nafcore.h

Go to the documentation of this file.
00001 /*
00002  ** nafcore.h
00003  ** NetSA Aggregated Flow (NAF) core ADT support
00004  **
00005  ** ------------------------------------------------------------------------
00006  ** Copyright (C) 2005-2007 Carnegie Mellon University. All Rights Reserved.
00007  ** ------------------------------------------------------------------------
00008  ** Authors: Brian Trammell <bht@cert.org>
00009  ** ------------------------------------------------------------------------
00010  ** GNU General Public License (GPL) Rights pursuant to Version 2, June 1991
00011  ** Government Purpose License Rights (GPLR) pursuant to DFARS 252.225-7013
00012  ** ------------------------------------------------------------------------
00013  */
00014 
00049 /* idem hack */
00050 #ifndef _NAF_NAFCORE_H_
00051 #define _NAF_NAFCORE_H_
00052 
00053 #include <naf/autoinc.h>
00054 
00055 /* NAF core integral type definitions */
00056 
00058 typedef uint32_t NAFTimeSec;
00059 
00065 typedef struct _NAFlowKey {
00067     uint32_t            srcid;
00069     NAFTimeSec          bin;
00071     uint32_t         sip;
00073     uint32_t         dip;
00075     uint16_t            sp;
00077     uint16_t            dp;
00079     uint8_t             sipmask;
00081     uint8_t             dipmask;
00083     uint8_t             proto;
00084 } NAFlowKey;    
00085 
00091 typedef struct _NAFlowVUC {
00093     GHashTable          *htab;
00095     GHashTable          *rhtab;
00097     GHashTable          *ptab;
00099     GHashTable          *rptab;
00100 } NAFlowVUC;
00101 
00106 typedef struct _NAFlowVal {
00108     uint64_t            oct;
00110     uint64_t            roct;
00112     uint64_t            pkt;
00114     uint64_t            rpkt;
00116     uint32_t            flo;
00118     uint32_t            rflo;
00120     uint32_t            host;
00122     uint32_t            rhost;
00124     uint16_t            port;
00126     uint16_t            rport;
00128     NAFlowVUC           *vuc;
00129 } NAFlowVal;
00130 
00135 typedef struct _NAFlow {
00137     NAFlowKey   k;
00139     NAFlowVal   v;
00140 } NAFlow;
00141 
00142 
00147 typedef struct _NAFlowRaw {
00149     uint64_t        oct;
00151     uint64_t        roct;
00153     uint64_t        pkt;
00155     uint64_t        rpkt;
00157     uint32_t        flo;
00159     uint32_t        rflo;
00164     uint32_t        stime;
00169     uint32_t        etime;
00171     uint32_t        srcid;
00173     uint32_t     sip;
00175     uint32_t     dip;
00177     uint16_t        sp;
00179     uint16_t        dp;
00184     uint8_t         sipmask;
00189     uint8_t         dipmask;
00191     uint8_t         proto;
00193     char            pad0[5];
00194 } NAFlowRaw;    
00195 
00197 #define NAF_FM_SRCID    0x00000001
00198 
00199 #define NAF_FM_SIP      0x00000002
00200 
00201 #define NAF_FM_SIPMASK  0x00000004
00202 
00203 #define NAF_FM_DIP      0x00000008
00204 
00205 #define NAF_FM_DIPMASK  0x00000010
00206 
00207 #define NAF_FM_PROTO    0x00000020
00208 
00209 #define NAF_FM_SP       0x00000040
00210 
00211 #define NAF_FM_DP       0x00000080
00212 
00213 #define NAF_FM_OCT      0x00000100
00214 
00215 #define NAF_FM_ROCT     0x00000200
00216 
00217 #define NAF_FM_PKT      0x00000400
00218 
00219 #define NAF_FM_RPKT     0x00000800
00220 
00221 #define NAF_FM_FLO      0x00001000
00222 
00223 #define NAF_FM_RFLO     0x00002000
00224 
00225 #define NAF_FM_SHOSTC   0x00004000
00226 
00227 #define NAF_FM_DHOSTC   0x00008000
00228 
00229 #define NAF_FM_SPORTC   0x00010000
00230 
00231 #define NAF_FM_DPORTC   0x00020000
00232 
00233 #define NAF_FM_REVSORT  0x10000000
00234 
00235 #define NAF_FM_MTOTAL   0x20000000
00236 
00237 #define NAF_FM_VPAD     0x40000000
00238 
00239 #define NAF_FM_VSTIME   0x80000000
00240 
00242 #define NAF_FM_MASKF    0x0003FFFF
00243 
00244 #define NAF_FM_MASKINT  0xF0000000
00245 
00246 
00248 #define NAF_BA_NONE     0x00000000
00249 
00250 #define NAF_BA_UNIFORM  0x00000001
00251 
00252 #define NAF_BA_START    0x00000002
00253 
00254 #define NAF_BA_END      0x00000003
00255 
00257 #define NAF_IP_ICMP     1
00258 
00259 #define NAF_IP_TCP      6
00260 
00261 #define NAF_IP_UDP      17
00262 
00267 typedef struct _NAFlowMask {
00269     uint16_t        sipmask;
00271     uint16_t        dipmask;
00273     uint32_t     sipmaskbits;
00275     uint32_t     dipmaskbits;
00277     uint32_t        fieldmask;
00279     NAFTimeSec      binsize;
00281     uint32_t        binalg;
00282 } NAFlowMask;
00283 
00284 /* error handling */
00285 
00291 #define NAF_ERROR_DOMAIN        (g_quark_from_string("certNAFError"))
00292 
00293 #define NAF_ERROR_HEADER        1
00294 
00295 #define NAF_ERROR_ARGUMENT      2
00296 
00297 #define NAF_ERROR_IO            3
00298 
00299 #define NAF_ERROR_HORIZON       4
00300 
00301 #define NAF_ERROR_MULTIPLE      5
00302 
00306 #define NAF_ERROR_EOF           6
00307 
00314 fbInfoModel_t *nfInfoModel();
00315 
00334 fBuf_t *nfReaderForFP(
00335     fBuf_t          *fbuf,
00336     FILE            *fp,
00337     NAFlowMask      *mask,
00338     GError          **err);
00339 
00356  gboolean nfRead(
00357     fBuf_t                  *fbuf,
00358     NAFlowMask              *mask,
00359     NAFlowKey               *key,
00360     NAFlowVal               *val,
00361     GError                  **err);
00362 
00382 fBuf_t *nfWriterForFP(
00383     fBuf_t                  *fbuf,
00384     FILE                    *fp,
00385     uint32_t                domain,
00386     NAFlowMask              *mask,
00387     GError                  **err);
00388 
00401 gboolean nfWrite(
00402     fBuf_t                  *fbuf,
00403     NAFlowMask              *mask,
00404     NAFlowKey               *key,
00405     NAFlowVal               *val,
00406     GError                  **err);
00407 
00417 gboolean nfWriterClose(
00418     fBuf_t          *fbuf,
00419     GError          **err);
00420 
00429 void nfDumpFlow(
00430     NAFlowKey           *key,
00431     NAFlowVal           *val,
00432     const char          *inf);
00433 
00434 /* end idem */
00435 #endif