-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstore-v2.h
255 lines (222 loc) · 7.98 KB
/
store-v2.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
/* $Id$ */
/*
* Copyright (c) 2004,2005 Damien Miller <[email protected]>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* On-disk storage format */
#ifndef _STORE_V2_H
#define _STORE_v2_H
#if defined(HAVE_SYS_CDEFS_H)
# include <sys/cdefs.h> /* For __packed, etc on platforms that have it */
#endif
#if defined(__GNUC__) && !defined(__packed)
# define __packed __attribute__((__packed__))
#endif
#include "addr.h"
#include "store.h"
#define STORE_V2_MAGIC 0x012cf047
#define STORE_V2_VERSION 0x00000002
/* Start of flow log file */
struct store_v2_header {
u_int32_t magic;
u_int32_t version;
u_int32_t start_time;
u_int32_t flags; /* Currently 0 */
} __packed;
/*
* Optional flow fields, specify what is stored for the flow
* NB - the flow records appear in this order on disk
*/
#define STORE_V2_FIELD_TAG (1U)
#define STORE_V2_FIELD_RECV_TIME (1U<<1)
#define STORE_V2_FIELD_PROTO_FLAGS_TOS (1U<<2)
#define STORE_V2_FIELD_AGENT_ADDR4 (1U<<3)
#define STORE_V2_FIELD_AGENT_ADDR6 (1U<<4)
#define STORE_V2_FIELD_SRC_ADDR4 (1U<<5)
#define STORE_V2_FIELD_SRC_ADDR6 (1U<<6)
#define STORE_V2_FIELD_DST_ADDR4 (1U<<7)
#define STORE_V2_FIELD_DST_ADDR6 (1U<<8)
#define STORE_V2_FIELD_GATEWAY_ADDR4 (1U<<9)
#define STORE_V2_FIELD_GATEWAY_ADDR6 (1U<<10)
#define STORE_V2_FIELD_SRCDST_PORT (1U<<11)
#define STORE_V2_FIELD_PACKETS (1U<<12)
#define STORE_V2_FIELD_OCTETS (1U<<13)
#define STORE_V2_FIELD_IF_INDICES (1U<<14)
#define STORE_V2_FIELD_AGENT_INFO (1U<<15)
#define STORE_V2_FIELD_FLOW_TIMES (1U<<16)
#define STORE_V2_FIELD_AS_INFO (1U<<17)
#define STORE_V2_FIELD_FLOW_ENGINE_INFO (1U<<18)
/* ... more one day */
#define STORE_V2_FIELD_CRC32 (1U<<30)
#define STORE_V2_FIELD_RESERVED (1U<<31) /* For extension header */
#define STORE_V2_FIELD_ALL (((1U<<19)-1)|STORE_V2_FIELD_CRC32)
/* Useful combinations */
#define STORE_V2_FIELD_AGENT_ADDR (STORE_V2_FIELD_AGENT_ADDR4|\
STORE_V2_FIELD_AGENT_ADDR6)
#define STORE_V2_FIELD_SRC_ADDR (STORE_V2_FIELD_SRC_ADDR4|\
STORE_V2_FIELD_SRC_ADDR6)
#define STORE_V2_FIELD_DST_ADDR (STORE_V2_FIELD_DST_ADDR4|\
STORE_V2_FIELD_DST_ADDR6)
#define STORE_V2_FIELD_SRCDST_ADDR (STORE_V2_FIELD_SRC_ADDR|\
STORE_V2_FIELD_DST_ADDR)
#define STORE_V2_FIELD_GATEWAY_ADDR (STORE_V2_FIELD_GATEWAY_ADDR4|\
STORE_V2_FIELD_GATEWAY_ADDR6)
#define STORE_V2_DISPLAY_ALL STORE_V2_FIELD_ALL
#define STORE_V2_DISPLAY_BRIEF (STORE_V2_FIELD_TAG|\
STORE_V2_FIELD_RECV_TIME|\
STORE_V2_FIELD_PROTO_FLAGS_TOS|\
STORE_V2_FIELD_SRCDST_PORT|\
STORE_V2_FIELD_PACKETS|\
STORE_V2_FIELD_OCTETS|\
STORE_V2_FIELD_SRCDST_ADDR|\
STORE_V2_FIELD_AGENT_ADDR4|\
STORE_V2_FIELD_AGENT_ADDR6)
/* Start of flow record - present for every flow */
struct store_v2_flow {
u_int32_t fields;
} __packed;
/*
* Optional flow records
* NB. suffixes must match the corresponding STORE_FIELD_ define (see store.c)
*/
/* Optional flow field - present if STORE_FIELD_TAG */
struct store_v2_flow_TAG {
u_int32_t tag; /* set by filter */
} __packed;
/* Optional flow field - present if STORE_FIELD_RECV_TIME */
struct store_v2_flow_RECV_TIME {
u_int32_t recv_sec;
} __packed;
/* Optional flow field - present if STORE_FIELD_PROTO_FLAGS_TOS */
struct store_v2_flow_PROTO_FLAGS_TOS {
u_int8_t tcp_flags;
u_int8_t protocol;
u_int8_t tos;
u_int8_t pad;
} __packed;
/* Optional flow field - present if STORE_FIELD_AGENT_ADDR */
struct store_v2_flow_AGENT_ADDR4 {
struct store_addr4 flow_agent_addr;
} __packed;
struct store_v2_flow_AGENT_ADDR6 {
struct store_addr6 flow_agent_addr;
} __packed;
/* Optional flow field - present if STORE_FIELD_SRC_ADDR4 */
struct store_v2_flow_SRC_ADDR4 {
struct store_addr4 src_addr;
} __packed;
/* Optional flow field - present if STORE_FIELD_DST_ADDR4 */
struct store_v2_flow_DST_ADDR4 {
struct store_addr4 dst_addr;
} __packed;
/* Optional flow field - present if STORE_FIELD_SRC_ADDR6 */
struct store_v2_flow_SRC_ADDR6 {
struct store_addr6 src_addr;
} __packed;
/* Optional flow field - present if STORE_FIELD_DST_ADDR6 */
struct store_v2_flow_DST_ADDR6 {
struct store_addr6 dst_addr;
} __packed;
/* Optional flow field - present if STORE_FIELD_GATEWAY_ADDR */
struct store_v2_flow_GATEWAY_ADDR4 {
struct store_addr4 gateway_addr;
} __packed;
struct store_v2_flow_GATEWAY_ADDR6 {
struct store_addr6 gateway_addr;
} __packed;
/* Optional flow field - present if STORE_FIELD_SRCDST_PORT */
struct store_v2_flow_SRCDST_PORT {
u_int16_t src_port;
u_int16_t dst_port;
} __packed;
/* Optional flow field - present if STORE_FIELD_PACKETS */
struct store_v2_flow_PACKETS {
u_int64_t flow_packets;
} __packed;
/* Optional flow field - present if STORE_FIELD_OCTETS */
struct store_v2_flow_OCTETS {
u_int64_t flow_octets;
} __packed;
/* Optional flow field - present if STORE_FIELD_IF_INDICES */
struct store_v2_flow_IF_INDICES {
u_int16_t if_index_in;
u_int16_t if_index_out;
} __packed;
/* Optional flow field - present if STORE_FIELD_AGENT_INFO */
struct store_v2_flow_AGENT_INFO {
u_int32_t sys_uptime_ms;
u_int32_t time_sec;
u_int32_t time_nanosec;
u_int16_t netflow_version;
u_int16_t pad;
} __packed;
/* Optional flow field - present if STORE_FIELD_FLOW_TIMES */
struct store_v2_flow_FLOW_TIMES {
u_int32_t flow_start;
u_int32_t flow_finish;
} __packed;
/* Optional flow field - present if STORE_FIELD_AS_INFO */
struct store_v2_flow_AS_INFO {
u_int16_t src_as;
u_int16_t dst_as;
u_int8_t src_mask;
u_int8_t dst_mask;
u_int16_t pad;
} __packed;
/* Optional flow field - present if STORE_FIELD_FLOW_ENGINE_INFO */
struct store_v2_flow_FLOW_ENGINE_INFO {
u_int8_t engine_type;
u_int8_t engine_id;
u_int16_t pad;
u_int32_t flow_sequence;
} __packed;
/* Optional flow field - present if STORE_FIELD_CRC32 */
struct store_v2_flow_CRC32 {
u_int32_t crc32;
} __packed;
/* A abstract flow record (all fields included) */
struct store_v2_flow_complete {
struct store_v2_flow hdr;
struct store_v2_flow_TAG tag;
struct store_v2_flow_RECV_TIME recv_time;
struct store_v2_flow_PROTO_FLAGS_TOS pft;
struct xaddr agent_addr;
struct xaddr src_addr;
struct xaddr dst_addr;
struct xaddr gateway_addr;
struct store_v2_flow_SRCDST_PORT ports;
struct store_v2_flow_PACKETS packets;
struct store_v2_flow_OCTETS octets;
struct store_v2_flow_IF_INDICES ifndx;
struct store_v2_flow_AGENT_INFO ainfo;
struct store_v2_flow_FLOW_TIMES ftimes;
struct store_v2_flow_AS_INFO asinf;
struct store_v2_flow_FLOW_ENGINE_INFO finf;
struct store_v2_flow_CRC32 crc32;
} __packed;
int store_v2_get_header(int fd, struct store_v2_header *hdr, char *ebuf, int elen);
int store_v2_get_flow(int fd, struct store_v2_flow_complete *f, char *ebuf, int elen);
int store_v2_check_header(int fd, char *ebuf, int elen);
int store_v2_put_header(int fd, char *ebuf, int elen);
int store_v2_put_flow(int fd, struct store_v2_flow_complete *flow,
u_int32_t fieldmask, char *ebuf, int elen);
int store_v2_validate_header(struct store_v2_header *hdr, char *ebuf, int elen);
int store_v2_calc_flow_len(struct store_v2_flow *hdr);
int store_v2_flow_deserialise(u_int8_t *buf, int len,
struct store_v2_flow_complete *f, char *ebuf, int elen);
int store_v2_flow_serialise(struct store_v2_flow_complete *f, u_int8_t *buf, int buflen,
int *flowlen, char *ebuf, int elen);
int store_v2_flow_convert(struct store_v2_flow_complete *fv2,
struct store_flow_complete *f);
#endif /* _STORE_V2_H */