Annotation of embedaddon/trafshow/cisco_netflow.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (c) 2003 Rinet Corp., Novosibirsk, Russia
3: *
4: * Redistribution and use in source forms, with and without modification,
5: * are permitted provided that this entire comment appears intact.
6: *
7: * THIS SOURCE CODE IS PROVIDED ``AS IS'' WITHOUT ANY WARRANTIES OF ANY KIND.
8: */
9:
10: #ifndef _CISCO_NETFLOW_H_
11: #define _CISCO_NETFLOW_H_
12:
13: #include <sys/types.h>
14:
15: #define CNF_PORT 9995 /* collector UDP port by default */
16:
17: /*
18: * Cisco Netflow packets format
19:
20: */
21: /*
22: * Version 1 Header Format
23: */
24: typedef struct cnf_hdr_v1 {
25: u_int16_t version; /* version number=1 */
26: u_int16_t counter; /* number of exported flows (1-24) */
27: u_int32_t sysuptime; /* milliseconds since router booted */
28: u_int32_t unix_secs; /* current seconds since UTC */
29: u_int32_t unix_nsecs; /* current nanoseconds since UTC */
30: } CNF_HDR_V1;
31:
32: /*
33: * Version 1 Flow Record Format
34: */
35: typedef struct cnf_data_v1 {
36: u_int32_t src_addr; /* source IP address */
37: u_int32_t dst_addr; /* destination IP address */
38: u_int32_t nexthop; /* next hop router's IP address */
39: u_int16_t ifin; /* input interface's SNMP index */
40: u_int16_t ifout; /* output interface's SNMP index */
41: u_int32_t dpkts; /* packets in the flow */
42: u_int32_t doctets; /* total number of L3 bytes */
43: u_int32_t firsttime; /* sysuptime at start of flow */
44: u_int32_t lasttime; /* sysuptime at last packet of flow */
45: u_int16_t src_port; /* source port number */
46: u_int16_t dst_port; /* destination port number */
47: u_int16_t pad1; /* unused (zero) bytes */
48: u_int8_t proto; /* IP protocol */
49: u_int8_t tos; /* type of service */
50: u_int8_t flags; /* cumulative OR of TCP flags */
51: u_int8_t tcp_retx_cnt; /* Number of mis-sequenced packets with delay >1sec */
52: u_int8_t tcp_retx_secs; /* Cumulative seconds between mis-sequenced packets */
53: u_int8_t tcp_misseq_cnt; /* Number of mis-sequenced packets seen */
54: u_int8_t reserved[4]; /* unused (zero) bytes */
55: } CNF_DATA_V1;
56:
57: /*
58: * Version 5 Header Format
59: */
60: typedef struct cnf_hdr_v5 {
61: u_int16_t version; /* version number=5 */
62: u_int16_t counter; /* number of exported flows (1-30) */
63: u_int32_t sysuptime; /* milliseconds since router booted */
64: u_int32_t unix_secs; /* current seconds since UTC */
65: u_int32_t unix_nsecs; /* current nanoseconds since UTC */
66: u_int32_t sequence; /* sequence counter of total flows seen */
67: u_int8_t engine_type; /* switching engine type (RP,VIP) */
68: u_int8_t engine_id; /* switching engine slot number */
69: u_int16_t sampling_interval; /* see bellow */
70: /*
71: * Sampling mode and the sampling interval information.
72: * The first two bits of this field indicates the sampling mode:
73: * 00 = No sampling mode is configured
74: * 01 = `Packet Interval' sampling mode is configured.
75: * (One of every x packet is selected and placed in the NetFlow cache).
76: * 10 = Reserved
77: * 11 = Reserved
78: * The remaining 14 bits hold the value of the sampling interval.
79: * The sampling interval can have any value in the range of 10 to 16382
80: * (for example, 0x000A to 0x3FFE).
81: */
82: } CNF_HDR_V5;
83:
84: /*
85: * Version 5 Flow Record Format
86: */
87: typedef struct cnf_data_v5 {
88: u_int32_t src_addr; /* source IP address */
89: u_int32_t dst_addr; /* destination IP address */
90: u_int32_t nexthop; /* next hop router's IP address */
91: u_int16_t ifin; /* input interface's SNMP index */
92: u_int16_t ifout; /* output interface's SNMP index */
93: u_int32_t dpkts; /* packets in the flow */
94: u_int32_t doctets; /* total number of L3 bytes */
95: u_int32_t firsttime; /* sysuptime at start of flow */
96: u_int32_t lasttime; /* sysuptime at last packet of flow */
97: u_int16_t src_port; /* source port number */
98: u_int16_t dst_port; /* destination port number */
99: u_int8_t pad1; /* unused (zero) byte */
100: u_int8_t flags; /* cumulative OR of TCP flags */
101: u_int8_t proto; /* IP protocol */
102: u_int8_t tos; /* type of service */
103: u_int16_t src_as; /* AS of the source (origin or peer) */
104: u_int16_t dst_as; /* AS of the destination */
105: u_int8_t src_mask; /* source address prefix mask bits */
106: u_int8_t dst_mask; /* dest address prefix mask bits */
107: u_int16_t pad2; /* unused (zero) bytes */
108: } CNF_DATA_V5;
109:
110: /*
111: * Version 7 Header Format
112: */
113: typedef struct cnf_hdr_v7 {
114: u_int16_t version; /* version number=7 */
115: u_int16_t counter; /* number of exported flows (1-27) */
116: u_int32_t sysuptime; /* milliseconds since router booted */
117: u_int32_t unix_secs; /* current seconds since UTC */
118: u_int32_t unix_nsecs; /* current nanoseconds since UTC */
119: u_int32_t sequence; /* sequence counter of total flows */
120: u_int32_t reserved; /* unused (zero) bytes */
121: } CNF_HDR_V7;
122:
123: /*
124: * Version 7 Flow Record Format
125: */
126: typedef struct cnf_data_v7 {
127: u_int32_t src_addr; /* source IP address */
128: u_int32_t dst_addr; /* destination IP address */
129: u_int32_t nexthop; /* next hop router's IP address */
130: u_int16_t ifin; /* input interface's SNMP index */
131: u_int16_t ifout; /* output interface's SNMP index */
132: u_int32_t dpkts; /* packets in the flow */
133: u_int32_t doctets; /* total number of L3 bytes */
134: u_int32_t firsttime; /* sysuptime at start of flow */
135: u_int32_t lasttime; /* sysuptime at last packet of flow */
136: u_int16_t src_port; /* source port number */
137: u_int16_t dst_port; /* destination port number */
138: u_int8_t pad1; /* unused (zero) byte */
139: u_int8_t flags; /* cumulative OR of TCP flags */
140: u_int8_t proto; /* IP protocol */
141: u_int8_t tos; /* type of service */
142: u_int32_t src_as; /* AS of the source (origin of peer) */
143: u_int32_t dst_as; /* AS of the destination */
144: u_int8_t src_mask; /* source address prefix mask bits */
145: u_int8_t dst_mask; /* dest address prefix mask bits */
146: u_int16_t pad2; /* unused (zero) bytes */
147: u_int32_t router_sc; /* router which is shortcut by switch */
148: } CNF_DATA_V7;
149:
150: struct pcap_handler;
151: int cisco_netflow_init(struct pcap_handler **ph_list, int port);
152:
153: #endif /* !_CISCO_NETFLOW_H_ */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>