1 /* $OpenBSD: if_pflow.h,v 1.19 2022/11/23 15:12:27 mvs Exp $ */
4 * Copyright (c) 2008 Henning Brauer <henning@openbsd.org>
5 * Copyright (c) 2008 Joerg Goltermann <jg@osn.de>
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
16 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
17 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #ifndef _NET_IF_PFLOW_H_
21 #define _NET_IF_PFLOW_H_
23 #include <sys/cdefs.h>
24 #include <sys/types.h>
25 #include <sys/socket.h>
27 #include <netinet/in.h>
30 #include <sys/param.h>
32 #include <sys/rmlock.h>
33 #include <sys/interrupt.h>
35 #include <net/if_var.h>
36 #include <net/if_private.h>
37 #include <net/pfvar.h>
39 #include <netinet/ip.h>
42 #define PFLOW_ID_LEN sizeof(u_int64_t)
44 #define PFLOW_MAXFLOWS 30
45 #define PFLOW_ENGINE_TYPE 42
46 #define PFLOW_ENGINE_ID 42
47 #define PFLOW_MAXBYTES 0xffffffff
48 #define PFLOW_TIMEOUT 30
49 #define PFLOW_TMPL_TIMEOUT 30 /* rfc 5101 10.3.6 (p.40) recommends 600 */
51 #define PFLOW_IPFIX_TMPL_SET_ID 2
53 /* RFC 5102 Information Element Identifiers */
55 #define PFIX_IE_octetDeltaCount 1
56 #define PFIX_IE_packetDeltaCount 2
57 #define PFIX_IE_protocolIdentifier 4
58 #define PFIX_IE_ipClassOfService 5
59 #define PFIX_IE_sourceTransportPort 7
60 #define PFIX_IE_sourceIPv4Address 8
61 #define PFIX_IE_ingressInterface 10
62 #define PFIX_IE_destinationTransportPort 11
63 #define PFIX_IE_destinationIPv4Address 12
64 #define PFIX_IE_egressInterface 14
65 #define PFIX_IE_flowEndSysUpTime 21
66 #define PFIX_IE_flowStartSysUpTime 22
67 #define PFIX_IE_sourceIPv6Address 27
68 #define PFIX_IE_destinationIPv6Address 28
69 #define PFIX_IE_flowStartMilliseconds 152
70 #define PFIX_IE_flowEndMilliseconds 153
71 #define PFIX_IE_postNATSourceIPv4Address 225
72 #define PFIX_IE_postNATDestinationIPv4Address 226
73 #define PFIX_IE_postNAPTSourceTransportPort 227
74 #define PFIX_IE_postNAPTDestinationTransportPort 228
75 #define PFIX_IE_natEvent 230
76 #define PFIX_NAT_EVENT_SESSION_CREATE 4
77 #define PFIX_NAT_EVENT_SESSION_DELETE 5
78 #define PFIX_IE_timeStamp 323
84 u_int16_t if_index_in;
85 u_int16_t if_index_out;
86 u_int32_t flow_packets;
87 u_int32_t flow_octets;
89 u_int32_t flow_finish;
103 struct pflow_set_header {
105 u_int16_t set_length; /* total length of the set,
106 in octets, including the set header */
109 #define PFLOW_SET_HDRLEN sizeof(struct pflow_set_header)
111 struct pflow_tmpl_hdr {
113 u_int16_t field_count;
116 struct pflow_tmpl_fspec {
121 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_ipv4 */
122 struct pflow_ipfix_tmpl_ipv4 {
123 struct pflow_tmpl_hdr h;
124 struct pflow_tmpl_fspec src_ip;
125 struct pflow_tmpl_fspec dest_ip;
126 struct pflow_tmpl_fspec if_index_in;
127 struct pflow_tmpl_fspec if_index_out;
128 struct pflow_tmpl_fspec packets;
129 struct pflow_tmpl_fspec octets;
130 struct pflow_tmpl_fspec start;
131 struct pflow_tmpl_fspec finish;
132 struct pflow_tmpl_fspec src_port;
133 struct pflow_tmpl_fspec dest_port;
134 struct pflow_tmpl_fspec tos;
135 struct pflow_tmpl_fspec protocol;
136 #define PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT 12
137 #define PFLOW_IPFIX_TMPL_IPV4_ID 256
140 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_v6 */
141 struct pflow_ipfix_tmpl_ipv6 {
142 struct pflow_tmpl_hdr h;
143 struct pflow_tmpl_fspec src_ip;
144 struct pflow_tmpl_fspec dest_ip;
145 struct pflow_tmpl_fspec if_index_in;
146 struct pflow_tmpl_fspec if_index_out;
147 struct pflow_tmpl_fspec packets;
148 struct pflow_tmpl_fspec octets;
149 struct pflow_tmpl_fspec start;
150 struct pflow_tmpl_fspec finish;
151 struct pflow_tmpl_fspec src_port;
152 struct pflow_tmpl_fspec dest_port;
153 struct pflow_tmpl_fspec tos;
154 struct pflow_tmpl_fspec protocol;
155 #define PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT 12
156 #define PFLOW_IPFIX_TMPL_IPV6_ID 257
159 struct pflow_ipfix_tmpl_nat44 {
160 struct pflow_tmpl_hdr h;
161 struct pflow_tmpl_fspec timestamp;
162 struct pflow_tmpl_fspec nat_event;
163 struct pflow_tmpl_fspec protocol;
164 struct pflow_tmpl_fspec src_ip;
165 struct pflow_tmpl_fspec src_port;
166 struct pflow_tmpl_fspec postnat_src_ip;
167 struct pflow_tmpl_fspec postnat_src_port;
168 struct pflow_tmpl_fspec dst_ip;
169 struct pflow_tmpl_fspec dst_port;
170 struct pflow_tmpl_fspec postnat_dst_ip;
171 struct pflow_tmpl_fspec postnat_dst_port;
172 #define PFLOW_IPFIX_TMPL_NAT44_FIELD_COUNT 11
173 #define PFLOW_IPFIX_TMPL_NAT44_ID 258
176 struct pflow_ipfix_tmpl {
177 struct pflow_set_header set_header;
178 struct pflow_ipfix_tmpl_ipv4 ipv4_tmpl;
179 struct pflow_ipfix_tmpl_ipv6 ipv6_tmpl;
180 struct pflow_ipfix_tmpl_nat44 nat44_tmpl;
183 struct pflow_ipfix_flow4 {
184 u_int32_t src_ip; /* sourceIPv4Address*/
185 u_int32_t dest_ip; /* destinationIPv4Address */
186 u_int32_t if_index_in; /* ingressInterface */
187 u_int32_t if_index_out; /* egressInterface */
188 u_int64_t flow_packets; /* packetDeltaCount */
189 u_int64_t flow_octets; /* octetDeltaCount */
190 int64_t flow_start; /* flowStartMilliseconds */
191 int64_t flow_finish; /* flowEndMilliseconds */
192 u_int16_t src_port; /* sourceTransportPort */
193 u_int16_t dest_port; /* destinationTransportPort */
194 u_int8_t tos; /* ipClassOfService */
195 u_int8_t protocol; /* protocolIdentifier */
196 /* XXX padding needed? */
199 struct pflow_ipfix_flow6 {
200 struct in6_addr src_ip; /* sourceIPv6Address */
201 struct in6_addr dest_ip; /* destinationIPv6Address */
202 u_int32_t if_index_in; /* ingressInterface */
203 u_int32_t if_index_out; /* egressInterface */
204 u_int64_t flow_packets; /* packetDeltaCount */
205 u_int64_t flow_octets; /* octetDeltaCount */
206 int64_t flow_start; /* flowStartMilliseconds */
207 int64_t flow_finish; /* flowEndMilliseconds */
208 u_int16_t src_port; /* sourceTransportPort */
209 u_int16_t dest_port; /* destinationTransportPort */
210 u_int8_t tos; /* ipClassOfService */
211 u_int8_t protocol; /* protocolIdentifier */
212 /* XXX padding needed? */
215 struct pflow_ipfix_nat4 {
216 u_int64_t timestamp; /* timeStamp */
217 u_int8_t nat_event; /* natEvent */
218 u_int8_t protocol; /* protocolIdentifier */
219 u_int32_t src_ip; /* sourceIPv4Address */
220 u_int16_t src_port; /* sourceTransportPort */
221 u_int32_t postnat_src_ip; /* postNATSourceIPv4Address */
222 u_int16_t postnat_src_port;/* postNAPTSourceTransportPort */
223 u_int32_t dest_ip; /* destinationIPv4Address */
224 u_int16_t dest_port; /* destinationTransportPort */
225 u_int32_t postnat_dest_ip;/* postNATDestinationIPv4Address */
226 u_int16_t postnat_dest_port;/* postNAPTDestinationTransportPort */
236 int sc_dying; /* [N] */
237 struct vnet *sc_vnet;
239 unsigned int sc_count;
240 unsigned int sc_count4;
241 unsigned int sc_count6;
242 unsigned int sc_count_nat4;
243 unsigned int sc_maxcount;
244 unsigned int sc_maxcount4;
245 unsigned int sc_maxcount6;
246 unsigned int sc_maxcount_nat4;
247 u_int64_t sc_gcounter;
248 u_int32_t sc_sequence;
249 struct callout sc_tmo;
250 struct callout sc_tmo6;
251 struct callout sc_tmo_nat4;
252 struct callout sc_tmo_tmpl;
253 struct intr_event *sc_swi_ie;
255 struct mbufq sc_outputqueue;
256 struct task sc_outputtask;
257 struct socket *so; /* [p] */
258 struct sockaddr *sc_flowsrc;
259 struct sockaddr *sc_flowdst;
260 struct pflow_ipfix_tmpl sc_tmpl_ipfix;
262 u_int32_t sc_observation_dom;
263 struct mbuf *sc_mbuf; /* current cumulative mbuf */
264 struct mbuf *sc_mbuf6; /* current cumulative mbuf */
265 struct mbuf *sc_mbuf_nat4;
266 CK_LIST_ENTRY(pflow_softc) sc_next;
267 struct epoch_context sc_epoch_ctx;
272 struct pflow_header {
277 u_int32_t time_nanosec;
278 u_int32_t flow_sequence;
279 u_int8_t engine_type;
285 #define PFLOW_HDRLEN sizeof(struct pflow_header)
287 struct pflow_v10_header {
291 u_int32_t flow_sequence;
292 u_int32_t observation_dom;
295 #define PFLOW_IPFIX_HDRLEN sizeof(struct pflow_v10_header)
298 u_int64_t pflow_flows;
299 u_int64_t pflow_packets;
300 u_int64_t pflow_onomem;
301 u_int64_t pflow_oerrors;
304 /* Supported flow protocols */
305 #define PFLOW_PROTO_5 5 /* original pflow */
306 #define PFLOW_PROTO_10 10 /* ipfix */
307 #define PFLOW_PROTO_MAX 11
309 #define PFLOW_PROTO_DEFAULT PFLOW_PROTO_5
311 struct pflow_protos {
312 const char *ppr_name;
316 #define PFLOW_PROTOS { \
317 { "5", PFLOW_PROTO_5 }, \
318 { "10", PFLOW_PROTO_10 }, \
321 #define PFLOWNL_FAMILY_NAME "pflow"
324 PFLOWNL_CMD_UNSPEC = 0,
325 PFLOWNL_CMD_LIST = 1,
326 PFLOWNL_CMD_CREATE = 2,
332 #define PFLOWNL_CMD_MAX (__PFLOWNL_CMD_MAX - 1)
334 enum pflow_list_type_t {
336 PFLOWNL_L_ID = 1, /* u32 */
339 enum pflow_create_type_t {
340 PFLOWNL_CREATE_UNSPEC,
341 PFLOWNL_CREATE_ID = 1, /* u32 */
344 enum pflow_del_type_t {
346 PFLOWNL_DEL_ID = 1, /* u32 */
349 enum pflow_addr_type_t {
351 PFLOWNL_ADDR_FAMILY = 1, /* u8 */
352 PFLOWNL_ADDR_PORT = 2, /* u16 */
353 PFLOWNL_ADDR_IP = 3, /* struct in_addr */
354 PFLOWNL_ADDR_IP6 = 4, /* struct in6_addr */
357 enum pflow_get_type_t {
359 PFLOWNL_GET_ID = 1, /* u32 */
360 PFLOWNL_GET_VERSION = 2, /* u16 */
361 PFLOWNL_GET_SRC = 3, /* struct sockaddr_storage */
362 PFLOWNL_GET_DST = 4, /* struct sockaddr_storage */
363 PFLOWNL_GET_OBSERVATION_DOMAIN = 5, /* u32 */
366 enum pflow_set_type_t {
368 PFLOWNL_SET_ID = 1, /* u32 */
369 PFLOWNL_SET_VERSION = 2, /* u16 */
370 PFLOWNL_SET_SRC = 3, /* struct sockaddr_storage */
371 PFLOWNL_SET_DST = 4, /* struct sockaddr_storage */
372 PFLOWNL_SET_OBSERVATION_DOMAIN = 5, /* u32 */
376 int pflow_sysctl(int *, u_int, void *, size_t *, void *, size_t);
379 #endif /* _NET_IF_PFLOW_H_ */
projects / freebsd.git / blob