axa 3.0.1
Farsight Security Advanced Exchange Access (AXA)
axa_protocol

Detailed Description

axa_protocol contains the AXA protocol data types and macros.

This protocol uses network byte order to accommodate SRA clients on a modest variety of 32-bit and 64-bit *BSD and Linux systems.

It might need adjustment to accommodate clients on ARM and other platforms other than amd64 and x86.

These protocols should not allow the client ask for the server to run any program or do anything else that might change any permanent state on the server other than logging and accounting.

A client should only be able to set its only filter criteria and receive packets and messages matching those criteria. Other than inevitable side channels such as system load, one client must not be able to affect any other client. A client must treat the packets and messages it receives as pure data and not commands.

Data Structures

struct  _PK
 AXA protocol header. More...
 
struct  axa_p_ch_buf_t
 Null terminated ASCII string naming an SIE channel in configuration files, sratool commands, and sratunnel args. More...
 
union  axa_p_whit_t
 generic AXA protocol watch hit More...
 
union  axa_p_watch_pat_t
 AXA protocol watch pattern. More...
 
union  axa_p_body_t
 AXA protocol body. More...
 

Macros

#define _PK   __attribute__ ((__packed__))
 Pack AXA structures in messages to make them the same for all platforms regardless of their word alignment restrictions.
 
#define AXA_KEEPALIVE_SECS   30
 Send an AXA_P_OP_NOP after this many seconds of silence.
 
#define AXA_KEEPALIVE_MS   (AXA_KEEPALIVE_SECS*1000)
 Send an AXA_P_OP_NOP after this many milliseconds of silence.
 
#define AXA_TAG_NONE   0
 no tag
 
#define AXA_TAG_MIN   1
 minimum tag
 
#define AXA_TAG_MAX   ((axa_tag_t)-1)
 maximum tag
 
#define AXA_P2H_TAG(t)   AXA_P2H16(t)
 Convert tag from protocol to host byte order.
 
#define AXA_H2P_TAG(t)   AXA_H2P16(t)
 Convert tag from host to protocol byte order.
 
#define AXA_P_PVERS1   1
 protocol versions
 
#define AXA_P_PVERS2   2
 
#define AXA_P_PVERS   AXA_P_PVERS2
 current protocol version
 
#define AXA_P_PVERS_MIN   AXA_P_PVERS1
 minimum understood protocol version
 
#define AXA_P_PVERS_MAX   AXA_P_PVERS2
 maximum understood protocol version
 
#define AXA_H2P16(x)   htole16(x)
 Choose a generally little endian protocol.
 
#define AXA_H2P32(x)   htole32(x)
 AXA host to protocol 32-bit.
 
#define AXA_H2P64(x)   htole64(x)
 AXA host to protocol 64-bit.
 
#define AXA_P2H16(x)   le16toh(x)
 AXA protocol to host 16-bit.
 
#define AXA_P2H32(x)   le32toh(x)
 AXA protocol to host 32-bit.
 
#define AXA_P2H64(x)   le64toh(x)
 AXA protocol to host 64-bit.
 
#define AXA_P_MAX_BODY_LEN   (64*1024*3)
 room for more than two full sized UDP packets
 
#define AXA_AUTH_DELAY   30
 Clients must authenticate themselves to the AXA server within this many seconds after connect().
 
#define AXA_OP_CH_PREFIX   "ch"
 SIE channel name prefix in configuration files, commands, and args.
 
#define AXA_OP_CH_ALL   ((axa_p_ch_t)-1)
 "all SIE channels" in configuration files, commands, and args
 
#define AXA_OP_CH_ALLSTR   "all"
 "all SIE channels" in AXA protocol messages and some axalib functions
 
#define AXA_OP_CH_MAX   4095
 maximum channel number
 
#define AXA_P2H_CH(ch)   AXA_P2H16(ch)
 Convert binary channel number from protocol to host byte order.
 
#define AXA_H2P_CH(ch)   AXA_H2P16(ch)
 Convert channel number from host to protocol byte order.
 
#define AXA_NMSG_IDX_RSVD   ((axa_nmsg_idx_t)-16)
 values >= than this are not NMSG indices but flags
 
#define AXA_NMSG_IDX_NONE   (AXA_NMSG_IDX_RSVD+1)
 no NMSG index
 
#define AXA_NMSG_IDX_ERROR   (AXA_NMSG_IDX_RSVD+2)
 the SIE packet made no sense
 
#define AXA_NMSG_IDX_DARK   (AXA_NMSG_IDX_RSVD+3)
 the AXA message is a dark channel packet
 
#define AXA_P2H_IDX(idx)   AXA_P2H16(idx)
 Convert axa_nmsg_idx_t index from protocol to host byte order.
 
#define AXA_H2P_IDX(idx)   AXA_H2P16(idx)
 Convert axa_nmsg_idx_t index from host to protocol byte order.
 
#define AXA_WHIT_MIN_LEN
 Smallest watch hit.
 
#define AXA_WHIT_MAX_LEN
 Largest watch hit.
 
#define AXA_PARMS_MAX   8192
 max size of RAD module parms
 
#define AXA_P_OPT_TRACE_REQ   ((uint32_t)-1)
 Request server's current trace value.
 
#define AXA_RLIMIT_MAX   (1000*1000*1000)
 maximum rlimit
 
#define AXA_RLIMIT_OFF   (AXA_RLIMIT_MAX+1)
 Turn off a rate limit.
 
#define AXA_RLIMIT_NA   ((axa_cnt_t)-1)
 A rate limit value that doesn't apply or is not being set.
 
#define AXA_P_OPT_SAMPLE_REQ   0
 Request the output sampling ratio.
 
#define AXA_P_OPT_SAMPLE_SCALE   10000
 Request the output sampling ratio.
 
#define AXA_P_OPT_SAMPLE_MAX   (AXA_P_OPT_SAMPLE_SCALE*100.0)
 maximum scaled output sampling ratio
 
#define AXA_P_OPT_SNDBUF_REQ   0
 Request the TCP buffer size ratio.
 
#define AXA_P_OPT_SNDBUF_MIN   1024
 TCP buffer minimum window size.
 

Typedefs

typedef uint16_t axa_tag_t
 A tag is a 16-bit identifier used to uniquely "tag" specific events during the lifetime of an AXA session.
 
typedef uint8_t axa_p_pvers_t
 define old versions for eventual "#ifdef AXA_P_VERSx"
 
typedef uint64_t axa_cnt_t
 a number of messages or seconds
 
typedef struct _PK axa_p_hdr_t
 AXA protocol header.
 
typedef uint64_t axa_p_clnt_id_t
 The AXA client ID is assigned by AXA server and echoed by the client to the server to bundle TCP connections.
 
typedef struct _PK axa_p_hello_t
 The AXA HELLO protocol is a bidirectional handshaking process initiated by the server, once a client has authenticated.
 
typedef struct _PK axa_p_join_t
 AXA protocol join.
 
typedef struct _PK axa_p_result_t
 AXA protocol result.
 
typedef struct _PK axa_p_missed_t
 AXA protocol SRA missed data.
 
typedef struct _PK axa_p_missed_rad_t
 AXA protocol RAD missed data.
 
typedef struct _PK axa_p_user_t
 AXA protocol user name.
 
typedef uint16_t axa_p_ch_t
 a binary SIE channel number in the AXA protocol
 
typedef struct _PK axa_p_whit_hdr_t
 AXA protocol header before all watch hits.
 
typedef uint16_t axa_nmsg_idx_t
 NMSG (SIE) field or value index or a special flag.
 
typedef struct _PK axa_p_whit_nmsg_hdr_t
 AXA protocol watch hit header before an NMSG message.
 
typedef struct _PK axa_p_whit_ip_hdr_t
 AXA protocol watch hit header before an IP packet.
 
typedef struct _PK axa_p_whit_nmsg_t
 AXA protocol watch hit before an NMSG message.
 
typedef struct _PK axa_p_whit_ip_t
 AXA protocol watch hit before an IP packet.
 
typedef struct _PK axa_p_watch_t
 AXA protocol watch.
 
typedef struct _PK axa_p_wlist_t
 AXA protocol watch list.
 
typedef struct _PK axa_p_an_t
 AXA protocol anomaly module name.
 
typedef struct _PK axa_p_anom_t
 AXA protocol anomaly module specified by RAD client.
 
typedef struct _PK axa_p_ahit_t
 AXA protocol anomaly module hit.
 
typedef struct _PK axa_p_alist_t
 AXA protocol anomaly list.
 
typedef struct _PK axa_p_channel_t
 AXA protocol channel enable/disable.
 
typedef struct _PK axa_p_chspec_t
 AXA protocol channel specification.
 
typedef struct _PK axa_p_clist_t
 AXA protocol channel list.
 
typedef struct _PK axa_p_rlimit_t
 AXA protocol rlimit.
 
typedef struct _PK axa_p_opt_t
 AXA protocol options.
 

Enumerations

enum  axa_p_op_t
 AXA protocol opcodes Use a single address space of opcodes in both directions. More...
 
enum  axa_p_whit_enum_t
 type of AXA watch "hit" being reported to the client More...
 
enum  axa_p_watch_type_t
 AXA protocol watch type. More...
 
enum  axa_p_opt_type_t
 AXA protocol options type. More...
 

Macro Definition Documentation

◆ _PK

#define _PK   __attribute__ ((__packed__))

Pack AXA structures in messages to make them the same for all platforms regardless of their word alignment restrictions.

◆ AXA_KEEPALIVE_SECS

#define AXA_KEEPALIVE_SECS   30

Send an AXA_P_OP_NOP after this many seconds of silence.

◆ AXA_KEEPALIVE_MS

#define AXA_KEEPALIVE_MS   (AXA_KEEPALIVE_SECS*1000)

Send an AXA_P_OP_NOP after this many milliseconds of silence.

◆ AXA_TAG_NONE

#define AXA_TAG_NONE   0

no tag

◆ AXA_TAG_MIN

#define AXA_TAG_MIN   1

minimum tag

◆ AXA_TAG_MAX

#define AXA_TAG_MAX   ((axa_tag_t)-1)

maximum tag

◆ AXA_P2H_TAG

#define AXA_P2H_TAG (   t)    AXA_P2H16(t)

Convert tag from protocol to host byte order.

Parameters
[in]ttag
Returns
host byte ordered tag

◆ AXA_H2P_TAG

#define AXA_H2P_TAG (   t)    AXA_H2P16(t)

Convert tag from host to protocol byte order.

Parameters
[in]ttag
Returns
protocol byte ordered tag

◆ AXA_P_PVERS1

#define AXA_P_PVERS1   1

protocol versions

◆ AXA_P_PVERS

#define AXA_P_PVERS   AXA_P_PVERS2

current protocol version

◆ AXA_P_PVERS_MIN

#define AXA_P_PVERS_MIN   AXA_P_PVERS1

minimum understood protocol version

◆ AXA_P_PVERS_MAX

#define AXA_P_PVERS_MAX   AXA_P_PVERS2

maximum understood protocol version

◆ AXA_H2P16

#define AXA_H2P16 (   x)    htole16(x)

Choose a generally little endian protocol.

This must not affect some values such as UDP port numbers and IPv4 addresses which must be big endian except when they are manipulated as numbers. Hence, AXA_H2Pxx() stands for "AXA Host to Protocol..." < 0=switch to big endian protocol for testing AXA host to protocol 16-bit

Parameters
xvalue to convert
Returns
protocol byte ordered 16-bit value

◆ AXA_H2P32

#define AXA_H2P32 (   x)    htole32(x)

AXA host to protocol 32-bit.

Parameters
xvalue to convert
Returns
protocol byte ordered 32-bit value

◆ AXA_H2P64

#define AXA_H2P64 (   x)    htole64(x)

AXA host to protocol 64-bit.

Parameters
xvalue to convert
Returns
protocol byte ordered 64-bit value

◆ AXA_P2H16

#define AXA_P2H16 (   x)    le16toh(x)

AXA protocol to host 16-bit.

Parameters
xvalue to convert
Returns
host byte ordered 16-bit value

◆ AXA_P2H32

#define AXA_P2H32 (   x)    le32toh(x)

AXA protocol to host 32-bit.

Parameters
xvalue to convert
Returns
host byte ordered 32-bit value

◆ AXA_P2H64

#define AXA_P2H64 (   x)    le64toh(x)

AXA protocol to host 64-bit.

Parameters
xvalue to convert
Returns
host byte ordered 64-bit value

◆ AXA_P_MAX_BODY_LEN

#define AXA_P_MAX_BODY_LEN   (64*1024*3)

room for more than two full sized UDP packets

◆ AXA_AUTH_DELAY

#define AXA_AUTH_DELAY   30

Clients must authenticate themselves to the AXA server within this many seconds after connect().

◆ AXA_OP_CH_PREFIX

#define AXA_OP_CH_PREFIX   "ch"

SIE channel name prefix in configuration files, commands, and args.

◆ AXA_OP_CH_ALL

#define AXA_OP_CH_ALL   ((axa_p_ch_t)-1)

"all SIE channels" in configuration files, commands, and args

◆ AXA_OP_CH_ALLSTR

#define AXA_OP_CH_ALLSTR   "all"

"all SIE channels" in AXA protocol messages and some axalib functions

◆ AXA_OP_CH_MAX

#define AXA_OP_CH_MAX   4095

maximum channel number

◆ AXA_P2H_CH

#define AXA_P2H_CH (   ch)    AXA_P2H16(ch)

Convert binary channel number from protocol to host byte order.

Parameters
[in]chchannel
Returns
host byte ordered SIE channel number

◆ AXA_H2P_CH

#define AXA_H2P_CH (   ch)    AXA_H2P16(ch)

Convert channel number from host to protocol byte order.

Parameters
[in]chchannel
Returns
protocol byte ordered SIE channel number

◆ AXA_NMSG_IDX_RSVD

#define AXA_NMSG_IDX_RSVD   ((axa_nmsg_idx_t)-16)

values >= than this are not NMSG indices but flags

◆ AXA_NMSG_IDX_NONE

#define AXA_NMSG_IDX_NONE   (AXA_NMSG_IDX_RSVD+1)

no NMSG index

◆ AXA_NMSG_IDX_ERROR

#define AXA_NMSG_IDX_ERROR   (AXA_NMSG_IDX_RSVD+2)

the SIE packet made no sense

◆ AXA_NMSG_IDX_DARK

#define AXA_NMSG_IDX_DARK   (AXA_NMSG_IDX_RSVD+3)

the AXA message is a dark channel packet

◆ AXA_P2H_IDX

#define AXA_P2H_IDX (   idx)    AXA_P2H16(idx)

Convert axa_nmsg_idx_t index from protocol to host byte order.

Parameters
[in]idxindex
Returns
host byte ordered index, vendor number, etc.

◆ AXA_H2P_IDX

#define AXA_H2P_IDX (   idx)    AXA_H2P16(idx)

Convert axa_nmsg_idx_t index from host to protocol byte order.

Parameters
[in]idxindex
Returns
protocol byte ordered index

◆ AXA_WHIT_MIN_LEN

#define AXA_WHIT_MIN_LEN
Value:
min(sizeof(axa_p_whit_ip_t)+1, \
sizeof(axa_p_whit_nmsg_t)+1)

Smallest watch hit.

◆ AXA_WHIT_MAX_LEN

#define AXA_WHIT_MAX_LEN
Value:
max(sizeof(axa_p_whit_ip_t)+AXA_P_WHIT_IP_MAX, \
sizeof(axa_p_whit_nmsg_t)+AXA_P_WHIT_NMSG_MAX)

Largest watch hit.

◆ AXA_PARMS_MAX

#define AXA_PARMS_MAX   8192

max size of RAD module parms

◆ AXA_P_OPT_TRACE_REQ

#define AXA_P_OPT_TRACE_REQ   ((uint32_t)-1)

Request server's current trace value.

◆ AXA_RLIMIT_MAX

#define AXA_RLIMIT_MAX   (1000*1000*1000)

maximum rlimit

◆ AXA_RLIMIT_OFF

#define AXA_RLIMIT_OFF   (AXA_RLIMIT_MAX+1)

Turn off a rate limit.

◆ AXA_RLIMIT_NA

#define AXA_RLIMIT_NA   ((axa_cnt_t)-1)

A rate limit value that doesn't apply or is not being set.

◆ AXA_P_OPT_SAMPLE_REQ

#define AXA_P_OPT_SAMPLE_REQ   0

Request the output sampling ratio.

◆ AXA_P_OPT_SAMPLE_SCALE

#define AXA_P_OPT_SAMPLE_SCALE   10000

Request the output sampling ratio.

◆ AXA_P_OPT_SAMPLE_MAX

#define AXA_P_OPT_SAMPLE_MAX   (AXA_P_OPT_SAMPLE_SCALE*100.0)

maximum scaled output sampling ratio

◆ AXA_P_OPT_SNDBUF_REQ

#define AXA_P_OPT_SNDBUF_REQ   0

Request the TCP buffer size ratio.

◆ AXA_P_OPT_SNDBUF_MIN

#define AXA_P_OPT_SNDBUF_MIN   1024

TCP buffer minimum window size.

Typedef Documentation

◆ axa_tag_t

typedef uint16_t axa_tag_t

A tag is a 16-bit identifier used to uniquely "tag" specific events during the lifetime of an AXA session.

To refer to these events, the client or server will use the tag. Some AXA messages do not require tags, in that case the tag field should be 0. Required tags must be unique during the lifetime of the corresponding client request. Some client requests such as a "watch" can last indefinitely and will elicit many server responses all with the same tag.

Tags are opaque to the SRA server except for AXA_TAG_NONE and that the server sorts or orders them like integers.

◆ axa_p_pvers_t

typedef uint8_t axa_p_pvers_t

define old versions for eventual "#ifdef AXA_P_VERSx"

◆ axa_cnt_t

typedef uint64_t axa_cnt_t

a number of messages or seconds

◆ axa_p_hdr_t

typedef struct _PK axa_p_hdr_t

AXA protocol header.

This header starts all messages in either direction. At 8 bytes, it is alignment friendly.

◆ axa_p_clnt_id_t

typedef uint64_t axa_p_clnt_id_t

The AXA client ID is assigned by AXA server and echoed by the client to the server to bundle TCP connections.

◆ axa_p_hello_t

typedef struct _PK axa_p_hello_t

The AXA HELLO protocol is a bidirectional handshaking process initiated by the server, once a client has authenticated.

server -> client After successful authentication, the server will send to the client a HELLO message via an axa_p_hello_t header announcing the protocol versions that the server understands, a version string, and a unique ID that can be later used by clients via AXA_P_OP_JOIN messages to flag connections that are part of a bundle. Because AXA_P_OP_HELLO is sent before the client has said anything and so declared its protocol version, AXA_P_OP_HELLO must remain the same in all versions of the AXA protocol.

client -> server After receiving the server's HELLO, the client will respond with its part of the handshake. It will populate the same axa_p_hello_t header announcing the protocol versions it speaks and a detailed JSON blob containing information about the client including the following:

  • hostname of client system
  • client system information as per the uname() function
  • client program of origin (sratool, sratunnel, etc)
  • libaxa version
  • libnmsg version
  • libwdns version
  • libyajl version
  • openssl version
  • libprotobuf version
  • AXA protocol version in current use

The ID field of the axa_p_hello_t header is unused in this direction. It is expected the server will log this information for subsequent issue debugging or data mining.

◆ axa_p_join_t

typedef struct _PK axa_p_join_t

AXA protocol join.

◆ axa_p_result_t

typedef struct _PK axa_p_result_t

AXA protocol result.

◆ axa_p_missed_t

typedef struct _PK axa_p_missed_t

AXA protocol SRA missed data.

◆ axa_p_missed_rad_t

typedef struct _PK axa_p_missed_rad_t

AXA protocol RAD missed data.

◆ axa_p_user_t

typedef struct _PK axa_p_user_t

AXA protocol user name.

◆ axa_p_ch_t

typedef uint16_t axa_p_ch_t

a binary SIE channel number in the AXA protocol

◆ axa_p_whit_hdr_t

typedef struct _PK axa_p_whit_hdr_t

AXA protocol header before all watch hits.

◆ axa_nmsg_idx_t

typedef uint16_t axa_nmsg_idx_t

NMSG (SIE) field or value index or a special flag.

◆ axa_p_whit_nmsg_hdr_t

typedef struct _PK axa_p_whit_nmsg_hdr_t

AXA protocol watch hit header before an NMSG message.

◆ axa_p_whit_ip_hdr_t

typedef struct _PK axa_p_whit_ip_hdr_t

AXA protocol watch hit header before an IP packet.

◆ axa_p_whit_nmsg_t

typedef struct _PK axa_p_whit_nmsg_t

AXA protocol watch hit before an NMSG message.

◆ axa_p_whit_ip_t

typedef struct _PK axa_p_whit_ip_t

AXA protocol watch hit before an IP packet.

◆ axa_p_watch_t

typedef struct _PK axa_p_watch_t

AXA protocol watch.

◆ axa_p_wlist_t

typedef struct _PK axa_p_wlist_t

AXA protocol watch list.

◆ axa_p_an_t

typedef struct _PK axa_p_an_t

AXA protocol anomaly module name.

◆ axa_p_anom_t

typedef struct _PK axa_p_anom_t

AXA protocol anomaly module specified by RAD client.

◆ axa_p_ahit_t

typedef struct _PK axa_p_ahit_t

AXA protocol anomaly module hit.

◆ axa_p_alist_t

typedef struct _PK axa_p_alist_t

AXA protocol anomaly list.

◆ axa_p_channel_t

typedef struct _PK axa_p_channel_t

AXA protocol channel enable/disable.

◆ axa_p_chspec_t

typedef struct _PK axa_p_chspec_t

AXA protocol channel specification.

◆ axa_p_clist_t

typedef struct _PK axa_p_clist_t

AXA protocol channel list.

◆ axa_p_rlimit_t

typedef struct _PK axa_p_rlimit_t

AXA protocol rlimit.

◆ axa_p_opt_t

typedef struct _PK axa_p_opt_t

AXA protocol options.

Enumeration Type Documentation

◆ axa_p_op_t

enum axa_p_op_t

AXA protocol opcodes Use a single address space of opcodes in both directions.

Enumerator
AXA_P_OP_NOP 

no data

AXA_P_OP_HELLO 

from SRA or RAD server to client

axa_p_hello_t

AXA_P_OP_OK 

axa_p_result_t

AXA_P_OP_ERROR 

axa_p_result_t

AXA_P_OP_MISSED 

axa_p_missed_t

AXA_P_OP_WHIT 

axa_p_whit_t

AXA_P_OP_WLIST 

axa_p_wlist_t

AXA_P_OP_AHIT 

axa_p_ahit_t

AXA_P_OP_ALIST 

axa_p_alist_t

AXA_P_OP_CLIST 

axa_p_clist_t

AXA_P_OP_MISSED_RAD 

axa_p_missed_rad_t

AXA_P_OP_MGMT_GETRSP 

deprecated

_AXA_P_OP_KILL_RSP 

_axa_p_kill_t

_AXA_P_OP_STATS_RSP 

_axa_p_stats_t

AXA_P_OP_USER 

from client to SRA or RAD server

axa_p_user_t

AXA_P_OP_JOIN 

no data

AXA_P_OP_PAUSE 

no data

AXA_P_OP_GO 

no data

AXA_P_OP_WATCH 

axa_p_watch_t

AXA_P_OP_WGET 

no data

AXA_P_OP_ANOM 

axa_p_anom_t

AXA_P_OP_AGET 

no data

AXA_P_OP_STOP 

no data

AXA_P_OP_ALL_STOP 

no data

AXA_P_OP_CHANNEL 

axa_p_channel_t

AXA_P_OP_CGET 

no data

AXA_P_OP_OPT 

axa_p_opt_t

AXA_P_OP_ACCT 

no data

AXA_P_OP_RADU 

no data

AXA_P_OP_MGMT_GET 

deprecated

_AXA_P_OP_KILL_REQ 

_axa_p_kill_t

_AXA_P_OP_STATS_REQ 

_axa_p_stats_req_t

◆ axa_p_whit_enum_t

type of AXA watch "hit" being reported to the client

Enumerator
AXA_P_WHIT_NMSG 

NMSG or SIE message.

AXA_P_WHIT_IP 

IP.

◆ axa_p_watch_type_t

AXA protocol watch type.

Enumerator
AXA_P_WATCH_IPV4 

watch IPv4

AXA_P_WATCH_IPV6 

watch IPv6

AXA_P_WATCH_DNS 

watch DNS

AXA_P_WATCH_CH 

watch channel

AXA_P_WATCH_ERRORS 

watch errors

◆ axa_p_opt_type_t

AXA protocol options type.

Enumerator
AXA_P_OPT_TRACE 

server tracing level

AXA_P_OPT_RLIMIT 

server rate limiting

AXA_P_OPT_SAMPLE 

sample an output stream.

AXA_P_OPT_SNDBUF 

set TCP buffer or window size