CERT NetSA Security Suite  Open Source Tools for Network Monitoring

News | Downloads | Documentation | Tooltips

SiLK 1.1.2 | YAF 1.0.0 | IPA 0.3.0 | fixbuf 0.8.0 | Portal 0.8.0 | RAVE 1.9.11

NAF Core Library

libnaf 0.6.0 API documentation

_NAFlowKey Struct Reference

An aggregated flow key. More...

#include <nafcore.h>

Data Fields
uint32_t	srcid
	Source ID.
NAFTimeSec	bin
	Time bin start in epoch seconds.
uint32_t	sip
	Source IP address.
uint32_t	dip
	Destination IP address.
uint16_t	sp
	Source transport port.
uint16_t	dp
	Destination transport port.
uint8_t	sipmask
	Source IP address CIDR mask length.
uint8_t	dipmask
	Destination IP address CIDR mask length.
uint8_t	proto
	IP protocol.

---

Detailed Description

An aggregated flow key.

NAF flows are stored and handled internally as a split data structure - a key which identifies the aggregated flow, and a value which counts octets, packets, flows, and hosts associated with it.

---

Field Documentation

NAFTimeSec _NAFlowKey::bin

Time bin start in epoch seconds. key.bin mod mask.binsize must be 0.

uint16_t _NAFlowKey::dp

Destination transport port. Contains type and code for ICMP

uint32_t _NAFlowKey::srcid

Source ID. User or flow source assigned observation domain ID.

---

The documentation for this struct was generated from the following file:

• nafcore.h

SiLK | YAF | IPA | fixbuf | Portal | RAVE

This library is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2006-2007 Carnegie Mellon University