Go to the source code of this file.
Data Structures | |
| struct | yfFlowTabConfig_st |
| Configuration settings used to initalize the flow table in yfFlowTabAlloc(). More... | |
Typedefs | |
| typedef struct yfFlowTab_st | yfFlowTab_t |
| A flow table. | |
| typedef struct yfFlowTabConfig_st | yfFlowTabConfig_t |
| Configuration settings used to initalize the flow table in yfFlowTabAlloc(). | |
Functions | |
| yfFlowTab_t * | yfFlowTabAlloc (const yfFlowTabConfig_t *ftconfig, void **hfctx) |
| yfFlowTabAlloc | |
| void | yfFlowTabFree (yfFlowTab_t *flowtab) |
| Free a previously allocated flow table. | |
| void | yfUpdateRollingPcapFile (yfFlowTab_t *flowtab, char *new_file_name) |
| Update the Pcap Filename in the Flowtab for pcap meta data output. | |
| void | yfGetFlowTabStats (yfFlowTab_t *flowtab, uint64_t *packets, uint64_t *flows, uint64_t *rej_pkts, uint32_t *peak, uint32_t *flush) |
| yfGetFlowTabStats Get Flow Table Stats for Export | |
| void | yfFlowPBuf (yfFlowTab_t *flowtab, size_t pbuflen, yfPBuf_t *pbuf) |
| Add a decoded packet buffer to a given flow table. | |
| gboolean | yfFlowTabFlush (void *yfContext, gboolean close, GError **err) |
| Flush closed flows in the given flow table to the given IPFIX Message Buffer. | |
| void | yfFlowTabCurrentTime (const yfFlowTab_t *flowtab, yfTime_t *yftime) |
| Get the current packet clock from a flow table. | |
| uint64_t | yfFlowDumpStats (yfFlowTab_t *flowtab, GTimer *timer) |
| Print flow table statistics to the log. | |
Detailed Description
Flow generation interface for YAF.
[TODO - frontmatter]
This facility is used by YAF to assemble packets into flows.
Typedef Documentation
◆ yfFlowTab_t
| typedef struct yfFlowTab_st yfFlowTab_t |
A flow table.
Opaque. Create with yfFlowTabAlloc() and free with yfFlowTabFree().
Function Documentation
◆ yfFlowDumpStats()
| uint64_t yfFlowDumpStats | ( | yfFlowTab_t * | flowtab, |
| GTimer * | timer ) |
Print flow table statistics to the log.
- Parameters
-
flowtab flow table to dump stats for timer a GTimer containing the runtime (for packet and flow rate logging). May be NULL to suppress rate logging.
◆ yfFlowPBuf()
| void yfFlowPBuf | ( | yfFlowTab_t * | flowtab, |
| size_t | pbuflen, | ||
| yfPBuf_t * | pbuf ) |
Add a decoded packet buffer to a given flow table.
Adds the packet to the flow to which it belongs, creating a new flow if necessary. Causes the flow to which it belongs to time out if it is longer than the active timeout. Closes the flow if the flow closure conditions (TCP RST, TCP FIN four-way teardown) are met.
- Parameters
-
flowtab flow table to add the packet to pbuflen size of the packet buffer pbuf pbuf packet buffer containing decoded packet to add.
◆ yfFlowTabAlloc()
| yfFlowTab_t * yfFlowTabAlloc | ( | const yfFlowTabConfig_t * | ftconfig, |
| void ** | hfctx ) |
yfFlowTabAlloc
Allocate a flow table.
- Parameters
-
ftconfig The configuration settings to use for the table. hfctx The plugin hooks context variable (NULL if plugins not enabled)
- Returns
- a new flow table.
◆ yfFlowTabCurrentTime()
| void yfFlowTabCurrentTime | ( | const yfFlowTab_t * | flowtab, |
| yfTime_t * | yftime ) |
Get the current packet clock from a flow table.
- Parameters
-
flowtab a flow table output variable where the function stores the current packet clock
◆ yfFlowTabFlush()
| gboolean yfFlowTabFlush | ( | void * | yfContext, |
| gboolean | close, | ||
| GError ** | err ) |
Flush closed flows in the given flow table to the given IPFIX Message Buffer.
Causes any idle flows to time out, removing them from the active flow table; also enforces the flow table's resource limit. If close is TRUE, additionally closes all active flows and flushes as well.
- Parameters
-
yfContext YAF thread context structure, holds pointers for the flowtable from which to flush flows and the fbuf, the destination to which the flows should be flushed close close all active flows before flushing err An error description pointer; must not be NULL.
- Returns
- TRUE on success, FALSE otherwise.
◆ yfFlowTabFree()
| void yfFlowTabFree | ( | yfFlowTab_t * | flowtab | ) |
Free a previously allocated flow table.
Discards any outstanding active flows without closing or flushing them; use yfFlowTabFlushAll() before yfFlowFree() to do this.
- Parameters
-
flowtab a flow table allocated by yfFlowTabAlloc()
◆ yfGetFlowTabStats()
| void yfGetFlowTabStats | ( | yfFlowTab_t * | flowtab, |
| uint64_t * | packets, | ||
| uint64_t * | flows, | ||
| uint64_t * | rej_pkts, | ||
| uint32_t * | peak, | ||
| uint32_t * | flush ) |
yfGetFlowTabStats Get Flow Table Stats for Export
- Parameters
-
flowtab packets number of packets processed flows number of flows created rej_pkts number of packets rejected due to out of sequence peak maximum number of flows in the flow table at any 1 time flush number of flush events called on flow table
◆ yfUpdateRollingPcapFile()
| void yfUpdateRollingPcapFile | ( | yfFlowTab_t * | flowtab, |
| char * | new_file_name ) |
Update the Pcap Filename in the Flowtab for pcap meta data output.
- Parameters
-
flowtab pointer to flow table new_file_name the filename of the next pcap file to write to
