1/*	$OpenBSD: if_pflow.h,v 1.23 2023/12/16 22:16:02 mvs Exp $	*/
2
3/*
4 * Copyright (c) 2008 Henning Brauer <henning@openbsd.org>
5 * Copyright (c) 2008 Joerg Goltermann <jg@osn.de>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN
16 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
17 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20#ifndef _NET_IF_PFLOW_H_
21#define _NET_IF_PFLOW_H_
22
23#define PFLOW_ID_LEN	sizeof(u_int64_t)
24
25#define PFLOW_MAXFLOWS 30
26#define PFLOW_ENGINE_TYPE 42
27#define PFLOW_ENGINE_ID 42
28#define PFLOW_MAXBYTES 0xffffffff
29#define PFLOW_TIMEOUT 30
30#define PFLOW_TMPL_TIMEOUT 30 /* rfc 5101 10.3.6 (p.40) recommends 600 */
31
32#define PFLOW_IPFIX_TMPL_SET_ID 2
33
34/* RFC 5102 Information Element Identifiers */
35
36#define PFIX_IE_octetDeltaCount			  1
37#define PFIX_IE_packetDeltaCount		  2
38#define PFIX_IE_protocolIdentifier		  4
39#define PFIX_IE_ipClassOfService		  5
40#define PFIX_IE_sourceTransportPort		  7
41#define PFIX_IE_sourceIPv4Address		  8
42#define PFIX_IE_ingressInterface		 10
43#define PFIX_IE_destinationTransportPort	 11
44#define PFIX_IE_destinationIPv4Address		 12
45#define PFIX_IE_egressInterface			 14
46#define PFIX_IE_flowEndSysUpTime		 21
47#define PFIX_IE_flowStartSysUpTime		 22
48#define PFIX_IE_sourceIPv6Address		 27
49#define PFIX_IE_destinationIPv6Address		 28
50#define PFIX_IE_flowStartMilliseconds		152
51#define PFIX_IE_flowEndMilliseconds		153
52
53struct pflow_flow {
54	u_int32_t	src_ip;
55	u_int32_t	dest_ip;
56	u_int32_t	nexthop_ip;
57	u_int16_t	if_index_in;
58	u_int16_t	if_index_out;
59	u_int32_t	flow_packets;
60	u_int32_t	flow_octets;
61	u_int32_t	flow_start;
62	u_int32_t	flow_finish;
63	u_int16_t	src_port;
64	u_int16_t	dest_port;
65	u_int8_t	pad1;
66	u_int8_t	tcp_flags;
67	u_int8_t	protocol;
68	u_int8_t	tos;
69	u_int16_t	src_as;
70	u_int16_t	dest_as;
71	u_int8_t	src_mask;
72	u_int8_t	dest_mask;
73	u_int16_t	pad2;
74} __packed;
75
76struct pflow_set_header {
77	u_int16_t	set_id;
78	u_int16_t	set_length; /* total length of the set,
79				       in octets, including the set header */
80} __packed;
81
82#define PFLOW_SET_HDRLEN sizeof(struct pflow_set_header)
83
84struct pflow_tmpl_hdr {
85	u_int16_t	tmpl_id;
86	u_int16_t	field_count;
87} __packed;
88
89struct pflow_tmpl_fspec {
90	u_int16_t	field_id;
91	u_int16_t	len;
92} __packed;
93
94/* update pflow_clone_create() when changing pflow_ipfix_tmpl_ipv4 */
95struct pflow_ipfix_tmpl_ipv4 {
96	struct pflow_tmpl_hdr	h;
97	struct pflow_tmpl_fspec	src_ip;
98	struct pflow_tmpl_fspec	dest_ip;
99	struct pflow_tmpl_fspec	if_index_in;
100	struct pflow_tmpl_fspec	if_index_out;
101	struct pflow_tmpl_fspec	packets;
102	struct pflow_tmpl_fspec	octets;
103	struct pflow_tmpl_fspec	start;
104	struct pflow_tmpl_fspec	finish;
105	struct pflow_tmpl_fspec	src_port;
106	struct pflow_tmpl_fspec	dest_port;
107	struct pflow_tmpl_fspec	tos;
108	struct pflow_tmpl_fspec	protocol;
109#define PFLOW_IPFIX_TMPL_IPV4_FIELD_COUNT 12
110#define PFLOW_IPFIX_TMPL_IPV4_ID 256
111} __packed;
112
113/* update pflow_clone_create() when changing pflow_ipfix_tmpl_v6 */
114struct pflow_ipfix_tmpl_ipv6 {
115	struct pflow_tmpl_hdr	h;
116	struct pflow_tmpl_fspec	src_ip;
117	struct pflow_tmpl_fspec	dest_ip;
118	struct pflow_tmpl_fspec	if_index_in;
119	struct pflow_tmpl_fspec	if_index_out;
120	struct pflow_tmpl_fspec	packets;
121	struct pflow_tmpl_fspec	octets;
122	struct pflow_tmpl_fspec	start;
123	struct pflow_tmpl_fspec	finish;
124	struct pflow_tmpl_fspec	src_port;
125	struct pflow_tmpl_fspec	dest_port;
126	struct pflow_tmpl_fspec	tos;
127	struct pflow_tmpl_fspec	protocol;
128#define PFLOW_IPFIX_TMPL_IPV6_FIELD_COUNT 12
129#define PFLOW_IPFIX_TMPL_IPV6_ID 257
130} __packed;
131
132struct pflow_ipfix_tmpl {
133	struct pflow_set_header	set_header;
134	struct pflow_ipfix_tmpl_ipv4	ipv4_tmpl;
135	struct pflow_ipfix_tmpl_ipv6	ipv6_tmpl;
136} __packed;
137
138struct pflow_ipfix_flow4 {
139	u_int32_t	src_ip;		/* sourceIPv4Address*/
140	u_int32_t	dest_ip;	/* destinationIPv4Address */
141	u_int32_t	if_index_in;	/* ingressInterface */
142	u_int32_t	if_index_out;	/* egressInterface */
143	u_int64_t	flow_packets;	/* packetDeltaCount */
144	u_int64_t	flow_octets;	/* octetDeltaCount */
145	int64_t		flow_start;	/* flowStartMilliseconds */
146	int64_t		flow_finish;	/* flowEndMilliseconds */
147	u_int16_t	src_port;	/* sourceTransportPort */
148	u_int16_t	dest_port;	/* destinationTransportPort */
149	u_int8_t	tos;		/* ipClassOfService */
150	u_int8_t	protocol;	/* protocolIdentifier */
151	/* XXX padding needed? */
152} __packed;
153
154struct pflow_ipfix_flow6 {
155	struct in6_addr src_ip;		/* sourceIPv6Address */
156	struct in6_addr dest_ip;	/* destinationIPv6Address */
157	u_int32_t	if_index_in;	/* ingressInterface */
158	u_int32_t	if_index_out;	/* egressInterface */
159	u_int64_t	flow_packets;	/* packetDeltaCount */
160	u_int64_t	flow_octets;	/* octetDeltaCount */
161	int64_t		flow_start;	/* flowStartMilliseconds */
162	int64_t		flow_finish;	/* flowEndMilliseconds */
163	u_int16_t	src_port;	/* sourceTransportPort */
164	u_int16_t	dest_port;	/* destinationTransportPort */
165	u_int8_t	tos;		/* ipClassOfService */
166	u_int8_t	protocol;	/* protocolIdentifier */
167	/* XXX padding needed? */
168} __packed;
169
170#ifdef _KERNEL
171
172#include <sys/smr.h>
173
174/*
175 * Locks used to protect struct members and global data
176 *       I       immutable after creation
177 *       m       this pflow_softc' `sc_mtx'
178 *       p       this pflow_softc' `sc_lock'
179 */
180
181struct pflow_softc {
182	struct mutex		 sc_mtx;
183	struct rwlock		 sc_lock;
184
185	int			 sc_dying;	/* [p] */
186	struct ifnet		 sc_if;
187
188	unsigned int		 sc_count;	/* [m] */
189	unsigned int		 sc_count4;	/* [m] */
190	unsigned int		 sc_count6;	/* [m] */
191	unsigned int		 sc_maxcount;	/* [m] */
192	unsigned int		 sc_maxcount4;	/* [m] */
193	unsigned int		 sc_maxcount6;	/* [m] */
194	u_int32_t		 sc_gcounter;	/* [m] */
195	u_int32_t		 sc_sequence;	/* [m] */
196	struct timeout		 sc_tmo;
197	struct timeout		 sc_tmo6;
198	struct timeout		 sc_tmo_tmpl;
199	struct mbuf_queue	 sc_outputqueue;
200	struct task		 sc_outputtask;
201	struct socket		*so;		/* [p] */
202	struct mbuf		*send_nam;	/* [p] */
203	struct sockaddr		*sc_flowsrc;	/* [p] */
204	struct sockaddr		*sc_flowdst;	/* [p] */
205	struct pflow_ipfix_tmpl	 sc_tmpl_ipfix;	/* [I] */
206	u_int8_t		 sc_version;	/* [m] */
207	struct mbuf		*sc_mbuf;	/* [m] current cumulative
208						    mbuf */
209	struct mbuf		*sc_mbuf6;	/* [m] current cumulative
210						    mbuf */
211	SMR_SLIST_ENTRY(pflow_softc) sc_next;
212};
213
214extern struct pflow_softc	*pflowif;
215
216#endif /* _KERNEL */
217
218struct pflow_header {
219	u_int16_t	version;
220	u_int16_t	count;
221	u_int32_t	uptime_ms;
222	u_int32_t	time_sec;
223	u_int32_t	time_nanosec;
224	u_int32_t	flow_sequence;
225	u_int8_t	engine_type;
226	u_int8_t	engine_id;
227	u_int8_t	reserved1;
228	u_int8_t	reserved2;
229} __packed;
230
231#define PFLOW_HDRLEN sizeof(struct pflow_header)
232
233struct pflow_v10_header {
234	u_int16_t	version;
235	u_int16_t	length;
236	u_int32_t	time_sec;
237	u_int32_t	flow_sequence;
238	u_int32_t	observation_dom;
239} __packed;
240
241#define PFLOW_IPFIX_HDRLEN sizeof(struct pflow_v10_header)
242
243struct pflowstats {
244	u_int64_t	pflow_flows;
245	u_int64_t	pflow_packets;
246	u_int64_t	pflow_onomem;
247	u_int64_t	pflow_oerrors;
248};
249
250/* Supported flow protocols */
251#define PFLOW_PROTO_5	5	/* original pflow */
252#define PFLOW_PROTO_10	10	/* ipfix */
253#define PFLOW_PROTO_MAX	11
254
255#define PFLOW_PROTO_DEFAULT PFLOW_PROTO_5
256
257struct pflow_protos {
258	const char	*ppr_name;
259	u_int8_t	 ppr_proto;
260};
261
262#define PFLOW_PROTOS {                                 \
263		{ "5",	PFLOW_PROTO_5 },	       \
264		{ "10",	PFLOW_PROTO_10 },	       \
265}
266
267/*
268 * Configuration structure for SIOCSETPFLOW SIOCGETPFLOW
269 */
270struct pflowreq {
271	struct sockaddr_storage	flowsrc;
272	struct sockaddr_storage	flowdst;
273	u_int16_t		addrmask;
274	u_int8_t		version;
275#define PFLOW_MASK_SRCIP	0x01
276#define PFLOW_MASK_DSTIP	0x02
277#define PFLOW_MASK_VERSION	0x04
278};
279
280#ifdef _KERNEL
281int export_pflow(struct pf_state *);
282int pflow_sysctl(int *, u_int,  void *, size_t *, void *, size_t);
283#endif /* _KERNEL */
284
285#endif /* _NET_IF_PFLOW_H_ */
286