1 /* $OpenBSD: if_pflow.h,v 1.19 2022/11/23 15:12:27 mvs Exp $ */ 2 3 /* 4 * Copyright (c) 2008 Henning Brauer <henning@openbsd.org> 5 * Copyright (c) 2008 Joerg Goltermann <jg@osn.de> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN 16 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 17 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #ifndef _NET_IF_PFLOW_H_ 21 #define _NET_IF_PFLOW_H_ 22 23 #include <sys/cdefs.h> 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 27 #include <netinet/in.h> 28 29 #ifdef _KERNEL 30 #include <sys/param.h> 31 #include <sys/lock.h> 32 #include <sys/rmlock.h> 33 #include <sys/interrupt.h> 34 #include <net/if.h> 35 #include <net/if_var.h> 36 #include <net/if_private.h> 37 #include <net/pfvar.h> 38 39 #include <netinet/ip.h> 40 #endif 41 42 #define PFLOW_MAX_ENTRIES 128 43 44 #define PFLOW_ID_LEN sizeof(u_int64_t) 45 46 #define PFLOW_MAXFLOWS 30 47 #define PFLOW_ENGINE_TYPE 42 48 #define PFLOW_ENGINE_ID 42 49 #define PFLOW_MAXBYTES 0xffffffff 50 #define PFLOW_TIMEOUT 30 51 #define PFLOW_TMPL_TIMEOUT 30 /* rfc 5101 10.3.6 (p.40) recommends 600 */ 52 53 #define PFLOW_IPFIX_TMPL_SET_ID 2 54 55 /* RFC 5102 Information Element Identifiers */ 56 57 #define PFIX_IE_octetDeltaCount 1 58 #define PFIX_IE_packetDeltaCount 2 59 #define PFIX_IE_protocolIdentifier 4 60 #define PFIX_IE_ipClassOfService 5 61 #define PFIX_IE_sourceTransportPort 7 62 #define PFIX_IE_sourceIPv4Address 8 63 #define PFIX_IE_ingressInterface 10 64 #define PFIX_IE_destinationTransportPort 11 65 #define PFIX_IE_destinationIPv4Address 12 66 #define PFIX_IE_egressInterface 14 67 #define PFIX_IE_flowEndSysUpTime 21 68 #define PFIX_IE_flowStartSysUpTime 22 69 #define PFIX_IE_sourceIPv6Address 27 70 #define PFIX_IE_destinationIPv6Address 28 71 #define PFIX_IE_flowStartMilliseconds 152 72 #define PFIX_IE_flowEndMilliseconds 153 73 #define PFIX_IE_postNATSourceIPv4Address 225 74 #define PFIX_IE_postNATDestinationIPv4Address 226 75 #define PFIX_IE_postNAPTSourceTransportPort 227 76 #define PFIX_IE_postNAPTDestinationTransportPort 228 77 #define PFIX_IE_natEvent 230 78 #define PFIX_NAT_EVENT_SESSION_CREATE 4 79 #define PFIX_NAT_EVENT_SESSION_DELETE 5 80 #define PFIX_IE_timeStamp 323 81 82 struct pflow_flow { 83 u_int32_t src_ip; 84 u_int32_t dest_ip; 85 u_int32_t nexthop_ip; 86 u_int16_t if_index_in; 87 u_int16_t if_index_out; 88 u_int32_t flow_packets; 89 u_int32_t flow_octets; 90 u_int32_t flow_start; 91 u_int32_t flow_finish; 92 u_int16_t src_port; 93 u_int16_t dest_port; 94 u_int8_t pad1; 95 u_int8_t tcp_flags; 96 u_int8_t protocol; 97 u_int8_t tos; 98 u_int16_t src_as; 99 u_int16_t dest_as; 100 u_int8_t src_mask; 101 u_int8_t dest_mask; 102 u_int16_t pad2; 103 } __packed; 104 105 struct pflow_set_header { 106 u_int16_t set_id; 107 u_int16_t set_length; /* total length of the set, 108 in octets, including the set header */ 109 } __packed; 110 111 #define PFLOW_SET_HDRLEN sizeof(struct pflow_set_header) 112 113 struct pflow_tmpl_hdr { 114 u_int16_t tmpl_id; 115 u_int16_t field_count; 116 } __packed; 117 118 struct pflow_tmpl_fspec { 119 u_int16_t field_id; 120 u_int16_t len; 121 } __packed; 122 123 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_ipv4 */ 124 struct pflow_ipfix_tmpl_ipv4 { 125 struct pflow_tmpl_hdr h; 126 struct pflow_tmpl_fspec src_ip; 127 struct pflow_tmpl_fspec dest_ip; 128 struct pflow_tmpl_fspec if_index_in; 129 struct pflow_tmpl_fspec if_index_out; 130 struct pflow_tmpl_fspec packets; 131 struct pflow_tmpl_fspec octets; 132 struct pflow_tmpl_fspec start; 133 struct pflow_tmpl_fspec finish; 134 struct pflow_tmpl_fspec src_port; 135 struct pflow_tmpl_fspec dest_port; 136 struct pflow_tmpl_fspec tos; 137 struct pflow_tmpl_fspec protocol; 138 #define PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT 12 139 #define PFLOW_IPFIX_TMPL_IPV4_ID 256 140 } __packed; 141 142 /* update pflow_clone_create() when changing pflow_ipfix_tmpl_v6 */ 143 struct pflow_ipfix_tmpl_ipv6 { 144 struct pflow_tmpl_hdr h; 145 struct pflow_tmpl_fspec src_ip; 146 struct pflow_tmpl_fspec dest_ip; 147 struct pflow_tmpl_fspec if_index_in; 148 struct pflow_tmpl_fspec if_index_out; 149 struct pflow_tmpl_fspec packets; 150 struct pflow_tmpl_fspec octets; 151 struct pflow_tmpl_fspec start; 152 struct pflow_tmpl_fspec finish; 153 struct pflow_tmpl_fspec src_port; 154 struct pflow_tmpl_fspec dest_port; 155 struct pflow_tmpl_fspec tos; 156 struct pflow_tmpl_fspec protocol; 157 #define PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT 12 158 #define PFLOW_IPFIX_TMPL_IPV6_ID 257 159 } __packed; 160 161 struct pflow_ipfix_tmpl_nat44 { 162 struct pflow_tmpl_hdr h; 163 struct pflow_tmpl_fspec timestamp; 164 struct pflow_tmpl_fspec nat_event; 165 struct pflow_tmpl_fspec protocol; 166 struct pflow_tmpl_fspec src_ip; 167 struct pflow_tmpl_fspec src_port; 168 struct pflow_tmpl_fspec postnat_src_ip; 169 struct pflow_tmpl_fspec postnat_src_port; 170 struct pflow_tmpl_fspec dst_ip; 171 struct pflow_tmpl_fspec dst_port; 172 struct pflow_tmpl_fspec postnat_dst_ip; 173 struct pflow_tmpl_fspec postnat_dst_port; 174 #define PFLOW_IPFIX_TMPL_NAT44_FIELD_COUNT 11 175 #define PFLOW_IPFIX_TMPL_NAT44_ID 258 176 }; 177 178 struct pflow_ipfix_tmpl { 179 struct pflow_set_header set_header; 180 struct pflow_ipfix_tmpl_ipv4 ipv4_tmpl; 181 struct pflow_ipfix_tmpl_ipv6 ipv6_tmpl; 182 struct pflow_ipfix_tmpl_nat44 nat44_tmpl; 183 } __packed; 184 185 struct pflow_ipfix_flow4 { 186 u_int32_t src_ip; /* sourceIPv4Address*/ 187 u_int32_t dest_ip; /* destinationIPv4Address */ 188 u_int32_t if_index_in; /* ingressInterface */ 189 u_int32_t if_index_out; /* egressInterface */ 190 u_int64_t flow_packets; /* packetDeltaCount */ 191 u_int64_t flow_octets; /* octetDeltaCount */ 192 int64_t flow_start; /* flowStartMilliseconds */ 193 int64_t flow_finish; /* flowEndMilliseconds */ 194 u_int16_t src_port; /* sourceTransportPort */ 195 u_int16_t dest_port; /* destinationTransportPort */ 196 u_int8_t tos; /* ipClassOfService */ 197 u_int8_t protocol; /* protocolIdentifier */ 198 /* XXX padding needed? */ 199 } __packed; 200 201 struct pflow_ipfix_flow6 { 202 struct in6_addr src_ip; /* sourceIPv6Address */ 203 struct in6_addr dest_ip; /* destinationIPv6Address */ 204 u_int32_t if_index_in; /* ingressInterface */ 205 u_int32_t if_index_out; /* egressInterface */ 206 u_int64_t flow_packets; /* packetDeltaCount */ 207 u_int64_t flow_octets; /* octetDeltaCount */ 208 int64_t flow_start; /* flowStartMilliseconds */ 209 int64_t flow_finish; /* flowEndMilliseconds */ 210 u_int16_t src_port; /* sourceTransportPort */ 211 u_int16_t dest_port; /* destinationTransportPort */ 212 u_int8_t tos; /* ipClassOfService */ 213 u_int8_t protocol; /* protocolIdentifier */ 214 /* XXX padding needed? */ 215 } __packed; 216 217 struct pflow_ipfix_nat4 { 218 u_int64_t timestamp; /* timeStamp */ 219 u_int8_t nat_event; /* natEvent */ 220 u_int8_t protocol; /* protocolIdentifier */ 221 u_int32_t src_ip; /* sourceIPv4Address */ 222 u_int16_t src_port; /* sourceTransportPort */ 223 u_int32_t postnat_src_ip; /* postNATSourceIPv4Address */ 224 u_int16_t postnat_src_port;/* postNAPTSourceTransportPort */ 225 u_int32_t dest_ip; /* destinationIPv4Address */ 226 u_int16_t dest_port; /* destinationTransportPort */ 227 u_int32_t postnat_dest_ip;/* postNATDestinationIPv4Address */ 228 u_int16_t postnat_dest_port;/* postNAPTDestinationTransportPort */ 229 } __packed; 230 231 #ifdef _KERNEL 232 233 struct pflow_softc { 234 int sc_id; 235 236 struct mtx sc_lock; 237 238 int sc_dying; /* [N] */ 239 struct vnet *sc_vnet; 240 241 unsigned int sc_count; 242 unsigned int sc_count4; 243 unsigned int sc_count6; 244 unsigned int sc_count_nat4; 245 unsigned int sc_maxcount; 246 unsigned int sc_maxcount4; 247 unsigned int sc_maxcount6; 248 unsigned int sc_maxcount_nat4; 249 u_int32_t sc_gcounter; 250 u_int32_t sc_sequence; 251 struct callout sc_tmo; 252 struct callout sc_tmo6; 253 struct callout sc_tmo_nat4; 254 struct callout sc_tmo_tmpl; 255 struct intr_event *sc_swi_ie; 256 void *sc_swi_cookie; 257 struct mbufq sc_outputqueue; 258 struct task sc_outputtask; 259 struct socket *so; /* [p] */ 260 struct sockaddr *sc_flowsrc; 261 struct sockaddr *sc_flowdst; 262 struct pflow_ipfix_tmpl sc_tmpl_ipfix; 263 u_int8_t sc_version; 264 u_int32_t sc_observation_dom; 265 struct mbuf *sc_mbuf; /* current cumulative mbuf */ 266 struct mbuf *sc_mbuf6; /* current cumulative mbuf */ 267 struct mbuf *sc_mbuf_nat4; 268 CK_LIST_ENTRY(pflow_softc) sc_next; 269 struct epoch_context sc_epoch_ctx; 270 }; 271 272 #endif /* _KERNEL */ 273 274 struct pflow_header { 275 u_int16_t version; 276 u_int16_t count; 277 u_int32_t uptime_ms; 278 u_int32_t time_sec; 279 u_int32_t time_nanosec; 280 u_int32_t flow_sequence; 281 u_int8_t engine_type; 282 u_int8_t engine_id; 283 u_int8_t reserved1; 284 u_int8_t reserved2; 285 } __packed; 286 287 #define PFLOW_HDRLEN sizeof(struct pflow_header) 288 289 struct pflow_v10_header { 290 u_int16_t version; 291 u_int16_t length; 292 u_int32_t time_sec; 293 u_int32_t flow_sequence; 294 u_int32_t observation_dom; 295 } __packed; 296 297 #define PFLOW_IPFIX_HDRLEN sizeof(struct pflow_v10_header) 298 299 struct pflowstats { 300 u_int64_t pflow_flows; 301 u_int64_t pflow_packets; 302 u_int64_t pflow_onomem; 303 u_int64_t pflow_oerrors; 304 }; 305 306 /* Supported flow protocols */ 307 #define PFLOW_PROTO_5 5 /* original pflow */ 308 #define PFLOW_PROTO_10 10 /* ipfix */ 309 #define PFLOW_PROTO_MAX 11 310 311 #define PFLOW_PROTO_DEFAULT PFLOW_PROTO_5 312 313 struct pflow_protos { 314 const char *ppr_name; 315 u_int8_t ppr_proto; 316 }; 317 318 #define PFLOW_PROTOS { \ 319 { "5", PFLOW_PROTO_5 }, \ 320 { "10", PFLOW_PROTO_10 }, \ 321 } 322 323 #define PFLOWNL_FAMILY_NAME "pflow" 324 325 enum { 326 PFLOWNL_CMD_UNSPEC = 0, 327 PFLOWNL_CMD_LIST = 1, 328 PFLOWNL_CMD_CREATE = 2, 329 PFLOWNL_CMD_DEL = 3, 330 PFLOWNL_CMD_SET = 4, 331 PFLOWNL_CMD_GET = 5, 332 __PFLOWNL_CMD_MAX, 333 }; 334 #define PFLOWNL_CMD_MAX (__PFLOWNL_CMD_MAX - 1) 335 336 enum pflow_list_type_t { 337 PFLOWNL_L_UNSPEC, 338 PFLOWNL_L_ID = 1, /* u32 */ 339 }; 340 341 enum pflow_create_type_t { 342 PFLOWNL_CREATE_UNSPEC, 343 PFLOWNL_CREATE_ID = 1, /* u32 */ 344 }; 345 346 enum pflow_del_type_t { 347 PFLOWNL_DEL_UNSPEC, 348 PFLOWNL_DEL_ID = 1, /* u32 */ 349 }; 350 351 enum pflow_addr_type_t { 352 PFLOWNL_ADDR_UNSPEC, 353 PFLOWNL_ADDR_FAMILY = 1, /* u8 */ 354 PFLOWNL_ADDR_PORT = 2, /* u16 */ 355 PFLOWNL_ADDR_IP = 3, /* struct in_addr */ 356 PFLOWNL_ADDR_IP6 = 4, /* struct in6_addr */ 357 }; 358 359 enum pflow_get_type_t { 360 PFLOWNL_GET_UNSPEC, 361 PFLOWNL_GET_ID = 1, /* u32 */ 362 PFLOWNL_GET_VERSION = 2, /* u16 */ 363 PFLOWNL_GET_SRC = 3, /* struct sockaddr_storage */ 364 PFLOWNL_GET_DST = 4, /* struct sockaddr_storage */ 365 PFLOWNL_GET_OBSERVATION_DOMAIN = 5, /* u32 */ 366 }; 367 368 enum pflow_set_type_t { 369 PFLOWNL_SET_UNSPEC, 370 PFLOWNL_SET_ID = 1, /* u32 */ 371 PFLOWNL_SET_VERSION = 2, /* u16 */ 372 PFLOWNL_SET_SRC = 3, /* struct sockaddr_storage */ 373 PFLOWNL_SET_DST = 4, /* struct sockaddr_storage */ 374 PFLOWNL_SET_OBSERVATION_DOMAIN = 5, /* u32 */ 375 }; 376 377 #ifdef _KERNEL 378 int pflow_sysctl(int *, u_int, void *, size_t *, void *, size_t); 379 #endif /* _KERNEL */ 380 381 #endif /* _NET_IF_PFLOW_H_ */ 382