! ******************************************************************************************************************************** ! Created: 10-Aug-2009 18:02:35 by OpenVMS SDL EV2-3 ! Source: 10-AUG-2009 18:02:34 DISK$SYSMAN:[LAISHEV.WORK.NETFLOW]NETFLOWDEF.SDL;56 ! ******************************************************************************************************************************** ! NOTE: All dollar-signs ($) appearing in names have been replaced by hyphens (-) ! *** MODULE NETFLOWDEF IDENT NETFLOWDEF-1-X *** !++ ! Facility: ! Cisco NetFlow services ! ! Abstract: ! This is an interface module contains data structures definitions, ! constants. ! ! Author: ! Ruslan R. Laishev ! ! Creation Date: 5-DEC-2002 ! ! Modification History: ! ! 3-SEP-2003 RRL Added sysip field to nf_pktv5 structure. !-- DEFINE RECORD sqlstate_RECORD USING 1 sqlstate . 2 sqlstate-t_sts PIC X(1) OCCURS 5 TIMES . 2 sqlstate-r_s REDEFINES sqlstate-t_sts . 3 sqlstate-t_class PIC X(1) OCCURS 2 TIMES . 3 sqlstate-t_code PIC X(1) OCCURS 3 TIMES . ; ! sqlcode$m_severity=1 ! sqlcode$m_code=2 DEFINE RECORD sqlcode_RECORD USING 1 sqlcode . 2 sqlcode-r_fill_0_ . 3 sqlcode-l_sts USAGE IS LONG. 3 sqlcode-r_fill_1_ REDEFINES sqlcode-l_sts USAGE IS BYTE . ! sqlcode$v_severity BIT 0:1 dimension 1:1 ! sqlcode$v_code BIT 1:1 dimension 1:3 ! sqlcode$v_fill_2_ BIT 4:4 ; DEFINE RECORD rdb-_message_vector_RECORD USING 1 rdb-_message_vector . 2 RDB-l_acnt USAGE IS LONG. ! Number of arguments in the vector 2 RDB-l_sts USAGE IS LONG. ! Primary status code of the last SQL statement 2 RDB-l_fcnt USAGE IS LONG. ! Number of FAO arguments to primary message ! Return status for follow-on messages, if any 2 RDB-l_args USAGE IS LONG OCCURS 17 TIMES . ; !++ !* !* NetFlow Export Header Formats !* !-- DEFINE RECORD nf_hdrv1_RECORD USING 1 nf_hdrv1 . 2 nf_hdr-w_version USAGE IS WORD. ! Current version=1 2 nf_hdr-w_count USAGE IS WORD. ! The number of records in PDU. 2 nf_hdr-l_uptime USAGE IS LONG. ! Current time in msecs since router booted. 2 nf_hdr-l_secs USAGE IS LONG. ! Current seconds since 0000 UTC 1970 2 nf_hdr-l_nsecs USAGE IS LONG. ; ! Residual nanoseconds since 0000 UTC 1970 DEFINE RECORD nf_hdrv5_RECORD USING 1 nf_hdrv5 . 2 nf_hdr-w_version USAGE IS WORD. ! Current version=5 2 nf_hdr-w_count USAGE IS WORD. ! The number of records in PDU. 2 nf_hdr-l_uptime USAGE IS LONG. ! Current time in msecs since router booted. 2 nf_hdr-l_secs USAGE IS LONG. ! Current seconds since 0000 UTC 1970 2 nf_hdr-l_nsecs USAGE IS LONG. ! Residual nanoseconds since 0000 UTC 1970 2 nf_hdr-l_seq USAGE IS LONG. ! Sequence number of total flows seen 2 nf_hdr-w_etype USAGE IS WORD. ! ??Type of flow switching engine (RP,VIP,etc.) 2 nf_hdr-w_eid USAGE IS WORD. ; ! ??Slot number of the flow switching engine DEFINE RECORD nf_hdrv7_RECORD USING 1 nf_hdrv7 . 2 nf_hdr-w_version USAGE IS WORD. ! Current version=7 2 nf_hdr-w_count USAGE IS WORD. ! The number of records in PDU. 2 nf_hdr-l_uptime USAGE IS LONG. ! Current time in msecs since router booted. 2 nf_hdr-l_secs USAGE IS LONG. ! Current seconds since 0000 UTC 1970 2 nf_hdr-l_nsecs USAGE IS LONG. ! Residual nanoseconds since 0000 UTC 1970 2 nf_hdr-l_seq USAGE IS LONG. ! Sequence number of total flows seen 2 nf_hdr-l_reserved USAGE IS LONG. ; DEFINE RECORD nf_hdrv8_RECORD USING 1 nf_hdrv8 . 2 nf_hdr-w_version USAGE IS WORD. ! Current version=8 2 nf_hdr-w_count USAGE IS WORD. ! The number of records in PDU. 2 nf_hdr-l_uptime USAGE IS LONG. ! Current time in msecs since router booted. 2 nf_hdr-l_secs USAGE IS LONG. ! Current seconds since 0000 UTC 1970 2 nf_hdr-l_nsecs USAGE IS LONG. ! Residual nanoseconds since 0000 UTC 1970 2 nf_hdr-l_seq USAGE IS LONG. ! Sequence number of total flows seen 2 nf_hdr-b_etype USAGE IS BYTE. ! Type of flow switching engine (RP,VIP,etc.) 2 nf_hdr-b_eid USAGE IS BYTE. ! Slot number of the flow switching engine 2 nf_hdr-b_agg USAGE IS BYTE. ! Aggregation method being used 2 nf_hdr-b_aggver USAGE IS BYTE. ; ! Version of the aggregation export=2 !++ !* !* NetFlow Export datagram formats !* !-- DEFINE RECORD nf_pktv1_RECORD USING 1 nf_pktv1 . 2 nf_pkt-l_srcaddr USAGE IS LONG. ! Source IP Address 2 nf_pkt-l_dstaddr USAGE IS LONG. ! Destination IP Address 2 nf_pkt-l_nexthop USAGE IS LONG. ! Next hop router's IP Address 2 nf_pkt-w_input USAGE IS WORD. ! Input interface index 2 nf_pkt-w_output USAGE IS WORD. ! Output interface index 2 nf_pkt-l_dPkts USAGE IS LONG. ! Packets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_pkt-l_dOctets USAGE IS LONG. ! Octets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_pkt-L_First USAGE IS LONG. ! SysUptime at start of flow 2 nf_pkt-L_Last USAGE IS LONG. ! and of last packet of the flow 2 nf_pkt-w_srcport USAGE IS WORD. ! TCP/UDP source port number (.e.g, FTP, Telnet, etc.,or equivalent) 2 nf_pkt-w_dstport USAGE IS WORD. ! TCP/UDP destination port number (.e.g, FTP, Telnet, etc.,or equivalent) 2 nf_pkt-w_pad0 USAGE IS WORD. ! pad to word boundary 2 nf_pkt-b_prot USAGE IS BYTE. ! IP protocol, e.g., 6=TCP, 17=UDP, etc... 2 nf_pkt-b_tos USAGE IS BYTE. ! IP Type-of-Service 2 nf_pkt-b_tcp_flags USAGE IS BYTE. ! Cumulative OR of tcp flags 2 nf_pkt-b_pad1 USAGE IS BYTE. ! pad to word boundary 2 nf_pkt-w_pad2 USAGE IS WORD. ! pad to word boundary 2 nf_pkt-b_reserved USAGE IS BYTE OCCURS 8 TIMES . ; ! reserved for future use DEFINE RECORD nf_pktv5_RECORD USING 1 nf_pktv5 . 2 nf_pkt-l_srcaddr USAGE IS LONG. ! Source IP Address 2 nf_pkt-l_dstaddr USAGE IS LONG. ! Destination IP Address 2 nf_pkt-l_nexthop USAGE IS LONG. ! Next hop router's IP Address 2 nf_pkt-w_input USAGE IS WORD. ! Input interface index 2 nf_pkt-w_output USAGE IS WORD. ! Output interface index 2 nf_pkt-l_dPkts USAGE IS LONG. ! Packets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_pkt-l_dOctets USAGE IS LONG. ! Octets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_pkt-L_First USAGE IS LONG. ! SysUptime at start of flow 2 nf_pkt-L_Last USAGE IS LONG. ! and of last packet of the flow 2 nf_pkt-w_srcport USAGE IS WORD. ! TCP/UDP source port number (.e.g, FTP, Telnet, etc.,or equivalent) 2 nf_pkt-w_dstport USAGE IS WORD. ! TCP/UDP destination port number (.e.g, FTP, Telnet, etc.,or equivalent) 2 nf_pkt-b_pad0 USAGE IS BYTE. ! pad to word boundary 2 nf_pkt-b_tcp_flags USAGE IS BYTE. ! Cumulative OR of tcp flags 2 nf_pkt-b_prot USAGE IS BYTE. ! IP protocol, e.g., 6=TCP, 17=UDP, etc... 2 nf_pkt-b_tos USAGE IS BYTE. ! IP Type-of-Service 2 nf_pkt-w_dst_as USAGE IS WORD. ! dst peer/origin Autonomous System 2 nf_pkt-w_src_as USAGE IS WORD. ! source peer/origin Autonomous System 2 nf_pkt-b_dst_mask USAGE IS BYTE. ! destination route's mask bits 2 nf_pkt-b_src_mask USAGE IS BYTE. ! source route's mask bits 2 nf_pkt-w_pad1 USAGE IS WORD. ; ! pad to word boundary DEFINE RECORD nf_pktv7_RECORD USING 1 nf_pktv7 . 2 nf_pkt-l_srcaddr USAGE IS LONG. ! Source IP Address 2 nf_pkt-l_dstaddr USAGE IS LONG. ! Destination IP Address 2 nf_pkt-l_nexthop USAGE IS LONG. ! Next hop router's IP Address 2 nf_pkt-w_input USAGE IS WORD. ! Input interface index 2 nf_pkt-w_output USAGE IS WORD. ! Output interface index 2 nf_pkt-l_dPkts USAGE IS LONG. ! Packets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_pkt-l_dOctets USAGE IS LONG. ! Octets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_pkt-L_First USAGE IS LONG. ! SysUptime at start of flow 2 nf_pkt-L_Last USAGE IS LONG. ! and of last packet of the flow 2 nf_pkt-w_srcport USAGE IS WORD. ! TCP/UDP source port number (.e.g, FTP, Telnet, etc.,or equivalent) 2 nf_pkt-w_dstport USAGE IS WORD. ! TCP/UDP destination port number (.e.g, FTP, Telnet, etc.,or equivalent) 2 nf_pkt-w_pad0 USAGE IS WORD. ! pad to word boundary 2 nf_pkt-b_flags USAGE IS BYTE. ! Shortcut mode(dest only,src only,full flows 2 nf_pkt-b_tcp_flags USAGE IS BYTE. ! Cumulative OR of tcp flags 2 nf_pkt-b_prot USAGE IS BYTE. ! IP protocol, e.g., 6=TCP, 17=UDP, etc... 2 nf_pkt-b_tos USAGE IS BYTE. ! IP Type-of-Service 2 nf_pkt-w_src_as USAGE IS WORD. ! source peer/origin Autonomous System 2 nf_pkt-w_dst_as USAGE IS WORD. ! dst peer/origin Autonomous System 2 nf_pkt-b_src_mask USAGE IS BYTE. ! source route's mask bits 2 nf_pkt-b_dst_mask USAGE IS BYTE. ! destination route's mask bits 2 nf_pkt-w_pad1 USAGE IS WORD. ! pad to word boundary 2 nf_pkt-l_router_sc USAGE IS LONG. ; ! Router which is shortcut by switch DEFINE RECORD nf_asmv8_RECORD USING 1 nf_asmv8 . ! ASMatrix v8 aggregation scheme 2 nf_asm-l_flows USAGE IS LONG. ! Number of flows 2 nf_asm-l_dPkts USAGE IS LONG. ! Packets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_asm-l_dOctets USAGE IS LONG. ! Octets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_asm-L_First USAGE IS LONG. ! SysUptime at start of flow 2 nf_asm-L_Last USAGE IS LONG. ! and of last packet of the flow 2 nf_asm-w_src_as USAGE IS WORD. ! source peer/origin Autonomous System 2 nf_asm-w_dst_as USAGE IS WORD. ! dst peer/origin Autonomous System 2 nf_asm-w_input USAGE IS WORD. ! Input interface index 2 nf_asm-w_output USAGE IS WORD. ; ! Output interface index DEFINE RECORD nf_ppmv8_RECORD USING 1 nf_ppmv8 . ! ProtocolPortMatrix v8 aggregation scheme 2 nf_ppm-l_flows USAGE IS LONG. ! Number of flows 2 nf_ppm-l_dPkts USAGE IS LONG. ! Packets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_ppm-l_dOctets USAGE IS LONG. ! Octets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_ppm-L_First USAGE IS LONG. ! SysUptime at start of flow 2 nf_ppm-L_Last USAGE IS LONG. ! and of last packet of the flow 2 nf_ppm-b_prot USAGE IS BYTE. ! IP protocol, e.g., 6=TCP, 17=UDP, etc... 2 nf_ppm-b_pad USAGE IS BYTE. ! pad to word boundary 2 nf_ppm-w_reserved USAGE IS WORD. 2 nf_ppm-w_srcport USAGE IS WORD. ! TCP/UDP source port number (.e.g, FTP, Telnet, etc.,or equivalent) 2 nf_ppm-w_dstport USAGE IS WORD. ; ! TCP/UDP destination port number (.e.g, FTP, Telnet, etc.,or equivalent) DEFINE RECORD nf_spmv8_RECORD USING 1 nf_spmv8 . ! SourcePrefixMatrix v8 aggregation scheme: 2 nf_spm-l_flows USAGE IS LONG. ! Number of flows 2 nf_spm-l_dPkts USAGE IS LONG. ! Packets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_spm-l_dOctets USAGE IS LONG. ! Octets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_spm-L_First USAGE IS LONG. ! SysUptime at start of flow 2 nf_spm-L_Last USAGE IS LONG. ! and of last packet of the flow 2 nf_spm-l_src_prefix USAGE IS LONG. ! Source prefix 2 nf_spm-b_src_mask USAGE IS BYTE. ! source route's mask bits 2 nf_spm-b_pad USAGE IS BYTE. ! pad to word boundary 2 nf_spm-w_src_as USAGE IS WORD. ! source peer/origin Autonomous System 2 nf_spm-w_input USAGE IS WORD. ; ! Input interface index DEFINE RECORD nf_dpmv8_RECORD USING 1 nf_dpmv8 . ! DestinationPrefixMatrix v8 aggregation scheme 2 nf_dpm-l_flows USAGE IS LONG. ! Number of flows 2 nf_dpm-l_dPkts USAGE IS LONG. ! Packets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_dpm-l_dOctets USAGE IS LONG. ! Octets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_dpm-L_First USAGE IS LONG. ! SysUptime at start of flow 2 nf_dpm-L_Last USAGE IS LONG. ! and of last packet of the flow 2 nf_dpm-l_dst_prefix USAGE IS LONG. ! Destination prefix 2 nf_dpm-b_dst_mask USAGE IS BYTE. ! destination address prefix mask bits 2 nf_dpm-b_pad USAGE IS BYTE. ! pad to word boundary 2 nf_dpm-w_dst_as USAGE IS WORD. ! originating AS of destination address 2 nf_dpm-w_output USAGE IS WORD. ; ! Output interface index DEFINE RECORD nf_pmv8_RECORD USING 1 nf_pmv8 . ! PrefixMatrix v8 aggregation scheme 2 nf_pm-l_flows USAGE IS LONG. ! Number of flows 2 nf_pm-l_dPkts USAGE IS LONG. ! Packets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_pm-l_dOctets USAGE IS LONG. ! Octets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_pm-L_First USAGE IS LONG. ! SysUptime at start of flow 2 nf_pm-L_Last USAGE IS LONG. ! and of last packet of the flow 2 nf_pm-l_src_prefix USAGE IS LONG. ! Source prefix 2 nf_pm-l_dst_prefix USAGE IS LONG. ! Destination prefix 2 nf_pm-b_src_mask USAGE IS BYTE. ! source route's mask bits 2 nf_pm-b_dst_mask USAGE IS BYTE. ! destination address prefix mask bits 2 nf_pm-w_pad USAGE IS WORD. ! pad to word boundary 2 nf_pm-w_src_as USAGE IS WORD. ! source peer/origin Autonomous System 2 nf_pm-w_dst_as USAGE IS WORD. ! originating AS of destination address 2 nf_pm-w_input USAGE IS WORD. ! Input interface index 2 nf_pm-w_output USAGE IS WORD. ; ! Output interface index !++ !* !* NetFlow Export file record formats !* !-- DEFINE RECORD nf_recv5_RECORD USING 1 nf_recv5 . 2 nf_rec-q_timestamp USAGE IS QUAD. ! A record time stamp 2 nf_rec-t_sysip PIC X(15). ! From where packet was originated, NBO 2 nf_rec-t_srcaddr PIC X(15). ! Source IP Address 2 nf_rec-t_dstaddr PIC X(15). ! Destination IP Address 2 nf_rec-t_nexthop PIC X(15). ! Next hop router's IP Address 2 nf_rec-w_input USAGE IS WORD. ! Input interface index 2 nf_rec-w_output USAGE IS WORD. ! Output interface index 2 nf_rec-l_dPkts USAGE IS LONG. ! Packets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_rec-l_dOctets USAGE IS LONG. ! Octets sent in Duration (milliseconds between 1st & last packet in ! this flow) 2 nf_rec-L_First USAGE IS LONG. ! SysUptime at start of flow 2 nf_rec-L_Last USAGE IS LONG. ! and of last packet of the flow 2 nf_rec-w_srcport USAGE IS WORD. ! TCP/UDP source port number (.e.g, FTP, Telnet, etc.,or equivalent) 2 nf_rec-w_dstport USAGE IS WORD. ! TCP/UDP destination port number (.e.g, FTP, Telnet, etc.,or equivalent) 2 nf_rec-b_tcp_flags USAGE IS BYTE. ! Cumulative OR of tcp flags 2 nf_rec-b_prot USAGE IS BYTE. ! IP protocol, e.g., 6=TCP, 17=UDP, etc... 2 nf_rec-b_tos USAGE IS BYTE. ! IP Type-of-Service 2 nf_rec-w_dst_as USAGE IS WORD. ! dst peer/origin Autonomous System 2 nf_rec-w_src_as USAGE IS WORD. ! source peer/origin Autonomous System 2 nf_rec-b_dst_mask USAGE IS BYTE. ! destination route's mask bits 2 nf_rec-b_src_mask USAGE IS BYTE. ; ! source route's mask bits