rrc.h

Go to the documentation of this file.

/*
 *
 * (C) 2017-18 - ntop.org
 *
 *  http://www.ntop.org/
 *
 * This code is proprietary code subject to the terms and conditions
 * defined in LICENSE file which is part of this source code package.
 *
 */

#ifndef RRC_LIB
#define RRC_LIB

//#define DEBUG

#include "nbpf.h"

#define MAX_NUM_PORTS  10
#define MAX_NUM_RULES  0x7FFFFFFF
#define MAX_NUM_USER_RULES (MAX_NUM_RULES-2)

#define DEFAULT_RULE_ID    (MAX_NUM_RULES-2)
#define INIT_RULE_ID       (MAX_NUM_RULES-1)

/* 
 * RRC switch port numbers are 1,2,3,4
 * 
 *       (host)
 *
 *      3       4   PEP (internal) ports
 *   ___|_______|___
 *  |               |
 *  |               |
 *  |      RRC      |
 *  |     Switch    |
 *  |               |
 *  |___ _______ ___|
 *      |       |
 *      1       2   EPL (external) Ethernet ports
 *
 *      (network)
 */

#define RRC_INIT_FLAG_PORTMASK (0 << 1) /* Set destination port mask (this is not compatible with redirection rules) */

typedef enum {
  PERMIT = 0, /* EGRESS_TRAFFIC only */
  DENY,       /* INGRESS_TRAFFIC (recommended) or EGRESS_TRAFFIC */
  REDIRECT    /* INGRESS_TRAFFIC only */
} rrc_policy_t;

typedef enum {
  EGRESS_TRAFFIC = 0, /* filter traffic leaving the port */
  INGRESS_TRAFFIC      /* steer traffic entering the port to another port */
} rrc_filter_type_t;

/* backward compatibility */
#define EGRESS_TRAFFIC_FILTERING EGRESS_TRAFFIC
#define INGRESS_TRAFFIC_STEERING INGRESS_TRAFFIC

typedef struct {
  u_int64_t packets;
  u_int64_t bytes;
} __attribute__((packed))
rrc_stats_t;

/* NOTE: all the fields of the structs reported here are in network byte order */

typedef union {
  u_int8_t   u6_addr8[16];
  u_int16_t  u6_addr16[8];
  u_int32_t  u6_addr32[4];
} __attribute__((packed))
rrc_in6_addr_t;

typedef union {
  rrc_in6_addr_t v6;           /* an IPv6 address */
  u_int32_t v4;                   /* an IPv4 address */
} __attribute__((packed))
rrc_ip_addr_t;

typedef struct {
  rrc_ip_addr_t host;          /* The network address part */
  rrc_ip_addr_t mask;          /* The network mask */
  u_int8_t ip_version;            /* the IP address version, 4 or 6 */
} __attribute__((packed))
rrc_network_t;

typedef struct {
  u_int16_t low;                  /* the low port number of a port range */
  u_int16_t high;                 /* the high port number of a port range, if suported */
} __attribute__((packed))
rrc_port_range_t;

typedef struct {
  u_int8_t smac[6];               /* source MAC */
  u_int8_t dmac[6];               /* destination MAC */
  u_int8_t proto;                 /* L3 protocol */
  u_int8_t __padding;
  u_int16_t vlan_id;              /* VLAN id */
  rrc_network_t shost;         /* source host or network, Ipv4 or Ipv6 */
  rrc_network_t dhost;         /* destination host or network, Ipv4 or Ipv6 */
  rrc_port_range_t sport;      /* L3 source port */
  rrc_port_range_t dport;      /* L3 destination port */
} __attribute__((packed))
rrc_match_t;

typedef struct rrc_port rrc_port_t;

int rrc_init(u_int32_t flags);

rrc_port_t *rrc_port_get(int portNumber);

int rrc_add_default_rule(rrc_port_t *port, rrc_filter_type_t type, rrc_policy_t action, int redirectPortNumber);

int rrc_add_rule(rrc_port_t *port, int ruleNumber, rrc_filter_type_t type, rrc_match_t *rule, rrc_policy_t action, int redirectPortNumber);

int rrc_add_nbpf_rule(rrc_port_t *port, int ruleNumber, rrc_filter_type_t type, nbpf_rule_core_fields_t *nBPFRule, rrc_policy_t action, int redirectPortNumber);

int rrc_remove_rule(rrc_port_t *port, int ruleNumber, rrc_filter_type_t type);

int rrc_remove_all_rules(rrc_port_t *port, rrc_filter_type_t type);

int rrc_read_rule_stats(rrc_port_t *port, int ruleNumber, rrc_filter_type_t type, rrc_stats_t *stats);

int rrc_read_port_stats(rrc_port_t *port, rrc_stats_t *stats);

int rrc_port_apply(rrc_port_t *port, rrc_filter_type_t type);

int rrc_apply();

int rrc_add_mirror(rrc_port_t *in_port, rrc_port_t *out_port, rrc_match_t *rule);

int rrc_remove_mirror(rrc_port_t *out_port);

int rrc_set_load_balancer(rrc_port_t *out_ports, int num_out_ports, rrc_match_t *r);

int rrc_ifname_to_phys_port(const char *ifname);

int rrc_get_external_phys_port(int internal_phys_port);

int rrc_get_internal_phys_port(int external_phys_port);

void rrc_dump_rules(rrc_port_t *port, rrc_filter_type_t type);

void rrc_set_log_level(u_int8_t l);

void rrc_set_log_file(FILE *f);

#endif /* RRC_LIB */