1 /* $OpenBSD: if_pflow.h,v 1.19 2022/11/23 15:12:27 mvs Exp $ */ 2 3 /* 4 * Copyright (c) 2008 Henning Brauer <henning@openbsd.org> 5 * Copyright (c) 2008 Joerg Goltermann <jg@osn.de> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN 16 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 17 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #ifndef _NET_IF_PFLOW_H_ 21 #define _NET_IF_PFLOW_H_ 22 23 #include <sys/cdefs.h> 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 27 #include <netinet/in.h> 28 29 #ifdef _KERNEL 30 #include <sys/param.h> 31 #include <sys/lock.h> 32 #include <sys/rmlock.h> 33 #include <sys/interrupt.h> 34 #include <net/if.h> 35 #include <net/if_var.h> 36 #include <net/if_private.h> 37 #include <net/pfvar.h> 38 39 #include <netinet/ip.h> 40 #endif 41 42 #define PFLOW_ID_LEN sizeof(u_int64_t) 43 44 #define PFLOW_MAXFLOWS 30 45 #define PFLOW_ENGINE_TYPE 42 46 #define PFLOW_ENGINE_ID 42 47 #define PFLOW_MAXBYTES 0xffffffff 48 #define PFLOW_TIMEOUT 30 49 #define PFLOW_TMPL_TIMEOUT 30 /* rfc 5101 10.3.6 (p.40) recommends 600 */ 50 51 #define PFLOW_IPFIX_TMPL_SET_ID 2 52 53 /* RFC 5102 Information Element Identifiers */ 54 55 #define PFIX_IE_octetDeltaCount 1 56 #define PFIX_IE_packetDeltaCount 2 57 #define PFIX_IE_protocolIdentifier 4 58 #define PFIX_IE_ipClassOfService 5 59 #define PFIX_IE_sourceTransportPort 7 60 #define PFIX_IE_sourceIPv4Address 8 61 #define PFIX_IE_ingressInterface 10 62 #define PFIX_IE_destinationTransportPort 11 63 #define PFIX_IE_destinationIPv4Address 12 64 #define PFIX_IE_egressInterface 14 65 #define PFIX_IE_flowEndSysUpTime 21 66 #define PFIX_IE_flowStartSysUpTime 22 67 #define PFIX_IE_sourceIPv6Address 27 68 #define PFIX_IE_destinationIPv6Address 28 69 #define PFIX_IE_flowStartMilliseconds 152 70 #define PFIX_IE_flowEndMilliseconds 153 71 #define PFIX_IE_postNATSourceIPv4Address 225 72 #define PFIX_IE_postNATDestinationIPv4Address 226 73 #define PFIX_IE_postNAPTSourceTransportPort 227 74 #define PFIX_IE_postNAPTDestinationTransportPort 228 75 #define PFIX_IE_natEvent 230 76 #define PFIX_NAT_EVENT_SESSION_CREATE 4 77 #define PFIX_NAT_EVENT_SESSION_DELETE 5 78 #define PFIX_IE_timeStamp 323 79 80 struct pflow_flow { 81 u_int32_t src_ip; 82 u_int32_t dest_ip; 83 u_int32_t nexthop_ip; 84 u_int16_t if_index_in; 85 u_int16_t if_index_out; 86 u_int32_t flow_packets; 87 u_int32_t flow_octets; 88 u_int32_t flow_start; 89 u_int32_t flow_finish; 90 u_int16_t src_port; 91 u_int16_t dest_port; 92 u_int8_t pad1; 93 u_int8_t tcp_flags; 94 u_int8_t protocol; 95 u_int8_t tos; 96 u_int16_t src_as; 97 u_int16_t dest_as; 98 u_int8_t src_mask; 99 u_int8_t dest_mask; 100 u_int16_t pad2; 101 } __packed; 102 103 struct pflow_set_header { 104 u_int16_t set_id; 105 u_int16_t set_length; /* total length of the set, 106 in octets, including the set header */ 107 } __packed; 108 109 #define PFLOW_SET_HDRLEN sizeof(struct pflow_set_header) 110 111 struct pflow_tmpl_hdr { 112 u_int16_t tmpl_id; 113 u_int16_t field_count; 114 } __packed; 115 116 struct pflow_tmpl_fspec { 117 u_int16_t field_id; 118 u_int16_t len; 119 } __packed; 120 121 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_ipv4 */ 122 struct pflow_ipfix_tmpl_ipv4 { 123 struct pflow_tmpl_hdr h; 124 struct pflow_tmpl_fspec src_ip; 125 struct pflow_tmpl_fspec dest_ip; 126 struct pflow_tmpl_fspec if_index_in; 127 struct pflow_tmpl_fspec if_index_out; 128 struct pflow_tmpl_fspec packets; 129 struct pflow_tmpl_fspec octets; 130 struct pflow_tmpl_fspec start; 131 struct pflow_tmpl_fspec finish; 132 struct pflow_tmpl_fspec src_port; 133 struct pflow_tmpl_fspec dest_port; 134 struct pflow_tmpl_fspec tos; 135 struct pflow_tmpl_fspec protocol; 136 #define PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT 12 137 #define PFLOW_IPFIX_TMPL_IPV4_ID 256 138 } __packed; 139 140 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_v6 */ 141 struct pflow_ipfix_tmpl_ipv6 { 142 struct pflow_tmpl_hdr h; 143 struct pflow_tmpl_fspec src_ip; 144 struct pflow_tmpl_fspec dest_ip; 145 struct pflow_tmpl_fspec if_index_in; 146 struct pflow_tmpl_fspec if_index_out; 147 struct pflow_tmpl_fspec packets; 148 struct pflow_tmpl_fspec octets; 149 struct pflow_tmpl_fspec start; 150 struct pflow_tmpl_fspec finish; 151 struct pflow_tmpl_fspec src_port; 152 struct pflow_tmpl_fspec dest_port; 153 struct pflow_tmpl_fspec tos; 154 struct pflow_tmpl_fspec protocol; 155 #define PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT 12 156 #define PFLOW_IPFIX_TMPL_IPV6_ID 257 157 } __packed; 158 159 struct pflow_ipfix_tmpl_nat44 { 160 struct pflow_tmpl_hdr h; 161 struct pflow_tmpl_fspec timestamp; 162 struct pflow_tmpl_fspec nat_event; 163 struct pflow_tmpl_fspec protocol; 164 struct pflow_tmpl_fspec src_ip; 165 struct pflow_tmpl_fspec src_port; 166 struct pflow_tmpl_fspec postnat_src_ip; 167 struct pflow_tmpl_fspec postnat_src_port; 168 struct pflow_tmpl_fspec dst_ip; 169 struct pflow_tmpl_fspec dst_port; 170 struct pflow_tmpl_fspec postnat_dst_ip; 171 struct pflow_tmpl_fspec postnat_dst_port; 172 #define PFLOW_IPFIX_TMPL_NAT44_FIELD_COUNT 11 173 #define PFLOW_IPFIX_TMPL_NAT44_ID 258 174 }; 175 176 struct pflow_ipfix_tmpl { 177 struct pflow_set_header set_header; 178 struct pflow_ipfix_tmpl_ipv4 ipv4_tmpl; 179 struct pflow_ipfix_tmpl_ipv6 ipv6_tmpl; 180 struct pflow_ipfix_tmpl_nat44 nat44_tmpl; 181 } __packed; 182 183 struct pflow_ipfix_flow4 { 184 u_int32_t src_ip; /* sourceIPv4Address*/ 185 u_int32_t dest_ip; /* destinationIPv4Address */ 186 u_int32_t if_index_in; /* ingressInterface */ 187 u_int32_t if_index_out; /* egressInterface */ 188 u_int64_t flow_packets; /* packetDeltaCount */ 189 u_int64_t flow_octets; /* octetDeltaCount */ 190 int64_t flow_start; /* flowStartMilliseconds */ 191 int64_t flow_finish; /* flowEndMilliseconds */ 192 u_int16_t src_port; /* sourceTransportPort */ 193 u_int16_t dest_port; /* destinationTransportPort */ 194 u_int8_t tos; /* ipClassOfService */ 195 u_int8_t protocol; /* protocolIdentifier */ 196 /* XXX padding needed? */ 197 } __packed; 198 199 struct pflow_ipfix_flow6 { 200 struct in6_addr src_ip; /* sourceIPv6Address */ 201 struct in6_addr dest_ip; /* destinationIPv6Address */ 202 u_int32_t if_index_in; /* ingressInterface */ 203 u_int32_t if_index_out; /* egressInterface */ 204 u_int64_t flow_packets; /* packetDeltaCount */ 205 u_int64_t flow_octets; /* octetDeltaCount */ 206 int64_t flow_start; /* flowStartMilliseconds */ 207 int64_t flow_finish; /* flowEndMilliseconds */ 208 u_int16_t src_port; /* sourceTransportPort */ 209 u_int16_t dest_port; /* destinationTransportPort */ 210 u_int8_t tos; /* ipClassOfService */ 211 u_int8_t protocol; /* protocolIdentifier */ 212 /* XXX padding needed? */ 213 } __packed; 214 215 struct pflow_ipfix_nat4 { 216 u_int64_t timestamp; /* timeStamp */ 217 u_int8_t nat_event; /* natEvent */ 218 u_int8_t protocol; /* protocolIdentifier */ 219 u_int32_t src_ip; /* sourceIPv4Address */ 220 u_int16_t src_port; /* sourceTransportPort */ 221 u_int32_t postnat_src_ip; /* postNATSourceIPv4Address */ 222 u_int16_t postnat_src_port;/* postNAPTSourceTransportPort */ 223 u_int32_t dest_ip; /* destinationIPv4Address */ 224 u_int16_t dest_port; /* destinationTransportPort */ 225 u_int32_t postnat_dest_ip;/* postNATDestinationIPv4Address */ 226 u_int16_t postnat_dest_port;/* postNAPTDestinationTransportPort */ 227 } __packed; 228 229 #ifdef _KERNEL 230 231 struct pflow_softc { 232 int sc_id; 233 234 struct mtx sc_lock; 235 236 int sc_dying; /* [N] */ 237 struct vnet *sc_vnet; 238 239 unsigned int sc_count; 240 unsigned int sc_count4; 241 unsigned int sc_count6; 242 unsigned int sc_count_nat4; 243 unsigned int sc_maxcount; 244 unsigned int sc_maxcount4; 245 unsigned int sc_maxcount6; 246 unsigned int sc_maxcount_nat4; 247 u_int32_t sc_gcounter; 248 u_int32_t sc_sequence; 249 struct callout sc_tmo; 250 struct callout sc_tmo6; 251 struct callout sc_tmo_nat4; 252 struct callout sc_tmo_tmpl; 253 struct intr_event *sc_swi_ie; 254 void *sc_swi_cookie; 255 struct mbufq sc_outputqueue; 256 struct task sc_outputtask; 257 struct socket *so; /* [p] */ 258 struct sockaddr *sc_flowsrc; 259 struct sockaddr *sc_flowdst; 260 struct pflow_ipfix_tmpl sc_tmpl_ipfix; 261 u_int8_t sc_version; 262 u_int32_t sc_observation_dom; 263 struct mbuf *sc_mbuf; /* current cumulative mbuf */ 264 struct mbuf *sc_mbuf6; /* current cumulative mbuf */ 265 struct mbuf *sc_mbuf_nat4; 266 CK_LIST_ENTRY(pflow_softc) sc_next; 267 struct epoch_context sc_epoch_ctx; 268 }; 269 270 #endif /* _KERNEL */ 271 272 struct pflow_header { 273 u_int16_t version; 274 u_int16_t count; 275 u_int32_t uptime_ms; 276 u_int32_t time_sec; 277 u_int32_t time_nanosec; 278 u_int32_t flow_sequence; 279 u_int8_t engine_type; 280 u_int8_t engine_id; 281 u_int8_t reserved1; 282 u_int8_t reserved2; 283 } __packed; 284 285 #define PFLOW_HDRLEN sizeof(struct pflow_header) 286 287 struct pflow_v10_header { 288 u_int16_t version; 289 u_int16_t length; 290 u_int32_t time_sec; 291 u_int32_t flow_sequence; 292 u_int32_t observation_dom; 293 } __packed; 294 295 #define PFLOW_IPFIX_HDRLEN sizeof(struct pflow_v10_header) 296 297 struct pflowstats { 298 u_int64_t pflow_flows; 299 u_int64_t pflow_packets; 300 u_int64_t pflow_onomem; 301 u_int64_t pflow_oerrors; 302 }; 303 304 /* Supported flow protocols */ 305 #define PFLOW_PROTO_5 5 /* original pflow */ 306 #define PFLOW_PROTO_10 10 /* ipfix */ 307 #define PFLOW_PROTO_MAX 11 308 309 #define PFLOW_PROTO_DEFAULT PFLOW_PROTO_5 310 311 struct pflow_protos { 312 const char *ppr_name; 313 u_int8_t ppr_proto; 314 }; 315 316 #define PFLOW_PROTOS { \ 317 { "5", PFLOW_PROTO_5 }, \ 318 { "10", PFLOW_PROTO_10 }, \ 319 } 320 321 #define PFLOWNL_FAMILY_NAME "pflow" 322 323 enum { 324 PFLOWNL_CMD_UNSPEC = 0, 325 PFLOWNL_CMD_LIST = 1, 326 PFLOWNL_CMD_CREATE = 2, 327 PFLOWNL_CMD_DEL = 3, 328 PFLOWNL_CMD_SET = 4, 329 PFLOWNL_CMD_GET = 5, 330 __PFLOWNL_CMD_MAX, 331 }; 332 #define PFLOWNL_CMD_MAX (__PFLOWNL_CMD_MAX - 1) 333 334 enum pflow_list_type_t { 335 PFLOWNL_L_UNSPEC, 336 PFLOWNL_L_ID = 1, /* u32 */ 337 }; 338 339 enum pflow_create_type_t { 340 PFLOWNL_CREATE_UNSPEC, 341 PFLOWNL_CREATE_ID = 1, /* u32 */ 342 }; 343 344 enum pflow_del_type_t { 345 PFLOWNL_DEL_UNSPEC, 346 PFLOWNL_DEL_ID = 1, /* u32 */ 347 }; 348 349 enum pflow_addr_type_t { 350 PFLOWNL_ADDR_UNSPEC, 351 PFLOWNL_ADDR_FAMILY = 1, /* u8 */ 352 PFLOWNL_ADDR_PORT = 2, /* u16 */ 353 PFLOWNL_ADDR_IP = 3, /* struct in_addr */ 354 PFLOWNL_ADDR_IP6 = 4, /* struct in6_addr */ 355 }; 356 357 enum pflow_get_type_t { 358 PFLOWNL_GET_UNSPEC, 359 PFLOWNL_GET_ID = 1, /* u32 */ 360 PFLOWNL_GET_VERSION = 2, /* u16 */ 361 PFLOWNL_GET_SRC = 3, /* struct sockaddr_storage */ 362 PFLOWNL_GET_DST = 4, /* struct sockaddr_storage */ 363 PFLOWNL_GET_OBSERVATION_DOMAIN = 5, /* u32 */ 364 }; 365 366 enum pflow_set_type_t { 367 PFLOWNL_SET_UNSPEC, 368 PFLOWNL_SET_ID = 1, /* u32 */ 369 PFLOWNL_SET_VERSION = 2, /* u16 */ 370 PFLOWNL_SET_SRC = 3, /* struct sockaddr_storage */ 371 PFLOWNL_SET_DST = 4, /* struct sockaddr_storage */ 372 PFLOWNL_SET_OBSERVATION_DOMAIN = 5, /* u32 */ 373 }; 374 375 #ifdef _KERNEL 376 int pflow_sysctl(int *, u_int, void *, size_t *, void *, size_t); 377 #endif /* _KERNEL */ 378 379 #endif /* _NET_IF_PFLOW_H_ */ 380