nafcore.h

Go to the documentation of this file.
00001 /*
00002  ** nafcore.h
00003  ** NetSA Aggregated Flow (NAF) core ADT support
00004  **
00005  ** ------------------------------------------------------------------------
00006  ** Copyright (C) 2005 Carnegie Mellon University. All Rights Reserved.
00007  ** ------------------------------------------------------------------------
00008  ** Authors: Brian Trammell <bht@cert.org>
00009  ** ------------------------------------------------------------------------
00010  ** GNU General Public License (GPL) Rights pursuant to Version 2, June 1991
00011  ** Government Purpose License Rights (GPLR) pursuant to DFARS 252.225-7013
00012  ** ------------------------------------------------------------------------
00013  */
00014 
00056 /* idem hack */
00057 #ifndef _NAF_NAFCORE_H_
00058 #define _NAF_NAFCORE_H_
00059 
00060 #include <naf/autoinc.h>
00061 
00062 /* NAF core integral type definitions */
00063 
00065 typedef uint32_t NAFIPv4Addr;
00067 typedef uint32_t NAFTimeSec;
00068 
00074 typedef struct _NAFlowKey {
00076     uint32_t            srcid;
00078     NAFTimeSec          bin;
00080     NAFIPv4Addr        sip;
00082     NAFIPv4Addr        dip;
00084     uint16_t            sp;
00086     uint16_t            dp;
00088     uint8_t             sipmask;
00090     uint8_t             dipmask;
00092     uint8_t             proto;
00093 } NAFlowKey;    
00094 
00100 typedef struct _NAFlowVUC {
00102     GHashTable          *htab;
00104     GHashTable          *rhtab;
00106     GHashTable          *ptab;
00108     GHashTable          *rptab;
00109 } NAFlowVUC;
00110 
00115 typedef struct _NAFlowVal {
00117     uint64_t            oct;
00119     uint64_t            roct;
00121     uint64_t            pkt;
00123     uint64_t            rpkt;
00125     uint32_t            flo;
00127     uint32_t            rflo;
00129     uint32_t            host;
00131     uint32_t            rhost;
00133     uint16_t            port;
00135     uint16_t            rport;
00137     NAFlowVUC           *vuc;
00138 } NAFlowVal;
00139 
00144 typedef struct _NAFlow {
00146     NAFlowKey   k;
00148     NAFlowVal   v;
00149 } NAFlow;
00150 
00152 #define NAF_FM_SRCID    0x00000001
00153 
00154 #define NAF_FM_SIP      0x00000002
00155 
00156 #define NAF_FM_SIPMASK  0x00000004
00157 
00158 #define NAF_FM_DIP      0x00000008
00159 
00160 #define NAF_FM_DIPMASK  0x00000010
00161 
00162 #define NAF_FM_PROTO    0x00000020
00163 
00164 #define NAF_FM_SP       0x00000040
00165 
00166 #define NAF_FM_DP       0x00000080
00167 
00168 #define NAF_FM_OCT      0x00000100
00169 
00170 #define NAF_FM_ROCT     0x00000200
00171 
00172 #define NAF_FM_PKT      0x00000400
00173 
00174 #define NAF_FM_RPKT     0x00000800
00175 
00176 #define NAF_FM_FLO      0x00001000
00177 
00178 #define NAF_FM_RFLO     0x00002000
00179 
00180 #define NAF_FM_SHOSTC   0x00004000
00181 
00182 #define NAF_FM_DHOSTC   0x00008000
00183 
00184 #define NAF_FM_SPORTC   0x00010000
00185 
00186 #define NAF_FM_DPORTC   0x00020000
00187 
00188 #define NAF_FM_REVSORT  0x10000000
00189 
00190 #define NAF_FM_MTOTAL   0x20000000
00191 
00192 #define NAF_FM_VPAD     0x40000000
00193 
00194 #define NAF_FM_VSTIME   0x80000000
00195 
00197 #define NAF_FM_MASKF    0x0003FFFF
00198 
00199 #define NAF_FM_MASKINT  0xF0000000
00200 
00201 
00203 #define NAF_BA_NONE     0x00000000
00204 
00205 #define NAF_BA_UNIFORM  0x00000001
00206 
00207 #define NAF_BA_START    0x00000002
00208 
00209 #define NAF_BA_END      0x00000003
00210 
00212 #define NAF_IP_ICMP     1
00213 
00214 #define NAF_IP_TCP      6
00215 
00216 #define NAF_IP_UDP      17
00217 
00222 typedef struct _NAFlowMask {
00224     uint16_t        sipmask;
00226     uint16_t        dipmask;
00228     NAFIPv4Addr    sipmaskbits;
00230     NAFIPv4Addr    dipmaskbits;
00232     uint32_t        fieldmask;
00234     NAFTimeSec      binsize;
00236     uint32_t        binalg;
00237 } NAFlowMask;
00238 
00239 /* error handling */
00240 
00246 #define NAF_ERROR_DOMAIN        (g_quark_from_string("certNAFError"))
00247 
00248 #define NAF_ERROR_HEADER        1
00249 
00250 #define NAF_ERROR_ARGUMENT      2
00251 
00252 #define NAF_ERROR_IO            3
00253 
00254 #define NAF_ERROR_HORIZON       4
00255 
00256 #define NAF_ERROR_MULTIPLE      5
00257 
00261 #define NAF_ERROR_EOF           6
00262 
00268 extern FixIERegistry *naf_ier;
00269 
00275 void naf_ier_init();
00276 
00294 FixReader *naf_read_start(
00295     FixReader               *fr,
00296     FILE                    *in,
00297     NAFlowMask              *mask,
00298     GError                  **err);
00299 
00316 gboolean naf_read(
00317     FixReader               *fr,
00318     NAFlowMask              *mask,
00319     NAFlowKey               *key,
00320     NAFlowVal               *val,
00321     GError                  **err);
00322 
00340 FixWriter *naf_write_start(
00341     FixWriter               *fw,
00342     FILE                    *fp,
00343     NAFlowMask              *mask,
00344     GError                  **err);
00345 
00360 gboolean naf_write(
00361     FixWriter               *fw,
00362     NAFlowMask              *mask,
00363     NAFlowKey               *key,
00364     NAFlowVal               *val,
00365     GError                  **err);
00366 
00378 gboolean naf_write_end(
00379     FixWriter               *fw,
00380     GError                  **err);
00381 
00385 #if NAF_DEBUG_FLOW_ENABLE
00386 #define DEBUG_FLOW(_I_,_K_,_V_) naf_dump_flow(_K_,_V_,_I_)
00387 #else
00388 #define DEBUG_FLOW(_I_,_K_,_V_)
00389 #endif
00390 
00399 void naf_dump_flow(
00400     NAFlowKey           *key,
00401     NAFlowVal           *val,
00402     const char              *inf);
00403 
00404 /* end idem */
00405 #endif
© 2005-2006 Carnegie Mellon University
Generated Fri Jun 23 14:38:09 2006 for libnaf 0.5.1 by Doxygen 1.4.5.