tacppd.kdevelop: NetFlow.h Source File

00001 // this is part of tacppd project
00002 // (c) Copyright in 2000-2005 by tacppd team and contributors
00003 // see http://tacppd.org for more information
00004 
00005 //  This program is free software; you can redistribute it and/or modify
00006 //  it under the terms of the GNU General Public License as published by
00007 //  the Free Software Foundation; either version 2 of the License, or
00008 //  (at your option) any later version.
00009 //
00010 //  This program is distributed in the hope that it will be useful,
00011 //  but WITHOUT ANY WARRANTY; without even the implied warranty of
00012 //  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00013 //  GNU General Public License for more details.
00014 //
00015 //  You should have received a copy of the GNU General Public License
00016 //  along with this program; if not, write to the Free Software
00017 //  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00018 
00019 /*
00020 The NetFlow packet fragments structures used from NetFlow
00021 examples on Cisco Systems, Inc. web site
00022 */
00023 
00024 // all comments which start from /** - this is comments for KDoc
00025 //  for classes
00026 //    @short [short description of the class]
00027 //    @author [class author]
00028 //    @version [class version]
00029 //    @see [references to other classes or methods]
00030 //  for methods
00031 //    @see [references]
00032 //    @return [sentence describing the return value]
00033 //    @exception [list the exeptions that could be thrown]
00034 //    @param [name id] [description]    - can be multiple
00035 
00036 #ifndef __NETFLOW_H__
00037 #define __NETFLOW_H__
00038 
00039 #include "global.h"
00040 
00041 namespace tacpp {
00042 
00043 // set up types:
00044 typedef unsigned char Bit8;
00045 typedef unsigned short Bit16;
00046 //#if SIZEOF_LONG == 4
00047 typedef unsigned long Bit32;
00048 //#elif SIZEOF_LONG == 8
00049 //typedef unsigned int Bit32;
00050 //#endif
00051 
00052 //Bit16 aaa;
00053 //Bit8 bbb;
00054 //Bit32 ccc;
00055 
00056 #define IP4_ADDR_LEN    4
00057 #define TRANS_ADDR_LEN  2
00058 #define AS_ADDR_LEN     2
00059 
00060 #define   ushort        Bit16
00061 #define   uchar         Bit8
00062 #define   ulong         Bit32
00063 #define   ipaddrtype    Bit32
00064 
00066 //
00067 // HDR_VER NetFlowHeader_vX NetFlow_vX NetFlow_vX ... NetFlow_vX
00068 //
00069 //
00070 
00076 struct NetFlowHeader_v1 {
00079   ushort version;
00082   ushort count;
00085   ulong SysUptime;
00088   ulong unix_secs;
00091   ulong unix_nsecs;
00092 };
00093 
00099 struct NetFlowHeader_v5 {
00102   ushort version;
00105   ushort count;
00108   ulong SysUptime;
00111   ulong unix_secs;
00114   ulong unix_nsecs;
00117   ulong flow_sequence;
00120   uchar engine_type;
00123   uchar engine_id;
00126   ushort reserved;
00127 };
00128 
00134 struct NetFlowHeader_v7 {
00137   ushort version;
00140   ushort count;
00143   ulong SysUptime;
00146   ulong unix_secs;
00149   ulong unix_nsecs;
00152   ulong flow_sequence;
00155   ulong reserved;
00156 };
00157 
00163 struct NetFlowHeader_v8 {
00166   ushort version;
00169   ushort count;
00172   ulong SysUptime;
00175   ulong unix_secs;
00178   ulong unix_nsecs;
00181   ulong flow_sequence;
00184   uchar engine_type;
00187   uchar engine_id;
00190   uchar aggregation;
00193   uchar agg_version;
00196   ulong reserved;
00197 };
00198 
00204 struct NetFlow_v1 {
00207   ipaddrtype srcaddr;
00210   ipaddrtype dstaddr;
00213   ipaddrtype nexthop;
00216   ushort input;
00219   ushort output;
00223   ulong dPkts;
00227   ulong dOctets;
00230   ulong First;
00233   ulong Last;
00236   ushort srcport;
00240   ushort dstport;
00243   ushort pad1;
00246   uchar prot;
00249   uchar tos;
00252   uchar tcp_flags;
00255   uchar tcp_retx_cnt;
00258   uchar tcp_retx_secs;
00261   uchar tcp_misseq_cnt;
00264   ulong reserved;
00265 };
00266 
00272 struct NetFlow_v5 {
00275   ipaddrtype srcaddr;
00278   ipaddrtype dstaddr;
00281   ipaddrtype nexthop;
00284   ushort input;
00287   ushort output;
00291   ulong dPkts;
00295   ulong dOctets;
00298   ulong First;
00301   ulong Last;
00304   ushort srcport;
00308   ushort dstport;
00311   uchar pad1;
00314   uchar tcp_flags;
00317   uchar prot;
00320   uchar tos;
00323   ushort dst_as;
00326   ushort src_as;
00329   uchar dst_mask;
00332   uchar src_mask;
00335   ushort pad2;
00336 };
00337 
00343 struct NetFlow_v7 {
00346   ipaddrtype srcaddr;
00349   ipaddrtype dstaddr;
00352   ipaddrtype nexthop;
00355   ushort input;
00358   ushort output;
00361   ulong dPkts;
00364   ulong dOctets;
00367   ulong First;
00370   ulong Last;
00373   ushort srcport;
00376   ushort dstport;
00379   uchar flags;
00382   uchar tcp_flags;
00385   uchar prot;
00388   uchar tos;
00391   ulong src_as;
00394   ulong dst_as;
00397   uchar src_mask;
00400   uchar dst_mask;
00403   ushort pad;
00406   ipaddrtype router_sc;
00407 };
00408 
00409 
00410 // The aggregated flow records within version 8 NetFlow Export datagrams
00411 
00417 struct NetFlow_v8_ASMatrix {
00420   ulong flows;
00423   ulong dPkts;
00426   ulong dOctets;
00429   ulong First;
00432   ulong Last;
00435   ushort src_as;
00438   ushort dst_as;
00441   ushort input;
00444   ushort output;
00445 };
00446 
00452 struct NetFlow_v8_ProtocolPortMatrix {
00455   ulong flows;
00458   ulong dPkts;
00461   ulong dOctets;
00464   ulong First;
00467   ulong Last;
00470   uchar prot;
00473   uchar pad;
00476   ushort reserved;
00479   ushort srcport;
00482   ushort dstport;
00483 };
00484 
00490 struct NetFlow_v8_SourcePrefixMatrix {
00493   ulong flows;
00496   ulong dPkts;
00499   ulong dOctets;
00502   ulong First;
00505   ulong Last;
00508   ipaddrtype src_prefix;
00511   uchar src_mask;
00514   uchar pad;
00517   ushort src_as;
00520   ushort input;
00521 };
00522 
00528 struct NetFlow_v8_DestinationPrefixMatrix {
00531   ulong flows;
00534   ulong dPkts;
00537   ulong dOctets;
00540   ulong First;
00543   ulong Last;
00546   ipaddrtype dst_prefix;
00549   uchar dst_mask;
00552   uchar pad;
00555   ushort dst_as;
00558   ushort output;
00559 };
00560 
00566 struct NetFlow_v8_PrefixMatrix {
00569   ulong flows;
00572   ulong dPkts;
00575   ulong dOctets;
00578   ulong First;
00581   ulong Last;
00584   ipaddrtype src_prefix;
00587   ipaddrtype dst_prefix;
00590   uchar dst_mask;
00593   uchar src_mask;
00596   ushort reserved;
00599   ushort src_as;
00602   ushort dst_as;
00605   ushort input;
00608   ushort output;
00609 };
00610 
00611 
00613 //    this is for collecting information
00615 
00616 #undef ulong
00617 #undef ushort
00618 #undef uchar
00619 #undef ipaddrtype
00620 
00626 class NfData {
00629   pthread_mutex_t mutex_;
00632   void lock();
00635   void unlock();
00638   unsigned int ifin_;
00641   unsigned long octets_;
00644   unsigned long packets_;
00647   int protocol_;
00650   time_t startt_;
00653   time_t stopt_;
00654  public:
00657   NfData(unsigned long,unsigned long,unsigned int,time_t,time_t);
00660   ~NfData();
00663   void add(unsigned long,unsigned long,time_t);
00666   bool isExpired(time_t);
00669   unsigned int getIfIn();
00672   time_t getStart();
00675   time_t getStop();
00678   unsigned long getOctets();
00681   unsigned long getPackets();
00682 };
00683 
00689 class NfAggregator {
00692   pthread_mutex_t mutex_;
00695   void lock();
00698   void unlock();
00701   map<Bit32,map<Bit32,map<Bit32,NfData*> > > nfb_;
00704   pthread_t thrvar_;
00707   bool writeProcess_;
00710   int expireTime_;
00713   int buf_size_;
00714  public:
00717   void process(Bit32,char*);
00720   NfAggregator();
00723   ~NfAggregator();
00726   void runProcess();
00729   void add(Bit32,Bit32,Bit32,unsigned long,unsigned long,unsigned int,time_t,time_t);
00732   void expire();
00735   int size();
00738   int nodesSize();
00741   int sourceSize();
00744   bool getWriteProcess();
00747   void setWriteProcess(bool);
00750   int expireTime();
00753   void addExpireTime();
00756   void delExpireTime();
00757 };
00758 
00759 };
00760 
00761 #endif //__NETFLOW_H__