1 /* $OpenBSD: if_pflow.h,v 1.19 2022/11/23 15:12:27 mvs Exp $ */ 2 3 /* 4 * Copyright (c) 2008 Henning Brauer <henning@openbsd.org> 5 * Copyright (c) 2008 Joerg Goltermann <jg@osn.de> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN 16 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 17 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #ifndef _NET_IF_PFLOW_H_ 21 #define _NET_IF_PFLOW_H_ 22 23 #define PFLOW_ID_LEN sizeof(u_int64_t) 24 25 #define PFLOW_MAXFLOWS 30 26 #define PFLOW_ENGINE_TYPE 42 27 #define PFLOW_ENGINE_ID 42 28 #define PFLOW_MAXBYTES 0xffffffff 29 #define PFLOW_TIMEOUT 30 30 #define PFLOW_TMPL_TIMEOUT 30 /* rfc 5101 10.3.6 (p.40) recommends 600 */ 31 32 #define PFLOW_IPFIX_TMPL_SET_ID 2 33 34 /* RFC 5102 Information Element Identifiers */ 35 36 #define PFIX_IE_octetDeltaCount 1 37 #define PFIX_IE_packetDeltaCount 2 38 #define PFIX_IE_protocolIdentifier 4 39 #define PFIX_IE_ipClassOfService 5 40 #define PFIX_IE_sourceTransportPort 7 41 #define PFIX_IE_sourceIPv4Address 8 42 #define PFIX_IE_ingressInterface 10 43 #define PFIX_IE_destinationTransportPort 11 44 #define PFIX_IE_destinationIPv4Address 12 45 #define PFIX_IE_egressInterface 14 46 #define PFIX_IE_flowEndSysUpTime 21 47 #define PFIX_IE_flowStartSysUpTime 22 48 #define PFIX_IE_sourceIPv6Address 27 49 #define PFIX_IE_destinationIPv6Address 28 50 #define PFIX_IE_flowStartMilliseconds 152 51 #define PFIX_IE_flowEndMilliseconds 153 52 53 struct pflow_flow { 54 u_int32_t src_ip; 55 u_int32_t dest_ip; 56 u_int32_t nexthop_ip; 57 u_int16_t if_index_in; 58 u_int16_t if_index_out; 59 u_int32_t flow_packets; 60 u_int32_t flow_octets; 61 u_int32_t flow_start; 62 u_int32_t flow_finish; 63 u_int16_t src_port; 64 u_int16_t dest_port; 65 u_int8_t pad1; 66 u_int8_t tcp_flags; 67 u_int8_t protocol; 68 u_int8_t tos; 69 u_int16_t src_as; 70 u_int16_t dest_as; 71 u_int8_t src_mask; 72 u_int8_t dest_mask; 73 u_int16_t pad2; 74 } __packed; 75 76 struct pflow_set_header { 77 u_int16_t set_id; 78 u_int16_t set_length; /* total length of the set, 79 in octets, including the set header */ 80 } __packed; 81 82 #define PFLOW_SET_HDRLEN sizeof(struct pflow_set_header) 83 84 struct pflow_tmpl_hdr { 85 u_int16_t tmpl_id; 86 u_int16_t field_count; 87 } __packed; 88 89 struct pflow_tmpl_fspec { 90 u_int16_t field_id; 91 u_int16_t len; 92 } __packed; 93 94 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_ipv4 */ 95 struct pflow_ipfix_tmpl_ipv4 { 96 struct pflow_tmpl_hdr h; 97 struct pflow_tmpl_fspec src_ip; 98 struct pflow_tmpl_fspec dest_ip; 99 struct pflow_tmpl_fspec if_index_in; 100 struct pflow_tmpl_fspec if_index_out; 101 struct pflow_tmpl_fspec packets; 102 struct pflow_tmpl_fspec octets; 103 struct pflow_tmpl_fspec start; 104 struct pflow_tmpl_fspec finish; 105 struct pflow_tmpl_fspec src_port; 106 struct pflow_tmpl_fspec dest_port; 107 struct pflow_tmpl_fspec tos; 108 struct pflow_tmpl_fspec protocol; 109 #define PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT 12 110 #define PFLOW_IPFIX_TMPL_IPV4_ID 256 111 } __packed; 112 113 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_v6 */ 114 struct pflow_ipfix_tmpl_ipv6 { 115 struct pflow_tmpl_hdr h; 116 struct pflow_tmpl_fspec src_ip; 117 struct pflow_tmpl_fspec dest_ip; 118 struct pflow_tmpl_fspec if_index_in; 119 struct pflow_tmpl_fspec if_index_out; 120 struct pflow_tmpl_fspec packets; 121 struct pflow_tmpl_fspec octets; 122 struct pflow_tmpl_fspec start; 123 struct pflow_tmpl_fspec finish; 124 struct pflow_tmpl_fspec src_port; 125 struct pflow_tmpl_fspec dest_port; 126 struct pflow_tmpl_fspec tos; 127 struct pflow_tmpl_fspec protocol; 128 #define PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT 12 129 #define PFLOW_IPFIX_TMPL_IPV6_ID 257 130 } __packed; 131 132 struct pflow_ipfix_tmpl { 133 struct pflow_set_header set_header; 134 struct pflow_ipfix_tmpl_ipv4 ipv4_tmpl; 135 struct pflow_ipfix_tmpl_ipv6 ipv6_tmpl; 136 } __packed; 137 138 struct pflow_ipfix_flow4 { 139 u_int32_t src_ip; /* sourceIPv4Address*/ 140 u_int32_t dest_ip; /* destinationIPv4Address */ 141 u_int32_t if_index_in; /* ingressInterface */ 142 u_int32_t if_index_out; /* egressInterface */ 143 u_int64_t flow_packets; /* packetDeltaCount */ 144 u_int64_t flow_octets; /* octetDeltaCount */ 145 int64_t flow_start; /* flowStartMilliseconds */ 146 int64_t flow_finish; /* flowEndMilliseconds */ 147 u_int16_t src_port; /* sourceTransportPort */ 148 u_int16_t dest_port; /* destinationTransportPort */ 149 u_int8_t tos; /* ipClassOfService */ 150 u_int8_t protocol; /* protocolIdentifier */ 151 /* XXX padding needed? */ 152 } __packed; 153 154 struct pflow_ipfix_flow6 { 155 struct in6_addr src_ip; /* sourceIPv6Address */ 156 struct in6_addr dest_ip; /* destinationIPv6Address */ 157 u_int32_t if_index_in; /* ingressInterface */ 158 u_int32_t if_index_out; /* egressInterface */ 159 u_int64_t flow_packets; /* packetDeltaCount */ 160 u_int64_t flow_octets; /* octetDeltaCount */ 161 int64_t flow_start; /* flowStartMilliseconds */ 162 int64_t flow_finish; /* flowEndMilliseconds */ 163 u_int16_t src_port; /* sourceTransportPort */ 164 u_int16_t dest_port; /* destinationTransportPort */ 165 u_int8_t tos; /* ipClassOfService */ 166 u_int8_t protocol; /* protocolIdentifier */ 167 /* XXX padding needed? */ 168 } __packed; 169 170 #ifdef _KERNEL 171 172 /* 173 * Locks used to protect struct members and global data 174 * N net lock 175 * p this pflow_softc' `sc_lock' 176 */ 177 178 struct pflow_softc { 179 struct rwlock sc_lock; 180 181 int sc_dying; /* [N] */ 182 struct ifnet sc_if; 183 184 unsigned int sc_count; 185 unsigned int sc_count4; 186 unsigned int sc_count6; 187 unsigned int sc_maxcount; 188 unsigned int sc_maxcount4; 189 unsigned int sc_maxcount6; 190 u_int64_t sc_gcounter; 191 u_int32_t sc_sequence; 192 struct timeout sc_tmo; 193 struct timeout sc_tmo6; 194 struct timeout sc_tmo_tmpl; 195 struct mbuf_queue sc_outputqueue; 196 struct task sc_outputtask; 197 struct socket *so; /* [p] */ 198 struct mbuf *send_nam; 199 struct sockaddr *sc_flowsrc; 200 struct sockaddr *sc_flowdst; 201 struct pflow_ipfix_tmpl sc_tmpl_ipfix; 202 u_int8_t sc_version; 203 struct mbuf *sc_mbuf; /* current cumulative mbuf */ 204 struct mbuf *sc_mbuf6; /* current cumulative mbuf */ 205 SLIST_ENTRY(pflow_softc) sc_next; 206 }; 207 208 extern struct pflow_softc *pflowif; 209 210 #endif /* _KERNEL */ 211 212 struct pflow_header { 213 u_int16_t version; 214 u_int16_t count; 215 u_int32_t uptime_ms; 216 u_int32_t time_sec; 217 u_int32_t time_nanosec; 218 u_int32_t flow_sequence; 219 u_int8_t engine_type; 220 u_int8_t engine_id; 221 u_int8_t reserved1; 222 u_int8_t reserved2; 223 } __packed; 224 225 #define PFLOW_HDRLEN sizeof(struct pflow_header) 226 227 struct pflow_v10_header { 228 u_int16_t version; 229 u_int16_t length; 230 u_int32_t time_sec; 231 u_int32_t flow_sequence; 232 u_int32_t observation_dom; 233 } __packed; 234 235 #define PFLOW_IPFIX_HDRLEN sizeof(struct pflow_v10_header) 236 237 struct pflowstats { 238 u_int64_t pflow_flows; 239 u_int64_t pflow_packets; 240 u_int64_t pflow_onomem; 241 u_int64_t pflow_oerrors; 242 }; 243 244 /* Supported flow protocols */ 245 #define PFLOW_PROTO_5 5 /* original pflow */ 246 #define PFLOW_PROTO_10 10 /* ipfix */ 247 #define PFLOW_PROTO_MAX 11 248 249 #define PFLOW_PROTO_DEFAULT PFLOW_PROTO_5 250 251 struct pflow_protos { 252 const char *ppr_name; 253 u_int8_t ppr_proto; 254 }; 255 256 #define PFLOW_PROTOS { \ 257 { "5", PFLOW_PROTO_5 }, \ 258 { "10", PFLOW_PROTO_10 }, \ 259 } 260 261 /* 262 * Configuration structure for SIOCSETPFLOW SIOCGETPFLOW 263 */ 264 struct pflowreq { 265 struct sockaddr_storage flowsrc; 266 struct sockaddr_storage flowdst; 267 u_int16_t addrmask; 268 u_int8_t version; 269 #define PFLOW_MASK_SRCIP 0x01 270 #define PFLOW_MASK_DSTIP 0x02 271 #define PFLOW_MASK_VERSION 0x04 272 }; 273 274 #ifdef _KERNEL 275 int export_pflow(struct pf_state *); 276 int pflow_sysctl(int *, u_int, void *, size_t *, void *, size_t); 277 #endif /* _KERNEL */ 278 279 #endif /* _NET_IF_PFLOW_H_ */ 280