dst_mask; /* mask */ 2381 uint8_t tos; /* type of service */ 2382 uint16_t dst_port; /* destination port */ 2383 uint64_t nrecs; /* flow records */ 2384 uint64_t nflows; /* flows */ 2385 uint64_t noctets; /* octets */ 2386 uint64_t npackets; /* packets */ 2387 uint64_t etime; /* duration */ 2388 struct ftps ps; /* per second counters */ 2389 }; 2390 2391 struct ftchash_rec_int { 2392 FT_SLIST_ENTRY(ftchash_rec_int) chain; 2393 uint32_t time; /* unix seconds */ 2394 uint64_t nrecs; /* flow records */ 2395 double nflows; /* flows */ 2396 double noctets; /* octets */ 2397 double npackets; /* packets */ 2398 struct ftps ps; /* per second counters */ 2399 }; 2400 2401 struct ftchash_rec_exp { 2402 FT_SLIST_ENTRY(ftchash_rec_ip) chain; 2403 uint32_t src_ip; /* exporter src IP */ 2404 uint32_t dst_ip; /* exporter dst IP (us) */ 2405 uint16_t d_version; /* data version */ 2406 uint16_t dst_port; /* destination port (FUTURE) */ 2407 uint32_t packets; /* packets received from this exporter */ 2408 uint32_t flows; /* flows received from this exporter */ 2409 uint32_t filtered_flows; /* flows filtered and dropped from this exporter */ 2410 uint32_t lost; /* flows lost */ 2411 uint32_t reset; /* sequence number resets */ 2412 struct ftseq ftseq; /* sequence numbers for this exporter */ 2413 void (*xlate)(void *in_rec, void *out_rec); /* translation function */ 2414 }; 2415 2416 struct ftchash_rec_sym { 2417 FT_SLIST_ENTRY(ftchash_rec_ip) chain; 2418 uint32_t val; /* string value */ 2419 char *str; /* string */ 2420 }; 2421 2422 struct ftchash_rec_fil_c32 { 2423 FT_SLIST_ENTRY(ftchash_rec_fil_ip) chain; 2424 uint32_t c32; /* 32 bit quantity */ 2425 int mode; /* mode */ 2426 }; 2427 2428 struct ftchash_rec_split { 2429 FT_SLIST_ENTRY(ftchash_rec_fil_ip) chain; 2430 uint32_t tag; /* key */ 2431 struct ftio ftio; 2432 int fd, id; 2433 uint32_t total_flows; 2434 uint32_t cap_start, cap_end; 2435 int newfile; 2436 }; 2437 2438 struct ftsym { 2439 char *fbuf; /* file buffer */ 2440 struct ftchash *ftch; /* hash table for value field */ 2441 }; 2442 2443 int ftio_init(struct ftio *ftio, int fd, int flag); 2444 int ftio_interrupt(struct ftio *ftio, uint32_t fields); 2445 void ftio_set_preloaded(struct ftio *ftio, int flag); 2446 void ftio_set_streaming(struct ftio *ftio, int flag); 2447 int ftio_set_ver(struct ftio *ftio, struct ftver *ver); 2448 void ftio_set_byte_order(struct ftio *ftio, int byte_order); 2449 void ftio_set_z_level(struct ftio *ftio, int z_level); 2450 void ftio_set_debug(struct ftio *ftio, int debug); 2451 int ftio_set_comment(struct ftio *ftio, char *comment); 2452 int ftio_set_cap_hostname(struct ftio *ftio, char *hostname); 2453 void ftio_set_cap_time(struct ftio *ftio, uint32_t start, uint32_t end); 2454 void ftio_set_cap_time_start(struct ftio *ftio, uint32_t start); 2455 void ftio_set_flows_count(struct ftio *ftio, uint32_t n); 2456 void ftio_set_corrupt(struct ftio *ftio, uint32_t n); 2457 void ftio_set_lost(struct ftio *ftio, uint32_t n); 2458 void ftio_set_reset(struct ftio *ftio, uint32_t n); 2459 void ftio_set_xip(struct ftio *ftio, uint32_t ip); 2460 2461 void ftio_get_ver(struct ftio *ftio, struct ftver *ver); 2462 uint32_t ftio_get_cap_start(const struct ftio *ftio); 2463 uint32_t ftio_get_cap_end(const struct ftio *ftio); 2464 time_t ftio_get_cap_start_time_t(const struct ftio *ftio); 2465 time_t ftio_get_cap_end_time_t(const struct ftio *ftio); 2466 uint64_t ftio_get_rec_total(struct ftio *ftio); 2467 int ftio_get_debug(struct ftio *ftio); 2468 uint32_t ftio_get_corrupt(struct ftio *ftio); 2469 uint32_t ftio_get_lost(struct ftio *ftio); 2470 uint32_t ftio_get_flows_count(struct ftio *ftio); 2471 2472 char *ftio_get_hostname(struct ftio *ftio); 2473 char *ftio_get_comment(struct ftio *ftio); 2474 int ftio_close(struct ftio *ftio); 2475 void *ftio_read(struct ftio *ftio); 2476 int ftio_write(struct ftio *ftio, void *data); 2477 int ftio_write_header(struct ftio *ftio); 2478 void *ftio_rec_swapfunc(struct ftio *ftio); 2479 int ftio_rec_size(struct ftio *ftio); 2480 void ftio_header_swap(struct ftio *ftio); 2481 void ftio_header_print(struct ftio *ftio, FILE *std, char cc); 2482 void ftio_zstat_print(struct ftio *ftio, FILE *std); 2483 int ftio_check_generic(struct ftio *ftio); 2484 int ftio_check_generic5(struct ftio *ftio); 2485 int ftio_check_xfield(struct ftio *ftio, uint64_t xfield_need); 2486 2487 int ftio_map_load(struct ftio *ftio, char *fname, uint32_t ip); 2488 uint64_t ftio_xfield(struct ftio *ftio); 2489 2490 2491 int ftrec_size(struct ftver *ver); 2492 uint64_t ftrec_xfield(struct ftver *ver); 2493 2494 2495 2496 void fts3rec_swap_v1(struct fts3rec_v1 *rec); 2497 void fts3rec_swap_v5(struct fts3rec_v5 *rec); 2498 void fts3rec_swap_v6(struct fts3rec_v6 *rec); 2499 void fts3rec_swap_v7(struct fts3rec_v7 *rec); 2500 void fts3rec_swap_v8_1(struct fts3rec_v8_1 *rec); 2501 void fts3rec_swap_v8_2(struct fts3rec_v8_2 *rec); 2502 void fts3rec_swap_v8_3(struct fts3rec_v8_3 *rec); 2503 void fts3rec_swap_v8_4(struct fts3rec_v8_4 *rec); 2504 void fts3rec_swap_v8_5(struct fts3rec_v8_5 *rec); 2505 void fts3rec_swap_v8_6(struct fts3rec_v8_6 *rec); 2506 void fts3rec_swap_v8_7(struct fts3rec_v8_7 *rec); 2507 void fts3rec_swap_v8_8(struct fts3rec_v8_8 *rec); 2508 void fts3rec_swap_v8_9(struct fts3rec_v8_9 *rec); 2509 void fts3rec_swap_v8_10(struct fts3rec_v8_10 *rec); 2510 void fts3rec_swap_v8_11(struct fts3rec_v8_11 *rec); 2511 void fts3rec_swap_v8_12(struct fts3rec_v8_12 *rec); 2512 void fts3rec_swap_v8_13(struct fts3rec_v8_13 *rec); 2513 void fts3rec_swap_v8_14(struct fts3rec_v8_14 *rec); 2514 void fts1rec_swap_compat(struct fts1rec_compat *rec); 2515 void fts3rec_swap_v1005(struct fts3rec_v1005 *rec); 2516 2517 int fts3rec_pdu_decode(struct ftpdu *ftpdu); 2518 int fts3rec_pdu_v1_decode(struct ftpdu *ftpdu); 2519 int fts3rec_pdu_v5_decode(struct ftpdu *ftpdu); 2520 int fts3rec_pdu_v6_decode(struct ftpdu *ftpdu); 2521 int fts3rec_pdu_v7_decode(struct ftpdu *ftpdu); 2522 int fts3rec_pdu_v8_1_decode(struct ftpdu *ftpdu); 2523 int fts3rec_pdu_v8_2_decode(struct ftpdu *ftpdu); 2524 int fts3rec_pdu_v8_3_decode(struct ftpdu *ftpdu); 2525 int fts3rec_pdu_v8_4_decode(struct ftpdu *ftpdu); 2526 int fts3rec_pdu_v8_5_decode(struct ftpdu *ftpdu); 2527 int fts3rec_pdu_v8_6_decode(struct ftpdu *ftpdu); 2528 int fts3rec_pdu_v8_7_decode(struct ftpdu *ftpdu); 2529 int fts3rec_pdu_v8_8_decode(struct ftpdu *ftpdu); 2530 int fts3rec_pdu_v8_9_decode(struct ftpdu *ftpdu); 2531 int fts3rec_pdu_v8_10_decode(struct ftpdu *ftpdu); 2532 int fts3rec_pdu_v8_11_decode(struct ftpdu *ftpdu); 2533 int fts3rec_pdu_v8_12_decode(struct ftpdu *ftpdu); 2534 int fts3rec_pdu_v8_13_decode(struct ftpdu *ftpdu); 2535 int fts3rec_pdu_v8_14_decode(struct ftpdu *ftpdu); 2536 2537 int fts3rec_pdu_encode(struct ftencode *enc, void *rec); 2538 int fts3rec_pdu_v1_encode(struct ftencode *enc, struct fts3rec_v1 *rec_v1); 2539 int fts3rec_pdu_v5_encode(struct ftencode *enc, struct fts3rec_v5 *rec_v5); 2540 int fts3rec_pdu_v6_encode(struct ftencode *enc, struct fts3rec_v6 *rec_v6); 2541 int fts3rec_pdu_v7_encode(struct ftencode *enc, struct fts3rec_v7 *rec_v7); 2542 int fts3rec_pdu_v8_1_encode(struct ftencode *enc, 2543 struct fts3rec_v8_1 *rec_v8_1); 2544 int fts3rec_pdu_v8_2_encode(struct ftencode *enc, 2545 struct fts3rec_v8_2 *rec_v8_2); 2546 int fts3rec_pdu_v8_3_encode(struct ftencode *enc, 2547 struct fts3rec_v8_3 *rec_v8_3); 2548 int fts3rec_pdu_v8_4_encode(struct ftencode *enc, 2549 struct fts3rec_v8_4 *rec_v8_4); 2550 int fts3rec_pdu_v8_5_encode(struct ftencode *enc, 2551 struct fts3rec_v8_5 *rec_v8_5); 2552 int fts3rec_pdu_v8_6_encode(struct ftencode *enc, 2553 struct fts3rec_v8_6 *rec_v8_6); 2554 int fts3rec_pdu_v8_7_encode(struct ftencode *enc, 2555 struct fts3rec_v8_7 *rec_v8_7); 2556 int fts3rec_pdu_v8_8_encode(struct ftencode *enc, 2557 struct fts3rec_v8_8 *rec_v8_8); 2558 int fts3rec_pdu_v8_9_encode(struct ftencode *enc, 2559 struct fts3rec_v8_9 *rec_v8_9); 2560 int fts3rec_pdu_v8_10_encode(struct ftencode *enc, 2561 struct fts3rec_v8_10 *rec_v8_10); 2562 int fts3rec_pdu_v8_11_encode(struct ftencode *enc, 2563 struct fts3rec_v8_11 *rec_v8_11); 2564 int fts3rec_pdu_v8_12_encode(struct ftencode *enc, 2565 struct fts3rec_v8_12 *rec_v8_12); 2566 int fts3rec_pdu_v8_13_encode(struct ftencode *enc, 2567 struct fts3rec_v8_13 *rec_v8_13); 2568 int fts3rec_pdu_v8_14_encode(struct ftencode *enc, 2569 struct fts3rec_v8_14 *rec_v8_14); 2570 2571 int ftprof_start(struct ftprof *ftp); 2572 int ftprof_end(struct ftprof *ftp, uint64_t nflows); 2573 void ftprof_print(struct ftprof *ftp, char *prog, FILE *std); 2574 2575 int ftiheader_read(int fd, struct ftiheader *h); 2576 2577 struct fttime ftltime(uint32_t sys, uint32_t secs, uint32_t nsecs, uint32_t t); 2578 2579 void ftencode_init(struct ftencode *enc, int flags); 2580 void ftencode_reset(struct ftencode *enc); 2581 void ftencode_sum_data(struct ftencode *enc); 2582 2583 void ftpdu_swap(void *pdu, int cur); 2584 void ftpdu_v1_swap(struct ftpdu_v1 *pdu, int cur); 2585 void ftpdu_v5_swap(struct ftpdu_v5 *pdu, int cur); 2586 void ftpdu_v6_swap(struct ftpdu_v6 *pdu, int cur); 2587 void ftpdu_v7_swap(struct ftpdu_v7 *pdu, int cur); 2588 void ftpdu_v8_1_swap(struct ftpdu_v8_1 *pdu, int cur); 2589 void ftpdu_v8_2_swap(struct ftpdu_v8_2 *pdu, int cur); 2590 void ftpdu_v8_3_swap(struct ftpdu_v8_3 *pdu, int cur); 2591 void ftpdu_v8_4_swap(struct ftpdu_v8_4 *pdu, int cur); 2592 void ftpdu_v8_5_swap(struct ftpdu_v8_5 *pdu, int cur); 2593 void ftpdu_v8_6_swap(struct ftpdu_v8_6 *pdu, int cur); 2594 void ftpdu_v8_7_swap(struct ftpdu_v8_7 *pdu, int cur); 2595 void ftpdu_v8_8_swap(struct ftpdu_v8_8 *pdu, int cur); 2596 void ftpdu_v8_9_swap(struct ftpdu_v8_9 *pdu, int cur); 2597 void ftpdu_v8_10_swap(struct ftpdu_v8_10 *pdu, int cur); 2598 void ftpdu_v8_11_swap(struct ftpdu_v8_11 *pdu, int cur); 2599 void ftpdu_v8_12_swap(struct ftpdu_v8_12 *pdu, int cur); 2600 void ftpdu_v8_13_swap(struct ftpdu_v8_13 *pdu, int cur); 2601 void ftpdu_v8_14_swap(struct ftpdu_v8_14 *pdu, int cur); 2602 2603 int ftpdu_verify(struct ftpdu *pdu); 2604 int ftpdu_check_seq(struct ftpdu *pdu, struct ftseq *ftseq); 2605 2606 int fttlv_enc_uint32(void *buf, int buf_size, int flip, uint16_t t, uint32_t v); 2607 int fttlv_enc_uint16(void *buf, int buf_size, int flip, uint16_t t, uint16_t v); 2608 int fttlv_enc_uint8(void *buf, int buf_size, int flip, uint16_t t, uint8_t v); 2609 int fttlv_enc_str(void *buf, int buf_size, int flip, uint16_t t, char *v); 2610 int fttlv_enc_ifname(void *buf, int buf_size, int flip, uint16_t t, 2611 uint32_t ip, uint16_t ifIndex, char *name); 2612 int fttlv_enc_ifalias(void *buf, int buf_size, int flip, uint16_t t, 2613 uint32_t ip, uint16_t *ifIndex_list, uint16_t entries, char *name); 2614 2615 2616 void ftfile_free(struct ftfile_entries *fte); 2617 int ftfile_loadfile(struct ftfile_entries *fte, char *fname, int sort); 2618 int ftfile_loaddir(struct ftfile_entries *fte, char *dir, int sort); 2619 int ftfile_add_tail(struct ftfile_entries *fte, char *fname, off_t size, 2620 uint32_t start); 2621 int ftfile_expire (struct ftfile_entries *fte, int doit, int curbytes); 2622 int ftfile_dump(struct ftfile_entries *fte); 2623 struct ftfile_entry *ftfile_entry_new(int len); 2624 void ftfile_entry_free(struct ftfile_entry *entry); 2625 int ftfile_mkpath(time_t ftime, int nest); 2626 void ftfile_pathname(char *buf, int bsize, int nest, struct ftver ftv, 2627 int done, time_t ftime); 2628 2629 2630 2631 void ftset_init(struct ftset *ftset, int z_level); 2632 2633 struct ftmap *ftmap_load(char *fname, uint32_t ip); 2634 void ftmap_free(struct ftmap *ftmap); 2635 struct ftmap *ftmap_new(void); 2636 struct ftmap_ifalias *ftmap_ifalias_new(uint32_t ip, uint16_t *ifIndex_list, 2637 uint16_t entries, char *name); 2638 struct ftmap_ifname *ftmap_ifname_new(uint32_t ip, uint16_t ifIndex, char *name); 2639 2640 /* fterr */ 2641 2642 void fterr_setid(char *id); 2643 void fterr_setfile(int enable, void *fp); 2644 void fterr_setsyslog(int enable, int logopt, int facility); 2645 void fterr_setexit(void (*f)(int)); 2646 void fterr_warn(const char *fmt, ...); 2647 void fterr_warnx(const char *fmt, ...); 2648 void fterr_err(int code, const char *fmt, ...); 2649 void fterr_errx(int code, const char *fmt, ...); 2650 void fterr_info(const char *fmt, ...); 2651 2652 int ftrec_mask_ip(void *rec, struct ftver *ftv, struct ftipmask *m); 2653 void ftrec_compute_mask(struct ftipmask *m, uint32_t src, uint32_t dst, int 2654 byte_order); 2655 2656 /* ftvar */ 2657 struct ftvar_entry { 2658 FT_SLIST_ENTRY(ftvar_entry) chain; /* list */ 2659 char *name, *val; 2660 }; 2661 2662 struct ftvar { 2663 FT_SLIST_HEAD(ftvarhead, ftvar_entry) entries; /* variables */ 2664 }; 2665 2666 2667 /* ftchash_ */ 2668 struct ftchash *ftchash_new(int h_size, int d_size, int key_size, 2669 int chunk_entries); 2670 void *ftchash_lookup(struct ftchash *ftch, void *key, uint32_t hash); 2671 void ftchash_free(struct ftchash *ftch); 2672 void *ftchash_update(struct ftchash *ftch, void *newrec, uint32_t hash); 2673 void *ftchash_alloc_rec(struct ftchash *ftch); 2674 void *ftchash_foreach(struct ftchash *ftch); 2675 void ftchash_first(struct ftchash *ftch); 2676 int ftchash_sort(struct ftchash *ftch, int offset, int flags); 2677 2678 void ftrec_xlate(void *in_rec, struct ftver *in_ftv, void *out_rec, 2679 struct ftver *out_ftv); 2680 2681 void *ftrec_xlate_func(struct ftver *in_ftv, struct ftver *out_ftv); 2682 2683 int fts3rec_compute_offsets(struct fts3rec_offsets *o, struct ftver *ftv); 2684 2685 struct ftsym *ftsym_new(const char *fname); 2686 void ftsym_free(struct ftsym *ftsym); 2687 int ftsym_findbyname(struct ftsym *ftsym, const char *name, uint32_t *val); 2688 int ftsym_findbyval(struct ftsym *ftsym, uint32_t val, char **name); 2689 2690 /* fttag */ 2691 int fttag_load(struct fttag *fttag, struct ftvar *ftvar, const char *fname); 2692 void fttag_free(struct fttag *fttag); 2693 int fttag_def_eval(struct fttag_def *ftd, struct fts3rec_v1005 *rec_out); 2694 struct fttag_def *fttag_def_find(struct fttag *fttag, const char *name); 2695 2696 /* ftxlate */ 2697 int ftxlate_load(struct ftxlate *ftxlate, struct ftvar *ftvar, const char *fname); 2698 void ftxlate_free(struct ftxlate *ftxlate); 2699 int ftxlate_def_eval(struct ftxlate_def *ftd, char *rec, 2700 struct fts3rec_offsets *fo); 2701 struct ftxlate_def *ftxlate_def_find(struct ftxlate *ftxlate, const char *name); 2702 int ftxlate_def_test_xfields(struct ftxlate_def *active_def, uint64_t test); 2703 2704 /* ftfil */ 2705 struct ftfil_def *ftfil_def_find(struct ftfil *ftfil, const char *name); 2706 int ftfil_def_eval(struct ftfil_def *active_def, 2707 char *rec, struct fts3rec_offsets *fo); 2708 void ftfil_free(struct ftfil *ftfil); 2709 int ftfil_load(struct ftfil *ftfil, struct ftvar *ftvar, const char *fname); 2710 int ftfil_def_test_xfields(struct ftfil_def *active_def, uint64_t test); 2711 2712 2713 enum ftstat_rpt_format {FT_STAT_FMT_UNSET, 2714 FT_STAT_FMT_ASCII, 2715 FT_STAT_FMT_BINARY}; 2716 2717 enum ftstat_rpt_time { FT_STAT_TIME_UNSET, FT_STAT_TIME_NOW, 2718 FT_STAT_TIME_START, FT_STAT_TIME_END, 2719 FT_STAT_TIME_MID }; 2720 2721 struct ftstat_rpt { 2722 FT_SLIST_ENTRY(ftstat_rpt) chain; /* list */ 2723 FT_STAILQ_HEAD(ftstatrptouthead, ftstat_rpt_out) outs; 2724 struct ftstat_rpt_out *out; /* current output */ 2725 enum ftstat_rpt_format format; /* FT_STAT_FMT* */ 2726 char *name; /* name of the report */ 2727 char *format_name; /* name of format */ 2728 uint32_t scale; /* scale data by? 0=no scaling */ 2729 uint32_t tag_mask_src, tag_mask_dst; /* enabled with FT_STAT_OPT_TAG_MASK */ 2730 int options; /* options FT_STAT_OPT_* default to 0 */ 2731 int allowed_options; /* options supported by report */ 2732 int allowed_fields; /* fields supported by report */ 2733 uint32_t all_fields; /* all of out->fields */ 2734 struct ftfil_def *ftfd; /* filter definition */ 2735 uint64_t xfields; /* FT_XFIELD_* */ 2736 void *data; /* ftstat_rpt_n */ 2737 void* (*f_new)(struct ftstat_rpt *ftsrpt); /* ftstat_rpt_n_new */ 2738 void* (*f_accum)(struct ftstat_rpt *ftsrpt, char *rec, struct fts3rec_offsets *fo); /* ftstat_rpt_n_accum */ 2739 void* (*f_calc)(struct ftstat_rpt *ftsrpt); /* ftstat_rpt_n_calc */ 2740 void* (*f_free)(void *data); /* ftstat_rpt_n_free */ 2741 void* (*f_dump)(FILE *fp, struct ftio *ftio, struct ftstat_rpt *ftsrpt); /* ftstat_rpt_n_dump */ 2742 /* totals */ 2743 uint64_t t_ignores, t_recs, t_flows, t_octets, t_packets, t_duration; 2744 uint64_t t_count; 2745 double avg_pps, min_pps, max_pps; 2746 double avg_bps, min_bps, max_bps; 2747 uint32_t time_start; /* real time of earliest flow */ 2748 uint32_t time_end; /* real time of latest flow */ 2749 uint64_t recs; /* records in report */ 2750 uint64_t idx; 2751 }; 2752 2753 struct ftstat_rpt_out { 2754 FT_STAILQ_ENTRY(ftstat_rpt_out) chain; /* list */ 2755 uint64_t records; /* report records 0=all */ 2756 uint32_t tally; /* tally lines 0=none */ 2757 int options; /* options FT_STAT_OPT_* default to 0 */ 2758 uint32_t fields; /* FT_STAT_FIELD_* - default to allowed_fields */ 2759 int sort_field; /* field to sort on FT_STAT_FIELD_* */ 2760 int sort_order; /* FT_STAT_FIELD_SORT_* */ 2761 enum ftstat_rpt_time time; /* where to derive clock for output path */ 2762 char *path; /* pathname of output */ 2763 void* (*f_dump)(FILE *fp, struct ftio *ftio, struct ftstat_rpt *ftsrpt); /* ftstat_rpt_n_dump */ 2764 }; 2765 2766 struct ftstat_rpt_item { 2767 FT_STAILQ_ENTRY(ftstat_rpt_item) chain; /* list */ 2768 char *tmp_report; /* temporary pointer to report name */ 2769 struct ftstat_rpt *rpt; 2770 }; 2771 2772 struct ftstat_def { 2773 FT_SLIST_ENTRY(ftstat_def) chain; /* list */ 2774 FT_STAILQ_HEAD(ftstatrptihead, ftstat_rpt_item) items; 2775 char *name; /* name of the def */ 2776 struct ftfil_def *ftfd; /* filter definition */ 2777 struct fttag_def *ftd; /* tag definition */ 2778 struct ftmask_def *ftmd; /* tag definition */ 2779 struct ftstat *ftstat; /* back pointer */ 2780 uint32_t max_time; /* maximum seconds for report definition */ 2781 uint32_t start_time; /* start seconds */ 2782 uint32_t interval; /* time series interval */ 2783 uint64_t xfields; /* required flow fields - FT_XFIELD_* */ 2784 }; 2785 2786 struct ftstat { 2787 FT_SLIST_HEAD(statrpthead, ftstat_rpt) rpts; /* reports */ 2788 FT_SLIST_HEAD(statdefhead, ftstat_def) defs; /* defs */ 2789 struct fttag fttag; 2790 struct ftfil ftfil; 2791 struct ftmask ftmask; 2792 int fttag_init; /* fttag initialized? */ 2793 int ftfil_init; /* ftfil initialized? */ 2794 int ftmask_init; /* ftmask initialized? */ 2795 char *tag_fname, *filter_fname, *mask_fname; 2796 struct ftvar *ftvar; 2797 }; 2798 2799 /* ftstat */ 2800 int ftstat_load(struct ftstat *ftstat, struct ftvar *ftvar, const char *fname); 2801 void ftstat_free(struct ftstat *ftstat); 2802 struct ftstat_def *ftstat_def_find(struct ftstat *ftstat, const char *name); 2803 int ftstat_def_test_xfields(struct ftstat_def *active_def, uint64_t test); 2804 int ftstat_def_new(struct ftstat_def *active_def); 2805 int ftstat_def_accum(struct ftstat_def *active_def, 2806 char *rec, struct fts3rec_offsets *fo); 2807 int ftstat_def_calc(struct ftstat_def *active_def); 2808 int ftstat_def_dump(struct ftio *ftio, struct ftstat_def *active_def); 2809 int ftstat_def_free(struct ftstat_def *active_def); 2810 int ftstat_def_reset(struct ftstat_def *active_def); 2811 void ftstat_list_reports(FILE *out); 2812 2813 /* fttag */ 2814 struct fttag_action { 2815 FT_SLIST_ENTRY(fttag_action) chain; /* list of all actions */ 2816 int type; /* FT_TAG_TYPE_MATCH_* */ 2817 char *name; 2818 void *look; 2819 void (*eval)(struct fttag_action *fta, struct fts3rec_v1005 *rec); 2820 }; 2821 2822 struct fttag_def_term { 2823 FT_STAILQ_ENTRY(fttag_def_term) chain; /* list of terms */ 2824 FT_STAILQ_HEAD(actdhead, fttag_def_term_actions) actions; /* actions */ 2825 int type; /* FT_TAG_TYPE_MATCH_* */ 2826 int flags; /* FT_TAG_DEF_ */ 2827 uint32_t exporter_ip; /* exporter filter */ 2828 char in_tbl[65536]; /* input filter */ 2829 char out_tbl[65536]; /* output filter */ 2830 }; 2831 2832 struct fttag_def_term_actions { 2833 FT_STAILQ_ENTRY(fttag_def_term_actions) chain; /* all actions */ 2834 struct fttag_action *action; /* filled in by resolve_actions */ 2835 char *name; /* temporary, invalid after config file is closed */ 2836 }; 2837 2838 struct fttag_def { 2839 FT_SLIST_ENTRY(fttag_def) chain; 2840 FT_STAILQ_HEAD(dthead, fttag_def_term) terms; /* terms */ 2841 char *name; 2842 }; 2843 2844 int ftvar_new(struct ftvar *ftvar); 2845 void ftvar_free(struct ftvar *ftvar); 2846 int ftvar_set(struct ftvar *ftvar, char *name, char *val); 2847 struct ftvar_entry *ftvar_find(struct ftvar *ftvar, char *name); 2848 void ftvar_clear(struct ftvar *ftvar, char *name); 2849 int ftvar_pset(struct ftvar *ftvar, char *binding); 2850 int ftvar_evalstr(struct ftvar *ftvar, char *src, char *dst, int dstlen); 2851 2852 2853 struct ftpeeri { 2854 uint32_t loc_ip; /* local ip address */ 2855 uint32_t rem_ip; /* remote ip address */ 2856 uint16_t dst_port; /* destination port */ 2857 uint8_t ttl; /* ttl */ 2858 }; 2859 2860 struct ip_prefix { 2861 uint32_t addr; 2862 uint8_t len; 2863 }; 2864 2865 void print_3float(float f); 2866 void print_3float2(float f); 2867 int load_lookup(char *s, int size, char *list); 2868 uint32_t scan_ip(char *s); 2869 int64_t scan_size(char *val); 2870 int udp_cksum(struct ip *ip, struct udphdr *up, int len); 2871 2872 int unlink_pidfile(int pid, char *file, uint16_t port); 2873 int write_pidfile(int pid, char *file, uint16_t port); 2874 2875 struct ftpeeri scan_peeri(char *input); 2876 struct ip_prefix scan_ip_prefix(char *input); 2877 2878 #ifdef POSIX_SIGNALS 2879 #define signal mysignal 2880 void *mysignal(int signo, void *func); 2881 #endif /* POSIX_SIGNALS */ 2882 2883 int get_gmtoff(time_t t); 2884 2885 uint32_t ipv4_len2mask(uint8_t len); 2886 2887 int bigsockbuf(int fd, int dir, int size); 2888 2889 int mkpath(const char *path, mode_t mode); 2890 2891 time_t get_date (const char *p, const time_t *now); 2892 2893 struct bit1024 { 2894 uint32_t n[32]; 2895 }; 2896 2897 void bit1024_store(int d, struct bit1024 *old); 2898 void bit1024_print(FILE *FP, struct bit1024 *b); 2899 int bit1024_count(struct bit1024 *b); 2900 2901 #define FMT_UINT64 21 /* 18446744073709551615 + \0 */ 2902 #define FMT_UINT32 11 /* 4294967295 + \0 */ 2903 #define FMT_UINT16 6 /* 65535 + \0 */ 2904 #define FMT_UINT8 4 /* 256 + \0 */ 2905 #define FMT_IPV4 16 /* 111.111.111.111 + \0 */ 2906 #define FMT_IPV4_PREFIX 19 /* 111.111.111.111/32 + \0 */ 2907 2908 #define FMT_PAD_LEFT 0 2909 #define FMT_PAD_RIGHT 1 2910 #define FMT_JUST_LEFT 2 2911 #define FMT_JUST_RIGHT FMT_PAD_LEFT 2912 #define FMT_SYM 4 2913 2914 unsigned int fmt_uint8(char *s, uint8_t u, int format); 2915 unsigned int fmt_uint16(char *s, uint16_t u, int format); 2916 unsigned int fmt_uint32(char *s, uint32_t u, int format); 2917 unsigned int fmt_uint64(char *s, uint64_t u, int format); 2918 unsigned int fmt_ipv4(char *s, uint32_t u, int format); 2919 unsigned int fmt_ipv4s(char *s, uint32_t u, int len, 2920 int format); 2921 unsigned int fmt_ipv4prefix(char *s, uint32_t u, 2922 unsigned char mask, int format); 2923 unsigned int fmt_ipv4prefixs(char *s, uint32_t u, 2924 unsigned char mask, int len, int format); 2925 2926 unsigned int fmt_uint8s(struct ftsym *ftsym, int max, char *s, uint8_t u, 2927 int format); 2928 2929 unsigned int fmt_uint16s(struct ftsym *ftsym, int max, char *s, uint16_t u, 2930 int format); 2931 2932 unsigned int fmt_uint32s(struct ftsym *ftsym, int max, char *s, uint32_t u, 2933 int format); 2934 2935 void *mysignal(int signo, void *func); 2936 2937 /* ftxfield */ 2938 int ftxfield_parse(char *line, uint64_t *xfields); 2939 2940 #ifndef IN_CLASSD_SSM 2941 #define IN_CLASSD_SSM(i) (((uint32_t)(i) & 0xff000000) == 0xe8000000) 2942 #endif /* IN_CLASSD_SSM */ 2943 2944 enum ft_config_path { 2945 _FT_PATH_CFG_MAP, 2946 _FT_PATH_CFG_TAG, 2947 _FT_PATH_CFG_FILTER, 2948 _FT_PATH_CFG_STAT, 2949 _FT_PATH_CFG_MASK, 2950 _FT_PATH_CFG_XLATE, 2951 _FT_PATH_SYM_IP_PROT, 2952 _FT_PATH_SYM_IP_TYPE, 2953 _FT_PATH_SYM_TCP_PORT, 2954 _FT_PATH_SYM_ASN, 2955 _FT_PATH_SYM_TAG 2956 }; 2957 2958 const char *ft_get_path(enum ft_config_path pathid); 2959 2960 #define FTPATHS_H 2961 2962 #define FT_PATH_CFG_MAP ft_get_path(_FT_PATH_CFG_MAP) 2963 #define FT_PATH_CFG_TAG ft_get_path(_FT_PATH_CFG_TAG) 2964 #define FT_PATH_CFG_FILTER ft_get_path(_FT_PATH_CFG_FILTER) 2965 #define FT_PATH_CFG_STAT ft_get_path(_FT_PATH_CFG_STAT) 2966 #define FT_PATH_CFG_MASK ft_get_path(_FT_PATH_CFG_MASK) 2967 #define FT_PATH_CFG_XLATE ft_get_path(_FT_PATH_CFG_XLATE) 2968 2969 #define FT_PATH_SYM_IP_PROT ft_get_path(_FT_PATH_SYM_IP_PROT) 2970 #define FT_PATH_SYM_IP_TYPE ft_get_path(_FT_PATH_SYM_IP_TYPE) 2971 #define FT_PATH_SYM_TCP_PORT ft_get_path(_FT_PATH_SYM_TCP_PORT) 2972 #define FT_PATH_SYM_ASN ft_get_path(_FT_PATH_SYM_ASN) 2973 #define FT_PATH_SYM_TAG ft_get_path(_FT_PATH_SYM_TAG) 2974 2975 #endif /* FTLIB_H */ 2976