yafcore.h

Go to the documentation of this file.
00001 /*
00002  ** yafcore.h
00003  ** YAF core I/O routines
00004  **
00005  ** ------------------------------------------------------------------------
00006  ** Copyright (C) 2006-2008 Carnegie Mellon University. All Rights Reserved.
00007  ** ------------------------------------------------------------------------
00008  ** Authors: Brian Trammell <bht@cert.org>
00009  ** ------------------------------------------------------------------------
00010  ** GNU General Public License (GPL) Rights pursuant to Version 2, June 1991
00011  ** Government Purpose License Rights (GPLR) pursuant to DFARS 252.225-7013
00012  ** ------------------------------------------------------------------------
00013  */
00014 
00059 #ifndef _YAF_CORE_H_
00060 #define _YAF_CORE_H_
00061 
00062 #include <yaf/autoinc.h>
00063 #include <fixbuf/public.h>
00064 
00070 #define YAF_ERROR_DOMAIN        (g_quark_from_string("certYAFError"))
00071 
00072 #define YAF_ERROR_HEADER        1
00073 
00074 #define YAF_ERROR_ARGUMENT      2
00075 
00076 #define YAF_ERROR_IO            3
00077 
00078 #define YAF_ERROR_IPFIX         4
00079 
00080 #define YAF_ERROR_IMPL          5
00081 
00082 #define YAF_ERROR_INTERNAL      6
00083 
00084 #define YAF_ERROR_LIMIT         7
00085 
00090 #define YAF_FLOW_ACTIVE         0
00091 
00092 #define YAF_END_IDLE            1
00093 
00094 #define YAF_END_ACTIVE          2
00095 
00096 #define YAF_END_CLOSED          3
00097 
00098 #define YAF_END_FORCED          4
00099 
00100 #define YAF_END_RESOURCE        5
00101 
00103 #define YAF_END_MASK            0x7f
00104 
00106 #define YAF_ENDF_ISCONT         0x80
00107 
00109 #define YAF_IP_ICMP             1
00110 
00111 #define YAF_IP_TCP              6
00112 
00113 #define YAF_IP_UDP              17
00114 
00115 
00117 #define YAF_MAX_HOOKS           4
00118 
00120 #define YAF_HOOKS_MAX_EXPORT    256
00121 
00126 typedef struct yfFlowKey_st {
00128     uint16_t            sp;
00130     uint16_t            dp;
00132     uint8_t             proto;
00134     uint8_t             version;
00136     union {
00137         struct {
00139             uint32_t    sip;
00141             uint32_t    dip;
00142         }               v4;
00143         struct {    
00145             uint8_t     sip[16];
00147             uint8_t     dip[16];
00148         }               v6;
00149     }                   addr;
00150 } yfFlowKey_t;
00151 
00152 
00157 typedef struct yfFlowVal_st {
00159     uint64_t    oct;
00161     uint64_t    pkt;
00163     uint32_t    paylen;
00165     uint8_t     *payload;
00167     uint32_t    isn;
00169     uint8_t     iflags;
00171     uint8_t     uflags;
00173     uint16_t    tag;
00174 } yfFlowVal_t;
00175 
00176 #ifdef YAF_ENABLE_APPLABEL
00177 typedef struct yfFlowAppLabelerState_st {
00178     uint8_t protoClassified:1;
00179     uint8_t forwardClassComplete:1;
00180     uint8_t reverseClassComplete:1;
00181     uint8_t :5;
00182 } yfFlowAppLabelerState_t;
00183 #define YAF_FLOW_APPLABELER_STATE_UNCLASSIFIED 0
00184 #endif
00185 
00192 typedef struct yfFlow_st {
00194     uint64_t        stime;
00196     uint64_t        etime;
00197     #ifdef YAF_ENABLE_APPLABEL
00198 
00199     yfFlowAppLabelerState_t appLabelerState;
00200     uint16_t        appLabel;
00201     #endif
00202 
00206     int32_t         rdtime;
00208     uint8_t         reason;
00210     yfFlowVal_t     val;
00212     yfFlowVal_t     rval;
00214     yfFlowKey_t     key;
00215 } yfFlow_t;
00216 
00225 void yfFlowPrepare(
00226     yfFlow_t          *flow);
00227 
00235 void yfFlowCleanup(
00236     yfFlow_t          *flow);
00237 
00249 fBuf_t *yfWriterForFile(
00250     const char              *path,
00251     uint32_t                domain,
00252     GError                  **err);
00253 
00267 fBuf_t *yfWriterForFP(
00268     FILE                    *fp,
00269     uint32_t                domain,
00270     GError                  **err);
00271 
00281 fBuf_t *yfWriterForSpec(
00282     fbConnSpec_t            *spec,
00283     uint32_t                domain,
00284     GError                  **err);
00285 
00297 gboolean yfWriteFlow(
00298     fBuf_t              *fbuf,
00299     yfFlow_t            *flow,
00300     GError              **err);
00301 
00314 gboolean yfWriterClose(
00315     fBuf_t          *fbuf,
00316     gboolean        flush,
00317     GError          **err);
00318 
00331 fBuf_t *yfReaderForFP(
00332     fBuf_t          *fbuf,
00333     FILE            *fp,
00334     GError          **err);
00335 
00352 fbListener_t *yfListenerForSpec(
00353     fbConnSpec_t        *spec,
00354     fbListenerAppInit_fn    appinit,
00355     fbListenerAppFree_fn    appfree,
00356     GError              **err);
00357 
00373 gboolean yfReadFlow(
00374     fBuf_t          *fbuf,
00375     yfFlow_t        *flow,
00376     GError          **err);
00377 
00396 gboolean yfReadFlowExtended(
00397     fBuf_t                  *fbuf,
00398     yfFlow_t                *flow,
00399     GError                  **err);
00400 
00408 void yfPrintString(
00409     GString             *rstr,
00410     yfFlow_t            *flow);
00411 
00419 void yfPrintDelimitedString(
00420     GString                 *rstr,
00421     yfFlow_t                *flow);
00422 
00432 gboolean yfPrint(
00433     FILE                *out,
00434     yfFlow_t            *flow,
00435     GError              **err);
00436 
00446 gboolean yfPrintDelimited(
00447     FILE                *out,
00448     yfFlow_t            *flow,
00449     GError              **err);
00450 
00451 #endif