home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
sustworks.com
/
2014.06.sustworks.com.tar
/
sustworks.com
/
open_source_IPNetMonitor_TNKE.dmg
/
ipkTypes.h
< prev
next >
Wrap
Text File
|
2005-08-22
|
12KB
|
351 lines
//
// ipkTypes.h
// IPNetSentryX
//
// Created by Peter Sichel on Thu Nov 14 2002.
// Copyright (c) 2002 Sustainable Softworks, Inc. All rights reserved.
//
// IPNetSentry_NKE and IPNetRouter_NKE shared types
// This module is designed to be tested as client code and then incorporated
// as part of our NKE
#ifndef _H_ipkTypes
#define _H_ipkTypes
#pragma once
#include <sys/types.h>
#include <sys/time.h>
#include <libkern/OSTypes.h>
#include <netinet/kpi_ipfilter.h>
#define kBSDNameLength 16
#define kServiceIDNameLength 48
// ---------------------------------------------------------------------------
// InterfaceEntry
// ---------------------------------------------------------------------------
// define interfaceEntry to represent interface attach parameters
typedef struct netNumber {
u_int32_t address;
u_int32_t mask;
} netNumber_t;
typedef struct KFT_interfaceEntry {
char bsdName[kBSDNameLength]; // corresponding interface name (CString)
char serviceID[kServiceIDNameLength];
netNumber_t ifNet;
netNumber_t natNet;
netNumber_t singleNet;
netNumber_t excludeNet;
u_int32_t exposedHost;
u_int8_t exposedHostSelection;
u_int8_t filterOn; // IP filter on this interface
u_int8_t externalOn;
u_int8_t natOn; // NAT on this interface
} KFT_interfaceEntry_t;
// ---------------------------------------------------------------------------
// Control and Attach instance
// ---------------------------------------------------------------------------
// maximum number of controllers and DLIL attachments use index values 1..n
// 0 is reserved for "not found"
#define kMaxControl 8
#define kMaxAttach 8
// controller instance
typedef struct controlE {
socket_t ctl; // Non-null if controlled
int monitorOn; // master on/off for this controller
int nkeSends; // count packets sent upstream since last request
// so we don't flood input queue when no one is listening
u_int8_t attachMap[kMaxAttach+1]; // map of corresponding DLIL attachments if any
// map[i]>0 if attached
} control_t;
// DLIL attach instance
typedef struct attachE {
ipfilter_t ipFilterRef;
interface_filter_t ifFilterRef;
KFT_interfaceEntry_t kftInterfaceEntry;
// monitor tool
int32_t sendCount; // traffic stats for instance
int32_t receiveCount;
int32_t sendStamp; // capture and hold previous counts for reporting
int32_t receiveStamp;
// ref
ifnet_t ifnet_ref; // the ifnet we attached to
u_int8_t attachIndex; // remember our own attach index for convenience
u_int8_t pad1;
u_int8_t pad2;
u_int8_t pad3;
} attach_t;
typedef struct KFT_stat64 {
int64_t count;
int64_t previous;
int64_t delta;
} KFT_stat64_t;
typedef struct KFT_stat {
int32_t count;
int32_t previous;
int32_t delta;
int32_t pad;
} KFT_stat_t;
// ---------------------------------------------------------------------------
// Filter Entry
// ---------------------------------------------------------------------------
#define kPropertySize 128
#define kPropertyReserve 32
// define filter table entry
typedef struct KFT_filterEntry {
u_int16_t nodeCount;
u_int8_t pad0;
u_int8_t enabled;
u_int8_t nodeNumber[16];
u_int8_t nodeName[32];
u_int8_t property;
u_int8_t relation;
u_int8_t filterAction;
u_int8_t expandedState;
int32_t lastTime;
KFT_stat64_t match;
KFT_stat64_t byte;
int32_t rateLimit; // rate limit in bytes/sec
int32_t intervalBytes;
int16_t activeInCount;
int16_t activeOutCount;
u_int8_t propertyValue[kPropertySize]; // |propertyValue -> <- parameterValue|
u_int8_t pad1;
u_int8_t propertyEnd;
u_int8_t parameterStart;
} KFT_filterEntry_t;
// ---------------------------------------------------------------------------
// Trigger Entry
// ---------------------------------------------------------------------------
// define trigger table entry used to maintain triggered addresses
typedef struct KFT_triggerEntry {
u_int32_t address; // address and type are used together as an 8-byte key
u_int32_t type;
u_int32_t lastTime;
u_int32_t durationSeconds;
u_int8_t duration;
u_int8_t flags;
u_int8_t pad0;
u_int8_t pad1;
KFT_stat_t match;
u_int8_t nodeNumber[16];
} KFT_triggerEntry_t;
#define kTriggerTypeTrigger 0
#define kTriggerTypeAddress 1
#define kTriggerTypeAuthorize 2
#define kTriggerFlagDelete 1
#define kTriggerFlagUpdate 2
#define kTriggerFlagRemoveAll 4
typedef struct KFT_triggerKey {
u_int32_t address; // address and type are used together as an 8-byte key
u_int32_t type;
} KFT_triggerKey_t;
// ---------------------------------------------------------------------------
// Connection Endpoint
// ---------------------------------------------------------------------------
// define Connection endpoint, MSB->LSB: protocol, port, address
// so that adjacent entries will be in protocol, port order.
typedef struct KFT_connectionEndpoint {
u_int16_t port;
u_int8_t pad;
u_int8_t protocol;
u_int32_t address;
} KFT_connectionEndpoint_t;
// ---------------------------------------------------------------------------
// NAT Entry
// ---------------------------------------------------------------------------
// define NAT table
typedef struct KFT_natEntry {
KFT_connectionEndpoint_t apparent;
KFT_connectionEndpoint_t actual;
KFT_connectionEndpoint_t remote;
u_int32_t lastTime; // NSTimeInterval since 1970
u_int32_t flags;
char bsdName[kBSDNameLength]; // corresponding interface name (CString)
// NAPT
u_int16_t portRange; // offset to last port in port range
u_int32_t seqFINLocal; // seq# to check for last ACK
u_int32_t seqFINPeer;
// u_int16_t identification; // from IP header
// u_int16_t fragmentOffset;
// u_int32_t seqInitial; // used to offset seq and ack #'s
// int16_t seqOffset; // for content masquerading
// u_int32_t seqInitial2; // used to offset seq and ack #'s
// int16_t seqOffset2; // for content masquerading
// int16_t seqOffsetPrev;
} KFT_natEntry_t;
// Values for NAT entry Flags
#define kNatFlagFINLocal 1 // Seen TCP FIN from local host
#define kNatFlagFINPeer 2 // Seen TCP FIN from peer
#define kNatFlagFINAckLocal 4 // Seen TCP FIN Ack from local host
#define kNatFlagFINAckPeer 8 // Seen TCP FIN Ack from peer
#define kNatFlagNonSyn 0x80 // Sent more than a Syn
#define kNatFlagDelete 0x0100
#define kNatFlagUpdate 0x0200
#define kNatFlagRemoveAll 0x0400
// ---------------------------------------------------------------------------
// Fragment Entry
// ---------------------------------------------------------------------------
// define IP Fragment table
typedef struct KFT_fragmentId {
u_int16_t pad;
u_int16_t identification;
u_int32_t srcAddress;
} KFT_fragmentId_t;
typedef struct KFT_fragmentEntry {
KFT_fragmentId_t fragment;
u_int32_t lastTime; // NSTimeInterval since 1970 (in seconds)
u_int16_t srcPort; // source and dest ports needed to lookup connection entry
u_int16_t dstPort; // for subsequent fragments
} KFT_fragmentEntry_t;
// ---------------------------------------------------------------------------
// Connection Entry
// ---------------------------------------------------------------------------
// define connection table entry used to maintain connection state
// track sequence numbers as a linked list off the connection entry so we can manipulate out of order
// keep separate lists for connection packets recieved (r) and sent (s)
typedef struct KFT_seqEntry {
void* next; // next seqEntry if any
void* prev; // prev seqEntry if any
u_int32_t seqNext; // sent+size+SYN+FIN, next byte in sequence, or ack number for this segment
u_int32_t ackWin; // advertized window sent with ack of this segment (used for retransmission and removal)
u_int16_t dup; // count duplicates sent
u_int16_t flags;
double sentTime;
double ackTime;
double deliverTime;
} KFT_seqEntry_t;
#define kSeqFlag_sent 1
#define kSeqFlag_ack 2
#define kSeqFlag_deliver 4
typedef struct KFT_seqList {
KFT_seqEntry_t* head;
KFT_seqEntry_t* tail;
u_int32_t count;
} KFT_seqList_t;
typedef struct KFT_connectionInfo { // one for each direction received (r) and sent (s)
double rtt; // smoothed rtt estimate for my packets
u_int32_t intervalBytes; // number of bytes sent so far this interval
u_int32_t targetBytes; // target bytes to send this interval if rate limited
u_int32_t seqNext; // seq of last byte sent plus 1 or ack number expected for last segment
u_int32_t ackReceived; // highest ack delivered from peer or local ISN
int32_t rwin; // receive window from peer (for ackReceived)
int32_t rwinUsed; // highest seq# sent - ackReceived
int32_t rwinRemain; // rwin - rwinUsed
u_int16_t scale; // window scale factor
u_int16_t mss; // mss option sent to peer
u_int16_t rateLimitRule; // index of rule in filter table (for rate limit bandwidth bytes/sec)
u_int16_t pad;
} KFT_connectionInfo_t;
typedef struct KFT_connectionEntry {
KFT_connectionEndpoint_t remote;
KFT_connectionEndpoint_t local;
KFT_stat_t dataIn;
KFT_stat_t dataOut;
u_int32_t lastTime;
u_int32_t firstTime;
u_int32_t lastReport;
u_int32_t flags;
u_int16_t dropCount;
// connection state
u_int32_t seqFINLocal; // seq# to check for last ACK
u_int32_t seqFINPeer;
// bandwidth management
double intervalStart;
KFT_connectionInfo_t rInfo;
KFT_connectionInfo_t sInfo;
KFT_seqList_t rSeqList;
KFT_seqList_t sSeqList;
// soure aware routing
u_long filterID; // interface where packet arrived from
u_int8_t remoteHW[6];
u_int8_t localHW[6];
//char bsdName[kBSDNameLength]; // corresponding interface name (CString)
} KFT_connectionEntry_t;
// Values for Connection entry Flags
#define kConnectionFlagFINLocal 1 // Seen TCP FIN from local host
#define kConnectionFlagFINPeer 2 // Seen TCP FIN from peer
#define kConnectionFlagFINAckLocal 4 // Seen TCP FIN Ack from local host
#define kConnectionFlagFINAckPeer 8 // Seen TCP FIN Ack from peer
#define kConnectionFlagClosed 0x40 // Closed by firewall
#define kConnectionFlagNonSyn 0x80 // Sent more than a Syn
#define kConnectionFlagDelete 0x0100
#define kConnectionFlagUpdate 0x0200
// Ethernet Address
typedef struct {
u_int8_t octet[6];
} EthernetAddress_t;
// ---------------------------------------------------------------------------
// Bridge Entry
// ---------------------------------------------------------------------------
// define bridge table entry used to do Ethernet bridging (16 bytes/entry)
typedef struct KFT_bridgeEntry {
u_long filterID; // data link (port) packet arrived on
u_int32_t lastTime; // last time we saw or used this address (tv_sec)
EthernetAddress_t ea; // hardware MAC address
u_int8_t portInfo; // count port conflicts
u_int8_t flags;
} KFT_bridgeEntry_t;
#define kBridgeFlagOutbound 0x01 // direction of packet seen
#define kBridgeFlagDelete 0x40
#define kBridgeFlagUpdate 0x80
#define kMaskConflictCount 0x0F
#define kMaskAttachIndex 0xF0
// ---------------------------------------------------------------------------
// packet data
// ---------------------------------------------------------------------------
// structure used to pass around packets
typedef struct KFT_packetData {
struct ifnet **ifnet_ptr;
struct mbuf **mbuf_ptr; // pointer to mbuf chain
char **frame_ptr; // frame pointer
attach_t* myAttach; // pointer to interface attach instance for this datagram
KFT_filterEntry_t* kftEntry; // matching filter entry
KFT_triggerEntry_t* triggerEntry; // matching trigger entry
KFT_connectionEntry_t* connectionEntry; // matching connection state entry
KFT_natEntry_t* natEntry; // matching nat entry if any
u_int8_t* datagram; // start of datagram in first mbuf
int segmentLen; // length of data segment
u_int16_t rateLimitInRule;
u_int16_t rateLimitOutRule;
u_int16_t ipOffset; // integer offset to start of IP datagram within mbuf data
u_int16_t matchOffset; // base for relative data content matching
u_int16_t textOffset; // display what we found
u_int16_t textLength;
u_int8_t direction; // 0=output, 1=input (from which intercept was called)
u_int8_t ifType; // from ifnet
u_int8_t ifHeaderLen; // length of frame header
u_int8_t ipHeaderLen;
u_int8_t transportHeaderLen;
u_int8_t leafAction; // remember leaf action for children if any
u_int8_t dontLog; // mark as not to be logged (1 = dont log)
u_int8_t bridgeNonIP; // Ethernet and not IP
} KFT_packetData_t;
#endif