2022-02-11 13:38:08 +01:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
|
|
#include <iostream>
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
|
2022-03-13 16:18:21 +01:00
|
|
|
enum direction_t { INCOMING = 0, OUTGOING, INTERNAL, OTHER };
|
2022-02-15 17:36:17 +01:00
|
|
|
enum source_t { UNKNOWN = 0, MIRROR = 1, SFLOW = 2, NETFLOW = 3, TERAFLOW = 4 };
|
2022-02-11 13:38:08 +01:00
|
|
|
|
|
|
|
|
// simplified packet struct for lightweight save into memory
|
2022-02-11 13:38:08 +01:00
|
|
|
class simple_packet_t {
|
2022-02-11 13:38:08 +01:00
|
|
|
public:
|
2022-02-15 17:36:17 +01:00
|
|
|
// Source plugin for this traffic type
|
|
|
|
|
source_t source = UNKNOWN;
|
|
|
|
|
|
2022-05-06 00:59:19 +02:00
|
|
|
uint32_t sample_ratio = 1;
|
|
|
|
|
|
|
|
|
|
/* IPv4 in big endian, network byte order */
|
|
|
|
|
uint32_t src_ip = 0;
|
|
|
|
|
uint32_t dst_ip = 0;
|
|
|
|
|
|
2022-02-11 13:38:08 +01:00
|
|
|
/* IPv6 */
|
2022-05-06 00:59:19 +02:00
|
|
|
in6_addr src_ipv6{};
|
|
|
|
|
in6_addr dst_ipv6{};
|
2022-02-15 17:36:17 +01:00
|
|
|
|
|
|
|
|
/* ASN's */
|
|
|
|
|
uint32_t src_asn = 0;
|
|
|
|
|
uint32_t dst_asn = 0;
|
|
|
|
|
|
2022-05-06 00:59:19 +02:00
|
|
|
/* Physical port numbers from network equipment */
|
|
|
|
|
/* Added after 2.0.71 */
|
2022-02-20 01:19:29 +01:00
|
|
|
uint32_t input_interface = 0;
|
|
|
|
|
uint32_t output_interface = 0;
|
|
|
|
|
|
2022-05-06 00:59:19 +02:00
|
|
|
uint8_t ip_protocol_version = 4; /* IPv4 or IPv6 */
|
|
|
|
|
uint8_t ttl = 0;
|
|
|
|
|
uint16_t source_port = 0;
|
|
|
|
|
uint16_t destination_port = 0;
|
|
|
|
|
uint32_t protocol = 0;
|
|
|
|
|
uint64_t length = 0;
|
2022-02-11 13:38:08 +01:00
|
|
|
uint64_t ip_length = 0; /* IP packet total length. We use it in addition to length because flow spec rule need this length */
|
2022-05-06 00:59:19 +02:00
|
|
|
uint64_t number_of_packets = 1; /* for netflow */
|
|
|
|
|
uint8_t flags = 0; /* tcp flags */
|
|
|
|
|
bool ip_fragmented = false; /* If IP packet fragmented */
|
|
|
|
|
bool ip_dont_fragment = false; /* If IP has don't fragment flag */
|
2022-02-11 13:38:08 +01:00
|
|
|
|
2022-05-06 00:59:19 +02:00
|
|
|
// Time when we actually received this packet, we use quite rough and inaccurate but very fast time source for it
|
|
|
|
|
time_t arrival_time = 0;
|
2022-02-11 13:38:08 +01:00
|
|
|
|
2022-05-06 00:59:19 +02:00
|
|
|
// Timestamp of packet as reported by Netflow or IPFIX agent on device, it may be very inaccurate as nobody cares about time on equipment
|
|
|
|
|
struct timeval ts = { 0, 0 };
|
2022-02-11 13:38:08 +01:00
|
|
|
|
2022-05-06 00:59:19 +02:00
|
|
|
void* packet_payload_pointer = nullptr;
|
|
|
|
|
int32_t packet_payload_length = 0;
|
2022-02-11 13:38:08 +01:00
|
|
|
uint32_t packet_payload_full_length = 0; // In case of cropped packets we use this
|
|
|
|
|
|
|
|
|
|
// vlan tag if we can extract it
|
|
|
|
|
uint32_t vlan = 0;
|
|
|
|
|
|
2022-02-20 01:19:29 +01:00
|
|
|
// Device uptime when flow started
|
|
|
|
|
int64_t flow_start = 0;
|
|
|
|
|
// Device uptime when flow fnishes
|
|
|
|
|
int64_t flow_end = 0;
|
|
|
|
|
|
2022-05-06 00:59:19 +02:00
|
|
|
// field too
|
|
|
|
|
// We store packet direction here because direction calculation is very
|
|
|
|
|
// difficult task for cpu
|
2022-03-13 16:18:21 +01:00
|
|
|
direction_t packet_direction = OTHER;
|
2022-02-15 17:36:17 +01:00
|
|
|
|
|
|
|
|
// IP address of device which send this flow
|
|
|
|
|
uint32_t agent_ip_address = 0;
|
2022-02-11 13:38:08 +01:00
|
|
|
};
|
