1 /***********************************************************************
2 *                                                                      *
3 *               This software is part of the ast package               *
4 *          Copyright (c) 2002-2011 AT&T Intellectual Property          *
5 *                      and is licensed under the                       *
6 *                 Eclipse Public License, Version 1.0                  *
7 *                    by AT&T Intellectual Property                     *
8 *                                                                      *
9 *                A copy of the License is available at                 *
10 *          http://www.eclipse.org/org/documents/epl-v10.html           *
11 *         (with md5 checksum b35adb5213ca9657e911e9befb180842)         *
12 *                                                                      *
13 *              Information and Software Systems Research               *
14 *                            AT&T Research                             *
15 *                           Florham Park NJ                            *
16 *                                                                      *
17 *               Glenn Fowler <glenn.s.fowler@gmail.com>                *
18 *                                                                      *
19 ***********************************************************************/
20 #pragma prototyped
21 /*
22  * cisco netflow data interface
23  *
24  * Glenn Fowler
25  * AT&T Research
26  */
27 
28 #ifndef _NETFLOW_H
29 #define _NETFLOW_H
30 
31 #include <ast_common.h>
32 
33 #define NETFLOW_PACKET			1464
34 
35 #define NETFLOW_SET_bgp_hopv4		(1<<0)
36 #define NETFLOW_SET_bgp_hopv6		(1<<1)
37 #define NETFLOW_SET_dst_addrv4		(1<<2)
38 #define NETFLOW_SET_dst_addrv6		(1<<3)
39 #define NETFLOW_SET_hopv4		(1<<4)
40 #define NETFLOW_SET_hopv6		(1<<5)
41 #define NETFLOW_SET_router_scv4		(1<<6)
42 #define NETFLOW_SET_router_scv6		(1<<7)
43 #define NETFLOW_SET_src_addrv4		(1<<8)
44 #define NETFLOW_SET_src_addrv6		(1<<9)
45 
46 /* (V9) index order */
47 
48 #define NETFLOW_in_bytes		1
49 #define NETFLOW_in_packets		2
50 #define NETFLOW_flows			3
51 #define NETFLOW_protocol		4
52 #define NETFLOW_src_tos			5
53 #define NETFLOW_tcp_flags		6
54 #define NETFLOW_src_port		7
55 #define NETFLOW_src_addrv4		8
56 #define NETFLOW_src_maskv4		9
57 #define NETFLOW_input_snmp		10
58 #define NETFLOW_dst_port		11
59 #define NETFLOW_dst_addrv4		12
60 #define NETFLOW_dst_maskv4		13
61 #define NETFLOW_output_snmp		14
62 #define NETFLOW_hopv4			15
63 #define NETFLOW_src_as			16
64 #define NETFLOW_dst_as			17
65 #define NETFLOW_bgp_hopv4		18
66 #define NETFLOW_mul_dst_packets		19
67 #define NETFLOW_mul_dst_bytes		20
68 #define NETFLOW_last			21
69 #define NETFLOW_first			22
70 #define NETFLOW_out_bytes		23
71 #define NETFLOW_out_packets		24
72 #define NETFLOW_min_packet_length	25
73 #define NETFLOW_max_packet_length	26
74 #define NETFLOW_src_addrv6		27
75 #define NETFLOW_dst_addrv6		28
76 #define NETFLOW_src_maskv6		29
77 #define NETFLOW_dst_maskv6		30
78 #define NETFLOW_flow_label		31
79 #define NETFLOW_icmp_type		32
80 #define NETFLOW_mul_igmp_type		33
81 #define NETFLOW_sampler_interval	34
82 #define NETFLOW_sampler_algorithm	35
83 #define NETFLOW_flow_active_timeout	36
84 #define NETFLOW_flow_inactive_timeout	37
85 #define NETFLOW_engine_type		38
86 #define NETFLOW_engine_id		39
87 #define NETFLOW_total_bytes_exp		40
88 #define NETFLOW_total_packets_exp	41
89 #define NETFLOW_total_flows_exp		42
90 #define NETFLOW_vendor_43		43
91 #define NETFLOW_src_prefixv4		44
92 #define NETFLOW_dst_prefixv4		45
93 #define NETFLOW_mpls_top_label_type	46
94 #define NETFLOW_mpls_top_label_class	47
95 #define NETFLOW_sampler_id		48
96 #define NETFLOW_sampler_mode		49
97 #define NETFLOW_sampler_random_interval	50
98 #define NETFLOW_vendor_51		51
99 #define NETFLOW_min_ttl			52
100 #define NETFLOW_max_ttl			53
101 #define NETFLOW_ident			54
102 #define NETFLOW_dst_tos			55
103 #define NETFLOW_in_src_mac		56
104 #define NETFLOW_out_dst_mac		57
105 #define NETFLOW_src_vlan		58
106 #define NETFLOW_dst_vlan		59
107 #define NETFLOW_ip_protocol_version	60
108 #define NETFLOW_direction		61
109 #define NETFLOW_hopv6			62
110 #define NETFLOW_bgp_hopv6		63
111 #define NETFLOW_option_headers		64
112 #define NETFLOW_vendor_65		65
113 #define NETFLOW_vendor_66		66
114 #define NETFLOW_vendor_67		67
115 #define NETFLOW_vendor_68		68
116 #define NETFLOW_vendor_69		69
117 #define NETFLOW_mpls_label_1		70
118 #define NETFLOW_mpls_label_2		71
119 #define NETFLOW_mpls_label_3		72
120 #define NETFLOW_mpls_label_4		73
121 #define NETFLOW_mpls_label_5		74
122 #define NETFLOW_mpls_label_6		75
123 #define NETFLOW_mpls_label_7		76
124 #define NETFLOW_mpls_label_8		77
125 #define NETFLOW_mpls_label_9		78
126 #define NETFLOW_mpls_label_10		79
127 #define NETFLOW_in_dst_mac		80
128 #define NETFLOW_out_src_mac		81
129 #define NETFLOW_if_name			82
130 #define NETFLOW_if_desc			83
131 #define NETFLOW_sampler_name		84
132 #define NETFLOW_in_permanent_bytes	85
133 #define NETFLOW_in_permanent_packets	86
134 #define NETFLOW_vendor_87		87
135 #define NETFLOW_fragment_offset		88
136 #define NETFLOW_forwarding_status	89
137 
138 #define NETFLOW_TEMPLATE		89
139 
140 #define NETFLOW_bytes			90
141 #define NETFLOW_count			91
142 #define NETFLOW_dst_as16		92
143 #define NETFLOW_dst_as32		93
144 #define NETFLOW_end			94
145 #define NETFLOW_flags			95
146 #define NETFLOW_flow_sequence		96
147 #define NETFLOW_forwarding_code		97
148 #define NETFLOW_nsec			98
149 #define NETFLOW_packets			99
150 #define NETFLOW_router_scv4		100
151 #define NETFLOW_router_scv6		101
152 #define NETFLOW_src_as16		102
153 #define NETFLOW_src_as32		103
154 #define NETFLOW_start			104
155 #define NETFLOW_tcp_misseq_cnt		105
156 #define NETFLOW_tcp_retx_cnt		106
157 #define NETFLOW_tcp_retx_secs		107
158 #define NETFLOW_time			108
159 #define NETFLOW_uptime			109
160 #define NETFLOW_version			110
161 
162 #define NETFLOW_HEADER			110
163 
164 #define NETFLOW_dst_addr		111
165 #define NETFLOW_dst_mask		112
166 #define NETFLOW_dst_prefix		113
167 #define NETFLOW_dst_prefixv6		114
168 #define NETFLOW_hop			115
169 #define NETFLOW_router_sc		116
170 #define NETFLOW_src_addr		117
171 #define NETFLOW_src_mask		118
172 #define NETFLOW_src_prefix		119
173 #define NETFLOW_src_prefixv6		120
174 #define NETFLOW_tos			121
175 
176 #define NETFLOW_GENERIC			121
177 
178 typedef   uint8_t Nfbyte_t;
179 typedef  uint16_t Nfshort_t;
180 typedef  uint32_t Nflong_t;
181 typedef uintmax_t Nftime_t;
182 typedef uintmax_t Nfcount_t;
183 typedef unsigned char Nfaddr_t[16];
184 typedef unsigned char Nfprefix_t[17];
185 typedef unsigned char Nfname_t[32];
186 
187 /*
188  * canonical netflow data
189  */
190 
191 typedef struct Netflow_s
192 {
193 
194 /* (V1-7) */
195 
196 Nflong_t	src_addrv4;	/* ipv4 source address */
197 Nflong_t	dst_addrv4;	/* ipv4 destination address */
198 Nflong_t	hopv4;		/* ipv4 address of next hop router */
199 Nfshort_t	input;		/* Input interface index */
200 Nfshort_t	output;		/* Output interface index */
201 Nflong_t	packets;	/* Packets sent in Duration */
202 Nflong_t	bytes;		/* Bytes sent in Duration. */
203 Nflong_t	first;		/* SysUptime at start of flow */
204 Nflong_t	last;		/* and of last packet of flow */
205 Nfshort_t	src_port;	/* TCP/UDP source port number */
206 Nfshort_t	dst_port;	/* TCP/UDP destination port number */
207 
208 Nfbyte_t	flags;		/* Reason flow was discarded, etc...  */
209 Nfbyte_t	tcp_flags;	/* Cumulative OR of tcp flags for this flow */
210 Nfbyte_t	protocol;	/* ip protocol, e.g., 6=TCP, 17=UDP, ... */
211 Nfbyte_t	src_tos;	/* ip Type-of-Service upon entering incoming interface */
212 
213 /* (V5) */
214 
215 Nfshort_t	src_as16;	/* 16 bit source BGP autonomous system number */
216 Nfshort_t	dst_as16;	/* 16 bit destination BGP autonomous system number */
217 Nfbyte_t	src_maskv4;	/* ipv4 source address prefix mask bits */
218 Nfbyte_t	dst_maskv4;	/* ipv4 destination address prefix mask bits */
219 Nfshort_t	pad5;
220 
221 /* (V7) */
222 
223 Nflong_t	router_scv4;	/* ipv4 address of router shortcut by switch (V7) */
224 
225 /* (V1) */
226 
227 Nfbyte_t	pad1;
228 Nfbyte_t	tcp_retx_cnt;	/* # mis-seq with delay > 1sec (V1) */
229 Nfbyte_t	tcp_retx_secs;	/* # seconds between mis-sequenced packets (V1) */
230 Nfbyte_t	tcp_misseq_cnt;	/* # mis-sequenced tcp packets (V1) */
231 
232 /* (V1-7) header */
233 
234 Nfshort_t	version;	/* Record version (header). */
235 Nfshort_t	count;		/* # records in packet (header). */
236 Nflong_t	uptime;		/* Elapsed millisecs since router booted (header). */
237 Nflong_t	time;		/* Current time since epoch (header). */
238 Nflong_t	nsec;		/* Residual nanoseconds (header). */
239 Nflong_t	flow_sequence;	/* Seq counter of total flows seen (header). */
240 Nfbyte_t	engine_type;	/* Type of flow switching engine 0: RP, 1: Vip/linecard */
241 Nfbyte_t	engine_id;	/* ID number of the flow switching engine */
242 Nfshort_t	sampler_interval;/* Sampling interval. */
243 Nfbyte_t	sampler_mode;	/* Algorithm used for sampling data: 0x02 random sampling */
244 
245 /* header, synthesized, and (V8...) */
246 
247 #define NETFLOW_GROUP_8_BEGIN	start
248 
249 Nftime_t	start;		/* nanoseconds since epoch at flow start (synthesized) */
250 Nftime_t	end;		/* nanoseconds since epoch at flow end (synthesized) */
251 
252 Nfcount_t	in_packets;	/* Incoming counter for the number of packets associated with an ip Flow */
253 Nfcount_t	in_bytes;	/* Incoming counter for the number of bytes associated with an ip Flow */
254 Nfcount_t	mul_dst_bytes;	/* Multicast outgoing byte count */
255 Nfcount_t	mul_dst_packets;/* Multicast outgoing packet count */
256 Nfcount_t	out_bytes;	/* Outgoing counter for the number of bytes associated with an ip Flow */
257 Nfcount_t	out_packets;	/* Outgoing counter for the number of packets associated with an ip Flow */
258 Nfcount_t	flows;		/* Number of flows that were aggregated */
259 Nfcount_t	total_bytes_exp;/* The number of bytes exported by the observation domain */
260 Nfcount_t	total_packets_exp;/* The number of packets exported by the observation domain */
261 Nfcount_t	total_flows_exp;/* The number of flows exported by the observation domain */
262 Nfcount_t	input_snmp;	/* Input interface index */
263 Nfcount_t	output_snmp;	/* Output interface index */
264 Nfcount_t	in_src_mac;	/* Incoming source MAC address */
265 Nfcount_t	out_dst_mac;	/* Outgoing destination MAC address */
266 Nfcount_t	in_dst_mac;	/* Incoming destination MAC address */
267 Nfcount_t	out_src_mac;	/* Outgoing source MAC address */
268 Nfcount_t	in_permanent_bytes;/* Permanent flow byte count */
269 Nfcount_t	in_permanent_packets;/* Permanent flow packet count */
270 
271 Nfcount_t	vendor_43;	/* vendor private value */
272 Nfcount_t	vendor_51;	/* vendor private value */
273 Nfcount_t	vendor_65;	/* vendor private value */
274 Nfcount_t	vendor_66;	/* vendor private value */
275 Nfcount_t	vendor_67;	/* vendor private value */
276 Nfcount_t	vendor_68;	/* vendor private value */
277 Nfcount_t	vendor_69;	/* vendor private value */
278 Nfcount_t	vendor_87;	/* vendor private value */
279 
280 #define NETFLOW_GROUP_4_BEGIN	set
281 
282 Nflong_t	set;		/* NETFLOW_SET_* set bits */
283 Nflong_t	bgp_hopv4;	/* Next hop router's ipv4 address in the BGP domain */
284 Nflong_t	flow_label;	/* ipv6 RFC 2460 flow label */
285 Nflong_t	src_prefixv4	;/* ipv4 source address prefix (catalyst architecture only) */
286 Nflong_t	dst_prefixv4;	/* ipv4 destination address prefix (catalyst architecture only) */
287 Nflong_t	src_as32;	/* 32 bit source BGP autonomous system number */
288 Nflong_t	dst_as32;	/* 32 bit destination BGP autonomous system number */
289 Nflong_t	mpls_top_label_class;/* Forwarding Equivalent Class corresponding to the MPLS Top Label */
290 Nflong_t	sampler_random_interval;/* Packet interval at which to sample */
291 Nflong_t	option_headers;/* Bit-encoded field identifying ipv6 option headers found in the flow */
292 Nflong_t	mpls_label_1;	/* Stack position 1 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */
293 Nflong_t	mpls_label_2;	/* Stack position 2 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */
294 Nflong_t	mpls_label_3;	/* Stack position 3 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */
295 Nflong_t	mpls_label_4;	/* Stack position 4 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */
296 Nflong_t	mpls_label_5;	/* Stack position 5 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */
297 Nflong_t	mpls_label_6;	/* Stack position 6 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */
298 Nflong_t	mpls_label_7;	/* Stack position 7 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */
299 Nflong_t	mpls_label_8;	/* Stack position 8 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */
300 Nflong_t	mpls_label_9;	/* Stack position 9 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */
301 Nflong_t	mpls_label_10;	/* Stack position 10 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */
302 Nflong_t	source_id;	/* flow source id */
303 
304 #define NETFLOW_GROUP_2_BEGIN	min_packet_length
305 
306 Nfshort_t	min_packet_length;/* Minimum incoming ip packet length */
307 Nfshort_t	max_packet_length;/* Maximum incoming ip packet length */
308 Nfshort_t	icmp_type;	/* Internet Control Message Protocol packet type coded as ((type*256)+code) */
309 Nfshort_t	mul_igmp_type;	/* Internet Group Management Protocol packet type coded */
310 Nfshort_t	flow_active_timeout;/* Timeout value (in seconds) for active flow cache entries */
311 Nfshort_t	flow_inactive_timeout;/* Timeout value (in seconds) for inactive flow cache entries */
312 Nfshort_t	ident;		/* ipv4 identification field */
313 Nfshort_t	src_vlan;	/* Virtual LAN identifier associated with ingress interface */
314 Nfshort_t	dst_vlan;	/* Virtual LAN identifier associated with egress interface */
315 Nfshort_t	fragment_offset;/* Fragmented packet fragment-offset */
316 
317 #define NETFLOW_GROUP_1_BEGIN	sampler_algorithm
318 
319 Nfbyte_t	sampler_algorithm;/* 0x01: deterministic, 0x02: random */
320 Nfbyte_t	mpls_top_label_type;/* MPLS Top Label Type: 0x00 UNKNOWN 0x01 TE-MIDPT 0x02 ATOM 0x03 VPN 0x04 BGP 0x05 LDP */
321 Nfbyte_t	sampler_id;	/* Flow sampler ID */
322 Nfbyte_t	min_ttl;	/* Minimum TTL on incoming packets */
323 Nfbyte_t	max_ttl;	/* Maximum TTL on incoming packets */
324 Nfbyte_t	dst_tos;	/* Type of Service on exiting outgoing interface */
325 Nfbyte_t	ip_protocol_version; /* ip version 6: ipv6, 4 or not specified: ipv4 */
326 Nfbyte_t	direction;	/* Flow direction: 0 - ingress flow, 1 - egress flow */
327 Nfbyte_t	forwarding_status;/* Forwarding status 0: unknown, 1: forwarded, 2: dropped, 3: consumed */
328 Nfbyte_t	forwarding_code;/* Forwarding reason code */
329 Nfbyte_t	src_maskv6;	/* ipv6 source address prefix mask bits */
330 Nfbyte_t	dst_maskv6;	/* ipv6 destination address prefix mask bits */
331 
332 Nfprefix_t	src_addrv6;	/* ipv6 source address/prefix */
333 Nfprefix_t	dst_addrv6;	/* ipv6 destination address/prefix */
334 
335 Nfaddr_t	bgp_hopv6;	/* Next hop router ipv6 address in the BGP domain */
336 Nfaddr_t	hopv6;		/* ipv6 address of next hop router */
337 Nfaddr_t	router_scv6;	/* ipv4 address of router shortcut by switch (V7) */
338 
339 Nfname_t	if_name;	/* Shortened interface name */
340 Nfname_t	if_desc;	/* Full interface name */
341 Nfname_t	sampler_name;	/* Flow sampler name */
342 
343 } Netflow_t;
344 
345 #endif
346