1 /*- 2 * Copyright (c) 2004 Gleb Smirnoff <glebius@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $SourceForge: netflow.h,v 1.8 2004/09/16 17:05:11 glebius Exp $ 27 * $FreeBSD$ 28 */ 29 30 /* netflow timeouts in seconds */ 31 32 #define ACTIVE_TIMEOUT (30*60) /* maximum flow lifetime is 30 min */ 33 #define INACTIVE_TIMEOUT 15 34 35 /* More info can be found in these two Cisco documents: 36 * http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm 37 * http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/prod_installation_guide09186a00800fea56.html#wp1006186 38 * However, they say quite different things. 39 */ 40 41 #define NETFLOW_V1 1 42 #define NETFLOW_V5 5 43 44 struct netflow_v1_header 45 { 46 uint16_t version; /* NetFlow version */ 47 uint16_t count; /* Number of records in flow */ 48 uint32_t sys_uptime; /* System uptime */ 49 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 50 uint32_t unix_nsecs; /* Remaining nanoseconds since 0000 UTC 1970 */ 51 } __attribute__((__packed__)); 52 53 struct netflow_v5_header 54 { 55 uint16_t version; /* NetFlow version */ 56 uint16_t count; /* Number of records in flow */ 57 uint32_t sys_uptime; /* System uptime */ 58 uint32_t unix_secs; /* Current seconds since 0000 UTC 1970 */ 59 uint32_t unix_nsecs; /* Remaining nanoseconds since 0000 UTC 1970 */ 60 uint32_t flow_seq; /* Sequence number of the first record */ 61 uint8_t engine_type; /* Type of flow switching engine (RP,VIP,etc.) */ 62 uint8_t engine_id; /* Slot number of the flow switching engine */ 63 uint16_t pad; /* Pad to word boundary */ 64 } __attribute__((__packed__)); 65 66 struct netflow_v1_record 67 { 68 uint32_t src_addr; /* Source IP address */ 69 uint32_t dst_addr; /* Destination IP address */ 70 uint32_t next_hop; /* Next hop IP address */ 71 uint16_t in_ifx; /* Source interface index */ 72 uint16_t out_ifx; /* Destination interface index */ 73 uint32_t packets; /* Number of packets in a flow */ 74 uint32_t octets; /* Number of octets in a flow */ 75 uint32_t first; /* System uptime at start of a flow */ 76 uint32_t last; /* System uptime at end of a flow */ 77 uint16_t s_port; /* Source port */ 78 uint16_t d_port; /* Destination port */ 79 uint16_t pad1; /* Pad to word boundary */ 80 uint8_t prot; /* IP protocol */ 81 uint8_t tos; /* IP type of service */ 82 uint8_t flags; /* Cumulative OR of tcp flags */ 83 uint8_t pad2; /* pad to word boundary */ 84 uint16_t pad3; /* Pad to word boundary */ 85 uint8_t reserved[5]; /* Reserved for future use */ 86 } __attribute__((__packed__)); 87 88 struct netflow_v5_record 89 { 90 uint32_t src_addr; /* Source IP address */ 91 uint32_t dst_addr; /* Destination IP address */ 92 uint32_t next_hop; /* Next hop IP address */ 93 uint16_t i_ifx; /* Source interface index */ 94 uint16_t o_ifx; /* Destination interface index */ 95 uint32_t packets; /* Number of packets in a flow */ 96 uint32_t octets; /* Number of octets in a flow */ 97 uint32_t first; /* System uptime at start of a flow */ 98 uint32_t last; /* System uptime at end of a flow */ 99 uint16_t s_port; /* Source port */ 100 uint16_t d_port; /* Destination port */ 101 uint8_t pad1; /* pad to word boundary */ 102 uint8_t flags; /* Cumulative OR of tcp flags */ 103 uint8_t prot; /* IP protocol */ 104 uint8_t tos; /* IP type of service */ 105 uint16_t src_as; /* Src peer/origin Autonomous System */ 106 uint16_t dst_as; /* Dst peer/origin Autonomous System */ 107 uint8_t src_mask; /* Source route's mask bits */ 108 uint8_t dst_mask; /* Destination route's mask bits */ 109 uint16_t pad2; /* Pad to word boundary */ 110 } __attribute__((__packed__)); 111 112 #define NETFLOW_V1_MAX_RECORDS 24 113 #define NETFLOW_V5_MAX_RECORDS 30 114 115 #define NETFLOW_V1_MAX_SIZE (sizeof(netflow_v1_header)+ \ 116 sizeof(netflow_v1_record)*NETFLOW_V1_MAX_RECORDS) 117 #define NETFLOW_V5_MAX_SIZE (sizeof(netflow_v5_header)+ \ 118 sizeof(netflow_v5_record)*NETFLOW_V5_MAX_RECORDS) 119