sys/net/pflow.h

   1 /*      $OpenBSD: if_pflow.h,v 1.19 2022/11/23 15:12:27 mvs Exp $       */
   2
   3 /*
   4  * Copyright (c) 2008 Henning Brauer <henning@openbsd.org>
   5  * Copyright (c) 2008 Joerg Goltermann <jg@osn.de>
   6  *
   7  * Permission to use, copy, modify, and distribute this software for any
   8  * purpose with or without fee is hereby granted, provided that the above
   9  * copyright notice and this permission notice appear in all copies.
  10  *
  11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  14  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  15  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
  16  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
  17  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  18  */
  19
  20 #ifndef _NET_IF_PFLOW_H_
  21 #define _NET_IF_PFLOW_H_
  22
  23 #include <sys/cdefs.h>
  24 #include <sys/types.h>
  25 #include <sys/socket.h>
  26
  27 #include <netinet/in.h>
  28
  29 #ifdef _KERNEL
  30 #include <sys/param.h>
  31 #include <sys/lock.h>
  32 #include <sys/rmlock.h>
  33 #include <sys/interrupt.h>
  34 #include <net/if.h>
  35 #include <net/if_var.h>
  36 #include <net/if_private.h>
  37 #include <net/pfvar.h>
  38
  39 #include <netinet/ip.h>
  40 #endif
  41
  42 #define PFLOW_MAX_ENTRIES       128
  43
  44 #define PFLOW_ID_LEN    sizeof(u_int64_t)
  45
  46 #define PFLOW_MAXFLOWS 30
  47 #define PFLOW_ENGINE_TYPE 42
  48 #define PFLOW_ENGINE_ID 42
  49 #define PFLOW_MAXBYTES 0xffffffff
  50 #define PFLOW_TIMEOUT 30
  51 #define PFLOW_TMPL_TIMEOUT 30 /* rfc 5101 10.3.6 (p.40) recommends 600 */
  52
  53 #define PFLOW_IPFIX_TMPL_SET_ID 2
  54
  55 /* RFC 5102 Information Element Identifiers */
  56
  57 #define PFIX_IE_octetDeltaCount                   1
  58 #define PFIX_IE_packetDeltaCount                  2
  59 #define PFIX_IE_protocolIdentifier                4
  60 #define PFIX_IE_ipClassOfService                  5
  61 #define PFIX_IE_sourceTransportPort               7
  62 #define PFIX_IE_sourceIPv4Address                 8
  63 #define PFIX_IE_ingressInterface                 10
  64 #define PFIX_IE_destinationTransportPort         11
  65 #define PFIX_IE_destinationIPv4Address           12
  66 #define PFIX_IE_egressInterface                  14
  67 #define PFIX_IE_flowEndSysUpTime                 21
  68 #define PFIX_IE_flowStartSysUpTime               22
  69 #define PFIX_IE_sourceIPv6Address                27
  70 #define PFIX_IE_destinationIPv6Address           28
  71 #define PFIX_IE_flowStartMilliseconds           152
  72 #define PFIX_IE_flowEndMilliseconds             153
  73 #define PFIX_IE_postNATSourceIPv4Address        225
  74 #define PFIX_IE_postNATDestinationIPv4Address   226
  75 #define PFIX_IE_postNAPTSourceTransportPort     227
  76 #define PFIX_IE_postNAPTDestinationTransportPort        228
  77 #define PFIX_IE_natEvent                        230
  78 #define PFIX_NAT_EVENT_SESSION_CREATE           4
  79 #define PFIX_NAT_EVENT_SESSION_DELETE           5
  80 #define PFIX_IE_timeStamp                       323
  81
  82 struct pflow_flow {
  83         u_int32_t       src_ip;
  84         u_int32_t       dest_ip;
  85         u_int32_t       nexthop_ip;
  86         u_int16_t       if_index_in;
  87         u_int16_t       if_index_out;
  88         u_int32_t       flow_packets;
  89         u_int32_t       flow_octets;
  90         u_int32_t       flow_start;
  91         u_int32_t       flow_finish;
  92         u_int16_t       src_port;
  93         u_int16_t       dest_port;
  94         u_int8_t        pad1;
  95         u_int8_t        tcp_flags;
  96         u_int8_t        protocol;
  97         u_int8_t        tos;
  98         u_int16_t       src_as;
  99         u_int16_t       dest_as;
 100         u_int8_t        src_mask;
 101         u_int8_t        dest_mask;
 102         u_int16_t       pad2;
 103 } __packed;
 104
 105 struct pflow_set_header {
 106         u_int16_t       set_id;
 107         u_int16_t       set_length; /* total length of the set,
 108                                        in octets, including the set header */
 109 } __packed;
 110
 111 #define PFLOW_SET_HDRLEN sizeof(struct pflow_set_header)
 112
 113 struct pflow_tmpl_hdr {
 114         u_int16_t       tmpl_id;
 115         u_int16_t       field_count;
 116 } __packed;
 117
 118 struct pflow_tmpl_fspec {
 119         u_int16_t       field_id;
 120         u_int16_t       len;
 121 } __packed;
 122
 123 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_ipv4 */
 124 struct pflow_ipfix_tmpl_ipv4 {
 125         struct pflow_tmpl_hdr   h;
 126         struct pflow_tmpl_fspec src_ip;
 127         struct pflow_tmpl_fspec dest_ip;
 128         struct pflow_tmpl_fspec if_index_in;
 129         struct pflow_tmpl_fspec if_index_out;
 130         struct pflow_tmpl_fspec packets;
 131         struct pflow_tmpl_fspec octets;
 132         struct pflow_tmpl_fspec start;
 133         struct pflow_tmpl_fspec finish;
 134         struct pflow_tmpl_fspec src_port;
 135         struct pflow_tmpl_fspec dest_port;
 136         struct pflow_tmpl_fspec tos;
 137         struct pflow_tmpl_fspec protocol;
 138 #define PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT 12
 139 #define PFLOW_IPFIX_TMPL_IPV4_ID 256
 140 } __packed;
 141
 142 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_v6 */
 143 struct pflow_ipfix_tmpl_ipv6 {
 144         struct pflow_tmpl_hdr   h;
 145         struct pflow_tmpl_fspec src_ip;
 146         struct pflow_tmpl_fspec dest_ip;
 147         struct pflow_tmpl_fspec if_index_in;
 148         struct pflow_tmpl_fspec if_index_out;
 149         struct pflow_tmpl_fspec packets;
 150         struct pflow_tmpl_fspec octets;
 151         struct pflow_tmpl_fspec start;
 152         struct pflow_tmpl_fspec finish;
 153         struct pflow_tmpl_fspec src_port;
 154         struct pflow_tmpl_fspec dest_port;
 155         struct pflow_tmpl_fspec tos;
 156         struct pflow_tmpl_fspec protocol;
 157 #define PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT 12
 158 #define PFLOW_IPFIX_TMPL_IPV6_ID 257
 159 } __packed;
 160
 161 struct pflow_ipfix_tmpl_nat44 {
 162         struct pflow_tmpl_hdr   h;
 163         struct pflow_tmpl_fspec timestamp;
 164         struct pflow_tmpl_fspec nat_event;
 165         struct pflow_tmpl_fspec protocol;
 166         struct pflow_tmpl_fspec src_ip;
 167         struct pflow_tmpl_fspec src_port;
 168         struct pflow_tmpl_fspec postnat_src_ip;
 169         struct pflow_tmpl_fspec postnat_src_port;
 170         struct pflow_tmpl_fspec dst_ip;
 171         struct pflow_tmpl_fspec dst_port;
 172         struct pflow_tmpl_fspec postnat_dst_ip;
 173         struct pflow_tmpl_fspec postnat_dst_port;
 174 #define PFLOW_IPFIX_TMPL_NAT44_FIELD_COUNT 11
 175 #define PFLOW_IPFIX_TMPL_NAT44_ID 258
 176 };
 177
 178 struct pflow_ipfix_tmpl {
 179         struct pflow_set_header set_header;
 180         struct pflow_ipfix_tmpl_ipv4    ipv4_tmpl;
 181         struct pflow_ipfix_tmpl_ipv6    ipv6_tmpl;
 182         struct pflow_ipfix_tmpl_nat44   nat44_tmpl;
 183 } __packed;
 184
 185 struct pflow_ipfix_flow4 {
 186         u_int32_t       src_ip;         /* sourceIPv4Address*/
 187         u_int32_t       dest_ip;        /* destinationIPv4Address */
 188         u_int32_t       if_index_in;    /* ingressInterface */
 189         u_int32_t       if_index_out;   /* egressInterface */
 190         u_int64_t       flow_packets;   /* packetDeltaCount */
 191         u_int64_t       flow_octets;    /* octetDeltaCount */
 192         int64_t         flow_start;     /* flowStartMilliseconds */
 193         int64_t         flow_finish;    /* flowEndMilliseconds */
 194         u_int16_t       src_port;       /* sourceTransportPort */
 195         u_int16_t       dest_port;      /* destinationTransportPort */
 196         u_int8_t        tos;            /* ipClassOfService */
 197         u_int8_t        protocol;       /* protocolIdentifier */
 198         /* XXX padding needed? */
 199 } __packed;
 200
 201 struct pflow_ipfix_flow6 {
 202         struct in6_addr src_ip;         /* sourceIPv6Address */
 203         struct in6_addr dest_ip;        /* destinationIPv6Address */
 204         u_int32_t       if_index_in;    /* ingressInterface */
 205         u_int32_t       if_index_out;   /* egressInterface */
 206         u_int64_t       flow_packets;   /* packetDeltaCount */
 207         u_int64_t       flow_octets;    /* octetDeltaCount */
 208         int64_t         flow_start;     /* flowStartMilliseconds */
 209         int64_t         flow_finish;    /* flowEndMilliseconds */
 210         u_int16_t       src_port;       /* sourceTransportPort */
 211         u_int16_t       dest_port;      /* destinationTransportPort */
 212         u_int8_t        tos;            /* ipClassOfService */
 213         u_int8_t        protocol;       /* protocolIdentifier */
 214         /* XXX padding needed? */
 215 } __packed;
 216
 217 struct pflow_ipfix_nat4 {
 218         u_int64_t       timestamp;      /* timeStamp */
 219         u_int8_t        nat_event;      /* natEvent */
 220         u_int8_t        protocol;       /* protocolIdentifier */
 221         u_int32_t       src_ip;         /* sourceIPv4Address */
 222         u_int16_t       src_port;       /* sourceTransportPort */
 223         u_int32_t       postnat_src_ip; /* postNATSourceIPv4Address */
 224         u_int16_t       postnat_src_port;/* postNAPTSourceTransportPort */
 225         u_int32_t       dest_ip;        /* destinationIPv4Address */
 226         u_int16_t       dest_port;      /* destinationTransportPort */
 227         u_int32_t       postnat_dest_ip;/* postNATDestinationIPv4Address */
 228         u_int16_t       postnat_dest_port;/* postNAPTDestinationTransportPort */
 229 } __packed;
 230
 231 #ifdef _KERNEL
 232
 233 struct pflow_softc {
 234         int                      sc_id;
 235
 236         struct mtx               sc_lock;
 237
 238         int                      sc_dying;      /* [N] */
 239         struct vnet             *sc_vnet;
 240
 241         unsigned int             sc_count;
 242         unsigned int             sc_count4;
 243         unsigned int             sc_count6;
 244         unsigned int             sc_count_nat4;
 245         unsigned int             sc_maxcount;
 246         unsigned int             sc_maxcount4;
 247         unsigned int             sc_maxcount6;
 248         unsigned int             sc_maxcount_nat4;
 249         u_int32_t                sc_gcounter;
 250         u_int32_t                sc_sequence;
 251         struct callout           sc_tmo;
 252         struct callout           sc_tmo6;
 253         struct callout           sc_tmo_nat4;
 254         struct callout           sc_tmo_tmpl;
 255         struct intr_event       *sc_swi_ie;
 256         void                    *sc_swi_cookie;
 257         struct mbufq             sc_outputqueue;
 258         struct task              sc_outputtask;
 259         struct socket           *so;            /* [p] */
 260         struct sockaddr         *sc_flowsrc;
 261         struct sockaddr         *sc_flowdst;
 262         struct pflow_ipfix_tmpl  sc_tmpl_ipfix;
 263         u_int8_t                 sc_version;
 264         u_int32_t                sc_observation_dom;
 265         struct mbuf             *sc_mbuf;       /* current cumulative mbuf */
 266         struct mbuf             *sc_mbuf6;      /* current cumulative mbuf */
 267         struct mbuf             *sc_mbuf_nat4;
 268         CK_LIST_ENTRY(pflow_softc) sc_next;
 269         struct epoch_context     sc_epoch_ctx;
 270 };
 271
 272 #endif /* _KERNEL */
 273
 274 struct pflow_header {
 275         u_int16_t       version;
 276         u_int16_t       count;
 277         u_int32_t       uptime_ms;
 278         u_int32_t       time_sec;
 279         u_int32_t       time_nanosec;
 280         u_int32_t       flow_sequence;
 281         u_int8_t        engine_type;
 282         u_int8_t        engine_id;
 283         u_int8_t        reserved1;
 284         u_int8_t        reserved2;
 285 } __packed;
 286
 287 #define PFLOW_HDRLEN sizeof(struct pflow_header)
 288
 289 struct pflow_v10_header {
 290         u_int16_t       version;
 291         u_int16_t       length;
 292         u_int32_t       time_sec;
 293         u_int32_t       flow_sequence;
 294         u_int32_t       observation_dom;
 295 } __packed;
 296
 297 #define PFLOW_IPFIX_HDRLEN sizeof(struct pflow_v10_header)
 298
 299 struct pflowstats {
 300         u_int64_t       pflow_flows;
 301         u_int64_t       pflow_packets;
 302         u_int64_t       pflow_onomem;
 303         u_int64_t       pflow_oerrors;
 304 };
 305
 306 /* Supported flow protocols */
 307 #define PFLOW_PROTO_5   5       /* original pflow */
 308 #define PFLOW_PROTO_10  10      /* ipfix */
 309 #define PFLOW_PROTO_MAX 11
 310
 311 #define PFLOW_PROTO_DEFAULT PFLOW_PROTO_5
 312
 313 struct pflow_protos {
 314         const char      *ppr_name;
 315         u_int8_t         ppr_proto;
 316 };
 317
 318 #define PFLOW_PROTOS {                                 \
 319                 { "5",  PFLOW_PROTO_5 },               \
 320                 { "10", PFLOW_PROTO_10 },              \
 321 }
 322
 323 #define PFLOWNL_FAMILY_NAME     "pflow"
 324
 325 enum {
 326         PFLOWNL_CMD_UNSPEC = 0,
 327         PFLOWNL_CMD_LIST = 1,
 328         PFLOWNL_CMD_CREATE = 2,
 329         PFLOWNL_CMD_DEL = 3,
 330         PFLOWNL_CMD_SET = 4,
 331         PFLOWNL_CMD_GET = 5,
 332         __PFLOWNL_CMD_MAX,
 333 };
 334 #define PFLOWNL_CMD_MAX (__PFLOWNL_CMD_MAX - 1)
 335
 336 enum pflow_list_type_t {
 337         PFLOWNL_L_UNSPEC,
 338         PFLOWNL_L_ID            = 1, /* u32 */
 339 };
 340
 341 enum pflow_create_type_t {
 342         PFLOWNL_CREATE_UNSPEC,
 343         PFLOWNL_CREATE_ID       = 1, /* u32 */
 344 };
 345
 346 enum pflow_del_type_t {
 347         PFLOWNL_DEL_UNSPEC,
 348         PFLOWNL_DEL_ID          = 1, /* u32 */
 349 };
 350
 351 enum pflow_addr_type_t {
 352         PFLOWNL_ADDR_UNSPEC,
 353         PFLOWNL_ADDR_FAMILY     = 1, /* u8 */
 354         PFLOWNL_ADDR_PORT       = 2, /* u16 */
 355         PFLOWNL_ADDR_IP         = 3, /* struct in_addr */
 356         PFLOWNL_ADDR_IP6        = 4, /* struct in6_addr */
 357 };
 358
 359 enum pflow_get_type_t {
 360         PFLOWNL_GET_UNSPEC,
 361         PFLOWNL_GET_ID          = 1, /* u32 */
 362         PFLOWNL_GET_VERSION     = 2, /* u16 */
 363         PFLOWNL_GET_SRC         = 3, /* struct sockaddr_storage */
 364         PFLOWNL_GET_DST         = 4, /* struct sockaddr_storage */
 365         PFLOWNL_GET_OBSERVATION_DOMAIN  = 5, /* u32 */
 366         PFLOWNL_GET_SOCKET_STATUS       = 6, /* u8 */
 367 };
 368
 369 enum pflow_set_type_t {
 370         PFLOWNL_SET_UNSPEC,
 371         PFLOWNL_SET_ID          = 1, /* u32 */
 372         PFLOWNL_SET_VERSION     = 2, /* u16 */
 373         PFLOWNL_SET_SRC         = 3, /* struct sockaddr_storage */
 374         PFLOWNL_SET_DST         = 4, /* struct sockaddr_storage */
 375         PFLOWNL_SET_OBSERVATION_DOMAIN = 5, /* u32 */
 376 };
 377
 378 #ifdef _KERNEL
 379 int pflow_sysctl(int *, u_int,  void *, size_t *, void *, size_t);
 380 #endif /* _KERNEL */
 381
 382 #endif /* _NET_IF_PFLOW_H_ */