summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--filter/raw2packet/ulogd_raw2packet_BASE.c85
-rw-r--r--include/ulogd/ipfix_protocol.h180
2 files changed, 257 insertions, 8 deletions
diff --git a/filter/raw2packet/ulogd_raw2packet_BASE.c b/filter/raw2packet/ulogd_raw2packet_BASE.c
index 52b6958..8273810 100644
--- a/filter/raw2packet/ulogd_raw2packet_BASE.c
+++ b/filter/raw2packet/ulogd_raw2packet_BASE.c
@@ -39,6 +39,7 @@
#include <netinet/ip_icmp.h>
#include <netinet/udp.h>
#include <ulogd/ulogd.h>
+#include <ulogd/ipfix_protocol.h>
/***********************************************************************
@@ -50,40 +51,64 @@ static struct ulogd_key iphdr_rets[] = {
.type = ULOGD_RET_IPADDR,
.flags = ULOGD_RETF_NONE,
.name = "ip.saddr",
- .ipfix = { .vendor = 0, .field_id = 8 },
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_sourceIPv4Address,
+ },
},
{
.type = ULOGD_RET_IPADDR,
.flags = ULOGD_RETF_NONE,
.name = "ip.daddr",
- .ipfix = { .vendor = 0, .field_id = 12 },
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_destinationIPv4Address,
+ },
},
{
.type = ULOGD_RET_UINT8,
.flags = ULOGD_RETF_NONE,
.name = "ip.protocol",
- .ipfix = { .vendor = 0, .field_id = 4 },
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_protocolIdentifier,
+ },
},
{
.type = ULOGD_RET_UINT8,
.flags = ULOGD_RETF_NONE,
.name = "ip.tos",
- .ipfix = { .vendor = 0, .field_id = 5 },
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_classOfServiceIPv4,
+ },
},
{
.type = ULOGD_RET_UINT8,
.flags = ULOGD_RETF_NONE,
.name = "ip.ttl",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_ipTimeToLive,
+ },
},
{
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
.name = "ip.totlen",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_totalLengthIPv4,
+ },
},
{
.type = ULOGD_RET_UINT8,
.flags = ULOGD_RETF_NONE,
.name = "ip.ihl",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_internetHeaderLengthIPv4,
+ },
},
{
.type = ULOGD_RET_UINT16,
@@ -94,11 +119,19 @@ static struct ulogd_key iphdr_rets[] = {
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
.name = "ip.id",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_identificationIPv4,
+ },
},
{
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
.name = "ip.fragoff",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_fragmentOffsetIPv4,
+ },
},
/* 10 */
@@ -107,23 +140,37 @@ static struct ulogd_key iphdr_rets[] = {
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
.name = "tcp.sport",
- .ipfix = { .vendor = 0, .field_id = 7 },
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_tcpSourcePort,
+ },
},
{
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
.name = "tcp.dport",
- .ipfix = { .vendor = 0, .field_id = 11 },
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_tcpDestinationPort,
+ },
},
{
.type = ULOGD_RET_UINT32,
.flags = ULOGD_RETF_NONE,
.name = "tcp.seq",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_tcpSequenceNumber,
+ },
},
{
.type = ULOGD_RET_UINT32,
.flags = ULOGD_RETF_NONE,
.name = "tcp.ackseq",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_tcpAcknowledgementNumber,
+ },
},
{
.type = ULOGD_RET_UINT8,
@@ -139,6 +186,10 @@ static struct ulogd_key iphdr_rets[] = {
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
.name = "tcp.window",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_tcpWindowSize,
+ },
},
{
.type = ULOGD_RET_BOOL,
@@ -149,6 +200,10 @@ static struct ulogd_key iphdr_rets[] = {
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
.name = "tcp.urgp",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_tcpUrgentPointer,
+ },
},
{
.type = ULOGD_RET_BOOL,
@@ -197,13 +252,19 @@ static struct ulogd_key iphdr_rets[] = {
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
.name = "udp.sport",
- .ipfix = { .vendor = 0, .field_id = 7 },
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_udpSourcePort,
+ },
},
{
.type = ULOGD_RET_UINT16,
.flags = ULOGD_RETF_NONE,
.name = "udp.dport",
- .ipfix = { .vendor = 0, .field_id = 11 },
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_udpDestinationPort,
+ },
},
{
.type = ULOGD_RET_UINT16,
@@ -223,11 +284,19 @@ static struct ulogd_key iphdr_rets[] = {
.type = ULOGD_RET_UINT8,
.flags = ULOGD_RETF_NONE,
.name = "icmp.type",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_icmpTypeIPv4,
+ },
},
{
.type = ULOGD_RET_UINT8,
.flags = ULOGD_RETF_NONE,
.name = "icmp.code",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = IPFIX_icmpCodeIPv4,
+ },
},
{
.type = ULOGD_RET_UINT16,
diff --git a/include/ulogd/ipfix_protocol.h b/include/ulogd/ipfix_protocol.h
index 95241cd..d067353 100644
--- a/include/ulogd/ipfix_protocol.h
+++ b/include/ulogd/ipfix_protocol.h
@@ -28,5 +28,185 @@ struct ipfix_vendor_field {
u_int32_t enterprise_num;
};
+/* Information Element Identifiers as of draft-ietf-ipfix-info-11.txt */
+enum {
+ IPFIX_octetDeltaCount = 1,
+ IPFIX_packetDeltaCount = 2,
+ /* reserved */
+ IPFIX_protocolIdentifier = 4,
+ IPFIX_classOfServiceIPv4 = 5,
+ IPFIX_tcpControlBits = 6,
+ IPFIX_sourceTransportPort = 7,
+ IPFIX_sourceIPv4Address = 8,
+ IPFIX_sourceIPv4Mask = 9,
+ IPFIX_ingressInterface = 10,
+ IPFIX_destinationTransportPort = 11,
+ IPFIX_destinationIPv4Address = 12,
+ IPFIX_destinationIPv4Mask = 13,
+ IPFIX_egressInterface = 14,
+ IPFIX_ipNextHopIPv4Address = 15,
+ IPFIX_bgpSourceAsNumber = 16,
+ IPFIX_bgpDestinationAsNumber = 17,
+ IPFIX_bgpNextHopIPv4Address = 18,
+ IPFIX_postMCastPacketDeltaCount = 19,
+ IPFIX_postMCastOctetDeltaCount = 20,
+ IPFIX_flowEndSysUpTime = 21,
+ IPFIX_flowStartSysUpTime = 22,
+ IPFIX_postOctetDeltaCount = 23,
+ IPFIX_postPacketDeltaCount = 24,
+ IPFIX_minimumPacketLength = 25,
+ IPFIX_maximumPacketLength = 26,
+ IPFIX_sooureIPv6Address = 27,
+ IPFIX_destinationIPv6Address = 28,
+ IPFIX_sourceIPv6Mask = 29,
+ IPFIX_destinationIPv6Mask = 30,
+ IPFIX_flowLabelIPv6 = 31,
+ IPFIX_icmpTypeCodeIPv4 = 32,
+ IPFIX_igmpType = 33,
+ /* reserved */
+ /* reserved */
+ IPFIX_flowActiveTimeOut = 36,
+ IPFIX_flowInactiveTimeout = 37,
+ /* reserved */
+ /* reserved */
+ IPFIX_exportedOctetTotalCount = 40,
+ IPFIX_exportedMessageTotalCount = 41,
+ IPFIX_exportedFlowTotalCount = 42,
+ /* reserved */
+ IPFIX_sourceIPv4Prefix = 44,
+ IPFIX_destinationIPv4Prefix = 45,
+ IPFIX_mplsTopLabelType = 46,
+ IPFIX_mplsTopLabelIPv4Address = 47,
+ /* reserved */
+ /* reserved */
+ /* reserved */
+ /* reserved */
+ IPFIX_minimumTtl = 52,
+ IPFIX_maximumTtl = 53,
+ IPFIX_identificationIPv4 = 54,
+ IPFIX_postClassOfServiceIPv4 = 55,
+ IPFIX_sourceMacAddress = 56,
+ IPFIX_postDestinationMacAddr = 57,
+ IPFIX_vlanId = 58,
+ IPFIX_postVlanId = 59,
+ IPFIX_ipVersion = 60,
+ /* reserved */
+ IPFIX_ipNextHopIPv6Address = 62,
+ IPFIX_bgpNexthopIPv6Address = 63,
+ IPFIX_ipv6ExtensionHeaders = 64,
+ /* reserved */
+ /* reserved */
+ /* reserved */
+ /* reserved */
+ /* reserved */
+ IPFIX_mplsTopLabelStackEntry = 70,
+ IPFIX_mplsLabelStackEntry2 = 71,
+ IPFIX_mplsLabelStackEntry3 = 72,
+ IPFIX_mplsLabelStackEntry4 = 73,
+ IPFIX_mplsLabelStackEntry5 = 74,
+ IPFIX_mplsLabelStackEntry6 = 75,
+ IPFIX_mplsLabelStackEntry7 = 76,
+ IPFIX_mplsLabelStackEntry8 = 77,
+ IPFIX_mplsLabelStackEntry9 = 78,
+ IPFIX_mplsLabelStackEntry10 = 79,
+ IPFIX_destinationMacAddress = 80,
+ IPFIX_postSourceMacAddress = 81,
+ /* reserved */
+ /* reserved */
+ /* reserved */
+ IPFIX_octetTotalCount = 85,
+ IPFIX_packetTotalCount = 86,
+ /* reserved */
+ IPFIX_fragmentOffsetIPv4 = 88,
+ /* reserved */
+ IPFIX_bgpNextAdjacentAsNumber = 128,
+ IPFIX_bgpPrevAdjacentAsNumber = 129,
+ IPFIX_exporterIPv4Address = 130,
+ IPFIX_exporterIPv6Address = 131,
+ IPFIX_droppedOctetDeltaCount = 132,
+ IPFIX_droppedPacketDeltaCount = 133,
+ IPFIX_droppedOctetTotalCount = 134,
+ IPFIX_droppedPacketTotalCount = 135,
+ IPFIX_flowEndReason = 136,
+ IPFIX_classOfServiceIPv6 = 137,
+ IPFIX_postClassOFServiceIPv6 = 138,
+ IPFIX_icmpTypeCodeIPv6 = 139,
+ IPFIX_mplsTopLabelIPv6Address = 140,
+ IPFIX_lineCardId = 141,
+ IPFIX_portId = 142,
+ IPFIX_meteringProcessId = 143,
+ IPFIX_exportingProcessId = 144,
+ IPFIX_templateId = 145,
+ IPFIX_wlanChannelId = 146,
+ IPFIX_wlanSsid = 147,
+ IPFIX_flowId = 148,
+ IPFIX_sourceId = 149,
+ IPFIX_flowStartSeconds = 150,
+ IPFIX_flowEndSeconds = 151,
+ IPFIX_flowStartMilliSeconds = 152,
+ IPFIX_flowEndMilliSeconds = 153,
+ IPFIX_flowStartMicroSeconds = 154,
+ IPFIX_flowEndMicroSeconds = 155,
+ IPFIX_flowStartNanoSeconds = 156,
+ IPFIX_flowEndNanoSeconds = 157,
+ IPFIX_flowStartDeltaMicroSeconds = 158,
+ IPFIX_flowEndDeltaMicroSeconds = 159,
+ IPFIX_systemInitTimeMilliSeconds= 160,
+ IPFIX_flowDurationMilliSeconds = 161,
+ IPFIX_flowDurationMicroSeconds = 162,
+ IPFIX_observedFlowTotalCount = 163,
+ IPFIX_ignoredPacketTotalCount = 164,
+ IPFIX_ignoredOctetTotalCount = 165,
+ IPFIX_notSentFlowTotalCount = 166,
+ IPFIX_notSentPacketTotalCount = 167,
+ IPFIX_notSentOctetTotalCount = 168,
+ IPFIX_destinationIPv6Prefix = 169,
+ IPFIX_sourceIPv6Prefix = 170,
+ IPFIX_postOctetTotalCount = 171,
+ IPFIX_postPacketTotalCount = 172,
+ IPFIX_flowKeyIndicator = 173,
+ IPFIX_postMCastPacketTotalCount = 174,
+ IPFIX_postMCastOctetTotalCount = 175,
+ IPFIX_icmpTypeIPv4 = 176,
+ IPFIX_icmpCodeIPv4 = 177,
+ IPFIX_icmpTypeIPv6 = 178,
+ IPFIX_icmpCodeIPv6 = 179,
+ IPFIX_udpSourcePort = 180,
+ IPFIX_udpDestinationPort = 181,
+ IPFIX_tcpSourcePort = 182,
+ IPFIX_tcpDestinationPort = 183,
+ IPFIX_tcpSequenceNumber = 184,
+ IPFIX_tcpAcknowledgementNumber = 185,
+ IPFIX_tcpWindowSize = 186,
+ IPFIX_tcpUrgentPointer = 187,
+ IPFIX_tcpHeaderLength = 188,
+ IPFIX_ipHeaderLength = 189,
+ IPFIX_totalLengthIPv4 = 190,
+ IPFIX_payloadLengthIPv6 = 191,
+ IPFIX_ipTimeToLive = 192,
+ IPFIX_nextHeaderIPv6 = 193,
+ IPFIX_ipClassOfService = 194,
+ IPFIX_ipDiffServCodePoint = 195,
+ IPFIX_ipPrecedence = 196,
+ IPFIX_fragmentFlagsIPv4 = 197,
+ IPFIX_octetDeltaSumOfSquares = 198,
+ IPFIX_octetTotalSumOfSquares = 199,
+ IPFIX_mplsTopLabelTtl = 200,
+ IPFIX_mplsLabelStackLength = 201,
+ IPFIX_mplsLabelStackDepth = 202,
+ IPFIX_mplsTopLabelExp = 203,
+ IPFIX_ipPayloadLength = 204,
+ IPFIX_udpMessageLength = 205,
+ IPFIX_isMulticast = 206,
+ IPFIX_internetHeaderLengthIPv4 = 207,
+ IPFIX_ipv4Options = 208,
+ IPFIX_tcpOptions = 209,
+ IPFIX_paddingOctets = 210,
+ /* reserved */
+ /* reserved */
+ IPFIX_headerLengthIPv4 = 213,
+ IPFIX_mplsPayloadLength = 214,
+};
+
#endif