-
Notifications
You must be signed in to change notification settings - Fork 3
/
netflow.h
69 lines (61 loc) · 2.98 KB
/
netflow.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
/* Copyright 2014 Andrew Bates
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __NETFLOW_H__
#define __NETFLOW_H__
#include <netinet/in.h>
typedef struct {
uint16_t version; /* bytes 0-1 */
uint16_t count; /* bytes 2-3 */
uint32_t sys_uptime; /* bytes 4-7 */
uint32_t ts_sec; /* bytes 8-11 */
uint32_t ts_msec; /* bytes 12-15 */
uint32_t sequence; /* bytes 16-19 */
uint8_t engine_type; /* byte 20 */
uint8_t engine_id; /* byte 21 */
uint16_t sampling_interval; /* byte 22-23 */
} nf_v5_header_t;
typedef struct {
uint32_t source_ip; /* bytes 0-3: Flow source IPv4 address */
uint32_t destination_ip; /* bytes 4-7: Flow destination IPv4 address */
uint32_t next_hop; /* bytes 8-11: Next hop router ID (IPv4 Address) */
uint16_t iif_index; /* bytes 12-13: Input SNMP interface index */
uint16_t oif_index; /* bytes 14-15: Output SNMP interface index */
uint32_t num_packets; /* bytes 16-19: Number of packets in the flow */
uint32_t num_bytes; /* bytes 20-23: Number of bytes in the flow */
uint32_t first; /* bytes 24-27: System uptime when flow started */
uint32_t last; /* bytes 28-31: System uptime when flow ended */
uint16_t source_port; /* bytes 32-33: Source port for tcp/udp/sctp flows. Zero for everything else */
uint16_t destination_port; /* bytes 34-35: Destination port for tcp/udp/sctp flows. ICMP type and code for ICMP and zero for everything else */
uint8_t mid_pad; /* byte 36: zero pad */
uint8_t tcp_flags; /* byte 37: tcp flags or zero */
uint8_t protocol; /* byte 38: IP protocol number */
uint8_t tos; /* byte 39: IP Type of Service */
uint16_t source_as; /* bytes 40-41: BGP source ASN */
uint16_t destination_as; /* bytes 42-43: BGP destination ASN */
uint8_t source_prefix; /* byte 44: number of bits in the source route mask */
uint8_t dest_prefix; /* byte 45: number of bites in the destination route mask */
uint16_t end_pad; /* bytes 46-47: zero pad */
} nf_v5_record_t;
typedef struct {
nf_v5_header_t header;
nf_v5_record_t records[30];
} nf_v5_packet_t;
typedef struct {
int socket;
struct sockaddr_in sockaddr;
} nf_peer_t;
void nf_init_peer(nf_peer_t *nf_peer, struct in_addr *peer_ip, unsigned short peer_port);
void nf_export(nf_peer_t *nf_peer, nf_v5_packet_t *packet, unsigned int num_records);
#endif