PF_RING API
API documentation for PF_RING: high-speed packet capture, filtering and analysis framework.
pfring_ft.h
Go to the documentation of this file.
1 /*
2  *
3  * (C) 2018 - ntop.org
4  *
5  * http://www.ntop.org/
6  *
7  * This code is proprietary code subject to the terms and conditions
8  * defined in LICENSE file which is part of this source code package.
9  *
10  */
11 
12 #ifndef _PFRING_FT_H_
13 #define _PFRING_FT_H_
14 
21 #include <sys/types.h>
22 
23 #ifdef __cplusplus
24 extern "C" {
25 #endif
26 
27 typedef void pfring_ft_table;
28 typedef void pfring_ft_list;
29 typedef void pfring_ft_flow;
30 
31 struct ndpi_detection_module_struct;
32 
33 /*** enums ***/
34 
35 typedef enum {
36  PFRING_FT_ACTION_DEFAULT = 0,
37  PFRING_FT_ACTION_FORWARD,
38  PFRING_FT_ACTION_DISCARD
39 } pfring_ft_action;
40 
41 typedef enum {
42  s2d_direction = 0,
43  d2s_direction,
44  NUM_DIRECTIONS
45 } pfring_ft_direction;
46 
47 /*** packet header structs ***/
48 
49 typedef u_int32_t pfring_ft_in4_addr;
50 
51 typedef struct {
52  union {
53  u_int8_t u6_addr8[16];
54  u_int16_t u6_addr16[8];
55  u_int32_t u6_addr32[4];
56  } u6_addr;
57 } __attribute__((packed))
58 pfring_ft_in6_addr;
59 
60 typedef struct {
61  u_int8_t ihl:4, version:4;
62  u_int8_t tos;
63  u_int16_t tot_len;
64  u_int16_t id;
65  u_int16_t frag_off;
66  u_int8_t ttl;
67  u_int8_t protocol;
68  u_int16_t check;
69  u_int32_t saddr;
70  u_int32_t daddr;
71 } __attribute__((packed))
72 pfring_ft_iphdr;
73 
74 typedef struct {
75  u_int32_t ip6_un1_flow;
76  u_int16_t ip6_un1_plen;
77  u_int8_t ip6_un1_nxt;
78  u_int8_t ip6_un1_hlim;
79  pfring_ft_in6_addr ip6_src;
80  pfring_ft_in6_addr ip6_dst;
81 } __attribute__((packed))
82 pfring_ft_ipv6hdr;
83 
84 typedef struct {
85  u_int16_t source;
86  u_int16_t dest;
87  u_int32_t seq;
88  u_int32_t ack_seq;
89  u_int16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1;
90  u_int16_t window;
91  u_int16_t check;
92  u_int16_t urg_ptr;
93 } __attribute__((packed))
94 pfring_ft_tcphdr;
95 
96 typedef struct {
97  u_int16_t source;
98  u_int16_t dest;
99  u_int16_t len;
100  u_int16_t check;
101 } __attribute__((packed))
102 pfring_ft_udphdr;
103 
104 /*** packet metadata structs ***/
105 
106 typedef struct { /* pfring_pkthdr / pcap_pkthdr common struct */
107  struct timeval ts;
108  u_int32_t caplen;
109  u_int32_t len;
110 } pfring_ft_pcap_pkthdr;
111 
112 typedef struct { /* additional packet metadata not available in pcap_pkthdr */
113  u_int32_t hash;
114 } pfring_ft_ext_pkthdr;
115 
116 typedef struct {
117  pfring_ft_pcap_pkthdr *hdr;
118  pfring_ft_ext_pkthdr *ext_hdr;
119  pfring_ft_direction direction;
120  u_int16_t vlan_id;
121  u_int8_t ip_version;
122  u_int8_t l4_proto;
123  u_int16_t payload_len;
124  u_int16_t reserved; /* padding */
125  union {
126  pfring_ft_iphdr *ip4;
127  pfring_ft_ipv6hdr *ip6;
128  } l3;
129  union {
130  pfring_ft_tcphdr *tcp;
131  pfring_ft_udphdr *udp;
132  } l4;
133  const u_char *payload;
134 } pfring_ft_packet_metadata;
135 
136 /*** flow metadata structs ***/
137 
138 typedef union {
139  pfring_ft_in4_addr v4;
140  pfring_ft_in6_addr v6;
141 } pfring_ft_ip_address;
142 
143 typedef struct {
144  u_int16_t master_protocol;
145  u_int16_t app_protocol;
146  int category;
147 } pfring_ft_ndpi_protocol;
148 
149 typedef struct {
150  pfring_ft_ip_address saddr;
151  pfring_ft_ip_address daddr;
152  u_int8_t ip_version;
153  u_int8_t protocol;
154  u_int16_t sport;
155  u_int16_t dport;
156  u_int16_t vlan_id;
157 } pfring_ft_flow_key;
158 
159 typedef struct {
160  struct {
161  u_int64_t pkts;
162  u_int64_t bytes;
163  struct timeval first;
164  struct timeval last;
165  u_int8_t tcp_flags;
166  } direction[NUM_DIRECTIONS];
167  pfring_ft_ndpi_protocol l7_protocol;
168  void *user;
169 } pfring_ft_flow_value;
170 
171 /*** stats struct ***/
172 
173 typedef struct {
174  u_int64_t flows;
175  u_int64_t err_no_room;
176  u_int64_t err_no_mem;
177  u_int64_t disc_no_ip;
178  u_int64_t max_lookup_depth;
179 } pfring_ft_stats;
180 
181 /*** Callbacks prototypes ***/
182 
183 typedef void
184 (*pfring_ft_export_list_func) (
185  pfring_ft_list *flows_list,
186  void *user
187 );
188 
189 typedef void
190 (*pfring_ft_export_flow_func) (
191  pfring_ft_flow *flow,
192  void *user
193 );
194 
195 typedef void
196 (*pfring_ft_flow_packet_func) (
197  const u_char *data,
198  pfring_ft_packet_metadata *metadata,
199  pfring_ft_flow *flow,
200  void *user
201 );
202 
203 #define PFRING_FT_TABLE_FLAGS_DPI (1 << 0)
212 pfring_ft_table *
213 pfring_ft_create_table(
214  u_int32_t flags,
215  u_int32_t max_flows,
216  u_int32_t flow_timeout
217 );
218 
223 void
224 pfring_ft_destroy_table(
225  pfring_ft_table *table
226 );
227 
234 void
235 pfring_ft_set_new_flow_callback(
236  pfring_ft_table *table,
237  pfring_ft_export_flow_func callback,
238  void *user
239 );
240 
247 void
248 pfring_ft_set_flow_packet_callback(
249  pfring_ft_table *table,
250  pfring_ft_flow_packet_func callback,
251  void *user
252 );
253 
261 void
262 pfring_ft_set_flow_export_callback(
263  pfring_ft_table *table,
264  pfring_ft_export_flow_func callback,
265  void *user
266 );
267 
277 void
278 pfring_ft_set_flow_list_export_callback(
279  pfring_ft_table *table,
280  pfring_ft_export_list_func callback,
281  void *user
282 );
283 
293 pfring_ft_action
294 pfring_ft_process(
295  pfring_ft_table *table,
296  const u_char *packet,
297  const pfring_ft_pcap_pkthdr *header,
298  const pfring_ft_ext_pkthdr *ext_header
299 );
300 
308 int
309 pfring_ft_housekeeping(
310  pfring_ft_table *table,
311  u_int32_t epoch
312 );
313 
318 void
319 pfring_ft_flush(
320  pfring_ft_table *table
321 );
322 
328 pfring_ft_flow *
329 pfring_ft_list_get_next(
330  pfring_ft_list *list
331 );
332 
338 pfring_ft_flow_key *
339 pfring_ft_flow_get_key(
340  pfring_ft_flow *flow
341 );
342 
348 pfring_ft_flow_value *
349 pfring_ft_flow_get_value(
350  pfring_ft_flow *flow
351 );
352 
358 void
359 pfring_ft_flow_set_action(
360  pfring_ft_flow *flow,
361  pfring_ft_action action
362 );
363 
368 void
369 pfring_ft_flow_free(
370  pfring_ft_flow *flow
371 );
372 
379 void
380 pfring_ft_load_configuration(
381  pfring_ft_table *table,
382  const char *path
383 );
384 
391 void
392 pfring_ft_set_shunt_protocol_by_name(
393  pfring_ft_table *table,
394  const char *protocol_name,
395  u_int8_t packets
396 );
397 
404 void
405 pfring_ft_set_filter_protocol_by_name(
406  pfring_ft_table *table,
407  const char *protocol_name,
408  pfring_ft_action action
409 );
410 
419 char *
420 pfring_ft_l7_protocol_name(
421  pfring_ft_table *table,
422  pfring_ft_ndpi_protocol *protocol,
423  char *buffer,
424  int buffer_len
425 );
426 
434 int
435 pfring_ft_set_ndpi_handle(
436  pfring_ft_table *table,
437  struct ndpi_detection_module_struct *ndpi
438 );
439 
446 int
447 pfring_ft_load_ndpi_categories(
448  pfring_ft_table *table,
449  const char *path
450 );
451 
457 pfring_ft_stats *
458 pfring_ft_get_stats(
459  pfring_ft_table *table
460 );
461 
466 void
467 pfring_ft_version(
468  char *version
469 );
470 
478 int
479 pfring_ft_license(
480  char *system_id,
481  time_t *license_expiration,
482  time_t *maintenance_expiration
483 );
484 
488 void
489 pfring_ft_debug(
490  void
491 );
492 
493 #ifdef __cplusplus
494 }
495 #endif
496 
497 #endif /* _PFRING_FT_H_ */
498 
pfring_ft_flow_value::pkts
u_int64_t pkts
Definition: pfring_ft.h:161
pfring_ft_flow_value::user
void * user
Definition: pfring_ft.h:168
pfring_ft_ext_pkthdr
Definition: pfring_ft.h:112
pfring_ft_ndpi_protocol::app_protocol
u_int16_t app_protocol
Definition: pfring_ft.h:145
pfring_ft_ip_address
Definition: pfring_ft.h:138
pfring_ft_set_flow_list_export_callback
void pfring_ft_set_flow_list_export_callback(pfring_ft_table *table, pfring_ft_export_list_func callback, void *user)
pfring_ft_stats::max_lookup_depth
u_int64_t max_lookup_depth
Definition: pfring_ft.h:178
pfring_ft_flow_value::bytes
u_int64_t bytes
Definition: pfring_ft.h:162
pfring_ft_flow_value
Definition: pfring_ft.h:159
pfring_ft_flow_key
Definition: pfring_ft.h:149
pfring_ft_flow_set_action
void pfring_ft_flow_set_action(pfring_ft_flow *flow, pfring_ft_action action)
pfring_ft_set_flow_packet_callback
void pfring_ft_set_flow_packet_callback(pfring_ft_table *table, pfring_ft_flow_packet_func callback, void *user)
pfring_ft_destroy_table
void pfring_ft_destroy_table(pfring_ft_table *table)
pfring_ft_flow_value::l7_protocol
pfring_ft_ndpi_protocol l7_protocol
Definition: pfring_ft.h:167
pfring_ft_packet_metadata
Definition: pfring_ft.h:116
pfring_ft_flow_key::dport
u_int16_t dport
Definition: pfring_ft.h:155
__attribute__
Definition: pf_ring.h:259
pfring_ft_list_get_next
pfring_ft_flow * pfring_ft_list_get_next(pfring_ft_list *list)
pfring_ft_pcap_pkthdr::caplen
u_int32_t caplen
Definition: pfring_ft.h:108
pfring_ft_set_new_flow_callback
void pfring_ft_set_new_flow_callback(pfring_ft_table *table, pfring_ft_export_flow_func callback, void *user)
pfring_ft_license
int pfring_ft_license(char *system_id, time_t *license_expiration, time_t *maintenance_expiration)
pfring_ft_load_ndpi_categories
int pfring_ft_load_ndpi_categories(pfring_ft_table *table, const char *path)
pfring_ft_stats::flows
u_int64_t flows
Definition: pfring_ft.h:174
pfring_ft_l7_protocol_name
char * pfring_ft_l7_protocol_name(pfring_ft_table *table, pfring_ft_ndpi_protocol *protocol, char *buffer, int buffer_len)
pfring_ft_get_stats
pfring_ft_stats * pfring_ft_get_stats(pfring_ft_table *table)
pfring_ft_flow_key::vlan_id
u_int16_t vlan_id
Definition: pfring_ft.h:156
pfring_ft_stats::disc_no_ip
u_int64_t disc_no_ip
Definition: pfring_ft.h:177
pfring_ft_set_flow_export_callback
void pfring_ft_set_flow_export_callback(pfring_ft_table *table, pfring_ft_export_flow_func callback, void *user)
pfring_ft_stats
Definition: pfring_ft.h:173
pfring_ft_housekeeping
int pfring_ft_housekeeping(pfring_ft_table *table, u_int32_t epoch)
pfring_ft_flow_key::ip_version
u_int8_t ip_version
Definition: pfring_ft.h:152
pfring_ft_flow_key::saddr
pfring_ft_ip_address saddr
Definition: pfring_ft.h:150
pfring_ft_debug
void pfring_ft_debug(void)
pfring_ft_flow_key::protocol
u_int8_t protocol
Definition: pfring_ft.h:153
pfring_ft_flow_get_value
pfring_ft_flow_value * pfring_ft_flow_get_value(pfring_ft_flow *flow)
pfring_ft_set_filter_protocol_by_name
void pfring_ft_set_filter_protocol_by_name(pfring_ft_table *table, const char *protocol_name, pfring_ft_action action)
d2s_direction
Definition: pfring_ft.h:43
pfring_ft_flow_key::daddr
pfring_ft_ip_address daddr
Definition: pfring_ft.h:151
pfring_ft_flow_get_key
pfring_ft_flow_key * pfring_ft_flow_get_key(pfring_ft_flow *flow)
pfring_ft_flush
void pfring_ft_flush(pfring_ft_table *table)
pfring_ft_set_ndpi_handle
int pfring_ft_set_ndpi_handle(pfring_ft_table *table, struct ndpi_detection_module_struct *ndpi)
pfring_ft_ndpi_protocol::master_protocol
u_int16_t master_protocol
Definition: pfring_ft.h:144
pfring_ft_ndpi_protocol
Definition: pfring_ft.h:143
s2d_direction
Definition: pfring_ft.h:42
pfring_ft_pcap_pkthdr
Definition: pfring_ft.h:106
pfring_ft_flow_free
void pfring_ft_flow_free(pfring_ft_flow *flow)
pfring_ft_direction
pfring_ft_direction
Definition: pfring_ft.h:41
pfring_ft_stats::err_no_room
u_int64_t err_no_room
Definition: pfring_ft.h:175
pfring_ft_process
pfring_ft_action pfring_ft_process(pfring_ft_table *table, const u_char *packet, const pfring_ft_pcap_pkthdr *header, const pfring_ft_ext_pkthdr *ext_header)
pfring_ft_flow_key::sport
u_int16_t sport
Definition: pfring_ft.h:154
pfring_ft_create_table
pfring_ft_table * pfring_ft_create_table(u_int32_t flags, u_int32_t max_flows, u_int32_t flow_timeout)
pfring_ft_version
void pfring_ft_version(char *version)
pfring_ft_load_configuration
void pfring_ft_load_configuration(pfring_ft_table *table, const char *path)
pfring_ft_set_shunt_protocol_by_name
void pfring_ft_set_shunt_protocol_by_name(pfring_ft_table *table, const char *protocol_name, u_int8_t packets)
pfring_ft_stats::err_no_mem
u_int64_t err_no_mem
Definition: pfring_ft.h:176
pfring_ft_pcap_pkthdr::len
u_int32_t len
Definition: pfring_ft.h:109
pfring_ft_ext_pkthdr::hash
u_int32_t hash
Definition: pfring_ft.h:113
pfring_ft_flow_value::tcp_flags
u_int8_t tcp_flags
Definition: pfring_ft.h:165