Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
att
GitHub Repository: att/ast
 Path: blob/master/src/cmd/dsslib/netflow/netflow.h
1810 views
1
/***********************************************************************

2
*                                                                      *

3
*               This software is part of the ast package               *

4
*          Copyright (c) 2002-2011 AT&T Intellectual Property          *

5
*                      and is licensed under the                       *

6
*                 Eclipse Public License, Version 1.0                  *

7
*                    by AT&T Intellectual Property                     *

8
*                                                                      *

9
*                A copy of the License is available at                 *

10
*          http://www.eclipse.org/org/documents/epl-v10.html           *

11
*         (with md5 checksum b35adb5213ca9657e911e9befb180842)         *

12
*                                                                      *

13
*              Information and Software Systems Research               *

14
*                            AT&T Research                             *

15
*                           Florham Park NJ                            *

16
*                                                                      *

17
*                 Glenn Fowler <[email protected]>                  *

18
*                                                                      *

19
***********************************************************************/

20
#pragma prototyped

21
/*

22
 * cisco netflow data interface

23
 *

24
 * Glenn Fowler

25
 * AT&T Research

26
 */

27


28
#ifndef _NETFLOW_H

29
#define _NETFLOW_H

30


31
#include <ast_common.h>

32


33
#define NETFLOW_PACKET			1464

34


35
#define NETFLOW_SET_bgp_hopv4		(1<<0)

36
#define NETFLOW_SET_bgp_hopv6		(1<<1)

37
#define NETFLOW_SET_dst_addrv4		(1<<2)

38
#define NETFLOW_SET_dst_addrv6		(1<<3)

39
#define NETFLOW_SET_hopv4		(1<<4)

40
#define NETFLOW_SET_hopv6		(1<<5)

41
#define NETFLOW_SET_router_scv4		(1<<6)

42
#define NETFLOW_SET_router_scv6		(1<<7)

43
#define NETFLOW_SET_src_addrv4		(1<<8)

44
#define NETFLOW_SET_src_addrv6		(1<<9)

45


46
/* (V9) index order */

47


48
#define NETFLOW_in_bytes		1

49
#define NETFLOW_in_packets		2

50
#define NETFLOW_flows			3

51
#define NETFLOW_protocol		4

52
#define NETFLOW_src_tos			5

53
#define NETFLOW_tcp_flags		6

54
#define NETFLOW_src_port		7

55
#define NETFLOW_src_addrv4		8

56
#define NETFLOW_src_maskv4		9

57
#define NETFLOW_input_snmp		10

58
#define NETFLOW_dst_port		11

59
#define NETFLOW_dst_addrv4		12

60
#define NETFLOW_dst_maskv4		13

61
#define NETFLOW_output_snmp		14

62
#define NETFLOW_hopv4			15

63
#define NETFLOW_src_as			16

64
#define NETFLOW_dst_as			17

65
#define NETFLOW_bgp_hopv4		18

66
#define NETFLOW_mul_dst_packets		19

67
#define NETFLOW_mul_dst_bytes		20

68
#define NETFLOW_last			21

69
#define NETFLOW_first			22

70
#define NETFLOW_out_bytes		23

71
#define NETFLOW_out_packets		24

72
#define NETFLOW_min_packet_length	25

73
#define NETFLOW_max_packet_length	26

74
#define NETFLOW_src_addrv6		27

75
#define NETFLOW_dst_addrv6		28

76
#define NETFLOW_src_maskv6		29

77
#define NETFLOW_dst_maskv6		30

78
#define NETFLOW_flow_label		31

79
#define NETFLOW_icmp_type		32

80
#define NETFLOW_mul_igmp_type		33

81
#define NETFLOW_sampler_interval	34

82
#define NETFLOW_sampler_algorithm	35

83
#define NETFLOW_flow_active_timeout	36

84
#define NETFLOW_flow_inactive_timeout	37

85
#define NETFLOW_engine_type		38

86
#define NETFLOW_engine_id		39

87
#define NETFLOW_total_bytes_exp		40

88
#define NETFLOW_total_packets_exp	41

89
#define NETFLOW_total_flows_exp		42

90
#define NETFLOW_vendor_43		43

91
#define NETFLOW_src_prefixv4		44

92
#define NETFLOW_dst_prefixv4		45

93
#define NETFLOW_mpls_top_label_type	46

94
#define NETFLOW_mpls_top_label_class	47

95
#define NETFLOW_sampler_id		48

96
#define NETFLOW_sampler_mode		49

97
#define NETFLOW_sampler_random_interval	50

98
#define NETFLOW_vendor_51		51

99
#define NETFLOW_min_ttl			52

100
#define NETFLOW_max_ttl			53

101
#define NETFLOW_ident			54

102
#define NETFLOW_dst_tos			55

103
#define NETFLOW_in_src_mac		56

104
#define NETFLOW_out_dst_mac		57

105
#define NETFLOW_src_vlan		58

106
#define NETFLOW_dst_vlan		59

107
#define NETFLOW_ip_protocol_version	60

108
#define NETFLOW_direction		61

109
#define NETFLOW_hopv6			62

110
#define NETFLOW_bgp_hopv6		63

111
#define NETFLOW_option_headers		64

112
#define NETFLOW_vendor_65		65

113
#define NETFLOW_vendor_66		66

114
#define NETFLOW_vendor_67		67

115
#define NETFLOW_vendor_68		68

116
#define NETFLOW_vendor_69		69

117
#define NETFLOW_mpls_label_1		70

118
#define NETFLOW_mpls_label_2		71

119
#define NETFLOW_mpls_label_3		72

120
#define NETFLOW_mpls_label_4		73

121
#define NETFLOW_mpls_label_5		74

122
#define NETFLOW_mpls_label_6		75

123
#define NETFLOW_mpls_label_7		76

124
#define NETFLOW_mpls_label_8		77

125
#define NETFLOW_mpls_label_9		78

126
#define NETFLOW_mpls_label_10		79

127
#define NETFLOW_in_dst_mac		80

128
#define NETFLOW_out_src_mac		81

129
#define NETFLOW_if_name			82

130
#define NETFLOW_if_desc			83

131
#define NETFLOW_sampler_name		84

132
#define NETFLOW_in_permanent_bytes	85

133
#define NETFLOW_in_permanent_packets	86

134
#define NETFLOW_vendor_87		87

135
#define NETFLOW_fragment_offset		88

136
#define NETFLOW_forwarding_status	89

137


138
#define NETFLOW_TEMPLATE		89

139


140
#define NETFLOW_bytes			90

141
#define NETFLOW_count			91

142
#define NETFLOW_dst_as16		92

143
#define NETFLOW_dst_as32		93

144
#define NETFLOW_end			94

145
#define NETFLOW_flags			95

146
#define NETFLOW_flow_sequence		96

147
#define NETFLOW_forwarding_code		97

148
#define NETFLOW_nsec			98

149
#define NETFLOW_packets			99

150
#define NETFLOW_router_scv4		100

151
#define NETFLOW_router_scv6		101

152
#define NETFLOW_src_as16		102

153
#define NETFLOW_src_as32		103

154
#define NETFLOW_start			104

155
#define NETFLOW_tcp_misseq_cnt		105

156
#define NETFLOW_tcp_retx_cnt		106

157
#define NETFLOW_tcp_retx_secs		107

158
#define NETFLOW_time			108

159
#define NETFLOW_uptime			109

160
#define NETFLOW_version			110

161


162
#define NETFLOW_HEADER			110

163


164
#define NETFLOW_dst_addr		111

165
#define NETFLOW_dst_mask		112

166
#define NETFLOW_dst_prefix		113

167
#define NETFLOW_dst_prefixv6		114

168
#define NETFLOW_hop			115

169
#define NETFLOW_router_sc		116

170
#define NETFLOW_src_addr		117

171
#define NETFLOW_src_mask		118

172
#define NETFLOW_src_prefix		119

173
#define NETFLOW_src_prefixv6		120

174
#define NETFLOW_tos			121

175


176
#define NETFLOW_GENERIC			121

177


178
typedef   uint8_t Nfbyte_t;

179
typedef  uint16_t Nfshort_t;

180
typedef  uint32_t Nflong_t;

181
typedef uintmax_t Nftime_t;

182
typedef uintmax_t Nfcount_t;

183
typedef unsigned char Nfaddr_t[16];

184
typedef unsigned char Nfprefix_t[17];

185
typedef unsigned char Nfname_t[32];

186


187
/*

188
 * canonical netflow data

189
 */

190


191
typedef struct Netflow_s

192
{

193


194
/* (V1-7) */

195


196
Nflong_t	src_addrv4;	/* ipv4 source address */

197
Nflong_t	dst_addrv4;	/* ipv4 destination address */

198
Nflong_t	hopv4;		/* ipv4 address of next hop router */

199
Nfshort_t	input;		/* Input interface index */

200
Nfshort_t	output;		/* Output interface index */

201
Nflong_t	packets;	/* Packets sent in Duration */

202
Nflong_t	bytes;		/* Bytes sent in Duration. */

203
Nflong_t	first;		/* SysUptime at start of flow */

204
Nflong_t	last;		/* and of last packet of flow */

205
Nfshort_t	src_port;	/* TCP/UDP source port number */    

206
Nfshort_t	dst_port;	/* TCP/UDP destination port number */    

207


208
Nfbyte_t	flags;		/* Reason flow was discarded, etc...  */

209
Nfbyte_t	tcp_flags;	/* Cumulative OR of tcp flags for this flow */

210
Nfbyte_t	protocol;	/* ip protocol, e.g., 6=TCP, 17=UDP, ... */

211
Nfbyte_t	src_tos;	/* ip Type-of-Service upon entering incoming interface */

212


213
/* (V5) */

214


215
Nfshort_t	src_as16;	/* 16 bit source BGP autonomous system number */

216
Nfshort_t	dst_as16;	/* 16 bit destination BGP autonomous system number */

217
Nfbyte_t	src_maskv4;	/* ipv4 source address prefix mask bits */

218
Nfbyte_t	dst_maskv4;	/* ipv4 destination address prefix mask bits */

219
Nfshort_t	pad5;

220


221
/* (V7) */

222


223
Nflong_t	router_scv4;	/* ipv4 address of router shortcut by switch (V7) */

224


225
/* (V1) */

226


227
Nfbyte_t	pad1;

228
Nfbyte_t	tcp_retx_cnt;	/* # mis-seq with delay > 1sec (V1) */

229
Nfbyte_t	tcp_retx_secs;	/* # seconds between mis-sequenced packets (V1) */

230
Nfbyte_t	tcp_misseq_cnt;	/* # mis-sequenced tcp packets (V1) */

231


232
/* (V1-7) header */

233


234
Nfshort_t	version;	/* Record version (header). */

235
Nfshort_t	count;		/* # records in packet (header). */

236
Nflong_t	uptime;		/* Elapsed millisecs since router booted (header). */

237
Nflong_t	time;		/* Current time since epoch (header). */

238
Nflong_t	nsec;		/* Residual nanoseconds (header). */

239
Nflong_t	flow_sequence;	/* Seq counter of total flows seen (header). */

240
Nfbyte_t	engine_type;	/* Type of flow switching engine 0: RP, 1: Vip/linecard */

241
Nfbyte_t	engine_id;	/* ID number of the flow switching engine */

242
Nfshort_t	sampler_interval;/* Sampling interval. */

243
Nfbyte_t	sampler_mode;	/* Algorithm used for sampling data: 0x02 random sampling */

244


245
/* header, synthesized, and (V8...) */

246


247
#define NETFLOW_GROUP_8_BEGIN	start

248


249
Nftime_t	start;		/* nanoseconds since epoch at flow start (synthesized) */

250
Nftime_t	end;		/* nanoseconds since epoch at flow end (synthesized) */

251


252
Nfcount_t	in_packets;	/* Incoming counter for the number of packets associated with an ip Flow */

253
Nfcount_t	in_bytes;	/* Incoming counter for the number of bytes associated with an ip Flow */

254
Nfcount_t	mul_dst_bytes;	/* Multicast outgoing byte count */

255
Nfcount_t	mul_dst_packets;/* Multicast outgoing packet count */

256
Nfcount_t	out_bytes;	/* Outgoing counter for the number of bytes associated with an ip Flow */

257
Nfcount_t	out_packets;	/* Outgoing counter for the number of packets associated with an ip Flow */

258
Nfcount_t	flows;		/* Number of flows that were aggregated */

259
Nfcount_t	total_bytes_exp;/* The number of bytes exported by the observation domain */

260
Nfcount_t	total_packets_exp;/* The number of packets exported by the observation domain */

261
Nfcount_t	total_flows_exp;/* The number of flows exported by the observation domain */

262
Nfcount_t	input_snmp;	/* Input interface index */

263
Nfcount_t	output_snmp;	/* Output interface index */

264
Nfcount_t	in_src_mac;	/* Incoming source MAC address */

265
Nfcount_t	out_dst_mac;	/* Outgoing destination MAC address */

266
Nfcount_t	in_dst_mac;	/* Incoming destination MAC address */

267
Nfcount_t	out_src_mac;	/* Outgoing source MAC address */

268
Nfcount_t	in_permanent_bytes;/* Permanent flow byte count */

269
Nfcount_t	in_permanent_packets;/* Permanent flow packet count */

270


271
Nfcount_t	vendor_43;	/* vendor private value */

272
Nfcount_t	vendor_51;	/* vendor private value */

273
Nfcount_t	vendor_65;	/* vendor private value */

274
Nfcount_t	vendor_66;	/* vendor private value */

275
Nfcount_t	vendor_67;	/* vendor private value */

276
Nfcount_t	vendor_68;	/* vendor private value */

277
Nfcount_t	vendor_69;	/* vendor private value */

278
Nfcount_t	vendor_87;	/* vendor private value */

279


280
#define NETFLOW_GROUP_4_BEGIN	set

281


282
Nflong_t	set;		/* NETFLOW_SET_* set bits */

283
Nflong_t	bgp_hopv4;	/* Next hop router's ipv4 address in the BGP domain */

284
Nflong_t	flow_label;	/* ipv6 RFC 2460 flow label */

285
Nflong_t	src_prefixv4	;/* ipv4 source address prefix (catalyst architecture only) */

286
Nflong_t	dst_prefixv4;	/* ipv4 destination address prefix (catalyst architecture only) */

287
Nflong_t	src_as32;	/* 32 bit source BGP autonomous system number */

288
Nflong_t	dst_as32;	/* 32 bit destination BGP autonomous system number */

289
Nflong_t	mpls_top_label_class;/* Forwarding Equivalent Class corresponding to the MPLS Top Label */

290
Nflong_t	sampler_random_interval;/* Packet interval at which to sample */

291
Nflong_t	option_headers;/* Bit-encoded field identifying ipv6 option headers found in the flow */

292
Nflong_t	mpls_label_1;	/* Stack position 1 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */

293
Nflong_t	mpls_label_2;	/* Stack position 2 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */

294
Nflong_t	mpls_label_3;	/* Stack position 3 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */

295
Nflong_t	mpls_label_4;	/* Stack position 4 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */

296
Nflong_t	mpls_label_5;	/* Stack position 5 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */

297
Nflong_t	mpls_label_6;	/* Stack position 6 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */

298
Nflong_t	mpls_label_7;	/* Stack position 7 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */

299
Nflong_t	mpls_label_8;	/* Stack position 8 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */

300
Nflong_t	mpls_label_9;	/* Stack position 9 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */

301
Nflong_t	mpls_label_10;	/* Stack position 10 MPLS label: 20 bits MPLS label, 3 bits experimental, 1 bit end-of-stack */

302
Nflong_t	source_id;	/* flow source id */

303


304
#define NETFLOW_GROUP_2_BEGIN	min_packet_length

305


306
Nfshort_t	min_packet_length;/* Minimum incoming ip packet length */

307
Nfshort_t	max_packet_length;/* Maximum incoming ip packet length */

308
Nfshort_t	icmp_type;	/* Internet Control Message Protocol packet type coded as ((type*256)+code) */

309
Nfshort_t	mul_igmp_type;	/* Internet Group Management Protocol packet type coded */

310
Nfshort_t	flow_active_timeout;/* Timeout value (in seconds) for active flow cache entries */

311
Nfshort_t	flow_inactive_timeout;/* Timeout value (in seconds) for inactive flow cache entries */

312
Nfshort_t	ident;		/* ipv4 identification field */

313
Nfshort_t	src_vlan;	/* Virtual LAN identifier associated with ingress interface */

314
Nfshort_t	dst_vlan;	/* Virtual LAN identifier associated with egress interface */

315
Nfshort_t	fragment_offset;/* Fragmented packet fragment-offset */

316


317
#define NETFLOW_GROUP_1_BEGIN	sampler_algorithm

318


319
Nfbyte_t	sampler_algorithm;/* 0x01: deterministic, 0x02: random */

320
Nfbyte_t	mpls_top_label_type;/* MPLS Top Label Type: 0x00 UNKNOWN 0x01 TE-MIDPT 0x02 ATOM 0x03 VPN 0x04 BGP 0x05 LDP */

321
Nfbyte_t	sampler_id;	/* Flow sampler ID */

322
Nfbyte_t	min_ttl;	/* Minimum TTL on incoming packets */

323
Nfbyte_t	max_ttl;	/* Maximum TTL on incoming packets */

324
Nfbyte_t	dst_tos;	/* Type of Service on exiting outgoing interface */

325
Nfbyte_t	ip_protocol_version; /* ip version 6: ipv6, 4 or not specified: ipv4 */

326
Nfbyte_t	direction;	/* Flow direction: 0 - ingress flow, 1 - egress flow */

327
Nfbyte_t	forwarding_status;/* Forwarding status 0: unknown, 1: forwarded, 2: dropped, 3: consumed */

328
Nfbyte_t	forwarding_code;/* Forwarding reason code */

329
Nfbyte_t	src_maskv6;	/* ipv6 source address prefix mask bits */

330
Nfbyte_t	dst_maskv6;	/* ipv6 destination address prefix mask bits */

331


332
Nfprefix_t	src_addrv6;	/* ipv6 source address/prefix */

333
Nfprefix_t	dst_addrv6;	/* ipv6 destination address/prefix */

334


335
Nfaddr_t	bgp_hopv6;	/* Next hop router ipv6 address in the BGP domain */

336
Nfaddr_t	hopv6;		/* ipv6 address of next hop router */

337
Nfaddr_t	router_scv6;	/* ipv4 address of router shortcut by switch (V7) */

338


339
Nfname_t	if_name;	/* Shortened interface name */

340
Nfname_t	if_desc;	/* Full interface name */

341
Nfname_t	sampler_name;	/* Flow sampler name */

342


343
} Netflow_t;

344


345
#endif

346


347