src/preprocessors/flow/flow.h Source File

00001 #ifndef _FLOW_H
00002 #define _FLOW_H
00003 
00004 #include "flow_error.h"
00005 #include "util_math.h"
00006 #include "common_defs.h"
00007 #include "flow_print.h"
00008 #include "flow_packet.h"
00009 #include "bitop.h"
00010 
00011 #define FROM_INITIATOR 1
00012 #define FROM_RESPONDER 2
00013 
00014 /* flow flags */
00015 #define FLOW_REVERSED 0x00000001 /**< this flow was swapped */
00016 #define FLOW_CLOSEME  0x00000002 /**< shutdown this flow ASAP */
00017 
00018 typedef struct _FLOWDATA
00019 {
00020     BITOP boFlowbits;
00021     unsigned char flowb[1];
00022 } FLOWDATA;
00023 
00024 typedef enum {
00025     FLOW_NEW, /**< first packet in flow */
00026     FLOW_FIRST_BIDIRECTIONAL,  /**< first response packet in flow */
00027     FLOW_ADDITIONAL, /**< additional data on an existing flow */
00028     FLOW_SHUTDOWN,  /**< shutdown of a existing flow due to timeout or protocol layer */
00029     FLOW_MAX /** this should not be used and should always be the
00030                  biggest in the enum for flow_callbacks() */
00031 } FLOW_POSITION;
00032 
00033 typedef struct _FLOWKEY
00034 {
00035     u_int32_t init_address;
00036     u_int32_t resp_address;
00037     u_int16_t init_port;
00038     u_int16_t resp_port;
00039     u_int8_t  protocol;
00040 } FLOWKEY;
00041 
00042 typedef struct _FLOWSTATS
00043 {
00044     time_t first_packet;
00045     time_t last_packet;
00046 
00047     u_int32_t packets_sent;
00048     u_int32_t packets_recv;
00049 
00050     u_int32_t bytes_sent;
00051     u_int32_t bytes_recv;
00052 
00053     u_int32_t flow_flags; /* normal, timeout, etc. */
00054     
00055     char first_talker;
00056     char last_talker;    
00057     u_int16_t alerts_seen;
00058 
00059     char direction;
00060 
00061 } FLOWSTATS;
00062 
00063 typedef struct _FLOW
00064 {
00065     FLOWKEY key; 
00066     FLOWSTATS stats;
00067     FLOWDATA data;
00068 } FLOW;
00069 
00070 typedef enum {
00071     HASH1 = 1,
00072     HASH2 = 2
00073 } FLOWHASHID;
00074     
00075 
00076 int flow_init(FLOW *flow, char protocol,
00077               u_int32_t init_address, u_int16_t init_port,
00078               u_int32_t resp_address, u_int16_t resp_port);
00079 
00080 int flow_alloc(int family, FLOW **flow, int *size);
00081 
00082 /** 
00083  * Mark a flow with a particular flag
00084  * 
00085  * @param flow 
00086  * @param flags 
00087  */
00088 static INLINE void flow_mark(FLOW *flow, int flags)
00089 {
00090     flow->stats.flow_flags |= flags;
00091 }
00092 
00093 /** 
00094  * Check to see if a particular flag exists
00095  * 
00096  * @param flow 
00097  * @param flags 
00098  */
00099 static INLINE int flow_checkflag(FLOW *flow, u_long flags)
00100 {
00101     return ((flow->stats.flow_flags & flags) == flags);
00102 }
00103 
00104 int flowkey_reverse(FLOWKEY *key);
00105 int flowkey_make(FLOWKEY *key, FLOWPACKET *p);
00106 int flowkey_print(FLOWKEY *key);
00107 int flowkey_normalize(FLOWKEY *dst, const FLOWKEY *src);
00108 int flowkeycmp_fcn(const void *s1, const void *s2, size_t n);
00109 
00110 
00111 #endif /* _FLOW_H */