xref: /freebsd/sys/net/pflow.h (revision b64c5a0ace59af62eff52bfe110a521dc73c937b)
1 /*	$OpenBSD: if_pflow.h,v 1.19 2022/11/23 15:12:27 mvs Exp $	*/
2 
3 /*
4  * Copyright (c) 2008 Henning Brauer <henning@openbsd.org>
5  * Copyright (c) 2008 Joerg Goltermann <jg@osn.de>
6  *
7  * Permission to use, copy, modify, and distribute this software for any
8  * purpose with or without fee is hereby granted, provided that the above
9  * copyright notice and this permission notice appear in all copies.
10  *
11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15  * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
16  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
17  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 #ifndef _NET_IF_PFLOW_H_
21 #define _NET_IF_PFLOW_H_
22 
23 #include <sys/cdefs.h>
24 #include <sys/types.h>
25 #include <sys/socket.h>
26 
27 #include <netinet/in.h>
28 
29 #ifdef _KERNEL
30 #include <sys/param.h>
31 #include <sys/lock.h>
32 #include <sys/rmlock.h>
33 #include <sys/interrupt.h>
34 #include <net/if.h>
35 #include <net/if_var.h>
36 #include <net/if_private.h>
37 #include <net/pfvar.h>
38 
39 #include <netinet/ip.h>
40 #endif
41 
42 #define PFLOW_MAX_ENTRIES	128
43 
44 #define PFLOW_ID_LEN	sizeof(u_int64_t)
45 
46 #define PFLOW_MAXFLOWS 30
47 #define PFLOW_ENGINE_TYPE 42
48 #define PFLOW_ENGINE_ID 42
49 #define PFLOW_MAXBYTES 0xffffffff
50 #define PFLOW_TIMEOUT 30
51 #define PFLOW_TMPL_TIMEOUT 30 /* rfc 5101 10.3.6 (p.40) recommends 600 */
52 
53 #define PFLOW_IPFIX_TMPL_SET_ID 2
54 
55 /* RFC 5102 Information Element Identifiers */
56 
57 #define PFIX_IE_octetDeltaCount			  1
58 #define PFIX_IE_packetDeltaCount		  2
59 #define PFIX_IE_protocolIdentifier		  4
60 #define PFIX_IE_ipClassOfService		  5
61 #define PFIX_IE_sourceTransportPort		  7
62 #define PFIX_IE_sourceIPv4Address		  8
63 #define PFIX_IE_ingressInterface		 10
64 #define PFIX_IE_destinationTransportPort	 11
65 #define PFIX_IE_destinationIPv4Address		 12
66 #define PFIX_IE_egressInterface			 14
67 #define PFIX_IE_flowEndSysUpTime		 21
68 #define PFIX_IE_flowStartSysUpTime		 22
69 #define PFIX_IE_sourceIPv6Address		 27
70 #define PFIX_IE_destinationIPv6Address		 28
71 #define PFIX_IE_flowStartMilliseconds		152
72 #define PFIX_IE_flowEndMilliseconds		153
73 #define PFIX_IE_postNATSourceIPv4Address	225
74 #define PFIX_IE_postNATDestinationIPv4Address	226
75 #define PFIX_IE_postNAPTSourceTransportPort	227
76 #define PFIX_IE_postNAPTDestinationTransportPort	228
77 #define PFIX_IE_natEvent			230
78 #define PFIX_NAT_EVENT_SESSION_CREATE		4
79 #define PFIX_NAT_EVENT_SESSION_DELETE		5
80 #define PFIX_IE_timeStamp			323
81 
82 struct pflow_flow {
83 	u_int32_t	src_ip;
84 	u_int32_t	dest_ip;
85 	u_int32_t	nexthop_ip;
86 	u_int16_t	if_index_in;
87 	u_int16_t	if_index_out;
88 	u_int32_t	flow_packets;
89 	u_int32_t	flow_octets;
90 	u_int32_t	flow_start;
91 	u_int32_t	flow_finish;
92 	u_int16_t	src_port;
93 	u_int16_t	dest_port;
94 	u_int8_t	pad1;
95 	u_int8_t	tcp_flags;
96 	u_int8_t	protocol;
97 	u_int8_t	tos;
98 	u_int16_t	src_as;
99 	u_int16_t	dest_as;
100 	u_int8_t	src_mask;
101 	u_int8_t	dest_mask;
102 	u_int16_t	pad2;
103 } __packed;
104 
105 struct pflow_set_header {
106 	u_int16_t	set_id;
107 	u_int16_t	set_length; /* total length of the set,
108 				       in octets, including the set header */
109 } __packed;
110 
111 #define PFLOW_SET_HDRLEN sizeof(struct pflow_set_header)
112 
113 struct pflow_tmpl_hdr {
114 	u_int16_t	tmpl_id;
115 	u_int16_t	field_count;
116 } __packed;
117 
118 struct pflow_tmpl_fspec {
119 	u_int16_t	field_id;
120 	u_int16_t	len;
121 } __packed;
122 
123 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_ipv4 */
124 struct pflow_ipfix_tmpl_ipv4 {
125 	struct pflow_tmpl_hdr	h;
126 	struct pflow_tmpl_fspec	src_ip;
127 	struct pflow_tmpl_fspec	dest_ip;
128 	struct pflow_tmpl_fspec	if_index_in;
129 	struct pflow_tmpl_fspec	if_index_out;
130 	struct pflow_tmpl_fspec	packets;
131 	struct pflow_tmpl_fspec	octets;
132 	struct pflow_tmpl_fspec	start;
133 	struct pflow_tmpl_fspec	finish;
134 	struct pflow_tmpl_fspec	src_port;
135 	struct pflow_tmpl_fspec	dest_port;
136 	struct pflow_tmpl_fspec	tos;
137 	struct pflow_tmpl_fspec	protocol;
138 #define PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT 12
139 #define PFLOW_IPFIX_TMPL_IPV4_ID 256
140 } __packed;
141 
142 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_v6 */
143 struct pflow_ipfix_tmpl_ipv6 {
144 	struct pflow_tmpl_hdr	h;
145 	struct pflow_tmpl_fspec	src_ip;
146 	struct pflow_tmpl_fspec	dest_ip;
147 	struct pflow_tmpl_fspec	if_index_in;
148 	struct pflow_tmpl_fspec	if_index_out;
149 	struct pflow_tmpl_fspec	packets;
150 	struct pflow_tmpl_fspec	octets;
151 	struct pflow_tmpl_fspec	start;
152 	struct pflow_tmpl_fspec	finish;
153 	struct pflow_tmpl_fspec	src_port;
154 	struct pflow_tmpl_fspec	dest_port;
155 	struct pflow_tmpl_fspec	tos;
156 	struct pflow_tmpl_fspec	protocol;
157 #define PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT 12
158 #define PFLOW_IPFIX_TMPL_IPV6_ID 257
159 } __packed;
160 
161 struct pflow_ipfix_tmpl_nat44 {
162 	struct pflow_tmpl_hdr	h;
163 	struct pflow_tmpl_fspec timestamp;
164 	struct pflow_tmpl_fspec nat_event;
165 	struct pflow_tmpl_fspec protocol;
166 	struct pflow_tmpl_fspec src_ip;
167 	struct pflow_tmpl_fspec src_port;
168 	struct pflow_tmpl_fspec postnat_src_ip;
169 	struct pflow_tmpl_fspec postnat_src_port;
170 	struct pflow_tmpl_fspec dst_ip;
171 	struct pflow_tmpl_fspec dst_port;
172 	struct pflow_tmpl_fspec postnat_dst_ip;
173 	struct pflow_tmpl_fspec postnat_dst_port;
174 #define PFLOW_IPFIX_TMPL_NAT44_FIELD_COUNT 11
175 #define PFLOW_IPFIX_TMPL_NAT44_ID 258
176 };
177 
178 struct pflow_ipfix_tmpl {
179 	struct pflow_set_header	set_header;
180 	struct pflow_ipfix_tmpl_ipv4	ipv4_tmpl;
181 	struct pflow_ipfix_tmpl_ipv6	ipv6_tmpl;
182 	struct pflow_ipfix_tmpl_nat44	nat44_tmpl;
183 } __packed;
184 
185 struct pflow_ipfix_flow4 {
186 	u_int32_t	src_ip;		/* sourceIPv4Address*/
187 	u_int32_t	dest_ip;	/* destinationIPv4Address */
188 	u_int32_t	if_index_in;	/* ingressInterface */
189 	u_int32_t	if_index_out;	/* egressInterface */
190 	u_int64_t	flow_packets;	/* packetDeltaCount */
191 	u_int64_t	flow_octets;	/* octetDeltaCount */
192 	int64_t		flow_start;	/* flowStartMilliseconds */
193 	int64_t		flow_finish;	/* flowEndMilliseconds */
194 	u_int16_t	src_port;	/* sourceTransportPort */
195 	u_int16_t	dest_port;	/* destinationTransportPort */
196 	u_int8_t	tos;		/* ipClassOfService */
197 	u_int8_t	protocol;	/* protocolIdentifier */
198 	/* XXX padding needed? */
199 } __packed;
200 
201 struct pflow_ipfix_flow6 {
202 	struct in6_addr src_ip;		/* sourceIPv6Address */
203 	struct in6_addr dest_ip;	/* destinationIPv6Address */
204 	u_int32_t	if_index_in;	/* ingressInterface */
205 	u_int32_t	if_index_out;	/* egressInterface */
206 	u_int64_t	flow_packets;	/* packetDeltaCount */
207 	u_int64_t	flow_octets;	/* octetDeltaCount */
208 	int64_t		flow_start;	/* flowStartMilliseconds */
209 	int64_t		flow_finish;	/* flowEndMilliseconds */
210 	u_int16_t	src_port;	/* sourceTransportPort */
211 	u_int16_t	dest_port;	/* destinationTransportPort */
212 	u_int8_t	tos;		/* ipClassOfService */
213 	u_int8_t	protocol;	/* protocolIdentifier */
214 	/* XXX padding needed? */
215 } __packed;
216 
217 struct pflow_ipfix_nat4 {
218 	u_int64_t	timestamp;	/* timeStamp */
219 	u_int8_t	nat_event;	/* natEvent */
220 	u_int8_t	protocol;	/* protocolIdentifier */
221 	u_int32_t	src_ip;		/* sourceIPv4Address */
222 	u_int16_t	src_port;	/* sourceTransportPort */
223 	u_int32_t	postnat_src_ip;	/* postNATSourceIPv4Address */
224 	u_int16_t	postnat_src_port;/* postNAPTSourceTransportPort */
225 	u_int32_t	dest_ip;	/* destinationIPv4Address */
226 	u_int16_t	dest_port;	/* destinationTransportPort */
227 	u_int32_t	postnat_dest_ip;/* postNATDestinationIPv4Address */
228 	u_int16_t	postnat_dest_port;/* postNAPTDestinationTransportPort */
229 } __packed;
230 
231 #ifdef _KERNEL
232 
233 struct pflow_softc {
234 	int			 sc_id;
235 
236 	struct mtx		 sc_lock;
237 
238 	int			 sc_dying;	/* [N] */
239 	struct vnet		*sc_vnet;
240 
241 	unsigned int		 sc_count;
242 	unsigned int		 sc_count4;
243 	unsigned int		 sc_count6;
244 	unsigned int		 sc_count_nat4;
245 	unsigned int		 sc_maxcount;
246 	unsigned int		 sc_maxcount4;
247 	unsigned int		 sc_maxcount6;
248 	unsigned int		 sc_maxcount_nat4;
249 	u_int32_t		 sc_gcounter;
250 	u_int32_t		 sc_sequence;
251 	struct callout		 sc_tmo;
252 	struct callout		 sc_tmo6;
253 	struct callout		 sc_tmo_nat4;
254 	struct callout		 sc_tmo_tmpl;
255 	struct intr_event	*sc_swi_ie;
256 	void			*sc_swi_cookie;
257 	struct mbufq		 sc_outputqueue;
258 	struct task		 sc_outputtask;
259 	struct socket		*so;		/* [p] */
260 	struct sockaddr		*sc_flowsrc;
261 	struct sockaddr		*sc_flowdst;
262 	struct pflow_ipfix_tmpl	 sc_tmpl_ipfix;
263 	u_int8_t		 sc_version;
264 	u_int32_t		 sc_observation_dom;
265 	struct mbuf		*sc_mbuf;	/* current cumulative mbuf */
266 	struct mbuf		*sc_mbuf6;	/* current cumulative mbuf */
267 	struct mbuf		*sc_mbuf_nat4;
268 	CK_LIST_ENTRY(pflow_softc) sc_next;
269 	struct epoch_context	 sc_epoch_ctx;
270 };
271 
272 #endif /* _KERNEL */
273 
274 struct pflow_header {
275 	u_int16_t	version;
276 	u_int16_t	count;
277 	u_int32_t	uptime_ms;
278 	u_int32_t	time_sec;
279 	u_int32_t	time_nanosec;
280 	u_int32_t	flow_sequence;
281 	u_int8_t	engine_type;
282 	u_int8_t	engine_id;
283 	u_int8_t	reserved1;
284 	u_int8_t	reserved2;
285 } __packed;
286 
287 #define PFLOW_HDRLEN sizeof(struct pflow_header)
288 
289 struct pflow_v10_header {
290 	u_int16_t	version;
291 	u_int16_t	length;
292 	u_int32_t	time_sec;
293 	u_int32_t	flow_sequence;
294 	u_int32_t	observation_dom;
295 } __packed;
296 
297 #define PFLOW_IPFIX_HDRLEN sizeof(struct pflow_v10_header)
298 
299 struct pflowstats {
300 	u_int64_t	pflow_flows;
301 	u_int64_t	pflow_packets;
302 	u_int64_t	pflow_onomem;
303 	u_int64_t	pflow_oerrors;
304 };
305 
306 /* Supported flow protocols */
307 #define PFLOW_PROTO_5	5	/* original pflow */
308 #define PFLOW_PROTO_10	10	/* ipfix */
309 #define PFLOW_PROTO_MAX	11
310 
311 #define PFLOW_PROTO_DEFAULT PFLOW_PROTO_5
312 
313 struct pflow_protos {
314 	const char	*ppr_name;
315 	u_int8_t	 ppr_proto;
316 };
317 
318 #define PFLOW_PROTOS {                                 \
319 		{ "5",	PFLOW_PROTO_5 },	       \
320 		{ "10",	PFLOW_PROTO_10 },	       \
321 }
322 
323 #define PFLOWNL_FAMILY_NAME	"pflow"
324 
325 enum {
326 	PFLOWNL_CMD_UNSPEC = 0,
327 	PFLOWNL_CMD_LIST = 1,
328 	PFLOWNL_CMD_CREATE = 2,
329 	PFLOWNL_CMD_DEL = 3,
330 	PFLOWNL_CMD_SET = 4,
331 	PFLOWNL_CMD_GET = 5,
332 	__PFLOWNL_CMD_MAX,
333 };
334 #define PFLOWNL_CMD_MAX (__PFLOWNL_CMD_MAX - 1)
335 
336 enum pflow_list_type_t {
337 	PFLOWNL_L_UNSPEC,
338 	PFLOWNL_L_ID		= 1, /* u32 */
339 };
340 
341 enum pflow_create_type_t {
342 	PFLOWNL_CREATE_UNSPEC,
343 	PFLOWNL_CREATE_ID	= 1, /* u32 */
344 };
345 
346 enum pflow_del_type_t {
347 	PFLOWNL_DEL_UNSPEC,
348 	PFLOWNL_DEL_ID		= 1, /* u32 */
349 };
350 
351 enum pflow_addr_type_t {
352 	PFLOWNL_ADDR_UNSPEC,
353 	PFLOWNL_ADDR_FAMILY	= 1, /* u8 */
354 	PFLOWNL_ADDR_PORT	= 2, /* u16 */
355 	PFLOWNL_ADDR_IP		= 3, /* struct in_addr */
356 	PFLOWNL_ADDR_IP6	= 4, /* struct in6_addr */
357 };
358 
359 enum pflow_get_type_t {
360 	PFLOWNL_GET_UNSPEC,
361 	PFLOWNL_GET_ID		= 1, /* u32 */
362 	PFLOWNL_GET_VERSION	= 2, /* u16 */
363 	PFLOWNL_GET_SRC		= 3, /* struct sockaddr_storage */
364 	PFLOWNL_GET_DST		= 4, /* struct sockaddr_storage */
365 	PFLOWNL_GET_OBSERVATION_DOMAIN	= 5, /* u32 */
366 	PFLOWNL_GET_SOCKET_STATUS	= 6, /* u8 */
367 };
368 
369 enum pflow_set_type_t {
370 	PFLOWNL_SET_UNSPEC,
371 	PFLOWNL_SET_ID		= 1, /* u32 */
372 	PFLOWNL_SET_VERSION	= 2, /* u16 */
373 	PFLOWNL_SET_SRC		= 3, /* struct sockaddr_storage */
374 	PFLOWNL_SET_DST		= 4, /* struct sockaddr_storage */
375 	PFLOWNL_SET_OBSERVATION_DOMAIN = 5, /* u32 */
376 };
377 
378 #ifdef _KERNEL
379 int pflow_sysctl(int *, u_int,  void *, size_t *, void *, size_t);
380 #endif /* _KERNEL */
381 
382 #endif /* _NET_IF_PFLOW_H_ */
383