📄 ftlib.h
字号:
/* * Copyright (c) 2001 Mark Fullmer and The Ohio State University * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $Id: ftlib.h,v 1.87 2003/04/03 15:06:25 maf Exp $ */#ifndef FTLIB_H#define FTLIB_H#include <sys/types.h>#include <sys/time.h>#include <sys/socket.h>#include <sys/uio.h>#include <netinet/in_systm.h>#include <netinet/in.h>#include <netinet/ip.h>#include <netinet/udp.h>#include <arpa/nameser.h>#include <sys/resource.h>#include <stdio.h>#include <zlib.h>#ifndef BIG_ENDIAN#define BIG_ENDIAN 4321#endif#ifndef LITTLE_ENDIAN#define LITTLE_ENDIAN 1234#endif#ifndef BYTE_ORDER #define BYTE_ORDER BIG_ENDIAN#endif#define SWAPINT32(y) y = \((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff));#define SWAPINT16(y) y = \ ( (((y)&0xff)<<8) | (((y)&0xff00)>>8) );/* a 64 bit quantity */#define u_int64 unsigned long long#define int64 long long/* a 32 bit quantity */#define u_int32 unsigned int#define int32 int/* a 16 bit quantity */#define u_int16 unsigned short#define int16 short/* a 8 bit quantity */#define u_int8 unsigned char#define int8 char#define u_int unsigned int#define u_long unsigned long#define u_short unsigned short#include "ftqueue.h"#include "ftpaths.h"#include "radix.h"/* * compatability */struct mymsghdr { void *msg_name; /* optional address */ int msg_namelen; /* size of address */ struct iovec *msg_iov; /* scatter/gather array */ int msg_iovlen; /* # elements in msg_iov */ void *msg_control; /* ancillary data, see below */ int msg_controllen; /* ancillary data buffer len */ int msg_flags; /* flags on received message */};/* * misc */#define FT_OPT_PERCENT 0x1#define FT_OPT_NAMES 0x2#define FT_OPT_NOBUF 0x4#define FT_OPT_TALLY 0x8#define FT_OPT_WIDE 0x10/* * stream header flags and options */#define FT_HEADER_LITTLE_ENDIAN 1 /* stream data is little endian */#define FT_HEADER_BIG_ENDIAN 2 /* stream data is big endian */#define FT_HEADER_FLAG_DONE 0x1 /* complete, safe to read */#define FT_HEADER_FLAG_COMPRESS 0x2 /* compression enabled */#define FT_HEADER_FLAG_MULT_PDU 0x4 /* multiple PDU's XXX not used */#define FT_HEADER_FLAG_STREAMING 0x8 /* stream ie flow-cat */#define FT_HEADER_FLAG_XLATE 0x10 /* stream translated from old fmt */#define FT_HEADER_FLAG_PRELOADED 0x20 /* streaming & preloaded header */#define FT_HEADER_D_VERSION_UNKNOWN 0xFFFF /* unknown export format */#define FT_HEADER_MAGIC1 0xCF /* magic number of stream */#define FT_HEADER_MAGIC2 0x10#define FT_HEADER1_CMNT_LEN 256 /* length of comment buffer */#define FT_HEADER1_HN_LEN 68 /* length of hostname buffer */#define FT_HOSTNAME_LEN 256/* stream flags */#define FT_IO_FLAG_ZINIT 0x1 /* compression initialized */#define FT_IO_FLAG_NO_SWAP 0x2 /* do not swap on write */#define FT_IO_FLAG_READ 0x4 /* stream is open for reading */#define FT_IO_FLAG_WRITE 0x8 /* stream is open for writing */#define FT_IO_FLAG_HEADER_DONE 0x10 /* header written */#define FT_IO_FLAG_MMAP 0x20 /* use mmap() for reading */#define FT_PDU_V1_MAXFLOWS 24 /* max records in V1 packet */#define FT_PDU_V5_MAXFLOWS 30 /* max records in V5 packet */#define FT_PDU_V6_MAXFLOWS 27 /* max records in V6 packet */#define FT_PDU_V7_MAXFLOWS 27 /* max records in V7 packet */#define FT_PDU_V8_1_MAXFLOWS 51 /* max records in V8 AS packet */#define FT_PDU_V8_2_MAXFLOWS 51 /* max records in V8 PROTO PORT packet */#define FT_PDU_V8_3_MAXFLOWS 44 /* max records in V8 SRC PREFIX packet */#define FT_PDU_V8_4_MAXFLOWS 44 /* max records in V8 DST PREFIX packet */#define FT_PDU_V8_5_MAXFLOWS 35 /* max records in V8 PREFIX packet */#define FT_PDU_V8_6_MAXFLOWS 44 /* max records in V8 DESTONLY packet */#define FT_PDU_V8_7_MAXFLOWS 35 /* max records in V8 SRC_DEST packet */#define FT_PDU_V8_8_MAXFLOWS 32 /* max records in V8 FULL_FLOW packet */#define FT_PDU_V8_9_MAXFLOWS 44 /* max records in V8 AS_TOS packet */#define FT_PDU_V8_10_MAXFLOWS 44 /* max records in V8 PROT_PORT_TOS packet */#define FT_PDU_V8_11_MAXFLOWS 44 /* max records in V8 SRC_PREFIX_TOS packet */#define FT_PDU_V8_12_MAXFLOWS 44 /* max records in V8 DST_PREFIX_TOS packet */#define FT_PDU_V8_13_MAXFLOWS 35 /* max records in V8 PREFIX_TOS packet */#define FT_PDU_V8_14_MAXFLOWS 35 /* max records in V8 PREFIX_PORT_TOS packet */#define FT_PDU_V8_1_VERSION 2 /* version of AS packet */#define FT_PDU_V8_2_VERSION 2 /* version of PROTO PORT packet */#define FT_PDU_V8_3_VERSION 2 /* version of SRC PREFIX packet */#define FT_PDU_V8_4_VERSION 2 /* version of DST PREFIX packet */#define FT_PDU_V8_5_VERSION 2 /* version of PREFIX packet */#define FT_PDU_V8_6_VERSION 2 /* version of DESTONLY packet */#define FT_PDU_V8_7_VERSION 2 /* version of SRC_DEST packet */#define FT_PDU_V8_8_VERSION 2 /* version of FULL_FLOW packet */#define FT_PDU_V8_9_VERSION 2 /* version of AS_TOS packet */#define FT_PDU_V8_10_VERSION 2 /* version of PROT_PORT_TOS packet */#define FT_PDU_V8_11_VERSION 2 /* version of SRC_PREFIX_TOS packet */#define FT_PDU_V8_12_VERSION 2 /* version of DST_PREFIX_TOS packet */#define FT_PDU_V8_13_VERSION 2 /* version of PREFIX_TOS packet */#define FT_PDU_V8_14_VERSION 2 /* version of PREFIX_PORT_TOS packet */#define FT_PORT 9991 /* default listen port */#define FT_IO_NBUFS 256 /* buffers to read/write */#define FT_Z_BUFSIZE 16384 /* inflate/deflate buffer size */#define FT_D_BUFSIZE 32768 /* stream data buffer size */#define FT_RCV_BUFSIZE 2048 /* enough to handle largest export */#define FT_SO_SND_BUFSIZE 1500 /* UDP send socket buffer size */#define FT_SO_RCV_BUFSIZE (4*1024*1024) /* UDP recv socket buffer size */#define FT_IO_SVERSION 3 /* stream version */#define FT_IO_MAXREC 512 /* >= max size of a flow record fts3_* */#define FT_IO_MAXDECODE 4096 /* must be >= max possible size a pdu * could expand into stream records. For * example 27 v7 streams at 60 bytes * is 1620 bytes */#define FT_IO_MAXENCODE 4096 /* must be >= max possible size a pdu * could be. really * MAX(sizeof(ftpdu_*)) + size of * ip+udp header (20+8) */#define FT_IO_MAXHEADER 16384 /* max size of header */#define FT_SEQ_RESET 1000 /* maximum number of sequence numbers * that will be counted as lost before * assuming reset. */#define FT_ENC_FLAGS_IPHDR 0x1 /* leave room for IP header */#define FT_ENC_IPHDR_LEN 28 /* IP + UDP header length */#define FT_FILE_SORT 0x1 /* sort entries */#define FT_FILE_INIT 0x2 /* initialize */#define FT_FILE_SKIPTMP 0x4 /* skip tmp files */#define FT_FILE_CHECKNAMES 0x8 /* check filenames for sanity *//* TLV_ - stream value * DEC_ - bit in internal header to indicate successful decode */#define FT_TLV_NULL 0x0 /* 0 : null */#define FT_TLV_VENDOR 0x1 /* u_int8 : vendor (1=cisco) */#define FT_FIELD_VENDOR 0x00000001L#define FT_TLV_EX_VER 0x2 /* u_int16 : export version */#define FT_FIELD_EX_VER 0x00000002L#define FT_TLV_AGG_VER 0x3 /* u_int8 : aggregation version */#define FT_FIELD_AGG_VER 0x00000004L#define FT_TLV_AGG_METHOD 0x4 /* u_int8 : aggregation method */#define FT_FIELD_AGG_METHOD 0x00000008L#define FT_TLV_EXPORTER_IP 0x5 /* u_int32 : IP of exporter */#define FT_FIELD_EXPORTER_IP 0x00000010L#define FT_TLV_CAP_START 0x6 /* u_int32 : capture start time */#define FT_FIELD_CAP_START 0x00000020L#define FT_TLV_CAP_END 0x7 /* u_int32 : capture end time */#define FT_FIELD_CAP_END 0x00000040L#define FT_TLV_HEADER_FLAGS 0x8 /* u_int32 : FT_HEADER_FLAG_* */#define FT_FIELD_HEADER_FLAGS 0x00000080L#define FT_TLV_ROT_SCHEDULE 0x9 /* u_int32 : rotation schedule */#define FT_FIELD_ROT_SCHEDULE 0x00000100L#define FT_TLV_FLOW_COUNT 0xA /* u_int32 : num flows */#define FT_FIELD_FLOW_COUNT 0x00000200L#define FT_TLV_FLOW_LOST 0xB /* u_int32 : lost flows */#define FT_FIELD_FLOW_LOST 0x00000400L#define FT_TLV_FLOW_MISORDERED 0xC /* u_int32 : misordered flows */#define FT_FIELD_FLOW_MISORDERED 0x00000800L#define FT_TLV_PKT_CORRUPT 0xD /* u_int32 : corrupt packets */#define FT_FIELD_PKT_CORRUPT 0x00001000L#define FT_TLV_SEQ_RESET 0xE /* u_int32 : times sequence # was so * far off lost/misordered * state could not be * determined */#define FT_FIELD_SEQ_RESET 0x00002000L#define FT_TLV_CAP_HOSTNAME 0xF /* string : hostname of capture dev */#define FT_FIELD_CAP_HOSTNAME 0x00004000L#define FT_TLV_COMMENTS 0x10 /* string : comments */#define FT_FIELD_COMMENTS 0x00008000L#define FT_TLV_IF_NAME 0x11 /* u_int32 u_int16 string * IP address of device * ifIndex of interface * interface name */#define FT_FIELD_IF_NAME 0x00010000L#define FT_TLV_IF_ALIAS 0x12 /* u_int32 u_int16 u_int16 string * IP address of device * ifIndex count * ifIndex of interface (count times) * alias name */#define FT_FIELD_IF_ALIAS 0x00020000L#define FT_TLV_INTERRUPT 0x13 /* u_int8 : interrupt processing * code for interrupt (0) */#define FT_FIELD_INTERRUPT 0x00040000L#define FT_VENDOR_CISCO 0x1 /* Cisco exporter */#define FT_CHASH_SORTED 0x1#define FT_CHASH_SORT_ASCENDING 0x2#define FT_CHASH_SORT_16 0x4#define FT_CHASH_SORT_32 0x8#define FT_CHASH_SORT_40 0x10#define FT_CHASH_SORT_64 0x20#define FT_CHASH_SORT_DOUBLE 0x40#define FT_CHASH_SORT_8 0x80/* possible fields in export */#define FT_XFIELD_UNIX_SECS 0x0000000000000001LL#define FT_XFIELD_UNIX_NSECS 0x0000000000000002LL#define FT_XFIELD_SYSUPTIME 0x0000000000000004LL#define FT_XFIELD_EXADDR 0x0000000000000008LL#define FT_XFIELD_DFLOWS 0x0000000000000010LL#define FT_XFIELD_DPKTS 0x0000000000000020LL#define FT_XFIELD_DOCTETS 0x0000000000000040LL#define FT_XFIELD_FIRST 0x0000000000000080LL#define FT_XFIELD_LAST 0x0000000000000100LL#define FT_XFIELD_ENGINE_TYPE 0x0000000000000200LL#define FT_XFIELD_ENGINE_ID 0x0000000000000400LL#define FT_XFIELD_SRCADDR 0x0000000000001000LL#define FT_XFIELD_DSTADDR 0x0000000000002000LL#define FT_XFIELD_NEXTHOP 0x0000000000010000LL#define FT_XFIELD_INPUT 0x0000000000020000LL#define FT_XFIELD_OUTPUT 0x0000000000040000LL#define FT_XFIELD_SRCPORT 0x0000000000080000LL#define FT_XFIELD_DSTPORT 0x0000000000100000LL#define FT_XFIELD_PROT 0x0000000000200000LL#define FT_XFIELD_TOS 0x0000000000400000LL#define FT_XFIELD_TCP_FLAGS 0x0000000000800000LL#define FT_XFIELD_SRC_MASK 0x0000000001000000LL#define FT_XFIELD_DST_MASK 0x0000000002000000LL#define FT_XFIELD_SRC_AS 0x0000000004000000LL⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -