1 /* $OpenBSD: if_pflow.h,v 1.19 2022/11/23 15:12:27 mvs Exp $ */
4 * Copyright (c) 2008 Henning Brauer <henning@openbsd.org>
5 * Copyright (c) 2008 Joerg Goltermann <jg@osn.de>
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
16 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
17 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #ifndef _NET_IF_PFLOW_H_
21 #define _NET_IF_PFLOW_H_
23 #include <sys/cdefs.h>
24 #include <sys/types.h>
25 #include <sys/socket.h>
27 #include <netinet/in.h>
30 #include <sys/param.h>
32 #include <sys/rmlock.h>
33 #include <sys/interrupt.h>
35 #include <net/if_var.h>
36 #include <net/if_private.h>
37 #include <net/pfvar.h>
39 #include <netinet/ip.h>
42 #define PFLOW_MAX_ENTRIES 128
44 #define PFLOW_ID_LEN sizeof(u_int64_t)
46 #define PFLOW_MAXFLOWS 30
47 #define PFLOW_ENGINE_TYPE 42
48 #define PFLOW_ENGINE_ID 42
49 #define PFLOW_MAXBYTES 0xffffffff
50 #define PFLOW_TIMEOUT 30
51 #define PFLOW_TMPL_TIMEOUT 30 /* rfc 5101 10.3.6 (p.40) recommends 600 */
53 #define PFLOW_IPFIX_TMPL_SET_ID 2
55 /* RFC 5102 Information Element Identifiers */
57 #define PFIX_IE_octetDeltaCount 1
58 #define PFIX_IE_packetDeltaCount 2
59 #define PFIX_IE_protocolIdentifier 4
60 #define PFIX_IE_ipClassOfService 5
61 #define PFIX_IE_sourceTransportPort 7
62 #define PFIX_IE_sourceIPv4Address 8
63 #define PFIX_IE_ingressInterface 10
64 #define PFIX_IE_destinationTransportPort 11
65 #define PFIX_IE_destinationIPv4Address 12
66 #define PFIX_IE_egressInterface 14
67 #define PFIX_IE_flowEndSysUpTime 21
68 #define PFIX_IE_flowStartSysUpTime 22
69 #define PFIX_IE_sourceIPv6Address 27
70 #define PFIX_IE_destinationIPv6Address 28
71 #define PFIX_IE_flowStartMilliseconds 152
72 #define PFIX_IE_flowEndMilliseconds 153
73 #define PFIX_IE_postNATSourceIPv4Address 225
74 #define PFIX_IE_postNATDestinationIPv4Address 226
75 #define PFIX_IE_postNAPTSourceTransportPort 227
76 #define PFIX_IE_postNAPTDestinationTransportPort 228
77 #define PFIX_IE_natEvent 230
78 #define PFIX_NAT_EVENT_SESSION_CREATE 4
79 #define PFIX_NAT_EVENT_SESSION_DELETE 5
80 #define PFIX_IE_timeStamp 323
86 u_int16_t if_index_in;
87 u_int16_t if_index_out;
88 u_int32_t flow_packets;
89 u_int32_t flow_octets;
91 u_int32_t flow_finish;
105 struct pflow_set_header {
107 u_int16_t set_length; /* total length of the set,
108 in octets, including the set header */
111 #define PFLOW_SET_HDRLEN sizeof(struct pflow_set_header)
113 struct pflow_tmpl_hdr {
115 u_int16_t field_count;
118 struct pflow_tmpl_fspec {
123 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_ipv4 */
124 struct pflow_ipfix_tmpl_ipv4 {
125 struct pflow_tmpl_hdr h;
126 struct pflow_tmpl_fspec src_ip;
127 struct pflow_tmpl_fspec dest_ip;
128 struct pflow_tmpl_fspec if_index_in;
129 struct pflow_tmpl_fspec if_index_out;
130 struct pflow_tmpl_fspec packets;
131 struct pflow_tmpl_fspec octets;
132 struct pflow_tmpl_fspec start;
133 struct pflow_tmpl_fspec finish;
134 struct pflow_tmpl_fspec src_port;
135 struct pflow_tmpl_fspec dest_port;
136 struct pflow_tmpl_fspec tos;
137 struct pflow_tmpl_fspec protocol;
138 #define PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT 12
139 #define PFLOW_IPFIX_TMPL_IPV4_ID 256
142 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_v6 */
143 struct pflow_ipfix_tmpl_ipv6 {
144 struct pflow_tmpl_hdr h;
145 struct pflow_tmpl_fspec src_ip;
146 struct pflow_tmpl_fspec dest_ip;
147 struct pflow_tmpl_fspec if_index_in;
148 struct pflow_tmpl_fspec if_index_out;
149 struct pflow_tmpl_fspec packets;
150 struct pflow_tmpl_fspec octets;
151 struct pflow_tmpl_fspec start;
152 struct pflow_tmpl_fspec finish;
153 struct pflow_tmpl_fspec src_port;
154 struct pflow_tmpl_fspec dest_port;
155 struct pflow_tmpl_fspec tos;
156 struct pflow_tmpl_fspec protocol;
157 #define PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT 12
158 #define PFLOW_IPFIX_TMPL_IPV6_ID 257
161 struct pflow_ipfix_tmpl_nat44 {
162 struct pflow_tmpl_hdr h;
163 struct pflow_tmpl_fspec timestamp;
164 struct pflow_tmpl_fspec nat_event;
165 struct pflow_tmpl_fspec protocol;
166 struct pflow_tmpl_fspec src_ip;
167 struct pflow_tmpl_fspec src_port;
168 struct pflow_tmpl_fspec postnat_src_ip;
169 struct pflow_tmpl_fspec postnat_src_port;
170 struct pflow_tmpl_fspec dst_ip;
171 struct pflow_tmpl_fspec dst_port;
172 struct pflow_tmpl_fspec postnat_dst_ip;
173 struct pflow_tmpl_fspec postnat_dst_port;
174 #define PFLOW_IPFIX_TMPL_NAT44_FIELD_COUNT 11
175 #define PFLOW_IPFIX_TMPL_NAT44_ID 258
178 struct pflow_ipfix_tmpl {
179 struct pflow_set_header set_header;
180 struct pflow_ipfix_tmpl_ipv4 ipv4_tmpl;
181 struct pflow_ipfix_tmpl_ipv6 ipv6_tmpl;
182 struct pflow_ipfix_tmpl_nat44 nat44_tmpl;
185 struct pflow_ipfix_flow4 {
186 u_int32_t src_ip; /* sourceIPv4Address*/
187 u_int32_t dest_ip; /* destinationIPv4Address */
188 u_int32_t if_index_in; /* ingressInterface */
189 u_int32_t if_index_out; /* egressInterface */
190 u_int64_t flow_packets; /* packetDeltaCount */
191 u_int64_t flow_octets; /* octetDeltaCount */
192 int64_t flow_start; /* flowStartMilliseconds */
193 int64_t flow_finish; /* flowEndMilliseconds */
194 u_int16_t src_port; /* sourceTransportPort */
195 u_int16_t dest_port; /* destinationTransportPort */
196 u_int8_t tos; /* ipClassOfService */
197 u_int8_t protocol; /* protocolIdentifier */
198 /* XXX padding needed? */
201 struct pflow_ipfix_flow6 {
202 struct in6_addr src_ip; /* sourceIPv6Address */
203 struct in6_addr dest_ip; /* destinationIPv6Address */
204 u_int32_t if_index_in; /* ingressInterface */
205 u_int32_t if_index_out; /* egressInterface */
206 u_int64_t flow_packets; /* packetDeltaCount */
207 u_int64_t flow_octets; /* octetDeltaCount */
208 int64_t flow_start; /* flowStartMilliseconds */
209 int64_t flow_finish; /* flowEndMilliseconds */
210 u_int16_t src_port; /* sourceTransportPort */
211 u_int16_t dest_port; /* destinationTransportPort */
212 u_int8_t tos; /* ipClassOfService */
213 u_int8_t protocol; /* protocolIdentifier */
214 /* XXX padding needed? */
217 struct pflow_ipfix_nat4 {
218 u_int64_t timestamp; /* timeStamp */
219 u_int8_t nat_event; /* natEvent */
220 u_int8_t protocol; /* protocolIdentifier */
221 u_int32_t src_ip; /* sourceIPv4Address */
222 u_int16_t src_port; /* sourceTransportPort */
223 u_int32_t postnat_src_ip; /* postNATSourceIPv4Address */
224 u_int16_t postnat_src_port;/* postNAPTSourceTransportPort */
225 u_int32_t dest_ip; /* destinationIPv4Address */
226 u_int16_t dest_port; /* destinationTransportPort */
227 u_int32_t postnat_dest_ip;/* postNATDestinationIPv4Address */
228 u_int16_t postnat_dest_port;/* postNAPTDestinationTransportPort */
238 int sc_dying; /* [N] */
239 struct vnet *sc_vnet;
241 unsigned int sc_count;
242 unsigned int sc_count4;
243 unsigned int sc_count6;
244 unsigned int sc_count_nat4;
245 unsigned int sc_maxcount;
246 unsigned int sc_maxcount4;
247 unsigned int sc_maxcount6;
248 unsigned int sc_maxcount_nat4;
249 u_int32_t sc_gcounter;
250 u_int32_t sc_sequence;
251 struct callout sc_tmo;
252 struct callout sc_tmo6;
253 struct callout sc_tmo_nat4;
254 struct callout sc_tmo_tmpl;
255 struct intr_event *sc_swi_ie;
257 struct mbufq sc_outputqueue;
258 struct task sc_outputtask;
259 struct socket *so; /* [p] */
260 struct sockaddr *sc_flowsrc;
261 struct sockaddr *sc_flowdst;
262 struct pflow_ipfix_tmpl sc_tmpl_ipfix;
264 u_int32_t sc_observation_dom;
265 struct mbuf *sc_mbuf; /* current cumulative mbuf */
266 struct mbuf *sc_mbuf6; /* current cumulative mbuf */
267 struct mbuf *sc_mbuf_nat4;
268 CK_LIST_ENTRY(pflow_softc) sc_next;
269 struct epoch_context sc_epoch_ctx;
274 struct pflow_header {
279 u_int32_t time_nanosec;
280 u_int32_t flow_sequence;
281 u_int8_t engine_type;
287 #define PFLOW_HDRLEN sizeof(struct pflow_header)
289 struct pflow_v10_header {
293 u_int32_t flow_sequence;
294 u_int32_t observation_dom;
297 #define PFLOW_IPFIX_HDRLEN sizeof(struct pflow_v10_header)
300 u_int64_t pflow_flows;
301 u_int64_t pflow_packets;
302 u_int64_t pflow_onomem;
303 u_int64_t pflow_oerrors;
306 /* Supported flow protocols */
307 #define PFLOW_PROTO_5 5 /* original pflow */
308 #define PFLOW_PROTO_10 10 /* ipfix */
309 #define PFLOW_PROTO_MAX 11
311 #define PFLOW_PROTO_DEFAULT PFLOW_PROTO_5
313 struct pflow_protos {
314 const char *ppr_name;
318 #define PFLOW_PROTOS { \
319 { "5", PFLOW_PROTO_5 }, \
320 { "10", PFLOW_PROTO_10 }, \
323 #define PFLOWNL_FAMILY_NAME "pflow"
326 PFLOWNL_CMD_UNSPEC = 0,
327 PFLOWNL_CMD_LIST = 1,
328 PFLOWNL_CMD_CREATE = 2,
334 #define PFLOWNL_CMD_MAX (__PFLOWNL_CMD_MAX - 1)
336 enum pflow_list_type_t {
338 PFLOWNL_L_ID = 1, /* u32 */
341 enum pflow_create_type_t {
342 PFLOWNL_CREATE_UNSPEC,
343 PFLOWNL_CREATE_ID = 1, /* u32 */
346 enum pflow_del_type_t {
348 PFLOWNL_DEL_ID = 1, /* u32 */
351 enum pflow_addr_type_t {
353 PFLOWNL_ADDR_FAMILY = 1, /* u8 */
354 PFLOWNL_ADDR_PORT = 2, /* u16 */
355 PFLOWNL_ADDR_IP = 3, /* struct in_addr */
356 PFLOWNL_ADDR_IP6 = 4, /* struct in6_addr */
359 enum pflow_get_type_t {
361 PFLOWNL_GET_ID = 1, /* u32 */
362 PFLOWNL_GET_VERSION = 2, /* u16 */
363 PFLOWNL_GET_SRC = 3, /* struct sockaddr_storage */
364 PFLOWNL_GET_DST = 4, /* struct sockaddr_storage */
365 PFLOWNL_GET_OBSERVATION_DOMAIN = 5, /* u32 */
366 PFLOWNL_GET_SOCKET_STATUS = 6, /* u8 */
369 enum pflow_set_type_t {
371 PFLOWNL_SET_ID = 1, /* u32 */
372 PFLOWNL_SET_VERSION = 2, /* u16 */
373 PFLOWNL_SET_SRC = 3, /* struct sockaddr_storage */
374 PFLOWNL_SET_DST = 4, /* struct sockaddr_storage */
375 PFLOWNL_SET_OBSERVATION_DOMAIN = 5, /* u32 */
379 int pflow_sysctl(int *, u_int, void *, size_t *, void *, size_t);
382 #endif /* _NET_IF_PFLOW_H_ */