Skip to content
Snippets Groups Projects
types.h 7.66 KiB
Newer Older
  • Learn to ignore specific revisions
  • #ifndef __TYPES_H__
    #define __TYPES_H__
    
    
    #define TC_ACT_OK 0
    #define TC_ACT_SHOT 2
    
    #define ENOENT 2
    #define EEXIST 17
    #define EINVAL 22
    
    
    // Flags according to RFC 9293 & https://www.iana.org/assignments/ipfix/ipfix.xhtml
    
    typedef enum tcp_flags_t {
        FIN_FLAG = 0x01,
        SYN_FLAG = 0x02,
        RST_FLAG = 0x04,
        PSH_FLAG = 0x08,
        ACK_FLAG = 0x10,
        URG_FLAG = 0x20,
        ECE_FLAG = 0x40,
        CWR_FLAG = 0x80,
        // Custom flags exported
        SYN_ACK_FLAG = 0x100,
        FIN_ACK_FLAG = 0x200,
        RST_ACK_FLAG = 0x400,
    } tcp_flags;
    
    
    // Force emitting enums/structs into the ELF
    
    const static enum tcp_flags_t *unused0 __attribute__((unused));
    
    #if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) &&                                 \
    
        __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
    
    #define bpf_ntohs(x) __builtin_bswap16(x)
    #define bpf_htons(x) __builtin_bswap16(x)
    #define bpf_ntohl(x) __builtin_bswap32(x)
    #define bpf_htonl(x) __builtin_bswap32(x)
    #elif defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) &&                                  \
    
        __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
    
    #define bpf_ntohs(x) (x)
    #define bpf_htons(x) (x)
    #define bpf_ntohl(x) (x)
    #define bpf_htonl(x) (x)
    
    #error "Endianness detection needs to be set up for your compiler?!"
    
    typedef __u8 u8;
    typedef __u16 u16;
    typedef __u32 u32;
    typedef __u64 u64;
    
    
    #define AF_INET 2
    
    #define ETH_ALEN 6
    #define ETH_P_IP 0x0800
    #define ETH_P_IPV6 0x86DD
    #define ETH_P_ARP 0x0806
    #define IPPROTO_ICMPV6 58
    
    #define DSCP_SHIFT 2
    #define DSCP_MASK 0x3F
    
    #define MAX_FILTER_ENTRIES 16
    
    #define MAX_EVENT_MD 8
    #define MAX_NETWORK_EVENTS 4
    
    #define MAX_OBSERVED_INTERFACES 6
    #define OBSERVED_DIRECTION_BOTH 3
    
    // according to field 61 in https://www.iana.org/assignments/ipfix/ipfix.xhtml
    
        MAX_DIRECTION = 2,
    
    
    // Force emitting enums/structs into the ELF
    
    const static enum direction_t *unused1 __attribute__((unused));
    
    const static u8 ip4in6[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff};
    
    typedef struct flow_metrics_t {
        // Flow start and end times as monotomic timestamps in nanoseconds
        // as output from bpf_ktime_get_ns()
        u64 start_mono_time_ts;
        u64 end_mono_time_ts;
    
        u64 bytes;
        u32 packets;
        u16 eth_protocol;
    
        // TCP Flags from https://www.ietf.org/rfc/rfc793.txt
        u16 flags;
    
        // L2 data link layer
        u8 src_mac[ETH_ALEN];
        u8 dst_mac[ETH_ALEN];
        // OS interface index
        u32 if_index_first_seen;
        struct bpf_spin_lock lock;
        u32 sampling;
        u8 direction_first_seen;
    
        // The positive errno of a failed map insertion that caused a flow
        // to be sent via ringbuffer.
        // 0 otherwise
        // https://chromium.googlesource.com/chromiumos/docs/+/master/constants/errnos.md
        u8 errno;
    
        u8 nb_observed_intf;
        u8 observed_direction[MAX_OBSERVED_INTERFACES];
        u32 observed_intf[MAX_OBSERVED_INTERFACES];
    
    } flow_metrics;
    
    // Force emitting enums/structs into the ELF
    
    const static struct flow_metrics_t *unused2 __attribute__((unused));
    
    
    typedef struct additional_metrics_t {
    
        u64 start_mono_time_ts;
        u64 end_mono_time_ts;
    
            u16 id;
            u16 flags;
            u8 errno;
        } dns_record;
    
            u32 packets;
            u32 latest_drop_cause;
    
            u16 latest_flags;
            u8 latest_state;
    
        u8 network_events[MAX_NETWORK_EVENTS][MAX_EVENT_MD];
    
        struct translated_flow_t {
            u8 saddr[IP_MAX_LEN];
            u8 daddr[IP_MAX_LEN];
            u16 sport;
            u16 dport;
            u16 zone_id;
        } translated_flow;
    
        u16 eth_protocol;
        u8 network_events_idx;
    
    // Force emitting enums/structs into the ELF
    
    const static struct additional_metrics_t *unused3 __attribute__((unused));
    const static struct dns_record_t *unused4 __attribute__((unused));
    const static struct pkt_drops_t *unused5 __attribute__((unused));
    const static struct translated_flow_t *unused6 __attribute__((unused));
    const static struct observed_intf_t *unused13 __attribute__((unused));
    
    // Attributes that uniquely identify a flow
    typedef struct flow_id_t {
        // L3 network layer
        // IPv4 addresses are encoded as IPv6 addresses with prefix ::ffff/96
        // as described in https://datatracker.ietf.org/doc/html/rfc4038#section-4.2
    
        u8 icmp_type;
        u8 icmp_code;
    
    // Force emitting enums/structs into the ELF
    
    const static struct flow_id_t *unused7 __attribute__((unused));
    
    // Flow record is a tuple containing both flow identifier and metrics. It is used to send
    // a complete flow via ring buffer when only when the accounting hashmap is full.
    // Contents in this struct must match byte-by-byte with Go's pkc/flow/Record struct
    typedef struct flow_record_t {
        flow_id id;
        flow_metrics metrics;
    
    // Force emitting enums/structs into the ELF
    const struct flow_record_t *unused8 __attribute__((unused));
    
    // Internal structure: Packet info structure parsed around functions.
    typedef struct pkt_info_t {
        flow_id *id;
        u64 current_ts; // ts recorded when pkt came.
        u16 flags;      // TCP specific
        void *l4_hdr;   // Stores the actual l4 header
    
        u16 dns_id;
        u16 dns_flags;
        u64 dns_latency;
    
    // Structure for payload metadata
    typedef struct payload_meta_t {
        u32 if_index;
        u32 pkt_len;
    
        u64 timestamp; // timestamp when packet received by ebpf
    
    // DNS Flow record used as key to correlate DNS query and response
    typedef struct dns_flow_id_t {
        u16 src_port;
        u16 dst_port;
        u8 src_ip[IP_MAX_LEN];
        u8 dst_ip[IP_MAX_LEN];
        u16 id;
        u8 protocol;
    
    // Enum to define global counters keys and share it with userspace
    typedef enum global_counters_key_t {
    
        HASHMAP_FLOWS_DROPPED,
    
        FILTER_REJECT,
        FILTER_ACCEPT,
        FILTER_NOMATCH,
        NETWORK_EVENTS_ERR,
    
        NETWORK_EVENTS_ERR_GROUPID_MISMATCH,
        NETWORK_EVENTS_ERR_UPDATE_MAP_FLOWS,
        NETWORK_EVENTS_GOOD,
    
        OBSERVED_INTF_MISSED,
    
        MAX_COUNTERS,
    
    // Force emitting enums/structs into the ELF
    
    const enum global_counters_key_t *unused9 __attribute__((unused));
    
    // filter key used as key to LPM map to filter out flows that are not interesting for the user
    struct filter_key_t {
        u32 prefix_len;
        u8 ip_data[IP_MAX_LEN];
    
    
    // Force emitting enums/structs into the ELF
    
    const static struct filter_key_t *unused10 __attribute__((unused));
    
    
    // Enum to define filter action
    typedef enum filter_action_t {
    
        ACCEPT,
        REJECT,
        MAX_FILTER_ACTIONS,
    
    
    // Force emitting enums/structs into the ELF
    
    const static enum filter_action_t *unused11 __attribute__((unused));
    
    
    // filter value used as value from LPM map lookup to filter out flows that are not interesting for the user
    struct filter_value_t {
        u8 protocol;
        u16 dstPortStart;
        u16 dstPortEnd;
    
        u8 icmpType;
        u8 icmpCode;
        direction direction;
        filter_action action;
    
        u8 filter_drops;
    
        u32 sample;
    
    
    // Force emitting enums/structs into the ELF
    
    const static struct filter_value_t *unused12 __attribute__((unused));