00001 /* $Id$ */ 00002 /* 00003 ** perf-flow.h 00004 ** 00005 ** Copyright (C) 2002 Sourcefire,Inc 00006 ** Marc Norton <mnorton@sourcefire.com> 00007 ** Dan Roelker <droelker@sourcefire.com> 00008 ** 00009 ** 00010 ** This program is free software; you can redistribute it and/or modify 00011 ** it under the terms of the GNU General Public License as published by 00012 ** the Free Software Foundation; either version 2 of the License, or 00013 ** (at your option) any later version. 00014 ** 00015 ** This program is distributed in the hope that it will be useful, 00016 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 00017 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00018 ** GNU General Public License for more details. 00019 ** 00020 ** You should have received a copy of the GNU General Public License 00021 ** along with this program; if not, write to the Free Software 00022 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 00023 ** 00024 */ 00025 00026 00027 #ifndef _PERF_FLOW_H 00028 #define _PERF_FLOW_H 00029 00030 #define SF_MAX_PKT_LEN 4500 00031 #define SF_MAX_PORT 1024 00032 00033 typedef struct _portflow { 00034 00035 double totperc[SF_MAX_PORT]; 00036 double sport_rate[SF_MAX_PORT]; 00037 double dport_rate[SF_MAX_PORT]; 00038 00039 } PORTFLOW; 00040 00041 typedef struct _icmpflow { 00042 00043 double totperc[256]; 00044 int display[256]; 00045 00046 } ICMPFLOW; 00047 00048 typedef struct _sfflow { 00049 00050 UINT64 *pktLenCnt; 00051 UINT64 pktTotal; 00052 00053 UINT64 byteTotal; 00054 00055 UINT64 *pktLenPercent; 00056 00057 UINT64 *portTcpSrc; 00058 UINT64 *portTcpDst; 00059 UINT64 *portUdpSrc; 00060 UINT64 *portUdpDst; 00061 00062 UINT64 *typeIcmp; 00063 00064 UINT64 portTcpHigh; 00065 UINT64 portTcpTotal; 00066 00067 UINT64 portUdpHigh; 00068 UINT64 portUdpTotal; 00069 00070 UINT64 typeIcmpTotal; 00071 00072 } SFFLOW; 00073 00074 typedef struct _sfflow_stats { 00075 00076 double pktLenPercent[SF_MAX_PKT_LEN]; 00077 00078 double trafficTCP; 00079 double trafficUDP; 00080 double trafficICMP; 00081 double trafficOTHER; 00082 00083 PORTFLOW portflowTCP; 00084 double portflowHighTCP; 00085 00086 PORTFLOW portflowUDP; 00087 double portflowHighUDP; 00088 00089 ICMPFLOW flowICMP; 00090 00091 00092 } SFFLOW_STATS; 00093 00094 /* 00095 ** Functions for the performance functions to call 00096 */ 00097 int InitFlowStats (SFFLOW *sfFlow); 00098 int UpdateFlowStats (SFFLOW *sfFlow, unsigned char *pucBuffer, int len, 00099 int iRebuiltPkt); 00100 int ProcessFlowStats(SFFLOW *sfFlow); 00101 00102 /* 00103 ** These functions wrap the perf-flow functionality within 00104 ** decode.c so we don't have to decode the packet for our 00105 ** own stats. Helps speed. 00106 */ 00107 int UpdateUDPFlowStatsEx(int sport, int dport, int len ); 00108 int UpdateTCPFlowStatsEx(int sport, int dport, int len ); 00109 int UpdateICMPFlowStatsEx(int type, int len); 00110 00111 #endif 00112 00113
1.4.2